md.asif5/yume_js
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat : admin user rights updated.

Browse Source 
feat : update for otp sent for registration.
feat: login Api updated passes "rights" in response
This commit is contained in:
Tomosa Sarkar
2025-09-05 13:54:25 +05:30
parent 4857ef6cab
commit aaa11287a1
3 changed files with 29 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/controllers/admin_auth.controller.js
View File

@@ -111,7 +111,7 @@ async function UserRights(req, res) {
await db.query('INSERT INTO users (customer_no, password_hash,ib_access_level,mb_access_level) VALUES ($1, $2, $3, $4)', await db.query('INSERT INTO users (customer_no, password_hash,ib_access_level,mb_access_level) VALUES ($1, $2, $3, $4)',
[CIF, password, ib_access_level, mb_access_level] [CIF, password, ib_access_level, mb_access_level]
); );
res.json({message:'User created and Rights Updated.'}); res.json({otp:`${first_time_pass}`});
} catch (err) { } catch (err) {
console.log(err); console.log(err);
logger.error(err, 'Right Update failed'); logger.error(err, 'Right Update failed');

45
src/controllers/auth.controller.js
View File

@@ -2,7 +2,7 @@ const authService = require('../services/auth.service');
const { generateToken } = require('../util/jwt'); const { generateToken } = require('../util/jwt');
const { logger } = require('../util/logger'); const { logger } = require('../util/logger');
const db = require('../config/db'); const db = require('../config/db');
const dayjs =require("dayjs"); const dayjs = require("dayjs");
const { comparePassword } = require('../util/hash'); const { comparePassword } = require('../util/hash');
async function login(req, res) { async function login(req, res) {
@@ -18,17 +18,22 @@ async function login(req, res) {
const user = await authService.validateUser(customerNo, password); const user = await authService.validateUser(customerNo, password);
if (!user || !password) if (!user || !password)
return res.status(401).json({ error: 'invalid credentials' }); return res.status(401).json({ error: 'invalid credentials' });
const token = generateToken(user.customer_no, '1d');
const FirstTimeLogin = await authService.CheckFirstTimeLogin(customerNo); const FirstTimeLogin = await authService.CheckFirstTimeLogin(customerNo);
// For registration : if try to login first time after 7 days. // For registration : if try to login first time after 7 days.
if(FirstTimeLogin && dayjs(user.created_at).diff(currentTime,"day") > 8) if (FirstTimeLogin && dayjs(user.created_at).diff(currentTime, "day") > 8)
return res.status(401).json({ error: 'Password Expired.Please Contact with Administrator' }); return res.status(401).json({ error: 'Password Expired.Please Contact with Administrator' });
const token = generateToken(user.customer_no, '1d');
const loginPswExpiry = user.password_hash_expiry; const loginPswExpiry = user.password_hash_expiry;
const rights = {
ibAccess: user.ib_access_level,
mbAccess: user.mb_access_level,
};
await db.query('UPDATE users SET last_login = $1 WHERE customer_no = $2', [ await db.query('UPDATE users SET last_login = $1 WHERE customer_no = $2', [
currentTime, currentTime,
customerNo, customerNo,
]); ]);
res.json({ token, FirstTimeLogin, loginPswExpiry }); res.json({ token, FirstTimeLogin, loginPswExpiry, rights });
} catch (err) { } catch (err) {
logger.error(err, 'login failed'); logger.error(err, 'login failed');
res.status(500).json({ error: 'something went wrong' }); res.status(500).json({ error: 'something went wrong' });
@@ -109,20 +114,20 @@ async function setTransactionPassword(req, res) {
} }
} }
async function changeLoginPassword(req,res){ async function changeLoginPassword(req, res) {
const customerNo = req.user; const customerNo = req.user;
try { try {
const user = await authService.findUserByCustomerNo(customerNo); const user = await authService.findUserByCustomerNo(customerNo);
if (!user) return res.status(404).json({ error: 'USER_NOT_FOUND' }); if (!user) return res.status(404).json({ error: 'USER_NOT_FOUND' });
const { OldLPsw ,newLPsw ,confirmLPsw } = req.body; const { OldLPsw, newLPsw, confirmLPsw } = req.body;
const isMatch = await comparePassword(OldLPsw, user.password_hash); const isMatch = await comparePassword(OldLPsw, user.password_hash);
if(!isMatch) if (!isMatch)
return res.status(500).json({error: 'Please Enter Correct Old Login Password'}); return res.status(500).json({ error: 'Please Enter Correct Old Login Password' });
if(newLPsw !== confirmLPsw) if (newLPsw !== confirmLPsw)
return res.status(500).json ({error: 'New Password and Confirm Password not Match'}) return res.status(500).json({ error: 'New Password and Confirm Password not Match' })
const isMatchWithOldPassword = await comparePassword(newLPsw, user.password_hash); const isMatchWithOldPassword = await comparePassword(newLPsw, user.password_hash);
if(isMatchWithOldPassword) if (isMatchWithOldPassword)
return res.status(500).json ({error: 'New Password will be different from Previous Password'}) return res.status(500).json({ error: 'New Password will be different from Previous Password' })
authService.changeLoginPassword(customerNo, newLPsw); authService.changeLoginPassword(customerNo, newLPsw);
return res.json({ message: 'New Login Password changed successfully' }); return res.json({ message: 'New Login Password changed successfully' });
} catch (error) { } catch (error) {
@@ -131,20 +136,20 @@ async function changeLoginPassword(req,res){
} }
} }
async function changeTransPassword(req,res){ async function changeTransPassword(req, res) {
const customerNo = req.user; const customerNo = req.user;
try { try {
const user = await authService.findUserByCustomerNo(customerNo); const user = await authService.findUserByCustomerNo(customerNo);
if (!user) return res.status(404).json({ error: 'USER_NOT_FOUND' }); if (!user) return res.status(404).json({ error: 'USER_NOT_FOUND' });
const { OldTPsw ,newTPsw ,confirmTPsw } = req.body; const { OldTPsw, newTPsw, confirmTPsw } = req.body;
const isMatch = await comparePassword(OldTPsw, user.transaction_password); const isMatch = await comparePassword(OldTPsw, user.transaction_password);
if(!isMatch) if (!isMatch)
return res.status(500).json({error: 'Please Enter Correct Old Transaction Password'}); return res.status(500).json({ error: 'Please Enter Correct Old Transaction Password' });
if(newTPsw !== confirmTPsw) if (newTPsw !== confirmTPsw)
return res.status(500).json ({error: 'New Transaction Password and Confirm Transaction Password not Match'}) return res.status(500).json({ error: 'New Transaction Password and Confirm Transaction Password not Match' })
const isMatchWithOldPassword = await comparePassword(newTPsw, user.transaction_password); const isMatchWithOldPassword = await comparePassword(newTPsw, user.transaction_password);
if(isMatchWithOldPassword) if (isMatchWithOldPassword)
return res.status(500).json ({error: 'New Transaction Password will be different from Previous Transaction Password'}) return res.status(500).json({ error: 'New Transaction Password will be different from Previous Transaction Password' })
authService.changeTransPassword(customerNo, newTPsw); authService.changeTransPassword(customerNo, newTPsw);
return res.json({ message: 'New Transaction Password changed successfully' }); return res.json({ message: 'New Transaction Password changed successfully' });
} catch (error) { } catch (error) {

5
src/controllers/otp.controller.js
View File

@@ -7,14 +7,15 @@ const templates = require('../util/sms_template');
// Send OTP // Send OTP
async function SendOtp(req, res) { async function SendOtp(req, res) {
const { mobileNumber, type, amount, beneficiary, ifsc, acctFrom, acctTo, ref, date } = req.body; const { mobileNumber, type, amount, beneficiary, ifsc, acctFrom, acctTo, ref, date,userOtp } = req.body;
if (!mobileNumber || !type) { if (!mobileNumber || !type) {
return res.status(400).json({ error: 'Mobile number and type are required' }); return res.status(400).json({ error: 'Mobile number and type are required' });
} }
try { try {
const otp = generateOTP(6); // const otp = generateOTP(6);
const otp = type === 'REGISTRATION' && userOtp ? userOtp : generateOTP(6);
let message; let message;
// Pick template based on type // Pick template based on type