feat: add enhanced device UUID handling for worker login

2025-09-03 14:46:17 +08:00
parent 3c788545b7
commit b0012c5a31
1 changed files with 29 additions and 0 deletions
@@ -42,6 +42,7 @@ export default function(db) {
    if (!passwordMatch) {
      return res.status(401).json({ message: 'Invalid credentials' });
    }
+
    // Check if worker has device_uuid (Android device)
    if (user.role === 'worker') {
        const [deviceRows] = await db.execute('SELECT device_uuid FROM workers WHERE id = ?', [user.id]);
@@ -49,6 +50,34 @@ export default function(db) {
          return res.status(403).json({ message: 'useMobileApp' });
        }
    }
+
+    // TODO: Enhanced device UUID handling (currently disabled for testing)
+    /*
+    // DEVICE_UUID_HANDLING
+    if (user.role === 'worker') {
+      const [deviceRows] = await db.execute('SELECT device_uuid FROM workers WHERE id = ?', [user.id]);
+      const existingDeviceUuid = deviceRows[0].device_uuid;
+
+      if (existingDeviceUuid) {
+        // EXISTING_DEVICE_CHECK
+        if (deviceUuid && deviceUuid !== existingDeviceUuid) {
+          // DEVICE_MISMATCH
+          return res.status(403).json({ message: 'Device not authorized for this account' });
+        } else if (!deviceUuid) {
+          // WEB_LOGIN_BLOCK
+          return res.status(403).json({ message: 'useMobileApp' });
+        }
+      } else if (deviceUuid) {
+        // AUTO_DEVICE_REGISTRATION
+        const deviceResult = await validateDeviceForUser(user.id, deviceUuid, db);
+        if (!deviceResult.valid) {
+          return res.status(500).json({ message: 'Device registration failed' });
+        }
+        console.log(`Device UUID registered for worker ${user.id}: ${deviceUuid}`);
+      }
+    }
+    */
+
    // Managers can always login, workers without device_uuid can login
    const token = jwt.sign({ userId: user.id, role: user.role }, process.env.JWT_SECRET, { expiresIn: '1h' });
    res.json({ token });