Merge pull request davedumto#460 from ACOB-DEV/codex/routes-b-359-360-361-399

feat: add routes-b wallet, invoice, and transaction handlers

Author: davedumto

app/api/routes-b/invoices/[id]/route.ts

@@ -24,10 +24,11 @@ export async function GET(
     return NextResponse.json({ error: 'User not found' }, { status: 404 })
   }
 
-  const invoice = await prisma.invoice.findFirst({
-    where: { id, userId: user.id },
+  const invoice = await prisma.invoice.findUnique({
+    where: { id },
     select: {
       id: true,
+      userId: true,
       invoiceNumber: true,
       clientEmail: true,
       clientName: true,
@@ -47,7 +48,26 @@ export async function GET(
     return NextResponse.json({ error: 'Invoice not found' }, { status: 404 })
   }
 
-  return NextResponse.json({ ...invoice, amount: Number(invoice.amount) })
+  if (invoice.userId !== user.id) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+  }
+
+  return NextResponse.json({
+    invoice: {
+      id: invoice.id,
+      invoiceNumber: invoice.invoiceNumber,
+      clientName: invoice.clientName,
+      clientEmail: invoice.clientEmail,
+      description: invoice.description,
+      amount: Number(invoice.amount),
+      currency: invoice.currency,
+      status: invoice.status,
+      paymentLink: invoice.paymentLink,
+      dueDate: invoice.dueDate,
+      paidAt: invoice.paidAt,
+      createdAt: invoice.createdAt,
+    },
+  })
 }
 
 export async function PATCH(

app/api/routes-b/invoices/route.ts

@@ -1,27 +1,62 @@
 import { NextRequest, NextResponse } from 'next/server'
 import { prisma } from '@/lib/db'
 import { verifyAuthToken } from '@/lib/auth'
+import { generateInvoiceNumber } from '@/lib/utils'
 
-export async function GET(request: NextRequest) {
+async function getAuthenticatedUser(request: NextRequest) {
   const authToken = request.headers.get('authorization')?.replace('Bearer ', '')
   const claims = await verifyAuthToken(authToken || '')
-  if (!claims) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  if (!claims) {
+    return { error: NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) }
+  }
 
   const user = await prisma.user.findUnique({ where: { privyId: claims.userId } })
-  if (!user) return NextResponse.json({ error: 'User not found' }, { status: 404 })
+  if (!user) {
+    return { error: NextResponse.json({ error: 'User not found' }, { status: 404 }) }
+  }
+
+  return { user }
+}
+
+async function getUniqueInvoiceNumber() {
+  for (let attempt = 0; attempt < 5; attempt += 1) {
+    const invoiceNumber = generateInvoiceNumber()
+    const existingInvoice = await prisma.invoice.findUnique({
+      where: { invoiceNumber },
+      select: { id: true },
+    })
+
+    if (!existingInvoice) {
+      return invoiceNumber
+    }
+  }
+
+  throw new Error('Failed to generate a unique invoice number')
+}
+
+export async function GET(request: NextRequest) {
+  const auth = await getAuthenticatedUser(request)
+  if ('error' in auth) {
+    return auth.error
+  }
 
   const { searchParams } = new URL(request.url)
   const status = searchParams.get('status')
-  const page = parseInt(searchParams.get('page') || '1')
-  const limit = Math.min(parseInt(searchParams.get('limit') || '20'), 50)
+  const page = Math.max(1, Number.parseInt(searchParams.get('page') || '1', 10) || 1)
+  const limit = Math.min(
+    50,
+    Math.max(1, Number.parseInt(searchParams.get('limit') || '20', 10) || 20),
+  )
 
   const validStatuses = ['pending', 'paid', 'overdue', 'cancelled']
   if (status && !validStatuses.includes(status)) {
     return NextResponse.json({ error: 'Invalid status' }, { status: 400 })
   }
 
-  const where: any = { userId: user.id }
-  if (status) where.status = status
+  const where = {
+    userId: auth.user.id,
+    ...(status ? { status } : {}),
+  }
 
   const total = await prisma.invoice.count({ where })
   const invoices = await prisma.invoice.findMany({
@@ -39,23 +74,79 @@ export async function GET(request: NextRequest) {
       status: true,
       dueDate: true,
       createdAt: true,
-    }
+    },
   })
 
-  const totalPages = Math.ceil(total / limit)
-
-  const response = {
-    invoices: invoices.map(inv => ({
-      ...inv,
-      amount: parseFloat(inv.amount.toString())
+  return NextResponse.json({
+    invoices: invoices.map((invoice) => ({
+      ...invoice,
+      amount: Number(invoice.amount),
     })),
     pagination: {
       page,
       limit,
       total,
-      totalPages
+      totalPages: Math.ceil(total / limit),
+    },
+  })
+}
+
+export async function POST(request: NextRequest) {
+  const auth = await getAuthenticatedUser(request)
+  if ('error' in auth) {
+    return auth.error
+  }
+
+  const body = await request.json()
+  const { clientEmail, clientName, description, amount, currency = 'USD', dueDate } = body
+
+  if (!clientEmail || !description || amount === undefined || amount === null) {
+    return NextResponse.json(
+      { error: 'clientEmail, description, and amount are required' },
+      { status: 400 },
+    )
+  }
+
+  const parsedAmount = Number(amount)
+  if (!Number.isFinite(parsedAmount) || parsedAmount <= 0) {
+    return NextResponse.json({ error: 'amount must be greater than 0' }, { status: 400 })
+  }
+
+  let parsedDueDate: Date | null = null
+  if (dueDate) {
+    parsedDueDate = new Date(dueDate)
+    if (Number.isNaN(parsedDueDate.getTime())) {
+      return NextResponse.json({ error: 'dueDate must be a valid date string' }, { status: 400 })
     }
   }
 
-  return NextResponse.json(response)
-}
+  const invoiceNumber = await getUniqueInvoiceNumber()
+  const baseUrl = process.env.NEXT_PUBLIC_APP_URL || `https://${request.headers.get('host')}`
+  const paymentLink = `${baseUrl}/pay/${invoiceNumber}`
+
+  const invoice = await prisma.invoice.create({
+    data: {
+      userId: auth.user.id,
+      invoiceNumber,
+      clientEmail: String(clientEmail).toLowerCase(),
+      clientName: clientName || null,
+      description,
+      amount: parsedAmount,
+      currency,
+      paymentLink,
+      dueDate: parsedDueDate,
+    },
+  })
+
+  return NextResponse.json(
+    {
+      id: invoice.id,
+      invoiceNumber: invoice.invoiceNumber,
+      paymentLink: invoice.paymentLink,
+      status: invoice.status,
+      amount: Number(invoice.amount),
+      currency: invoice.currency,
+    },
+    { status: 201 },
+  )
+}

app/api/routes-b/transactions/route.ts

@@ -0,0 +1,109 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { prisma } from '@/lib/db'
+import { verifyAuthToken } from '@/lib/auth'
+
+const ALLOWED_TYPES = new Set(['payment', 'withdrawal'])
+
+function parseDateParam(value: string | null, fieldName: 'from' | 'to') {
+  if (!value) {
+    return null
+  }
+
+  const date = new Date(value)
+  if (Number.isNaN(date.getTime())) {
+    return { error: `${fieldName} must be a valid ISO date string` }
+  }
+
+  return { date }
+}
+
+export async function GET(request: NextRequest) {
+  const authToken = request.headers.get('authorization')?.replace('Bearer ', '')
+  const claims = await verifyAuthToken(authToken || '')
+  if (!claims) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const user = await prisma.user.findUnique({ where: { privyId: claims.userId } })
+  if (!user) {
+    return NextResponse.json({ error: 'User not found' }, { status: 404 })
+  }
+
+  const url = new URL(request.url)
+  const type = url.searchParams.get('type')
+  const from = parseDateParam(url.searchParams.get('from'), 'from')
+  const to = parseDateParam(url.searchParams.get('to'), 'to')
+  const page = Math.max(1, Number.parseInt(url.searchParams.get('page') || '1', 10) || 1)
+  const limit = Math.min(
+    100,
+    Math.max(1, Number.parseInt(url.searchParams.get('limit') || '20', 10) || 20),
+  )
+
+  if (type && !ALLOWED_TYPES.has(type)) {
+    return NextResponse.json(
+      { error: 'Invalid type. Allowed values are payment or withdrawal' },
+      { status: 400 },
+    )
+  }
+
+  if (from && 'error' in from) {
+    return NextResponse.json({ error: from.error }, { status: 400 })
+  }
+
+  if (to && 'error' in to) {
+    return NextResponse.json({ error: to.error }, { status: 400 })
+  }
+
+  const createdAt =
+    from?.date || to?.date
+      ? {
+          ...(from?.date ? { gte: from.date } : {}),
+          ...(to?.date ? { lte: to.date } : {}),
+        }
+      : undefined
+
+  const where = {
+    userId: user.id,
+    ...(type ? { type } : {}),
+    ...(createdAt ? { createdAt } : {}),
+  }
+
+  const [transactions, total] = await Promise.all([
+    prisma.transaction.findMany({
+      where,
+      orderBy: { createdAt: 'desc' },
+      skip: (page - 1) * limit,
+      take: limit,
+      include: {
+        invoice: {
+          select: {
+            invoiceNumber: true,
+          },
+        },
+      },
+    }),
+    prisma.transaction.count({ where }),
+  ])
+
+  return NextResponse.json({
+    transactions: transactions.map((transaction) => ({
+      id: transaction.id,
+      type: transaction.type,
+      status: transaction.status,
+      amount: Number(transaction.amount),
+      currency: transaction.currency,
+      description: transaction.invoice?.invoiceNumber
+        ? `Invoice ${transaction.invoice.invoiceNumber} paid`
+        : transaction.type === 'withdrawal'
+          ? 'Withdrawal initiated'
+          : 'Transaction recorded',
+      createdAt: transaction.createdAt,
+    })),
+    pagination: {
+      page,
+      limit,
+      total,
+      totalPages: Math.ceil(total / limit),
+    },
+  })
+}

app/api/routes-b/wallet/route.ts

@@ -0,0 +1,30 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { prisma } from '@/lib/db'
+import { verifyAuthToken } from '@/lib/auth'
+
+export async function GET(request: NextRequest) {
+  const authToken = request.headers.get('authorization')?.replace('Bearer ', '')
+  const claims = await verifyAuthToken(authToken || '')
+
+  if (!claims) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const user = await prisma.user.findUnique({ where: { privyId: claims.userId } })
+  if (!user) {
+    return NextResponse.json({ error: 'User not found' }, { status: 404 })
+  }
+
+  const wallet = await prisma.wallet.findUnique({ where: { userId: user.id } })
+  if (!wallet) {
+    return NextResponse.json({ wallet: null }, { status: 200 })
+  }
+
+  return NextResponse.json({
+    wallet: {
+      id: wallet.id,
+      stellarAddress: wallet.address,
+      createdAt: wallet.createdAt,
+    },
+  })
+}