foxerBN/crm-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Code quality improvements from code review

Browse Source 
- Add admin-only authorization for company and projects CRUD operations
- Create requireAccountId middleware to eliminate code duplication
- Standardize error handling (use next(error) consistently)
- Change error messages to Slovak language

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
richardtekula
2025-12-05 11:03:32 +01:00
parent 03b7a215bb
commit 6f4a31e9de
19 changed files with 186 additions and 191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/routes/company.routes.js
View File

@@ -1,6 +1,7 @@
import express from 'express';
import * as companyController from '../controllers/company.controller.js';
import { authenticate } from '../middlewares/auth/authMiddleware.js';
import { requireAdmin } from '../middlewares/auth/roleMiddleware.js';
import { validateBody, validateParams } from '../middlewares/security/validateInput.js';
import { createCompanySchema, updateCompanySchema, createCompanyReminderSchema, updateCompanyReminderSchema } from '../validators/crm.validators.js';
import { z } from 'zod';
@@ -39,24 +40,27 @@ router.get(
companyController.getCompanyById
);
// Create new company
// Create new company (admin only)
router.post(
'/',
requireAdmin,
validateBody(createCompanySchema),
companyController.createCompany
);
// Update company
// Update company (admin only)
router.patch(
'/:companyId',
requireAdmin,
validateParams(z.object({ companyId: z.string().uuid() })),
validateBody(updateCompanySchema),
companyController.updateCompany
);
// Delete company
// Delete company (admin only)
router.delete(
'/:companyId',
requireAdmin,
validateParams(z.object({ companyId: z.string().uuid() })),
companyController.deleteCompany
);
@@ -70,6 +74,7 @@ router.get(
router.post(
'/:companyId/notes',
requireAdmin,
validateParams(z.object({ companyId: z.string().uuid() })),
validateBody(z.object({
content: z.string().min(1),
@@ -79,6 +84,7 @@ router.post(
router.patch(
'/:companyId/notes/:noteId',
requireAdmin,
validateParams(z.object({
companyId: z.string().uuid(),
noteId: z.string().uuid()
@@ -91,6 +97,7 @@ router.patch(
router.delete(
'/:companyId/notes/:noteId',
requireAdmin,
validateParams(z.object({
companyId: z.string().uuid(),
noteId: z.string().uuid()
@@ -107,6 +114,7 @@ router.get(
router.post(
'/:companyId/reminders',
requireAdmin,
validateParams(z.object({ companyId: z.string().uuid() })),
validateBody(createCompanyReminderSchema),
companyController.createCompanyReminder
@@ -114,6 +122,7 @@ router.post(
router.patch(
'/:companyId/reminders/:reminderId',
requireAdmin,
validateParams(z.object({
companyId: z.string().uuid(),
reminderId: z.string().uuid()
@@ -124,6 +133,7 @@ router.patch(
router.delete(
'/:companyId/reminders/:reminderId',
requireAdmin,
validateParams(z.object({
companyId: z.string().uuid(),
reminderId: z.string().uuid()

18
src/routes/crm-email.routes.js
View File

@@ -1,6 +1,7 @@
import express from 'express';
import * as crmEmailController from '../controllers/crm-email.controller.js';
import { authenticate } from '../middlewares/auth/authMiddleware.js';
import { requireAccountId } from '../middlewares/security/requireAccountId.js';
import { validateBody, validateParams } from '../middlewares/security/validateInput.js';
import { z } from 'zod';
@@ -13,11 +14,11 @@ router.use(authenticate);
* Email management
*/
// Get all emails
router.get('/', crmEmailController.getEmails);
// Get all emails (accountId required)
router.get('/', requireAccountId, crmEmailController.getEmails);
// Search emails (DB search - searches in stored emails only)
router.get('/search', crmEmailController.searchEmails);
// Search emails (DB search - searches in stored emails only, accountId required)
router.get('/search', requireAccountId, crmEmailController.searchEmails);
// Search emails using JMAP full-text search (searches in all emails via JMAP)
router.get('/search-jmap', crmEmailController.searchEmailsJMAP);
@@ -28,23 +29,26 @@ router.get('/unread-count', crmEmailController.getUnreadCount);
// Sync latest emails from JMAP
router.post('/sync', crmEmailController.syncEmails);
// Get email thread (conversation)
// Get email thread (conversation, accountId required)
router.get(
'/thread/:threadId',
requireAccountId,
validateParams(z.object({ threadId: z.string() })),
crmEmailController.getThread
);
// Mark thread as read
// Mark thread as read (accountId required)
router.post(
'/thread/:threadId/read',
requireAccountId,
validateParams(z.object({ threadId: z.string() })),
crmEmailController.markThreadRead
);
// Mark all emails from contact as read
// Mark all emails from contact as read (accountId required)
router.post(
'/contact/:contactId/read',
requireAccountId,
validateParams(z.object({ contactId: z.string().uuid() })),
crmEmailController.markContactEmailsRead
);

16
src/routes/project.routes.js
View File

@@ -1,6 +1,7 @@
import express from 'express';
import * as projectController from '../controllers/project.controller.js';
import { authenticate } from '../middlewares/auth/authMiddleware.js';
import { requireAdmin } from '../middlewares/auth/roleMiddleware.js';
import { validateBody, validateParams } from '../middlewares/security/validateInput.js';
import { createProjectSchema, updateProjectSchema } from '../validators/crm.validators.js';
import { z } from 'zod';
@@ -24,24 +25,27 @@ router.get(
projectController.getProjectById
);
// Create new project
// Create new project (admin only)
router.post(
'/',
requireAdmin,
validateBody(createProjectSchema),
projectController.createProject
);
// Update project
// Update project (admin only)
router.patch(
'/:projectId',
requireAdmin,
validateParams(z.object({ projectId: z.string().uuid() })),
validateBody(updateProjectSchema),
projectController.updateProject
);
// Delete project
// Delete project (admin only)
router.delete(
'/:projectId',
requireAdmin,
validateParams(z.object({ projectId: z.string().uuid() })),
projectController.deleteProject
);
@@ -55,6 +59,7 @@ router.get(
router.post(
'/:projectId/notes',
requireAdmin,
validateParams(z.object({ projectId: z.string().uuid() })),
validateBody(z.object({
content: z.string().min(1),
@@ -65,6 +70,7 @@ router.post(
router.patch(
'/:projectId/notes/:noteId',
requireAdmin,
validateParams(z.object({
projectId: z.string().uuid(),
noteId: z.string().uuid()
@@ -78,6 +84,7 @@ router.patch(
router.delete(
'/:projectId/notes/:noteId',
requireAdmin,
validateParams(z.object({
projectId: z.string().uuid(),
noteId: z.string().uuid()
@@ -94,6 +101,7 @@ router.get(
router.post(
'/:projectId/users',
requireAdmin,
validateParams(z.object({ projectId: z.string().uuid() })),
validateBody(z.object({
userId: z.string().uuid('Neplatný formát user ID'),
@@ -104,6 +112,7 @@ router.post(
router.patch(
'/:projectId/users/:userId',
requireAdmin,
validateParams(z.object({
projectId: z.string().uuid(),
userId: z.string().uuid()
@@ -116,6 +125,7 @@ router.patch(
router.delete(
'/:projectId/users/:userId',
requireAdmin,
validateParams(z.object({
projectId: z.string().uuid(),
userId: z.string().uuid()