Phase 1a: shared schemas, service layer, server tooling

- shared/schemas/: move Zod schemas out of routes so client + server share them - shared/types.ts: inferred types and enums for cross-package use - server tsconfig rootDir raised to ".." so shared/ compiles in-tree - server/src/services/: ticket, comment, cti, user, auth, notification (stub), search (stub) - Routes thinned to validate-delegate-return; business logic now testable in isolation - server/src/lib/httpError.ts: typed HttpError replaces ad-hoc throw shapes - server/src/lib/logger.ts: pino structured logging replaces console.log - autoClose job delegates to ticketService.closeStale() - express-rate-limit on /api/auth/login (10 / 15min / IP) - vitest + vitest-mock-extended; 20 service-level tests cover auth, ticket, comment, user flows - CI: lint + test jobs before docker builds Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-18 15:34:57 -04:00
parent 27d2ab0f0d
commit aff52e5672
38 changed files with 1260 additions and 2119 deletions
@@ -0,0 +1,45 @@
+import prisma from '../lib/prisma';
+import { HttpError } from '../lib/httpError';
+
+export async function addComment(ticketIdOrDisplay: string, body: string, actorId: string) {
+  const ticket = await prisma.ticket.findFirst({
+    where: { OR: [{ id: ticketIdOrDisplay }, { displayId: ticketIdOrDisplay }] },
+  });
+  if (!ticket) throw new HttpError(404, 'Ticket not found');
+
+  const [comment] = await prisma.$transaction([
+    prisma.comment.create({
+      data: { body, ticketId: ticket.id, authorId: actorId },
+      include: { author: { select: { id: true, username: true, displayName: true } } },
+    }),
+    prisma.auditLog.create({
+      data: { ticketId: ticket.id, userId: actorId, action: 'COMMENT_ADDED', detail: body },
+    }),
+  ]);
+
+  return comment;
+}
+
+export async function deleteComment(
+  commentId: string,
+  actor: { id: string; role: string },
+) {
+  const comment = await prisma.comment.findUnique({ where: { id: commentId } });
+  if (!comment) throw new HttpError(404, 'Comment not found');
+
+  if (comment.authorId !== actor.id && actor.role !== 'ADMIN') {
+    throw new HttpError(403, 'Not allowed');
+  }
+
+  await prisma.$transaction([
+    prisma.comment.delete({ where: { id: commentId } }),
+    prisma.auditLog.create({
+      data: {
+        ticketId: comment.ticketId,
+        userId: actor.id,
+        action: 'COMMENT_DELETED',
+        detail: comment.body,
+      },
+    }),
+  ]);
+}