Initial commit: TicketingSystem

Internal ticketing app with CTI routing, severity levels, and n8n integration. Stack: Express + TypeScript + Prisma + PostgreSQL / React + Vite + Tailwind - JWT auth for users, API key auth for service accounts (Goddard/n8n) - CTI hierarchy (Category > Type > Item) for ticket routing - Severity 1-5, auto-close resolved tickets after 14 days - Gitea Actions CI/CD building separate server/client images - Production docker-compose.yml with Traefik integration Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-30 19:38:32 -04:00
commit 21894fad7a
50 changed files with 3293 additions and 0 deletions
--- a/server/src/index.ts
+++ b/server/src/index.ts
@@ -0,0 +1,41 @@
+import 'express-async-errors'
+import express from 'express'
+import cors from 'cors'
+import dotenv from 'dotenv'
+
+import authRoutes from './routes/auth'
+import ticketRoutes from './routes/tickets'
+import ctiRoutes from './routes/cti'
+import userRoutes from './routes/users'
+import { authenticate } from './middleware/auth'
+import { errorHandler } from './middleware/errorHandler'
+import { startAutoCloseJob } from './jobs/autoClose'
+
+dotenv.config()
+
+if (!process.env.JWT_SECRET) {
+  console.error('FATAL: JWT_SECRET is not set')
+  process.exit(1)
+}
+
+const app = express()
+
+app.use(cors({ origin: process.env.CLIENT_URL || 'http://localhost:5173' }))
+app.use(express.json())
+
+// Public
+app.use('/api/auth', authRoutes)
+
+// Protected
+app.use('/api/tickets', authenticate, ticketRoutes)
+app.use('/api/cti', authenticate, ctiRoutes)
+app.use('/api/users', authenticate, userRoutes)
+
+app.use(errorHandler)
+
+startAutoCloseJob()
+
+const PORT = Number(process.env.PORT) || 3000
+app.listen(PORT, () => {
+  console.log(`Server running on port ${PORT}`)
+})
--- a/server/src/jobs/autoClose.ts
+++ b/server/src/jobs/autoClose.ts
@@ -0,0 +1,24 @@
+import cron from 'node-cron'
+import prisma from '../lib/prisma'
+
+export function startAutoCloseJob() {
+  // Run every hour — closes RESOLVED tickets that have been resolved for 14+ days
+  cron.schedule('0 * * * *', async () => {
+    const twoWeeksAgo = new Date()
+    twoWeeksAgo.setDate(twoWeeksAgo.getDate() - 14)
+
+    const result = await prisma.ticket.updateMany({
+      where: {
+        status: 'RESOLVED',
+        resolvedAt: { lte: twoWeeksAgo },
+      },
+      data: { status: 'CLOSED' },
+    })
+
+    if (result.count > 0) {
+      console.log(`[AutoClose] Closed ${result.count} ticket(s) after 2-week resolution period`)
+    }
+  })
+
+  console.log('[AutoClose] Job scheduled — runs every hour')
+}
--- a/server/src/lib/prisma.ts
+++ b/server/src/lib/prisma.ts
@@ -0,0 +1,5 @@
+import { PrismaClient } from '@prisma/client'
+
+const prisma = new PrismaClient()
+
+export default prisma
--- a/server/src/middleware/auth.ts
+++ b/server/src/middleware/auth.ts
@@ -0,0 +1,57 @@
+import { Request, Response, NextFunction } from 'express'
+import jwt from 'jsonwebtoken'
+import prisma from '../lib/prisma'
+
+export interface AuthRequest extends Request {
+  user?: {
+    id: string
+    role: string
+    username: string
+  }
+}
+
+export const authenticate = async (
+  req: AuthRequest,
+  res: Response,
+  next: NextFunction
+) => {
+  const apiKey = req.headers['x-api-key'] as string | undefined
+
+  if (apiKey) {
+    const user = await prisma.user.findUnique({ where: { apiKey } })
+    if (!user || user.role !== 'SERVICE') {
+      return res.status(401).json({ error: 'Invalid API key' })
+    }
+    req.user = { id: user.id, role: user.role, username: user.username }
+    return next()
+  }
+
+  const authHeader = req.headers.authorization
+  if (!authHeader?.startsWith('Bearer ')) {
+    return res.status(401).json({ error: 'Unauthorized' })
+  }
+
+  const token = authHeader.split(' ')[1]
+  try {
+    const payload = jwt.verify(token, process.env.JWT_SECRET!) as {
+      id: string
+      role: string
+      username: string
+    }
+    req.user = payload
+    next()
+  } catch {
+    return res.status(401).json({ error: 'Invalid or expired token' })
+  }
+}
+
+export const requireAdmin = (
+  req: AuthRequest,
+  res: Response,
+  next: NextFunction
+) => {
+  if (req.user?.role !== 'ADMIN') {
+    return res.status(403).json({ error: 'Admin access required' })
+  }
+  next()
+}
--- a/server/src/middleware/errorHandler.ts
+++ b/server/src/middleware/errorHandler.ts
@@ -0,0 +1,29 @@
+import { Request, Response, NextFunction } from 'express'
+import { ZodError } from 'zod'
+
+export function errorHandler(
+  err: any,
+  req: Request,
+  res: Response,
+  next: NextFunction
+) {
+  console.error(err)
+
+  if (err instanceof ZodError) {
+    return res.status(400).json({ error: 'Validation error', details: err.flatten() })
+  }
+
+  // Prisma unique constraint violation
+  if (err.code === 'P2002') {
+    return res.status(409).json({ error: 'A record with that value already exists' })
+  }
+
+  // Prisma record not found
+  if (err.code === 'P2025') {
+    return res.status(404).json({ error: 'Record not found' })
+  }
+
+  const status = err.status || err.statusCode || 500
+  const message = err.message || 'Internal server error'
+  res.status(status).json({ error: message })
+}
--- a/server/src/routes/auth.ts
+++ b/server/src/routes/auth.ts
@@ -0,0 +1,54 @@
+import { Router } from 'express'
+import bcrypt from 'bcryptjs'
+import jwt from 'jsonwebtoken'
+import { z } from 'zod'
+import prisma from '../lib/prisma'
+import { authenticate, AuthRequest } from '../middleware/auth'
+
+const router = Router()
+
+const loginSchema = z.object({
+  username: z.string().min(1),
+  password: z.string().min(1),
+})
+
+router.post('/login', async (req, res) => {
+  const { username, password } = loginSchema.parse(req.body)
+
+  const user = await prisma.user.findUnique({ where: { username } })
+  if (!user || !(await bcrypt.compare(password, user.passwordHash))) {
+    return res.status(401).json({ error: 'Invalid credentials' })
+  }
+
+  if (user.role === 'SERVICE') {
+    return res.status(401).json({ error: 'Service accounts must authenticate via API key' })
+  }
+
+  const token = jwt.sign(
+    { id: user.id, role: user.role, username: user.username },
+    process.env.JWT_SECRET!,
+    { expiresIn: '24h' }
+  )
+
+  res.json({
+    token,
+    user: {
+      id: user.id,
+      username: user.username,
+      displayName: user.displayName,
+      email: user.email,
+      role: user.role,
+    },
+  })
+})
+
+router.get('/me', authenticate, async (req: AuthRequest, res) => {
+  const user = await prisma.user.findUnique({
+    where: { id: req.user!.id },
+    select: { id: true, username: true, displayName: true, email: true, role: true },
+  })
+  if (!user) return res.status(404).json({ error: 'User not found' })
+  res.json(user)
+})
+
+export default router
--- a/server/src/routes/comments.ts
+++ b/server/src/routes/comments.ts
@@ -0,0 +1,49 @@
+import { Router } from 'express'
+import { z } from 'zod'
+import prisma from '../lib/prisma'
+import { AuthRequest } from '../middleware/auth'
+
+// mergeParams: true so req.params.ticketId is accessible from the parent router
+const router = Router({ mergeParams: true })
+
+const commentSchema = z.object({
+  body: z.string().min(1),
+})
+
+router.post('/', async (req: AuthRequest, res) => {
+  const { body } = commentSchema.parse(req.body)
+
+  const ticket = await prisma.ticket.findUnique({
+    where: { id: (req.params as any).ticketId },
+  })
+  if (!ticket) return res.status(404).json({ error: 'Ticket not found' })
+
+  const comment = await prisma.comment.create({
+    data: {
+      body,
+      ticketId: (req.params as any).ticketId,
+      authorId: req.user!.id,
+    },
+    include: {
+      author: { select: { id: true, username: true, displayName: true } },
+    },
+  })
+
+  res.status(201).json(comment)
+})
+
+router.delete('/:commentId', async (req: AuthRequest, res) => {
+  const comment = await prisma.comment.findUnique({
+    where: { id: req.params.commentId },
+  })
+  if (!comment) return res.status(404).json({ error: 'Comment not found' })
+
+  if (comment.authorId !== req.user!.id && req.user!.role !== 'ADMIN') {
+    return res.status(403).json({ error: 'Not allowed' })
+  }
+
+  await prisma.comment.delete({ where: { id: req.params.commentId } })
+  res.status(204).send()
+})
+
+export default router
--- a/server/src/routes/cti.ts
+++ b/server/src/routes/cti.ts
@@ -0,0 +1,113 @@
+import { Router } from 'express'
+import { z } from 'zod'
+import prisma from '../lib/prisma'
+import { requireAdmin } from '../middleware/auth'
+
+const router = Router()
+
+const nameSchema = z.object({ name: z.string().min(1).max(100) })
+
+// ── Categories ────────────────────────────────────────────────────────────────
+
+router.get('/categories', async (_req, res) => {
+  const categories = await prisma.category.findMany({ orderBy: { name: 'asc' } })
+  res.json(categories)
+})
+
+router.post('/categories', requireAdmin, async (req, res) => {
+  const { name } = nameSchema.parse(req.body)
+  const category = await prisma.category.create({ data: { name } })
+  res.status(201).json(category)
+})
+
+router.put('/categories/:id', requireAdmin, async (req, res) => {
+  const { name } = nameSchema.parse(req.body)
+  const category = await prisma.category.update({
+    where: { id: req.params.id },
+    data: { name },
+  })
+  res.json(category)
+})
+
+router.delete('/categories/:id', requireAdmin, async (req, res) => {
+  await prisma.category.delete({ where: { id: req.params.id } })
+  res.status(204).send()
+})
+
+// ── Types ─────────────────────────────────────────────────────────────────────
+
+router.get('/types', async (req, res) => {
+  const { categoryId } = req.query
+  const types = await prisma.type.findMany({
+    where: categoryId ? { categoryId: categoryId as string } : undefined,
+    include: { category: true },
+    orderBy: { name: 'asc' },
+  })
+  res.json(types)
+})
+
+router.post('/types', requireAdmin, async (req, res) => {
+  const { name, categoryId } = z
+    .object({ name: z.string().min(1).max(100), categoryId: z.string().min(1) })
+    .parse(req.body)
+  const type = await prisma.type.create({
+    data: { name, categoryId },
+    include: { category: true },
+  })
+  res.status(201).json(type)
+})
+
+router.put('/types/:id', requireAdmin, async (req, res) => {
+  const { name } = nameSchema.parse(req.body)
+  const type = await prisma.type.update({
+    where: { id: req.params.id },
+    data: { name },
+    include: { category: true },
+  })
+  res.json(type)
+})
+
+router.delete('/types/:id', requireAdmin, async (req, res) => {
+  await prisma.type.delete({ where: { id: req.params.id } })
+  res.status(204).send()
+})
+
+// ── Items ─────────────────────────────────────────────────────────────────────
+
+router.get('/items', async (req, res) => {
+  const { typeId } = req.query
+  const items = await prisma.item.findMany({
+    where: typeId ? { typeId: typeId as string } : undefined,
+    include: { type: { include: { category: true } } },
+    orderBy: { name: 'asc' },
+  })
+  res.json(items)
+})
+
+router.post('/items', requireAdmin, async (req, res) => {
+  const { name, typeId } = z
+    .object({ name: z.string().min(1).max(100), typeId: z.string().min(1) })
+    .parse(req.body)
+  const item = await prisma.item.create({
+    data: { name, typeId },
+    include: { type: { include: { category: true } } },
+  })
+  res.status(201).json(item)
+})
+
+router.put('/items/:id', requireAdmin, async (req, res) => {
+  const { name } = nameSchema.parse(req.body)
+  const item = await prisma.item.update({
+    where: { id: req.params.id },
+    data: { name },
+    include: { type: { include: { category: true } } },
+  })
+  res.json(item)
+})
+
+router.delete('/items/:id', requireAdmin, async (req, res) => {
+  await prisma.item.delete({ where: { id: req.params.id } })
+  res.status(204).send()
+})
+
+export default router
--- a/server/src/routes/tickets.ts
+++ b/server/src/routes/tickets.ts
@@ -0,0 +1,130 @@
+import { Router } from 'express'
+import { z } from 'zod'
+import prisma from '../lib/prisma'
+import { requireAdmin, AuthRequest } from '../middleware/auth'
+import commentRouter from './comments'
+
+const router = Router()
+
+const ticketInclude = {
+  category: true,
+  type: true,
+  item: true,
+  assignee: { select: { id: true, username: true, displayName: true } },
+  createdBy: { select: { id: true, username: true, displayName: true } },
+  comments: {
+    include: { author: { select: { id: true, username: true, displayName: true } } },
+    orderBy: { createdAt: 'asc' as const },
+  },
+} as const
+
+const createSchema = z.object({
+  title: z.string().min(1).max(255),
+  overview: z.string().min(1),
+  severity: z.number().int().min(1).max(5),
+  categoryId: z.string().min(1),
+  typeId: z.string().min(1),
+  itemId: z.string().min(1),
+  assigneeId: z.string().optional(),
+})
+
+const updateSchema = z.object({
+  title: z.string().min(1).max(255).optional(),
+  overview: z.string().min(1).optional(),
+  severity: z.number().int().min(1).max(5).optional(),
+  status: z.enum(['OPEN', 'IN_PROGRESS', 'RESOLVED', 'CLOSED']).optional(),
+  categoryId: z.string().min(1).optional(),
+  typeId: z.string().min(1).optional(),
+  itemId: z.string().min(1).optional(),
+  assigneeId: z.string().nullable().optional(),
+})
+
+// Mount comment sub-router
+router.use('/:ticketId/comments', commentRouter)
+
+// GET /api/tickets
+router.get('/', async (req: AuthRequest, res) => {
+  const { status, severity, assigneeId, categoryId, search } = req.query
+
+  const where: Record<string, any> = {}
+  if (status) where.status = status
+  if (severity) where.severity = Number(severity)
+  if (assigneeId) where.assigneeId = assigneeId
+  if (categoryId) where.categoryId = categoryId
+  if (search) {
+    where.OR = [
+      { title: { contains: search as string, mode: 'insensitive' } },
+      { overview: { contains: search as string, mode: 'insensitive' } },
+    ]
+  }
+
+  const tickets = await prisma.ticket.findMany({
+    where,
+    include: {
+      category: true,
+      type: true,
+      item: true,
+      assignee: { select: { id: true, username: true, displayName: true } },
+      createdBy: { select: { id: true, username: true, displayName: true } },
+      _count: { select: { comments: true } },
+    },
+    orderBy: [{ severity: 'asc' }, { createdAt: 'desc' }],
+  })
+
+  res.json(tickets)
+})
+
+// GET /api/tickets/:id
+router.get('/:id', async (req, res) => {
+  const ticket = await prisma.ticket.findUnique({
+    where: { id: req.params.id },
+    include: ticketInclude,
+  })
+  if (!ticket) return res.status(404).json({ error: 'Ticket not found' })
+  res.json(ticket)
+})
+
+// POST /api/tickets
+router.post('/', async (req: AuthRequest, res) => {
+  const data = createSchema.parse(req.body)
+
+  const ticket = await prisma.ticket.create({
+    data: { ...data, createdById: req.user!.id },
+    include: ticketInclude,
+  })
+
+  res.status(201).json(ticket)
+})
+
+// PATCH /api/tickets/:id
+router.patch('/:id', async (req: AuthRequest, res) => {
+  const data = updateSchema.parse(req.body)
+
+  const existing = await prisma.ticket.findUnique({ where: { id: req.params.id } })
+  if (!existing) return res.status(404).json({ error: 'Ticket not found' })
+
+  const update: Record<string, any> = { ...data }
+
+  if (data.status === 'RESOLVED' && existing.status !== 'RESOLVED') {
+    update.resolvedAt = new Date()
+  } else if (data.status && data.status !== 'RESOLVED' && existing.status === 'RESOLVED') {
+    // Re-opening a resolved ticket resets the 2-week auto-close timer
+    update.resolvedAt = null
+  }
+
+  const ticket = await prisma.ticket.update({
+    where: { id: req.params.id },
+    data: update,
+    include: ticketInclude,
+  })
+
+  res.json(ticket)
+})
+
+// DELETE /api/tickets/:id — admin only
+router.delete('/:id', requireAdmin, async (req, res) => {
+  await prisma.ticket.delete({ where: { id: req.params.id } })
+  res.status(204).send()
+})
+
+export default router
--- a/server/src/routes/users.ts
+++ b/server/src/routes/users.ts
@@ -0,0 +1,103 @@
+import { Router } from 'express'
+import bcrypt from 'bcryptjs'
+import crypto from 'crypto'
+import { z } from 'zod'
+import prisma from '../lib/prisma'
+import { requireAdmin, AuthRequest } from '../middleware/auth'
+
+const router = Router()
+
+const userSelect = {
+  id: true,
+  username: true,
+  displayName: true,
+  email: true,
+  role: true,
+  apiKey: true,
+  createdAt: true,
+} as const
+
+router.get('/', async (_req, res) => {
+  const users = await prisma.user.findMany({
+    select: { id: true, username: true, displayName: true, email: true, role: true, createdAt: true },
+    orderBy: { displayName: 'asc' },
+  })
+  res.json(users)
+})
+
+router.post('/', requireAdmin, async (req, res) => {
+  const data = z
+    .object({
+      username: z.string().min(1).max(50),
+      email: z.string().email(),
+      displayName: z.string().min(1).max(100),
+      password: z.string().min(8).optional(),
+      role: z.enum(['ADMIN', 'AGENT', 'SERVICE']).default('AGENT'),
+    })
+    .parse(req.body)
+
+  const passwordHash = data.password
+    ? await bcrypt.hash(data.password, 12)
+    : await bcrypt.hash(crypto.randomBytes(32).toString('hex'), 12)
+
+  const apiKey =
+    data.role === 'SERVICE' ? `sk_${crypto.randomBytes(32).toString('hex')}` : undefined
+
+  const user = await prisma.user.create({
+    data: {
+      username: data.username,
+      email: data.email,
+      displayName: data.displayName,
+      passwordHash,
+      role: data.role,
+      apiKey,
+    },
+    select: userSelect,
+  })
+
+  res.status(201).json(user)
+})
+
+router.patch('/:id', requireAdmin, async (req, res) => {
+  const data = z
+    .object({
+      displayName: z.string().min(1).max(100).optional(),
+      email: z.string().email().optional(),
+      password: z.string().min(8).optional(),
+      role: z.enum(['ADMIN', 'AGENT', 'SERVICE']).optional(),
+      regenerateApiKey: z.boolean().optional(),
+    })
+    .parse(req.body)
+
+  const update: Record<string, any> = {}
+  if (data.displayName) update.displayName = data.displayName
+  if (data.email) update.email = data.email
+  if (data.password) update.passwordHash = await bcrypt.hash(data.password, 12)
+  if (data.role) {
+    update.role = data.role
+    if (data.role === 'SERVICE' && !update.apiKey) {
+      update.apiKey = `sk_${crypto.randomBytes(32).toString('hex')}`
+    }
+  }
+  if (data.regenerateApiKey) {
+    update.apiKey = `sk_${crypto.randomBytes(32).toString('hex')}`
+  }
+
+  const user = await prisma.user.update({
+    where: { id: req.params.id },
+    data: update,
+    select: userSelect,
+  })
+
+  res.json(user)
+})
+
+router.delete('/:id', requireAdmin, async (req: AuthRequest, res) => {
+  if (req.params.id === req.user!.id) {
+    return res.status(400).json({ error: 'Cannot delete your own account' })
+  }
+  await prisma.user.delete({ where: { id: req.params.id } })
+  res.status(204).send()
+})
+
+export default router