flfeders/FEDEO
2
1
Fork 0
Code Issues 63 Pull Requests Actions Packages Projects 21 Releases Wiki Activity

Added IBAN Saving, Automatic Saving, added Mitglieder
Some checks failed
Build and Push Docker Images / build-backend (push) Failing after 1m25s
Details
Build and Push Docker Images / build-frontend (push) Failing after 38s
Details

Browse Source
This commit is contained in:
florianfederspiel
2026-02-16 12:40:07 +01:00
parent 3f8ce5daf7
commit 189a52b3cd
14 changed files with 879 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

316
backend/src/routes/banking.ts
View File

@@ -4,10 +4,18 @@ import dayjs from "dayjs"
import { secrets } from "../utils/secrets"
import { insertHistoryItem } from "../utils/history"
import { decrypt, encrypt } from "../utils/crypt"
import { DE_BANK_CODE_TO_NAME } from "../utils/deBankCodes"
import {
bankrequisitions,
bankstatements,
createddocuments,
customers,
entitybankaccounts,
incominginvoices,
statementallocations,
vendors,
} from "../../db/schema"
import {
@@ -17,6 +25,284 @@ import {
export default async function bankingRoutes(server: FastifyInstance) {
const normalizeIban = (value?: string | null) =>
String(value || "").replace(/\s+/g, "").toUpperCase()
const pickPartnerBankData = (statement: any, partnerType: "customer" | "vendor") => {
if (!statement) return null
const prefersDebit = partnerType === "customer"
? Number(statement.amount) >= 0
: Number(statement.amount) > 0
const primary = prefersDebit
? { iban: statement.debIban }
: { iban: statement.credIban }
const fallback = prefersDebit
? { iban: statement.credIban }
: { iban: statement.debIban }
const primaryIban = normalizeIban(primary.iban)
if (primaryIban) {
return {
iban: primaryIban,
}
}
const fallbackIban = normalizeIban(fallback.iban)
if (fallbackIban) {
return {
iban: fallbackIban,
}
}
return null
}
const mergePartnerIban = (infoData: Record<string, any>, iban: string, bankAccountId?: number | null) => {
if (!iban && !bankAccountId) return infoData || {}
const info = infoData && typeof infoData === "object" ? { ...infoData } : {}
if (iban) {
const existing = Array.isArray(info.bankingIbans) ? info.bankingIbans : []
const merged = [...new Set([...existing.map((i: string) => normalizeIban(i)), iban])]
info.bankingIbans = merged
if (!info.bankingIban) info.bankingIban = iban
}
if (bankAccountId) {
const existingIds = Array.isArray(info.bankAccountIds) ? info.bankAccountIds : []
if (!existingIds.includes(bankAccountId)) {
info.bankAccountIds = [...existingIds, bankAccountId]
}
}
return info
}
const ibanLengthByCountry: Record<string, number> = {
DE: 22,
AT: 20,
CH: 21,
NL: 18,
BE: 16,
FR: 27,
ES: 24,
IT: 27,
LU: 20,
}
const isValidIbanLocal = (iban: string) => {
const normalized = normalizeIban(iban)
if (!normalized || normalized.length < 15 || normalized.length > 34) return false
if (!/^[A-Z]{2}[0-9]{2}[A-Z0-9]+$/.test(normalized)) return false
const country = normalized.slice(0, 2)
const expectedLength = ibanLengthByCountry[country]
if (expectedLength && normalized.length !== expectedLength) return false
const rearranged = normalized.slice(4) + normalized.slice(0, 4)
let numeric = ""
for (const ch of rearranged) {
if (ch >= "A" && ch <= "Z") numeric += (ch.charCodeAt(0) - 55).toString()
else numeric += ch
}
let remainder = 0
for (const digit of numeric) {
remainder = (remainder * 10 + Number(digit)) % 97
}
return remainder === 1
}
const resolveBankInstituteFromIbanLocal = (iban: string) => {
const normalized = normalizeIban(iban)
if (!isValidIbanLocal(normalized)) return null
// Für DE-IBANs kann die BLZ aus Position 5-12 lokal gelesen werden.
if (normalized.startsWith("DE") && normalized.length === 22) {
const bankCode = normalized.slice(4, 12)
const bankName = DE_BANK_CODE_TO_NAME[bankCode]
if (bankName) return bankName
return `Unbekannt (BLZ ${bankCode})`
}
return null
}
const resolveEntityBankAccountId = async (
tenantId: number,
userId: string,
iban: string
) => {
const normalizedIban = normalizeIban(iban)
if (!normalizedIban) return null
const bankInstitute = resolveBankInstituteFromIbanLocal(normalizedIban)
const allAccounts = await server.db
.select({
id: entitybankaccounts.id,
ibanEncrypted: entitybankaccounts.ibanEncrypted,
bankNameEncrypted: entitybankaccounts.bankNameEncrypted,
})
.from(entitybankaccounts)
.where(eq(entitybankaccounts.tenant, tenantId))
const existing = allAccounts.find((row) => {
if (!row.ibanEncrypted) return false
try {
const decryptedIban = decrypt(row.ibanEncrypted as any)
return normalizeIban(decryptedIban) === normalizedIban
} catch {
return false
}
})
if (existing?.id) {
if (bankInstitute) {
let currentBankName = ""
try {
currentBankName = String(decrypt(existing.bankNameEncrypted as any) || "").trim()
} catch {
currentBankName = ""
}
if (currentBankName !== bankInstitute) {
await server.db
.update(entitybankaccounts)
.set({
bankNameEncrypted: encrypt(bankInstitute),
updatedAt: new Date(),
updatedBy: userId,
})
.where(and(eq(entitybankaccounts.id, Number(existing.id)), eq(entitybankaccounts.tenant, tenantId)))
}
}
return Number(existing.id)
}
const [created] = await server.db
.insert(entitybankaccounts)
.values({
tenant: tenantId,
ibanEncrypted: encrypt(normalizedIban),
bicEncrypted: encrypt("UNBEKANNT"),
bankNameEncrypted: encrypt(bankInstitute || "Unbekannt"),
description: "Automatisch aus Bankbuchung übernommen",
updatedAt: new Date(),
updatedBy: userId,
})
.returning({ id: entitybankaccounts.id })
return created?.id ? Number(created.id) : null
}
const assignIbanFromStatementToCustomer = async (tenantId: number, userId: string, statementId: number, createdDocumentId?: number) => {
if (!createdDocumentId) return
const [statement] = await server.db
.select()
.from(bankstatements)
.where(and(eq(bankstatements.id, statementId), eq(bankstatements.tenant, tenantId)))
.limit(1)
if (!statement) return
const [doc] = await server.db
.select({ customer: createddocuments.customer })
.from(createddocuments)
.where(and(eq(createddocuments.id, createdDocumentId), eq(createddocuments.tenant, tenantId)))
.limit(1)
const customerId = doc?.customer
if (!customerId) return
const partnerBank = pickPartnerBankData(statement, "customer")
if (!partnerBank?.iban) return
const [customer] = await server.db
.select({ id: customers.id, infoData: customers.infoData })
.from(customers)
.where(and(eq(customers.id, customerId), eq(customers.tenant, tenantId)))
.limit(1)
if (!customer) return
const bankAccountId = await resolveEntityBankAccountId(
tenantId,
userId,
partnerBank.iban
)
const newInfoData = mergePartnerIban(
(customer.infoData || {}) as Record<string, any>,
partnerBank.iban,
bankAccountId
)
await server.db
.update(customers)
.set({
infoData: newInfoData,
updatedAt: new Date(),
updatedBy: userId,
})
.where(and(eq(customers.id, customerId), eq(customers.tenant, tenantId)))
}
const assignIbanFromStatementToVendor = async (tenantId: number, userId: string, statementId: number, incomingInvoiceId?: number) => {
if (!incomingInvoiceId) return
const [statement] = await server.db
.select()
.from(bankstatements)
.where(and(eq(bankstatements.id, statementId), eq(bankstatements.tenant, tenantId)))
.limit(1)
if (!statement) return
const [invoice] = await server.db
.select({ vendor: incominginvoices.vendor })
.from(incominginvoices)
.where(and(eq(incominginvoices.id, incomingInvoiceId), eq(incominginvoices.tenant, tenantId)))
.limit(1)
const vendorId = invoice?.vendor
if (!vendorId) return
const partnerBank = pickPartnerBankData(statement, "vendor")
if (!partnerBank?.iban) return
const [vendor] = await server.db
.select({ id: vendors.id, infoData: vendors.infoData })
.from(vendors)
.where(and(eq(vendors.id, vendorId), eq(vendors.tenant, tenantId)))
.limit(1)
if (!vendor) return
const bankAccountId = await resolveEntityBankAccountId(
tenantId,
userId,
partnerBank.iban
)
const newInfoData = mergePartnerIban(
(vendor.infoData || {}) as Record<string, any>,
partnerBank.iban,
bankAccountId
)
await server.db
.update(vendors)
.set({
infoData: newInfoData,
updatedAt: new Date(),
updatedBy: userId,
})
.where(and(eq(vendors.id, vendorId), eq(vendors.tenant, tenantId)))
}
// ------------------------------------------------------------------
// 🔐 GoCardLess Token Handling
@@ -171,9 +457,35 @@ export default async function bankingRoutes(server: FastifyInstance) {
const createdRecord = inserted[0]
if (createdRecord?.createddocument) {
try {
await assignIbanFromStatementToCustomer(
req.user.tenant_id,
req.user.user_id,
Number(createdRecord.bankstatement),
Number(createdRecord.createddocument)
)
} catch (err) {
server.log.warn({ err, allocationId: createdRecord.id }, "Konnte IBAN nicht automatisch beim Kunden hinterlegen")
}
}
if (createdRecord?.incominginvoice) {
try {
await assignIbanFromStatementToVendor(
req.user.tenant_id,
req.user.user_id,
Number(createdRecord.bankstatement),
Number(createdRecord.incominginvoice)
)
} catch (err) {
server.log.warn({ err, allocationId: createdRecord.id }, "Konnte IBAN nicht automatisch beim Lieferanten hinterlegen")
}
}
await insertHistoryItem(server, {
entity: "bankstatements",
entityId: createdRecord.id,
entityId: Number(createdRecord.bankstatement),
action: "created",
created_by: req.user.user_id,
tenant_id: req.user.tenant_id,
@@ -216,7 +528,7 @@ export default async function bankingRoutes(server: FastifyInstance) {
await insertHistoryItem(server, {
entity: "bankstatements",
entityId: id,
entityId: Number(old.bankstatement),
action: "deleted",
created_by: req.user.user_id,
tenant_id: req.user.tenant_id,

171
backend/src/routes/resources/main.ts
View File

@@ -15,6 +15,7 @@ import { useNextNumberRangeNumber } from "../../utils/functions";
import { insertHistoryItem } from "../../utils/history";
import { diffObjects } from "../../utils/diff";
import { recalculateServicePricesForTenant } from "../../modules/service-price-recalculation.service";
import { decrypt, encrypt } from "../../utils/crypt";
// -------------------------------------------------------------
// SQL Suche auf mehreren Feldern (Haupttabelle + Relationen)
@@ -69,6 +70,98 @@ function buildFieldUpdateHistoryText(resource: string, label: string, oldValue:
return `${resource}: ${label} geändert von "${formatDiffValue(oldValue)}" zu "${formatDiffValue(newValue)}"`
}
function applyResourceWhereFilters(resource: string, table: any, whereCond: any) {
if (resource === "members") {
return and(whereCond, eq(table.type, "Mitglied"))
}
return whereCond
}
function normalizeMemberPayload(payload: Record<string, any>) {
const infoData = payload.infoData && typeof payload.infoData === "object" ? payload.infoData : {}
const normalized = {
...payload,
type: "Mitglied",
isCompany: false,
infoData,
}
return normalized
}
function validateMemberPayload(payload: Record<string, any>) {
const infoData = payload.infoData && typeof payload.infoData === "object" ? payload.infoData : {}
const bankAccountIds = Array.isArray(infoData.bankAccountIds) ? infoData.bankAccountIds.filter(Boolean) : []
const firstname = typeof payload.firstname === "string" ? payload.firstname.trim() : ""
const lastname = typeof payload.lastname === "string" ? payload.lastname.trim() : ""
if (!firstname || !lastname) {
return "Für Mitglieder sind Vorname und Nachname erforderlich."
}
if (!bankAccountIds.length) {
return "Für Mitglieder muss mindestens ein Bankkonto hinterlegt werden."
}
if (infoData.hasSEPA && !infoData.sepaSignedAt) {
return "Wenn ein SEPA-Mandat hinterlegt ist, muss ein Unterschriftsdatum gesetzt werden."
}
return null
}
function maskIban(iban: string) {
if (!iban) return ""
const cleaned = iban.replace(/\s+/g, "")
if (cleaned.length <= 8) return cleaned
return `${cleaned.slice(0, 4)} **** **** ${cleaned.slice(-4)}`
}
function decryptEntityBankAccount(row: Record<string, any>) {
const iban = row.ibanEncrypted ? decrypt(row.ibanEncrypted as any) : null
const bic = row.bicEncrypted ? decrypt(row.bicEncrypted as any) : null
const bankName = row.bankNameEncrypted ? decrypt(row.bankNameEncrypted as any) : null
return {
...row,
iban,
bic,
bankName,
displayLabel: `${maskIban(iban || "")}${bankName ? ` | ${bankName}` : ""}${row.description ? ` (${row.description})` : ""}`.trim(),
}
}
function prepareEntityBankAccountPayload(payload: Record<string, any>, requireAll: boolean) {
const iban = typeof payload.iban === "string" ? payload.iban.trim() : ""
const bic = typeof payload.bic === "string" ? payload.bic.trim() : ""
const bankName = typeof payload.bankName === "string" ? payload.bankName.trim() : ""
const hasAnyPlainField = Object.prototype.hasOwnProperty.call(payload, "iban")
|| Object.prototype.hasOwnProperty.call(payload, "bic")
|| Object.prototype.hasOwnProperty.call(payload, "bankName")
if (!hasAnyPlainField && !requireAll) {
return { data: payload }
}
if (!iban || !bic || !bankName) {
return { error: "IBAN, BIC und Bankinstitut sind Pflichtfelder." }
}
const result: Record<string, any> = {
...payload,
ibanEncrypted: encrypt(iban),
bicEncrypted: encrypt(bic),
bankNameEncrypted: encrypt(bankName),
}
delete result.iban
delete result.bic
delete result.bankName
return { data: result }
}
export default async function resourceRoutes(server: FastifyInstance) {
// -------------------------------------------------------------
@@ -91,6 +184,7 @@ export default async function resourceRoutes(server: FastifyInstance) {
const table = config.table
let whereCond: any = eq(table.tenant, tenantId)
whereCond = applyResourceWhereFilters(resource, table, whereCond)
let q = server.db.select().from(table).$dynamic()
const searchCols: any[] = (config.searchColumns || []).map(c => table[c])
@@ -160,7 +254,7 @@ export default async function resourceRoutes(server: FastifyInstance) {
if(config.mtmListLoad) {
for await (const relation of config.mtmListLoad) {
const relTable = resourceConfig[relation].table
const parentKey = resource.substring(0, resource.length - 1)
const parentKey = config.relationKey || resource.substring(0, resource.length - 1)
const relationRows = await server.db.select().from(relTable).where(inArray(relTable[parentKey], data.map(i => i.id)))
data = data.map(row => ({
...row,
@@ -169,6 +263,10 @@ export default async function resourceRoutes(server: FastifyInstance) {
}
}
if (resource === "entitybankaccounts") {
return data.map((row) => decryptEntityBankAccount(row))
}
return data
} catch (err) {
@@ -194,6 +292,7 @@ export default async function resourceRoutes(server: FastifyInstance) {
const { search, distinctColumns } = req.query as { search?: string; distinctColumns?: string; };
let whereCond: any = eq(table.tenant, tenantId);
whereCond = applyResourceWhereFilters(resource, table, whereCond)
const searchCols: any[] = (config.searchColumns || []).map(c => table[c]);
let countQuery = server.db.select({ value: count(table.id) }).from(table).$dynamic();
@@ -258,7 +357,7 @@ export default async function resourceRoutes(server: FastifyInstance) {
for (const colName of distinctColumns.split(",").map(c => c.trim())) {
const col = (table as any)[colName];
if (!col) continue;
const dRows = await server.db.select({ v: col }).from(table).where(eq(table.tenant, tenantId));
const dRows = await server.db.select({ v: col }).from(table).where(whereCond);
distinctValues[colName] = [...new Set(dRows.map(r => r.v).filter(v => v != null && v !== ""))].sort();
}
}
@@ -289,7 +388,7 @@ export default async function resourceRoutes(server: FastifyInstance) {
if (config.mtmListLoad) {
for await (const relation of config.mtmListLoad) {
const relTable = resourceConfig[relation].table;
const parentKey = resource.substring(0, resource.length - 1);
const parentKey = config.relationKey || resource.substring(0, resource.length - 1);
const relationRows = await server.db.select().from(relTable).where(inArray(relTable[parentKey], data.map(i => i.id)));
data = data.map(row => ({
...row,
@@ -298,6 +397,10 @@ export default async function resourceRoutes(server: FastifyInstance) {
}
}
if (resource === "entitybankaccounts") {
data = data.map((row) => decryptEntityBankAccount(row))
}
return {
data,
queryConfig: { ...queryConfig, total, totalPages: Math.ceil(total / limit), distinctValues }
@@ -321,10 +424,13 @@ export default async function resourceRoutes(server: FastifyInstance) {
const { resource, no_relations } = req.params as { resource: string, no_relations?: boolean }
const table = resourceConfig[resource].table
let whereCond: any = and(eq(table.id, id), eq(table.tenant, tenantId))
whereCond = applyResourceWhereFilters(resource, table, whereCond)
const projRows = await server.db
.select()
.from(table)
.where(and(eq(table.id, id), eq(table.tenant, tenantId)))
.where(whereCond)
.limit(1)
if (!projRows.length)
@@ -347,12 +453,16 @@ export default async function resourceRoutes(server: FastifyInstance) {
if (resourceConfig[resource].mtmLoad) {
for await (const relation of resourceConfig[resource].mtmLoad) {
const relTable = resourceConfig[relation].table
const parentKey = resource.substring(0, resource.length - 1)
const parentKey = resourceConfig[resource].relationKey || resource.substring(0, resource.length - 1)
data[relation] = await server.db.select().from(relTable).where(eq(relTable[parentKey], id))
}
}
}
if (resource === "entitybankaccounts") {
return decryptEntityBankAccount(data)
}
return data
} catch (err) {
console.error("ERROR /resource/:resource/:id", err)
@@ -369,10 +479,25 @@ export default async function resourceRoutes(server: FastifyInstance) {
const config = resourceConfig[resource];
const table = config.table;
let createData = { ...body, tenant: req.user.tenant_id, archived: false };
let createData: Record<string, any> = { ...body, tenant: req.user.tenant_id, archived: false };
if (resource === "members") {
createData = normalizeMemberPayload(createData)
const validationError = validateMemberPayload(createData)
if (validationError) {
return reply.code(400).send({ error: validationError })
}
}
if (resource === "entitybankaccounts") {
const prepared = prepareEntityBankAccountPayload(createData, true)
if (prepared.error) return reply.code(400).send({ error: prepared.error })
createData = prepared.data!
}
if (config.numberRangeHolder && !body[config.numberRangeHolder]) {
const result = await useNextNumberRangeNumber(server, req.user.tenant_id, resource)
const numberRangeResource = resource === "members" ? "customers" : resource
const result = await useNextNumberRangeNumber(server, req.user.tenant_id, numberRangeResource)
createData[config.numberRangeHolder] = result.usedNumber
}
@@ -404,6 +529,10 @@ export default async function resourceRoutes(server: FastifyInstance) {
}
}
if (resource === "entitybankaccounts") {
return decryptEntityBankAccount(created as Record<string, any>)
}
return created;
} catch (error) {
console.error(error);
@@ -430,17 +559,37 @@ export default async function resourceRoutes(server: FastifyInstance) {
.where(and(eq(table.id, id), eq(table.tenant, tenantId)))
.limit(1)
let data = { ...body, updated_at: new Date().toISOString(), updated_by: userId }
let data: Record<string, any> = { ...body, updated_at: new Date().toISOString(), updated_by: userId }
//@ts-ignore
delete data.updatedBy; delete data.updatedAt;
if (resource === "members") {
data = normalizeMemberPayload(data)
const validationError = validateMemberPayload(data)
if (validationError) {
return reply.code(400).send({ error: validationError })
}
}
if (resource === "entitybankaccounts") {
const prepared = prepareEntityBankAccountPayload(data, false)
if (prepared.error) return reply.code(400).send({ error: prepared.error })
data = {
...prepared.data,
updated_at: data.updated_at,
updated_by: data.updated_by,
}
}
Object.keys(data).forEach((key) => {
if ((key.includes("_at") || key.includes("At") || key.toLowerCase().includes("date")) && key !== "deliveryDateType") {
data[key] = normalizeDate(data[key])
}
})
const [updated] = await server.db.update(table).set(data).where(and(eq(table.id, id), eq(table.tenant, tenantId))).returning()
let updateWhereCond: any = and(eq(table.id, id), eq(table.tenant, tenantId))
updateWhereCond = applyResourceWhereFilters(resource, table, updateWhereCond)
const [updated] = await server.db.update(table).set(data).where(updateWhereCond).returning()
if (["products", "services", "hourrates"].includes(resource)) {
await recalculateServicePricesForTenant(server, tenantId, userId);
@@ -479,6 +628,10 @@ export default async function resourceRoutes(server: FastifyInstance) {
}
}
if (resource === "entitybankaccounts") {
return decryptEntityBankAccount(updated as Record<string, any>)
}
return updated
} catch (err) {
console.error(err)

12
backend/src/utils/resource.config.ts
View File

@@ -3,6 +3,7 @@ import {
bankaccounts,
bankrequisitions,
bankstatements,
entitybankaccounts,
contacts,
contracts,
contracttypes,
@@ -49,6 +50,13 @@ export const resourceConfig = {
table: customers,
numberRangeHolder: "customerNumber",
},
members: {
searchColumns: ["name", "customerNumber", "firstname", "lastname", "notes"],
mtmLoad: ["contacts","projects","plants","createddocuments","contracts"],
table: customers,
numberRangeHolder: "customerNumber",
relationKey: "customer",
},
contacts: {
searchColumns: ["firstName", "lastName", "email", "phone", "notes"],
table: contacts,
@@ -175,6 +183,10 @@ export const resourceConfig = {
bankrequisitions: {
table: bankrequisitions,
},
entitybankaccounts: {
table: entitybankaccounts,
searchColumns: ["description"],
},
serialexecutions: {
table: serialExecutions
}