md.asif5/yume_js
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: user can change login password

Browse Source 
feat: user can change transaction password
wip : Admin feature rights -InProgress
This commit is contained in:
Tomosa Sarkar
2025-09-02 12:41:39 +05:30
parent cb22b926f8
commit 9f6c2f9cc1
11 changed files with 181 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -1,2 +1,4 @@
node_modules/
.vscode/
.env
logs/requests.log

1
.vscode/settings.json vendored
View File

@@ -1,5 +1,6 @@
{
"cSpell.words": [
"otpgenerator",
"tpassword",
"tpin"
]

7
package-lock.json generated
View File

@@ -12,6 +12,7 @@
"axios": "^1.9.0",
"bcrypt": "^6.0.0",
"cors": "^2.8.5",
"dayjs": "^1.11.18",
"dotenv": "^16.5.0",
"express": "^5.1.0",
"jsonwebtoken": "^9.0.2",
@@ -842,6 +843,12 @@
"node": "*"
}
},
"node_modules/dayjs": {
"version": "1.11.18",
"resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.18.tgz",
"integrity": "sha512-zFBQ7WFRvVRhKcWoUh+ZA1g2HVgUbsZm9sbddh8EC5iv93sui8DVVz1Npvz+r6meo9VKfa8NyLWBsQK1VvIKPA==",
"license": "MIT"
},
"node_modules/debug": {
"version": "4.4.1",
"resolved": "https://registry.npmjs.org/debug/-/debug-4.4.1.tgz",

1
package.json
View File

@@ -16,6 +16,7 @@
"axios": "^1.9.0",
"bcrypt": "^6.0.0",
"cors": "^2.8.5",
"dayjs": "^1.11.18",
"dotenv": "^16.5.0",
"express": "^5.1.0",
"jsonwebtoken": "^9.0.2",

67
src/controllers/admin_auth.controller.js
View File

@@ -1,8 +1,11 @@
const adminAuthService = require('../services/admin.auth.service');
const authService = require('../services/auth.service');
const { generateToken } = require('../util/jwt');
const { logger } = require('../util/logger');
const { hashPassword } = require('../util/hash');
const db = require('../config/db');
// const authenticate = require('../middlewares/auth.middleware');
const { generateOTP } = require('../otpgenerator');
async function login(req, res) {
const { userName, password } = req.body;
@@ -56,7 +59,65 @@ async function getUserDetails(req, res) {
return res.json(userDetails);
} catch (error) {
logger.error('while fetching customer details', error);
res.status(500).json({ error: 'invalid CIF number'});
res.status(500).json({ error: 'invalid CIF number' });
}
}
module.exports = { login, fetchAdminDetails, getUserDetails };
async function getUserRights(req, res) {
// const { CIF } = req.query;
// if (!CIF) {
// res.status(400).json({
// error: 'CIF number is required',
// });
// }
// try {
// const userDetails = await adminAuthService.getCustomerDetails(CIF);
// if (!userDetails)
// return res.status(401).json({ error: 'invalid CIF number' });
// return res.json(userDetails);
// } catch (error) {
// logger.error('while fetching customer details', error);
// res.status(500).json({ error: 'invalid CIF number'});
// }
}
async function UserRights(req, res) {
const { CIF, ib_access_level, mb_access_level } = req.body;
const first_time_pass = generateOTP(6);
if (!CIF) {
res.status(400).json({
error: 'CIF number is required',
});
}
const currentTime = new Date().toISOString();
const user = await authService.findUserByCustomerNo(CIF);
const password = await hashPassword(first_time_pass);
if (user) {
try {
await db.query('UPDATE users SET customer_no = $1,password_hash=$2,updated_at=$5,ib_access_level=$3,mb_access_level=$4 WHERE customer_no = $1', [
CIF,
password,
ib_access_level,
mb_access_level,
currentTime,
]);
res.json({otp:`${first_time_pass}`});
} catch (err) {
console.log(err);
logger.error(err, 'Right Update failed');
res.status(500).json({ error: 'something went wrong' });
}
}
if (!user) {
try {
await db.query('INSERT INTO users (customer_no, password_hash,ib_access_level,mb_access_level) VALUES ($1, $2, $3, $4)',
[CIF, password, ib_access_level, mb_access_level]
);
res.json({message:'User created and Rights Updated.'});
} catch (err) {
console.log(err);
logger.error(err, 'Right Update failed');
res.status(500).json({ error: 'something went wrong' });
}
}
}
module.exports = { login, fetchAdminDetails, getUserDetails,UserRights};

55
src/controllers/auth.controller.js
View File

@@ -2,6 +2,8 @@ const authService = require('../services/auth.service');
const { generateToken } = require('../util/jwt');
const { logger } = require('../util/logger');
const db = require('../config/db');
const dayjs =require("dayjs");
const { comparePassword } = require('../util/hash');
async function login(req, res) {
const { customerNo, password } = req.body;
@@ -18,11 +20,15 @@ async function login(req, res) {
return res.status(401).json({ error: 'invalid credentials' });
const token = generateToken(user.customer_no, '1d');
const FirstTimeLogin = await authService.CheckFirstTimeLogin(customerNo);
// For registration : if try to login first time after 7 days.
if(FirstTimeLogin && dayjs(user.created_at).diff(currentTime,"day") > 8)
return res.status(401).json({ error: 'Password Expired.Please Contact with Administrator' });
const loginPswExpiry = user.password_hash_expiry;
await db.query('UPDATE users SET last_login = $1 WHERE customer_no = $2', [
currentTime,
customerNo,
]);
res.json({ token, FirstTimeLogin });
res.json({ token, FirstTimeLogin, loginPswExpiry });
} catch (err) {
logger.error(err, 'login failed');
res.status(500).json({ error: 'something went wrong' });
@@ -88,6 +94,7 @@ async function setLoginPassword(req, res) {
return res.status(500).json({ error: 'SOMETHING_WENT_WRONG' });
}
}
async function setTransactionPassword(req, res) {
const customerNo = req.user;
try {
@@ -102,6 +109,50 @@ async function setTransactionPassword(req, res) {
}
}
async function changeLoginPassword(req,res){
const customerNo = req.user;
try {
const user = await authService.findUserByCustomerNo(customerNo);
if (!user) return res.status(404).json({ error: 'USER_NOT_FOUND' });
const { OldLPsw ,newLPsw ,confirmLPsw } = req.body;
const isMatch = await comparePassword(OldLPsw, user.password_hash);
if(!isMatch)
return res.json({error: 'Please Enter Correct Old Login Password'});
if(newLPsw !== confirmLPsw)
return res.json ({error: 'New Password and Confirm Password not Match'})
const isMatchWithOldPassword = await comparePassword(newLPsw, user.password_hash);
if(isMatchWithOldPassword)
return res.json ({error: 'New Password will be different from Previous Password'})
authService.changeLoginPassword(customerNo, newLPsw);
return res.json({ message: 'New Login Password changed successfully' });
} catch (error) {
logger.error(error);
return res.status(500).json({ error: 'SOMETHING_WENT_WRONG' });
}
}
async function changeTransPassword(req,res){
const customerNo = req.user;
try {
const user = await authService.findUserByCustomerNo(customerNo);
if (!user) return res.status(404).json({ error: 'USER_NOT_FOUND' });
const { OldTPsw ,newTPsw ,confirmTPsw } = req.body;
const isMatch = await comparePassword(OldTPsw, user.transaction_password);
if(!isMatch)
return res.json({error: 'Please Enter Correct Old Transaction Password'});
if(newTPsw !== confirmTPsw)
return res.json ({error: 'New Transaction Password and Confirm Transaction Password not Match'})
const isMatchWithOldPassword = await comparePassword(newTPsw, user.transaction_password);
if(isMatchWithOldPassword)
return res.json ({error: 'New Transaction Password will be different from Previous Transaction Password'})
authService.changeTransPassword(customerNo, newTPsw);
return res.json({ message: 'New Transaction Password changed successfully' });
} catch (error) {
logger.error(error);
return res.status(500).json({ error: 'SOMETHING_WENT_WRONG' });
}
}
module.exports = {
login,
tpin,
@@ -109,4 +160,6 @@ module.exports = {
setLoginPassword,
setTransactionPassword,
fetchUserDetails,
changeLoginPassword,
changeTransPassword,
};

5
src/controllers/otp.controller.js
View File

@@ -40,6 +40,9 @@ async function SendOtp(req, res) {
case 'FORGOT_PASSWORD':
message = templates.FORGOT_PASSWORD(otp);
break;
case 'REGISTRATION':
message = templates.REGISTRATION(otp);
break;
default:
return res.status(400).json({ error: 'Invalid OTP type' });
}
@@ -71,7 +74,7 @@ async function SendOtp(req, res) {
// Verify OTP
async function VerifyOtp(req, res) {
const { mobileNumber } = req.query;
const {otp} =req.body
const { otp } = req.body
if (!mobileNumber || !otp) {
return res.status(400).json({ error: 'Phone number and OTP are required' });

1
src/routes/admin_auth.route.js
View File

@@ -7,4 +7,5 @@ const router = express.Router();
router.post('/login', adminAuthController.login);
router.get('/admin_details', adminAuthenticate, adminAuthController.fetchAdminDetails);
router.get('/fetch/customer_details',adminAuthenticate,adminAuthController.getUserDetails);
router.post('/user/rights',adminAuthenticate,adminAuthController.UserRights);
module.exports = router;

9
src/routes/auth.route.js
View File

@@ -9,10 +9,9 @@ router.get('/user_details', authenticate, authController.fetchUserDetails);
router.get('/tpin', authenticate, authController.tpin);
router.post('/tpin', authenticate, authController.setTpin);
router.post('/login_password', authenticate, authController.setLoginPassword);
router.post(
'/transaction_password',
authenticate,
authController.setTransactionPassword
);
router.post('/transaction_password',authenticate,authController.setTransactionPassword);
router.post('/change/login_password',authenticate,authController.changeLoginPassword);
router.post('/change/transaction_password',authenticate,authController.changeTransPassword);
module.exports = router;

43
src/services/auth.service.js
View File

@@ -1,5 +1,6 @@
const db = require('../config/db');
const { comparePassword, hashPassword } = require('../util/hash');
const dayjs =require("dayjs");
async function findUserByCustomerNo(customerNo) {
const result = await db.query('SELECT * FROM users WHERE customer_no = $1', [
@@ -69,14 +70,48 @@ async function validateTransactionPassword(customerNo, tpassword) {
// Set transaction password
async function setTransactionPassword(customerNo, trans_psw) {
const hashedTransPassword = await hashPassword(trans_psw);
const currentTime = dayjs().toISOString();
const password_expiry = dayjs().add(90,"day").toISOString();
try {
await db.query(
'UPDATE users SET transaction_password = $1 WHERE customer_no = $2',
[hashedTransPassword, customerNo]
'UPDATE users SET transaction_password = $1 ,updated_at = $3,transaction_password_expiry =$4 WHERE customer_no = $2',
[hashedTransPassword, customerNo , currentTime ,password_expiry]
);
} catch (error) {
throw new Error(
`error occured while while setting new Transaction Password ${error.message}`
`error occurred while while setting new Transaction Password ${error.message}`
);
}
}
async function changeLoginPassword(customerNo, login_psw) {
const hashedLoginPassword = await hashPassword(login_psw);
const currentTime = dayjs().toISOString();
const password_expiry = dayjs().add(90,"day").toISOString();
try {
await db.query(
'UPDATE users SET password_hash = $1 ,updated_at = $3,password_hash_expiry =$4 WHERE customer_no = $2',
[hashedLoginPassword, customerNo , currentTime ,password_expiry]
);
} catch (error) {
throw new Error(
`error occured while while setting new Login Password ${error.message}`
);
}
}
async function changeTransPassword(customerNo, trans_psw) {
const hashedTransPassword = await hashPassword(trans_psw);
const currentTime = dayjs().toISOString();
const password_expiry = dayjs().add(90,"day").toISOString();
try {
await db.query(
'UPDATE users SET transaction_password = $1 ,updated_at = $3,transaction_password_expiry =$4 WHERE customer_no = $2',
[hashedTransPassword, customerNo , currentTime ,password_expiry]
);
} catch (error) {
throw new Error(
`error occurred while while setting new Login Password ${error.message}`
);
}
}
@@ -90,4 +125,6 @@ module.exports = {
setLoginPassword,
validateTransactionPassword,
setTransactionPassword,
changeLoginPassword,
changeTransPassword,
};

3
src/util/sms_template.js
View File

@@ -18,6 +18,9 @@ const templates = {
FORGOT_PASSWORD: (otp) =>
`Dear Customer, Forgot Password OTP is ${otp} -KCCB`,
REGISTRATION: (otp) =>
`Dear Customer, Your CIF is enable.First time login password: ${otp} (valid for 7 days).Please login and change your password -KCCB`,
};
module.exports = templates;