feat(platform-api): multi-audience JWT + Partner CRUD + tenant lifecycle (O.2)

JwtAuthGuard now accepts a comma-separated AUTHENTIK_AUDIENCE ('dezky-portal,dezky-operator'). jose.jwtVerify takes an array and succeeds on any match — both customer-portal and operator-portal tokens validate against this service. Per-endpoint guards restrict further. New OperatorGuard enforces operator-only mutations: 1. JWT audience claim includes 'dezky-operator' (proof from the token alone that this is a privileged session) 2. ActorService-resolved User has platformAdmin=true (DB check so revocation works without waiting for the token to expire) Both required; either alone is insufficient. Partner module: - Partner schema: slug, name, domain, status, marginPct, contactInfo, billingInfo. marginPct is one number per partner (decided in grilling) - CRUD endpoints under @UseGuards(JwtAuthGuard, OperatorGuard) — every partner mutation requires operator scope - GET /partners returns each row with a computed customers count from aggregating Tenant.partnerId. MRR aggregation deferred until Subscription gains a price column - GET /partners/:slug/tenants for the partner detail view - DELETE soft-terminates (status='terminated') — never hard-delete because tenants may still reference the partner Tenant changes: - partnerId?: Types.ObjectId (ref Partner, indexed sparse) added to Tenant schema - UpdateTenantDto accepts partnerId so PATCH can attach/detach - POST /tenants/:slug/suspend and /resume — operator-only via OperatorGuard. PATCH already covers plan/domains/partnerId changes Smoke test: customer-portal session sends POST /api/partners through the portal proxy → 403 "This endpoint requires an operator-scoped token". The positive test (operator-token → 200) waits for O.3 when there's an operator app to mint the right token. apps/portal/server/api/partners/index.post.ts is a temporary verification proxy — delete once the operator portal exists.
2026-05-24 07:08:59 +02:00
parent 3573188431
commit 2db41fec5e
17 changed files with 474 additions and 24 deletions
@@ -0,0 +1,68 @@
+import { Prop, Schema, SchemaFactory } from '@nestjs/mongoose'
+import { HydratedDocument } from 'mongoose'
+
+export type PartnerDocument = HydratedDocument<Partner>
+
+export type PartnerStatus = 'active' | 'in-negotiation' | 'paused' | 'terminated'
+
+@Schema({ collection: 'partners', timestamps: true })
+export class Partner {
+  // URL-safe identifier, same convention as Tenant.slug.
+  @Prop({ required: true, unique: true, index: true, lowercase: true, trim: true })
+  slug!: string
+
+  @Prop({ required: true, trim: true })
+  name!: string
+
+  // The partner's own organization domain (e.g. 'nordicmsp.dk'). Not used by
+  // any service-level integration — purely metadata for display + contact.
+  @Prop({ required: true, trim: true })
+  domain!: string
+
+  @Prop({
+    enum: ['active', 'in-negotiation', 'paused', 'terminated'],
+    default: 'in-negotiation',
+    index: true,
+  })
+  status!: PartnerStatus
+
+  // Revenue share. 20 = partner keeps 20% of their customers' MRR. One number
+  // per partner — we don't negotiate per-tenant margin under a partner.
+  @Prop({ default: 0, min: 0, max: 100 })
+  marginPct!: number
+
+  @Prop()
+  partnershipStartedAt?: Date
+
+  @Prop({
+    type: {
+      primaryName: String,
+      primaryEmail: String,
+      billingEmail: String,
+    },
+    default: {},
+  })
+  contactInfo!: {
+    primaryName?: string
+    primaryEmail?: string
+    billingEmail?: string
+  }
+
+  @Prop({
+    type: {
+      companyName: String,
+      vatId: String,
+      country: String,
+      contactEmail: String,
+    },
+    default: {},
+  })
+  billingInfo!: {
+    companyName?: string
+    vatId?: string
+    country?: string
+    contactEmail?: string
+  }
+}
+
+export const PartnerSchema = SchemaFactory.createForClass(Partner)
@@ -1,5 +1,5 @@
 import { Prop, Schema, SchemaFactory } from '@nestjs/mongoose'
-import { HydratedDocument } from 'mongoose'
+import { HydratedDocument, Types } from 'mongoose'

 export type TenantDocument = HydratedDocument<Tenant>