CognxSafeTrack
feat: implement whatsapp templates management with security hardening, audit logs, and crm integration
0f2f80a | # Implementation Plan: WhatsApp Templates Management & Security Hardening | |
| This document outlines the technical implementation for the WhatsApp Message Templates management interface and the prerequisite security hardening of the administrative routes. | |
| ## 1. Objectives | |
| - **Security First**: Fix tenant isolation vulnerabilities in administrative routes. | |
| - **Meta Compliance**: Provide a UI to Sync and **Create** templates to justify `whatsapp_business_management` permission. | |
| - **Global Readiness**: Ensure 100% i18n coverage (EN/FR) for the Meta App Review screencast. | |
| ## 2. Step 0: Security Hardening (Prerequisite) | |
| Audit findings revealed that `apps/api/src/routes/admin.ts` lacks tenant isolation in several GET/POST handlers. | |
| - **Action**: Update all queries to include `where: { organizationId: request.organizationId }`. | |
| - **Affected Endpoints**: `/stats`, `/users`, `/enrollments`, `/live-feed`. | |
| ## 3. Backend Architecture (API) | |
| ### 3.1 Service Layer (`apps/api/src/services/whatsapp.ts`) | |
| - **`fetchMetaTemplates`**: Fetches existing templates from Meta. | |
| - **`createMetaTemplate`**: New method to submit a template for approval. | |
| ```typescript | |
| async createMetaTemplate(config: { accessToken: string; wabaId: string }, template: any) { | |
| const url = `${this.baseUrl}/${config.wabaId}/message_templates`; | |
| return axios.post(url, template, { | |
| headers: { 'Authorization': `Bearer ${config.accessToken}` } | |
| }); | |
| } | |
| ``` | |
| ### 3.2 API Routes (`apps/api/src/routes/whatsapp.ts`) | |
| - `GET /v1/whatsapp/templates`: Lists and syncs templates. | |
| - `POST /v1/whatsapp/templates`: Accepts `name`, `language`, `category`, and `components` to create a new template on Meta. | |
| --- | |
| ## 4. Frontend Architecture (Admin) | |
| ### 4.1 Templates Page (`TemplatesPage.tsx`) | |
| - **i18n Implementation**: Mandatory use of `useTranslation()` for all labels. | |
| - **Template Creation Form**: | |
| - Fields: Name (uppercase/underscores), Category (MARKETING/UTILITY), Language, Body Text. | |
| - Submit: Triggers the Meta approval workflow. | |
| - **Sync Logic**: Integration with React Query `invalidateQueries` to refresh the table after creation or manual sync. | |
| ### 4.2 Translation Keys (`en.json`) | |
| Add keys for: | |
| - `whatsapp.templates.title` | |
| - `whatsapp.templates.sync_button` | |
| - `whatsapp.templates.create_button` | |
| - `whatsapp.templates.status_approved` | |
| - etc. | |
| --- | |
| ## 5. Implementation Steps | |
| 1. **Phase 1: Security**: Patch `admin.ts` routes. | |
| 2. **Phase 2: Backend**: Extend `WhatsAppService` and add Template routes. | |
| 3. **Phase 3: Frontend**: Build `TemplatesPage.tsx` with creation form and full i18n. | |
| 4. **Phase 4: Validation**: Verify the flow with a real Meta Business account for the screencast. | |