From 3b7d382ad8743e2e58892a9585a21cf82287d485 Mon Sep 17 00:00:00 2001 From: admin Date: Thu, 24 Jul 2025 17:09:34 -0600 Subject: [PATCH] Some udpates to tracking user inputs. Still not happy with it but functional so moving on --- map/app/controllers/authController.js | 14 ++++++---- map/app/controllers/locationsController.js | 31 ++++++++++++++++------ map/app/middleware/auth.js | 27 +++++++++++++++++-- map/app/routes/locations.js | 17 ++++++------ map/build-nocodb.sh | 30 ++++----------------- 5 files changed, 71 insertions(+), 48 deletions(-) diff --git a/map/app/controllers/authController.js b/map/app/controllers/authController.js index b1f02a4..0ce52ce 100644 --- a/map/app/controllers/authController.js +++ b/map/app/controllers/authController.js @@ -69,11 +69,15 @@ class AuthController { // Set session req.session.authenticated = true; - req.session.userEmail = email; - req.session.userName = user.Name || user.name || email; - req.session.isAdmin = user.Admin === true || user.Admin === 1 || - user.admin === true || user.admin === 1; - req.session.userId = extractId(user); + req.session.userId = user.id || user.Id; + req.session.userEmail = user.email || user.Email; // Make sure this is set + req.session.userName = user.name || user.Name; + req.session.isAdmin = user.admin || false; + + logger.info('User logged in:', { + email: req.session.userEmail, + admin: req.session.isAdmin + }); // Force session save req.session.save((err) => { diff --git a/map/app/controllers/locationsController.js b/map/app/controllers/locationsController.js index 2500f4c..db97286 100644 --- a/map/app/controllers/locationsController.js +++ b/map/app/controllers/locationsController.js @@ -97,6 +97,14 @@ class LocationsController { async create(req, res) { try { + // Add debugging logs + logger.info('Session data:', { + authenticated: req.session.authenticated, + userId: req.session.userId, + userEmail: req.session.userEmail, + isAdmin: req.session.isAdmin + }); + let locationData = { ...req.body }; locationData = syncGeoFields(locationData); @@ -113,10 +121,11 @@ class LocationsController { // Check bounds if configured if (config.map.bounds) { - if (!checkBounds(validation.latitude, validation.longitude, config.map.bounds)) { + const boundsCheck = checkBounds(validation.latitude, validation.longitude); + if (!boundsCheck.valid) { return res.status(400).json({ success: false, - error: 'Location is outside allowed bounds' + error: boundsCheck.error }); } } @@ -131,13 +140,15 @@ class LocationsController { latitude: validation.latitude, longitude: validation.longitude, ...additionalData, - created_at: new Date().toISOString(), - created_by: req.session.userEmail + created_by_user: req.session.userEmail || 'anonymous' // Add fallback }; + logger.info('Final data being sent to NocoDB:', finalData); + logger.info('Creating new location:', { lat: validation.latitude, - lng: validation.longitude + lng: validation.longitude, + user: req.session.userEmail }); const response = await nocodbService.create( @@ -193,10 +204,12 @@ class LocationsController { // Sync geo fields updateData = syncGeoFields(updateData); - updateData.last_updated_at = new Date().toISOString(); - updateData.last_updated_by = req.session.userEmail; + // Add update tracking + updateData.last_updated_by_user = req.session.userEmail; // Changed from last_updated_by - logger.info(`Updating location ${locationId} by ${req.session.userEmail}`); + logger.info(`Updating location ${locationId}`, { + user: req.session.userEmail + }); const response = await nocodbService.update( config.nocodb.tableId, @@ -204,6 +217,8 @@ class LocationsController { updateData ); + logger.info('Location updated successfully:', locationId); + res.json({ success: true, location: response diff --git a/map/app/middleware/auth.js b/map/app/middleware/auth.js index fc875cd..2741411 100644 --- a/map/app/middleware/auth.js +++ b/map/app/middleware/auth.js @@ -1,7 +1,19 @@ +const logger = require('../utils/logger'); + const requireAuth = (req, res, next) => { - if (req.session && req.session.authenticated) { + // Check for both authentication patterns used in your app + const isAuthenticated = (req.session && req.session.authenticated) || + (req.session && req.session.userId && req.session.userEmail); + + if (isAuthenticated) { next(); } else { + logger.warn('Unauthorized access attempt', { + ip: req.ip, + path: req.path, + userAgent: req.get('User-Agent') + }); + if (req.xhr || req.headers.accept?.indexOf('json') > -1) { res.status(401).json({ success: false, @@ -14,9 +26,20 @@ const requireAuth = (req, res, next) => { }; const requireAdmin = (req, res, next) => { - if (req.session && req.session.authenticated && req.session.isAdmin) { + // Check for both authentication patterns used in your app + const isAuthenticated = (req.session && req.session.authenticated) || + (req.session && req.session.userId && req.session.userEmail); + + if (isAuthenticated && req.session.isAdmin) { next(); } else { + logger.warn('Unauthorized admin access attempt', { + ip: req.ip, + path: req.path, + user: req.session?.userEmail || 'anonymous', + userAgent: req.get('User-Agent') + }); + if (req.xhr || req.headers.accept?.indexOf('json') > -1) { res.status(403).json({ success: false, diff --git a/map/app/routes/locations.js b/map/app/routes/locations.js index 795eaa4..bda627d 100644 --- a/map/app/routes/locations.js +++ b/map/app/routes/locations.js @@ -2,20 +2,21 @@ const express = require('express'); const router = express.Router(); const locationsController = require('../controllers/locationsController'); const { strictLimiter } = require('../middleware/rateLimiter'); +const { requireAuth } = require('../middleware/auth'); -// Get all locations +// Get all locations (public) router.get('/', locationsController.getAll); -// Get single location +// Get single location (public) router.get('/:id', locationsController.getById); -// Create location (with rate limiting) -router.post('/', strictLimiter, locationsController.create); +// Create location (requires authentication) +router.post('/', requireAuth, strictLimiter, locationsController.create); -// Update location (with rate limiting) -router.put('/:id', strictLimiter, locationsController.update); +// Update location (requires authentication) +router.put('/:id', requireAuth, strictLimiter, locationsController.update); -// Delete location (with rate limiting) -router.delete('/:id', strictLimiter, locationsController.delete); +// Delete location (requires authentication) +router.delete('/:id', requireAuth, strictLimiter, locationsController.delete); module.exports = router; \ No newline at end of file diff --git a/map/build-nocodb.sh b/map/build-nocodb.sh index 785f6f9..e36b75d 100755 --- a/map/build-nocodb.sh +++ b/map/build-nocodb.sh @@ -356,35 +356,15 @@ create_locations_table() { "rqd": false }, { - "column_name": "title", - "title": "title", + "column_name": "created_by_user", + "title": "created_by_user", "uidt": "SingleLineText", "rqd": false }, { - "column_name": "category", - "title": "category", - "uidt": "SingleSelect", - "rqd": false, - "colOptions": { - "options": [ - {"title": "Important", "color": "#F44336"}, - {"title": "Event", "color": "#4CAF50"}, - {"title": "Business", "color": "#2196F3"}, - {"title": "Other", "color": "#FF9800"} - ] - } - }, - { - "column_name": "created_at", - "title": "Created At", - "uidt": "DateTime", - "rqd": false - }, - { - "column_name": "updated_at", - "title": "Updated At", - "uidt": "DateTime", + "column_name": "last_updated_by_user", + "title": "last_updated_by_user", + "uidt": "SingleLineText", "rqd": false } ]