Migrate TREK 3 to NestJS + React 19 with a shared Zod contract layer

Brownfield strangler migration of the backend onto NestJS modules (auth, trips, days, places, assignments, packing, todo, budget, reservations, collab, files, photos, journey, share, settings, backup, oidc, oauth, admin, atlas, vacay, weather, airports, maps, categories, tags, notifications, system-notices) served through a per-prefix dispatcher, keeping the existing SQLite/better-sqlite3 DB and JWT httpOnly cookie auth, with behavioural parity for every route. Client: React 19 upgrade, "page = wiring container + data hook" pattern across all pages, per-domain Zustand stores bound to @trek/shared contracts, and decomposition of the large components (DayPlanSidebar, PackingListPanel, CollabNotes, FileManager, MemoriesPanel, PlacesSidebar, CollabChat, SystemNoticeModal, BudgetPanel, PlaceFormModal, ...) into focused render units backed by in-file hooks. Apply the shared global request pipeline (helmet/CSP, CORS, HSTS, forced HTTPS, the global MFA policy and request logging) to the NestJS instance as well, so a migrated route is protected identically to the legacy fallback rather than bypassing it.
2026-06-21 14:21:46 +00:00 · 2026-05-30 02:39:26 +02:00
parent 6d2dd37414
commit fc7d8b5d12
347 changed files with 31278 additions and 10381 deletions
@@ -0,0 +1,56 @@
+import { z } from 'zod';
+
+/**
+ * Budget API contract — single source of truth for the /api/trips/:tripId/budget
+ * endpoints (expense items, per-member splits, paid toggles, settlement).
+ *
+ * Trip-scoped: every endpoint verifies trip access (404 "Trip not found") and
+ * mutations check the 'budget_edit' permission (403 "No permission"). The legacy
+ * route (server/src/routes/budget.ts) wraps services/budgetService.ts; rows are
+ * DB-shaped and kept open. Mutations broadcast over WebSocket with the forwarded
+ * X-Socket-Id. Updating a linked item's total_price also syncs the price into the
+ * linked reservation's metadata (and broadcasts reservation:updated).
+ */
+
+export const budgetCreateItemRequestSchema = z.object({
+  name: z.string().min(1),
+  category: z.string().optional(),
+  total_price: z.number().optional(),
+  persons: z.number().nullable().optional(),
+  days: z.number().nullable().optional(),
+  note: z.string().nullable().optional(),
+  expense_date: z.string().nullable().optional(),
+});
+export type BudgetCreateItemRequest = z.infer<typeof budgetCreateItemRequestSchema>;
+
+/** Update accepts the same fields plus total_price changes; all optional. */
+export const budgetUpdateItemRequestSchema = z.object({
+  name: z.string().optional(),
+  category: z.string().optional(),
+  total_price: z.number().optional(),
+  persons: z.number().nullable().optional(),
+  days: z.number().nullable().optional(),
+  note: z.string().nullable().optional(),
+  expense_date: z.string().nullable().optional(),
+});
+export type BudgetUpdateItemRequest = z.infer<typeof budgetUpdateItemRequestSchema>;
+
+export const budgetUpdateMembersRequestSchema = z.object({
+  user_ids: z.array(z.number()),
+});
+export type BudgetUpdateMembersRequest = z.infer<typeof budgetUpdateMembersRequestSchema>;
+
+export const budgetToggleMemberPaidRequestSchema = z.object({
+  paid: z.boolean(),
+});
+export type BudgetToggleMemberPaidRequest = z.infer<typeof budgetToggleMemberPaidRequestSchema>;
+
+export const budgetReorderItemsRequestSchema = z.object({
+  orderedIds: z.array(z.number()),
+});
+export type BudgetReorderItemsRequest = z.infer<typeof budgetReorderItemsRequestSchema>;
+
+export const budgetReorderCategoriesRequestSchema = z.object({
+  orderedCategories: z.array(z.string()),
+});
+export type BudgetReorderCategoriesRequest = z.infer<typeof budgetReorderCategoriesRequestSchema>;