feat: Implement custom domain verification and PAC configuration in settings

Author: agrufino-g

src/app/actions/companies.ts

@@ -10,6 +10,8 @@ import { profileFormSchema, type ProfileFormValues } from "@/lib/schemas";
 import { getRateLimiter } from "@/lib/rate-limiter";
 import { verifyUserRequest } from "@/lib/auth-server";
 import { checkUserPermission } from "@/lib/permissions";
+import { hashData } from "@/lib/encryption";
+import dns from "dns/promises";
 
 export const getCompanyProfile = async (userId: string, idToken: string) => {
   if (!db) {
@@ -36,6 +38,83 @@ export const getCompanyProfile = async (userId: string, idToken: string) => {
   }
 };
 
+function normalizeDomain(domain: string): string | null {
+  try {
+    const trimmed = domain.trim();
+    if (!trimmed) return null;
+    const urlString = /^https?:\/\//i.test(trimmed) ? trimmed : `https://${trimmed}`;
+    const url = new URL(urlString);
+    return url.origin;
+  } catch {
+    return null;
+  }
+}
+
+export const getDomainVerificationInfo = async (userId: string, idToken: string, domainOverride?: string) => {
+  if (!db) {
+    return { success: false, message: "Error de configuración: La conexión con la base de datos no está disponible." };
+  }
+  try {
+    if (!userId) {
+      return { success: false, message: "Usuario no autenticado." };
+    }
+    const verifiedUserId = await verifyUserRequest(userId, idToken);
+    const [company] = await db.select().from(companies).where(eq(companies.userId, verifiedUserId));
+    const domainToUse = domainOverride || company?.customDomain;
+    const normalized = domainToUse ? normalizeDomain(domainToUse) : null;
+    if (!normalized) {
+      return { success: false, message: "Ingresa y guarda un dominio válido antes de verificar." };
+    }
+
+    const url = new URL(normalized);
+    const host = url.hostname;
+    const token = hashData(`${verifiedUserId}:${host}`).slice(0, 32);
+    const recordName = `_origon-verify.${host}`;
+
+    return { success: true, data: { host, token, recordName } };
+  } catch (error) {
+    console.error("Error obteniendo info de dominio:", error);
+    return { success: false, message: "No se pudo generar la instrucción de verificación." };
+  }
+};
+
+export const verifyCustomDomain = async (userId: string, idToken: string) => {
+  if (!db) {
+    return { success: false, message: "Error de configuración: La conexión con la base de datos no está disponible." };
+  }
+  try {
+    if (!userId) {
+      return { success: false, message: "Usuario no autenticado." };
+    }
+    const verifiedUserId = await verifyUserRequest(userId, idToken);
+    const [company] = await db.select().from(companies).where(eq(companies.userId, verifiedUserId));
+    if (!company || !company.customDomain) {
+      return { success: false, message: "No hay dominio personalizado configurado." };
+    }
+
+    const url = new URL(company.customDomain);
+    const host = url.hostname;
+    const token = hashData(`${verifiedUserId}:${host}`).slice(0, 32);
+    const recordName = `_origon-verify.${host}`;
+
+    try {
+      const txtRecords = await dns.resolveTxt(recordName);
+      const flat = txtRecords.flat().map(v => v.trim());
+      if (flat.includes(token)) {
+        return { success: true, message: "Dominio verificado correctamente." };
+      }
+      return { success: false, message: "No se encontró el token en el TXT. Verifica que el registro esté propagado." };
+    } catch (error) {
+      console.error("DNS lookup error:", error);
+      return { success: false, message: "No se pudo resolver el TXT. Verifica el registro DNS y espera la propagación." };
+    }
+  } catch (error) {
+    console.error("Error verificando dominio:", error);
+    const message = error instanceof Error ? error.message : "Error desconocido.";
+    return { success: false, message };
+  }
+};
+
 export const saveCompanyProfile = async (formData: ProfileFormValues, userId: string, idToken: string) => {
   const ratelimit = getRateLimiter();
   const { success: rateLimitSuccess } = await ratelimit.limit(userId);

src/app/actions/invoices.ts

@@ -288,7 +288,7 @@ export const stampInvoice = async (invoiceId: number, userId: string, idToken: s
             unsignedXmlString = await _generateXmlString(invoiceData);
         }
 
-        const pacResult = await stampWithFacturaLoPlus(unsignedXmlString);
+        const pacResult = await stampWithFacturaLoPlus(unsignedXmlString, invoiceData.company);
 
         if (!pacResult.success) {
             return { success: false, message: pacResult.message };

src/app/actions/payments.ts

@@ -272,7 +272,7 @@ export const stampPayment = async (paymentId: number, userId: string, idToken: s
 
     // Timbrar con el PAC
     const { stampWithFacturaLoPlus } = await import('@/lib/pac');
-    const pacResult = await stampWithFacturaLoPlus(paymentXml);
+    const pacResult = await stampWithFacturaLoPlus(paymentXml, company);
 
     if (!pacResult.success) {
       return { success: false, message: pacResult.message };

src/app/dashboard/settings/page.tsx

@@ -30,6 +30,7 @@ import { Badge } from "@/components/ui/badge";
 import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "@/components/ui/table";
 import { Dialog, DialogContent, DialogDescription, DialogFooter, DialogHeader, DialogTitle } from "@/components/ui/dialog";
 import { SkeletonImage } from "@/components/ui/skeleton-image";
+import { Switch } from "@/components/ui/switch";
 import {
   AlertDialog,
   AlertDialogAction,
@@ -69,6 +70,8 @@ export default function SettingsPage() {
     defaultValues: {
       companyName: "", rfc: "", street: "", exteriorNumber: "", interiorNumber: "", state: "", municipality: "", neighborhood: "", zip: "", phone: "", phone2: "", fax: "", city: "", web: "", contadorEmail: "",
       taxRegime: "", commercialMessage: "", logoUrl: "", defaultEmailMessage: "", templateCfdi33: "costine-33", templateCfdi40: "costine-40", templateRep: "costine-rep",
+      customDomain: "",
+      pacProvider: "", pacEnvironment: "test", pacUsername: "", pacPassword: "", pacApiKey: "", pacApiUrl: "", pacWebhookUrl: "", pacIsActive: false,
     },
   });
 
@@ -131,9 +134,81 @@ export default function SettingsPage() {
         setLoading(false);
       }
     });
-    return () => unsubscribe();
+      return () => unsubscribe();
   }, [fetchProfile]);
 
+  const [verifyingDomain, setVerifyingDomain] = useState(false);
+  const [domainRecord, setDomainRecord] = useState<{ host: string; token: string; recordName: string } | null>(null);
+  const [domainError, setDomainError] = useState<string | null>(null);
+  const [domainInfoLoaded, setDomainInfoLoaded] = useState(false);
+  const domainValue = profileForm.watch('customDomain');
+
+  const handleShowDomainDns = async (domainOverride?: string) => {
+    if (!user) {
+      toast({ title: "Error", description: "Debes iniciar sesión.", variant: "destructive" });
+      return;
+    }
+    const rawDomain = domainOverride ?? profileForm.getValues('customDomain');
+    if (!rawDomain) {
+      setDomainError("Primero ingresa y guarda un dominio.");
+      return;
+    }
+    try {
+      setVerifyingDomain(true);
+      const { getUserAuth } = await import('@/lib/auth-client');
+      const { uid, token } = await getUserAuth(user);
+      const { getDomainVerificationInfo } = await import('@/app/actions/companies');
+      const res = await getDomainVerificationInfo(uid, token, rawDomain);
+      if (res.success && res.data) {
+        setDomainRecord(res.data as any);
+        setDomainError(null);
+      } else {
+        toast({ title: "No disponible", description: res.message || "Configura un dominio primero.", variant: "destructive" });
+        setDomainError(res.message || "Configura un dominio primero.");
+      }
+    } catch (error) {
+      toast({ title: "Error", description: "No se pudo obtener la instrucción DNS.", variant: "destructive" });
+      setDomainError("No se pudo obtener la instrucción DNS.");
+    } finally {
+      setVerifyingDomain(false);
+    }
+  };
+
+  const handleVerifyDomain = async () => {
+    if (!user) {
+      toast({ title: "Error", description: "Debes iniciar sesión.", variant: "destructive" });
+      return;
+    }
+    try {
+      setVerifyingDomain(true);
+      const { getUserAuth } = await import('@/lib/auth-client');
+      const { uid, token } = await getUserAuth(user);
+      const { verifyCustomDomain, getDomainVerificationInfo } = await import('@/app/actions/companies');
+      const verify = await verifyCustomDomain(uid, token);
+      if (verify.success) {
+        toast({ title: "Dominio verificado", description: "El registro TXT fue encontrado." });
+        setDomainError(null);
+      } else {
+        toast({ title: "No verificado", description: verify.message || "No se encontró el TXT. Espera la propagación y reintenta.", variant: "destructive" });
+        setDomainError(verify.message || "No se encontró el TXT. Espera la propagación y reintenta.");
+      }
+      const info = await getDomainVerificationInfo(uid, token, domainValue);
+      if (info.success && info.data) setDomainRecord(info.data as any);
+    } catch (error) {
+      toast({ title: "Error", description: "No se pudo verificar el dominio.", variant: "destructive" });
+      setDomainError("No se pudo verificar el dominio.");
+    } finally {
+      setVerifyingDomain(false);
+    }
+  };
+
+  useEffect(() => {
+    if (domainValue && !domainInfoLoaded && !loading) {
+      setDomainInfoLoaded(true);
+      handleShowDomainDns(domainValue);
+    }
+  }, [domainValue, domainInfoLoaded, loading]);
+
   async function onProfileSubmit(data: ProfileFormValues) {
     if (!user) {
       toast({ title: "Error", description: "Debes iniciar sesión para guardar los cambios.", variant: "destructive" });
@@ -338,16 +413,6 @@ export default function SettingsPage() {
                                 </FormItem>
                             )} />
                             <FormField control={profileForm.control} name="defaultEmailMessage" render={({ field }) => ( <FormItem><FormLabel>Mensaje predefinido para envio</FormLabel><FormControl><Textarea rows={4} {...field} value={field.value ?? ''}/></FormControl><FormMessage /></FormItem> )} />
-                            <FormField control={profileForm.control} name="customDomain" render={({ field }) => (
-                                <FormItem className="md:col-span-2">
-                                    <FormLabel>Dominio Personalizado para Links Públicos</FormLabel>
-                                    <FormControl><Input placeholder="https://tuempresa.com" {...field} value={field.value ?? ''} /></FormControl>
-                                    <p className="text-xs text-muted-foreground">
-                                      Configura tu dominio personalizado para que los links de solicitudes de clientes usen tu marca (ej: https://tuempresa.com/solicitud/abc123)
-                                    </p>
-                                    <FormMessage />
-                                </FormItem>
-                            )} />
                         </div>
                         <Separator/>
                         <div className="space-y-8">
@@ -394,6 +459,153 @@ export default function SettingsPage() {
                 </AccordionContent>
               </AccordionItem>
 
+              <AccordionItem value="pac">
+                <AccordionTrigger className="text-lg font-semibold bg-muted px-4 rounded-t-lg data-[state=closed]:rounded-b-lg">
+                  PAC / Timbrado
+                </AccordionTrigger>
+                <AccordionContent className="p-4 border border-t-0 rounded-b-lg space-y-6">
+                  <div className="text-sm text-muted-foreground">
+                    Define las credenciales de tu PAC para timbrar con tu propia cuenta. Se guardan por empresa y se usan al momento de timbrar facturas y pagos.
+                  </div>
+                  <div className="grid md:grid-cols-2 gap-4">
+                    <FormField control={profileForm.control} name="pacProvider" render={({ field }) => (
+                      <FormItem>
+                        <FormLabel>Proveedor</FormLabel>
+                        <FormControl><Input placeholder="Ej. FacturaLoPlus, Finkok, SW Sapien" {...field} value={field.value ?? ''} /></FormControl>
+                        <FormMessage />
+                      </FormItem>
+                    )} />
+                    <FormField control={profileForm.control} name="pacEnvironment" render={({ field }) => (
+                      <FormItem>
+                        <FormLabel>Ambiente</FormLabel>
+                        <Select onValueChange={field.onChange} value={field.value ?? 'test'}>
+                          <FormControl><SelectTrigger><SelectValue placeholder="Selecciona ambiente" /></SelectTrigger></FormControl>
+                          <SelectContent>
+                            <SelectItem value="test">Pruebas</SelectItem>
+                            <SelectItem value="production">Producción</SelectItem>
+                          </SelectContent>
+                        </Select>
+                        <FormMessage />
+                      </FormItem>
+                    )} />
+                    <FormField control={profileForm.control} name="pacUsername" render={({ field }) => (
+                      <FormItem>
+                        <FormLabel>Usuario</FormLabel>
+                        <FormControl><Input placeholder="Usuario del PAC" {...field} value={field.value ?? ''} /></FormControl>
+                        <FormMessage />
+                      </FormItem>
+                    )} />
+                    <FormField control={profileForm.control} name="pacPassword" render={({ field }) => (
+                      <FormItem>
+                        <FormLabel>Contraseña</FormLabel>
+                        <FormControl><Input type="password" placeholder="Contraseña/Token secreto" {...field} value={field.value ?? ''} /></FormControl>
+                        <FormMessage />
+                      </FormItem>
+                    )} />
+                    <FormField control={profileForm.control} name="pacApiKey" render={({ field }) => (
+                      <FormItem>
+                        <FormLabel>API Key</FormLabel>
+                        <FormControl><Input placeholder="API Key si aplica" {...field} value={field.value ?? ''} /></FormControl>
+                        <FormMessage />
+                      </FormItem>
+                    )} />
+                    <FormField control={profileForm.control} name="pacApiUrl" render={({ field }) => (
+                      <FormItem>
+                        <FormLabel>URL del API</FormLabel>
+                        <FormControl><Input placeholder="https://api.tu-pac.com/timbrar" {...field} value={field.value ?? ''} /></FormControl>
+                        <FormMessage />
+                      </FormItem>
+                    )} />
+                    <FormField control={profileForm.control} name="pacWebhookUrl" render={({ field }) => (
+                      <FormItem>
+                        <FormLabel>Webhook (opcional)</FormLabel>
+                        <FormControl><Input placeholder="URL para notificaciones del PAC" {...field} value={field.value ?? ''} /></FormControl>
+                        <FormMessage />
+                      </FormItem>
+                    )} />
+                    <FormField control={profileForm.control} name="pacIsActive" render={({ field }) => (
+                      <FormItem className="flex items-center justify-between rounded-lg border p-3">
+                        <div className="space-y-0.5">
+                          <FormLabel>Usar este PAC</FormLabel>
+                          <p className="text-xs text-muted-foreground">Activa para timbrar con estas credenciales.</p>
+                        </div>
+                        <FormControl>
+                          <Switch checked={field.value ?? false} onCheckedChange={field.onChange} />
+                        </FormControl>
+                      </FormItem>
+                    )} />
+                  </div>
+                </AccordionContent>
+              </AccordionItem>
+
+              <AccordionItem value="custom-domain">
+                <AccordionTrigger className="text-lg font-semibold bg-muted px-4 rounded-t-lg data-[state=closed]:rounded-b-lg">
+                  Dominio Personalizado (requiere verificación DNS)
+                </AccordionTrigger>
+                <AccordionContent className="p-4 border border-t-0 rounded-b-lg space-y-4">
+                  <p className="text-sm text-muted-foreground">
+                    Usa un dominio tuempresa.com para los links públicos. Debes apuntar un CNAME/A y verificarlo antes de usarlo; no aceptamos dominios no verificados (ej: google.com).
+                  </p>
+                  <div className="rounded-lg border bg-muted/40 p-3 text-sm">
+                    <div className="text-muted-foreground">Dominio actual:</div>
+                    <div className="font-mono">{profileForm.watch('customDomain') || 'No configurado'}</div>
+                  </div>
+                  {domainRecord && (
+                    <div className="rounded-lg border bg-muted/40 p-3 text-sm space-y-1">
+                      <div className="font-semibold">Registro TXT a crear</div>
+                      <div><span className="text-muted-foreground">Nombre:</span> <span className="font-mono">{domainRecord.recordName}</span></div>
+                      <div><span className="text-muted-foreground">Valor:</span> <span className="font-mono break-all">{domainRecord.token}</span></div>
+                      <div className="text-xs text-muted-foreground">Coloca este TXT en tu DNS y espera propagación.</div>
+                    </div>
+                  )}
+                  <FormField control={profileForm.control} name="customDomain" render={({ field }) => (
+                    <FormItem>
+                      <FormLabel>Dominio</FormLabel>
+                      <FormControl>
+                        <Input
+                          placeholder="facturas.tuempresa.com"
+                          {...field}
+                          value={field.value ?? ''}
+                          className="max-w-xl"
+                        />
+                      </FormControl>
+                      <p className="text-xs text-muted-foreground">
+                        Puedes escribir solo el dominio; agregamos https:// automáticamente. Configura primero el registro DNS y luego guarda para iniciar verificación.
+                      </p>
+                      {domainError && (
+                        <p className="text-xs text-destructive">{domainError}</p>
+                      )}
+                      <FormMessage />
+                    </FormItem>
+                  )} />
+                  <div className="flex flex-wrap gap-3">
+                    <Button
+                      type="button"
+                      variant="outline"
+                      size="sm"
+                      onClick={() => handleShowDomainDns()}
+                      disabled={verifyingDomain || !domainValue}
+                    >
+                      Obtener registro TXT
+                    </Button>
+                    <Button
+                      type="button"
+                      size="sm"
+                      onClick={handleVerifyDomain}
+                      disabled={verifyingDomain || !domainValue}
+                    >
+                      Verificar dominio
+                    </Button>
+                  </div>
+                  <Alert variant="default" className="text-sm">
+                    <AlertTitle>Verificación pendiente</AlertTitle>
+                    <AlertDescription>
+                      Crea el TXT mostrado, espera propagación y luego presiona "Verificar dominio".
+                    </AlertDescription>
+                  </Alert>
+                </AccordionContent>
+              </AccordionItem>
+
               <AccordionItem value="sso">
                 <AccordionTrigger className="text-lg font-semibold bg-muted px-4 rounded-t-lg data-[state=closed]:rounded-b-lg">Inicio de Sesión Único (SSO)</AccordionTrigger>
                 <AccordionContent className="p-4 border border-t-0 rounded-b-lg">