feat: add invoice template system with custom branding

app/api/cron/cancel-overdue-invoices/route.ts

@@ -28,7 +28,16 @@ export async function GET(request: Request) {
                 escrowEnabled: false,
             },
             include: {
-                user: true,
+                user: {
+                    include: {
+                        brandingSettings: true,
+                        invoiceTemplates: {
+                            where: { isDefault: true },
+                            orderBy: { createdAt: 'asc' },
+                            take: 1,
+                        },
+                    },
+                },
             },
         })
 
@@ -63,6 +72,26 @@ export async function GET(request: Request) {
 
                 // Send cancellation email to freelancer
                 if (invoice.user?.name && invoice.user?.email) {
+                    const brandingSettings = invoice.user.brandingSettings
+                    const defaultTemplate = invoice.user.invoiceTemplates?.[0]
+
+                    const branding = defaultTemplate
+                        ? {
+                              logoUrl: defaultTemplate.logoUrl ?? brandingSettings?.logoUrl ?? null,
+                              primaryColor: defaultTemplate.primaryColor,
+                              accentColor: defaultTemplate.accentColor,
+                              footerText:
+                                  defaultTemplate.footerText ?? brandingSettings?.footerText ?? null,
+                          }
+                        : brandingSettings
+                        ? {
+                              logoUrl: brandingSettings.logoUrl ?? null,
+                              primaryColor: brandingSettings.primaryColor,
+                              accentColor: '#059669',
+                              footerText: brandingSettings.footerText ?? null,
+                          }
+                        : undefined
+
                     const emailSent = await sendInvoiceCancelledEmail({
                         to: invoice.user.email,
                         freelancerName: invoice.user.name,
@@ -71,6 +100,7 @@ export async function GET(request: Request) {
                         dueDate: invoice.dueDate!,
                         daysOverdue,
                         clientEmail: invoice.clientEmail,
+                        branding,
                     })
 
                     if (!emailSent || !emailSent.success) {

app/api/cron/generate-subscription-invoices/route.ts

@@ -23,7 +23,16 @@ export async function GET(request: Request) {
                 },
             },
             include: {
-                user: true,
+                user: {
+                    include: {
+                        brandingSettings: true,
+                        invoiceTemplates: {
+                            where: { isDefault: true },
+                            orderBy: { createdAt: 'asc' },
+                            take: 1,
+                        },
+                    },
+                },
             },
         })
 
@@ -68,6 +77,26 @@ export async function GET(request: Request) {
                 })
 
                 // Send notification email
+                const brandingSettings = sub.user.brandingSettings
+                const defaultTemplate = sub.user.invoiceTemplates?.[0]
+
+                const branding = defaultTemplate
+                    ? {
+                          logoUrl: defaultTemplate.logoUrl ?? brandingSettings?.logoUrl ?? null,
+                          primaryColor: defaultTemplate.primaryColor,
+                          accentColor: defaultTemplate.accentColor,
+                          footerText:
+                              defaultTemplate.footerText ?? brandingSettings?.footerText ?? null,
+                      }
+                    : brandingSettings
+                    ? {
+                          logoUrl: brandingSettings.logoUrl ?? null,
+                          primaryColor: brandingSettings.primaryColor,
+                          accentColor: '#059669',
+                          footerText: brandingSettings.footerText ?? null,
+                      }
+                    : undefined
+
                 await sendInvoiceCreatedEmail({
                     to: sub.clientEmail,
                     clientName: sub.clientName || undefined,
@@ -78,6 +107,7 @@ export async function GET(request: Request) {
                     currency: invoice.currency,
                     paymentLink: invoice.paymentLink,
                     dueDate: invoice.dueDate!,
+                    branding,
                 })
 
                 // Log audit event

app/api/routes-d/branding/logo-upload/route.ts

@@ -0,0 +1,60 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { prisma } from '@/lib/db'
+import { verifyAuthToken } from '@/lib/auth'
+import { storeBrandingLogoFile, validateLogoFile } from '@/lib/file-storage'
+
+async function getAuthenticatedUser(request: NextRequest) {
+  const authToken = request.headers.get('authorization')?.replace('Bearer ', '')
+  if (!authToken) {
+    return { error: NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) as const }
+  }
+
+  const claims = await verifyAuthToken(authToken)
+  if (!claims) {
+    return { error: NextResponse.json({ error: 'Invalid token' }, { status: 401 }) as const }
+  }
+
+  const user = await prisma.user.findUnique({ where: { privyId: claims.userId } })
+  if (!user) {
+    return { error: NextResponse.json({ error: 'User not found' }, { status: 404 }) as const }
+  }
+
+  return { user }
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const auth = await getAuthenticatedUser(request)
+    if ('error' in auth) return auth.error
+
+    const { user } = auth
+    const formData = await request.formData()
+    const file = formData.get('logo')
+
+    if (!(file instanceof File)) {
+      return NextResponse.json({ error: 'Logo file is required' }, { status: 400 })
+    }
+
+    const validation = validateLogoFile(file)
+    if (!validation.valid) {
+      return NextResponse.json(
+        { error: validation.error || 'Invalid logo file' },
+        { status: 400 },
+      )
+    }
+
+    const logoUrl = await storeBrandingLogoFile(user.id, file)
+
+    return NextResponse.json({ logoUrl }, { status: 201 })
+  } catch (error) {
+    console.error('Error uploading branding logo:', error)
+    return NextResponse.json(
+      {
+        error: 'Internal server error',
+        message: error instanceof Error ? error.message : 'Unknown error',
+      },
+      { status: 500 },
+    )
+  }
+}
+

app/api/routes-d/branding/logo/route.ts

@@ -0,0 +1,75 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { prisma } from '@/lib/db'
+import { verifyAuthToken } from '@/lib/auth'
+import { getBrandingLogoAbsolutePath } from '@/lib/file-storage'
+import { readFile } from 'fs/promises'
+import { existsSync } from 'fs'
+import path from 'path'
+
+const MIME_TYPES: Record<string, string> = {
+  '.jpg': 'image/jpeg',
+  '.jpeg': 'image/jpeg',
+  '.png': 'image/png',
+  '.webp': 'image/webp',
+  '.heic': 'image/heic',
+}
+
+export async function GET(request: NextRequest) {
+  try {
+    const authToken = request.headers.get('authorization')?.replace('Bearer ', '')
+    if (!authToken) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const claims = await verifyAuthToken(authToken)
+    if (!claims) {
+      return NextResponse.json({ error: 'Invalid token' }, { status: 401 })
+    }
+
+    const user = await prisma.user.findUnique({
+      where: { privyId: claims.userId },
+    })
+    if (!user) {
+      return NextResponse.json({ error: 'User not found' }, { status: 404 })
+    }
+
+    const pathParam = request.nextUrl.searchParams.get('path')
+    if (!pathParam || pathParam.includes('..')) {
+      return NextResponse.json({ error: 'Invalid path' }, { status: 400 })
+    }
+
+    // path must be userId/filename so user can only access their own logos
+    const [pathUserId, ...rest] = pathParam.split('/')
+    if (pathUserId !== user.id || rest.length === 0) {
+      return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+    }
+
+    const logoUrl = '/branding-logos/' + pathParam
+    const absolutePath = getBrandingLogoAbsolutePath(logoUrl)
+    if (!absolutePath) {
+      return NextResponse.json({ error: 'Invalid logo path' }, { status: 400 })
+    }
+
+    if (!existsSync(absolutePath)) {
+      return NextResponse.json({ error: 'Logo not found' }, { status: 404 })
+    }
+
+    const fileBuffer = await readFile(absolutePath)
+    const ext = path.extname(absolutePath).toLowerCase()
+    const contentType = MIME_TYPES[ext] || 'application/octet-stream'
+
+    return new NextResponse(fileBuffer, {
+      headers: {
+        'Content-Type': contentType,
+        'Content-Disposition': `inline; filename="${path.basename(absolutePath)}"`,
+        'Cache-Control': 'private, max-age=3600',
+      },
+    })
+  } catch (error) {
+    console.error('Branding logo serve error:', error)
+    return NextResponse.json(
+      { error: 'Failed to retrieve logo' },
+      { status: 500 }
+    )
+  }
+}