fix email issues, add company,project,todos

src/app.js

@@ -18,6 +18,10 @@ import contactRoutes from './routes/contact.routes.js';
 import crmEmailRoutes from './routes/crm-email.routes.js';
 import emailAccountRoutes from './routes/email-account.routes.js';
 import timesheetRoutes from './routes/timesheet.routes.js';
+import companyRoutes from './routes/company.routes.js';
+import projectRoutes from './routes/project.routes.js';
+import todoRoutes from './routes/todo.routes.js';
+import noteRoutes from './routes/note.routes.js';
 
 const app = express();
 
@@ -74,6 +78,10 @@ app.use('/api/contacts', contactRoutes);
 app.use('/api/emails', crmEmailRoutes);
 app.use('/api/email-accounts', emailAccountRoutes);
 app.use('/api/timesheets', timesheetRoutes);
+app.use('/api/companies', companyRoutes);
+app.use('/api/projects', projectRoutes);
+app.use('/api/todos', todoRoutes);
+app.use('/api/notes', noteRoutes);
 
 // Basic route
 app.get('/', (req, res) => {

src/controllers/company.controller.js

@@ -0,0 +1,223 @@
+import * as companyService from '../services/company.service.js';
+import * as noteService from '../services/note.service.js';
+import { formatErrorResponse } from '../utils/errors.js';
+
+/**
+ * Get all companies
+ * GET /api/companies?search=query
+ */
+export const getAllCompanies = async (req, res) => {
+  try {
+    const { search } = req.query;
+
+    const companies = await companyService.getAllCompanies(search);
+
+    res.status(200).json({
+      success: true,
+      count: companies.length,
+      data: companies,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Get company by ID
+ * GET /api/companies/:companyId
+ */
+export const getCompanyById = async (req, res) => {
+  try {
+    const { companyId } = req.params;
+
+    const company = await companyService.getCompanyById(companyId);
+
+    res.status(200).json({
+      success: true,
+      data: company,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Get company with relations (projects, todos, notes)
+ * GET /api/companies/:companyId/details
+ */
+export const getCompanyWithRelations = async (req, res) => {
+  try {
+    const { companyId } = req.params;
+
+    const company = await companyService.getCompanyWithRelations(companyId);
+
+    res.status(200).json({
+      success: true,
+      data: company,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Create new company
+ * POST /api/companies
+ * Body: { name, description, address, city, country, phone, email, website }
+ */
+export const createCompany = async (req, res) => {
+  try {
+    const userId = req.userId;
+    const data = req.body;
+
+    const company = await companyService.createCompany(userId, data);
+
+    res.status(201).json({
+      success: true,
+      data: company,
+      message: 'Firma bola vytvorená',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Update company
+ * PATCH /api/companies/:companyId
+ * Body: { name, description, address, city, country, phone, email, website }
+ */
+export const updateCompany = async (req, res) => {
+  try {
+    const { companyId } = req.params;
+    const data = req.body;
+
+    const company = await companyService.updateCompany(companyId, data);
+
+    res.status(200).json({
+      success: true,
+      data: company,
+      message: 'Firma bola aktualizovaná',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Delete company
+ * DELETE /api/companies/:companyId
+ */
+export const deleteCompany = async (req, res) => {
+  try {
+    const { companyId } = req.params;
+
+    const result = await companyService.deleteCompany(companyId);
+
+    res.status(200).json({
+      success: true,
+      message: result.message,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Get company notes
+ * GET /api/companies/:companyId/notes
+ */
+export const getCompanyNotes = async (req, res) => {
+  try {
+    const { companyId } = req.params;
+
+    const notes = await noteService.getNotesByCompanyId(companyId);
+
+    res.status(200).json({
+      success: true,
+      count: notes.length,
+      data: notes,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Add company note
+ * POST /api/companies/:companyId/notes
+ */
+export const addCompanyNote = async (req, res) => {
+  try {
+    const userId = req.userId;
+    const { companyId } = req.params;
+    const { content, reminderAt } = req.body;
+
+    const note = await noteService.createNote(userId, {
+      content,
+      companyId,
+      reminderDate: reminderAt, // Map reminderAt to reminderDate
+    });
+
+    res.status(201).json({
+      success: true,
+      data: note,
+      message: 'Poznámka bola pridaná',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Update company note
+ * PATCH /api/companies/:companyId/notes/:noteId
+ */
+export const updateCompanyNote = async (req, res) => {
+  try {
+    const { noteId } = req.params;
+    const { content, reminderAt } = req.body;
+
+    const note = await noteService.updateNote(noteId, {
+      content,
+      reminderDate: reminderAt, // Map reminderAt to reminderDate
+    });
+
+    res.status(200).json({
+      success: true,
+      data: note,
+      message: 'Poznámka bola aktualizovaná',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Delete company note
+ * DELETE /api/companies/:companyId/notes/:noteId
+ */
+export const deleteCompanyNote = async (req, res) => {
+  try {
+    const { noteId } = req.params;
+
+    const result = await noteService.deleteNote(noteId);
+
+    res.status(200).json({
+      success: true,
+      message: result.message,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};

src/controllers/contact.controller.js

@@ -238,3 +238,125 @@ export const updateContact = async (req, res) => {
     res.status(error.statusCode || 500).json(errorResponse);
   }
 };
+
+/**
+ * Link company to contact
+ * POST /api/contacts/:contactId/link-company?accountId=xxx
+ * Body: { companyId }
+ */
+export const linkCompanyToContact = async (req, res) => {
+  try {
+    const userId = req.userId;
+    const { contactId } = req.params;
+    const { accountId } = req.query;
+    const { companyId } = req.body;
+
+    if (!accountId) {
+      return res.status(400).json({
+        success: false,
+        error: {
+          message: 'accountId je povinný parameter',
+          statusCode: 400,
+        },
+      });
+    }
+
+    if (!companyId) {
+      return res.status(400).json({
+        success: false,
+        error: {
+          message: 'companyId je povinný',
+          statusCode: 400,
+        },
+      });
+    }
+
+    // Verify user has access to this email account
+    await emailAccountService.getEmailAccountById(accountId, userId);
+
+    const updated = await contactService.linkCompanyToContact(contactId, accountId, companyId);
+
+    res.status(200).json({
+      success: true,
+      data: updated,
+      message: 'Firma bola linknutá ku kontaktu',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Unlink company from contact
+ * POST /api/contacts/:contactId/unlink-company?accountId=xxx
+ */
+export const unlinkCompanyFromContact = async (req, res) => {
+  try {
+    const userId = req.userId;
+    const { contactId } = req.params;
+    const { accountId } = req.query;
+
+    if (!accountId) {
+      return res.status(400).json({
+        success: false,
+        error: {
+          message: 'accountId je povinný parameter',
+          statusCode: 400,
+        },
+      });
+    }
+
+    // Verify user has access to this email account
+    await emailAccountService.getEmailAccountById(accountId, userId);
+
+    const updated = await contactService.unlinkCompanyFromContact(contactId, accountId);
+
+    res.status(200).json({
+      success: true,
+      data: updated,
+      message: 'Firma bola odlinknutá od kontaktu',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Create company from contact
+ * POST /api/contacts/:contactId/create-company?accountId=xxx
+ * Body: { name, email, phone, address, city, country, website, description } (all optional, uses contact data as defaults)
+ */
+export const createCompanyFromContact = async (req, res) => {
+  try {
+    const userId = req.userId;
+    const { contactId } = req.params;
+    const { accountId } = req.query;
+    const companyData = req.body;
+
+    if (!accountId) {
+      return res.status(400).json({
+        success: false,
+        error: {
+          message: 'accountId je povinný parameter',
+          statusCode: 400,
+        },
+      });
+    }
+
+    // Verify user has access to this email account
+    await emailAccountService.getEmailAccountById(accountId, userId);
+
+    const result = await contactService.createCompanyFromContact(contactId, accountId, userId, companyData);
+
+    res.status(201).json({
+      success: true,
+      data: result,
+      message: 'Firma bola vytvorená z kontaktu',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};

src/controllers/note.controller.js

@@ -0,0 +1,159 @@
+import * as noteService from '../services/note.service.js';
+import { formatErrorResponse } from '../utils/errors.js';
+
+/**
+ * Get all notes
+ * GET /api/notes?search=query&companyId=xxx&projectId=xxx&todoId=xxx&contactId=xxx
+ */
+export const getAllNotes = async (req, res) => {
+  try {
+    const { search, companyId, projectId, todoId, contactId } = req.query;
+
+    const filters = {
+      searchTerm: search,
+      companyId,
+      projectId,
+      todoId,
+      contactId,
+    };
+
+    const notes = await noteService.getAllNotes(filters);
+
+    res.status(200).json({
+      success: true,
+      count: notes.length,
+      data: notes,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Get note by ID
+ * GET /api/notes/:noteId
+ */
+export const getNoteById = async (req, res) => {
+  try {
+    const { noteId } = req.params;
+
+    const note = await noteService.getNoteById(noteId);
+
+    res.status(200).json({
+      success: true,
+      data: note,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Create new note
+ * POST /api/notes
+ * Body: { title, content, companyId, projectId, todoId, contactId }
+ */
+export const createNote = async (req, res) => {
+  try {
+    const userId = req.userId;
+    const data = req.body;
+
+    const note = await noteService.createNote(userId, data);
+
+    res.status(201).json({
+      success: true,
+      data: note,
+      message: 'Poznámka bola vytvorená',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Update note
+ * PATCH /api/notes/:noteId
+ * Body: { title, content, companyId, projectId, todoId, contactId }
+ */
+export const updateNote = async (req, res) => {
+  try {
+    const { noteId } = req.params;
+    const data = req.body;
+
+    const note = await noteService.updateNote(noteId, data);
+
+    res.status(200).json({
+      success: true,
+      data: note,
+      message: 'Poznámka bola aktualizovaná',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Delete note
+ * DELETE /api/notes/:noteId
+ */
+export const deleteNote = async (req, res) => {
+  try {
+    const { noteId } = req.params;
+
+    const result = await noteService.deleteNote(noteId);
+
+    res.status(200).json({
+      success: true,
+      message: result.message,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Get upcoming reminders for current user
+ * GET /api/notes/my-reminders
+ */
+export const getMyReminders = async (req, res) => {
+  try {
+    const userId = req.userId;
+
+    const reminders = await noteService.getUpcomingRemindersForUser(userId);
+
+    res.status(200).json({
+      success: true,
+      count: reminders.length,
+      data: reminders,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Mark reminder as sent
+ * POST /api/notes/:noteId/mark-reminder-sent
+ */
+export const markReminderSent = async (req, res) => {
+  try {
+    const { noteId } = req.params;
+
+    const updated = await noteService.markReminderAsSent(noteId);
+
+    res.status(200).json({
+      success: true,
+      data: updated,
+      message: 'Reminder označený ako odoslaný',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};

src/controllers/project.controller.js

@@ -0,0 +1,316 @@
+import * as projectService from '../services/project.service.js';
+import * as noteService from '../services/note.service.js';
+import { formatErrorResponse } from '../utils/errors.js';
+
+/**
+ * Get all projects
+ * GET /api/projects?search=query&companyId=xxx
+ */
+export const getAllProjects = async (req, res) => {
+  try {
+    const { search, companyId } = req.query;
+
+    const projects = await projectService.getAllProjects(search, companyId);
+
+    res.status(200).json({
+      success: true,
+      count: projects.length,
+      data: projects,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Get project by ID
+ * GET /api/projects/:projectId
+ */
+export const getProjectById = async (req, res) => {
+  try {
+    const { projectId } = req.params;
+
+    const project = await projectService.getProjectById(projectId);
+
+    res.status(200).json({
+      success: true,
+      data: project,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Get project with relations (company, todos, notes, timesheets)
+ * GET /api/projects/:projectId/details
+ */
+export const getProjectWithRelations = async (req, res) => {
+  try {
+    const { projectId } = req.params;
+
+    const project = await projectService.getProjectWithRelations(projectId);
+
+    res.status(200).json({
+      success: true,
+      data: project,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Create new project
+ * POST /api/projects
+ * Body: { name, description, companyId, status, startDate, endDate }
+ */
+export const createProject = async (req, res) => {
+  try {
+    const userId = req.userId;
+    const data = req.body;
+
+    const project = await projectService.createProject(userId, data);
+
+    res.status(201).json({
+      success: true,
+      data: project,
+      message: 'Projekt bol vytvorený',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Update project
+ * PATCH /api/projects/:projectId
+ * Body: { name, description, companyId, status, startDate, endDate }
+ */
+export const updateProject = async (req, res) => {
+  try {
+    const { projectId } = req.params;
+    const data = req.body;
+
+    const project = await projectService.updateProject(projectId, data);
+
+    res.status(200).json({
+      success: true,
+      data: project,
+      message: 'Projekt bol aktualizovaný',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Delete project
+ * DELETE /api/projects/:projectId
+ */
+export const deleteProject = async (req, res) => {
+  try {
+    const { projectId } = req.params;
+
+    const result = await projectService.deleteProject(projectId);
+
+    res.status(200).json({
+      success: true,
+      message: result.message,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Get project notes
+ * GET /api/projects/:projectId/notes
+ */
+export const getProjectNotes = async (req, res) => {
+  try {
+    const { projectId } = req.params;
+
+    const notes = await noteService.getNotesByProjectId(projectId);
+
+    res.status(200).json({
+      success: true,
+      count: notes.length,
+      data: notes,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Add project note
+ * POST /api/projects/:projectId/notes
+ */
+export const addProjectNote = async (req, res) => {
+  try {
+    const userId = req.userId;
+    const { projectId } = req.params;
+    const { content, reminderAt } = req.body;
+
+    const note = await noteService.createNote(userId, {
+      content,
+      projectId,
+      reminderDate: reminderAt, // Map reminderAt to reminderDate
+    });
+
+    res.status(201).json({
+      success: true,
+      data: note,
+      message: 'Poznámka bola pridaná',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Update project note
+ * PATCH /api/projects/:projectId/notes/:noteId
+ */
+export const updateProjectNote = async (req, res) => {
+  try {
+    const { noteId } = req.params;
+    const { content, reminderAt } = req.body;
+
+    const note = await noteService.updateNote(noteId, {
+      content,
+      reminderDate: reminderAt, // Map reminderAt to reminderDate
+    });
+
+    res.status(200).json({
+      success: true,
+      data: note,
+      message: 'Poznámka bola aktualizovaná',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Delete project note
+ * DELETE /api/projects/:projectId/notes/:noteId
+ */
+export const deleteProjectNote = async (req, res) => {
+  try {
+    const { noteId } = req.params;
+
+    const result = await noteService.deleteNote(noteId);
+
+    res.status(200).json({
+      success: true,
+      message: result.message,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Get project users (team members)
+ * GET /api/projects/:projectId/users
+ */
+export const getProjectUsers = async (req, res) => {
+  try {
+    const { projectId } = req.params;
+
+    const users = await projectService.getProjectUsers(projectId);
+
+    res.status(200).json({
+      success: true,
+      count: users.length,
+      data: users,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Assign user to project
+ * POST /api/projects/:projectId/users
+ * Body: { userId, role }
+ */
+export const assignUserToProject = async (req, res) => {
+  try {
+    const currentUserId = req.userId;
+    const { projectId } = req.params;
+    const { userId, role } = req.body;
+
+    const assignment = await projectService.assignUserToProject(
+      projectId,
+      userId,
+      currentUserId,
+      role
+    );
+
+    res.status(201).json({
+      success: true,
+      data: assignment,
+      message: 'Používateľ bol priradený k projektu',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Remove user from project
+ * DELETE /api/projects/:projectId/users/:userId
+ */
+export const removeUserFromProject = async (req, res) => {
+  try {
+    const { projectId, userId } = req.params;
+
+    const result = await projectService.removeUserFromProject(projectId, userId);
+
+    res.status(200).json({
+      success: true,
+      message: result.message,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Update user role on project
+ * PATCH /api/projects/:projectId/users/:userId
+ * Body: { role }
+ */
+export const updateUserRoleOnProject = async (req, res) => {
+  try {
+    const { projectId, userId } = req.params;
+    const { role } = req.body;
+
+    const updated = await projectService.updateUserRoleOnProject(projectId, userId, role);
+
+    res.status(200).json({
+      success: true,
+      data: updated,
+      message: 'Rola používateľa bola aktualizovaná',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};

src/controllers/todo.controller.js

@@ -0,0 +1,191 @@
+import * as todoService from '../services/todo.service.js';
+import { formatErrorResponse } from '../utils/errors.js';
+
+/**
+ * Get all todos
+ * GET /api/todos?search=query&projectId=xxx&companyId=xxx&assignedTo=xxx&status=xxx
+ */
+export const getAllTodos = async (req, res) => {
+  try {
+    const { search, projectId, companyId, assignedTo, status } = req.query;
+
+    const filters = {
+      searchTerm: search,
+      projectId,
+      companyId,
+      assignedTo,
+      status,
+    };
+
+    const todos = await todoService.getAllTodos(filters);
+
+    res.status(200).json({
+      success: true,
+      count: todos.length,
+      data: todos,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Get my todos (assigned to current user)
+ * GET /api/todos/my?status=xxx
+ */
+export const getMyTodos = async (req, res) => {
+  try {
+    const userId = req.userId;
+    const { status } = req.query;
+
+    const filters = {
+      assignedTo: userId,
+      status,
+    };
+
+    const todos = await todoService.getAllTodos(filters);
+
+    res.status(200).json({
+      success: true,
+      count: todos.length,
+      data: todos,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Get todo by ID
+ * GET /api/todos/:todoId
+ */
+export const getTodoById = async (req, res) => {
+  try {
+    const { todoId } = req.params;
+
+    const todo = await todoService.getTodoById(todoId);
+
+    res.status(200).json({
+      success: true,
+      data: todo,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Get todo with relations (project, company, assigned user, notes)
+ * GET /api/todos/:todoId/details
+ */
+export const getTodoWithRelations = async (req, res) => {
+  try {
+    const { todoId } = req.params;
+
+    const todo = await todoService.getTodoWithRelations(todoId);
+
+    res.status(200).json({
+      success: true,
+      data: todo,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Create new todo
+ * POST /api/todos
+ * Body: { title, description, projectId, companyId, assignedTo, status, priority, dueDate }
+ */
+export const createTodo = async (req, res) => {
+  try {
+    const userId = req.userId;
+    const data = req.body;
+
+    const todo = await todoService.createTodo(userId, data);
+
+    res.status(201).json({
+      success: true,
+      data: todo,
+      message: 'Todo bolo vytvorené',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Update todo
+ * PATCH /api/todos/:todoId
+ * Body: { title, description, projectId, companyId, assignedTo, status, priority, dueDate }
+ */
+export const updateTodo = async (req, res) => {
+  try {
+    const { todoId } = req.params;
+    const data = req.body;
+
+    const todo = await todoService.updateTodo(todoId, data);
+
+    res.status(200).json({
+      success: true,
+      data: todo,
+      message: 'Todo bolo aktualizované',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Delete todo
+ * DELETE /api/todos/:todoId
+ */
+export const deleteTodo = async (req, res) => {
+  try {
+    const { todoId } = req.params;
+
+    const result = await todoService.deleteTodo(todoId);
+
+    res.status(200).json({
+      success: true,
+      message: result.message,
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};
+
+/**
+ * Toggle todo completion status
+ * PATCH /api/todos/:todoId/toggle
+ */
+export const toggleTodo = async (req, res) => {
+  try {
+    const { todoId } = req.params;
+
+    // Get current todo
+    const todo = await todoService.getTodoById(todoId);
+
+    // Toggle completed status
+    const updated = await todoService.updateTodo(todoId, {
+      status: todo.status === 'completed' ? 'pending' : 'completed',
+    });
+
+    res.status(200).json({
+      success: true,
+      data: updated,
+      message: 'Todo status aktualizovaný',
+    });
+  } catch (error) {
+    const errorResponse = formatErrorResponse(error, process.env.NODE_ENV === 'development');
+    res.status(error.statusCode || 500).json(errorResponse);
+  }
+};

src/db/create_project_users_table.js

@@ -0,0 +1,54 @@
+import { db } from '../config/database.js';
+import { sql } from 'drizzle-orm';
+
+async function createProjectUsersTable() {
+  console.log('⏳ Creating project_users table...');
+
+  try {
+    // Check if table exists
+    const result = await db.execute(sql`
+      SELECT EXISTS (
+        SELECT FROM information_schema.tables
+        WHERE table_schema = 'public'
+        AND table_name = 'project_users'
+      );
+    `);
+
+    const tableExists = result.rows[0]?.exists;
+
+    if (tableExists) {
+      console.log('✅ project_users table already exists');
+      process.exit(0);
+    }
+
+    // Create the table
+    await db.execute(sql`
+      CREATE TABLE IF NOT EXISTS project_users (
+          id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+          project_id UUID NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+          user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+          role TEXT,
+          added_by UUID REFERENCES users(id) ON DELETE SET NULL,
+          added_at TIMESTAMP NOT NULL DEFAULT NOW(),
+          CONSTRAINT project_user_unique UNIQUE(project_id, user_id)
+      );
+    `);
+
+    // Create indexes
+    await db.execute(sql`
+      CREATE INDEX IF NOT EXISTS idx_project_users_project_id ON project_users(project_id);
+    `);
+
+    await db.execute(sql`
+      CREATE INDEX IF NOT EXISTS idx_project_users_user_id ON project_users(user_id);
+    `);
+
+    console.log('✅ project_users table created successfully');
+    process.exit(0);
+  } catch (error) {
+    console.error('❌ Failed to create table:', error);
+    process.exit(1);
+  }
+}
+
+createProjectUsersTable();

src/db/migrations/add_company_link_and_reminders.sql

@@ -0,0 +1,31 @@
+-- Add company_id to contacts table
+DO $$
+BEGIN
+    IF NOT EXISTS (
+        SELECT 1 FROM information_schema.columns
+        WHERE table_name='contacts' AND column_name='company_id'
+    ) THEN
+        ALTER TABLE contacts ADD COLUMN company_id UUID REFERENCES companies(id) ON DELETE SET NULL;
+        CREATE INDEX idx_contacts_company_id ON contacts(company_id);
+    END IF;
+END $$;
+
+-- Add reminder fields to notes table
+DO $$
+BEGIN
+    IF NOT EXISTS (
+        SELECT 1 FROM information_schema.columns
+        WHERE table_name='notes' AND column_name='reminder_date'
+    ) THEN
+        ALTER TABLE notes ADD COLUMN reminder_date TIMESTAMP;
+        CREATE INDEX idx_notes_reminder_date ON notes(reminder_date) WHERE reminder_date IS NOT NULL;
+    END IF;
+
+    IF NOT EXISTS (
+        SELECT 1 FROM information_schema.columns
+        WHERE table_name='notes' AND column_name='reminder_sent'
+    ) THEN
+        ALTER TABLE notes ADD COLUMN reminder_sent BOOLEAN NOT NULL DEFAULT false;
+        CREATE INDEX idx_notes_reminder_pending ON notes(reminder_date, reminder_sent) WHERE reminder_date IS NOT NULL AND reminder_sent = false;
+    END IF;
+END $$;

src/db/migrations/add_crm_tables.sql

@@ -0,0 +1,107 @@
+-- Add new enum types
+DO $$ BEGIN
+    CREATE TYPE project_status AS ENUM('active', 'completed', 'on_hold', 'cancelled');
+EXCEPTION
+    WHEN duplicate_object THEN null;
+END $$;
+
+DO $$ BEGIN
+    CREATE TYPE todo_status AS ENUM('pending', 'in_progress', 'completed', 'cancelled');
+EXCEPTION
+    WHEN duplicate_object THEN null;
+END $$;
+
+DO $$ BEGIN
+    CREATE TYPE todo_priority AS ENUM('low', 'medium', 'high', 'urgent');
+EXCEPTION
+    WHEN duplicate_object THEN null;
+END $$;
+
+-- Create companies table
+CREATE TABLE IF NOT EXISTS companies (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    name TEXT NOT NULL,
+    description TEXT,
+    address TEXT,
+    city TEXT,
+    country TEXT,
+    phone TEXT,
+    email TEXT,
+    website TEXT,
+    created_by UUID REFERENCES users(id) ON DELETE SET NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMP NOT NULL DEFAULT NOW()
+);
+
+-- Create projects table
+CREATE TABLE IF NOT EXISTS projects (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    name TEXT NOT NULL,
+    description TEXT,
+    company_id UUID REFERENCES companies(id) ON DELETE CASCADE,
+    status project_status NOT NULL DEFAULT 'active',
+    start_date TIMESTAMP,
+    end_date TIMESTAMP,
+    created_by UUID REFERENCES users(id) ON DELETE SET NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMP NOT NULL DEFAULT NOW()
+);
+
+-- Create todos table
+CREATE TABLE IF NOT EXISTS todos (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    title TEXT NOT NULL,
+    description TEXT,
+    project_id UUID REFERENCES projects(id) ON DELETE CASCADE,
+    company_id UUID REFERENCES companies(id) ON DELETE CASCADE,
+    assigned_to UUID REFERENCES users(id) ON DELETE SET NULL,
+    status todo_status NOT NULL DEFAULT 'pending',
+    priority todo_priority NOT NULL DEFAULT 'medium',
+    due_date TIMESTAMP,
+    completed_at TIMESTAMP,
+    created_by UUID REFERENCES users(id) ON DELETE SET NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMP NOT NULL DEFAULT NOW()
+);
+
+-- Create notes table
+CREATE TABLE IF NOT EXISTS notes (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    title TEXT,
+    content TEXT NOT NULL,
+    company_id UUID REFERENCES companies(id) ON DELETE CASCADE,
+    project_id UUID REFERENCES projects(id) ON DELETE CASCADE,
+    todo_id UUID REFERENCES todos(id) ON DELETE CASCADE,
+    contact_id UUID REFERENCES contacts(id) ON DELETE CASCADE,
+    created_by UUID REFERENCES users(id) ON DELETE SET NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMP NOT NULL DEFAULT NOW()
+);
+
+-- Add project_id to timesheets table if not exists
+DO $$
+BEGIN
+    IF NOT EXISTS (
+        SELECT 1 FROM information_schema.columns
+        WHERE table_name='timesheets' AND column_name='project_id'
+    ) THEN
+        ALTER TABLE timesheets ADD COLUMN project_id UUID REFERENCES projects(id) ON DELETE SET NULL;
+    END IF;
+END $$;
+
+-- Create indexes for better query performance
+CREATE INDEX IF NOT EXISTS idx_companies_created_at ON companies(created_at);
+CREATE INDEX IF NOT EXISTS idx_projects_company_id ON projects(company_id);
+CREATE INDEX IF NOT EXISTS idx_projects_status ON projects(status);
+CREATE INDEX IF NOT EXISTS idx_projects_created_at ON projects(created_at);
+CREATE INDEX IF NOT EXISTS idx_todos_project_id ON todos(project_id);
+CREATE INDEX IF NOT EXISTS idx_todos_company_id ON todos(company_id);
+CREATE INDEX IF NOT EXISTS idx_todos_assigned_to ON todos(assigned_to);
+CREATE INDEX IF NOT EXISTS idx_todos_status ON todos(status);
+CREATE INDEX IF NOT EXISTS idx_todos_created_at ON todos(created_at);
+CREATE INDEX IF NOT EXISTS idx_notes_company_id ON notes(company_id);
+CREATE INDEX IF NOT EXISTS idx_notes_project_id ON notes(project_id);
+CREATE INDEX IF NOT EXISTS idx_notes_todo_id ON notes(todo_id);
+CREATE INDEX IF NOT EXISTS idx_notes_contact_id ON notes(contact_id);
+CREATE INDEX IF NOT EXISTS idx_notes_created_at ON notes(created_at);
+CREATE INDEX IF NOT EXISTS idx_timesheets_project_id ON timesheets(project_id);

src/db/migrations/add_project_users.sql

@@ -0,0 +1,21 @@
+-- Migration: Add project_users junction table for project team management
+-- Created: 2025-11-21
+-- Description: Allows many-to-many relationship between projects and users
+
+-- Create project_users junction table
+CREATE TABLE IF NOT EXISTS project_users (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    project_id UUID NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+    user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    role TEXT,
+    added_by UUID REFERENCES users(id) ON DELETE SET NULL,
+    added_at TIMESTAMP NOT NULL DEFAULT NOW(),
+    CONSTRAINT project_user_unique UNIQUE(project_id, user_id)
+);
+
+-- Create indexes for better query performance
+CREATE INDEX IF NOT EXISTS idx_project_users_project_id ON project_users(project_id);
+CREATE INDEX IF NOT EXISTS idx_project_users_user_id ON project_users(user_id);
+
+-- Add comment
+COMMENT ON TABLE project_users IS 'Junction table for many-to-many relationship between projects and users (project team members)';

src/db/schema.js

@@ -1,7 +1,10 @@
 import { pgTable, text, timestamp, boolean, uuid, pgEnum, unique, integer } from 'drizzle-orm/pg-core';
 
-// Role enum
+// Enums
 export const roleEnum = pgEnum('role', ['admin', 'member']);
+export const projectStatusEnum = pgEnum('project_status', ['active', 'completed', 'on_hold', 'cancelled']);
+export const todoStatusEnum = pgEnum('todo_status', ['pending', 'in_progress', 'completed', 'cancelled']);
+export const todoPriorityEnum = pgEnum('todo_priority', ['low', 'medium', 'high', 'urgent']);
 
 // Users table - používatelia systému
 export const users = pgTable('users', {
@@ -63,6 +66,7 @@ export const auditLogs = pgTable('audit_logs', {
 export const contacts = pgTable('contacts', {
   id: uuid('id').primaryKey().defaultRandom(),
   emailAccountId: uuid('email_account_id').references(() => emailAccounts.id, { onDelete: 'cascade' }).notNull(),
+  companyId: uuid('company_id').references(() => companies.id, { onDelete: 'set null' }), // kontakt môže byť linknutý k firme
   email: text('email').notNull(),
   name: text('name'),
   notes: text('notes'),
@@ -96,10 +100,86 @@ export const emails = pgTable('emails', {
   updatedAt: timestamp('updated_at').defaultNow().notNull(),
 });
 
+// Companies table - firmy/spoločnosti
+export const companies = pgTable('companies', {
+  id: uuid('id').primaryKey().defaultRandom(),
+  name: text('name').notNull(),
+  description: text('description'),
+  address: text('address'),
+  city: text('city'),
+  country: text('country'),
+  phone: text('phone'),
+  email: text('email'),
+  website: text('website'),
+  createdBy: uuid('created_by').references(() => users.id, { onDelete: 'set null' }),
+  createdAt: timestamp('created_at').defaultNow().notNull(),
+  updatedAt: timestamp('updated_at').defaultNow().notNull(),
+});
+
+// Projects table - projekty
+export const projects = pgTable('projects', {
+  id: uuid('id').primaryKey().defaultRandom(),
+  name: text('name').notNull(),
+  description: text('description'),
+  companyId: uuid('company_id').references(() => companies.id, { onDelete: 'cascade' }), // projekt môže patriť firme
+  status: projectStatusEnum('status').default('active').notNull(),
+  startDate: timestamp('start_date'),
+  endDate: timestamp('end_date'),
+  createdBy: uuid('created_by').references(() => users.id, { onDelete: 'set null' }),
+  createdAt: timestamp('created_at').defaultNow().notNull(),
+  updatedAt: timestamp('updated_at').defaultNow().notNull(),
+});
+
+// Project Users - many-to-many medzi projects a users (tím projektu)
+export const projectUsers = pgTable('project_users', {
+  id: uuid('id').primaryKey().defaultRandom(),
+  projectId: uuid('project_id').references(() => projects.id, { onDelete: 'cascade' }).notNull(),
+  userId: uuid('user_id').references(() => users.id, { onDelete: 'cascade' }).notNull(),
+  role: text('role'), // napr. 'lead', 'member', 'viewer' - voliteľné
+  addedBy: uuid('added_by').references(() => users.id, { onDelete: 'set null' }), // kto pridal používateľa do projektu
+  addedAt: timestamp('added_at').defaultNow().notNull(),
+}, (table) => ({
+  projectUserUnique: unique('project_user_unique').on(table.projectId, table.userId),
+}));
+
+// Todos table - úlohy/tasky
+export const todos = pgTable('todos', {
+  id: uuid('id').primaryKey().defaultRandom(),
+  title: text('title').notNull(),
+  description: text('description'),
+  projectId: uuid('project_id').references(() => projects.id, { onDelete: 'cascade' }), // todo môže patriť projektu
+  companyId: uuid('company_id').references(() => companies.id, { onDelete: 'cascade' }), // alebo firme
+  assignedTo: uuid('assigned_to').references(() => users.id, { onDelete: 'set null' }), // komu je priradené
+  status: todoStatusEnum('status').default('pending').notNull(),
+  priority: todoPriorityEnum('priority').default('medium').notNull(),
+  dueDate: timestamp('due_date'),
+  completedAt: timestamp('completed_at'),
+  createdBy: uuid('created_by').references(() => users.id, { onDelete: 'set null' }),
+  createdAt: timestamp('created_at').defaultNow().notNull(),
+  updatedAt: timestamp('updated_at').defaultNow().notNull(),
+});
+
+// Notes table - poznámky
+export const notes = pgTable('notes', {
+  id: uuid('id').primaryKey().defaultRandom(),
+  title: text('title'),
+  content: text('content').notNull(),
+  companyId: uuid('company_id').references(() => companies.id, { onDelete: 'cascade' }), // poznámka k firme
+  projectId: uuid('project_id').references(() => projects.id, { onDelete: 'cascade' }), // alebo projektu
+  todoId: uuid('todo_id').references(() => todos.id, { onDelete: 'cascade' }), // alebo todo
+  contactId: uuid('contact_id').references(() => contacts.id, { onDelete: 'cascade' }), // alebo kontaktu
+  reminderDate: timestamp('reminder_date'), // dátum a čas pre reminder
+  reminderSent: boolean('reminder_sent').default(false).notNull(), // či už bol reminder odoslaný
+  createdBy: uuid('created_by').references(() => users.id, { onDelete: 'set null' }),
+  createdAt: timestamp('created_at').defaultNow().notNull(),
+  updatedAt: timestamp('updated_at').defaultNow().notNull(),
+});
+
 // Timesheets table - nahrané timesheets od používateľov
 export const timesheets = pgTable('timesheets', {
   id: uuid('id').primaryKey().defaultRandom(),
   userId: uuid('user_id').references(() => users.id, { onDelete: 'cascade' }).notNull(), // kto nahral timesheet
+  projectId: uuid('project_id').references(() => projects.id, { onDelete: 'set null' }), // projekt ku ktorému patrí timesheet
   fileName: text('file_name').notNull(), // originálny názov súboru
   filePath: text('file_path').notNull(), // cesta k súboru na serveri
   fileType: text('file_type').notNull(), // 'pdf' alebo 'xlsx'

src/routes/company.routes.js

@@ -0,0 +1,95 @@
+import express from 'express';
+import * as companyController from '../controllers/company.controller.js';
+import { authenticate } from '../middlewares/auth/authMiddleware.js';
+import { validateBody, validateParams } from '../middlewares/security/validateInput.js';
+import { createCompanySchema, updateCompanySchema } from '../validators/crm.validators.js';
+import { z } from 'zod';
+
+const router = express.Router();
+
+// All company routes require authentication
+router.use(authenticate);
+
+/**
+ * Company management
+ */
+
+// Get all companies
+router.get('/', companyController.getAllCompanies);
+
+// Get company by ID
+router.get(
+  '/:companyId',
+  validateParams(z.object({ companyId: z.string().uuid() })),
+  companyController.getCompanyById
+);
+
+// Get company with relations (projects, todos, notes)
+router.get(
+  '/:companyId/details',
+  validateParams(z.object({ companyId: z.string().uuid() })),
+  companyController.getCompanyWithRelations
+);
+
+// Create new company
+router.post(
+  '/',
+  validateBody(createCompanySchema),
+  companyController.createCompany
+);
+
+// Update company
+router.patch(
+  '/:companyId',
+  validateParams(z.object({ companyId: z.string().uuid() })),
+  validateBody(updateCompanySchema),
+  companyController.updateCompany
+);
+
+// Delete company
+router.delete(
+  '/:companyId',
+  validateParams(z.object({ companyId: z.string().uuid() })),
+  companyController.deleteCompany
+);
+
+// Company Notes (nested resources)
+router.get(
+  '/:companyId/notes',
+  validateParams(z.object({ companyId: z.string().uuid() })),
+  companyController.getCompanyNotes
+);
+
+router.post(
+  '/:companyId/notes',
+  validateParams(z.object({ companyId: z.string().uuid() })),
+  validateBody(z.object({
+    content: z.string().min(1),
+    reminderAt: z.string().optional().or(z.literal('')),
+  })),
+  companyController.addCompanyNote
+);
+
+router.patch(
+  '/:companyId/notes/:noteId',
+  validateParams(z.object({
+    companyId: z.string().uuid(),
+    noteId: z.string().uuid()
+  })),
+  validateBody(z.object({
+    content: z.string().min(1).optional(),
+    reminderAt: z.string().optional().or(z.literal('').or(z.null())),
+  })),
+  companyController.updateCompanyNote
+);
+
+router.delete(
+  '/:companyId/notes/:noteId',
+  validateParams(z.object({
+    companyId: z.string().uuid(),
+    noteId: z.string().uuid()
+  })),
+  companyController.deleteCompanyNote
+);
+
+export default router;

src/routes/contact.routes.js

@@ -53,4 +53,38 @@ router.delete(
   contactController.removeContact
 );
 
+// Link company to contact
+router.post(
+  '/:contactId/link-company',
+  validateParams(z.object({ contactId: z.string().uuid() })),
+  validateBody(z.object({ companyId: z.string().uuid() })),
+  contactController.linkCompanyToContact
+);
+
+// Unlink company from contact
+router.post(
+  '/:contactId/unlink-company',
+  validateParams(z.object({ contactId: z.string().uuid() })),
+  contactController.unlinkCompanyFromContact
+);
+
+// Create company from contact
+router.post(
+  '/:contactId/create-company',
+  validateParams(z.object({ contactId: z.string().uuid() })),
+  validateBody(
+    z.object({
+      name: z.string().optional(),
+      email: z.string().email().optional(),
+      phone: z.string().optional(),
+      address: z.string().optional(),
+      city: z.string().optional(),
+      country: z.string().optional(),
+      website: z.string().url().optional(),
+      description: z.string().optional(),
+    })
+  ),
+  contactController.createCompanyFromContact
+);
+
 export default router;

src/routes/note.routes.js

@@ -0,0 +1,59 @@
+import express from 'express';
+import * as noteController from '../controllers/note.controller.js';
+import { authenticate } from '../middlewares/auth/authMiddleware.js';
+import { validateBody, validateParams } from '../middlewares/security/validateInput.js';
+import { createNoteSchema, updateNoteSchema } from '../validators/crm.validators.js';
+import { z } from 'zod';
+
+const router = express.Router();
+
+// All note routes require authentication
+router.use(authenticate);
+
+/**
+ * Note management
+ */
+
+// Get all notes
+router.get('/', noteController.getAllNotes);
+
+// Get my reminders (must be before /:noteId to avoid route conflict)
+router.get('/my-reminders', noteController.getMyReminders);
+
+// Get note by ID
+router.get(
+  '/:noteId',
+  validateParams(z.object({ noteId: z.string().uuid() })),
+  noteController.getNoteById
+);
+
+// Create new note
+router.post(
+  '/',
+  validateBody(createNoteSchema),
+  noteController.createNote
+);
+
+// Update note
+router.patch(
+  '/:noteId',
+  validateParams(z.object({ noteId: z.string().uuid() })),
+  validateBody(updateNoteSchema),
+  noteController.updateNote
+);
+
+// Delete note
+router.delete(
+  '/:noteId',
+  validateParams(z.object({ noteId: z.string().uuid() })),
+  noteController.deleteNote
+);
+
+// Mark reminder as sent
+router.post(
+  '/:noteId/mark-reminder-sent',
+  validateParams(z.object({ noteId: z.string().uuid() })),
+  noteController.markReminderSent
+);
+
+export default router;

src/routes/project.routes.js

@@ -0,0 +1,133 @@
+import express from 'express';
+import * as projectController from '../controllers/project.controller.js';
+import { authenticate } from '../middlewares/auth/authMiddleware.js';
+import { validateBody, validateParams } from '../middlewares/security/validateInput.js';
+import { createProjectSchema, updateProjectSchema } from '../validators/crm.validators.js';
+import { z } from 'zod';
+
+const router = express.Router();
+
+// All project routes require authentication
+router.use(authenticate);
+
+/**
+ * Project management
+ */
+
+// Get all projects
+router.get('/', projectController.getAllProjects);
+
+// Get project by ID
+router.get(
+  '/:projectId',
+  validateParams(z.object({ projectId: z.string().uuid() })),
+  projectController.getProjectById
+);
+
+// Get project with relations (company, todos, notes, timesheets)
+router.get(
+  '/:projectId/details',
+  validateParams(z.object({ projectId: z.string().uuid() })),
+  projectController.getProjectWithRelations
+);
+
+// Create new project
+router.post(
+  '/',
+  validateBody(createProjectSchema),
+  projectController.createProject
+);
+
+// Update project
+router.patch(
+  '/:projectId',
+  validateParams(z.object({ projectId: z.string().uuid() })),
+  validateBody(updateProjectSchema),
+  projectController.updateProject
+);
+
+// Delete project
+router.delete(
+  '/:projectId',
+  validateParams(z.object({ projectId: z.string().uuid() })),
+  projectController.deleteProject
+);
+
+// Project Notes (nested resources)
+router.get(
+  '/:projectId/notes',
+  validateParams(z.object({ projectId: z.string().uuid() })),
+  projectController.getProjectNotes
+);
+
+router.post(
+  '/:projectId/notes',
+  validateParams(z.object({ projectId: z.string().uuid() })),
+  validateBody(z.object({
+    content: z.string().min(1),
+    reminderAt: z.string().optional().or(z.literal('')),
+  })),
+  projectController.addProjectNote
+);
+
+router.patch(
+  '/:projectId/notes/:noteId',
+  validateParams(z.object({
+    projectId: z.string().uuid(),
+    noteId: z.string().uuid()
+  })),
+  validateBody(z.object({
+    content: z.string().min(1).optional(),
+    reminderAt: z.string().optional().or(z.literal('').or(z.null())),
+  })),
+  projectController.updateProjectNote
+);
+
+router.delete(
+  '/:projectId/notes/:noteId',
+  validateParams(z.object({
+    projectId: z.string().uuid(),
+    noteId: z.string().uuid()
+  })),
+  projectController.deleteProjectNote
+);
+
+// Project Users (team members)
+router.get(
+  '/:projectId/users',
+  validateParams(z.object({ projectId: z.string().uuid() })),
+  projectController.getProjectUsers
+);
+
+router.post(
+  '/:projectId/users',
+  validateParams(z.object({ projectId: z.string().uuid() })),
+  validateBody(z.object({
+    userId: z.string().uuid('Neplatný formát user ID'),
+    role: z.string().max(50).optional().or(z.literal('')),
+  })),
+  projectController.assignUserToProject
+);
+
+router.patch(
+  '/:projectId/users/:userId',
+  validateParams(z.object({
+    projectId: z.string().uuid(),
+    userId: z.string().uuid()
+  })),
+  validateBody(z.object({
+    role: z.string().max(50).optional().or(z.literal('').or(z.null())),
+  })),
+  projectController.updateUserRoleOnProject
+);
+
+router.delete(
+  '/:projectId/users/:userId',
+  validateParams(z.object({
+    projectId: z.string().uuid(),
+    userId: z.string().uuid()
+  })),
+  projectController.removeUserFromProject
+);
+
+export default router;

src/routes/todo.routes.js

@@ -0,0 +1,66 @@
+import express from 'express';
+import * as todoController from '../controllers/todo.controller.js';
+import { authenticate } from '../middlewares/auth/authMiddleware.js';
+import { validateBody, validateParams } from '../middlewares/security/validateInput.js';
+import { createTodoSchema, updateTodoSchema } from '../validators/crm.validators.js';
+import { z } from 'zod';
+
+const router = express.Router();
+
+// All todo routes require authentication
+router.use(authenticate);
+
+/**
+ * Todo management
+ */
+
+// Get all todos
+router.get('/', todoController.getAllTodos);
+
+// Get my todos (assigned to current user)
+router.get('/my', todoController.getMyTodos);
+
+// Get todo by ID
+router.get(
+  '/:todoId',
+  validateParams(z.object({ todoId: z.string().uuid() })),
+  todoController.getTodoById
+);
+
+// Get todo with relations (project, company, assigned user, notes)
+router.get(
+  '/:todoId/details',
+  validateParams(z.object({ todoId: z.string().uuid() })),
+  todoController.getTodoWithRelations
+);
+
+// Create new todo
+router.post(
+  '/',
+  validateBody(createTodoSchema),
+  todoController.createTodo
+);
+
+// Update todo
+router.patch(
+  '/:todoId',
+  validateParams(z.object({ todoId: z.string().uuid() })),
+  validateBody(updateTodoSchema),
+  todoController.updateTodo
+);
+
+// Delete todo
+router.delete(
+  '/:todoId',
+  validateParams(z.object({ todoId: z.string().uuid() })),
+  todoController.deleteTodo
+);
+
+// Toggle todo completion status
+router.patch(
+  '/:todoId/toggle',
+  validateParams(z.object({ todoId: z.string().uuid() })),
+  todoController.toggleTodo
+);
+
+export default router;

src/services/company.service.js

@@ -0,0 +1,163 @@
+import { db } from '../config/database.js';
+import { companies, projects, todos, notes } from '../db/schema.js';
+import { eq, desc, ilike, or, and } from 'drizzle-orm';
+import { NotFoundError, ConflictError } from '../utils/errors.js';
+
+/**
+ * Get all companies
+ * Optionally filter by search term
+ */
+export const getAllCompanies = async (searchTerm = null) => {
+  let query = db.select().from(companies);
+
+  if (searchTerm) {
+    query = query.where(
+      or(
+        ilike(companies.name, `%${searchTerm}%`),
+        ilike(companies.email, `%${searchTerm}%`),
+        ilike(companies.city, `%${searchTerm}%`)
+      )
+    );
+  }
+
+  const result = await query.orderBy(desc(companies.createdAt));
+  return result;
+};
+
+/**
+ * Get company by ID
+ */
+export const getCompanyById = async (companyId) => {
+  const [company] = await db
+    .select()
+    .from(companies)
+    .where(eq(companies.id, companyId))
+    .limit(1);
+
+  if (!company) {
+    throw new NotFoundError('Firma nenájdená');
+  }
+
+  return company;
+};
+
+/**
+ * Create new company
+ */
+export const createCompany = async (userId, data) => {
+  const { name, description, address, city, country, phone, email, website } = data;
+
+  // Check if company with same name already exists
+  const [existing] = await db
+    .select()
+    .from(companies)
+    .where(eq(companies.name, name))
+    .limit(1);
+
+  if (existing) {
+    throw new ConflictError('Firma s týmto názvom už existuje');
+  }
+
+  const [newCompany] = await db
+    .insert(companies)
+    .values({
+      name,
+      description: description || null,
+      address: address || null,
+      city: city || null,
+      country: country || null,
+      phone: phone || null,
+      email: email || null,
+      website: website || null,
+      createdBy: userId,
+    })
+    .returning();
+
+  return newCompany;
+};
+
+/**
+ * Update company
+ */
+export const updateCompany = async (companyId, data) => {
+  const company = await getCompanyById(companyId);
+
+  const { name, description, address, city, country, phone, email, website } = data;
+
+  // If name is being changed, check for duplicates
+  if (name && name !== company.name) {
+    const [existing] = await db
+      .select()
+      .from(companies)
+      .where(and(eq(companies.name, name), eq(companies.id, companyId)))
+      .limit(1);
+
+    if (existing && existing.id !== companyId) {
+      throw new ConflictError('Firma s týmto názvom už existuje');
+    }
+  }
+
+  const [updated] = await db
+    .update(companies)
+    .set({
+      name: name !== undefined ? name : company.name,
+      description: description !== undefined ? description : company.description,
+      address: address !== undefined ? address : company.address,
+      city: city !== undefined ? city : company.city,
+      country: country !== undefined ? country : company.country,
+      phone: phone !== undefined ? phone : company.phone,
+      email: email !== undefined ? email : company.email,
+      website: website !== undefined ? website : company.website,
+      updatedAt: new Date(),
+    })
+    .where(eq(companies.id, companyId))
+    .returning();
+
+  return updated;
+};
+
+/**
+ * Delete company
+ */
+export const deleteCompany = async (companyId) => {
+  await getCompanyById(companyId); // Check if exists
+
+  await db.delete(companies).where(eq(companies.id, companyId));
+
+  return { success: true, message: 'Firma bola odstránená' };
+};
+
+/**
+ * Get company with related data (projects, todos, notes)
+ */
+export const getCompanyWithRelations = async (companyId) => {
+  const company = await getCompanyById(companyId);
+
+  // Get related projects
+  const companyProjects = await db
+    .select()
+    .from(projects)
+    .where(eq(projects.companyId, companyId))
+    .orderBy(desc(projects.createdAt));
+
+  // Get related todos
+  const companyTodos = await db
+    .select()
+    .from(todos)
+    .where(eq(todos.companyId, companyId))
+    .orderBy(desc(todos.createdAt));
+
+  // Get related notes
+  const companyNotes = await db
+    .select()
+    .from(notes)
+    .where(eq(notes.companyId, companyId))
+    .orderBy(desc(notes.createdAt));
+
+  return {
+    ...company,
+    projects: companyProjects,
+    todos: companyTodos,
+    notes: companyNotes,
+  };
+};

src/services/contact.service.js

@@ -1,5 +1,5 @@
 import { db } from '../config/database.js';
-import { contacts, emails } from '../db/schema.js';
+import { contacts, emails, companies } from '../db/schema.js';
 import { eq, and, desc, or, ne } from 'drizzle-orm';
 import { NotFoundError, ConflictError } from '../utils/errors.js';
 import { syncEmailsFromSender } from './jmap.service.js';
@@ -156,3 +156,91 @@ export const updateContact = async (contactId, emailAccountId, { name, notes })
 
   return updated;
 };
+
+/**
+ * Link company to contact
+ */
+export const linkCompanyToContact = async (contactId, emailAccountId, companyId) => {
+  const contact = await getContactById(contactId, emailAccountId);
+
+  const [updated] = await db
+    .update(contacts)
+    .set({
+      companyId,
+      updatedAt: new Date(),
+    })
+    .where(eq(contacts.id, contactId))
+    .returning();
+
+  return updated;
+};
+
+/**
+ * Unlink company from contact
+ */
+export const unlinkCompanyFromContact = async (contactId, emailAccountId) => {
+  const contact = await getContactById(contactId, emailAccountId);
+
+  const [updated] = await db
+    .update(contacts)
+    .set({
+      companyId: null,
+      updatedAt: new Date(),
+    })
+    .where(eq(contacts.id, contactId))
+    .returning();
+
+  return updated;
+};
+
+/**
+ * Create company from contact
+ * Creates a new company using contact's information and links it
+ */
+export const createCompanyFromContact = async (contactId, emailAccountId, userId, companyData = {}) => {
+  const contact = await getContactById(contactId, emailAccountId);
+
+  // Check if company with same name already exists
+  if (companyData.name) {
+    const [existing] = await db
+      .select()
+      .from(companies)
+      .where(eq(companies.name, companyData.name))
+      .limit(1);
+
+    if (existing) {
+      throw new ConflictError('Firma s týmto názvom už existuje');
+    }
+  }
+
+  // Create company with contact's data as defaults
+  const [newCompany] = await db
+    .insert(companies)
+    .values({
+      name: companyData.name || contact.name || contact.email.split('@')[0],
+      email: companyData.email || contact.email,
+      phone: companyData.phone || null,
+      address: companyData.address || null,
+      city: companyData.city || null,
+      country: companyData.country || null,
+      website: companyData.website || null,
+      description: companyData.description || null,
+      createdBy: userId,
+    })
+    .returning();
+
+  // Link contact to newly created company
+  const [updatedContact] = await db
+    .update(contacts)
+    .set({
+      companyId: newCompany.id,
+      updatedAt: new Date(),
+    })
+    .where(eq(contacts.id, contactId))
+    .returning();
+
+  return {
+    company: newCompany,
+    contact: updatedContact,
+  };
+};

src/services/note.service.js

@@ -0,0 +1,349 @@
+import { db } from '../config/database.js';
+import { notes, companies, projects, todos, contacts } from '../db/schema.js';
+import { eq, desc, ilike, or, and, lte, isNull, not } from 'drizzle-orm';
+import { NotFoundError } from '../utils/errors.js';
+
+/**
+ * Map note fields for frontend compatibility
+ * reminderDate → reminderAt
+ */
+const mapNoteForFrontend = (note) => {
+  if (!note) return note;
+  const { reminderDate, ...rest } = note;
+  return {
+    ...rest,
+    reminderAt: reminderDate,
+  };
+};
+
+/**
+ * Get all notes
+ * Optionally filter by search, company, project, todo, or contact
+ */
+export const getAllNotes = async (filters = {}) => {
+  const { searchTerm, companyId, projectId, todoId, contactId } = filters;
+
+  let query = db.select().from(notes);
+
+  const conditions = [];
+
+  if (searchTerm) {
+    conditions.push(
+      or(
+        ilike(notes.title, `%${searchTerm}%`),
+        ilike(notes.content, `%${searchTerm}%`)
+      )
+    );
+  }
+
+  if (companyId) {
+    conditions.push(eq(notes.companyId, companyId));
+  }
+
+  if (projectId) {
+    conditions.push(eq(notes.projectId, projectId));
+  }
+
+  if (todoId) {
+    conditions.push(eq(notes.todoId, todoId));
+  }
+
+  if (contactId) {
+    conditions.push(eq(notes.contactId, contactId));
+  }
+
+  if (conditions.length > 0) {
+    query = query.where(and(...conditions));
+  }
+
+  const result = await query.orderBy(desc(notes.createdAt));
+  return result.map(mapNoteForFrontend);
+};
+
+/**
+ * Get note by ID
+ */
+export const getNoteById = async (noteId) => {
+  const [note] = await db
+    .select()
+    .from(notes)
+    .where(eq(notes.id, noteId))
+    .limit(1);
+
+  if (!note) {
+    throw new NotFoundError('Poznámka nenájdená');
+  }
+
+  return mapNoteForFrontend(note);
+};
+
+/**
+ * Create new note
+ */
+export const createNote = async (userId, data) => {
+  const { title, content, companyId, projectId, todoId, contactId, reminderDate } = data;
+
+  // Verify company exists if provided
+  if (companyId) {
+    const [company] = await db
+      .select()
+      .from(companies)
+      .where(eq(companies.id, companyId))
+      .limit(1);
+
+    if (!company) {
+      throw new NotFoundError('Firma nenájdená');
+    }
+  }
+
+  // Verify project exists if provided
+  if (projectId) {
+    const [project] = await db
+      .select()
+      .from(projects)
+      .where(eq(projects.id, projectId))
+      .limit(1);
+
+    if (!project) {
+      throw new NotFoundError('Projekt nenájdený');
+    }
+  }
+
+  // Verify todo exists if provided
+  if (todoId) {
+    const [todo] = await db
+      .select()
+      .from(todos)
+      .where(eq(todos.id, todoId))
+      .limit(1);
+
+    if (!todo) {
+      throw new NotFoundError('Todo nenájdené');
+    }
+  }
+
+  // Verify contact exists if provided
+  if (contactId) {
+    const [contact] = await db
+      .select()
+      .from(contacts)
+      .where(eq(contacts.id, contactId))
+      .limit(1);
+
+    if (!contact) {
+      throw new NotFoundError('Kontakt nenájdený');
+    }
+  }
+
+  const [newNote] = await db
+    .insert(notes)
+    .values({
+      title: title || null,
+      content,
+      companyId: companyId || null,
+      projectId: projectId || null,
+      todoId: todoId || null,
+      contactId: contactId || null,
+      reminderDate: reminderDate ? new Date(reminderDate) : null,
+      reminderSent: false,
+      createdBy: userId,
+    })
+    .returning();
+
+  return mapNoteForFrontend(newNote);
+};
+
+/**
+ * Update note
+ */
+export const updateNote = async (noteId, data) => {
+  const note = await getNoteById(noteId);
+
+  const { title, content, companyId, projectId, todoId, contactId, reminderDate } = data;
+
+  // Verify company exists if being changed
+  if (companyId !== undefined && companyId !== null && companyId !== note.companyId) {
+    const [company] = await db
+      .select()
+      .from(companies)
+      .where(eq(companies.id, companyId))
+      .limit(1);
+
+    if (!company) {
+      throw new NotFoundError('Firma nenájdená');
+    }
+  }
+
+  // Verify project exists if being changed
+  if (projectId !== undefined && projectId !== null && projectId !== note.projectId) {
+    const [project] = await db
+      .select()
+      .from(projects)
+      .where(eq(projects.id, projectId))
+      .limit(1);
+
+    if (!project) {
+      throw new NotFoundError('Projekt nenájdený');
+    }
+  }
+
+  // Verify todo exists if being changed
+  if (todoId !== undefined && todoId !== null && todoId !== note.todoId) {
+    const [todo] = await db
+      .select()
+      .from(todos)
+      .where(eq(todos.id, todoId))
+      .limit(1);
+
+    if (!todo) {
+      throw new NotFoundError('Todo nenájdené');
+    }
+  }
+
+  // Verify contact exists if being changed
+  if (contactId !== undefined && contactId !== null && contactId !== note.contactId) {
+    const [contact] = await db
+      .select()
+      .from(contacts)
+      .where(eq(contacts.id, contactId))
+      .limit(1);
+
+    if (!contact) {
+      throw new NotFoundError('Kontakt nenájdený');
+    }
+  }
+
+  const [updated] = await db
+    .update(notes)
+    .set({
+      title: title !== undefined ? title : note.title,
+      content: content !== undefined ? content : note.content,
+      companyId: companyId !== undefined ? companyId : note.companyId,
+      projectId: projectId !== undefined ? projectId : note.projectId,
+      todoId: todoId !== undefined ? todoId : note.todoId,
+      contactId: contactId !== undefined ? contactId : note.contactId,
+      reminderDate: reminderDate !== undefined ? (reminderDate ? new Date(reminderDate) : null) : note.reminderDate,
+      reminderSent: reminderDate !== undefined ? false : note.reminderSent, // Reset reminderSent if reminderDate changes
+      updatedAt: new Date(),
+    })
+    .where(eq(notes.id, noteId))
+    .returning();
+
+  return mapNoteForFrontend(updated);
+};
+
+/**
+ * Delete note
+ */
+export const deleteNote = async (noteId) => {
+  await getNoteById(noteId); // Check if exists
+
+  await db.delete(notes).where(eq(notes.id, noteId));
+
+  return { success: true, message: 'Poznámka bola odstránená' };
+};
+
+/**
+ * Get notes by company ID
+ */
+export const getNotesByCompanyId = async (companyId) => {
+  const result = await db
+    .select()
+    .from(notes)
+    .where(eq(notes.companyId, companyId))
+    .orderBy(desc(notes.createdAt));
+  return result.map(mapNoteForFrontend);
+};
+
+/**
+ * Get notes by project ID
+ */
+export const getNotesByProjectId = async (projectId) => {
+  const result = await db
+    .select()
+    .from(notes)
+    .where(eq(notes.projectId, projectId))
+    .orderBy(desc(notes.createdAt));
+  return result.map(mapNoteForFrontend);
+};
+
+/**
+ * Get notes by todo ID
+ */
+export const getNotesByTodoId = async (todoId) => {
+  const result = await db
+    .select()
+    .from(notes)
+    .where(eq(notes.todoId, todoId))
+    .orderBy(desc(notes.createdAt));
+  return result.map(mapNoteForFrontend);
+};
+
+/**
+ * Get notes by contact ID
+ */
+export const getNotesByContactId = async (contactId) => {
+  const result = await db
+    .select()
+    .from(notes)
+    .where(eq(notes.contactId, contactId))
+    .orderBy(desc(notes.createdAt));
+  return result.map(mapNoteForFrontend);
+};
+
+/**
+ * Get pending reminders (reminders that are due and not sent)
+ */
+export const getPendingReminders = async () => {
+  const now = new Date();
+
+  const result = await db
+    .select()
+    .from(notes)
+    .where(
+      and(
+        not(isNull(notes.reminderDate)),
+        lte(notes.reminderDate, now),
+        eq(notes.reminderSent, false)
+      )
+    )
+    .orderBy(notes.reminderDate);
+  return result.map(mapNoteForFrontend);
+};
+
+/**
+ * Mark reminder as sent
+ */
+export const markReminderAsSent = async (noteId) => {
+  const [updated] = await db
+    .update(notes)
+    .set({
+      reminderSent: true,
+      updatedAt: new Date(),
+    })
+    .where(eq(notes.id, noteId))
+    .returning();
+
+  return mapNoteForFrontend(updated);
+};
+
+/**
+ * Get upcoming reminders for a user (created by user, not sent yet)
+ */
+export const getUpcomingRemindersForUser = async (userId) => {
+  const now = new Date();
+
+  const result = await db
+    .select()
+    .from(notes)
+    .where(
+      and(
+        eq(notes.createdBy, userId),
+        not(isNull(notes.reminderDate)),
+        lte(notes.reminderDate, now),
+        eq(notes.reminderSent, false)
+      )
+    )
+    .orderBy(notes.reminderDate);
+  return result.map(mapNoteForFrontend);
+};

src/services/project.service.js

@@ -0,0 +1,379 @@
+import { db } from '../config/database.js';
+import { projects, todos, notes, timesheets, companies, projectUsers, users } from '../db/schema.js';
+import { eq, desc, ilike, or, and } from 'drizzle-orm';
+import { NotFoundError, ConflictError } from '../utils/errors.js';
+
+/**
+ * Get all projects
+ * Optionally filter by search term or company
+ */
+export const getAllProjects = async (searchTerm = null, companyId = null) => {
+  let query = db.select().from(projects);
+
+  const conditions = [];
+
+  if (searchTerm) {
+    conditions.push(
+      or(
+        ilike(projects.name, `%${searchTerm}%`),
+        ilike(projects.description, `%${searchTerm}%`)
+      )
+    );
+  }
+
+  if (companyId) {
+    conditions.push(eq(projects.companyId, companyId));
+  }
+
+  if (conditions.length > 0) {
+    query = query.where(and(...conditions));
+  }
+
+  const result = await query.orderBy(desc(projects.createdAt));
+  return result;
+};
+
+/**
+ * Get project by ID
+ */
+export const getProjectById = async (projectId) => {
+  const [project] = await db
+    .select()
+    .from(projects)
+    .where(eq(projects.id, projectId))
+    .limit(1);
+
+  if (!project) {
+    throw new NotFoundError('Projekt nenájdený');
+  }
+
+  return project;
+};
+
+/**
+ * Create new project
+ */
+export const createProject = async (userId, data) => {
+  const { name, description, companyId, status, startDate, endDate } = data;
+
+  // If companyId is provided, verify company exists
+  if (companyId) {
+    const [company] = await db
+      .select()
+      .from(companies)
+      .where(eq(companies.id, companyId))
+      .limit(1);
+
+    if (!company) {
+      throw new NotFoundError('Firma nenájdená');
+    }
+  }
+
+  const [newProject] = await db
+    .insert(projects)
+    .values({
+      name,
+      description: description || null,
+      companyId: companyId || null,
+      status: status || 'active',
+      startDate: startDate ? new Date(startDate) : null,
+      endDate: endDate ? new Date(endDate) : null,
+      createdBy: userId,
+    })
+    .returning();
+
+  return newProject;
+};
+
+/**
+ * Update project
+ */
+export const updateProject = async (projectId, data) => {
+  const project = await getProjectById(projectId);
+
+  const { name, description, companyId, status, startDate, endDate } = data;
+
+  // If companyId is being changed, verify new company exists
+  if (companyId !== undefined && companyId !== null && companyId !== project.companyId) {
+    const [company] = await db
+      .select()
+      .from(companies)
+      .where(eq(companies.id, companyId))
+      .limit(1);
+
+    if (!company) {
+      throw new NotFoundError('Firma nenájdená');
+    }
+  }
+
+  const [updated] = await db
+    .update(projects)
+    .set({
+      name: name !== undefined ? name : project.name,
+      description: description !== undefined ? description : project.description,
+      companyId: companyId !== undefined ? companyId : project.companyId,
+      status: status !== undefined ? status : project.status,
+      startDate: startDate !== undefined ? (startDate ? new Date(startDate) : null) : project.startDate,
+      endDate: endDate !== undefined ? (endDate ? new Date(endDate) : null) : project.endDate,
+      updatedAt: new Date(),
+    })
+    .where(eq(projects.id, projectId))
+    .returning();
+
+  return updated;
+};
+
+/**
+ * Delete project
+ */
+export const deleteProject = async (projectId) => {
+  await getProjectById(projectId); // Check if exists
+
+  await db.delete(projects).where(eq(projects.id, projectId));
+
+  return { success: true, message: 'Projekt bol odstránený' };
+};
+
+/**
+ * Get project with related data (todos, notes, timesheets)
+ */
+export const getProjectWithRelations = async (projectId) => {
+  const project = await getProjectById(projectId);
+
+  // Get company if exists
+  let company = null;
+  if (project.companyId) {
+    [company] = await db
+      .select()
+      .from(companies)
+      .where(eq(companies.id, project.companyId))
+      .limit(1);
+  }
+
+  // Get related todos
+  const projectTodos = await db
+    .select()
+    .from(todos)
+    .where(eq(todos.projectId, projectId))
+    .orderBy(desc(todos.createdAt));
+
+  // Get related notes
+  const projectNotes = await db
+    .select()
+    .from(notes)
+    .where(eq(notes.projectId, projectId))
+    .orderBy(desc(notes.createdAt));
+
+  // Get related timesheets
+  const projectTimesheets = await db
+    .select()
+    .from(timesheets)
+    .where(eq(timesheets.projectId, projectId))
+    .orderBy(desc(timesheets.uploadedAt));
+
+  // Get assigned users (team members)
+  const rawUsers = await db
+    .select()
+    .from(projectUsers)
+    .leftJoin(users, eq(projectUsers.userId, users.id))
+    .where(eq(projectUsers.projectId, projectId))
+    .orderBy(desc(projectUsers.addedAt));
+
+  const assignedUsers = rawUsers.map((row) => ({
+    id: row.project_users.id,
+    userId: row.project_users.userId,
+    role: row.project_users.role,
+    addedBy: row.project_users.addedBy,
+    addedAt: row.project_users.addedAt,
+    user: row.users ? {
+      id: row.users.id,
+      username: row.users.username,
+      email: row.users.email,
+      role: row.users.role,
+    } : null,
+  }));
+
+  return {
+    ...project,
+    company,
+    todos: projectTodos,
+    notes: projectNotes,
+    timesheets: projectTimesheets,
+    assignedUsers,
+  };
+};
+
+/**
+ * Get projects by company ID
+ */
+export const getProjectsByCompanyId = async (companyId) => {
+  return await db
+    .select()
+    .from(projects)
+    .where(eq(projects.companyId, companyId))
+    .orderBy(desc(projects.createdAt));
+};
+
+/**
+ * Get project users (team members)
+ */
+export const getProjectUsers = async (projectId) => {
+  await getProjectById(projectId); // Verify project exists
+
+  const rawResults = await db
+    .select()
+    .from(projectUsers)
+    .leftJoin(users, eq(projectUsers.userId, users.id))
+    .where(eq(projectUsers.projectId, projectId))
+    .orderBy(desc(projectUsers.addedAt));
+
+  const assignedUsers = rawResults.map((row) => ({
+    id: row.project_users.id,
+    userId: row.project_users.userId,
+    role: row.project_users.role,
+    addedBy: row.project_users.addedBy,
+    addedAt: row.project_users.addedAt,
+    user: row.users ? {
+      id: row.users.id,
+      username: row.users.username,
+      email: row.users.email,
+      role: row.users.role,
+    } : null,
+  }));
+
+  return assignedUsers;
+};
+
+/**
+ * Assign user to project
+ */
+export const assignUserToProject = async (projectId, userId, addedByUserId, role = null) => {
+  await getProjectById(projectId); // Verify project exists
+
+  // Verify user exists
+  const [user] = await db
+    .select()
+    .from(users)
+    .where(eq(users.id, userId))
+    .limit(1);
+
+  if (!user) {
+    throw new NotFoundError('Používateľ nenájdený');
+  }
+
+  // Check if user is already assigned
+  const [existing] = await db
+    .select()
+    .from(projectUsers)
+    .where(and(eq(projectUsers.projectId, projectId), eq(projectUsers.userId, userId)))
+    .limit(1);
+
+  if (existing) {
+    throw new ConflictError('Používateľ je už priradený k projektu');
+  }
+
+  // Assign user to project
+  const [assignment] = await db
+    .insert(projectUsers)
+    .values({
+      projectId,
+      userId,
+      role: role || null,
+      addedBy: addedByUserId,
+    })
+    .returning();
+
+  // Return with user details
+  const [row] = await db
+    .select()
+    .from(projectUsers)
+    .leftJoin(users, eq(projectUsers.userId, users.id))
+    .where(eq(projectUsers.id, assignment.id))
+    .limit(1);
+
+  return {
+    id: row.project_users.id,
+    userId: row.project_users.userId,
+    role: row.project_users.role,
+    addedBy: row.project_users.addedBy,
+    addedAt: row.project_users.addedAt,
+    user: row.users ? {
+      id: row.users.id,
+      username: row.users.username,
+      email: row.users.email,
+      role: row.users.role,
+    } : null,
+  };
+};
+
+/**
+ * Remove user from project
+ */
+export const removeUserFromProject = async (projectId, userId) => {
+  await getProjectById(projectId); // Verify project exists
+
+  // Check if user is assigned
+  const [existing] = await db
+    .select()
+    .from(projectUsers)
+    .where(and(eq(projectUsers.projectId, projectId), eq(projectUsers.userId, userId)))
+    .limit(1);
+
+  if (!existing) {
+    throw new NotFoundError('Používateľ nie je priradený k projektu');
+  }
+
+  // Remove assignment
+  await db
+    .delete(projectUsers)
+    .where(and(eq(projectUsers.projectId, projectId), eq(projectUsers.userId, userId)));
+
+  return { success: true, message: 'Používateľ bol odstránený z projektu' };
+};
+
+/**
+ * Update user role on project
+ */
+export const updateUserRoleOnProject = async (projectId, userId, role) => {
+  await getProjectById(projectId); // Verify project exists
+
+  // Check if user is assigned
+  const [existing] = await db
+    .select()
+    .from(projectUsers)
+    .where(and(eq(projectUsers.projectId, projectId), eq(projectUsers.userId, userId)))
+    .limit(1);
+
+  if (!existing) {
+    throw new NotFoundError('Používateľ nie je priradený k projektu');
+  }
+
+  // Update role
+  const [updated] = await db
+    .update(projectUsers)
+    .set({ role: role || null })
+    .where(and(eq(projectUsers.projectId, projectId), eq(projectUsers.userId, userId)))
+    .returning();
+
+  // Return with user details
+  const [row] = await db
+    .select()
+    .from(projectUsers)
+    .leftJoin(users, eq(projectUsers.userId, users.id))
+    .where(eq(projectUsers.id, updated.id))
+    .limit(1);
+
+  return {
+    id: row.project_users.id,
+    userId: row.project_users.userId,
+    role: row.project_users.role,
+    addedBy: row.project_users.addedBy,
+    addedAt: row.project_users.addedAt,
+    user: row.users ? {
+      id: row.users.id,
+      username: row.users.username,
+      email: row.users.email,
+      role: row.users.role,
+    } : null,
+  };
+};

src/services/todo.service.js

@@ -0,0 +1,304 @@
+import { db } from '../config/database.js';
+import { todos, notes, projects, companies, users } from '../db/schema.js';
+import { eq, desc, ilike, or, and } from 'drizzle-orm';
+import { NotFoundError } from '../utils/errors.js';
+
+/**
+ * Get all todos
+ * Optionally filter by search, project, company, assigned user, or status
+ */
+export const getAllTodos = async (filters = {}) => {
+  const { searchTerm, projectId, companyId, assignedTo, status } = filters;
+
+  let query = db.select().from(todos);
+
+  const conditions = [];
+
+  if (searchTerm) {
+    conditions.push(
+      or(
+        ilike(todos.title, `%${searchTerm}%`),
+        ilike(todos.description, `%${searchTerm}%`)
+      )
+    );
+  }
+
+  if (projectId) {
+    conditions.push(eq(todos.projectId, projectId));
+  }
+
+  if (companyId) {
+    conditions.push(eq(todos.companyId, companyId));
+  }
+
+  if (assignedTo) {
+    conditions.push(eq(todos.assignedTo, assignedTo));
+  }
+
+  if (status) {
+    conditions.push(eq(todos.status, status));
+  }
+
+  if (conditions.length > 0) {
+    query = query.where(and(...conditions));
+  }
+
+  const result = await query.orderBy(desc(todos.createdAt));
+  return result;
+};
+
+/**
+ * Get todo by ID
+ */
+export const getTodoById = async (todoId) => {
+  const [todo] = await db
+    .select()
+    .from(todos)
+    .where(eq(todos.id, todoId))
+    .limit(1);
+
+  if (!todo) {
+    throw new NotFoundError('Todo nenájdené');
+  }
+
+  return todo;
+};
+
+/**
+ * Create new todo
+ */
+export const createTodo = async (userId, data) => {
+  const { title, description, projectId, companyId, assignedTo, status, priority, dueDate } = data;
+
+  // Verify project exists if provided
+  if (projectId) {
+    const [project] = await db
+      .select()
+      .from(projects)
+      .where(eq(projects.id, projectId))
+      .limit(1);
+
+    if (!project) {
+      throw new NotFoundError('Projekt nenájdený');
+    }
+  }
+
+  // Verify company exists if provided
+  if (companyId) {
+    const [company] = await db
+      .select()
+      .from(companies)
+      .where(eq(companies.id, companyId))
+      .limit(1);
+
+    if (!company) {
+      throw new NotFoundError('Firma nenájdená');
+    }
+  }
+
+  // Verify assigned user exists if provided
+  if (assignedTo) {
+    const [user] = await db
+      .select()
+      .from(users)
+      .where(eq(users.id, assignedTo))
+      .limit(1);
+
+    if (!user) {
+      throw new NotFoundError('Používateľ nenájdený');
+    }
+  }
+
+  const [newTodo] = await db
+    .insert(todos)
+    .values({
+      title,
+      description: description || null,
+      projectId: projectId || null,
+      companyId: companyId || null,
+      assignedTo: assignedTo || null,
+      status: status || 'pending',
+      priority: priority || 'medium',
+      dueDate: dueDate ? new Date(dueDate) : null,
+      createdBy: userId,
+    })
+    .returning();
+
+  return newTodo;
+};
+
+/**
+ * Update todo
+ */
+export const updateTodo = async (todoId, data) => {
+  const todo = await getTodoById(todoId);
+
+  const { title, description, projectId, companyId, assignedTo, status, priority, dueDate } = data;
+
+  // Verify project exists if being changed
+  if (projectId !== undefined && projectId !== null && projectId !== todo.projectId) {
+    const [project] = await db
+      .select()
+      .from(projects)
+      .where(eq(projects.id, projectId))
+      .limit(1);
+
+    if (!project) {
+      throw new NotFoundError('Projekt nenájdený');
+    }
+  }
+
+  // Verify company exists if being changed
+  if (companyId !== undefined && companyId !== null && companyId !== todo.companyId) {
+    const [company] = await db
+      .select()
+      .from(companies)
+      .where(eq(companies.id, companyId))
+      .limit(1);
+
+    if (!company) {
+      throw new NotFoundError('Firma nenájdená');
+    }
+  }
+
+  // Verify assigned user exists if being changed
+  if (assignedTo !== undefined && assignedTo !== null && assignedTo !== todo.assignedTo) {
+    const [user] = await db
+      .select()
+      .from(users)
+      .where(eq(users.id, assignedTo))
+      .limit(1);
+
+    if (!user) {
+      throw new NotFoundError('Používateľ nenájdený');
+    }
+  }
+
+  // Set completedAt when status is changed to 'completed'
+  let completedAt = todo.completedAt;
+  if (status === 'completed' && todo.status !== 'completed') {
+    completedAt = new Date();
+  } else if (status && status !== 'completed') {
+    completedAt = null;
+  }
+
+  const [updated] = await db
+    .update(todos)
+    .set({
+      title: title !== undefined ? title : todo.title,
+      description: description !== undefined ? description : todo.description,
+      projectId: projectId !== undefined ? projectId : todo.projectId,
+      companyId: companyId !== undefined ? companyId : todo.companyId,
+      assignedTo: assignedTo !== undefined ? assignedTo : todo.assignedTo,
+      status: status !== undefined ? status : todo.status,
+      priority: priority !== undefined ? priority : todo.priority,
+      dueDate: dueDate !== undefined ? (dueDate ? new Date(dueDate) : null) : todo.dueDate,
+      completedAt,
+      updatedAt: new Date(),
+    })
+    .where(eq(todos.id, todoId))
+    .returning();
+
+  return updated;
+};
+
+/**
+ * Delete todo
+ */
+export const deleteTodo = async (todoId) => {
+  await getTodoById(todoId); // Check if exists
+
+  await db.delete(todos).where(eq(todos.id, todoId));
+
+  return { success: true, message: 'Todo bolo odstránené' };
+};
+
+/**
+ * Get todo with related data (notes, project, company, assigned user)
+ */
+export const getTodoWithRelations = async (todoId) => {
+  const todo = await getTodoById(todoId);
+
+  // Get project if exists
+  let project = null;
+  if (todo.projectId) {
+    [project] = await db
+      .select()
+      .from(projects)
+      .where(eq(projects.id, todo.projectId))
+      .limit(1);
+  }
+
+  // Get company if exists
+  let company = null;
+  if (todo.companyId) {
+    [company] = await db
+      .select()
+      .from(companies)
+      .where(eq(companies.id, todo.companyId))
+      .limit(1);
+  }
+
+  // Get assigned user if exists
+  let assignedUser = null;
+  if (todo.assignedTo) {
+    [assignedUser] = await db
+      .select({
+        id: users.id,
+        username: users.username,
+        firstName: users.firstName,
+        lastName: users.lastName,
+      })
+      .from(users)
+      .where(eq(users.id, todo.assignedTo))
+      .limit(1);
+  }
+
+  // Get related notes
+  const todoNotes = await db
+    .select()
+    .from(notes)
+    .where(eq(notes.todoId, todoId))
+    .orderBy(desc(notes.createdAt));
+
+  return {
+    ...todo,
+    project,
+    company,
+    assignedUser,
+    notes: todoNotes,
+  };
+};
+
+/**
+ * Get todos by project ID
+ */
+export const getTodosByProjectId = async (projectId) => {
+  return await db
+    .select()
+    .from(todos)
+    .where(eq(todos.projectId, projectId))
+    .orderBy(desc(todos.createdAt));
+};
+
+/**
+ * Get todos by company ID
+ */
+export const getTodosByCompanyId = async (companyId) => {
+  return await db
+    .select()
+    .from(todos)
+    .where(eq(todos.companyId, companyId))
+    .orderBy(desc(todos.createdAt));
+};
+
+/**
+ * Get todos assigned to a user
+ */
+export const getTodosByUserId = async (userId) => {
+  return await db
+    .select()
+    .from(todos)
+    .where(eq(todos.assignedTo, userId))
+    .orderBy(desc(todos.createdAt));
+};

src/validators/crm.validators.js

@@ -0,0 +1,107 @@
+import { z } from 'zod';
+
+// Company validators
+export const createCompanySchema = z.object({
+  name: z
+    .string({
+      required_error: 'Názov firmy je povinný',
+    })
+    .min(1, 'Názov firmy nemôže byť prázdny')
+    .max(255, 'Názov firmy môže mať maximálne 255 znakov'),
+  description: z.string().max(1000).optional(),
+  address: z.string().max(255).optional(),
+  city: z.string().max(100).optional(),
+  country: z.string().max(100).optional(),
+  phone: z.string().max(50).optional(),
+  email: z.string().email('Neplatný formát emailu').max(255).optional().or(z.literal('')),
+  website: z.string().url('Neplatný formát URL').max(255).optional().or(z.literal('')),
+});
+
+export const updateCompanySchema = z.object({
+  name: z.string().min(1).max(255).optional(),
+  description: z.string().max(1000).optional(),
+  address: z.string().max(255).optional(),
+  city: z.string().max(100).optional(),
+  country: z.string().max(100).optional(),
+  phone: z.string().max(50).optional(),
+  email: z.string().email('Neplatný formát emailu').max(255).optional().or(z.literal('')),
+  website: z.string().url('Neplatný formát URL').max(255).optional().or(z.literal('')),
+});
+
+// Project validators
+export const createProjectSchema = z.object({
+  name: z
+    .string({
+      required_error: 'Názov projektu je povinný',
+    })
+    .min(1, 'Názov projektu nemôže byť prázdny')
+    .max(255, 'Názov projektu môže mať maximálne 255 znakov'),
+  description: z.string().max(1000).optional(),
+  companyId: z.string().uuid('Neplatný formát company ID').optional().or(z.literal('')),
+  status: z.enum(['active', 'completed', 'on_hold', 'cancelled']).optional(),
+  startDate: z.string().optional().or(z.literal('')),
+  endDate: z.string().optional().or(z.literal('')),
+});
+
+export const updateProjectSchema = z.object({
+  name: z.string().min(1).max(255).optional(),
+  description: z.string().max(1000).optional(),
+  companyId: z.string().uuid('Neplatný formát company ID').optional().or(z.literal('').or(z.null())),
+  status: z.enum(['active', 'completed', 'on_hold', 'cancelled']).optional(),
+  startDate: z.string().optional().or(z.literal('').or(z.null())),
+  endDate: z.string().optional().or(z.literal('').or(z.null())),
+});
+
+// Todo validators
+export const createTodoSchema = z.object({
+  title: z
+    .string({
+      required_error: 'Názov todo je povinný',
+    })
+    .min(1, 'Názov todo nemôže byť prázdny')
+    .max(255, 'Názov todo môže mať maximálne 255 znakov'),
+  description: z.string().max(1000).optional(),
+  projectId: z.string().uuid('Neplatný formát project ID').optional().or(z.literal('')),
+  companyId: z.string().uuid('Neplatný formát company ID').optional().or(z.literal('')),
+  assignedTo: z.string().uuid('Neplatný formát user ID').optional().or(z.literal('')),
+  status: z.enum(['pending', 'in_progress', 'completed', 'cancelled']).optional(),
+  priority: z.enum(['low', 'medium', 'high', 'urgent']).optional(),
+  dueDate: z.string().optional().or(z.literal('')),
+});
+
+export const updateTodoSchema = z.object({
+  title: z.string().min(1).max(255).optional(),
+  description: z.string().max(1000).optional(),
+  projectId: z.string().uuid('Neplatný formát project ID').optional().or(z.literal('').or(z.null())),
+  companyId: z.string().uuid('Neplatný formát company ID').optional().or(z.literal('').or(z.null())),
+  assignedTo: z.string().uuid('Neplatný formát user ID').optional().or(z.literal('').or(z.null())),
+  status: z.enum(['pending', 'in_progress', 'completed', 'cancelled']).optional(),
+  priority: z.enum(['low', 'medium', 'high', 'urgent']).optional(),
+  dueDate: z.string().optional().or(z.literal('').or(z.null())),
+});
+
+// Note validators
+export const createNoteSchema = z.object({
+  title: z.string().max(255).optional(),
+  content: z
+    .string({
+      required_error: 'Obsah poznámky je povinný',
+    })
+    .min(1, 'Obsah poznámky nemôže byť prázdny')
+    .max(5000, 'Obsah poznámky môže mať maximálne 5000 znakov'),
+  companyId: z.string().uuid('Neplatný formát company ID').optional().or(z.literal('')),
+  projectId: z.string().uuid('Neplatný formát project ID').optional().or(z.literal('')),
+  todoId: z.string().uuid('Neplatný formát todo ID').optional().or(z.literal('')),
+  contactId: z.string().uuid('Neplatný formát contact ID').optional().or(z.literal('')),
+  reminderDate: z.string().optional().or(z.literal('')),
+});
+
+export const updateNoteSchema = z.object({
+  title: z.string().max(255).optional().or(z.literal('').or(z.null())),
+  content: z.string().min(1).max(5000).optional(),
+  companyId: z.string().uuid('Neplatný formát company ID').optional().or(z.literal('').or(z.null())),
+  projectId: z.string().uuid('Neplatný formát project ID').optional().or(z.literal('').or(z.null())),
+  todoId: z.string().uuid('Neplatný formát todo ID').optional().or(z.literal('').or(z.null())),
+  contactId: z.string().uuid('Neplatný formát contact ID').optional().or(z.literal('').or(z.null())),
+  reminderDate: z.string().optional().or(z.literal('').or(z.null())),
+});