feat(PBI-76): user-settings DB-store infrastructure (Phase 0) (#185)

* docs(PBI-76): plan for user-settings DB-store Persists view/filter prefs in User.settings (Json) instead of localStorage. SSR-correct hydration, cross-tab sync via LISTEN/NOTIFY + SSE, cross-device persistence. Phased: 0=infra, 1=migrate flicker sources, 2=cookie consolidation. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(PBI-76): User.settings json column + migration Adds JSONB column to users table for persistent user prefs. Idempotent SQL — safe on databases where column already exists. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(PBI-76): user-settings types and merge helpers Zod schema for User.settings shape (views/devTools), deep-merge helper that replaces arrays and merges nested objects, and a safe parser that returns defaults on invalid input. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(PBI-76): updateUserSettingsAction with notify Validates patch via Zod, deep-merges with current settings in a transaction, persists to DB, and emits pg_notify on scrum4me_changes for cross-tab/cross-device sync. Demo accounts get 403, unauthenticated 401, invalid input 422. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(PBI-76): user-settings zustand store with optimistic flow Hydrate from prop (SSR-correct), setPref via path with optimistic update + rollback on server error, applyServerPatch for SSE-driven cross-tab updates. Demo accounts skip server-write entirely. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(PBI-76): SSE route for user-settings User-scoped /api/realtime/user-settings stream that filters scrum4me_changes notifications on kind=user_settings and matching userId. Forwards the patch as a data: event so other tabs can applyServerPatch without re-fetching settings. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(PBI-76): user-settings bridge mounted in app layout Hydrates the zustand store with the user's persisted settings via prop (SSR-correct, no flicker). Opens an EventSource to /api/realtime/user-settings so changes from other tabs/devices flow into the same store. Demo accounts skip the SSE subscription. Layout now selects user.settings alongside the other user fields, no extra DB roundtrip. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(PBI-76): user-settings lib/action/store coverage 22 vitest cases covering merge semantics (no mutation, array replace, nested merge), Zod schema strictness, server action auth/demo/validation paths, and the optimistic store flow including rollback and demo-mode skip. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(PBI-76): sync package-lock to v1.3.3 Lockfile drifted after @prisma/client reinstall during the schema regenerate. No dependency changes — just the version field tracking package.json bumped in #184. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-10 12:44:32 +02:00 · 2026-05-10 12:44:32 +02:00 · a0e5867857
commit a0e5867857
parent 1f8cbacb0a
15 changed files with 998 additions and 3 deletions
--- a/app/api/realtime/user-settings/route.ts
+++ b/app/api/realtime/user-settings/route.ts
@ -0,0 +1,146 @@
+// PBI-76: User-scoped SSE stream voor user-settings cross-tab/cross-device sync.
+//
+// Wordt door <UserSettingsBridge /> in app/(app)/layout.tsx geopend zodra de
+// gebruiker is ingelogd. Filtert pg_notify-payloads op
+// `kind === 'user_settings' && userId === session.userId`. Settings worden
+// via prop al gehydrateerd; deze route levert alleen incrementele patches.
+//
+// Auth: iron-session cookie. Demo-tokens openen geen subscription (bridge
+// skipt voor isDemo).
+// Output: text/event-stream — `data:` met de patch (Partial<UserSettings>).
+// Sluit zelf na 240s als safety-net; client herconnect.
+
+import { NextRequest } from 'next/server'
+import { Client } from 'pg'
+import { getSession } from '@/lib/auth'
+import { closePgClientSafely } from '@/lib/realtime/pg-client-cleanup'
+
+export const runtime = 'nodejs'
+export const dynamic = 'force-dynamic'
+export const maxDuration = 300
+
+const CHANNEL = 'scrum4me_changes'
+const HEARTBEAT_MS = 25_000
+const HARD_CLOSE_MS = 240_000
+
+interface UserSettingsPayload {
+  kind: 'user_settings'
+  userId: string
+  patch: Record<string, unknown>
+}
+
+function isUserSettingsPayload(p: unknown): p is UserSettingsPayload {
+  if (typeof p !== 'object' || p === null) return false
+  const obj = p as Record<string, unknown>
+  return (
+    obj.kind === 'user_settings' &&
+    typeof obj.userId === 'string' &&
+    typeof obj.patch === 'object' &&
+    obj.patch !== null
+  )
+}
+
+export async function GET(request: NextRequest) {
+  const session = await getSession()
+  if (!session.userId) {
+    return Response.json({ error: 'Niet ingelogd' }, { status: 401 })
+  }
+  const userId = session.userId
+
+  const directUrl = process.env.DIRECT_URL ?? process.env.DATABASE_URL
+  if (!directUrl) {
+    return Response.json(
+      { error: 'DIRECT_URL/DATABASE_URL niet geconfigureerd' },
+      { status: 500 },
+    )
+  }
+
+  const encoder = new TextEncoder()
+  const pgClient = new Client({ connectionString: directUrl })
+
+  let heartbeatTimer: ReturnType<typeof setInterval> | null = null
+  let hardCloseTimer: ReturnType<typeof setTimeout> | null = null
+  let closed = false
+
+  const stream = new ReadableStream({
+    async start(controller) {
+      const enqueue = (chunk: string) => {
+        if (closed) return
+        try {
+          controller.enqueue(encoder.encode(chunk))
+        } catch {
+          // controller already closed
+        }
+      }
+
+      const cleanup = async (reason: string) => {
+        if (closed) return
+        closed = true
+        if (heartbeatTimer) clearInterval(heartbeatTimer)
+        if (hardCloseTimer) clearTimeout(hardCloseTimer)
+        await closePgClientSafely(pgClient, 'realtime/user-settings')
+        try {
+          controller.close()
+        } catch {
+          // already closed
+        }
+        if (process.env.NODE_ENV !== 'production') {
+          console.log(`[realtime/user-settings] closed: ${reason}`)
+        }
+      }
+
+      try {
+        await pgClient.connect()
+        await pgClient.query(`LISTEN ${CHANNEL}`)
+      } catch (err) {
+        console.error('[realtime/user-settings] pg connect/listen failed:', err)
+        enqueue(
+          `event: error\ndata: ${JSON.stringify({ message: 'pg connect failed' })}\n\n`,
+        )
+        await cleanup('pg connect failed')
+        return
+      }
+
+      pgClient.on('notification', (msg) => {
+        if (!msg.payload) return
+        let payload: unknown
+        try {
+          payload = JSON.parse(msg.payload)
+        } catch {
+          return
+        }
+        if (!isUserSettingsPayload(payload)) return
+        if (payload.userId !== userId) return
+        enqueue(`data: ${JSON.stringify(payload.patch)}\n\n`)
+      })
+
+      pgClient.on('error', (err) => {
+        console.error('[realtime/user-settings] pg client error:', err)
+        cleanup('pg error')
+      })
+
+      enqueue(`: connected\n\n`)
+
+      heartbeatTimer = setInterval(() => {
+        enqueue(`: heartbeat\n\n`)
+      }, HEARTBEAT_MS)
+
+      hardCloseTimer = setTimeout(() => {
+        cleanup('hard close 240s')
+      }, HARD_CLOSE_MS)
+
+      request.signal.addEventListener('abort', () => {
+        cleanup('client aborted')
+      })
+    },
+  })
+
+  return new Response(stream, {
+    headers: {
+      'Content-Type': 'text/event-stream; charset=utf-8',
+      'Cache-Control': 'no-cache, no-transform',
+      Connection: 'keep-alive',
+      'X-Accel-Buffering': 'no',
+    },
+  })
+}