chore(services): rename services/provisioning -> services/platform-api
O.0 prep from OPERATOR-PLAN.md. Mechanical refactor before adding partner management and operator-specific endpoints. The service now owns more than just provisioning orchestration (it'll soon own partners, tenant lifecycle actions, multi-audience JWT validation), so the name 'platform-api' reflects its scope better. What changed: - Directory: services/provisioning/ -> services/platform-api/ - Package: @dezky/provisioning -> @dezky/platform-api - Docker: container_name dezky-provisioning -> dezky-platform-api; compose service key 'provisioning' -> 'platform-api'; volume provisioning_node_modules -> platform_api_node_modules - Portal: PROVISIONING_INTERNAL_URL env var -> PLATFORM_API_INTERNAL_URL, default URL http://provisioning:3001 -> http://platform-api:3001 in all three proxy routes (me.get.ts, tenants/index.post.ts, tenants/[slug]/ reconcile.post.ts), plus NUXT_API_BASE updated - Health endpoint service identifier and main.ts log lines updated to 'dezky-platform-api' - Docs swept: README, CLAUDE.md, SERVICES.md, AUTHENTIK-SETUP.md, NEXT-STEPS.md, TROUBLESHOOTING.md, OPERATOR-PLAN.md, traefik/dynamic.yml What deliberately stays: - Internal module names ProvisioningService / ProvisioningModule (those describe an orchestration sub-concern, not the service's purpose) - Tenant.provisioningStatus / provisioningErrors field names (state per integration, not service name) - File services/platform-api/src/tenants/provisioning.service.ts - 'Hetzner provisioning' references in production-prep docs (infrastructure provisioning, unrelated) Verified end-to-end after rename: /api/me returns 200 with profile + 2 tenants + subscription, /api/tenants/dezky/reconcile returns 200 with Authentik integration still ok. OPERATOR-PLAN.md O.0 checkboxes ticked.
This commit is contained in:
Ronni Baslund
@@ -0,0 +1,15 @@
|
||||
import { IsEnum, IsOptional, IsString } from 'class-validator'
|
||||
|
||||
export class CreateSubscriptionDto {
|
||||
@IsString()
|
||||
tenantSlug!: string
|
||||
|
||||
@IsOptional() @IsEnum(['mvp', 'pro', 'enterprise'])
|
||||
plan?: 'mvp' | 'pro' | 'enterprise'
|
||||
|
||||
@IsOptional() @IsEnum(['trialing', 'active', 'past_due', 'canceled', 'incomplete', 'incomplete_expired'])
|
||||
status?: 'trialing' | 'active' | 'past_due' | 'canceled' | 'incomplete' | 'incomplete_expired'
|
||||
|
||||
@IsOptional() @IsString() stripeCustomerId?: string
|
||||
@IsOptional() @IsString() stripeSubscriptionId?: string
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
import { IsDateString, IsEnum, IsOptional, IsString } from 'class-validator'
|
||||
|
||||
export class UpdateSubscriptionDto {
|
||||
@IsOptional() @IsEnum(['mvp', 'pro', 'enterprise'])
|
||||
plan?: 'mvp' | 'pro' | 'enterprise'
|
||||
|
||||
@IsOptional() @IsEnum(['trialing', 'active', 'past_due', 'canceled', 'incomplete', 'incomplete_expired'])
|
||||
status?: 'trialing' | 'active' | 'past_due' | 'canceled' | 'incomplete' | 'incomplete_expired'
|
||||
|
||||
@IsOptional() @IsString() stripeCustomerId?: string
|
||||
@IsOptional() @IsString() stripeSubscriptionId?: string
|
||||
@IsOptional() @IsDateString() trialEndsAt?: string
|
||||
@IsOptional() @IsDateString() currentPeriodEnd?: string
|
||||
@IsOptional() @IsDateString() canceledAt?: string
|
||||
}
|
||||
@@ -0,0 +1,67 @@
|
||||
import {
|
||||
Body,
|
||||
Controller,
|
||||
ForbiddenException,
|
||||
Get,
|
||||
Param,
|
||||
Patch,
|
||||
Post,
|
||||
UseGuards,
|
||||
} from '@nestjs/common'
|
||||
import { ActorService } from '../auth/actor.service.js'
|
||||
import { CurrentUser } from '../auth/current-user.decorator.js'
|
||||
import { JwtAuthGuard } from '../auth/jwt-auth.guard.js'
|
||||
import type { AuthentikJwtPayload } from '../auth/jwt-payload.interface.js'
|
||||
import { TenantsService } from '../tenants/tenants.service.js'
|
||||
import { CreateSubscriptionDto } from './dto/create-subscription.dto.js'
|
||||
import { UpdateSubscriptionDto } from './dto/update-subscription.dto.js'
|
||||
import { SubscriptionsService } from './subscriptions.service.js'
|
||||
|
||||
@Controller('subscriptions')
|
||||
@UseGuards(JwtAuthGuard)
|
||||
export class SubscriptionsController {
|
||||
constructor(
|
||||
private readonly subs: SubscriptionsService,
|
||||
private readonly tenants: TenantsService,
|
||||
private readonly actor: ActorService,
|
||||
) {}
|
||||
|
||||
@Post()
|
||||
async create(@Body() dto: CreateSubscriptionDto, @CurrentUser() jwt: AuthentikJwtPayload) {
|
||||
const actor = await this.actor.resolve(jwt)
|
||||
if (!actor.platformAdmin) {
|
||||
throw new ForbiddenException('Only platform admins can create subscriptions')
|
||||
}
|
||||
return this.subs.create(dto)
|
||||
}
|
||||
|
||||
@Get()
|
||||
async findAll(@CurrentUser() jwt: AuthentikJwtPayload) {
|
||||
const actor = await this.actor.resolve(jwt)
|
||||
if (actor.platformAdmin) return this.subs.findAll()
|
||||
return this.subs.findAllForTenants(actor.tenantIds)
|
||||
}
|
||||
|
||||
@Get(':slug')
|
||||
async findOne(@Param('slug') slug: string, @CurrentUser() jwt: AuthentikJwtPayload) {
|
||||
const actor = await this.actor.resolve(jwt)
|
||||
const tenant = await this.tenants.findOneBySlug(slug)
|
||||
if (!actor.platformAdmin && !actor.tenantIds.some((id) => id.equals(tenant._id))) {
|
||||
throw new ForbiddenException(`No access to tenant "${slug}"`)
|
||||
}
|
||||
return this.subs.findByTenantSlug(slug)
|
||||
}
|
||||
|
||||
@Patch(':slug')
|
||||
async update(
|
||||
@Param('slug') slug: string,
|
||||
@Body() dto: UpdateSubscriptionDto,
|
||||
@CurrentUser() jwt: AuthentikJwtPayload,
|
||||
) {
|
||||
const actor = await this.actor.resolve(jwt)
|
||||
if (!actor.platformAdmin) {
|
||||
throw new ForbiddenException('Only platform admins can update subscriptions')
|
||||
}
|
||||
return this.subs.update(slug, dto)
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,19 @@
|
||||
import { Module } from '@nestjs/common'
|
||||
import { MongooseModule } from '@nestjs/mongoose'
|
||||
import { AuthModule } from '../auth/auth.module.js'
|
||||
import { Subscription, SubscriptionSchema } from '../schemas/subscription.schema.js'
|
||||
import { TenantsModule } from '../tenants/tenants.module.js'
|
||||
import { SubscriptionsController } from './subscriptions.controller.js'
|
||||
import { SubscriptionsService } from './subscriptions.service.js'
|
||||
|
||||
@Module({
|
||||
imports: [
|
||||
MongooseModule.forFeature([{ name: Subscription.name, schema: SubscriptionSchema }]),
|
||||
AuthModule,
|
||||
TenantsModule,
|
||||
],
|
||||
controllers: [SubscriptionsController],
|
||||
providers: [SubscriptionsService],
|
||||
exports: [SubscriptionsService],
|
||||
})
|
||||
export class SubscriptionsModule {}
|
||||
@@ -0,0 +1,53 @@
|
||||
import { ConflictException, Injectable, NotFoundException } from '@nestjs/common'
|
||||
import { InjectModel } from '@nestjs/mongoose'
|
||||
import { Model, Types } from 'mongoose'
|
||||
import { Subscription, SubscriptionDocument } from '../schemas/subscription.schema.js'
|
||||
import { TenantsService } from '../tenants/tenants.service.js'
|
||||
import type { CreateSubscriptionDto } from './dto/create-subscription.dto.js'
|
||||
import type { UpdateSubscriptionDto } from './dto/update-subscription.dto.js'
|
||||
|
||||
@Injectable()
|
||||
export class SubscriptionsService {
|
||||
constructor(
|
||||
@InjectModel(Subscription.name) private readonly model: Model<SubscriptionDocument>,
|
||||
private readonly tenants: TenantsService,
|
||||
) {}
|
||||
|
||||
async create(dto: CreateSubscriptionDto): Promise<SubscriptionDocument> {
|
||||
const tenant = await this.tenants.findOneBySlug(dto.tenantSlug)
|
||||
const existing = await this.model.exists({ tenantId: tenant._id })
|
||||
if (existing) throw new ConflictException(`Tenant "${dto.tenantSlug}" already has a subscription`)
|
||||
|
||||
return this.model.create({
|
||||
tenantId: tenant._id,
|
||||
plan: dto.plan ?? tenant.plan,
|
||||
status: dto.status ?? 'trialing',
|
||||
stripeCustomerId: dto.stripeCustomerId,
|
||||
stripeSubscriptionId: dto.stripeSubscriptionId,
|
||||
})
|
||||
}
|
||||
|
||||
async findAllForTenants(tenantIds: Types.ObjectId[]): Promise<SubscriptionDocument[]> {
|
||||
return this.model.find({ tenantId: { $in: tenantIds } }).sort({ createdAt: -1 }).exec()
|
||||
}
|
||||
|
||||
async findAll(): Promise<SubscriptionDocument[]> {
|
||||
return this.model.find().sort({ createdAt: -1 }).exec()
|
||||
}
|
||||
|
||||
async findByTenantSlug(slug: string): Promise<SubscriptionDocument> {
|
||||
const tenant = await this.tenants.findOneBySlug(slug)
|
||||
const sub = await this.model.findOne({ tenantId: tenant._id }).exec()
|
||||
if (!sub) throw new NotFoundException(`No subscription for tenant "${slug}"`)
|
||||
return sub
|
||||
}
|
||||
|
||||
async update(slug: string, dto: UpdateSubscriptionDto): Promise<SubscriptionDocument> {
|
||||
const tenant = await this.tenants.findOneBySlug(slug)
|
||||
const sub = await this.model
|
||||
.findOneAndUpdate({ tenantId: tenant._id }, dto, { new: true, runValidators: true })
|
||||
.exec()
|
||||
if (!sub) throw new NotFoundException(`No subscription for tenant "${slug}"`)
|
||||
return sub
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user