fix(06): update status to Viewed on link open; serve signedFilePath in agent portal after signing

2026-03-21 10:01:46 -06:00
parent 5aef96786a
commit 1171b2fa86
2 changed files with 9 additions and 15 deletions
--- a/teressa-copeland-homes/src/app/api/documents/[id]/file/route.ts
+++ b/teressa-copeland-homes/src/app/api/documents/[id]/file/route.ts
@@ -21,7 +21,9 @@ export async function GET(
  });
  if (!doc || !doc.filePath) return new Response('Not found', { status: 404 });
-  const filePath = path.join(UPLOADS_BASE, doc.filePath);
+  // Serve signed PDF for completed documents, original otherwise
  const relativePath = doc.signedFilePath ?? doc.filePath;
  const filePath = path.join(UPLOADS_BASE, relativePath);
  // Path traversal guard — critical security check
  if (!filePath.startsWith(UPLOADS_BASE)) {
--- a/teressa-copeland-homes/src/app/api/sign/[token]/route.ts
+++ b/teressa-copeland-homes/src/app/api/sign/[token]/route.ts
@@ -72,20 +72,12 @@ export async function GET(
    return NextResponse.json({ status: 'invalid' }, { status: 200 });
  }
-  // 5 & 6. Log audit events: link_opened + document_viewed
+  // 5 & 6. Log audit events + update status to Viewed
-  await logAuditEvent({
+  await Promise.all([
-    documentId: payload.documentId,
+    logAuditEvent({ documentId: payload.documentId, eventType: 'link_opened', ipAddress: ip, userAgent: ua }),
-    eventType: 'link_opened',
+    logAuditEvent({ documentId: payload.documentId, eventType: 'document_viewed', ipAddress: ip, userAgent: ua }),
-    ipAddress: ip,
+    db.update(documents).set({ status: 'Viewed' }).where(eq(documents.id, payload.documentId)),
-    userAgent: ua,
+  ]);
  });
  await logAuditEvent({
    documentId: payload.documentId,
    eventType: 'document_viewed',
    ipAddress: ip,
    userAgent: ua,
  });
  // 7. Return pending state with document data
  return NextResponse.json({