B4L/buildfor_life_budget
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add document detail page with versions and download endpoint

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Alexander Grabowski
2026-04-15 11:10:41 +07:00
parent a198bae9be
commit 2489b092af
3 changed files with 706 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/(app)/companies/[companyId]/documents/[docId]/+page.server.ts
+256
View File
@@ -0,0 +1,256 @@
import { error, fail, redirect } from '@sveltejs/kit';
import type { Actions, PageServerLoad } from './$types';
import { db } from '$lib/server/db/index.js';
import {
companyDocuments,
companyDocumentVersions,
users
} from '$lib/server/db/schema.js';
import { requireCompanyRoleAny } from '$lib/server/authorization.js';
import { logCompanyEvent } from '$lib/server/audit.js';
import {
saveCompanyFile,
deleteCompanyFile,
isAllowedMime,
MAX_BYTES,
ALLOWED_MIME
} from '$lib/server/uploads/index.js';
import { and, desc, eq, isNull, sql } from 'drizzle-orm';
const DOCUMENT_CATEGORIES = [
'dbd_registration',
'affidavit',
'memorandum',
'articles_of_association',
'vat_registration',
'tax_id_document',
'bank_document',
'director_id',
'director_signature_card',
'shareholder_list',
'annual_filing',
'contract',
'license',
'insurance',
'other'
] as const;
type DocumentCategory = (typeof DOCUMENT_CATEGORIES)[number];
function trimOrNull(v: FormDataEntryValue | null): string | null {
const s = v?.toString().trim();
return s ? s : null;
}
export const load: PageServerLoad = async ({ locals, params, parent }) => {
await requireCompanyRoleAny(locals, params.companyId, ['admin', 'manager', 'accountant']);
await parent();
const [doc] = await db
.select()
.from(companyDocuments)
.where(
and(
eq(companyDocuments.id, params.docId),
eq(companyDocuments.companyId, params.companyId),
isNull(companyDocuments.deletedAt)
)
)
.limit(1);
if (!doc) error(404, 'Document not found');
const versions = await db
.select({
id: companyDocumentVersions.id,
versionNumber: companyDocumentVersions.versionNumber,
fileName: companyDocumentVersions.fileName,
mimeType: companyDocumentVersions.mimeType,
sizeBytes: companyDocumentVersions.sizeBytes,
uploadedAt: companyDocumentVersions.uploadedAt,
comment: companyDocumentVersions.comment,
uploadedByName: users.displayName,
uploadedByEmail: users.email
})
.from(companyDocumentVersions)
.leftJoin(users, eq(companyDocumentVersions.uploadedBy, users.id))
.where(eq(companyDocumentVersions.documentId, doc.id))
.orderBy(desc(companyDocumentVersions.versionNumber));
return { document: doc, versions };
};
export const actions: Actions = {
addVersion: async ({ request, locals, params }) => {
const { user } = await requireCompanyRoleAny(locals, params.companyId, [
'admin',
'accountant'
]);
const [doc] = await db
.select({ id: companyDocuments.id, title: companyDocuments.title })
.from(companyDocuments)
.where(
and(
eq(companyDocuments.id, params.docId),
eq(companyDocuments.companyId, params.companyId),
isNull(companyDocuments.deletedAt)
)
)
.limit(1);
if (!doc) error(404, 'Document not found');
const fd = await request.formData();
const file = fd.get('file') as File | null;
const comment = trimOrNull(fd.get('comment'));
if (!file || !(file instanceof File) || file.size === 0) {
return fail(400, { action: 'addVersion', error: 'File is required' });
}
if (file.size > MAX_BYTES) {
return fail(400, {
action: 'addVersion',
error: `File too large (max ${Math.round(MAX_BYTES / 1024 / 1024)} MB)`
});
}
const mime = file.type || 'application/octet-stream';
if (!isAllowedMime(mime)) {
return fail(400, {
action: 'addVersion',
error: `File type not allowed. Allowed: ${ALLOWED_MIME.join(', ')}`
});
}
const [maxRow] = await db
.select({ max: sql<number>`coalesce(max(${companyDocumentVersions.versionNumber}), 0)::int` })
.from(companyDocumentVersions)
.where(eq(companyDocumentVersions.documentId, doc.id));
const nextVersion = (maxRow?.max ?? 0) + 1;
let saved;
try {
saved = await saveCompanyFile(params.companyId, file);
} catch (err) {
console.error('saveCompanyFile failed', err);
return fail(500, { action: 'addVersion', error: 'Failed to save file to disk' });
}
try {
await db.insert(companyDocumentVersions).values({
documentId: doc.id,
versionNumber: nextVersion,
fileName: file.name,
storedPath: saved.storedPath,
mimeType: saved.mimeType,
sizeBytes: saved.sizeBytes,
uploadedBy: user.id,
comment
});
await db
.update(companyDocuments)
.set({ updatedAt: new Date() })
.where(eq(companyDocuments.id, doc.id));
} catch (err) {
await deleteCompanyFile(saved.storedPath);
console.error('insert version failed', err);
return fail(500, { action: 'addVersion', error: 'Failed to register file version' });
}
await logCompanyEvent(
params.companyId,
user.id,
'document_version_added',
`New version v${nextVersion} uploaded for "${doc.title}"`,
{ documentId: doc.id, versionNumber: nextVersion, fileName: file.name }
);
return { success: true, action: 'addVersion' };
},
updateMetadata: async ({ request, locals, params }) => {
const { user } = await requireCompanyRoleAny(locals, params.companyId, [
'admin',
'accountant'
]);
const [doc] = await db
.select({ id: companyDocuments.id })
.from(companyDocuments)
.where(
and(
eq(companyDocuments.id, params.docId),
eq(companyDocuments.companyId, params.companyId),
isNull(companyDocuments.deletedAt)
)
)
.limit(1);
if (!doc) error(404, 'Document not found');
const fd = await request.formData();
const title = trimOrNull(fd.get('title'));
const category = fd.get('category')?.toString() as DocumentCategory | undefined;
if (!title) return fail(400, { action: 'updateMetadata', error: 'Title is required' });
if (!category || !DOCUMENT_CATEGORIES.includes(category)) {
return fail(400, { action: 'updateMetadata', error: 'Invalid category' });
}
await db
.update(companyDocuments)
.set({
title,
category,
customLabel: trimOrNull(fd.get('customLabel')),
description: trimOrNull(fd.get('description')),
expiresAt: trimOrNull(fd.get('expiresAt')) ?? null,
notes: trimOrNull(fd.get('notes')),
updatedAt: new Date()
})
.where(eq(companyDocuments.id, doc.id));
await logCompanyEvent(
params.companyId,
user.id,
'document_metadata_updated',
`Document "${title}" metadata updated`,
{ documentId: doc.id }
);
return { success: true, action: 'updateMetadata' };
},
softDelete: async ({ locals, params }) => {
const { user } = await requireCompanyRoleAny(locals, params.companyId, [
'admin',
'accountant'
]);
const [doc] = await db
.select({ id: companyDocuments.id, title: companyDocuments.title })
.from(companyDocuments)
.where(
and(
eq(companyDocuments.id, params.docId),
eq(companyDocuments.companyId, params.companyId),
isNull(companyDocuments.deletedAt)
)
)
.limit(1);
if (!doc) error(404, 'Document not found');
await db
.update(companyDocuments)
.set({ deletedAt: new Date(), updatedAt: new Date() })
.where(eq(companyDocuments.id, doc.id));
await logCompanyEvent(
params.companyId,
user.id,
'document_deleted',
`Document "${doc.title}" deleted`,
{ documentId: doc.id }
);
redirect(303, `/companies/${params.companyId}/documents`);
}
};
src/routes/(app)/companies/[companyId]/documents/[docId]/+page.svelte
+402
View File
@@ -0,0 +1,402 @@
<script lang="ts">
import { enhance } from '$app/forms';
import { page } from '$app/stores';
import type { PageData, ActionData } from './$types';
import { formatDate, formatDateTime } from '$lib/utils/date.js';
let { data, form }: { data: PageData; form: ActionData } = $props();
const canEdit = $derived(
data.companyRoles.includes('admin') || data.companyRoles.includes('accountant')
);
const CATEGORY_LABELS: Record<string, string> = {
dbd_registration: 'DBD Registration',
affidavit: 'Affidavit (หนังสือรับรอง)',
memorandum: 'Memorandum (MOA)',
articles_of_association: 'Articles of Association',
vat_registration: 'VAT Registration (PP.20)',
tax_id_document: 'Tax ID Document',
bank_document: 'Bank Document',
director_id: 'Director ID',
director_signature_card: 'Director Signature Card',
shareholder_list: 'Shareholder List (BOJ.5)',
annual_filing: 'Annual Filing',
contract: 'Contract',
license: 'License',
insurance: 'Insurance',
other: 'Other'
};
const CATEGORY_BADGE: Record<string, string> = {
dbd_registration: 'bg-purple-100 text-purple-700 dark:bg-purple-900/40 dark:text-purple-300',
affidavit: 'bg-indigo-100 text-indigo-700 dark:bg-indigo-900/40 dark:text-indigo-300',
memorandum: 'bg-blue-100 text-blue-700 dark:bg-blue-900/40 dark:text-blue-300',
articles_of_association: 'bg-sky-100 text-sky-700 dark:bg-sky-900/40 dark:text-sky-300',
vat_registration: 'bg-emerald-100 text-emerald-700 dark:bg-emerald-900/40 dark:text-emerald-300',
tax_id_document: 'bg-teal-100 text-teal-700 dark:bg-teal-900/40 dark:text-teal-300',
bank_document: 'bg-amber-100 text-amber-700 dark:bg-amber-900/40 dark:text-amber-300',
director_id: 'bg-rose-100 text-rose-700 dark:bg-rose-900/40 dark:text-rose-300',
director_signature_card: 'bg-pink-100 text-pink-700 dark:bg-pink-900/40 dark:text-pink-300',
shareholder_list: 'bg-fuchsia-100 text-fuchsia-700 dark:bg-fuchsia-900/40 dark:text-fuchsia-300',
annual_filing: 'bg-lime-100 text-lime-700 dark:bg-lime-900/40 dark:text-lime-300',
contract: 'bg-orange-100 text-orange-700 dark:bg-orange-900/40 dark:text-orange-300',
license: 'bg-cyan-100 text-cyan-700 dark:bg-cyan-900/40 dark:text-cyan-300',
insurance: 'bg-yellow-100 text-yellow-700 dark:bg-yellow-900/40 dark:text-yellow-300',
other: 'bg-gray-100 text-gray-700 dark:bg-gray-700 dark:text-gray-300'
};
const ALL_CATEGORIES = Object.keys(CATEGORY_LABELS);
let editing = $state(false);
let showAddVersion = $state(false);
let confirmDelete = $state(false);
function humanSize(bytes: number): string {
if (bytes < 1024) return `${bytes} B`;
if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
return `${(bytes / 1024 / 1024).toFixed(2)} MB`;
}
function mimeIcon(mime: string): string {
if (mime === 'application/pdf') return '📄';
if (mime.startsWith('image/')) return '🖼';
if (mime.includes('word')) return '📝';
if (mime.includes('excel') || mime.includes('spreadsheet')) return '📊';
return '📎';
}
function isExpired(expiresAt: string | null): boolean {
if (!expiresAt) return false;
return new Date(expiresAt) < new Date();
}
function versionFileUrl(versionId: string): string {
return `/companies/${$page.params.companyId}/documents/${data.document.id}/versions/${versionId}/file`;
}
const inputCls =
'w-full rounded-md border border-gray-300 px-3 py-2 text-sm dark:border-gray-600 dark:bg-gray-700 dark:text-white';
const labelCls = 'mb-1 block text-sm font-medium text-gray-700 dark:text-gray-300';
</script>
<svelte:head>
<title>{data.document.title} - {data.company.name}</title>
</svelte:head>
<div class="space-y-6">
<nav class="text-sm">
<a
href="/companies/{$page.params.companyId}/documents"
class="text-blue-600 hover:underline dark:text-blue-400"
>
← Back to documents
</a>
</nav>
{#if form?.error}
<div class="rounded-md bg-red-50 p-3 text-sm text-red-700 dark:bg-red-900/30 dark:text-red-300">
{form.error}
</div>
{/if}
<!-- Header -->
<section
class="rounded-lg border border-gray-200 bg-white p-6 dark:border-gray-700 dark:bg-gray-800"
>
{#if editing}
<form
method="POST"
action="?/updateMetadata"
use:enhance={() => async ({ update }) => {
await update({ reset: false });
editing = false;
}}
class="grid grid-cols-1 gap-3 sm:grid-cols-2"
>
<div>
<label for="title" class={labelCls}>Title *</label>
<input
id="title"
name="title"
required
value={data.document.title}
class={inputCls}
/>
</div>
<div>
<label for="category" class={labelCls}>Category *</label>
<select id="category" name="category" required class={inputCls}>
{#each ALL_CATEGORIES as cat}
<option value={cat} selected={cat === data.document.category}>
{CATEGORY_LABELS[cat]}
</option>
{/each}
</select>
</div>
<div>
<label for="customLabel" class={labelCls}>Custom Label</label>
<input
id="customLabel"
name="customLabel"
value={data.document.customLabel ?? ''}
class={inputCls}
/>
</div>
<div>
<label for="expiresAt" class={labelCls}>Expiry Date</label>
<input
id="expiresAt"
name="expiresAt"
type="date"
value={data.document.expiresAt ?? ''}
class={inputCls}
/>
</div>
<div class="sm:col-span-2">
<label for="description" class={labelCls}>Description</label>
<textarea id="description" name="description" rows="2" class={inputCls}
>{data.document.description ?? ''}</textarea
>
</div>
<div class="sm:col-span-2">
<label for="notes" class={labelCls}>Notes</label>
<textarea id="notes" name="notes" rows="2" class={inputCls}>{data.document.notes ?? ''}</textarea>
</div>
<div class="sm:col-span-2 flex justify-end gap-2">
<button
type="button"
onclick={() => (editing = false)}
class="rounded-md border border-gray-300 px-4 py-2 text-sm font-medium text-gray-700 hover:bg-gray-50 dark:border-gray-600 dark:text-gray-300 dark:hover:bg-gray-700"
>
Cancel
</button>
<button
type="submit"
class="rounded-md bg-blue-600 px-4 py-2 text-sm font-medium text-white hover:bg-blue-700"
>
Save
</button>
</div>
</form>
{:else}
<div class="flex items-start justify-between gap-4">
<div>
<div class="flex items-center gap-2">
<h1 class="text-2xl font-bold text-gray-900 dark:text-white">{data.document.title}</h1>
<span
class="inline-block rounded-full px-2 py-0.5 text-xs font-medium {CATEGORY_BADGE[
data.document.category
]}"
>
{CATEGORY_LABELS[data.document.category]}
</span>
</div>
{#if data.document.customLabel}
<p class="mt-1 text-sm text-gray-500 dark:text-gray-400">{data.document.customLabel}</p>
{/if}
</div>
{#if canEdit}
<div class="flex flex-wrap gap-2">
<button
onclick={() => (editing = true)}
class="rounded-md border border-gray-300 px-3 py-1.5 text-sm font-medium text-gray-700 hover:bg-gray-50 dark:border-gray-600 dark:text-gray-300 dark:hover:bg-gray-700"
>
Edit
</button>
<button
onclick={() => (confirmDelete = !confirmDelete)}
class="rounded-md border border-red-300 px-3 py-1.5 text-sm font-medium text-red-700 hover:bg-red-50 dark:border-red-700 dark:text-red-300 dark:hover:bg-red-900/30"
>
Delete
</button>
</div>
{/if}
</div>
<dl class="mt-4 grid grid-cols-1 gap-4 sm:grid-cols-3">
{#if data.document.description}
<div class="sm:col-span-3">
<dt class="text-xs font-medium uppercase text-gray-500 dark:text-gray-400">
Description
</dt>
<dd class="mt-1 text-sm text-gray-900 dark:text-gray-100">
{data.document.description}
</dd>
</div>
{/if}
<div>
<dt class="text-xs font-medium uppercase text-gray-500 dark:text-gray-400">
Expiry Date
</dt>
<dd
class={data.document.expiresAt && isExpired(data.document.expiresAt)
? 'mt-1 text-sm font-medium text-red-600 dark:text-red-400'
: 'mt-1 text-sm text-gray-900 dark:text-gray-100'}
>
{data.document.expiresAt ? formatDate(data.document.expiresAt) : '—'}
{#if data.document.expiresAt && isExpired(data.document.expiresAt)}
<span class="ml-1 text-xs">(expired)</span>
{/if}
</dd>
</div>
<div>
<dt class="text-xs font-medium uppercase text-gray-500 dark:text-gray-400">Created</dt>
<dd class="mt-1 text-sm text-gray-900 dark:text-gray-100">
{formatDateTime(data.document.createdAt)}
</dd>
</div>
<div>
<dt class="text-xs font-medium uppercase text-gray-500 dark:text-gray-400">Updated</dt>
<dd class="mt-1 text-sm text-gray-900 dark:text-gray-100">
{formatDateTime(data.document.updatedAt)}
</dd>
</div>
{#if data.document.notes}
<div class="sm:col-span-3">
<dt class="text-xs font-medium uppercase text-gray-500 dark:text-gray-400">Notes</dt>
<dd class="mt-1 whitespace-pre-wrap text-sm text-gray-900 dark:text-gray-100">
{data.document.notes}
</dd>
</div>
{/if}
</dl>
{#if confirmDelete && canEdit}
<div
class="mt-4 rounded-md border border-red-300 bg-red-50 p-3 dark:border-red-700 dark:bg-red-900/30"
>
<p class="text-sm text-red-700 dark:text-red-300">
Delete this document? Files will remain on disk for recovery, but the document will be
hidden from the list.
</p>
<div class="mt-2 flex justify-end gap-2">
<button
type="button"
onclick={() => (confirmDelete = false)}
class="rounded-md border border-gray-300 px-3 py-1.5 text-sm font-medium text-gray-700 hover:bg-gray-50 dark:border-gray-600 dark:text-gray-300 dark:hover:bg-gray-700"
>
Cancel
</button>
<form method="POST" action="?/softDelete">
<button
type="submit"
class="rounded-md bg-red-600 px-3 py-1.5 text-sm font-medium text-white hover:bg-red-700"
>
Delete
</button>
</form>
</div>
</div>
{/if}
{/if}
</section>
<!-- Versions -->
<section
class="rounded-lg border border-gray-200 bg-white dark:border-gray-700 dark:bg-gray-800"
>
<div
class="flex items-center justify-between border-b border-gray-200 p-4 dark:border-gray-700"
>
<h2 class="font-semibold text-gray-900 dark:text-white">
Versions ({data.versions.length})
</h2>
{#if canEdit}
<button
onclick={() => (showAddVersion = !showAddVersion)}
class="rounded-md bg-blue-600 px-3 py-1.5 text-sm font-medium text-white hover:bg-blue-700"
>
{showAddVersion ? 'Cancel' : '+ Upload New Version'}
</button>
{/if}
</div>
{#if showAddVersion && canEdit}
<form
method="POST"
action="?/addVersion"
enctype="multipart/form-data"
use:enhance={() => async ({ update }) => {
await update({ reset: false });
showAddVersion = false;
}}
class="grid grid-cols-1 gap-3 border-b border-gray-200 bg-blue-50 p-4 dark:border-gray-700 dark:bg-blue-900/20"
>
<div>
<label for="version-file" class={labelCls}>File *</label>
<input
id="version-file"
type="file"
name="file"
required
accept=".pdf,.jpg,.jpeg,.png,.webp,.heic,.doc,.docx,.xls,.xlsx"
class={inputCls}
/>
<p class="mt-1 text-xs text-gray-500 dark:text-gray-400">
PDF, image, or Office document up to 25 MB.
</p>
</div>
<div>
<label for="version-comment" class={labelCls}>Note</label>
<input
id="version-comment"
name="comment"
placeholder="What changed? (optional)"
class={inputCls}
/>
</div>
<div class="flex justify-end">
<button
type="submit"
class="rounded-md bg-blue-600 px-4 py-2 text-sm font-medium text-white hover:bg-blue-700"
>
Upload Version
</button>
</div>
</form>
{/if}
{#if data.versions.length === 0}
<p class="p-6 text-sm text-gray-500 dark:text-gray-400">No versions yet.</p>
{:else}
<ul class="divide-y divide-gray-200 dark:divide-gray-700">
{#each data.versions as v}
<li class="p-4">
<div class="flex flex-wrap items-start justify-between gap-3">
<div class="min-w-0 flex-1">
<div class="flex items-center gap-2">
<span class="text-lg">{mimeIcon(v.mimeType)}</span>
<span class="font-medium text-gray-900 dark:text-white">v{v.versionNumber}</span>
<span class="truncate text-sm text-gray-600 dark:text-gray-300">
{v.fileName}
</span>
</div>
<div class="mt-1 text-xs text-gray-500 dark:text-gray-400">
{humanSize(v.sizeBytes)} · {v.mimeType} · uploaded
{formatDateTime(v.uploadedAt)} by
{v.uploadedByName ?? v.uploadedByEmail ?? 'unknown'}
</div>
{#if v.comment}
<div
class="mt-2 rounded-md bg-gray-50 p-2 text-sm text-gray-700 dark:bg-gray-700/50 dark:text-gray-300"
>
{v.comment}
</div>
{/if}
</div>
<a
href={versionFileUrl(v.id)}
target="_blank"
rel="noopener"
class="shrink-0 rounded-md bg-blue-600 px-3 py-1.5 text-sm font-medium text-white hover:bg-blue-700"
>
Download
</a>
</div>
</li>
{/each}
</ul>
{/if}
</section>
</div>
src/routes/(app)/companies/[companyId]/documents/[docId]/versions/[versionId]/file/+server.ts
+48
View File
@@ -0,0 +1,48 @@
import { error } from '@sveltejs/kit';
import type { RequestHandler } from './$types';
import { db } from '$lib/server/db/index.js';
import { companyDocuments, companyDocumentVersions } from '$lib/server/db/schema.js';
import { requireCompanyRoleAny } from '$lib/server/authorization.js';
import { readCompanyFile } from '$lib/server/uploads/index.js';
import { and, eq, isNull } from 'drizzle-orm';
export const GET: RequestHandler = async ({ locals, params }) => {
await requireCompanyRoleAny(locals, params.companyId, ['admin', 'manager', 'accountant']);
const [row] = await db
.select({
storedPath: companyDocumentVersions.storedPath,
fileName: companyDocumentVersions.fileName,
mimeType: companyDocumentVersions.mimeType
})
.from(companyDocumentVersions)
.innerJoin(companyDocuments, eq(companyDocumentVersions.documentId, companyDocuments.id))
.where(
and(
eq(companyDocumentVersions.id, params.versionId),
eq(companyDocuments.id, params.docId),
eq(companyDocuments.companyId, params.companyId),
isNull(companyDocuments.deletedAt)
)
)
.limit(1);
if (!row) error(404, 'File not found');
let buf: Buffer;
try {
buf = await readCompanyFile(row.storedPath);
} catch (err) {
console.error('readCompanyFile failed', err);
error(404, 'File missing on disk');
}
const safeName = row.fileName.replace(/[\r\n"\\]/g, '_');
return new Response(new Blob([buf as BlobPart], { type: row.mimeType }), {
headers: {
'Content-Disposition': `inline; filename="${safeName}"`,
'Cache-Control': 'private, no-store'
}
});
};