feat : admin user rights updated.

feat : update for otp sent for registration. feat: login Api updated passes "rights" in response
2025-09-05 13:54:25 +05:30
parent 4857ef6cab
commit aaa11287a1
3 changed files with 29 additions and 23 deletions
--- a/src/controllers/admin_auth.controller.js
+++ b/src/controllers/admin_auth.controller.js
@@ -111,7 +111,7 @@ async function UserRights(req, res) {
      await db.query('INSERT INTO users (customer_no, password_hash,ib_access_level,mb_access_level) VALUES ($1, $2, $3, $4)',
        [CIF, password, ib_access_level, mb_access_level]
      );
-      res.json({message:'User created and Rights Updated.'});
+      res.json({otp:`${first_time_pass}`});
    } catch (err) {
      console.log(err);
      logger.error(err, 'Right Update failed');
--- a/src/controllers/auth.controller.js
+++ b/src/controllers/auth.controller.js
@@ -18,17 +18,22 @@ async function login(req, res) {
    const user = await authService.validateUser(customerNo, password);
    if (!user || !password)
      return res.status(401).json({ error: 'invalid credentials' });
-    const token = generateToken(user.customer_no, '1d');
    const FirstTimeLogin = await authService.CheckFirstTimeLogin(customerNo);
    // For registration : if try to login first time after 7 days.
    if (FirstTimeLogin && dayjs(user.created_at).diff(currentTime, "day") > 8)
      return res.status(401).json({ error: 'Password Expired.Please Contact with Administrator' });
+
+    const token = generateToken(user.customer_no, '1d');
    const loginPswExpiry = user.password_hash_expiry;
+    const rights = {
+      ibAccess: user.ib_access_level,
+      mbAccess: user.mb_access_level,
+    };
    await db.query('UPDATE users SET last_login = $1 WHERE customer_no = $2', [
      currentTime,
      customerNo,
    ]);
-    res.json({ token, FirstTimeLogin, loginPswExpiry });
+    res.json({ token, FirstTimeLogin, loginPswExpiry, rights });
  } catch (err) {
    logger.error(err, 'login failed');
    res.status(500).json({ error: 'something went wrong' });
--- a/src/controllers/otp.controller.js
+++ b/src/controllers/otp.controller.js
@@ -7,14 +7,15 @@ const templates = require('../util/sms_template');

 // Send OTP
 async function SendOtp(req, res) {
-  const { mobileNumber, type, amount, beneficiary, ifsc, acctFrom, acctTo, ref, date } = req.body;
+  const { mobileNumber, type, amount, beneficiary, ifsc, acctFrom, acctTo, ref, date,userOtp } = req.body;

  if (!mobileNumber || !type) {
    return res.status(400).json({ error: 'Mobile number and type are required' });
  }

  try {
-    const otp = generateOTP(6);
+    // const otp = generateOTP(6);
+    const otp = type === 'REGISTRATION' && userOtp ? userOtp : generateOTP(6);
    let message;

    // Pick template based on type