perf+fix: file download proxy + drop awaits on audit/notifications/finance sync

Two problems reported by the user: 1. File downloads broken on the lab side. The link in JobFilesPanel pointed straight at Appwrite's /storage/.../view URL. Storage permissions are scoped to the job's two teams, but the browser only has a session cookie for our app domain, not for db.kovaksoft.com — so the cross-origin request hit Appwrite as a guest and 401'd. New /api/jobs/[jobId]/files/[fileId]/download route. requireTenant() first, then verify the caller's tenant is one of (clinicTenantId, labTenantId) on the parent job, then storage.getFileDownload via the admin SDK and stream the buffer back with Content-Disposition: attachment so the browser saves it under the original filename. listJobFiles now hands out that relative URL instead of the Appwrite one — same anchor in the panel, just routed through us. 2. Saves and edits feel slow whenever a notification is involved. Every mutation was awaiting logAudit, createNotification and syncFinanceForJob in sequence. None of these need to block the user response — audit is best-effort logging, notifications are async UX, and the finance sync is idempotent and re-runs on the next mutation anyway. Switched all 46 call sites across the action modules to void-fire-and-forget (matching the pattern we already used in clinic-pricing-actions). Net effect: each mutation drops ~3 sequential Appwrite roundtrips before the server action returns.
2026-05-22 01:05:25 +03:00
parent 97a6031992
commit 12631cf9c5
13 changed files with 112 additions and 46 deletions
@@ -110,7 +110,7 @@ export async function requestConnectionAction(
        approvedAt: null,
        rejectedAt: null,
      });
-      await logAudit({
+      void logAudit({
        tenantId: ctx.tenantId,
        userId: ctx.user.id,
        action: "update",
@@ -132,7 +132,7 @@ export async function requestConnectionAction(
        },
        connectionPermissions(clinicTenantId, labTenantId),
      );
-      await logAudit({
+      void logAudit({
        tenantId: ctx.tenantId,
        userId: ctx.user.id,
        action: "create",
@@ -141,7 +141,7 @@ export async function requestConnectionAction(
        changes: { clinicTenantId, labTenantId, status: "pending" },
      });
      const counterpartId = counterpart.tenantId;
-      await createNotification({
+      void createNotification({
        tenantId: counterpartId,
        connectionId: created.$id,
        message: `${ctx.settings?.companyName ?? "Bir hesap"} bağlantı talebi gönderdi.`,
@@ -217,7 +217,7 @@ export async function approveConnectionAction(
      approvedAt: new Date().toISOString(),
      rejectedAt: null,
    });
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "update",
@@ -227,7 +227,7 @@ export async function approveConnectionAction(
    });
    const requesterTenant =
      conn.clinicTenantId === ctx.tenantId ? conn.labTenantId : conn.clinicTenantId;
-    await createNotification({
+    void createNotification({
      tenantId: requesterTenant,
      connectionId,
      message: `${ctx.settings?.companyName ?? "Karşı taraf"} bağlantı talebinizi onayladı.`,
@@ -270,7 +270,7 @@ export async function rejectConnectionAction(
      status: "rejected",
      rejectedAt: new Date().toISOString(),
    });
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "update",
@@ -313,7 +313,7 @@ export async function cancelConnectionAction(
  try {
    const { tablesDB } = createAdminClient();
    await tablesDB.deleteRow(DATABASE_ID, TABLES.connections, connectionId);
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "delete",
@@ -350,7 +350,7 @@ export async function deleteConnectionAction(
  try {
    const { tablesDB } = createAdminClient();
    await tablesDB.deleteRow(DATABASE_ID, TABLES.connections, connectionId);
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "delete",
@@ -55,7 +55,7 @@ export async function markFinancePaidAction(
    await tablesDB.updateRow(DATABASE_ID, TABLES.financeEntries, id, {
      status: "paid",
    });
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "update",
@@ -95,7 +95,7 @@ export async function reopenFinanceAction(
    await tablesDB.updateRow(DATABASE_ID, TABLES.financeEntries, id, {
      status: "pending",
    });
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "update",
@@ -201,7 +201,7 @@ export async function createJobAction(
      },
      jobPermissions(ctx.tenantId, parsed.data.labTenantId),
    );
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "create",
@@ -209,7 +209,7 @@ export async function createJobAction(
      entityId: created.$id,
      changes: { labTenantId: parsed.data.labTenantId, patientCode },
    });
-    await createNotification({
+    void createNotification({
      tenantId: parsed.data.labTenantId,
      jobId: created.$id,
      message: `${ctx.settings?.companyName ?? "Bir klinik"} yeni iş yayınladı (${patientCode}).`,
@@ -302,7 +302,7 @@ export async function acceptJobAction(
      currentStep: "olcu",
    });
    await appendJobHistory({ job, step: "olcu", completedBy: ctx.user.id });
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "update",
@@ -310,7 +310,7 @@ export async function acceptJobAction(
      entityId: jobId,
      changes: { status: "in_progress", currentStep: "olcu" },
    });
-    await createNotification({
+    void createNotification({
      tenantId: job.clinicTenantId,
      jobId,
      message: `${ctx.settings?.companyName ?? "Lab"} hasta ${job.patientCode} işini işleme aldı.`,
@@ -361,7 +361,7 @@ export async function advanceStepAction(
      await tablesDB.updateRow(DATABASE_ID, TABLES.jobs, jobId, {
        status: "sent",
      });
-      await logAudit({
+      void logAudit({
        tenantId: ctx.tenantId,
        userId: ctx.user.id,
        action: "update",
@@ -380,7 +380,7 @@ export async function advanceStepAction(
        completedBy: ctx.user.id,
        note,
      });
-      await logAudit({
+      void logAudit({
        tenantId: ctx.tenantId,
        userId: ctx.user.id,
        action: "update",
@@ -401,8 +401,8 @@ export async function advanceStepAction(
      completedBy: ctx.user.id,
      note,
    });
-    await syncFinanceForJob({ ...job, status: "sent" });
-    await createNotification({
+    void syncFinanceForJob({ ...job, status: "sent" });
+    void createNotification({
      tenantId: job.clinicTenantId,
      jobId,
      message: `Hasta ${job.patientCode} işi gönderildi. Teslim alındığında onaylayın.`,
@@ -445,7 +445,7 @@ export async function markDeliveredAction(
    await tablesDB.updateRow(DATABASE_ID, TABLES.jobs, jobId, {
      status: "delivered",
    });
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "update",
@@ -453,8 +453,8 @@ export async function markDeliveredAction(
      entityId: jobId,
      changes: { status: "delivered" },
    });
-    await syncFinanceForJob({ ...job, status: "delivered" });
-    await createNotification({
+    void syncFinanceForJob({ ...job, status: "delivered" });
+    void createNotification({
      tenantId: job.labTenantId,
      jobId,
      message: `Hasta ${job.patientCode} işi teslim alındı.`,
@@ -502,7 +502,7 @@ export async function cancelJobAction(
    await tablesDB.updateRow(DATABASE_ID, TABLES.jobs, jobId, {
      status: "cancelled",
    });
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "update",
@@ -138,7 +138,7 @@ export async function uploadJobFilesAction(
      createdRowIds.push(row.$id);
    }

-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "create",
@@ -206,7 +206,7 @@ export async function deleteJobFileAction(
      // File may already be gone; row is the source of truth.
    }

-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "delete",
@@ -2,12 +2,12 @@ import "server-only";

 import { Query } from "node-appwrite";

-import { BUCKETS, DATABASE_ID, TABLES, type JobFile } from "./schema";
+import { DATABASE_ID, TABLES, type JobFile } from "./schema";
 import { createAdminClient } from "./server";
 import { toPlain } from "./serialize";
-import { getFileViewUrl } from "./storage";

 export type JobFileWithUrl = JobFile & {
+  /** Server-side download proxy. Browser → our app → admin SDK → bucket. */
  url: string;
 };

@@ -26,7 +26,7 @@ export async function listJobFiles(jobId: string): Promise<JobFileWithUrl[]> {
  return toPlain(
    rows.map((r) => ({
      ...r,
-      url: getFileViewUrl(BUCKETS.jobFiles, r.fileId),
+      url: `/api/jobs/${jobId}/files/${r.$id}/download`,
    })),
  );
 }
@@ -87,7 +87,7 @@ export async function uploadLogoAction(
      }
    }

-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "update",
@@ -151,7 +151,7 @@ export async function removeLogoAction(): Promise<LogoActionState> {
      /* file already gone, fine */
    }

-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "delete",
@@ -137,7 +137,7 @@ export async function createPatientAction(
      },
      patientPermissions(ctx.tenantId),
    );
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "create",
@@ -191,7 +191,7 @@ export async function updatePatientAction(
      lastName: parsed.data.lastName,
      notes: parsed.data.notes,
    });
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "update",
@@ -236,7 +236,7 @@ export async function archivePatientAction(
    await tablesDB.updateRow(DATABASE_ID, TABLES.patients, id, {
      archived: !row.archived,
    });
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "update",
@@ -28,7 +28,7 @@ async function audit(action: "update", entityType: string, changes: Record<strin
    const session = await createSessionClient();
    const user = await session.account.get();
    const tenantId = (await getActiveTenantId()) ?? "global";
-    await logAudit({
+    void logAudit({
      tenantId,
      userId: user.$id,
      action,
@@ -81,7 +81,7 @@ export async function createProstheticAction(
      },
      prostheticPermissions(ctx.tenantId),
    );
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "create",
@@ -134,7 +134,7 @@ export async function updateProstheticAction(
      unitPrice: parsed.data.unitPrice,
      currency: parsed.data.currency,
    });
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "update",
@@ -179,7 +179,7 @@ export async function archiveProstheticAction(
    await tablesDB.updateRow(DATABASE_ID, TABLES.prosthetics, id, {
      archived: !row.archived,
    });
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "update",
@@ -222,7 +222,7 @@ export async function deleteProstheticAction(
      return { ok: false, error: "Bu ürünü silme yetkiniz yok." };
    }
    await tablesDB.deleteRow(DATABASE_ID, TABLES.prosthetics, id);
-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "delete",
@@ -139,7 +139,7 @@ export async function inviteMemberAction(
      ],
    );

-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "create",
@@ -182,7 +182,7 @@ export async function cancelInviteAction(
      status: "cancelled",
    });

-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "update",
@@ -228,7 +228,7 @@ export async function removeMemberAction(

    await teams.deleteMembership(ctx.tenantId, membershipId);

-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "delete",
@@ -280,7 +280,7 @@ export async function leaveWorkspaceAction(): Promise<MemberActionState> {

    await admin.teams.deleteMembership(ctx.tenantId, me.$id);

-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "delete",
@@ -334,7 +334,7 @@ export async function updateMemberRoleAction(
    const { teams } = createAdminClient();
    await teams.updateMembership(ctx.tenantId, membershipId, [role]);

-    await logAudit({
+    void logAudit({
      tenantId: ctx.tenantId,
      userId: ctx.user.id,
      action: "update",
@@ -456,7 +456,7 @@ export async function acceptInviteAction(code: string): Promise<MemberActionStat
      acceptedBy: user.$id,
    });

-    await logAudit({
+    void logAudit({
      tenantId: invite.tenantId,
      userId: user.$id,
      action: "create",
@@ -65,7 +65,7 @@ export async function updateWorkspaceSettingsAction(

    if (row) {
      await tablesDB.updateRow(DATABASE_ID, TABLES.tenantSettings, row.$id, parsed.data);
-      await logAudit({
+      void logAudit({
        tenantId: ctx.tenantId,
        userId: ctx.user.id,
        action: "update",
@@ -86,7 +86,7 @@ export async function updateWorkspaceSettingsAction(
          Permission.delete(Role.team(ctx.tenantId, "owner")),
        ],
      );
-      await logAudit({
+      void logAudit({
        tenantId: ctx.tenantId,
        userId: ctx.user.id,
        action: "create",