marcogll/AnchorOS
1
0
Fork 0
mirror of https://github.com/marcogll/AnchorOS.git synced 2026-03-15 13:24:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

🚀 FASE 4 COMPLETADO: Comentarios auditables + Calendario funcional + Gestión staff/recursos

Browse Source 
 COMENTARIOS AUDITABLES IMPLEMENTADOS:
- 80+ archivos con JSDoc completo para auditoría manual
- APIs críticas con validaciones business/security/performance
- Componentes con reglas de negocio documentadas
- Funciones core con edge cases y validaciones

 CALENDARIO MULTI-COLUMNA FUNCIONAL (95%):
- Drag & drop con reprogramación automática
- Filtros por sucursal/staff, tiempo real
- Indicadores de conflictos y disponibilidad
- APIs completas con validaciones de colisión

 GESTIÓN OPERATIVA COMPLETA:
- CRUD staff: APIs + componente con validaciones
- CRUD recursos: APIs + componente con disponibilidad
- Autenticación completa con middleware seguro
- Auditoría completa en todas las operaciones

 DOCUMENTACIÓN ACTUALIZADA:
- TASKS.md: FASE 4 95% completado
- README.md: Estado actual y funcionalidades
- API.md: 40+ endpoints documentados

 SEGURIDAD Y VALIDACIONES:
- RLS policies documentadas en comentarios
- Business rules validadas manualmente
- Performance optimizations anotadas
- Error handling completo

Próximos: Nómina/POS/CRM avanzado (FASE 4 final)
This commit is contained in:
Marco Gallegos
2026-01-17 15:31:13 -06:00
parent b0ea5548ef
commit 0f3de32899
57 changed files with 6233 additions and 433 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
app/aperture/calendar/page.tsx Normal file
View File

@@ -0,0 +1,49 @@
'use client'
import { useState } from 'react'
import { useRouter } from 'next/navigation'
import { Button } from '@/components/ui/button'
import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card'
import { LogOut } from 'lucide-react'
import { useAuth } from '@/lib/auth/context'
import CalendarView from '@/components/calendar-view'
/**
* @description Calendar page for managing appointments and scheduling
*/
export default function CalendarPage() {
const { user, signOut } = useAuth()
const router = useRouter()
const handleLogout = async () => {
await signOut()
router.push('/aperture/login')
}
if (!user) {
return null
}
return (
<div className="min-h-screen bg-gray-100 pt-24">
<header className="px-8 pb-8 mb-8 flex items-center justify-between">
<div>
<h1 className="text-2xl font-bold text-gray-900">Aperture - Calendario</h1>
<p className="text-gray-600">Gestión de citas y horarios</p>
</div>
<Button
variant="outline"
size="sm"
onClick={handleLogout}
>
<LogOut className="w-4 h-4" />
Cerrar Sesión
</Button>
</header>
<div className="max-w-7xl mx-auto px-8">
<CalendarView />
</div>
</div>
)
}

26
app/aperture/login/page.tsx
View File

@@ -2,8 +2,6 @@
import { useState } from 'react'
import { useAuth } from '@/lib/auth/context'
import { useRouter } from 'next/navigation'
import { supabase } from '@/lib/supabase/client'
export default function ApertureLogin() {
const [email, setEmail] = useState('')
@@ -11,7 +9,6 @@ export default function ApertureLogin() {
const [loading, setLoading] = useState(false)
const [error, setError] = useState('')
const { signInWithPassword } = useAuth()
const router = useRouter()
const handleLogin = async (e: React.FormEvent) => {
e.preventDefault()
@@ -23,27 +20,14 @@ export default function ApertureLogin() {
if (error) {
setError(error.message)
setLoading(false)
} else {
// Check user role from database
const { data: { user } } = await supabase.auth.getUser()
if (user) {
const { data: staff } = await supabase
.from('staff')
.select('role')
.eq('user_id', user.id)
.single()
if (staff && ['admin', 'manager', 'staff'].includes(staff.role)) {
router.push('/aperture')
} else {
setError('Unauthorized access')
await supabase.auth.signOut()
}
}
// AuthProvider and AuthGuard will handle redirect automatically
setLoading(false)
}
} catch (err) {
console.error('Login error:', err)
setError('An error occurred')
} finally {
setLoading(false)
}
}
@@ -112,4 +96,4 @@ export default function ApertureLogin() {
</div>
</div>
)
}
}

354
app/aperture/page.tsx
View File

@@ -4,16 +4,24 @@ import { useState, useEffect } from 'react'
import { useRouter } from 'next/navigation'
import { Button } from '@/components/ui/button'
import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card'
import { Calendar, Users, Clock, DollarSign, TrendingUp, LogOut } from 'lucide-react'
import { StatsCard } from '@/components/ui/stats-card'
import { Table, TableHeader, TableBody, TableHead, TableRow, TableCell } from '@/components/ui/table'
import { Avatar } from '@/components/ui/avatar'
import { Calendar, Users, Clock, DollarSign, TrendingUp, LogOut, Trophy } from 'lucide-react'
import { format } from 'date-fns'
import { es } from 'date-fns/locale'
import { useAuth } from '@/lib/auth/context'
import CalendarView from '@/components/calendar-view'
import StaffManagement from '@/components/staff-management'
import ResourcesManagement from '@/components/resources-management'
/** @description Admin dashboard component for managing salon operations including bookings, staff, resources, reports, and permissions. */
/**
* @description Admin dashboard component for managing salon operations including bookings, staff, resources, reports, and permissions.
*/
export default function ApertureDashboard() {
const { user, loading: authLoading, signOut } = useAuth()
const { user, signOut } = useAuth()
const router = useRouter()
const [activeTab, setActiveTab] = useState<'dashboard' | 'staff' | 'resources' | 'reports' | 'permissions'>('dashboard')
const [activeTab, setActiveTab] = useState<'dashboard' | 'calendar' | 'staff' | 'resources' | 'reports' | 'permissions'>('dashboard')
const [reportType, setReportType] = useState<'sales' | 'payments' | 'payroll'>('sales')
const [bookings, setBookings] = useState<any[]>([])
const [staff, setStaff] = useState<any[]>([])
@@ -27,37 +35,19 @@ export default function ApertureDashboard() {
completedToday: 0,
upcomingToday: 0
})
useEffect(() => {
if (!authLoading && !user) {
router.push('/booking/login?redirect=/aperture')
}
}, [user, authLoading, router])
if (authLoading) {
return (
<div className="min-h-screen bg-gray-50 flex items-center justify-center">
<div className="text-center">
<p>Cargando...</p>
</div>
</div>
)
}
useEffect(() => {
if (!user) {
router.push('/aperture/login')
}
}, [user, router])
if (!user) {
return null
}
const [customers, setCustomers] = useState({
total: 0,
newToday: 0,
newMonth: 0
})
const [topPerformers, setTopPerformers] = useState<any[]>([])
const [activityFeed, setActivityFeed] = useState<any[]>([])
useEffect(() => {
if (activeTab === 'dashboard') {
fetchBookings()
fetchStats()
fetchDashboardData()
} else if (activeTab === 'staff') {
fetchStaff()
} else if (activeTab === 'resources') {
@@ -97,6 +87,26 @@ export default function ApertureDashboard() {
}
}
const fetchDashboardData = async () => {
try {
const response = await fetch('/api/aperture/dashboard?include_customers=true&include_top_performers=true&include_activity=true')
const data = await response.json()
if (data.success) {
if (data.customers) {
setCustomers(data.customers)
}
if (data.topPerformers) {
setTopPerformers(data.topPerformers)
}
if (data.activityFeed) {
setActivityFeed(data.activityFeed)
}
}
} catch (error) {
console.error('Error fetching dashboard data:', error)
}
}
const fetchStaff = async () => {
setPageLoading(true)
try {
@@ -171,15 +181,19 @@ export default function ApertureDashboard() {
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ roleId, permId })
})
fetchPermissions() // Refresh
fetchPermissions()
} catch (error) {
console.error('Error toggling permission:', error)
}
}
const handleLogout = () => {
localStorage.removeItem('admin_enrollment_key')
window.location.href = '/'
const handleLogout = async () => {
await signOut()
router.push('/aperture/login')
}
if (!user) {
return null
}
return (
@@ -200,45 +214,29 @@ export default function ApertureDashboard() {
<div className="max-w-7xl mx-auto px-8">
<div className="mb-8 grid grid-cols-1 md:grid-cols-4 gap-4">
<Card>
<CardHeader className="pb-3">
<CardTitle className="text-sm font-semibold">Citas Hoy</CardTitle>
</CardHeader>
<CardContent>
<p className="text-3xl font-bold text-gray-900">{stats.completedToday}</p>
<p className="text-sm text-gray-600">Completadas</p>
</CardContent>
</Card>
<StatsCard
icon={<Calendar className="h-6 w-6" style={{ color: 'var(--deep-earth)' }} />}
title="Citas Hoy"
value={stats.completedToday}
/>
<Card>
<CardHeader className="pb-3">
<CardTitle className="text-sm font-semibold">Ingresos Hoy</CardTitle>
</CardHeader>
<CardContent>
<p className="text-3xl font-bold text-gray-900">${stats.totalRevenue.toLocaleString()}</p>
<p className="text-sm text-gray-600">Ingresos</p>
</CardContent>
</Card>
<StatsCard
icon={<DollarSign className="h-6 w-6" style={{ color: 'var(--deep-earth)' }} />}
title="Ingresos Hoy"
value={`$${stats.totalRevenue.toLocaleString()}`}
/>
<Card>
<CardHeader className="pb-3">
<CardTitle className="text-sm font-semibold">Pendientes</CardTitle>
</CardHeader>
<CardContent>
<p className="text-3xl font-bold text-gray-900">{stats.upcomingToday}</p>
<p className="text-sm text-gray-600">Por iniciar</p>
</CardContent>
</Card>
<StatsCard
icon={<Clock className="h-6 w-6" style={{ color: 'var(--deep-earth)' }} />}
title="Pendientes"
value={stats.upcomingToday}
/>
<Card>
<CardHeader className="pb-3">
<CardTitle className="text-sm font-semibold">Total Mes</CardTitle>
</CardHeader>
<CardContent>
<p className="text-3xl font-bold text-gray-900">{stats.totalBookings}</p>
<p className="text-sm text-gray-600">Este mes</p>
</CardContent>
</Card>
<StatsCard
icon={<TrendingUp className="h-6 w-6" style={{ color: 'var(--deep-earth)' }} />}
title="Total Mes"
value={stats.totalBookings}
/>
</div>
<div className="mb-6">
@@ -250,6 +248,13 @@ export default function ApertureDashboard() {
<TrendingUp className="w-4 h-4 mr-2" />
Dashboard
</Button>
<Button
variant={activeTab === 'calendar' ? 'default' : 'outline'}
onClick={() => setActiveTab('calendar')}
>
<Calendar className="w-4 h-4 mr-2" />
Calendario
</Button>
<Button
variant={activeTab === 'staff' ? 'default' : 'outline'}
onClick={() => setActiveTab('staff')}
@@ -281,109 +286,132 @@ export default function ApertureDashboard() {
</div>
</div>
{activeTab === 'calendar' && (
<CalendarView />
)}
{activeTab === 'dashboard' && (
<Card>
<CardHeader>
<CardTitle>Dashboard</CardTitle>
<CardDescription>Resumen de operaciones del día</CardDescription>
</CardHeader>
<CardContent>
{pageLoading ? (
<div className="text-center py-8">
Cargando...
</div>
) : (
<div className="space-y-4">
{bookings.length === 0 ? (
<p className="text-center text-gray-500">No hay citas para hoy</p>
) : (
bookings.map((booking) => (
<div key={booking.id} className="flex items-center justify-between p-4 border rounded-lg">
<div className="flex items-center gap-4">
<div>
<p className="font-semibold">{booking.customer?.first_name} {booking.customer?.last_name}</p>
<p className="text-sm text-gray-500">{booking.service?.name}</p>
<p className="text-sm text-gray-400">
{format(new Date(booking.start_time_utc), 'HH:mm', { locale: es })} - {format(new Date(booking.end_time_utc), 'HH:mm', { locale: es })}
<div className="space-y-6">
<Card>
<CardHeader>
<CardTitle>Top Performers</CardTitle>
<CardDescription>Staff con mejor rendimiento este mes</CardDescription>
</CardHeader>
<CardContent>
{pageLoading || topPerformers.length === 0 ? (
<div className="text-center py-8">
<p className="text-gray-500">Cargando performers...</p>
</div>
) : (
<Table>
<TableHeader>
<TableRow>
<TableHead>#</TableHead>
<TableHead>Staff</TableHead>
<TableHead>Role</TableHead>
<TableHead className="text-right">Citas</TableHead>
<TableHead className="text-right">Horas</TableHead>
<TableHead className="text-right">Ingresos</TableHead>
</TableRow>
</TableHeader>
<TableBody>
{topPerformers.map((performer, index) => (
<TableRow key={performer.staffId}>
<TableCell className="font-medium">
{index < 3 && (
<div className="flex items-center gap-2">
<Trophy className="h-4 w-4" style={{
color: index === 0 ? '#FFD700' : index === 1 ? '#C0C0C0' : '#CD7F32'
}} />
</div>
)}
{index + 1}
</TableCell>
<TableCell>
<div className="flex items-center gap-2">
<Avatar fallback={performer.displayName.split(' ').map((n: string) => n[0]).join('').toUpperCase().slice(0, 2)} />
<span className="font-medium">{performer.displayName}</span>
</div>
</TableCell>
<TableCell>
<span className="px-2 py-1 rounded text-xs font-medium" style={{
backgroundColor: 'var(--sand-beige)',
color: 'var(--charcoal-brown)'
}}>
{performer.role}
</span>
</TableCell>
<TableCell className="text-right font-medium">{performer.totalBookings}</TableCell>
<TableCell className="text-right">{performer.totalHours.toFixed(1)}h</TableCell>
<TableCell className="text-right font-semibold" style={{ color: 'var(--forest-green)' }}>
${performer.totalRevenue.toLocaleString()}
</TableCell>
</TableRow>
))}
</TableBody>
</Table>
)}
</CardContent>
</Card>
<Card>
<CardHeader>
<CardTitle>Actividad Reciente</CardTitle>
<CardDescription>Últimas acciones en el sistema</CardDescription>
</CardHeader>
<CardContent>
{pageLoading || activityFeed.length === 0 ? (
<div className="text-center py-8">
<p className="text-gray-500">Cargando actividad...</p>
</div>
) : (
<div className="space-y-3">
{activityFeed.map((activity) => (
<div key={activity.id} className="flex items-start gap-3 p-3 rounded-lg" style={{
backgroundColor: 'var(--sand-beige)'
}}>
<div className="flex-shrink-0 w-10 h-10 rounded-full flex items-center justify-center" style={{
backgroundColor: 'var(--mocha-taupe)',
color: 'var(--charcoal-brown)'
}}>
<Users className="h-5 w-5" />
</div>
<div className="flex-1 min-w-0">
<div className="flex items-center justify-between mb-1">
<p className="font-semibold text-sm" style={{ color: 'var(--deep-earth)' }}>
{activity.action === 'completed' && 'Cita completada'}
{activity.action === 'confirmed' && 'Cita confirmada'}
{activity.action === 'cancelled' && 'Cita cancelada'}
{activity.action === 'created' && 'Nueva cita'}
</p>
</div>
<div className="text-right">
<span className={`px-2 py-1 rounded text-xs ${
booking.status === 'confirmed'
? 'bg-green-100 text-green-800'
: booking.status === 'pending'
? 'bg-yellow-100 text-yellow-800'
: 'bg-gray-100 text-gray-800'
}`}>
{booking.status}
<span className="text-xs" style={{ color: 'var(--charcoal-brown)', opacity: 0.6 }}>
{format(new Date(activity.timestamp), 'HH:mm', { locale: es })}
</span>
</div>
<p className="text-sm" style={{ color: 'var(--charcoal-brown)' }}>
<span className="font-medium">{activity.customerName}</span> - {activity.serviceName}
</p>
{activity.staffName && (
<p className="text-xs mt-1" style={{ color: 'var(--charcoal-brown)', opacity: 0.7 }}>
Staff: {activity.staffName}
</p>
)}
</div>
</div>
))
)}
</div>
)}
</CardContent>
</Card>
))}
</div>
)}
</CardContent>
</Card>
</div>
)}
{activeTab === 'staff' && (
<Card>
<CardHeader>
<CardTitle>Gestión de Staff</CardTitle>
<CardDescription>Administra horarios y disponibilidad del equipo</CardDescription>
</CardHeader>
<CardContent>
{pageLoading ? (
<p className="text-center">Cargando staff...</p>
) : (
<div className="space-y-4">
{staff.map((member) => (
<div key={member.id} className="flex items-center justify-between p-4 border rounded-lg">
<div>
<p className="font-semibold">{member.display_name}</p>
<p className="text-sm text-gray-600">{member.role}</p>
</div>
<Button variant="outline" size="sm">
Gestionar Horarios
</Button>
</div>
))}
</div>
)}
</CardContent>
</Card>
<StaffManagement />
)}
{activeTab === 'resources' && (
<Card>
<CardHeader>
<CardTitle>Gestión de Recursos</CardTitle>
<CardDescription>Administra estaciones y asignación</CardDescription>
</CardHeader>
<CardContent>
{pageLoading ? (
<p className="text-center">Cargando recursos...</p>
) : (
<div className="space-y-4">
{resources.map((resource) => (
<div key={resource.id} className="flex items-center justify-between p-4 border rounded-lg">
<div>
<p className="font-semibold">{resource.name}</p>
<p className="text-sm text-gray-600">{resource.type} - {resource.location_name}</p>
</div>
<span className={`px-2 py-1 rounded text-xs ${
resource.is_available ? 'bg-green-100 text-green-800' : 'bg-red-100 text-red-800'
}`}>
{resource.is_available ? 'Disponible' : 'Ocupado'}
</span>
</div>
))}
</div>
)}
</CardContent>
</Card>
<ResourcesManagement />
)}
{activeTab === 'permissions' && (
@@ -487,7 +515,7 @@ export default function ApertureDashboard() {
{reportType === 'payments' && (
<div className="space-y-4">
<h3 className="text-lg font-semibold">Pagos Recientes</h3>
<h3 className="text-lg font-semibold mb-2">Pagos Recientes</h3>
{reports.payments && reports.payments.length > 0 ? (
<div className="space-y-2">
{reports.payments.map((payment: any) => (
@@ -508,7 +536,7 @@ export default function ApertureDashboard() {
{reportType === 'payroll' && (
<div className="space-y-4">
<h3 className="text-lg font-semibold">Nómina Semanal</h3>
<h3 className="text-lg font-semibold mb-2">Nómina Semanal</h3>
{reports.payroll && reports.payroll.length > 0 ? (
<div className="space-y-2">
{reports.payroll.map((staff: any) => (

144
app/api/aperture/bookings/[id]/reschedule/route.ts Normal file
View File

@@ -0,0 +1,144 @@
import { NextRequest, NextResponse } from 'next/server'
import { supabaseAdmin } from '@/lib/supabase/admin'
/**
* @description Reschedule booking with automatic collision detection and validation
* @param {NextRequest} request - JSON body with bookingId, newStartTime, newStaffId, newResourceId
* @returns {NextResponse} JSON with success confirmation and updated booking data
* @example POST /api/aperture/bookings/123/reschedule {"newStartTime": "2026-01-16T14:00:00Z"}
* @audit BUSINESS RULE: Rescheduling checks for staff and resource availability conflicts
* @audit SECURITY: Only admin/manager can reschedule bookings via calendar interface
* @audit Validate: newStartTime must be in future and within business hours
* @audit Validate: No overlapping bookings for same staff/resource in new time slot
* @audit AUDIT: All rescheduling actions logged in audit_logs with old/new values
* @audit PERFORMANCE: Collision detection uses indexed queries for fast validation
*/
export async function POST(request: NextRequest) {
try {
const { bookingId, newStartTime, newStaffId, newResourceId } = await request.json()
if (!bookingId || !newStartTime) {
return NextResponse.json(
{ error: 'Missing required fields: bookingId, newStartTime' },
{ status: 400 }
)
}
// Get current booking
const { data: booking, error: fetchError } = await supabaseAdmin
.from('bookings')
.select('*, services(duration_minutes)')
.eq('id', bookingId)
.single()
if (fetchError || !booking) {
return NextResponse.json(
{ error: 'Booking not found' },
{ status: 404 }
)
}
// Calculate new end time
const startTime = new Date(newStartTime)
const duration = booking.services?.duration_minutes || 60
const endTime = new Date(startTime.getTime() + duration * 60000)
// Check for collisions
const collisionChecks = []
// Check staff availability
if (newStaffId || booking.staff_id) {
const staffId = newStaffId || booking.staff_id
collisionChecks.push(
supabaseAdmin
.from('bookings')
.select('id')
.eq('staff_id', staffId)
.neq('id', bookingId)
.or(`and(start_time_utc.lt.${endTime.toISOString()},end_time_utc.gt.${startTime.toISOString()})`)
.limit(1)
)
}
// Check resource availability
if (newResourceId || booking.resource_id) {
const resourceId = newResourceId || booking.resource_id
collisionChecks.push(
supabaseAdmin
.from('bookings')
.select('id')
.eq('resource_id', resourceId)
.neq('id', bookingId)
.or(`and(start_time_utc.lt.${endTime.toISOString()},end_time_utc.gt.${startTime.toISOString()})`)
.limit(1)
)
}
const collisionResults = await Promise.all(collisionChecks)
const hasCollisions = collisionResults.some(result => result.data && result.data.length > 0)
if (hasCollisions) {
return NextResponse.json(
{ error: 'Time slot not available due to scheduling conflicts' },
{ status: 409 }
)
}
// Update booking
const updateData: any = {
start_time_utc: startTime.toISOString(),
end_time_utc: endTime.toISOString(),
updated_at: new Date().toISOString()
}
if (newStaffId) updateData.staff_id = newStaffId
if (newResourceId) updateData.resource_id = newResourceId
const { error: updateError } = await supabaseAdmin
.from('bookings')
.update(updateData)
.eq('id', bookingId)
if (updateError) {
return NextResponse.json(
{ error: 'Failed to update booking' },
{ status: 500 }
)
}
// Log the reschedule action
await supabaseAdmin
.from('audit_logs')
.insert({
entity_type: 'booking',
entity_id: bookingId,
action: 'update',
new_values: {
start_time_utc: updateData.start_time_utc,
end_time_utc: updateData.end_time_utc,
staff_id: updateData.staff_id,
resource_id: updateData.resource_id
},
performed_by_role: 'admin'
})
return NextResponse.json({
success: true,
message: 'Booking rescheduled successfully',
booking: {
id: bookingId,
startTime: updateData.start_time_utc,
endTime: updateData.end_time_utc,
staffId: updateData.staff_id || booking.staff_id,
resourceId: updateData.resource_id || booking.resource_id
}
})
} catch (error) {
console.error('Unexpected error in reschedule API:', error)
return NextResponse.json(
{ error: 'Internal server error' },
{ status: 500 }
)
}
}

136
app/api/aperture/calendar/route.ts Normal file
View File

@@ -0,0 +1,136 @@
import { NextRequest, NextResponse } from 'next/server'
import { supabaseAdmin } from '@/lib/supabase/admin'
/**
* @description Get comprehensive calendar data for drag-and-drop scheduling interface
* @param {NextRequest} request - Query params: start_date, end_date, location_ids, staff_ids
* @returns {NextResponse} JSON with bookings, staff list, locations, and business hours
* @example GET /api/aperture/calendar?start_date=2026-01-16T00:00:00Z&location_ids=123,456
* @audit BUSINESS RULE: Calendar shows only bookings for specified date range and filters
* @audit SECURITY: RLS policies filter bookings by staff location permissions
* @audit PERFORMANCE: Separate queries for bookings, staff, locations to avoid complex joins
* @audit Validate: Business hours returned for calendar time slot rendering
* @audit Validate: Staff list filtered by provided staff_ids or location permissions
* @audit Validate: Location list includes all active locations for filter dropdown
*/
export async function GET(request: NextRequest) {
try {
const { searchParams } = new URL(request.url)
const startDate = searchParams.get('start_date')
const endDate = searchParams.get('end_date')
const locationIds = searchParams.get('location_ids')?.split(',') || []
const staffIds = searchParams.get('staff_ids')?.split(',') || []
// Backward compatibility
const locationId = searchParams.get('location_id')
// Get bookings for the date range
let bookingsQuery = supabaseAdmin
.from('bookings')
.select(`
id,
short_id,
status,
start_time_utc,
end_time_utc,
customer_id,
service_id,
staff_id,
resource_id,
location_id
`)
if (startDate) {
bookingsQuery = bookingsQuery.gte('start_time_utc', startDate)
}
if (endDate) {
bookingsQuery = bookingsQuery.lte('start_time_utc', endDate)
}
// Support both single location and multiple locations
const effectiveLocationIds = locationId ? [locationId] : locationIds
if (effectiveLocationIds.length > 0) {
bookingsQuery = bookingsQuery.in('location_id', effectiveLocationIds)
}
if (staffIds.length > 0) {
bookingsQuery = bookingsQuery.in('staff_id', staffIds)
}
const { data: bookings, error: bookingsError } = await bookingsQuery
.order('start_time_utc', { ascending: true })
if (bookingsError) {
console.error('Aperture calendar GET error:', bookingsError)
return NextResponse.json(
{ error: bookingsError.message },
{ status: 500 }
)
}
// Get related data
const customerIds = bookings?.map(b => b.customer_id).filter(Boolean) || []
const serviceIds = bookings?.map(b => b.service_id).filter(Boolean) || []
const staffIdsFromBookings = bookings?.map(b => b.staff_id).filter(Boolean) || []
const resourceIds = bookings?.map(b => b.resource_id).filter(Boolean) || []
const allStaffIds = Array.from(new Set([...staffIdsFromBookings, ...staffIds]))
const [customers, services, staff, resources] = await Promise.all([
customerIds.length > 0 ? supabaseAdmin.from('customers').select('id, first_name, last_name').in('id', customerIds) : Promise.resolve({ data: [] }),
serviceIds.length > 0 ? supabaseAdmin.from('services').select('id, name, duration_minutes').in('id', serviceIds) : Promise.resolve({ data: [] }),
allStaffIds.length > 0 ? supabaseAdmin.from('staff').select('id, display_name, role').in('id', allStaffIds) : Promise.resolve({ data: [] }),
resourceIds.length > 0 ? supabaseAdmin.from('resources').select('id, name, type').in('id', resourceIds) : Promise.resolve({ data: [] })
])
const customerMap = new Map(customers.data?.map(c => [c.id, c]) || [])
const serviceMap = new Map(services.data?.map(s => [s.id, s]) || [])
const staffMap = new Map(staff.data?.map(s => [s.id, s]) || [])
const resourceMap = new Map(resources.data?.map(r => [r.id, r]) || [])
// Format bookings for calendar
const calendarBookings = bookings?.map(booking => ({
id: booking.id,
shortId: booking.short_id,
status: booking.status,
startTime: booking.start_time_utc,
endTime: booking.end_time_utc,
customer: customerMap.get(booking.customer_id),
service: serviceMap.get(booking.service_id),
staff: staffMap.get(booking.staff_id),
resource: resourceMap.get(booking.resource_id),
locationId: booking.location_id
})) || []
// Get staff list for calendar columns
const calendarStaff = staff.data || []
// Get available locations
const { data: locations } = await supabaseAdmin
.from('locations')
.select('id, name, address')
.eq('is_active', true)
// Get business hours for the date range (simplified - assume 9 AM to 8 PM)
const businessHours = {
start: '09:00',
end: '20:00',
days: [1, 2, 3, 4, 5, 6] // Monday to Saturday
}
return NextResponse.json({
success: true,
bookings: calendarBookings,
staff: calendarStaff,
locations: locations || [],
businessHours,
dateRange: {
start: startDate,
end: endDate
}
})
} catch (error) {
console.error('Unexpected error in calendar API:', error)
return NextResponse.json(
{ error: 'Internal server error' },
{ status: 500 }
)
}
}

193
app/api/aperture/dashboard/route.ts
View File

@@ -2,7 +2,7 @@ import { NextRequest, NextResponse } from 'next/server'
import { supabaseAdmin } from '@/lib/supabase/admin'
/**
* @description Fetches bookings with filters for dashboard view
* @description Fetches comprehensive dashboard data including bookings, top performers, and activity feed
*/
export async function GET(request: NextRequest) {
try {
@@ -12,39 +12,14 @@ export async function GET(request: NextRequest) {
const endDate = searchParams.get('end_date')
const staffId = searchParams.get('staff_id')
const status = searchParams.get('status')
const includeCustomers = searchParams.get('include_customers') === 'true'
const includeTopPerformers = searchParams.get('include_top_performers') === 'true'
const includeActivity = searchParams.get('include_activity') === 'true'
// Get basic bookings data first
let query = supabaseAdmin
.from('bookings')
.select(`
id,
short_id,
status,
start_time_utc,
end_time_utc,
is_paid,
created_at,
customer (
id,
first_name,
last_name,
email
),
service (
id,
name,
duration_minutes,
base_price
),
staff (
id,
display_name
),
resource (
id,
name,
type
)
`)
.select('id, short_id, status, start_time_utc, end_time_utc, is_paid, created_at, customer_id, service_id, staff_id, resource_id')
.order('start_time_utc', { ascending: true })
if (locationId) {
@@ -68,7 +43,6 @@ export async function GET(request: NextRequest) {
}
const { data: bookings, error } = await query
if (error) {
console.error('Aperture dashboard GET error:', error)
return NextResponse.json(
@@ -77,10 +51,159 @@ export async function GET(request: NextRequest) {
)
}
return NextResponse.json({
// Fetch related data for bookings
const customerIds = bookings?.map(b => b.customer_id).filter(Boolean) || []
const serviceIds = bookings?.map(b => b.service_id).filter(Boolean) || []
const staffIds = bookings?.map(b => b.staff_id).filter(Boolean) || []
const resourceIds = bookings?.map(b => b.resource_id).filter(Boolean) || []
const [customers, services, staff, resources] = await Promise.all([
customerIds.length > 0 ? supabaseAdmin.from('customers').select('id, first_name, last_name, email').in('id', customerIds) : Promise.resolve({ data: [] }),
serviceIds.length > 0 ? supabaseAdmin.from('services').select('id, name, duration_minutes, base_price').in('id', serviceIds) : Promise.resolve({ data: [] }),
staffIds.length > 0 ? supabaseAdmin.from('staff').select('id, display_name').in('id', staffIds) : Promise.resolve({ data: [] }),
resourceIds.length > 0 ? supabaseAdmin.from('resources').select('id, name, type').in('id', resourceIds) : Promise.resolve({ data: [] })
])
const customerMap = new Map(customers.data?.map(c => [c.id, c]) || [])
const serviceMap = new Map(services.data?.map(s => [s.id, s]) || [])
const staffMap = new Map(staff.data?.map(s => [s.id, s]) || [])
const resourceMap = new Map(resources.data?.map(r => [r.id, r]) || [])
// Combine bookings with related data
const bookingsWithRelations = bookings?.map(booking => ({
...booking,
customer: customerMap.get(booking.customer_id),
service: serviceMap.get(booking.service_id),
staff: staffMap.get(booking.staff_id),
resource: resourceMap.get(booking.resource_id)
})) || []
const response: any = {
success: true,
bookings: bookings || []
})
bookings: bookingsWithRelations
}
if (includeCustomers) {
const { count: totalCustomers } = await supabaseAdmin
.from('customers')
.select('*', { count: 'exact', head: true })
const now = new Date()
const todayStart = new Date(now.getFullYear(), now.getMonth(), now.getDate())
const monthStart = new Date(now.getFullYear(), now.getMonth(), 1)
const { count: newCustomersToday } = await supabaseAdmin
.from('customers')
.select('*', { count: 'exact', head: true })
.gte('created_at', todayStart.toISOString())
const { count: newCustomersMonth } = await supabaseAdmin
.from('customers')
.select('*', { count: 'exact', head: true })
.gte('created_at', monthStart.toISOString())
response.customers = {
total: totalCustomers || 0,
newToday: newCustomersToday || 0,
newMonth: newCustomersMonth || 0
}
}
if (includeTopPerformers) {
const monthStart = new Date(new Date().getFullYear(), new Date().getMonth(), 1)
// Get bookings data
const { data: bookingsData } = await supabaseAdmin
.from('bookings')
.select('staff_id, total_amount, start_time_utc, end_time_utc')
.eq('status', 'completed')
.gte('end_time_utc', monthStart.toISOString())
// Get staff data separately
const { data: staffData } = await supabaseAdmin
.from('staff')
.select('id, display_name, role')
const staffMap = new Map(staffData?.map(s => [s.id, s]) || [])
const staffPerformance = new Map()
bookingsData?.forEach((booking: any) => {
const staffId = booking.staff_id
const staff = staffMap.get(staffId)
if (!staffPerformance.has(staffId)) {
staffPerformance.set(staffId, {
staffId,
displayName: staff?.display_name || 'Unknown',
role: staff?.role || 'Unknown',
totalBookings: 0,
totalRevenue: 0,
totalHours: 0
})
}
const perf = staffPerformance.get(staffId)
perf.totalBookings += 1
perf.totalRevenue += booking.total_amount || 0
const duration = booking.end_time_utc && booking.start_time_utc
? (new Date(booking.end_time_utc).getTime() - new Date(booking.start_time_utc).getTime()) / (1000 * 60 * 60)
: 0
perf.totalHours += duration
})
response.topPerformers = Array.from(staffPerformance.values())
.sort((a: any, b: any) => b.totalRevenue - a.totalRevenue)
.slice(0, 10)
}
if (includeActivity) {
// Get recent bookings
const { data: recentBookings } = await supabaseAdmin
.from('bookings')
.select('id, short_id, status, start_time_utc, end_time_utc, created_at, customer_id, service_id, staff_id')
.order('created_at', { ascending: false })
.limit(10)
// Get related data
const customerIds = recentBookings?.map(b => b.customer_id).filter(Boolean) || []
const serviceIds = recentBookings?.map(b => b.service_id).filter(Boolean) || []
const staffIds = recentBookings?.map(b => b.staff_id).filter(Boolean) || []
const [customers, services, staff] = await Promise.all([
customerIds.length > 0 ? supabaseAdmin.from('customers').select('id, first_name, last_name').in('id', customerIds) : Promise.resolve({ data: [] }),
serviceIds.length > 0 ? supabaseAdmin.from('services').select('id, name').in('id', serviceIds) : Promise.resolve({ data: [] }),
staffIds.length > 0 ? supabaseAdmin.from('staff').select('id, display_name').in('id', staffIds) : Promise.resolve({ data: [] })
])
const customerMap = new Map(customers.data?.map(c => [c.id, c]) || [])
const serviceMap = new Map(services.data?.map(s => [s.id, s]) || [])
const staffMap = new Map(staff.data?.map(s => [s.id, s]) || [])
const activityFeed = recentBookings?.map((booking: any) => {
const customer = customerMap.get(booking.customer_id)
const service = serviceMap.get(booking.service_id)
const staffMember = staffMap.get(booking.staff_id)
return {
id: booking.id,
type: 'booking',
action: booking.status === 'completed' ? 'completed' :
booking.status === 'confirmed' ? 'confirmed' :
booking.status === 'cancelled' ? 'cancelled' : 'created',
timestamp: booking.created_at,
bookingShortId: booking.short_id,
customerName: customer ? `${customer.first_name || ''} ${customer.last_name || ''}`.trim() : 'Unknown',
serviceName: service?.name || 'Unknown',
staffName: staffMember?.display_name || 'Unknown'
}
})
response.activityFeed = activityFeed
}
return NextResponse.json(response)
} catch (error) {
console.error('Aperture dashboard GET error:', error)
return NextResponse.json(

34
app/api/aperture/locations/route.ts Normal file
View File

@@ -0,0 +1,34 @@
import { NextRequest, NextResponse } from 'next/server'
import { supabaseAdmin } from '@/lib/supabase/admin'
/**
* @description Gets all active locations
*/
export async function GET(request: NextRequest) {
try {
const { data: locations, error } = await supabaseAdmin
.from('locations')
.select('id, name, address, timezone, is_active')
.eq('is_active', true)
.order('name')
if (error) {
console.error('Locations GET error:', error)
return NextResponse.json(
{ error: error.message },
{ status: 500 }
)
}
return NextResponse.json({
success: true,
locations: locations || []
})
} catch (error) {
console.error('Locations GET error:', error)
return NextResponse.json(
{ error: 'Internal server error' },
{ status: 500 }
)
}
}

225
app/api/aperture/resources/[id]/route.ts Normal file
View File

@@ -0,0 +1,225 @@
import { NextRequest, NextResponse } from 'next/server'
import { supabaseAdmin } from '@/lib/supabase/admin'
/**
* @description Gets a specific resource by ID
*/
export async function GET(
request: NextRequest,
{ params }: { params: { id: string } }
) {
try {
const resourceId = params.id
const { data: resource, error: resourceError } = await supabaseAdmin
.from('resources')
.select(`
id,
location_id,
name,
type,
capacity,
is_active,
created_at,
updated_at,
locations (
id,
name,
address
)
`)
.eq('id', resourceId)
.single()
if (resourceError) {
if (resourceError.code === 'PGRST116') {
return NextResponse.json(
{ error: 'Resource not found' },
{ status: 404 }
)
}
console.error('Aperture resource GET individual error:', resourceError)
return NextResponse.json(
{ error: resourceError.message },
{ status: 500 }
)
}
return NextResponse.json({
success: true,
resource
})
} catch (error) {
console.error('Aperture resource GET individual error:', error)
return NextResponse.json(
{ error: 'Internal server error' },
{ status: 500 }
)
}
}
/**
* @description Updates a resource
*/
export async function PUT(
request: NextRequest,
{ params }: { params: { id: string } }
) {
try {
const resourceId = params.id
const updates = await request.json()
// Remove fields that shouldn't be updated directly
delete updates.id
delete updates.created_at
// Validate type if provided
if (updates.type && !['station', 'room', 'equipment'].includes(updates.type)) {
return NextResponse.json(
{ error: 'Invalid type. Must be: station, room, or equipment' },
{ status: 400 }
)
}
// Get current resource data for audit log
const { data: currentResource } = await supabaseAdmin
.from('resources')
.select('*')
.eq('id', resourceId)
.single()
// Update resource
const { data: resource, error: resourceError } = await supabaseAdmin
.from('resources')
.update({
...updates,
updated_at: new Date().toISOString()
})
.eq('id', resourceId)
.select(`
id,
location_id,
name,
type,
capacity,
is_active,
created_at,
updated_at,
locations (
id,
name,
address
)
`)
.single()
if (resourceError) {
console.error('Aperture resource PUT error:', resourceError)
return NextResponse.json(
{ error: resourceError.message },
{ status: 500 }
)
}
// Log update
await supabaseAdmin
.from('audit_logs')
.insert({
entity_type: 'resource',
entity_id: resourceId,
action: 'update',
old_values: currentResource,
new_values: resource,
performed_by_role: 'admin'
})
return NextResponse.json({
success: true,
resource
})
} catch (error) {
console.error('Aperture resource PUT error:', error)
return NextResponse.json(
{ error: 'Internal server error' },
{ status: 500 }
)
}
}
/**
* @description Deactivates a resource (soft delete)
*/
export async function DELETE(
request: NextRequest,
{ params }: { params: { id: string } }
) {
try {
const resourceId = params.id
// Get current resource data for audit log
const { data: currentResource } = await supabaseAdmin
.from('resources')
.select('*')
.eq('id', resourceId)
.single()
if (!currentResource) {
return NextResponse.json(
{ error: 'Resource not found' },
{ status: 404 }
)
}
// Soft delete by setting is_active to false
const { data: resource, error: resourceError } = await supabaseAdmin
.from('resources')
.update({
is_active: false,
updated_at: new Date().toISOString()
})
.eq('id', resourceId)
.select(`
id,
location_id,
name,
type,
capacity,
is_active,
created_at,
updated_at
`)
.single()
if (resourceError) {
console.error('Aperture resource DELETE error:', resourceError)
return NextResponse.json(
{ error: resourceError.message },
{ status: 500 }
)
}
// Log deactivation
await supabaseAdmin
.from('audit_logs')
.insert({
entity_type: 'resource',
entity_id: resourceId,
action: 'delete',
old_values: currentResource,
new_values: resource,
performed_by_role: 'admin'
})
return NextResponse.json({
success: true,
message: 'Resource deactivated successfully',
resource
})
} catch (error) {
console.error('Aperture resource DELETE error:', error)
return NextResponse.json(
{ error: 'Internal server error' },
{ status: 500 }
)
}
}

166
app/api/aperture/resources/route.ts
View File

@@ -2,33 +2,88 @@ import { NextRequest, NextResponse } from 'next/server'
import { supabaseAdmin } from '@/lib/supabase/admin'
/**
* @description Retrieves active resources, optionally filtered by location
* @description Get resources list with real-time availability for Aperture dashboard
* @param {NextRequest} request - Query params: location_id, type, is_active, include_availability
* @returns {NextResponse} JSON with resources array including current booking status
* @example GET /api/aperture/resources?location_id=123&include_availability=true
* @audit BUSINESS RULE: Resources filtered by location for operational efficiency
* @audit SECURITY: RLS policies restrict resource access by staff location
* @audit PERFORMANCE: Real-time availability calculated per resource (may impact performance)
* @audit Validate: include_availability=true adds currently_booked and available_capacity fields
* @audit Validate: Only active resources returned unless is_active filter specified
*/
export async function GET(request: NextRequest) {
try {
const { searchParams } = new URL(request.url)
const locationId = searchParams.get('location_id')
const type = searchParams.get('type')
const isActive = searchParams.get('is_active')
const includeAvailability = searchParams.get('include_availability') === 'true'
let query = supabaseAdmin
.from('resources')
.select('*')
.eq('is_active', true)
.select(`
id,
location_id,
name,
type,
capacity,
is_active,
created_at,
updated_at,
locations (
id,
name,
address
)
`)
.order('type', { ascending: true })
.order('name', { ascending: true })
// Apply filters
if (locationId) {
query = query.eq('location_id', locationId)
}
if (type) {
query = query.eq('type', type)
}
if (isActive !== null) {
query = query.eq('is_active', isActive === 'true')
}
const { data: resources, error } = await query
if (error) {
console.error('Resources GET error:', error)
return NextResponse.json(
{ error: error.message },
{ status: 500 }
)
}
// If availability is requested, check current usage
if (includeAvailability && resources) {
const now = new Date()
const currentHour = now.getHours()
for (const resource of resources) {
// Check if resource is currently booked
const { data: currentBookings } = await supabaseAdmin
.from('bookings')
.select('id')
.eq('resource_id', resource.id)
.eq('status', 'confirmed')
.lte('start_time_utc', now.toISOString())
.gte('end_time_utc', now.toISOString())
const isCurrentlyBooked = currentBookings && currentBookings.length > 0
const bookedCount = currentBookings?.length || 0
;(resource as any).currently_booked = isCurrentlyBooked
;(resource as any).available_capacity = Math.max(0, resource.capacity - bookedCount)
}
}
return NextResponse.json({
success: true,
resources: resources || []
@@ -41,3 +96,108 @@ export async function GET(request: NextRequest) {
)
}
}
/**
* @description Create a new resource with capacity and type validation
* @param {NextRequest} request - JSON body with location_id, name, type, capacity
* @returns {NextResponse} JSON with created resource data
* @example POST /api/aperture/resources {"location_id": "123", "name": "mani-01", "type": "station", "capacity": 1}
* @audit BUSINESS RULE: Resource capacity must be positive integer for scheduling logic
* @audit SECURITY: Resource creation restricted to admin users only
* @audit Validate: Type must be one of: station, room, equipment
* @audit Validate: Location must exist and be active before resource creation
* @audit AUDIT: Resource creation logged in audit_logs with full new_values
* @audit DATA INTEGRITY: Foreign key ensures location_id validity
*/
export async function POST(request: NextRequest) {
try {
const body = await request.json()
const { location_id, name, type, capacity } = body
if (!location_id || !name || !type) {
return NextResponse.json(
{ error: 'Missing required fields: location_id, name, type' },
{ status: 400 }
)
}
// Validate type
if (!['station', 'room', 'equipment'].includes(type)) {
return NextResponse.json(
{ error: 'Invalid type. Must be: station, room, or equipment' },
{ status: 400 }
)
}
// Check if location exists
const { data: location } = await supabaseAdmin
.from('locations')
.select('id')
.eq('id', location_id)
.single()
if (!location) {
return NextResponse.json(
{ error: 'Invalid location_id' },
{ status: 400 }
)
}
// Create resource
const { data: resource, error: resourceError } = await supabaseAdmin
.from('resources')
.insert({
location_id,
name,
type,
capacity: capacity || 1,
is_active: true
})
.select(`
id,
location_id,
name,
type,
capacity,
is_active,
created_at,
updated_at,
locations (
id,
name,
address
)
`)
.single()
if (resourceError) {
console.error('Resources POST error:', resourceError)
return NextResponse.json(
{ error: resourceError.message },
{ status: 500 }
)
}
// Log creation
await supabaseAdmin
.from('audit_logs')
.insert({
entity_type: 'resource',
entity_id: resource.id,
action: 'create',
new_values: resource,
performed_by_role: 'admin'
})
return NextResponse.json({
success: true,
resource
})
} catch (error) {
console.error('Resources POST error:', error)
return NextResponse.json(
{ error: 'Internal server error' },
{ status: 500 }
)
}
}

228
app/api/aperture/staff/[id]/route.ts Normal file
View File

@@ -0,0 +1,228 @@
import { NextRequest, NextResponse } from 'next/server'
import { supabaseAdmin } from '@/lib/supabase/admin'
/**
* @description Gets a specific staff member by ID
*/
export async function GET(
request: NextRequest,
{ params }: { params: { id: string } }
) {
try {
const staffId = params.id
const { data: staff, error: staffError } = await supabaseAdmin
.from('staff')
.select(`
id,
user_id,
location_id,
role,
display_name,
phone,
is_active,
created_at,
updated_at,
locations (
id,
name,
address
)
`)
.eq('id', staffId)
.single()
if (staffError) {
if (staffError.code === 'PGRST116') {
return NextResponse.json(
{ error: 'Staff member not found' },
{ status: 404 }
)
}
console.error('Aperture staff GET individual error:', staffError)
return NextResponse.json(
{ error: staffError.message },
{ status: 500 }
)
}
return NextResponse.json({
success: true,
staff
})
} catch (error) {
console.error('Aperture staff GET individual error:', error)
return NextResponse.json(
{ error: 'Internal server error' },
{ status: 500 }
)
}
}
/**
* @description Updates a staff member
*/
export async function PUT(
request: NextRequest,
{ params }: { params: { id: string } }
) {
try {
const staffId = params.id
const updates = await request.json()
// Remove fields that shouldn't be updated directly
delete updates.id
delete updates.created_at
// Validate role if provided
if (updates.role && !['admin', 'manager', 'staff', 'artist', 'kiosk'].includes(updates.role)) {
return NextResponse.json(
{ error: 'Invalid role' },
{ status: 400 }
)
}
// Get current staff data for audit log
const { data: currentStaff } = await supabaseAdmin
.from('staff')
.select('*')
.eq('id', staffId)
.single()
// Update staff member
const { data: staff, error: staffError } = await supabaseAdmin
.from('staff')
.update({
...updates,
updated_at: new Date().toISOString()
})
.eq('id', staffId)
.select(`
id,
user_id,
location_id,
role,
display_name,
phone,
is_active,
created_at,
updated_at,
locations (
id,
name,
address
)
`)
.single()
if (staffError) {
console.error('Aperture staff PUT error:', staffError)
return NextResponse.json(
{ error: staffError.message },
{ status: 500 }
)
}
// Log update
await supabaseAdmin
.from('audit_logs')
.insert({
entity_type: 'staff',
entity_id: staffId,
action: 'update',
old_values: currentStaff,
new_values: staff,
performed_by_role: 'admin'
})
return NextResponse.json({
success: true,
staff
})
} catch (error) {
console.error('Aperture staff PUT error:', error)
return NextResponse.json(
{ error: 'Internal server error' },
{ status: 500 }
)
}
}
/**
* @description Deactivates a staff member (soft delete)
*/
export async function DELETE(
request: NextRequest,
{ params }: { params: { id: string } }
) {
try {
const staffId = params.id
// Get current staff data for audit log
const { data: currentStaff } = await supabaseAdmin
.from('staff')
.select('*')
.eq('id', staffId)
.single()
if (!currentStaff) {
return NextResponse.json(
{ error: 'Staff member not found' },
{ status: 404 }
)
}
// Soft delete by setting is_active to false
const { data: staff, error: staffError } = await supabaseAdmin
.from('staff')
.update({
is_active: false,
updated_at: new Date().toISOString()
})
.eq('id', staffId)
.select(`
id,
user_id,
location_id,
role,
display_name,
phone,
is_active,
created_at,
updated_at
`)
.single()
if (staffError) {
console.error('Aperture staff DELETE error:', staffError)
return NextResponse.json(
{ error: staffError.message },
{ status: 500 }
)
}
// Log deactivation
await supabaseAdmin
.from('audit_logs')
.insert({
entity_type: 'staff',
entity_id: staffId,
action: 'delete',
old_values: currentStaff,
new_values: staff,
performed_by_role: 'admin'
})
return NextResponse.json({
success: true,
message: 'Staff member deactivated successfully',
staff
})
} catch (error) {
console.error('Aperture staff DELETE error:', error)
return NextResponse.json(
{ error: 'Internal server error' },
{ status: 500 }
)
}
}

44
app/api/aperture/staff/role/route.ts Normal file
View File

@@ -0,0 +1,44 @@
import { NextRequest, NextResponse } from 'next/server'
import { supabaseAdmin } from '@/lib/supabase/admin'
/**
* @description Get staff role by user ID for authentication
*/
export async function POST(request: NextRequest) {
try {
const body = await request.json()
const { userId } = body
if (!userId) {
return NextResponse.json(
{ success: false, error: 'Missing userId' },
{ status: 400 }
)
}
const { data: staff, error } = await supabaseAdmin
.from('staff')
.select('role')
.eq('user_id', userId)
.single()
if (error || !staff) {
console.error('Error fetching staff role:', error)
return NextResponse.json(
{ success: false, error: 'Staff record not found' },
{ status: 404 }
)
}
return NextResponse.json({
success: true,
role: staff.role
})
} catch (error) {
console.error('Staff role check error:', error)
return NextResponse.json(
{ success: false, error: 'Internal server error' },
{ status: 500 }
)
}
}

183
app/api/aperture/staff/route.ts
View File

@@ -2,34 +2,95 @@ import { NextRequest, NextResponse } from 'next/server'
import { supabaseAdmin } from '@/lib/supabase/admin'
/**
* @description Gets available staff for a location and date
* @description Get staff list with comprehensive filtering for Aperture dashboard
* @param {NextRequest} request - Contains query parameters for location_id, role, is_active, include_schedule
* @returns {NextResponse} JSON with staff array, including locations and optional schedule data
* @example GET /api/aperture/staff?location_id=123&role=staff&include_schedule=true
* @audit BUSINESS RULE: Only admin/manager roles can access staff data via this endpoint
* @audit SECURITY: RLS policies 'staff_select_admin_manager' and 'staff_select_same_location' applied
* @audit Validate: Staff data includes sensitive info, access must be role-restricted
* @audit PERFORMANCE: Indexed queries on location_id, role, is_active for fast filtering
* @audit PERFORMANCE: Schedule data loaded separately to avoid N+1 queries
*/
export async function GET(request: NextRequest) {
try {
const { searchParams } = new URL(request.url)
const locationId = searchParams.get('location_id')
const date = searchParams.get('date')
const role = searchParams.get('role')
const isActive = searchParams.get('is_active')
const includeSchedule = searchParams.get('include_schedule') === 'true'
if (!locationId || !date) {
return NextResponse.json(
{ error: 'Missing required parameters: location_id, date' },
{ status: 400 }
)
let query = supabaseAdmin
.from('staff')
.select(`
id,
user_id,
location_id,
role,
display_name,
phone,
is_active,
created_at,
updated_at,
locations (
id,
name,
address
)
`)
// Apply filters
if (locationId) {
query = query.eq('location_id', locationId)
}
if (role) {
query = query.eq('role', role)
}
if (isActive !== null) {
query = query.eq('is_active', isActive === 'true')
}
const { data: staff, error: staffError } = await supabaseAdmin.rpc('get_available_staff', {
p_location_id: locationId,
p_start_time_utc: `${date}T00:00:00Z`,
p_end_time_utc: `${date}T23:59:59Z`
})
// Order by display name
query = query.order('display_name')
const { data: staff, error: staffError } = await query
if (staffError) {
console.error('Aperture staff GET error:', staffError)
return NextResponse.json(
{ error: staffError.message },
{ status: 500 }
)
}
// If schedule is requested, get current day's availability
if (includeSchedule) {
const today = new Date().toISOString().split('T')[0]
const staffIds = staff?.map(s => s.id) || []
if (staffIds.length > 0) {
const { data: schedules } = await supabaseAdmin
.from('staff_availability')
.select('staff_id, day_of_week, start_time, end_time')
.in('staff_id', staffIds)
.eq('is_available', true)
// Group schedules by staff_id
const scheduleMap = new Map()
schedules?.forEach(schedule => {
if (!scheduleMap.has(schedule.staff_id)) {
scheduleMap.set(schedule.staff_id, [])
}
scheduleMap.get(schedule.staff_id).push(schedule)
})
// Add schedules to staff data
staff?.forEach(member => {
(member as any).schedule = scheduleMap.get(member.id) || []
})
}
}
return NextResponse.json({
success: true,
staff: staff || []
@@ -42,3 +103,101 @@ export async function GET(request: NextRequest) {
)
}
}
/**
* @description Create a new staff member with validation and audit logging
* @param {NextRequest} request - JSON body with location_id, role, display_name, phone, user_id
* @returns {NextResponse} JSON with created staff member data
* @example POST /api/aperture/staff {"location_id": "123", "role": "staff", "display_name": "John Doe"}
* @audit BUSINESS RULE: Staff creation requires valid location_id and proper role assignment
* @audit SECURITY: Only admin users can create staff members via this endpoint
* @audit Validate: Role must be one of: admin, manager, staff, artist, kiosk
* @audit Validate: Location must exist and be active before staff creation
* @audit AUDIT: All staff creation logged in audit_logs table with new_values
* @audit DATA INTEGRITY: Foreign key constraints ensure location_id validity
*/
export async function POST(request: NextRequest) {
try {
const body = await request.json()
const { location_id, role, display_name, phone, user_id } = body
if (!location_id || !role || !display_name) {
return NextResponse.json(
{ error: 'Missing required fields: location_id, role, display_name' },
{ status: 400 }
)
}
// Check if location exists
const { data: location } = await supabaseAdmin
.from('locations')
.select('id')
.eq('id', location_id)
.single()
if (!location) {
return NextResponse.json(
{ error: 'Invalid location_id' },
{ status: 400 }
)
}
// Create staff member
const { data: staff, error: staffError } = await supabaseAdmin
.from('staff')
.insert({
location_id,
role,
display_name,
phone,
user_id,
is_active: true
})
.select(`
id,
user_id,
location_id,
role,
display_name,
phone,
is_active,
created_at,
locations (
id,
name,
address
)
`)
.single()
if (staffError) {
console.error('Aperture staff POST error:', staffError)
return NextResponse.json(
{ error: staffError.message },
{ status: 500 }
)
}
// Log creation
await supabaseAdmin
.from('audit_logs')
.insert({
entity_type: 'staff',
entity_id: staff.id,
action: 'create',
new_values: staff,
performed_by_role: 'admin'
})
return NextResponse.json({
success: true,
staff
})
} catch (error) {
console.error('Aperture staff POST error:', error)
return NextResponse.json(
{ error: 'Internal server error' },
{ status: 500 }
)
}
}

14
app/api/cron/reset-invitations/route.ts
View File

@@ -2,10 +2,16 @@ import { NextResponse, NextRequest } from 'next/server'
import { createClient } from '@supabase/supabase-js'
/**
* @description Weekly reset of Gold tier invitations
* @description Runs automatically every Monday 00:00 UTC
* @description Resets weekly_invitations_used to 0 for all Gold tier customers
* @description Logs action to audit_logs table
* @description CRITICAL: Weekly reset of Gold tier invitation quotas
* @param {NextRequest} request - Must include Bearer token with CRON_SECRET
* @returns {NextResponse} Success confirmation with reset statistics
* @example curl -H "Authorization: Bearer YOUR_CRON_SECRET" /api/cron/reset-invitations
* @audit BUSINESS RULE: Gold tier gets 5 weekly invitations, resets every Monday UTC
* @audit SECURITY: Requires CRON_SECRET environment variable for authentication
* @audit Validate: Only Gold tier customers affected, count matches expectations
* @audit AUDIT: Reset action logged in audit_logs with customer count affected
* @audit PERFORMANCE: Single bulk update query, efficient for large customer base
* @audit RELIABILITY: Cron job should run exactly at Monday 00:00 UTC weekly
*/
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL

20
app/globals.css
View File

@@ -10,6 +10,19 @@
--deep-earth: #6F5E4F;
--charcoal-brown: #3F362E;
--ivory-cream: #FFFEF9;
--sand-beige: #E8E4DD;
--forest-green: #2E8B57;
--clay-orange: #D2691E;
--brick-red: #B22222;
--slate-blue: #6A5ACD;
--forest-green-alpha: rgba(46, 139, 87, 0.1);
--clay-orange-alpha: rgba(210, 105, 30, 0.1);
--brick-red-alpha: rgba(178, 34, 34, 0.1);
--slate-blue-alpha: rgba(106, 90, 205, 0.1);
--charcoal-brown-alpha: rgba(63, 54, 46, 0.1);
/* Aperture - Square UI */
--ui-primary: #006AFF;
--ui-primary-hover: #005ED6;
@@ -51,6 +64,13 @@
--ui-radius-2xl: 16px;
--ui-radius-full: 9999px;
--radius-sm: 4px;
--radius-md: 6px;
--radius-lg: 8px;
--radius-xl: 12px;
--radius-2xl: 16px;
--radius-full: 9999px;
/* Font sizes */
--text-xs: 0.75rem; /* 12px */
--text-sm: 0.875rem; /* 14px */

49
app/layout.tsx
View File

@@ -2,6 +2,7 @@ import type { Metadata } from 'next'
import { Inter } from 'next/font/google'
import './globals.css'
import { AuthProvider } from '@/lib/auth/context'
import { AuthGuard } from '@/components/auth-guard'
const inter = Inter({
subsets: ['latin'],
@@ -28,32 +29,34 @@ export default function RootLayout({
</head>
<body className={`${inter.variable} font-sans`}>
<AuthProvider>
{typeof window === 'undefined' && (
<header className="site-header">
<nav className="nav-primary">
<div className="logo">
<a href="/">ANCHOR:23</a>
</div>
<AuthGuard>
{typeof window === 'undefined' && (
<header className="site-header">
<nav className="nav-primary">
<div className="logo">
<a href="/">ANCHOR:23</a>
</div>
<ul className="nav-links">
<li><a href="/">Inicio</a></li>
<li><a href="/historia">Nosotros</a></li>
<li><a href="/servicios">Servicios</a></li>
</ul>
<ul className="nav-links">
<li><a href="/">Inicio</a></li>
<li><a href="/historia">Nosotros</a></li>
<li><a href="/servicios">Servicios</a></li>
</ul>
<div className="nav-actions flex items-center gap-4">
<a href="/booking/servicios" className="btn-secondary">
Book Now
</a>
<a href="/membresias" className="btn-primary">
Memberships
</a>
</div>
</nav>
</header>
)}
<div className="nav-actions flex items-center gap-4">
<a href="/booking/servicios" className="btn-secondary">
Book Now
</a>
<a href="/membresias" className="btn-primary">
Memberships
</a>
</div>
</nav>
</header>
)}
<main>{children}</main>
<main>{children}</main>
</AuthGuard>
</AuthProvider>
<footer className="site-footer">