admin/freealberta
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Some udpates to tracking user inputs. Still not happy with it but functional so moving on

Browse Source
This commit is contained in:
admin 2025-07-24 17:09:34 -06:00
parent bb7032d649
commit 3b7d382ad8
5 changed files with 71 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
map/app/controllers/authController.js
View File

@ -69,11 +69,15 @@ class AuthController {
// Set session // Set session
req.session.authenticated = true; req.session.authenticated = true;
req.session.userEmail = email; req.session.userId = user.id || user.Id;
req.session.userName = user.Name || user.name || email; req.session.userEmail = user.email || user.Email; // Make sure this is set
req.session.isAdmin = user.Admin === true || user.Admin === 1 || req.session.userName = user.name || user.Name;
user.admin === true || user.admin === 1; req.session.isAdmin = user.admin || false;
req.session.userId = extractId(user);
logger.info('User logged in:', {
email: req.session.userEmail,
admin: req.session.isAdmin
});
// Force session save // Force session save
req.session.save((err) => { req.session.save((err) => {

31
map/app/controllers/locationsController.js
View File

@ -97,6 +97,14 @@ class LocationsController {
async create(req, res) { async create(req, res) {
try { try {
// Add debugging logs
logger.info('Session data:', {
authenticated: req.session.authenticated,
userId: req.session.userId,
userEmail: req.session.userEmail,
isAdmin: req.session.isAdmin
});
let locationData = { ...req.body }; let locationData = { ...req.body };
locationData = syncGeoFields(locationData); locationData = syncGeoFields(locationData);
@ -113,10 +121,11 @@ class LocationsController {
// Check bounds if configured // Check bounds if configured
if (config.map.bounds) { if (config.map.bounds) {
if (!checkBounds(validation.latitude, validation.longitude, config.map.bounds)) { const boundsCheck = checkBounds(validation.latitude, validation.longitude);
if (!boundsCheck.valid) {
return res.status(400).json({ return res.status(400).json({
success: false, success: false,
error: 'Location is outside allowed bounds' error: boundsCheck.error
}); });
} }
} }
@ -131,13 +140,15 @@ class LocationsController {
latitude: validation.latitude, latitude: validation.latitude,
longitude: validation.longitude, longitude: validation.longitude,
...additionalData, ...additionalData,
created_at: new Date().toISOString(), created_by_user: req.session.userEmail || 'anonymous' // Add fallback
created_by: req.session.userEmail
}; };
logger.info('Final data being sent to NocoDB:', finalData);
logger.info('Creating new location:', { logger.info('Creating new location:', {
lat: validation.latitude, lat: validation.latitude,
lng: validation.longitude lng: validation.longitude,
user: req.session.userEmail
}); });
const response = await nocodbService.create( const response = await nocodbService.create(
@ -193,10 +204,12 @@ class LocationsController {
// Sync geo fields // Sync geo fields
updateData = syncGeoFields(updateData); updateData = syncGeoFields(updateData);
updateData.last_updated_at = new Date().toISOString(); // Add update tracking
updateData.last_updated_by = req.session.userEmail; updateData.last_updated_by_user = req.session.userEmail; // Changed from last_updated_by
logger.info(`Updating location ${locationId} by ${req.session.userEmail}`); logger.info(`Updating location ${locationId}`, {
user: req.session.userEmail
});
const response = await nocodbService.update( const response = await nocodbService.update(
config.nocodb.tableId, config.nocodb.tableId,
@ -204,6 +217,8 @@ class LocationsController {
updateData updateData
); );
logger.info('Location updated successfully:', locationId);
res.json({ res.json({
success: true, success: true,
location: response location: response

27
map/app/middleware/auth.js
View File

@ -1,7 +1,19 @@
const logger = require('../utils/logger');
const requireAuth = (req, res, next) => { const requireAuth = (req, res, next) => {
if (req.session && req.session.authenticated) { // Check for both authentication patterns used in your app
const isAuthenticated = (req.session && req.session.authenticated) ||
(req.session && req.session.userId && req.session.userEmail);
if (isAuthenticated) {
next(); next();
} else { } else {
logger.warn('Unauthorized access attempt', {
ip: req.ip,
path: req.path,
userAgent: req.get('User-Agent')
});
if (req.xhr || req.headers.accept?.indexOf('json') > -1) { if (req.xhr || req.headers.accept?.indexOf('json') > -1) {
res.status(401).json({ res.status(401).json({
success: false, success: false,
@ -14,9 +26,20 @@ const requireAuth = (req, res, next) => {
}; };
const requireAdmin = (req, res, next) => { const requireAdmin = (req, res, next) => {
if (req.session && req.session.authenticated && req.session.isAdmin) { // Check for both authentication patterns used in your app
const isAuthenticated = (req.session && req.session.authenticated) ||
(req.session && req.session.userId && req.session.userEmail);
if (isAuthenticated && req.session.isAdmin) {
next(); next();
} else { } else {
logger.warn('Unauthorized admin access attempt', {
ip: req.ip,
path: req.path,
user: req.session?.userEmail || 'anonymous',
userAgent: req.get('User-Agent')
});
if (req.xhr || req.headers.accept?.indexOf('json') > -1) { if (req.xhr || req.headers.accept?.indexOf('json') > -1) {
res.status(403).json({ res.status(403).json({
success: false, success: false,

17
map/app/routes/locations.js
View File

@ -2,20 +2,21 @@ const express = require('express');
const router = express.Router(); const router = express.Router();
const locationsController = require('../controllers/locationsController'); const locationsController = require('../controllers/locationsController');
const { strictLimiter } = require('../middleware/rateLimiter'); const { strictLimiter } = require('../middleware/rateLimiter');
const { requireAuth } = require('../middleware/auth');
// Get all locations // Get all locations (public)
router.get('/', locationsController.getAll); router.get('/', locationsController.getAll);
// Get single location // Get single location (public)
router.get('/:id', locationsController.getById); router.get('/:id', locationsController.getById);
// Create location (with rate limiting) // Create location (requires authentication)
router.post('/', strictLimiter, locationsController.create); router.post('/', requireAuth, strictLimiter, locationsController.create);
// Update location (with rate limiting) // Update location (requires authentication)
router.put('/:id', strictLimiter, locationsController.update); router.put('/:id', requireAuth, strictLimiter, locationsController.update);
// Delete location (with rate limiting) // Delete location (requires authentication)
router.delete('/:id', strictLimiter, locationsController.delete); router.delete('/:id', requireAuth, strictLimiter, locationsController.delete);
module.exports = router; module.exports = router;

30
map/build-nocodb.sh
View File

@ -356,35 +356,15 @@ create_locations_table() {
"rqd": false "rqd": false
}, },
{ {
"column_name": "title", "column_name": "created_by_user",
"title": "title", "title": "created_by_user",
"uidt": "SingleLineText", "uidt": "SingleLineText",
"rqd": false "rqd": false
}, },
{ {
"column_name": "category", "column_name": "last_updated_by_user",
"title": "category", "title": "last_updated_by_user",
"uidt": "SingleSelect", "uidt": "SingleLineText",
"rqd": false,
"colOptions": {
"options": [
{"title": "Important", "color": "#F44336"},
{"title": "Event", "color": "#4CAF50"},
{"title": "Business", "color": "#2196F3"},
{"title": "Other", "color": "#FF9800"}
]
}
},
{
"column_name": "created_at",
"title": "Created At",
"uidt": "DateTime",
"rqd": false
},
{
"column_name": "updated_at",
"title": "Updated At",
"uidt": "DateTime",
"rqd": false "rqd": false
} }
] ]