janpeter/Scrum4Me
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Scrum4Me/actions/stories.ts
Janpeter Visser 43a4294424
Todo description, entity codes, REST API extensions and Claude Code hardening (ST-509/511/512/513) (#2) 
* docs(ST-511): add backlog entry for entity codes feature

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(ST-511): add createWithCodeRetry helper to handle P2002 race on auto codes

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(ST-511): retry on auto-code unique conflict in story and pbi create

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(ST-511): surface field errors for code and title in PBI dialog

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(ST-511): read create-state errors in Story dialog fieldError

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(ST-512): add backlog entry for REST API code/description/implementation_plan extensions; mark ST-511 done

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* feat(ST-512): extend REST API with code, description and implementation_plan

- GET /api/products returns code, description and definition_of_done
- GET /api/products/:id/next-story returns story.code and per-task code + implementation_plan
- GET /api/sprints/:id/tasks returns description, implementation_plan, story_code and derived per-task code
- POST /api/todos accepts and returns optional description (max 2000)

All changes are additive — existing clients ignore unknown keys.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(ST-512): mark ST-512 as done

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(ST-513): add backlog entry for API hardening for Claude Code

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* feat(ST-513): add task and story status mappers for API boundary

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* feat(ST-513): expose lowercase status on API and accept lowercase in PATCH /api/tasks

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* feat(ST-513): add metadata JSONB column to StoryLog

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* feat(ST-513): accept optional metadata in story log and switch validation errors to 422

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* feat(ST-513): add GET /api/health endpoint with optional db ping

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* feat(ST-513): add GET /api/products/:id/claude-context bundled endpoint

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(ST-513): add docs/API.md and link from CLAUDE.md specs table

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(ST-513): mark ST-513 as done

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(ST-513): split 400 (malformed JSON) from 422 (validation), reject 'review'

Codex review on PR #2:

- P2.1: routes treated JSON parse failures as 422 instead of 400, breaking
  the contract in docs/API.md. Replace `request.json().catch(() => null)`
  with try/catch in 4 routes (tasks, reorder, todos, story-log) so a
  malformed body returns 400 and only well-formed-but-invalid bodies
  return 422.

- P2.2: PATCH /api/tasks/:id accepted `status: "review"`, but the sprint
  task list UI does not render REVIEW (no label/color, the cycle helper
  falls back to TO_DO). Reject `review` at the API until the sprint UI
  is extended; document the subset in docs/API.md.

Tests in __tests__/api updated for the new contract (29 assertions:
zod-failures now expect 422, status payloads use lowercase API values,
sprint-tasks mocks include the new story relation).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-26 23:40:54 +02:00

384 lines
13 KiB
TypeScript
Raw Blame History

'use server'
import { revalidatePath } from 'next/cache'
import { cookies } from 'next/headers'
import { getIronSession } from 'iron-session'
import { z } from 'zod'
import { prisma } from '@/lib/prisma'
import { SessionData, sessionOptions } from '@/lib/session'
import { getAccessibleProduct, productAccessFilter } from '@/lib/product-access'
import { requireProductWriter } from '@/lib/auth'
import { isValidCode, MAX_CODE_LENGTH, normalizeCode } from '@/lib/code'
import { createWithCodeRetry, generateNextStoryCode } from '@/lib/code-server'
async function getSession() {
return getIronSession<SessionData>(await cookies(), sessionOptions)
}
async function verifyStoryAccess(storyId: string, userId: string) {
return prisma.story.findFirst({
where: { id: storyId, product: productAccessFilter(userId) },
include: { product: true },
})
}
function hasDuplicateIds(ids: string[]) {
return new Set(ids).size !== ids.length
}
const codeField = z.string().max(MAX_CODE_LENGTH).optional()
const createStorySchema = z.object({
pbiId: z.string(),
productId: z.string(),
code: codeField,
title: z.string().min(1, 'Titel is verplicht').max(200),
description: z.string().max(2000).optional(),
acceptance_criteria: z.string().max(2000).optional(),
priority: z.coerce.number().int().min(1).max(4),
})
const updateStorySchema = z.object({
id: z.string(),
code: codeField,
title: z.string().min(1, 'Titel is verplicht').max(200),
description: z.string().max(2000).optional(),
acceptance_criteria: z.string().max(2000).optional(),
priority: z.coerce.number().int().min(1).max(4),
})
export async function createStoryAction(_prevState: unknown, formData: FormData) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const parsed = createStorySchema.safeParse({
pbiId: formData.get('pbiId'),
productId: formData.get('productId'),
code: (formData.get('code') as string) || undefined,
title: formData.get('title'),
description: formData.get('description') || undefined,
acceptance_criteria: formData.get('acceptance_criteria') || undefined,
priority: formData.get('priority') ?? 2,
})
if (!parsed.success) return { error: parsed.error.flatten().fieldErrors }
const pbi = await prisma.pbi.findFirst({
where: { id: parsed.data.pbiId, product: productAccessFilter(session.userId) },
})
if (!pbi) return { error: 'PBI niet gevonden' }
const manualCode = normalizeCode(parsed.data.code)
if (manualCode !== null && !isValidCode(manualCode)) {
return { error: { code: ['Code mag alleen letters, cijfers, punten, koppeltekens of underscores bevatten'] } }
}
if (manualCode) {
const dup = await prisma.story.findFirst({ where: { product_id: pbi.product_id, code: manualCode } })
if (dup) return { error: { code: ['Deze code is al in gebruik binnen dit product'] } }
}
const last = await prisma.story.findFirst({
where: { pbi_id: parsed.data.pbiId, priority: parsed.data.priority },
orderBy: { sort_order: 'desc' },
})
const sort_order = (last?.sort_order ?? 0) + 1.0
const insert = (code: string | null) =>
prisma.story.create({
data: {
pbi_id: parsed.data.pbiId,
product_id: pbi.product_id,
code,
title: parsed.data.title,
description: parsed.data.description ?? null,
acceptance_criteria: parsed.data.acceptance_criteria ?? null,
priority: parsed.data.priority,
sort_order,
status: 'OPEN',
},
})
let story
try {
story = manualCode
? await insert(manualCode)
: await createWithCodeRetry(
() => generateNextStoryCode(pbi.product_id),
(code) => insert(code),
)
} catch {
return { error: { code: ['Kon geen unieke code genereren — probeer opnieuw'] } }
}
revalidatePath(`/products/${pbi.product_id}`)
return { success: true, story }
}
export async function updateStoryAction(_prevState: unknown, formData: FormData) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const parsed = updateStorySchema.safeParse({
id: formData.get('id'),
code: (formData.get('code') as string) || undefined,
title: formData.get('title'),
description: formData.get('description') || undefined,
acceptance_criteria: formData.get('acceptance_criteria') || undefined,
priority: formData.get('priority'),
})
if (!parsed.success) return { error: parsed.error.flatten().fieldErrors }
const story = await verifyStoryAccess(parsed.data.id, session.userId)
if (!story) return { error: 'Story niet gevonden' }
const code = normalizeCode(parsed.data.code)
if (code !== null && !isValidCode(code)) {
return { error: { code: ['Code mag alleen letters, cijfers, punten, koppeltekens of underscores bevatten'] } }
}
if (code) {
const dup = await prisma.story.findFirst({
where: { product_id: story.product_id, code, NOT: { id: parsed.data.id } },
})
if (dup) return { error: { code: ['Deze code is al in gebruik binnen dit product'] } }
}
await prisma.story.update({
where: { id: parsed.data.id },
data: {
code,
title: parsed.data.title,
description: parsed.data.description ?? null,
acceptance_criteria: parsed.data.acceptance_criteria ?? null,
priority: parsed.data.priority,
},
})
revalidatePath(`/products/${story.product_id}`)
return { success: true }
}
export async function deleteStoryAction(id: string) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const story = await verifyStoryAccess(id, session.userId)
if (!story) return { error: 'Story niet gevonden' }
await prisma.story.delete({ where: { id } })
revalidatePath(`/products/${story.product_id}`)
return { success: true }
}
export async function reorderPbisAction(productId: string, orderedIds: string[]) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
if (hasDuplicateIds(orderedIds)) return { error: 'Ongeldige PBI-volgorde' }
const product = await getAccessibleProduct(productId, session.userId)
if (!product) return { error: 'Product niet gevonden' }
const pbis = await prisma.pbi.findMany({
where: { id: { in: orderedIds }, product_id: productId },
select: { id: true },
})
if (pbis.length !== orderedIds.length) return { error: 'Ongeldige PBI-volgorde' }
await prisma.$transaction(
orderedIds.map((id, i) =>
prisma.pbi.update({ where: { id }, data: { sort_order: i + 1.0 } })
)
)
revalidatePath(`/products/${productId}`)
return { success: true }
}
export async function updatePbiPriorityAction(pbiId: string, priority: number, _productId: string) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const pbi = await prisma.pbi.findFirst({
where: { id: pbiId, product: productAccessFilter(session.userId) },
})
if (!pbi) return { error: 'PBI niet gevonden' }
if (!Number.isInteger(priority) || priority < 1 || priority > 4) return { error: 'Ongeldige prioriteit' }
const last = await prisma.pbi.findFirst({
where: { product_id: pbi.product_id, priority },
orderBy: { sort_order: 'desc' },
})
await prisma.pbi.update({
where: { id: pbiId },
data: { priority, sort_order: (last?.sort_order ?? 0) + 1.0 },
})
revalidatePath(`/products/${pbi.product_id}`)
return { success: true }
}
export async function getStoryLogsAction(storyId: string) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
const story = await prisma.story.findFirst({
where: { id: storyId, product: productAccessFilter(session.userId) },
include: { product: { select: { repo_url: true } } },
})
if (!story) return { error: 'Story niet gevonden' }
const logs = await prisma.storyLog.findMany({
where: { story_id: storyId },
orderBy: { created_at: 'asc' },
})
return {
success: true,
logs: logs.map((l: (typeof logs)[number]) => ({
id: l.id,
type: l.type,
content: l.content,
status: l.status,
commit_hash: l.commit_hash,
commit_message: l.commit_message,
created_at: l.created_at.toISOString(),
})),
repoUrl: story.product.repo_url,
}
}
export async function claimStoryAction(storyId: string, productId: string) {
try {
await requireProductWriter(productId)
} catch (e: unknown) {
return { error: e instanceof Error ? e.message : 'Geen toegang' }
}
const session = await getSession()
const story = await prisma.story.findFirst({ where: { id: storyId, product_id: productId } })
if (!story) return { error: 'Story niet gevonden' }
await prisma.story.update({ where: { id: storyId }, data: { assignee_id: session.userId } })
revalidatePath(`/products/${productId}/sprint`)
revalidatePath(`/products/${productId}/solo`)
revalidatePath('/solo')
return { success: true }
}
export async function unclaimStoryAction(storyId: string, productId: string) {
try {
await requireProductWriter(productId)
} catch (e: unknown) {
return { error: e instanceof Error ? e.message : 'Geen toegang' }
}
const story = await prisma.story.findFirst({ where: { id: storyId, product_id: productId } })
if (!story) return { error: 'Story niet gevonden' }
await prisma.story.update({ where: { id: storyId }, data: { assignee_id: null } })
revalidatePath(`/products/${productId}/sprint`)
revalidatePath('/solo')
return { success: true }
}
export async function reassignStoryAction(storyId: string, productId: string, targetUserId: string) {
try {
await requireProductWriter(productId)
} catch (e: unknown) {
return { error: e instanceof Error ? e.message : 'Geen toegang' }
}
// Validate target user is owner or member of the product
const product = await prisma.product.findFirst({
where: {
id: productId,
OR: [
{ user_id: targetUserId },
{ members: { some: { user_id: targetUserId } } },
],
},
})
if (!product) return { error: 'Gebruiker is geen lid van dit product' }
const story = await prisma.story.findFirst({ where: { id: storyId, product_id: productId } })
if (!story) return { error: 'Story niet gevonden' }
await prisma.story.update({ where: { id: storyId }, data: { assignee_id: targetUserId } })
revalidatePath(`/products/${productId}/sprint`)
revalidatePath('/solo')
return { success: true }
}
export async function claimAllUnassignedInActiveSprintAction(productId: string) {
try {
await requireProductWriter(productId)
} catch (e: unknown) {
return { error: e instanceof Error ? e.message : 'Geen toegang' }
}
const session = await getSession()
const userId = session.userId
const sprint = await prisma.sprint.findFirst({
where: { product_id: productId, status: 'ACTIVE' },
})
if (!sprint) return { error: 'Geen actieve sprint gevonden' }
const result = await prisma.story.updateMany({
where: { sprint_id: sprint.id, product_id: productId, assignee_id: null },
data: { assignee_id: userId },
})
revalidatePath(`/products/${productId}/sprint`)
revalidatePath('/solo')
return { success: true, count: result.count }
}
export async function reorderStoriesAction(
pbiId: string,
productId: string,
orderedIds: string[],
newPriority?: number
) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
if (hasDuplicateIds(orderedIds)) return { error: 'Ongeldige story-volgorde' }
if (newPriority !== undefined && (!Number.isInteger(newPriority) || newPriority < 1 || newPriority > 4)) {
return { error: 'Ongeldige prioriteit' }
}
const pbi = await prisma.pbi.findFirst({
where: { id: pbiId, product: productAccessFilter(session.userId) },
})
if (!pbi) return { error: 'PBI niet gevonden' }
const stories = await prisma.story.findMany({
where: { id: { in: orderedIds }, pbi_id: pbiId, product_id: pbi.product_id },
select: { id: true },
})
if (stories.length !== orderedIds.length) return { error: 'Ongeldige story-volgorde' }
await prisma.$transaction(
orderedIds.map((id, i) =>
prisma.story.update({
where: { id },
data: {
sort_order: i + 1.0,
...(newPriority !== undefined ? { priority: newPriority } : {}),
},
})
)
)
revalidatePath(`/products/${pbi.product_id}`)
return { success: true }
}
Reference in a new issue View git blame Copy permalink