merge api-improvements feature to staging

.nvmrc

@@ -1 +1 @@
-v20.19.1
+v20

mise.toml

@@ -1,2 +1,2 @@
 [tools]
-node = "20.19.4"
+node = "20"

package.json

@@ -107,6 +107,8 @@
     "cmd:delete-duplicate-notifications": "tsx ./src/cmd/delete-duplicate-notifications",
     "cmd:normalize-filterOptions-assignee": "tsx ./src/cmd/normalize-filterOptions-assignee",
     "cmd:post-deploy-m15": "tsx ./src/cmd/post-deploy-m15",
+    "cmd:backfill-attachments": "tsx ./src/cmd/backfill-attachments",
+    "cmd:backfill-initiatorType-in-comments": "tsx ./src/cmd/backfill-initiatorType-in-comments",
     "db:grant-supabase-privileges": "node src/lib/supabase-privilege",
     "deploy": "npx trigger.dev@latest deploy",
     "dev": "next dev",

prisma/migrations/20260115090155_add_created_at_task_id_worspace_id_index_on_comment/migration.sql

@@ -0,0 +1,2 @@
+-- CreateIndex
+CREATE INDEX "IX_Comments_taskId_workspaceId_createdAt" ON "Comments"("taskId", "workspaceId", "createdAt" DESC);

prisma/schema/comment.prisma

@@ -22,4 +22,5 @@ model Comment {
   deletedAt     DateTime?     @db.Timestamptz()
 
   @@map("Comments")
+  @@index([taskId, workspaceId, createdAt(sort: Desc)], name: "IX_Comments_taskId_workspaceId_createdAt")
 }

sentry.client.config.ts

@@ -2,55 +2,55 @@
 // The config you add here will be used whenever a users loads a page in their browser.
 // https://docs.sentry.io/platforms/javascript/guides/nextjs/
 
-import * as Sentry from "@sentry/nextjs";
+import * as Sentry from '@sentry/nextjs'
 
-const dsn = process.env.NEXT_PUBLIC_SENTRY_DSN || process.env.SENTRY_DSN;
-const vercelEnv = process.env.NEXT_PUBLIC_VERCEL_ENV;
-const isProd = process.env.NEXT_PUBLIC_VERCEL_ENV === "production";
+const dsn = process.env.NEXT_PUBLIC_SENTRY_DSN || process.env.SENTRY_DSN
+const vercelEnv = process.env.NEXT_PUBLIC_VERCEL_ENV
+const isProd = process.env.NEXT_PUBLIC_VERCEL_ENV === 'production'
 
 if (dsn) {
-	Sentry.init({
-		dsn,
-
-		// Adjust this value in production, or use tracesSampler for greater control
-		tracesSampleRate: isProd ? 0.2 : 1,
-		profilesSampleRate: 0.1,
-		// NOTE: reducing sample only 10% of transactions in prod to get general trends instead of detailed and overfitted data
-
-		// Setting this option to true will print useful information to the console while you're setting up Sentry.
-		debug: false,
-
-		// You can remove this option if you're not planning to use the Sentry Session Replay feature:
-		// NOTE: Since session replay barely helps us anyways, getting rid of it to reduce some bundle size at least
-		// replaysOnErrorSampleRate: 1.0,
-		// replaysSessionSampleRate: 0,
-		integrations: [
-			Sentry.browserTracingIntegration({
-				beforeStartSpan: (e) => {
-					console.info("SentryBrowserTracingSpan", e.name);
-					return e;
-				},
-			}),
-			//   Sentry.replayIntegration({
-			// Additional Replay configuration goes in here, for example:
-			//     maskAllText: true,
-			//     blockAllMedia: true,
-			//   }),
-		],
-
-		// ignoreErrors: [/fetch failed/i],
-		ignoreErrors: [/fetch failed/i],
-
-		beforeSend(event) {
-			if (!isProd && event.type === undefined) {
-				return null;
-			}
-			event.tags = {
-				...event.tags,
-				// Adding additional app_env tag for cross-checking
-				app_env: isProd ? "production" : vercelEnv || "development",
-			};
-			return event;
-		},
-	});
+  Sentry.init({
+    dsn,
+
+    // Adjust this value in production, or use tracesSampler for greater control
+    tracesSampleRate: isProd ? 0.2 : 1,
+    profilesSampleRate: 0.1,
+    // NOTE: reducing sample only 10% of transactions in prod to get general trends instead of detailed and overfitted data
+
+    // Setting this option to true will print useful information to the console while you're setting up Sentry.
+    debug: false,
+
+    // You can remove this option if you're not planning to use the Sentry Session Replay feature:
+    // NOTE: Since session replay barely helps us anyways, getting rid of it to reduce some bundle size at least
+    // replaysOnErrorSampleRate: 1.0,
+    // replaysSessionSampleRate: 0,
+    integrations: [
+      Sentry.browserTracingIntegration({
+        beforeStartSpan: (e) => {
+          console.info('SentryBrowserTracingSpan', e.name)
+          return e
+        },
+      }),
+      //   Sentry.replayIntegration({
+      // Additional Replay configuration goes in here, for example:
+      //     maskAllText: true,
+      //     blockAllMedia: true,
+      //   }),
+    ],
+
+    // ignoreErrors: [/fetch failed/i],
+    ignoreErrors: [/fetch failed/i],
+
+    beforeSend(event) {
+      if (!isProd && event.type === undefined) {
+        return null
+      }
+      event.tags = {
+        ...event.tags,
+        // Adding additional app_env tag for cross-checking
+        app_env: isProd ? 'production' : vercelEnv || 'development',
+      }
+      return event
+    },
+  })
 }

sentry.server.config.ts

@@ -2,31 +2,31 @@
 // The config you add here will be used whenever the server handles a request.
 // https://docs.sentry.io/platforms/javascript/guides/nextjs/
 
-import * as Sentry from "@sentry/nextjs";
+import * as Sentry from '@sentry/nextjs'
 
-const dsn = process.env.NEXT_PUBLIC_SENTRY_DSN || process.env.SENTRY_DSN;
-const vercelEnv = process.env.NEXT_PUBLIC_VERCEL_ENV;
-const isProd = process.env.NEXT_PUBLIC_VERCEL_ENV === "production";
+const dsn = process.env.NEXT_PUBLIC_SENTRY_DSN || process.env.SENTRY_DSN
+const vercelEnv = process.env.NEXT_PUBLIC_VERCEL_ENV
+const isProd = process.env.NEXT_PUBLIC_VERCEL_ENV === 'production'
 
 if (dsn) {
-	Sentry.init({
-		dsn,
+  Sentry.init({
+    dsn,
 
-		// Adjust this value in production, or use tracesSampler for greater control
-		tracesSampleRate: 1,
+    // Adjust this value in production, or use tracesSampler for greater control
+    tracesSampleRate: 1,
 
-		// Setting this option to true will print useful information to the console while you're setting up Sentry.
-		debug: false,
+    // Setting this option to true will print useful information to the console while you're setting up Sentry.
+    debug: false,
 
-		// Uncomment the line below to enable Spotlight (https://spotlightjs.com)
-		// spotlight: process.env.NODE_ENV === 'development',
-		ignoreErrors: [/fetch failed/i],
+    // Uncomment the line below to enable Spotlight (https://spotlightjs.com)
+    // spotlight: process.env.NODE_ENV === 'development',
+    ignoreErrors: [/fetch failed/i],
 
-		beforeSend(event) {
-			if (!isProd && event.type === undefined) {
-				return null;
-			}
-			return event;
-		},
-	});
+    beforeSend(event) {
+      if (!isProd && event.type === undefined) {
+        return null
+      }
+      return event
+    },
+  })
 }

src/app/api/activity-logs/services/activity-log.service.ts

@@ -9,7 +9,7 @@ import {
   SchemaByActivityType,
 } from '@api/activity-logs/const'
 import { LogResponse, LogResponseSchema } from '@api/activity-logs/schemas/LogResponseSchema'
-import { CommentService } from '@api/comment/comment.service'
+import { CommentService } from '@/app/api/comments/comment.service'
 import APIError from '@api/core/exceptions/api'
 import User from '@api/core/models/User.model'
 import { BaseService } from '@api/core/services/base.service'

src/app/api/attachments/attachments.service.ts

@@ -9,6 +9,7 @@ import APIError from '@api/core/exceptions/api'
 import httpStatus from 'http-status'
 import { SupabaseService } from '@api/core/services/supabase.service'
 import { signedUrlTtl } from '@/constants/attachments'
+import { PrismaClient } from '@prisma/client'
 
 export class AttachmentsService extends BaseService {
   async getAttachments(taskId: string) {
@@ -30,7 +31,7 @@ export class AttachmentsService extends BaseService {
     const newAttachment = await this.db.attachment.create({
       data: {
         ...data,
-        createdById: z.string().parse(this.user.internalUserId),
+        createdById: z.string().parse(this.user.internalUserId || this.user.clientId), // CU are also allowed to create attachments
         workspaceId: this.user.workspaceId,
       },
     })
@@ -40,15 +41,15 @@ export class AttachmentsService extends BaseService {
   async createMultipleAttachments(data: CreateAttachmentRequest[]) {
     const policyGate = new PoliciesService(this.user)
     policyGate.authorize(UserAction.Create, Resource.Attachments)
-    const userId = z.string().parse(this.user.internalUserId)
+
     // TODO: @arpandhakal - $transaction here could consume a lot of sequential db connections, better to use Promise.all
     // and reuse active connections instead.
     const newAttachments = await this.db.$transaction(async (prisma) => {
       const createPromises = data.map((attachmentData) =>
         prisma.attachment.create({
           data: {
             ...attachmentData,
-            createdById: userId,
+            createdById: z.string().parse(this.user.internalUserId || this.user.clientId), // CU are also allowed to create attachments
             workspaceId: this.user.workspaceId,
           },
         }),
@@ -86,4 +87,59 @@ export class AttachmentsService extends BaseService {
     const { data } = await supabase.supabase.storage.from(supabaseBucket).createSignedUrl(filePath, signedUrlTtl)
     return data?.signedUrl
   }
+
+  async deleteAttachmentsOfComment(commentId: string) {
+    const policyGate = new PoliciesService(this.user)
+    policyGate.authorize(UserAction.Delete, Resource.Attachments)
+
+    const commentAttachment = await this.db.$transaction(async (tx) => {
+      const commentAttachment = await tx.attachment.findMany({
+        where: { commentId: commentId, workspaceId: this.user.workspaceId },
+        select: { filePath: true },
+      })
+
+      await tx.attachment.deleteMany({
+        where: { commentId: commentId, workspaceId: this.user.workspaceId },
+      })
+
+      return commentAttachment
+    })
+
+    // directly delete attachments from bucket when deleting comments.
+    // Postgres transaction is not valid for supabase object so placing it after record deletion from db
+    const filePathArray = commentAttachment.map((el) => el.filePath)
+    const supabase = new SupabaseService()
+    await supabase.removeAttachmentsFromBucket(filePathArray)
+  }
+
+  async deleteAttachmentsOfTask(taskIds: string[]) {
+    const taskAttachment = await this.db.$transaction(async (tx) => {
+      const taskAttachment = await tx.attachment.findMany({
+        where: {
+          taskId: {
+            in: taskIds,
+          },
+          workspaceId: this.user.workspaceId,
+        },
+        select: { filePath: true },
+      })
+
+      await tx.attachment.deleteMany({
+        where: {
+          taskId: {
+            in: taskIds,
+          },
+          workspaceId: this.user.workspaceId,
+        },
+      })
+
+      return taskAttachment
+    })
+
+    // directly delete attachments from bucket when deleting comments.
+    // Postgres transaction is not valid for supabase object so placing it after record deletion from db
+    const filePathArray = taskAttachment.map((el) => el.filePath)
+    const supabase = new SupabaseService()
+    await supabase.removeAttachmentsFromBucket(filePathArray)
+  }
 }

src/app/api/attachments/public/public.dto.ts

@@ -0,0 +1,16 @@
+import { RFC3339DateSchema } from '@/types/common'
+import { AssigneeType } from '@prisma/client'
+import z from 'zod'
+
+export const PublicAttachmentDtoSchema = z.object({
+  id: z.string().uuid(),
+  fileName: z.string(),
+  fileSize: z.number(),
+  mimeType: z.string(),
+  downloadUrl: z.string().url().nullable(),
+  uploadedBy: z.string().uuid(),
+  uploadedByUserType: z.nativeEnum(AssigneeType).nullable(),
+  uploadedDate: RFC3339DateSchema,
+})
+
+export type PublicAttachmentDto = z.infer<typeof PublicAttachmentDtoSchema>

src/app/api/attachments/public/public.serializer.ts

@@ -0,0 +1,65 @@
+import { PublicAttachmentDto } from '@/app/api/attachments/public/public.dto'
+import { RFC3339DateSchema } from '@/types/common'
+import { toRFC3339 } from '@/utils/dateHelper'
+import { sanitizeFileName } from '@/utils/sanitizeFileName'
+import { createSignedUrls } from '@/utils/signUrl'
+import { Attachment, CommentInitiator } from '@prisma/client'
+import z from 'zod'
+
+export class PublicAttachmentSerializer {
+  /**
+   *
+   * @param attachments array of Attachment
+   * @param uploadedBy id of the one who commented
+   * @param uploadedByUserType usertype of the one who commented
+   * @returns Array of PublicAttachmentDto
+   */
+  static async serializeAttachments({
+    attachments,
+    uploadedByUserType,
+    content,
+    uploadedBy,
+  }: {
+    attachments: Attachment[]
+    uploadedByUserType: CommentInitiator | null
+    content: string | null
+    uploadedBy?: string
+  }): Promise<PublicAttachmentDto[]> {
+    // check if attachments are in the content. If yes
+    const attachmentPaths = attachments
+      .map((attachment) => {
+        return attachment.filePath
+      })
+      .filter((path) => content?.includes(path))
+
+    const signedUrls = await PublicAttachmentSerializer.getFormattedSignedUrls(attachmentPaths)
+
+    return attachments
+      .map((attachment) => {
+        const url = signedUrls.find((item) => item.path === attachment.filePath)?.url
+        if (!url) return null
+        return {
+          id: attachment.id,
+          fileName: sanitizeFileName(attachment.fileName),
+          fileSize: attachment.fileSize,
+          mimeType: attachment.fileType,
+          downloadUrl: attachment.deletedAt
+            ? null
+            : z
+                .string()
+                .url({ message: `Invalid downloadUrl for attachment with id ${attachment.id}` })
+                .parse(url),
+          uploadedBy: uploadedBy || attachment.createdById,
+          uploadedByUserType: uploadedByUserType,
+          uploadedDate: RFC3339DateSchema.parse(toRFC3339(attachment.createdAt)),
+        }
+      })
+      .filter((attachment) => attachment !== null)
+  }
+
+  static async getFormattedSignedUrls(attachmentPaths: string[]) {
+    if (!attachmentPaths.length) return []
+    const signedUrls = await createSignedUrls(attachmentPaths)
+    return signedUrls.map((item) => ({ path: item.path, url: item.signedUrl }))
+  }
+}