md.asif5/yume_js
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat : onboarding new CIF by giving rights through admin portal.

Browse Source 
feat : View the user rights and update in admin portal.
chore : Add some template message for OTP
This commit is contained in:
Tomosa Sarkar
2025-09-09 11:15:28 +05:30
parent 445a0f434d
commit 50c375f0ba
6 changed files with 106 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.vscode/settings.json vendored
View File

@@ -1,7 +1,9 @@
{ {
"cSpell.words": [ "cSpell.words": [
"MPIN",
"otpgenerator", "otpgenerator",
"tpassword", "tpassword",
"tpin" "tpin",
"TPWORD"
] ]
} }

93
src/controllers/admin_auth.controller.js
View File

@@ -5,7 +5,7 @@ const { logger } = require('../util/logger');
const { hashPassword } = require('../util/hash'); const { hashPassword } = require('../util/hash');
const db = require('../config/db'); const db = require('../config/db');
const { generateOTP } = require('../otpgenerator'); const { generateOTP } = require('../otpgenerator');
const dayjs = require("dayjs");
async function login(req, res) { async function login(req, res) {
const { userName, password } = req.body; const { userName, password } = req.body;
@@ -63,61 +63,60 @@ async function getUserDetails(req, res) {
} }
} }
async function getUserRights(req, res) { async function getUserRights(req, res) {
// const { CIF } = req.query; const { CIF } = req.query;
// if (!CIF) {
// res.status(400).json({
// error: 'CIF number is required',
// });
// }
// try {
// const userDetails = await adminAuthService.getCustomerDetails(CIF);
// if (!userDetails)
// return res.status(401).json({ error: 'invalid CIF number' });
// return res.json(userDetails);
// } catch (error) {
// logger.error('while fetching customer details', error);
// res.status(500).json({ error: 'invalid CIF number'});
// }
}
async function UserRights(req, res) {
const { CIF, ib_access_level, mb_access_level } = req.body;
const first_time_pass = generateOTP(6);
if (!CIF) { if (!CIF) {
res.status(400).json({ res.status(400).json({
error: 'CIF number is required', error: 'CIF number is required',
}); });
} }
const currentTime = new Date().toISOString(); const userDetails = await adminAuthService.getCustomerDetailsFromDB(CIF);
const user = await authService.findUserByCustomerNo(CIF); if (!userDetails)
const password = await hashPassword(first_time_pass); return res.status(401).json({ error: 'invalid CIF number or No rights is present for the user.' });
if (user) { return res.json(userDetails);
try { }
await db.query('UPDATE users SET customer_no = $1,password_hash=$2,updated_at=$5,ib_access_level=$3,mb_access_level=$4 WHERE customer_no = $1', [
CIF, async function UserRights(req, res) {
password, try {
ib_access_level, const { CIF, ib_access_level, mb_access_level } = req.body;
mb_access_level,
currentTime, if (!CIF) {
]); return res.status(400).json({ error: 'CIF number is required' });
res.json({otp:`${first_time_pass}`});
} catch (err) {
console.log(err);
logger.error(err, 'Right Update failed');
res.status(500).json({ error: 'something went wrong' });
} }
}
if (!user) { const currentTime = new Date().toISOString();
try { const user = await authService.findUserByCustomerNo(CIF);
await db.query('INSERT INTO users (customer_no, password_hash,ib_access_level,mb_access_level) VALUES ($1, $2, $3, $4)', const first_time_pass = generateOTP(6);
const password = await hashPassword(first_time_pass);
if (user) {
const FirstTimeLogin = await authService.CheckFirstTimeLogin(CIF);
// if user did not login within 7 days
if (FirstTimeLogin && dayjs(currentTime).diff(dayjs(user.created_at), 'day') > 8) {
// Password expired, resend
await db.query(
'UPDATE users SET password_hash=$2, updated_at=$5, ib_access_level=$3, mb_access_level=$4 WHERE customer_no=$1',
[CIF, password, ib_access_level, mb_access_level, currentTime]
);
return res.json({ otp: first_time_pass });
}
// Just update access levels and timestamp
await db.query(
'UPDATE users SET updated_at=$4, ib_access_level=$2, mb_access_level=$3 WHERE customer_no=$1',
[CIF, ib_access_level, mb_access_level, currentTime]
);
return res.json({ message: "User updated successfully." });
} else {
// User does not exist, insert
await db.query(
'INSERT INTO users (customer_no, password_hash, ib_access_level, mb_access_level) VALUES ($1, $2, $3, $4)',
[CIF, password, ib_access_level, mb_access_level] [CIF, password, ib_access_level, mb_access_level]
); );
res.json({otp:`${first_time_pass}`}); return res.json({ otp: first_time_pass });
} catch (err) {
console.log(err);
logger.error(err, 'Right Update failed');
res.status(500).json({ error: 'something went wrong' });
} }
} catch (err) {
console.error(err);
logger.error(err, 'UserRights failed');
return res.status(500).json({ error: 'Something went wrong' });
} }
} }
module.exports = { login, fetchAdminDetails, getUserDetails,UserRights}; module.exports = { login, fetchAdminDetails, getUserDetails, UserRights, getUserRights };

30
src/controllers/otp.controller.js
View File

@@ -7,29 +7,31 @@ const templates = require('../util/sms_template');
// Send OTP // Send OTP
async function SendOtp(req, res) { async function SendOtp(req, res) {
const { mobileNumber, type, amount, beneficiary, ifsc, acctFrom, acctTo, ref, date,userOtp } = req.body; const { mobileNumber, type, amount, beneficiary, ifsc, acctFrom, acctTo, ref, date, userOtp } = req.body;
if (!mobileNumber || !type) { if (!mobileNumber || !type) {
return res.status(400).json({ error: 'Mobile number and type are required' }); return res.status(400).json({ error: 'Mobile number and type are required' });
} }
try { try {
// const otp = generateOTP(6);
const otp = type === 'REGISTRATION' && userOtp ? userOtp : generateOTP(6);
let message; let message;
let otp = null;
// Pick template based on type // Pick template based on type
switch (type) { switch (type) {
case 'IMPS': case 'IMPS':
otp = generateOTP(6);
message = templates.IMPS(otp); message = templates.IMPS(otp);
break; break;
case 'NEFT': case 'NEFT':
otp = generateOTP(6);
message = templates.NEFT(otp, amount, beneficiary); message = templates.NEFT(otp, amount, beneficiary);
break; break;
case 'RTGS': case 'RTGS':
otp = generateOTP(6);
message = templates.RTGS(otp, amount, beneficiary); message = templates.RTGS(otp, amount, beneficiary);
break; break;
case 'BENEFICIARY_ADD': case 'BENEFICIARY_ADD':
otp = generateOTP(6);
message = templates.BENEFICIARY_ADD(otp, beneficiary, ifsc); message = templates.BENEFICIARY_ADD(otp, beneficiary, ifsc);
break; break;
case 'BENEFICIARY_SUCCESS': case 'BENEFICIARY_SUCCESS':
@@ -39,10 +41,30 @@ async function SendOtp(req, res) {
message = templates.NOTIFICATION(acctFrom, acctTo, amount, ref, date); message = templates.NOTIFICATION(acctFrom, acctTo, amount, ref, date);
break; break;
case 'FORGOT_PASSWORD': case 'FORGOT_PASSWORD':
otp = generateOTP(6);
message = templates.FORGOT_PASSWORD(otp); message = templates.FORGOT_PASSWORD(otp);
break; break;
case 'CHANGE_LPWORD':
otp = generateOTP(6);
message = templates.CHANGE_LPWORD(otp);
break;
case 'CHANGE_TPIN':
otp = generateOTP(6);
message = templates.CHANGE_TPIN(otp);
break;
case 'CHANGE_TPWORD':
otp = generateOTP(6);
message = templates.CHANGE_TPWORD(otp);
break;
case 'CHANGE_MPIN':
otp = generateOTP(6);
message = templates.CHANGE_MPIN(otp);
break;
case 'REGISTRATION': case 'REGISTRATION':
otp = userOtp ? userOtp : generateOTP(6);
message = templates.REGISTRATION(otp); message = templates.REGISTRATION(otp);
case 'RIGHT_UPDATE':
message = templates.RIGHT_UPDATE;
break; break;
default: default:
return res.status(400).json({ error: 'Invalid OTP type' }); return res.status(400).json({ error: 'Invalid OTP type' });

1
src/routes/admin_auth.route.js
View File

@@ -8,4 +8,5 @@ router.post('/login', adminAuthController.login);
router.get('/admin_details', adminAuthenticate, adminAuthController.fetchAdminDetails); router.get('/admin_details', adminAuthenticate, adminAuthController.fetchAdminDetails);
router.get('/fetch/customer_details',adminAuthenticate,adminAuthController.getUserDetails); router.get('/fetch/customer_details',adminAuthenticate,adminAuthController.getUserDetails);
router.post('/user/rights',adminAuthenticate,adminAuthController.UserRights); router.post('/user/rights',adminAuthenticate,adminAuthController.UserRights);
router.get('/user/rights',adminAuthenticate,adminAuthController.getUserRights);
module.exports = router; module.exports = router;

9
src/services/admin.auth.service.js
View File

@@ -37,4 +37,11 @@ async function getCustomerDetails(customerNo) {
} }
} }
module.exports = { validateAdmin, findAdminByUserName,getCustomerDetails }; async function getCustomerDetailsFromDB(customerNo) {
const result = await db.query('SELECT customer_no,created_at,last_login,is_first_login,ib_access_level,mb_access_level FROM users WHERE customer_no = $1', [
customerNo,
]);
return result.rows[0];
}
module.exports = { validateAdmin, findAdminByUserName, getCustomerDetails,getCustomerDetailsFromDB };

29
src/util/sms_template.js
View File

@@ -1,26 +1,41 @@
const templates = { const templates = {
IMPS: (otp) => `Dear Customer, Please complete the fund transfer with OTP ${otp} -KCCB`, IMPS: (otp) => `Dear Customer, Please complete the fund transfer with OTP ${otp} -KCCB`,
NEFT: (otp, amount, beneficiary) => NEFT: (otp, amount, beneficiary) =>
`Dear Customer, Please complete the NEFT of Rs.${amount} to ${beneficiary} with OTP:${otp} -KCCB`, `Dear Customer, Please complete the NEFT of Rs.${amount} to ${beneficiary} with OTP:${otp} -KCCB`,
RTGS: (otp, amount, beneficiary) => RTGS: (otp, amount, beneficiary) =>
`Dear Customer, Please complete the RTGS of Rs.${amount} to ${beneficiary} with OTP:${otp} -KCCB`, `Dear Customer, Please complete the RTGS of Rs.${amount} to ${beneficiary} with OTP:${otp} -KCCB`,
BENEFICIARY_ADD: (otp, beneficiary, ifsc) => BENEFICIARY_ADD: (otp, beneficiary, ifsc) =>
`Dear Customer, You have added beneficiary ${beneficiary} ${ifsc} for NEFT/RTGS. Please endorse the beneficiary with OTP ${otp} -KCCB`, `Dear Customer, You have added beneficiary ${beneficiary} ${ifsc} for NEFT/RTGS. Please endorse the beneficiary with OTP ${otp} -KCCB`,
BENEFICIARY_SUCCESS: (beneficiary) => BENEFICIARY_SUCCESS: (beneficiary) =>
`Dear Customer, Your Beneficiary: ${beneficiary} for Net Banking is added successfully -KCCB`, `Dear Customer, Your Beneficiary: ${beneficiary} for Net Banking is added successfully -KCCB`,
NOTIFICATION: (acctFrom, acctTo, amount, ref, date) => NOTIFICATION: (acctFrom, acctTo, amount, ref, date) =>
`Your A/c ${acctFrom} is debited for Rs. ${amount} to the credit of A/c ${acctTo} thru Net Banking - ref: ${ref} - ${date} - Kangra Central Co-Operative Bank -KCCB`, `Your A/c ${acctFrom} is debited for Rs. ${amount} to the credit of A/c ${acctTo} thru Net Banking - ref: ${ref} - ${date} - Kangra Central Co-Operative Bank -KCCB`,
FORGOT_PASSWORD: (otp) => FORGOT_PASSWORD: (otp) =>
`Dear Customer, Forgot Password OTP is ${otp} -KCCB`, `Dear Customer, Forgot Password OTP is ${otp} -KCCB`,
CHANGE_LPWORD: (otp) =>
`Dear Customer, Change Login Password OTP is ${otp} -KCCB`,
CHANGE_TPIN: (otp) =>
`Dear Customer, Change Transaction pin OTP is ${otp} -KCCB`,
CHANGE_TPWORD: (otp) =>
`Dear Customer, Change Transaction password OTP is ${otp} -KCCB`,
CHANGE_MPIN: (otp) =>
`Dear Customer, Change M-PIN OTP is ${otp} -KCCB`,
REGISTRATION: (otp) => REGISTRATION: (otp) =>
`Dear Customer, Your CIF is enable.First time login password: ${otp} (valid for 7 days).Please login and change your password -KCCB`, `Dear Customer, Your CIF is enable.First time login password: ${otp} (valid for 7 days).Please login and change your password -KCCB`,
RIGHT_UPDATE:
`Dear Customer, Your CIF rights have been updated. Please log in again to access the features. -KCCB`,
}; };
module.exports = templates; module.exports = templates;