NiLai_Clock/Nilai_Clock
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Refactor ChangePasswordView for improved UI and UX, add success/error overlays

Browse Source 
feat: Enhance LoginView with "Remember Me" functionality and improved error handling
feat: Revamp WorkerDashboardView with new layout, scanner integration, and status overlays
feat: Update WorkerHistoryView to include a more user-friendly design and navigation
feat: Create NativeServicesStatus view for displaying web services status
feat: Implement SettingsView with options for clock history, password change, language selection, and logout
This commit is contained in:
sudomarcma
2025-07-23 09:29:45 +08:00
parent 7247604a99
commit ffe4c7228d
13 changed files with 593 additions and 219 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/workerRoutes.js
+11 -9
View File
@@ -25,16 +25,16 @@ export default function(db) {
const router = express.Router();
router.post('/auth/login', async (req, res) => {
const { username, password, deviceUuid } = req.body;
const { username, password } = req.body;
const [rows] = await db.execute('SELECT id, role, password_hash, status FROM workers WHERE username = ?', [username]);
if (rows.length === 0) {
return res.status(401).json({ message: 'Invalid credentials' });
}
const user = rows[0];
// Check if the worker's status is 'active'
if (user.role === 'worker' && user.status !== 'active') {
// Return the same message as invalid credentials to avoid leaking information
// Allow both workers and managers to login
// Check if the user's status is 'active'
if (user.status !== 'active') {
return res.status(401).json({ message: 'Invalid credentials' });
}
@@ -42,12 +42,14 @@ export default function(db) {
if (!passwordMatch) {
return res.status(401).json({ message: 'Invalid credentials' });
}
if (deviceUuid && user.role !== 'manager') {
const deviceValidation = await validateDeviceForUser(user.id, deviceUuid, db);
if (!deviceValidation.valid) {
return res.status(403).json({ message: deviceValidation.message });
}
// Check if worker has device_uuid (Android device)
if (user.role === 'worker') {
const [deviceRows] = await db.execute('SELECT device_uuid FROM workers WHERE id = ?', [user.id]);
if (deviceRows[0].device_uuid) {
return res.status(403).json({ message: 'useMobileApp' });
}
}
// Managers can always login, workers without device_uuid can login
const token = jwt.sign({ userId: user.id, role: user.role }, process.env.JWT_SECRET, { expiresIn: '1h' });
res.json({ token });
});