md.asif5/yume_js
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat : admin feature

Browse Source
This commit is contained in:
Tomosa Sarkar
2025-08-08 13:06:08 +05:30
parent b88e00f758
commit cd1193c746
9 changed files with 148 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.env
View File

@@ -1,3 +0,0 @@
PORT=8080
DATABASE_URL=postgresql://kmobile_app_rw:kmobile@localhost:5431/kmobile_banking
JWT_SECRET=supersecret

2
.gitignore vendored
View File

@@ -1 +1,3 @@
node_modules/ node_modules/
.vscode/
.env/

62
src/controllers/admin_auth.controller.js Normal file
View File

@@ -0,0 +1,62 @@
const adminAuthService = require('../services/admin.auth.service');
const { generateToken } = require('../util/jwt');
const { logger } = require('../util/logger');
const db = require('../config/db');
// const authenticate = require('../middlewares/auth.middleware');
async function login(req, res) {
const { userName, password } = req.body;
if (!userName || !password) {
return res
.status(400)
.json({ error: 'UserName and Password are required' });
}
const currentTime = new Date().toISOString();
try {
const admin = await adminAuthService.validateAdmin(userName, password);
if (!admin) return res.status(401).json({ error: 'invalid credentials' });
const token = generateToken(admin.username, 'admin', '1d');
await db.query('UPDATE admin SET last_login = $1 WHERE username = $2', [
currentTime,
userName,
]);
res.json({ token });
} catch (err) {
logger.error(err, 'login failed');
res.status(500).json({ error: 'something went wrong' });
}
}
async function fetchAdminDetails(req, res) {
const customerNo = req.admin;
try {
const admin = await adminAuthService.findAdminByUserName(customerNo);
if (!admin) return res.status(404).json({ message: 'ADMIN_USER_NOT_FOUND' });
return res.json(admin);
} catch (err) {
logger.error(err, 'error occurred while fetching admin details');
res.status(500).json({ error: 'something went wrong' });
}
}
async function getUserDetails(req, res) {
const { CIF } = req.query;
if (!CIF) {
res.status(400).json({
error: 'CIF number is required',
});
}
try {
const userDetails = await adminAuthService.getCustomerDetails(CIF);
if (!userDetails)
return res.status(401).json({ error: 'invalid CIF number' });
return res.json(userDetails);
} catch (error) {
logger.error('while fetching customer details', error);
res.status(500).json({ error: 'invalid CIF number'});
}
}
module.exports = { login, fetchAdminDetails, getUserDetails };

28
src/middlewares/admin.middleware.js Normal file
View File

@@ -0,0 +1,28 @@
const { verifyToken } = require('../util/jwt');
const { logger } = require('../util/logger');
function checkAdmin (req,res,next){
const authHeader = req.headers.authorization;
if (!authHeader || !authHeader.startsWith('Bearer ')) {
return res
.status(401)
.json({ error: 'missing or malformed authorization header' });
}
const token = authHeader.split(' ')[1];
try {
const payload = verifyToken(token);
// console.log("hi",payload);
if(payload.customerNo && payload.role === 'admin'){
req.admin = payload.customerNo;
next();
}
else
return res.status(403).json({error :'Only admin can access'})
} catch (err) {
logger.error(err, 'error verifying token');
return res.status(401).json({ error: 'invalid or expired token' });
}
}
module.exports = checkAdmin;

1
src/middlewares/auth.middleware.js
View File

@@ -21,5 +21,4 @@ function auth(req, res, next) {
return res.status(401).json({ error: 'invalid or expired token' }); return res.status(401).json({ error: 'invalid or expired token' });
} }
} }
module.exports = auth; module.exports = auth;

10
src/routes/admin_auth.route.js Normal file
View File

@@ -0,0 +1,10 @@
const adminAuthController = require('../controllers/admin_auth.controller');
const adminAuthenticate = require('../middlewares/admin.middleware');
const express = require('express');
const router = express.Router();
router.post('/login', adminAuthController.login);
router.get('/admin_details', adminAuthenticate, adminAuthController.fetchAdminDetails);
router.get('/fetch/customer_details',adminAuthenticate,adminAuthController.getUserDetails);
module.exports = router;

3
src/routes/index.js
View File

@@ -1,5 +1,6 @@
const express = require('express'); const express = require('express');
const authRoute = require('./auth.route'); const authRoute = require('./auth.route');
const adminAuthRoute =require('./admin_auth.route');
const detailsRoute = require('./customer_details.route'); const detailsRoute = require('./customer_details.route');
const transactionRoute = require('./transactions.route'); const transactionRoute = require('./transactions.route');
const authenticate = require('../middlewares/auth.middleware'); const authenticate = require('../middlewares/auth.middleware');
@@ -9,9 +10,11 @@ const beneficiaryRoute = require('./beneficiary.route');
const router = express.Router(); const router = express.Router();
router.use('/auth', authRoute); router.use('/auth', authRoute);
router.use('/auth/admin',adminAuthRoute);
router.use('/customer', authenticate, detailsRoute); router.use('/customer', authenticate, detailsRoute);
router.use('/transactions/account/:accountNo', authenticate, transactionRoute); router.use('/transactions/account/:accountNo', authenticate, transactionRoute);
router.use('/payment/transfer', authenticate, transferRoute); router.use('/payment/transfer', authenticate, transferRoute);
router.use('/beneficiary', beneficiaryRoute); router.use('/beneficiary', beneficiaryRoute);
module.exports = router; module.exports = router;

40
src/services/admin.auth.service.js Normal file
View File

@@ -0,0 +1,40 @@
const db = require('../config/db');
const { comparePassword, hashPassword } = require('../util/hash');
const axios = require('axios');
async function findAdminByUserName(customerNo) {
const result = await db.query('SELECT * FROM admin WHERE username = $1', [
customerNo,
]);
return result.rows[0];
}
async function validateAdmin(customerNo, password) {
const user = await findAdminByUserName(customerNo);
if (!user) return null;
const isMatch = await comparePassword(password, user.password);
return isMatch ? user : null;
}
async function getCustomerDetails(customerNo) {
try {
const response = await axios.get(
'http://localhost:8686/kccb/cbs/custInfo/details',
{ params: { stcustno: customerNo } }
);
const details = response.data;
const processedDetails = details.map((acc) => ({
...acc,
activeAccounts: details.length,
cifNumber: customerNo,
}));
return processedDetails;
} catch (error) {
logger.error('while fetching customer details', error);
throw new Error(
'API call failed: ' + (error.response?.data?.message || error.message)
);
}
}
module.exports = { validateAdmin, findAdminByUserName,getCustomerDetails };

6
src/util/jwt.js
View File

@@ -2,9 +2,9 @@ const jwt = require('jsonwebtoken');
const { jwtSecret } = require('../config/config'); const { jwtSecret } = require('../config/config');
const { logger } = require('./logger'); const { logger } = require('./logger');
function generateToken(customerNo, expiresIn = '10d') { function generateToken(customerNo, role = 'user', expiresIn = '10d') {
logger.info({ customerNo }, 'payload to encode'); logger.info({ customerNo, role }, 'payload to encode');
return jwt.sign({ customerNo }, jwtSecret, { expiresIn }); return jwt.sign({ customerNo, role }, jwtSecret, { expiresIn });
} }
function verifyToken(token) { function verifyToken(token) {