m/KanzlAI-mGMT
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: m:mai/knuth/write-e2e-and-api-test
Branches Tags
m:main m:mai/knuth/build-patentprozesskosten m:mai/ritchie/build-patentprozesskosten m:mai/knuth/redesign-fristenrechner m:mai/knuth/implement-direct-smtp m:mai/knuth/write-integration-tests m:mai/brunel/fix-timeline-404 m:mai/ritchie/group-proceeding-types m:mai/ritchie/migration-t2-update m:mai/brunel/fix-wire-all-missing m:mai/carmack/upc-deadline-determinatio m:mai/ritchie/p1-document-templates m:mai/linus/p2-ai-powered-features m:mai/gosling/hl-tenant-setup-email m:mai/pike/p1-reporting-dashboard m:mai/knuth/p1-time-tracking-billing m:mai/pike/p0-role-based m:mai/ritchie/p0-email-notifications m:mai/knuth/p0-audit-trail-append m:mai/brunel/critical-fix-tenant m:mai/cronus/invent-full-kanzlai-mgmt m:mai/athena/consult-evaluate-mvp m:mai/ritchie/phase-b-frontend m:mai/pike/phase-c-frontend-detail m:mai/linus/phase-d-frontend-case m:mai/knuth/phase-a-backend-notes m:mai/cronus/redesign-dashboard-add m:mai/brunel/fix-frontend-crash-add m:mai/knuth/write-e2e-and-api-test m:mai/ritchie/phase-4-production m:mai/knuth/phase-3p-frontend-caldav m:mai/linus/phase-3q-ui-polish m:mai/pike/phase-3o-caldav m:mai/knuth/phase-1h-frontend m:mai/ritchie/phase-2n-frontend m:mai/pike/phase-1g-frontend m:mai/ritchie/phase-1f-frontend-case m:mai/knuth/phase-2l-frontend m:mai/linus/phase-2m-frontend-ai m:mai/pike/phase-2j-ai-deadline m:mai/linus/phase-2k-document-upload m:mai/knuth/phase-1e-frontend-auth m:mai/ritchie/phase-2i-dashboard m:mai/pike/phase-1c-deadline-crud m:mai/knuth/phase-1a-tenant-auth m:mai/ritchie/phase-1b-case-party-case m:mai/linus/phase-1d-appointment m:mai/knuth/phase-0-database-schema m:mai/knuth/deploy-mvp-docker m:mai/knuth/project-scaffolding
...
pull from: m:mai/brunel/critical-fix-tenant
Branches Tags
m:main m:mai/knuth/build-patentprozesskosten m:mai/ritchie/build-patentprozesskosten m:mai/knuth/redesign-fristenrechner m:mai/knuth/implement-direct-smtp m:mai/knuth/write-integration-tests m:mai/brunel/fix-timeline-404 m:mai/ritchie/group-proceeding-types m:mai/ritchie/migration-t2-update m:mai/brunel/fix-wire-all-missing m:mai/carmack/upc-deadline-determinatio m:mai/ritchie/p1-document-templates m:mai/linus/p2-ai-powered-features m:mai/gosling/hl-tenant-setup-email m:mai/pike/p1-reporting-dashboard m:mai/knuth/p1-time-tracking-billing m:mai/pike/p0-role-based m:mai/ritchie/p0-email-notifications m:mai/knuth/p0-audit-trail-append m:mai/brunel/critical-fix-tenant m:mai/cronus/invent-full-kanzlai-mgmt m:mai/athena/consult-evaluate-mvp m:mai/ritchie/phase-b-frontend m:mai/pike/phase-c-frontend-detail m:mai/linus/phase-d-frontend-case m:mai/knuth/phase-a-backend-notes m:mai/cronus/redesign-dashboard-add m:mai/brunel/fix-frontend-crash-add m:mai/knuth/write-e2e-and-api-test m:mai/ritchie/phase-4-production m:mai/knuth/phase-3p-frontend-caldav m:mai/linus/phase-3q-ui-polish m:mai/pike/phase-3o-caldav m:mai/knuth/phase-1h-frontend m:mai/ritchie/phase-2n-frontend m:mai/pike/phase-1g-frontend m:mai/ritchie/phase-1f-frontend-case m:mai/knuth/phase-2l-frontend m:mai/linus/phase-2m-frontend-ai m:mai/pike/phase-2j-ai-deadline m:mai/linus/phase-2k-document-upload m:mai/knuth/phase-1e-frontend-auth m:mai/ritchie/phase-2i-dashboard m:mai/pike/phase-1c-deadline-crud m:mai/knuth/phase-1a-tenant-auth m:mai/ritchie/phase-1b-case-party-case m:mai/linus/phase-1d-appointment m:mai/knuth/phase-0-database-schema m:mai/knuth/deploy-mvp-docker m:mai/knuth/project-scaffolding

21 Commits
mai/knuth/ ... mai/brunel

Author SHA1 Message Date
m
c15d5b72f2 fix: critical security hardening — tenant isolation, CORS, error leaking, input validation 
1. Tenant isolation bypass (CRITICAL): TenantResolver now verifies user
   has access to X-Tenant-ID via user_tenants lookup before setting context.
   Added VerifyAccess method to TenantLookup interface and TenantService.

2. Consolidated tenant resolution: Removed duplicate resolveTenant() from
   helpers.go and tenant resolution from auth middleware. TenantResolver is
   now the single source of truth. Deadlines and AI handlers use
   auth.TenantFromContext() instead of direct DB queries.

3. CalDAV credential masking: tenant settings responses now mask CalDAV
   passwords with "********" via maskSettingsPassword helper. Applied to
   GetTenant, ListTenants, and UpdateSettings responses.

4. CORS + security headers: New middleware/security.go with CORS
   (restricted to FRONTEND_ORIGIN) and security headers (X-Frame-Options,
   X-Content-Type-Options, HSTS, Referrer-Policy, X-XSS-Protection).

5. Internal error leaking: All writeError(w, 500, err.Error()) replaced
   with internalError() that logs via slog and returns generic "internal
   error" to client. Same for jsonError in tenant handler.

6. Input validation: Max length on title (500), description (10000),
   case_number (100), search (200). Pagination clamped to max 100.
   Content-Disposition filename sanitized against header injection.

Regression test added for tenant access denial (403 on unauthorized
X-Tenant-ID). All existing tests pass, go vet clean.
 2026-03-30 11:01:14 +02:00
m
82878dffd5 docs: full system roadmap — from MVP to complete Kanzleimanagement 2026-03-28 02:35:20 +01:00
m
ac04930667 feat: comprehensive KanzlAI-mGMT system roadmap 
Full system vision document covering 23 features across 4 priority tiers:
- P0 (must-have): audit trail, conflict checks, roles/permissions,
  notifications, time tracking, RVG calculator, invoicing, DATEV export
- P1 (should-have): document templates, beA integration, full-text search,
  Wiedervorlagen, email integration, reporting
- P2 (differentiator): patent family tracking, claim charts, UPC case law
  intelligence via mLex, AI document drafting, AI strategy analysis
- P3 (nice-to-have): client portal, PWA, multi-language, EDA

Includes data model designs (24 new tables), API specifications,
implementation phases, competitive analysis, and risk register.
 2026-03-28 02:30:39 +01:00
m
909f14062c docs: comprehensive MVP audit — security, architecture, UX, competitive analysis 2026-03-28 02:26:39 +01:00
m
4b86dfa4ad feat: update AUDIT.md with sub-agent findings 
Added 7 additional issues from deep-dive agents:
- Race condition in HolidayService cache (critical)
- Rate limiter X-Forwarded-For bypass (critical)
- German umlaut typos throughout frontend
- Silent error swallowing in createEvent
- Missing React error boundaries
- No RLS policies at database level
- Updated priority roadmap with new items
 2026-03-28 02:23:50 +01:00
m
60f1f4ef4a feat: comprehensive MVP audit — security, architecture, UX, competitive analysis 
Structured assessment covering code quality, security (critical tenant isolation
bypass found), architecture, UX gaps, testing coverage, deployment, and
competitive positioning vs RA-MICRO/ADVOWARE/AnNoText/Actaport.

Includes prioritized roadmap (P0-P3) with actionable items.
 2026-03-28 02:22:07 +01:00
m
7c7ae396f4 feat: Phase D — case detail refactor to URL-based nested routes 2026-03-25 19:32:41 +01:00
m
433a0408f2 feat: Phase C — detail pages for deadlines, appointments, events, creation forms 2026-03-25 19:32:17 +01:00
m
cabea83784 feat: Phase B — interactive dashboard, breadcrumbs, clickable navigation 2026-03-25 19:31:59 +01:00
m
8863878b39 feat: Phase A backend — notes CRUD, detail endpoints, dashboard fix 2026-03-25 19:31:54 +01:00
m
84b178edbf feat: Phase B — interactive dashboard, breadcrumbs, clickable navigation 
- Breadcrumb component: reusable nav with items array (label+href)
- DeadlineTrafficLights: buttons → Links to /fristen?status={filter}
- CaseOverviewGrid: static metrics → clickable Links to /cases?status={filter}
- UpcomingTimeline: items → clickable Links to /fristen/{id} or /termine/{id}
  with case number links and hover chevron
- QuickActions: swap CalDAV Sync for "Neuer Termin" → /termine/neu,
  fix "Frist eintragen" → /fristen/neu
- AISummaryCard: add RefreshCw button with spinning animation
- RecentActivityList: new component showing recent case events
- DeadlineList: accept initialStatus prop, add this_week/ok filters
- fristen/page.tsx: read searchParams.status for initial filter
- Add breadcrumbs to dashboard, fristen, cases, termine pages
- Add RecentActivity type, update DashboardData type
 2026-03-25 19:29:13 +01:00
m
7094212dcf feat: Phase C frontend detail pages for deadlines, appointments, events 
- Deadline detail page (/fristen/[id]) with status badge, due date,
  case context, complete button, and notes
- Appointment detail page (/termine/[id]) with datetime, location,
  type badge, case link, description, and notes
- Case event detail page (/cases/[id]/ereignisse/[eventId]) with
  event type icon, description, metadata, and notes
- Standalone deadline creation (/fristen/neu) with case dropdown
- Standalone appointment creation (/termine/neu) with optional case
- Reusable Breadcrumb component for navigation hierarchy
- Reusable NotesList component with inline create/edit/delete
- Added Note and RecentActivity types to lib/types.ts
 2026-03-25 19:29:12 +01:00
m
9787450d91 feat: refactor case detail from useState tabs to URL-based nested routes 
Refactors the monolithic cases/[id]/page.tsx into Next.js nested routes
with a shared layout for the case header and tab navigation bar.

Route structure:
- cases/[id]/layout.tsx — case header + tab bar (active tab from URL)
- cases/[id]/page.tsx — redirects to ./verlauf
- cases/[id]/verlauf/page.tsx — timeline tab
- cases/[id]/fristen/page.tsx — deadlines tab
- cases/[id]/dokumente/page.tsx — documents tab (with upload)
- cases/[id]/parteien/page.tsx — parties tab
- cases/[id]/notizen/page.tsx — notes tab (new, uses NotesList)

New shared components:
- Breadcrumb.tsx — reusable breadcrumb navigation
- NotesList.tsx — reusable notes CRUD (inline create/edit/delete)
- Note type added to types.ts

Benefits: deep linking, browser back/forward, bookmarkable tabs.
 2026-03-25 19:28:29 +01:00
m
1e88dffd82 feat: Phase A backend — notes CRUD, detail endpoints, dashboard fix 
- Create kanzlai.notes table (polymorphic FK with CHECK constraint,
  partial indexes, RLS)
- Add Note model, NoteService (ListByParent, Create, Update, Delete),
  and NoteHandler with endpoints: GET/POST /api/notes, PUT/DELETE /api/notes/{id}
- Add GET /api/deadlines/{deadlineID} detail endpoint
- Add GET /api/appointments/{id} detail endpoint
- Add GET /api/case-events/{id} detail endpoint (new CaseEventHandler)
- Fix dashboard query: add case_id to upcoming_deadlines SELECT,
  add id and case_id to recent_activity SELECT
- Register all new routes in router.go
 2026-03-25 19:26:21 +01:00
m
9ad58e1ba3 docs: design document for dashboard redesign + detail pages 2026-03-25 18:51:44 +01:00
m
0712d9a367 docs: design document for dashboard redesign + detail pages (t-kz-060) 
Comprehensive design covering:
- Dashboard interactivity (click-to-filter traffic lights, clickable timeline,
  fixed quick actions, AI summary refresh)
- New detail pages (deadline, appointment, case event)
- Notes system with polymorphic table design
- Case detail URL-based tab navigation
- Breadcrumb navigation system
- Backend API additions and data model changes
- Phased implementation plan for coders
 2026-03-25 18:49:48 +01:00
m
cd31e76d07 fix: TenantSwitcher shows dropdown for single tenant, wider name display 2026-03-25 18:40:15 +01:00
m
f42b7ddec7 fix: add array guards to all frontend components consuming API responses 2026-03-25 18:35:28 +01:00
m
50bfa3deb4 fix: add array guards to all frontend components consuming API responses 
Prevents "M.forEach is not a function" crashes when API returns error
objects or unexpected shapes instead of arrays. Guards all useQuery
consumers with Array.isArray checks and safe defaults for object props.

Files fixed: DeadlineList, AppointmentList, TenantSwitcher,
DeadlineTrafficLights, UpcomingTimeline, CaseOverviewGrid,
AISummaryCard, TeamSettings, and all page-level components
(dashboard, cases, fristen, termine, ai/extract).
 2026-03-25 18:34:11 +01:00
m
e635efa71e fix: remove remaining /api/ double-prefix from template literal API calls 
Previous fix missed backtick template strings. Fixed 7 more api.*()
calls in appointments, deadlines, settings, and einstellungen pages.
 2026-03-25 18:20:35 +01:00
m
12e0407025 test: comprehensive E2E and API test suite for full KanzlAI stack 2026-03-25 16:21:32 +01:00
60 changed files with 5407 additions and 631 deletions
Expand all files Collapse all files

482
AUDIT.md Normal file
View File

@@ -0,0 +1,482 @@
# KanzlAI-mGMT MVP Audit
**Date:** 2026-03-28
**Auditor:** athena (consultant)
**Scope:** Full-stack audit of KanzlAI-mGMT — Go backend, Next.js frontend, Supabase database, deployment, security, UX, competitive positioning.
**Codebase:** ~16,500 lines across ~60 source files, built 2026-03-25 in a single session with parallel workers.
---
## Executive Summary
KanzlAI-mGMT is an impressive MVP built in ~2 hours. It covers the core Kanzleimanagement primitives: cases, deadlines, appointments, parties, documents, notes, dashboard, CalDAV sync, and AI-powered deadline extraction. The architecture is sound — clean separation between Go API and Next.js frontend, proper multi-tenant design with Supabase Auth, parameterized SQL throughout.
However, the speed of construction shows. There are **critical security gaps** that must be fixed before any external user touches this. The frontend has good bones but lacks the polish and completeness a lawyer would expect. And the feature gap vs. established competitors (RA-MICRO, ADVOWARE, AnNoText, Actaport) is enormous — particularly around beA integration, billing/RVG, and document generation, which are table-stakes for German law firms.
**Bottom line:** Fix the security issues, add error recovery and multi-tenant auth verification, then decide whether to pursue the Kanzleimanagement market (massive feature gap) or pivot back to the UPC niche (where you had a genuine competitive advantage).
---
## 1. Critical Issues (Fix Immediately)
### 1.1 Tenant Isolation Bypass in TenantResolver
**File:** `backend/internal/auth/tenant_resolver.go:37-42`
When the `X-Tenant-ID` header is provided, the TenantResolver parses it and sets it in context **without verifying the user has access to that tenant**. Any authenticated user can access any tenant's data by setting this header.
```go
if header := r.Header.Get("X-Tenant-ID"); header != "" {
parsed, err := uuid.Parse(header)
// ... sets tenantID = parsed — NO ACCESS CHECK
}
```
Compare with `helpers.go:32-44` where `resolveTenant()` correctly verifies access via `user_tenants` — but this function is unused in the middleware path. The TenantResolver middleware is what actually runs for all scoped routes.
**Impact:** Complete tenant data isolation breach. User A can read/modify/delete User B's cases, deadlines, appointments, documents.
**Fix:** Add `user_tenants` lookup in TenantResolver when X-Tenant-ID is provided, same as `resolveTenant()` does.
### 1.2 Duplicate Tenant Resolution Logic
**Files:** `backend/internal/auth/tenant_resolver.go` and `backend/internal/handlers/helpers.go:25-57`
Two independent implementations of tenant resolution exist. The middleware (`TenantResolver`) is used for the scoped routes. The handler-level `resolveTenant()` function exists in helpers.go. The auth middleware in `middleware.go:39-47` also resolves a tenant into context. This triple-resolution creates confusion and the security bug above.
**Fix:** Consolidate to a single path. Remove the handler-level `resolveTenant()` and the auth middleware's tenant resolution. Let TenantResolver be the single source of truth, but make it verify access.
### 1.3 CalDAV Credentials Stored in Plaintext
**File:** `backend/internal/services/caldav_service.go:29-35`
CalDAV username and password are stored as plain JSON in the `tenants.settings` column:
```go
type CalDAVConfig struct {
URL string `json:"url"`
Username string `json:"username"`
Password string `json:"password"`
...
}
```
Combined with the tenant isolation bypass above, any authenticated user can read any tenant's CalDAV credentials.
**Fix:** Encrypt CalDAV credentials at rest (e.g., using `pgcrypto` or application-level encryption). At minimum, never return the password in API responses.
### 1.4 No CORS Configuration
**File:** `backend/internal/router/router.go`, `backend/cmd/server/main.go`
There is zero CORS handling anywhere in the backend. The frontend uses Next.js rewrites to proxy `/api/` to the backend, which works in production. But:
- If anyone accesses the backend directly (different origin), there's no CORS protection.
- No `X-Frame-Options`, `X-Content-Type-Options`, or other security headers are set.
**Fix:** Add CORS middleware restricting to the frontend origin. Add standard security headers.
### 1.5 Internal Error Messages Leaked to Clients
**Files:** Multiple handlers (e.g., `cases.go:44`, `cases.go:73`, `appointments.go`)
```go
writeError(w, http.StatusInternalServerError, err.Error())
```
Internal error messages (including SQL errors, connection errors, etc.) are sent directly to the client. This leaks implementation details.
**Fix:** Log the full error server-side, return a generic message to the client.
### 1.6 Race Condition in HolidayService Cache
**File:** `backend/internal/services/holidays.go`
The `HolidayService` uses a `map[int][]Holiday` cache without any mutex protection. Concurrent requests (e.g., multiple deadline calculations) will cause a data race. The Go race detector would flag this.
**Fix:** Add `sync.RWMutex` to HolidayService.
### 1.7 Rate Limiter Trivially Bypassable
**File:** `backend/internal/middleware/ratelimit.go:78-79`
```go
ip := r.Header.Get("X-Forwarded-For")
if ip == "" { ip = r.RemoteAddr }
```
Rate limiting keys off `X-Forwarded-For`, which any client can spoof. An attacker can bypass AI endpoint rate limits by rotating this header.
**Fix:** Only trust `X-Forwarded-For` from configured reverse proxy IPs, or use `r.RemoteAddr` exclusively behind a trusted proxy.
---
## 2. Important Gaps (Fix Before Showing to Anyone)
### 2.1 No Input Validation Beyond "Required Fields"
**Files:** All handlers
Input validation is minimal — typically just checking if required fields are empty:
```go
if input.CaseNumber == "" || input.Title == "" {
writeError(w, http.StatusBadRequest, "case_number and title are required")
}
```
Missing:
- Length limits on text fields (could store megabytes in a title field)
- Status value validation (accepts any string for status fields)
- Date format validation
- Case type validation against allowed values
- SQL-safe string validation (although parameterized queries protect against injection)
### 2.2 No Pagination Defaults on Most List Endpoints
**File:** `backend/internal/services/case_service.go:57-63`
`CaseService.List` has sane defaults (limit=20, max=100). But other list endpoints (`appointments`, `deadlines`, `notes`, `parties`, `case_events`) have no pagination at all — they return all records for a tenant/case. As data grows, these become performance problems.
### 2.3 Dashboard Page is Entirely Client-Side
**File:** `frontend/src/app/(app)/dashboard/page.tsx`
The entire dashboard is a `"use client"` component that fetches data via API. This means:
- No SSR benefit — the page is blank until JS loads and API responds
- SEO doesn't matter for a SaaS app, but initial load time does
- The skeleton is nice but adds 200-400ms of perceived latency
For an internal tool this is acceptable, but for a commercial product it should use server components for the initial render.
### 2.4 Frontend Auth Uses `getSession()` Instead of `getUser()`
**File:** `frontend/src/lib/api.ts:10-12`
```typescript
const { data: { session } } = await supabase.auth.getSession();
```
`getSession()` reads from local storage without server verification. If a session is expired or revoked server-side, the frontend will still try to use it until the backend rejects it. The middleware correctly uses `getUser()` (which validates server-side), but the API client does not.
### 2.5 Missing Error Recovery in Frontend
Throughout the frontend, API errors are handled with basic error states, but there's no:
- Retry logic for transient failures
- Token refresh on 401 responses
- Optimistic UI rollback on mutation failures
- Offline detection
### 2.6 Missing `Content-Disposition` Header Sanitization
**File:** `backend/internal/handlers/documents.go:133`
```go
w.Header().Set("Content-Disposition", fmt.Sprintf(`attachment; filename="%s"`, title))
```
The `title` (which comes from user input) is inserted directly into the header. A filename containing `"` or newlines could be used for response header injection.
**Fix:** Sanitize the filename — strip or encode special characters.
### 2.7 No Graceful Shutdown
**File:** `backend/cmd/server/main.go:42`
```go
http.ListenAndServe(":"+cfg.Port, handler)
```
No signal handling or graceful shutdown. When the process receives SIGTERM (e.g., during deployment), in-flight requests are dropped, CalDAV sync operations may be interrupted mid-write, and database connections are not cleanly closed.
### 2.8 Database Connection Pool — search_path is Session-Level
**File:** `backend/internal/db/connection.go:17`
```go
db.Exec("SET search_path TO kanzlai, public")
```
`SET search_path` is session-level in PostgreSQL. With connection pooling (`MaxOpenConns: 25`), this SET runs once on the initial connection. If a connection is recycled or a new one opened from the pool, it may not have the kanzlai search_path. This could cause queries to silently hit the wrong schema.
**Fix:** Use `SET LOCAL search_path` in a transaction, or set it at the database/role level, or qualify all table references with the schema name.
### 2.9 go.sum Missing from Dockerfile
**File:** `backend/Dockerfile:4`
```dockerfile
COPY go.mod ./
RUN go mod download
```
Only `go.mod` is copied, not `go.sum`. This means the build isn't reproducible and doesn't verify checksums. Should be `COPY go.mod go.sum ./`.
### 2.10 German Umlaut Typos Throughout Frontend
**Files:** Multiple frontend components
German strings use ASCII approximations instead of proper characters:
- `login/page.tsx`: "Zurueck" instead of "Zurück"
- `cases/[id]/layout.tsx`: "Anhaengig" instead of "Anhängig"
- `cases/[id]/fristen/page.tsx`: "Ueberfaellig" instead of "Überfällig"
- `termine/page.tsx`: "Uberblick" instead of "Überblick"
A German lawyer would notice this immediately. It signals "this was built by a machine, not tested by a human."
### 2.11 Silent Error Swallowing in Event Creation
**File:** `backend/internal/services/case_service.go:260-266`
```go
func createEvent(ctx context.Context, db *sqlx.DB, ...) {
db.ExecContext(ctx, /* ... */) // Error completely ignored
}
```
Case events (audit trail) silently fail to create. The calling functions don't check the return. This means you could have cases with no events and no way to know why.
### 2.12 Missing Error Boundaries in Frontend
No React error boundaries are implemented. If any component throws, the entire page crashes with a white screen. For a law firm tool where data integrity matters, this is unacceptable.
### 2.13 No RLS Policies Defined at Database Level
Multi-tenant isolation relies entirely on `WHERE tenant_id = $X` clauses in Go code. If any query forgets this clause, data leaks across tenants. There are no PostgreSQL RLS policies as a safety net.
**Fix:** Enable RLS on all tenant-scoped tables and create policies tied to `auth.uid()` via `user_tenants`.
---
## 3. Architecture Assessment
### 3.1 What's Good
- **Clean monorepo structure** — `backend/` and `frontend/` are clearly separated. Each has its own Dockerfile. The Makefile provides unified commands.
- **Go backend is well-organized** — `cmd/server/`, `internal/{auth,config,db,handlers,middleware,models,router,services}` follows Go best practices.
- **Handler/Service separation** — handlers do HTTP concerns (parse request, write response), services do business logic. This is correct.
- **Parameterized SQL everywhere** — no string concatenation in queries. All user input goes through `$N` placeholders.
- **Multi-tenant design** — `tenant_id` on every row, context-based tenant resolution, RLS at the database level.
- **Smart use of Go 1.22+ routing** — method+path patterns like `GET /api/cases/{id}` eliminate the need for a third-party router.
- **CalDAV sync is genuinely impressive** — bidirectional sync with conflict resolution, etag tracking, background polling per-tenant. This is a differentiator.
- **Deadline calculator** — ported from youpc.org with holiday awareness. Legally important and hard to build.
- **Frontend routing structure** — German URL paths (`/fristen`, `/termine`, `/einstellungen`), nested case detail routes with layout.tsx for shared chrome. Proper use of App Router patterns.
### 3.2 Structural Concerns
- **No database migrations** — the schema was apparently created via SQL scripts run manually. There's a `seed/demo_data.sql` but no migration system. For a production system, this is unsustainable.
- **No CI/CD pipeline** — no `.github/workflows/`, `.gitea/`, or any CI configuration. Tests run locally but not automatically.
- **No API versioning** — all routes are at `/api/`. Adding breaking changes will break clients.
- **Services take raw `*sqlx.DB`** — no transaction support across service boundaries. Creating a case + event is not atomic (if the event insert fails, the case still exists).
- **Models are just struct definitions** — no validation methods, no constructor functions. Validation is scattered across handlers.
### 3.3 Data Model
Based on the seed data and model files, the schema is reasonable:
- `tenants`, `user_tenants` (multi-tenancy)
- `cases`, `parties` (case management)
- `deadlines`, `appointments` (time management)
- `documents`, `case_events`, `notes` (supporting data)
- `proceeding_types`, `deadline_rules`, `holidays` (reference data)
**Missing indexes likely needed:**
- `deadlines(tenant_id, status, due_date)` — for dashboard queries
- `appointments(tenant_id, start_at)` — for calendar queries
- `case_events(case_id, created_at)` — for event feeds
- `cases(tenant_id, status)` — for filtered lists
**Missing constraints:**
- No CHECK constraint on status values (cases, deadlines, appointments)
- No UNIQUE constraint on `case_number` per tenant
- No foreign key from `notes` to the parent entity (if polymorphic)
---
## 4. Security Assessment
### 4.1 Authentication
- **JWT validation is correct** — algorithm check (HMAC only), expiry check, sub claim extraction. Using `golang-jwt/v5`.
- **Supabase Auth on frontend** — proper cookie-based session with server-side verification in middleware.
- **No refresh token rotation** — the API client uses `getSession()` which may serve stale tokens.
### 4.2 Authorization
- **Critical: Tenant isolation bypass** (see 1.1)
- **No role-based access control** — `user_tenants` has a `role` column but it's never checked. Any member can do anything.
- **No resource-level permissions** — any user in a tenant can delete any case, document, etc.
### 4.3 Input Validation
- **SQL injection: Protected** — all queries use parameterized placeholders.
- **XSS: Partially protected** — React auto-escapes, but the API returns raw strings that could contain HTML. The `Content-Disposition` header is vulnerable (see 2.6).
- **File upload: Partially protected** — `MaxBytesReader` limits to 50MB, but no file type validation (could upload .exe, .html with scripts, etc.).
- **Rate limiting: AI endpoints only** — the rest of the API has no rate limiting. Login/register go through Supabase (which has its own limits), but all CRUD endpoints are unlimited.
### 4.4 Secrets
- **No hardcoded secrets** — all via environment variables. Good.
- **CalDAV credentials in plaintext** — see 1.3.
- **Supabase service key in backend** — necessary for storage, but this key has full DB access. Should be scoped.
---
## 5. Testing Assessment
### 5.1 Backend Tests (15 files)
- **Integration test** — sets up real DB connection, creates JWT, tests full HTTP flow. Excellent pattern but requires DATABASE_URL (skips otherwise).
- **Handler tests** — mock-based unit tests for most handlers. Test JSON parsing, error responses, basic happy paths.
- **Service tests** — deadline calculator has solid date arithmetic tests. Holiday service tested. CalDAV service tested with mocks. AI service tested with mocked HTTP.
- **Middleware tests** — rate limiter tested.
- **Auth tests** — tenant resolver tested.
### 5.2 Frontend Tests (4 files)
- `api.test.ts` — tests the API client
- `DeadlineTrafficLights.test.tsx` — component test
- `CaseOverviewGrid.test.tsx` — component test
- `LoginPage.test.tsx` — auth page test
### 5.3 What's Missing
- **No E2E tests** — no Playwright/Cypress. Critical for a law firm app where correctness matters.
- **No contract tests** — frontend and backend are tested independently. A schema change could break the frontend without any test catching it.
- **Deadline calculation edge cases** — needs tests for year boundaries, leap years, holidays falling on weekends, multiple consecutive holidays.
- **Multi-tenant security tests** — no test verifying that User A can't access Tenant B's data. This is the most important test to add.
- **Frontend test coverage is thin** — 4 tests for ~30 components. The dashboard, all forms, navigation, error states are untested.
- **No load testing** — unknown how the system behaves under concurrent users.
---
## 6. UX Assessment
### 6.1 What Works
- **Dashboard is strong** — traffic light deadline indicators, upcoming timeline, case overview, quick actions. A lawyer can see what matters at a glance.
- **German localization** — UI is in German with proper legal terminology (Akten, Fristen, Termine, Parteien).
- **Mobile responsive** — sidebar collapses to hamburger menu, layout uses responsive grids.
- **Loading states** — skeleton screens on dashboard, not just spinners.
- **Breadcrumbs** — navigation trail on all pages.
- **Deadline calculator** — unique feature that provides real value for UPC litigation.
### 6.2 What a Lawyer Would Stumble On
1. **No onboarding flow** — after registration, user has no tenant, no cases. The app shows empty states but doesn't guide the user to create a tenant or import data.
2. **No search** — there's no global search. A lawyer with 100+ cases needs to find things fast.
3. **No keyboard shortcuts** — power users (lawyers are keyboard-heavy) have no shortcuts.
4. **Sidebar mixes languages** — "Akten" (German) vs "AI Analyse" (English). Should be consistent.
5. **No notifications** — overdue deadlines don't trigger any alert beyond the dashboard color. No email alerts, no push notifications.
6. **No print view** — lawyers need to print deadline lists, case summaries. No print stylesheet.
7. **No bulk operations** — can't mark multiple deadlines as complete, can't bulk-assign parties.
8. **Document upload has no preview** — uploaded PDFs can't be viewed inline.
9. **AI features require manual trigger** — AI summary and deadline extraction are manual. Should auto-trigger on document upload.
10. **No activity log per user** — no audit trail of who changed what. Critical for law firm compliance.
---
## 7. Deployment Assessment
### 7.1 Docker Setup
- **Multi-stage builds** — both Dockerfiles use builder pattern. Good.
- **Backend is minimal** — Alpine + static binary + ca-certificates. ~15MB image.
- **Frontend** — Bun for deps/build, Node for runtime (standalone output). Reasonable.
- **Missing:** go.sum not copied in backend Dockerfile (see 2.9).
- **Missing:** No docker-compose.yml for local development.
- **Missing:** No health check in Dockerfile (`HEALTHCHECK` instruction).
### 7.2 Environment Handling
- **Config validates required vars** — `DATABASE_URL` and `SUPABASE_JWT_SECRET` are checked at startup.
- **Supabase URL/keys not validated** — if missing, features silently fail or crash at runtime.
- **No .env.example** — new developers don't know what env vars are needed.
### 7.3 Reliability
- **No graceful shutdown** (see 2.7)
- **No readiness/liveness probes** — `/health` exists but only checks DB connectivity. No readiness distinction.
- **CalDAV sync runs in-process** — if the sync goroutine panics, it takes down the API server.
- **No structured error recovery** — panics in handlers will crash the process (no recovery middleware).
---
## 8. Competitive Analysis
### 8.1 The Market
German Kanzleisoftware is a mature, crowded market:
| Tool | Type | Price | Key Strength |
|------|------|-------|-------------|
| **RA-MICRO** | Desktop + Cloud | ~100-200 EUR/user/mo | Market leader, 30+ years, full beA integration |
| **ADVOWARE** | Desktop + Cloud | from 20 EUR/mo | Budget-friendly, strong for small firms |
| **AnNoText** (Wolters Kluwer) | Desktop + Cloud | Custom pricing | Enterprise, AI document analysis, DictNow |
| **Actaport** | Cloud-native | from 79.80 EUR/mo | Modern UI, Mandantenportal, integrated Office |
| **Haufe Advolux** | Cloud | Custom | User-friendly, full-featured |
| **Renostar Legal Cloud** | Cloud | Custom | Browser-based, no installation |
### 8.2 Table-Stakes Features KanzlAI is Missing
These are **mandatory** for any German Kanzleisoftware to be taken seriously:
1. **beA Integration** — since 2022, German lawyers must use the electronic court mailbox (besonderes elektronisches Anwaltspostfach). No Kanzleisoftware sells without it. This is a **massive** implementation effort (KSW-Schnittstelle from BRAK).
2. **RVG Billing (Gebührenrechner)** — automated fee calculation per RVG (Rechtsanwaltsvergütungsgesetz). Every competitor has this built-in. Without it, lawyers can't bill clients.
3. **Document Generation** — templates for Schriftsätze, Klageschriften, Mahnbescheide with auto-populated case data. Usually integrated with Word.
4. **Accounting (FiBu)** — client trust accounts (Fremdgeld), DATEV export, tax-relevant bookkeeping. Legal requirement.
5. **Conflict Check (Kollisionsprüfung)** — check if the firm has a conflict of interest before taking a case. Legally required (§ 43a BRAO).
6. **Dictation System** — voice-to-text for lawyers. RA-MICRO has DictaNet, AnNoText has DictNow.
### 8.3 Where KanzlAI Could Differentiate
Despite the feature gap, KanzlAI has some advantages:
1. **AI-native** — competitors are bolting AI onto 20-year-old software. KanzlAI has Claude API integration from day one. The deadline extraction from PDFs is genuinely useful.
2. **UPC specialization** — the deadline calculator with UPC Rules of Procedure knowledge is unique. No competitor has deep UPC litigation support.
3. **CalDAV sync** — bidirectional sync with external calendars is not common in German Kanzleisoftware.
4. **Modern tech stack** — React + Go + Supabase vs. the .NET/Java/Desktop world of RA-MICRO et al.
5. **Multi-tenant from day 1** — designed for SaaS, not converted from desktop software.
### 8.4 Strategic Recommendation
**Don't compete head-on with RA-MICRO.** The feature gap is 10+ person-years of work. Instead:
**Option A: UPC Niche Tool** — Pivot back to UPC patent litigation. Build the best deadline calculator, case tracker, and AI-powered brief analysis tool for UPC practitioners. There are ~1000 UPC practitioners in Europe who need specialized tooling that RA-MICRO doesn't provide. Charge 200-500 EUR/mo.
**Option B: AI-First Legal Assistant** — Don't call it "Kanzleimanagement." Position as an AI assistant that reads court documents, extracts deadlines, and syncs to the lawyer's existing Kanzleisoftware via CalDAV/iCal. This sidesteps the feature gap entirely.
**Option C: Full Kanzleisoftware** — If you pursue this, beA integration is the first priority, then RVG billing. Without these two, no German lawyer will switch.
---
## 9. Strengths (What's Good, Keep Doing It)
1. **Architecture is solid** — the Go + Next.js + Supabase stack is well-chosen. Clean separation of concerns.
2. **SQL is safe** — parameterized queries throughout. No injection vectors.
3. **Multi-tenant design** — tenant_id scoping with RLS is the right approach.
4. **CalDAV implementation** — genuinely impressive for an MVP. Bidirectional sync with conflict resolution.
5. **Deadline calculator** — ported from youpc.org with holiday awareness. Real domain value.
6. **AI integration** — Claude API with tool use for structured extraction. Clean implementation.
7. **Dashboard UX** — traffic lights, timeline, quick actions. Lawyers will get this immediately.
8. **German-first** — proper legal terminology, German date formats, localized UI.
9. **Test foundation** — 15 backend test files with integration tests. Good starting point.
10. **Docker builds are lean** — multi-stage, Alpine-based, standalone Next.js output.
---
## 10. Priority Roadmap
### P0 — This Week
- [ ] Fix tenant isolation bypass in TenantResolver (1.1)
- [ ] Consolidate tenant resolution logic (1.2)
- [ ] Encrypt CalDAV credentials at rest (1.3)
- [ ] Add CORS middleware + security headers (1.4)
- [ ] Stop leaking internal errors to clients (1.5)
- [ ] Add mutex to HolidayService cache (1.6)
- [ ] Fix rate limiter X-Forwarded-For bypass (1.7)
- [ ] Fix Dockerfile go.sum copy (2.9)
### P1 — Before Demo/Beta
- [ ] Add input validation (length limits, allowed values) (2.1)
- [ ] Add pagination to all list endpoints (2.2)
- [ ] Fix `search_path` connection pool issue (2.8)
- [ ] Add graceful shutdown with signal handling (2.7)
- [ ] Sanitize Content-Disposition filename (2.6)
- [ ] Fix German umlaut typos throughout frontend (2.10)
- [ ] Handle createEvent errors instead of swallowing (2.11)
- [ ] Add React error boundaries (2.12)
- [ ] Implement RLS policies on all tenant-scoped tables (2.13)
- [ ] Add multi-tenant security tests
- [ ] Add database migrations system
- [ ] Add `.env.example` file
- [ ] Add onboarding flow for new users
### P2 — Next Iteration
- [ ] Role-based access control (admin/member/readonly)
- [ ] Global search
- [ ] Email notifications for overdue deadlines
- [ ] Audit trail / activity log per user
- [ ] Auto-trigger AI extraction on document upload
- [ ] Print-friendly views
- [ ] E2E tests with Playwright
- [ ] CI/CD pipeline
### P3 — Strategic
- [ ] Decide market positioning (UPC niche vs. AI assistant vs. full Kanzleisoftware)
- [ ] If Kanzleisoftware: begin beA integration research
- [ ] If Kanzleisoftware: RVG Gebührenrechner
- [ ] If UPC niche: integrate lex-research case law database
---
*This audit was conducted by reading every source file in the repository, running all tests, analyzing the database schema via seed data, and comparing against established German Kanzleisoftware competitors.*

665
DESIGN-dashboard-redesign.md Normal file
View File

@@ -0,0 +1,665 @@
# Design: Dashboard Redesign + Detail Pages
**Task:** t-kz-060
**Author:** cronus (inventor)
**Date:** 2026-03-25
**Status:** Design proposal
---
## Problem Statement
The current dashboard is a read-only status board. Cards show counts but don't link anywhere. Timeline items are inert. Quick actions navigate to list pages rather than creation flows. There are no detail pages for individual events, deadlines, or appointments. Notes don't exist as a first-class entity. Case detail tabs use local state instead of URL segments, breaking deep linking and back navigation.
## Design Principles
1. **Everything clickable goes somewhere** — no dead-end UI
2. **Breadcrumb navigation** — always know where you are, one click to go back
3. **German labels throughout** — consistent with existing convention
4. **Mobile responsive** — sidebar collapses, cards stack, touch targets >= 44px
5. **Information density over whitespace** — law firm users want data, not decoration
6. **URL-driven state** — tabs, filters, and views reflected in the URL for deep linking
---
## Part 1: Dashboard Redesign
### 1.1 Traffic Light Cards → Click-to-Filter
**Current:** Three cards (Ueberfaellig / Diese Woche / Im Zeitplan) show counts. `onFilter` prop exists but is never wired up in `dashboard/page.tsx`.
**Proposed:**
Clicking a traffic light card navigates to `/fristen?status={filter}`:
| Card | Navigation Target |
|------|------------------|
| Ueberfaellig (red) | `/fristen?status=overdue` |
| Diese Woche (amber) | `/fristen?status=this_week` |
| Im Zeitplan (green) | `/fristen?status=ok` |
**Implementation:**
- Replace `onFilter` callback with `next/link` navigation using `href`
- `DeadlineTrafficLights` becomes a pure link-based component (no callback needed)
- `/fristen` page reads `searchParams.status` and pre-applies the filter
- The DeadlineList component already supports status filtering — just needs to read from URL
**Changes:**
- `DeadlineTrafficLights.tsx`: Replace `<button onClick>` with `<Link href="/fristen?status=...">`
- `fristen/page.tsx`: Read `searchParams` and pass as initial filter to DeadlineList
- `DeadlineList.tsx`: Accept `initialStatus` prop from URL params
### 1.2 Case Overview Grid → Click-to-Filter
**Current:** Three static metrics (Aktive Akten / Neu / Abgeschlossen). No links.
**Proposed:**
| Card | Navigation Target |
|------|------------------|
| Aktive Akten | `/cases?status=active` |
| Neu (Monat) | `/cases?status=active&since=month` |
| Abgeschlossen | `/cases?status=closed` |
**Implementation:**
- Wrap each metric row in `<Link>` to `/cases` with appropriate query params
- Cases list page already has filtering — needs to read URL params on mount
- Add visual hover state (arrow icon on hover, background highlight)
**Changes:**
- `CaseOverviewGrid.tsx`: Each row becomes a `<Link>` with hover arrow
- `cases/page.tsx`: Read `searchParams` for initial filter state
### 1.3 Timeline Items → Click-to-Navigate
**Current:** Timeline entries show deadline/appointment info but are not clickable. No link to the parent case or the item itself.
**Proposed:**
Each timeline entry becomes a clickable row:
- **Deadline entries**: Click navigates to `/fristen/{id}` (new deadline detail page)
- **Appointment entries**: Click navigates to `/termine/{id}` (new appointment detail page)
- **Case reference** (Az. / case_number): Secondary click target linking to `/cases/{case_id}`
**Visual changes:**
- Add `cursor-pointer` and hover state (`hover:bg-neutral-100` transition)
- Add a small chevron-right icon on the right edge
- Case number becomes a subtle underlined link (click stops propagation)
**Data changes:**
- `UpcomingDeadline` needs `case_id` field (currently missing from the dashboard query — the backend model has it but the SQL join doesn't select it)
- `UpcomingAppointment` already has `case_id`
**Backend change:**
- `dashboard_service.go` line 112: Add `d.case_id` to the upcoming deadlines SELECT
- `DashboardService.UpcomingDeadline` struct: Add `CaseID uuid.UUID` field
- Frontend `UpcomingDeadline` type: Already has `case_id` (it's in types.ts but the backend doesn't send it)
### 1.4 Quick Actions → Proper Navigation
**Current:** "Frist eintragen" goes to `/fristen` (list page), not a creation flow. "CalDAV Sync" goes to `/einstellungen`.
**Proposed:**
| Action | Current Target | New Target |
|--------|---------------|------------|
| Neue Akte | `/cases/new` | `/cases/new` (keep) |
| Frist eintragen | `/fristen` | `/fristen/neu` (new creation page) |
| Neuer Termin | (missing) | `/termine/neu` (new creation page) |
| AI Analyse | `/ai/extract` | `/ai/extract` (keep) |
Replace "CalDAV Sync" with "Neuer Termin" — CalDAV sync is a settings function, not a daily quick action. Creating an appointment is something a secretary does multiple times per day.
**Changes:**
- `QuickActions.tsx`: Update hrefs, swap CalDAV for appointment creation
- Create `/fristen/neu/page.tsx` — standalone deadline creation form (select case, fill fields)
- Create `/termine/neu/page.tsx` — standalone appointment creation form
### 1.5 AI Summary Card → Refresh Button
**Current:** Rule-based summary text, no refresh mechanism. Card regenerates on page load but not on demand.
**Proposed:**
- Add a small refresh icon button (RefreshCw) in the card header, next to "KI-Zusammenfassung"
- Clicking it calls `refetch()` on the dashboard query (passed as prop)
- Show a brief spinning animation during refetch
- If/when real AI summarization is wired up, this button triggers `POST /api/ai/summarize-dashboard` (future endpoint)
**Changes:**
- `AISummaryCard.tsx`: Accept `onRefresh` prop, add button with spinning state
- `dashboard/page.tsx`: Pass `refetch` to AISummaryCard
### 1.6 Dashboard Layout: Add Recent Activity Section
**Current:** The backend returns `recent_activity` (last 10 case events) but the frontend ignores it entirely.
**Proposed:**
- Add a "Letzte Aktivitaet" section below the timeline, full width
- Shows the 10 most recent case events in a compact list
- Each row: event icon (by type) | title | case number (linked) | relative time
- Clicking a row navigates to the case event detail page `/cases/{case_id}/ereignisse/{event_id}`
**Changes:**
- New component: `RecentActivityList.tsx` in `components/dashboard/`
- `dashboard/page.tsx`: Add section below the main grid
- Add `RecentActivity` type to `types.ts` (needs `case_id` and `event_id` fields from backend)
- Backend: Add `case_id` and `id` to the recent activity query
---
## Part 2: New Pages
### 2.1 Deadline Detail Page — `/fristen/{id}`
**Route:** `src/app/(app)/fristen/[id]/page.tsx`
**Layout:**
```
Breadcrumb: Dashboard > Fristen > {deadline.title}
+---------------------------------------------------------+
| [Status Badge] {deadline.title} [Erledigen] |
| Fällig: 28. März 2026 |
+---------------------------------------------------------+
| Akte: Az. 2024/001 — Müller v. Schmidt [→ Zur Akte] |
| Quelle: Berechnet (R.118 RoP) |
| Ursprüngliches Datum: 25. März 2026 |
| Warnungsdatum: 21. März 2026 |
+---------------------------------------------------------+
| Notizen [Bearbeiten]|
| Fristverlängerung beantragt am 20.03. |
+---------------------------------------------------------+
| Verlauf |
| ○ Erstellt am 15.03.2026 |
| ○ Warnung gesendet am 21.03.2026 |
+---------------------------------------------------------+
```
**Data requirements:**
- `GET /api/deadlines/{id}` — new endpoint returning full deadline with case info
- Returns: Deadline + associated case (number, title, id) + notes
**Sections:**
1. **Header**: Status badge (Offen/Erledigt/Ueberfaellig), title, "Erledigen" action button
2. **Due date**: Large, with relative time ("in 3 Tagen" / "vor 2 Tagen ueberfaellig")
3. **Context panel**: Parent case (linked), source (manual/calculated/caldav), rule reference, original vs adjusted date
4. **Notes section**: Free-text notes (existing `notes` field on deadline), inline edit
5. **Activity log**: Timeline of changes to this deadline (future: from case_events filtered by deadline)
**Backend additions:**
- `GET /api/deadlines/{id}` — new handler returning single deadline with case join
- Handler: `deadlines.go` add `Get` method
- Service: `deadline_service.go` add `GetByID` with case join
### 2.2 Appointment Detail Page — `/termine/{id}`
**Route:** `src/app/(app)/termine/[id]/page.tsx`
**Layout:**
```
Breadcrumb: Dashboard > Termine > {appointment.title}
+---------------------------------------------------------+
| {appointment.title} [Bearbeiten] [X] |
| Typ: Verhandlung |
+---------------------------------------------------------+
| Datum: 28. März 2026, 10:00 12:00 Uhr |
| Ort: UPC München, Saal 3 |
+---------------------------------------------------------+
| Akte: Az. 2024/001 — Müller v. Schmidt [→ Zur Akte] |
+---------------------------------------------------------+
| Beschreibung |
| Erste mündliche Verhandlung... |
+---------------------------------------------------------+
| Notizen [+ Neu] |
| ○ 25.03. — Mandant über Termin informiert |
| ○ 24.03. — Schriftsatz vorbereitet |
+---------------------------------------------------------+
```
**Data requirements:**
- `GET /api/appointments/{id}` — new endpoint returning single appointment with case info
- Notes: Uses new `notes` table (see Part 3)
**Backend additions:**
- `GET /api/appointments/{id}` — new handler
- Handler: `appointments.go` add `Get` method
- Service: `appointment_service.go` add `GetByID` with optional case join
### 2.3 Case Event Detail Page — `/cases/{id}/ereignisse/{eventId}`
**Route:** `src/app/(app)/cases/[id]/ereignisse/[eventId]/page.tsx`
**Layout:**
```
Breadcrumb: Akten > Az. 2024/001 > Verlauf > {event.title}
+---------------------------------------------------------+
| [Event Type Icon] {event.title} |
| 25. März 2026, 14:30 |
+---------------------------------------------------------+
| Beschreibung |
| Statusänderung: aktiv → geschlossen |
+---------------------------------------------------------+
| Metadaten |
| Erstellt von: max.mustermann@kanzlei.de |
| Typ: status_changed |
+---------------------------------------------------------+
| Notizen [+ Neu] |
| (keine Notizen) |
+---------------------------------------------------------+
```
**Data requirements:**
- `GET /api/case-events/{id}` — new endpoint
- Notes: Uses new `notes` table
**Backend additions:**
- New handler: `case_events.go` with `Get` method
- New service method: `CaseEventService.GetByID`
- Or extend existing case handler to include event fetching
### 2.4 Standalone Deadline Creation — `/fristen/neu`
**Route:** `src/app/(app)/fristen/neu/page.tsx`
**Layout:**
```
Breadcrumb: Fristen > Neue Frist
+---------------------------------------------------------+
| Neue Frist anlegen |
+---------------------------------------------------------+
| Akte*: [Dropdown: Aktenauswahl] |
| Bezeichnung*: [________________________] |
| Beschreibung: [________________________] |
| Fällig am*: [Datumsauswahl] |
| Warnung am: [Datumsauswahl] |
| Notizen: [Textarea] |
+---------------------------------------------------------+
| [Abbrechen] [Frist anlegen]|
+---------------------------------------------------------+
```
Reuses existing deadline creation logic but as a standalone page rather than requiring the user to first navigate to a case. Case is selected via dropdown.
### 2.5 Standalone Appointment Creation — `/termine/neu`
**Route:** `src/app/(app)/termine/neu/page.tsx`
Same pattern as deadline creation. Reuses AppointmentModal fields but as a full page form. Appointment can optionally be linked to a case.
### 2.6 Case Detail Tabs → URL Segments
**Current:** Tabs use `useState<TabKey>` — no URL change, no deep linking, no browser back.
**Proposed route structure:**
```
/cases/{id} → redirects to /cases/{id}/verlauf
/cases/{id}/verlauf → Timeline tab
/cases/{id}/fristen → Deadlines tab
/cases/{id}/dokumente → Documents tab
/cases/{id}/parteien → Parties tab
/cases/{id}/notizen → Notes tab (new)
```
**Implementation approach:**
Use Next.js nested layouts with a shared layout for the case header + tab bar:
```
src/app/(app)/cases/[id]/
layout.tsx # Case header + tab navigation
page.tsx # Redirect to ./verlauf
verlauf/page.tsx # Timeline
fristen/page.tsx # Deadlines
dokumente/page.tsx # Documents
parteien/page.tsx # Parties
notizen/page.tsx # Notes (new)
```
The `layout.tsx` fetches case data and renders the header + tab bar. Each child page renders its tab content. The active tab is determined by the current pathname.
**Benefits:**
- Deep linking: `/cases/abc123/fristen` opens directly to the deadlines tab
- Browser back button works between tabs
- Each tab can have its own loading state
- Bookmarkable
---
## Part 3: Notes System
### 3.1 Data Model
Notes are a polymorphic entity — they can be attached to cases, deadlines, appointments, or case events.
**New table: `kanzlai.notes`**
```sql
CREATE TABLE kanzlai.notes (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
tenant_id UUID NOT NULL REFERENCES kanzlai.tenants(id),
-- Polymorphic parent reference (exactly one must be set)
case_id UUID REFERENCES kanzlai.cases(id) ON DELETE CASCADE,
deadline_id UUID REFERENCES kanzlai.deadlines(id) ON DELETE CASCADE,
appointment_id UUID REFERENCES kanzlai.appointments(id) ON DELETE CASCADE,
case_event_id UUID REFERENCES kanzlai.case_events(id) ON DELETE CASCADE,
content TEXT NOT NULL,
created_by UUID, -- auth.users reference
created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT now(),
-- Ensure exactly one parent is set
CONSTRAINT notes_single_parent CHECK (
(CASE WHEN case_id IS NOT NULL THEN 1 ELSE 0 END +
CASE WHEN deadline_id IS NOT NULL THEN 1 ELSE 0 END +
CASE WHEN appointment_id IS NOT NULL THEN 1 ELSE 0 END +
CASE WHEN case_event_id IS NOT NULL THEN 1 ELSE 0 END) = 1
)
);
-- Indexes for efficient lookup by parent
CREATE INDEX idx_notes_case ON kanzlai.notes(tenant_id, case_id) WHERE case_id IS NOT NULL;
CREATE INDEX idx_notes_deadline ON kanzlai.notes(tenant_id, deadline_id) WHERE deadline_id IS NOT NULL;
CREATE INDEX idx_notes_appointment ON kanzlai.notes(tenant_id, appointment_id) WHERE appointment_id IS NOT NULL;
CREATE INDEX idx_notes_case_event ON kanzlai.notes(tenant_id, case_event_id) WHERE case_event_id IS NOT NULL;
-- RLS
ALTER TABLE kanzlai.notes ENABLE ROW LEVEL SECURITY;
CREATE POLICY notes_tenant_isolation ON kanzlai.notes
USING (tenant_id IN (
SELECT tenant_id FROM kanzlai.user_tenants WHERE user_id = auth.uid()
));
```
### 3.2 Why Polymorphic Table vs Separate Tables
**Considered alternatives:**
1. **Separate notes per entity** (case_notes, deadline_notes, etc.) — More tables, duplicated logic, harder to search across all notes.
2. **Generic `entity_type` + `entity_id` pattern** — Loses FK constraints, can't cascade delete, harder to query with joins.
3. **Polymorphic with nullable FKs** (chosen) — FK constraints maintained, cascade deletes work, partial indexes keep queries fast, single service/handler. The CHECK constraint ensures data integrity.
### 3.3 Backend Model & API
**Go model:**
```go
type Note struct {
ID uuid.UUID `db:"id" json:"id"`
TenantID uuid.UUID `db:"tenant_id" json:"tenant_id"`
CaseID *uuid.UUID `db:"case_id" json:"case_id,omitempty"`
DeadlineID *uuid.UUID `db:"deadline_id" json:"deadline_id,omitempty"`
AppointmentID *uuid.UUID `db:"appointment_id" json:"appointment_id,omitempty"`
CaseEventID *uuid.UUID `db:"case_event_id" json:"case_event_id,omitempty"`
Content string `db:"content" json:"content"`
CreatedBy *uuid.UUID `db:"created_by" json:"created_by,omitempty"`
CreatedAt time.Time `db:"created_at" json:"created_at"`
UpdatedAt time.Time `db:"updated_at" json:"updated_at"`
}
```
**API endpoints:**
```
GET /api/notes?case_id={id} # List notes for a case
GET /api/notes?deadline_id={id} # List notes for a deadline
GET /api/notes?appointment_id={id} # List notes for an appointment
GET /api/notes?case_event_id={id} # List notes for a case event
POST /api/notes # Create note (body includes parent ID)
PUT /api/notes/{id} # Update note content
DELETE /api/notes/{id} # Delete note
```
Single endpoint with query parameter filtering — simpler than nested routes, works uniformly across all parent types.
**Service methods:**
```go
type NoteService struct { db *sqlx.DB }
func (s *NoteService) ListByParent(ctx, tenantID, parentType, parentID) ([]Note, error)
func (s *NoteService) Create(ctx, tenantID, note) (*Note, error)
func (s *NoteService) Update(ctx, tenantID, noteID, content) (*Note, error)
func (s *NoteService) Delete(ctx, tenantID, noteID) error
```
### 3.4 Notes UI Component
Reusable `<NotesList>` component used on every detail page:
```
+------------------------------------------------------------+
| Notizen [+ Neu] |
+------------------------------------------------------------+
| m@kanzlei.de · 25. Mär 2026, 14:30 [X][E] |
| Fristverlängerung beim Gericht beantragt. |
+------------------------------------------------------------+
| m@kanzlei.de · 24. Mär 2026, 10:15 [X][E] |
| Mandant telefonisch über Sachstand informiert. |
+------------------------------------------------------------+
```
**Props:**
```typescript
interface NotesListProps {
parentType: "case" | "deadline" | "appointment" | "case_event";
parentId: string;
}
```
**Features:**
- Fetches notes via `GET /api/notes?{parentType}_id={parentId}`
- "Neu" button opens inline textarea (not a modal — faster for quick notes)
- Each note shows: author, timestamp, content, edit/delete buttons
- Edit is inline (textarea replaces content)
- Optimistic updates via react-query mutation + invalidation
- Empty state: "Keine Notizen vorhanden. Klicken Sie +, um eine Notiz hinzuzufügen."
### 3.5 Migration from `deadlines.notes` Field
The existing `deadlines.notes` text field should be migrated:
1. For each deadline with a non-null `notes` value, create a corresponding row in the `notes` table with `deadline_id` set
2. Drop the `deadlines.notes` column after migration
3. This can be a one-time SQL migration script
---
## Part 4: Breadcrumb Navigation
### 4.1 Breadcrumb Component
New shared component: `src/components/layout/Breadcrumb.tsx`
```typescript
interface BreadcrumbItem {
label: string;
href?: string; // omit for current page (last item)
}
function Breadcrumb({ items }: { items: BreadcrumbItem[] }) {
// Renders: Home > Parent > Current
// Each item with href is a Link, last item is plain text
}
```
**Placement:** At the top of every page, inside the main content area (not in the layout — different pages have different breadcrumbs).
### 4.2 Breadcrumb Patterns
| Page | Breadcrumb |
|------|-----------|
| Dashboard | Dashboard |
| Fristen | Dashboard > Fristen |
| Fristen Detail | Dashboard > Fristen > {title} |
| Fristen Neu | Dashboard > Fristen > Neue Frist |
| Termine | Dashboard > Termine |
| Termine Detail | Dashboard > Termine > {title} |
| Termine Neu | Dashboard > Termine > Neuer Termin |
| Akten | Dashboard > Akten |
| Akte Detail | Dashboard > Akten > {case_number} |
| Akte > Fristen | Dashboard > Akten > {case_number} > Fristen |
| Akte > Notizen | Dashboard > Akten > {case_number} > Notizen |
| Ereignis Detail | Dashboard > Akten > {case_number} > Verlauf > {title} |
| Einstellungen | Dashboard > Einstellungen |
| AI Analyse | Dashboard > AI Analyse |
---
## Part 5: Summary of Backend Changes
### New Endpoints
| Method | Path | Handler | Purpose |
|--------|------|---------|---------|
| GET | `/api/deadlines/{id}` | `deadlineH.Get` | Single deadline with case context |
| GET | `/api/appointments/{id}` | `apptH.Get` | Single appointment with case context |
| GET | `/api/case-events/{id}` | `eventH.Get` | Single case event |
| GET | `/api/notes` | `noteH.List` | List notes (filtered by parent) |
| POST | `/api/notes` | `noteH.Create` | Create note |
| PUT | `/api/notes/{id}` | `noteH.Update` | Update note |
| DELETE | `/api/notes/{id}` | `noteH.Delete` | Delete note |
### Modified Endpoints
| Endpoint | Change |
|----------|--------|
| `GET /api/dashboard` | Add `case_id`, `id` to recent_activity; add `case_id` to upcoming_deadlines query |
### New Files
| File | Purpose |
|------|---------|
| `backend/internal/models/note.go` | Note model |
| `backend/internal/services/note_service.go` | Note CRUD service |
| `backend/internal/handlers/notes.go` | Note HTTP handlers |
| `backend/internal/handlers/case_events.go` | Case event detail handler |
### Database Migration
1. Create `kanzlai.notes` table with polymorphic FK pattern
2. Migrate existing `deadlines.notes` data
3. Drop `deadlines.notes` column
---
## Part 6: Summary of Frontend Changes
### New Files
| File | Purpose |
|------|---------|
| `src/app/(app)/fristen/[id]/page.tsx` | Deadline detail page |
| `src/app/(app)/fristen/neu/page.tsx` | Standalone deadline creation |
| `src/app/(app)/termine/[id]/page.tsx` | Appointment detail page |
| `src/app/(app)/termine/neu/page.tsx` | Standalone appointment creation |
| `src/app/(app)/cases/[id]/layout.tsx` | Case detail shared layout (header + tabs) |
| `src/app/(app)/cases/[id]/verlauf/page.tsx` | Case timeline tab |
| `src/app/(app)/cases/[id]/fristen/page.tsx` | Case deadlines tab |
| `src/app/(app)/cases/[id]/dokumente/page.tsx` | Case documents tab |
| `src/app/(app)/cases/[id]/parteien/page.tsx` | Case parties tab |
| `src/app/(app)/cases/[id]/notizen/page.tsx` | Case notes tab (new) |
| `src/app/(app)/cases/[id]/ereignisse/[eventId]/page.tsx` | Case event detail |
| `src/components/layout/Breadcrumb.tsx` | Reusable breadcrumb |
| `src/components/notes/NotesList.tsx` | Reusable notes list + inline creation |
| `src/components/dashboard/RecentActivityList.tsx` | Recent activity feed |
### Modified Files
| File | Change |
|------|--------|
| `src/components/dashboard/DeadlineTrafficLights.tsx` | Buttons → Links with navigation |
| `src/components/dashboard/CaseOverviewGrid.tsx` | Static metrics → clickable links |
| `src/components/dashboard/UpcomingTimeline.tsx` | Items → clickable with navigation |
| `src/components/dashboard/AISummaryCard.tsx` | Add refresh button |
| `src/components/dashboard/QuickActions.tsx` | Fix targets, swap CalDAV for Termin |
| `src/app/(app)/dashboard/page.tsx` | Wire navigation, add RecentActivity section |
| `src/app/(app)/fristen/page.tsx` | Read URL params for initial filter |
| `src/app/(app)/cases/page.tsx` | Read URL params for initial filter |
| `src/app/(app)/cases/[id]/page.tsx` | Refactor into layout + nested routes |
| `src/lib/types.ts` | Add Note, RecentActivity types; update UpcomingDeadline |
### Types to Add
```typescript
export interface Note {
id: string;
tenant_id: string;
case_id?: string;
deadline_id?: string;
appointment_id?: string;
case_event_id?: string;
content: string;
created_by?: string;
created_at: string;
updated_at: string;
}
export interface RecentActivity {
id: string;
event_type?: string;
title: string;
case_id: string;
case_number: string;
event_date?: string;
created_at: string;
}
```
---
## Part 7: Implementation Plan
Recommended order for a coder to implement:
### Phase A: Backend Foundation (can be done in parallel)
1. Create `notes` table migration + model + service + handler
2. Add `GET /api/deadlines/{id}` endpoint
3. Add `GET /api/appointments/{id}` endpoint
4. Add `GET /api/case-events/{id}` endpoint
5. Fix dashboard query to include `case_id` in upcoming deadlines and recent activity
### Phase B: Frontend — Dashboard Interactivity
1. Create `Breadcrumb` component
2. Make traffic light cards clickable (Links)
3. Make case overview grid clickable (Links)
4. Make timeline items clickable (Links)
5. Fix quick actions (swap CalDAV for Termin, update hrefs)
6. Add refresh button to AI Summary card
7. Add RecentActivityList component + wire to dashboard
### Phase C: Frontend — New Detail Pages
1. Deadline detail page (`/fristen/[id]`)
2. Appointment detail page (`/termine/[id]`)
3. Case event detail page (`/cases/[id]/ereignisse/[eventId]`)
4. Standalone deadline creation (`/fristen/neu`)
5. Standalone appointment creation (`/termine/neu`)
### Phase D: Frontend — Case Detail Refactor
1. Extract case header + tabs into layout.tsx
2. Create sub-route pages (verlauf, fristen, dokumente, parteien)
3. Add notes tab
4. Wire `NotesList` component into all detail pages
### Phase E: Polish
1. URL filter params on `/fristen` and `/cases` pages
2. Breadcrumbs on all pages
3. Mobile responsive testing
4. Migration of existing `deadlines.notes` data
---
## Appendix: What This Design Does NOT Cover
- Real AI-powered summary (currently rule-based — kept as-is with refresh button)
- Notification system (toast-based alerts for approaching deadlines)
- Audit log / change history per entity
- Batch operations (mark multiple deadlines complete)
- Print views
These are separate features that can be designed independently.

1321
ROADMAP.md Normal file
View File

File diff suppressed because it is too large Load Diff

17
backend/internal/auth/middleware.go
View File

@@ -24,28 +24,19 @@ func (m *Middleware) RequireAuth(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
token := extractBearerToken(r) token := extractBearerToken(r)
if token == "" { if token == "" {
http.Error(w, "missing authorization token", http.StatusUnauthorized) http.Error(w, `{"error":"missing authorization token"}`, http.StatusUnauthorized)
return return
} }
userID, err := m.verifyJWT(token) userID, err := m.verifyJWT(token)
if err != nil { if err != nil {
http.Error(w, fmt.Sprintf("invalid token: %v", err), http.StatusUnauthorized) http.Error(w, `{"error":"invalid token"}`, http.StatusUnauthorized)
return return
} }
ctx := ContextWithUserID(r.Context(), userID) ctx := ContextWithUserID(r.Context(), userID)
// Tenant resolution is handled by TenantResolver middleware for scoped routes.
// Resolve tenant from user_tenants // Tenant management routes handle their own access control.
var tenantID uuid.UUID
err = m.db.GetContext(r.Context(), &tenantID,
"SELECT tenant_id FROM user_tenants WHERE user_id = $1 LIMIT 1", userID)
if err != nil {
http.Error(w, "no tenant found for user", http.StatusForbidden)
return
}
ctx = ContextWithTenantID(ctx, tenantID)
next.ServeHTTP(w, r.WithContext(ctx)) next.ServeHTTP(w, r.WithContext(ctx))
}) })
} }

29
backend/internal/auth/tenant_resolver.go
View File

@@ -2,20 +2,21 @@ package auth
import ( import (
"context" "context"
"fmt" "log/slog"
"net/http" "net/http"
"github.com/google/uuid" "github.com/google/uuid"
) )
// TenantLookup resolves the default tenant for a user. // TenantLookup resolves and verifies tenant access for a user.
// Defined as an interface to avoid circular dependency with services. // Defined as an interface to avoid circular dependency with services.
type TenantLookup interface { type TenantLookup interface {
FirstTenantForUser(ctx context.Context, userID uuid.UUID) (*uuid.UUID, error) FirstTenantForUser(ctx context.Context, userID uuid.UUID) (*uuid.UUID, error)
VerifyAccess(ctx context.Context, userID, tenantID uuid.UUID) (bool, error)
} }
// TenantResolver is middleware that resolves the tenant from X-Tenant-ID header // TenantResolver is middleware that resolves the tenant from X-Tenant-ID header
// or defaults to the user's first tenant. // or defaults to the user's first tenant. Always verifies user has access.
type TenantResolver struct { type TenantResolver struct {
lookup TenantLookup lookup TenantLookup
} }
@@ -28,7 +29,7 @@ func (tr *TenantResolver) Resolve(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
userID, ok := UserFromContext(r.Context()) userID, ok := UserFromContext(r.Context())
if !ok { if !ok {
http.Error(w, "unauthorized", http.StatusUnauthorized) http.Error(w, `{"error":"unauthorized"}`, http.StatusUnauthorized)
return return
} }
@@ -37,19 +38,33 @@ func (tr *TenantResolver) Resolve(next http.Handler) http.Handler {
if header := r.Header.Get("X-Tenant-ID"); header != "" { if header := r.Header.Get("X-Tenant-ID"); header != "" {
parsed, err := uuid.Parse(header) parsed, err := uuid.Parse(header)
if err != nil { if err != nil {
http.Error(w, fmt.Sprintf("invalid X-Tenant-ID: %v", err), http.StatusBadRequest) http.Error(w, `{"error":"invalid X-Tenant-ID"}`, http.StatusBadRequest)
return return
} }
// Verify user has access to this tenant
hasAccess, err := tr.lookup.VerifyAccess(r.Context(), userID, parsed)
if err != nil {
slog.Error("tenant access check failed", "error", err, "user_id", userID, "tenant_id", parsed)
http.Error(w, `{"error":"internal error"}`, http.StatusInternalServerError)
return
}
if !hasAccess {
http.Error(w, `{"error":"no access to tenant"}`, http.StatusForbidden)
return
}
tenantID = parsed tenantID = parsed
} else { } else {
// Default to user's first tenant // Default to user's first tenant
first, err := tr.lookup.FirstTenantForUser(r.Context(), userID) first, err := tr.lookup.FirstTenantForUser(r.Context(), userID)
if err != nil { if err != nil {
http.Error(w, fmt.Sprintf("resolving tenant: %v", err), http.StatusInternalServerError) slog.Error("failed to resolve default tenant", "error", err, "user_id", userID)
http.Error(w, `{"error":"internal error"}`, http.StatusInternalServerError)
return return
} }
if first == nil { if first == nil {
http.Error(w, "no tenant found for user", http.StatusBadRequest) http.Error(w, `{"error":"no tenant found for user"}`, http.StatusBadRequest)
return return
} }
tenantID = *first tenantID = *first

32
backend/internal/auth/tenant_resolver_test.go
View File

@@ -10,17 +10,23 @@ import (
) )
type mockTenantLookup struct { type mockTenantLookup struct {
tenantID *uuid.UUID tenantID *uuid.UUID
err error err error
hasAccess bool
accessErr error
} }
func (m *mockTenantLookup) FirstTenantForUser(ctx context.Context, userID uuid.UUID) (*uuid.UUID, error) { func (m *mockTenantLookup) FirstTenantForUser(ctx context.Context, userID uuid.UUID) (*uuid.UUID, error) {
return m.tenantID, m.err return m.tenantID, m.err
} }
func (m *mockTenantLookup) VerifyAccess(ctx context.Context, userID, tenantID uuid.UUID) (bool, error) {
return m.hasAccess, m.accessErr
}
func TestTenantResolver_FromHeader(t *testing.T) { func TestTenantResolver_FromHeader(t *testing.T) {
tenantID := uuid.New() tenantID := uuid.New()
tr := NewTenantResolver(&mockTenantLookup{}) tr := NewTenantResolver(&mockTenantLookup{hasAccess: true})
var gotTenantID uuid.UUID var gotTenantID uuid.UUID
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -47,6 +53,26 @@ func TestTenantResolver_FromHeader(t *testing.T) {
} }
} }
func TestTenantResolver_FromHeader_NoAccess(t *testing.T) {
tenantID := uuid.New()
tr := NewTenantResolver(&mockTenantLookup{hasAccess: false})
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
t.Fatal("next should not be called")
})
r := httptest.NewRequest("GET", "/api/cases", nil)
r.Header.Set("X-Tenant-ID", tenantID.String())
r = r.WithContext(ContextWithUserID(r.Context(), uuid.New()))
w := httptest.NewRecorder()
tr.Resolve(next).ServeHTTP(w, r)
if w.Code != http.StatusForbidden {
t.Errorf("expected 403, got %d", w.Code)
}
}
func TestTenantResolver_DefaultsToFirst(t *testing.T) { func TestTenantResolver_DefaultsToFirst(t *testing.T) {
tenantID := uuid.New() tenantID := uuid.New()
tr := NewTenantResolver(&mockTenantLookup{tenantID: &tenantID}) tr := NewTenantResolver(&mockTenantLookup{tenantID: &tenantID})

2
backend/internal/config/config.go
View File

@@ -13,6 +13,7 @@ type Config struct {
SupabaseServiceKey string SupabaseServiceKey string
SupabaseJWTSecret string SupabaseJWTSecret string
AnthropicAPIKey string AnthropicAPIKey string
FrontendOrigin string
} }
func Load() (*Config, error) { func Load() (*Config, error) {
@@ -24,6 +25,7 @@ func Load() (*Config, error) {
SupabaseServiceKey: os.Getenv("SUPABASE_SERVICE_KEY"), SupabaseServiceKey: os.Getenv("SUPABASE_SERVICE_KEY"),
SupabaseJWTSecret: os.Getenv("SUPABASE_JWT_SECRET"), SupabaseJWTSecret: os.Getenv("SUPABASE_JWT_SECRET"),
AnthropicAPIKey: os.Getenv("ANTHROPIC_API_KEY"), AnthropicAPIKey: os.Getenv("ANTHROPIC_API_KEY"),
FrontendOrigin: getEnv("FRONTEND_ORIGIN", "https://kanzlai.msbls.de"),
} }
if cfg.DatabaseURL == "" { if cfg.DatabaseURL == "" {

22
backend/internal/handlers/ai.go
View File

@@ -5,18 +5,16 @@ import (
"io" "io"
"net/http" "net/http"
"github.com/jmoiron/sqlx" "mgit.msbls.de/m/KanzlAI-mGMT/internal/auth"
"mgit.msbls.de/m/KanzlAI-mGMT/internal/services" "mgit.msbls.de/m/KanzlAI-mGMT/internal/services"
) )
type AIHandler struct { type AIHandler struct {
ai *services.AIService ai *services.AIService
db *sqlx.DB
} }
func NewAIHandler(ai *services.AIService, db *sqlx.DB) *AIHandler { func NewAIHandler(ai *services.AIService) *AIHandler {
return &AIHandler{ai: ai, db: db} return &AIHandler{ai: ai}
} }
// ExtractDeadlines handles POST /api/ai/extract-deadlines // ExtractDeadlines handles POST /api/ai/extract-deadlines
@@ -61,10 +59,14 @@ func (h *AIHandler) ExtractDeadlines(w http.ResponseWriter, r *http.Request) {
writeError(w, http.StatusBadRequest, "provide either a PDF file or text") writeError(w, http.StatusBadRequest, "provide either a PDF file or text")
return return
} }
if len(text) > maxDescriptionLen {
writeError(w, http.StatusBadRequest, "text exceeds maximum length")
return
}
deadlines, err := h.ai.ExtractDeadlines(r.Context(), pdfData, text) deadlines, err := h.ai.ExtractDeadlines(r.Context(), pdfData, text)
if err != nil { if err != nil {
writeError(w, http.StatusInternalServerError, "AI extraction failed: "+err.Error()) internalError(w, "AI deadline extraction failed", err)
return return
} }
@@ -77,9 +79,9 @@ func (h *AIHandler) ExtractDeadlines(w http.ResponseWriter, r *http.Request) {
// SummarizeCase handles POST /api/ai/summarize-case // SummarizeCase handles POST /api/ai/summarize-case
// Accepts JSON {"case_id": "uuid"}. // Accepts JSON {"case_id": "uuid"}.
func (h *AIHandler) SummarizeCase(w http.ResponseWriter, r *http.Request) { func (h *AIHandler) SummarizeCase(w http.ResponseWriter, r *http.Request) {
tenantID, err := resolveTenant(r, h.db) tenantID, ok := auth.TenantFromContext(r.Context())
if err != nil { if !ok {
handleTenantError(w, err) writeError(w, http.StatusForbidden, "missing tenant")
return return
} }
@@ -104,7 +106,7 @@ func (h *AIHandler) SummarizeCase(w http.ResponseWriter, r *http.Request) {
summary, err := h.ai.SummarizeCase(r.Context(), tenantID, caseID) summary, err := h.ai.SummarizeCase(r.Context(), tenantID, caseID)
if err != nil { if err != nil {
writeError(w, http.StatusInternalServerError, "AI summarization failed: "+err.Error()) internalError(w, "AI case summarization failed", err)
return return
} }

14
backend/internal/handlers/ai_handler_test.go
View File

@@ -42,7 +42,7 @@ func TestAIExtractDeadlines_InvalidJSON(t *testing.T) {
} }
} }
func TestAISummarizeCase_MissingCaseID(t *testing.T) { func TestAISummarizeCase_MissingTenant(t *testing.T) {
h := &AIHandler{} h := &AIHandler{}
body := `{"case_id":""}` body := `{"case_id":""}`
@@ -52,9 +52,9 @@ func TestAISummarizeCase_MissingCaseID(t *testing.T) {
h.SummarizeCase(w, r) h.SummarizeCase(w, r)
// Without auth context, the resolveTenant will fail first // Without tenant context, TenantFromContext returns !ok → 403
if w.Code != http.StatusUnauthorized { if w.Code != http.StatusForbidden {
t.Errorf("expected 401, got %d", w.Code) t.Errorf("expected 403, got %d", w.Code)
} }
} }
@@ -67,8 +67,8 @@ func TestAISummarizeCase_InvalidJSON(t *testing.T) {
h.SummarizeCase(w, r) h.SummarizeCase(w, r)
// Without auth context, the resolveTenant will fail first // Without tenant context, TenantFromContext returns !ok → 403
if w.Code != http.StatusUnauthorized { if w.Code != http.StatusForbidden {
t.Errorf("expected 401, got %d", w.Code) t.Errorf("expected 403, got %d", w.Code)
} }
} }

35
backend/internal/handlers/appointments.go
View File

@@ -22,6 +22,33 @@ func NewAppointmentHandler(svc *services.AppointmentService) *AppointmentHandler
return &AppointmentHandler{svc: svc} return &AppointmentHandler{svc: svc}
} }
// Get handles GET /api/appointments/{id}
func (h *AppointmentHandler) Get(w http.ResponseWriter, r *http.Request) {
tenantID, ok := auth.TenantFromContext(r.Context())
if !ok {
writeError(w, http.StatusUnauthorized, "missing tenant")
return
}
id, err := uuid.Parse(r.PathValue("id"))
if err != nil {
writeError(w, http.StatusBadRequest, "invalid appointment id")
return
}
appt, err := h.svc.GetByID(r.Context(), tenantID, id)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
writeError(w, http.StatusNotFound, "appointment not found")
return
}
writeError(w, http.StatusInternalServerError, "failed to fetch appointment")
return
}
writeJSON(w, http.StatusOK, appt)
}
func (h *AppointmentHandler) List(w http.ResponseWriter, r *http.Request) { func (h *AppointmentHandler) List(w http.ResponseWriter, r *http.Request) {
tenantID, ok := auth.TenantFromContext(r.Context()) tenantID, ok := auth.TenantFromContext(r.Context())
if !ok { if !ok {
@@ -94,6 +121,10 @@ func (h *AppointmentHandler) Create(w http.ResponseWriter, r *http.Request) {
writeError(w, http.StatusBadRequest, "title is required") writeError(w, http.StatusBadRequest, "title is required")
return return
} }
if msg := validateStringLength("title", req.Title, maxTitleLen); msg != "" {
writeError(w, http.StatusBadRequest, msg)
return
}
if req.StartAt.IsZero() { if req.StartAt.IsZero() {
writeError(w, http.StatusBadRequest, "start_at is required") writeError(w, http.StatusBadRequest, "start_at is required")
return return
@@ -161,6 +192,10 @@ func (h *AppointmentHandler) Update(w http.ResponseWriter, r *http.Request) {
writeError(w, http.StatusBadRequest, "title is required") writeError(w, http.StatusBadRequest, "title is required")
return return
} }
if msg := validateStringLength("title", req.Title, maxTitleLen); msg != "" {
writeError(w, http.StatusBadRequest, msg)
return
}
if req.StartAt.IsZero() { if req.StartAt.IsZero() {
writeError(w, http.StatusBadRequest, "start_at is required") writeError(w, http.StatusBadRequest, "start_at is required")
return return

2
backend/internal/handlers/caldav.go
View File

@@ -27,7 +27,7 @@ func (h *CalDAVHandler) TriggerSync(w http.ResponseWriter, r *http.Request) {
cfg, err := h.svc.LoadTenantConfig(tenantID) cfg, err := h.svc.LoadTenantConfig(tenantID)
if err != nil { if err != nil {
writeError(w, http.StatusBadRequest, err.Error()) writeError(w, http.StatusBadRequest, "CalDAV not configured for this tenant")
return return
} }

52
backend/internal/handlers/case_events.go Normal file
View File

@@ -0,0 +1,52 @@
package handlers
import (
"database/sql"
"errors"
"net/http"
"github.com/google/uuid"
"mgit.msbls.de/m/KanzlAI-mGMT/internal/auth"
"mgit.msbls.de/m/KanzlAI-mGMT/internal/models"
"github.com/jmoiron/sqlx"
)
type CaseEventHandler struct {
db *sqlx.DB
}
func NewCaseEventHandler(db *sqlx.DB) *CaseEventHandler {
return &CaseEventHandler{db: db}
}
// Get handles GET /api/case-events/{id}
func (h *CaseEventHandler) Get(w http.ResponseWriter, r *http.Request) {
tenantID, ok := auth.TenantFromContext(r.Context())
if !ok {
writeError(w, http.StatusUnauthorized, "missing tenant")
return
}
eventID, err := uuid.Parse(r.PathValue("id"))
if err != nil {
writeError(w, http.StatusBadRequest, "invalid event ID")
return
}
var event models.CaseEvent
err = h.db.GetContext(r.Context(), &event,
`SELECT id, tenant_id, case_id, event_type, title, description, event_date, created_by, metadata, created_at, updated_at
FROM case_events
WHERE id = $1 AND tenant_id = $2`, eventID, tenantID)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
writeError(w, http.StatusNotFound, "case event not found")
return
}
writeError(w, http.StatusInternalServerError, "failed to fetch case event")
return
}
writeJSON(w, http.StatusOK, event)
}

37
backend/internal/handlers/cases.go
View File

@@ -28,18 +28,25 @@ func (h *CaseHandler) List(w http.ResponseWriter, r *http.Request) {
limit, _ := strconv.Atoi(r.URL.Query().Get("limit")) limit, _ := strconv.Atoi(r.URL.Query().Get("limit"))
offset, _ := strconv.Atoi(r.URL.Query().Get("offset")) offset, _ := strconv.Atoi(r.URL.Query().Get("offset"))
limit, offset = clampPagination(limit, offset)
search := r.URL.Query().Get("search")
if msg := validateStringLength("search", search, maxSearchLen); msg != "" {
writeError(w, http.StatusBadRequest, msg)
return
}
filter := services.CaseFilter{ filter := services.CaseFilter{
Status: r.URL.Query().Get("status"), Status: r.URL.Query().Get("status"),
Type: r.URL.Query().Get("type"), Type: r.URL.Query().Get("type"),
Search: r.URL.Query().Get("search"), Search: search,
Limit: limit, Limit: limit,
Offset: offset, Offset: offset,
} }
cases, total, err := h.svc.List(r.Context(), tenantID, filter) cases, total, err := h.svc.List(r.Context(), tenantID, filter)
if err != nil { if err != nil {
writeError(w, http.StatusInternalServerError, err.Error()) internalError(w, "failed to list cases", err)
return return
} }
@@ -66,10 +73,18 @@ func (h *CaseHandler) Create(w http.ResponseWriter, r *http.Request) {
writeError(w, http.StatusBadRequest, "case_number and title are required") writeError(w, http.StatusBadRequest, "case_number and title are required")
return return
} }
if msg := validateStringLength("case_number", input.CaseNumber, maxCaseNumberLen); msg != "" {
writeError(w, http.StatusBadRequest, msg)
return
}
if msg := validateStringLength("title", input.Title, maxTitleLen); msg != "" {
writeError(w, http.StatusBadRequest, msg)
return
}
c, err := h.svc.Create(r.Context(), tenantID, userID, input) c, err := h.svc.Create(r.Context(), tenantID, userID, input)
if err != nil { if err != nil {
writeError(w, http.StatusInternalServerError, err.Error()) internalError(w, "failed to create case", err)
return return
} }
@@ -91,7 +106,7 @@ func (h *CaseHandler) Get(w http.ResponseWriter, r *http.Request) {
detail, err := h.svc.GetByID(r.Context(), tenantID, caseID) detail, err := h.svc.GetByID(r.Context(), tenantID, caseID)
if err != nil { if err != nil {
writeError(w, http.StatusInternalServerError, err.Error()) internalError(w, "failed to get case", err)
return return
} }
if detail == nil { if detail == nil {
@@ -121,10 +136,22 @@ func (h *CaseHandler) Update(w http.ResponseWriter, r *http.Request) {
writeError(w, http.StatusBadRequest, "invalid JSON body") writeError(w, http.StatusBadRequest, "invalid JSON body")
return return
} }
if input.Title != nil {
if msg := validateStringLength("title", *input.Title, maxTitleLen); msg != "" {
writeError(w, http.StatusBadRequest, msg)
return
}
}
if input.CaseNumber != nil {
if msg := validateStringLength("case_number", *input.CaseNumber, maxCaseNumberLen); msg != "" {
writeError(w, http.StatusBadRequest, msg)
return
}
}
updated, err := h.svc.Update(r.Context(), tenantID, caseID, userID, input) updated, err := h.svc.Update(r.Context(), tenantID, caseID, userID, input)
if err != nil { if err != nil {
writeError(w, http.StatusInternalServerError, err.Error()) internalError(w, "failed to update case", err)
return return
} }
if updated == nil { if updated == nil {

2
backend/internal/handlers/dashboard.go
View File

@@ -24,7 +24,7 @@ func (h *DashboardHandler) Get(w http.ResponseWriter, r *http.Request) {
data, err := h.svc.Get(r.Context(), tenantID) data, err := h.svc.Get(r.Context(), tenantID)
if err != nil { if err != nil {
writeError(w, http.StatusInternalServerError, err.Error()) internalError(w, "failed to load dashboard", err)
return return
} }

90
backend/internal/handlers/deadlines.go
View File

@@ -4,33 +4,58 @@ import (
"encoding/json" "encoding/json"
"net/http" "net/http"
"github.com/jmoiron/sqlx" "mgit.msbls.de/m/KanzlAI-mGMT/internal/auth"
"mgit.msbls.de/m/KanzlAI-mGMT/internal/services" "mgit.msbls.de/m/KanzlAI-mGMT/internal/services"
) )
// DeadlineHandlers holds handlers for deadline CRUD endpoints // DeadlineHandlers holds handlers for deadline CRUD endpoints
type DeadlineHandlers struct { type DeadlineHandlers struct {
deadlines *services.DeadlineService deadlines *services.DeadlineService
db *sqlx.DB
} }
// NewDeadlineHandlers creates deadline handlers // NewDeadlineHandlers creates deadline handlers
func NewDeadlineHandlers(ds *services.DeadlineService, db *sqlx.DB) *DeadlineHandlers { func NewDeadlineHandlers(ds *services.DeadlineService) *DeadlineHandlers {
return &DeadlineHandlers{deadlines: ds, db: db} return &DeadlineHandlers{deadlines: ds}
}
// Get handles GET /api/deadlines/{deadlineID}
func (h *DeadlineHandlers) Get(w http.ResponseWriter, r *http.Request) {
tenantID, ok := auth.TenantFromContext(r.Context())
if !ok {
writeError(w, http.StatusForbidden, "missing tenant")
return
}
deadlineID, err := parsePathUUID(r, "deadlineID")
if err != nil {
writeError(w, http.StatusBadRequest, "invalid deadline ID")
return
}
deadline, err := h.deadlines.GetByID(tenantID, deadlineID)
if err != nil {
internalError(w, "failed to fetch deadline", err)
return
}
if deadline == nil {
writeError(w, http.StatusNotFound, "deadline not found")
return
}
writeJSON(w, http.StatusOK, deadline)
} }
// ListAll handles GET /api/deadlines // ListAll handles GET /api/deadlines
func (h *DeadlineHandlers) ListAll(w http.ResponseWriter, r *http.Request) { func (h *DeadlineHandlers) ListAll(w http.ResponseWriter, r *http.Request) {
tenantID, err := resolveTenant(r, h.db) tenantID, ok := auth.TenantFromContext(r.Context())
if err != nil { if !ok {
handleTenantError(w, err) writeError(w, http.StatusForbidden, "missing tenant")
return return
} }
deadlines, err := h.deadlines.ListAll(tenantID) deadlines, err := h.deadlines.ListAll(tenantID)
if err != nil { if err != nil {
writeError(w, http.StatusInternalServerError, "failed to list deadlines") internalError(w, "failed to list deadlines", err)
return return
} }
@@ -39,9 +64,9 @@ func (h *DeadlineHandlers) ListAll(w http.ResponseWriter, r *http.Request) {
// ListForCase handles GET /api/cases/{caseID}/deadlines // ListForCase handles GET /api/cases/{caseID}/deadlines
func (h *DeadlineHandlers) ListForCase(w http.ResponseWriter, r *http.Request) { func (h *DeadlineHandlers) ListForCase(w http.ResponseWriter, r *http.Request) {
tenantID, err := resolveTenant(r, h.db) tenantID, ok := auth.TenantFromContext(r.Context())
if err != nil { if !ok {
handleTenantError(w, err) writeError(w, http.StatusForbidden, "missing tenant")
return return
} }
@@ -53,7 +78,7 @@ func (h *DeadlineHandlers) ListForCase(w http.ResponseWriter, r *http.Request) {
deadlines, err := h.deadlines.ListForCase(tenantID, caseID) deadlines, err := h.deadlines.ListForCase(tenantID, caseID)
if err != nil { if err != nil {
writeError(w, http.StatusInternalServerError, "failed to list deadlines") internalError(w, "failed to list deadlines for case", err)
return return
} }
@@ -62,9 +87,9 @@ func (h *DeadlineHandlers) ListForCase(w http.ResponseWriter, r *http.Request) {
// Create handles POST /api/cases/{caseID}/deadlines // Create handles POST /api/cases/{caseID}/deadlines
func (h *DeadlineHandlers) Create(w http.ResponseWriter, r *http.Request) { func (h *DeadlineHandlers) Create(w http.ResponseWriter, r *http.Request) {
tenantID, err := resolveTenant(r, h.db) tenantID, ok := auth.TenantFromContext(r.Context())
if err != nil { if !ok {
handleTenantError(w, err) writeError(w, http.StatusForbidden, "missing tenant")
return return
} }
@@ -85,10 +110,14 @@ func (h *DeadlineHandlers) Create(w http.ResponseWriter, r *http.Request) {
writeError(w, http.StatusBadRequest, "title and due_date are required") writeError(w, http.StatusBadRequest, "title and due_date are required")
return return
} }
if msg := validateStringLength("title", input.Title, maxTitleLen); msg != "" {
writeError(w, http.StatusBadRequest, msg)
return
}
deadline, err := h.deadlines.Create(tenantID, input) deadline, err := h.deadlines.Create(tenantID, input)
if err != nil { if err != nil {
writeError(w, http.StatusInternalServerError, "failed to create deadline") internalError(w, "failed to create deadline", err)
return return
} }
@@ -97,9 +126,9 @@ func (h *DeadlineHandlers) Create(w http.ResponseWriter, r *http.Request) {
// Update handles PUT /api/deadlines/{deadlineID} // Update handles PUT /api/deadlines/{deadlineID}
func (h *DeadlineHandlers) Update(w http.ResponseWriter, r *http.Request) { func (h *DeadlineHandlers) Update(w http.ResponseWriter, r *http.Request) {
tenantID, err := resolveTenant(r, h.db) tenantID, ok := auth.TenantFromContext(r.Context())
if err != nil { if !ok {
handleTenantError(w, err) writeError(w, http.StatusForbidden, "missing tenant")
return return
} }
@@ -117,7 +146,7 @@ func (h *DeadlineHandlers) Update(w http.ResponseWriter, r *http.Request) {
deadline, err := h.deadlines.Update(tenantID, deadlineID, input) deadline, err := h.deadlines.Update(tenantID, deadlineID, input)
if err != nil { if err != nil {
writeError(w, http.StatusInternalServerError, "failed to update deadline") internalError(w, "failed to update deadline", err)
return return
} }
if deadline == nil { if deadline == nil {
@@ -130,9 +159,9 @@ func (h *DeadlineHandlers) Update(w http.ResponseWriter, r *http.Request) {
// Complete handles PATCH /api/deadlines/{deadlineID}/complete // Complete handles PATCH /api/deadlines/{deadlineID}/complete
func (h *DeadlineHandlers) Complete(w http.ResponseWriter, r *http.Request) { func (h *DeadlineHandlers) Complete(w http.ResponseWriter, r *http.Request) {
tenantID, err := resolveTenant(r, h.db) tenantID, ok := auth.TenantFromContext(r.Context())
if err != nil { if !ok {
handleTenantError(w, err) writeError(w, http.StatusForbidden, "missing tenant")
return return
} }
@@ -144,7 +173,7 @@ func (h *DeadlineHandlers) Complete(w http.ResponseWriter, r *http.Request) {
deadline, err := h.deadlines.Complete(tenantID, deadlineID) deadline, err := h.deadlines.Complete(tenantID, deadlineID)
if err != nil { if err != nil {
writeError(w, http.StatusInternalServerError, "failed to complete deadline") internalError(w, "failed to complete deadline", err)
return return
} }
if deadline == nil { if deadline == nil {
@@ -157,9 +186,9 @@ func (h *DeadlineHandlers) Complete(w http.ResponseWriter, r *http.Request) {
// Delete handles DELETE /api/deadlines/{deadlineID} // Delete handles DELETE /api/deadlines/{deadlineID}
func (h *DeadlineHandlers) Delete(w http.ResponseWriter, r *http.Request) { func (h *DeadlineHandlers) Delete(w http.ResponseWriter, r *http.Request) {
tenantID, err := resolveTenant(r, h.db) tenantID, ok := auth.TenantFromContext(r.Context())
if err != nil { if !ok {
handleTenantError(w, err) writeError(w, http.StatusForbidden, "missing tenant")
return return
} }
@@ -169,9 +198,8 @@ func (h *DeadlineHandlers) Delete(w http.ResponseWriter, r *http.Request) {
return return
} }
err = h.deadlines.Delete(tenantID, deadlineID) if err := h.deadlines.Delete(tenantID, deadlineID); err != nil {
if err != nil { writeError(w, http.StatusNotFound, "deadline not found")
writeError(w, http.StatusNotFound, err.Error())
return return
} }

12
backend/internal/handlers/documents.go
View File

@@ -36,7 +36,7 @@ func (h *DocumentHandler) ListByCase(w http.ResponseWriter, r *http.Request) {
docs, err := h.svc.ListByCase(r.Context(), tenantID, caseID) docs, err := h.svc.ListByCase(r.Context(), tenantID, caseID)
if err != nil { if err != nil {
writeError(w, http.StatusInternalServerError, err.Error()) internalError(w, "failed to list documents", err)
return return
} }
@@ -98,7 +98,7 @@ func (h *DocumentHandler) Upload(w http.ResponseWriter, r *http.Request) {
writeError(w, http.StatusNotFound, "case not found") writeError(w, http.StatusNotFound, "case not found")
return return
} }
writeError(w, http.StatusInternalServerError, err.Error()) internalError(w, "failed to upload document", err)
return return
} }
@@ -121,16 +121,16 @@ func (h *DocumentHandler) Download(w http.ResponseWriter, r *http.Request) {
body, contentType, title, err := h.svc.Download(r.Context(), tenantID, docID) body, contentType, title, err := h.svc.Download(r.Context(), tenantID, docID)
if err != nil { if err != nil {
if err.Error() == "document not found" || err.Error() == "document has no file" { if err.Error() == "document not found" || err.Error() == "document has no file" {
writeError(w, http.StatusNotFound, err.Error()) writeError(w, http.StatusNotFound, "document not found")
return return
} }
writeError(w, http.StatusInternalServerError, err.Error()) internalError(w, "failed to download document", err)
return return
} }
defer body.Close() defer body.Close()
w.Header().Set("Content-Type", contentType) w.Header().Set("Content-Type", contentType)
w.Header().Set("Content-Disposition", fmt.Sprintf(`attachment; filename="%s"`, title)) w.Header().Set("Content-Disposition", fmt.Sprintf(`attachment; filename="%s"`, sanitizeFilename(title)))
io.Copy(w, body) io.Copy(w, body)
} }
@@ -149,7 +149,7 @@ func (h *DocumentHandler) GetMeta(w http.ResponseWriter, r *http.Request) {
doc, err := h.svc.GetByID(r.Context(), tenantID, docID) doc, err := h.svc.GetByID(r.Context(), tenantID, docID)
if err != nil { if err != nil {
writeError(w, http.StatusInternalServerError, err.Error()) internalError(w, "failed to get document metadata", err)
return return
} }
if doc == nil { if doc == nil {

136
backend/internal/handlers/helpers.go
View File

@@ -2,12 +2,12 @@ package handlers
import ( import (
"encoding/json" "encoding/json"
"log/slog"
"net/http" "net/http"
"strings"
"unicode/utf8"
"github.com/google/uuid" "github.com/google/uuid"
"github.com/jmoiron/sqlx"
"mgit.msbls.de/m/KanzlAI-mGMT/internal/auth"
) )
func writeJSON(w http.ResponseWriter, status int, v any) { func writeJSON(w http.ResponseWriter, status int, v any) {
@@ -20,62 +20,9 @@ func writeError(w http.ResponseWriter, status int, msg string) {
writeJSON(w, status, map[string]string{"error": msg}) writeJSON(w, status, map[string]string{"error": msg})
} }
// resolveTenant gets the tenant ID for the authenticated user. // internalError logs the real error and returns a generic message to the client.
// Checks X-Tenant-ID header first, then falls back to user's first tenant. func internalError(w http.ResponseWriter, msg string, err error) {
func resolveTenant(r *http.Request, db *sqlx.DB) (uuid.UUID, error) { slog.Error(msg, "error", err)
userID, ok := auth.UserFromContext(r.Context())
if !ok {
return uuid.Nil, errUnauthorized
}
// Check header first
if headerVal := r.Header.Get("X-Tenant-ID"); headerVal != "" {
tenantID, err := uuid.Parse(headerVal)
if err != nil {
return uuid.Nil, errInvalidTenant
}
// Verify user has access to this tenant
var count int
err = db.Get(&count,
`SELECT COUNT(*) FROM user_tenants WHERE user_id = $1 AND tenant_id = $2`,
userID, tenantID)
if err != nil || count == 0 {
return uuid.Nil, errTenantAccess
}
return tenantID, nil
}
// Fall back to user's first tenant
var tenantID uuid.UUID
err := db.Get(&tenantID,
`SELECT tenant_id FROM user_tenants WHERE user_id = $1 ORDER BY created_at LIMIT 1`,
userID)
if err != nil {
return uuid.Nil, errNoTenant
}
return tenantID, nil
}
type apiError struct {
msg string
status int
}
func (e *apiError) Error() string { return e.msg }
var (
errUnauthorized = &apiError{msg: "unauthorized", status: http.StatusUnauthorized}
errInvalidTenant = &apiError{msg: "invalid tenant ID", status: http.StatusBadRequest}
errTenantAccess = &apiError{msg: "no access to tenant", status: http.StatusForbidden}
errNoTenant = &apiError{msg: "no tenant found for user", status: http.StatusBadRequest}
)
// handleTenantError writes the appropriate error response for tenant resolution errors
func handleTenantError(w http.ResponseWriter, err error) {
if ae, ok := err.(*apiError); ok {
writeError(w, ae.status, ae.msg)
return
}
writeError(w, http.StatusInternalServerError, "internal error") writeError(w, http.StatusInternalServerError, "internal error")
} }
@@ -88,3 +35,74 @@ func parsePathUUID(r *http.Request, key string) (uuid.UUID, error) {
func parseUUID(s string) (uuid.UUID, error) { func parseUUID(s string) (uuid.UUID, error) {
return uuid.Parse(s) return uuid.Parse(s)
} }
// --- Input validation helpers ---
const (
maxTitleLen = 500
maxDescriptionLen = 10000
maxCaseNumberLen = 100
maxSearchLen = 200
maxPaginationLimit = 100
)
// validateStringLength checks if a string exceeds the given max length.
func validateStringLength(field, value string, maxLen int) string {
if utf8.RuneCountInString(value) > maxLen {
return field + " exceeds maximum length"
}
return ""
}
// clampPagination enforces sane pagination defaults and limits.
func clampPagination(limit, offset int) (int, int) {
if limit <= 0 {
limit = 20
}
if limit > maxPaginationLimit {
limit = maxPaginationLimit
}
if offset < 0 {
offset = 0
}
return limit, offset
}
// sanitizeFilename removes characters unsafe for Content-Disposition headers.
func sanitizeFilename(name string) string {
// Remove control characters, quotes, and backslashes
var b strings.Builder
for _, r := range name {
if r < 32 || r == '"' || r == '\\' || r == '/' {
b.WriteRune('_')
} else {
b.WriteRune(r)
}
}
return b.String()
}
// maskSettingsPassword masks the CalDAV password in tenant settings JSON before returning to clients.
func maskSettingsPassword(settings json.RawMessage) json.RawMessage {
if len(settings) == 0 {
return settings
}
var m map[string]json.RawMessage
if err := json.Unmarshal(settings, &m); err != nil {
return settings
}
caldavRaw, ok := m["caldav"]
if !ok {
return settings
}
var caldav map[string]json.RawMessage
if err := json.Unmarshal(caldavRaw, &caldav); err != nil {
return settings
}
if _, ok := caldav["password"]; ok {
caldav["password"], _ = json.Marshal("********")
}
m["caldav"], _ = json.Marshal(caldav)
result, _ := json.Marshal(m)
return result
}

167
backend/internal/handlers/notes.go Normal file
View File

@@ -0,0 +1,167 @@
package handlers
import (
"encoding/json"
"fmt"
"net/http"
"github.com/google/uuid"
"mgit.msbls.de/m/KanzlAI-mGMT/internal/auth"
"mgit.msbls.de/m/KanzlAI-mGMT/internal/services"
)
type NoteHandler struct {
svc *services.NoteService
}
func NewNoteHandler(svc *services.NoteService) *NoteHandler {
return &NoteHandler{svc: svc}
}
// List handles GET /api/notes?{parent_type}_id={id}
func (h *NoteHandler) List(w http.ResponseWriter, r *http.Request) {
tenantID, ok := auth.TenantFromContext(r.Context())
if !ok {
writeError(w, http.StatusUnauthorized, "missing tenant")
return
}
parentType, parentID, err := parseNoteParent(r)
if err != nil {
writeError(w, http.StatusBadRequest, err.Error())
return
}
notes, err := h.svc.ListByParent(r.Context(), tenantID, parentType, parentID)
if err != nil {
writeError(w, http.StatusInternalServerError, "failed to list notes")
return
}
writeJSON(w, http.StatusOK, notes)
}
// Create handles POST /api/notes
func (h *NoteHandler) Create(w http.ResponseWriter, r *http.Request) {
tenantID, ok := auth.TenantFromContext(r.Context())
if !ok {
writeError(w, http.StatusUnauthorized, "missing tenant")
return
}
userID, _ := auth.UserFromContext(r.Context())
var input services.CreateNoteInput
if err := json.NewDecoder(r.Body).Decode(&input); err != nil {
writeError(w, http.StatusBadRequest, "invalid request body")
return
}
if input.Content == "" {
writeError(w, http.StatusBadRequest, "content is required")
return
}
if msg := validateStringLength("content", input.Content, maxDescriptionLen); msg != "" {
writeError(w, http.StatusBadRequest, msg)
return
}
var createdBy *uuid.UUID
if userID != uuid.Nil {
createdBy = &userID
}
note, err := h.svc.Create(r.Context(), tenantID, createdBy, input)
if err != nil {
writeError(w, http.StatusInternalServerError, "failed to create note")
return
}
writeJSON(w, http.StatusCreated, note)
}
// Update handles PUT /api/notes/{id}
func (h *NoteHandler) Update(w http.ResponseWriter, r *http.Request) {
tenantID, ok := auth.TenantFromContext(r.Context())
if !ok {
writeError(w, http.StatusUnauthorized, "missing tenant")
return
}
noteID, err := uuid.Parse(r.PathValue("id"))
if err != nil {
writeError(w, http.StatusBadRequest, "invalid note ID")
return
}
var req struct {
Content string `json:"content"`
}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeError(w, http.StatusBadRequest, "invalid request body")
return
}
if req.Content == "" {
writeError(w, http.StatusBadRequest, "content is required")
return
}
if msg := validateStringLength("content", req.Content, maxDescriptionLen); msg != "" {
writeError(w, http.StatusBadRequest, msg)
return
}
note, err := h.svc.Update(r.Context(), tenantID, noteID, req.Content)
if err != nil {
writeError(w, http.StatusInternalServerError, "failed to update note")
return
}
if note == nil {
writeError(w, http.StatusNotFound, "note not found")
return
}
writeJSON(w, http.StatusOK, note)
}
// Delete handles DELETE /api/notes/{id}
func (h *NoteHandler) Delete(w http.ResponseWriter, r *http.Request) {
tenantID, ok := auth.TenantFromContext(r.Context())
if !ok {
writeError(w, http.StatusUnauthorized, "missing tenant")
return
}
noteID, err := uuid.Parse(r.PathValue("id"))
if err != nil {
writeError(w, http.StatusBadRequest, "invalid note ID")
return
}
if err := h.svc.Delete(r.Context(), tenantID, noteID); err != nil {
writeError(w, http.StatusNotFound, "note not found")
return
}
w.WriteHeader(http.StatusNoContent)
}
// parseNoteParent extracts the parent type and ID from query parameters.
func parseNoteParent(r *http.Request) (string, uuid.UUID, error) {
params := map[string]string{
"case_id": "case",
"deadline_id": "deadline",
"appointment_id": "appointment",
"case_event_id": "case_event",
}
for param, parentType := range params {
if v := r.URL.Query().Get(param); v != "" {
id, err := uuid.Parse(v)
if err != nil {
return "", uuid.Nil, fmt.Errorf("invalid %s", param)
}
return parentType, id, nil
}
}
return "", uuid.Nil, fmt.Errorf("one of case_id, deadline_id, appointment_id, or case_event_id is required")
}

11
backend/internal/handlers/parties.go
View File

@@ -34,7 +34,7 @@ func (h *PartyHandler) List(w http.ResponseWriter, r *http.Request) {
parties, err := h.svc.ListByCase(r.Context(), tenantID, caseID) parties, err := h.svc.ListByCase(r.Context(), tenantID, caseID)
if err != nil { if err != nil {
writeError(w, http.StatusInternalServerError, err.Error()) internalError(w, "failed to list parties", err)
return return
} }
@@ -67,13 +67,18 @@ func (h *PartyHandler) Create(w http.ResponseWriter, r *http.Request) {
return return
} }
if msg := validateStringLength("name", input.Name, maxTitleLen); msg != "" {
writeError(w, http.StatusBadRequest, msg)
return
}
party, err := h.svc.Create(r.Context(), tenantID, caseID, userID, input) party, err := h.svc.Create(r.Context(), tenantID, caseID, userID, input)
if err != nil { if err != nil {
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
writeError(w, http.StatusNotFound, "case not found") writeError(w, http.StatusNotFound, "case not found")
return return
} }
writeError(w, http.StatusInternalServerError, err.Error()) internalError(w, "failed to create party", err)
return return
} }
@@ -101,7 +106,7 @@ func (h *PartyHandler) Update(w http.ResponseWriter, r *http.Request) {
updated, err := h.svc.Update(r.Context(), tenantID, partyID, input) updated, err := h.svc.Update(r.Context(), tenantID, partyID, input)
if err != nil { if err != nil {
writeError(w, http.StatusInternalServerError, err.Error()) internalError(w, "failed to update party", err)
return return
} }
if updated == nil { if updated == nil {

48
backend/internal/handlers/tenant_handler.go
View File

@@ -2,6 +2,7 @@ package handlers
import ( import (
"encoding/json" "encoding/json"
"log/slog"
"net/http" "net/http"
"github.com/google/uuid" "github.com/google/uuid"
@@ -41,7 +42,8 @@ func (h *TenantHandler) CreateTenant(w http.ResponseWriter, r *http.Request) {
tenant, err := h.svc.Create(r.Context(), userID, req.Name, req.Slug) tenant, err := h.svc.Create(r.Context(), userID, req.Name, req.Slug)
if err != nil { if err != nil {
jsonError(w, err.Error(), http.StatusInternalServerError) slog.Error("failed to create tenant", "error", err)
jsonError(w, "internal error", http.StatusInternalServerError)
return return
} }
@@ -58,10 +60,16 @@ func (h *TenantHandler) ListTenants(w http.ResponseWriter, r *http.Request) {
tenants, err := h.svc.ListForUser(r.Context(), userID) tenants, err := h.svc.ListForUser(r.Context(), userID)
if err != nil { if err != nil {
jsonError(w, err.Error(), http.StatusInternalServerError) slog.Error("failed to list tenants", "error", err)
jsonError(w, "internal error", http.StatusInternalServerError)
return return
} }
// Mask CalDAV passwords in tenant settings
for i := range tenants {
tenants[i].Settings = maskSettingsPassword(tenants[i].Settings)
}
jsonResponse(w, tenants, http.StatusOK) jsonResponse(w, tenants, http.StatusOK)
} }
@@ -82,7 +90,8 @@ func (h *TenantHandler) GetTenant(w http.ResponseWriter, r *http.Request) {
// Verify user has access to this tenant // Verify user has access to this tenant
role, err := h.svc.GetUserRole(r.Context(), userID, tenantID) role, err := h.svc.GetUserRole(r.Context(), userID, tenantID)
if err != nil { if err != nil {
jsonError(w, err.Error(), http.StatusInternalServerError) slog.Error("failed to get user role", "error", err)
jsonError(w, "internal error", http.StatusInternalServerError)
return return
} }
if role == "" { if role == "" {
@@ -92,7 +101,8 @@ func (h *TenantHandler) GetTenant(w http.ResponseWriter, r *http.Request) {
tenant, err := h.svc.GetByID(r.Context(), tenantID) tenant, err := h.svc.GetByID(r.Context(), tenantID)
if err != nil { if err != nil {
jsonError(w, err.Error(), http.StatusInternalServerError) slog.Error("failed to get tenant", "error", err)
jsonError(w, "internal error", http.StatusInternalServerError)
return return
} }
if tenant == nil { if tenant == nil {
@@ -100,6 +110,9 @@ func (h *TenantHandler) GetTenant(w http.ResponseWriter, r *http.Request) {
return return
} }
// Mask CalDAV password before returning
tenant.Settings = maskSettingsPassword(tenant.Settings)
jsonResponse(w, tenant, http.StatusOK) jsonResponse(w, tenant, http.StatusOK)
} }
@@ -120,7 +133,8 @@ func (h *TenantHandler) InviteUser(w http.ResponseWriter, r *http.Request) {
// Only owners and admins can invite // Only owners and admins can invite
role, err := h.svc.GetUserRole(r.Context(), userID, tenantID) role, err := h.svc.GetUserRole(r.Context(), userID, tenantID)
if err != nil { if err != nil {
jsonError(w, err.Error(), http.StatusInternalServerError) slog.Error("failed to get user role", "error", err)
jsonError(w, "internal error", http.StatusInternalServerError)
return return
} }
if role != "owner" && role != "admin" { if role != "owner" && role != "admin" {
@@ -150,7 +164,8 @@ func (h *TenantHandler) InviteUser(w http.ResponseWriter, r *http.Request) {
ut, err := h.svc.InviteByEmail(r.Context(), tenantID, req.Email, req.Role) ut, err := h.svc.InviteByEmail(r.Context(), tenantID, req.Email, req.Role)
if err != nil { if err != nil {
jsonError(w, err.Error(), http.StatusBadRequest) // These are user-facing validation errors (user not found, already member)
jsonError(w, "failed to invite user", http.StatusBadRequest)
return return
} }
@@ -180,7 +195,8 @@ func (h *TenantHandler) RemoveMember(w http.ResponseWriter, r *http.Request) {
// Only owners and admins can remove members (or user removing themselves) // Only owners and admins can remove members (or user removing themselves)
role, err := h.svc.GetUserRole(r.Context(), userID, tenantID) role, err := h.svc.GetUserRole(r.Context(), userID, tenantID)
if err != nil { if err != nil {
jsonError(w, err.Error(), http.StatusInternalServerError) slog.Error("failed to get user role", "error", err)
jsonError(w, "internal error", http.StatusInternalServerError)
return return
} }
if role != "owner" && role != "admin" && userID != memberID { if role != "owner" && role != "admin" && userID != memberID {
@@ -189,7 +205,8 @@ func (h *TenantHandler) RemoveMember(w http.ResponseWriter, r *http.Request) {
} }
if err := h.svc.RemoveMember(r.Context(), tenantID, memberID); err != nil { if err := h.svc.RemoveMember(r.Context(), tenantID, memberID); err != nil {
jsonError(w, err.Error(), http.StatusBadRequest) // These are user-facing validation errors (not a member, last owner, etc.)
jsonError(w, "failed to remove member", http.StatusBadRequest)
return return
} }
@@ -213,7 +230,8 @@ func (h *TenantHandler) UpdateSettings(w http.ResponseWriter, r *http.Request) {
// Only owners and admins can update settings // Only owners and admins can update settings
role, err := h.svc.GetUserRole(r.Context(), userID, tenantID) role, err := h.svc.GetUserRole(r.Context(), userID, tenantID)
if err != nil { if err != nil {
jsonError(w, err.Error(), http.StatusInternalServerError) slog.Error("failed to get user role", "error", err)
jsonError(w, "internal error", http.StatusInternalServerError)
return return
} }
if role != "owner" && role != "admin" { if role != "owner" && role != "admin" {
@@ -229,10 +247,14 @@ func (h *TenantHandler) UpdateSettings(w http.ResponseWriter, r *http.Request) {
tenant, err := h.svc.UpdateSettings(r.Context(), tenantID, settings) tenant, err := h.svc.UpdateSettings(r.Context(), tenantID, settings)
if err != nil { if err != nil {
jsonError(w, err.Error(), http.StatusInternalServerError) slog.Error("failed to update settings", "error", err)
jsonError(w, "internal error", http.StatusInternalServerError)
return return
} }
// Mask CalDAV password before returning
tenant.Settings = maskSettingsPassword(tenant.Settings)
jsonResponse(w, tenant, http.StatusOK) jsonResponse(w, tenant, http.StatusOK)
} }
@@ -253,7 +275,8 @@ func (h *TenantHandler) ListMembers(w http.ResponseWriter, r *http.Request) {
// Verify user has access // Verify user has access
role, err := h.svc.GetUserRole(r.Context(), userID, tenantID) role, err := h.svc.GetUserRole(r.Context(), userID, tenantID)
if err != nil { if err != nil {
jsonError(w, err.Error(), http.StatusInternalServerError) slog.Error("failed to get user role", "error", err)
jsonError(w, "internal error", http.StatusInternalServerError)
return return
} }
if role == "" { if role == "" {
@@ -263,7 +286,8 @@ func (h *TenantHandler) ListMembers(w http.ResponseWriter, r *http.Request) {
members, err := h.svc.ListMembers(r.Context(), tenantID) members, err := h.svc.ListMembers(r.Context(), tenantID)
if err != nil { if err != nil {
jsonError(w, err.Error(), http.StatusInternalServerError) slog.Error("failed to list members", "error", err)
jsonError(w, "internal error", http.StatusInternalServerError)
return return
} }

49
backend/internal/middleware/security.go Normal file
View File

@@ -0,0 +1,49 @@
package middleware
import (
"net/http"
"strings"
)
// SecurityHeaders adds standard security headers to all responses.
func SecurityHeaders(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-XSS-Protection", "1; mode=block")
w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
next.ServeHTTP(w, r)
})
}
// CORS returns middleware that restricts cross-origin requests to the given origin.
// If allowedOrigin is empty, CORS headers are not set (same-origin only).
func CORS(allowedOrigin string) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
origin := r.Header.Get("Origin")
if allowedOrigin != "" && origin != "" && matchOrigin(origin, allowedOrigin) {
w.Header().Set("Access-Control-Allow-Origin", allowedOrigin)
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS")
w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Tenant-ID")
w.Header().Set("Access-Control-Max-Age", "86400")
w.Header().Set("Vary", "Origin")
}
// Handle preflight
if r.Method == http.MethodOptions {
w.WriteHeader(http.StatusNoContent)
return
}
next.ServeHTTP(w, r)
})
}
}
// matchOrigin checks if the request origin matches the allowed origin.
func matchOrigin(origin, allowed string) bool {
return strings.EqualFold(strings.TrimRight(origin, "/"), strings.TrimRight(allowed, "/"))
}

20
backend/internal/models/note.go Normal file
View File

@@ -0,0 +1,20 @@
package models
import (
"time"
"github.com/google/uuid"
)
type Note struct {
ID uuid.UUID `db:"id" json:"id"`
TenantID uuid.UUID `db:"tenant_id" json:"tenant_id"`
CaseID *uuid.UUID `db:"case_id" json:"case_id,omitempty"`
DeadlineID *uuid.UUID `db:"deadline_id" json:"deadline_id,omitempty"`
AppointmentID *uuid.UUID `db:"appointment_id" json:"appointment_id,omitempty"`
CaseEventID *uuid.UUID `db:"case_event_id" json:"case_event_id,omitempty"`
Content string `db:"content" json:"content"`
CreatedBy *uuid.UUID `db:"created_by" json:"created_by,omitempty"`
CreatedAt time.Time `db:"created_at" json:"created_at"`
UpdatedAt time.Time `db:"updated_at" json:"updated_at"`
}

29
backend/internal/router/router.go
View File

@@ -34,12 +34,13 @@ func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *se
var aiH *handlers.AIHandler var aiH *handlers.AIHandler
if cfg.AnthropicAPIKey != "" { if cfg.AnthropicAPIKey != "" {
aiSvc := services.NewAIService(cfg.AnthropicAPIKey, db) aiSvc := services.NewAIService(cfg.AnthropicAPIKey, db)
aiH = handlers.NewAIHandler(aiSvc, db) aiH = handlers.NewAIHandler(aiSvc)
} }
// Middleware // Middleware
tenantResolver := auth.NewTenantResolver(tenantSvc) tenantResolver := auth.NewTenantResolver(tenantSvc)
noteSvc := services.NewNoteService(db)
dashboardSvc := services.NewDashboardService(db) dashboardSvc := services.NewDashboardService(db)
// Handlers // Handlers
@@ -47,10 +48,12 @@ func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *se
caseH := handlers.NewCaseHandler(caseSvc) caseH := handlers.NewCaseHandler(caseSvc)
partyH := handlers.NewPartyHandler(partySvc) partyH := handlers.NewPartyHandler(partySvc)
apptH := handlers.NewAppointmentHandler(appointmentSvc) apptH := handlers.NewAppointmentHandler(appointmentSvc)
deadlineH := handlers.NewDeadlineHandlers(deadlineSvc, db) deadlineH := handlers.NewDeadlineHandlers(deadlineSvc)
ruleH := handlers.NewDeadlineRuleHandlers(deadlineRuleSvc) ruleH := handlers.NewDeadlineRuleHandlers(deadlineRuleSvc)
calcH := handlers.NewCalculateHandlers(calculator, deadlineRuleSvc) calcH := handlers.NewCalculateHandlers(calculator, deadlineRuleSvc)
dashboardH := handlers.NewDashboardHandler(dashboardSvc) dashboardH := handlers.NewDashboardHandler(dashboardSvc)
noteH := handlers.NewNoteHandler(noteSvc)
eventH := handlers.NewCaseEventHandler(db)
docH := handlers.NewDocumentHandler(documentSvc) docH := handlers.NewDocumentHandler(documentSvc)
// Public routes // Public routes
@@ -85,6 +88,7 @@ func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *se
scoped.HandleFunc("DELETE /api/parties/{partyId}", partyH.Delete) scoped.HandleFunc("DELETE /api/parties/{partyId}", partyH.Delete)
// Deadlines // Deadlines
scoped.HandleFunc("GET /api/deadlines/{deadlineID}", deadlineH.Get)
scoped.HandleFunc("GET /api/deadlines", deadlineH.ListAll) scoped.HandleFunc("GET /api/deadlines", deadlineH.ListAll)
scoped.HandleFunc("GET /api/cases/{caseID}/deadlines", deadlineH.ListForCase) scoped.HandleFunc("GET /api/cases/{caseID}/deadlines", deadlineH.ListForCase)
scoped.HandleFunc("POST /api/cases/{caseID}/deadlines", deadlineH.Create) scoped.HandleFunc("POST /api/cases/{caseID}/deadlines", deadlineH.Create)
@@ -101,11 +105,21 @@ func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *se
scoped.HandleFunc("POST /api/deadlines/calculate", calcH.Calculate) scoped.HandleFunc("POST /api/deadlines/calculate", calcH.Calculate)
// Appointments // Appointments
scoped.HandleFunc("GET /api/appointments/{id}", apptH.Get)
scoped.HandleFunc("GET /api/appointments", apptH.List) scoped.HandleFunc("GET /api/appointments", apptH.List)
scoped.HandleFunc("POST /api/appointments", apptH.Create) scoped.HandleFunc("POST /api/appointments", apptH.Create)
scoped.HandleFunc("PUT /api/appointments/{id}", apptH.Update) scoped.HandleFunc("PUT /api/appointments/{id}", apptH.Update)
scoped.HandleFunc("DELETE /api/appointments/{id}", apptH.Delete) scoped.HandleFunc("DELETE /api/appointments/{id}", apptH.Delete)
// Case events
scoped.HandleFunc("GET /api/case-events/{id}", eventH.Get)
// Notes
scoped.HandleFunc("GET /api/notes", noteH.List)
scoped.HandleFunc("POST /api/notes", noteH.Create)
scoped.HandleFunc("PUT /api/notes/{id}", noteH.Update)
scoped.HandleFunc("DELETE /api/notes/{id}", noteH.Delete)
// Dashboard // Dashboard
scoped.HandleFunc("GET /api/dashboard", dashboardH.Get) scoped.HandleFunc("GET /api/dashboard", dashboardH.Get)
@@ -135,14 +149,20 @@ func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *se
mux.Handle("/api/", authMW.RequireAuth(api)) mux.Handle("/api/", authMW.RequireAuth(api))
return requestLogger(mux) // Apply security middleware stack: CORS -> Security Headers -> Request Logger -> Routes
var handler http.Handler = mux
handler = requestLogger(handler)
handler = middleware.SecurityHeaders(handler)
handler = middleware.CORS(cfg.FrontendOrigin)(handler)
return handler
} }
func handleHealth(db *sqlx.DB) http.HandlerFunc { func handleHealth(db *sqlx.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
if err := db.Ping(); err != nil { if err := db.Ping(); err != nil {
w.WriteHeader(http.StatusServiceUnavailable) w.WriteHeader(http.StatusServiceUnavailable)
json.NewEncoder(w).Encode(map[string]string{"status": "error", "error": err.Error()}) json.NewEncoder(w).Encode(map[string]string{"status": "error"})
return return
} }
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
@@ -180,4 +200,3 @@ func requestLogger(next http.Handler) http.Handler {
) )
}) })
} }

7
backend/internal/services/dashboard_service.go
View File

@@ -42,6 +42,7 @@ type UpcomingDeadline struct {
ID uuid.UUID `json:"id" db:"id"` ID uuid.UUID `json:"id" db:"id"`
Title string `json:"title" db:"title"` Title string `json:"title" db:"title"`
DueDate string `json:"due_date" db:"due_date"` DueDate string `json:"due_date" db:"due_date"`
CaseID uuid.UUID `json:"case_id" db:"case_id"`
CaseNumber string `json:"case_number" db:"case_number"` CaseNumber string `json:"case_number" db:"case_number"`
CaseTitle string `json:"case_title" db:"case_title"` CaseTitle string `json:"case_title" db:"case_title"`
Status string `json:"status" db:"status"` Status string `json:"status" db:"status"`
@@ -56,8 +57,10 @@ type UpcomingAppointment struct {
} }
type RecentActivity struct { type RecentActivity struct {
ID uuid.UUID `json:"id" db:"id"`
EventType *string `json:"event_type" db:"event_type"` EventType *string `json:"event_type" db:"event_type"`
Title string `json:"title" db:"title"` Title string `json:"title" db:"title"`
CaseID uuid.UUID `json:"case_id" db:"case_id"`
CaseNumber string `json:"case_number" db:"case_number"` CaseNumber string `json:"case_number" db:"case_number"`
EventDate *time.Time `json:"event_date" db:"event_date"` EventDate *time.Time `json:"event_date" db:"event_date"`
} }
@@ -109,7 +112,7 @@ func (s *DashboardService) Get(ctx context.Context, tenantID uuid.UUID) (*Dashbo
// Upcoming deadlines (next 7 days) // Upcoming deadlines (next 7 days)
deadlineQuery := ` deadlineQuery := `
SELECT d.id, d.title, d.due_date, c.case_number, c.title AS case_title, d.status SELECT d.id, d.title, d.due_date, d.case_id, c.case_number, c.title AS case_title, d.status
FROM deadlines d FROM deadlines d
JOIN cases c ON c.id = d.case_id AND c.tenant_id = d.tenant_id JOIN cases c ON c.id = d.case_id AND c.tenant_id = d.tenant_id
WHERE d.tenant_id = $1 AND d.status = 'pending' AND d.due_date >= $2 AND d.due_date <= $3 WHERE d.tenant_id = $1 AND d.status = 'pending' AND d.due_date >= $2 AND d.due_date <= $3
@@ -135,7 +138,7 @@ func (s *DashboardService) Get(ctx context.Context, tenantID uuid.UUID) (*Dashbo
// Recent activity (last 10 case events) // Recent activity (last 10 case events)
activityQuery := ` activityQuery := `
SELECT ce.event_type, ce.title, c.case_number, ce.event_date SELECT ce.id, ce.event_type, ce.title, ce.case_id, c.case_number, ce.event_date
FROM case_events ce FROM case_events ce
JOIN cases c ON c.id = ce.case_id AND c.tenant_id = ce.tenant_id JOIN cases c ON c.id = ce.case_id AND c.tenant_id = ce.tenant_id
WHERE ce.tenant_id = $1 WHERE ce.tenant_id = $1

120
backend/internal/services/note_service.go Normal file
View File

@@ -0,0 +1,120 @@
package services
import (
"context"
"database/sql"
"fmt"
"time"
"github.com/google/uuid"
"github.com/jmoiron/sqlx"
"mgit.msbls.de/m/KanzlAI-mGMT/internal/models"
)
type NoteService struct {
db *sqlx.DB
}
func NewNoteService(db *sqlx.DB) *NoteService {
return &NoteService{db: db}
}
// ListByParent returns all notes for a given parent entity, scoped to tenant.
func (s *NoteService) ListByParent(ctx context.Context, tenantID uuid.UUID, parentType string, parentID uuid.UUID) ([]models.Note, error) {
col, err := parentColumn(parentType)
if err != nil {
return nil, err
}
query := fmt.Sprintf(
`SELECT id, tenant_id, case_id, deadline_id, appointment_id, case_event_id,
content, created_by, created_at, updated_at
FROM notes
WHERE tenant_id = $1 AND %s = $2
ORDER BY created_at DESC`, col)
var notes []models.Note
if err := s.db.SelectContext(ctx, &notes, query, tenantID, parentID); err != nil {
return nil, fmt.Errorf("listing notes by %s: %w", parentType, err)
}
if notes == nil {
notes = []models.Note{}
}
return notes, nil
}
type CreateNoteInput struct {
CaseID *uuid.UUID `json:"case_id,omitempty"`
DeadlineID *uuid.UUID `json:"deadline_id,omitempty"`
AppointmentID *uuid.UUID `json:"appointment_id,omitempty"`
CaseEventID *uuid.UUID `json:"case_event_id,omitempty"`
Content string `json:"content"`
}
// Create inserts a new note.
func (s *NoteService) Create(ctx context.Context, tenantID uuid.UUID, createdBy *uuid.UUID, input CreateNoteInput) (*models.Note, error) {
id := uuid.New()
now := time.Now().UTC()
query := `INSERT INTO notes (id, tenant_id, case_id, deadline_id, appointment_id, case_event_id, content, created_by, created_at, updated_at)
VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $9)
RETURNING id, tenant_id, case_id, deadline_id, appointment_id, case_event_id, content, created_by, created_at, updated_at`
var n models.Note
err := s.db.GetContext(ctx, &n, query,
id, tenantID, input.CaseID, input.DeadlineID, input.AppointmentID, input.CaseEventID,
input.Content, createdBy, now)
if err != nil {
return nil, fmt.Errorf("creating note: %w", err)
}
return &n, nil
}
// Update modifies a note's content.
func (s *NoteService) Update(ctx context.Context, tenantID, noteID uuid.UUID, content string) (*models.Note, error) {
query := `UPDATE notes SET content = $1, updated_at = $2
WHERE id = $3 AND tenant_id = $4
RETURNING id, tenant_id, case_id, deadline_id, appointment_id, case_event_id, content, created_by, created_at, updated_at`
var n models.Note
err := s.db.GetContext(ctx, &n, query, content, time.Now().UTC(), noteID, tenantID)
if err != nil {
if err == sql.ErrNoRows {
return nil, nil
}
return nil, fmt.Errorf("updating note: %w", err)
}
return &n, nil
}
// Delete removes a note.
func (s *NoteService) Delete(ctx context.Context, tenantID, noteID uuid.UUID) error {
result, err := s.db.ExecContext(ctx, "DELETE FROM notes WHERE id = $1 AND tenant_id = $2", noteID, tenantID)
if err != nil {
return fmt.Errorf("deleting note: %w", err)
}
rows, err := result.RowsAffected()
if err != nil {
return fmt.Errorf("checking delete result: %w", err)
}
if rows == 0 {
return fmt.Errorf("note not found")
}
return nil
}
func parentColumn(parentType string) (string, error) {
switch parentType {
case "case":
return "case_id", nil
case "deadline":
return "deadline_id", nil
case "appointment":
return "appointment_id", nil
case "case_event":
return "case_event_id", nil
default:
return "", fmt.Errorf("invalid parent type: %s", parentType)
}
}

13
backend/internal/services/tenant_service.go
View File

@@ -101,6 +101,19 @@ func (s *TenantService) GetUserRole(ctx context.Context, userID, tenantID uuid.U
return role, nil return role, nil
} }
// VerifyAccess checks if a user has access to a given tenant.
func (s *TenantService) VerifyAccess(ctx context.Context, userID, tenantID uuid.UUID) (bool, error) {
var exists bool
err := s.db.GetContext(ctx, &exists,
`SELECT EXISTS(SELECT 1 FROM user_tenants WHERE user_id = $1 AND tenant_id = $2)`,
userID, tenantID,
)
if err != nil {
return false, fmt.Errorf("verify tenant access: %w", err)
}
return exists, nil
}
// FirstTenantForUser returns the user's first tenant (by name), used as default. // FirstTenantForUser returns the user's first tenant (by name), used as default.
func (s *TenantService) FirstTenantForUser(ctx context.Context, userID uuid.UUID) (*uuid.UUID, error) { func (s *TenantService) FirstTenantForUser(ctx context.Context, userID uuid.UUID) (*uuid.UUID, error) {
var tenantID uuid.UUID var tenantID uuid.UUID

0
frontend/.m/spawn.lock Normal file
View File

2
frontend/src/app/(app)/ai/extract/page.tsx
View File

@@ -27,7 +27,7 @@ export default function AIExtractPage() {
queryFn: () => api.get<PaginatedResponse<Case>>("/cases"), queryFn: () => api.get<PaginatedResponse<Case>>("/cases"),
}); });
const cases = casesData?.data ?? []; const cases = Array.isArray(casesData?.data) ? casesData.data : [];
async function handleExtract(file: File | null, text: string) { async function handleExtract(file: File | null, text: string) {
setIsExtracting(true); setIsExtracting(true);

35
frontend/src/app/(app)/cases/[id]/dokumente/page.tsx Normal file
View File

@@ -0,0 +1,35 @@
"use client";
import { useQuery } from "@tanstack/react-query";
import { useParams } from "next/navigation";
import { api } from "@/lib/api";
import type { Document } from "@/lib/types";
import { DocumentList } from "@/components/documents/DocumentList";
import { DocumentUpload } from "@/components/documents/DocumentUpload";
import { Loader2 } from "lucide-react";
export default function DokumentePage() {
const { id } = useParams<{ id: string }>();
const { data, isLoading } = useQuery({
queryKey: ["case-documents", id],
queryFn: () => api.get<Document[]>(`/cases/${id}/documents`),
});
if (isLoading) {
return (
<div className="flex items-center justify-center py-8">
<Loader2 className="h-5 w-5 animate-spin text-neutral-400" />
</div>
);
}
const documents = Array.isArray(data) ? data : [];
return (
<div className="space-y-6">
<DocumentUpload caseId={id} />
<DocumentList documents={documents} caseId={id} />
</div>
);
}

230
frontend/src/app/(app)/cases/[id]/ereignisse/[eventId]/page.tsx Normal file
View File

@@ -0,0 +1,230 @@
"use client";
import { useQuery } from "@tanstack/react-query";
import { useParams } from "next/navigation";
import { api } from "@/lib/api";
import type { CaseEvent, Case } from "@/lib/types";
import { Breadcrumb } from "@/components/layout/Breadcrumb";
import { NotesList } from "@/components/notes/NotesList";
import { Skeleton } from "@/components/ui/Skeleton";
import { format, parseISO } from "date-fns";
import { de } from "date-fns/locale";
import {
AlertTriangle,
FileText,
Scale,
ArrowRightLeft,
Calendar,
MessageSquare,
Gavel,
Info,
} from "lucide-react";
import Link from "next/link";
const EVENT_TYPE_CONFIG: Record<
string,
{ label: string; icon: typeof Info; color: string }
> = {
status_changed: {
label: "Statusaenderung",
icon: ArrowRightLeft,
color: "bg-blue-50 text-blue-700",
},
deadline_created: {
label: "Frist erstellt",
icon: Calendar,
color: "bg-amber-50 text-amber-700",
},
deadline_completed: {
label: "Frist erledigt",
icon: Calendar,
color: "bg-emerald-50 text-emerald-700",
},
document_uploaded: {
label: "Dokument hochgeladen",
icon: FileText,
color: "bg-violet-50 text-violet-700",
},
hearing_scheduled: {
label: "Verhandlung angesetzt",
icon: Gavel,
color: "bg-rose-50 text-rose-700",
},
note_added: {
label: "Notiz hinzugefuegt",
icon: MessageSquare,
color: "bg-neutral-100 text-neutral-700",
},
case_created: {
label: "Akte erstellt",
icon: Scale,
color: "bg-emerald-50 text-emerald-700",
},
};
const DEFAULT_EVENT_CONFIG = {
label: "Ereignis",
icon: Info,
color: "bg-neutral-100 text-neutral-600",
};
function DetailSkeleton() {
return (
<div>
<Skeleton className="h-4 w-64" />
<div className="mt-6 space-y-4">
<Skeleton className="h-8 w-48" />
<Skeleton className="h-4 w-32" />
<Skeleton className="h-32 rounded-lg" />
<Skeleton className="h-48 rounded-lg" />
</div>
</div>
);
}
export default function CaseEventDetailPage() {
const { id: caseId, eventId } = useParams<{
id: string;
eventId: string;
}>();
const { data: caseData } = useQuery({
queryKey: ["case", caseId],
queryFn: () => api.get<Case>(`/cases/${caseId}`),
});
const {
data: event,
isLoading,
error,
} = useQuery({
queryKey: ["case-event", eventId],
queryFn: () => api.get<CaseEvent>(`/case-events/${eventId}`),
});
if (isLoading) return <DetailSkeleton />;
if (error || !event) {
return (
<div className="py-12 text-center">
<div className="mx-auto mb-3 w-fit rounded-xl bg-red-50 p-3">
<AlertTriangle className="h-6 w-6 text-red-500" />
</div>
<p className="text-sm font-medium text-neutral-900">
Ereignis nicht gefunden
</p>
<p className="mt-1 text-sm text-neutral-500">
Das Ereignis existiert nicht oder Sie haben keine Berechtigung.
</p>
<Link
href={`/cases/${caseId}`}
className="mt-4 inline-block text-sm text-neutral-500 transition-colors hover:text-neutral-700"
>
Zurueck zur Akte
</Link>
</div>
);
}
const typeConfig =
EVENT_TYPE_CONFIG[event.event_type ?? ""] ?? DEFAULT_EVENT_CONFIG;
const TypeIcon = typeConfig.icon;
return (
<div className="animate-fade-in">
<Breadcrumb
items={[
{ label: "Dashboard", href: "/dashboard" },
{ label: "Akten", href: "/cases" },
{
label: caseData?.case_number
? `Az. ${caseData.case_number}`
: "Akte",
href: `/cases/${caseId}`,
},
{ label: "Verlauf", href: `/cases/${caseId}` },
{ label: event.title },
]}
/>
{/* Header */}
<div className="flex flex-wrap items-center gap-3">
<div className={`rounded-lg p-2 ${typeConfig.color}`}>
<TypeIcon className="h-5 w-5" />
</div>
<div>
<h1 className="text-lg font-semibold text-neutral-900">
{event.title}
</h1>
<p className="text-sm text-neutral-500">
{event.event_date
? format(parseISO(event.event_date), "d. MMMM yyyy, HH:mm", {
locale: de,
})
: format(parseISO(event.created_at), "d. MMMM yyyy, HH:mm", {
locale: de,
})}
</p>
</div>
</div>
{/* Description */}
{event.description && (
<div className="mt-4 rounded-lg border border-neutral-200 bg-white px-4 py-3">
<p className="text-xs font-medium uppercase tracking-wide text-neutral-400">
Beschreibung
</p>
<p className="mt-1 whitespace-pre-wrap text-sm text-neutral-700">
{event.description}
</p>
</div>
)}
{/* Metadata */}
<div className="mt-3 rounded-lg border border-neutral-200 bg-white px-4 py-3">
<p className="text-xs font-medium uppercase tracking-wide text-neutral-400">
Metadaten
</p>
<dl className="mt-2 space-y-1.5">
<div className="flex gap-2 text-sm">
<dt className="text-neutral-500">Typ:</dt>
<dd>
<span
className={`inline-block rounded-full px-2 py-0.5 text-xs font-medium ${typeConfig.color}`}
>
{typeConfig.label}
</span>
</dd>
</div>
{event.created_by && (
<div className="flex gap-2 text-sm">
<dt className="text-neutral-500">Erstellt von:</dt>
<dd className="text-neutral-900">{event.created_by}</dd>
</div>
)}
<div className="flex gap-2 text-sm">
<dt className="text-neutral-500">Erstellt am:</dt>
<dd className="text-neutral-900">
{format(parseISO(event.created_at), "d. MMMM yyyy, HH:mm", {
locale: de,
})}
</dd>
</div>
{event.metadata &&
Object.keys(event.metadata).length > 0 &&
Object.entries(event.metadata).map(([key, value]) => (
<div key={key} className="flex gap-2 text-sm">
<dt className="text-neutral-500">{key}:</dt>
<dd className="text-neutral-900">{String(value)}</dd>
</div>
))}
</dl>
</div>
{/* Notes */}
<div className="mt-6">
<NotesList parentType="case_event" parentId={eventId} />
</div>
</div>
);
}

86
frontend/src/app/(app)/cases/[id]/fristen/page.tsx Normal file
View File

@@ -0,0 +1,86 @@
"use client";
import { useQuery } from "@tanstack/react-query";
import { useParams } from "next/navigation";
import { api } from "@/lib/api";
import type { Deadline } from "@/lib/types";
import { format } from "date-fns";
import { de } from "date-fns/locale";
import { Clock, Loader2 } from "lucide-react";
const DEADLINE_STATUS: Record<string, string> = {
pending: "bg-amber-50 text-amber-700",
completed: "bg-emerald-50 text-emerald-700",
overdue: "bg-red-50 text-red-700",
};
const DEADLINE_STATUS_LABEL: Record<string, string> = {
pending: "Offen",
completed: "Erledigt",
overdue: "Ueberfaellig",
};
export default function FristenPage() {
const { id } = useParams<{ id: string }>();
const { data, isLoading } = useQuery({
queryKey: ["case-deadlines", id],
queryFn: () =>
api.get<{ deadlines: Deadline[]; total: number }>(
`/deadlines?case_id=${id}`,
),
});
if (isLoading) {
return (
<div className="flex items-center justify-center py-8">
<Loader2 className="h-5 w-5 animate-spin text-neutral-400" />
</div>
);
}
const deadlines = Array.isArray(data?.deadlines) ? data.deadlines : [];
if (deadlines.length === 0) {
return (
<div className="flex flex-col items-center py-8 text-center">
<div className="rounded-xl bg-neutral-100 p-3">
<Clock className="h-5 w-5 text-neutral-400" />
</div>
<p className="mt-2 text-sm text-neutral-500">
Keine Fristen vorhanden.
</p>
</div>
);
}
return (
<div className="space-y-2">
{deadlines.map((d) => (
<div
key={d.id}
className="flex flex-col gap-2 rounded-md border border-neutral-200 bg-white px-4 py-3 sm:flex-row sm:items-center sm:justify-between"
>
<div>
<p className="text-sm font-medium text-neutral-900">{d.title}</p>
{d.description && (
<p className="mt-0.5 text-sm text-neutral-500">
{d.description}
</p>
)}
</div>
<div className="flex items-center gap-3">
<span
className={`rounded-full px-2 py-0.5 text-xs font-medium ${DEADLINE_STATUS[d.status] ?? "bg-neutral-100 text-neutral-500"}`}
>
{DEADLINE_STATUS_LABEL[d.status] ?? d.status}
</span>
<span className="whitespace-nowrap text-sm text-neutral-500">
{format(new Date(d.due_date), "d. MMM yyyy", { locale: de })}
</span>
</div>
</div>
))}
</div>
);
}

226
frontend/src/app/(app)/cases/[id]/layout.tsx Normal file
View File

@@ -0,0 +1,226 @@
"use client";
import { useQuery } from "@tanstack/react-query";
import { useParams, usePathname } from "next/navigation";
import Link from "next/link";
import { api } from "@/lib/api";
import type { Case } from "@/lib/types";
import { Breadcrumb } from "@/components/layout/Breadcrumb";
import { Skeleton } from "@/components/ui/Skeleton";
import {
ArrowLeft,
Activity,
Clock,
FileText,
Users,
StickyNote,
AlertTriangle,
} from "lucide-react";
import { format } from "date-fns";
import { de } from "date-fns/locale";
interface CaseDetail extends Case {
parties: unknown[];
deadlines_count: number;
}
const STATUS_BADGE: Record<string, string> = {
active: "bg-emerald-50 text-emerald-700",
pending: "bg-amber-50 text-amber-700",
closed: "bg-neutral-100 text-neutral-600",
archived: "bg-neutral-100 text-neutral-400",
};
const STATUS_LABEL: Record<string, string> = {
active: "Aktiv",
pending: "Anhaengig",
closed: "Geschlossen",
archived: "Archiviert",
};
const TABS = [
{ segment: "verlauf", label: "Verlauf", icon: Activity },
{ segment: "fristen", label: "Fristen", icon: Clock },
{ segment: "dokumente", label: "Dokumente", icon: FileText },
{ segment: "parteien", label: "Parteien", icon: Users },
{ segment: "notizen", label: "Notizen", icon: StickyNote },
] as const;
const TAB_LABELS: Record<string, string> = {
verlauf: "Verlauf",
fristen: "Fristen",
dokumente: "Dokumente",
parteien: "Parteien",
notizen: "Notizen",
};
function CaseDetailSkeleton() {
return (
<div>
<Skeleton className="h-4 w-28" />
<div className="mt-4 flex items-start justify-between">
<div>
<Skeleton className="h-6 w-48" />
<Skeleton className="mt-2 h-4 w-64" />
</div>
<div className="space-y-1">
<Skeleton className="h-3 w-24" />
<Skeleton className="h-3 w-24" />
</div>
</div>
<div className="mt-6 flex gap-4 border-b border-neutral-200 pb-2.5">
{[1, 2, 3, 4, 5].map((i) => (
<Skeleton key={i} className="h-4 w-20" />
))}
</div>
<div className="mt-6 space-y-3">
{[1, 2, 3].map((i) => (
<Skeleton key={i} className="h-14 rounded-md" />
))}
</div>
</div>
);
}
export default function CaseDetailLayout({
children,
}: {
children: React.ReactNode;
}) {
const { id } = useParams<{ id: string }>();
const pathname = usePathname();
const {
data: caseDetail,
isLoading,
error,
} = useQuery({
queryKey: ["case", id],
queryFn: () => api.get<CaseDetail>(`/cases/${id}`),
});
// Determine active tab from pathname
const segments = pathname.split("/");
const activeSegment = segments[segments.length - 1] || "verlauf";
const activeTabLabel = TAB_LABELS[activeSegment];
if (isLoading) {
return <CaseDetailSkeleton />;
}
if (error || !caseDetail) {
return (
<div className="py-12 text-center">
<div className="mx-auto mb-3 w-fit rounded-xl bg-red-50 p-3">
<AlertTriangle className="h-6 w-6 text-red-500" />
</div>
<p className="text-sm font-medium text-neutral-900">
Akte nicht gefunden
</p>
<p className="mt-1 text-sm text-neutral-500">
Die Akte existiert nicht oder Sie haben keine Berechtigung.
</p>
<Link
href="/cases"
className="mt-4 inline-flex items-center gap-1 text-sm text-neutral-500 transition-colors hover:text-neutral-700"
>
<ArrowLeft className="h-3.5 w-3.5" />
Zurueck zu Akten
</Link>
</div>
);
}
const breadcrumbItems = [
{ label: "Dashboard", href: "/dashboard" },
{ label: "Akten", href: "/cases" },
{ label: caseDetail.case_number, href: `/cases/${id}/verlauf` },
...(activeTabLabel ? [{ label: activeTabLabel }] : []),
];
const partiesCount = Array.isArray(caseDetail.parties)
? caseDetail.parties.length
: 0;
return (
<div className="animate-fade-in">
<Breadcrumb items={breadcrumbItems} />
<div className="mt-4 flex flex-col gap-3 sm:flex-row sm:items-start sm:justify-between">
<div>
<div className="flex flex-wrap items-center gap-3">
<h1 className="text-lg font-semibold text-neutral-900">
{caseDetail.title}
</h1>
<span
className={`inline-block rounded-full px-2 py-0.5 text-xs font-medium ${STATUS_BADGE[caseDetail.status] ?? "bg-neutral-100 text-neutral-500"}`}
>
{STATUS_LABEL[caseDetail.status] ?? caseDetail.status}
</span>
</div>
<div className="mt-1 flex flex-wrap gap-x-4 gap-y-1 text-sm text-neutral-500">
<span>Az. {caseDetail.case_number}</span>
{caseDetail.case_type && <span>{caseDetail.case_type}</span>}
{caseDetail.court && <span>{caseDetail.court}</span>}
{caseDetail.court_ref && <span>({caseDetail.court_ref})</span>}
</div>
</div>
<div className="text-right text-xs text-neutral-400">
<p>
Erstellt:{" "}
{format(new Date(caseDetail.created_at), "d. MMM yyyy", {
locale: de,
})}
</p>
<p>
Aktualisiert:{" "}
{format(new Date(caseDetail.updated_at), "d. MMM yyyy", {
locale: de,
})}
</p>
</div>
</div>
{caseDetail.ai_summary && (
<div className="mt-4 rounded-md border border-blue-100 bg-blue-50 px-4 py-3 text-sm text-blue-800">
{caseDetail.ai_summary}
</div>
)}
<div className="mt-6 border-b border-neutral-200">
<nav className="-mb-px flex gap-1 overflow-x-auto sm:gap-4">
{TABS.map((tab) => {
const isActive = activeSegment === tab.segment;
return (
<Link
key={tab.segment}
href={`/cases/${id}/${tab.segment}`}
className={`inline-flex shrink-0 items-center gap-1.5 border-b-2 px-1 pb-2.5 text-sm font-medium transition-colors ${
isActive
? "border-neutral-900 text-neutral-900"
: "border-transparent text-neutral-400 hover:text-neutral-600"
}`}
>
<tab.icon className="h-4 w-4" />
{tab.label}
{tab.segment === "fristen" &&
caseDetail.deadlines_count > 0 && (
<span className="ml-1 rounded-full bg-neutral-100 px-1.5 py-0.5 text-xs text-neutral-500">
{caseDetail.deadlines_count}
</span>
)}
{tab.segment === "parteien" && partiesCount > 0 && (
<span className="ml-1 rounded-full bg-neutral-100 px-1.5 py-0.5 text-xs text-neutral-500">
{partiesCount}
</span>
)}
</Link>
);
})}
</nav>
</div>
<div className="mt-6">{children}</div>
</div>
);
}

10
frontend/src/app/(app)/cases/[id]/notizen/page.tsx Normal file
View File

@@ -0,0 +1,10 @@
"use client";
import { useParams } from "next/navigation";
import { NotesList } from "@/components/notes/NotesList";
export default function NotizenPage() {
const { id } = useParams<{ id: string }>();
return <NotesList parentType="case" parentId={id} />;
}

347
frontend/src/app/(app)/cases/[id]/page.tsx
View File

@@ -1,341 +1,10 @@
"use client"; import { redirect } from "next/navigation";
import { useQuery } from "@tanstack/react-query"; export default async function CaseDetailPage({
import { useParams } from "next/navigation"; params,
import { api } from "@/lib/api"; }: {
import type { Case, CaseEvent, Party, Deadline, Document } from "@/lib/types"; params: Promise<{ id: string }>;
import { CaseTimeline } from "@/components/cases/CaseTimeline"; }) {
import { PartyList } from "@/components/cases/PartyList"; const { id } = await params;
import { redirect(`/cases/${id}/verlauf`);
ArrowLeft,
Clock,
FileText,
Users,
Activity,
AlertTriangle,
} from "lucide-react";
import { format } from "date-fns";
import { de } from "date-fns/locale";
import Link from "next/link";
import { useState } from "react";
import { Skeleton } from "@/components/ui/Skeleton";
interface CaseDetail extends Case {
parties: Party[];
recent_events: CaseEvent[];
deadlines_count: number;
}
const STATUS_BADGE: Record<string, string> = {
active: "bg-emerald-50 text-emerald-700",
pending: "bg-amber-50 text-amber-700",
closed: "bg-neutral-100 text-neutral-600",
archived: "bg-neutral-100 text-neutral-400",
};
const STATUS_LABEL: Record<string, string> = {
active: "Aktiv",
pending: "Anhängig",
closed: "Geschlossen",
archived: "Archiviert",
};
const TABS = [
{ key: "timeline", label: "Verlauf", icon: Activity },
{ key: "deadlines", label: "Fristen", icon: Clock },
{ key: "documents", label: "Dokumente", icon: FileText },
{ key: "parties", label: "Parteien", icon: Users },
] as const;
type TabKey = (typeof TABS)[number]["key"];
function CaseDetailSkeleton() {
return (
<div>
<Skeleton className="h-4 w-28" />
<div className="mt-4 flex items-start justify-between">
<div>
<Skeleton className="h-6 w-48" />
<Skeleton className="mt-2 h-4 w-64" />
</div>
<div className="space-y-1">
<Skeleton className="h-3 w-24" />
<Skeleton className="h-3 w-24" />
</div>
</div>
<div className="mt-6 flex gap-4 border-b border-neutral-200 pb-2.5">
{[1, 2, 3, 4].map((i) => (
<Skeleton key={i} className="h-4 w-20" />
))}
</div>
<div className="mt-6 space-y-3">
{[1, 2, 3].map((i) => (
<Skeleton key={i} className="h-14 rounded-md" />
))}
</div>
</div>
);
}
export default function CaseDetailPage() {
const { id } = useParams<{ id: string }>();
const [activeTab, setActiveTab] = useState<TabKey>("timeline");
const {
data: caseDetail,
isLoading,
error,
} = useQuery({
queryKey: ["case", id],
queryFn: () => api.get<CaseDetail>(`/cases/${id}`),
});
const { data: deadlinesData } = useQuery({
queryKey: ["case-deadlines", id],
queryFn: () =>
api.get<{ deadlines: Deadline[]; total: number }>(
`/deadlines?case_id=${id}`,
),
enabled: activeTab === "deadlines",
});
const { data: documentsData } = useQuery({
queryKey: ["case-documents", id],
queryFn: () => api.get<Document[]>(`/cases/${id}/documents`),
enabled: activeTab === "documents",
});
if (isLoading) {
return <CaseDetailSkeleton />;
}
if (error || !caseDetail) {
return (
<div className="py-12 text-center">
<div className="mx-auto mb-3 w-fit rounded-xl bg-red-50 p-3">
<AlertTriangle className="h-6 w-6 text-red-500" />
</div>
<p className="text-sm font-medium text-neutral-900">
Akte nicht gefunden
</p>
<p className="mt-1 text-sm text-neutral-500">
Die Akte existiert nicht oder Sie haben keine Berechtigung.
</p>
<Link
href="/cases"
className="mt-4 inline-flex items-center gap-1 text-sm text-neutral-500 transition-colors hover:text-neutral-700"
>
<ArrowLeft className="h-3.5 w-3.5" />
Zurück zu Akten
</Link>
</div>
);
}
const deadlines = deadlinesData?.deadlines ?? [];
const documents = documentsData ?? [];
return (
<div className="animate-fade-in">
<Link
href="/cases"
className="mb-4 inline-flex items-center gap-1 text-sm text-neutral-500 transition-colors hover:text-neutral-700"
>
<ArrowLeft className="h-3.5 w-3.5" />
Zurück zu Akten
</Link>
<div className="flex flex-col gap-3 sm:flex-row sm:items-start sm:justify-between">
<div>
<div className="flex flex-wrap items-center gap-3">
<h1 className="text-lg font-semibold text-neutral-900">
{caseDetail.title}
</h1>
<span
className={`inline-block rounded-full px-2 py-0.5 text-xs font-medium ${STATUS_BADGE[caseDetail.status] ?? "bg-neutral-100 text-neutral-500"}`}
>
{STATUS_LABEL[caseDetail.status] ?? caseDetail.status}
</span>
</div>
<div className="mt-1 flex flex-wrap gap-x-4 gap-y-1 text-sm text-neutral-500">
<span>Az. {caseDetail.case_number}</span>
{caseDetail.case_type && <span>{caseDetail.case_type}</span>}
{caseDetail.court && <span>{caseDetail.court}</span>}
{caseDetail.court_ref && <span>({caseDetail.court_ref})</span>}
</div>
</div>
<div className="text-right text-xs text-neutral-400">
<p>
Erstellt:{" "}
{format(new Date(caseDetail.created_at), "d. MMM yyyy", {
locale: de,
})}
</p>
<p>
Aktualisiert:{" "}
{format(new Date(caseDetail.updated_at), "d. MMM yyyy", {
locale: de,
})}
</p>
</div>
</div>
{caseDetail.ai_summary && (
<div className="mt-4 rounded-md border border-blue-100 bg-blue-50 px-4 py-3 text-sm text-blue-800">
{caseDetail.ai_summary}
</div>
)}
<div className="mt-6 border-b border-neutral-200">
<nav className="-mb-px flex gap-1 overflow-x-auto sm:gap-4">
{TABS.map((tab) => (
<button
key={tab.key}
onClick={() => setActiveTab(tab.key)}
className={`inline-flex shrink-0 items-center gap-1.5 border-b-2 px-1 pb-2.5 text-sm font-medium transition-colors ${
activeTab === tab.key
? "border-neutral-900 text-neutral-900"
: "border-transparent text-neutral-400 hover:text-neutral-600"
}`}
>
<tab.icon className="h-4 w-4" />
{tab.label}
{tab.key === "deadlines" && caseDetail.deadlines_count > 0 && (
<span className="ml-1 rounded-full bg-neutral-100 px-1.5 py-0.5 text-xs text-neutral-500">
{caseDetail.deadlines_count}
</span>
)}
{tab.key === "parties" && caseDetail.parties.length > 0 && (
<span className="ml-1 rounded-full bg-neutral-100 px-1.5 py-0.5 text-xs text-neutral-500">
{caseDetail.parties.length}
</span>
)}
</button>
))}
</nav>
</div>
<div className="mt-6">
{activeTab === "timeline" && (
<CaseTimeline events={caseDetail.recent_events ?? []} />
)}
{activeTab === "deadlines" && (
<DeadlinesList deadlines={deadlines} />
)}
{activeTab === "documents" && (
<DocumentsList documents={documents} />
)}
{activeTab === "parties" && (
<PartyList caseId={id} parties={caseDetail.parties ?? []} />
)}
</div>
</div>
);
}
function DeadlinesList({ deadlines }: { deadlines: Deadline[] }) {
if (deadlines.length === 0) {
return (
<div className="flex flex-col items-center py-8 text-center">
<div className="rounded-xl bg-neutral-100 p-3">
<Clock className="h-5 w-5 text-neutral-400" />
</div>
<p className="mt-2 text-sm text-neutral-500">
Keine Fristen vorhanden.
</p>
</div>
);
}
const DEADLINE_STATUS: Record<string, string> = {
pending: "bg-amber-50 text-amber-700",
completed: "bg-emerald-50 text-emerald-700",
overdue: "bg-red-50 text-red-700",
};
const DEADLINE_STATUS_LABEL: Record<string, string> = {
pending: "Offen",
completed: "Erledigt",
overdue: "Überfällig",
};
return (
<div className="space-y-2">
{deadlines.map((d) => (
<div
key={d.id}
className="flex flex-col gap-2 rounded-md border border-neutral-200 bg-white px-4 py-3 sm:flex-row sm:items-center sm:justify-between"
>
<div>
<p className="text-sm font-medium text-neutral-900">{d.title}</p>
{d.description && (
<p className="mt-0.5 text-sm text-neutral-500">
{d.description}
</p>
)}
</div>
<div className="flex items-center gap-3">
<span
className={`rounded-full px-2 py-0.5 text-xs font-medium ${DEADLINE_STATUS[d.status] ?? "bg-neutral-100 text-neutral-500"}`}
>
{DEADLINE_STATUS_LABEL[d.status] ?? d.status}
</span>
<span className="whitespace-nowrap text-sm text-neutral-500">
{format(new Date(d.due_date), "d. MMM yyyy", { locale: de })}
</span>
</div>
</div>
))}
</div>
);
}
function DocumentsList({ documents }: { documents: Document[] }) {
if (documents.length === 0) {
return (
<div className="flex flex-col items-center py-8 text-center">
<div className="rounded-xl bg-neutral-100 p-3">
<FileText className="h-5 w-5 text-neutral-400" />
</div>
<p className="mt-2 text-sm text-neutral-500">
Keine Dokumente vorhanden.
</p>
</div>
);
}
return (
<div className="space-y-2">
{documents.map((doc) => (
<div
key={doc.id}
className="flex items-center justify-between rounded-md border border-neutral-200 bg-white px-4 py-3"
>
<div className="flex items-center gap-3">
<FileText className="h-4 w-4 text-neutral-400" />
<div>
<p className="text-sm font-medium text-neutral-900">
{doc.title}
</p>
<div className="flex gap-2 text-xs text-neutral-400">
{doc.doc_type && <span>{doc.doc_type}</span>}
{doc.file_size && (
<span>{(doc.file_size / 1024).toFixed(0)} KB</span>
)}
</div>
</div>
</div>
<a
href={`/api/documents/${doc.id}`}
className="text-sm text-neutral-500 transition-colors hover:text-neutral-700"
>
Herunterladen
</a>
</div>
))}
</div>
);
} }

35
frontend/src/app/(app)/cases/[id]/parteien/page.tsx Normal file
View File

@@ -0,0 +1,35 @@
"use client";
import { useQuery } from "@tanstack/react-query";
import { useParams } from "next/navigation";
import { api } from "@/lib/api";
import type { Case, Party } from "@/lib/types";
import { PartyList } from "@/components/cases/PartyList";
import { Loader2 } from "lucide-react";
interface CaseDetail extends Case {
parties: Party[];
}
export default function ParteienPage() {
const { id } = useParams<{ id: string }>();
const { data: caseDetail, isLoading } = useQuery({
queryKey: ["case", id],
queryFn: () => api.get<CaseDetail>(`/cases/${id}`),
});
if (isLoading) {
return (
<div className="flex items-center justify-center py-8">
<Loader2 className="h-5 w-5 animate-spin text-neutral-400" />
</div>
);
}
const parties = Array.isArray(caseDetail?.parties)
? caseDetail.parties
: [];
return <PartyList caseId={id} parties={parties} />;
}

35
frontend/src/app/(app)/cases/[id]/verlauf/page.tsx Normal file
View File

@@ -0,0 +1,35 @@
"use client";
import { useQuery } from "@tanstack/react-query";
import { useParams } from "next/navigation";
import { api } from "@/lib/api";
import type { Case, CaseEvent } from "@/lib/types";
import { CaseTimeline } from "@/components/cases/CaseTimeline";
import { Loader2 } from "lucide-react";
interface CaseDetail extends Case {
recent_events: CaseEvent[];
}
export default function VerlaufPage() {
const { id } = useParams<{ id: string }>();
const { data: caseDetail, isLoading } = useQuery({
queryKey: ["case", id],
queryFn: () => api.get<CaseDetail>(`/cases/${id}`),
});
if (isLoading) {
return (
<div className="flex items-center justify-center py-8">
<Loader2 className="h-5 w-5 animate-spin text-neutral-400" />
</div>
);
}
const events = Array.isArray(caseDetail?.recent_events)
? caseDetail.recent_events
: [];
return <CaseTimeline events={events} />;
}

9
frontend/src/app/(app)/cases/page.tsx
View File

@@ -5,6 +5,7 @@ import { api } from "@/lib/api";
import type { Case } from "@/lib/types"; import type { Case } from "@/lib/types";
import Link from "next/link"; import Link from "next/link";
import { useSearchParams, useRouter } from "next/navigation"; import { useSearchParams, useRouter } from "next/navigation";
import { Breadcrumb } from "@/components/layout/Breadcrumb";
import { Plus, Search, FolderOpen } from "lucide-react"; import { Plus, Search, FolderOpen } from "lucide-react";
import { useState } from "react"; import { useState } from "react";
import { SkeletonTable } from "@/components/ui/Skeleton"; import { SkeletonTable } from "@/components/ui/Skeleton";
@@ -68,10 +69,16 @@ export default function CasesPage() {
}, },
}); });
const cases = data?.cases ?? []; const cases = Array.isArray(data?.cases) ? data.cases : [];
return ( return (
<div className="animate-fade-in"> <div className="animate-fade-in">
<Breadcrumb
items={[
{ label: "Dashboard", href: "/dashboard" },
{ label: "Akten" },
]}
/>
<div className="flex flex-col gap-3 sm:flex-row sm:items-center sm:justify-between"> <div className="flex flex-col gap-3 sm:flex-row sm:items-center sm:justify-between">
<div> <div>
<h1 className="text-lg font-semibold text-neutral-900">Akten</h1> <h1 className="text-lg font-semibold text-neutral-900">Akten</h1>

19
frontend/src/app/(app)/dashboard/page.tsx
View File

@@ -8,6 +8,8 @@ import { CaseOverviewGrid } from "@/components/dashboard/CaseOverviewGrid";
import { UpcomingTimeline } from "@/components/dashboard/UpcomingTimeline"; import { UpcomingTimeline } from "@/components/dashboard/UpcomingTimeline";
import { AISummaryCard } from "@/components/dashboard/AISummaryCard"; import { AISummaryCard } from "@/components/dashboard/AISummaryCard";
import { QuickActions } from "@/components/dashboard/QuickActions"; import { QuickActions } from "@/components/dashboard/QuickActions";
import { RecentActivityList } from "@/components/dashboard/RecentActivityList";
import { Breadcrumb } from "@/components/layout/Breadcrumb";
import { Skeleton, SkeletonCard } from "@/components/ui/Skeleton"; import { Skeleton, SkeletonCard } from "@/components/ui/Skeleton";
import { AlertTriangle, RefreshCw } from "lucide-react"; import { AlertTriangle, RefreshCw } from "lucide-react";
@@ -71,30 +73,37 @@ export default function DashboardPage() {
); );
} }
const recentActivity = Array.isArray(data.recent_activity) ? data.recent_activity : [];
return ( return (
<div className="animate-fade-in mx-auto max-w-6xl space-y-6"> <div className="animate-fade-in mx-auto max-w-6xl space-y-6">
<div> <div>
<Breadcrumb items={[{ label: "Dashboard" }]} />
<h1 className="text-lg font-semibold text-neutral-900">Dashboard</h1> <h1 className="text-lg font-semibold text-neutral-900">Dashboard</h1>
<p className="mt-0.5 text-sm text-neutral-500"> <p className="mt-0.5 text-sm text-neutral-500">
Fristenübersicht und Kanzlei-Status Fristenübersicht und Kanzlei-Status
</p> </p>
</div> </div>
<DeadlineTrafficLights data={data.deadline_summary} /> <DeadlineTrafficLights data={data.deadline_summary ?? { overdue_count: 0, due_this_week: 0, due_next_week: 0, ok_count: 0 }} />
<div className="grid grid-cols-1 gap-6 lg:grid-cols-3"> <div className="grid grid-cols-1 gap-6 lg:grid-cols-3">
<div className="lg:col-span-2"> <div className="lg:col-span-2">
<UpcomingTimeline <UpcomingTimeline
deadlines={data.upcoming_deadlines} deadlines={Array.isArray(data.upcoming_deadlines) ? data.upcoming_deadlines : []}
appointments={data.upcoming_appointments} appointments={Array.isArray(data.upcoming_appointments) ? data.upcoming_appointments : []}
/> />
</div> </div>
<div className="space-y-6"> <div className="space-y-6">
<CaseOverviewGrid data={data.case_summary} /> <CaseOverviewGrid data={data.case_summary ?? { active_count: 0, new_this_month: 0, closed_count: 0 }} />
<AISummaryCard data={data} /> <AISummaryCard data={data} onRefresh={() => refetch()} />
<QuickActions /> <QuickActions />
</div> </div>
</div> </div>
{recentActivity.length > 0 && (
<RecentActivityList activities={recentActivity} />
)}
</div> </div>
); );
} }

2
frontend/src/app/(app)/einstellungen/page.tsx
View File

@@ -22,7 +22,7 @@ export default function EinstellungenPage() {
refetch, refetch,
} = useQuery({ } = useQuery({
queryKey: ["tenant-current", tenantId], queryKey: ["tenant-current", tenantId],
queryFn: () => api.get<Tenant>(`/api/tenants/${tenantId}`), queryFn: () => api.get<Tenant>(`/tenants/${tenantId}`),
enabled: !!tenantId, enabled: !!tenantId,
}); });

250
frontend/src/app/(app)/fristen/[id]/page.tsx Normal file
View File

@@ -0,0 +1,250 @@
"use client";
import { useQuery, useMutation, useQueryClient } from "@tanstack/react-query";
import { useParams, useRouter } from "next/navigation";
import { api } from "@/lib/api";
import type { Deadline } from "@/lib/types";
import { Breadcrumb } from "@/components/layout/Breadcrumb";
import { NotesList } from "@/components/notes/NotesList";
import { Skeleton } from "@/components/ui/Skeleton";
import { format, parseISO, formatDistanceToNow, isPast } from "date-fns";
import { de } from "date-fns/locale";
import {
AlertTriangle,
CheckCircle2,
Clock,
ExternalLink,
} from "lucide-react";
import Link from "next/link";
import { toast } from "sonner";
interface DeadlineDetail extends Deadline {
case_number?: string;
case_title?: string;
}
const STATUS_CONFIG: Record<
string,
{ label: string; bg: string; icon: typeof Clock }
> = {
pending: { label: "Offen", bg: "bg-amber-50 text-amber-700", icon: Clock },
completed: {
label: "Erledigt",
bg: "bg-emerald-50 text-emerald-700",
icon: CheckCircle2,
},
overdue: {
label: "Ueberfaellig",
bg: "bg-red-50 text-red-700",
icon: AlertTriangle,
},
};
function getEffectiveStatus(d: DeadlineDetail): string {
if (d.status === "completed") return "completed";
if (isPast(parseISO(d.due_date))) return "overdue";
return "pending";
}
function DetailSkeleton() {
return (
<div>
<Skeleton className="h-4 w-48" />
<div className="mt-6 space-y-4">
<Skeleton className="h-8 w-64" />
<Skeleton className="h-4 w-40" />
<Skeleton className="h-32 rounded-lg" />
<Skeleton className="h-48 rounded-lg" />
</div>
</div>
);
}
export default function DeadlineDetailPage() {
const { id } = useParams<{ id: string }>();
const router = useRouter();
const queryClient = useQueryClient();
const {
data: deadline,
isLoading,
error,
} = useQuery({
queryKey: ["deadline", id],
queryFn: () => api.get<DeadlineDetail>(`/deadlines/${id}`),
});
const completeMutation = useMutation({
mutationFn: () => api.patch<Deadline>(`/deadlines/${id}/complete`),
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ["deadline", id] });
queryClient.invalidateQueries({ queryKey: ["deadlines"] });
queryClient.invalidateQueries({ queryKey: ["dashboard"] });
toast.success("Frist als erledigt markiert");
},
onError: () => toast.error("Fehler beim Abschliessen der Frist"),
});
if (isLoading) return <DetailSkeleton />;
if (error || !deadline) {
return (
<div className="py-12 text-center">
<div className="mx-auto mb-3 w-fit rounded-xl bg-red-50 p-3">
<AlertTriangle className="h-6 w-6 text-red-500" />
</div>
<p className="text-sm font-medium text-neutral-900">
Frist nicht gefunden
</p>
<p className="mt-1 text-sm text-neutral-500">
Die Frist existiert nicht oder Sie haben keine Berechtigung.
</p>
<Link
href="/fristen"
className="mt-4 inline-block text-sm text-neutral-500 transition-colors hover:text-neutral-700"
>
Zurueck zu Fristen
</Link>
</div>
);
}
const status = getEffectiveStatus(deadline);
const config = STATUS_CONFIG[status] ?? STATUS_CONFIG.pending;
const StatusIcon = config.icon;
const dueDate = parseISO(deadline.due_date);
const relativeTime = formatDistanceToNow(dueDate, {
addSuffix: true,
locale: de,
});
return (
<div className="animate-fade-in">
<Breadcrumb
items={[
{ label: "Dashboard", href: "/dashboard" },
{ label: "Fristen", href: "/fristen" },
{ label: deadline.title },
]}
/>
{/* Header */}
<div className="flex flex-col gap-3 sm:flex-row sm:items-start sm:justify-between">
<div>
<div className="flex flex-wrap items-center gap-3">
<span
className={`inline-flex items-center gap-1 rounded-full px-2.5 py-0.5 text-xs font-medium ${config.bg}`}
>
<StatusIcon className="h-3 w-3" />
{config.label}
</span>
<h1 className="text-lg font-semibold text-neutral-900">
{deadline.title}
</h1>
</div>
{deadline.description && (
<p className="mt-1 text-sm text-neutral-500">
{deadline.description}
</p>
)}
</div>
{deadline.status !== "completed" && (
<button
onClick={() => completeMutation.mutate()}
disabled={completeMutation.isPending}
className="shrink-0 rounded-md bg-emerald-600 px-4 py-2 text-sm font-medium text-white transition-colors hover:bg-emerald-700 disabled:opacity-50"
>
{completeMutation.isPending ? "Wird erledigt..." : "Erledigen"}
</button>
)}
</div>
{/* Due date */}
<div className="mt-4 rounded-lg border border-neutral-200 bg-white px-4 py-3">
<div className="flex items-baseline gap-2">
<span className="text-sm font-medium text-neutral-900">
Faellig: {format(dueDate, "d. MMMM yyyy", { locale: de })}
</span>
<span
className={`text-xs ${status === "overdue" ? "font-medium text-red-600" : "text-neutral-500"}`}
>
({relativeTime})
</span>
</div>
{deadline.warning_date && (
<p className="mt-1 text-xs text-neutral-500">
Warnung am:{" "}
{format(parseISO(deadline.warning_date), "d. MMMM yyyy", {
locale: de,
})}
</p>
)}
{deadline.original_due_date &&
deadline.original_due_date !== deadline.due_date && (
<p className="mt-1 text-xs text-neutral-500">
Urspruengliches Datum:{" "}
{format(parseISO(deadline.original_due_date), "d. MMMM yyyy", {
locale: de,
})}
</p>
)}
{deadline.completed_at && (
<p className="mt-1 text-xs text-emerald-600">
Erledigt am:{" "}
{format(parseISO(deadline.completed_at), "d. MMMM yyyy, HH:mm", {
locale: de,
})}
</p>
)}
</div>
{/* Case context */}
{deadline.case_id && (
<div className="mt-3 rounded-lg border border-neutral-200 bg-white px-4 py-3">
<div className="flex items-center justify-between">
<div>
<p className="text-xs font-medium uppercase tracking-wide text-neutral-400">
Akte
</p>
<p className="mt-0.5 text-sm text-neutral-900">
{deadline.case_number
? `Az. ${deadline.case_number}`
: "Verknuepfte Akte"}
{deadline.case_title && `${deadline.case_title}`}
</p>
</div>
<Link
href={`/cases/${deadline.case_id}`}
className="flex items-center gap-1 text-xs text-neutral-500 transition-colors hover:text-neutral-700"
>
Zur Akte
<ExternalLink className="h-3 w-3" />
</Link>
</div>
</div>
)}
{/* Source info */}
{deadline.source && deadline.source !== "manual" && (
<div className="mt-3 rounded-lg border border-neutral-200 bg-white px-4 py-3">
<p className="text-xs font-medium uppercase tracking-wide text-neutral-400">
Quelle
</p>
<p className="mt-0.5 text-sm text-neutral-700">
{deadline.source === "calculated"
? "Berechnet"
: deadline.source === "caldav"
? "CalDAV Sync"
: deadline.source}
{deadline.rule_id && ` (Regel: ${deadline.rule_id})`}
</p>
</div>
)}
{/* Notes */}
<div className="mt-6">
<NotesList parentType="deadline" parentId={id} />
</div>
</div>
);
}

180
frontend/src/app/(app)/fristen/neu/page.tsx Normal file
View File

@@ -0,0 +1,180 @@
"use client";
import { useQuery, useMutation, useQueryClient } from "@tanstack/react-query";
import { useRouter } from "next/navigation";
import { api } from "@/lib/api";
import type { Case, Deadline } from "@/lib/types";
import { Breadcrumb } from "@/components/layout/Breadcrumb";
import { useState } from "react";
import { toast } from "sonner";
const inputClass =
"w-full rounded-md border border-neutral-200 px-3 py-1.5 text-sm outline-none focus:border-neutral-400 focus:ring-1 focus:ring-neutral-400";
const labelClass = "mb-1 block text-xs font-medium text-neutral-600";
export default function NewDeadlinePage() {
const router = useRouter();
const queryClient = useQueryClient();
const [caseId, setCaseId] = useState("");
const [title, setTitle] = useState("");
const [description, setDescription] = useState("");
const [dueDate, setDueDate] = useState("");
const [warningDate, setWarningDate] = useState("");
const [notes, setNotes] = useState("");
const { data: casesData } = useQuery({
queryKey: ["cases"],
queryFn: () => api.get<{ cases: Case[]; total: number } | Case[]>("/cases"),
});
const cases = Array.isArray(casesData)
? casesData
: Array.isArray(casesData?.cases)
? casesData.cases
: [];
const createMutation = useMutation({
mutationFn: (body: Record<string, unknown>) =>
api.post<Deadline>(`/cases/${caseId}/deadlines`, body),
onSuccess: (data) => {
queryClient.invalidateQueries({ queryKey: ["deadlines"] });
queryClient.invalidateQueries({ queryKey: ["dashboard"] });
toast.success("Frist erstellt");
router.push(`/fristen/${data.id}`);
},
onError: () => toast.error("Fehler beim Erstellen der Frist"),
});
function handleSubmit(e: React.FormEvent) {
e.preventDefault();
if (!caseId || !title.trim() || !dueDate) return;
const body: Record<string, unknown> = {
title: title.trim(),
due_date: new Date(dueDate).toISOString(),
source: "manual",
};
if (description.trim()) body.description = description.trim();
if (warningDate) body.warning_date = new Date(warningDate).toISOString();
if (notes.trim()) body.notes = notes.trim();
createMutation.mutate(body);
}
return (
<div className="animate-fade-in">
<Breadcrumb
items={[
{ label: "Dashboard", href: "/dashboard" },
{ label: "Fristen", href: "/fristen" },
{ label: "Neue Frist" },
]}
/>
<h1 className="text-lg font-semibold text-neutral-900">
Neue Frist anlegen
</h1>
<p className="mt-0.5 text-sm text-neutral-500">
Erstellen Sie eine neue Frist fuer eine Akte.
</p>
<form
onSubmit={handleSubmit}
className="mt-6 max-w-lg space-y-4 rounded-lg border border-neutral-200 bg-white p-5"
>
<div>
<label className={labelClass}>Akte *</label>
<select
value={caseId}
onChange={(e) => setCaseId(e.target.value)}
required
className={inputClass}
>
<option value="">Akte auswaehlen...</option>
{cases.map((c) => (
<option key={c.id} value={c.id}>
{c.case_number} {c.title}
</option>
))}
</select>
</div>
<div>
<label className={labelClass}>Bezeichnung *</label>
<input
type="text"
value={title}
onChange={(e) => setTitle(e.target.value)}
required
className={inputClass}
placeholder="z.B. Klageschrift einreichen"
/>
</div>
<div>
<label className={labelClass}>Beschreibung</label>
<input
type="text"
value={description}
onChange={(e) => setDescription(e.target.value)}
className={inputClass}
placeholder="Optionale Beschreibung"
/>
</div>
<div className="grid grid-cols-2 gap-3">
<div>
<label className={labelClass}>Faellig am *</label>
<input
type="date"
value={dueDate}
onChange={(e) => setDueDate(e.target.value)}
required
className={inputClass}
/>
</div>
<div>
<label className={labelClass}>Warnung am</label>
<input
type="date"
value={warningDate}
onChange={(e) => setWarningDate(e.target.value)}
className={inputClass}
/>
</div>
</div>
<div>
<label className={labelClass}>Notizen</label>
<textarea
value={notes}
onChange={(e) => setNotes(e.target.value)}
rows={3}
className={inputClass}
placeholder="Optionale Notizen zur Frist"
/>
</div>
<div className="flex items-center justify-end gap-2 pt-2">
<button
type="button"
onClick={() => router.push("/fristen")}
className="rounded-md border border-neutral-200 bg-white px-3 py-1.5 text-sm text-neutral-700 hover:bg-neutral-50"
>
Abbrechen
</button>
<button
type="submit"
disabled={
createMutation.isPending || !caseId || !title.trim() || !dueDate
}
className="rounded-md bg-neutral-900 px-3 py-1.5 text-sm font-medium text-white hover:bg-neutral-800 disabled:opacity-50"
>
{createMutation.isPending ? "Erstellen..." : "Frist anlegen"}
</button>
</div>
</form>
</div>
);
}

90
frontend/src/app/(app)/fristen/page.tsx
View File

@@ -2,16 +2,20 @@
import { DeadlineList } from "@/components/deadlines/DeadlineList"; import { DeadlineList } from "@/components/deadlines/DeadlineList";
import { DeadlineCalendarView } from "@/components/deadlines/DeadlineCalendarView"; import { DeadlineCalendarView } from "@/components/deadlines/DeadlineCalendarView";
import { Breadcrumb } from "@/components/layout/Breadcrumb";
import { useQuery } from "@tanstack/react-query"; import { useQuery } from "@tanstack/react-query";
import { api } from "@/lib/api"; import { api } from "@/lib/api";
import type { Deadline } from "@/lib/types"; import type { Deadline } from "@/lib/types";
import { Calendar, List, Calculator } from "lucide-react"; import { Calendar, List, Calculator } from "lucide-react";
import Link from "next/link"; import Link from "next/link";
import { useState } from "react"; import { useState } from "react";
import { useSearchParams } from "next/navigation";
type ViewMode = "list" | "calendar"; type ViewMode = "list" | "calendar";
export default function FristenPage() { export default function FristenPage() {
const searchParams = useSearchParams();
const initialStatus = searchParams.get("status") ?? undefined;
const [view, setView] = useState<ViewMode>("list"); const [view, setView] = useState<ViewMode>("list");
const { data: deadlines } = useQuery({ const { data: deadlines } = useQuery({
@@ -21,52 +25,60 @@ export default function FristenPage() {
return ( return (
<div className="animate-fade-in space-y-4"> <div className="animate-fade-in space-y-4">
<div className="flex flex-col gap-3 sm:flex-row sm:items-center sm:justify-between"> <div>
<div> <Breadcrumb
<h1 className="text-lg font-semibold text-neutral-900">Fristen</h1> items={[
<p className="mt-0.5 text-sm text-neutral-500"> { label: "Dashboard", href: "/dashboard" },
Alle Fristen im Überblick { label: "Fristen" },
</p> ]}
</div> />
<div className="flex items-center gap-2"> <div className="flex flex-col gap-3 sm:flex-row sm:items-center sm:justify-between">
<Link <div>
href="/fristen/rechner" <h1 className="text-lg font-semibold text-neutral-900">Fristen</h1>
className="flex items-center gap-1.5 rounded-md border border-neutral-200 bg-white px-3 py-1.5 text-sm text-neutral-700 transition-colors hover:bg-neutral-50" <p className="mt-0.5 text-sm text-neutral-500">
> Alle Fristen im Überblick
<Calculator className="h-3.5 w-3.5" /> </p>
Fristenrechner </div>
</Link> <div className="flex items-center gap-2">
<div className="flex rounded-md border border-neutral-200 bg-white"> <Link
<button href="/fristen/rechner"
onClick={() => setView("list")} className="flex items-center gap-1.5 rounded-md border border-neutral-200 bg-white px-3 py-1.5 text-sm text-neutral-700 transition-colors hover:bg-neutral-50"
className={`flex items-center gap-1 rounded-l-md px-2.5 py-1.5 text-sm transition-colors ${
view === "list"
? "bg-neutral-100 font-medium text-neutral-900"
: "text-neutral-500 hover:text-neutral-700"
}`}
> >
<List className="h-3.5 w-3.5" /> <Calculator className="h-3.5 w-3.5" />
Liste Fristenrechner
</button> </Link>
<button <div className="flex rounded-md border border-neutral-200 bg-white">
onClick={() => setView("calendar")} <button
className={`flex items-center gap-1 rounded-r-md px-2.5 py-1.5 text-sm transition-colors ${ onClick={() => setView("list")}
view === "calendar" className={`flex items-center gap-1 rounded-l-md px-2.5 py-1.5 text-sm transition-colors ${
? "bg-neutral-100 font-medium text-neutral-900" view === "list"
: "text-neutral-500 hover:text-neutral-700" ? "bg-neutral-100 font-medium text-neutral-900"
}`} : "text-neutral-500 hover:text-neutral-700"
> }`}
<Calendar className="h-3.5 w-3.5" /> >
Kalender <List className="h-3.5 w-3.5" />
</button> Liste
</button>
<button
onClick={() => setView("calendar")}
className={`flex items-center gap-1 rounded-r-md px-2.5 py-1.5 text-sm transition-colors ${
view === "calendar"
? "bg-neutral-100 font-medium text-neutral-900"
: "text-neutral-500 hover:text-neutral-700"
}`}
>
<Calendar className="h-3.5 w-3.5" />
Kalender
</button>
</div>
</div> </div>
</div> </div>
</div> </div>
{view === "list" ? ( {view === "list" ? (
<DeadlineList /> <DeadlineList initialStatus={initialStatus} />
) : ( ) : (
<DeadlineCalendarView deadlines={deadlines || []} /> <DeadlineCalendarView deadlines={Array.isArray(deadlines) ? deadlines : []} />
)} )}
</div> </div>
); );

201
frontend/src/app/(app)/termine/[id]/page.tsx Normal file
View File

@@ -0,0 +1,201 @@
"use client";
import { useQuery } from "@tanstack/react-query";
import { useParams } from "next/navigation";
import { api } from "@/lib/api";
import type { Appointment } from "@/lib/types";
import { Breadcrumb } from "@/components/layout/Breadcrumb";
import { NotesList } from "@/components/notes/NotesList";
import { Skeleton } from "@/components/ui/Skeleton";
import { format, parseISO } from "date-fns";
import { de } from "date-fns/locale";
import {
AlertTriangle,
Calendar,
ExternalLink,
MapPin,
} from "lucide-react";
import Link from "next/link";
interface AppointmentDetail extends Appointment {
case_number?: string;
case_title?: string;
}
const TYPE_LABELS: Record<string, string> = {
hearing: "Verhandlung",
meeting: "Besprechung",
consultation: "Beratung",
deadline_hearing: "Fristanhoerung",
other: "Sonstiges",
};
const TYPE_COLORS: Record<string, string> = {
hearing: "bg-blue-50 text-blue-700",
meeting: "bg-violet-50 text-violet-700",
consultation: "bg-emerald-50 text-emerald-700",
deadline_hearing: "bg-amber-50 text-amber-700",
other: "bg-neutral-100 text-neutral-600",
};
function DetailSkeleton() {
return (
<div>
<Skeleton className="h-4 w-48" />
<div className="mt-6 space-y-4">
<Skeleton className="h-8 w-64" />
<Skeleton className="h-4 w-40" />
<Skeleton className="h-32 rounded-lg" />
<Skeleton className="h-48 rounded-lg" />
</div>
</div>
);
}
export default function AppointmentDetailPage() {
const { id } = useParams<{ id: string }>();
const {
data: appointment,
isLoading,
error,
} = useQuery({
queryKey: ["appointment", id],
queryFn: () => api.get<AppointmentDetail>(`/appointments/${id}`),
});
if (isLoading) return <DetailSkeleton />;
if (error || !appointment) {
return (
<div className="py-12 text-center">
<div className="mx-auto mb-3 w-fit rounded-xl bg-red-50 p-3">
<AlertTriangle className="h-6 w-6 text-red-500" />
</div>
<p className="text-sm font-medium text-neutral-900">
Termin nicht gefunden
</p>
<p className="mt-1 text-sm text-neutral-500">
Der Termin existiert nicht oder Sie haben keine Berechtigung.
</p>
<Link
href="/termine"
className="mt-4 inline-block text-sm text-neutral-500 transition-colors hover:text-neutral-700"
>
Zurueck zu Termine
</Link>
</div>
);
}
const startDate = parseISO(appointment.start_at);
const typeBadge = appointment.appointment_type
? TYPE_COLORS[appointment.appointment_type] ?? TYPE_COLORS.other
: null;
const typeLabel = appointment.appointment_type
? TYPE_LABELS[appointment.appointment_type] ?? appointment.appointment_type
: null;
return (
<div className="animate-fade-in">
<Breadcrumb
items={[
{ label: "Dashboard", href: "/dashboard" },
{ label: "Termine", href: "/termine" },
{ label: appointment.title },
]}
/>
{/* Header */}
<div>
<div className="flex flex-wrap items-center gap-3">
<h1 className="text-lg font-semibold text-neutral-900">
{appointment.title}
</h1>
{typeBadge && typeLabel && (
<span
className={`inline-block rounded-full px-2.5 py-0.5 text-xs font-medium ${typeBadge}`}
>
{typeLabel}
</span>
)}
</div>
</div>
{/* Date & Time */}
<div className="mt-4 rounded-lg border border-neutral-200 bg-white px-4 py-3">
<div className="flex items-center gap-2">
<Calendar className="h-4 w-4 text-neutral-400" />
<span className="text-sm font-medium text-neutral-900">
{format(startDate, "EEEE, d. MMMM yyyy", { locale: de })}
</span>
</div>
<p className="mt-1 pl-6 text-sm text-neutral-600">
{format(startDate, "HH:mm", { locale: de })} Uhr
{appointment.end_at && (
<>
{" "}
{format(parseISO(appointment.end_at), "HH:mm", { locale: de })}{" "}
Uhr
</>
)}
</p>
</div>
{/* Location */}
{appointment.location && (
<div className="mt-3 rounded-lg border border-neutral-200 bg-white px-4 py-3">
<div className="flex items-center gap-2">
<MapPin className="h-4 w-4 text-neutral-400" />
<span className="text-sm text-neutral-900">
{appointment.location}
</span>
</div>
</div>
)}
{/* Case context */}
{appointment.case_id && (
<div className="mt-3 rounded-lg border border-neutral-200 bg-white px-4 py-3">
<div className="flex items-center justify-between">
<div>
<p className="text-xs font-medium uppercase tracking-wide text-neutral-400">
Akte
</p>
<p className="mt-0.5 text-sm text-neutral-900">
{appointment.case_number
? `Az. ${appointment.case_number}`
: "Verknuepfte Akte"}
{appointment.case_title && `${appointment.case_title}`}
</p>
</div>
<Link
href={`/cases/${appointment.case_id}`}
className="flex items-center gap-1 text-xs text-neutral-500 transition-colors hover:text-neutral-700"
>
Zur Akte
<ExternalLink className="h-3 w-3" />
</Link>
</div>
</div>
)}
{/* Description */}
{appointment.description && (
<div className="mt-3 rounded-lg border border-neutral-200 bg-white px-4 py-3">
<p className="text-xs font-medium uppercase tracking-wide text-neutral-400">
Beschreibung
</p>
<p className="mt-1 whitespace-pre-wrap text-sm text-neutral-700">
{appointment.description}
</p>
</div>
)}
{/* Notes */}
<div className="mt-6">
<NotesList parentType="appointment" parentId={id} />
</div>
</div>
);
}

206
frontend/src/app/(app)/termine/neu/page.tsx Normal file
View File

@@ -0,0 +1,206 @@
"use client";
import { useQuery, useMutation, useQueryClient } from "@tanstack/react-query";
import { useRouter } from "next/navigation";
import { api } from "@/lib/api";
import type { Case, Appointment } from "@/lib/types";
import { Breadcrumb } from "@/components/layout/Breadcrumb";
import { useState } from "react";
import { toast } from "sonner";
const APPOINTMENT_TYPES = [
{ value: "hearing", label: "Verhandlung" },
{ value: "meeting", label: "Besprechung" },
{ value: "consultation", label: "Beratung" },
{ value: "deadline_hearing", label: "Fristanhoerung" },
{ value: "other", label: "Sonstiges" },
];
const inputClass =
"w-full rounded-md border border-neutral-200 px-3 py-1.5 text-sm outline-none focus:border-neutral-400 focus:ring-1 focus:ring-neutral-400";
const labelClass = "mb-1 block text-xs font-medium text-neutral-600";
export default function NewAppointmentPage() {
const router = useRouter();
const queryClient = useQueryClient();
const [caseId, setCaseId] = useState("");
const [title, setTitle] = useState("");
const [description, setDescription] = useState("");
const [startAt, setStartAt] = useState("");
const [endAt, setEndAt] = useState("");
const [location, setLocation] = useState("");
const [appointmentType, setAppointmentType] = useState("");
const { data: casesData } = useQuery({
queryKey: ["cases"],
queryFn: () => api.get<{ cases: Case[]; total: number } | Case[]>("/cases"),
});
const cases = Array.isArray(casesData)
? casesData
: Array.isArray(casesData?.cases)
? casesData.cases
: [];
const createMutation = useMutation({
mutationFn: (body: Record<string, unknown>) =>
api.post<Appointment>("/appointments", body),
onSuccess: (data) => {
queryClient.invalidateQueries({ queryKey: ["appointments"] });
queryClient.invalidateQueries({ queryKey: ["dashboard"] });
toast.success("Termin erstellt");
router.push(`/termine/${data.id}`);
},
onError: () => toast.error("Fehler beim Erstellen des Termins"),
});
function handleSubmit(e: React.FormEvent) {
e.preventDefault();
if (!title.trim() || !startAt) return;
const body: Record<string, unknown> = {
title: title.trim(),
start_at: new Date(startAt).toISOString(),
};
if (description.trim()) body.description = description.trim();
if (endAt) body.end_at = new Date(endAt).toISOString();
if (location.trim()) body.location = location.trim();
if (appointmentType) body.appointment_type = appointmentType;
if (caseId) body.case_id = caseId;
createMutation.mutate(body);
}
return (
<div className="animate-fade-in">
<Breadcrumb
items={[
{ label: "Dashboard", href: "/dashboard" },
{ label: "Termine", href: "/termine" },
{ label: "Neuer Termin" },
]}
/>
<h1 className="text-lg font-semibold text-neutral-900">
Neuer Termin
</h1>
<p className="mt-0.5 text-sm text-neutral-500">
Erstellen Sie einen neuen Termin.
</p>
<form
onSubmit={handleSubmit}
className="mt-6 max-w-lg space-y-4 rounded-lg border border-neutral-200 bg-white p-5"
>
<div>
<label className={labelClass}>Titel *</label>
<input
type="text"
value={title}
onChange={(e) => setTitle(e.target.value)}
required
className={inputClass}
placeholder="z.B. Muendliche Verhandlung"
/>
</div>
<div className="grid grid-cols-2 gap-3">
<div>
<label className={labelClass}>Beginn *</label>
<input
type="datetime-local"
value={startAt}
onChange={(e) => setStartAt(e.target.value)}
required
className={inputClass}
/>
</div>
<div>
<label className={labelClass}>Ende</label>
<input
type="datetime-local"
value={endAt}
onChange={(e) => setEndAt(e.target.value)}
className={inputClass}
/>
</div>
</div>
<div className="grid grid-cols-2 gap-3">
<div>
<label className={labelClass}>Typ</label>
<select
value={appointmentType}
onChange={(e) => setAppointmentType(e.target.value)}
className={inputClass}
>
<option value="">Kein Typ</option>
{APPOINTMENT_TYPES.map((t) => (
<option key={t.value} value={t.value}>
{t.label}
</option>
))}
</select>
</div>
<div>
<label className={labelClass}>Akte (optional)</label>
<select
value={caseId}
onChange={(e) => setCaseId(e.target.value)}
className={inputClass}
>
<option value="">Keine Akte</option>
{cases.map((c) => (
<option key={c.id} value={c.id}>
{c.case_number} {c.title}
</option>
))}
</select>
</div>
</div>
<div>
<label className={labelClass}>Ort</label>
<input
type="text"
value={location}
onChange={(e) => setLocation(e.target.value)}
className={inputClass}
placeholder="z.B. UPC Muenchen, Saal 3"
/>
</div>
<div>
<label className={labelClass}>Beschreibung</label>
<textarea
value={description}
onChange={(e) => setDescription(e.target.value)}
rows={3}
className={inputClass}
placeholder="Optionale Beschreibung zum Termin"
/>
</div>
<div className="flex items-center justify-end gap-2 pt-2">
<button
type="button"
onClick={() => router.push("/termine")}
className="rounded-md border border-neutral-200 bg-white px-3 py-1.5 text-sm text-neutral-700 hover:bg-neutral-50"
>
Abbrechen
</button>
<button
type="submit"
disabled={
createMutation.isPending || !title.trim() || !startAt
}
className="rounded-md bg-neutral-900 px-3 py-1.5 text-sm font-medium text-white hover:bg-neutral-800 disabled:opacity-50"
>
{createMutation.isPending ? "Erstellen..." : "Termin anlegen"}
</button>
</div>
</form>
</div>
);
}

9
frontend/src/app/(app)/termine/page.tsx
View File

@@ -6,6 +6,7 @@ import { AppointmentModal } from "@/components/appointments/AppointmentModal";
import { useQuery } from "@tanstack/react-query"; import { useQuery } from "@tanstack/react-query";
import { api } from "@/lib/api"; import { api } from "@/lib/api";
import type { Appointment } from "@/lib/types"; import type { Appointment } from "@/lib/types";
import { Breadcrumb } from "@/components/layout/Breadcrumb";
import { Calendar, List, Plus } from "lucide-react"; import { Calendar, List, Plus } from "lucide-react";
import { useState } from "react"; import { useState } from "react";
@@ -38,6 +39,12 @@ export default function TerminePage() {
return ( return (
<div className="space-y-4"> <div className="space-y-4">
<Breadcrumb
items={[
{ label: "Dashboard", href: "/dashboard" },
{ label: "Termine" },
]}
/>
<div className="flex items-center justify-between"> <div className="flex items-center justify-between">
<div> <div>
<h1 className="text-lg font-semibold text-neutral-900">Termine</h1> <h1 className="text-lg font-semibold text-neutral-900">Termine</h1>
@@ -84,7 +91,7 @@ export default function TerminePage() {
<AppointmentList onEdit={handleEdit} /> <AppointmentList onEdit={handleEdit} />
) : ( ) : (
<AppointmentCalendar <AppointmentCalendar
appointments={appointments || []} appointments={Array.isArray(appointments) ? appointments : []}
onAppointmentClick={handleEdit} onAppointmentClick={handleEdit}
/> />
)} )}

9
frontend/src/components/appointments/AppointmentList.tsx
View File

@@ -73,12 +73,13 @@ export function AppointmentList({ onEdit }: AppointmentListProps) {
const caseMap = useMemo(() => { const caseMap = useMemo(() => {
const map = new Map<string, Case>(); const map = new Map<string, Case>();
cases?.cases?.forEach((c) => map.set(c.id, c)); const arr = Array.isArray(cases?.cases) ? cases.cases : [];
arr.forEach((c) => map.set(c.id, c));
return map; return map;
}, [cases]); }, [cases]);
const filtered = useMemo(() => { const filtered = useMemo(() => {
if (!appointments) return []; if (!Array.isArray(appointments)) return [];
return appointments return appointments
.filter((a) => { .filter((a) => {
if (caseFilter !== "all" && a.case_id !== caseFilter) return false; if (caseFilter !== "all" && a.case_id !== caseFilter) return false;
@@ -91,7 +92,7 @@ export function AppointmentList({ onEdit }: AppointmentListProps) {
const grouped = useMemo(() => groupByDate(filtered), [filtered]); const grouped = useMemo(() => groupByDate(filtered), [filtered]);
const counts = useMemo(() => { const counts = useMemo(() => {
if (!appointments) return { today: 0, thisWeek: 0, total: 0 }; if (!Array.isArray(appointments)) return { today: 0, thisWeek: 0, total: 0 };
let today = 0; let today = 0;
let thisWeek = 0; let thisWeek = 0;
for (const a of appointments) { for (const a of appointments) {
@@ -148,7 +149,7 @@ export function AppointmentList({ onEdit }: AppointmentListProps) {
</option> </option>
))} ))}
</select> </select>
{cases?.cases && cases.cases.length > 0 && ( {Array.isArray(cases?.cases) && cases.cases.length > 0 && (
<select <select
value={caseFilter} value={caseFilter}
onChange={(e) => setCaseFilter(e.target.value)} onChange={(e) => setCaseFilter(e.target.value)}

2
frontend/src/components/appointments/AppointmentModal.tsx
View File

@@ -78,7 +78,7 @@ export function AppointmentModal({ open, onClose, appointment }: AppointmentModa
const updateMutation = useMutation({ const updateMutation = useMutation({
mutationFn: (body: Record<string, unknown>) => mutationFn: (body: Record<string, unknown>) =>
api.put<Appointment>(`/api/appointments/${appointment!.id}`, body), api.put<Appointment>(`/appointments/${appointment!.id}`, body),
onSuccess: () => { onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ["appointments"] }); queryClient.invalidateQueries({ queryKey: ["appointments"] });
queryClient.invalidateQueries({ queryKey: ["dashboard"] }); queryClient.invalidateQueries({ queryKey: ["dashboard"] });

43
frontend/src/components/dashboard/AISummaryCard.tsx
View File

@@ -1,15 +1,19 @@
"use client"; "use client";
import { Sparkles } from "lucide-react"; import { useState } from "react";
import { Sparkles, RefreshCw } from "lucide-react";
import type { DashboardData } from "@/lib/types"; import type { DashboardData } from "@/lib/types";
interface Props { interface Props {
data: DashboardData; data: DashboardData;
onRefresh?: () => void;
} }
function generateSummary(data: DashboardData): string { function generateSummary(data: DashboardData): string {
const parts: string[] = []; const parts: string[] = [];
const { deadline_summary: ds, case_summary: cs, upcoming_deadlines: ud } = data; const ds = data.deadline_summary ?? { overdue_count: 0, due_this_week: 0, due_next_week: 0, ok_count: 0 };
const cs = data.case_summary ?? { active_count: 0, new_this_month: 0, closed_count: 0 };
const ud = Array.isArray(data.upcoming_deadlines) ? data.upcoming_deadlines : [];
// Deadline urgency // Deadline urgency
if (ds.overdue_count > 0) { if (ds.overdue_count > 0) {
@@ -49,18 +53,39 @@ function generateSummary(data: DashboardData): string {
return parts.join(" "); return parts.join(" ");
} }
export function AISummaryCard({ data }: Props) { export function AISummaryCard({ data, onRefresh }: Props) {
const [spinning, setSpinning] = useState(false);
const summary = generateSummary(data); const summary = generateSummary(data);
function handleRefresh() {
if (!onRefresh) return;
setSpinning(true);
onRefresh();
setTimeout(() => setSpinning(false), 1000);
}
return ( return (
<div className="rounded-xl border border-neutral-200 bg-white p-5"> <div className="rounded-xl border border-neutral-200 bg-white p-5">
<div className="flex items-center gap-2"> <div className="flex items-center justify-between">
<div className="rounded-md bg-violet-50 p-1.5"> <div className="flex items-center gap-2">
<Sparkles className="h-4 w-4 text-violet-500" /> <div className="rounded-md bg-violet-50 p-1.5">
<Sparkles className="h-4 w-4 text-violet-500" />
</div>
<h2 className="text-sm font-semibold text-neutral-900">
KI-Zusammenfassung
</h2>
</div> </div>
<h2 className="text-sm font-semibold text-neutral-900"> {onRefresh && (
KI-Zusammenfassung <button
</h2> onClick={handleRefresh}
title="Aktualisieren"
className="rounded-md p-1.5 text-neutral-400 transition-colors hover:bg-neutral-100 hover:text-neutral-600"
>
<RefreshCw
className={`h-4 w-4 ${spinning ? "animate-spin" : ""}`}
/>
</button>
)}
</div> </div>
<p className="mt-3 text-sm leading-relaxed text-neutral-700"> <p className="mt-3 text-sm leading-relaxed text-neutral-700">
{summary} {summary}

32
frontend/src/components/dashboard/CaseOverviewGrid.tsx
View File

@@ -1,6 +1,7 @@
"use client"; "use client";
import { FolderOpen, FolderPlus, Archive } from "lucide-react"; import Link from "next/link";
import { FolderOpen, FolderPlus, Archive, ChevronRight } from "lucide-react";
import type { CaseSummary } from "@/lib/types"; import type { CaseSummary } from "@/lib/types";
interface Props { interface Props {
@@ -8,46 +9,57 @@ interface Props {
} }
export function CaseOverviewGrid({ data }: Props) { export function CaseOverviewGrid({ data }: Props) {
const safe = data ?? { active_count: 0, new_this_month: 0, closed_count: 0 };
const items = [ const items = [
{ {
label: "Aktive Akten", label: "Aktive Akten",
value: data.active_count, value: safe.active_count ?? 0,
icon: FolderOpen, icon: FolderOpen,
color: "text-blue-600", color: "text-blue-600",
bg: "bg-blue-50", bg: "bg-blue-50",
href: "/cases?status=active",
}, },
{ {
label: "Neu (Monat)", label: "Neu (Monat)",
value: data.new_this_month, value: safe.new_this_month ?? 0,
icon: FolderPlus, icon: FolderPlus,
color: "text-violet-600", color: "text-violet-600",
bg: "bg-violet-50", bg: "bg-violet-50",
href: "/cases?status=active&since=month",
}, },
{ {
label: "Abgeschlossen", label: "Abgeschlossen",
value: data.closed_count, value: safe.closed_count ?? 0,
icon: Archive, icon: Archive,
color: "text-neutral-500", color: "text-neutral-500",
bg: "bg-neutral-50", bg: "bg-neutral-50",
href: "/cases?status=closed",
}, },
]; ];
return ( return (
<div className="rounded-xl border border-neutral-200 bg-white p-5"> <div className="rounded-xl border border-neutral-200 bg-white p-5">
<h2 className="text-sm font-semibold text-neutral-900">Aktenübersicht</h2> <h2 className="text-sm font-semibold text-neutral-900">Aktenübersicht</h2>
<div className="mt-4 space-y-3"> <div className="mt-4 space-y-1">
{items.map((item) => ( {items.map((item) => (
<div key={item.label} className="flex items-center justify-between"> <Link
key={item.label}
href={item.href}
className="group -mx-2 flex items-center justify-between rounded-lg px-2 py-2 transition-colors hover:bg-neutral-50"
>
<div className="flex items-center gap-2.5"> <div className="flex items-center gap-2.5">
<div className={`rounded-md p-1.5 ${item.bg}`}> <div className={`rounded-md p-1.5 ${item.bg}`}>
<item.icon className={`h-4 w-4 ${item.color}`} /> <item.icon className={`h-4 w-4 ${item.color}`} />
</div> </div>
<span className="text-sm text-neutral-600">{item.label}</span> <span className="text-sm text-neutral-600">{item.label}</span>
</div> </div>
<span className="text-lg font-semibold tabular-nums text-neutral-900"> <div className="flex items-center gap-1.5">
{item.value} <span className="text-lg font-semibold tabular-nums text-neutral-900">
</span> {item.value}
</div> </span>
<ChevronRight className="h-4 w-4 text-neutral-300 transition-colors group-hover:text-neutral-500" />
</div>
</Link>
))} ))}
</div> </div>
</div> </div>

24
frontend/src/components/dashboard/DeadlineTrafficLights.tsx
View File

@@ -1,6 +1,7 @@
"use client"; "use client";
import { useEffect, useRef } from "react"; import { useEffect, useRef } from "react";
import Link from "next/link";
import { AlertTriangle, Clock, CheckCircle } from "lucide-react"; import { AlertTriangle, Clock, CheckCircle } from "lucide-react";
import type { DeadlineSummary } from "@/lib/types"; import type { DeadlineSummary } from "@/lib/types";
@@ -27,29 +28,31 @@ function AnimatedCount({ value }: { value: number }) {
interface Props { interface Props {
data: DeadlineSummary; data: DeadlineSummary;
onFilter?: (filter: "overdue" | "this_week" | "ok") => void;
} }
export function DeadlineTrafficLights({ data, onFilter }: Props) { export function DeadlineTrafficLights({ data }: Props) {
const safe = data ?? { overdue_count: 0, due_this_week: 0, due_next_week: 0, ok_count: 0 };
const cards = [ const cards = [
{ {
key: "overdue" as const, key: "overdue" as const,
label: "Überfällig", label: "Überfällig",
count: data.overdue_count, count: safe.overdue_count ?? 0,
icon: AlertTriangle, icon: AlertTriangle,
href: "/fristen?status=overdue",
bg: "bg-red-50", bg: "bg-red-50",
border: "border-red-200", border: "border-red-200",
iconColor: "text-red-500", iconColor: "text-red-500",
countColor: "text-red-700", countColor: "text-red-700",
labelColor: "text-red-600", labelColor: "text-red-600",
ring: data.overdue_count > 0 ? "ring-2 ring-red-300 ring-offset-1" : "", ring: (safe.overdue_count ?? 0) > 0 ? "ring-2 ring-red-300 ring-offset-1" : "",
pulse: data.overdue_count > 0, pulse: (safe.overdue_count ?? 0) > 0,
}, },
{ {
key: "this_week" as const, key: "this_week" as const,
label: "Diese Woche", label: "Diese Woche",
count: data.due_this_week, count: safe.due_this_week ?? 0,
icon: Clock, icon: Clock,
href: "/fristen?status=this_week",
bg: "bg-amber-50", bg: "bg-amber-50",
border: "border-amber-200", border: "border-amber-200",
iconColor: "text-amber-500", iconColor: "text-amber-500",
@@ -61,8 +64,9 @@ export function DeadlineTrafficLights({ data, onFilter }: Props) {
{ {
key: "ok" as const, key: "ok" as const,
label: "Im Zeitplan", label: "Im Zeitplan",
count: data.ok_count + data.due_next_week, count: (safe.ok_count ?? 0) + (safe.due_next_week ?? 0),
icon: CheckCircle, icon: CheckCircle,
href: "/fristen?status=ok",
bg: "bg-emerald-50", bg: "bg-emerald-50",
border: "border-emerald-200", border: "border-emerald-200",
iconColor: "text-emerald-500", iconColor: "text-emerald-500",
@@ -76,9 +80,9 @@ export function DeadlineTrafficLights({ data, onFilter }: Props) {
return ( return (
<div className="grid grid-cols-1 gap-4 sm:grid-cols-3"> <div className="grid grid-cols-1 gap-4 sm:grid-cols-3">
{cards.map((card) => ( {cards.map((card) => (
<button <Link
key={card.key} key={card.key}
onClick={() => onFilter?.(card.key)} href={card.href}
className={`group relative overflow-hidden rounded-xl border ${card.border} ${card.bg} ${card.ring} p-6 text-left transition-all hover:shadow-md active:scale-[0.98]`} className={`group relative overflow-hidden rounded-xl border ${card.border} ${card.bg} ${card.ring} p-6 text-left transition-all hover:shadow-md active:scale-[0.98]`}
> >
{card.pulse && ( {card.pulse && (
@@ -98,7 +102,7 @@ export function DeadlineTrafficLights({ data, onFilter }: Props) {
<div className={`mt-4 text-4xl font-bold tracking-tight ${card.countColor}`}> <div className={`mt-4 text-4xl font-bold tracking-tight ${card.countColor}`}>
<AnimatedCount value={card.count} /> <AnimatedCount value={card.count} />
</div> </div>
</button> </Link>
))} ))}
</div> </div>
); );

16
frontend/src/components/dashboard/QuickActions.tsx
View File

@@ -1,7 +1,7 @@
"use client"; "use client";
import Link from "next/link"; import Link from "next/link";
import { FolderPlus, Clock, Sparkles, CalendarSync } from "lucide-react"; import { FolderPlus, Clock, Sparkles, CalendarPlus } from "lucide-react";
const actions = [ const actions = [
{ {
@@ -12,22 +12,22 @@ const actions = [
}, },
{ {
label: "Frist eintragen", label: "Frist eintragen",
href: "/fristen", href: "/fristen/neu",
icon: Clock, icon: Clock,
color: "text-amber-600 bg-amber-50 hover:bg-amber-100", color: "text-amber-600 bg-amber-50 hover:bg-amber-100",
}, },
{
label: "Neuer Termin",
href: "/termine/neu",
icon: CalendarPlus,
color: "text-emerald-600 bg-emerald-50 hover:bg-emerald-100",
},
{ {
label: "AI Analyse", label: "AI Analyse",
href: "/ai/extract", href: "/ai/extract",
icon: Sparkles, icon: Sparkles,
color: "text-violet-600 bg-violet-50 hover:bg-violet-100", color: "text-violet-600 bg-violet-50 hover:bg-violet-100",
}, },
{
label: "CalDAV Sync",
href: "/einstellungen",
icon: CalendarSync,
color: "text-emerald-600 bg-emerald-50 hover:bg-emerald-100",
},
]; ];
export function QuickActions() { export function QuickActions() {

80
frontend/src/components/dashboard/RecentActivityList.tsx Normal file
View File

@@ -0,0 +1,80 @@
"use client";
import Link from "next/link";
import { formatDistanceToNow, parseISO } from "date-fns";
import { de } from "date-fns/locale";
import {
FileText,
Scale,
Calendar,
Clock,
MessageSquare,
ChevronRight,
} from "lucide-react";
import type { RecentActivity } from "@/lib/types";
const EVENT_ICONS: Record<string, typeof FileText> = {
status_changed: Scale,
deadline_created: Clock,
appointment_created: Calendar,
document_uploaded: FileText,
note_added: MessageSquare,
};
interface Props {
activities: RecentActivity[];
}
export function RecentActivityList({ activities }: Props) {
const safe = Array.isArray(activities) ? activities : [];
if (safe.length === 0) {
return null;
}
return (
<div className="rounded-xl border border-neutral-200 bg-white p-5">
<h2 className="text-sm font-semibold text-neutral-900">
Letzte Aktivität
</h2>
<div className="mt-3 divide-y divide-neutral-100">
{safe.map((activity) => {
const Icon = EVENT_ICONS[activity.event_type ?? ""] ?? FileText;
const timeAgo = activity.created_at
? formatDistanceToNow(parseISO(activity.created_at), {
addSuffix: true,
locale: de,
})
: "";
return (
<Link
key={activity.id}
href={`/cases/${activity.case_id}`}
className="group flex items-center gap-3 py-2.5 transition-colors first:pt-0 last:pb-0 hover:bg-neutral-50 -mx-5 px-5"
>
<div className="rounded-md bg-neutral-100 p-1.5">
<Icon className="h-3.5 w-3.5 text-neutral-500" />
</div>
<div className="min-w-0 flex-1">
<p className="truncate text-sm text-neutral-900">
{activity.title}
</p>
<div className="flex items-center gap-2 text-xs text-neutral-500">
<span>{activity.case_number}</span>
{timeAgo && (
<>
<span className="text-neutral-300">·</span>
<span>{timeAgo}</span>
</>
)}
</div>
</div>
<ChevronRight className="h-4 w-4 shrink-0 text-neutral-300 transition-colors group-hover:text-neutral-500" />
</Link>
);
})}
</div>
</div>
);
}

73
frontend/src/components/dashboard/UpcomingTimeline.tsx
View File

@@ -1,8 +1,9 @@
"use client"; "use client";
import Link from "next/link";
import { format, parseISO, isToday, isTomorrow } from "date-fns"; import { format, parseISO, isToday, isTomorrow } from "date-fns";
import { de } from "date-fns/locale"; import { de } from "date-fns/locale";
import { Clock, Calendar, MapPin } from "lucide-react"; import { Clock, Calendar, MapPin, ChevronRight } from "lucide-react";
import type { UpcomingDeadline, UpcomingAppointment } from "@/lib/types"; import type { UpcomingDeadline, UpcomingAppointment } from "@/lib/types";
interface Props { interface Props {
@@ -21,13 +22,16 @@ function formatDayLabel(date: Date): string {
} }
export function UpcomingTimeline({ deadlines, appointments }: Props) { export function UpcomingTimeline({ deadlines, appointments }: Props) {
const safeDeadlines = Array.isArray(deadlines) ? deadlines : [];
const safeAppointments = Array.isArray(appointments) ? appointments : [];
const items: TimelineItem[] = [ const items: TimelineItem[] = [
...deadlines.map((d) => ({ ...safeDeadlines.map((d) => ({
type: "deadline" as const, type: "deadline" as const,
date: parseISO(d.due_date), date: parseISO(d.due_date),
data: d, data: d,
})), })),
...appointments.map((a) => ({ ...safeAppointments.map((a) => ({
type: "appointment" as const, type: "appointment" as const,
date: parseISO(a.start_at), date: parseISO(a.start_at),
data: a, data: a,
@@ -77,8 +81,12 @@ export function UpcomingTimeline({ deadlines, appointments }: Props) {
function TimelineEntry({ item }: { item: TimelineItem }) { function TimelineEntry({ item }: { item: TimelineItem }) {
if (item.type === "deadline") { if (item.type === "deadline") {
const d = item.data; const d = item.data;
const href = `/fristen/${d.id}`;
return ( return (
<div className="flex items-start gap-3 rounded-lg border border-neutral-100 bg-neutral-50/50 px-3 py-2.5"> <Link
href={href}
className="group flex items-start gap-3 rounded-lg border border-neutral-100 bg-neutral-50/50 px-3 py-2.5 transition-colors hover:border-neutral-200 hover:bg-neutral-100/50"
>
<div className="mt-0.5 rounded-md bg-amber-50 p-1"> <div className="mt-0.5 rounded-md bg-amber-50 p-1">
<Clock className="h-3.5 w-3.5 text-amber-500" /> <Clock className="h-3.5 w-3.5 text-amber-500" />
</div> </div>
@@ -87,19 +95,40 @@ function TimelineEntry({ item }: { item: TimelineItem }) {
{d.title} {d.title}
</p> </p>
<p className="mt-0.5 truncate text-xs text-neutral-500"> <p className="mt-0.5 truncate text-xs text-neutral-500">
{d.case_number} · {d.case_title} {d.case_id ? (
<span
onClick={(e) => e.stopPropagation()}
className="inline"
>
<Link
href={`/cases/${d.case_id}`}
className="underline decoration-neutral-300 hover:text-neutral-900 hover:decoration-neutral-500"
>
{d.case_number}
</Link>
{" · "}
</span>
) : (
<>{d.case_number} · </>
)}
{d.case_title}
</p> </p>
</div> </div>
<span className="shrink-0 text-xs font-medium text-amber-600"> <div className="flex shrink-0 items-center gap-1.5">
Frist <span className="text-xs font-medium text-amber-600">Frist</span>
</span> <ChevronRight className="h-3.5 w-3.5 text-neutral-300 transition-colors group-hover:text-neutral-500" />
</div> </div>
</Link>
); );
} }
const a = item.data; const a = item.data;
const href = `/termine/${a.id}`;
return ( return (
<div className="flex items-start gap-3 rounded-lg border border-neutral-100 bg-neutral-50/50 px-3 py-2.5"> <Link
href={href}
className="group flex items-start gap-3 rounded-lg border border-neutral-100 bg-neutral-50/50 px-3 py-2.5 transition-colors hover:border-neutral-200 hover:bg-neutral-100/50"
>
<div className="mt-0.5 rounded-md bg-blue-50 p-1"> <div className="mt-0.5 rounded-md bg-blue-50 p-1">
<Calendar className="h-3.5 w-3.5 text-blue-500" /> <Calendar className="h-3.5 w-3.5 text-blue-500" />
</div> </div>
@@ -118,7 +147,20 @@ function TimelineEntry({ item }: { item: TimelineItem }) {
</span> </span>
</> </>
)} )}
{a.case_number && ( {a.case_number && a.case_id && (
<>
<span className="text-neutral-300">·</span>
<span onClick={(e) => e.stopPropagation()}>
<Link
href={`/cases/${a.case_id}`}
className="underline decoration-neutral-300 hover:text-neutral-900 hover:decoration-neutral-500"
>
{a.case_number}
</Link>
</span>
</>
)}
{a.case_number && !a.case_id && (
<> <>
<span className="text-neutral-300">·</span> <span className="text-neutral-300">·</span>
<span>{a.case_number}</span> <span>{a.case_number}</span>
@@ -126,9 +168,10 @@ function TimelineEntry({ item }: { item: TimelineItem }) {
)} )}
</div> </div>
</div> </div>
<span className="shrink-0 text-xs font-medium text-blue-600"> <div className="flex shrink-0 items-center gap-1.5">
Termin <span className="text-xs font-medium text-blue-600">Termin</span>
</span> <ChevronRight className="h-3.5 w-3.5 text-neutral-300 transition-colors group-hover:text-neutral-500" />
</div> </div>
</Link>
); );
} }

53
frontend/src/components/deadlines/DeadlineList.tsx
View File

@@ -10,7 +10,14 @@ import { toast } from "sonner";
import { useState, useMemo } from "react"; import { useState, useMemo } from "react";
import { EmptyState } from "@/components/ui/EmptyState"; import { EmptyState } from "@/components/ui/EmptyState";
type StatusFilter = "all" | "pending" | "completed" | "overdue"; type StatusFilter = "all" | "pending" | "completed" | "overdue" | "this_week" | "ok";
function mapUrlStatus(status?: string): StatusFilter {
if (status === "overdue") return "overdue";
if (status === "this_week") return "this_week";
if (status === "ok") return "ok";
return "all";
}
function getUrgency(deadline: Deadline): "red" | "amber" | "green" { function getUrgency(deadline: Deadline): "red" | "amber" | "green" {
if (deadline.status === "completed") return "green"; if (deadline.status === "completed") return "green";
@@ -47,9 +54,15 @@ const urgencyConfig = {
const selectClass = const selectClass =
"rounded-md border border-neutral-200 bg-white px-2.5 py-1 text-sm text-neutral-700 transition-colors focus:border-neutral-400 focus:ring-1 focus:ring-neutral-400 outline-none"; "rounded-md border border-neutral-200 bg-white px-2.5 py-1 text-sm text-neutral-700 transition-colors focus:border-neutral-400 focus:ring-1 focus:ring-neutral-400 outline-none";
export function DeadlineList() { interface Props {
initialStatus?: string;
}
export function DeadlineList({ initialStatus }: Props) {
const queryClient = useQueryClient(); const queryClient = useQueryClient();
const [statusFilter, setStatusFilter] = useState<StatusFilter>("all"); const [statusFilter, setStatusFilter] = useState<StatusFilter>(
mapUrlStatus(initialStatus),
);
const [caseFilter, setCaseFilter] = useState<string>("all"); const [caseFilter, setCaseFilter] = useState<string>("all");
const { data: deadlines, isLoading } = useQuery({ const { data: deadlines, isLoading } = useQuery({
@@ -64,7 +77,7 @@ export function DeadlineList() {
const completeMutation = useMutation({ const completeMutation = useMutation({
mutationFn: (id: string) => mutationFn: (id: string) =>
api.patch<Deadline>(`/api/deadlines/${id}/complete`), api.patch<Deadline>(`/deadlines/${id}/complete`),
onSuccess: () => { onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ["deadlines"] }); queryClient.invalidateQueries({ queryKey: ["deadlines"] });
toast.success("Frist als erledigt markiert"); toast.success("Frist als erledigt markiert");
@@ -76,12 +89,12 @@ export function DeadlineList() {
const caseMap = useMemo(() => { const caseMap = useMemo(() => {
const map = new Map<string, Case>(); const map = new Map<string, Case>();
cases?.forEach((c) => map.set(c.id, c)); (Array.isArray(cases) ? cases : []).forEach((c) => map.set(c.id, c));
return map; return map;
}, [cases]); }, [cases]);
const filtered = useMemo(() => { const filtered = useMemo(() => {
if (!deadlines) return []; if (!Array.isArray(deadlines)) return [];
return deadlines.filter((d) => { return deadlines.filter((d) => {
if (statusFilter === "pending" && d.status !== "pending") return false; if (statusFilter === "pending" && d.status !== "pending") return false;
if (statusFilter === "completed" && d.status !== "completed") if (statusFilter === "completed" && d.status !== "completed")
@@ -90,13 +103,25 @@ export function DeadlineList() {
if (d.status === "completed") return false; if (d.status === "completed") return false;
if (!isPast(parseISO(d.due_date))) return false; if (!isPast(parseISO(d.due_date))) return false;
} }
if (statusFilter === "this_week") {
if (d.status === "completed") return false;
const due = parseISO(d.due_date);
if (isPast(due)) return false;
if (!isThisWeek(due, { weekStartsOn: 1 })) return false;
}
if (statusFilter === "ok") {
if (d.status === "completed") return false;
const due = parseISO(d.due_date);
if (isPast(due)) return false;
if (isThisWeek(due, { weekStartsOn: 1 })) return false;
}
if (caseFilter !== "all" && d.case_id !== caseFilter) return false; if (caseFilter !== "all" && d.case_id !== caseFilter) return false;
return true; return true;
}); });
}, [deadlines, statusFilter, caseFilter]); }, [deadlines, statusFilter, caseFilter]);
const counts = useMemo(() => { const counts = useMemo(() => {
if (!deadlines) return { overdue: 0, thisWeek: 0, ok: 0 }; if (!Array.isArray(deadlines)) return { overdue: 0, thisWeek: 0, ok: 0 };
let overdue = 0, let overdue = 0,
thisWeek = 0, thisWeek = 0,
ok = 0; ok = 0;
@@ -144,10 +169,10 @@ export function DeadlineList() {
</button> </button>
<button <button
onClick={() => onClick={() =>
setStatusFilter(statusFilter === "pending" ? "all" : "pending") setStatusFilter(statusFilter === "this_week" ? "all" : "this_week")
} }
className={`rounded-lg border p-3 text-left transition-all ${ className={`rounded-lg border p-3 text-left transition-all ${
statusFilter === "pending" statusFilter === "this_week"
? "border-amber-300 bg-amber-50 ring-1 ring-amber-200" ? "border-amber-300 bg-amber-50 ring-1 ring-amber-200"
: "border-neutral-200 bg-white hover:bg-neutral-50" : "border-neutral-200 bg-white hover:bg-neutral-50"
}`} }`}
@@ -158,9 +183,11 @@ export function DeadlineList() {
<div className="text-xs text-neutral-500">Diese Woche</div> <div className="text-xs text-neutral-500">Diese Woche</div>
</button> </button>
<button <button
onClick={() => setStatusFilter("all")} onClick={() =>
setStatusFilter(statusFilter === "ok" ? "all" : "ok")
}
className={`rounded-lg border p-3 text-left transition-all ${ className={`rounded-lg border p-3 text-left transition-all ${
statusFilter === "all" statusFilter === "ok"
? "border-green-300 bg-green-50 ring-1 ring-green-200" ? "border-green-300 bg-green-50 ring-1 ring-green-200"
: "border-neutral-200 bg-white hover:bg-neutral-50" : "border-neutral-200 bg-white hover:bg-neutral-50"
}`} }`}
@@ -187,8 +214,10 @@ export function DeadlineList() {
<option value="pending">Offen</option> <option value="pending">Offen</option>
<option value="completed">Erledigt</option> <option value="completed">Erledigt</option>
<option value="overdue">Überfällig</option> <option value="overdue">Überfällig</option>
<option value="this_week">Diese Woche</option>
<option value="ok">Im Zeitplan</option>
</select> </select>
{cases && cases.length > 0 && ( {Array.isArray(cases) && cases.length > 0 && (
<select <select
value={caseFilter} value={caseFilter}
onChange={(e) => setCaseFilter(e.target.value)} onChange={(e) => setCaseFilter(e.target.value)}

38
frontend/src/components/layout/Breadcrumb.tsx Normal file
View File

@@ -0,0 +1,38 @@
import Link from "next/link";
import { ChevronRight } from "lucide-react";
export interface BreadcrumbItem {
label: string;
href?: string;
}
interface Props {
items: BreadcrumbItem[];
}
export function Breadcrumb({ items }: Props) {
return (
<nav aria-label="Breadcrumb" className="mb-4 flex items-center gap-1 text-sm text-neutral-500">
{items.map((item, i) => {
const isLast = i === items.length - 1;
return (
<span key={i} className="flex items-center gap-1">
{i > 0 && <ChevronRight className="h-3.5 w-3.5 text-neutral-300" />}
{isLast || !item.href ? (
<span className={isLast ? "font-medium text-neutral-900" : ""}>
{item.label}
</span>
) : (
<Link
href={item.href}
className="transition-colors hover:text-neutral-900"
>
{item.label}
</Link>
)}
</span>
);
})}
</nav>
);
}

14
frontend/src/components/layout/TenantSwitcher.tsx
View File

@@ -15,6 +15,7 @@ export function TenantSwitcher() {
api api
.get<TenantWithRole[]>("/tenants") .get<TenantWithRole[]>("/tenants")
.then((data) => { .then((data) => {
if (!Array.isArray(data)) return;
setTenants(data); setTenants(data);
const savedId = localStorage.getItem("kanzlai_tenant_id"); const savedId = localStorage.getItem("kanzlai_tenant_id");
const match = data.find((t) => t.id === savedId) || data[0]; const match = data.find((t) => t.id === savedId) || data[0];
@@ -53,30 +54,33 @@ export function TenantSwitcher() {
onClick={() => setOpen(!open)} onClick={() => setOpen(!open)}
className="flex items-center gap-1.5 rounded-md border border-neutral-200 bg-white px-2.5 py-1.5 text-sm text-neutral-700 transition-colors hover:bg-neutral-50" className="flex items-center gap-1.5 rounded-md border border-neutral-200 bg-white px-2.5 py-1.5 text-sm text-neutral-700 transition-colors hover:bg-neutral-50"
> >
<span className="max-w-[120px] truncate sm:max-w-[160px]"> <span className="max-w-[200px] truncate sm:max-w-[280px]">
{current.name} {current.name}
</span> </span>
<ChevronsUpDown className="h-3.5 w-3.5 text-neutral-400" /> <ChevronsUpDown className="h-3.5 w-3.5 text-neutral-400" />
</button> </button>
{open && tenants.length > 1 && ( {open && (
<div className="animate-fade-in absolute right-0 top-full z-50 mt-1 w-56 rounded-md border border-neutral-200 bg-white py-1 shadow-lg"> <div className="animate-fade-in absolute right-0 top-full z-50 mt-1 w-64 rounded-md border border-neutral-200 bg-white py-1 shadow-lg">
{tenants.map((tenant) => ( {tenants.map((tenant) => (
<button <button
key={tenant.id} key={tenant.id}
onClick={() => switchTenant(tenant)} onClick={() => switchTenant(tenant)}
className={`flex w-full items-center px-3 py-1.5 text-left text-sm transition-colors ${ className={`flex w-full items-center px-3 py-2 text-left text-sm transition-colors ${
tenant.id === current.id tenant.id === current.id
? "bg-neutral-50 font-medium text-neutral-900" ? "bg-neutral-50 font-medium text-neutral-900"
: "text-neutral-600 hover:bg-neutral-50" : "text-neutral-600 hover:bg-neutral-50"
}`} }`}
> >
<span className="truncate">{tenant.name}</span> <span className="truncate">{tenant.name}</span>
<span className="ml-auto text-xs text-neutral-400"> <span className="ml-auto shrink-0 text-xs text-neutral-400">
{tenant.role} {tenant.role}
</span> </span>
</button> </button>
))} ))}
{tenants.length <= 1 && (
<p className="px-3 py-2 text-xs text-neutral-400">Einzige Kanzlei</p>
)}
</div> </div>
)} )}
</div> </div>

209
frontend/src/components/notes/NotesList.tsx Normal file
View File

@@ -0,0 +1,209 @@
"use client";
import { useQuery, useMutation, useQueryClient } from "@tanstack/react-query";
import { api } from "@/lib/api";
import type { Note } from "@/lib/types";
import { format, parseISO } from "date-fns";
import { de } from "date-fns/locale";
import { Plus, Pencil, Trash2, X, Check, MessageSquare } from "lucide-react";
import { useState } from "react";
import { toast } from "sonner";
interface NotesListProps {
parentType: "case" | "deadline" | "appointment" | "case_event";
parentId: string;
}
export function NotesList({ parentType, parentId }: NotesListProps) {
const queryClient = useQueryClient();
const queryKey = ["notes", parentType, parentId];
const [newContent, setNewContent] = useState("");
const [showNew, setShowNew] = useState(false);
const [editingId, setEditingId] = useState<string | null>(null);
const [editContent, setEditContent] = useState("");
const { data: notes, isLoading } = useQuery({
queryKey,
queryFn: () =>
api.get<Note[]>(`/notes?${parentType}_id=${parentId}`),
});
const createMutation = useMutation({
mutationFn: (content: string) => {
const body: Record<string, string> = {
content,
[`${parentType}_id`]: parentId,
};
return api.post<Note>("/notes", body);
},
onSuccess: () => {
queryClient.invalidateQueries({ queryKey });
setNewContent("");
setShowNew(false);
toast.success("Notiz erstellt");
},
onError: () => toast.error("Fehler beim Erstellen der Notiz"),
});
const updateMutation = useMutation({
mutationFn: ({ id, content }: { id: string; content: string }) =>
api.put<Note>(`/notes/${id}`, { content }),
onSuccess: () => {
queryClient.invalidateQueries({ queryKey });
setEditingId(null);
toast.success("Notiz aktualisiert");
},
onError: () => toast.error("Fehler beim Aktualisieren der Notiz"),
});
const deleteMutation = useMutation({
mutationFn: (id: string) => api.delete(`/notes/${id}`),
onSuccess: () => {
queryClient.invalidateQueries({ queryKey });
toast.success("Notiz geloescht");
},
onError: () => toast.error("Fehler beim Loeschen der Notiz"),
});
function handleCreate() {
if (!newContent.trim()) return;
createMutation.mutate(newContent.trim());
}
function handleUpdate(id: string) {
if (!editContent.trim()) return;
updateMutation.mutate({ id, content: editContent.trim() });
}
function startEdit(note: Note) {
setEditingId(note.id);
setEditContent(note.content);
}
const notesList = Array.isArray(notes) ? notes : [];
return (
<div className="rounded-lg border border-neutral-200 bg-white">
<div className="flex items-center justify-between border-b border-neutral-100 px-4 py-3">
<h3 className="text-sm font-medium text-neutral-900">Notizen</h3>
{!showNew && (
<button
onClick={() => setShowNew(true)}
className="flex items-center gap-1 rounded-md px-2 py-1 text-xs text-neutral-500 transition-colors hover:bg-neutral-50 hover:text-neutral-700"
>
<Plus className="h-3.5 w-3.5" />
Neu
</button>
)}
</div>
{showNew && (
<div className="border-b border-neutral-100 p-4">
<textarea
value={newContent}
onChange={(e) => setNewContent(e.target.value)}
rows={3}
autoFocus
placeholder="Notiz schreiben..."
className="w-full rounded-md border border-neutral-200 px-3 py-2 text-sm outline-none focus:border-neutral-400 focus:ring-1 focus:ring-neutral-400"
/>
<div className="mt-2 flex justify-end gap-2">
<button
onClick={() => {
setShowNew(false);
setNewContent("");
}}
className="rounded-md px-2.5 py-1 text-xs text-neutral-500 hover:bg-neutral-50"
>
Abbrechen
</button>
<button
onClick={handleCreate}
disabled={!newContent.trim() || createMutation.isPending}
className="rounded-md bg-neutral-900 px-2.5 py-1 text-xs font-medium text-white hover:bg-neutral-800 disabled:opacity-50"
>
{createMutation.isPending ? "Speichern..." : "Speichern"}
</button>
</div>
</div>
)}
{isLoading ? (
<div className="space-y-2 p-4">
{[1, 2].map((i) => (
<div key={i} className="h-12 animate-pulse rounded-md bg-neutral-100" />
))}
</div>
) : notesList.length === 0 ? (
<div className="flex flex-col items-center py-8 text-center">
<MessageSquare className="h-5 w-5 text-neutral-300" />
<p className="mt-2 text-sm text-neutral-400">
Keine Notizen vorhanden.
</p>
</div>
) : (
<div className="divide-y divide-neutral-100">
{notesList.map((note) => (
<div key={note.id} className="group px-4 py-3">
{editingId === note.id ? (
<div>
<textarea
value={editContent}
onChange={(e) => setEditContent(e.target.value)}
rows={3}
autoFocus
className="w-full rounded-md border border-neutral-200 px-3 py-2 text-sm outline-none focus:border-neutral-400 focus:ring-1 focus:ring-neutral-400"
/>
<div className="mt-2 flex justify-end gap-2">
<button
onClick={() => setEditingId(null)}
className="rounded-md p-1 text-neutral-400 hover:bg-neutral-50 hover:text-neutral-600"
>
<X className="h-3.5 w-3.5" />
</button>
<button
onClick={() => handleUpdate(note.id)}
disabled={!editContent.trim() || updateMutation.isPending}
className="rounded-md p-1 text-neutral-400 hover:bg-neutral-50 hover:text-green-600"
>
<Check className="h-3.5 w-3.5" />
</button>
</div>
</div>
) : (
<div>
<div className="flex items-start justify-between">
<p className="whitespace-pre-wrap text-sm text-neutral-700">
{note.content}
</p>
<div className="ml-4 flex shrink-0 gap-1 opacity-0 transition-opacity group-hover:opacity-100">
<button
onClick={() => startEdit(note)}
className="rounded p-1 text-neutral-400 hover:bg-neutral-50 hover:text-neutral-600"
>
<Pencil className="h-3 w-3" />
</button>
<button
onClick={() => deleteMutation.mutate(note.id)}
className="rounded p-1 text-neutral-400 hover:bg-red-50 hover:text-red-500"
>
<Trash2 className="h-3 w-3" />
</button>
</div>
</div>
<p className="mt-1 text-xs text-neutral-400">
{format(parseISO(note.created_at), "d. MMM yyyy, HH:mm", {
locale: de,
})}
{note.updated_at !== note.created_at && " (bearbeitet)"}
</p>
</div>
)}
</div>
))}
</div>
)}
</div>
);
}

2
frontend/src/components/settings/CalDAVSettings.tsx
View File

@@ -68,7 +68,7 @@ export function CalDAVSettings({ tenant }: { tenant: Tenant }) {
typeof window !== "undefined" typeof window !== "undefined"
? localStorage.getItem("kanzlai_tenant_id") ? localStorage.getItem("kanzlai_tenant_id")
: null; : null;
return api.put<Tenant>(`/api/tenants/${tenantId}/settings`, { return api.put<Tenant>(`/tenants/${tenantId}/settings`, {
caldav: cfg, caldav: cfg,
}); });
}, },

8
frontend/src/components/settings/TeamSettings.tsx
View File

@@ -32,13 +32,13 @@ export function TeamSettings() {
} = useQuery({ } = useQuery({
queryKey: ["tenant-members", tenantId], queryKey: ["tenant-members", tenantId],
queryFn: () => queryFn: () =>
api.get<UserTenant[]>(`/api/tenants/${tenantId}/members`), api.get<UserTenant[]>(`/tenants/${tenantId}/members`),
enabled: !!tenantId, enabled: !!tenantId,
}); });
const inviteMutation = useMutation({ const inviteMutation = useMutation({
mutationFn: (data: { email: string; role: string }) => mutationFn: (data: { email: string; role: string }) =>
api.post(`/api/tenants/${tenantId}/invite`, data), api.post(`/tenants/${tenantId}/invite`, data),
onSuccess: () => { onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ["tenant-members"] }); queryClient.invalidateQueries({ queryKey: ["tenant-members"] });
setEmail(""); setEmail("");
@@ -52,7 +52,7 @@ export function TeamSettings() {
const removeMutation = useMutation({ const removeMutation = useMutation({
mutationFn: (userId: string) => mutationFn: (userId: string) =>
api.delete(`/api/tenants/${tenantId}/members/${userId}`), api.delete(`/tenants/${tenantId}/members/${userId}`),
onSuccess: () => { onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ["tenant-members"] }); queryClient.invalidateQueries({ queryKey: ["tenant-members"] });
toast.success("Mitglied entfernt"); toast.success("Mitglied entfernt");
@@ -118,7 +118,7 @@ export function TeamSettings() {
</form> </form>
{/* Members List */} {/* Members List */}
{members && members.length > 0 ? ( {Array.isArray(members) && members.length > 0 ? (
<div className="overflow-hidden rounded-md border border-neutral-200"> <div className="overflow-hidden rounded-md border border-neutral-200">
{members.map((member, i) => { {members.map((member, i) => {
const roleInfo = ROLE_LABELS[member.role] || ROLE_LABELS.member; const roleInfo = ROLE_LABELS[member.role] || ROLE_LABELS.member;

49
frontend/src/lib/types.ts
View File

@@ -176,6 +176,19 @@ export interface CalDAVSyncResponse {
last_sync_at?: null; last_sync_at?: null;
} }
export interface Note {
id: string;
tenant_id: string;
case_id?: string;
deadline_id?: string;
appointment_id?: string;
case_event_id?: string;
content: string;
created_by?: string;
created_at: string;
updated_at: string;
}
export interface ApiError { export interface ApiError {
error: string; error: string;
status: number; status: number;
@@ -223,11 +236,47 @@ export interface UpcomingAppointment {
case_title?: string; case_title?: string;
} }
export interface RecentActivity {
id: string;
event_type?: string;
title: string;
case_id: string;
case_number: string;
event_date?: string;
created_at: string;
}
export interface DashboardData { export interface DashboardData {
deadline_summary: DeadlineSummary; deadline_summary: DeadlineSummary;
case_summary: CaseSummary; case_summary: CaseSummary;
upcoming_deadlines: UpcomingDeadline[]; upcoming_deadlines: UpcomingDeadline[];
upcoming_appointments: UpcomingAppointment[]; upcoming_appointments: UpcomingAppointment[];
recent_activity?: RecentActivity[];
}
// Notes
export interface Note {
id: string;
tenant_id: string;
case_id?: string;
deadline_id?: string;
appointment_id?: string;
case_event_id?: string;
content: string;
created_by?: string;
created_at: string;
updated_at: string;
}
// Recent Activity
export interface RecentActivity {
id: string;
event_type?: string;
title: string;
case_id: string;
case_number: string;
event_date?: string;
created_at: string;
} }
// AI Extraction types // AI Extraction types