Some udpates to tracking user inputs. Still not happy with it but functional so moving on
This commit is contained in:
parent
bb7032d649
commit
3b7d382ad8
@ -69,11 +69,15 @@ class AuthController {
|
||||
|
||||
// Set session
|
||||
req.session.authenticated = true;
|
||||
req.session.userEmail = email;
|
||||
req.session.userName = user.Name || user.name || email;
|
||||
req.session.isAdmin = user.Admin === true || user.Admin === 1 ||
|
||||
user.admin === true || user.admin === 1;
|
||||
req.session.userId = extractId(user);
|
||||
req.session.userId = user.id || user.Id;
|
||||
req.session.userEmail = user.email || user.Email; // Make sure this is set
|
||||
req.session.userName = user.name || user.Name;
|
||||
req.session.isAdmin = user.admin || false;
|
||||
|
||||
logger.info('User logged in:', {
|
||||
email: req.session.userEmail,
|
||||
admin: req.session.isAdmin
|
||||
});
|
||||
|
||||
// Force session save
|
||||
req.session.save((err) => {
|
||||
|
||||
@ -97,6 +97,14 @@ class LocationsController {
|
||||
|
||||
async create(req, res) {
|
||||
try {
|
||||
// Add debugging logs
|
||||
logger.info('Session data:', {
|
||||
authenticated: req.session.authenticated,
|
||||
userId: req.session.userId,
|
||||
userEmail: req.session.userEmail,
|
||||
isAdmin: req.session.isAdmin
|
||||
});
|
||||
|
||||
let locationData = { ...req.body };
|
||||
locationData = syncGeoFields(locationData);
|
||||
|
||||
@ -113,10 +121,11 @@ class LocationsController {
|
||||
|
||||
// Check bounds if configured
|
||||
if (config.map.bounds) {
|
||||
if (!checkBounds(validation.latitude, validation.longitude, config.map.bounds)) {
|
||||
const boundsCheck = checkBounds(validation.latitude, validation.longitude);
|
||||
if (!boundsCheck.valid) {
|
||||
return res.status(400).json({
|
||||
success: false,
|
||||
error: 'Location is outside allowed bounds'
|
||||
error: boundsCheck.error
|
||||
});
|
||||
}
|
||||
}
|
||||
@ -131,13 +140,15 @@ class LocationsController {
|
||||
latitude: validation.latitude,
|
||||
longitude: validation.longitude,
|
||||
...additionalData,
|
||||
created_at: new Date().toISOString(),
|
||||
created_by: req.session.userEmail
|
||||
created_by_user: req.session.userEmail || 'anonymous' // Add fallback
|
||||
};
|
||||
|
||||
logger.info('Final data being sent to NocoDB:', finalData);
|
||||
|
||||
logger.info('Creating new location:', {
|
||||
lat: validation.latitude,
|
||||
lng: validation.longitude
|
||||
lng: validation.longitude,
|
||||
user: req.session.userEmail
|
||||
});
|
||||
|
||||
const response = await nocodbService.create(
|
||||
@ -193,10 +204,12 @@ class LocationsController {
|
||||
// Sync geo fields
|
||||
updateData = syncGeoFields(updateData);
|
||||
|
||||
updateData.last_updated_at = new Date().toISOString();
|
||||
updateData.last_updated_by = req.session.userEmail;
|
||||
// Add update tracking
|
||||
updateData.last_updated_by_user = req.session.userEmail; // Changed from last_updated_by
|
||||
|
||||
logger.info(`Updating location ${locationId} by ${req.session.userEmail}`);
|
||||
logger.info(`Updating location ${locationId}`, {
|
||||
user: req.session.userEmail
|
||||
});
|
||||
|
||||
const response = await nocodbService.update(
|
||||
config.nocodb.tableId,
|
||||
@ -204,6 +217,8 @@ class LocationsController {
|
||||
updateData
|
||||
);
|
||||
|
||||
logger.info('Location updated successfully:', locationId);
|
||||
|
||||
res.json({
|
||||
success: true,
|
||||
location: response
|
||||
|
||||
@ -1,7 +1,19 @@
|
||||
const logger = require('../utils/logger');
|
||||
|
||||
const requireAuth = (req, res, next) => {
|
||||
if (req.session && req.session.authenticated) {
|
||||
// Check for both authentication patterns used in your app
|
||||
const isAuthenticated = (req.session && req.session.authenticated) ||
|
||||
(req.session && req.session.userId && req.session.userEmail);
|
||||
|
||||
if (isAuthenticated) {
|
||||
next();
|
||||
} else {
|
||||
logger.warn('Unauthorized access attempt', {
|
||||
ip: req.ip,
|
||||
path: req.path,
|
||||
userAgent: req.get('User-Agent')
|
||||
});
|
||||
|
||||
if (req.xhr || req.headers.accept?.indexOf('json') > -1) {
|
||||
res.status(401).json({
|
||||
success: false,
|
||||
@ -14,9 +26,20 @@ const requireAuth = (req, res, next) => {
|
||||
};
|
||||
|
||||
const requireAdmin = (req, res, next) => {
|
||||
if (req.session && req.session.authenticated && req.session.isAdmin) {
|
||||
// Check for both authentication patterns used in your app
|
||||
const isAuthenticated = (req.session && req.session.authenticated) ||
|
||||
(req.session && req.session.userId && req.session.userEmail);
|
||||
|
||||
if (isAuthenticated && req.session.isAdmin) {
|
||||
next();
|
||||
} else {
|
||||
logger.warn('Unauthorized admin access attempt', {
|
||||
ip: req.ip,
|
||||
path: req.path,
|
||||
user: req.session?.userEmail || 'anonymous',
|
||||
userAgent: req.get('User-Agent')
|
||||
});
|
||||
|
||||
if (req.xhr || req.headers.accept?.indexOf('json') > -1) {
|
||||
res.status(403).json({
|
||||
success: false,
|
||||
|
||||
@ -2,20 +2,21 @@ const express = require('express');
|
||||
const router = express.Router();
|
||||
const locationsController = require('../controllers/locationsController');
|
||||
const { strictLimiter } = require('../middleware/rateLimiter');
|
||||
const { requireAuth } = require('../middleware/auth');
|
||||
|
||||
// Get all locations
|
||||
// Get all locations (public)
|
||||
router.get('/', locationsController.getAll);
|
||||
|
||||
// Get single location
|
||||
// Get single location (public)
|
||||
router.get('/:id', locationsController.getById);
|
||||
|
||||
// Create location (with rate limiting)
|
||||
router.post('/', strictLimiter, locationsController.create);
|
||||
// Create location (requires authentication)
|
||||
router.post('/', requireAuth, strictLimiter, locationsController.create);
|
||||
|
||||
// Update location (with rate limiting)
|
||||
router.put('/:id', strictLimiter, locationsController.update);
|
||||
// Update location (requires authentication)
|
||||
router.put('/:id', requireAuth, strictLimiter, locationsController.update);
|
||||
|
||||
// Delete location (with rate limiting)
|
||||
router.delete('/:id', strictLimiter, locationsController.delete);
|
||||
// Delete location (requires authentication)
|
||||
router.delete('/:id', requireAuth, strictLimiter, locationsController.delete);
|
||||
|
||||
module.exports = router;
|
||||
@ -356,35 +356,15 @@ create_locations_table() {
|
||||
"rqd": false
|
||||
},
|
||||
{
|
||||
"column_name": "title",
|
||||
"title": "title",
|
||||
"column_name": "created_by_user",
|
||||
"title": "created_by_user",
|
||||
"uidt": "SingleLineText",
|
||||
"rqd": false
|
||||
},
|
||||
{
|
||||
"column_name": "category",
|
||||
"title": "category",
|
||||
"uidt": "SingleSelect",
|
||||
"rqd": false,
|
||||
"colOptions": {
|
||||
"options": [
|
||||
{"title": "Important", "color": "#F44336"},
|
||||
{"title": "Event", "color": "#4CAF50"},
|
||||
{"title": "Business", "color": "#2196F3"},
|
||||
{"title": "Other", "color": "#FF9800"}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"column_name": "created_at",
|
||||
"title": "Created At",
|
||||
"uidt": "DateTime",
|
||||
"rqd": false
|
||||
},
|
||||
{
|
||||
"column_name": "updated_at",
|
||||
"title": "Updated At",
|
||||
"uidt": "DateTime",
|
||||
"column_name": "last_updated_by_user",
|
||||
"title": "last_updated_by_user",
|
||||
"uidt": "SingleLineText",
|
||||
"rqd": false
|
||||
}
|
||||
]
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user