UniqueSoft/cash-report-system
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
3fed754570
cash-report-system/backend/routes/auth.js
Angie 3fed754570 feat: added endpoint for single report
2025-08-01 03:33:06 +02:00

160 lines
4.9 KiB
JavaScript
Raw Blame History

const express = require("express");
const bcrypt = require("bcrypt");
const jwt = require("jsonwebtoken");
const { body, validationResult } = require("express-validator");
const { db } = require("../database/init");
const verifyToken = require("../middleware/auth");
const router = express.Router();
const JWT_SECRET = process.env.JWT_SECRET || "your-secret-key";
// Login endpoint
// LOGIN endpoint with today's reports for non-admin
router.post(
"/login",
[
body("username")
.trim()
.isLength({ min: 1 })
.withMessage("Username required"),
body("password").isLength({ min: 1 }).withMessage("Password required"),
],
async (req, res) => {
try {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
const { username, password } = req.body;
db.get(
"SELECT * FROM users WHERE username = ?",
[username],
async (err, user) => {
if (err) return res.status(500).json({ error: "Database error" });
if (!user)
return res.status(401).json({ error: "Invalid credentials" });
const validPassword = await bcrypt.compare(password, user.password);
if (!validPassword)
return res.status(401).json({ error: "Invalid credentials" });
const token = jwt.sign(
{ userId: user.id, username: user.username, role: user.role },
JWT_SECRET,
{ expiresIn: "24h" }
);
if (user.role === "admin") {
db.all(
"SELECT id, name, address FROM stores",
[],
(err, stores) => {
if (err)
return res.status(500).json({ error: "Database error" });
res.json({
token,
user: {
id: user.id,
username: user.username,
fullName: user.fullName,
role: user.role,
stores: stores,
},
});
}
);
} else {
db.all(
`SELECT stores.id, stores.name, stores.address
FROM stores
JOIN user_store_access ON stores.id = user_store_access.storeId
WHERE user_store_access.userId = ?`,
[user.id],
(err, stores) => {
if (err)
return res.status(500).json({ error: "Database error" });
// === Add: Fetch today's reports for this user ===
const today = new Date().toISOString().split("T")[0];
db.all(
`SELECT * FROM reports WHERE userId = ? AND reportDate = ?`,
[user.id, today],
(err, todaysReports) => {
if (err)
return res.status(500).json({ error: "Database error" });
res.json({
token,
user: {
id: user.id,
username: user.username,
fullName: user.fullName,
role: user.role,
stores: stores,
},
todaysReports: todaysReports || [],
});
}
);
}
);
}
}
);
} catch (error) {
console.error("Login error:", error);
res.status(500).json({ error: "Server error" });
}
}
);
module.exports = router;
router.get("/me", verifyToken, (req, res) => {
db.get(
"SELECT id, username, fullName, role FROM users WHERE id = ?",
[req.user.userId],
(err, user) => {
if (err) {
return res.status(500).json({ error: "Database error" });
}
if (!user) {
return res.status(404).json({ error: "User not found" });
}
user.fullName = user.fullName || "";
// For admin, return all stores
if (user.role === "admin") {
db.all("SELECT id, name, address FROM stores", [], (err, stores) => {
if (err) {
return res.status(500).json({ error: "Database error" });
}
user.stores = stores;
res.json({ user });
});
} else {
// For employees, only assigned stores
db.all(
`SELECT stores.id, stores.name, stores.address
FROM stores
JOIN user_store_access ON stores.id = user_store_access.storeId
WHERE user_store_access.userId = ?`,
[user.id],
(err, stores) => {
if (err) {
return res.status(500).json({ error: "Database error" });
}
user.stores = stores;
res.json({ user });
}
);
}
}
);
});
module.exports = router;
Reference in New Issue View Git Blame Copy Permalink