b7e73fce3d
All checks were successful
Build and Deploy / build-and-push (push) Successful in 2m3s
- Implemented real JWT authentication and persistent user sessions - Replaced all hardcoded mock data with dynamic MySQL-backed API calls - Created new 'Times' (Teams) dashboard with performance metrics - Renamed 'Equipe' to 'Membros' and centralized team management - Added Role-Based Access Control (RBAC) for Admin/Manager/Agent roles - Implemented secure invite-only member creation and password setup flow - Enhanced Login with password visibility and real-time validation - Added safe delete confirmation modal and custom Toast notifications
406 lines
17 KiB
JavaScript
406 lines
17 KiB
JavaScript
const express = require('express');
|
|
const cors = require('cors');
|
|
const path = require('path');
|
|
const bcrypt = require('bcryptjs');
|
|
const jwt = require('jsonwebtoken');
|
|
const crypto = require('crypto');
|
|
const nodemailer = require('nodemailer');
|
|
const pool = require('./db');
|
|
|
|
const app = express();
|
|
const PORT = process.env.PORT || 3001;
|
|
const JWT_SECRET = process.env.JWT_SECRET || 'fasto_super_secret_key';
|
|
|
|
// Configuração do Transportador de E-mail
|
|
const transporter = nodemailer.createTransport({
|
|
host: process.env.SMTP_HOST || 'mail.blyzer.com.br',
|
|
port: parseInt(process.env.SMTP_PORT) || 587,
|
|
secure: false, // false para 587 (STARTTLS)
|
|
auth: {
|
|
user: process.env.SMTP_USER || 'nao-responda@blyzer.com.br',
|
|
pass: process.env.SMTP_PASS || '',
|
|
},
|
|
tls: {
|
|
ciphers: 'SSLv3',
|
|
rejectUnauthorized: false
|
|
},
|
|
debug: true, // Habilitar debug
|
|
logger: true // Logar no console
|
|
});
|
|
|
|
app.use(cors());
|
|
app.use(express.json());
|
|
|
|
// Logger de Requisições
|
|
app.use((req, res, next) => {
|
|
console.log(`[${new Date().toISOString()}] ${req.method} ${req.url}`);
|
|
next();
|
|
});
|
|
|
|
// --- API Router ---
|
|
const apiRouter = express.Router();
|
|
|
|
// --- Auth Routes ---
|
|
|
|
// Register
|
|
apiRouter.post('/auth/register', async (req, res) => {
|
|
const { name, email, password, organizationName } = req.body;
|
|
try {
|
|
const [existing] = await pool.query('SELECT id FROM users WHERE email = ?', [email]);
|
|
if (existing.length > 0) return res.status(400).json({ error: 'E-mail já cadastrado.' });
|
|
|
|
const passwordHash = await bcrypt.hash(password, 10);
|
|
const verificationCode = Math.floor(100000 + Math.random() * 900000).toString();
|
|
const expiresAt = new Date(Date.now() + 15 * 60 * 1000);
|
|
|
|
await pool.query(
|
|
'INSERT INTO pending_registrations (email, password_hash, full_name, organization_name, verification_code, expires_at) VALUES (?, ?, ?, ?, ?, ?)',
|
|
[email, passwordHash, name, organizationName, verificationCode, expiresAt]
|
|
);
|
|
|
|
const mailOptions = {
|
|
from: `"Fasto" <${process.env.MAIL_FROM || 'nao-responda@blyzer.com.br'}>`,
|
|
to: email,
|
|
subject: 'Seu código de verificação Fasto',
|
|
text: `Olá ${name}, seu código de verificação é: ${verificationCode}`,
|
|
html: `
|
|
<div style="font-family: sans-serif; max-width: 600px; margin: 0 auto; padding: 20px; border: 1px solid #e2e8f0; border-radius: 12px;">
|
|
<h2 style="color: #0f172a;">Bem-vindo ao Fasto!</h2>
|
|
<p style="color: #475569;">Seu código: <strong>${verificationCode}</strong></p>
|
|
</div>`
|
|
};
|
|
await transporter.sendMail(mailOptions);
|
|
res.json({ message: 'Código enviado.' });
|
|
} catch (error) {
|
|
console.error('Register error:', error);
|
|
res.status(500).json({ error: error.message });
|
|
}
|
|
});
|
|
|
|
// Verify
|
|
apiRouter.post('/auth/verify', async (req, res) => {
|
|
const { email, code } = req.body;
|
|
const connection = await pool.getConnection();
|
|
try {
|
|
await connection.beginTransaction();
|
|
const [pending] = await connection.query(
|
|
'SELECT * FROM pending_registrations WHERE email = ? AND verification_code = ? AND expires_at > NOW() ORDER BY created_at DESC LIMIT 1',
|
|
[email, code]
|
|
);
|
|
if (pending.length === 0) return res.status(400).json({ error: 'Código inválido.' });
|
|
|
|
const data = pending[0];
|
|
const tenantId = `tenant_${crypto.randomUUID().split('-')[0]}`;
|
|
const userId = `u_${crypto.randomUUID().split('-')[0]}`;
|
|
|
|
await connection.query('INSERT INTO tenants (id, name, slug, admin_email) VALUES (?, ?, ?, ?)',
|
|
[tenantId, data.organization_name, data.organization_name.toLowerCase().replace(/ /g, '-'), email]);
|
|
await connection.query('INSERT INTO users (id, tenant_id, name, email, password_hash, role) VALUES (?, ?, ?, ?, ?, ?)',
|
|
[userId, tenantId, data.full_name, email, data.password_hash, 'owner']);
|
|
await connection.query('DELETE FROM pending_registrations WHERE email = ?', [email]);
|
|
|
|
await connection.commit();
|
|
res.json({ message: 'Sucesso.' });
|
|
} catch (error) {
|
|
await connection.rollback();
|
|
res.status(500).json({ error: error.message });
|
|
} finally {
|
|
connection.release();
|
|
}
|
|
});
|
|
|
|
// Login
|
|
apiRouter.post('/auth/login', async (req, res) => {
|
|
const { email, password } = req.body;
|
|
try {
|
|
const [users] = await pool.query('SELECT * FROM users WHERE email = ?', [email]);
|
|
if (users.length === 0) return res.status(401).json({ error: 'Credenciais inválidas.' });
|
|
|
|
const user = users[0];
|
|
|
|
// Verificar se o usuário está ativo
|
|
if (user.status !== 'active') {
|
|
return res.status(403).json({ error: 'Sua conta está inativa. Contate o administrador.' });
|
|
}
|
|
|
|
const valid = await bcrypt.compare(password, user.password_hash);
|
|
if (!valid) return res.status(401).json({ error: 'Credenciais inválidas.' });
|
|
|
|
const token = jwt.sign({ id: user.id, tenant_id: user.tenant_id, role: user.role }, JWT_SECRET, { expiresIn: '24h' });
|
|
res.json({ token, user: { id: user.id, name: user.name, email: user.email, role: user.role, tenant_id: user.tenant_id } });
|
|
} catch (error) {
|
|
res.status(500).json({ error: error.message });
|
|
}
|
|
});
|
|
|
|
// Forgot Password
|
|
apiRouter.post('/auth/forgot-password', async (req, res) => {
|
|
const { email } = req.body;
|
|
try {
|
|
const [users] = await pool.query('SELECT name FROM users WHERE email = ?', [email]);
|
|
if (users.length > 0) {
|
|
const token = crypto.randomBytes(32).toString('hex');
|
|
await pool.query('INSERT INTO password_resets (email, token, expires_at) VALUES (?, ?, DATE_ADD(NOW(), INTERVAL 1 HOUR))', [email, token]);
|
|
const link = `${process.env.APP_URL || 'http://localhost:3001'}/#/reset-password?token=${token}`;
|
|
|
|
const mailOptions = {
|
|
from: `"Fasto" <${process.env.MAIL_FROM || 'nao-responda@blyzer.com.br'}>`,
|
|
to: email,
|
|
subject: 'Recuperação de Senha - Fasto',
|
|
html: `
|
|
<div style="font-family: sans-serif; max-width: 600px; margin: 0 auto; padding: 20px; border: 1px solid #e2e8f0; border-radius: 12px;">
|
|
<h2 style="color: #0f172a;">Olá, ${users[0].name}!</h2>
|
|
<p style="color: #475569;">Você solicitou a recuperação de senha da sua conta no Fasto.</p>
|
|
<p style="color: #475569;">Clique no botão abaixo para criar uma nova senha:</p>
|
|
<div style="text-align: center; margin: 30px 0;">
|
|
<a href="${link}" style="background-color: #0f172a; color: white; padding: 12px 24px; text-decoration: none; border-radius: 8px; font-weight: bold; display: inline-block;">Redefinir Minha Senha</a>
|
|
</div>
|
|
<p style="font-size: 12px; color: #94a3b8;">Este link expira em 1 hora. Se você não solicitou isso, pode ignorar este e-mail.</p>
|
|
<div style="border-top: 1px solid #f1f5f9; margin-top: 20px; padding-top: 20px; text-align: center;">
|
|
<p style="font-size: 12px; color: #94a3b8;">Desenvolvido por <a href="https://blyzer.com.br" style="color: #3b82f6; text-decoration: none;">Blyzer</a></p>
|
|
</div>
|
|
</div>
|
|
`
|
|
};
|
|
await transporter.sendMail(mailOptions);
|
|
}
|
|
res.json({ message: 'Se o e-mail existir, enviamos as instruções.' });
|
|
} catch (error) {
|
|
console.error('Forgot password error:', error);
|
|
res.status(500).json({ error: error.message });
|
|
}
|
|
});
|
|
|
|
// Reset Password
|
|
apiRouter.post('/auth/reset-password', async (req, res) => {
|
|
const { token, password } = req.body;
|
|
try {
|
|
const [resets] = await pool.query('SELECT email FROM password_resets WHERE token = ? AND expires_at > NOW()', [token]);
|
|
if (resets.length === 0) return res.status(400).json({ error: 'Token inválido.' });
|
|
const hash = await bcrypt.hash(password, 10);
|
|
await pool.query('UPDATE users SET password_hash = ? WHERE email = ?', [hash, resets[0].email]);
|
|
await pool.query('DELETE FROM password_resets WHERE email = ?', [resets[0].email]);
|
|
res.json({ message: 'Senha resetada.' });
|
|
} catch (error) {
|
|
res.status(500).json({ error: error.message });
|
|
}
|
|
});
|
|
|
|
// --- User Routes ---
|
|
apiRouter.get('/users', async (req, res) => {
|
|
try {
|
|
const { tenantId } = req.query;
|
|
let q = 'SELECT * FROM users';
|
|
const params = [];
|
|
if (tenantId && tenantId !== 'all') { q += ' WHERE tenant_id = ?'; params.push(tenantId); }
|
|
const [rows] = await pool.query(q, params);
|
|
res.json(rows);
|
|
} catch (error) { res.status(500).json({ error: error.message }); }
|
|
});
|
|
|
|
apiRouter.get('/users/:id', async (req, res) => {
|
|
try {
|
|
const [rows] = await pool.query('SELECT * FROM users WHERE id = ?', [req.params.id]);
|
|
if (rows.length === 0) return res.status(404).json({ error: 'Not found' });
|
|
res.json(rows[0]);
|
|
} catch (error) { res.status(500).json({ error: error.message }); }
|
|
});
|
|
|
|
// Convidar Novo Membro (Admin criando usuário)
|
|
apiRouter.post('/users', async (req, res) => {
|
|
const { name, email, role, team_id, tenant_id } = req.body;
|
|
console.log('--- User Creation Request ---');
|
|
console.log('Body:', req.body);
|
|
try {
|
|
// 1. Verificar se e-mail já existe
|
|
const [existing] = await pool.query('SELECT id FROM users WHERE email = ?', [email]);
|
|
if (existing.length > 0) return res.status(400).json({ error: 'E-mail já cadastrado.' });
|
|
|
|
const uid = `u_${crypto.randomUUID().split('-')[0]}`;
|
|
const placeholderHash = 'pending_setup'; // Usuário não pode logar com isso
|
|
|
|
// 2. Criar Usuário
|
|
await pool.query(
|
|
'INSERT INTO users (id, tenant_id, team_id, name, email, password_hash, role, status) VALUES (?, ?, ?, ?, ?, ?, ?, ?)',
|
|
[uid, tenant_id, team_id || null, name, email, placeholderHash, role || 'agent', 'active']
|
|
);
|
|
|
|
// 3. Gerar Token de Setup de Senha (reusando lógica de reset)
|
|
const token = crypto.randomBytes(32).toString('hex');
|
|
await pool.query(
|
|
'INSERT INTO password_resets (email, token, expires_at) VALUES (?, ?, DATE_ADD(NOW(), INTERVAL 24 HOUR))',
|
|
[email, token]
|
|
);
|
|
|
|
// 4. Enviar E-mail de Boas-vindas
|
|
const setupLink = `${process.env.APP_URL || 'http://localhost:3001'}/#/reset-password?token=${token}`;
|
|
|
|
await transporter.sendMail({
|
|
from: `"Fasto" <${process.env.MAIL_FROM || 'nao-responda@blyzer.com.br'}>`,
|
|
to: email,
|
|
subject: 'Bem-vindo ao Fasto - Crie sua senha',
|
|
html: `
|
|
<div style="font-family: sans-serif; max-width: 600px; margin: 0 auto; padding: 20px; border: 1px solid #e2e8f0; border-radius: 12px;">
|
|
<h2 style="color: #0f172a;">Olá, ${name}!</h2>
|
|
<p style="color: #475569;">Você foi convidado para participar da equipe no Fasto.</p>
|
|
<p style="color: #475569;">Clique no botão abaixo para definir sua senha e acessar sua conta:</p>
|
|
<div style="text-align: center; margin: 30px 0;">
|
|
<a href="${setupLink}" style="background-color: #0f172a; color: white; padding: 12px 24px; text-decoration: none; border-radius: 8px; font-weight: bold; display: inline-block;">Definir Minha Senha</a>
|
|
</div>
|
|
<p style="font-size: 12px; color: #94a3b8;">Este link expira em 24 horas. Se você não esperava este convite, ignore este e-mail.</p>
|
|
<div style="border-top: 1px solid #f1f5f9; margin-top: 20px; padding-top: 20px; text-align: center;">
|
|
<p style="font-size: 12px; color: #94a3b8;">Desenvolvido por <a href="https://blyzer.com.br" style="color: #3b82f6; text-decoration: none;">Blyzer</a></p>
|
|
</div>
|
|
</div>
|
|
`
|
|
});
|
|
|
|
res.status(201).json({ id: uid, message: 'Convite enviado com sucesso.' });
|
|
} catch (error) {
|
|
console.error('Invite error:', error);
|
|
res.status(500).json({ error: error.message });
|
|
}
|
|
});
|
|
|
|
apiRouter.put('/users/:id', async (req, res) => {
|
|
const { name, bio, role, team_id, status } = req.body;
|
|
try {
|
|
await pool.query(
|
|
'UPDATE users SET name = ?, bio = ?, role = ?, team_id = ?, status = ? WHERE id = ?',
|
|
[name, bio, role, team_id || null, status, req.params.id]
|
|
);
|
|
res.json({ message: 'User updated successfully.' });
|
|
} catch (error) {
|
|
console.error('Update user error:', error);
|
|
res.status(500).json({ error: error.message });
|
|
}
|
|
});
|
|
|
|
apiRouter.delete('/users/:id', async (req, res) => {
|
|
try {
|
|
await pool.query('DELETE FROM users WHERE id = ?', [req.params.id]);
|
|
res.json({ message: 'User deleted successfully.' });
|
|
} catch (error) {
|
|
console.error('Delete user error:', error);
|
|
res.status(500).json({ error: error.message });
|
|
}
|
|
});
|
|
|
|
|
|
// --- Attendance Routes ---
|
|
apiRouter.get('/attendances', async (req, res) => {
|
|
try {
|
|
const { tenantId, userId, teamId, startDate, endDate } = req.query;
|
|
let q = 'SELECT a.*, u.team_id FROM attendances a JOIN users u ON a.user_id = u.id WHERE a.tenant_id = ?';
|
|
const params = [tenantId];
|
|
if (startDate && endDate) { q += ' AND a.created_at BETWEEN ? AND ?'; params.push(new Date(startDate), new Date(endDate)); }
|
|
if (userId && userId !== 'all') { q += ' AND a.user_id = ?'; params.push(userId); }
|
|
if (teamId && teamId !== 'all') { q += ' AND u.team_id = ?'; params.push(teamId); }
|
|
q += ' ORDER BY a.created_at DESC';
|
|
const [rows] = await pool.query(q, params);
|
|
const processed = rows.map(r => ({
|
|
...r,
|
|
attention_points: typeof r.attention_points === 'string' ? JSON.parse(r.attention_points) : r.attention_points,
|
|
improvement_points: typeof r.improvement_points === 'string' ? JSON.parse(r.improvement_points) : r.improvement_points,
|
|
converted: Boolean(r.converted)
|
|
}));
|
|
res.json(processed);
|
|
} catch (error) { res.status(500).json({ error: error.message }); }
|
|
});
|
|
|
|
apiRouter.get('/attendances/:id', async (req, res) => {
|
|
try {
|
|
const [rows] = await pool.query('SELECT * FROM attendances WHERE id = ?', [req.params.id]);
|
|
if (rows.length === 0) return res.status(404).json({ error: 'Not found' });
|
|
const r = rows[0];
|
|
res.json({
|
|
...r,
|
|
attention_points: typeof r.attention_points === 'string' ? JSON.parse(r.attention_points) : r.attention_points,
|
|
improvement_points: typeof r.improvement_points === 'string' ? JSON.parse(r.improvement_points) : r.improvement_points,
|
|
converted: Boolean(r.converted)
|
|
});
|
|
} catch (error) { res.status(500).json({ error: error.message }); }
|
|
});
|
|
|
|
// --- Tenant Routes ---
|
|
apiRouter.get('/tenants', async (req, res) => {
|
|
try {
|
|
const q = 'SELECT t.*, (SELECT COUNT(*) FROM users u WHERE u.tenant_id = t.id) as user_count, (SELECT COUNT(*) FROM attendances a WHERE a.tenant_id = t.id) as attendance_count FROM tenants t';
|
|
const [rows] = await pool.query(q);
|
|
res.json(rows);
|
|
} catch (error) { res.status(500).json({ error: error.message }); }
|
|
});
|
|
|
|
// --- Team Routes ---
|
|
apiRouter.get('/teams', async (req, res) => {
|
|
try {
|
|
const { tenantId } = req.query;
|
|
const [rows] = await pool.query('SELECT * FROM teams WHERE tenant_id = ?', [tenantId]);
|
|
res.json(rows);
|
|
} catch (error) {
|
|
res.status(500).json({ error: error.message });
|
|
}
|
|
});
|
|
|
|
apiRouter.post('/teams', async (req, res) => {
|
|
const { name, description, tenantId } = req.body;
|
|
try {
|
|
const tid = `team_${crypto.randomUUID().split('-')[0]}`;
|
|
await pool.query(
|
|
'INSERT INTO teams (id, tenant_id, name, description) VALUES (?, ?, ?, ?)',
|
|
[tid, tenantId, name, description || null]
|
|
);
|
|
res.status(201).json({ id: tid, message: 'Time criado com sucesso.' });
|
|
} catch (error) {
|
|
console.error('Create team error:', error);
|
|
res.status(500).json({ error: error.message });
|
|
}
|
|
});
|
|
|
|
apiRouter.put('/teams/:id', async (req, res) => {
|
|
const { name, description } = req.body;
|
|
try {
|
|
await pool.query(
|
|
'UPDATE teams SET name = ?, description = ? WHERE id = ?',
|
|
[name, description || null, req.params.id]
|
|
);
|
|
res.json({ message: 'Team updated successfully.' });
|
|
} catch (error) {
|
|
console.error('Update team error:', error);
|
|
res.status(500).json({ error: error.message });
|
|
}
|
|
});
|
|
|
|
|
|
|
|
apiRouter.post('/tenants', async (req, res) => {
|
|
const { name, slug, admin_email, status } = req.body;
|
|
const connection = await pool.getConnection();
|
|
try {
|
|
await connection.beginTransaction();
|
|
const tid = `tenant_${crypto.randomUUID().split('-')[0]}`;
|
|
await connection.query('INSERT INTO tenants (id, name, slug, admin_email, status) VALUES (?, ?, ?, ?, ?)', [tid, name, slug, admin_email, status || 'active']);
|
|
const uid = `u_${crypto.randomUUID().split('-')[0]}`;
|
|
await connection.query('INSERT INTO users (id, tenant_id, name, email, role) VALUES (?, ?, ?, ?, ?)', [uid, tid, 'Admin', admin_email, 'admin']);
|
|
await connection.commit();
|
|
res.status(201).json({ id: tid });
|
|
} catch (error) { await connection.rollback(); res.status(500).json({ error: error.message }); } finally { connection.release(); }
|
|
});
|
|
|
|
// Mount the API Router
|
|
app.use('/api', apiRouter);
|
|
|
|
// Serve static files
|
|
if (process.env.NODE_ENV === 'production') {
|
|
app.use(express.static(path.join(__dirname, '../dist')));
|
|
app.get('*', (req, res) => {
|
|
// Avoid hijacking API requests
|
|
if (req.url.startsWith('/api')) return res.status(404).json({ error: 'API route not found' });
|
|
res.sendFile(path.join(__dirname, '../dist/index.html'));
|
|
});
|
|
}
|
|
|
|
app.listen(PORT, () => {
|
|
console.log(`🚀 Servidor Backend rodando em http://localhost:${PORT}`);
|
|
});
|