import { Injectable, NotFoundException } from '@nestjs/common'; import { InjectModel } from '@nestjs/mongoose'; import { Model } from 'mongoose'; import { Settings, SettingsDocument } from './schemas/settings.schema'; import { UpdateSettingsDto } from './dto/update-settings.dto'; import * as fs from 'fs/promises'; import * as path from 'path'; import { randomBytes } from 'crypto'; import { toFullUrl } from '../common/helpers/url.helper'; @Injectable() export class SettingsService { constructor( @InjectModel(Settings.name) private settingsModel: Model, ) { } private readonly DEFAULTS: Partial = { schoolName: 'School Management System', theme: 'light', primaryColor: '#4c3cc9', secondaryColor: '#3f2fb1', showWhatsapp: false, sidebarCollapsed: false, }; async getSettings(): Promise { const settings = await this.settingsModel .findOneAndUpdate( { _singleton: 'singleton' }, { $setOnInsert: { _singleton: 'singleton', ...this.DEFAULTS, }, }, { new: true, upsert: true, runValidators: true }, ) .lean(); // Merge defaults for fields that may be missing on legacy documents return { ...settings, schoolName: settings.schoolName || 'School Management System', theme: settings.theme || 'light', primaryColor: settings.primaryColor || '#4c3cc9', secondaryColor: settings.secondaryColor || '#3f2fb1', showWhatsapp: settings.showWhatsapp ?? false, sidebarCollapsed: settings.sidebarCollapsed ?? false, logoUrl: settings.logoUrl ? toFullUrl(settings.logoUrl) : settings.logoUrl, loginLogoUrl: settings.loginLogoUrl ? toFullUrl(settings.loginLogoUrl) : settings.loginLogoUrl, loginIllustrationUrl: settings.loginIllustrationUrl ? toFullUrl(settings.loginIllustrationUrl) : settings.loginIllustrationUrl, faviconUrl: settings.faviconUrl ? toFullUrl(settings.faviconUrl) : settings.faviconUrl, letterheadUrl: settings.letterheadUrl ? toFullUrl(settings.letterheadUrl) : settings.letterheadUrl, authorizedSignatureUrl: settings.authorizedSignatureUrl ? toFullUrl(settings.authorizedSignatureUrl) : settings.authorizedSignatureUrl, }; } async getPublicSettings() { const s = await this.getSettings(); return { schoolName: s.schoolName, logoUrl: s.logoUrl, loginLogoUrl: s.loginLogoUrl, loginIllustrationUrl: s.loginIllustrationUrl, faviconUrl: s.faviconUrl, loginMainHeading: s.loginMainHeading, loginWelcomeText: s.loginWelcomeText, loginPortalName: s.loginPortalName, loginTagline: s.loginTagline, loginIllustrationAlt: s.loginIllustrationAlt, theme: s.theme, primaryColor: s.primaryColor, secondaryColor: s.secondaryColor, primaryTextColor: s.primaryTextColor, secondaryTextColor: s.secondaryTextColor, // Theme-specific colors lightPrimaryColor: s.lightPrimaryColor, lightSecondaryColor: s.lightSecondaryColor, lightPrimaryTextColor: s.lightPrimaryTextColor, lightSecondaryTextColor: s.lightSecondaryTextColor, darkPrimaryColor: s.darkPrimaryColor, darkSecondaryColor: s.darkSecondaryColor, darkPrimaryTextColor: s.darkPrimaryTextColor, darkSecondaryTextColor: s.darkSecondaryTextColor, showWhatsapp: s.showWhatsapp, whatsappNumber: s.showWhatsapp ? s.whatsappNumber : undefined, letterheadUrl: s.letterheadUrl, // Invoice settings (public so invoice page can render without auth on settings) schoolAddress: s.schoolAddress, schoolPhone: s.schoolPhone, schoolEmail: s.schoolEmail, invoiceTerms: s.invoiceTerms, authorizedSignatureUrl: s.authorizedSignatureUrl, }; } async updateSettings(dto: UpdateSettingsDto) { // Separate null values (to $unset) from actual values (to $set) const setFields: Record = {}; const unsetFields: Record = {}; for (const [key, value] of Object.entries(dto)) { if (value === null || value === undefined) { unsetFields[key] = 1; } else { setFields[key] = value; } } const updateOp: Record = {}; if (Object.keys(setFields).length > 0) updateOp.$set = setFields; if (Object.keys(unsetFields).length > 0) updateOp.$unset = unsetFields; // If nothing to update, just return current settings if (Object.keys(updateOp).length === 0) { return this.getSettings(); } const updated = await this.settingsModel .findOneAndUpdate( { _singleton: 'singleton' }, updateOp, { new: true, upsert: true, runValidators: true }, ) .lean(); if (!updated) { throw new NotFoundException('Failed to update settings'); } // Return via getSettings() to ensure consistent response (full URLs, defaults, etc.) return this.getSettings(); } async uploadLogo(file: Express.Multer.File) { if (!file) throw new NotFoundException('No file uploaded'); const uploadsDir = path.join(process.cwd(), 'uploads', 'settings'); await fs.mkdir(uploadsDir, { recursive: true }); const filename = `logo-${randomBytes(16).toString('hex')}${path.extname(file.originalname)}`; const filepath = path.join(uploadsDir, filename); await fs.writeFile(filepath, file.buffer); const relativePath = `/uploads/settings/${filename}`; // Get existing settings to delete old file const existingSettings = await this.settingsModel.findOne({ _singleton: 'singleton' }).lean(); if (existingSettings?.logoUrl) { // Extract relative path from full URL or use as-is if already relative let oldRelativePath: string; try { const urlObj = new URL(existingSettings.logoUrl); oldRelativePath = urlObj.pathname.replace('/schoolcrmbackend', ''); } catch { // Already a relative path oldRelativePath = existingSettings.logoUrl; } const oldPath = path.join(process.cwd(), oldRelativePath.replace(/^\//, '')); await fs.unlink(oldPath).catch(() => { }); } // Update with relative path const updated = await this.settingsModel .findOneAndUpdate( { _singleton: 'singleton' }, { $set: { logoUrl: relativePath } }, { new: true, upsert: true }, ) .lean(); if (!updated) { throw new NotFoundException('Failed to update logo'); } // Return full URL const fullUrl = toFullUrl(relativePath); return { logoUrl: fullUrl }; } async deleteLogo() { const settings = await this.getSettings(); if (settings.logoUrl) { // Extract relative path from full URL or use as-is if already relative let relativePath: string; try { const urlObj = new URL(settings.logoUrl); relativePath = urlObj.pathname.replace('/schoolcrmbackend', ''); } catch { // Already a relative path relativePath = settings.logoUrl; } const filepath = path.join(process.cwd(), relativePath.replace(/^\//, '')); await fs.unlink(filepath).catch(() => { }); } await this.settingsModel.findOneAndUpdate( { _singleton: 'singleton' }, { $unset: { logoUrl: 1 } }, { new: true, upsert: true }, ); return { message: 'Logo deleted successfully' }; } async uploadLoginLogo(file: Express.Multer.File) { if (!file) throw new NotFoundException('No file uploaded'); const uploadsDir = path.join(process.cwd(), 'uploads', 'settings'); await fs.mkdir(uploadsDir, { recursive: true }); const filename = `login-logo-${randomBytes(16).toString('hex')}${path.extname(file.originalname)}`; const filepath = path.join(uploadsDir, filename); await fs.writeFile(filepath, file.buffer); const relativePath = `/uploads/settings/${filename}`; // Get existing settings to delete old file const existingSettings = await this.settingsModel.findOne({ _singleton: 'singleton' }).lean(); if (existingSettings?.loginLogoUrl) { // Extract relative path from full URL or use as-is if already relative let oldRelativePath: string; try { const urlObj = new URL(existingSettings.loginLogoUrl); oldRelativePath = urlObj.pathname.replace('/schoolcrmbackend', ''); } catch { // Already a relative path oldRelativePath = existingSettings.loginLogoUrl; } const oldPath = path.join(process.cwd(), oldRelativePath.replace(/^\//, '')); await fs.unlink(oldPath).catch(() => { }); } // Update with relative path const updated = await this.settingsModel .findOneAndUpdate( { _singleton: 'singleton' }, { $set: { loginLogoUrl: relativePath } }, { new: true, upsert: true }, ) .lean(); if (!updated) { throw new NotFoundException('Failed to update login logo'); } // Return full URL const fullUrl = toFullUrl(relativePath); return { loginLogoUrl: fullUrl }; } async deleteLoginLogo() { const settings = await this.getSettings(); if (settings.loginLogoUrl) { // Extract relative path from full URL or use as-is if already relative let relativePath: string; try { const urlObj = new URL(settings.loginLogoUrl); relativePath = urlObj.pathname.replace('/schoolcrmbackend', ''); } catch { // Already a relative path relativePath = settings.loginLogoUrl; } const filepath = path.join(process.cwd(), relativePath.replace(/^\//, '')); await fs.unlink(filepath).catch(() => { }); } await this.settingsModel.findOneAndUpdate( { _singleton: 'singleton' }, { $unset: { loginLogoUrl: 1 } }, { new: true, upsert: true }, ); return { message: 'Login logo deleted successfully' }; } async uploadLoginIllustration(file: Express.Multer.File) { if (!file) throw new NotFoundException('No file uploaded'); const uploadsDir = path.join(process.cwd(), 'uploads', 'settings'); await fs.mkdir(uploadsDir, { recursive: true }); const filename = `login-illustration-${randomBytes(16).toString('hex')}${path.extname(file.originalname)}`; const filepath = path.join(uploadsDir, filename); await fs.writeFile(filepath, file.buffer); const relativePath = `/uploads/settings/${filename}`; // Get existing settings to delete old file const existingSettings = await this.settingsModel.findOne({ _singleton: 'singleton' }).lean(); if (existingSettings?.loginIllustrationUrl) { // Extract relative path from full URL or use as-is if already relative let oldRelativePath: string; try { const urlObj = new URL(existingSettings.loginIllustrationUrl); oldRelativePath = urlObj.pathname.replace('/schoolcrmbackend', ''); } catch { // Already a relative path oldRelativePath = existingSettings.loginIllustrationUrl; } const oldPath = path.join(process.cwd(), oldRelativePath.replace(/^\//, '')); await fs.unlink(oldPath).catch(() => { }); } // Update with relative path const updated = await this.settingsModel .findOneAndUpdate( { _singleton: 'singleton' }, { $set: { loginIllustrationUrl: relativePath } }, { new: true, upsert: true }, ) .lean(); if (!updated) { throw new NotFoundException('Failed to update login illustration'); } // Return full URL const fullUrl = toFullUrl(relativePath); return { loginIllustrationUrl: fullUrl }; } async deleteLoginIllustration() { const settings = await this.getSettings(); if (settings.loginIllustrationUrl) { // Extract relative path from full URL or use as-is if already relative let relativePath: string; try { const urlObj = new URL(settings.loginIllustrationUrl); relativePath = urlObj.pathname.replace('/schoolcrmbackend', ''); } catch { // Already a relative path relativePath = settings.loginIllustrationUrl; } const filepath = path.join(process.cwd(), relativePath.replace(/^\//, '')); await fs.unlink(filepath).catch(() => { }); } await this.settingsModel.findOneAndUpdate( { _singleton: 'singleton' }, { $unset: { loginIllustrationUrl: 1 } }, { new: true, upsert: true }, ); return { message: 'Login illustration deleted successfully' }; } async uploadAuthorizedSignature(file: Express.Multer.File) { if (!file) throw new NotFoundException('No file uploaded'); const uploadsDir = path.join(process.cwd(), 'uploads', 'settings'); await fs.mkdir(uploadsDir, { recursive: true }); const filename = `authorized-signature-${randomBytes(16).toString('hex')}${path.extname(file.originalname)}`; const filepath = path.join(uploadsDir, filename); await fs.writeFile(filepath, file.buffer); const relativePath = `/uploads/settings/${filename}`; // Delete old file if exists (with realpath validation) const existingSettings = await this.settingsModel.findOne({ _singleton: 'singleton' }).lean(); if (existingSettings?.authorizedSignatureUrl) { let oldRelativePath: string; try { const urlObj = new URL(existingSettings.authorizedSignatureUrl); oldRelativePath = urlObj.pathname.replace('/schoolcrmbackend', ''); } catch { oldRelativePath = existingSettings.authorizedSignatureUrl; } const oldPath = path.join(process.cwd(), oldRelativePath.replace(/^\//, '')); const allowedDir = path.join(process.cwd(), 'uploads', 'settings'); const resolvedPath = await fs.realpath(oldPath).catch(() => null); if (resolvedPath && resolvedPath.startsWith(allowedDir)) { await fs.unlink(resolvedPath).catch(() => { }); } } const updated = await this.settingsModel .findOneAndUpdate( { _singleton: 'singleton' }, { $set: { authorizedSignatureUrl: relativePath } }, { new: true, upsert: true }, ) .lean(); if (!updated) { throw new NotFoundException('Failed to update authorized signature'); } const fullUrl = toFullUrl(relativePath); return { authorizedSignatureUrl: fullUrl }; } async deleteAuthorizedSignature() { const settings = await this.getSettings(); if (settings.authorizedSignatureUrl) { let relativePath: string; try { const urlObj = new URL(settings.authorizedSignatureUrl); relativePath = urlObj.pathname.replace('/schoolcrmbackend', ''); } catch { relativePath = settings.authorizedSignatureUrl; } const filepath = path.join(process.cwd(), relativePath.replace(/^\//, '')); const allowedDir = path.join(process.cwd(), 'uploads', 'settings'); const resolvedPath = await fs.realpath(filepath).catch(() => null); if (resolvedPath && resolvedPath.startsWith(allowedDir)) { await fs.unlink(resolvedPath).catch(() => { }); } } await this.settingsModel.findOneAndUpdate( { _singleton: 'singleton' }, { $unset: { authorizedSignatureUrl: 1 } }, { new: true, upsert: true }, ); return { message: 'Authorized signature deleted successfully' }; } }