feat(finance): Phase 52 — Customer Portal with token-based access

https://claude.ai/code/session_01RdUGwo74JXChRCF88Yu27d

Author: claude

erp/app/Modules/Finance/Http/Controllers/CustomerPortalController.php

@@ -0,0 +1,125 @@
+<?php
+
+namespace App\Modules\Finance\Http\Controllers;
+
+use App\Http\Controllers\Controller;
+use App\Modules\Finance\Models\Contact;
+use App\Modules\Finance\Models\CustomerPortalToken;
+use App\Modules\Finance\Models\Invoice;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Inertia\Inertia;
+use Inertia\Response;
+
+class CustomerPortalController extends Controller
+{
+    /**
+     * Admin action: generate a portal token for a contact.
+     * Requires authenticated user with finance.create permission.
+     */
+    public function generateToken(Request $request, Contact $contact): RedirectResponse
+    {
+        $this->authorize('create', Invoice::class);
+
+        $validated = $request->validate([
+            'email'        => ['required', 'email'],
+            'expires_days' => ['nullable', 'integer', 'min:1', 'max:365'],
+        ]);
+
+        $days = $validated['expires_days'] ?? 30;
+
+        $token = CustomerPortalToken::generate(
+            $contact->tenant_id,
+            $contact->id,
+            $validated['email'],
+            (int) $days,
+        );
+
+        return redirect()->back()->with('portal_url', route('portal.show', $token->token));
+    }
+
+    /**
+     * Public portal: show the customer's invoices.
+     */
+    public function show(string $token): Response
+    {
+        $portalToken = CustomerPortalToken::where('token', $token)->firstOrFail();
+
+        if ($portalToken->is_expired) {
+            abort(403, 'This portal link has expired.');
+        }
+
+        $portalToken->update(['last_accessed_at' => now()]);
+
+        $contact = $portalToken->contact()->with([
+            'invoices' => function ($query) {
+                $query->whereIn('status', ['sent', 'partial', 'paid'])
+                      ->latest('issue_date')
+                      ->limit(20);
+            },
+        ])->firstOrFail();
+
+        return Inertia::render('Portal/Show', [
+            'token'   => $token,
+            'contact' => [
+                'id'   => $contact->id,
+                'name' => $contact->name,
+            ],
+            'invoices' => $contact->invoices->map(fn (Invoice $inv) => [
+                'id'         => $inv->id,
+                'number'     => $inv->number,
+                'issue_date' => $inv->issue_date?->toDateString(),
+                'due_date'   => $inv->due_date?->toDateString(),
+                'status'     => $inv->status,
+                'total'      => $inv->total,
+                'amount_due' => $inv->amount_due,
+            ]),
+        ]);
+    }
+
+    /**
+     * Public portal: show a specific invoice detail.
+     */
+    public function invoice(string $token, int $invoiceId): Response
+    {
+        $portalToken = CustomerPortalToken::where('token', $token)->firstOrFail();
+
+        if ($portalToken->is_expired) {
+            abort(403, 'This portal link has expired.');
+        }
+
+        $invoice = Invoice::with('items')->findOrFail($invoiceId);
+
+        if ($invoice->contact_id !== $portalToken->contact_id) {
+            abort(403, 'Access denied.');
+        }
+
+        return Inertia::render('Portal/Invoice', [
+            'token'   => $token,
+            'invoice' => [
+                'id'         => $invoice->id,
+                'number'     => $invoice->number,
+                'issue_date' => $invoice->issue_date?->toDateString(),
+                'due_date'   => $invoice->due_date?->toDateString(),
+                'status'     => $invoice->status,
+                'notes'      => $invoice->notes,
+                'subtotal'   => $invoice->subtotal,
+                'tax_total'  => $invoice->tax_total,
+                'total'      => $invoice->total,
+                'amount_due' => $invoice->amount_due,
+                'items'      => $invoice->items->map(fn ($item) => [
+                    'id'          => $item->id,
+                    'description' => $item->description,
+                    'quantity'    => $item->quantity,
+                    'unit_price'  => $item->unit_price,
+                    'tax_rate'    => $item->tax_rate,
+                    'line_total'  => $item->line_total,
+                ]),
+            ],
+            'contact' => [
+                'id'   => $portalToken->contact->id,
+                'name' => $portalToken->contact->name,
+            ],
+        ]);
+    }
+}

erp/app/Modules/Finance/Models/CustomerPortalToken.php

@@ -0,0 +1,54 @@
+<?php
+
+namespace App\Modules\Finance\Models;
+
+use App\Modules\Core\Traits\BelongsToTenant;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
+use Illuminate\Support\Str;
+
+class CustomerPortalToken extends Model
+{
+    use BelongsToTenant;
+
+    protected $fillable = [
+        'tenant_id',
+        'contact_id',
+        'token',
+        'email',
+        'expires_at',
+        'last_accessed_at',
+    ];
+
+    protected $casts = [
+        'expires_at'       => 'datetime',
+        'last_accessed_at' => 'datetime',
+    ];
+
+    public function contact(): BelongsTo
+    {
+        return $this->belongsTo(Contact::class);
+    }
+
+    public function getIsExpiredAttribute(): bool
+    {
+        if ($this->expires_at === null) {
+            return false;
+        }
+
+        return $this->expires_at->isPast();
+    }
+
+    public static function generate(int $tenantId, int $contactId, string $email, int $days = 30): self
+    {
+        $token = bin2hex(random_bytes(32)); // 64-char hex string
+
+        return static::create([
+            'tenant_id'  => $tenantId,
+            'contact_id' => $contactId,
+            'token'      => $token,
+            'email'      => $email,
+            'expires_at' => now()->addDays($days),
+        ]);
+    }
+}

erp/app/Modules/Finance/routes/finance.php

@@ -184,5 +184,7 @@
     Route::post('vendors/{contact}/evaluations',       [VendorEvaluationController::class, 'store'])->name('vendors.evaluations.store');
     Route::delete('vendors/{contact}/evaluations/{evaluation}', [VendorEvaluationController::class, 'destroy'])->name('vendors.evaluations.destroy');
 
+    // Customer Portal Token (admin generates token for a contact)
+    Route::post('contacts/{contact}/portal-token', [\App\Modules\Finance\Http\Controllers\CustomerPortalController::class, 'generateToken'])->name('contacts.portal-token');
 
 });

erp/database/migrations/2026_06_12_100001_create_customer_portal_tokens_table.php

@@ -0,0 +1,29 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    public function up(): void
+    {
+        Schema::create('customer_portal_tokens', function (Blueprint $table) {
+            $table->id();
+            $table->unsignedBigInteger('tenant_id');
+            $table->foreignId('contact_id')->constrained('contacts')->cascadeOnDelete();
+            $table->string('token', 64)->unique();
+            $table->string('email');
+            $table->timestamp('expires_at')->nullable();
+            $table->timestamp('last_accessed_at')->nullable();
+            $table->timestamps();
+
+            $table->index('tenant_id');
+        });
+    }
+
+    public function down(): void
+    {
+        Schema::dropIfExists('customer_portal_tokens');
+    }
+};

erp/resources/js/Pages/Portal/Invoice.tsx

@@ -0,0 +1,154 @@
+import { Head, Link } from '@inertiajs/react';
+
+interface InvoiceItem {
+    id: number;
+    description: string;
+    quantity: number;
+    unit_price: number;
+    tax_rate: number;
+    line_total?: number;
+}
+
+interface InvoiceDetail {
+    id: number;
+    number?: string;
+    issue_date: string;
+    due_date?: string | null;
+    status: string;
+    notes?: string | null;
+    subtotal?: number;
+    tax_total?: number;
+    total?: number;
+    amount_due?: number;
+    items: InvoiceItem[];
+}
+
+interface Contact {
+    id: number;
+    name: string;
+}
+
+interface Props {
+    token: string;
+    invoice: InvoiceDetail;
+    contact: Contact;
+}
+
+const STATUS_COLORS: Record<string, string> = {
+    sent:      'bg-blue-100 text-blue-800',
+    partial:   'bg-yellow-100 text-yellow-800',
+    paid:      'bg-green-100 text-green-800',
+    cancelled: 'bg-red-100 text-red-800',
+    draft:     'bg-gray-100 text-gray-800',
+};
+
+function fmt(n?: number | null): string {
+    if (n === undefined || n === null) return '—';
+    return new Intl.NumberFormat(undefined, { minimumFractionDigits: 2, maximumFractionDigits: 2 }).format(n);
+}
+
+export default function PortalInvoice({ token, invoice, contact }: Props) {
+    const invLabel = invoice.number ?? `INV-${invoice.id}`;
+
+    return (
+        <>
+            <Head title={`Invoice ${invLabel} — Customer Portal`} />
+
+            <div className="min-h-screen bg-gray-50">
+                {/* Nav bar */}
+                <nav className="bg-white border-b border-gray-200 shadow-sm">
+                    <div className="max-w-5xl mx-auto px-4 sm:px-6 lg:px-8 h-16 flex items-center justify-between">
+                        <span className="text-lg font-semibold text-gray-800">Customer Portal</span>
+                        <span className="text-sm text-gray-500">{contact.name}</span>
+                    </div>
+                </nav>
+
+                <main className="max-w-5xl mx-auto px-4 sm:px-6 lg:px-8 py-10">
+                    {/* Back link */}
+                    <Link
+                        href={`/portal/${token}`}
+                        className="inline-flex items-center text-sm text-indigo-600 hover:text-indigo-800 hover:underline mb-6"
+                    >
+                        &larr; Back to portal
+                    </Link>
+
+                    <div className="bg-white shadow rounded-lg p-6 sm:p-8">
+                        {/* Invoice header */}
+                        <div className="flex flex-col sm:flex-row sm:justify-between sm:items-start gap-4 mb-8">
+                            <div>
+                                <h1 className="text-2xl font-bold text-gray-900">{invLabel}</h1>
+                                <div className="mt-2 space-y-1 text-sm text-gray-600">
+                                    <div><span className="font-medium">Issue Date:</span> {invoice.issue_date}</div>
+                                    {invoice.due_date && (
+                                        <div><span className="font-medium">Due Date:</span> {invoice.due_date}</div>
+                                    )}
+                                </div>
+                            </div>
+                            <div className="flex items-start">
+                                <span className={`inline-flex px-3 py-1 rounded-full text-sm font-semibold ${STATUS_COLORS[invoice.status] ?? 'bg-gray-100 text-gray-700'}`}>
+                                    {invoice.status.charAt(0).toUpperCase() + invoice.status.slice(1)}
+                                </span>
+                            </div>
+                        </div>
+
+                        {/* Line items */}
+                        <div className="mb-8">
+                            <table className="min-w-full divide-y divide-gray-200">
+                                <thead className="bg-gray-50">
+                                    <tr>
+                                        <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Description</th>
+                                        <th className="px-4 py-3 text-right text-xs font-medium text-gray-500 uppercase tracking-wider">Qty</th>
+                                        <th className="px-4 py-3 text-right text-xs font-medium text-gray-500 uppercase tracking-wider">Unit Price</th>
+                                        <th className="px-4 py-3 text-right text-xs font-medium text-gray-500 uppercase tracking-wider">Tax %</th>
+                                        <th className="px-4 py-3 text-right text-xs font-medium text-gray-500 uppercase tracking-wider">Total</th>
+                                    </tr>
+                                </thead>
+                                <tbody className="bg-white divide-y divide-gray-200">
+                                    {invoice.items.map((item) => (
+                                        <tr key={item.id}>
+                                            <td className="px-4 py-3 text-sm text-gray-900">{item.description}</td>
+                                            <td className="px-4 py-3 text-sm text-gray-700 text-right">{item.quantity}</td>
+                                            <td className="px-4 py-3 text-sm text-gray-700 text-right">{fmt(item.unit_price)}</td>
+                                            <td className="px-4 py-3 text-sm text-gray-700 text-right">{item.tax_rate}%</td>
+                                            <td className="px-4 py-3 text-sm text-gray-900 text-right font-medium">{fmt(item.line_total)}</td>
+                                        </tr>
+                                    ))}
+                                </tbody>
+                            </table>
+                        </div>
+
+                        {/* Totals */}
+                        <div className="flex justify-end">
+                            <div className="w-64 space-y-2 text-sm">
+                                <div className="flex justify-between text-gray-600">
+                                    <span>Subtotal</span>
+                                    <span>{fmt(invoice.subtotal)}</span>
+                                </div>
+                                <div className="flex justify-between text-gray-600">
+                                    <span>Tax</span>
+                                    <span>{fmt(invoice.tax_total)}</span>
+                                </div>
+                                <div className="flex justify-between font-bold text-gray-900 border-t border-gray-200 pt-2">
+                                    <span>Total</span>
+                                    <span>{fmt(invoice.total)}</span>
+                                </div>
+                                <div className="flex justify-between text-indigo-700 font-semibold">
+                                    <span>Amount Due</span>
+                                    <span>{fmt(invoice.amount_due)}</span>
+                                </div>
+                            </div>
+                        </div>
+
+                        {/* Notes */}
+                        {invoice.notes && (
+                            <div className="mt-8 pt-6 border-t border-gray-200">
+                                <h3 className="text-sm font-medium text-gray-700 mb-1">Notes</h3>
+                                <p className="text-sm text-gray-600 whitespace-pre-line">{invoice.notes}</p>
+                            </div>
+                        )}
+                    </div>
+                </main>
+            </div>
+        </>
+    );
+}