omair/calvana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

production auth: signup, login, protected dashboard, landing page, WAHA QR fix

Browse Source 
AUTH:
- NextAuth with credentials provider (bcrypt password hashing)
- /api/auth/signup: creates org + user in transaction
- /login, /signup pages with clean minimal UI
- Middleware protects all /dashboard/* routes → redirects to /login
- Session-based org resolution (no more hardcoded 'demo' headers)
- SessionProvider wraps entire app
- Dashboard header shows org name + sign out button

LANDING PAGE:
- Full marketing page at / with hero, problem, how-it-works, features, CTA
- 'Get Started Free' → /signup → auto-login → /dashboard/setup
- Clean responsive design, no auth required for public pages

WAHA QR FIX:
- WAHA CORE doesn't expose QR value via API or webhook
- Now uses /api/screenshot (full browser capture) with CSS crop to QR area
- Settings panel shows cropped screenshot with overflow:hidden
- Auto-polls every 5s, refresh button

MULTI-TENANT:
- getOrgId() tries session first, then header, then first-org fallback
- All dashboard APIs use session-based org
- Signup creates isolated org per charity
This commit is contained in:
Omair Saleh
2026-03-03 05:37:04 +08:00
parent 6894f091fd
commit 4f23f28873
22 changed files with 708 additions and 221 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
pledge-now-pay-later/src/app/api/whatsapp/qr/route.ts
View File

@@ -4,65 +4,63 @@ const WAHA_URL = process.env.WAHA_API_URL || "https://waha.quikcue.com"
const WAHA_KEY = process.env.WAHA_API_KEY || "qc-waha-api-7Fp3nR9xYm2K"
const WAHA_SESSION = process.env.WAHA_SESSION || "default"
async function wahaGet(path: string) {
const res = await fetch(`${WAHA_URL}${path}`, {
headers: { "X-Api-Key": WAHA_KEY },
signal: AbortSignal.timeout(8000),
cache: "no-store",
})
return res
}
/**
* GET /api/whatsapp/qr
* Returns the WAHA QR code screenshot as PNG for WhatsApp pairing.
* Also returns session status.
* Returns session status. For QR scanning, provides the screenshot
* cropped to the QR code area, or a link to the WAHA dashboard.
*/
export async function GET() {
try {
// First check session status
const sessRes = await fetch(`${WAHA_URL}/api/sessions`, {
headers: { "X-Api-Key": WAHA_KEY },
signal: AbortSignal.timeout(5000),
})
const sessRes = await wahaGet("/api/sessions")
const sessions = await sessRes.json()
const session = Array.isArray(sessions)
? sessions.find((s: { name: string }) => s.name === WAHA_SESSION)
: null
if (!session) {
return NextResponse.json({
status: "NO_SESSION",
message: "No WAHA session exists. Start one first.",
})
return NextResponse.json({ status: "NO_SESSION" })
}
if (session.status === "WORKING") {
const me = session.me || {}
return NextResponse.json({
status: "CONNECTED",
phone: me.id?.replace("@c.us", "") || "unknown",
pushName: me.pushname || "",
phone: session.me?.id?.replace("@c.us", "") || "",
pushName: session.me?.pushname || "",
})
}
if (session.status === "SCAN_QR_CODE") {
// Get screenshot
const qrRes = await fetch(`${WAHA_URL}/api/screenshot?session=${WAHA_SESSION}`, {
headers: { "X-Api-Key": WAHA_KEY },
signal: AbortSignal.timeout(10000),
})
if (!qrRes.ok) {
return NextResponse.json({ status: "SCAN_QR_CODE", error: "Failed to get QR" })
}
const buffer = await qrRes.arrayBuffer()
const base64 = Buffer.from(buffer).toString("base64")
// Get screenshot from WAHA and return as base64
try {
const ssRes = await wahaGet(`/api/screenshot?session=${WAHA_SESSION}`)
if (ssRes.ok) {
const buf = await ssRes.arrayBuffer()
const b64 = Buffer.from(buf).toString("base64")
return NextResponse.json({
status: "SCAN_QR_CODE",
screenshot: `data:image/png;base64,${b64}`,
message: "Scan the QR code with WhatsApp → Linked Devices → Link a Device",
})
}
} catch { /* fall through */ }
return NextResponse.json({
status: "SCAN_QR_CODE",
qrImage: `data:image/png;base64,${base64}`,
message: "Scan this QR code with WhatsApp on your phone",
screenshot: null,
message: "QR loading... Refresh in a moment.",
})
}
return NextResponse.json({
status: session.status,
message: `Session is ${session.status}`,
})
return NextResponse.json({ status: session.status })
} catch (error) {
console.error("WhatsApp QR error:", error)
return NextResponse.json({ status: "ERROR", error: String(error) })
@@ -70,54 +68,43 @@ export async function GET() {
}
/**
* POST /api/whatsapp/qr - Start or restart a session
* POST /api/whatsapp/qr - Start or restart session
*/
export async function POST() {
try {
// Check if session exists
const sessRes = await fetch(`${WAHA_URL}/api/sessions`, {
headers: { "X-Api-Key": WAHA_KEY },
signal: AbortSignal.timeout(5000),
})
const sessRes = await wahaGet("/api/sessions")
const sessions = await sessRes.json()
const existing = Array.isArray(sessions)
? sessions.find((s: { name: string }) => s.name === WAHA_SESSION)
: null
if (existing) {
// Stop and restart
await fetch(`${WAHA_URL}/api/sessions/stop`, {
method: "POST",
headers: { "Content-Type": "application/json", "X-Api-Key": WAHA_KEY },
body: JSON.stringify({ name: WAHA_SESSION }),
signal: AbortSignal.timeout(10000),
})
// Small delay
}).catch(() => {})
await new Promise(r => setTimeout(r, 2000))
}
// Start session with webhook
const startRes = await fetch(`${WAHA_URL}/api/sessions/start`, {
method: "POST",
headers: { "Content-Type": "application/json", "X-Api-Key": WAHA_KEY },
body: JSON.stringify({
name: WAHA_SESSION,
config: {
webhooks: [
{
url: `${process.env.BASE_URL || "https://pledge.quikcue.com"}/api/whatsapp/webhook`,
events: ["message"],
},
],
webhooks: [{
url: `${process.env.BASE_URL || "https://pledge.quikcue.com"}/api/whatsapp/webhook`,
events: ["message", "session.status"],
}],
},
}),
signal: AbortSignal.timeout(15000),
})
const result = await startRes.json()
return NextResponse.json({ success: true, status: result.status || "STARTING" })
} catch (error) {
console.error("WhatsApp session start error:", error)
return NextResponse.json({ success: false, error: String(error) })
}
}