feat : Admin can unlocked users

feat : admin can update and create users.
2025-11-04 13:02:18 +05:30
parent 43cce9f04a
commit 56c69e54de
5 changed files with 55 additions and 13 deletions
--- a/src/controllers/admin_auth.controller.js
+++ b/src/controllers/admin_auth.controller.js
@@ -62,6 +62,7 @@ async function getUserDetails(req, res) {
    res.status(500).json({ error: 'invalid CIF number' });
  }
 }
+
 async function getUserRights(req, res) {
  const { CIF } = req.query;
  if (!CIF) {
@@ -71,13 +72,13 @@ async function getUserRights(req, res) {
  }
  const userDetails = await adminAuthService.getCustomerDetailsFromDB(CIF);
  if (!userDetails)
-    return res.status(401).json({ error: 'invalid CIF number or No rights is present for the user.' });
+    return res.status(404).json({ error: 'invalid CIF number or No rights is present for the user.' });
  return res.json(userDetails);
 }

 async function UserRights(req, res) {
  try {
-    const { CIF, ib_access_level, mb_access_level } = req.body;
+    const { CIF, ib_access_level, mb_access_level, ib_limit, mb_limit } = req.body;

    if (!CIF) {
      return res.status(400).json({ error: 'CIF number is required' });
@@ -93,23 +94,26 @@ async function UserRights(req, res) {
      if (FirstTimeLogin && dayjs(currentTime).diff(dayjs(user.created_at), 'day') > 8) {
        // Password expired, resend
        await db.query(
-          'UPDATE users SET password_hash=$2, updated_at=$5, ib_access_level=$3, mb_access_level=$4 WHERE customer_no=$1',
-          [CIF, password, ib_access_level, mb_access_level, currentTime]
+          'UPDATE users SET password_hash=$2, updated_at=$5, ib_access_level=$3, mb_access_level=$4 ,inb_limit_amount=$6,mobile_limit_amount=$7 WHERE customer_no=$1',
+          [CIF, password, ib_access_level, mb_access_level, currentTime, ib_limit, mb_limit]
        );
+        logger.info("Admin sended the OTP");
        return res.json({ otp: first_time_pass });
      }
      // Just update access levels and timestamp
      await db.query(
-        'UPDATE users SET updated_at=$4, ib_access_level=$2, mb_access_level=$3 WHERE customer_no=$1',
-        [CIF, ib_access_level, mb_access_level, currentTime]
+        'UPDATE users SET updated_at=$4, ib_access_level=$2, mb_access_level=$3 ,inb_limit_amount=$5,mobile_limit_amount=$6 WHERE customer_no=$1',
+        [CIF, ib_access_level, mb_access_level, currentTime, ib_limit, mb_limit]
      );
+      logger.info("Admin Updated the user.");
      return res.json({ message: "User updated successfully." });
    } else {
      // User does not exist, insert
      await db.query(
-        'INSERT INTO users (customer_no, password_hash, ib_access_level, mb_access_level) VALUES ($1, $2, $3, $4)',
-        [CIF, password, ib_access_level, mb_access_level]
+        'INSERT INTO users (customer_no, password_hash, ib_access_level, mb_access_level ,inb_limit_amount,mobile_limit_amount) VALUES ($1, $2, $3, $4 ,$5 ,$6)',
+        [CIF, password, ib_access_level, mb_access_level, ib_limit, mb_limit]
      );
+      logger.info("New user enroll by admin.");
      return res.json({ otp: first_time_pass });
    }
  } catch (err) {
@@ -119,4 +123,30 @@ async function UserRights(req, res) {
  }
 }

-module.exports = { login, fetchAdminDetails, getUserDetails, UserRights, getUserRights };
+async function handleUnlockUser(req, res) {
+  try {
+    const { user, action } = req.body;
+    const adminUserName = req.admin;
+    if (!user) {
+      return res.status(400).json({ error: "CIF or username is required" });
+    }
+    const userDetails = await adminAuthService.getCustomerDetailsFromDB(user);
+    if (!userDetails) {
+      return res
+        .status(404)
+        .json({ error: "Invalid CIF number or username" });
+    }
+    await adminAuthService.updateUserLockStatus(user, action,adminUserName);
+    const statusText = action ? "locked" : "unlocked";
+    logger.info(`User ${user} has been successfully ${statusText}.`);
+
+    return res.json({
+      message: `User ${user} has been successfully ${statusText}.`,
+    });
+  } catch (error) {
+    console.error("Unlock user error:", error);
+    return res.status(500).json({ error: "Internal server error" });
+  }
+}
+
+module.exports = { login, fetchAdminDetails, getUserDetails, UserRights, getUserRights, handleUnlockUser };
--- a/src/controllers/otp.controller.js
+++ b/src/controllers/otp.controller.js
@@ -152,15 +152,18 @@ async function VerifyOtp(req, res) {

  try {
    const storedOtp = await getJson(`otp:${mobileNumber}`);
+    logger.info("OTP is stored");

    if (!storedOtp) {
+      logger.error("OTP expired or not found");
      return res.status(400).json({ error: 'OTP expired or not found' });
    }

    if (parseInt(otp, 10) !== parseInt(storedOtp, 10)) {
+      logger.error("Invalid OTP");
      return res.status(400).json({ error: 'Invalid OTP' });
    }
-
+    logger.info(`OTP verified with mobile number -${mobileNumber}`);
    return res.status(200).json({ message: 'OTP verified successfully' });
  } catch (err) {
    logger.error(err, 'Error verifying OTP');
--- a/src/middlewares/admin.middleware.js
+++ b/src/middlewares/admin.middleware.js
@@ -13,7 +13,6 @@ function checkAdmin (req,res,next){
  const token = authHeader.split(' ')[1];
  try {
    const payload = verifyToken(token);
-    // console.log("hi",payload);
    if(payload.customerNo && payload.role === 'admin'){
      req.admin = payload.customerNo;
      next();
--- a/src/routes/admin_auth.route.js
+++ b/src/routes/admin_auth.route.js
@@ -9,4 +9,5 @@ router.get('/admin_details', adminAuthenticate, adminAuthController.fetchAdminDe
 router.get('/fetch/customer_details',adminAuthenticate,adminAuthController.getUserDetails);
 router.post('/user/rights',adminAuthenticate,adminAuthController.UserRights);
 router.get('/user/rights',adminAuthenticate,adminAuthController.getUserRights);
+router.post('/user/unlock',adminAuthenticate,adminAuthController.handleUnlockUser);
 module.exports = router;
--- a/src/services/admin.auth.service.js
+++ b/src/services/admin.auth.service.js
@@ -38,10 +38,19 @@ async function getCustomerDetails(customerNo) {
 }

 async function getCustomerDetailsFromDB(customerNo) {
-  const result = await db.query('SELECT customer_no,created_at,last_login,is_first_login,ib_access_level,mb_access_level FROM users WHERE customer_no = $1', [
+  const result = await db.query(
+    'SELECT customer_no,created_at,last_login,is_first_login,ib_access_level,mb_access_level,inb_limit_amount,mobile_limit_amount,locked FROM users WHERE customer_no = $1 or preferred_name= $1', [
    customerNo,
  ]);
  return result.rows[0];
 }

-module.exports = { validateAdmin, findAdminByUserName, getCustomerDetails,getCustomerDetailsFromDB };
+async function updateUserLockStatus(customerNo ,locked ,adminUserName) {
+  const result = await db.query(
+    'Update users set locked =$2 ,unlocked_by=$3  WHERE customer_no = $1 or preferred_name= $1', [
+    customerNo, locked ,adminUserName
+  ]);
+  return result.rows[0];
+}
+
+module.exports = { validateAdmin, findAdminByUserName, getCustomerDetails, getCustomerDetailsFromDB ,updateUserLockStatus };