'use server' import { revalidatePath } from 'next/cache' import { redirect } from 'next/navigation' import { cookies } from 'next/headers' import { getIronSession } from 'iron-session' import { z } from 'zod' import { prisma } from '@/lib/prisma' import { SessionData, sessionOptions } from '@/lib/session' import { Role } from '@prisma/client' import { isValidCode, MAX_CODE_LENGTH, normalizeCode } from '@/lib/code' import { productAccessFilter } from '@/lib/product-access' import { productSchema as productInput, type ProductInput } from '@/lib/schemas/product' import { enforceUserRateLimit } from '@/lib/rate-limit' // Legacy FormData schema for ProductForm components (other constraints than dialog) const productFormDataSchema = z.object({ name: z.string().min(1, 'Naam is verplicht').max(100, 'Naam mag maximaal 100 tekens bevatten'), code: z .string() .max(MAX_CODE_LENGTH, `Code mag maximaal ${MAX_CODE_LENGTH} tekens bevatten`) .optional(), description: z.string().max(1000, 'Beschrijving mag maximaal 1000 tekens bevatten').optional(), repo_url: z .string() .url('Voer een geldige URL in (inclusief https://)') .optional() .or(z.literal('')), definition_of_done: z .string() .min(1, 'Definition of Done is verplicht') .max(500, 'Definition of Done mag maximaal 500 tekens bevatten'), }) type ProductFieldErrors = Partial> type ProductActionResult = | { success: true; productId: string } | { error: string; code?: number; fieldErrors?: ProductFieldErrors } type UpdateProductResult = | { success: true } | { error: string; code?: number; fieldErrors?: ProductFieldErrors } async function getSession() { return getIronSession(await cookies(), sessionOptions) } // Data-object API used by ProductDialog export async function createProductAction(data: ProductInput): Promise { const session = await getSession() if (!session.userId) return { error: 'Niet ingelogd', code: 403 } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus', code: 403 } const limited = enforceUserRateLimit('create-product', session.userId) if (limited) return limited const parsed = productInput.safeParse(data) if (!parsed.success) { return { error: 'Validatie mislukt', code: 422, fieldErrors: parsed.error.flatten().fieldErrors as ProductFieldErrors, } } const code = normalizeCode(parsed.data.code) if (code !== null && !isValidCode(code)) { return { error: 'Validatie mislukt', code: 422, fieldErrors: { code: ['Alleen letters, cijfers, punten, koppeltekens of underscores'] }, } } if (code) { const dup = await prisma.product.findFirst({ where: { user_id: session.userId, code } }) if (dup) return { error: 'Validatie mislukt', code: 422, fieldErrors: { code: ['Code is al in gebruik'] } } } const userId = session.userId const product = await prisma.$transaction(async (tx) => { const p = await tx.product.create({ data: { user_id: userId, name: parsed.data.name, code: code ?? null, description: parsed.data.description ?? null, repo_url: parsed.data.repo_url ?? null, definition_of_done: parsed.data.definition_of_done ?? '', auto_pr: parsed.data.auto_pr, }, }) await tx.productMember.create({ data: { product_id: p.id, user_id: userId } }) return p }) revalidatePath('/products') revalidatePath('/dashboard') return { success: true, productId: product.id } } // Data-object API used by ProductDialog export async function updateProductAction(id: string, data: ProductInput): Promise { const session = await getSession() if (!session.userId) return { error: 'Niet ingelogd', code: 403 } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus', code: 403 } const parsed = productInput.safeParse(data) if (!parsed.success) { return { error: 'Validatie mislukt', code: 422, fieldErrors: parsed.error.flatten().fieldErrors as ProductFieldErrors, } } const product = await prisma.product.findFirst({ where: { id, ...productAccessFilter(session.userId) }, select: { id: true }, }) if (!product) return { error: 'Product niet gevonden of geen toegang', code: 403 } const code = normalizeCode(parsed.data.code) if (code !== null && !isValidCode(code)) { return { error: 'Validatie mislukt', code: 422, fieldErrors: { code: ['Alleen letters, cijfers, punten, koppeltekens of underscores'] }, } } const userId = session.userId await prisma.product.update({ where: { id }, data: { name: parsed.data.name, code: code ?? null, description: parsed.data.description ?? null, repo_url: parsed.data.repo_url ?? null, ...(parsed.data.definition_of_done !== undefined && { definition_of_done: parsed.data.definition_of_done, }), auto_pr: parsed.data.auto_pr, }, }) await prisma.$executeRaw` SELECT pg_notify('scrum4me_changes', ${JSON.stringify({ type: 'product_updated', product_id: id, user_id: userId, })}::text) ` revalidatePath(`/products/${id}`) revalidatePath('/dashboard') return { success: true } } // FormData-based actions for existing ProductForm components export async function createProductFormAction(_prevState: unknown, formData: FormData) { const session = await getSession() if (!session.userId) return { error: 'Niet ingelogd' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } const limited = enforceUserRateLimit('create-product', session.userId) if (limited) return limited const parsed = productFormDataSchema.safeParse({ name: formData.get('name'), code: (formData.get('code') as string) || undefined, description: formData.get('description') || undefined, repo_url: formData.get('repo_url') || undefined, definition_of_done: formData.get('definition_of_done'), }) if (!parsed.success) { return { error: parsed.error.flatten().fieldErrors } } const code = normalizeCode(parsed.data.code) if (code !== null && !isValidCode(code)) { return { error: { code: ['Code mag alleen letters, cijfers, punten, koppeltekens of underscores bevatten'] } } } const existing = await prisma.product.findFirst({ where: { user_id: session.userId, name: parsed.data.name }, }) if (existing) return { error: { name: ['Een product met deze naam bestaat al'] } } if (code) { const dup = await prisma.product.findFirst({ where: { user_id: session.userId, code } }) if (dup) return { error: { code: ['Deze code is al in gebruik'] } } } const product = await prisma.product.create({ data: { user_id: session.userId, name: parsed.data.name, code, description: parsed.data.description ?? null, repo_url: parsed.data.repo_url || null, definition_of_done: parsed.data.definition_of_done, }, }) redirect(`/products/${product.id}`) } export async function updateProductFormAction(_prevState: unknown, formData: FormData) { const session = await getSession() if (!session.userId) return { error: 'Niet ingelogd' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } const id = formData.get('id') as string if (!id) return { error: 'Product niet gevonden' } const parsed = productFormDataSchema.safeParse({ name: formData.get('name'), code: (formData.get('code') as string) || undefined, description: formData.get('description') || undefined, repo_url: formData.get('repo_url') || undefined, definition_of_done: formData.get('definition_of_done'), }) if (!parsed.success) { return { error: parsed.error.flatten().fieldErrors } } const code = normalizeCode(parsed.data.code) if (code !== null && !isValidCode(code)) { return { error: { code: ['Code mag alleen letters, cijfers, punten, koppeltekens of underscores bevatten'] } } } // Verify ownership const product = await prisma.product.findFirst({ where: { id, user_id: session.userId }, }) if (!product) return { error: 'Product niet gevonden' } // Check unique name (excluding self) const duplicate = await prisma.product.findFirst({ where: { user_id: session.userId, name: parsed.data.name, NOT: { id } }, }) if (duplicate) return { error: { name: ['Een product met deze naam bestaat al'] } } if (code) { const dupCode = await prisma.product.findFirst({ where: { user_id: session.userId, code, NOT: { id } }, }) if (dupCode) return { error: { code: ['Deze code is al in gebruik'] } } } await prisma.product.update({ where: { id }, data: { name: parsed.data.name, code, description: parsed.data.description ?? null, repo_url: parsed.data.repo_url || null, definition_of_done: parsed.data.definition_of_done, }, }) revalidatePath(`/products/${id}`) revalidatePath('/dashboard') return { success: true } } export async function archiveProductAction(id: string) { const session = await getSession() if (!session.userId) return { error: 'Niet ingelogd' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } const product = await prisma.product.findFirst({ where: { id, user_id: session.userId }, }) if (!product) return { error: 'Product niet gevonden' } await prisma.$transaction([ // Clear active_product_id for all users who had this product active prisma.user.updateMany({ where: { active_product_id: id }, data: { active_product_id: null }, }), prisma.product.update({ where: { id }, data: { archived: true } }), ]) revalidatePath('/', 'layout') redirect('/dashboard') } export async function restoreProductAction(id: string) { const session = await getSession() if (!session.userId) return { error: 'Niet ingelogd' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } const product = await prisma.product.findFirst({ where: { id, user_id: session.userId }, }) if (!product) return { error: 'Product niet gevonden' } await prisma.product.update({ where: { id }, data: { archived: false } }) revalidatePath('/dashboard') return { success: true } } export async function addProductMemberAction(_prevState: unknown, formData: FormData) { const session = await getSession() if (!session.userId) return { error: 'Niet ingelogd' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } const productId = formData.get('productId') as string const username = (formData.get('username') as string)?.trim().toLowerCase() if (!username) return { error: 'Gebruikersnaam is verplicht' } const product = await prisma.product.findFirst({ where: { id: productId, user_id: session.userId } }) if (!product) return { error: 'Product niet gevonden of geen eigenaar' } const targetUser = await prisma.user.findUnique({ where: { username }, include: { roles: true }, }) if (!targetUser) return { error: 'Gebruiker niet gevonden' } if (targetUser.is_demo) return { error: 'Demo-gebruiker kan niet worden toegevoegd' } if (targetUser.id === session.userId) return { error: 'Je bent al eigenaar van dit product' } const hasDeveloperRole = targetUser.roles.some(r => r.role === Role.DEVELOPER) if (!hasDeveloperRole) return { error: `Gebruiker "${username}" heeft geen Developer-rol` } const existing = await prisma.productMember.findUnique({ where: { product_id_user_id: { product_id: productId, user_id: targetUser.id } }, }) if (existing) return { error: 'Gebruiker is al lid van dit product' } await prisma.productMember.create({ data: { product_id: productId, user_id: targetUser.id }, }) revalidatePath(`/products/${productId}/settings`) return { success: true } } export async function removeProductMemberAction(productId: string, memberId: string) { const session = await getSession() if (!session.userId) return { error: 'Niet ingelogd' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } const product = await prisma.product.findFirst({ where: { id: productId, user_id: session.userId } }) if (!product) return { error: 'Product niet gevonden of geen eigenaar' } await prisma.$transaction([ prisma.user.updateMany({ where: { id: memberId, active_product_id: productId }, data: { active_product_id: null }, }), prisma.productMember.deleteMany({ where: { product_id: productId, user_id: memberId } }), ]) revalidatePath(`/products/${productId}/settings`) return { success: true } } export async function leaveProductAction(productId: string) { const session = await getSession() if (!session.userId) return { error: 'Niet ingelogd' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } await prisma.$transaction([ prisma.user.updateMany({ where: { id: session.userId, active_product_id: productId }, data: { active_product_id: null }, }), prisma.productMember.deleteMany({ where: { product_id: productId, user_id: session.userId } }), ]) revalidatePath('/', 'layout') revalidatePath('/settings') return { success: true } } export async function updateAutoPrAction(id: string, auto_pr: boolean) { const session = await getSession() if (!session.userId) return { error: 'Niet ingelogd' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } const parsed = z.object({ auto_pr: z.boolean() }).safeParse({ auto_pr }) if (!parsed.success) return { error: 'Ongeldige waarde voor auto_pr' } const product = await prisma.product.findFirst({ where: { id, user_id: session.userId } }) if (!product) return { error: 'Product niet gevonden' } await prisma.product.update({ where: { id }, data: { auto_pr: parsed.data.auto_pr } }) revalidatePath(`/products/${id}/settings`) return { success: true } }