Added IBAN Saving, Automatic Saving, added Mitglieder

2026-02-16 12:40:07 +01:00
parent 3f8ce5daf7
commit 189a52b3cd
14 changed files with 879 additions and 22 deletions
--- a/backend/src/routes/resources/main.ts
+++ b/backend/src/routes/resources/main.ts
@@ -15,6 +15,7 @@ import { useNextNumberRangeNumber } from "../../utils/functions";
 import { insertHistoryItem } from "../../utils/history";
 import { diffObjects } from "../../utils/diff";
 import { recalculateServicePricesForTenant } from "../../modules/service-price-recalculation.service";
+import { decrypt, encrypt } from "../../utils/crypt";

 // -------------------------------------------------------------
 // SQL Suche auf mehreren Feldern (Haupttabelle + Relationen)
@@ -69,6 +70,98 @@ function buildFieldUpdateHistoryText(resource: string, label: string, oldValue:
    return `${resource}: ${label} geändert von "${formatDiffValue(oldValue)}" zu "${formatDiffValue(newValue)}"`
 }

+function applyResourceWhereFilters(resource: string, table: any, whereCond: any) {
+    if (resource === "members") {
+        return and(whereCond, eq(table.type, "Mitglied"))
+    }
+    return whereCond
+}
+
+function normalizeMemberPayload(payload: Record<string, any>) {
+    const infoData = payload.infoData && typeof payload.infoData === "object" ? payload.infoData : {}
+    const normalized = {
+        ...payload,
+        type: "Mitglied",
+        isCompany: false,
+        infoData,
+    }
+
+    return normalized
+}
+
+function validateMemberPayload(payload: Record<string, any>) {
+    const infoData = payload.infoData && typeof payload.infoData === "object" ? payload.infoData : {}
+    const bankAccountIds = Array.isArray(infoData.bankAccountIds) ? infoData.bankAccountIds.filter(Boolean) : []
+    const firstname = typeof payload.firstname === "string" ? payload.firstname.trim() : ""
+    const lastname = typeof payload.lastname === "string" ? payload.lastname.trim() : ""
+
+    if (!firstname || !lastname) {
+        return "Für Mitglieder sind Vorname und Nachname erforderlich."
+    }
+
+    if (!bankAccountIds.length) {
+        return "Für Mitglieder muss mindestens ein Bankkonto hinterlegt werden."
+    }
+
+    if (infoData.hasSEPA && !infoData.sepaSignedAt) {
+        return "Wenn ein SEPA-Mandat hinterlegt ist, muss ein Unterschriftsdatum gesetzt werden."
+    }
+
+    return null
+}
+
+function maskIban(iban: string) {
+    if (!iban) return ""
+    const cleaned = iban.replace(/\s+/g, "")
+    if (cleaned.length <= 8) return cleaned
+    return `${cleaned.slice(0, 4)} **** **** ${cleaned.slice(-4)}`
+}
+
+function decryptEntityBankAccount(row: Record<string, any>) {
+    const iban = row.ibanEncrypted ? decrypt(row.ibanEncrypted as any) : null
+    const bic = row.bicEncrypted ? decrypt(row.bicEncrypted as any) : null
+    const bankName = row.bankNameEncrypted ? decrypt(row.bankNameEncrypted as any) : null
+
+    return {
+        ...row,
+        iban,
+        bic,
+        bankName,
+        displayLabel: `${maskIban(iban || "")}${bankName ? ` | ${bankName}` : ""}${row.description ? ` (${row.description})` : ""}`.trim(),
+    }
+}
+
+function prepareEntityBankAccountPayload(payload: Record<string, any>, requireAll: boolean) {
+    const iban = typeof payload.iban === "string" ? payload.iban.trim() : ""
+    const bic = typeof payload.bic === "string" ? payload.bic.trim() : ""
+    const bankName = typeof payload.bankName === "string" ? payload.bankName.trim() : ""
+
+    const hasAnyPlainField = Object.prototype.hasOwnProperty.call(payload, "iban")
+        || Object.prototype.hasOwnProperty.call(payload, "bic")
+        || Object.prototype.hasOwnProperty.call(payload, "bankName")
+
+    if (!hasAnyPlainField && !requireAll) {
+        return { data: payload }
+    }
+
+    if (!iban || !bic || !bankName) {
+        return { error: "IBAN, BIC und Bankinstitut sind Pflichtfelder." }
+    }
+
+    const result: Record<string, any> = {
+        ...payload,
+        ibanEncrypted: encrypt(iban),
+        bicEncrypted: encrypt(bic),
+        bankNameEncrypted: encrypt(bankName),
+    }
+
+    delete result.iban
+    delete result.bic
+    delete result.bankName
+
+    return { data: result }
+}
+
 export default async function resourceRoutes(server: FastifyInstance) {

    // -------------------------------------------------------------
@@ -91,6 +184,7 @@ export default async function resourceRoutes(server: FastifyInstance) {
            const table = config.table

            let whereCond: any = eq(table.tenant, tenantId)
+            whereCond = applyResourceWhereFilters(resource, table, whereCond)
            let q = server.db.select().from(table).$dynamic()

            const searchCols: any[] = (config.searchColumns || []).map(c => table[c])
@@ -160,7 +254,7 @@ export default async function resourceRoutes(server: FastifyInstance) {
            if(config.mtmListLoad) {
                for await (const relation of config.mtmListLoad) {
                    const relTable = resourceConfig[relation].table
-                    const parentKey = resource.substring(0, resource.length - 1)
+                    const parentKey = config.relationKey || resource.substring(0, resource.length - 1)
                    const relationRows = await server.db.select().from(relTable).where(inArray(relTable[parentKey], data.map(i => i.id)))
                    data = data.map(row => ({
                        ...row,
@@ -169,6 +263,10 @@ export default async function resourceRoutes(server: FastifyInstance) {
                }
            }

+            if (resource === "entitybankaccounts") {
+                return data.map((row) => decryptEntityBankAccount(row))
+            }
+
            return data

        } catch (err) {
@@ -194,6 +292,7 @@ export default async function resourceRoutes(server: FastifyInstance) {
            const { search, distinctColumns } = req.query as { search?: string; distinctColumns?: string; };

            let whereCond: any = eq(table.tenant, tenantId);
+            whereCond = applyResourceWhereFilters(resource, table, whereCond)
            const searchCols: any[] = (config.searchColumns || []).map(c => table[c]);

            let countQuery = server.db.select({ value: count(table.id) }).from(table).$dynamic();
@@ -258,7 +357,7 @@ export default async function resourceRoutes(server: FastifyInstance) {
                for (const colName of distinctColumns.split(",").map(c => c.trim())) {
                    const col = (table as any)[colName];
                    if (!col) continue;
-                    const dRows = await server.db.select({ v: col }).from(table).where(eq(table.tenant, tenantId));
+                    const dRows = await server.db.select({ v: col }).from(table).where(whereCond);
                    distinctValues[colName] = [...new Set(dRows.map(r => r.v).filter(v => v != null && v !== ""))].sort();
                }
            }
@@ -289,7 +388,7 @@ export default async function resourceRoutes(server: FastifyInstance) {
            if (config.mtmListLoad) {
                for await (const relation of config.mtmListLoad) {
                    const relTable = resourceConfig[relation].table;
-                    const parentKey = resource.substring(0, resource.length - 1);
+                    const parentKey = config.relationKey || resource.substring(0, resource.length - 1);
                    const relationRows = await server.db.select().from(relTable).where(inArray(relTable[parentKey], data.map(i => i.id)));
                    data = data.map(row => ({
                        ...row,
@@ -298,6 +397,10 @@ export default async function resourceRoutes(server: FastifyInstance) {
                }
            }

+            if (resource === "entitybankaccounts") {
+                data = data.map((row) => decryptEntityBankAccount(row))
+            }
+
            return {
                data,
                queryConfig: { ...queryConfig, total, totalPages: Math.ceil(total / limit), distinctValues }
@@ -321,10 +424,13 @@ export default async function resourceRoutes(server: FastifyInstance) {
            const { resource, no_relations } = req.params as { resource: string, no_relations?: boolean }
            const table = resourceConfig[resource].table

+            let whereCond: any = and(eq(table.id, id), eq(table.tenant, tenantId))
+            whereCond = applyResourceWhereFilters(resource, table, whereCond)
+
            const projRows = await server.db
                .select()
                .from(table)
-                .where(and(eq(table.id, id), eq(table.tenant, tenantId)))
+                .where(whereCond)
                .limit(1)

            if (!projRows.length)
@@ -347,12 +453,16 @@ export default async function resourceRoutes(server: FastifyInstance) {
                if (resourceConfig[resource].mtmLoad) {
                    for await (const relation of resourceConfig[resource].mtmLoad) {
                        const relTable = resourceConfig[relation].table
-                        const parentKey = resource.substring(0, resource.length - 1)
+                        const parentKey = resourceConfig[resource].relationKey || resource.substring(0, resource.length - 1)
                        data[relation] = await server.db.select().from(relTable).where(eq(relTable[parentKey], id))
                    }
                }
            }

+            if (resource === "entitybankaccounts") {
+                return decryptEntityBankAccount(data)
+            }
+
            return data
        } catch (err) {
            console.error("ERROR /resource/:resource/:id", err)
@@ -369,10 +479,25 @@ export default async function resourceRoutes(server: FastifyInstance) {
            const config = resourceConfig[resource];
            const table = config.table;

-            let createData = { ...body, tenant: req.user.tenant_id, archived: false };
+            let createData: Record<string, any> = { ...body, tenant: req.user.tenant_id, archived: false };
+
+            if (resource === "members") {
+                createData = normalizeMemberPayload(createData)
+                const validationError = validateMemberPayload(createData)
+                if (validationError) {
+                    return reply.code(400).send({ error: validationError })
+                }
+            }
+
+            if (resource === "entitybankaccounts") {
+                const prepared = prepareEntityBankAccountPayload(createData, true)
+                if (prepared.error) return reply.code(400).send({ error: prepared.error })
+                createData = prepared.data!
+            }

            if (config.numberRangeHolder && !body[config.numberRangeHolder]) {
-                const result = await useNextNumberRangeNumber(server, req.user.tenant_id, resource)
+                const numberRangeResource = resource === "members" ? "customers" : resource
+                const result = await useNextNumberRangeNumber(server, req.user.tenant_id, numberRangeResource)
                createData[config.numberRangeHolder] = result.usedNumber
            }

@@ -404,6 +529,10 @@ export default async function resourceRoutes(server: FastifyInstance) {
                }
            }

+            if (resource === "entitybankaccounts") {
+                return decryptEntityBankAccount(created as Record<string, any>)
+            }
+
            return created;
        } catch (error) {
            console.error(error);
@@ -430,17 +559,37 @@ export default async function resourceRoutes(server: FastifyInstance) {
                .where(and(eq(table.id, id), eq(table.tenant, tenantId)))
                .limit(1)

-            let data = { ...body, updated_at: new Date().toISOString(), updated_by: userId }
+            let data: Record<string, any> = { ...body, updated_at: new Date().toISOString(), updated_by: userId }
            //@ts-ignore
            delete data.updatedBy; delete data.updatedAt;

+            if (resource === "members") {
+                data = normalizeMemberPayload(data)
+                const validationError = validateMemberPayload(data)
+                if (validationError) {
+                    return reply.code(400).send({ error: validationError })
+                }
+            }
+
+            if (resource === "entitybankaccounts") {
+                const prepared = prepareEntityBankAccountPayload(data, false)
+                if (prepared.error) return reply.code(400).send({ error: prepared.error })
+                data = {
+                    ...prepared.data,
+                    updated_at: data.updated_at,
+                    updated_by: data.updated_by,
+                }
+            }
+
            Object.keys(data).forEach((key) => {
                if ((key.includes("_at") || key.includes("At") || key.toLowerCase().includes("date")) && key !== "deliveryDateType") {
                    data[key] = normalizeDate(data[key])
                }
            })

-            const [updated] = await server.db.update(table).set(data).where(and(eq(table.id, id), eq(table.tenant, tenantId))).returning()
+            let updateWhereCond: any = and(eq(table.id, id), eq(table.tenant, tenantId))
+            updateWhereCond = applyResourceWhereFilters(resource, table, updateWhereCond)
+            const [updated] = await server.db.update(table).set(data).where(updateWhereCond).returning()

            if (["products", "services", "hourrates"].includes(resource)) {
                await recalculateServicePricesForTenant(server, tenantId, userId);
@@ -479,6 +628,10 @@ export default async function resourceRoutes(server: FastifyInstance) {
                }
            }

+            if (resource === "entitybankaccounts") {
+                return decryptEntityBankAccount(updated as Record<string, any>)
+            }
+
            return updated
        } catch (err) {
            console.error(err)