archetecture security fix
This commit is contained in:
+145
@@ -0,0 +1,145 @@
|
||||
"use strict";
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.findCompany = findCompany;
|
||||
exports.updateCompany = updateCompany;
|
||||
exports.findBrand = findBrand;
|
||||
exports.upsertBrand = upsertBrand;
|
||||
exports.findContractSettings = findContractSettings;
|
||||
exports.upsertContractSettings = upsertContractSettings;
|
||||
exports.findInsurancePolicies = findInsurancePolicies;
|
||||
exports.createInsurancePolicy = createInsurancePolicy;
|
||||
exports.updateInsurancePolicy = updateInsurancePolicy;
|
||||
exports.findInsurancePolicyOrThrow = findInsurancePolicyOrThrow;
|
||||
exports.deleteInsurancePolicy = deleteInsurancePolicy;
|
||||
exports.findPricingRules = findPricingRules;
|
||||
exports.createPricingRule = createPricingRule;
|
||||
exports.updatePricingRule = updatePricingRule;
|
||||
exports.findPricingRuleOrThrow = findPricingRuleOrThrow;
|
||||
exports.deletePricingRule = deletePricingRule;
|
||||
exports.findAccountingSettings = findAccountingSettings;
|
||||
exports.upsertAccountingSettings = upsertAccountingSettings;
|
||||
exports.findApiKey = findApiKey;
|
||||
exports.regenerateApiKey = regenerateApiKey;
|
||||
exports.findBrandBySubdomain = findBrandBySubdomain;
|
||||
exports.findBrandByCustomDomain = findBrandByCustomDomain;
|
||||
exports.clearCustomDomain = clearCustomDomain;
|
||||
const prisma_1 = require("../../lib/prisma");
|
||||
const apiKeys_1 = require("../../security/apiKeys");
|
||||
async function findCompany(companyId) {
|
||||
return prisma_1.prisma.company.findUniqueOrThrow({
|
||||
where: { id: companyId },
|
||||
include: {
|
||||
brand: true,
|
||||
subscription: true,
|
||||
_count: { select: { vehicles: true, customers: true, reservations: true } },
|
||||
},
|
||||
});
|
||||
}
|
||||
async function updateCompany(companyId, data) {
|
||||
return prisma_1.prisma.company.update({ where: { id: companyId }, data });
|
||||
}
|
||||
async function findBrand(companyId) {
|
||||
return prisma_1.prisma.brandSettings.findUnique({ where: { companyId } });
|
||||
}
|
||||
async function upsertBrand(companyId, updateData, createData) {
|
||||
return prisma_1.prisma.brandSettings.upsert({
|
||||
where: { companyId },
|
||||
update: updateData,
|
||||
create: { companyId, ...createData },
|
||||
});
|
||||
}
|
||||
async function findContractSettings(companyId) {
|
||||
return prisma_1.prisma.contractSettings.findUnique({ where: { companyId } });
|
||||
}
|
||||
async function upsertContractSettings(companyId, data) {
|
||||
return prisma_1.prisma.contractSettings.upsert({
|
||||
where: { companyId },
|
||||
update: data,
|
||||
create: { companyId, ...data },
|
||||
});
|
||||
}
|
||||
async function findInsurancePolicies(companyId) {
|
||||
return prisma_1.prisma.insurancePolicy.findMany({
|
||||
where: { companyId },
|
||||
orderBy: [{ isRequired: 'desc' }, { sortOrder: 'asc' }, { name: 'asc' }],
|
||||
});
|
||||
}
|
||||
async function createInsurancePolicy(companyId, data) {
|
||||
return prisma_1.prisma.insurancePolicy.create({ data: { companyId, ...data } });
|
||||
}
|
||||
async function updateInsurancePolicy(id, companyId, data) {
|
||||
return prisma_1.prisma.insurancePolicy.updateMany({ where: { id, companyId }, data });
|
||||
}
|
||||
async function findInsurancePolicyOrThrow(id) {
|
||||
return prisma_1.prisma.insurancePolicy.findUniqueOrThrow({ where: { id } });
|
||||
}
|
||||
async function deleteInsurancePolicy(id, companyId) {
|
||||
return prisma_1.prisma.insurancePolicy.deleteMany({ where: { id, companyId } });
|
||||
}
|
||||
async function findPricingRules(companyId) {
|
||||
return prisma_1.prisma.pricingRule.findMany({
|
||||
where: { companyId },
|
||||
orderBy: [{ isActive: 'desc' }, { createdAt: 'asc' }],
|
||||
});
|
||||
}
|
||||
async function createPricingRule(companyId, data) {
|
||||
return prisma_1.prisma.pricingRule.create({ data: { companyId, ...data } });
|
||||
}
|
||||
async function updatePricingRule(id, companyId, data) {
|
||||
return prisma_1.prisma.pricingRule.updateMany({ where: { id, companyId }, data });
|
||||
}
|
||||
async function findPricingRuleOrThrow(id) {
|
||||
return prisma_1.prisma.pricingRule.findUniqueOrThrow({ where: { id } });
|
||||
}
|
||||
async function deletePricingRule(id, companyId) {
|
||||
return prisma_1.prisma.pricingRule.deleteMany({ where: { id, companyId } });
|
||||
}
|
||||
async function findAccountingSettings(companyId) {
|
||||
return prisma_1.prisma.accountingSettings.findUnique({ where: { companyId } });
|
||||
}
|
||||
async function upsertAccountingSettings(companyId, data) {
|
||||
return prisma_1.prisma.accountingSettings.upsert({
|
||||
where: { companyId },
|
||||
update: data,
|
||||
create: { companyId, ...data },
|
||||
});
|
||||
}
|
||||
async function findApiKey(companyId) {
|
||||
const apiKeys = await prisma_1.prisma.companyApiKey.findMany({
|
||||
where: { companyId, revokedAt: null },
|
||||
orderBy: { createdAt: 'desc' },
|
||||
select: { id: true, name: true, prefix: true, lastUsedAt: true, createdAt: true, revokedAt: true },
|
||||
});
|
||||
return { apiKeys };
|
||||
}
|
||||
async function regenerateApiKey(companyId) {
|
||||
const nextKey = (0, apiKeys_1.generateCompanyApiKey)();
|
||||
await prisma_1.prisma.$transaction(async (tx) => {
|
||||
await tx.companyApiKey.updateMany({
|
||||
where: { companyId, revokedAt: null },
|
||||
data: { revokedAt: new Date() },
|
||||
});
|
||||
await tx.companyApiKey.create({
|
||||
data: {
|
||||
companyId,
|
||||
name: 'Default API key',
|
||||
prefix: nextKey.prefix,
|
||||
keyHash: nextKey.keyHash,
|
||||
},
|
||||
});
|
||||
});
|
||||
return { apiKey: nextKey.rawKey, prefix: nextKey.prefix, warning: 'This raw API key is shown once. Store it securely.' };
|
||||
}
|
||||
async function findBrandBySubdomain(subdomain, excludeCompanyId) {
|
||||
return prisma_1.prisma.brandSettings.findFirst({ where: { subdomain, companyId: { not: excludeCompanyId } } });
|
||||
}
|
||||
async function findBrandByCustomDomain(customDomain, excludeCompanyId) {
|
||||
return prisma_1.prisma.brandSettings.findFirst({ where: { customDomain, companyId: { not: excludeCompanyId } } });
|
||||
}
|
||||
async function clearCustomDomain(companyId) {
|
||||
return prisma_1.prisma.brandSettings.updateMany({
|
||||
where: { companyId },
|
||||
data: { customDomain: null, customDomainVerified: false, customDomainAddedAt: null },
|
||||
});
|
||||
}
|
||||
//# sourceMappingURL=company.repo.js.map
|
||||
Reference in New Issue
Block a user