Require SMS number for manual sales

API_DOCUMENTATION.md

@@ -1103,6 +1103,7 @@ Plan selection is mandatory. The backend copies the selected plan's real price,
 **Validation:**
 - `device_id` required
 - `plan_id` required
+- `customer_phone` required so the generated token can be sent by SMS
 - selected plan must belong to the selected device
 - selected plan must belong to the authenticated tenant
 - selected plan must be active

src/routes/manualSales.routes.js

@@ -71,12 +71,16 @@ router.get('/', async (req, res) => {
 // POST /api/manual-sales
 router.post('/', async (req, res) => {
   const { device_id, plan_id, customer_phone = null, notes = null } = req.body;
+  const cleanCustomerPhone = typeof customer_phone === 'string' ? customer_phone.trim() : '';
 
   if (!device_id || !plan_id) {
     return res.status(400).json({ error: 'device_id and plan_id are required' });
   }
-  if (customer_phone !== null && typeof customer_phone !== 'string') {
-    return res.status(400).json({ error: 'customer_phone must be a string or null' });
+  if (typeof customer_phone !== 'string' || !cleanCustomerPhone) {
+    return res.status(400).json({ error: 'customer_phone is required so the token can be sent by SMS' });
+  }
+  if (cleanCustomerPhone.replace(/\D/g, '').length < 9) {
+    return res.status(400).json({ error: 'customer_phone must be a valid phone number' });
   }
   if (notes !== null && typeof notes !== 'string') {
     return res.status(400).json({ error: 'notes must be a string or null' });
@@ -172,7 +176,7 @@ router.post('/', async (req, res) => {
         req.client.id,
         device.id,
         plan.id,
-        customer_phone?.trim() || null,
+        cleanCustomerPhone,
         'other',
         req.client.id,
         notes?.trim() || null,
@@ -195,16 +199,12 @@ router.post('/', async (req, res) => {
 
     await connection.commit();
 
-    const cleanCustomerPhone = customer_phone?.trim() || null;
-    let smsSent = false;
-    if (cleanCustomerPhone) {
-      const duration = formatDuration(plan.duration_seconds);
-      const expiryPreview = formatTzExpiryPreview(plan.duration_seconds);
-      smsSent = Boolean(await sms.sendSMS(
-        cleanCustomerPhone,
-        messages.manualWifiCode(code, plan.name, duration, device.name, expiryPreview)
-      ).catch(() => false));
-    }
+    const duration = formatDuration(plan.duration_seconds);
+    const expiryPreview = formatTzExpiryPreview(plan.duration_seconds);
+    const smsSent = Boolean(await sms.sendSMS(
+      cleanCustomerPhone,
+      messages.manualWifiCode(code, plan.name, duration, device.name, expiryPreview)
+    ).catch(() => false));
 
     res.status(201).json({
       payment_id: paymentResult.insertId,
@@ -223,8 +223,10 @@ router.post('/', async (req, res) => {
       duration_seconds: plan.duration_seconds,
       notes: notes?.trim() || null,
       sms_sent: smsSent,
-      expires_at_preview: formatTzExpiryPreview(plan.duration_seconds),
-      message: 'Token generated successfully',
+      expires_at_preview: expiryPreview,
+      message: smsSent
+        ? 'Token generated and SMS sent successfully'
+        : 'Token generated, but SMS failed to send',
     });
   } catch (err) {
     await connection.rollback();