md.asif5/yume_js
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat : Admin can unlocked users

Browse Source 
feat : admin can update and create users.
This commit is contained in:
Tomosa Sarkar
2025-11-04 13:02:18 +05:30
parent 43cce9f04a
commit 56c69e54de
5 changed files with 55 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
src/controllers/admin_auth.controller.js
View File

@@ -62,6 +62,7 @@ async function getUserDetails(req, res) {
res.status(500).json({ error: 'invalid CIF number' }); res.status(500).json({ error: 'invalid CIF number' });
} }
} }
async function getUserRights(req, res) { async function getUserRights(req, res) {
const { CIF } = req.query; const { CIF } = req.query;
if (!CIF) { if (!CIF) {
@@ -71,13 +72,13 @@ async function getUserRights(req, res) {
} }
const userDetails = await adminAuthService.getCustomerDetailsFromDB(CIF); const userDetails = await adminAuthService.getCustomerDetailsFromDB(CIF);
if (!userDetails) if (!userDetails)
return res.status(401).json({ error: 'invalid CIF number or No rights is present for the user.' }); return res.status(404).json({ error: 'invalid CIF number or No rights is present for the user.' });
return res.json(userDetails); return res.json(userDetails);
} }
async function UserRights(req, res) { async function UserRights(req, res) {
try { try {
const { CIF, ib_access_level, mb_access_level } = req.body; const { CIF, ib_access_level, mb_access_level, ib_limit, mb_limit } = req.body;
if (!CIF) { if (!CIF) {
return res.status(400).json({ error: 'CIF number is required' }); return res.status(400).json({ error: 'CIF number is required' });
@@ -93,23 +94,26 @@ async function UserRights(req, res) {
if (FirstTimeLogin && dayjs(currentTime).diff(dayjs(user.created_at), 'day') > 8) { if (FirstTimeLogin && dayjs(currentTime).diff(dayjs(user.created_at), 'day') > 8) {
// Password expired, resend // Password expired, resend
await db.query( await db.query(
'UPDATE users SET password_hash=$2, updated_at=$5, ib_access_level=$3, mb_access_level=$4 WHERE customer_no=$1', 'UPDATE users SET password_hash=$2, updated_at=$5, ib_access_level=$3, mb_access_level=$4 ,inb_limit_amount=$6,mobile_limit_amount=$7 WHERE customer_no=$1',
[CIF, password, ib_access_level, mb_access_level, currentTime] [CIF, password, ib_access_level, mb_access_level, currentTime, ib_limit, mb_limit]
); );
logger.info("Admin sended the OTP");
return res.json({ otp: first_time_pass }); return res.json({ otp: first_time_pass });
} }
// Just update access levels and timestamp // Just update access levels and timestamp
await db.query( await db.query(
'UPDATE users SET updated_at=$4, ib_access_level=$2, mb_access_level=$3 WHERE customer_no=$1', 'UPDATE users SET updated_at=$4, ib_access_level=$2, mb_access_level=$3 ,inb_limit_amount=$5,mobile_limit_amount=$6 WHERE customer_no=$1',
[CIF, ib_access_level, mb_access_level, currentTime] [CIF, ib_access_level, mb_access_level, currentTime, ib_limit, mb_limit]
); );
logger.info("Admin Updated the user.");
return res.json({ message: "User updated successfully." }); return res.json({ message: "User updated successfully." });
} else { } else {
// User does not exist, insert // User does not exist, insert
await db.query( await db.query(
'INSERT INTO users (customer_no, password_hash, ib_access_level, mb_access_level) VALUES ($1, $2, $3, $4)', 'INSERT INTO users (customer_no, password_hash, ib_access_level, mb_access_level ,inb_limit_amount,mobile_limit_amount) VALUES ($1, $2, $3, $4 ,$5 ,$6)',
[CIF, password, ib_access_level, mb_access_level] [CIF, password, ib_access_level, mb_access_level, ib_limit, mb_limit]
); );
logger.info("New user enroll by admin.");
return res.json({ otp: first_time_pass }); return res.json({ otp: first_time_pass });
} }
} catch (err) { } catch (err) {
@@ -119,4 +123,30 @@ async function UserRights(req, res) {
} }
} }
module.exports = { login, fetchAdminDetails, getUserDetails, UserRights, getUserRights }; async function handleUnlockUser(req, res) {
try {
const { user, action } = req.body;
const adminUserName = req.admin;
if (!user) {
return res.status(400).json({ error: "CIF or username is required" });
}
const userDetails = await adminAuthService.getCustomerDetailsFromDB(user);
if (!userDetails) {
return res
.status(404)
.json({ error: "Invalid CIF number or username" });
}
await adminAuthService.updateUserLockStatus(user, action,adminUserName);
const statusText = action ? "locked" : "unlocked";
logger.info(`User ${user} has been successfully ${statusText}.`);
return res.json({
message: `User ${user} has been successfully ${statusText}.`,
});
} catch (error) {
console.error("Unlock user error:", error);
return res.status(500).json({ error: "Internal server error" });
}
}
module.exports = { login, fetchAdminDetails, getUserDetails, UserRights, getUserRights, handleUnlockUser };

5
src/controllers/otp.controller.js
View File

@@ -152,15 +152,18 @@ async function VerifyOtp(req, res) {
try { try {
const storedOtp = await getJson(`otp:${mobileNumber}`); const storedOtp = await getJson(`otp:${mobileNumber}`);
logger.info("OTP is stored");
if (!storedOtp) { if (!storedOtp) {
logger.error("OTP expired or not found");
return res.status(400).json({ error: 'OTP expired or not found' }); return res.status(400).json({ error: 'OTP expired or not found' });
} }
if (parseInt(otp, 10) !== parseInt(storedOtp, 10)) { if (parseInt(otp, 10) !== parseInt(storedOtp, 10)) {
logger.error("Invalid OTP");
return res.status(400).json({ error: 'Invalid OTP' }); return res.status(400).json({ error: 'Invalid OTP' });
} }
logger.info(`OTP verified with mobile number -${mobileNumber}`);
return res.status(200).json({ message: 'OTP verified successfully' }); return res.status(200).json({ message: 'OTP verified successfully' });
} catch (err) { } catch (err) {
logger.error(err, 'Error verifying OTP'); logger.error(err, 'Error verifying OTP');

1
src/middlewares/admin.middleware.js
View File

@@ -13,7 +13,6 @@ function checkAdmin (req,res,next){
const token = authHeader.split(' ')[1]; const token = authHeader.split(' ')[1];
try { try {
const payload = verifyToken(token); const payload = verifyToken(token);
// console.log("hi",payload);
if(payload.customerNo && payload.role === 'admin'){ if(payload.customerNo && payload.role === 'admin'){
req.admin = payload.customerNo; req.admin = payload.customerNo;
next(); next();

1
src/routes/admin_auth.route.js
View File

@@ -9,4 +9,5 @@ router.get('/admin_details', adminAuthenticate, adminAuthController.fetchAdminDe
router.get('/fetch/customer_details',adminAuthenticate,adminAuthController.getUserDetails); router.get('/fetch/customer_details',adminAuthenticate,adminAuthController.getUserDetails);
router.post('/user/rights',adminAuthenticate,adminAuthController.UserRights); router.post('/user/rights',adminAuthenticate,adminAuthController.UserRights);
router.get('/user/rights',adminAuthenticate,adminAuthController.getUserRights); router.get('/user/rights',adminAuthenticate,adminAuthController.getUserRights);
router.post('/user/unlock',adminAuthenticate,adminAuthController.handleUnlockUser);
module.exports = router; module.exports = router;

13
src/services/admin.auth.service.js
View File

@@ -38,10 +38,19 @@ async function getCustomerDetails(customerNo) {
} }
async function getCustomerDetailsFromDB(customerNo) { async function getCustomerDetailsFromDB(customerNo) {
const result = await db.query('SELECT customer_no,created_at,last_login,is_first_login,ib_access_level,mb_access_level FROM users WHERE customer_no = $1', [ const result = await db.query(
'SELECT customer_no,created_at,last_login,is_first_login,ib_access_level,mb_access_level,inb_limit_amount,mobile_limit_amount,locked FROM users WHERE customer_no = $1 or preferred_name= $1', [
customerNo, customerNo,
]); ]);
return result.rows[0]; return result.rows[0];
} }
module.exports = { validateAdmin, findAdminByUserName, getCustomerDetails,getCustomerDetailsFromDB }; async function updateUserLockStatus(customerNo ,locked ,adminUserName) {
const result = await db.query(
'Update users set locked =$2 ,unlocked_by=$3 WHERE customer_no = $1 or preferred_name= $1', [
customerNo, locked ,adminUserName
]);
return result.rows[0];
}
module.exports = { validateAdmin, findAdminByUserName, getCustomerDetails, getCustomerDetailsFromDB ,updateUserLockStatus };