Visoth
/
Backend-POS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
3.5 MiB
Tag: Branch: Tree: e804cd1da6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e804cd1da6'
${ noResults }
Backend-POS/Controller/Authentication.js

233 lines
7.3 KiB
Raw Normal View History Unescape

First init
9 months ago
const express = require("express");
const asyncHandler = require("../Middleware/async");
const jwt = require("jsonwebtoken")
const User = require("../Model/User");
const AppModel = require("../Model/AppModel");
const ErrorResponse = require("../utils/errorResponse");
const dbInfo = require("../Model/Database")
const DataModel = require("../Model/BC_Data")
// Login User
exports.login = asyncHandler(async (req, res, next) => {
const { username, password, DB_CODE, APP_CODE = 'MBN', CUST_CODE } = req.body
console.log("USERNAME ", username)
console.log("PASSWORD ", password)
console.log("DB CODE ", DB_CODE)
try {
if (!username || !password || !DB_CODE) {
throw "Not enough information"
}
// static admin case
if (username.toLowerCase() == process.env.ADMIN_USERNAME) {
if (password != process.env.ADMIN_PASS) {
throw "Invalid username or password"
}
const token = jwt.sign({
id: 1,
dbCode: DB_CODE,
appCode: APP_CODE,
custCode: CUST_CODE
}, process.env.JWT_SECRET, {
expiresIn: process.env.JWT_EXPIRE
})
if (!token) {
throw "Something when wrong"
}
return res.status(200).send({
success: "true",
token: token,
userid: 1,
typeof: "SELLER",
typeid: "ADMIN",
dbcode: "DB_CODE",
firstName: "ADMIN",
lastName: "BC",
warehouse: "1-LOC-OFFICE",
address: "Tonaire Digital",
map: '11.58371006791093,104.89721512933093'
})
}
// verify from Database
var user = await User.findOne({
where: {
USER_NAME: username
}
});
console.log("USER ", user)
if (!user) {
throw "Invalid username or password"
}
const validPass = await user.matchPassword(password)
console.log("IS VALID PASS", validPass)
if (validPass == false) {
throw "Invalid Password. Try Again"
}
// check whether user authorize to use the app or not
var app = await AppModel.findOne({
where: {
APP_CODE: process.env.APP_CODE,
USER_ID: user.USER_ID
},
order: [['USER_ID']],
})
console.log("APP ", app)
if (!app) {
throw "You're not allowed to use this app"
}
// CHECK USER TYPE
console.log("USER TYPE ", user.USER_TYPE)
if (user.USER_TYPE == "C") {
token = await user.getSignedJwtToken(
DB_CODE,
APP_CODE,
customer.ADD_CODE
)
} else {
token = await user.getSignedJwtToken(
DB_CODE,
APP_CODE,
CUST_CODE,
)
}
// var customer;
// if (user.USER_TYPE == "C") {
// customer = await Customer.findOne({
// attributes: {
// exclude: ['PICTURE'],
// },
// where: {
// ADD_CODE: user.FIELD_0
// },
// include: [
// {
// attributes: {
// exclude: ["IMAGE"],
// },
// model: Market,
// },
// {
// model: CustomerAnalysis
// },
// ],
// })
// }
if (!token) {
throw "Something Went Wrong"
}
return res.status(200).send({
message: "Login Successful",
app: app,
token: token
})
} catch (error) {
next(new ErrorResponse(error, 400));
}
})
exports.checkUsername = asyncHandler(async (req, res, next) => {
const { username, APP_CODE } = req.query;
console.log("USERNAME ", username)
try {
if (!username) {
return res.status(400).send({
message: "Invalid Username"
})
}
var user = await User.findOne({
where: {
USER_NAME: username
}
});
console.log("USER ", user)
if (user) {
console.log("USER IS APPROVE ", user.APPROVED)
if (user.APPROVED == 0) {
return next(new ErrorResponse("Username is not yet approved", 403))
}
if (user.USER_STATUS == "0") {
return next(new ErrorResponse("Username is disabled", 403))
}
console.log("FINSIH CHECKING USER STATUS")
user = JSON.parse(JSON.stringify(user))
delete user.USER_PASS //remove password from user object when return to client
// chech whether user authorize to use the app or not
const isAllowed = await AppModel.findAll({
where: {
APP_CODE: APP_CODE,
USER_ID: user.USER_ID
},
// we need to specify this order because in APP_MODEL we don't have primary key
// in default sequelize will order by primary key so it will turn into error
order: [['DB_CODE']]
})
console.log("IS ALLOWED ", isAllowed)
if (isAllowed.length == 0) {
return next(new ErrorResponse("User is not allowed to use this app", 403))
} else {
// In this Block we want to return the USER Presets To Client
// Note : Presets is not a column in User Table
user.PRESETS = {}
// GET Database Name from DB_INFO by using DB_CODE from APP_MODEL
await Promise.all(isAllowed.map(async (app) => {
const { DB_NAME } = await dbInfo.findOne({
where: {
DB_CODE: app.DB_CODE
},
raw: true
})
console.log("DB NAME ", DB_NAME)
const DBName = app.DB_CODE + ' - ' + DB_NAME
if (!user.PRESETS[DBName]) {
user.PRESETS[DBName] = []
}
console.log("APP PRESET ", app.PRESET)
console.log("USER TYPE ", user.USER_TYPE)
// check user type
if (user.USER_TYPE == "S" || user.USER_TYPE == "C") {
var userPresets = await DataModel.findAll({
where: {
DATA_CODE: app.PRESET,
},
order: [["DATA_DESC"]]
})
user.PRESETS[DBName].push(userPresets)
}
}))
res.status(200).send(
JSON.stringify(user)
)
}
} else {
return next(new ErrorResponse("Username is not available", 404))
}
} catch (e) {
throw new ErrorResponse(e, 400)
}
})