const express = require('express'); const cors = require('cors'); const path = require('path'); const bcrypt = require('bcryptjs'); const jwt = require('jsonwebtoken'); const crypto = require('crypto'); const nodemailer = require('nodemailer'); const pool = require('./db'); const app = express(); const PORT = process.env.PORT || 3001; const JWT_SECRET = process.env.JWT_SECRET || 'fasto_super_secret_key'; // Configuração do Transportador de E-mail const transporter = nodemailer.createTransport({ host: process.env.SMTP_HOST || 'mail.blyzer.com.br', port: parseInt(process.env.SMTP_PORT) || 587, secure: false, // false para 587 (STARTTLS) auth: { user: process.env.SMTP_USER || 'nao-responda@blyzer.com.br', pass: process.env.SMTP_PASS || '', }, tls: { ciphers: 'SSLv3', rejectUnauthorized: false }, debug: true, // Habilitar debug logger: true // Logar no console }); app.use(cors()); app.use(express.json()); // Logger de Requisições app.use((req, res, next) => { console.log(`[${new Date().toISOString()}] ${req.method} ${req.url}`); next(); }); // --- API Router --- const apiRouter = express.Router(); // --- Auth Routes --- // Register apiRouter.post('/auth/register', async (req, res) => { const { name, email, password, organizationName } = req.body; try { const [existing] = await pool.query('SELECT id FROM users WHERE email = ?', [email]); if (existing.length > 0) return res.status(400).json({ error: 'E-mail já cadastrado.' }); const passwordHash = await bcrypt.hash(password, 10); const verificationCode = Math.floor(100000 + Math.random() * 900000).toString(); const expiresAt = new Date(Date.now() + 15 * 60 * 1000); await pool.query( 'INSERT INTO pending_registrations (email, password_hash, full_name, organization_name, verification_code, expires_at) VALUES (?, ?, ?, ?, ?, ?)', [email, passwordHash, name, organizationName, verificationCode, expiresAt] ); const mailOptions = { from: `"Fasto" <${process.env.MAIL_FROM || 'nao-responda@blyzer.com.br'}>`, to: email, subject: 'Seu código de verificação Fasto', text: `Olá ${name}, seu código de verificação é: ${verificationCode}`, html: `

Bem-vindo ao Fasto!

Seu código: ${verificationCode}

` }; await transporter.sendMail(mailOptions); res.json({ message: 'Código enviado.' }); } catch (error) { console.error('Register error:', error); res.status(500).json({ error: error.message }); } }); // Verify apiRouter.post('/auth/verify', async (req, res) => { const { email, code } = req.body; const connection = await pool.getConnection(); try { await connection.beginTransaction(); const [pending] = await connection.query( 'SELECT * FROM pending_registrations WHERE email = ? AND verification_code = ? AND expires_at > NOW() ORDER BY created_at DESC LIMIT 1', [email, code] ); if (pending.length === 0) return res.status(400).json({ error: 'Código inválido.' }); const data = pending[0]; const tenantId = `tenant_${crypto.randomUUID().split('-')[0]}`; const userId = `u_${crypto.randomUUID().split('-')[0]}`; await connection.query('INSERT INTO tenants (id, name, slug, admin_email) VALUES (?, ?, ?, ?)', [tenantId, data.organization_name, data.organization_name.toLowerCase().replace(/ /g, '-'), email]); await connection.query('INSERT INTO users (id, tenant_id, name, email, password_hash, role) VALUES (?, ?, ?, ?, ?, ?)', [userId, tenantId, data.full_name, email, data.password_hash, 'owner']); await connection.query('DELETE FROM pending_registrations WHERE email = ?', [email]); await connection.commit(); res.json({ message: 'Sucesso.' }); } catch (error) { await connection.rollback(); res.status(500).json({ error: error.message }); } finally { connection.release(); } }); // Login apiRouter.post('/auth/login', async (req, res) => { const { email, password } = req.body; try { const [users] = await pool.query('SELECT * FROM users WHERE email = ?', [email]); if (users.length === 0) return res.status(401).json({ error: 'Credenciais inválidas.' }); const user = users[0]; // Verificar se o usuário está ativo if (user.status !== 'active') { return res.status(403).json({ error: 'Sua conta está inativa. Contate o administrador.' }); } const valid = await bcrypt.compare(password, user.password_hash); if (!valid) return res.status(401).json({ error: 'Credenciais inválidas.' }); const token = jwt.sign({ id: user.id, tenant_id: user.tenant_id, role: user.role }, JWT_SECRET, { expiresIn: '24h' }); res.json({ token, user: { id: user.id, name: user.name, email: user.email, role: user.role, tenant_id: user.tenant_id } }); } catch (error) { res.status(500).json({ error: error.message }); } }); // Forgot Password apiRouter.post('/auth/forgot-password', async (req, res) => { const { email } = req.body; try { const [users] = await pool.query('SELECT name FROM users WHERE email = ?', [email]); if (users.length > 0) { const token = crypto.randomBytes(32).toString('hex'); await pool.query('INSERT INTO password_resets (email, token, expires_at) VALUES (?, ?, DATE_ADD(NOW(), INTERVAL 1 HOUR))', [email, token]); const link = `${process.env.APP_URL || 'http://localhost:3001'}/#/reset-password?token=${token}`; const mailOptions = { from: `"Fasto" <${process.env.MAIL_FROM || 'nao-responda@blyzer.com.br'}>`, to: email, subject: 'Recuperação de Senha - Fasto', html: `

Olá, ${users[0].name}!

Você solicitou a recuperação de senha da sua conta no Fasto.

Clique no botão abaixo para criar uma nova senha:

Redefinir Minha Senha

Este link expira em 1 hora. Se você não solicitou isso, pode ignorar este e-mail.

Desenvolvido por Blyzer

` }; await transporter.sendMail(mailOptions); } res.json({ message: 'Se o e-mail existir, enviamos as instruções.' }); } catch (error) { console.error('Forgot password error:', error); res.status(500).json({ error: error.message }); } }); // Reset Password apiRouter.post('/auth/reset-password', async (req, res) => { const { token, password } = req.body; try { const [resets] = await pool.query('SELECT email FROM password_resets WHERE token = ? AND expires_at > NOW()', [token]); if (resets.length === 0) return res.status(400).json({ error: 'Token inválido.' }); const hash = await bcrypt.hash(password, 10); await pool.query('UPDATE users SET password_hash = ? WHERE email = ?', [hash, resets[0].email]); await pool.query('DELETE FROM password_resets WHERE email = ?', [resets[0].email]); res.json({ message: 'Senha resetada.' }); } catch (error) { res.status(500).json({ error: error.message }); } }); // --- User Routes --- apiRouter.get('/users', async (req, res) => { try { const { tenantId } = req.query; let q = 'SELECT * FROM users'; const params = []; if (tenantId && tenantId !== 'all') { q += ' WHERE tenant_id = ?'; params.push(tenantId); } const [rows] = await pool.query(q, params); res.json(rows); } catch (error) { res.status(500).json({ error: error.message }); } }); apiRouter.get('/users/:id', async (req, res) => { try { const [rows] = await pool.query('SELECT * FROM users WHERE id = ?', [req.params.id]); if (rows.length === 0) return res.status(404).json({ error: 'Not found' }); res.json(rows[0]); } catch (error) { res.status(500).json({ error: error.message }); } }); // Convidar Novo Membro (Admin criando usuário) apiRouter.post('/users', async (req, res) => { const { name, email, role, team_id, tenant_id } = req.body; console.log('--- User Creation Request ---'); console.log('Body:', req.body); try { // 1. Verificar se e-mail já existe const [existing] = await pool.query('SELECT id FROM users WHERE email = ?', [email]); if (existing.length > 0) return res.status(400).json({ error: 'E-mail já cadastrado.' }); const uid = `u_${crypto.randomUUID().split('-')[0]}`; const placeholderHash = 'pending_setup'; // Usuário não pode logar com isso // 2. Criar Usuário await pool.query( 'INSERT INTO users (id, tenant_id, team_id, name, email, password_hash, role, status) VALUES (?, ?, ?, ?, ?, ?, ?, ?)', [uid, tenant_id, team_id || null, name, email, placeholderHash, role || 'agent', 'active'] ); // 3. Gerar Token de Setup de Senha (reusando lógica de reset) const token = crypto.randomBytes(32).toString('hex'); await pool.query( 'INSERT INTO password_resets (email, token, expires_at) VALUES (?, ?, DATE_ADD(NOW(), INTERVAL 24 HOUR))', [email, token] ); // 4. Enviar E-mail de Boas-vindas const setupLink = `${process.env.APP_URL || 'http://localhost:3001'}/#/reset-password?token=${token}`; await transporter.sendMail({ from: `"Fasto" <${process.env.MAIL_FROM || 'nao-responda@blyzer.com.br'}>`, to: email, subject: 'Bem-vindo ao Fasto - Crie sua senha', html: `

Olá, ${name}!

Você foi convidado para participar da equipe no Fasto.

Clique no botão abaixo para definir sua senha e acessar sua conta:

Definir Minha Senha

Este link expira em 24 horas. Se você não esperava este convite, ignore este e-mail.

Desenvolvido por Blyzer

` }); res.status(201).json({ id: uid, message: 'Convite enviado com sucesso.' }); } catch (error) { console.error('Invite error:', error); res.status(500).json({ error: error.message }); } }); apiRouter.put('/users/:id', async (req, res) => { const { name, bio, role, team_id, status } = req.body; try { await pool.query( 'UPDATE users SET name = ?, bio = ?, role = ?, team_id = ?, status = ? WHERE id = ?', [name, bio, role, team_id || null, status, req.params.id] ); res.json({ message: 'User updated successfully.' }); } catch (error) { console.error('Update user error:', error); res.status(500).json({ error: error.message }); } }); apiRouter.delete('/users/:id', async (req, res) => { try { await pool.query('DELETE FROM users WHERE id = ?', [req.params.id]); res.json({ message: 'User deleted successfully.' }); } catch (error) { console.error('Delete user error:', error); res.status(500).json({ error: error.message }); } }); // --- Attendance Routes --- apiRouter.get('/attendances', async (req, res) => { try { const { tenantId, userId, teamId, startDate, endDate } = req.query; let q = 'SELECT a.*, u.team_id FROM attendances a JOIN users u ON a.user_id = u.id WHERE a.tenant_id = ?'; const params = [tenantId]; if (startDate && endDate) { q += ' AND a.created_at BETWEEN ? AND ?'; params.push(new Date(startDate), new Date(endDate)); } if (userId && userId !== 'all') { q += ' AND a.user_id = ?'; params.push(userId); } if (teamId && teamId !== 'all') { q += ' AND u.team_id = ?'; params.push(teamId); } q += ' ORDER BY a.created_at DESC'; const [rows] = await pool.query(q, params); const processed = rows.map(r => ({ ...r, attention_points: typeof r.attention_points === 'string' ? JSON.parse(r.attention_points) : r.attention_points, improvement_points: typeof r.improvement_points === 'string' ? JSON.parse(r.improvement_points) : r.improvement_points, converted: Boolean(r.converted) })); res.json(processed); } catch (error) { res.status(500).json({ error: error.message }); } }); apiRouter.get('/attendances/:id', async (req, res) => { try { const [rows] = await pool.query('SELECT * FROM attendances WHERE id = ?', [req.params.id]); if (rows.length === 0) return res.status(404).json({ error: 'Not found' }); const r = rows[0]; res.json({ ...r, attention_points: typeof r.attention_points === 'string' ? JSON.parse(r.attention_points) : r.attention_points, improvement_points: typeof r.improvement_points === 'string' ? JSON.parse(r.improvement_points) : r.improvement_points, converted: Boolean(r.converted) }); } catch (error) { res.status(500).json({ error: error.message }); } }); // --- Tenant Routes --- apiRouter.get('/tenants', async (req, res) => { try { const q = 'SELECT t.*, (SELECT COUNT(*) FROM users u WHERE u.tenant_id = t.id) as user_count, (SELECT COUNT(*) FROM attendances a WHERE a.tenant_id = t.id) as attendance_count FROM tenants t'; const [rows] = await pool.query(q); res.json(rows); } catch (error) { res.status(500).json({ error: error.message }); } }); // --- Team Routes --- apiRouter.get('/teams', async (req, res) => { try { const { tenantId } = req.query; const [rows] = await pool.query('SELECT * FROM teams WHERE tenant_id = ?', [tenantId]); res.json(rows); } catch (error) { res.status(500).json({ error: error.message }); } }); apiRouter.post('/teams', async (req, res) => { const { name, description, tenantId } = req.body; try { const tid = `team_${crypto.randomUUID().split('-')[0]}`; await pool.query( 'INSERT INTO teams (id, tenant_id, name, description) VALUES (?, ?, ?, ?)', [tid, tenantId, name, description || null] ); res.status(201).json({ id: tid, message: 'Time criado com sucesso.' }); } catch (error) { console.error('Create team error:', error); res.status(500).json({ error: error.message }); } }); apiRouter.put('/teams/:id', async (req, res) => { const { name, description } = req.body; try { await pool.query( 'UPDATE teams SET name = ?, description = ? WHERE id = ?', [name, description || null, req.params.id] ); res.json({ message: 'Team updated successfully.' }); } catch (error) { console.error('Update team error:', error); res.status(500).json({ error: error.message }); } }); apiRouter.post('/tenants', async (req, res) => { const { name, slug, admin_email, status } = req.body; const connection = await pool.getConnection(); try { await connection.beginTransaction(); const tid = `tenant_${crypto.randomUUID().split('-')[0]}`; await connection.query('INSERT INTO tenants (id, name, slug, admin_email, status) VALUES (?, ?, ?, ?, ?)', [tid, name, slug, admin_email, status || 'active']); const uid = `u_${crypto.randomUUID().split('-')[0]}`; await connection.query('INSERT INTO users (id, tenant_id, name, email, role) VALUES (?, ?, ?, ?, ?)', [uid, tid, 'Admin', admin_email, 'admin']); await connection.commit(); res.status(201).json({ id: tid }); } catch (error) { await connection.rollback(); res.status(500).json({ error: error.message }); } finally { connection.release(); } }); // Mount the API Router app.use('/api', apiRouter); // Serve static files if (process.env.NODE_ENV === 'production') { app.use(express.static(path.join(__dirname, '../dist'))); app.get('*', (req, res) => { // Avoid hijacking API requests if (req.url.startsWith('/api')) return res.status(404).json({ error: 'API route not found' }); res.sendFile(path.join(__dirname, '../dist/index.html')); }); } app.listen(PORT, () => { console.log(`🚀 Servidor Backend rodando em http://localhost:${PORT}`); });