feat(invitations): reenviar invitaciones pendientes desde admin

Backend:
- client-invitations.service.ts: funcion resendInvitation() que
  genera nuevo token, actualiza expiresAt y reenvia el email.
- Controller + routes: POST /invitations/client/:id/resend

Frontend:
- API client + hook useResendInvitation con invalidacion de cache.
- Pagina /admin/invitar-cliente: boton 'Reenviar' por cada
  invitacion pendiente en la tabla.

Refs: docs/CAMBIOS-2026-05-09.md

apps/api/src/controllers/client-invitations.controller.ts

@@ -68,6 +68,24 @@ export async function registerFromInvitation(req: Request, res: Response, next:
   }
 }
 
+export async function resendInvitation(req: Request, res: Response, next: NextFunction) {
+  try {
+    const isAdmin = await hasAnyPlatformRole(req.user!.userId, 'platform_admin');
+    if (!isAdmin) {
+      return res.status(403).json({ message: 'No autorizado' });
+    }
+
+    const id = String(req.params.id);
+    const result = await clientInvitationService.resendInvitation(
+      id,
+      (req.user as any)?.nombre || 'Horux Despachos'
+    );
+    res.json(result);
+  } catch (error: any) {
+    res.status(400).json({ message: error.message });
+  }
+}
+
 export async function listInvitations(req: Request, res: Response, next: NextFunction) {
   try {
     const isAdmin = await hasAnyPlatformRole(req.user!.userId, 'platform_admin');

apps/api/src/routes/client-invitations.routes.ts

@@ -8,8 +8,9 @@ const router: Router = Router();
 router.get('/validate/:token', controller.validateToken);
 router.post('/register/:token', controller.registerFromInvitation);
 
-// Protegido: admin global crea y lista invitaciones
+// Protegido: admin global crea, reenvia y lista invitaciones
 router.post('/', authenticate, controller.createInvitation);
+router.post('/:id/resend', authenticate, controller.resendInvitation);
 router.get('/', authenticate, controller.listInvitations);
 
 export default router;

apps/api/src/services/client-invitations.service.ts

@@ -207,6 +207,46 @@ export async function registerFromInvitation(
   };
 }
 
+export async function resendInvitation(invitationId: string, invitedByName: string) {
+  const invitation = await prisma.clientInvitation.findUnique({
+    where: { id: invitationId },
+  });
+  if (!invitation) {
+    throw new Error('Invitación no encontrada');
+  }
+  if (invitation.status !== 'pending') {
+    throw new Error('Solo se pueden reenviar invitaciones pendientes');
+  }
+
+  const newToken = crypto.randomBytes(32).toString('hex');
+  const newExpiresAt = new Date(Date.now() + INVITATION_EXPIRY_DAYS * 24 * 60 * 60 * 1000);
+
+  await prisma.clientInvitation.update({
+    where: { id: invitationId },
+    data: {
+      token: newToken,
+      expiresAt: newExpiresAt,
+      sentAt: new Date(),
+    },
+  });
+
+  const baseUrl = process.env.WEB_URL || 'https://horuxfin.com';
+  const registerUrl = `${baseUrl}/invitacion/registro/${newToken}`;
+
+  await emailService.sendClientInvitation(invitation.email, {
+    invitedByName,
+    registerUrl,
+    expiresAt: newExpiresAt.toLocaleDateString('es-MX', {
+      day: 'numeric',
+      month: 'long',
+      year: 'numeric',
+    }),
+    nombreDespacho: invitation.nombreDespacho,
+  });
+
+  return { message: 'Invitación reenviada' };
+}
+
 export async function listInvitations() {
   return prisma.clientInvitation.findMany({
     orderBy: { createdAt: 'desc' },