Session 2026-05-20: UI fixes, invoice filtering, file browser, request approvals, sub invoice task scope
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Krao Hasanee
@@ -0,0 +1,117 @@
|
||||
const FB_SOURCE = 'files';
|
||||
const MEMBER_ROLES = new Set(['team', 'external']);
|
||||
|
||||
function normalizePath(path) {
|
||||
const raw = String(path || '/').trim();
|
||||
const parts = raw.split('/').filter(Boolean);
|
||||
const clean = [];
|
||||
for (const part of parts) {
|
||||
if (part === '.') continue;
|
||||
if (part === '..') throw new Error('Invalid path');
|
||||
clean.push(part);
|
||||
}
|
||||
return `/${clean.join('/')}`;
|
||||
}
|
||||
|
||||
function joinPath(...parts) {
|
||||
return normalizePath(parts.join('/'));
|
||||
}
|
||||
|
||||
function parentDir(path) {
|
||||
const parts = normalizePath(path).split('/').filter(Boolean);
|
||||
parts.pop();
|
||||
return `/${parts.join('/')}`;
|
||||
}
|
||||
|
||||
function safeName(value) {
|
||||
return String(value || '')
|
||||
.trim()
|
||||
.replace(/[\\/:*?"<>|#%{}^~[\]`]+/g, '-')
|
||||
.replace(/\s+/g, ' ')
|
||||
.replace(/^-+|-+$/g, '');
|
||||
}
|
||||
|
||||
function getConfig() {
|
||||
const url = String(process.env.FILEBROWSER_URL || '').trim().replace(/\/+$/, '');
|
||||
return {
|
||||
url,
|
||||
token: process.env.FILEBROWSER_TOKEN || '',
|
||||
membersRoot: normalizePath(process.env.FILEBROWSER_MEMBERS_ROOT || '/fourgebranding/Team'),
|
||||
configured: Boolean(url),
|
||||
};
|
||||
}
|
||||
|
||||
async function fbFetch(config, method, endpoint, { params = {}, headers = {}, body } = {}) {
|
||||
const qs = new URLSearchParams({ source: FB_SOURCE, ...params }).toString();
|
||||
const res = await fetch(`${config.url}${endpoint}?${qs}`, {
|
||||
method,
|
||||
headers: { Authorization: `Bearer ${config.token}`, ...headers },
|
||||
body,
|
||||
});
|
||||
if (!res.ok) {
|
||||
const text = await res.text();
|
||||
const err = new Error(text || `FileBrowser ${res.status}`);
|
||||
err.status = res.status;
|
||||
throw err;
|
||||
}
|
||||
}
|
||||
|
||||
async function mkdir(config, parentPath, name) {
|
||||
const safe = safeName(name);
|
||||
if (!safe) return;
|
||||
await fbFetch(config, 'POST', '/api/resources', {
|
||||
params: { path: joinPath(parentPath, safe), isDir: 'true' },
|
||||
}).catch(() => {});
|
||||
}
|
||||
|
||||
async function renameFolder(config, root, oldName, newName) {
|
||||
const oldSafe = safeName(oldName);
|
||||
const newSafe = safeName(newName);
|
||||
if (!oldSafe || !newSafe || oldSafe === newSafe) return;
|
||||
await fbFetch(config, 'PATCH', '/api/resources', {
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
action: 'rename',
|
||||
items: [{
|
||||
fromSource: FB_SOURCE, fromPath: joinPath(root, oldSafe),
|
||||
toSource: FB_SOURCE, toPath: joinPath(root, newSafe),
|
||||
}],
|
||||
overwrite: false,
|
||||
}),
|
||||
}).catch(() => {});
|
||||
}
|
||||
|
||||
export default async function handler(req, res) {
|
||||
if (req.method !== 'POST') return res.status(405).json({ error: 'Method not allowed' });
|
||||
|
||||
const secret = process.env.SUPABASE_WEBHOOK_SECRET;
|
||||
if (secret) {
|
||||
const incoming = req.headers['x-webhook-secret'] || req.headers['x-supabase-webhook-secret'] || '';
|
||||
if (incoming.trim() !== secret.trim()) return res.status(401).json({ error: 'Unauthorized' });
|
||||
}
|
||||
|
||||
const { type, record, old_record } = req.body || {};
|
||||
|
||||
// Only process team and external roles
|
||||
if (!MEMBER_ROLES.has(record?.role)) return res.status(200).json({ ok: true, skipped: true });
|
||||
if (!record?.name) return res.status(200).json({ ok: true, skipped: 'no name' });
|
||||
|
||||
const config = getConfig();
|
||||
if (!config.configured || !config.token) return res.status(200).json({ ok: true, skipped: 'not configured' });
|
||||
|
||||
const membersRoot = config.membersRoot;
|
||||
const membersParent = parentDir(membersRoot);
|
||||
const membersDirName = membersRoot.split('/').filter(Boolean).pop();
|
||||
|
||||
// Ensure /fourgebranding/team dir exists
|
||||
await mkdir(config, membersParent, membersDirName);
|
||||
|
||||
if (type === 'UPDATE' && old_record?.name && old_record.name !== record.name) {
|
||||
await renameFolder(config, membersRoot, old_record.name, record.name);
|
||||
}
|
||||
|
||||
// Ensure folder for current name exists
|
||||
await mkdir(config, membersRoot, record.name);
|
||||
|
||||
res.status(200).json({ ok: true, type, name: record.name, role: record.role });
|
||||
}
|
||||
Reference in New Issue
Block a user