From 3f86697f6bae71b32450b205471f02c505ce6627 Mon Sep 17 00:00:00 2001 From: asif Date: Sat, 8 Nov 2025 02:44:56 +0530 Subject: [PATCH] feat: added mobile tnc flag in login response --- src/controllers/auth.controller.js | 51 ++++++++++++++++++++---------- 1 file changed, 34 insertions(+), 17 deletions(-) diff --git a/src/controllers/auth.controller.js b/src/controllers/auth.controller.js index 7c0192c..9d99b74 100644 --- a/src/controllers/auth.controller.js +++ b/src/controllers/auth.controller.js @@ -7,13 +7,14 @@ const { comparePassword } = require('../util/hash'); const customerController = require('../controllers/customer_details.controller.js'); const { setJson, getJson } = require('../config/redis'); - async function login(req, res) { let { customerNo, userName, password, otp } = req.body; const loginType = req.headers['x-login-type'] || 'standard'; if ((!customerNo && !userName) || !password) { - return res.status(400).json({ error: 'customerNo and password are required' }); + return res + .status(400) + .json({ error: 'customerNo and password are required' }); } const currentTime = new Date().toISOString(); const MAX_ATTEMPTS = 3; // Max invalid attempts before lock @@ -23,14 +24,17 @@ async function login(req, res) { const blockedKey = `login:blocked:${customerNo}`; const attemptsKey = `login:attempts:${customerNo}`; if (!customerNo && userName) { - const result = await db.query('SELECT * FROM users WHERE preferred_name = $1', [ - userName, - ]); + const result = await db.query( + 'SELECT * FROM users WHERE preferred_name = $1', + [userName] + ); if (result.rows.length === 0) { - logger.error("Customer not found with this user name."); - return res.status(404).json({ error: 'No user found with this username.' }); + logger.error('Customer not found with this user name.'); + return res + .status(404) + .json({ error: 'No user found with this username.' }); } - logger.info("Customer found with user name."); + logger.info('Customer found with user name.'); customerNo = result.rows[0].customer_no; } @@ -40,7 +44,7 @@ async function login(req, res) { // check DB locked flag if (userCheck && userCheck.locked) { await setJson(blockedKey, true, BLOCK_DURATION); - logger.error("USER Account Locked"); + logger.error('USER Account Locked'); return res.status(423).json({ error: 'Your account is locked. Please contact the administrator.', }); @@ -61,12 +65,16 @@ async function login(req, res) { attempts += 1; if (attempts >= MAX_ATTEMPTS) { - await db.query('UPDATE users SET locked = true WHERE customer_no = $1', [customerNo]); + await db.query( + 'UPDATE users SET locked = true WHERE customer_no = $1', + [customerNo] + ); await setJson(blockedKey, true, BLOCK_DURATION); await setJson(attemptsKey, 0); return res.status(423).json({ - error: 'Your account has been locked due to multiple failed login attempts. Please contact the administrator.', + error: + 'Your account has been locked due to multiple failed login attempts. Please contact the administrator.', }); } else { await setJson(attemptsKey, attempts, BLOCK_DURATION); @@ -107,6 +115,8 @@ async function login(req, res) { // --- Step 7: Generate token and update last login --- const token = generateToken(user.customer_no); const loginPswExpiry = user.password_hash_expiry; + const mobileTncAccepted = user.tnc_mobile; + const tnc = { mobile: mobileTncAccepted }; const rights = { ibAccess: user.ib_access_level, mbAccess: user.mb_access_level, @@ -116,7 +126,7 @@ async function login(req, res) { customerNo, ]); logger.info(`Login successful | Type: ${loginType}`); - return res.json({ token, FirstTimeLogin, loginPswExpiry, rights }); + return res.json({ token, FirstTimeLogin, loginPswExpiry, rights, tnc }); } catch (err) { logger.error(err, `login failed | Type: ${loginType}`); return res.status(500).json({ error: 'something went wrong' }); @@ -177,7 +187,7 @@ async function changeTpin(req, res) { if (!user.tpin) return res.status(400).json({ error: 'USER_DOESNT_HAVE_A_TPIN' }); const { oldTpin, newTpin } = req.body; - if(oldTpin !== user.tpin) + if (oldTpin !== user.tpin) return res.status(400).json({ error: 'TPIN_DOESNT_MATCH' }); if (!/^\d{6}$/.test(newTpin)) @@ -319,18 +329,25 @@ async function setUserName(req, res) { return res.json({ message: 'All set! Your username has been saved.' }); } if (userNameIsExits) { - const historyRes = await db.query('SELECT preferred_name FROM preferred_name_history WHERE customer_no = $1 ORDER BY changed_at DESC LIMIT 5', + const historyRes = await db.query( + 'SELECT preferred_name FROM preferred_name_history WHERE customer_no = $1 ORDER BY changed_at DESC LIMIT 5', [customerNo] ); // maximum 5 times can changed username - const history = historyRes.rows.map((r) => r.preferred_name.toLowerCase()); + const history = historyRes.rows.map((r) => + r.preferred_name.toLowerCase() + ); if (history.length >= 5) { - return res.status(429).json({ error: "Preferred name change limit reached -5 times" }); + return res + .status(429) + .json({ error: 'Preferred name change limit reached -5 times' }); } // Cannot match last 2 const lastTwo = history.slice(0, 2); if (lastTwo.includes(user_name.toLowerCase())) { - return res.status(409).json({ error: "Preferred name cannot match last 2 preferred names" }); + return res.status(409).json({ + error: 'Preferred name cannot match last 2 preferred names', + }); } await authService.setUserName(customerNo, user_name); logger.info('User name has been updated.');