- index.html: load https://auth.queo.ru/widget.js
- auth.ts: openLogin() opens widget modal; useAuth() subscribes to widget
onAuthChange so login in any tab updates the app instantly. Falls back
to hosted login redirect if widget isn't loaded yet.
- App.tsx: render Landing page for unauthenticated state instead of
hard redirect. Display username; add Logout button to topbar and
Forbidden screen. Header uses username || email || sub.
- api.ts: throw ApiError(401) on 401 instead of redirecting — App.tsx
re-fetches /api/me and shows the landing.
- @doc-manager/shared AuthPayload: email is optional now, username and
displayName accepted. Backend /api/me returns username.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Backend:
- POST /api/projects accepts optional organizationId; default = active org
- GET /api/projects (list) and GET /:id include organization {id,name,shortName}
- /:id and /:id/documents no longer filter by active org — direct link works
across organizations; UI offers to switch active to project's org
Frontend:
- Project create modal: «Фирма (исполнитель)» dropdown, default = active
- Projects list shows «Фирма» column when user has >1 organization
- ProjectEdit shows org-banner with project's organization;
if active org differs, banner has «переключить активную на эту →» button
- ProjectEdit fetches BankAccounts from project's org (not active)
- Bumped clients fetch limit to 1000 to match API max
Org of an existing project cannot be changed (would orphan documents/lines);
to switch fenced — create new project under desired org.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Schema:
- Block: new optional fields `optional` (boolean) and `optionalLabel` (string)
- DocBody: new field `disabledBlockIds` — IDs of optional blocks turned off on this instance
- Renderer skips blocks whose id is in disabledBlockIds
Template authoring (BlocksEditor):
- Each block card has «Опциональный» checkbox + custom label input
- Optional blocks visually highlighted (amber border)
Document editing (DocumentEdit):
- New «Расширенный режим» toggle in header (default off → simple mode)
- Simple mode: only document header, lines, and «Дополнительные пункты»
section listing optional blocks as checkboxes
- Advanced mode: also shows full BlocksEditor (previous behavior)
- Toggling optional block updates body.disabledBlockIds; renderer/PDF reflects it
Workflow: автор шаблона помечает спорные блоки как опциональные → пользователь
при создании документа просто отмечает галочки, не залезая в контент.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Projects.tsx: pre-validate empty name, show fieldErrors on Field
(root cause of '400 validation_error' was empty name silently rejected)
- ProjectPicker component for DocumentEdit; selecting a project autofills
default client when no client is yet set
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- New API endpoint GET /api/lookup/party?inn=... — proxies to DaData API,
returns parsed party (name, kpp, ogrn, address, signatory, status)
- Env DADATA_API_KEY (optional) — without it endpoint returns 503/no_dadata_key
- Web: InnLookupButton component shown next to ИНН field in Clients form
and Company requisites; on click fetches DaData and fills all matching
fields. Warns if status is not ACTIVE (liquidated, etc.)
Free DaData tier: 10000 requests/day. Get key at
https://dadata.ru/api/find-party/ — paste into DADATA_API_KEY in
docker/.env on queoserver.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Renamed singular /api/organization → CRUD /api/organizations
- New BankAccount table with CRUD under /api/organizations/:orgId/bank-accounts
- TochkaCredential gets optional bankAccountId for future per-account bank API config
- Active organization stored in cookie dm_org, /api/active-organization GET/POST
- activeOrgPlugin resolves req._orgId from cookie (or first non-archived as fallback)
- Migration 1_multiorg: BankAccount table + data backfill from legacy Organization.bank* fields
- Web: new /companies list + /companies/:id with tabs (Реквизиты, Банки и счета, Интеграции stub)
- Web: OrgSwitcher dropdown in header (active org + management link)
- Removed nav "Реквизиты", "Банк" — replaced by "Компании"
- Per-field error highlighting wired up on new forms
Existing organization data backfills cleanly: legacy bank* fields stay readable, but new
BankAccount becomes the source of truth going forward.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ApiError.fieldErrors() returns map field→ru-message; forms set fieldErrors state
on save failure, pass error prop to Field components (red border + inline message),
clear individual error when user edits that field.
Wired up: Clients, Organization. Services и Documents — позже.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- zod-utils.ts: optionalRegex/optionalEmail/optionalText with preprocess('' -> null)
- clients/organizations/services schemas now accept empty strings for optional fields
(controlled inputs naturally produce '' instead of null)
- ApiError.prettyMessage() unfolds zod fieldErrors so users see which field failed
Reproduce: POST /api/clients with email="" or empty inn returned 400 validation_error.
Now it succeeds (empty stays null), and any real validation error names the field.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
GET /auth/login → 404. Auth_server's user-facing login form lives at
GET https://auth.queo.ru/login (rendered by views/login.html), while
POST /auth/login is the JSON API. Web was redirecting to wrong path.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- monorepo (npm workspaces): apps/api (Fastify+Prisma+TS), apps/web (Vite+React+TS), packages/shared (zod schemas)
- SSO via auth.queo.ru: jose+JWKS plugin, requireDocPermission(viewer|user|admin)
- DEV_BYPASS_AUTH for local development (hard-checked off in production)
- M2: organization upsert, clients CRUD with search, services catalog with soft-delete
- BigInt -> Number serializer for Prisma money columns
- Embedded Postgres + npm run dev:demo for one-command local boot
- Docker compose for queoserver: postgres + api + web (nginx as ingress proxying /api -> api:3030)
- First migration 0_init committed (prisma migrate diff)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Claude