NiLai_Clock/Nilai_Clock
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: implement configurable device UUID handling for worker login

Browse Source
This commit is contained in:
sudomarcma
2025-09-08 16:13:34 +08:00
parent 64b4f040ee
commit e24a704732
1 changed files with 19 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/workerRoutes.js
+19 -25
View File
@@ -24,15 +24,19 @@ async function isClockingEnabled(db) {
export default function(db) {
const router = express.Router();
// Set DEVICE_UUID_ENABLED to false to completely disable device UUID checking
const DEVICE_UUID_ENABLED = false;
const REQUIRE_DEVICE_FOR_WORKERS = true;
const AUTO_REGISTER_NEW_DEVICES = true;
router.post('/auth/login', async (req, res) => {
const { username, password } = req.body;
const { username, password, deviceUuid } = req.body;
const [rows] = await db.execute('SELECT id, role, password_hash, status FROM workers WHERE username = ?', [username]);
if (rows.length === 0) {
return res.status(401).json({ message: 'Invalid credentials' });
}
const user = rows[0];
// Allow both workers and managers to login
// Check if the user's status is 'active'
if (user.status !== 'active') {
return res.status(401).json({ message: 'Invalid credentials' });
@@ -43,40 +47,30 @@ export default function(db) {
return res.status(401).json({ message: 'Invalid credentials' });
}
// Check if worker has device_uuid (Android device)
if (user.role === 'worker') {
const [deviceRows] = await db.execute('SELECT device_uuid FROM workers WHERE id = ?', [user.id]);
if (deviceRows[0].device_uuid&&deviceRows[0].device_uuid.length){
return res.status(403).json({ message: 'useMobileApp' });
}
}
// TODO: Enhanced device UUID handling (currently disabled for testing)
/*
// DEVICE_UUID_HANDLING
if (user.role === 'worker') {
// Device UUID handling - controlled by configuration flags above
if (DEVICE_UUID_ENABLED && user.role === 'worker') {
const [deviceRows] = await db.execute('SELECT device_uuid FROM workers WHERE id = ?', [user.id]);
const existingDeviceUuid = deviceRows[0].device_uuid;
if (existingDeviceUuid) {
// EXISTING_DEVICE_CHECK
if (deviceUuid && deviceUuid !== existingDeviceUuid) {
// DEVICE_MISMATCH
return res.status(403).json({ message: 'Device not authorized for this account' });
return res.status(403).json({ message: 'deviceMismatch' });
} else if (!deviceUuid) {
// WEB_LOGIN_BLOCK
return res.status(403).json({ message: 'useMobileApp' });
}
} else if (deviceUuid) {
// AUTO_DEVICE_REGISTRATION
const deviceResult = await validateDeviceForUser(user.id, deviceUuid, db);
if (!deviceResult.valid) {
return res.status(500).json({ message: 'Device registration failed' });
} else {
// User has no registered device
if (deviceUuid && AUTO_REGISTER_NEW_DEVICES) {
const deviceResult = await validateDeviceForUser(user.id, deviceUuid, db);
if (!deviceResult.valid) {
return res.status(500).json({ message: 'deviceRegistrationFailed' });
}
// console.log(`Device UUID registered for worker ${user.id}: ${deviceUuid}`);
} else if (!deviceUuid && REQUIRE_DEVICE_FOR_WORKERS) {
return res.status(403).json({ message: 'deviceRequired' });
}
console.log(`Device UUID registered for worker ${user.id}: ${deviceUuid}`);
}
}
*/
// Managers can always login, workers without device_uuid can login
const token = jwt.sign({ userId: user.id, role: user.role }, process.env.JWT_SECRET, { expiresIn: '1h' });