You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
233 lines
7.3 KiB
233 lines
7.3 KiB
const express = require("express"); |
|
const asyncHandler = require("../Middleware/async"); |
|
const jwt = require("jsonwebtoken") |
|
const User = require("../Model/User"); |
|
const AppModel = require("../Model/AppModel"); |
|
const ErrorResponse = require("../utils/errorResponse"); |
|
const dbInfo = require("../Model/Database") |
|
const DataModel = require("../Model/BC_Data") |
|
|
|
// Login User |
|
exports.login = asyncHandler(async (req, res, next) => { |
|
const { username, password, DB_CODE, APP_CODE = 'MBN', CUST_CODE } = req.body |
|
console.log("USERNAME ", username) |
|
console.log("PASSWORD ", password) |
|
console.log("DB CODE ", DB_CODE) |
|
try { |
|
if (!username || !password || !DB_CODE) { |
|
throw "Not enough information" |
|
} |
|
// static admin case |
|
if (username.toLowerCase() == process.env.ADMIN_USERNAME) { |
|
if (password != process.env.ADMIN_PASS) { |
|
throw "Invalid username or password" |
|
} |
|
|
|
const token = jwt.sign({ |
|
id: 1, |
|
dbCode: DB_CODE, |
|
appCode: APP_CODE, |
|
custCode: CUST_CODE |
|
}, process.env.JWT_SECRET, { |
|
expiresIn: process.env.JWT_EXPIRE |
|
}) |
|
|
|
if (!token) { |
|
throw "Something when wrong" |
|
} |
|
|
|
return res.status(200).send({ |
|
success: "true", |
|
token: token, |
|
userid: 1, |
|
typeof: "SELLER", |
|
typeid: "ADMIN", |
|
dbcode: "DB_CODE", |
|
firstName: "ADMIN", |
|
lastName: "BC", |
|
warehouse: "1-LOC-OFFICE", |
|
address: "Tonaire Digital", |
|
map: '11.58371006791093,104.89721512933093' |
|
}) |
|
|
|
|
|
} |
|
// verify from Database |
|
var user = await User.findOne({ |
|
where: { |
|
USER_NAME: username |
|
} |
|
}); |
|
console.log("USER ", user) |
|
if (!user) { |
|
throw "Invalid username or password" |
|
} |
|
|
|
|
|
const validPass = await user.matchPassword(password) |
|
console.log("IS VALID PASS", validPass) |
|
if (validPass == false) { |
|
throw "Invalid Password. Try Again" |
|
} |
|
|
|
// check whether user authorize to use the app or not |
|
var app = await AppModel.findOne({ |
|
where: { |
|
APP_CODE: process.env.APP_CODE, |
|
USER_ID: user.USER_ID |
|
}, |
|
order: [['USER_ID']], |
|
}) |
|
console.log("APP ", app) |
|
|
|
if (!app) { |
|
throw "You're not allowed to use this app" |
|
} |
|
// CHECK USER TYPE |
|
console.log("USER TYPE ", user.USER_TYPE) |
|
if (user.USER_TYPE == "C") { |
|
token = await user.getSignedJwtToken( |
|
DB_CODE, |
|
APP_CODE, |
|
customer.ADD_CODE |
|
) |
|
} else { |
|
token = await user.getSignedJwtToken( |
|
DB_CODE, |
|
APP_CODE, |
|
CUST_CODE, |
|
) |
|
} |
|
|
|
// var customer; |
|
// if (user.USER_TYPE == "C") { |
|
// customer = await Customer.findOne({ |
|
// attributes: { |
|
// exclude: ['PICTURE'], |
|
// }, |
|
// where: { |
|
// ADD_CODE: user.FIELD_0 |
|
// }, |
|
// include: [ |
|
// { |
|
// attributes: { |
|
// exclude: ["IMAGE"], |
|
// }, |
|
// model: Market, |
|
// }, |
|
// { |
|
// model: CustomerAnalysis |
|
// }, |
|
// ], |
|
// }) |
|
|
|
// } |
|
|
|
if (!token) { |
|
throw "Something Went Wrong" |
|
} |
|
|
|
return res.status(200).send({ |
|
message: "Login Successful", |
|
app: app, |
|
token: token |
|
}) |
|
} catch (error) { |
|
next(new ErrorResponse(error, 400)); |
|
} |
|
}) |
|
|
|
exports.checkUsername = asyncHandler(async (req, res, next) => { |
|
const { username, APP_CODE } = req.query; |
|
console.log("USERNAME ", username) |
|
try { |
|
if (!username) { |
|
return res.status(400).send({ |
|
message: "Invalid Username" |
|
}) |
|
} |
|
var user = await User.findOne({ |
|
where: { |
|
USER_NAME: username |
|
} |
|
}); |
|
console.log("USER ", user) |
|
if (user) { |
|
console.log("USER IS APPROVE ", user.APPROVED) |
|
if (user.APPROVED == 0) { |
|
return next(new ErrorResponse("Username is not yet approved", 403)) |
|
} |
|
|
|
if (user.USER_STATUS == "0") { |
|
return next(new ErrorResponse("Username is disabled", 403)) |
|
} |
|
console.log("FINSIH CHECKING USER STATUS") |
|
user = JSON.parse(JSON.stringify(user)) |
|
delete user.USER_PASS //remove password from user object when return to client |
|
|
|
// chech whether user authorize to use the app or not |
|
const isAllowed = await AppModel.findAll({ |
|
where: { |
|
APP_CODE: APP_CODE, |
|
USER_ID: user.USER_ID |
|
}, |
|
// we need to specify this order because in APP_MODEL we don't have primary key |
|
// in default sequelize will order by primary key so it will turn into error |
|
order: [['DB_CODE']] |
|
}) |
|
|
|
console.log("IS ALLOWED ", isAllowed) |
|
|
|
if (isAllowed.length == 0) { |
|
return next(new ErrorResponse("User is not allowed to use this app", 403)) |
|
} else { |
|
// In this Block we want to return the USER Presets To Client |
|
// Note : Presets is not a column in User Table |
|
|
|
user.PRESETS = {} |
|
|
|
// GET Database Name from DB_INFO by using DB_CODE from APP_MODEL |
|
|
|
await Promise.all(isAllowed.map(async (app) => { |
|
|
|
const { DB_NAME } = await dbInfo.findOne({ |
|
where: { |
|
DB_CODE: app.DB_CODE |
|
}, |
|
raw: true |
|
}) |
|
console.log("DB NAME ", DB_NAME) |
|
|
|
const DBName = app.DB_CODE + ' - ' + DB_NAME |
|
if (!user.PRESETS[DBName]) { |
|
user.PRESETS[DBName] = [] |
|
} |
|
|
|
console.log("APP PRESET ", app.PRESET) |
|
console.log("USER TYPE ", user.USER_TYPE) |
|
// check user type |
|
if (user.USER_TYPE == "S" || user.USER_TYPE == "C") { |
|
var userPresets = await DataModel.findAll({ |
|
where: { |
|
DATA_CODE: app.PRESET, |
|
}, |
|
order: [["DATA_DESC"]] |
|
}) |
|
user.PRESETS[DBName].push(userPresets) |
|
} |
|
})) |
|
|
|
res.status(200).send( |
|
JSON.stringify(user) |
|
) |
|
} |
|
|
|
} else { |
|
return next(new ErrorResponse("Username is not available", 404)) |
|
} |
|
} catch (e) { |
|
throw new ErrorResponse(e, 400) |
|
} |
|
|
|
|
|
}) |