Migrate TREK 3 to NestJS + React 19 with a shared Zod contract layer

Brownfield strangler migration of the backend onto NestJS modules (auth, trips, days, places, assignments, packing, todo, budget, reservations, collab, files, photos, journey, share, settings, backup, oidc, oauth, admin, atlas, vacay, weather, airports, maps, categories, tags, notifications, system-notices) served through a per-prefix dispatcher, keeping the existing SQLite/better-sqlite3 DB and JWT httpOnly cookie auth, with behavioural parity for every route. Client: React 19 upgrade, "page = wiring container + data hook" pattern across all pages, per-domain Zustand stores bound to @trek/shared contracts, and decomposition of the large components (DayPlanSidebar, PackingListPanel, CollabNotes, FileManager, MemoriesPanel, PlacesSidebar, CollabChat, SystemNoticeModal, BudgetPanel, PlaceFormModal, ...) into focused render units backed by in-file hooks. Apply the shared global request pipeline (helmet/CSP, CORS, HSTS, forced HTTPS, the global MFA policy and request logging) to the NestJS instance as well, so a migrated route is protected identically to the legacy fallback rather than bypassing it.
2026-06-20 22:01:45 +00:00 · 2026-05-30 02:39:26 +02:00
parent 6d2dd37414
commit fc7d8b5d12
347 changed files with 31278 additions and 10381 deletions
@@ -0,0 +1,28 @@
+import { describe, it, expect } from 'vitest';
+import {
+  tripCreateRequestSchema,
+  tripUpdateRequestSchema,
+  tripAddMemberRequestSchema,
+} from './trip.schema';
+
+describe('tripCreateRequestSchema', () => {
+  it('requires a title; dates/currency/reminder optional', () => {
+    expect(tripCreateRequestSchema.safeParse({ title: 'Japan' }).success).toBe(true);
+    expect(tripCreateRequestSchema.safeParse({ title: 'Japan', start_date: '2026-07-01', day_count: 7 }).success).toBe(true);
+    expect(tripCreateRequestSchema.safeParse({}).success).toBe(false);
+  });
+});
+
+describe('tripUpdateRequestSchema', () => {
+  it('is fully partial and accepts is_archived + cover_image', () => {
+    expect(tripUpdateRequestSchema.safeParse({}).success).toBe(true);
+    expect(tripUpdateRequestSchema.safeParse({ is_archived: 1, cover_image: null }).success).toBe(true);
+  });
+});
+
+describe('tripAddMemberRequestSchema', () => {
+  it('requires an identifier', () => {
+    expect(tripAddMemberRequestSchema.safeParse({ identifier: 'bob@x.y' }).success).toBe(true);
+    expect(tripAddMemberRequestSchema.safeParse({}).success).toBe(false);
+  });
+});
@@ -0,0 +1,49 @@
+import { z } from 'zod';
+
+/**
+ * Trip API contract — single source of truth for the /api/trips aggregate-root
+ * endpoints (list/create/get/update/delete a trip, cover upload, copy, members,
+ * offline bundle, ICS export).
+ *
+ * The aggregate root shares its path with the trip sub-domains (days, places,
+ * collab, files, ...), so in the strangler it uses EXACT prefixes (`/api/trips|`,
+ * `/api/trips/:tripId|`) plus the specific sub-route prefixes — never a broad
+ * `/api/trips`, which would swallow not-yet-migrated nested mounts. The legacy
+ * route (server/src/routes/trips.ts) wraps tripService and does per-field
+ * permission checks + audit logging. Trip rows are wide, so responses stay open.
+ */
+
+export const tripCreateRequestSchema = z.object({
+  title: z.string().min(1),
+  description: z.string().nullable().optional(),
+  start_date: z.string().nullable().optional(),
+  end_date: z.string().nullable().optional(),
+  currency: z.string().optional(),
+  reminder_days: z.number().optional(),
+  day_count: z.number().optional(),
+});
+export type TripCreateRequest = z.infer<typeof tripCreateRequestSchema>;
+
+/** Update is partial; the route runs per-field permission checks on what's present. */
+export const tripUpdateRequestSchema = z.object({
+  title: z.string().optional(),
+  description: z.string().nullable().optional(),
+  start_date: z.string().nullable().optional(),
+  end_date: z.string().nullable().optional(),
+  currency: z.string().optional(),
+  reminder_days: z.number().optional(),
+  day_count: z.number().optional(),
+  is_archived: z.union([z.boolean(), z.number()]).optional(),
+  cover_image: z.string().nullable().optional(),
+});
+export type TripUpdateRequest = z.infer<typeof tripUpdateRequestSchema>;
+
+export const tripCopyRequestSchema = z.object({
+  title: z.string().optional(),
+});
+export type TripCopyRequest = z.infer<typeof tripCopyRequestSchema>;
+
+export const tripAddMemberRequestSchema = z.object({
+  identifier: z.string(),
+});
+export type TripAddMemberRequest = z.infer<typeof tripAddMemberRequestSchema>;