diff --git a/backend/routes/auth.js b/backend/routes/auth.js index 1a64699..f34976e 100644 --- a/backend/routes/auth.js +++ b/backend/routes/auth.js @@ -9,6 +9,7 @@ const router = express.Router(); const JWT_SECRET = process.env.JWT_SECRET || "your-secret-key"; // Login endpoint +// LOGIN endpoint with today's reports for non-admin router.post( "/login", [ @@ -31,18 +32,14 @@ router.post( "SELECT * FROM users WHERE username = ?", [username], async (err, user) => { - if (err) { - return res.status(500).json({ error: "Database error" }); - } + if (err) return res.status(500).json({ error: "Database error" }); - if (!user) { + if (!user) return res.status(401).json({ error: "Invalid credentials" }); - } const validPassword = await bcrypt.compare(password, user.password); - if (!validPassword) { + if (!validPassword) return res.status(401).json({ error: "Invalid credentials" }); - } const token = jwt.sign( { userId: user.id, username: user.username, role: user.role }, @@ -50,15 +47,13 @@ router.post( { expiresIn: "24h" } ); - // === Return all stores for admin, only assigned for employee/manager === if (user.role === "admin") { db.all( "SELECT id, name, address FROM stores", [], (err, stores) => { - if (err) { + if (err) return res.status(500).json({ error: "Database error" }); - } res.json({ token, user: { @@ -74,28 +69,39 @@ router.post( } else { db.all( `SELECT stores.id, stores.name, stores.address - FROM stores - JOIN user_store_access ON stores.id = user_store_access.storeId - WHERE user_store_access.userId = ?`, + FROM stores + JOIN user_store_access ON stores.id = user_store_access.storeId + WHERE user_store_access.userId = ?`, [user.id], (err, stores) => { - if (err) { + if (err) return res.status(500).json({ error: "Database error" }); - } - res.json({ - token, - user: { - id: user.id, - username: user.username, - fullName: user.fullName, - role: user.role, - stores: stores, - }, - }); + + // === Add: Fetch today's reports for this user === + const today = new Date().toISOString().split("T")[0]; + db.all( + `SELECT * FROM reports WHERE userId = ? AND reportDate = ?`, + [user.id, today], + (err, todaysReports) => { + if (err) + return res.status(500).json({ error: "Database error" }); + + res.json({ + token, + user: { + id: user.id, + username: user.username, + fullName: user.fullName, + role: user.role, + stores: stores, + }, + todaysReports: todaysReports || [], + }); + } + ); } ); } - // === } ); } catch (error) { @@ -105,6 +111,8 @@ router.post( } ); +module.exports = router; + router.get("/me", verifyToken, (req, res) => { db.get( "SELECT id, username, fullName, role FROM users WHERE id = ?", diff --git a/backend/routes/reports.js b/backend/routes/reports.js index c1c1ad3..2fab946 100644 --- a/backend/routes/reports.js +++ b/backend/routes/reports.js @@ -130,6 +130,26 @@ router.get( } ); +// GET /api/reports/:id - get single report by ID +router.get("/:id", verifyToken, [param("id").isInt()], (req, res) => { + const reportId = req.params.id; + db.get( + ` + SELECT reports.*, stores.name AS storeName, users.username AS username, users.fullName AS fullName + FROM reports + JOIN stores ON reports.storeId = stores.id + JOIN users ON reports.userId = users.id + WHERE reports.id = ? + `, + [reportId], + (err, report) => { + if (err) return res.status(500).json({ error: "Database error" }); + if (!report) return res.status(404).json({ error: "Report not found" }); + res.json({ report }); + } + ); +}); + // PUT /api/reports/:id - update a report router.put( "/:id",