rckrdmrd/erp-construccion-backend-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[REMEDIATION] feat: Backend remediation - auth controllers, construction entities, storage services

Browse Source 
Add 5 auth controllers (device, MFA, permission, role, session), 18 construction entities,
5 storage services, 2 document services. Enhance auth middleware, fix budget/construction
controllers. Addresses gaps from TASK-2026-02-05 analysis.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Adrian Flores Cortes 2026-02-05 23:18:17 -06:00
parent e3dca830b7
commit ebc526acb2
59 changed files with 9800 additions and 318 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
.env.example
View File

@ -1,71 +1,119 @@
# ============================================================================
# BACKEND ENVIRONMENT VARIABLES - ERP Construccion
# ============================================================================
# Proyecto: construccion
# Rango de puertos: 3100 (ver DEVENV-PORTS.md)
# Fecha: 2025-12-06
# Proyecto: erp-construccion
# Puerto Backend: 3021
# Puerto Frontend: 3020
# Fecha: 2026-02-03
#
# SEGURIDAD: Las variables marcadas con [REQUIRED] son OBLIGATORIAS en producción.
# En desarrollo, se usan valores por defecto con advertencia en consola.
# ============================================================================
# Application
NODE_ENV=development
APP_PORT=3021
PORT=3021
APP_HOST=0.0.0.0
API_VERSION=v1
API_PREFIX=/api/v1
# Database (Puerto 5433 - diferenciado de erp-core:5432)
DATABASE_URL=postgresql://erp_user:erp_dev_password@localhost:5433/erp_construccion
# ============================================================================
# DATABASE - PostgreSQL
# ============================================================================
# [REQUIRED] DB_PASSWORD es OBLIGATORIO en producción
# Credenciales oficiales según workspace-v2/CLAUDE.md:
# User: erp_admin | Password: erp_dev_2026 | Port: 5432
# ============================================================================
DATABASE_URL=postgresql://erp_admin:erp_dev_2026@localhost:5432/erp_construccion_db
DB_HOST=localhost
DB_PORT=5433
DB_NAME=erp_construccion
DB_USER=erp_user
DB_PASSWORD=erp_dev_password
DB_PORT=5432
DB_NAME=erp_construccion_db
DB_USER=erp_admin
DB_PASSWORD=erp_dev_2026
DB_SYNCHRONIZE=false
DB_LOGGING=true
# Redis (Puerto 6380 - diferenciado de erp-core:6379)
REDIS_HOST=localhost
REDIS_PORT=6380
REDIS_URL=redis://localhost:6380
# ============================================================================
# JWT - JSON Web Tokens
# ============================================================================
# [REQUIRED] JWT_SECRET es OBLIGATORIO en producción
# Debe tener mínimo 32 caracteres y ser único por ambiente
# ============================================================================
# MinIO S3 (Puerto 9100 - diferenciado de erp-core:9000)
S3_ENDPOINT=http://localhost:9100
JWT_SECRET=change-this-to-a-secure-random-string-minimum-32-chars
JWT_EXPIRES_IN=1d
JWT_REFRESH_EXPIRES_IN=7d
# ============================================================================
# REDIS - Cache y Sesiones
# ============================================================================
# DB 2 asignada para erp-suite según workspace-v2
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_DB=2
REDIS_URL=redis://localhost:6379/2
# ============================================================================
# CORS - Cross-Origin Resource Sharing
# ============================================================================
# Múltiples orígenes separados por coma
# En producción: usar solo dominios autorizados
CORS_ORIGIN=http://localhost:3020,http://localhost:5173
CORS_CREDENTIALS=true
# ============================================================================
# MinIO S3 - Almacenamiento de Archivos (Opcional)
# ============================================================================
S3_ENDPOINT=http://localhost:9000
S3_ACCESS_KEY=minioadmin
S3_SECRET_KEY=minioadmin
S3_BUCKET=erp-construccion
# JWT
JWT_SECRET=your-super-secret-jwt-key-change-this-in-production
JWT_EXPIRATION=24h
JWT_REFRESH_EXPIRATION=7d
# CORS (Frontend en puerto 5174)
CORS_ORIGIN=http://localhost:3020,http://localhost:5174
CORS_CREDENTIALS=true
# Rate Limiting
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX_REQUESTS=100
# ============================================================================
# Logging
# ============================================================================
LOG_LEVEL=debug
LOG_FORMAT=dev
# ============================================================================
# Rate Limiting
# ============================================================================
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX_REQUESTS=100
# ============================================================================
# File Upload
# ============================================================================
MAX_FILE_SIZE=10485760
UPLOAD_DIR=./uploads
# Email (opcional)
# ============================================================================
# Email SMTP (Opcional)
# ============================================================================
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USER=your-email@example.com
SMTP_PASSWORD=your-email-password
SMTP_FROM=noreply@example.com
# ============================================================================
# Security
BCRYPT_ROUNDS=10
SESSION_SECRET=your-session-secret-change-this
# ============================================================================
BCRYPT_ROUNDS=10
SESSION_SECRET=change-this-to-a-secure-random-string
# ============================================================================
# External APIs (Opcional - Futuro)
# ============================================================================
# External APIs (futuro)
INFONAVIT_API_URL=https://api.infonavit.gob.mx
INFONAVIT_API_KEY=your-api-key

44
src/config/index.ts
View File

@ -2,18 +2,52 @@
* Configuración centralizada del proyecto
* Bridge desde variables de entorno a objeto tipado
* Compatible con erp-core config interface
*
* SEGURIDAD: JWT_SECRET y DB_PASSWORD son OBLIGATORIOS en producción.
* En desarrollo, se permiten defaults solo si NODE_ENV === 'development'.
*/
import dotenv from 'dotenv';
dotenv.config();
const isDevelopment = process.env.NODE_ENV === 'development' || !process.env.NODE_ENV;
/**
* Obtiene una variable de entorno obligatoria.
* En desarrollo permite un valor por defecto, en producción falla si no existe.
*/
function getRequiredEnv(key: string, devDefault?: string): string {
const value = process.env[key];
if (value) return value;
if (isDevelopment && devDefault !== undefined) {
console.warn(`⚠️ [CONFIG] Usando valor por defecto para ${key} (solo desarrollo)`);
return devDefault;
}
throw new Error(`❌ [CONFIG] Variable de entorno requerida: ${key}. Configure en .env`);
}
/**
* Parsea CORS_ORIGIN como string único o array de orígenes.
* Formato: "http://localhost:3020" o "http://localhost:3020,http://localhost:5173"
*/
function parseCorsOrigin(): string | string[] {
const origin = process.env.CORS_ORIGIN;
if (!origin) {
return isDevelopment ? ['http://localhost:3020', 'http://localhost:5173'] : [];
}
return origin.includes(',') ? origin.split(',').map(o => o.trim()) : origin;
}
export const config = {
env: process.env.NODE_ENV || 'development',
port: parseInt(process.env.PORT || '3000', 10),
port: parseInt(process.env.PORT || '3021', 10),
isDevelopment,
jwt: {
secret: process.env.JWT_SECRET || 'your-super-secret-jwt-key-change-in-production-minimum-32-chars',
secret: getRequiredEnv('JWT_SECRET', 'dev-jwt-secret-min-32-chars-change-in-prod'),
expiresIn: process.env.JWT_EXPIRES_IN || '1d',
refreshExpiresIn: process.env.JWT_REFRESH_EXPIRES_IN || '7d',
},
@ -23,12 +57,14 @@ export const config = {
port: parseInt(process.env.DB_PORT || '5432', 10),
name: process.env.DB_NAME || 'erp_construccion_db',
user: process.env.DB_USER || 'erp_admin',
password: process.env.DB_PASSWORD || 'erp_dev_2026',
password: getRequiredEnv('DB_PASSWORD', 'erp_dev_2026'),
url: process.env.DATABASE_URL,
},
redis: {
host: process.env.REDIS_HOST || 'localhost',
port: parseInt(process.env.REDIS_PORT || '6379', 10),
db: parseInt(process.env.REDIS_DB || '2', 10),
},
logging: {
@ -36,6 +72,6 @@ export const config = {
},
cors: {
origin: process.env.CORS_ORIGIN || 'http://localhost:5173',
origin: parseCorsOrigin(),
},
};

481
src/modules/auth/controllers/device.controller.ts Normal file
View File

@ -0,0 +1,481 @@
/**
* DeviceController - Controlador de Dispositivos
*
* Endpoints REST para gestión de dispositivos del usuario.
* Permite ver, actualizar, eliminar y marcar dispositivos como confiables.
*
* @module Auth
*/
import { Router, Request, Response, NextFunction } from 'express';
import { DataSource, IsNull } from 'typeorm';
import { DeviceService, DeviceFilters, UpdateDeviceDto } from '../services/device.service';
import { AuthMiddleware } from '../middleware/auth.middleware';
import { AuthService } from '../services/auth.service';
import { Device, TrustedDevice, TrustLevel } from '../entities';
import { User } from '../../core/entities/user.entity';
import { Tenant } from '../../core/entities/tenant.entity';
import { RefreshToken } from '../entities/refresh-token.entity';
/**
* Crear router de dispositivos
* @param dataSource - DataSource de TypeORM
* @returns Router de Express configurado
*/
export function createDeviceController(dataSource: DataSource): Router {
const router = Router();
// Inicializar repositorios
const deviceRepository = dataSource.getRepository(Device);
const trustedDeviceRepository = dataSource.getRepository(TrustedDevice);
const userRepository = dataSource.getRepository(User);
const tenantRepository = dataSource.getRepository(Tenant);
const refreshTokenRepository = dataSource.getRepository(RefreshToken);
// Inicializar servicios
const deviceService = new DeviceService(deviceRepository);
const authService = new AuthService(
userRepository,
tenantRepository,
refreshTokenRepository as any
);
// Inicializar middleware
const authMiddleware = new AuthMiddleware(authService, dataSource);
/**
* Helper: Verificar si un dispositivo es confiable
*/
async function isTrustedDevice(userId: string, deviceFingerprint: string): Promise<boolean> {
const trusted = await trustedDeviceRepository.findOne({
where: {
userId,
deviceFingerprint,
isActive: true,
},
});
if (!trusted) return false;
if (trusted.trustExpiresAt && trusted.trustExpiresAt < new Date()) return false;
return true;
}
/**
* GET /devices
* Listar dispositivos del usuario autenticado
*/
router.get('/', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
if (!tenantId || !userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const page = parseInt(req.query.page as string) || 1;
const limit = Math.min(parseInt(req.query.limit as string) || 50, 100);
const search = req.query.search as string | undefined;
const deviceType = req.query.deviceType as string | undefined;
const filters: DeviceFilters = {
userId,
deviceType,
search,
};
const result = await deviceService.findWithFilters(
{ tenantId, userId },
filters,
page,
limit
);
res.status(200).json({
success: true,
data: result,
});
} catch (error) {
next(error);
}
});
/**
* GET /devices/:id
* Obtener detalle de un dispositivo
*/
router.get('/:id', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
if (!tenantId || !userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const device = await deviceService.findById({ tenantId, userId }, id);
if (!device) {
res.status(404).json({ error: 'Not Found', message: 'Device not found' });
return;
}
// Verificar que el dispositivo pertenece al usuario (o es admin)
const isAdmin = req.user?.roles?.some(r => ['admin', 'super_admin'].includes(r));
if (device.userId !== userId && !isAdmin) {
res.status(403).json({ error: 'Forbidden', message: 'Access denied' });
return;
}
res.status(200).json({
success: true,
data: device,
});
} catch (error) {
next(error);
}
});
/**
* PUT /devices/:id
* Actualizar nombre u otra información del dispositivo
*/
router.put('/:id', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
const dto: UpdateDeviceDto = req.body;
if (!tenantId || !userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const device = await deviceService.findById({ tenantId, userId }, id);
if (!device) {
res.status(404).json({ error: 'Not Found', message: 'Device not found' });
return;
}
// Verificar que el dispositivo pertenece al usuario
if (device.userId !== userId) {
res.status(403).json({ error: 'Forbidden', message: 'Access denied' });
return;
}
// Solo permitir actualizar el nombre para usuarios normales
const allowedFields: UpdateDeviceDto = { name: dto.name };
const updated = await deviceService.update({ tenantId, userId }, id, allowedFields);
res.status(200).json({ success: true, data: updated });
} catch (error) {
next(error);
}
});
/**
* DELETE /devices/:id
* Eliminar dispositivo (soft delete)
*/
router.delete('/:id', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
if (!tenantId || !userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const device = await deviceService.findById({ tenantId, userId }, id);
if (!device) {
res.status(404).json({ error: 'Not Found', message: 'Device not found' });
return;
}
// Verificar que el dispositivo pertenece al usuario (o es admin)
const isAdmin = req.user?.roles?.some(r => ['admin', 'super_admin'].includes(r));
if (device.userId !== userId && !isAdmin) {
res.status(403).json({ error: 'Forbidden', message: 'Access denied' });
return;
}
const deleted = await deviceService.delete({ tenantId, userId }, id);
if (!deleted) {
res.status(500).json({ error: 'Internal Server Error', message: 'Failed to delete device' });
return;
}
res.status(200).json({ success: true, message: 'Device deleted successfully' });
} catch (error) {
next(error);
}
});
/**
* POST /devices/:id/trust
* Marcar dispositivo como confiable
*/
router.post('/:id/trust', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
const { trustLevel, days } = req.body;
if (!tenantId || !userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const device = await deviceService.findById({ tenantId, userId }, id);
if (!device) {
res.status(404).json({ error: 'Not Found', message: 'Device not found' });
return;
}
// Verificar que el dispositivo pertenece al usuario
if (device.userId !== userId) {
res.status(403).json({ error: 'Forbidden', message: 'Access denied' });
return;
}
// Validar nivel de confianza si se proporciona
const validTrustLevels = Object.values(TrustLevel);
if (trustLevel && !validTrustLevels.includes(trustLevel)) {
res.status(400).json({
error: 'Bad Request',
message: `Invalid trust level. Valid values: ${validTrustLevels.join(', ')}`,
});
return;
}
// Buscar o crear trusted device usando la estructura real de la entidad
const expiryDays = days ?? 30;
const expiresAt = new Date(Date.now() + expiryDays * 24 * 60 * 60 * 1000);
let trustedDevice = await trustedDeviceRepository.findOne({
where: { userId, deviceFingerprint: device.fingerprint },
});
if (trustedDevice) {
trustedDevice.isActive = true;
trustedDevice.trustLevel = trustLevel || TrustLevel.STANDARD;
trustedDevice.trustExpiresAt = expiresAt;
trustedDevice.lastUsedAt = new Date();
trustedDevice.revokedAt = null;
} else {
trustedDevice = trustedDeviceRepository.create({
userId,
deviceFingerprint: device.fingerprint,
deviceName: device.name,
deviceType: device.deviceType,
userAgent: device.userAgent,
browserName: device.browser,
osName: device.os,
registeredIp: device.ipAddress || '0.0.0.0',
trustLevel: trustLevel || TrustLevel.STANDARD,
trustExpiresAt: expiresAt,
lastUsedAt: new Date(),
isActive: true,
});
}
const saved = await trustedDeviceRepository.save(trustedDevice);
res.status(200).json({
success: true,
message: 'Device marked as trusted',
data: {
deviceId: id,
deviceName: device.name,
trustLevel: saved.trustLevel,
trustedAt: saved.createdAt,
expiresAt: saved.trustExpiresAt,
},
});
} catch (error) {
next(error);
}
});
/**
* DELETE /devices/:id/trust
* Quitar confianza de un dispositivo
*/
router.delete('/:id/trust', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
if (!tenantId || !userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const device = await deviceService.findById({ tenantId, userId }, id);
if (!device) {
res.status(404).json({ error: 'Not Found', message: 'Device not found' });
return;
}
// Verificar que el dispositivo pertenece al usuario
if (device.userId !== userId) {
res.status(403).json({ error: 'Forbidden', message: 'Access denied' });
return;
}
const trustedDevice = await trustedDeviceRepository.findOne({
where: { userId, deviceFingerprint: device.fingerprint },
});
if (!trustedDevice) {
res.status(404).json({ error: 'Not Found', message: 'Device is not trusted' });
return;
}
trustedDevice.isActive = false;
trustedDevice.revokedAt = new Date();
await trustedDeviceRepository.save(trustedDevice);
res.status(200).json({
success: true,
message: 'Device trust revoked successfully',
});
} catch (error) {
next(error);
}
});
/**
* GET /devices/:id/trust
* Obtener estado de confianza de un dispositivo
*/
router.get('/:id/trust', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
if (!tenantId || !userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const device = await deviceService.findById({ tenantId, userId }, id);
if (!device) {
res.status(404).json({ error: 'Not Found', message: 'Device not found' });
return;
}
// Verificar que el dispositivo pertenece al usuario (o es admin)
const isAdmin = req.user?.roles?.some(r => ['admin', 'super_admin'].includes(r));
if (device.userId !== userId && !isAdmin) {
res.status(403).json({ error: 'Forbidden', message: 'Access denied' });
return;
}
const trustedDevice = await trustedDeviceRepository.findOne({
where: { userId: device.userId, deviceFingerprint: device.fingerprint },
});
const isTrusted = trustedDevice?.isActive &&
(!trustedDevice.trustExpiresAt || trustedDevice.trustExpiresAt > new Date());
res.status(200).json({
success: true,
data: {
deviceId: id,
deviceName: device.name,
isTrusted: isTrusted || false,
trustLevel: trustedDevice?.trustLevel || null,
trustedAt: trustedDevice?.createdAt || null,
expiresAt: trustedDevice?.trustExpiresAt || null,
isRevoked: !trustedDevice?.isActive,
},
});
} catch (error) {
next(error);
}
});
/**
* POST /devices/:id/block
* Bloquear un dispositivo (solo admin)
*/
router.post('/:id/block', authMiddleware.authenticate, authMiddleware.requireAdmin, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
const device = await deviceService.block({ tenantId, userId }, id);
if (!device) {
res.status(404).json({ error: 'Not Found', message: 'Device not found' });
return;
}
res.status(200).json({
success: true,
message: 'Device blocked successfully',
data: device,
});
} catch (error) {
next(error);
}
});
/**
* DELETE /devices/:id/block
* Desbloquear un dispositivo (solo admin)
*/
router.delete('/:id/block', authMiddleware.authenticate, authMiddleware.requireAdmin, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
const device = await deviceService.unblock({ tenantId, userId }, id);
if (!device) {
res.status(404).json({ error: 'Not Found', message: 'Device not found' });
return;
}
res.status(200).json({
success: true,
message: 'Device unblocked successfully',
data: device,
});
} catch (error) {
next(error);
}
});
return router;
}
export default createDeviceController;

6
src/modules/auth/controllers/index.ts
View File

@ -1,5 +1,11 @@
/**
* Auth Controllers - Export
* Updated: 2026-02-04 (5 critical controllers added)
*/
export * from './auth.controller';
export * from './permission.controller';
export * from './role.controller';
export * from './session.controller';
export * from './device.controller';
export * from './mfa.controller';

432
src/modules/auth/controllers/mfa.controller.ts Normal file
View File

@ -0,0 +1,432 @@
/**
* MfaController - Controlador de Autenticación Multifactor
*
* Endpoints REST para gestión de MFA (Multi-Factor Authentication).
* Permite habilitar, verificar, deshabilitar MFA y gestionar códigos de respaldo.
*
* @module Auth
*/
import { Router, Request, Response, NextFunction } from 'express';
import { DataSource } from 'typeorm';
import { MfaService } from '../services/mfa.service';
import { AuthMiddleware } from '../middleware/auth.middleware';
import { AuthService } from '../services/auth.service';
import { MfaAuditLog, MfaEventType } from '../entities';
import { User } from '../../core/entities/user.entity';
import { Tenant } from '../../core/entities/tenant.entity';
import { RefreshToken } from '../entities/refresh-token.entity';
/**
* Crear router de MFA
* @param dataSource - DataSource de TypeORM
* @returns Router de Express configurado
*/
export function createMfaController(dataSource: DataSource): Router {
const router = Router();
// Inicializar repositorios
const mfaAuditLogRepository = dataSource.getRepository(MfaAuditLog);
const userRepository = dataSource.getRepository(User);
const tenantRepository = dataSource.getRepository(Tenant);
const refreshTokenRepository = dataSource.getRepository(RefreshToken);
// Inicializar servicios
const mfaService = new MfaService(mfaAuditLogRepository, userRepository);
const authService = new AuthService(
userRepository,
tenantRepository,
refreshTokenRepository as any
);
// Inicializar middleware
const authMiddleware = new AuthMiddleware(authService, dataSource);
/**
* GET /mfa/status
* Obtener estado de MFA del usuario autenticado
*/
router.get('/status', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
if (!tenantId || !userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const status = await mfaService.getUserMfaStatus({ tenantId, userId }, userId);
res.status(200).json({ success: true, data: status });
} catch (error) {
if (error instanceof Error && error.message === 'User not found') {
res.status(404).json({ error: 'Not Found', message: 'User not found' });
return;
}
next(error);
}
});
/**
* POST /mfa/enable
* Iniciar proceso de habilitación de MFA (genera secreto y QR)
*/
router.post('/enable', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
if (!tenantId || !userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
// Verificar si ya tiene MFA habilitado
const isEnabled = await mfaService.isMfaEnabled({ tenantId, userId }, userId);
if (isEnabled) {
res.status(400).json({
error: 'Bad Request',
message: 'MFA is already enabled. Disable it first to set up a new configuration.',
});
return;
}
const setupResult = await mfaService.setupMfa({ tenantId, userId }, userId);
res.status(200).json({
success: true,
message: 'MFA setup initiated. Scan the QR code with your authenticator app and verify with a code.',
data: {
secret: setupResult.secret,
qrCodeUrl: setupResult.qrCodeUrl,
backupCodes: setupResult.backupCodes,
instructions: [
'1. Download an authenticator app (Google Authenticator, Authy, etc.)',
'2. Scan the QR code or manually enter the secret',
'3. Enter the 6-digit code from the app to verify',
'4. Store your backup codes in a safe place',
],
},
});
} catch (error) {
if (error instanceof Error && error.message === 'User not found') {
res.status(404).json({ error: 'Not Found', message: 'User not found' });
return;
}
next(error);
}
});
/**
* POST /mfa/verify
* Verificar código MFA y activar (para configuración inicial)
*/
router.post('/verify', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { code } = req.body;
if (!tenantId || !userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
if (!code) {
res.status(400).json({ error: 'Bad Request', message: 'Verification code is required' });
return;
}
// Validar formato del código (6 dígitos o código de backup)
const isValidFormat = /^\d{6}$/.test(code) || /^[A-Z0-9]{4}-[A-Z0-9]{4}$/.test(code);
if (!isValidFormat) {
res.status(400).json({
error: 'Bad Request',
message: 'Invalid code format. Expected 6-digit code or backup code (XXXX-XXXX)',
});
return;
}
const enabled = await mfaService.enableMfa({ tenantId, userId }, userId, code);
if (!enabled) {
res.status(400).json({
error: 'Bad Request',
message: 'Invalid verification code. Please try again.',
});
return;
}
res.status(200).json({
success: true,
message: 'MFA has been successfully enabled for your account.',
data: { enabled: true },
});
} catch (error) {
if (error instanceof Error && error.message === 'MFA not set up for this user') {
res.status(400).json({
error: 'Bad Request',
message: 'MFA has not been set up. Please call POST /mfa/enable first.',
});
return;
}
next(error);
}
});
/**
* POST /mfa/validate
* Validar código MFA (para login con MFA activo)
*/
router.post('/validate', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { code } = req.body;
if (!tenantId || !userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
if (!code) {
res.status(400).json({ error: 'Bad Request', message: 'MFA code is required' });
return;
}
const result = await mfaService.verifyMfa({ tenantId, userId }, userId, code);
if (!result.success) {
res.status(401).json({
error: 'Unauthorized',
message: result.error || 'Invalid MFA code',
});
return;
}
res.status(200).json({
success: true,
message: 'MFA verification successful',
data: { verified: true },
});
} catch (error) {
next(error);
}
});
/**
* POST /mfa/disable
* Deshabilitar MFA
*/
router.post('/disable', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { code, password } = req.body;
if (!tenantId || !userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
// Verificar que MFA está habilitado
const isEnabled = await mfaService.isMfaEnabled({ tenantId, userId }, userId);
if (!isEnabled) {
res.status(400).json({ error: 'Bad Request', message: 'MFA is not enabled' });
return;
}
// Si se proporciona código MFA, verificarlo primero
if (code) {
const verifyResult = await mfaService.verifyMfa({ tenantId, userId }, userId, code);
if (!verifyResult.success) {
res.status(401).json({
error: 'Unauthorized',
message: 'Invalid MFA code',
});
return;
}
}
// Nota: En producción, también se debería verificar la contraseña
// Por ahora, solo requerimos el código MFA válido
const disabled = await mfaService.disableMfa({ tenantId, userId }, userId);
if (!disabled) {
res.status(500).json({
error: 'Internal Server Error',
message: 'Failed to disable MFA',
});
return;
}
res.status(200).json({
success: true,
message: 'MFA has been disabled for your account.',
data: { enabled: false },
});
} catch (error) {
if (error instanceof Error && error.message === 'User not found') {
res.status(404).json({ error: 'Not Found', message: 'User not found' });
return;
}
next(error);
}
});
/**
* GET /mfa/backup-codes
* Obtener cantidad de códigos de respaldo restantes
*/
router.get('/backup-codes', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
if (!tenantId || !userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const isEnabled = await mfaService.isMfaEnabled({ tenantId, userId }, userId);
if (!isEnabled) {
res.status(400).json({ error: 'Bad Request', message: 'MFA is not enabled' });
return;
}
const remaining = await mfaService.getRemainingBackupCodes({ tenantId, userId }, userId);
res.status(200).json({
success: true,
data: {
remaining,
warning: remaining <= 2 ? 'Low backup codes. Consider regenerating.' : null,
},
});
} catch (error) {
next(error);
}
});
/**
* POST /mfa/backup-codes/regenerate
* Regenerar códigos de respaldo
*/
router.post('/backup-codes/regenerate', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { code } = req.body;
if (!tenantId || !userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
// Verificar MFA antes de regenerar (seguridad adicional)
if (code) {
const verifyResult = await mfaService.verifyMfa({ tenantId, userId }, userId, code);
if (!verifyResult.success) {
res.status(401).json({
error: 'Unauthorized',
message: 'Invalid MFA code',
});
return;
}
}
const newCodes = await mfaService.regenerateBackupCodes({ tenantId, userId }, userId);
res.status(200).json({
success: true,
message: 'Backup codes have been regenerated. Previous codes are now invalid.',
data: {
backupCodes: newCodes,
warning: 'Store these codes in a safe place. They will not be shown again.',
},
});
} catch (error) {
if (error instanceof Error && error.message === 'MFA not enabled') {
res.status(400).json({ error: 'Bad Request', message: 'MFA is not enabled' });
return;
}
next(error);
}
});
/**
* GET /mfa/audit-logs
* Obtener logs de auditoría MFA (solo admin o el propio usuario)
*/
router.get('/audit-logs', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
if (!tenantId || !userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const page = parseInt(req.query.page as string) || 1;
const limit = Math.min(parseInt(req.query.limit as string) || 50, 100);
const eventType = req.query.eventType as MfaEventType | undefined;
const success = req.query.success !== undefined ? req.query.success === 'true' : undefined;
// Solo admin puede ver logs de otros usuarios
const targetUserId = req.query.userId as string | undefined;
const isAdmin = req.user?.roles?.some(r => ['admin', 'super_admin'].includes(r));
if (targetUserId && targetUserId !== userId && !isAdmin) {
res.status(403).json({ error: 'Forbidden', message: 'Access denied' });
return;
}
const filters = {
userId: targetUserId || userId,
eventType,
success,
};
const result = await mfaService.getAuditLogs({ tenantId, userId }, filters, page, limit);
res.status(200).json({ success: true, data: result });
} catch (error) {
next(error);
}
});
/**
* GET /mfa/check
* Verificar si el usuario requiere MFA para completar el login
*/
router.get('/check', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
if (!tenantId || !userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const isEnabled = await mfaService.isMfaEnabled({ tenantId, userId }, userId);
res.status(200).json({
success: true,
data: {
mfaRequired: isEnabled,
mfaEnabled: isEnabled,
},
});
} catch (error) {
next(error);
}
});
return router;
}
export default createMfaController;

330
src/modules/auth/controllers/permission.controller.ts Normal file
View File

@ -0,0 +1,330 @@
/**
* PermissionController - Controlador de Permisos
*
* Endpoints REST para gestión de permisos del sistema.
* Implementa CRUD completo con filtros y búsqueda.
*
* @module Auth
*/
import { Router, Request, Response, NextFunction } from 'express';
import { DataSource } from 'typeorm';
import { PermissionService, CreatePermissionDto, UpdatePermissionDto, PermissionFilters } from '../services/permission.service';
import { AuthMiddleware } from '../middleware/auth.middleware';
import { AuthService } from '../services/auth.service';
import { Permission, Role, UserRole } from '../entities';
import { User } from '../../core/entities/user.entity';
import { Tenant } from '../../core/entities/tenant.entity';
import { RefreshToken } from '../entities/refresh-token.entity';
/**
* Crear router de permisos
* @param dataSource - DataSource de TypeORM
* @returns Router de Express configurado
*/
export function createPermissionController(dataSource: DataSource): Router {
const router = Router();
// Inicializar repositorios
const permissionRepository = dataSource.getRepository(Permission);
const userRepository = dataSource.getRepository(User);
const tenantRepository = dataSource.getRepository(Tenant);
const refreshTokenRepository = dataSource.getRepository(RefreshToken);
// Inicializar servicios
const permissionService = new PermissionService(permissionRepository);
const authService = new AuthService(
userRepository,
tenantRepository,
refreshTokenRepository as any
);
// Inicializar middleware
const authMiddleware = new AuthMiddleware(authService, dataSource);
/**
* GET /permissions
* Listar permisos con filtros y paginación
*/
router.get('/', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
const filters: PermissionFilters = {
code: req.query.code as string | undefined,
module: req.query.module as string | undefined,
action: req.query.action as string | undefined,
isActive: req.query.isActive !== undefined ? req.query.isActive === 'true' : undefined,
search: req.query.search as string | undefined,
};
const page = parseInt(req.query.page as string) || 1;
const limit = Math.min(parseInt(req.query.limit as string) || 50, 100);
const result = await permissionService.findWithFilters(
{ tenantId, userId },
filters,
page,
limit
);
res.status(200).json({ success: true, data: result });
} catch (error) {
next(error);
}
});
/**
* GET /permissions/modules
* Listar módulos disponibles
*/
router.get('/modules', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
const modules = await permissionService.getModules({ tenantId, userId });
res.status(200).json({ success: true, data: modules });
} catch (error) {
next(error);
}
});
/**
* GET /permissions/by-role/:roleId
* Obtener permisos asignados a un rol
*/
router.get('/by-role/:roleId', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { roleId } = req.params;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
if (!roleId) {
res.status(400).json({ error: 'Bad Request', message: 'Role ID is required' });
return;
}
// Obtener rol con sus permisos
const roleRepository = dataSource.getRepository(Role);
const role = await roleRepository.findOne({
where: { id: roleId, tenantId },
relations: ['permissions'],
});
if (!role) {
res.status(404).json({ error: 'Not Found', message: 'Role not found' });
return;
}
res.status(200).json({
success: true,
data: {
roleId: role.id,
roleName: role.name,
permissions: role.permissions || [],
},
});
} catch (error) {
next(error);
}
});
/**
* GET /permissions/:id
* Obtener detalle de un permiso
*/
router.get('/:id', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
const permission = await permissionService.findById({ tenantId, userId }, id);
if (!permission) {
res.status(404).json({ error: 'Not Found', message: 'Permission not found' });
return;
}
res.status(200).json({ success: true, data: permission });
} catch (error) {
next(error);
}
});
/**
* POST /permissions
* Crear nuevo permiso
*/
router.post('/', authMiddleware.authenticate, authMiddleware.requireAdmin, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const dto: CreatePermissionDto = req.body;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
if (!dto.code || !dto.name) {
res.status(400).json({ error: 'Bad Request', message: 'Code and name are required' });
return;
}
// Validar formato de código (snake_case)
const codeRegex = /^[a-z][a-z0-9_]*$/;
if (!codeRegex.test(dto.code)) {
res.status(400).json({
error: 'Bad Request',
message: 'Code must be in snake_case format (lowercase letters, numbers, and underscores)',
});
return;
}
const permission = await permissionService.create({ tenantId, userId }, dto);
res.status(201).json({ success: true, data: permission });
} catch (error) {
if (error instanceof Error && error.message.includes('already exists')) {
res.status(409).json({ error: 'Conflict', message: error.message });
return;
}
next(error);
}
});
/**
* PUT /permissions/:id
* Actualizar permiso
*/
router.put('/:id', authMiddleware.authenticate, authMiddleware.requireAdmin, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
const dto: UpdatePermissionDto = req.body;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
// Validar formato de código si se está actualizando
if (dto.code) {
const codeRegex = /^[a-z][a-z0-9_]*$/;
if (!codeRegex.test(dto.code)) {
res.status(400).json({
error: 'Bad Request',
message: 'Code must be in snake_case format',
});
return;
}
}
const permission = await permissionService.update({ tenantId, userId }, id, dto);
if (!permission) {
res.status(404).json({ error: 'Not Found', message: 'Permission not found' });
return;
}
res.status(200).json({ success: true, data: permission });
} catch (error) {
if (error instanceof Error && error.message.includes('already exists')) {
res.status(409).json({ error: 'Conflict', message: error.message });
return;
}
next(error);
}
});
/**
* DELETE /permissions/:id
* Eliminar permiso (soft delete)
*/
router.delete('/:id', authMiddleware.authenticate, authMiddleware.requireAdmin, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
const deleted = await permissionService.delete({ tenantId, userId }, id);
if (!deleted) {
res.status(404).json({ error: 'Not Found', message: 'Permission not found' });
return;
}
res.status(200).json({ success: true, message: 'Permission deleted successfully' });
} catch (error) {
next(error);
}
});
/**
* POST /permissions/bulk
* Crear múltiples permisos
*/
router.post('/bulk', authMiddleware.authenticate, authMiddleware.requireAdmin, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { permissions } = req.body;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
if (!Array.isArray(permissions) || permissions.length === 0) {
res.status(400).json({ error: 'Bad Request', message: 'Permissions array is required' });
return;
}
const created = await permissionService.bulkCreate({ tenantId, userId }, permissions);
res.status(201).json({
success: true,
data: {
created: created.length,
permissions: created,
},
});
} catch (error) {
next(error);
}
});
return router;
}
export default createPermissionController;

453
src/modules/auth/controllers/role.controller.ts Normal file
View File

@ -0,0 +1,453 @@
/**
* RoleController - Controlador de Roles
*
* Endpoints REST para gestión de roles y asignación de permisos.
* Implementa CRUD completo con manejo de relaciones role-permission.
*
* @module Auth
*/
import { Router, Request, Response, NextFunction } from 'express';
import { DataSource } from 'typeorm';
import { RoleService, CreateRoleDto, UpdateRoleDto, RoleFilters } from '../services/role.service';
import { AuthMiddleware } from '../middleware/auth.middleware';
import { AuthService } from '../services/auth.service';
import { Role, Permission, UserRole } from '../entities';
import { User } from '../../core/entities/user.entity';
import { Tenant } from '../../core/entities/tenant.entity';
import { RefreshToken } from '../entities/refresh-token.entity';
/**
* Crear router de roles
* @param dataSource - DataSource de TypeORM
* @returns Router de Express configurado
*/
export function createRoleController(dataSource: DataSource): Router {
const router = Router();
// Inicializar repositorios
const roleRepository = dataSource.getRepository(Role);
const permissionRepository = dataSource.getRepository(Permission);
const userRoleRepository = dataSource.getRepository(UserRole);
const userRepository = dataSource.getRepository(User);
const tenantRepository = dataSource.getRepository(Tenant);
const refreshTokenRepository = dataSource.getRepository(RefreshToken);
// Inicializar servicios
const roleService = new RoleService(roleRepository, permissionRepository, userRoleRepository);
const authService = new AuthService(
userRepository,
tenantRepository,
refreshTokenRepository as any
);
// Inicializar middleware
const authMiddleware = new AuthMiddleware(authService, dataSource);
/**
* GET /roles
* Listar roles con filtros y paginación
*/
router.get('/', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
const filters: RoleFilters = {
code: req.query.code as string | undefined,
isActive: req.query.isActive !== undefined ? req.query.isActive === 'true' : undefined,
search: req.query.search as string | undefined,
};
const page = parseInt(req.query.page as string) || 1;
const limit = Math.min(parseInt(req.query.limit as string) || 50, 100);
const result = await roleService.findWithFilters(
{ tenantId, userId },
filters,
page,
limit
);
res.status(200).json({ success: true, data: result });
} catch (error) {
next(error);
}
});
/**
* GET /roles/:id
* Obtener detalle de un rol con sus permisos
*/
router.get('/:id', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
const role = await roleService.findById({ tenantId, userId }, id);
if (!role) {
res.status(404).json({ error: 'Not Found', message: 'Role not found' });
return;
}
res.status(200).json({ success: true, data: role });
} catch (error) {
next(error);
}
});
/**
* GET /roles/:id/users
* Obtener usuarios asignados a un rol
*/
router.get('/:id/users', authMiddleware.authenticate, authMiddleware.requireAdmin, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
const role = await roleService.findById({ tenantId, userId }, id);
if (!role) {
res.status(404).json({ error: 'Not Found', message: 'Role not found' });
return;
}
const userRoles = await roleService.getUsersWithRole({ tenantId, userId }, id);
res.status(200).json({
success: true,
data: {
roleId: id,
roleName: role.name,
users: userRoles.map(ur => ({
id: ur.user?.id,
email: ur.user?.email,
firstName: ur.user?.firstName,
lastName: ur.user?.lastName,
assignedAt: ur.createdAt,
})),
},
});
} catch (error) {
next(error);
}
});
/**
* POST /roles
* Crear nuevo rol
*/
router.post('/', authMiddleware.authenticate, authMiddleware.requireAdmin, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const dto: CreateRoleDto = req.body;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
if (!dto.code || !dto.name) {
res.status(400).json({ error: 'Bad Request', message: 'Code and name are required' });
return;
}
// Validar formato de código (snake_case)
const codeRegex = /^[a-z][a-z0-9_]*$/;
if (!codeRegex.test(dto.code)) {
res.status(400).json({
error: 'Bad Request',
message: 'Code must be in snake_case format (lowercase letters, numbers, and underscores)',
});
return;
}
const role = await roleService.create({ tenantId, userId }, dto);
res.status(201).json({ success: true, data: role });
} catch (error) {
if (error instanceof Error && error.message.includes('already exists')) {
res.status(409).json({ error: 'Conflict', message: error.message });
return;
}
next(error);
}
});
/**
* PUT /roles/:id
* Actualizar rol
*/
router.put('/:id', authMiddleware.authenticate, authMiddleware.requireAdmin, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
const dto: UpdateRoleDto = req.body;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
// Validar formato de código si se está actualizando
if (dto.code) {
const codeRegex = /^[a-z][a-z0-9_]*$/;
if (!codeRegex.test(dto.code)) {
res.status(400).json({
error: 'Bad Request',
message: 'Code must be in snake_case format',
});
return;
}
}
const role = await roleService.update({ tenantId, userId }, id, dto);
if (!role) {
res.status(404).json({ error: 'Not Found', message: 'Role not found' });
return;
}
res.status(200).json({ success: true, data: role });
} catch (error) {
if (error instanceof Error && error.message.includes('already exists')) {
res.status(409).json({ error: 'Conflict', message: error.message });
return;
}
next(error);
}
});
/**
* DELETE /roles/:id
* Eliminar rol (soft delete)
*/
router.delete('/:id', authMiddleware.authenticate, authMiddleware.requireAdmin, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
// Verificar que no sea un rol de sistema
const role = await roleService.findById({ tenantId, userId }, id);
if (!role) {
res.status(404).json({ error: 'Not Found', message: 'Role not found' });
return;
}
const systemRoles = ['admin', 'super_admin', 'user'];
if (systemRoles.includes(role.code)) {
res.status(403).json({ error: 'Forbidden', message: 'Cannot delete system roles' });
return;
}
const deleted = await roleService.delete({ tenantId, userId }, id);
if (!deleted) {
res.status(404).json({ error: 'Not Found', message: 'Role not found' });
return;
}
res.status(200).json({ success: true, message: 'Role deleted successfully' });
} catch (error) {
next(error);
}
});
/**
* POST /roles/:id/permissions
* Asignar permisos a un rol
*/
router.post('/:id/permissions', authMiddleware.authenticate, authMiddleware.requireAdmin, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
const { permissionIds } = req.body;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
if (!Array.isArray(permissionIds) || permissionIds.length === 0) {
res.status(400).json({ error: 'Bad Request', message: 'Permission IDs array is required' });
return;
}
await roleService.assignPermissions({ tenantId, userId }, id, permissionIds);
const updatedRole = await roleService.findById({ tenantId, userId }, id);
res.status(200).json({
success: true,
message: 'Permissions assigned successfully',
data: updatedRole,
});
} catch (error) {
if (error instanceof Error && error.message === 'Role not found') {
res.status(404).json({ error: 'Not Found', message: error.message });
return;
}
next(error);
}
});
/**
* DELETE /roles/:id/permissions/:permissionId
* Quitar un permiso de un rol
*/
router.delete('/:id/permissions/:permissionId', authMiddleware.authenticate, authMiddleware.requireAdmin, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id, permissionId } = req.params;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
await roleService.removePermissions({ tenantId, userId }, id, [permissionId]);
const updatedRole = await roleService.findById({ tenantId, userId }, id);
res.status(200).json({
success: true,
message: 'Permission removed successfully',
data: updatedRole,
});
} catch (error) {
if (error instanceof Error && error.message === 'Role not found') {
res.status(404).json({ error: 'Not Found', message: error.message });
return;
}
next(error);
}
});
/**
* PUT /roles/:id/permissions
* Sincronizar permisos de un rol (reemplaza todos los permisos)
*/
router.put('/:id/permissions', authMiddleware.authenticate, authMiddleware.requireAdmin, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id } = req.params;
const { permissionIds } = req.body;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
if (!Array.isArray(permissionIds)) {
res.status(400).json({ error: 'Bad Request', message: 'Permission IDs array is required' });
return;
}
await roleService.syncPermissions({ tenantId, userId }, id, permissionIds);
const updatedRole = await roleService.findById({ tenantId, userId }, id);
res.status(200).json({
success: true,
message: 'Permissions synchronized successfully',
data: updatedRole,
});
} catch (error) {
if (error instanceof Error && error.message === 'Role not found') {
res.status(404).json({ error: 'Not Found', message: error.message });
return;
}
next(error);
}
});
/**
* POST /roles/:id/users/:userId
* Asignar rol a un usuario
*/
router.post('/:id/users/:targetUserId', authMiddleware.authenticate, authMiddleware.requireAdmin, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id, targetUserId } = req.params;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
const userRole = await roleService.assignRoleToUser({ tenantId, userId }, targetUserId, id);
res.status(200).json({
success: true,
message: 'Role assigned to user successfully',
data: userRole,
});
} catch (error) {
next(error);
}
});
/**
* DELETE /roles/:id/users/:userId
* Quitar rol de un usuario
*/
router.delete('/:id/users/:targetUserId', authMiddleware.authenticate, authMiddleware.requireAdmin, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tenantId = req.tenantId;
const userId = req.user?.sub;
const { id, targetUserId } = req.params;
if (!tenantId) {
res.status(400).json({ error: 'Bad Request', message: 'Tenant ID is required' });
return;
}
const removed = await roleService.removeRoleFromUser({ tenantId, userId }, targetUserId, id);
if (!removed) {
res.status(404).json({ error: 'Not Found', message: 'User role assignment not found' });
return;
}
res.status(200).json({
success: true,
message: 'Role removed from user successfully',
});
} catch (error) {
next(error);
}
});
return router;
}
export default createRoleController;

375
src/modules/auth/controllers/session.controller.ts Normal file
View File

@ -0,0 +1,375 @@
/**
* SessionController - Controlador de Sesiones
*
* Endpoints REST para gestión de sesiones de usuario.
* Permite ver sesiones activas, cerrar sesiones específicas y gestionar dispositivos.
*
* @module Auth
*/
import { Router, Request, Response, NextFunction } from 'express';
import { DataSource } from 'typeorm';
import { AuthMiddleware } from '../middleware/auth.middleware';
import { AuthService } from '../services/auth.service';
import { Session, SessionStatus } from '../entities';
import { User } from '../../core/entities/user.entity';
import { Tenant } from '../../core/entities/tenant.entity';
import { RefreshToken } from '../entities/refresh-token.entity';
/**
* Crear router de sesiones
* @param dataSource - DataSource de TypeORM
* @returns Router de Express configurado
*/
export function createSessionController(dataSource: DataSource): Router {
const router = Router();
// Inicializar repositorios
const sessionRepository = dataSource.getRepository(Session);
const userRepository = dataSource.getRepository(User);
const tenantRepository = dataSource.getRepository(Tenant);
const refreshTokenRepository = dataSource.getRepository(RefreshToken);
// Inicializar servicios
const authService = new AuthService(
userRepository,
tenantRepository,
refreshTokenRepository as any
);
// Inicializar middleware
const authMiddleware = new AuthMiddleware(authService, dataSource);
/**
* GET /sessions
* Listar sesiones activas del usuario autenticado
*/
router.get('/', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const userId = req.user?.sub;
if (!userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const includeAll = req.query.includeAll === 'true';
const page = parseInt(req.query.page as string) || 1;
const limit = Math.min(parseInt(req.query.limit as string) || 50, 100);
const offset = (page - 1) * limit;
const qb = sessionRepository.createQueryBuilder('session')
.where('session.user_id = :userId', { userId });
if (!includeAll) {
qb.andWhere('session.status = :status', { status: SessionStatus.ACTIVE });
}
const [sessions, total] = await qb
.orderBy('session.created_at', 'DESC')
.skip(offset)
.take(limit)
.getManyAndCount();
// Enriquecer con información si es la sesión actual
const currentSessionId = req.headers['x-session-id'] as string | undefined;
const enrichedData = sessions.map(session => ({
...session,
isCurrent: session.id === currentSessionId,
}));
res.status(200).json({
success: true,
data: {
data: enrichedData,
total,
page,
limit,
totalPages: Math.ceil(total / limit),
},
});
} catch (error) {
next(error);
}
});
/**
* GET /sessions/stats
* Obtener estadísticas de sesiones del usuario
*/
router.get('/stats', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const userId = req.user?.sub;
if (!userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const sessions = await sessionRepository.find({
where: { userId },
});
const stats = {
total: sessions.length,
active: sessions.filter(s => s.status === SessionStatus.ACTIVE).length,
expired: sessions.filter(s => s.status === SessionStatus.EXPIRED).length,
revoked: sessions.filter(s => s.status === SessionStatus.REVOKED).length,
};
res.status(200).json({ success: true, data: stats });
} catch (error) {
next(error);
}
});
/**
* GET /sessions/devices
* Listar dispositivos con sesiones activas (basado en deviceInfo)
*/
router.get('/devices', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const userId = req.user?.sub;
if (!userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const activeSessions = await sessionRepository.find({
where: { userId, status: SessionStatus.ACTIVE },
order: { createdAt: 'DESC' },
});
// Agrupar por información de dispositivo (usando userAgent como identificador)
const deviceMap = new Map<string, {
deviceInfo: Record<string, any> | null;
sessions: Session[];
lastActivity: Date;
}>();
for (const session of activeSessions) {
const deviceKey = session.userAgent || 'unknown';
const existing = deviceMap.get(deviceKey);
if (existing) {
existing.sessions.push(session);
if (session.createdAt > existing.lastActivity) {
existing.lastActivity = session.createdAt;
}
} else {
deviceMap.set(deviceKey, {
deviceInfo: session.deviceInfo,
sessions: [session],
lastActivity: session.createdAt,
});
}
}
const devices = Array.from(deviceMap.entries()).map(([userAgent, data]) => ({
userAgent,
deviceInfo: data.deviceInfo,
activeSessions: data.sessions.length,
lastActivity: data.lastActivity,
}));
res.status(200).json({
success: true,
data: devices.sort((a, b) => b.lastActivity.getTime() - a.lastActivity.getTime()),
});
} catch (error) {
next(error);
}
});
/**
* GET /sessions/:id
* Obtener detalle de una sesión específica
*/
router.get('/:id', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const userId = req.user?.sub;
const { id } = req.params;
if (!userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const session = await sessionRepository.findOne({
where: { id },
relations: ['user'],
});
if (!session) {
res.status(404).json({ error: 'Not Found', message: 'Session not found' });
return;
}
// Verificar que la sesión pertenece al usuario (o es admin)
const isAdmin = req.user?.roles?.some(r => ['admin', 'super_admin'].includes(r));
if (session.userId !== userId && !isAdmin) {
res.status(403).json({ error: 'Forbidden', message: 'Access denied' });
return;
}
const currentSessionId = req.headers['x-session-id'] as string | undefined;
res.status(200).json({
success: true,
data: {
...session,
isCurrent: session.id === currentSessionId,
},
});
} catch (error) {
next(error);
}
});
/**
* DELETE /sessions/:id
* Cerrar una sesión específica
*/
router.delete('/:id', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const userId = req.user?.sub;
const { id } = req.params;
if (!userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const session = await sessionRepository.findOne({
where: { id },
});
if (!session) {
res.status(404).json({ error: 'Not Found', message: 'Session not found' });
return;
}
// Verificar que la sesión pertenece al usuario (o es admin)
const isAdmin = req.user?.roles?.some(r => ['admin', 'super_admin'].includes(r));
if (session.userId !== userId && !isAdmin) {
res.status(403).json({ error: 'Forbidden', message: 'Access denied' });
return;
}
session.status = SessionStatus.REVOKED;
session.revokedAt = new Date();
session.revokedReason = 'User requested session termination';
await sessionRepository.save(session);
res.status(200).json({ success: true, message: 'Session closed successfully' });
} catch (error) {
next(error);
}
});
/**
* DELETE /sessions/all/terminate
* Cerrar todas las sesiones del usuario (excepto la actual opcionalmente)
*/
router.delete('/all/terminate', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const userId = req.user?.sub;
if (!userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const keepCurrent = req.query.keepCurrent !== 'false';
const currentSessionId = req.headers['x-session-id'] as string | undefined;
const qb = sessionRepository.createQueryBuilder('session')
.where('session.user_id = :userId', { userId })
.andWhere('session.status = :status', { status: SessionStatus.ACTIVE });
if (keepCurrent && currentSessionId) {
qb.andWhere('session.id != :currentId', { currentId: currentSessionId });
}
const sessions = await qb.getMany();
for (const session of sessions) {
session.status = SessionStatus.REVOKED;
session.revokedAt = new Date();
session.revokedReason = 'Bulk session termination';
await sessionRepository.save(session);
}
res.status(200).json({
success: true,
message: `${sessions.length} session(s) closed successfully`,
data: { closedSessions: sessions.length },
});
} catch (error) {
next(error);
}
});
/**
* GET /sessions/validate/:id
* Validar si una sesión es válida
*/
router.get('/validate/:id', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const userId = req.user?.sub;
const { id } = req.params;
if (!userId) {
res.status(401).json({ error: 'Unauthorized', message: 'User not authenticated' });
return;
}
const session = await sessionRepository.findOne({
where: { id },
});
let isValid = false;
if (session) {
isValid = session.status === SessionStatus.ACTIVE && session.expiresAt > new Date();
}
res.status(200).json({
success: true,
data: { sessionId: id, isValid },
});
} catch (error) {
next(error);
}
});
/**
* POST /sessions/cleanup/expired
* Limpiar sesiones expiradas (solo admin)
*/
router.post('/cleanup/expired', authMiddleware.authenticate, authMiddleware.requireAdmin, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const now = new Date();
const result = await sessionRepository
.createQueryBuilder()
.update(Session)
.set({ status: SessionStatus.EXPIRED })
.where('status = :activeStatus', { activeStatus: SessionStatus.ACTIVE })
.andWhere('expires_at < :now', { now })
.execute();
res.status(200).json({
success: true,
message: `${result.affected || 0} expired session(s) cleaned up`,
data: { cleanedSessions: result.affected || 0 },
});
} catch (error) {
next(error);
}
});
return router;
}
export default createSessionController;

40
src/modules/auth/entities/api-key.entity.ts
View File

@ -11,6 +11,7 @@ import {
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
Index,
ManyToOne,
JoinColumn,
@ -19,11 +20,11 @@ import { User } from '../../core/entities/user.entity';
import { Tenant } from '../../core/entities/tenant.entity';
@Entity({ schema: 'auth', name: 'api_keys' })
@Index('idx_api_keys_lookup', ['keyIndex', 'isActive'], {
@Index('idx_api_keys_lookup', ['keyPrefix', 'isActive'], {
where: 'is_active = TRUE',
})
@Index('idx_api_keys_expiration', ['expirationDate'], {
where: 'expiration_date IS NOT NULL',
@Index('idx_api_keys_expiration', ['expiresAt'], {
where: 'expires_at IS NOT NULL',
})
@Index('idx_api_keys_user', ['userId'])
@Index('idx_api_keys_tenant', ['tenantId'])
@ -40,8 +41,11 @@ export class ApiKey {
@Column({ type: 'varchar', length: 255, nullable: false })
name: string;
@Column({ type: 'varchar', length: 16, nullable: false, name: 'key_index' })
keyIndex: string;
@Column({ type: 'text', nullable: true })
description: string | null;
@Column({ type: 'varchar', length: 16, nullable: false, name: 'key_prefix' })
keyPrefix: string;
@Column({ type: 'varchar', length: 255, nullable: false, name: 'key_hash' })
keyHash: string;
@ -49,11 +53,14 @@ export class ApiKey {
@Column({ type: 'varchar', length: 100, nullable: true })
scope: string | null;
@Column({ type: 'inet', array: true, nullable: true, name: 'allowed_ips' })
allowedIps: string[] | null;
@Column({ type: 'text', array: true, nullable: true })
scopes: string[] | null;
@Column({ type: 'timestamptz', nullable: true, name: 'expiration_date' })
expirationDate: Date | null;
@Column({ type: 'inet', array: true, nullable: true, name: 'ip_whitelist' })
ipWhitelist: string[] | null;
@Column({ type: 'timestamptz', nullable: true, name: 'expires_at' })
expiresAt: Date | null;
@Column({ type: 'timestamptz', nullable: true, name: 'last_used_at' })
lastUsedAt: Date | null;
@ -76,6 +83,21 @@ export class ApiKey {
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date | null;
@Column({ type: 'uuid', nullable: true, name: 'created_by' })
createdBy: string | null;
@Column({ type: 'uuid', nullable: true, name: 'updated_by' })
updatedBy: string | null;
@Column({ type: 'timestamptz', nullable: true, name: 'deleted_at' })
deletedAt: Date | null;
@Column({ type: 'uuid', nullable: true, name: 'deleted_by' })
deletedBy: string | null;
@Column({ type: 'timestamptz', nullable: true, name: 'revoked_at' })
revokedAt: Date | null;

31
src/modules/auth/entities/company.entity.ts
View File

@ -25,6 +25,7 @@ import { User } from './user.entity';
@Index('idx_companies_parent_company_id', ['parentCompanyId'])
@Index('idx_companies_active', ['tenantId'], { where: 'deleted_at IS NULL' })
@Index('idx_companies_tax_id', ['taxId'])
@Index('idx_companies_code', ['tenantId', 'code'], { unique: true, where: 'deleted_at IS NULL' })
export class Company {
@PrimaryGeneratedColumn('uuid')
id: string;
@ -32,6 +33,9 @@ export class Company {
@Column({ type: 'uuid', nullable: false, name: 'tenant_id' })
tenantId: string;
@Column({ type: 'varchar', length: 50, nullable: true })
code: string | null;
@Column({ type: 'varchar', length: 255, nullable: false })
name: string;
@ -41,6 +45,33 @@ export class Company {
@Column({ type: 'varchar', length: 50, nullable: true, name: 'tax_id' })
taxId: string | null;
@Column({ type: 'varchar', length: 255, nullable: true })
email: string | null;
@Column({ type: 'varchar', length: 50, nullable: true })
phone: string | null;
@Column({ type: 'text', nullable: true })
address: string | null;
@Column({ type: 'varchar', length: 100, nullable: true })
city: string | null;
@Column({ type: 'varchar', length: 100, nullable: true })
state: string | null;
@Column({ type: 'varchar', length: 100, nullable: true })
country: string | null;
@Column({ type: 'varchar', length: 20, nullable: true, name: 'postal_code' })
postalCode: string | null;
@Column({ type: 'varchar', length: 500, nullable: true })
logo: string | null;
@Column({ type: 'boolean', default: true, name: 'is_active' })
isActive: boolean;
@Column({ type: 'uuid', nullable: true, name: 'currency_id' })
currencyId: string | null;

52
src/modules/auth/entities/device.entity.ts
View File

@ -14,6 +14,7 @@ import { User } from './user.entity';
@Index('idx_devices_tenant_id', ['tenantId'])
@Index('idx_devices_user_id', ['userId'])
@Index('idx_devices_device_id', ['deviceId'])
@Index('idx_devices_fingerprint', ['tenantId', 'userId', 'fingerprint'])
export class Device {
@PrimaryGeneratedColumn('uuid')
id: string;
@ -27,33 +28,66 @@ export class Device {
@Column({ type: 'varchar', length: 255, nullable: false, name: 'device_id' })
deviceId: string;
@Column({ type: 'varchar', length: 255, nullable: true, name: 'device_name' })
deviceName: string;
@Column({ type: 'varchar', length: 128, nullable: true })
fingerprint: string | null;
@Column({ type: 'varchar', length: 50, nullable: false, name: 'device_type' })
deviceType: string;
@Column({ type: 'varchar', length: 255, nullable: true })
name: string | null;
@Column({ type: 'varchar', length: 255, nullable: true, name: 'device_name' })
deviceName: string | null;
@Column({ type: 'varchar', length: 50, nullable: true, name: 'device_type' })
deviceType: string | null;
@Column({ type: 'varchar', length: 100, nullable: true })
browser: string | null;
@Column({ type: 'varchar', length: 100, nullable: true })
os: string | null;
@Column({ type: 'varchar', length: 50, nullable: true })
platform: string;
platform: string | null;
@Column({ type: 'varchar', length: 50, nullable: true, name: 'os_version' })
osVersion: string;
osVersion: string | null;
@Column({ type: 'varchar', length: 20, nullable: true, name: 'app_version' })
appVersion: string;
appVersion: string | null;
@Column({ type: 'varchar', length: 45, nullable: true, name: 'ip_address' })
ipAddress: string | null;
@Column({ type: 'text', nullable: true, name: 'user_agent' })
userAgent: string | null;
@Column({ type: 'text', nullable: true, name: 'push_token' })
pushToken: string;
pushToken: string | null;
@Column({ name: 'is_trusted', default: false })
isTrusted: boolean;
@Column({ name: 'is_blocked', default: false })
isBlocked: boolean;
@Column({ type: 'timestamptz', nullable: true, name: 'last_active_at' })
lastActiveAt: Date;
lastActiveAt: Date | null;
@Column({ type: 'timestamptz', nullable: true, name: 'last_seen_at' })
lastSeenAt: Date | null;
@CreateDateColumn({ name: 'created_at', type: 'timestamp' })
createdAt: Date;
@Column({ type: 'uuid', nullable: true, name: 'created_by' })
createdBy: string | null;
@Column({ type: 'timestamptz', nullable: true, name: 'deleted_at' })
deletedAt: Date | null;
@Column({ type: 'uuid', nullable: true, name: 'deleted_by' })
deletedBy: string | null;
@ManyToOne(() => Tenant, { onDelete: 'CASCADE' })
@JoinColumn({ name: 'tenant_id' })
tenant: Tenant;

27
src/modules/auth/services/auth.service.ts
View File

@ -4,6 +4,9 @@
* Gestiona login, logout, refresh tokens y validación de JWT.
* Implementa patrón multi-tenant con verificación de tenant_id.
*
* IMPORTANTE: Usa config centralizado para JWT_SECRET y demás configuraciones.
* NO leer process.env directamente aquí.
*
* @module Auth
*/
@ -21,6 +24,7 @@ import {
AuthResponse,
TokenValidationResult,
} from '../dto/auth.dto';
import { config } from '../../../config';
export interface RefreshToken {
id: string;
@ -40,20 +44,23 @@ export class AuthService {
private readonly tenantRepository: Repository<Tenant>,
private readonly refreshTokenRepository: Repository<RefreshToken>
) {
this.jwtSecret = process.env.JWT_SECRET || 'your-super-secret-jwt-key-change-in-production-minimum-32-chars';
this.jwtExpiresIn = process.env.JWT_EXPIRES_IN || '1d';
this.jwtRefreshExpiresIn = process.env.JWT_REFRESH_EXPIRES_IN || '7d';
// Usar config centralizado - valores ya validados en config/index.ts
this.jwtSecret = config.jwt.secret;
this.jwtExpiresIn = config.jwt.expiresIn;
this.jwtRefreshExpiresIn = config.jwt.refreshExpiresIn;
}
/**
* Login de usuario
*/
async login(dto: LoginDto): Promise<AuthResponse> {
// Buscar usuario por email
const user = await this.userRepository.findOne({
where: { email: dto.email, deletedAt: null } as any,
relations: ['userRoles', 'userRoles.role'],
});
// Buscar usuario por email (include passwordHash which has select:false)
const user = await this.userRepository
.createQueryBuilder('user')
.addSelect('user.passwordHash')
.where('user.email = :email', { email: dto.email })
.andWhere('user.deletedAt IS NULL')
.getOne();
if (!user) {
throw new Error('Invalid credentials');
@ -84,8 +91,8 @@ export class AuthService {
throw new Error('Tenant not found or inactive');
}
// Obtener roles del usuario
const roles = user.userRoles?.map((ur) => ur.role.code) || [];
// Obtener roles del usuario (stored as array in User entity)
const roles = user.roles || ['viewer'];
// Generar tokens
const accessToken = this.generateAccessToken(user, tenantId, roles);

45
src/modules/auth/services/index.ts
View File

@ -1,28 +1,43 @@
/**
* Auth Module - Service Exports
* Updated: 2026-02-03 - GAP-AUTH-001 remediation
* Updated: 2026-02-03 - Fixed duplicate exports
*
* NOTA: Varias servicios definen ServiceContext y PaginatedResult localmente.
* Se exportan solo las clases de servicio para evitar conflictos.
*/
// Core Authentication
export * from './auth.service';
export { AuthService } from './auth.service';
export type {
LoginDto,
RegisterDto,
RefreshTokenDto,
ChangePasswordDto,
TokenPayload,
AuthResponse,
TokenValidationResult,
} from './auth.service';
// Shared Types (exported from one source)
export type { ServiceContext, PaginatedResult } from './role.service';
// RBAC Services
export * from './role.service';
export * from './permission.service';
export * from './company.service';
export * from './group.service';
export { RoleService } from './role.service';
export { PermissionService } from './permission.service';
export { CompanyService } from './company.service';
export { GroupService } from './group.service';
// Session & Device Management
export * from './session.service';
export * from './device.service';
export * from './trusted-device.service';
export { SessionService } from './session.service';
export { DeviceService } from './device.service';
export { TrustedDeviceService } from './trusted-device.service';
// Security & Authentication
export * from './api-key.service';
export * from './oauth.service';
export * from './password-reset.service';
export * from './verification.service';
export { ApiKeyService } from './api-key.service';
export { OAuthService } from './oauth.service';
export { PasswordResetService } from './password-reset.service';
export { VerificationService } from './verification.service';
// User Management
export * from './user-profile.service';
export * from './mfa.service';
export { UserProfileService } from './user-profile.service';
export { MfaService } from './mfa.service';

21
src/modules/budgets/controllers/concepto.controller.ts
View File

@ -63,9 +63,10 @@ export function createConceptoController(dataSource: DataSource): Router {
const result = await conceptoService.findRootConceptos(getContext(req), page, limit);
res.status(200).json({
success: true,
data: result.data,
pagination: { total: result.total, page: result.page, limit: result.limit, totalPages: result.totalPages },
items: result.data,
total: result.total,
page: result.page,
limit: result.limit,
});
} catch (error) {
next(error);
@ -93,7 +94,7 @@ export function createConceptoController(dataSource: DataSource): Router {
const limit = Math.min(parseInt(req.query.limit as string) || 20, 50);
const conceptos = await conceptoService.search(getContext(req), term, limit);
res.status(200).json({ success: true, data: conceptos });
res.status(200).json({ items: conceptos, total: conceptos.length });
} catch (error) {
next(error);
}
@ -114,7 +115,7 @@ export function createConceptoController(dataSource: DataSource): Router {
const rootId = req.query.rootId as string;
const tree = await conceptoService.getConceptoTree(getContext(req), rootId);
res.status(200).json({ success: true, data: tree });
res.status(200).json(tree);
} catch (error) {
next(error);
}
@ -138,7 +139,7 @@ export function createConceptoController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: concepto });
res.status(200).json(concepto);
} catch (error) {
next(error);
}
@ -157,7 +158,7 @@ export function createConceptoController(dataSource: DataSource): Router {
}
const children = await conceptoService.findChildren(getContext(req), req.params.id);
res.status(200).json({ success: true, data: children });
res.status(200).json({ items: children, total: children.length });
} catch (error) {
next(error);
}
@ -190,7 +191,7 @@ export function createConceptoController(dataSource: DataSource): Router {
}
const concepto = await conceptoService.createConcepto(getContext(req), dto);
res.status(201).json({ success: true, data: concepto });
res.status(201).json(concepto);
} catch (error) {
next(error);
}
@ -216,7 +217,7 @@ export function createConceptoController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: concepto });
res.status(200).json(concepto);
} catch (error) {
next(error);
}
@ -240,7 +241,7 @@ export function createConceptoController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, message: 'Concept deleted' });
res.status(204).send();
} catch (error) {
next(error);
}

28
src/modules/budgets/controllers/presupuesto.controller.ts
View File

@ -74,14 +74,10 @@ export function createPresupuestoController(dataSource: DataSource): Router {
}
res.status(200).json({
success: true,
data: result.data,
pagination: {
total: result.total,
page: result.page,
limit: result.limit,
totalPages: result.totalPages,
},
items: result.data,
total: result.total,
page: result.page,
limit: result.limit,
});
} catch (error) {
next(error);
@ -106,7 +102,7 @@ export function createPresupuestoController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: presupuesto });
res.status(200).json(presupuesto);
} catch (error) {
next(error);
}
@ -132,7 +128,7 @@ export function createPresupuestoController(dataSource: DataSource): Router {
}
const presupuesto = await presupuestoService.createPresupuesto(getContext(req), dto);
res.status(201).json({ success: true, data: presupuesto });
res.status(201).json(presupuesto);
} catch (error) {
next(error);
}
@ -158,7 +154,7 @@ export function createPresupuestoController(dataSource: DataSource): Router {
}
const partida = await presupuestoService.addPartida(getContext(req), req.params.id, dto);
res.status(201).json({ success: true, data: partida });
res.status(201).json(partida);
} catch (error) {
if (error instanceof Error && error.message === 'Presupuesto not found') {
res.status(404).json({ error: 'Not Found', message: error.message });
@ -188,7 +184,7 @@ export function createPresupuestoController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: partida });
res.status(200).json(partida);
} catch (error) {
next(error);
}
@ -212,7 +208,7 @@ export function createPresupuestoController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, message: 'Budget item deleted' });
res.status(204).send();
} catch (error) {
next(error);
}
@ -231,7 +227,7 @@ export function createPresupuestoController(dataSource: DataSource): Router {
}
const newVersion = await presupuestoService.createNewVersion(getContext(req), req.params.id);
res.status(201).json({ success: true, data: newVersion });
res.status(201).json(newVersion);
} catch (error) {
if (error instanceof Error && error.message === 'Presupuesto not found') {
res.status(404).json({ error: 'Not Found', message: error.message });
@ -259,7 +255,7 @@ export function createPresupuestoController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: presupuesto, message: 'Budget approved' });
res.status(200).json(presupuesto);
} catch (error) {
next(error);
}
@ -283,7 +279,7 @@ export function createPresupuestoController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, message: 'Budget deleted' });
res.status(204).send();
} catch (error) {
next(error);
}

20
src/modules/construction/controllers/etapa.controller.ts
View File

@ -54,14 +54,10 @@ export function createEtapaController(dataSource: DataSource): Router {
const result = await etapaService.findAll({ tenantId, page, limit, search, status, fraccionamientoId });
res.status(200).json({
success: true,
data: result.items,
pagination: {
page,
limit,
total: result.total,
totalPages: Math.ceil(result.total / limit),
},
items: result.items,
total: result.total,
page,
limit,
});
} catch (error) {
next(error);
@ -86,7 +82,7 @@ export function createEtapaController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: etapa });
res.status(200).json(etapa);
} catch (error) {
next(error);
}
@ -112,7 +108,7 @@ export function createEtapaController(dataSource: DataSource): Router {
}
const etapa = await etapaService.create(tenantId, dto, req.user?.sub);
res.status(201).json({ success: true, data: etapa });
res.status(201).json(etapa);
} catch (error) {
if (error instanceof Error && error.message.includes('already exists')) {
res.status(409).json({ error: 'Conflict', message: error.message });
@ -136,7 +132,7 @@ export function createEtapaController(dataSource: DataSource): Router {
const dto: UpdateEtapaDto = req.body;
const etapa = await etapaService.update(req.params.id, tenantId, dto, req.user?.sub);
res.status(200).json({ success: true, data: etapa });
res.status(200).json(etapa);
} catch (error) {
if (error instanceof Error) {
if (error.message === 'Stage not found') {
@ -165,7 +161,7 @@ export function createEtapaController(dataSource: DataSource): Router {
}
await etapaService.delete(req.params.id, tenantId, req.user?.sub);
res.status(200).json({ success: true, message: 'Stage deleted' });
res.status(204).send();
} catch (error) {
if (error instanceof Error && error.message === 'Stage not found') {
res.status(404).json({ error: 'Not Found', message: error.message });

22
src/modules/construction/controllers/fraccionamiento.controller.ts
View File

@ -35,10 +35,12 @@ router.get('/', async (req: Request, res: Response, next: NextFunction) => {
estado: estado as any,
});
// Formato estandarizado para frontend
return res.json({
success: true,
data: fraccionamientos,
count: fraccionamientos.length,
items: fraccionamientos,
total: fraccionamientos.length,
page: 1,
limit: fraccionamientos.length,
});
} catch (error) {
return next(error);
@ -58,10 +60,10 @@ router.get('/:id', async (req: Request, res: Response, next: NextFunction) => {
const fraccionamiento = await fraccionamientoService.findById(req.params.id, tenantId);
if (!fraccionamiento) {
return res.status(404).json({ error: 'Fraccionamiento no encontrado' });
return res.status(404).json({ error: 'Not Found', message: 'Fraccionamiento no encontrado' });
}
return res.json({ success: true, data: fraccionamiento });
return res.json(fraccionamiento);
} catch (error) {
return next(error);
}
@ -98,7 +100,7 @@ router.post('/', async (req: Request, res: Response, next: NextFunction) => {
}
const fraccionamiento = await fraccionamientoService.create(data);
return res.status(201).json({ success: true, data: fraccionamiento });
return res.status(201).json(fraccionamiento);
} catch (error) {
return next(error);
}
@ -123,10 +125,10 @@ router.patch('/:id', async (req: Request, res: Response, next: NextFunction) =>
);
if (!fraccionamiento) {
return res.status(404).json({ error: 'Fraccionamiento no encontrado' });
return res.status(404).json({ error: 'Not Found', message: 'Fraccionamiento no encontrado' });
}
return res.json({ success: true, data: fraccionamiento });
return res.json(fraccionamiento);
} catch (error) {
return next(error);
}
@ -145,10 +147,10 @@ router.delete('/:id', async (req: Request, res: Response, next: NextFunction) =>
const deleted = await fraccionamientoService.delete(req.params.id, tenantId);
if (!deleted) {
return res.status(404).json({ error: 'Fraccionamiento no encontrado' });
return res.status(404).json({ error: 'Not Found', message: 'Fraccionamiento no encontrado' });
}
return res.json({ success: true, message: 'Fraccionamiento eliminado' });
return res.status(204).send();
} catch (error) {
return next(error);
}

26
src/modules/construction/controllers/lote.controller.ts
View File

@ -55,14 +55,10 @@ export function createLoteController(dataSource: DataSource): Router {
const result = await loteService.findAll({ tenantId, page, limit, search, status, manzanaId, prototipoId });
res.status(200).json({
success: true,
data: result.items,
pagination: {
page,
limit,
total: result.total,
totalPages: Math.ceil(result.total / limit),
},
items: result.items,
total: result.total,
page,
limit,
});
} catch (error) {
next(error);
@ -84,7 +80,7 @@ export function createLoteController(dataSource: DataSource): Router {
const manzanaId = req.query.manzanaId as string;
const stats = await loteService.getStatsByStatus(tenantId, manzanaId);
res.status(200).json({ success: true, data: stats });
res.status(200).json(stats);
} catch (error) {
next(error);
}
@ -108,7 +104,7 @@ export function createLoteController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: lote });
res.status(200).json(lote);
} catch (error) {
next(error);
}
@ -134,7 +130,7 @@ export function createLoteController(dataSource: DataSource): Router {
}
const lote = await loteService.create(tenantId, dto, req.user?.sub);
res.status(201).json({ success: true, data: lote });
res.status(201).json(lote);
} catch (error) {
if (error instanceof Error && error.message.includes('already exists')) {
res.status(409).json({ error: 'Conflict', message: error.message });
@ -158,7 +154,7 @@ export function createLoteController(dataSource: DataSource): Router {
const dto: UpdateLoteDto = req.body;
const lote = await loteService.update(req.params.id, tenantId, dto, req.user?.sub);
res.status(200).json({ success: true, data: lote });
res.status(200).json(lote);
} catch (error) {
if (error instanceof Error) {
if (error.message === 'Lot not found') {
@ -193,7 +189,7 @@ export function createLoteController(dataSource: DataSource): Router {
}
const lote = await loteService.assignPrototipo(req.params.id, tenantId, prototipoId, req.user?.sub);
res.status(200).json({ success: true, data: lote });
res.status(200).json(lote);
} catch (error) {
if (error instanceof Error && error.message === 'Lot not found') {
res.status(404).json({ error: 'Not Found', message: error.message });
@ -228,7 +224,7 @@ export function createLoteController(dataSource: DataSource): Router {
}
const lote = await loteService.changeStatus(req.params.id, tenantId, status, req.user?.sub);
res.status(200).json({ success: true, data: lote });
res.status(200).json(lote);
} catch (error) {
if (error instanceof Error && error.message === 'Lot not found') {
res.status(404).json({ error: 'Not Found', message: error.message });
@ -251,7 +247,7 @@ export function createLoteController(dataSource: DataSource): Router {
}
await loteService.delete(req.params.id, tenantId, req.user?.sub);
res.status(200).json({ success: true, message: 'Lot deleted' });
res.status(204).send();
} catch (error) {
if (error instanceof Error) {
if (error.message === 'Lot not found') {

20
src/modules/construction/controllers/manzana.controller.ts
View File

@ -53,14 +53,10 @@ export function createManzanaController(dataSource: DataSource): Router {
const result = await manzanaService.findAll({ tenantId, page, limit, search, etapaId });
res.status(200).json({
success: true,
data: result.items,
pagination: {
page,
limit,
total: result.total,
totalPages: Math.ceil(result.total / limit),
},
items: result.items,
total: result.total,
page,
limit,
});
} catch (error) {
next(error);
@ -85,7 +81,7 @@ export function createManzanaController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: manzana });
res.status(200).json(manzana);
} catch (error) {
next(error);
}
@ -111,7 +107,7 @@ export function createManzanaController(dataSource: DataSource): Router {
}
const manzana = await manzanaService.create(tenantId, dto, req.user?.sub);
res.status(201).json({ success: true, data: manzana });
res.status(201).json(manzana);
} catch (error) {
if (error instanceof Error && error.message.includes('already exists')) {
res.status(409).json({ error: 'Conflict', message: error.message });
@ -135,7 +131,7 @@ export function createManzanaController(dataSource: DataSource): Router {
const dto: UpdateManzanaDto = req.body;
const manzana = await manzanaService.update(req.params.id, tenantId, dto, req.user?.sub);
res.status(200).json({ success: true, data: manzana });
res.status(200).json(manzana);
} catch (error) {
if (error instanceof Error) {
if (error.message === 'Block not found') {
@ -164,7 +160,7 @@ export function createManzanaController(dataSource: DataSource): Router {
}
await manzanaService.delete(req.params.id, tenantId, req.user?.sub);
res.status(200).json({ success: true, message: 'Block deleted' });
res.status(204).send();
} catch (error) {
if (error instanceof Error && error.message === 'Block not found') {
res.status(404).json({ error: 'Not Found', message: error.message });

20
src/modules/construction/controllers/prototipo.controller.ts
View File

@ -54,14 +54,10 @@ export function createPrototipoController(dataSource: DataSource): Router {
const result = await prototipoService.findAll({ tenantId, page, limit, search, type, isActive });
res.status(200).json({
success: true,
data: result.items,
pagination: {
page,
limit,
total: result.total,
totalPages: Math.ceil(result.total / limit),
},
items: result.items,
total: result.total,
page,
limit,
});
} catch (error) {
next(error);
@ -86,7 +82,7 @@ export function createPrototipoController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: prototipo });
res.status(200).json(prototipo);
} catch (error) {
next(error);
}
@ -112,7 +108,7 @@ export function createPrototipoController(dataSource: DataSource): Router {
}
const prototipo = await prototipoService.create(tenantId, dto, req.user?.sub);
res.status(201).json({ success: true, data: prototipo });
res.status(201).json(prototipo);
} catch (error) {
if (error instanceof Error && error.message === 'Prototype code already exists') {
res.status(409).json({ error: 'Conflict', message: error.message });
@ -136,7 +132,7 @@ export function createPrototipoController(dataSource: DataSource): Router {
const dto: UpdatePrototipoDto = req.body;
const prototipo = await prototipoService.update(req.params.id, tenantId, dto, req.user?.sub);
res.status(200).json({ success: true, data: prototipo });
res.status(200).json(prototipo);
} catch (error) {
if (error instanceof Error) {
if (error.message === 'Prototype not found') {
@ -165,7 +161,7 @@ export function createPrototipoController(dataSource: DataSource): Router {
}
await prototipoService.delete(req.params.id, tenantId, req.user?.sub);
res.status(200).json({ success: true, message: 'Prototype deleted' });
res.status(204).send();
} catch (error) {
if (error instanceof Error && error.message === 'Prototype not found') {
res.status(404).json({ error: 'Not Found', message: error.message });

122
src/modules/construction/entities/accion-correctiva.entity.ts Normal file
View File

@ -0,0 +1,122 @@
/**
* AccionCorrectiva Entity
* Acciones correctivas, preventivas y de mejora (CAPA)
*
* @module Construction
* @table construction.acciones_correctivas
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
JoinColumn,
Index,
} from 'typeorm';
import { Tenant } from '../../core/entities/tenant.entity';
import { User } from '../../core/entities/user.entity';
import { NoConformidad } from './no-conformidad.entity';
/**
* Tipo de acción
* corrective: Correctiva - elimina la causa de una no conformidad detectada
* preventive: Preventiva - elimina la causa de una no conformidad potencial
* improvement: Mejora - mejora continua sin no conformidad
*/
export type ActionType = 'corrective' | 'preventive' | 'improvement';
/**
* Estado de la acción
* pending: Pendiente de iniciar
* in_progress: En proceso
* completed: Completada
* verified: Verificada (efectividad comprobada)
*/
export type ActionStatus = 'pending' | 'in_progress' | 'completed' | 'verified';
@Entity({ schema: 'construction', name: 'acciones_correctivas' })
@Index(['tenantId'])
@Index(['noConformidadId'])
@Index(['responsibleId'])
@Index(['status'])
export class AccionCorrectiva {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'no_conformidad_id', type: 'uuid' })
noConformidadId: string;
@Column({ name: 'action_type', type: 'varchar', length: 20, default: 'corrective' })
actionType: ActionType;
@Column({ type: 'text' })
description: string;
@Column({ name: 'responsible_id', type: 'uuid' })
responsibleId: string;
@Column({ name: 'due_date', type: 'date' })
dueDate: Date;
@Column({ type: 'varchar', length: 20, default: 'pending' })
status: ActionStatus;
@Column({ name: 'completed_at', type: 'timestamptz', nullable: true })
completedAt: Date;
@Column({ name: 'completion_notes', type: 'text', nullable: true })
completionNotes: string;
@Column({ name: 'verified_at', type: 'timestamptz', nullable: true })
verifiedAt: Date;
@Column({ name: 'verified_by', type: 'uuid', nullable: true })
verifiedById: string;
@Column({ name: 'effectiveness_verified', type: 'boolean', default: false })
effectivenessVerified: boolean;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdById: string;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedById: string;
// Relations
@ManyToOne(() => Tenant)
@JoinColumn({ name: 'tenant_id' })
tenant: Tenant;
@ManyToOne(() => NoConformidad, { onDelete: 'CASCADE' })
@JoinColumn({ name: 'no_conformidad_id' })
noConformidad: NoConformidad;
@ManyToOne(() => User)
@JoinColumn({ name: 'responsible_id' })
responsible: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'verified_by' })
verifiedBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'created_by' })
createdBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'updated_by' })
updatedBy: User;
}

149
src/modules/construction/entities/avance-obra.entity.ts Normal file
View File

@ -0,0 +1,149 @@
/**
* AvanceObra Entity
* Captura de avances fisicos de obra
*
* @module Construction
* @table construction.avances_obra
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
OneToMany,
JoinColumn,
Index,
} from 'typeorm';
import { Tenant } from '../../core/entities/tenant.entity';
import { User } from '../../core/entities/user.entity';
import { Concepto } from '../../budgets/entities/concepto.entity';
import { Lote } from './lote.entity';
import { Departamento } from './departamento.entity';
import { FotoAvance } from './foto-avance.entity';
/**
* Enum para el status del avance de obra
* Coincide con construction.advance_status en DDL
*/
export type AdvanceStatus = 'pending' | 'captured' | 'reviewed' | 'approved' | 'rejected';
@Entity({ schema: 'construction', name: 'avances_obra' })
@Index(['tenantId'])
@Index(['loteId'])
@Index(['departamentoId'])
@Index(['conceptoId'])
@Index(['captureDate'])
@Index(['status'])
export class AvanceObra {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'lote_id', type: 'uuid', nullable: true })
loteId: string | null;
@Column({ name: 'departamento_id', type: 'uuid', nullable: true })
departamentoId: string | null;
@Column({ name: 'concepto_id', type: 'uuid' })
conceptoId: string;
@Column({ name: 'capture_date', type: 'date' })
captureDate: Date;
@Column({ name: 'quantity_executed', type: 'decimal', precision: 12, scale: 4, default: 0 })
quantityExecuted: number;
@Column({ name: 'percentage_executed', type: 'decimal', precision: 5, scale: 2, default: 0 })
percentageExecuted: number;
@Column({
type: 'enum',
enum: ['pending', 'captured', 'reviewed', 'approved', 'rejected'],
enumName: 'advance_status',
default: 'pending',
})
status: AdvanceStatus;
@Column({ type: 'text', nullable: true })
notes: string | null;
@Column({ name: 'captured_by', type: 'uuid' })
capturedById: string;
@Column({ name: 'reviewed_by', type: 'uuid', nullable: true })
reviewedById: string | null;
@Column({ name: 'reviewed_at', type: 'timestamptz', nullable: true })
reviewedAt: Date | null;
@Column({ name: 'approved_by', type: 'uuid', nullable: true })
approvedById: string | null;
@Column({ name: 'approved_at', type: 'timestamptz', nullable: true })
approvedAt: Date | null;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdById: string | null;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date | null;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedById: string | null;
@Column({ name: 'deleted_at', type: 'timestamptz', nullable: true })
deletedAt: Date | null;
@Column({ name: 'deleted_by', type: 'uuid', nullable: true })
deletedById: string | null;
// Relations
@ManyToOne(() => Tenant)
@JoinColumn({ name: 'tenant_id' })
tenant: Tenant;
@ManyToOne(() => Lote, { nullable: true })
@JoinColumn({ name: 'lote_id' })
lote: Lote | null;
@ManyToOne(() => Departamento, { nullable: true })
@JoinColumn({ name: 'departamento_id' })
departamento: Departamento | null;
@ManyToOne(() => Concepto)
@JoinColumn({ name: 'concepto_id' })
concepto: Concepto;
@ManyToOne(() => User)
@JoinColumn({ name: 'captured_by' })
capturedBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'reviewed_by' })
reviewedBy: User | null;
@ManyToOne(() => User)
@JoinColumn({ name: 'approved_by' })
approvedBy: User | null;
@ManyToOne(() => User)
@JoinColumn({ name: 'created_by' })
createdBy: User | null;
@ManyToOne(() => User)
@JoinColumn({ name: 'updated_by' })
updatedBy: User | null;
@OneToMany(() => FotoAvance, (f) => f.avance)
fotos: FotoAvance[];
}

107
src/modules/construction/entities/bitacora-obra.entity.ts Normal file
View File

@ -0,0 +1,107 @@
/**
* BitacoraObra Entity
* Bitacora diaria de obra
*
* @module Construction
* @table construction.bitacora_obra
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
JoinColumn,
Index,
} from 'typeorm';
import { Tenant } from '../../core/entities/tenant.entity';
import { User } from '../../core/entities/user.entity';
import { Fraccionamiento } from './fraccionamiento.entity';
@Entity({ schema: 'construction', name: 'bitacora_obra' })
@Index(['fraccionamientoId', 'entryNumber'], { unique: true })
@Index(['tenantId'])
@Index(['fraccionamientoId'])
@Index(['entryDate'])
export class BitacoraObra {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'fraccionamiento_id', type: 'uuid' })
fraccionamientoId: string;
@Column({ name: 'entry_date', type: 'date' })
entryDate: Date;
@Column({ name: 'entry_number', type: 'integer' })
entryNumber: number;
@Column({ type: 'varchar', length: 50, nullable: true })
weather: string | null;
@Column({ name: 'temperature_max', type: 'decimal', precision: 4, scale: 1, nullable: true })
temperatureMax: number | null;
@Column({ name: 'temperature_min', type: 'decimal', precision: 4, scale: 1, nullable: true })
temperatureMin: number | null;
@Column({ name: 'workers_count', type: 'integer', default: 0 })
workersCount: number;
@Column({ type: 'text' })
description: string;
@Column({ type: 'text', nullable: true })
observations: string | null;
@Column({ type: 'text', nullable: true })
incidents: string | null;
@Column({ name: 'registered_by', type: 'uuid' })
registeredById: string;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdById: string | null;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date | null;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedById: string | null;
@Column({ name: 'deleted_at', type: 'timestamptz', nullable: true })
deletedAt: Date | null;
@Column({ name: 'deleted_by', type: 'uuid', nullable: true })
deletedById: string | null;
// Relations
@ManyToOne(() => Tenant)
@JoinColumn({ name: 'tenant_id' })
tenant: Tenant;
@ManyToOne(() => Fraccionamiento)
@JoinColumn({ name: 'fraccionamiento_id' })
fraccionamiento: Fraccionamiento;
@ManyToOne(() => User)
@JoinColumn({ name: 'registered_by' })
registeredBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'created_by' })
createdBy: User | null;
@ManyToOne(() => User)
@JoinColumn({ name: 'updated_by' })
updatedBy: User | null;
}

69
src/modules/construction/entities/checklist-item.entity.ts Normal file
View File

@ -0,0 +1,69 @@
/**
* ChecklistItem Entity
* Items individuales de un checklist de verificación
*
* @module Construction
* @table construction.checklist_items
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
JoinColumn,
Index,
} from 'typeorm';
import { Checklist } from './checklist.entity';
@Entity({ schema: 'construction', name: 'checklist_items' })
@Index(['tenantId'])
@Index(['checklistId'])
export class ChecklistItem {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'checklist_id', type: 'uuid' })
checklistId: string;
@Column({ type: 'integer', default: 0 })
sequence: number;
@Column({ type: 'varchar', length: 255 })
name: string;
@Column({ type: 'text', nullable: true })
description: string;
@Column({ name: 'is_required', type: 'boolean', default: true })
isRequired: boolean;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdBy: string;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedBy: string;
@Column({ name: 'deleted_at', type: 'timestamptz', nullable: true })
deletedAt: Date;
@Column({ name: 'deleted_by', type: 'uuid', nullable: true })
deletedBy: string;
// Relations
@ManyToOne(() => Checklist, (c) => c.items, { onDelete: 'CASCADE' })
@JoinColumn({ name: 'checklist_id' })
checklist: Checklist;
}

74
src/modules/construction/entities/checklist.entity.ts Normal file
View File

@ -0,0 +1,74 @@
/**
* Checklist Entity
* Plantillas de verificación de calidad
*
* @module Construction
* @table construction.checklists
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
OneToMany,
JoinColumn,
Index,
} from 'typeorm';
import { Prototipo } from './prototipo.entity';
import { ChecklistItem } from './checklist-item.entity';
@Entity({ schema: 'construction', name: 'checklists' })
@Index(['tenantId', 'code'], { unique: true })
@Index(['tenantId'])
export class Checklist {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ type: 'varchar', length: 30 })
code: string;
@Column({ type: 'varchar', length: 255 })
name: string;
@Column({ type: 'text', nullable: true })
description: string;
@Column({ name: 'prototipo_id', type: 'uuid', nullable: true })
prototipoId: string;
@Column({ name: 'is_active', type: 'boolean', default: true })
isActive: boolean;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdBy: string;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedBy: string;
@Column({ name: 'deleted_at', type: 'timestamptz', nullable: true })
deletedAt: Date;
@Column({ name: 'deleted_by', type: 'uuid', nullable: true })
deletedBy: string;
// Relations
@ManyToOne(() => Prototipo)
@JoinColumn({ name: 'prototipo_id' })
prototipo: Prototipo;
@OneToMany(() => ChecklistItem, (item) => item.checklist)
items: ChecklistItem[];
}

109
src/modules/construction/entities/concepto.entity.ts Normal file
View File

@ -0,0 +1,109 @@
/**
* Concepto Entity
* Catálogo de conceptos de obra (jerárquico)
*
* @module Construction
* @table construction.conceptos
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
OneToMany,
JoinColumn,
Index,
} from 'typeorm';
import { Tenant } from '../../core/entities/tenant.entity';
import { User } from '../../core/entities/user.entity';
import { Uom } from '../../core/entities/uom.entity';
@Entity({ schema: 'construction', name: 'conceptos' })
@Index(['tenantId', 'code'], { unique: true })
@Index(['tenantId'])
@Index(['parentId'])
@Index(['code'])
export class Concepto {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'parent_id', type: 'uuid', nullable: true })
parentId: string;
@Column({ type: 'varchar', length: 50 })
code: string;
@Column({ type: 'varchar', length: 255 })
name: string;
@Column({ type: 'text', nullable: true })
description: string;
@Column({ name: 'unit_id', type: 'uuid', nullable: true })
unitId: string;
@Column({ name: 'unit_price', type: 'decimal', precision: 12, scale: 4, nullable: true })
unitPrice: number;
@Column({ name: 'is_composite', type: 'boolean', default: false })
isComposite: boolean;
@Column({ type: 'integer', default: 0 })
level: number;
@Column({ type: 'varchar', length: 500, nullable: true })
path: string;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdById: string;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedById: string;
@Column({ name: 'deleted_at', type: 'timestamptz', nullable: true })
deletedAt: Date;
@Column({ name: 'deleted_by', type: 'uuid', nullable: true })
deletedById: string;
// Relations
@ManyToOne(() => Tenant)
@JoinColumn({ name: 'tenant_id' })
tenant: Tenant;
@ManyToOne(() => Concepto, (concepto) => concepto.children, { nullable: true })
@JoinColumn({ name: 'parent_id' })
parent: Concepto;
@OneToMany(() => Concepto, (concepto) => concepto.parent)
children: Concepto[];
@ManyToOne(() => Uom, { nullable: true })
@JoinColumn({ name: 'unit_id' })
unit: Uom;
@ManyToOne(() => User)
@JoinColumn({ name: 'created_by' })
createdBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'updated_by' })
updatedBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'deleted_by' })
deletedBy: User;
}

124
src/modules/construction/entities/contrato-addenda.entity.ts Normal file
View File

@ -0,0 +1,124 @@
/**
* ContratoAddenda Entity
* Addendas/modificaciones a contratos con subcontratistas
*
* @module Construction
* @table construction.contrato_addendas
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
JoinColumn,
Index,
} from 'typeorm';
import { Tenant } from '../../core/entities/tenant.entity';
import { User } from '../../core/entities/user.entity';
import { Contrato } from './contrato.entity';
/**
* Estado de la addenda
* draft: Borrador
* pending: Pendiente de aprobación
* approved: Aprobada
* rejected: Rechazada
*/
export type AddendaStatus = 'draft' | 'pending' | 'approved' | 'rejected';
@Entity({ schema: 'construction', name: 'contrato_addendas' })
@Index(['tenantId', 'addendumNumber'], { unique: true })
@Index(['tenantId'])
@Index(['contratoId'])
export class ContratoAddenda {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'contrato_id', type: 'uuid' })
contratoId: string;
@Column({ name: 'addendum_number', type: 'varchar', length: 50 })
addendumNumber: string;
@Column({ name: 'addendum_type', type: 'varchar', length: 30 })
addendumType: string;
@Column({ type: 'varchar', length: 255 })
title: string;
@Column({ type: 'text' })
description: string;
@Column({ name: 'effective_date', type: 'date' })
effectiveDate: Date;
@Column({ name: 'new_end_date', type: 'date', nullable: true })
newEndDate: Date;
@Column({ name: 'amount_change', type: 'decimal', precision: 16, scale: 2, default: 0 })
amountChange: number;
@Column({ name: 'new_contract_amount', type: 'decimal', precision: 16, scale: 2, nullable: true })
newContractAmount: number;
@Column({ name: 'scope_changes', type: 'text', nullable: true })
scopeChanges: string;
@Column({ type: 'varchar', length: 20, default: 'draft' })
status: AddendaStatus;
@Column({ name: 'approved_at', type: 'timestamptz', nullable: true })
approvedAt: Date;
@Column({ name: 'approved_by', type: 'uuid', nullable: true })
approvedById: string;
@Column({ name: 'rejection_reason', type: 'text', nullable: true })
rejectionReason: string;
@Column({ name: 'document_url', type: 'varchar', length: 500, nullable: true })
documentUrl: string;
@Column({ type: 'text', nullable: true })
notes: string;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdById: string;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedById: string;
// Relations
@ManyToOne(() => Tenant)
@JoinColumn({ name: 'tenant_id' })
tenant: Tenant;
@ManyToOne(() => Contrato, { onDelete: 'CASCADE' })
@JoinColumn({ name: 'contrato_id' })
contrato: Contrato;
@ManyToOne(() => User)
@JoinColumn({ name: 'approved_by' })
approvedBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'created_by' })
createdBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'updated_by' })
updatedBy: User;
}

106
src/modules/construction/entities/contrato-partida.entity.ts Normal file
View File

@ -0,0 +1,106 @@
/**
* ContratoPartida Entity
* Líneas/partidas de un contrato con subcontratista
*
* @module Construction
* @table construction.contrato_partidas
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
JoinColumn,
Index,
} from 'typeorm';
import { Tenant } from '../../core/entities/tenant.entity';
import { User } from '../../core/entities/user.entity';
import { Contrato } from './contrato.entity';
import { Concepto } from './concepto.entity';
@Entity({ schema: 'construction', name: 'contrato_partidas' })
@Index(['tenantId'])
@Index(['contratoId'])
@Index(['conceptoId'])
export class ContratoPartida {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'contrato_id', type: 'uuid' })
contratoId: string;
@Column({ name: 'concepto_id', type: 'uuid' })
conceptoId: string;
@Column({ type: 'decimal', precision: 12, scale: 4, default: 0 })
quantity: number;
@Column({ name: 'unit_price', type: 'decimal', precision: 12, scale: 4, default: 0 })
unitPrice: number;
/**
* Monto total (columna computada en DDL)
* total_amount = quantity * unit_price
* En TypeORM se marca como readonly ya que es GENERATED ALWAYS
*/
@Column({
name: 'total_amount',
type: 'decimal',
precision: 14,
scale: 2,
insert: false,
update: false,
nullable: true,
})
totalAmount: number;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdById: string;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedById: string;
@Column({ name: 'deleted_at', type: 'timestamptz', nullable: true })
deletedAt: Date;
@Column({ name: 'deleted_by', type: 'uuid', nullable: true })
deletedById: string;
// Relations
@ManyToOne(() => Tenant)
@JoinColumn({ name: 'tenant_id' })
tenant: Tenant;
@ManyToOne(() => Contrato, { onDelete: 'CASCADE' })
@JoinColumn({ name: 'contrato_id' })
contrato: Contrato;
@ManyToOne(() => Concepto)
@JoinColumn({ name: 'concepto_id' })
concepto: Concepto;
@ManyToOne(() => User)
@JoinColumn({ name: 'created_by' })
createdBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'updated_by' })
updatedBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'deleted_by' })
deletedBy: User;
}

164
src/modules/construction/entities/contrato.entity.ts Normal file
View File

@ -0,0 +1,164 @@
/**
* Contrato Entity
* Contratos con subcontratistas para obras de construcción
*
* @module Construction
* @table construction.contratos
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
OneToMany,
JoinColumn,
Index,
} from 'typeorm';
import { Tenant } from '../../core/entities/tenant.entity';
import { User } from '../../core/entities/user.entity';
import { Fraccionamiento } from './fraccionamiento.entity';
import { Subcontratista } from './subcontratista.entity';
import type { ContratoPartida } from './contrato-partida.entity';
import type { ContratoAddenda } from './contrato-addenda.entity';
/**
* Tipo de contrato
* fixed_price: Precio alzado
* unit_price: Precios unitarios
* cost_plus: Costo más porcentaje
* mixed: Combinación de tipos
*/
export type ContractType = 'fixed_price' | 'unit_price' | 'cost_plus' | 'mixed';
/**
* Estado del contrato
* draft: Borrador
* pending_approval: Pendiente de aprobación
* active: Activo
* suspended: Suspendido
* terminated: Terminado
* closed: Cerrado
*/
export type ContractStatus = 'draft' | 'pending_approval' | 'active' | 'suspended' | 'terminated' | 'closed';
@Entity({ schema: 'construction', name: 'contratos' })
@Index(['tenantId', 'contractNumber'], { unique: true })
@Index(['tenantId'])
@Index(['subcontratistaId'])
@Index(['fraccionamientoId'])
export class Contrato {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'subcontratista_id', type: 'uuid' })
subcontratistaId: string;
@Column({ name: 'fraccionamiento_id', type: 'uuid' })
fraccionamientoId: string;
@Column({ name: 'contract_number', type: 'varchar', length: 30 })
contractNumber: string;
@Column({
name: 'contract_type',
type: 'varchar',
length: 20,
default: 'unit_price',
})
contractType: ContractType;
@Column({ type: 'varchar', length: 255 })
name: string;
@Column({ type: 'text', nullable: true })
description: string;
@Column({ name: 'start_date', type: 'date' })
startDate: Date;
@Column({ name: 'end_date', type: 'date', nullable: true })
endDate: Date;
@Column({ name: 'total_amount', type: 'decimal', precision: 16, scale: 2, nullable: true })
totalAmount: number;
@Column({ name: 'advance_percentage', type: 'decimal', precision: 5, scale: 2, default: 0 })
advancePercentage: number;
@Column({ name: 'retention_percentage', type: 'decimal', precision: 5, scale: 2, default: 5 })
retentionPercentage: number;
@Column({
type: 'varchar',
length: 20,
default: 'draft',
})
status: ContractStatus;
@Column({ name: 'signed_at', type: 'timestamptz', nullable: true })
signedAt: Date;
@Column({ name: 'signed_by', type: 'uuid', nullable: true })
signedById: string;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdById: string;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedById: string;
@Column({ name: 'deleted_at', type: 'timestamptz', nullable: true })
deletedAt: Date;
@Column({ name: 'deleted_by', type: 'uuid', nullable: true })
deletedById: string;
// Relations
@ManyToOne(() => Tenant)
@JoinColumn({ name: 'tenant_id' })
tenant: Tenant;
@ManyToOne(() => Subcontratista)
@JoinColumn({ name: 'subcontratista_id' })
subcontratista: Subcontratista;
@ManyToOne(() => Fraccionamiento)
@JoinColumn({ name: 'fraccionamiento_id' })
fraccionamiento: Fraccionamiento;
@ManyToOne(() => User)
@JoinColumn({ name: 'signed_by' })
signedBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'created_by' })
createdBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'updated_by' })
updatedBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'deleted_by' })
deletedBy: User;
// Inverse relations
@OneToMany('ContratoPartida', 'contrato')
partidas: ContratoPartida[];
@OneToMany('ContratoAddenda', 'contrato')
addendas: ContratoAddenda[];
}

90
src/modules/construction/entities/foto-avance.entity.ts Normal file
View File

@ -0,0 +1,90 @@
/**
* FotoAvance Entity
* Evidencia fotografica de avances de obra
*
* @module Construction
* @table construction.fotos_avance
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
ManyToOne,
JoinColumn,
Index,
} from 'typeorm';
import { Tenant } from '../../core/entities/tenant.entity';
import { User } from '../../core/entities/user.entity';
import { AvanceObra } from './avance-obra.entity';
@Entity({ schema: 'construction', name: 'fotos_avance' })
@Index(['tenantId'])
@Index(['avanceId'])
export class FotoAvance {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'avance_id', type: 'uuid' })
avanceId: string;
@Column({ name: 'file_url', type: 'varchar', length: 500 })
fileUrl: string;
@Column({ name: 'file_name', type: 'varchar', length: 255, nullable: true })
fileName: string | null;
@Column({ name: 'file_size', type: 'integer', nullable: true })
fileSize: number | null;
@Column({ name: 'mime_type', type: 'varchar', length: 50, nullable: true })
mimeType: string | null;
@Column({ type: 'text', nullable: true })
description: string | null;
/**
* Ubicacion geografica donde se tomo la foto
* PostGIS POINT geometry (SRID 4326)
*/
@Column({
type: 'geometry',
spatialFeatureType: 'Point',
srid: 4326,
nullable: true,
})
location: string | null;
@Column({ name: 'captured_at', type: 'timestamptz', default: () => 'NOW()' })
capturedAt: Date;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdById: string | null;
@Column({ name: 'deleted_at', type: 'timestamptz', nullable: true })
deletedAt: Date | null;
@Column({ name: 'deleted_by', type: 'uuid', nullable: true })
deletedById: string | null;
// Relations
@ManyToOne(() => Tenant)
@JoinColumn({ name: 'tenant_id' })
tenant: Tenant;
@ManyToOne(() => AvanceObra, (a) => a.fotos, { onDelete: 'CASCADE' })
@JoinColumn({ name: 'avance_id' })
avance: AvanceObra;
@ManyToOne(() => User)
@JoinColumn({ name: 'created_by' })
createdBy: User | null;
}

39
src/modules/construction/entities/index.ts
View File

@ -3,12 +3,51 @@
* @module Construction
*/
// Estructura de Proyecto
export { Proyecto } from './proyecto.entity';
export { Fraccionamiento } from './fraccionamiento.entity';
export { Etapa } from './etapa.entity';
export { Manzana } from './manzana.entity';
export { Lote } from './lote.entity';
export { Prototipo } from './prototipo.entity';
// Estructura Vertical
export { Torre } from './torre.entity';
export { Nivel } from './nivel.entity';
export { Departamento } from './departamento.entity';
// Presupuestos
export { Concepto } from './concepto.entity';
export { Presupuesto } from './presupuesto.entity';
export { PresupuestoPartida } from './presupuesto-partida.entity';
// Calidad - Checklists
export { Checklist } from './checklist.entity';
export { ChecklistItem } from './checklist-item.entity';
// Calidad - Inspecciones
export { Inspeccion, QualityStatus } from './inspeccion.entity';
export { InspeccionResultado } from './inspeccion-resultado.entity';
// Postventa - Tickets
export { TicketPostventa } from './ticket-postventa.entity';
export { TicketAsignacion, AssignmentStatus } from './ticket-asignacion.entity';
// Programa de obra
export { ProgramaObra } from './programa-obra.entity';
export { ProgramaActividad } from './programa-actividad.entity';
// Avances y control de obra
export { AvanceObra, AdvanceStatus } from './avance-obra.entity';
export { FotoAvance } from './foto-avance.entity';
export { BitacoraObra } from './bitacora-obra.entity';
// Subcontratistas y Contratos
export { Subcontratista } from './subcontratista.entity';
export { Contrato, ContractType, ContractStatus } from './contrato.entity';
export { ContratoPartida } from './contrato-partida.entity';
export { ContratoAddenda, AddendaStatus } from './contrato-addenda.entity';
// No Conformidades y Acciones Correctivas
export { NoConformidad, NcSeverity, NcStatus } from './no-conformidad.entity';
export { AccionCorrectiva, ActionType, ActionStatus } from './accion-correctiva.entity';

69
src/modules/construction/entities/inspeccion-resultado.entity.ts Normal file
View File

@ -0,0 +1,69 @@
/**
* InspeccionResultado Entity
* Resultados individuales por item de inspección
*
* @module Construction
* @table construction.inspeccion_resultados
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
JoinColumn,
Index,
} from 'typeorm';
import { Inspeccion } from './inspeccion.entity';
import { ChecklistItem } from './checklist-item.entity';
@Entity({ schema: 'construction', name: 'inspeccion_resultados' })
@Index(['tenantId'])
@Index(['inspeccionId'])
@Index(['checklistItemId'])
export class InspeccionResultado {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'inspeccion_id', type: 'uuid' })
inspeccionId: string;
@Column({ name: 'checklist_item_id', type: 'uuid' })
checklistItemId: string;
@Column({ name: 'is_passed', type: 'boolean', nullable: true })
isPassed: boolean;
@Column({ type: 'text', nullable: true })
notes: string;
@Column({ name: 'photo_url', type: 'varchar', length: 500, nullable: true })
photoUrl: string;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdBy: string;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedBy: string;
// Relations
@ManyToOne(() => Inspeccion, (i) => i.resultados, { onDelete: 'CASCADE' })
@JoinColumn({ name: 'inspeccion_id' })
inspeccion: Inspeccion;
@ManyToOne(() => ChecklistItem)
@JoinColumn({ name: 'checklist_item_id' })
checklistItem: ChecklistItem;
}

105
src/modules/construction/entities/inspeccion.entity.ts Normal file
View File

@ -0,0 +1,105 @@
/**
* Inspeccion Entity
* Inspecciones de calidad en obra
*
* @module Construction
* @table construction.inspecciones
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
OneToMany,
JoinColumn,
Index,
} from 'typeorm';
import { Checklist } from './checklist.entity';
import { Lote } from './lote.entity';
import { Departamento } from './departamento.entity';
import { InspeccionResultado } from './inspeccion-resultado.entity';
/**
* Quality status enum
* Matches construction.quality_status in DDL
*/
export type QualityStatus = 'pending' | 'in_review' | 'approved' | 'rejected' | 'rework';
@Entity({ schema: 'construction', name: 'inspecciones' })
@Index(['tenantId'])
@Index(['status'])
@Index(['checklistId'])
@Index(['loteId'])
@Index(['departamentoId'])
export class Inspeccion {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'checklist_id', type: 'uuid' })
checklistId: string;
@Column({ name: 'lote_id', type: 'uuid', nullable: true })
loteId: string;
@Column({ name: 'departamento_id', type: 'uuid', nullable: true })
departamentoId: string;
@Column({ name: 'inspection_date', type: 'date' })
inspectionDate: Date;
@Column({ type: 'varchar', length: 20, default: 'pending' })
status: QualityStatus;
@Column({ name: 'inspector_id', type: 'uuid' })
inspectorId: string;
@Column({ type: 'text', nullable: true })
notes: string;
@Column({ name: 'approved_by', type: 'uuid', nullable: true })
approvedBy: string;
@Column({ name: 'approved_at', type: 'timestamptz', nullable: true })
approvedAt: Date;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdBy: string;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedBy: string;
@Column({ name: 'deleted_at', type: 'timestamptz', nullable: true })
deletedAt: Date;
@Column({ name: 'deleted_by', type: 'uuid', nullable: true })
deletedBy: string;
// Relations
@ManyToOne(() => Checklist)
@JoinColumn({ name: 'checklist_id' })
checklist: Checklist;
@ManyToOne(() => Lote)
@JoinColumn({ name: 'lote_id' })
lote: Lote;
@ManyToOne(() => Departamento)
@JoinColumn({ name: 'departamento_id' })
departamento: Departamento;
@OneToMany(() => InspeccionResultado, (r) => r.inspeccion)
resultados: InspeccionResultado[];
}

159
src/modules/construction/entities/no-conformidad.entity.ts Normal file
View File

@ -0,0 +1,159 @@
/**
* NoConformidad Entity
* No conformidades detectadas en inspecciones de calidad
*
* @module Construction
* @table construction.no_conformidades
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
OneToMany,
JoinColumn,
Index,
} from 'typeorm';
import { Tenant } from '../../core/entities/tenant.entity';
import { User } from '../../core/entities/user.entity';
import { Lote } from './lote.entity';
import { Subcontratista } from './subcontratista.entity';
import { Inspeccion } from './inspeccion.entity';
import type { AccionCorrectiva } from './accion-correctiva.entity';
/**
* Severidad de la no conformidad
* minor: Menor - no afecta funcionalidad
* major: Mayor - afecta funcionalidad parcialmente
* critical: Crítica - afecta seguridad o funcionalidad total
*/
export type NcSeverity = 'minor' | 'major' | 'critical';
/**
* Estado de la no conformidad
* open: Abierta
* in_progress: En proceso de corrección
* closed: Cerrada (acción correctiva completada)
* verified: Verificada (efectividad comprobada)
*/
export type NcStatus = 'open' | 'in_progress' | 'closed' | 'verified';
@Entity({ schema: 'construction', name: 'no_conformidades' })
@Index(['tenantId', 'ncNumber'], { unique: true })
@Index(['tenantId'])
@Index(['status'])
@Index(['inspeccionId'])
export class NoConformidad {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'inspeccion_id', type: 'uuid', nullable: true })
inspeccionId: string;
@Column({ name: 'lote_id', type: 'uuid', nullable: true })
loteId: string;
@Column({ name: 'nc_number', type: 'varchar', length: 50 })
ncNumber: string;
@Column({ name: 'detection_date', type: 'date' })
detectionDate: Date;
@Column({ type: 'varchar', length: 100, nullable: true })
category: string;
@Column({ type: 'varchar', length: 20, default: 'minor' })
severity: NcSeverity;
@Column({ type: 'text' })
description: string;
@Column({ name: 'root_cause', type: 'text', nullable: true })
rootCause: string;
@Column({ name: 'photo_url', type: 'varchar', length: 500, nullable: true })
photoUrl: string;
@Column({ name: 'contractor_id', type: 'uuid', nullable: true })
contractorId: string;
@Column({ type: 'varchar', length: 20, default: 'open' })
status: NcStatus;
@Column({ name: 'due_date', type: 'date', nullable: true })
dueDate: Date;
@Column({ name: 'closed_at', type: 'timestamptz', nullable: true })
closedAt: Date;
@Column({ name: 'closed_by', type: 'uuid', nullable: true })
closedById: string;
@Column({ name: 'verified_at', type: 'timestamptz', nullable: true })
verifiedAt: Date;
@Column({ name: 'verified_by', type: 'uuid', nullable: true })
verifiedById: string;
@Column({ name: 'closure_photo_url', type: 'varchar', length: 500, nullable: true })
closurePhotoUrl: string;
@Column({ name: 'closure_notes', type: 'text', nullable: true })
closureNotes: string;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdById: string;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedById: string;
// Relations
@ManyToOne(() => Tenant)
@JoinColumn({ name: 'tenant_id' })
tenant: Tenant;
@ManyToOne(() => Inspeccion)
@JoinColumn({ name: 'inspeccion_id' })
inspeccion: Inspeccion;
@ManyToOne(() => Lote)
@JoinColumn({ name: 'lote_id' })
lote: Lote;
@ManyToOne(() => Subcontratista)
@JoinColumn({ name: 'contractor_id' })
contractor: Subcontratista;
@ManyToOne(() => User)
@JoinColumn({ name: 'closed_by' })
closedBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'verified_by' })
verifiedBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'created_by' })
createdBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'updated_by' })
updatedBy: User;
// Inverse relations
@OneToMany('AccionCorrectiva', 'noConformidad')
accionesCorrectivas: AccionCorrectiva[];
}

107
src/modules/construction/entities/presupuesto-partida.entity.ts Normal file
View File

@ -0,0 +1,107 @@
/**
* PresupuestoPartida Entity
* Líneas/partidas del presupuesto
*
* @module Construction
* @table construction.presupuesto_partidas
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
JoinColumn,
Index,
} from 'typeorm';
import { Tenant } from '../../core/entities/tenant.entity';
import { User } from '../../core/entities/user.entity';
import { Presupuesto } from './presupuesto.entity';
import { Concepto } from './concepto.entity';
@Entity({ schema: 'construction', name: 'presupuesto_partidas' })
@Index(['presupuestoId', 'conceptoId'], { unique: true })
@Index(['tenantId'])
export class PresupuestoPartida {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'presupuesto_id', type: 'uuid' })
presupuestoId: string;
@Column({ name: 'concepto_id', type: 'uuid' })
conceptoId: string;
@Column({ type: 'integer', default: 0 })
sequence: number;
@Column({ type: 'decimal', precision: 12, scale: 4, default: 0 })
quantity: number;
@Column({ name: 'unit_price', type: 'decimal', precision: 12, scale: 4, default: 0 })
unitPrice: number;
/**
* Computed column in PostgreSQL: quantity * unit_price
* Generated always as stored, read-only in TypeORM
*/
@Column({
name: 'total_amount',
type: 'decimal',
precision: 14,
scale: 2,
insert: false,
update: false,
nullable: true,
})
totalAmount: number;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdById: string;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedById: string;
@Column({ name: 'deleted_at', type: 'timestamptz', nullable: true })
deletedAt: Date;
@Column({ name: 'deleted_by', type: 'uuid', nullable: true })
deletedById: string;
// Relations
@ManyToOne(() => Tenant)
@JoinColumn({ name: 'tenant_id' })
tenant: Tenant;
@ManyToOne(() => Presupuesto, (presupuesto) => presupuesto.partidas, { onDelete: 'CASCADE' })
@JoinColumn({ name: 'presupuesto_id' })
presupuesto: Presupuesto;
@ManyToOne(() => Concepto)
@JoinColumn({ name: 'concepto_id' })
concepto: Concepto;
@ManyToOne(() => User)
@JoinColumn({ name: 'created_by' })
createdBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'updated_by' })
updatedBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'deleted_by' })
deletedBy: User;
}

125
src/modules/construction/entities/presupuesto.entity.ts Normal file
View File

@ -0,0 +1,125 @@
/**
* Presupuesto Entity
* Presupuestos por prototipo u obra
*
* @module Construction
* @table construction.presupuestos
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
OneToMany,
JoinColumn,
Index,
} from 'typeorm';
import { Tenant } from '../../core/entities/tenant.entity';
import { User } from '../../core/entities/user.entity';
import { Currency } from '../../core/entities/currency.entity';
import { Fraccionamiento } from './fraccionamiento.entity';
import { Prototipo } from './prototipo.entity';
import { PresupuestoPartida } from './presupuesto-partida.entity';
@Entity({ schema: 'construction', name: 'presupuestos' })
@Index(['tenantId', 'code', 'version'], { unique: true })
@Index(['tenantId'])
@Index(['fraccionamientoId'])
export class Presupuesto {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'fraccionamiento_id', type: 'uuid', nullable: true })
fraccionamientoId: string;
@Column({ name: 'prototipo_id', type: 'uuid', nullable: true })
prototipoId: string;
@Column({ type: 'varchar', length: 30 })
code: string;
@Column({ type: 'varchar', length: 255 })
name: string;
@Column({ type: 'text', nullable: true })
description: string;
@Column({ type: 'integer', default: 1 })
version: number;
@Column({ name: 'is_active', type: 'boolean', default: true })
isActive: boolean;
@Column({ name: 'total_amount', type: 'decimal', precision: 16, scale: 2, default: 0 })
totalAmount: number;
@Column({ name: 'currency_id', type: 'uuid', nullable: true })
currencyId: string;
@Column({ name: 'approved_at', type: 'timestamptz', nullable: true })
approvedAt: Date;
@Column({ name: 'approved_by', type: 'uuid', nullable: true })
approvedById: string;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdById: string;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedById: string;
@Column({ name: 'deleted_at', type: 'timestamptz', nullable: true })
deletedAt: Date;
@Column({ name: 'deleted_by', type: 'uuid', nullable: true })
deletedById: string;
// Relations
@ManyToOne(() => Tenant)
@JoinColumn({ name: 'tenant_id' })
tenant: Tenant;
@ManyToOne(() => Fraccionamiento, { nullable: true })
@JoinColumn({ name: 'fraccionamiento_id' })
fraccionamiento: Fraccionamiento;
@ManyToOne(() => Prototipo, { nullable: true })
@JoinColumn({ name: 'prototipo_id' })
prototipo: Prototipo;
@ManyToOne(() => Currency, { nullable: true })
@JoinColumn({ name: 'currency_id' })
currency: Currency;
@ManyToOne(() => User)
@JoinColumn({ name: 'approved_by' })
approvedBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'created_by' })
createdBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'updated_by' })
updatedBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'deleted_by' })
deletedBy: User;
@OneToMany(() => PresupuestoPartida, (partida) => partida.presupuesto)
partidas: PresupuestoPartida[];
}

113
src/modules/construction/entities/programa-actividad.entity.ts Normal file
View File

@ -0,0 +1,113 @@
/**
* ProgramaActividad Entity
* Actividades del programa de obra (estructura jerarquica)
*
* @module Construction
* @table construction.programa_actividades
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
OneToMany,
JoinColumn,
Index,
} from 'typeorm';
import { Tenant } from '../../core/entities/tenant.entity';
import { User } from '../../core/entities/user.entity';
import { Concepto } from '../../budgets/entities/concepto.entity';
import { ProgramaObra } from './programa-obra.entity';
@Entity({ schema: 'construction', name: 'programa_actividades' })
@Index(['tenantId'])
@Index(['programaId'])
@Index(['conceptoId'])
@Index(['parentId'])
export class ProgramaActividad {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'programa_id', type: 'uuid' })
programaId: string;
@Column({ name: 'concepto_id', type: 'uuid', nullable: true })
conceptoId: string | null;
@Column({ name: 'parent_id', type: 'uuid', nullable: true })
parentId: string | null;
@Column({ type: 'varchar', length: 255 })
name: string;
@Column({ type: 'integer', default: 0 })
sequence: number;
@Column({ name: 'planned_start', type: 'date', nullable: true })
plannedStart: Date | null;
@Column({ name: 'planned_end', type: 'date', nullable: true })
plannedEnd: Date | null;
@Column({ name: 'planned_quantity', type: 'decimal', precision: 12, scale: 4, default: 0 })
plannedQuantity: number;
@Column({ name: 'planned_weight', type: 'decimal', precision: 8, scale: 4, default: 0 })
plannedWeight: number;
@Column({ name: 'wbs_code', type: 'varchar', length: 50, nullable: true })
wbsCode: string | null;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdById: string | null;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date | null;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedById: string | null;
@Column({ name: 'deleted_at', type: 'timestamptz', nullable: true })
deletedAt: Date | null;
@Column({ name: 'deleted_by', type: 'uuid', nullable: true })
deletedById: string | null;
// Relations
@ManyToOne(() => Tenant)
@JoinColumn({ name: 'tenant_id' })
tenant: Tenant;
@ManyToOne(() => ProgramaObra, (p) => p.actividades, { onDelete: 'CASCADE' })
@JoinColumn({ name: 'programa_id' })
programa: ProgramaObra;
@ManyToOne(() => Concepto, { nullable: true })
@JoinColumn({ name: 'concepto_id' })
concepto: Concepto | null;
@ManyToOne(() => ProgramaActividad, (pa) => pa.children, { nullable: true })
@JoinColumn({ name: 'parent_id' })
parent: ProgramaActividad | null;
@OneToMany(() => ProgramaActividad, (pa) => pa.parent)
children: ProgramaActividad[];
@ManyToOne(() => User)
@JoinColumn({ name: 'created_by' })
createdBy: User | null;
@ManyToOne(() => User)
@JoinColumn({ name: 'updated_by' })
updatedBy: User | null;
}

95
src/modules/construction/entities/programa-obra.entity.ts Normal file
View File

@ -0,0 +1,95 @@
/**
* ProgramaObra Entity
* Programa maestro de obra
*
* @module Construction
* @table construction.programa_obra
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
OneToMany,
JoinColumn,
Index,
} from 'typeorm';
import { Tenant } from '../../core/entities/tenant.entity';
import { User } from '../../core/entities/user.entity';
import { Fraccionamiento } from './fraccionamiento.entity';
import { ProgramaActividad } from './programa-actividad.entity';
@Entity({ schema: 'construction', name: 'programa_obra' })
@Index(['tenantId', 'code', 'version'], { unique: true })
@Index(['tenantId'])
@Index(['fraccionamientoId'])
export class ProgramaObra {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'fraccionamiento_id', type: 'uuid' })
fraccionamientoId: string;
@Column({ type: 'varchar', length: 30 })
code: string;
@Column({ type: 'varchar', length: 255 })
name: string;
@Column({ type: 'integer', default: 1 })
version: number;
@Column({ name: 'start_date', type: 'date' })
startDate: Date;
@Column({ name: 'end_date', type: 'date' })
endDate: Date;
@Column({ name: 'is_active', type: 'boolean', default: true })
isActive: boolean;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdById: string | null;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date | null;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedById: string | null;
@Column({ name: 'deleted_at', type: 'timestamptz', nullable: true })
deletedAt: Date | null;
@Column({ name: 'deleted_by', type: 'uuid', nullable: true })
deletedById: string | null;
// Relations
@ManyToOne(() => Tenant)
@JoinColumn({ name: 'tenant_id' })
tenant: Tenant;
@ManyToOne(() => Fraccionamiento)
@JoinColumn({ name: 'fraccionamiento_id' })
fraccionamiento: Fraccionamiento;
@ManyToOne(() => User)
@JoinColumn({ name: 'created_by' })
createdBy: User | null;
@ManyToOne(() => User)
@JoinColumn({ name: 'updated_by' })
updatedBy: User | null;
@OneToMany(() => ProgramaActividad, (pa) => pa.programa)
actividades: ProgramaActividad[];
}

109
src/modules/construction/entities/subcontratista.entity.ts Normal file
View File

@ -0,0 +1,109 @@
/**
* Subcontratista Entity
* Catálogo de subcontratistas/proveedores de servicios de construcción
*
* @module Construction
* @table construction.subcontratistas
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
OneToMany,
JoinColumn,
Index,
} from 'typeorm';
import { Tenant } from '../../core/entities/tenant.entity';
import { User } from '../../core/entities/user.entity';
import type { Contrato } from './contrato.entity';
@Entity({ schema: 'construction', name: 'subcontratistas' })
@Index(['tenantId', 'code'], { unique: true })
@Index(['tenantId'])
export class Subcontratista {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'partner_id', type: 'uuid', nullable: true })
partnerId: string;
@Column({ type: 'varchar', length: 20 })
code: string;
@Column({ type: 'varchar', length: 255 })
name: string;
@Column({ name: 'legal_name', type: 'varchar', length: 255, nullable: true })
legalName: string;
@Column({ name: 'tax_id', type: 'varchar', length: 20, nullable: true })
taxId: string;
@Column({ type: 'varchar', length: 100, nullable: true })
specialty: string;
@Column({ name: 'contact_name', type: 'varchar', length: 100, nullable: true })
contactName: string;
@Column({ name: 'contact_phone', type: 'varchar', length: 20, nullable: true })
contactPhone: string;
@Column({ name: 'contact_email', type: 'varchar', length: 100, nullable: true })
contactEmail: string;
@Column({ type: 'text', nullable: true })
address: string;
@Column({ type: 'decimal', precision: 3, scale: 2, nullable: true })
rating: number;
@Column({ name: 'is_active', type: 'boolean', default: true })
isActive: boolean;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdById: string;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedById: string;
@Column({ name: 'deleted_at', type: 'timestamptz', nullable: true })
deletedAt: Date;
@Column({ name: 'deleted_by', type: 'uuid', nullable: true })
deletedById: string;
// Relations
@ManyToOne(() => Tenant)
@JoinColumn({ name: 'tenant_id' })
tenant: Tenant;
@ManyToOne(() => User)
@JoinColumn({ name: 'created_by' })
createdBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'updated_by' })
updatedBy: User;
@ManyToOne(() => User)
@JoinColumn({ name: 'deleted_by' })
deletedBy: User;
// Inverse relations
@OneToMany('Contrato', 'subcontratista')
contratos: Contrato[];
}

85
src/modules/construction/entities/ticket-asignacion.entity.ts Normal file
View File

@ -0,0 +1,85 @@
/**
* TicketAsignacion Entity
* Asignaciones de tickets a técnicos
*
* @module Construction
* @table construction.ticket_asignaciones
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
JoinColumn,
Index,
} from 'typeorm';
import { TicketPostventa } from './ticket-postventa.entity';
/**
* Assignment status enum
* Matches construction.ticket_asignaciones status constraint in DDL
*/
export type AssignmentStatus = 'assigned' | 'accepted' | 'in_progress' | 'completed' | 'reassigned';
@Entity({ schema: 'construction', name: 'ticket_asignaciones' })
@Index(['tenantId'])
@Index(['ticketId'])
@Index(['technicianId'])
export class TicketAsignacion {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'ticket_id', type: 'uuid' })
ticketId: string;
@Column({ name: 'technician_id', type: 'uuid' })
technicianId: string;
@Column({ name: 'assigned_at', type: 'timestamptz', default: () => 'NOW()' })
assignedAt: Date;
@Column({ name: 'assigned_by', type: 'uuid' })
assignedBy: string;
@Column({ type: 'varchar', length: 20, default: 'assigned' })
status: AssignmentStatus;
@Column({ name: 'accepted_at', type: 'timestamptz', nullable: true })
acceptedAt: Date;
@Column({ name: 'scheduled_date', type: 'date', nullable: true })
scheduledDate: Date;
@Column({ name: 'scheduled_time', type: 'time', nullable: true })
scheduledTime: string;
@Column({ name: 'completed_at', type: 'timestamptz', nullable: true })
completedAt: Date;
@Column({ name: 'work_notes', type: 'text', nullable: true })
workNotes: string;
@Column({ name: 'reassignment_reason', type: 'text', nullable: true })
reassignmentReason: string;
@Column({ name: 'is_current', type: 'boolean', default: true })
isCurrent: boolean;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date;
// Relations
@ManyToOne(() => TicketPostventa, (t) => t.asignaciones, { onDelete: 'CASCADE' })
@JoinColumn({ name: 'ticket_id' })
ticket: TicketPostventa;
}

103
src/modules/construction/entities/ticket-postventa.entity.ts Normal file
View File

@ -0,0 +1,103 @@
/**
* TicketPostventa Entity
* Tickets de garantía y postventa
*
* @module Construction
* @table construction.tickets_postventa
* @ddl schemas/01-construction-schema-ddl.sql
*/
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
OneToMany,
JoinColumn,
Index,
} from 'typeorm';
import { Lote } from './lote.entity';
import { Departamento } from './departamento.entity';
import { TicketAsignacion } from './ticket-asignacion.entity';
@Entity({ schema: 'construction', name: 'tickets_postventa' })
@Index(['tenantId', 'ticketNumber'], { unique: true })
@Index(['tenantId'])
@Index(['status'])
@Index(['loteId'])
@Index(['departamentoId'])
export class TicketPostventa {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'tenant_id', type: 'uuid' })
tenantId: string;
@Column({ name: 'lote_id', type: 'uuid', nullable: true })
loteId: string;
@Column({ name: 'departamento_id', type: 'uuid', nullable: true })
departamentoId: string;
@Column({ name: 'ticket_number', type: 'varchar', length: 30 })
ticketNumber: string;
@Column({ name: 'reported_date', type: 'date' })
reportedDate: Date;
@Column({ type: 'varchar', length: 50, nullable: true })
category: string;
@Column({ type: 'text' })
description: string;
@Column({ type: 'varchar', length: 20, default: 'medium' })
priority: string;
@Column({ type: 'varchar', length: 20, default: 'open' })
status: string;
@Column({ name: 'assigned_to', type: 'uuid', nullable: true })
assignedTo: string;
@Column({ type: 'text', nullable: true })
resolution: string;
@Column({ name: 'resolved_at', type: 'timestamptz', nullable: true })
resolvedAt: Date;
@Column({ name: 'resolved_by', type: 'uuid', nullable: true })
resolvedBy: string;
@CreateDateColumn({ name: 'created_at', type: 'timestamptz' })
createdAt: Date;
@Column({ name: 'created_by', type: 'uuid', nullable: true })
createdBy: string;
@UpdateDateColumn({ name: 'updated_at', type: 'timestamptz', nullable: true })
updatedAt: Date;
@Column({ name: 'updated_by', type: 'uuid', nullable: true })
updatedBy: string;
@Column({ name: 'deleted_at', type: 'timestamptz', nullable: true })
deletedAt: Date;
@Column({ name: 'deleted_by', type: 'uuid', nullable: true })
deletedBy: string;
// Relations
@ManyToOne(() => Lote)
@JoinColumn({ name: 'lote_id' })
lote: Lote;
@ManyToOne(() => Departamento)
@JoinColumn({ name: 'departamento_id' })
departamento: Departamento;
@OneToMany(() => TicketAsignacion, (a) => a.ticket)
asignaciones: TicketAsignacion[];
}

985
src/modules/documents/services/approval.service.ts Normal file
View File

@ -0,0 +1,985 @@
/**
* Approval Service
* ERP Construccion - Modulo Documents (MAE-016)
*
* Logica de negocio para flujos de aprobacion de documentos.
* Entities cubiertas: ApprovalWorkflow, ApprovalStep, ApprovalInstance, ApprovalAction
*
* @module Documents (MAE-016)
*/
import { Repository, DataSource, In } from 'typeorm';
import { ApprovalWorkflow } from '../entities/approval-workflow.entity';
import { ApprovalInstance, WorkflowStatus, ApprovalAction } from '../entities/approval-instance.entity';
import { ApprovalStep, ApprovalStepType } from '../entities/approval-step.entity';
import { ApprovalActionEntity } from '../entities/approval-action.entity';
import { Document } from '../entities/document.entity';
// ============================================
// DTOs
// ============================================
export interface CreateWorkflowDto {
workflowCode: string;
name: string;
description?: string;
categoryId?: string;
documentType?: string;
steps?: WorkflowStepDefinition[];
allowParallel?: boolean;
allowSkip?: boolean;
autoArchiveOnApproval?: boolean;
metadata?: Record<string, any>;
}
export interface WorkflowStepDefinition {
stepNumber: number;
name: string;
type: 'review' | 'approval' | 'signature' | 'comment';
approvers: string[];
requiredCount: number;
}
export interface UpdateWorkflowDto {
name?: string;
description?: string;
categoryId?: string;
documentType?: string;
steps?: WorkflowStepDefinition[];
allowParallel?: boolean;
allowSkip?: boolean;
autoArchiveOnApproval?: boolean;
isActive?: boolean;
metadata?: Record<string, any>;
}
export interface StartApprovalDto {
documentId: string;
workflowId: string;
versionId?: string;
notes?: string;
dueDate?: Date;
}
export interface ApproveRejectDto {
action: ApprovalAction;
comments?: string;
signatureData?: string;
signatureIp?: string;
}
export interface WorkflowFilters {
categoryId?: string;
documentType?: string;
isActive?: boolean;
search?: string;
page?: number;
limit?: number;
}
export interface ApprovalInstanceFilters {
documentId?: string;
workflowId?: string;
status?: WorkflowStatus;
initiatedById?: string;
page?: number;
limit?: number;
}
interface PaginatedResult<T> {
data: T[];
total: number;
page: number;
limit: number;
totalPages: number;
}
// ============================================
// SERVICE
// ============================================
export class ApprovalService {
private workflowRepository: Repository<ApprovalWorkflow>;
private instanceRepository: Repository<ApprovalInstance>;
private stepRepository: Repository<ApprovalStep>;
private actionRepository: Repository<ApprovalActionEntity>;
private documentRepository: Repository<Document>;
constructor(dataSource: DataSource) {
this.workflowRepository = dataSource.getRepository(ApprovalWorkflow);
this.instanceRepository = dataSource.getRepository(ApprovalInstance);
this.stepRepository = dataSource.getRepository(ApprovalStep);
this.actionRepository = dataSource.getRepository(ApprovalActionEntity);
this.documentRepository = dataSource.getRepository(Document);
}
// ============================================
// WORKFLOW CRUD
// ============================================
/**
* Create a new approval workflow
* @param tenantId - Tenant ID
* @param dto - Workflow creation data
* @param userId - User creating the workflow
* @returns Created workflow
*/
async createWorkflow(
tenantId: string,
dto: CreateWorkflowDto,
userId?: string
): Promise<ApprovalWorkflow> {
// Validate unique workflow code
const existing = await this.workflowRepository.findOne({
where: { tenantId, workflowCode: dto.workflowCode },
});
if (existing) {
throw new Error(`Workflow con codigo ${dto.workflowCode} ya existe`);
}
// Validate steps if provided
if (dto.steps && dto.steps.length > 0) {
this.validateWorkflowSteps(dto.steps);
}
const workflow = this.workflowRepository.create({
tenantId,
workflowCode: dto.workflowCode,
name: dto.name,
description: dto.description,
categoryId: dto.categoryId,
documentType: dto.documentType as any,
steps: dto.steps || [],
allowParallel: dto.allowParallel ?? false,
allowSkip: dto.allowSkip ?? false,
autoArchiveOnApproval: dto.autoArchiveOnApproval ?? false,
metadata: dto.metadata,
createdBy: userId,
isActive: true,
});
return this.workflowRepository.save(workflow);
}
/**
* Get workflow by ID
* @param tenantId - Tenant ID
* @param id - Workflow ID
* @returns Workflow or null
*/
async getWorkflow(
tenantId: string,
id: string
): Promise<ApprovalWorkflow | null> {
return this.workflowRepository.findOne({
where: { tenantId, id },
relations: ['category'],
});
}
/**
* Get workflow by code
* @param tenantId - Tenant ID
* @param code - Workflow code
* @returns Workflow or null
*/
async getWorkflowByCode(
tenantId: string,
code: string
): Promise<ApprovalWorkflow | null> {
return this.workflowRepository.findOne({
where: { tenantId, workflowCode: code },
relations: ['category'],
});
}
/**
* Get all workflows with filters
* @param tenantId - Tenant ID
* @param filters - Filter options
* @returns Paginated workflows
*/
async getWorkflows(
tenantId: string,
filters: WorkflowFilters = {}
): Promise<PaginatedResult<ApprovalWorkflow>> {
const page = filters.page || 1;
const limit = filters.limit || 20;
const skip = (page - 1) * limit;
const queryBuilder = this.workflowRepository
.createQueryBuilder('wf')
.leftJoinAndSelect('wf.category', 'category')
.where('wf.tenant_id = :tenantId', { tenantId })
.andWhere('wf.deleted_at IS NULL');
if (filters.categoryId) {
queryBuilder.andWhere('wf.category_id = :categoryId', {
categoryId: filters.categoryId,
});
}
if (filters.documentType) {
queryBuilder.andWhere('wf.document_type = :documentType', {
documentType: filters.documentType,
});
}
if (filters.isActive !== undefined) {
queryBuilder.andWhere('wf.is_active = :isActive', {
isActive: filters.isActive,
});
}
if (filters.search) {
queryBuilder.andWhere(
'(wf.name ILIKE :search OR wf.workflow_code ILIKE :search)',
{ search: `%${filters.search}%` }
);
}
const [data, total] = await queryBuilder
.orderBy('wf.name', 'ASC')
.skip(skip)
.take(limit)
.getManyAndCount();
return {
data,
total,
page,
limit,
totalPages: Math.ceil(total / limit),
};
}
/**
* Update workflow
* @param tenantId - Tenant ID
* @param id - Workflow ID
* @param dto - Update data
* @param userId - User updating the workflow
* @returns Updated workflow or null
*/
async updateWorkflow(
tenantId: string,
id: string,
dto: UpdateWorkflowDto,
userId?: string
): Promise<ApprovalWorkflow | null> {
const workflow = await this.getWorkflow(tenantId, id);
if (!workflow) {
return null;
}
// Check for active instances if modifying steps
if (dto.steps) {
const activeInstances = await this.instanceRepository.count({
where: {
tenantId,
workflowId: id,
status: In(['pending', 'in_progress'] as WorkflowStatus[]),
},
});
if (activeInstances > 0) {
throw new Error('No se pueden modificar los pasos con instancias activas');
}
this.validateWorkflowSteps(dto.steps);
}
Object.assign(workflow, dto, { updatedBy: userId });
return this.workflowRepository.save(workflow);
}
/**
* Soft delete workflow
* @param tenantId - Tenant ID
* @param id - Workflow ID
* @returns Success status
*/
async deleteWorkflow(tenantId: string, id: string): Promise<boolean> {
// Check for active instances
const activeInstances = await this.instanceRepository.count({
where: {
tenantId,
workflowId: id,
status: In(['pending', 'in_progress'] as WorkflowStatus[]),
},
});
if (activeInstances > 0) {
throw new Error('No se puede eliminar workflow con instancias activas');
}
const result = await this.workflowRepository.update(
{ id, tenantId },
{ deletedAt: new Date(), isActive: false }
);
return (result.affected ?? 0) > 0;
}
// ============================================
// STEP MANAGEMENT
// ============================================
/**
* Add step to workflow
* @param tenantId - Tenant ID
* @param workflowId - Workflow ID
* @param step - Step definition
* @param userId - User adding the step
* @returns Updated workflow
*/
async addStep(
tenantId: string,
workflowId: string,
step: WorkflowStepDefinition,
userId?: string
): Promise<ApprovalWorkflow | null> {
const workflow = await this.getWorkflow(tenantId, workflowId);
if (!workflow) {
return null;
}
// Check for active instances
const activeInstances = await this.instanceRepository.count({
where: {
tenantId,
workflowId,
status: In(['pending', 'in_progress'] as WorkflowStatus[]),
},
});
if (activeInstances > 0) {
throw new Error('No se pueden agregar pasos con instancias activas');
}
const steps = [...workflow.steps, step];
this.validateWorkflowSteps(steps);
workflow.steps = steps;
workflow.updatedBy = userId;
return this.workflowRepository.save(workflow);
}
/**
* Remove step from workflow
* @param tenantId - Tenant ID
* @param workflowId - Workflow ID
* @param stepNumber - Step number to remove
* @param userId - User removing the step
* @returns Updated workflow
*/
async removeStep(
tenantId: string,
workflowId: string,
stepNumber: number,
userId?: string
): Promise<ApprovalWorkflow | null> {
const workflow = await this.getWorkflow(tenantId, workflowId);
if (!workflow) {
return null;
}
// Check for active instances
const activeInstances = await this.instanceRepository.count({
where: {
tenantId,
workflowId,
status: In(['pending', 'in_progress'] as WorkflowStatus[]),
},
});
if (activeInstances > 0) {
throw new Error('No se pueden eliminar pasos con instancias activas');
}
if (workflow.steps.length <= 1) {
throw new Error('El workflow debe tener al menos un paso');
}
workflow.steps = workflow.steps
.filter(s => s.stepNumber !== stepNumber)
.map((s, idx) => ({ ...s, stepNumber: idx + 1 }));
workflow.updatedBy = userId;
return this.workflowRepository.save(workflow);
}
/**
* Reorder steps in workflow
* @param tenantId - Tenant ID
* @param workflowId - Workflow ID
* @param stepOrder - Array of step numbers in new order
* @param userId - User reordering steps
* @returns Updated workflow
*/
async reorderSteps(
tenantId: string,
workflowId: string,
stepOrder: number[],
userId?: string
): Promise<ApprovalWorkflow | null> {
const workflow = await this.getWorkflow(tenantId, workflowId);
if (!workflow) {
return null;
}
// Check for active instances
const activeInstances = await this.instanceRepository.count({
where: {
tenantId,
workflowId,
status: In(['pending', 'in_progress'] as WorkflowStatus[]),
},
});
if (activeInstances > 0) {
throw new Error('No se pueden reordenar pasos con instancias activas');
}
if (stepOrder.length !== workflow.steps.length) {
throw new Error('El orden debe incluir todos los pasos');
}
const stepsMap = new Map(workflow.steps.map(s => [s.stepNumber, s]));
const reorderedSteps: WorkflowStepDefinition[] = [];
for (let i = 0; i < stepOrder.length; i++) {
const step = stepsMap.get(stepOrder[i]);
if (!step) {
throw new Error(`Paso ${stepOrder[i]} no existe`);
}
reorderedSteps.push({ ...step, stepNumber: i + 1 });
}
workflow.steps = reorderedSteps;
workflow.updatedBy = userId;
return this.workflowRepository.save(workflow);
}
// ============================================
// APPROVAL INSTANCE MANAGEMENT
// ============================================
/**
* Start approval process for a document
* @param tenantId - Tenant ID
* @param dto - Start approval data
* @param userId - User initiating the approval
* @param userName - Name of the user
* @returns Created approval instance
*/
async startApproval(
tenantId: string,
dto: StartApprovalDto,
userId?: string,
userName?: string
): Promise<ApprovalInstance> {
// Validate workflow
const workflow = await this.getWorkflow(tenantId, dto.workflowId);
if (!workflow) {
throw new Error('Workflow no encontrado');
}
if (!workflow.isActive) {
throw new Error('Workflow no esta activo');
}
if (!workflow.steps || workflow.steps.length === 0) {
throw new Error('Workflow no tiene pasos definidos');
}
// Validate document
const document = await this.documentRepository.findOne({
where: { tenantId, id: dto.documentId },
});
if (!document) {
throw new Error('Documento no encontrado');
}
// Check for existing active approval
const existingActive = await this.instanceRepository.findOne({
where: {
tenantId,
documentId: dto.documentId,
status: In(['pending', 'in_progress'] as WorkflowStatus[]),
},
});
if (existingActive) {
throw new Error('El documento ya tiene un proceso de aprobacion activo');
}
// Create approval instance
const instance = this.instanceRepository.create({
tenantId,
workflowId: dto.workflowId,
documentId: dto.documentId,
versionId: dto.versionId,
status: 'pending',
currentStep: 1,
totalSteps: workflow.steps.length,
notes: dto.notes,
dueDate: dto.dueDate,
initiatedById: userId,
initiatedByName: userName,
});
const savedInstance = await this.instanceRepository.save(instance);
// Create steps for the instance
for (const stepDef of workflow.steps) {
const step = this.stepRepository.create({
tenantId,
instanceId: savedInstance.id,
stepNumber: stepDef.stepNumber,
stepName: stepDef.name,
stepType: stepDef.type as ApprovalStepType,
requiredApprovers: stepDef.approvers,
requiredCount: stepDef.requiredCount,
status: stepDef.stepNumber === 1 ? 'pending' : 'draft',
});
await this.stepRepository.save(step);
}
// Update document status
await this.documentRepository.update(
{ id: dto.documentId },
{ status: 'pending_approval' as any }
);
// Start the first step
await this.activateStep(tenantId, savedInstance.id, 1);
return this.getApprovalInstance(tenantId, savedInstance.id) as Promise<ApprovalInstance>;
}
/**
* Approve current step
* @param tenantId - Tenant ID
* @param instanceId - Instance ID
* @param dto - Approval data
* @param userId - User approving
* @param userName - Name of the user
* @returns Updated instance
*/
async approve(
tenantId: string,
instanceId: string,
dto: ApproveRejectDto,
userId: string,
userName?: string
): Promise<ApprovalInstance | null> {
return this.processAction(tenantId, instanceId, 'approve', dto, userId, userName);
}
/**
* Reject current step
* @param tenantId - Tenant ID
* @param instanceId - Instance ID
* @param dto - Rejection data
* @param userId - User rejecting
* @param userName - Name of the user
* @returns Updated instance
*/
async reject(
tenantId: string,
instanceId: string,
dto: ApproveRejectDto,
userId: string,
userName?: string
): Promise<ApprovalInstance | null> {
return this.processAction(tenantId, instanceId, 'reject', dto, userId, userName);
}
/**
* Get approval instance status
* @param tenantId - Tenant ID
* @param instanceId - Instance ID
* @returns Instance with status details
*/
async getApprovalStatus(
tenantId: string,
instanceId: string
): Promise<{
instance: ApprovalInstance | null;
currentStepDetails: ApprovalStep | null;
progress: { completed: number; total: number; percentage: number };
}> {
const instance = await this.getApprovalInstance(tenantId, instanceId);
if (!instance) {
return {
instance: null,
currentStepDetails: null,
progress: { completed: 0, total: 0, percentage: 0 },
};
}
const currentStepDetails = await this.stepRepository.findOne({
where: { tenantId, instanceId, stepNumber: instance.currentStep },
});
const completedSteps = await this.stepRepository.count({
where: {
tenantId,
instanceId,
status: 'approved' as WorkflowStatus,
},
});
return {
instance,
currentStepDetails,
progress: {
completed: completedSteps,
total: instance.totalSteps,
percentage: Math.round((completedSteps / instance.totalSteps) * 100),
},
};
}
/**
* Get pending approvals for a user
* @param tenantId - Tenant ID
* @param userId - User ID
* @returns List of pending approval steps
*/
async getPendingApprovals(
tenantId: string,
userId: string
): Promise<ApprovalStep[]> {
return this.stepRepository
.createQueryBuilder('step')
.innerJoin('step.instance', 'instance')
.where('step.tenant_id = :tenantId', { tenantId })
.andWhere('step.status IN (:...statuses)', {
statuses: ['pending', 'in_progress'],
})
.andWhere(':userId = ANY(step.required_approvers)', { userId })
.andWhere('NOT (:userId = ANY(COALESCE(step.approved_by, ARRAY[]::uuid[])))', { userId })
.orderBy('step.created_at', 'ASC')
.getMany();
}
/**
* Get approval history for a document
* @param tenantId - Tenant ID
* @param documentId - Document ID
* @returns List of approval instances
*/
async getApprovalHistory(
tenantId: string,
documentId: string
): Promise<ApprovalInstance[]> {
return this.instanceRepository.find({
where: { tenantId, documentId },
relations: ['workflow', 'steps'],
order: { createdAt: 'DESC' },
});
}
/**
* Cancel an active approval process
* @param tenantId - Tenant ID
* @param instanceId - Instance ID
* @param reason - Cancellation reason
* @param userId - User cancelling
* @returns Updated instance
*/
async cancelApproval(
tenantId: string,
instanceId: string,
reason: string,
userId?: string
): Promise<ApprovalInstance | null> {
const instance = await this.getApprovalInstance(tenantId, instanceId);
if (!instance) {
return null;
}
if (!['pending', 'in_progress'].includes(instance.status)) {
throw new Error('Solo se pueden cancelar aprobaciones activas');
}
instance.status = 'cancelled';
instance.finalComments = reason;
instance.completedAt = new Date();
// Cancel all pending steps
await this.stepRepository.update(
{ instanceId, status: In(['pending', 'in_progress'] as WorkflowStatus[]) },
{ status: 'cancelled' as WorkflowStatus }
);
// Restore document status
await this.documentRepository.update(
{ id: instance.documentId },
{ status: 'draft' as any }
);
return this.instanceRepository.save(instance);
}
/**
* Get approval instances with filters
* @param tenantId - Tenant ID
* @param filters - Filter options
* @returns Paginated instances
*/
async getApprovalInstances(
tenantId: string,
filters: ApprovalInstanceFilters = {}
): Promise<PaginatedResult<ApprovalInstance>> {
const page = filters.page || 1;
const limit = filters.limit || 20;
const skip = (page - 1) * limit;
const queryBuilder = this.instanceRepository
.createQueryBuilder('inst')
.leftJoinAndSelect('inst.workflow', 'workflow')
.leftJoinAndSelect('inst.document', 'document')
.where('inst.tenant_id = :tenantId', { tenantId });
if (filters.documentId) {
queryBuilder.andWhere('inst.document_id = :documentId', {
documentId: filters.documentId,
});
}
if (filters.workflowId) {
queryBuilder.andWhere('inst.workflow_id = :workflowId', {
workflowId: filters.workflowId,
});
}
if (filters.status) {
queryBuilder.andWhere('inst.status = :status', {
status: filters.status,
});
}
if (filters.initiatedById) {
queryBuilder.andWhere('inst.initiated_by_id = :initiatedById', {
initiatedById: filters.initiatedById,
});
}
const [data, total] = await queryBuilder
.orderBy('inst.created_at', 'DESC')
.skip(skip)
.take(limit)
.getManyAndCount();
return {
data,
total,
page,
limit,
totalPages: Math.ceil(total / limit),
};
}
// ============================================
// PRIVATE METHODS
// ============================================
/**
* Get approval instance by ID
*/
private async getApprovalInstance(
tenantId: string,
id: string
): Promise<ApprovalInstance | null> {
return this.instanceRepository.findOne({
where: { tenantId, id },
relations: ['workflow', 'document', 'steps'],
});
}
/**
* Process approval/rejection action
*/
private async processAction(
tenantId: string,
instanceId: string,
action: ApprovalAction,
dto: ApproveRejectDto,
userId: string,
userName?: string
): Promise<ApprovalInstance | null> {
const instance = await this.getApprovalInstance(tenantId, instanceId);
if (!instance) {
return null;
}
if (!['pending', 'in_progress'].includes(instance.status)) {
throw new Error('El proceso de aprobacion no esta activo');
}
// Get current step
const currentStep = await this.stepRepository.findOne({
where: { tenantId, instanceId, stepNumber: instance.currentStep },
});
if (!currentStep) {
throw new Error('Paso actual no encontrado');
}
// Validate user is an approver
if (currentStep.requiredApprovers && !currentStep.requiredApprovers.includes(userId)) {
throw new Error('Usuario no autorizado para aprobar este paso');
}
// Check if user already acted
const existingAction = await this.actionRepository.findOne({
where: { tenantId, stepId: currentStep.id, userId },
});
if (existingAction) {
throw new Error('Usuario ya registro una accion en este paso');
}
// Record the action
const actionEntity = this.actionRepository.create({
tenantId,
stepId: currentStep.id,
instanceId,
action: action,
comments: dto.comments,
userId,
userName,
signatureData: dto.signatureData,
signatureTimestamp: dto.signatureData ? new Date() : undefined,
signatureIp: dto.signatureIp,
});
await this.actionRepository.save(actionEntity);
// Update step approvers/rejectors
if (action === 'approve') {
currentStep.approvedBy = [...(currentStep.approvedBy || []), userId];
} else if (action === 'reject') {
currentStep.rejectedBy = [...(currentStep.rejectedBy || []), userId];
}
// Check if step is complete
if (action === 'reject') {
// Rejection immediately fails the step and instance
currentStep.status = 'rejected';
currentStep.actionTaken = action;
currentStep.completedAt = new Date();
await this.stepRepository.save(currentStep);
instance.status = 'rejected';
instance.finalAction = action;
instance.finalComments = dto.comments;
instance.finalApproverId = userId;
instance.completedAt = new Date();
await this.documentRepository.update(
{ id: instance.documentId },
{ status: 'rejected' as any }
);
return this.instanceRepository.save(instance);
}
// Check if approval count is met
const approvalCount = currentStep.approvedBy?.length || 0;
if (approvalCount >= currentStep.requiredCount) {
currentStep.status = 'approved';
currentStep.actionTaken = 'approve';
currentStep.completedAt = new Date();
await this.stepRepository.save(currentStep);
// Check if this was the last step
if (instance.currentStep >= instance.totalSteps) {
instance.status = 'approved';
instance.finalAction = 'approve';
instance.finalApproverId = userId;
instance.completedAt = new Date();
await this.documentRepository.update(
{ id: instance.documentId },
{ status: 'approved' as any, approvedById: userId, approvedAt: new Date() }
);
return this.instanceRepository.save(instance);
}
// Move to next step
instance.currentStep += 1;
instance.status = 'in_progress';
await this.instanceRepository.save(instance);
// Activate next step
await this.activateStep(tenantId, instanceId, instance.currentStep);
} else {
await this.stepRepository.save(currentStep);
}
return this.getApprovalInstance(tenantId, instanceId);
}
/**
* Activate a step in the workflow
*/
private async activateStep(
tenantId: string,
instanceId: string,
stepNumber: number
): Promise<void> {
await this.stepRepository.update(
{ tenantId, instanceId, stepNumber },
{ status: 'pending' as WorkflowStatus, startedAt: new Date() }
);
// Update instance status
await this.instanceRepository.update(
{ id: instanceId },
{ status: 'in_progress' as WorkflowStatus, startedAt: new Date() }
);
}
/**
* Validate workflow steps
*/
private validateWorkflowSteps(steps: WorkflowStepDefinition[]): void {
if (steps.length === 0) {
throw new Error('Workflow debe tener al menos un paso');
}
const stepNumbers = steps.map(s => s.stepNumber);
const uniqueStepNumbers = new Set(stepNumbers);
if (stepNumbers.length !== uniqueStepNumbers.size) {
throw new Error('Numeros de paso duplicados');
}
for (const step of steps) {
if (!step.name || step.name.trim() === '') {
throw new Error('Cada paso debe tener un nombre');
}
if (!step.approvers || step.approvers.length === 0) {
throw new Error(`Paso ${step.stepNumber} debe tener al menos un aprobador`);
}
if (step.requiredCount < 1 || step.requiredCount > step.approvers.length) {
throw new Error(
`Paso ${step.stepNumber}: requiredCount debe ser entre 1 y el numero de aprobadores`
);
}
}
}
}

1032
src/modules/documents/services/document-access.service.ts Normal file
View File

File diff suppressed because it is too large Load Diff

6
src/modules/documents/services/index.ts
View File

@ -8,3 +8,9 @@ export * from './document-version.service';
// GAP-006: Firmas Digitales
export * from './digital-signature.service';
// Approval workflows
export * from './approval.service';
// Document access control
export * from './document-access.service';

38
src/modules/estimates/controllers/anticipo.controller.ts
View File

@ -69,14 +69,10 @@ export function createAnticipoController(dataSource: DataSource): Router {
const result = await anticipoService.findWithFilters(getContext(req), filters, page, limit);
res.status(200).json({
success: true,
data: result.data,
pagination: {
total: result.total,
page: result.page,
limit: result.limit,
totalPages: result.totalPages,
},
items: result.data,
total: result.total,
page: result.page,
limit: result.limit,
});
} catch (error) {
next(error);
@ -98,7 +94,7 @@ export function createAnticipoController(dataSource: DataSource): Router {
if (req.query.advanceType) filters.advanceType = req.query.advanceType as any;
const stats = await anticipoService.getStats(getContext(req), filters);
res.status(200).json({ success: true, data: stats });
res.status(200).json(stats);
} catch (error) {
next(error);
}
@ -125,14 +121,10 @@ export function createAnticipoController(dataSource: DataSource): Router {
);
res.status(200).json({
success: true,
data: result.data,
pagination: {
total: result.total,
page: result.page,
limit: result.limit,
totalPages: result.totalPages,
},
items: result.data,
total: result.total,
page: result.page,
limit: result.limit,
});
} catch (error) {
next(error);
@ -155,7 +147,7 @@ export function createAnticipoController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: anticipo });
res.status(200).json(anticipo);
} catch (error) {
next(error);
}
@ -182,7 +174,7 @@ export function createAnticipoController(dataSource: DataSource): Router {
}
const anticipo = await anticipoService.createAnticipo(getContext(req), dto);
res.status(201).json({ success: true, data: anticipo });
res.status(201).json(anticipo);
} catch (error) {
if (error instanceof Error && error.message.includes('no coincide')) {
res.status(400).json({ error: 'Bad Request', message: error.message });
@ -215,7 +207,7 @@ export function createAnticipoController(dataSource: DataSource): Router {
req.body.notes
);
res.status(200).json({ success: true, data: anticipo });
res.status(200).json(anticipo);
} catch (error) {
if (error instanceof Error) {
if (error.message === 'Anticipo no encontrado') {
@ -254,7 +246,7 @@ export function createAnticipoController(dataSource: DataSource): Router {
paidAt ? new Date(paidAt) : undefined
);
res.status(200).json({ success: true, data: anticipo });
res.status(200).json(anticipo);
} catch (error) {
if (error instanceof Error) {
if (error.message === 'Anticipo no encontrado') {
@ -292,7 +284,7 @@ export function createAnticipoController(dataSource: DataSource): Router {
amount
);
res.status(200).json({ success: true, data: anticipo });
res.status(200).json(anticipo);
} catch (error) {
if (error instanceof Error) {
if (error.message === 'Anticipo no encontrado') {
@ -324,7 +316,7 @@ export function createAnticipoController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, message: 'Anticipo deleted' });
res.status(204).send();
} catch (error) {
next(error);
}

34
src/modules/estimates/controllers/estimacion.controller.ts
View File

@ -83,14 +83,10 @@ export function createEstimacionController(dataSource: DataSource): Router {
const result = await estimacionService.findWithFilters(getContext(req), filters, page, limit);
res.status(200).json({
success: true,
data: result.data,
pagination: {
total: result.total,
page: result.page,
limit: result.limit,
totalPages: result.totalPages,
},
items: result.data,
total: result.total,
page: result.page,
limit: result.limit,
});
} catch (error) {
next(error);
@ -110,7 +106,7 @@ export function createEstimacionController(dataSource: DataSource): Router {
}
const summary = await estimacionService.getContractSummary(getContext(req), req.params.contratoId);
res.status(200).json({ success: true, data: summary });
res.status(200).json(summary);
} catch (error) {
next(error);
}
@ -134,7 +130,7 @@ export function createEstimacionController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: estimacion });
res.status(200).json(estimacion);
} catch (error) {
next(error);
}
@ -160,7 +156,7 @@ export function createEstimacionController(dataSource: DataSource): Router {
}
const estimacion = await estimacionService.createEstimacion(getContext(req), dto);
res.status(201).json({ success: true, data: estimacion });
res.status(201).json(estimacion);
} catch (error) {
next(error);
}
@ -186,7 +182,7 @@ export function createEstimacionController(dataSource: DataSource): Router {
}
const concepto = await estimacionService.addConcepto(getContext(req), req.params.id, dto);
res.status(201).json({ success: true, data: concepto });
res.status(201).json(concepto);
} catch (error) {
if (error instanceof Error && error.message.includes('non-draft')) {
res.status(400).json({ error: 'Bad Request', message: error.message });
@ -216,7 +212,7 @@ export function createEstimacionController(dataSource: DataSource): Router {
}
const generador = await estimacionService.addGenerador(getContext(req), req.params.conceptoId, dto);
res.status(201).json({ success: true, data: generador });
res.status(201).json(generador);
} catch (error) {
if (error instanceof Error && error.message === 'Concepto not found') {
res.status(404).json({ error: 'Not Found', message: error.message });
@ -244,7 +240,7 @@ export function createEstimacionController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: estimacion, message: 'Estimate submitted for review' });
res.status(200).json(estimacion);
} catch (error) {
if (error instanceof Error && error.message.includes('Invalid status')) {
res.status(400).json({ error: 'Bad Request', message: error.message });
@ -272,7 +268,7 @@ export function createEstimacionController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: estimacion, message: 'Estimate reviewed' });
res.status(200).json(estimacion);
} catch (error) {
if (error instanceof Error && error.message.includes('Invalid status')) {
res.status(400).json({ error: 'Bad Request', message: error.message });
@ -300,7 +296,7 @@ export function createEstimacionController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: estimacion, message: 'Estimate approved' });
res.status(200).json(estimacion);
} catch (error) {
if (error instanceof Error && error.message.includes('Invalid status')) {
res.status(400).json({ error: 'Bad Request', message: error.message });
@ -334,7 +330,7 @@ export function createEstimacionController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: estimacion, message: 'Estimate rejected' });
res.status(200).json(estimacion);
} catch (error) {
if (error instanceof Error && error.message.includes('Invalid status')) {
res.status(400).json({ error: 'Bad Request', message: error.message });
@ -359,7 +355,7 @@ export function createEstimacionController(dataSource: DataSource): Router {
await estimacionService.recalculateTotals(getContext(req), req.params.id);
const estimacion = await estimacionService.findWithDetails(getContext(req), req.params.id);
res.status(200).json({ success: true, data: estimacion, message: 'Totals recalculated' });
res.status(200).json(estimacion);
} catch (error) {
next(error);
}
@ -394,7 +390,7 @@ export function createEstimacionController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, message: 'Estimate deleted' });
res.status(204).send();
} catch (error) {
next(error);
}

29
src/modules/hse/controllers/capacitacion.controller.ts
View File

@ -81,14 +81,10 @@ export function createCapacitacionController(dataSource: DataSource): Router {
const result = await capacitacionService.findAll(getContext(req), filters, page, limit);
res.status(200).json({
success: true,
data: result.data,
pagination: {
total: result.total,
page: result.page,
limit: result.limit,
totalPages: result.totalPages,
},
items: result.data,
total: result.total,
page: result.page,
limit: result.limit,
});
} catch (error) {
next(error);
@ -114,7 +110,10 @@ export function createCapacitacionController(dataSource: DataSource): Router {
}
const capacitaciones = await capacitacionService.getByTipo(getContext(req), req.params.tipo as any);
res.status(200).json({ success: true, data: capacitaciones });
res.status(200).json({
items: capacitaciones,
total: capacitaciones.length,
});
} catch (error) {
next(error);
}
@ -138,7 +137,7 @@ export function createCapacitacionController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: capacitacion });
res.status(200).json(capacitacion);
} catch (error) {
next(error);
}
@ -164,7 +163,7 @@ export function createCapacitacionController(dataSource: DataSource): Router {
}
const capacitacion = await capacitacionService.create(getContext(req), dto);
res.status(201).json({ success: true, data: capacitacion });
res.status(201).json(capacitacion);
} catch (error) {
if (error instanceof Error && error.message.includes('already exists')) {
res.status(409).json({ error: 'Conflict', message: error.message });
@ -194,7 +193,7 @@ export function createCapacitacionController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: capacitacion });
res.status(200).json(capacitacion);
} catch (error) {
next(error);
}
@ -219,11 +218,7 @@ export function createCapacitacionController(dataSource: DataSource): Router {
return;
}
res.status(200).json({
success: true,
data: capacitacion,
message: capacitacion.activo ? 'Training activated' : 'Training deactivated',
});
res.status(200).json(capacitacion);
} catch (error) {
next(error);
}

32
src/modules/hse/controllers/incidente.controller.ts
View File

@ -96,14 +96,10 @@ export function createIncidenteController(dataSource: DataSource): Router {
const result = await incidenteService.findWithFilters(getContext(req), filters, page, limit);
res.status(200).json({
success: true,
data: result.data,
pagination: {
total: result.total,
page: result.page,
limit: result.limit,
totalPages: result.totalPages,
},
items: result.data,
total: result.total,
page: result.page,
limit: result.limit,
});
} catch (error) {
next(error);
@ -124,7 +120,7 @@ export function createIncidenteController(dataSource: DataSource): Router {
const fraccionamientoId = req.query.fraccionamientoId as string;
const stats = await incidenteService.getStats(getContext(req), fraccionamientoId);
res.status(200).json({ success: true, data: stats });
res.status(200).json(stats);
} catch (error) {
next(error);
}
@ -148,7 +144,7 @@ export function createIncidenteController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: incidente });
res.status(200).json(incidente);
} catch (error) {
next(error);
}
@ -178,7 +174,7 @@ export function createIncidenteController(dataSource: DataSource): Router {
dto.fechaHora = new Date(dto.fechaHora);
const incidente = await incidenteService.create(getContext(req), dto);
res.status(201).json({ success: true, data: incidente });
res.status(201).json(incidente);
} catch (error) {
next(error);
}
@ -204,7 +200,7 @@ export function createIncidenteController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: incidente });
res.status(200).json(incidente);
} catch (error) {
if (error instanceof Error && error.message.includes('closed')) {
res.status(400).json({ error: 'Bad Request', message: error.message });
@ -232,7 +228,7 @@ export function createIncidenteController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: incidente, message: 'Investigation started' });
res.status(200).json(incidente);
} catch (error) {
if (error instanceof Error && error.message.includes('only start')) {
res.status(400).json({ error: 'Bad Request', message: error.message });
@ -260,7 +256,7 @@ export function createIncidenteController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: incidente, message: 'Incident closed' });
res.status(200).json(incidente);
} catch (error) {
if (error instanceof Error && (error.message.includes('already closed') || error.message.includes('pending actions'))) {
res.status(400).json({ error: 'Bad Request', message: error.message });
@ -290,7 +286,7 @@ export function createIncidenteController(dataSource: DataSource): Router {
}
const involucrado = await incidenteService.addInvolucrado(getContext(req), req.params.id, dto);
res.status(201).json({ success: true, data: involucrado });
res.status(201).json(involucrado);
} catch (error) {
if (error instanceof Error && error.message === 'Incidente not found') {
res.status(404).json({ error: 'Not Found', message: error.message });
@ -323,7 +319,7 @@ export function createIncidenteController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, message: 'Involved person removed' });
res.status(204).send();
} catch (error) {
next(error);
}
@ -353,7 +349,7 @@ export function createIncidenteController(dataSource: DataSource): Router {
dto.fechaCompromiso = new Date(dto.fechaCompromiso);
const accion = await incidenteService.addAccion(getContext(req), req.params.id, dto);
res.status(201).json({ success: true, data: accion });
res.status(201).json(accion);
} catch (error) {
if (error instanceof Error) {
if (error.message === 'Incidente not found') {
@ -398,7 +394,7 @@ export function createIncidenteController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: accion });
res.status(200).json(accion);
} catch (error) {
next(error);
}

49
src/modules/hse/controllers/inspeccion.controller.ts
View File

@ -79,7 +79,10 @@ export function createInspeccionController(dataSource: DataSource): Router {
router.get('/tipos', authMiddleware.authenticate, async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const tipos = await inspeccionService.findTiposInspeccion(getContext(req));
res.status(200).json({ success: true, data: tipos });
res.status(200).json({
items: tipos,
total: tipos.length,
});
} catch (error) {
next(error);
}
@ -112,14 +115,10 @@ export function createInspeccionController(dataSource: DataSource): Router {
const result = await inspeccionService.findInspecciones(getContext(req), filters, page, limit);
res.status(200).json({
success: true,
data: result.data,
pagination: {
total: result.total,
page: result.page,
limit: result.limit,
totalPages: result.totalPages,
},
items: result.data,
total: result.total,
page: result.page,
limit: result.limit,
});
} catch (error) {
next(error);
@ -140,7 +139,7 @@ export function createInspeccionController(dataSource: DataSource): Router {
const fraccionamientoId = req.query.fraccionamientoId as string;
const stats = await inspeccionService.getStats(getContext(req), fraccionamientoId);
res.status(200).json({ success: true, data: stats });
res.status(200).json(stats);
} catch (error) {
next(error);
}
@ -164,7 +163,7 @@ export function createInspeccionController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: inspeccion });
res.status(200).json(inspeccion);
} catch (error) {
next(error);
}
@ -193,7 +192,7 @@ export function createInspeccionController(dataSource: DataSource): Router {
}
const inspeccion = await inspeccionService.createInspeccion(getContext(req), dto);
res.status(201).json({ success: true, data: inspeccion });
res.status(201).json(inspeccion);
} catch (error) {
next(error);
}
@ -223,7 +222,7 @@ export function createInspeccionController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: inspeccion });
res.status(200).json(inspeccion);
} catch (error) {
next(error);
}
@ -253,7 +252,7 @@ export function createInspeccionController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: inspeccion });
res.status(200).json(inspeccion);
} catch (error) {
next(error);
}
@ -287,14 +286,10 @@ export function createInspeccionController(dataSource: DataSource): Router {
const result = await inspeccionService.findHallazgos(getContext(req), filters, page, limit);
res.status(200).json({
success: true,
data: result.data,
pagination: {
total: result.total,
page: result.page,
limit: result.limit,
totalPages: result.totalPages,
},
items: result.data,
total: result.total,
page: result.page,
limit: result.limit,
});
} catch (error) {
next(error);
@ -325,7 +320,7 @@ export function createInspeccionController(dataSource: DataSource): Router {
dto.fechaLimite = new Date(dto.fechaLimite);
const hallazgo = await inspeccionService.createHallazgo(getContext(req), req.params.id, dto);
res.status(201).json({ success: true, data: hallazgo });
res.status(201).json(hallazgo);
} catch (error) {
if (error instanceof Error && error.message === 'Inspección no encontrada') {
res.status(404).json({ error: 'Not Found', message: error.message });
@ -364,7 +359,7 @@ export function createInspeccionController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: hallazgo, message: 'Correction registered' });
res.status(200).json(hallazgo);
} catch (error) {
next(error);
}
@ -401,11 +396,7 @@ export function createInspeccionController(dataSource: DataSource): Router {
return;
}
res.status(200).json({
success: true,
data: hallazgo,
message: aprobado ? 'Finding closed' : 'Finding reopened',
});
res.status(200).json(hallazgo);
} catch (error) {
next(error);
}

28
src/modules/progress/controllers/avance-obra.controller.ts
View File

@ -78,14 +78,10 @@ export function createAvanceObraController(dataSource: DataSource): Router {
const result = await avanceService.findWithFilters(getContext(req), filters, page, limit);
res.status(200).json({
success: true,
data: result.data,
pagination: {
total: result.total,
page: result.page,
limit: result.limit,
totalPages: result.totalPages,
},
items: result.data,
total: result.total,
page: result.page,
limit: result.limit,
});
} catch (error) {
next(error);
@ -108,7 +104,7 @@ export function createAvanceObraController(dataSource: DataSource): Router {
const departamentoId = req.query.departamentoId as string;
const progress = await avanceService.getAccumulatedProgress(getContext(req), loteId, departamentoId);
res.status(200).json({ success: true, data: progress });
res.status(200).json(progress);
} catch (error) {
next(error);
}
@ -132,7 +128,7 @@ export function createAvanceObraController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: avance });
res.status(200).json(avance);
} catch (error) {
next(error);
}
@ -163,7 +159,7 @@ export function createAvanceObraController(dataSource: DataSource): Router {
}
const avance = await avanceService.createAvance(getContext(req), dto);
res.status(201).json({ success: true, data: avance });
res.status(201).json(avance);
} catch (error) {
if (error instanceof Error) {
res.status(400).json({ error: 'Bad Request', message: error.message });
@ -193,7 +189,7 @@ export function createAvanceObraController(dataSource: DataSource): Router {
}
const foto = await avanceService.addFoto(getContext(req), req.params.id, dto);
res.status(201).json({ success: true, data: foto });
res.status(201).json(foto);
} catch (error) {
if (error instanceof Error && error.message === 'Avance not found') {
res.status(404).json({ error: 'Not Found', message: error.message });
@ -221,7 +217,7 @@ export function createAvanceObraController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: avance, message: 'Progress reviewed' });
res.status(200).json(avance);
} catch (error) {
next(error);
}
@ -245,7 +241,7 @@ export function createAvanceObraController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: avance, message: 'Progress approved' });
res.status(200).json(avance);
} catch (error) {
next(error);
}
@ -275,7 +271,7 @@ export function createAvanceObraController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: avance, message: 'Progress rejected' });
res.status(200).json(avance);
} catch (error) {
next(error);
}
@ -299,7 +295,7 @@ export function createAvanceObraController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, message: 'Progress record deleted' });
res.status(204).send();
} catch (error) {
next(error);
}

24
src/modules/progress/controllers/bitacora-obra.controller.ts
View File

@ -80,14 +80,10 @@ export function createBitacoraObraController(dataSource: DataSource): Router {
const result = await bitacoraService.findWithFilters(getContext(req), fraccionamientoId, filters, page, limit);
res.status(200).json({
success: true,
data: result.data,
pagination: {
total: result.total,
page: result.page,
limit: result.limit,
totalPages: result.totalPages,
},
items: result.data,
total: result.total,
page: result.page,
limit: result.limit,
});
} catch (error) {
next(error);
@ -113,7 +109,7 @@ export function createBitacoraObraController(dataSource: DataSource): Router {
}
const stats = await bitacoraService.getStats(getContext(req), fraccionamientoId);
res.status(200).json({ success: true, data: stats });
res.status(200).json(stats);
} catch (error) {
next(error);
}
@ -143,7 +139,7 @@ export function createBitacoraObraController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: entry });
res.status(200).json(entry);
} catch (error) {
next(error);
}
@ -167,7 +163,7 @@ export function createBitacoraObraController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: entry });
res.status(200).json(entry);
} catch (error) {
next(error);
}
@ -193,7 +189,7 @@ export function createBitacoraObraController(dataSource: DataSource): Router {
}
const entry = await bitacoraService.createEntry(getContext(req), dto);
res.status(201).json({ success: true, data: entry });
res.status(201).json(entry);
} catch (error) {
next(error);
}
@ -219,7 +215,7 @@ export function createBitacoraObraController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, data: entry });
res.status(200).json(entry);
} catch (error) {
next(error);
}
@ -243,7 +239,7 @@ export function createBitacoraObraController(dataSource: DataSource): Router {
return;
}
res.status(200).json({ success: true, message: 'Log entry deleted' });
res.status(204).send();
} catch (error) {
next(error);
}

556
src/modules/storage/services/bucket.service.ts Normal file
View File

@ -0,0 +1,556 @@
/**
* BucketService - Gestión de buckets de almacenamiento
*
* Servicio para CRUD de buckets, configuración de almacenamiento y estadísticas.
*
* @module Storage
*/
import { Repository, Not } from 'typeorm';
import { StorageBucket, BucketType, StorageProvider } from '../entities/bucket.entity';
import { StorageFile } from '../entities/file.entity';
import { TenantUsage } from '../entities/tenant-usage.entity';
export interface CreateBucketDto {
name: string;
description?: string;
bucketType?: BucketType;
maxFileSizeMb?: number;
allowedMimeTypes?: string[];
allowedExtensions?: string[];
autoDeleteDays?: number;
versioningEnabled?: boolean;
maxVersions?: number;
storageProvider?: StorageProvider;
storageConfig?: Record<string, any>;
quotaPerTenantGb?: number;
isSystem?: boolean;
}
export interface UpdateBucketDto {
description?: string;
bucketType?: BucketType;
maxFileSizeMb?: number;
allowedMimeTypes?: string[];
allowedExtensions?: string[];
autoDeleteDays?: number;
versioningEnabled?: boolean;
maxVersions?: number;
storageConfig?: Record<string, any>;
quotaPerTenantGb?: number;
isActive?: boolean;
}
export interface BucketFilters {
bucketType?: BucketType;
storageProvider?: StorageProvider;
isActive?: boolean;
isSystem?: boolean;
search?: string;
page?: number;
limit?: number;
}
export interface BucketStats {
bucketId: string;
bucketName: string;
totalFiles: number;
totalSizeBytes: number;
filesByCategory: Record<string, number>;
sizeByCategory: Record<string, number>;
tenantCount: number;
}
export interface PaginatedResult<T> {
data: T[];
total: number;
page: number;
limit: number;
totalPages: number;
}
export class BucketService {
constructor(
private readonly bucketRepository: Repository<StorageBucket>,
private readonly fileRepository: Repository<StorageFile>,
private readonly usageRepository: Repository<TenantUsage>,
) {}
/**
* Create a new bucket
*/
async create(dto: CreateBucketDto): Promise<StorageBucket> {
// Check if bucket name already exists
const existing = await this.bucketRepository.findOne({
where: { name: dto.name },
});
if (existing) {
throw new Error(`Ya existe un bucket con el nombre: ${dto.name}`);
}
// Validate storage provider configuration
if (dto.storageProvider && dto.storageProvider !== 'local') {
this.validateStorageConfig(dto.storageProvider, dto.storageConfig);
}
const bucket = this.bucketRepository.create({
name: dto.name,
description: dto.description,
bucketType: dto.bucketType || 'private',
maxFileSizeMb: dto.maxFileSizeMb || 50,
allowedMimeTypes: dto.allowedMimeTypes || [],
allowedExtensions: dto.allowedExtensions || [],
autoDeleteDays: dto.autoDeleteDays,
versioningEnabled: dto.versioningEnabled || false,
maxVersions: dto.maxVersions || 5,
storageProvider: dto.storageProvider || 'local',
storageConfig: dto.storageConfig || {},
quotaPerTenantGb: dto.quotaPerTenantGb,
isActive: true,
isSystem: dto.isSystem || false,
});
return this.bucketRepository.save(bucket);
}
/**
* Find bucket by ID
*/
async findById(id: string): Promise<StorageBucket | null> {
return this.bucketRepository.findOne({ where: { id } });
}
/**
* Find bucket by name
*/
async findByName(name: string): Promise<StorageBucket | null> {
return this.bucketRepository.findOne({ where: { name } });
}
/**
* Find all buckets with filters
*/
async findAll(filters: BucketFilters = {}): Promise<PaginatedResult<StorageBucket>> {
const page = filters.page || 1;
const limit = Math.min(filters.limit || 20, 100);
const skip = (page - 1) * limit;
const qb = this.bucketRepository.createQueryBuilder('b');
if (filters.bucketType) {
qb.andWhere('b.bucket_type = :bucketType', {
bucketType: filters.bucketType,
});
}
if (filters.storageProvider) {
qb.andWhere('b.storage_provider = :storageProvider', {
storageProvider: filters.storageProvider,
});
}
if (filters.isActive !== undefined) {
qb.andWhere('b.is_active = :isActive', { isActive: filters.isActive });
}
if (filters.isSystem !== undefined) {
qb.andWhere('b.is_system = :isSystem', { isSystem: filters.isSystem });
}
if (filters.search) {
qb.andWhere('(b.name ILIKE :search OR b.description ILIKE :search)', {
search: `%${filters.search}%`,
});
}
const [data, total] = await qb
.orderBy('b.name', 'ASC')
.skip(skip)
.take(limit)
.getManyAndCount();
return {
data,
total,
page,
limit,
totalPages: Math.ceil(total / limit),
};
}
/**
* List all active buckets
*/
async list(includeSystem: boolean = false): Promise<StorageBucket[]> {
const where: any = { isActive: true };
if (!includeSystem) {
where.isSystem = false;
}
return this.bucketRepository.find({
where,
order: { name: 'ASC' },
});
}
/**
* Update bucket configuration
*/
async update(
id: string,
dto: UpdateBucketDto,
): Promise<StorageBucket | null> {
const bucket = await this.findById(id);
if (!bucket) {
return null;
}
// Prevent modifying system buckets
if (bucket.isSystem) {
throw new Error('No se puede modificar un bucket del sistema');
}
// Validate storage config if changed
if (dto.storageConfig) {
this.validateStorageConfig(
bucket.storageProvider,
dto.storageConfig,
);
}
Object.assign(bucket, dto);
return this.bucketRepository.save(bucket);
}
/**
* Activate bucket
*/
async activate(id: string): Promise<boolean> {
const result = await this.bucketRepository.update(
{ id },
{ isActive: true },
);
return (result.affected ?? 0) > 0;
}
/**
* Deactivate bucket
*/
async deactivate(id: string): Promise<boolean> {
const bucket = await this.findById(id);
if (!bucket) {
return false;
}
if (bucket.isSystem) {
throw new Error('No se puede desactivar un bucket del sistema');
}
const result = await this.bucketRepository.update(
{ id },
{ isActive: false },
);
return (result.affected ?? 0) > 0;
}
/**
* Delete bucket (only if empty)
*/
async delete(id: string, force: boolean = false): Promise<boolean> {
const bucket = await this.findById(id);
if (!bucket) {
return false;
}
if (bucket.isSystem) {
throw new Error('No se puede eliminar un bucket del sistema');
}
// Check if bucket has files
const fileCount = await this.fileRepository.count({
where: { bucketId: id, status: 'active' },
});
if (fileCount > 0 && !force) {
throw new Error(
`El bucket contiene ${fileCount} archivos activos. Use force=true para eliminar con contenido.`,
);
}
if (force && fileCount > 0) {
// Soft delete all files in bucket
await this.fileRepository.update(
{ bucketId: id, status: 'active' },
{ status: 'deleted', deletedAt: new Date() },
);
}
await this.bucketRepository.delete({ id });
return true;
}
/**
* Get bucket statistics
*/
async getStats(bucketId: string): Promise<BucketStats> {
const bucket = await this.findById(bucketId);
if (!bucket) {
throw new Error('Bucket no encontrado');
}
const [
totalFilesResult,
categoryStats,
tenantCountResult,
] = await Promise.all([
this.fileRepository
.createQueryBuilder('f')
.select('COUNT(*)', 'count')
.addSelect('COALESCE(SUM(f.size_bytes), 0)', 'totalSize')
.where('f.bucket_id = :bucketId', { bucketId })
.andWhere('f.status = :status', { status: 'active' })
.getRawOne(),
this.fileRepository
.createQueryBuilder('f')
.select('f.category', 'category')
.addSelect('COUNT(*)', 'count')
.addSelect('COALESCE(SUM(f.size_bytes), 0)', 'totalSize')
.where('f.bucket_id = :bucketId', { bucketId })
.andWhere('f.status = :status', { status: 'active' })
.groupBy('f.category')
.getRawMany(),
this.fileRepository
.createQueryBuilder('f')
.select('COUNT(DISTINCT f.tenant_id)', 'count')
.where('f.bucket_id = :bucketId', { bucketId })
.andWhere('f.status = :status', { status: 'active' })
.getRawOne(),
]);
const filesByCategory: Record<string, number> = {};
const sizeByCategory: Record<string, number> = {};
for (const row of categoryStats) {
const cat = row.category || 'other';
filesByCategory[cat] = parseInt(row.count, 10);
sizeByCategory[cat] = parseInt(row.totalSize, 10);
}
return {
bucketId,
bucketName: bucket.name,
totalFiles: parseInt(totalFilesResult.count, 10),
totalSizeBytes: parseInt(totalFilesResult.totalSize, 10),
filesByCategory,
sizeByCategory,
tenantCount: parseInt(tenantCountResult.count, 10),
};
}
/**
* Get statistics for all buckets
*/
async getAllStats(): Promise<BucketStats[]> {
const buckets = await this.bucketRepository.find({
where: { isActive: true },
});
const stats: BucketStats[] = [];
for (const bucket of buckets) {
stats.push(await this.getStats(bucket.id));
}
return stats;
}
/**
* Get bucket usage by tenants
*/
async getTenantUsage(
bucketId: string,
monthYear?: string,
): Promise<
{
tenantId: string;
fileCount: number;
totalSizeBytes: number;
quotaBytes: number | null;
usagePercentage: number;
}[]
> {
const bucket = await this.findById(bucketId);
if (!bucket) {
throw new Error('Bucket no encontrado');
}
const currentMonthYear =
monthYear || this.getCurrentMonthYear();
const usages = await this.usageRepository.find({
where: { bucketId, monthYear: currentMonthYear },
});
const quotaBytes = bucket.quotaPerTenantGb
? bucket.quotaPerTenantGb * 1024 * 1024 * 1024
: null;
return usages.map((u) => ({
tenantId: u.tenantId,
fileCount: u.fileCount,
totalSizeBytes: Number(u.totalSizeBytes),
quotaBytes,
usagePercentage: quotaBytes
? (Number(u.totalSizeBytes) / quotaBytes) * 100
: 0,
}));
}
/**
* Check if file type is allowed in bucket
*/
isFileTypeAllowed(bucket: StorageBucket, mimeType: string): boolean {
// If no restrictions, allow all
if (
(!bucket.allowedMimeTypes || bucket.allowedMimeTypes.length === 0) &&
(!bucket.allowedExtensions || bucket.allowedExtensions.length === 0)
) {
return true;
}
// Check MIME type
if (bucket.allowedMimeTypes && bucket.allowedMimeTypes.length > 0) {
const isAllowed = bucket.allowedMimeTypes.some((allowed) => {
if (allowed.endsWith('/*')) {
return mimeType.startsWith(allowed.slice(0, -1));
}
return mimeType === allowed;
});
if (isAllowed) return true;
}
return false;
}
/**
* Check if file size is within bucket limits
*/
isFileSizeAllowed(bucket: StorageBucket, sizeBytes: number): boolean {
const maxSizeBytes = bucket.maxFileSizeMb * 1024 * 1024;
return sizeBytes <= maxSizeBytes;
}
/**
* Get storage provider info
*/
getStorageProviderInfo(bucket: StorageBucket): {
provider: StorageProvider;
isConfigured: boolean;
endpoint?: string;
} {
const provider = bucket.storageProvider;
const config = bucket.storageConfig || {};
let isConfigured = true;
let endpoint: string | undefined;
switch (provider) {
case 's3':
isConfigured = !!(config.bucket && config.region);
endpoint = config.bucket
? `https://${config.bucket}.s3.${config.region || 'us-east-1'}.amazonaws.com`
: undefined;
break;
case 'gcs':
isConfigured = !!config.bucket;
endpoint = config.bucket
? `https://storage.googleapis.com/${config.bucket}`
: undefined;
break;
case 'azure':
isConfigured = !!(config.account && config.container);
endpoint =
config.account && config.container
? `https://${config.account}.blob.core.windows.net/${config.container}`
: undefined;
break;
case 'local':
isConfigured = true;
endpoint = '/api/storage';
break;
}
return { provider, isConfigured, endpoint };
}
/**
* Clone bucket configuration
*/
async clone(
sourceBucketId: string,
newName: string,
overrides?: Partial<CreateBucketDto>,
): Promise<StorageBucket> {
const source = await this.findById(sourceBucketId);
if (!source) {
throw new Error('Bucket origen no encontrado');
}
// Check new name doesn't exist
const existing = await this.findByName(newName);
if (existing) {
throw new Error(`Ya existe un bucket con el nombre: ${newName}`);
}
const dto: CreateBucketDto = {
name: newName,
description: overrides?.description ?? source.description,
bucketType: overrides?.bucketType ?? source.bucketType,
maxFileSizeMb: overrides?.maxFileSizeMb ?? source.maxFileSizeMb,
allowedMimeTypes: overrides?.allowedMimeTypes ?? [...source.allowedMimeTypes],
allowedExtensions: overrides?.allowedExtensions ?? [...source.allowedExtensions],
autoDeleteDays: overrides?.autoDeleteDays ?? source.autoDeleteDays,
versioningEnabled: overrides?.versioningEnabled ?? source.versioningEnabled,
maxVersions: overrides?.maxVersions ?? source.maxVersions,
storageProvider: overrides?.storageProvider ?? source.storageProvider,
storageConfig: overrides?.storageConfig ?? { ...source.storageConfig },
quotaPerTenantGb: overrides?.quotaPerTenantGb ?? source.quotaPerTenantGb,
isSystem: false,
};
return this.create(dto);
}
// ============ Private Helper Methods ============
private validateStorageConfig(
provider: StorageProvider,
config?: Record<string, any>,
): void {
if (!config) {
throw new Error(`Se requiere configuración para el provider: ${provider}`);
}
switch (provider) {
case 's3':
if (!config.bucket || !config.region) {
throw new Error('S3 requiere: bucket, region');
}
break;
case 'gcs':
if (!config.bucket) {
throw new Error('GCS requiere: bucket');
}
break;
case 'azure':
if (!config.account || !config.container) {
throw new Error('Azure requiere: account, container');
}
break;
}
}
private getCurrentMonthYear(): string {
const date = new Date();
return `${date.getFullYear()}-${String(date.getMonth() + 1).padStart(2, '0')}`;
}
}

535
src/modules/storage/services/file-share.service.ts Normal file
View File

@ -0,0 +1,535 @@
/**
* FileShareService - Gestión de compartición de archivos
*
* Servicio para compartir archivos, gestionar permisos y enlaces públicos.
*
* @module Storage
*/
import { Repository, LessThan, IsNull, Not, MoreThan } from 'typeorm';
import { FileShare } from '../entities/file-share.entity';
import { StorageFile } from '../entities/file.entity';
import * as crypto from 'crypto';
export interface ShareFileDto {
fileId: string;
sharedWithUserId?: string;
sharedWithEmail?: string;
sharedWithRole?: string;
canView?: boolean;
canDownload?: boolean;
canEdit?: boolean;
canDelete?: boolean;
canShare?: boolean;
expiresAt?: Date;
notifyOnAccess?: boolean;
}
export interface CreatePublicLinkDto {
fileId: string;
password?: string;
expiresAt?: Date;
canDownload?: boolean;
}
export interface UpdateShareDto {
canView?: boolean;
canDownload?: boolean;
canEdit?: boolean;
canDelete?: boolean;
canShare?: boolean;
expiresAt?: Date;
notifyOnAccess?: boolean;
}
export interface ShareFilters {
fileId?: string;
sharedWithUserId?: string;
sharedWithEmail?: string;
sharedWithRole?: string;
includeRevoked?: boolean;
includeExpired?: boolean;
page?: number;
limit?: number;
}
export interface PaginatedResult<T> {
data: T[];
total: number;
page: number;
limit: number;
totalPages: number;
}
export class FileShareService {
constructor(
private readonly shareRepository: Repository<FileShare>,
private readonly fileRepository: Repository<StorageFile>,
) {}
/**
* Share a file with a user, email or role
*/
async shareFile(
tenantId: string,
dto: ShareFileDto,
createdBy?: string,
): Promise<FileShare> {
// Validate file exists
const file = await this.fileRepository.findOne({
where: { id: dto.fileId, tenantId, status: 'active' },
});
if (!file) {
throw new Error('Archivo no encontrado');
}
// At least one recipient must be specified
if (!dto.sharedWithUserId && !dto.sharedWithEmail && !dto.sharedWithRole) {
throw new Error(
'Debe especificar un usuario, email o rol para compartir',
);
}
// Check if share already exists
const existingShare = await this.shareRepository.findOne({
where: {
tenantId,
fileId: dto.fileId,
sharedWithUserId: dto.sharedWithUserId || IsNull(),
sharedWithEmail: dto.sharedWithEmail || IsNull(),
sharedWithRole: dto.sharedWithRole || IsNull(),
revokedAt: IsNull(),
},
});
if (existingShare) {
// Update existing share instead of creating duplicate
Object.assign(existingShare, {
canView: dto.canView ?? existingShare.canView,
canDownload: dto.canDownload ?? existingShare.canDownload,
canEdit: dto.canEdit ?? existingShare.canEdit,
canDelete: dto.canDelete ?? existingShare.canDelete,
canShare: dto.canShare ?? existingShare.canShare,
expiresAt: dto.expiresAt,
notifyOnAccess: dto.notifyOnAccess ?? existingShare.notifyOnAccess,
});
return this.shareRepository.save(existingShare);
}
const share = this.shareRepository.create({
tenantId,
fileId: dto.fileId,
sharedWithUserId: dto.sharedWithUserId,
sharedWithEmail: dto.sharedWithEmail,
sharedWithRole: dto.sharedWithRole,
canView: dto.canView ?? true,
canDownload: dto.canDownload ?? true,
canEdit: dto.canEdit ?? false,
canDelete: dto.canDelete ?? false,
canShare: dto.canShare ?? false,
expiresAt: dto.expiresAt,
notifyOnAccess: dto.notifyOnAccess ?? false,
createdBy,
});
return this.shareRepository.save(share);
}
/**
* Create a public shareable link
*/
async createPublicLink(
tenantId: string,
dto: CreatePublicLinkDto,
createdBy?: string,
): Promise<FileShare> {
// Validate file exists
const file = await this.fileRepository.findOne({
where: { id: dto.fileId, tenantId, status: 'active' },
});
if (!file) {
throw new Error('Archivo no encontrado');
}
// Generate unique public link
const publicLink = this.generatePublicLink();
// Hash password if provided
const hashedPassword = dto.password
? this.hashPassword(dto.password)
: undefined;
const share = this.shareRepository.create({
tenantId,
fileId: dto.fileId,
publicLink,
publicLinkPassword: hashedPassword,
canView: true,
canDownload: dto.canDownload ?? true,
canEdit: false,
canDelete: false,
canShare: false,
expiresAt: dto.expiresAt,
createdBy,
});
return this.shareRepository.save(share);
}
/**
* Get share by public link
*/
async findByPublicLink(publicLink: string): Promise<FileShare | null> {
return this.shareRepository.findOne({
where: {
publicLink,
revokedAt: IsNull(),
},
relations: ['file'],
});
}
/**
* Verify public link password
*/
verifyPublicLinkPassword(share: FileShare, password: string): boolean {
if (!share.publicLinkPassword) {
return true;
}
return share.publicLinkPassword === this.hashPassword(password);
}
/**
* Check if a public link is valid (not expired, not revoked)
*/
isPublicLinkValid(share: FileShare): boolean {
if (share.revokedAt) {
return false;
}
if (share.expiresAt && new Date() > share.expiresAt) {
return false;
}
return true;
}
/**
* Revoke a share
*/
async revokeShare(tenantId: string, shareId: string): Promise<boolean> {
const result = await this.shareRepository.update(
{ id: shareId, tenantId, revokedAt: IsNull() },
{ revokedAt: new Date() },
);
return (result.affected ?? 0) > 0;
}
/**
* Revoke all shares for a file
*/
async revokeAllSharesForFile(
tenantId: string,
fileId: string,
): Promise<number> {
const result = await this.shareRepository.update(
{ tenantId, fileId, revokedAt: IsNull() },
{ revokedAt: new Date() },
);
return result.affected ?? 0;
}
/**
* Revoke public link for a file
*/
async revokePublicLink(tenantId: string, fileId: string): Promise<boolean> {
const result = await this.shareRepository.update(
{ tenantId, fileId, publicLink: Not(IsNull()), revokedAt: IsNull() },
{ revokedAt: new Date() },
);
return (result.affected ?? 0) > 0;
}
/**
* Get files shared with a specific user
*/
async getSharedWithMe(
tenantId: string,
userId: string,
options?: {
includeExpired?: boolean;
page?: number;
limit?: number;
},
): Promise<PaginatedResult<FileShare>> {
const page = options?.page || 1;
const limit = Math.min(options?.limit || 20, 100);
const skip = (page - 1) * limit;
const qb = this.shareRepository
.createQueryBuilder('s')
.leftJoinAndSelect('s.file', 'file')
.where('s.tenant_id = :tenantId', { tenantId })
.andWhere('s.shared_with_user_id = :userId', { userId })
.andWhere('s.revoked_at IS NULL')
.andWhere('file.status = :status', { status: 'active' });
if (!options?.includeExpired) {
qb.andWhere('(s.expires_at IS NULL OR s.expires_at > :now)', {
now: new Date(),
});
}
const [data, total] = await qb
.orderBy('s.created_at', 'DESC')
.skip(skip)
.take(limit)
.getManyAndCount();
return {
data,
total,
page,
limit,
totalPages: Math.ceil(total / limit),
};
}
/**
* Get files shared by a specific user
*/
async getSharedByMe(
tenantId: string,
userId: string,
options?: {
includeExpired?: boolean;
includeRevoked?: boolean;
page?: number;
limit?: number;
},
): Promise<PaginatedResult<FileShare>> {
const page = options?.page || 1;
const limit = Math.min(options?.limit || 20, 100);
const skip = (page - 1) * limit;
const qb = this.shareRepository
.createQueryBuilder('s')
.leftJoinAndSelect('s.file', 'file')
.where('s.tenant_id = :tenantId', { tenantId })
.andWhere('s.created_by = :userId', { userId })
.andWhere('file.status = :status', { status: 'active' });
if (!options?.includeRevoked) {
qb.andWhere('s.revoked_at IS NULL');
}
if (!options?.includeExpired) {
qb.andWhere('(s.expires_at IS NULL OR s.expires_at > :now)', {
now: new Date(),
});
}
const [data, total] = await qb
.orderBy('s.created_at', 'DESC')
.skip(skip)
.take(limit)
.getManyAndCount();
return {
data,
total,
page,
limit,
totalPages: Math.ceil(total / limit),
};
}
/**
* Get all shares for a file
*/
async getSharesForFile(
tenantId: string,
fileId: string,
includeRevoked: boolean = false,
): Promise<FileShare[]> {
const where: any = { tenantId, fileId };
if (!includeRevoked) {
where.revokedAt = IsNull();
}
return this.shareRepository.find({
where,
order: { createdAt: 'DESC' },
});
}
/**
* Check if user has access to a file through shares
*/
async checkAccess(
tenantId: string,
fileId: string,
userId: string,
permission: 'view' | 'download' | 'edit' | 'delete' | 'share',
): Promise<boolean> {
const qb = this.shareRepository
.createQueryBuilder('s')
.where('s.tenant_id = :tenantId', { tenantId })
.andWhere('s.file_id = :fileId', { fileId })
.andWhere('s.shared_with_user_id = :userId', { userId })
.andWhere('s.revoked_at IS NULL')
.andWhere('(s.expires_at IS NULL OR s.expires_at > :now)', {
now: new Date(),
});
// Add permission filter
const permissionField = `can_${permission}`;
qb.andWhere(`s.${permissionField} = :allowed`, { allowed: true });
const count = await qb.getCount();
return count > 0;
}
/**
* Get user permissions for a file
*/
async getUserPermissions(
tenantId: string,
fileId: string,
userId: string,
): Promise<{
canView: boolean;
canDownload: boolean;
canEdit: boolean;
canDelete: boolean;
canShare: boolean;
}> {
const shares = await this.shareRepository.find({
where: {
tenantId,
fileId,
sharedWithUserId: userId,
revokedAt: IsNull(),
},
});
// Filter out expired shares
const now = new Date();
const validShares = shares.filter(
(s) => !s.expiresAt || s.expiresAt > now,
);
if (validShares.length === 0) {
return {
canView: false,
canDownload: false,
canEdit: false,
canDelete: false,
canShare: false,
};
}
// Merge permissions from all valid shares (most permissive wins)
return {
canView: validShares.some((s) => s.canView),
canDownload: validShares.some((s) => s.canDownload),
canEdit: validShares.some((s) => s.canEdit),
canDelete: validShares.some((s) => s.canDelete),
canShare: validShares.some((s) => s.canShare),
};
}
/**
* Update share permissions
*/
async updateShare(
tenantId: string,
shareId: string,
dto: UpdateShareDto,
): Promise<FileShare | null> {
const share = await this.shareRepository.findOne({
where: { id: shareId, tenantId, revokedAt: IsNull() },
});
if (!share) {
return null;
}
Object.assign(share, dto);
return this.shareRepository.save(share);
}
/**
* Record share access (view/download)
*/
async recordAccess(
shareId: string,
accessType: 'view' | 'download',
): Promise<void> {
const updates: any = { lastAccessedAt: new Date() };
if (accessType === 'view') {
updates.viewCount = () => 'view_count + 1';
} else if (accessType === 'download') {
updates.downloadCount = () => 'download_count + 1';
}
await this.shareRepository.update({ id: shareId }, updates);
}
/**
* Clean up expired shares
*/
async cleanupExpiredShares(tenantId?: string): Promise<number> {
const where: any = {
expiresAt: LessThan(new Date()),
revokedAt: IsNull(),
};
if (tenantId) {
where.tenantId = tenantId;
}
const result = await this.shareRepository.update(where, {
revokedAt: new Date(),
});
return result.affected ?? 0;
}
/**
* Get share statistics for a file
*/
async getShareStats(
tenantId: string,
fileId: string,
): Promise<{
totalShares: number;
activeShares: number;
totalViews: number;
totalDownloads: number;
hasPublicLink: boolean;
}> {
const shares = await this.shareRepository.find({
where: { tenantId, fileId },
});
const now = new Date();
const activeShares = shares.filter(
(s) => !s.revokedAt && (!s.expiresAt || s.expiresAt > now),
);
return {
totalShares: shares.length,
activeShares: activeShares.length,
totalViews: shares.reduce((sum, s) => sum + (s.viewCount || 0), 0),
totalDownloads: shares.reduce((sum, s) => sum + (s.downloadCount || 0), 0),
hasPublicLink: activeShares.some((s) => s.publicLink),
};
}
// ============ Private Helper Methods ============
private generatePublicLink(): string {
return crypto.randomBytes(16).toString('hex');
}
private hashPassword(password: string): string {
return crypto.createHash('sha256').update(password).digest('hex');
}
}

617
src/modules/storage/services/file.service.ts Normal file
View File

@ -0,0 +1,617 @@
/**
* FileService - Gestión de archivos de almacenamiento
*
* Servicio para CRUD de archivos, metadatos y operaciones de versionado.
* Integración con StorageService para generación de URLs.
*
* @module Storage
*/
import { Repository, FindOptionsWhere, In } from 'typeorm';
import { StorageFile, FileCategory, FileStatus } from '../entities/file.entity';
import { StorageBucket } from '../entities/bucket.entity';
import { StorageFolder } from '../entities/folder.entity';
import { TenantUsage } from '../entities/tenant-usage.entity';
import * as crypto from 'crypto';
import * as path from 'path';
export interface CreateFileDto {
bucketId: string;
folderId?: string;
name?: string;
originalName: string;
mimeType: string;
sizeBytes: number;
storageKey: string;
checksumMd5?: string;
checksumSha256?: string;
metadata?: Record<string, any>;
tags?: string[];
altText?: string;
entityType?: string;
entityId?: string;
isPublic?: boolean;
width?: number;
height?: number;
}
export interface UpdateFileDto {
name?: string;
folderId?: string;
metadata?: Record<string, any>;
tags?: string[];
altText?: string;
entityType?: string;
entityId?: string;
isPublic?: boolean;
}
export interface FileFilters {
bucketId?: string;
folderId?: string;
category?: FileCategory;
mimeType?: string;
status?: FileStatus;
search?: string;
tags?: string[];
entityType?: string;
entityId?: string;
isPublic?: boolean;
createdFrom?: Date;
createdTo?: Date;
page?: number;
limit?: number;
}
export interface PaginatedResult<T> {
data: T[];
total: number;
page: number;
limit: number;
totalPages: number;
}
export class FileService {
constructor(
private readonly fileRepository: Repository<StorageFile>,
private readonly bucketRepository: Repository<StorageBucket>,
private readonly folderRepository: Repository<StorageFolder>,
private readonly usageRepository: Repository<TenantUsage>,
) {}
/**
* Create a new file record
*/
async create(
tenantId: string,
dto: CreateFileDto,
userId?: string,
): Promise<StorageFile> {
// Validate bucket exists
const bucket = await this.bucketRepository.findOne({
where: { id: dto.bucketId, isActive: true },
});
if (!bucket) {
throw new Error('Bucket no encontrado o inactivo');
}
// Validate folder if provided
if (dto.folderId) {
const folder = await this.folderRepository.findOne({
where: { id: dto.folderId, tenantId, bucketId: dto.bucketId },
});
if (!folder) {
throw new Error('Carpeta no encontrada');
}
}
// Validate file type if bucket has restrictions
if (bucket.allowedMimeTypes && bucket.allowedMimeTypes.length > 0) {
const isAllowed = bucket.allowedMimeTypes.some((allowed) =>
dto.mimeType.startsWith(allowed.replace('*', '')),
);
if (!isAllowed) {
throw new Error(`Tipo de archivo no permitido: ${dto.mimeType}`);
}
}
// Validate file size
const maxSizeBytes = bucket.maxFileSizeMb * 1024 * 1024;
if (dto.sizeBytes > maxSizeBytes) {
throw new Error(
`Archivo excede el tamaño máximo: ${bucket.maxFileSizeMb}MB`,
);
}
const uniqueName = dto.name || this.generateUniqueFileName(dto.originalName);
const ext = path.extname(dto.originalName).substring(1).toLowerCase();
const category = this.categorizeFile(dto.mimeType);
const file = this.fileRepository.create({
tenantId,
bucketId: dto.bucketId,
folderId: dto.folderId,
name: uniqueName,
originalName: dto.originalName,
path: dto.storageKey,
mimeType: dto.mimeType,
extension: ext,
category,
sizeBytes: dto.sizeBytes,
storageKey: dto.storageKey,
checksumMd5: dto.checksumMd5,
checksumSha256: dto.checksumSha256,
metadata: dto.metadata || {},
tags: dto.tags || [],
altText: dto.altText,
entityType: dto.entityType,
entityId: dto.entityId,
isPublic: dto.isPublic || false,
width: dto.width,
height: dto.height,
uploadedBy: userId,
status: 'active',
});
const savedFile = await this.fileRepository.save(file);
// Update folder statistics if file is in a folder
if (dto.folderId) {
await this.updateFolderStats(tenantId, dto.folderId);
}
// Update tenant usage
await this.updateTenantUsage(tenantId, dto.bucketId, dto.sizeBytes, 1);
return savedFile;
}
/**
* Find file by ID
*/
async findById(tenantId: string, id: string): Promise<StorageFile | null> {
return this.fileRepository.findOne({
where: { id, tenantId, status: 'active' },
relations: ['bucket', 'folder'],
});
}
/**
* Find file by checksum (for deduplication)
*/
async findByChecksum(
tenantId: string,
checksumSha256: string,
bucketId?: string,
): Promise<StorageFile | null> {
const where: FindOptionsWhere<StorageFile> = {
tenantId,
checksumSha256,
status: 'active',
};
if (bucketId) {
where.bucketId = bucketId;
}
return this.fileRepository.findOne({ where });
}
/**
* Find all files with filters and pagination
*/
async findAll(
tenantId: string,
filters: FileFilters = {},
): Promise<PaginatedResult<StorageFile>> {
const page = filters.page || 1;
const limit = Math.min(filters.limit || 20, 100);
const skip = (page - 1) * limit;
const qb = this.fileRepository
.createQueryBuilder('f')
.leftJoinAndSelect('f.bucket', 'bucket')
.leftJoinAndSelect('f.folder', 'folder')
.where('f.tenant_id = :tenantId', { tenantId })
.andWhere('f.status = :status', { status: filters.status || 'active' });
if (filters.bucketId) {
qb.andWhere('f.bucket_id = :bucketId', { bucketId: filters.bucketId });
}
if (filters.folderId) {
qb.andWhere('f.folder_id = :folderId', { folderId: filters.folderId });
}
if (filters.category) {
qb.andWhere('f.category = :category', { category: filters.category });
}
if (filters.mimeType) {
qb.andWhere('f.mime_type LIKE :mimeType', {
mimeType: `${filters.mimeType}%`,
});
}
if (filters.entityType) {
qb.andWhere('f.entity_type = :entityType', {
entityType: filters.entityType,
});
}
if (filters.entityId) {
qb.andWhere('f.entity_id = :entityId', { entityId: filters.entityId });
}
if (filters.isPublic !== undefined) {
qb.andWhere('f.is_public = :isPublic', { isPublic: filters.isPublic });
}
if (filters.search) {
qb.andWhere(
'(f.name ILIKE :search OR f.original_name ILIKE :search OR f.alt_text ILIKE :search)',
{ search: `%${filters.search}%` },
);
}
if (filters.tags && filters.tags.length > 0) {
qb.andWhere('f.tags && :tags', { tags: filters.tags });
}
if (filters.createdFrom) {
qb.andWhere('f.created_at >= :createdFrom', {
createdFrom: filters.createdFrom,
});
}
if (filters.createdTo) {
qb.andWhere('f.created_at <= :createdTo', {
createdTo: filters.createdTo,
});
}
qb.orderBy('f.created_at', 'DESC').skip(skip).take(limit);
const [data, total] = await qb.getManyAndCount();
return {
data,
total,
page,
limit,
totalPages: Math.ceil(total / limit),
};
}
/**
* Find files by entity association
*/
async findByEntity(
tenantId: string,
entityType: string,
entityId: string,
): Promise<StorageFile[]> {
return this.fileRepository.find({
where: { tenantId, entityType, entityId, status: 'active' },
relations: ['bucket'],
order: { createdAt: 'DESC' },
});
}
/**
* Find multiple files by IDs
*/
async findByIds(tenantId: string, ids: string[]): Promise<StorageFile[]> {
return this.fileRepository.find({
where: { tenantId, id: In(ids), status: 'active' },
relations: ['bucket', 'folder'],
});
}
/**
* Update file metadata
*/
async update(
tenantId: string,
id: string,
dto: UpdateFileDto,
): Promise<StorageFile | null> {
const file = await this.findById(tenantId, id);
if (!file) {
return null;
}
const oldFolderId = file.folderId;
// If moving to a different folder, validate it
if (dto.folderId && dto.folderId !== file.folderId) {
const newFolder = await this.folderRepository.findOne({
where: { id: dto.folderId, tenantId, bucketId: file.bucketId },
});
if (!newFolder) {
throw new Error('Carpeta destino no encontrada');
}
}
Object.assign(file, dto);
const savedFile = await this.fileRepository.save(file);
// Update folder statistics if folder changed
if (dto.folderId && dto.folderId !== oldFolderId) {
if (oldFolderId) {
await this.updateFolderStats(tenantId, oldFolderId);
}
await this.updateFolderStats(tenantId, dto.folderId);
}
return savedFile;
}
/**
* Update file tags
*/
async updateTags(
tenantId: string,
id: string,
tags: string[],
): Promise<StorageFile | null> {
const file = await this.findById(tenantId, id);
if (!file) {
return null;
}
file.tags = tags;
return this.fileRepository.save(file);
}
/**
* Add tags to file
*/
async addTags(
tenantId: string,
id: string,
tags: string[],
): Promise<StorageFile | null> {
const file = await this.findById(tenantId, id);
if (!file) {
return null;
}
const uniqueTags = [...new Set([...file.tags, ...tags])];
file.tags = uniqueTags;
return this.fileRepository.save(file);
}
/**
* Remove tags from file
*/
async removeTags(
tenantId: string,
id: string,
tags: string[],
): Promise<StorageFile | null> {
const file = await this.findById(tenantId, id);
if (!file) {
return null;
}
file.tags = file.tags.filter((t) => !tags.includes(t));
return this.fileRepository.save(file);
}
/**
* Soft delete a file
*/
async delete(tenantId: string, id: string): Promise<boolean> {
const file = await this.findById(tenantId, id);
if (!file) {
return false;
}
await this.fileRepository.update(
{ id, tenantId },
{ status: 'deleted', deletedAt: new Date() },
);
// Update folder statistics
if (file.folderId) {
await this.updateFolderStats(tenantId, file.folderId);
}
// Update tenant usage (subtract)
await this.updateTenantUsage(
tenantId,
file.bucketId,
-file.sizeBytes,
-1,
);
return true;
}
/**
* Restore a deleted file
*/
async restore(tenantId: string, id: string): Promise<StorageFile | null> {
const file = await this.fileRepository.findOne({
where: { id, tenantId, status: 'deleted' },
});
if (!file) {
return null;
}
file.status = 'active';
file.deletedAt = undefined;
const restoredFile = await this.fileRepository.save(file);
// Update folder statistics
if (file.folderId) {
await this.updateFolderStats(tenantId, file.folderId);
}
// Update tenant usage (add back)
await this.updateTenantUsage(tenantId, file.bucketId, file.sizeBytes, 1);
return restoredFile;
}
/**
* Move file to a different folder
*/
async moveToFolder(
tenantId: string,
fileId: string,
targetFolderId: string | null,
): Promise<StorageFile | null> {
const file = await this.findById(tenantId, fileId);
if (!file) {
return null;
}
// Validate target folder if provided
if (targetFolderId) {
const targetFolder = await this.folderRepository.findOne({
where: { id: targetFolderId, tenantId, bucketId: file.bucketId },
});
if (!targetFolder) {
throw new Error('Carpeta destino no encontrada');
}
}
const oldFolderId = file.folderId;
file.folderId = targetFolderId;
const savedFile = await this.fileRepository.save(file);
// Update folder statistics
if (oldFolderId) {
await this.updateFolderStats(tenantId, oldFolderId);
}
if (targetFolderId) {
await this.updateFolderStats(tenantId, targetFolderId);
}
return savedFile;
}
/**
* Record file access
*/
async recordAccess(tenantId: string, id: string): Promise<void> {
await this.fileRepository.update(
{ id, tenantId },
{
accessCount: () => 'access_count + 1',
lastAccessedAt: new Date(),
},
);
}
/**
* Get file statistics by category
*/
async getStatsByCategory(
tenantId: string,
bucketId?: string,
): Promise<{ category: string; count: number; totalSize: number }[]> {
const qb = this.fileRepository
.createQueryBuilder('f')
.select('f.category', 'category')
.addSelect('COUNT(*)', 'count')
.addSelect('COALESCE(SUM(f.size_bytes), 0)', 'totalSize')
.where('f.tenant_id = :tenantId', { tenantId })
.andWhere('f.status = :status', { status: 'active' });
if (bucketId) {
qb.andWhere('f.bucket_id = :bucketId', { bucketId });
}
const results = await qb.groupBy('f.category').getRawMany();
return results.map((r) => ({
category: r.category || 'other',
count: parseInt(r.count, 10),
totalSize: parseInt(r.totalSize, 10),
}));
}
// ============ Private Helper Methods ============
private generateUniqueFileName(originalName: string): string {
const ext = path.extname(originalName);
const base = path.basename(originalName, ext);
const timestamp = Date.now();
const random = crypto.randomBytes(4).toString('hex');
return `${base}_${timestamp}_${random}${ext}`;
}
private categorizeFile(
mimeType: string,
): 'image' | 'document' | 'video' | 'audio' | 'archive' | 'other' {
if (mimeType.startsWith('image/')) return 'image';
if (mimeType.startsWith('video/')) return 'video';
if (mimeType.startsWith('audio/')) return 'audio';
if (
mimeType.includes('pdf') ||
mimeType.includes('document') ||
mimeType.includes('spreadsheet') ||
mimeType.includes('text/')
) {
return 'document';
}
if (
mimeType.includes('zip') ||
mimeType.includes('tar') ||
mimeType.includes('rar') ||
mimeType.includes('7z')
) {
return 'archive';
}
return 'other';
}
private async updateFolderStats(
tenantId: string,
folderId: string,
): Promise<void> {
const stats = await this.fileRepository
.createQueryBuilder('f')
.select('COUNT(*)', 'count')
.addSelect('COALESCE(SUM(f.size_bytes), 0)', 'totalSize')
.where('f.tenant_id = :tenantId', { tenantId })
.andWhere('f.folder_id = :folderId', { folderId })
.andWhere('f.status = :status', { status: 'active' })
.getRawOne();
await this.folderRepository.update(
{ id: folderId, tenantId },
{
fileCount: parseInt(stats.count, 10),
totalSizeBytes: parseInt(stats.totalSize, 10),
},
);
}
private getCurrentMonthYear(): string {
const date = new Date();
return `${date.getFullYear()}-${String(date.getMonth() + 1).padStart(2, '0')}`;
}
private async updateTenantUsage(
tenantId: string,
bucketId: string,
sizeChange: number,
countChange: number,
): Promise<void> {
const monthYear = this.getCurrentMonthYear();
let usage = await this.usageRepository.findOne({
where: { tenantId, bucketId, monthYear },
});
if (!usage) {
usage = this.usageRepository.create({
tenantId,
bucketId,
monthYear,
totalSizeBytes: Math.max(0, sizeChange),
fileCount: Math.max(0, countChange),
});
} else {
usage.totalSizeBytes = Math.max(
0,
Number(usage.totalSizeBytes || 0) + sizeChange,
);
usage.fileCount = Math.max(0, (usage.fileCount || 0) + countChange);
}
await this.usageRepository.save(usage);
}
}

562
src/modules/storage/services/folder.service.ts Normal file
View File

@ -0,0 +1,562 @@
/**
* FolderService - Gestión de carpetas de almacenamiento
*
* Servicio para CRUD de carpetas, estructura jerárquica y operaciones de movimiento.
*
* @module Storage
*/
import { Repository, IsNull, Not, In } from 'typeorm';
import { StorageFolder } from '../entities/folder.entity';
import { StorageBucket } from '../entities/bucket.entity';
import { StorageFile } from '../entities/file.entity';
export interface CreateFolderDto {
bucketId: string;
parentId?: string;
name: string;
description?: string;
color?: string;
icon?: string;
isPrivate?: boolean;
}
export interface UpdateFolderDto {
name?: string;
description?: string;
color?: string;
icon?: string;
isPrivate?: boolean;
}
export interface FolderFilters {
bucketId?: string;
parentId?: string | null;
isPrivate?: boolean;
ownerId?: string;
search?: string;
page?: number;
limit?: number;
}
export interface FolderTreeNode {
id: string;
name: string;
path: string;
depth: number;
fileCount: number;
totalSizeBytes: number;
children: FolderTreeNode[];
}
export interface PaginatedResult<T> {
data: T[];
total: number;
page: number;
limit: number;
totalPages: number;
}
export class FolderService {
constructor(
private readonly folderRepository: Repository<StorageFolder>,
private readonly bucketRepository: Repository<StorageBucket>,
private readonly fileRepository: Repository<StorageFile>,
) {}
/**
* Create a new folder
*/
async create(
tenantId: string,
dto: CreateFolderDto,
userId?: string,
): Promise<StorageFolder> {
// Validate bucket exists
const bucket = await this.bucketRepository.findOne({
where: { id: dto.bucketId, isActive: true },
});
if (!bucket) {
throw new Error('Bucket no encontrado o inactivo');
}
// Calculate path and depth
let parentPath = '';
let depth = 0;
if (dto.parentId) {
const parent = await this.folderRepository.findOne({
where: { id: dto.parentId, tenantId, bucketId: dto.bucketId },
});
if (!parent) {
throw new Error('Carpeta padre no encontrada');
}
parentPath = parent.path;
depth = parent.depth + 1;
}
const folderPath = parentPath ? `${parentPath}/${dto.name}` : dto.name;
// Check if folder with same path already exists
const existing = await this.folderRepository.findOne({
where: { tenantId, bucketId: dto.bucketId, path: folderPath },
});
if (existing) {
throw new Error('Ya existe una carpeta con ese nombre en esta ubicación');
}
const folder = this.folderRepository.create({
tenantId,
bucketId: dto.bucketId,
parentId: dto.parentId,
name: dto.name,
path: folderPath,
depth,
description: dto.description,
color: dto.color,
icon: dto.icon,
isPrivate: dto.isPrivate || false,
ownerId: dto.isPrivate ? userId : undefined,
createdBy: userId,
});
return this.folderRepository.save(folder);
}
/**
* Find folder by ID
*/
async findById(tenantId: string, id: string): Promise<StorageFolder | null> {
return this.folderRepository.findOne({
where: { id, tenantId },
relations: ['bucket', 'parent'],
});
}
/**
* Find folder by path
*/
async findByPath(
tenantId: string,
bucketId: string,
path: string,
): Promise<StorageFolder | null> {
return this.folderRepository.findOne({
where: { tenantId, bucketId, path },
relations: ['bucket', 'parent'],
});
}
/**
* Find all folders with filters
*/
async findAll(
tenantId: string,
filters: FolderFilters = {},
): Promise<PaginatedResult<StorageFolder>> {
const page = filters.page || 1;
const limit = Math.min(filters.limit || 50, 200);
const skip = (page - 1) * limit;
const qb = this.folderRepository
.createQueryBuilder('f')
.leftJoinAndSelect('f.bucket', 'bucket')
.leftJoinAndSelect('f.parent', 'parent')
.where('f.tenant_id = :tenantId', { tenantId });
if (filters.bucketId) {
qb.andWhere('f.bucket_id = :bucketId', { bucketId: filters.bucketId });
}
if (filters.parentId === null) {
qb.andWhere('f.parent_id IS NULL');
} else if (filters.parentId) {
qb.andWhere('f.parent_id = :parentId', { parentId: filters.parentId });
}
if (filters.isPrivate !== undefined) {
qb.andWhere('f.is_private = :isPrivate', { isPrivate: filters.isPrivate });
}
if (filters.ownerId) {
qb.andWhere('f.owner_id = :ownerId', { ownerId: filters.ownerId });
}
if (filters.search) {
qb.andWhere('(f.name ILIKE :search OR f.description ILIKE :search)', {
search: `%${filters.search}%`,
});
}
qb.orderBy('f.name', 'ASC').skip(skip).take(limit);
const [data, total] = await qb.getManyAndCount();
return {
data,
total,
page,
limit,
totalPages: Math.ceil(total / limit),
};
}
/**
* Get root folders (no parent) for a bucket
*/
async getRootFolders(
tenantId: string,
bucketId: string,
): Promise<StorageFolder[]> {
return this.folderRepository.find({
where: { tenantId, bucketId, parentId: IsNull() },
order: { name: 'ASC' },
});
}
/**
* Get children of a folder
*/
async getChildren(
tenantId: string,
folderId: string,
): Promise<StorageFolder[]> {
return this.folderRepository.find({
where: { tenantId, parentId: folderId },
order: { name: 'ASC' },
});
}
/**
* Get full folder tree for a bucket
*/
async getTree(
tenantId: string,
bucketId: string,
rootFolderId?: string,
): Promise<FolderTreeNode[]> {
// Get all folders in the bucket
const allFolders = await this.folderRepository.find({
where: { tenantId, bucketId },
order: { path: 'ASC' },
});
// Build tree structure
const folderMap = new Map<string, FolderTreeNode>();
const rootNodes: FolderTreeNode[] = [];
// First pass: create all nodes
for (const folder of allFolders) {
folderMap.set(folder.id, {
id: folder.id,
name: folder.name,
path: folder.path,
depth: folder.depth,
fileCount: folder.fileCount,
totalSizeBytes: Number(folder.totalSizeBytes),
children: [],
});
}
// Second pass: build hierarchy
for (const folder of allFolders) {
const node = folderMap.get(folder.id);
if (!node) continue;
if (rootFolderId) {
// If we have a root folder ID, start from there
if (folder.id === rootFolderId) {
rootNodes.push(node);
} else if (folder.parentId) {
const parentNode = folderMap.get(folder.parentId);
if (parentNode) {
parentNode.children.push(node);
}
}
} else {
// No root folder, start from top-level folders
if (!folder.parentId) {
rootNodes.push(node);
} else {
const parentNode = folderMap.get(folder.parentId);
if (parentNode) {
parentNode.children.push(node);
}
}
}
}
return rootNodes;
}
/**
* Get folder breadcrumb (path from root to folder)
*/
async getBreadcrumb(
tenantId: string,
folderId: string,
): Promise<{ id: string; name: string; path: string }[]> {
const folder = await this.findById(tenantId, folderId);
if (!folder) {
return [];
}
const breadcrumb: { id: string; name: string; path: string }[] = [];
let currentFolder: StorageFolder | null = folder;
while (currentFolder) {
breadcrumb.unshift({
id: currentFolder.id,
name: currentFolder.name,
path: currentFolder.path,
});
if (currentFolder.parentId) {
currentFolder = await this.folderRepository.findOne({
where: { id: currentFolder.parentId, tenantId },
});
} else {
currentFolder = null;
}
}
return breadcrumb;
}
/**
* Update folder
*/
async update(
tenantId: string,
id: string,
dto: UpdateFolderDto,
): Promise<StorageFolder | null> {
const folder = await this.findById(tenantId, id);
if (!folder) {
return null;
}
// If renaming, update path and all descendant paths
if (dto.name && dto.name !== folder.name) {
const oldPath = folder.path;
const newPath = folder.parentId
? `${folder.path.substring(0, folder.path.lastIndexOf('/'))}/${dto.name}`
: dto.name;
// Update all descendant paths
await this.updateDescendantPaths(tenantId, oldPath, newPath);
folder.path = newPath;
}
Object.assign(folder, dto);
return this.folderRepository.save(folder);
}
/**
* Move folder to a new parent
*/
async move(
tenantId: string,
folderId: string,
newParentId: string | null,
): Promise<StorageFolder | null> {
const folder = await this.findById(tenantId, folderId);
if (!folder) {
return null;
}
// Prevent moving to self
if (newParentId === folderId) {
throw new Error('No se puede mover una carpeta a sí misma');
}
// Validate new parent if provided
let newParent: StorageFolder | null = null;
if (newParentId) {
newParent = await this.folderRepository.findOne({
where: { id: newParentId, tenantId, bucketId: folder.bucketId },
});
if (!newParent) {
throw new Error('Carpeta destino no encontrada');
}
// Prevent moving to a descendant
if (newParent.path.startsWith(folder.path + '/')) {
throw new Error('No se puede mover una carpeta a una de sus subcarpetas');
}
}
const oldPath = folder.path;
const newPath = newParent
? `${newParent.path}/${folder.name}`
: folder.name;
const newDepth = newParent ? newParent.depth + 1 : 0;
// Check if folder with same name already exists in new location
const existing = await this.folderRepository.findOne({
where: {
tenantId,
bucketId: folder.bucketId,
path: newPath,
id: Not(folderId),
},
});
if (existing) {
throw new Error('Ya existe una carpeta con ese nombre en el destino');
}
// Update all descendant paths
await this.updateDescendantPaths(tenantId, oldPath, newPath);
// Update folder
folder.parentId = newParentId;
folder.path = newPath;
folder.depth = newDepth;
return this.folderRepository.save(folder);
}
/**
* Delete folder and optionally its contents
*/
async delete(
tenantId: string,
id: string,
deleteContents: boolean = false,
): Promise<boolean> {
const folder = await this.findById(tenantId, id);
if (!folder) {
return false;
}
// Check if folder has contents
const hasFiles = await this.fileRepository.count({
where: { tenantId, folderId: id, status: 'active' },
});
const hasSubfolders = await this.folderRepository.count({
where: { tenantId, parentId: id },
});
if ((hasFiles > 0 || hasSubfolders > 0) && !deleteContents) {
throw new Error(
'La carpeta no está vacía. Use deleteContents=true para eliminar con contenido.',
);
}
if (deleteContents) {
// Soft delete all files in folder and subfolders
const descendantFolderIds = await this.getDescendantIds(tenantId, id);
const allFolderIds = [id, ...descendantFolderIds];
await this.fileRepository.update(
{ tenantId, folderId: In(allFolderIds), status: 'active' },
{ status: 'deleted', deletedAt: new Date() },
);
// Delete subfolders
for (const folderId of descendantFolderIds.reverse()) {
await this.folderRepository.delete({ id: folderId, tenantId });
}
}
// Delete the folder
await this.folderRepository.delete({ id, tenantId });
return true;
}
/**
* Get folder statistics
*/
async getStats(
tenantId: string,
folderId: string,
): Promise<{
fileCount: number;
subfolderCount: number;
totalSizeBytes: number;
filesByCategory: Record<string, number>;
}> {
const folder = await this.findById(tenantId, folderId);
if (!folder) {
throw new Error('Carpeta no encontrada');
}
// Get all descendant folder IDs including current
const descendantIds = await this.getDescendantIds(tenantId, folderId);
const allFolderIds = [folderId, ...descendantIds];
const [fileStats, categoryStats] = await Promise.all([
this.fileRepository
.createQueryBuilder('f')
.select('COUNT(*)', 'count')
.addSelect('COALESCE(SUM(f.size_bytes), 0)', 'totalSize')
.where('f.tenant_id = :tenantId', { tenantId })
.andWhere('f.folder_id IN (:...folderIds)', { folderIds: allFolderIds })
.andWhere('f.status = :status', { status: 'active' })
.getRawOne(),
this.fileRepository
.createQueryBuilder('f')
.select('f.category', 'category')
.addSelect('COUNT(*)', 'count')
.where('f.tenant_id = :tenantId', { tenantId })
.andWhere('f.folder_id IN (:...folderIds)', { folderIds: allFolderIds })
.andWhere('f.status = :status', { status: 'active' })
.groupBy('f.category')
.getRawMany(),
]);
const filesByCategory: Record<string, number> = {};
for (const row of categoryStats) {
filesByCategory[row.category || 'other'] = parseInt(row.count, 10);
}
return {
fileCount: parseInt(fileStats.count, 10),
subfolderCount: descendantIds.length,
totalSizeBytes: parseInt(fileStats.totalSize, 10),
filesByCategory,
};
}
// ============ Private Helper Methods ============
private async updateDescendantPaths(
tenantId: string,
oldPath: string,
newPath: string,
): Promise<void> {
// Update all folders that start with the old path
await this.folderRepository
.createQueryBuilder()
.update(StorageFolder)
.set({
path: () => `REPLACE(path, '${oldPath}', '${newPath}')`,
depth: () =>
`depth + ${newPath.split('/').length - oldPath.split('/').length}`,
})
.where('tenant_id = :tenantId', { tenantId })
.andWhere('path LIKE :pathPattern', { pathPattern: `${oldPath}/%` })
.execute();
}
private async getDescendantIds(
tenantId: string,
folderId: string,
): Promise<string[]> {
const folder = await this.findById(tenantId, folderId);
if (!folder) {
return [];
}
const descendants = await this.folderRepository.find({
where: { tenantId, bucketId: folder.bucketId },
select: ['id', 'path'],
});
return descendants
.filter((d) => d.path.startsWith(folder.path + '/'))
.map((d) => d.id);
}
}

5
src/modules/storage/services/index.ts
View File

@ -3,3 +3,8 @@
*/
export * from './storage.service';
export * from './file.service';
export * from './folder.service';
export * from './file-share.service';
export * from './bucket.service';
export * from './tenant-usage.service';

666
src/modules/storage/services/tenant-usage.service.ts Normal file
View File

@ -0,0 +1,666 @@
/**
* TenantUsageService - Gestión de uso de almacenamiento por tenant
*
* Servicio para tracking de uso, cuotas y reportes de consumo por tenant.
*
* @module Storage
*/
import { Repository, Between, LessThanOrEqual, MoreThanOrEqual } from 'typeorm';
import { TenantUsage } from '../entities/tenant-usage.entity';
import { StorageBucket } from '../entities/bucket.entity';
import { StorageFile } from '../entities/file.entity';
export interface UsageSnapshot {
tenantId: string;
bucketId: string;
monthYear: string;
fileCount: number;
totalSizeBytes: number;
quotaBytes: number | null;
quotaFileCount: number | null;
usagePercentage: number;
fileCountPercentage: number;
usageByCategory: Record<string, number>;
monthlyUploadBytes: number;
monthlyDownloadBytes: number;
}
export interface QuotaStatus {
isOverQuota: boolean;
isOverFileCount: boolean;
remainingBytes: number | null;
remainingFiles: number | null;
warningLevel: 'none' | 'warning' | 'critical' | 'exceeded';
}
export interface UsageTrend {
monthYear: string;
fileCount: number;
totalSizeBytes: number;
uploadBytes: number;
downloadBytes: number;
}
export interface TenantUsageReport {
tenantId: string;
totalSizeBytes: number;
totalFileCount: number;
bucketUsage: {
bucketId: string;
bucketName: string;
sizeBytes: number;
fileCount: number;
percentage: number;
}[];
categoryUsage: Record<string, { count: number; sizeBytes: number }>;
trends: UsageTrend[];
}
export class TenantUsageService {
constructor(
private readonly usageRepository: Repository<TenantUsage>,
private readonly bucketRepository: Repository<StorageBucket>,
private readonly fileRepository: Repository<StorageFile>,
) {}
/**
* Get current usage for a tenant
*/
async getUsage(
tenantId: string,
bucketId?: string,
): Promise<UsageSnapshot[]> {
const monthYear = this.getCurrentMonthYear();
const where: any = { tenantId, monthYear };
if (bucketId) {
where.bucketId = bucketId;
}
const usages = await this.usageRepository.find({
where,
relations: ['bucket'],
});
return usages.map((u) => this.toUsageSnapshot(u));
}
/**
* Get aggregated usage across all buckets
*/
async getAggregatedUsage(tenantId: string): Promise<{
totalSizeBytes: number;
totalFileCount: number;
totalQuotaBytes: number | null;
usagePercentage: number;
buckets: UsageSnapshot[];
}> {
const snapshots = await this.getUsage(tenantId);
let totalSizeBytes = 0;
let totalFileCount = 0;
let totalQuotaBytes: number | null = 0;
let hasUnlimitedQuota = false;
for (const snapshot of snapshots) {
totalSizeBytes += snapshot.totalSizeBytes;
totalFileCount += snapshot.fileCount;
if (snapshot.quotaBytes === null) {
hasUnlimitedQuota = true;
} else if (!hasUnlimitedQuota) {
totalQuotaBytes! += snapshot.quotaBytes;
}
}
if (hasUnlimitedQuota) {
totalQuotaBytes = null;
}
return {
totalSizeBytes,
totalFileCount,
totalQuotaBytes,
usagePercentage: totalQuotaBytes
? (totalSizeBytes / totalQuotaBytes) * 100
: 0,
buckets: snapshots,
};
}
/**
* Get quota status for a tenant
*/
async getQuota(
tenantId: string,
bucketId: string,
): Promise<{
quotaBytes: number | null;
quotaFileCount: number | null;
usedBytes: number;
usedFileCount: number;
status: QuotaStatus;
}> {
const monthYear = this.getCurrentMonthYear();
const usage = await this.usageRepository.findOne({
where: { tenantId, bucketId, monthYear },
relations: ['bucket'],
});
const bucket = await this.bucketRepository.findOne({
where: { id: bucketId },
});
const quotaBytes = bucket?.quotaPerTenantGb
? bucket.quotaPerTenantGb * 1024 * 1024 * 1024
: null;
const quotaFileCount = usage?.quotaFileCount ?? null;
const usedBytes = Number(usage?.totalSizeBytes ?? 0);
const usedFileCount = usage?.fileCount ?? 0;
return {
quotaBytes,
quotaFileCount,
usedBytes,
usedFileCount,
status: this.calculateQuotaStatus(
usedBytes,
quotaBytes,
usedFileCount,
quotaFileCount,
),
};
}
/**
* Check if tenant has quota available
*/
async checkQuota(
tenantId: string,
bucketId: string,
additionalBytes: number,
additionalFiles: number = 1,
): Promise<{
allowed: boolean;
reason?: string;
bytesRemaining: number | null;
filesRemaining: number | null;
}> {
const quota = await this.getQuota(tenantId, bucketId);
// Check bytes quota
if (quota.quotaBytes !== null) {
const newTotal = quota.usedBytes + additionalBytes;
if (newTotal > quota.quotaBytes) {
return {
allowed: false,
reason: `Excede la cuota de almacenamiento: ${this.formatBytes(quota.quotaBytes)}`,
bytesRemaining: quota.quotaBytes - quota.usedBytes,
filesRemaining: quota.quotaFileCount
? quota.quotaFileCount - quota.usedFileCount
: null,
};
}
}
// Check file count quota
if (quota.quotaFileCount !== null) {
const newCount = quota.usedFileCount + additionalFiles;
if (newCount > quota.quotaFileCount) {
return {
allowed: false,
reason: `Excede la cuota de archivos: ${quota.quotaFileCount}`,
bytesRemaining: quota.quotaBytes
? quota.quotaBytes - quota.usedBytes
: null,
filesRemaining: quota.quotaFileCount - quota.usedFileCount,
};
}
}
return {
allowed: true,
bytesRemaining: quota.quotaBytes
? quota.quotaBytes - quota.usedBytes - additionalBytes
: null,
filesRemaining: quota.quotaFileCount
? quota.quotaFileCount - quota.usedFileCount - additionalFiles
: null,
};
}
/**
* Track usage (called when files are uploaded/deleted)
*/
async trackUsage(
tenantId: string,
bucketId: string,
sizeChange: number,
countChange: number,
category?: string,
): Promise<TenantUsage> {
const monthYear = this.getCurrentMonthYear();
let usage = await this.usageRepository.findOne({
where: { tenantId, bucketId, monthYear },
});
const bucket = await this.bucketRepository.findOne({
where: { id: bucketId },
});
if (!usage) {
usage = this.usageRepository.create({
tenantId,
bucketId,
monthYear,
fileCount: 0,
totalSizeBytes: 0,
quotaBytes: bucket?.quotaPerTenantGb
? bucket.quotaPerTenantGb * 1024 * 1024 * 1024
: undefined,
usageByCategory: {},
monthlyUploadBytes: 0,
monthlyDownloadBytes: 0,
});
}
// Update totals
usage.totalSizeBytes = Math.max(
0,
Number(usage.totalSizeBytes || 0) + sizeChange,
);
usage.fileCount = Math.max(0, (usage.fileCount || 0) + countChange);
// Track uploads (positive size change)
if (sizeChange > 0) {
usage.monthlyUploadBytes = Number(usage.monthlyUploadBytes || 0) + sizeChange;
}
// Update category breakdown
if (category) {
const categoryUsage = usage.usageByCategory || {};
categoryUsage[category] = Math.max(
0,
(categoryUsage[category] || 0) + sizeChange,
);
usage.usageByCategory = categoryUsage;
}
return this.usageRepository.save(usage);
}
/**
* Track download activity
*/
async trackDownload(
tenantId: string,
bucketId: string,
downloadBytes: number,
): Promise<void> {
const monthYear = this.getCurrentMonthYear();
let usage = await this.usageRepository.findOne({
where: { tenantId, bucketId, monthYear },
});
if (usage) {
usage.monthlyDownloadBytes =
Number(usage.monthlyDownloadBytes || 0) + downloadBytes;
await this.usageRepository.save(usage);
}
}
/**
* Set quota for a tenant/bucket
*/
async setQuota(
tenantId: string,
bucketId: string,
quotaBytes?: number,
quotaFileCount?: number,
): Promise<TenantUsage> {
const monthYear = this.getCurrentMonthYear();
let usage = await this.usageRepository.findOne({
where: { tenantId, bucketId, monthYear },
});
if (!usage) {
usage = this.usageRepository.create({
tenantId,
bucketId,
monthYear,
fileCount: 0,
totalSizeBytes: 0,
usageByCategory: {},
monthlyUploadBytes: 0,
monthlyDownloadBytes: 0,
});
}
if (quotaBytes !== undefined) {
usage.quotaBytes = quotaBytes;
}
if (quotaFileCount !== undefined) {
usage.quotaFileCount = quotaFileCount;
}
return this.usageRepository.save(usage);
}
/**
* Get usage trends over time
*/
async getUsageTrends(
tenantId: string,
bucketId?: string,
months: number = 12,
): Promise<UsageTrend[]> {
const endDate = new Date();
const startDate = new Date();
startDate.setMonth(startDate.getMonth() - months + 1);
const startMonthYear = this.formatMonthYear(startDate);
const endMonthYear = this.formatMonthYear(endDate);
const qb = this.usageRepository
.createQueryBuilder('u')
.select('u.month_year', 'monthYear')
.addSelect('SUM(u.file_count)', 'fileCount')
.addSelect('SUM(u.total_size_bytes)', 'totalSizeBytes')
.addSelect('SUM(u.monthly_upload_bytes)', 'uploadBytes')
.addSelect('SUM(u.monthly_download_bytes)', 'downloadBytes')
.where('u.tenant_id = :tenantId', { tenantId })
.andWhere('u.month_year >= :startMonthYear', { startMonthYear })
.andWhere('u.month_year <= :endMonthYear', { endMonthYear });
if (bucketId) {
qb.andWhere('u.bucket_id = :bucketId', { bucketId });
}
const results = await qb
.groupBy('u.month_year')
.orderBy('u.month_year', 'ASC')
.getRawMany();
return results.map((r) => ({
monthYear: r.monthYear,
fileCount: parseInt(r.fileCount, 10),
totalSizeBytes: parseInt(r.totalSizeBytes, 10),
uploadBytes: parseInt(r.uploadBytes, 10),
downloadBytes: parseInt(r.downloadBytes, 10),
}));
}
/**
* Generate comprehensive usage report for a tenant
*/
async generateReport(
tenantId: string,
months: number = 6,
): Promise<TenantUsageReport> {
// Get all buckets
const buckets = await this.bucketRepository.find({
where: { isActive: true },
});
const bucketMap = new Map(buckets.map((b) => [b.id, b]));
// Get current month usage
const currentUsage = await this.getUsage(tenantId);
// Get usage trends
const trends = await this.getUsageTrends(tenantId, undefined, months);
// Calculate totals
let totalSizeBytes = 0;
let totalFileCount = 0;
const categoryUsage: Record<string, { count: number; sizeBytes: number }> = {};
const bucketUsage = currentUsage.map((u) => {
totalSizeBytes += u.totalSizeBytes;
totalFileCount += u.fileCount;
// Aggregate category usage
for (const [category, size] of Object.entries(u.usageByCategory)) {
if (!categoryUsage[category]) {
categoryUsage[category] = { count: 0, sizeBytes: 0 };
}
categoryUsage[category].sizeBytes += size;
}
return {
bucketId: u.bucketId,
bucketName: bucketMap.get(u.bucketId)?.name || 'Unknown',
sizeBytes: u.totalSizeBytes,
fileCount: u.fileCount,
percentage: 0, // Will be calculated below
};
});
// Calculate percentages
for (const bu of bucketUsage) {
bu.percentage = totalSizeBytes > 0 ? (bu.sizeBytes / totalSizeBytes) * 100 : 0;
}
// Get file counts by category from actual files
const fileCategoryStats = await this.fileRepository
.createQueryBuilder('f')
.select('f.category', 'category')
.addSelect('COUNT(*)', 'count')
.where('f.tenant_id = :tenantId', { tenantId })
.andWhere('f.status = :status', { status: 'active' })
.groupBy('f.category')
.getRawMany();
for (const stat of fileCategoryStats) {
const cat = stat.category || 'other';
if (!categoryUsage[cat]) {
categoryUsage[cat] = { count: 0, sizeBytes: 0 };
}
categoryUsage[cat].count = parseInt(stat.count, 10);
}
return {
tenantId,
totalSizeBytes,
totalFileCount,
bucketUsage,
categoryUsage,
trends,
};
}
/**
* Get tenants approaching quota limits
*/
async getTenantsNearQuota(
threshold: number = 80,
): Promise<
{
tenantId: string;
bucketId: string;
bucketName: string;
usagePercentage: number;
usedBytes: number;
quotaBytes: number;
}[]
> {
const monthYear = this.getCurrentMonthYear();
const usages = await this.usageRepository.find({
where: { monthYear },
relations: ['bucket'],
});
const results: {
tenantId: string;
bucketId: string;
bucketName: string;
usagePercentage: number;
usedBytes: number;
quotaBytes: number;
}[] = [];
for (const usage of usages) {
if (!usage.quotaBytes) continue;
const usagePercentage =
(Number(usage.totalSizeBytes) / Number(usage.quotaBytes)) * 100;
if (usagePercentage >= threshold) {
results.push({
tenantId: usage.tenantId,
bucketId: usage.bucketId,
bucketName: usage.bucket?.name || 'Unknown',
usagePercentage,
usedBytes: Number(usage.totalSizeBytes),
quotaBytes: Number(usage.quotaBytes),
});
}
}
return results.sort((a, b) => b.usagePercentage - a.usagePercentage);
}
/**
* Recalculate usage from actual file data
*/
async recalculateUsage(tenantId: string, bucketId: string): Promise<TenantUsage> {
const monthYear = this.getCurrentMonthYear();
// Get actual file statistics
const stats = await this.fileRepository
.createQueryBuilder('f')
.select('COUNT(*)', 'count')
.addSelect('COALESCE(SUM(f.size_bytes), 0)', 'totalSize')
.where('f.tenant_id = :tenantId', { tenantId })
.andWhere('f.bucket_id = :bucketId', { bucketId })
.andWhere('f.status = :status', { status: 'active' })
.getRawOne();
// Get category breakdown
const categoryStats = await this.fileRepository
.createQueryBuilder('f')
.select('f.category', 'category')
.addSelect('COALESCE(SUM(f.size_bytes), 0)', 'totalSize')
.where('f.tenant_id = :tenantId', { tenantId })
.andWhere('f.bucket_id = :bucketId', { bucketId })
.andWhere('f.status = :status', { status: 'active' })
.groupBy('f.category')
.getRawMany();
const usageByCategory: Record<string, number> = {};
for (const row of categoryStats) {
usageByCategory[row.category || 'other'] = parseInt(row.totalSize, 10);
}
// Update or create usage record
let usage = await this.usageRepository.findOne({
where: { tenantId, bucketId, monthYear },
});
if (!usage) {
const bucket = await this.bucketRepository.findOne({
where: { id: bucketId },
});
usage = this.usageRepository.create({
tenantId,
bucketId,
monthYear,
quotaBytes: bucket?.quotaPerTenantGb
? bucket.quotaPerTenantGb * 1024 * 1024 * 1024
: undefined,
monthlyUploadBytes: 0,
monthlyDownloadBytes: 0,
});
}
usage.fileCount = parseInt(stats.count, 10);
usage.totalSizeBytes = parseInt(stats.totalSize, 10);
usage.usageByCategory = usageByCategory;
return this.usageRepository.save(usage);
}
// ============ Private Helper Methods ============
private getCurrentMonthYear(): string {
return this.formatMonthYear(new Date());
}
private formatMonthYear(date: Date): string {
return `${date.getFullYear()}-${String(date.getMonth() + 1).padStart(2, '0')}`;
}
private toUsageSnapshot(usage: TenantUsage): UsageSnapshot {
const quotaBytes = usage.quotaBytes ? Number(usage.quotaBytes) : null;
const totalSizeBytes = Number(usage.totalSizeBytes || 0);
return {
tenantId: usage.tenantId,
bucketId: usage.bucketId,
monthYear: usage.monthYear,
fileCount: usage.fileCount || 0,
totalSizeBytes,
quotaBytes,
quotaFileCount: usage.quotaFileCount ?? null,
usagePercentage: quotaBytes ? (totalSizeBytes / quotaBytes) * 100 : 0,
fileCountPercentage: usage.quotaFileCount
? ((usage.fileCount || 0) / usage.quotaFileCount) * 100
: 0,
usageByCategory: usage.usageByCategory || {},
monthlyUploadBytes: Number(usage.monthlyUploadBytes || 0),
monthlyDownloadBytes: Number(usage.monthlyDownloadBytes || 0),
};
}
private calculateQuotaStatus(
usedBytes: number,
quotaBytes: number | null,
usedFileCount: number,
quotaFileCount: number | null,
): QuotaStatus {
const isOverQuota = quotaBytes !== null && usedBytes > quotaBytes;
const isOverFileCount =
quotaFileCount !== null && usedFileCount > quotaFileCount;
let warningLevel: 'none' | 'warning' | 'critical' | 'exceeded' = 'none';
if (isOverQuota || isOverFileCount) {
warningLevel = 'exceeded';
} else if (quotaBytes !== null) {
const usagePercentage = (usedBytes / quotaBytes) * 100;
if (usagePercentage >= 90) {
warningLevel = 'critical';
} else if (usagePercentage >= 75) {
warningLevel = 'warning';
}
}
return {
isOverQuota,
isOverFileCount,
remainingBytes: quotaBytes !== null ? quotaBytes - usedBytes : null,
remainingFiles:
quotaFileCount !== null ? quotaFileCount - usedFileCount : null,
warningLevel,
};
}
private formatBytes(bytes: number): string {
const units = ['B', 'KB', 'MB', 'GB', 'TB'];
let unitIndex = 0;
let size = bytes;
while (size >= 1024 && unitIndex < units.length - 1) {
size /= 1024;
unitIndex++;
}
return `${size.toFixed(2)} ${units[unitIndex]}`;
}
}

21
src/shared/database/typeorm.config.ts
View File

@ -2,23 +2,24 @@
* TypeORM Configuration
* Configuración de conexión a PostgreSQL
*
* IMPORTANTE: Usa valores desde config/index.ts para mantener consistencia.
* NO duplicar valores aquí - siempre importar de config centralizado.
*
* @see https://typeorm.io/data-source-options
*/
import { DataSource } from 'typeorm';
import dotenv from 'dotenv';
dotenv.config();
import { config } from '../../config';
export const AppDataSource = new DataSource({
type: 'postgres',
url: process.env.DATABASE_URL,
host: process.env.DB_HOST || 'localhost',
port: parseInt(process.env.DB_PORT || '5432'),
username: process.env.DB_USER || 'erp_user',
password: process.env.DB_PASSWORD || 'erp_dev_password',
database: process.env.DB_NAME || 'erp_construccion',
synchronize: process.env.DB_SYNCHRONIZE === 'true', // ⚠️ NUNCA en producción
url: config.database.url,
host: config.database.host,
port: config.database.port,
username: config.database.user,
password: config.database.password,
database: config.database.name,
synchronize: config.isDevelopment && process.env.DB_SYNCHRONIZE === 'true', // ⚠️ NUNCA en producción
logging: process.env.DB_LOGGING === 'true',
entities: [
__dirname + '/../../modules/**/entities/*.entity{.ts,.js}',

89
src/shared/middleware/auth.middleware.ts
View File

@ -68,6 +68,78 @@ export function requireRoles(...roles: string[]) {
};
}
/**
* Verifica si el usuario tiene permiso para realizar una accion sobre un recurso.
* Implementa validacion por roles con fallback a roles predefinidos.
*
* Jerarquia de roles:
* - super_admin: Acceso total
* - admin: Acceso total excepto system:manage
* - manager: Acceso a recursos de negocio
* - Otros roles: Sin acceso por defecto (requiere implementacion de BD)
*/
function checkPermission(roles: string[], resource: string, action: string): boolean {
// Super admin tiene acceso total
if (roles.includes('super_admin')) {
return true;
}
// Admin tiene acceso a todo excepto system:manage
if (roles.includes('admin')) {
if (resource === 'system' && action === 'manage') {
return false;
}
return true;
}
// Manager tiene acceso a recursos de negocio
if (roles.includes('manager')) {
const managerResources = [
'projects', 'estimates', 'budgets', 'inventory', 'purchases',
'sales', 'partners', 'employees', 'timesheets', 'reports',
'construction', 'hse', 'finance', 'documents', 'assets',
'fraccionamientos', 'etapas', 'manzanas', 'lotes', 'prototipos',
'avances', 'bitacora', 'programa', 'incidentes', 'capacitaciones',
'inspecciones', 'presupuestos', 'conceptos', 'estimaciones',
];
return managerResources.includes(resource);
}
// Engineer tiene acceso limitado
if (roles.includes('engineer') || roles.includes('resident')) {
const engineerResources = [
'projects', 'construction', 'avances', 'bitacora', 'programa',
'hse', 'incidentes', 'inspecciones', 'reports',
'fraccionamientos', 'etapas', 'manzanas', 'lotes',
];
const readOnlyActions = ['read', 'list', 'view'];
if (engineerResources.includes(resource)) {
return true;
}
// Para otros recursos, solo lectura
return readOnlyActions.includes(action);
}
// Finance tiene acceso a modulos financieros
if (roles.includes('finance')) {
const financeResources = [
'finance', 'accounting', 'invoices', 'payments', 'reports',
'estimates', 'budgets', 'accounts-payable', 'accounts-receivable',
];
return financeResources.includes(resource);
}
// Viewer solo tiene acceso de lectura
if (roles.includes('viewer')) {
const readOnlyActions = ['read', 'list', 'view'];
return readOnlyActions.includes(action);
}
// Por defecto, sin acceso
// TODO: Implementar consulta a BD para permisos personalizados
return false;
}
export function requirePermission(resource: string, action: string) {
return async (req: Request, _res: Response, next: NextFunction): Promise<void> => {
try {
@ -75,13 +147,20 @@ export function requirePermission(resource: string, action: string) {
throw new UnauthorizedError('Usuario no autenticado');
}
// Superusers bypass permission checks
if (req.user.roles.includes('super_admin')) {
return next();
const userRoles = req.user.roles || [];
const hasPermission = checkPermission(userRoles, resource, action);
if (!hasPermission) {
logger.warn('Permission denied', {
userId: req.user.sub,
resource,
action,
userRoles,
});
throw new ForbiddenError(`No tiene permisos para ${action} en ${resource}`);
}
// TODO: Check permission in database
logger.debug('Permission check', {
logger.debug('Permission granted', {
userId: req.user.sub,
resource,
action,