feat(api): add access request notification email functionality (#1910)

Marfuen · tofikwest · web-flow · commit 8d2a81127c52 · 2025-12-11T19:15:02.000-05:00
Co-authored-by: Tofik Hasanov &lt;annexcies@gmail.com&gt;
diff --git a/apps/api/src/email/templates/access-request-notification.tsx b/apps/api/src/email/templates/access-request-notification.tsx
@@ -0,0 +1,147 @@
+import {
+  Body,
+  Button,
+  Container,
+  Font,
+  Heading,
+  Html,
+  Preview,
+  Section,
+  Tailwind,
+  Text,
+} from '@react-email/components';
+import { Footer } from '../components/footer';
+import { Logo } from '../components/logo';
+
+interface Props {
+  organizationName: string;
+  requesterName: string;
+  requesterEmail: string;
+  requesterCompany?: string | null;
+  requesterJobTitle?: string | null;
+  purpose?: string | null;
+  requestedDurationDays?: number | null;
+  reviewUrl: string;
+}
+
+export const AccessRequestNotificationEmail = ({
+  organizationName,
+  requesterName,
+  requesterEmail,
+  requesterCompany,
+  requesterJobTitle,
+  purpose,
+  requestedDurationDays,
+  reviewUrl,
+}: Props) => {
+  return (
+    <Html>
+      <Tailwind>
+        <head>
+          <Font
+            fontFamily="Geist"
+            fallbackFontFamily="Helvetica"
+            fontWeight={400}
+            fontStyle="normal"
+          />
+          <Font
+            fontFamily="Geist"
+            fallbackFontFamily="Helvetica"
+            fontWeight={500}
+            fontStyle="normal"
+          />
+        </head>
+        <Preview>New Trust Portal Access Request from {requesterName}</Preview>
+
+        <Body className="mx-auto my-auto bg-[#fff] font-sans">
+          <Container
+            className="mx-auto my-[40px] max-w-[600px] border-transparent p-[20px] md:border-[#E8E7E1]"
+            style={{ borderStyle: 'solid', borderWidth: 1 }}
+          >
+            <Logo />
+            <Heading className="mx-0 my-[30px] p-0 text-center text-[24px] font-normal text-[#121212]">
+              New Access Request
+            </Heading>
+
+            <Text className="text-[14px] leading-[24px] text-[#121212]">
+              A new request to access <strong>{organizationName}</strong>'s
+              trust portal has been submitted and is awaiting your review.
+            </Text>
+
+            <Section
+              className="mt-[20px] mb-[20px] rounded-[3px] p-[15px]"
+              style={{ backgroundColor: '#f8f9fa' }}
+            >
+              <Text className="m-0 mb-[10px] text-[14px] font-semibold text-[#121212]">
+                Requester Details
+              </Text>
+              <Text className="m-0 text-[14px] leading-[20px] text-[#121212]">
+                <strong>Name:</strong> {requesterName}
+                <br />
+                <strong>Email:</strong> {requesterEmail}
+                {requesterCompany && (
+                  <>
+                    <br />
+                    <strong>Company:</strong> {requesterCompany}
+                  </>
+                )}
+                {requesterJobTitle && (
+                  <>
+                    <br />
+                    <strong>Job Title:</strong> {requesterJobTitle}
+                  </>
+                )}
+              </Text>
+            </Section>
+
+            {purpose && (
+              <Section className="mb-[20px]">
+                <Text className="m-0 mb-[8px] text-[14px] font-semibold text-[#121212]">
+                  Purpose
+                </Text>
+                <Text className="m-0 text-[14px] leading-[20px] text-[#121212]">
+                  {purpose}
+                </Text>
+              </Section>
+            )}
+
+            {requestedDurationDays && (
+              <Text className="text-[14px] leading-[24px] text-[#121212]">
+                <strong>Requested Access Duration:</strong>{' '}
+                {requestedDurationDays} days
+              </Text>
+            )}
+
+            <Section className="mt-[32px] mb-[32px] text-center">
+              <Button
+                className="rounded-[3px] bg-[#121212] px-[20px] py-[12px] text-center text-[14px] font-semibold text-white no-underline"
+                href={reviewUrl}
+              >
+                Review Request
+              </Button>
+            </Section>
+
+            <Section
+              className="mt-[30px] mb-[20px] rounded-[3px] border-l-4 p-[15px]"
+              style={{ backgroundColor: '#fff4e6', borderColor: '#f59e0b' }}
+            >
+              <Text className="m-0 text-[14px] leading-[24px] text-[#121212]">
+                <strong>Action Required</strong>
+                <br />
+                Please review this request and either approve or deny access.
+                Approved requests will require the requester to sign an NDA
+                before accessing your trust portal.
+              </Text>
+            </Section>
+
+            <br />
+
+            <Footer />
+          </Container>
+        </Body>
+      </Tailwind>
+    </Html>
+  );
+};
+
+export default AccessRequestNotificationEmail;
diff --git a/apps/api/src/trust-portal/email.service.ts b/apps/api/src/trust-portal/email.service.ts
@@ -3,6 +3,7 @@ import { sendEmail } from '../email/resend';
 import { AccessGrantedEmail } from '../email/templates/access-granted';
 import { AccessReclaimEmail } from '../email/templates/access-reclaim';
 import { NdaSigningEmail } from '../email/templates/nda-signing';
+import { AccessRequestNotificationEmail } from '../email/templates/access-request-notification';
 
 @Injectable()
 export class TrustEmailService {
@@ -77,4 +78,48 @@ export class TrustEmailService {
 
     this.logger.log(`Access reclaim email sent to ${toEmail} (ID: ${id})`);
   }
+
+  async sendAccessRequestNotification(params: {
+    toEmail: string;
+    organizationName: string;
+    requesterName: string;
+    requesterEmail: string;
+    requesterCompany?: string | null;
+    requesterJobTitle?: string | null;
+    purpose?: string | null;
+    requestedDurationDays?: number | null;
+    reviewUrl: string;
+  }): Promise<void> {
+    const {
+      toEmail,
+      organizationName,
+      requesterName,
+      requesterEmail,
+      requesterCompany,
+      requesterJobTitle,
+      purpose,
+      requestedDurationDays,
+      reviewUrl,
+    } = params;
+
+    const { id } = await sendEmail({
+      to: toEmail,
+      subject: `New Trust Portal Access Request - ${organizationName}`,
+      react: AccessRequestNotificationEmail({
+        organizationName,
+        requesterName,
+        requesterEmail,
+        requesterCompany,
+        requesterJobTitle,
+        purpose,
+        requestedDurationDays,
+        reviewUrl,
+      }),
+      system: true,
+    });
+
+    this.logger.log(
+      `Access request notification sent to ${toEmail} for requester ${requesterEmail} (ID: ${id})`,
+    );
+  }
 }
diff --git a/apps/api/src/trust-portal/trust-access.service.ts b/apps/api/src/trust-portal/trust-access.service.ts
@@ -151,13 +151,90 @@ export class TrustAccessService {
       },
     });
 
+    // Send notification email to organization
+    await this.sendAccessRequestNotificationToOrg(
+      trust.organizationId,
+      request.id,
+      trust.organization.name,
+      dto,
+    );
+
     return {
       id: request.id,
       status: request.status,
       message: 'Access request submitted for review',
     };
   }
 
+  private async sendAccessRequestNotificationToOrg(
+    organizationId: string,
+    requestId: string,
+    organizationName: string,
+    dto: CreateAccessRequestDto,
+  ) {
+    // Get contact email from Trust or fallback to owner/admin emails
+    const trust = await db.trust.findUnique({
+      where: { organizationId },
+      select: { contactEmail: true },
+    });
+
+    let notificationEmails: string[] = [];
+
+    // Use contactEmail if available
+    if (trust?.contactEmail) {
+      notificationEmails.push(trust.contactEmail);
+    } else {
+      // Fallback: Get owner and admin emails
+      const members = await db.member.findMany({
+        where: {
+          organizationId,
+        },
+        include: {
+          user: {
+            select: {
+              email: true,
+            },
+          },
+        },
+      });
+
+      // Filter for members with owner or admin role (handles comma-separated roles)
+      const ownerAdminMembers = members.filter((m) => {
+        const role = m.role.toLowerCase();
+        return role.includes('owner') || role.includes('admin');
+      });
+
+      notificationEmails = ownerAdminMembers
+        .map((m) => m.user.email)
+        .filter((email): email is string => !!email);
+    }
+
+    // If no notification emails found, skip sending
+    if (notificationEmails.length === 0) {
+      return;
+    }
+
+    // Construct review URL
+    const reviewUrl = `${process.env.BETTER_AUTH_URL}/${organizationId}/trust`;
+
+    // Send notification to all recipients
+    const emailPromises = notificationEmails.map((email) =>
+      this.emailService.sendAccessRequestNotification({
+        toEmail: email,
+        organizationName,
+        requesterName: dto.name,
+        requesterEmail: dto.email,
+        requesterCompany: dto.company,
+        requesterJobTitle: dto.jobTitle,
+        purpose: dto.purpose,
+        requestedDurationDays: dto.requestedDurationDays,
+        reviewUrl,
+      }),
+    );
+
+    await Promise.allSettled(emailPromises);
+  }
+
   async listAccessRequests(organizationId: string, dto: ListAccessRequestsDto) {
     const where = {
       organizationId,
