feat: add endpoint to update invoice notes with bearer token and input validation

2025-01-12 13:07:21 +11:00 · 2025-01-12 13:07:21 +11:00 · a0d6e3cbc6
commit a0d6e3cbc6
parent cc4c5c5ad4
3 changed files with 53 additions and 1 deletions
--- a/backend/src/app.ts
+++ b/backend/src/app.ts
@ -246,6 +246,27 @@ app.use(route.get('/invoice', async (ctx) => {
 	ctx.body = await Promise.all(invoices.map(async invoice => (await invoice).exportJSON()))
 }))

+app.use(route.put('/invoice/INV-:date(\\d{8})-:suffix(\\d+)/note', async (ctx, invoiceId, suffix) => {
+	// 请求头验证 bearer token
+	const bearerToken = ctx.request.headers['authorization']?.split(' ')
+	if (!bearerToken) throw new HttpError(ErrorDescEnum.unauthorized, 401)
+	if (bearerToken[0] !== 'Bearer') throw new HttpError(ErrorDescEnum.unauthorized, 401)
+	if (!bearerToken[1]) throw new HttpError(ErrorDescEnum.unauthorized, 401)
+	await func.verifyBearerToken(bearerToken[1])
+
+	// 验证 invoiceId 格式
+	const date = invoiceId.slice(0, 4) + '-' + invoiceId.slice(4, 6) + '-' + invoiceId.slice(6, 8)
+
+	// 验证必填字段
+	if (!ctx.request.body) throw new HttpError(ErrorDescEnum.required_fields_missing, 400, ['note'])
+	console.log(typeof ctx.request.body.note)
+	if (typeof ctx.request.body.note !== 'string' && typeof ctx.request.body.note !== 'undefined') throw new HttpError(ErrorDescEnum.invalid_field_format, 400, ['note'])
+
+	// 更新收据备注
+	await func.updateInvoiceNote(ctx.prisma, date, suffix, ctx.request.body.note)
+	ctx.status = 204
+}))
+
 const port = parseInt(process.env.PORT ?? '3000')
 app.listen(port, () => {
 	console.log(`Server is running at http://localhost:${port}`)
--- a/backend/src/func/index.ts
+++ b/backend/src/func/index.ts
@ -5,6 +5,7 @@ import getSpecificInvoice from "./getSpecificInvoice"
 import getInvoices from "./getInvoices"
 import getPayers from "./getPayers"
 import updatePayer from "./updatePayer"
+import updateInvoiceNote from "./updateInvoiceNote"

 export default {
 	createPayer,
@ -13,5 +14,6 @@ export default {
 	getSpecificInvoice,
 	getInvoices,
 	getPayers,
-	updatePayer
+	updatePayer,
+	updateInvoiceNote
 }
--- a/backend/src/func/updateInvoiceNote.ts
+++ b/backend/src/func/updateInvoiceNote.ts
@ -0,0 +1,29 @@
+import dayjs from 'dayjs'
+import { PrismaClient } from '@prisma/client'
+import { ErrorDescEnum, HttpError } from '../classes/HttpError'
+
+export default async (prisma: PrismaClient, issueDateRaw: string, suffix: string, note?: string) => {
+	const issueDate = dayjs(issueDateRaw, 'YYYYMMDD').startOf('day').toDate()
+	const invoice = await prisma.invoice.findFirst({
+		where: {
+			invoice_date: issueDate,
+			invoice_suffix_code: parseInt(suffix, 10)
+		}
+	})
+
+	if (!invoice) throw new HttpError(ErrorDescEnum.item_not_found, 404, ['invoice'])
+
+	await prisma.invoice.update({
+		where: {
+			invoice_date_invoice_suffix_code: {
+				invoice_date: issueDate,
+				invoice_suffix_code: parseInt(suffix, 10)
+			}
+		},
+		data: {
+			invoice_note: note
+		}
+	})
+
+	return
+}