zanewalker/EmployeeManagementSystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(Feat): More changes

Browse Source
This commit is contained in:
Zane Walker
2025-11-28 19:04:35 +00:00
parent 25ed1d5c56
commit 8ac2eb1944
42 changed files with 3291 additions and 3407 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
backend-deno/routes/users.ts
View File

@@ -1,7 +1,13 @@
import { Router } from "@oak/oak";
import { hash } from "bcrypt";
import { hash, genSalt } from "bcrypt";
import { db } from "../config/database.ts";
import { config } from "../config/env.ts";
// Helper function to hash password with proper salt generation
async function hashPassword(password: string): Promise<string> {
const salt = await genSalt(config.BCRYPT_ROUNDS);
return await hash(password, salt);
}
import { authenticateToken, authorize, getCurrentUser } from "../middleware/auth.ts";
import { sanitizeInput, isValidEmail } from "../middleware/security.ts";
import type { User, CreateUserRequest, UpdateUserRequest } from "../types/index.ts";
@@ -19,6 +25,9 @@ router.get("/", authenticateToken, async (ctx) => {
let query = `
SELECT u.id, u.username, u.name, u.email, u.role, u.department_id,
u.contractor_id, u.is_active, u.created_at,
u.phone_number, u.aadhar_number, u.bank_account_number,
u.bank_name, u.bank_ifsc,
u.contractor_agreement_number, u.pf_number, u.esic_number,
d.name as department_name,
c.name as contractor_name
FROM users u
@@ -64,6 +73,9 @@ router.get("/:id", authenticateToken, async (ctx) => {
const users = await db.query<User[]>(
`SELECT u.id, u.username, u.name, u.email, u.role, u.department_id,
u.contractor_id, u.is_active, u.created_at,
u.phone_number, u.aadhar_number, u.bank_account_number,
u.bank_name, u.bank_ifsc,
u.contractor_agreement_number, u.pf_number, u.esic_number,
d.name as department_name,
c.name as contractor_name
FROM users u
@@ -99,7 +111,11 @@ router.post("/", authenticateToken, authorize("SuperAdmin", "Supervisor"), async
try {
const currentUser = getCurrentUser(ctx);
const body = await ctx.request.body.json() as CreateUserRequest;
const { username, name, email, password, role, departmentId, contractorId } = body;
const {
username, name, email, password, role, departmentId, contractorId,
phoneNumber, aadharNumber, bankAccountNumber, bankName, bankIfsc,
contractorAgreementNumber, pfNumber, esicNumber
} = body;
// Input validation
if (!username || !name || !email || !password || !role) {
@@ -135,16 +151,28 @@ router.post("/", authenticateToken, authorize("SuperAdmin", "Supervisor"), async
}
// Hash password
const hashedPassword = await hash(password, config.BCRYPT_ROUNDS);
const hashedPassword = await hashPassword(password);
const result = await db.execute(
"INSERT INTO users (username, name, email, password, role, department_id, contractor_id) VALUES (?, ?, ?, ?, ?, ?, ?)",
[sanitizedUsername, sanitizedName, sanitizedEmail, hashedPassword, role, departmentId || null, contractorId || null]
`INSERT INTO users (username, name, email, password, role, department_id, contractor_id,
phone_number, aadhar_number, bank_account_number, bank_name, bank_ifsc,
contractor_agreement_number, pf_number, esic_number)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
[
sanitizedUsername, sanitizedName, sanitizedEmail, hashedPassword, role,
departmentId || null, contractorId || null,
phoneNumber || null, aadharNumber || null, bankAccountNumber || null,
bankName || null, bankIfsc || null,
contractorAgreementNumber || null, pfNumber || null, esicNumber || null
]
);
const newUser = await db.query<User[]>(
`SELECT u.id, u.username, u.name, u.email, u.role, u.department_id,
u.contractor_id, u.is_active, u.created_at,
u.phone_number, u.aadhar_number, u.bank_account_number,
u.bank_name, u.bank_ifsc,
u.contractor_agreement_number, u.pf_number, u.esic_number,
d.name as department_name,
c.name as contractor_name
FROM users u
@@ -175,7 +203,11 @@ router.put("/:id", authenticateToken, authorize("SuperAdmin", "Supervisor"), asy
const currentUser = getCurrentUser(ctx);
const userId = ctx.params.id;
const body = await ctx.request.body.json() as UpdateUserRequest;
const { name, email, role, departmentId, contractorId, isActive } = body;
const {
name, email, role, departmentId, contractorId, isActive,
phoneNumber, aadharNumber, bankAccountNumber, bankName, bankIfsc,
contractorAgreementNumber, pfNumber, esicNumber
} = body;
// Check if user exists
const existingUsers = await db.query<User[]>(
@@ -235,6 +267,39 @@ router.put("/:id", authenticateToken, authorize("SuperAdmin", "Supervisor"), asy
updates.push("is_active = ?");
params.push(isActive);
}
// New fields
if (phoneNumber !== undefined) {
updates.push("phone_number = ?");
params.push(phoneNumber);
}
if (aadharNumber !== undefined) {
updates.push("aadhar_number = ?");
params.push(aadharNumber);
}
if (bankAccountNumber !== undefined) {
updates.push("bank_account_number = ?");
params.push(bankAccountNumber);
}
if (bankName !== undefined) {
updates.push("bank_name = ?");
params.push(bankName);
}
if (bankIfsc !== undefined) {
updates.push("bank_ifsc = ?");
params.push(bankIfsc);
}
if (contractorAgreementNumber !== undefined) {
updates.push("contractor_agreement_number = ?");
params.push(contractorAgreementNumber);
}
if (pfNumber !== undefined) {
updates.push("pf_number = ?");
params.push(pfNumber);
}
if (esicNumber !== undefined) {
updates.push("esic_number = ?");
params.push(esicNumber);
}
if (updates.length === 0) {
ctx.response.status = 400;
@@ -252,6 +317,9 @@ router.put("/:id", authenticateToken, authorize("SuperAdmin", "Supervisor"), asy
const updatedUser = await db.query<User[]>(
`SELECT u.id, u.username, u.name, u.email, u.role, u.department_id,
u.contractor_id, u.is_active, u.created_at,
u.phone_number, u.aadhar_number, u.bank_account_number,
u.bank_name, u.bank_ifsc,
u.contractor_agreement_number, u.pf_number, u.esic_number,
d.name as department_name,
c.name as contractor_name
FROM users u