tech4lince/spurrin-backend
1
0
Fork 0
forked from rohit/spurrin-backend
Code Pull Requests Activity

ntfs, msg

Browse Source
This commit is contained in:
Ubuntu 2025-08-04 13:55:45 +05:30
parent 1362dd52be
commit b0325d4860
2 changed files with 152 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/controllers/hospitalController.js
View File

@ -1573,7 +1573,7 @@ exports.updatePublicSignup = async (req, res) => {
console.log("req user-----", req.user)
// Check if user has permission
if (!["Spurrinadmin", "Superadmin", 7, 6].includes(req.user.role)) {
if (!["Spurrinadmin", "Superadmin","Admin", 7, 6,8].includes(req.user.role)) {
return res.status(403).json({
error: "You are not authorized to update public signup settings"
});

294
src/services/secondaryWebsocket.js
View File

@ -8,8 +8,8 @@ const db = require("../config/database");
const base_url = "https://backend.spurrinai.com";
const server = https.createServer({
cert: fs.readFileSync("/home/ubuntu/spurrin-cleaned-node/certificates/fullchain.pem"),
key: fs.readFileSync("/home/ubuntu/spurrin-cleaned-node/certificates/privkey.pem")
cert: fs.readFileSync("/home/ubuntu/spurrin-backend/certificates/fullchain.pem"),
key: fs.readFileSync("/home/ubuntu/spurrin-backend/certificates/privkey.pem")
});
const wss = new WebSocket.Server({ server, perMessageDeflate: false });
@ -177,7 +177,7 @@ wss.on("connection", (ws) => {
}
// This event retrieves all feedback entries submitted by app users (sender_type = 'appuser') to a specific hospital (receiver_type = 'hospital') based on the hospital's hospital_code, which is derived from the JWT token provided by the user.
if (data.event === "get-app-user-byhospital-feedback") {
if (data.event === "get-app-user-byhospital-feedback") {
if (!data.token) {
emitEvent("get-app-user-byhospital-feedback", { error: "Token missing" }, ws.userId);
return;
@ -187,7 +187,7 @@ wss.on("connection", (ws) => {
const decoded = jwt.verify(data.token, process.env.JWT_ACCESS_TOKEN_SECRET);
// Only hospital users (role 7, 8, or 9) are allowed
if (!["Superadmin","Admin",7, 8].includes(decoded.role)) {
if (!["Superadmin", "Admin", 7, 8].includes(decoded.role)) {
emitEvent("get-app-user-byhospital-feedback", { error: "Unauthorized access" }, ws.userId);
return;
}
@ -284,110 +284,110 @@ wss.on("connection", (ws) => {
}
if (data.event === "app-usersby-hospitalid") {
if (!data.token || !data.id) {
emitEvent("app-usersby-hospitalid", { error: "Token or hospital ID missing" }, ws.userId);
return;
}
if (!data.token || !data.id) {
emitEvent("app-usersby-hospitalid", { error: "Token or hospital ID missing" }, ws.userId);
return;
}
try {
const decoded = jwt.verify(data.token, process.env.JWT_ACCESS_TOKEN_SECRET);
const userRole = decoded.role;
try {
const decoded = jwt.verify(data.token, process.env.JWT_ACCESS_TOKEN_SECRET);
const userRole = decoded.role;
// Only allowed roles
if (!["Superadmin", "Admin", 8, 9].includes(userRole)) {
emitEvent("app-usersby-hospitalid", { error: "Unauthorized to view app users" }, decoded.id);
return;
}
// Only allowed roles
if (!["Superadmin", "Admin", 8, 9].includes(userRole)) {
emitEvent("app-usersby-hospitalid", { error: "Unauthorized to view app users" }, decoded.id);
return;
}
// Fetch hospital_code using hospital id
const query1 = `SELECT * FROM hospitals WHERE id = ?`;
const result1 = await db.query(query1, [data.id]);
// Fetch hospital_code using hospital id
const query1 = `SELECT * FROM hospitals WHERE id = ?`;
const result1 = await db.query(query1, [data.id]);
if (!result1 || !result1[0].hospital_code) {
emitEvent("app-usersby-hospitalid", { error: "Hospital not found" }, decoded.id);
return;
}
if (!result1 || !result1[0].hospital_code) {
emitEvent("app-usersby-hospitalid", { error: "Hospital not found" }, decoded.id);
return;
}
const hospitalCode = result1[0].hospital_code;
const hospitalCode = result1[0].hospital_code;
// Fetch app users for that hospital_code
const query2 = `SELECT * FROM app_users WHERE hospital_code = ?`;
const users = await db.query(query2, [hospitalCode]);
// Fetch app users for that hospital_code
const query2 = `SELECT * FROM app_users WHERE hospital_code = ?`;
const users = await db.query(query2, [hospitalCode]);
if (users.length === 0) {
emitEvent("app-usersby-hospitalid", { message: "No app users found" }, decoded.id);
return;
}
if (users.length === 0) {
emitEvent("app-usersby-hospitalid", { message: "No app users found" }, decoded.id);
return;
}
emitEvent("app-usersby-hospitalid", {
message: "App users fetched successfully",
data: users
}, decoded.id);
emitEvent("app-usersby-hospitalid", {
message: "App users fetched successfully",
data: users
}, decoded.id);
} catch (error) {
emitEvent("app-usersby-hospitalid", { error: error.message }, ws.userId);
}
} catch (error) {
emitEvent("app-usersby-hospitalid", { error: error.message }, ws.userId);
}
}
if (data.event === "get-signup-notifications") {
if (data.event === "get-signup-notifications") {
if (!data.token) {
emitEvent("get-signup-notifications", { error: "Token missing" }, ws.userId);
return;
}
if (!data.token) {
emitEvent("get-signup-notifications", { error: "Token missing" }, ws.userId);
return;
}
try {
const decoded = jwt.verify(data.token, process.env.JWT_ACCESS_TOKEN_SECRET);
const allowedRoles = ['Admin', 'Superadmin', 8, 7];
try {
const decoded = jwt.verify(data.token, process.env.JWT_ACCESS_TOKEN_SECRET);
const allowedRoles = ['Admin', 'Superadmin', 8, 7];
// Role-based access check
if (!allowedRoles.includes(decoded.role)) {
emitEvent("get-signup-notifications", { error: "You are not authorized!" }, decoded.id);
return;
// Role-based access check
if (!allowedRoles.includes(decoded.role)) {
emitEvent("get-signup-notifications", { error: "You are not authorized!" }, decoded.id);
return;
}
// Fetch hospital_code from the DB
const result = await db.query(
"SELECT hospital_code FROM hospital_users WHERE id = ?",
[decoded.id]
);
// Validate result
if (!result || result.length === 0 || !result[0].hospital_code) {
emitEvent("get-signup-notifications", { error: "Hospital code not found." }, decoded.id);
return;
}
const hospital_code = result[0].hospital_code;
// Fetch signup notifications
const notifications = await db.query(
"SELECT * FROM app_users WHERE hospital_code = ? AND checked = 0",
[hospital_code]
);
emitEvent("get-signup-notifications", {
message: "Notifications fetched successfully.",
notifications
}, decoded.id);
} catch (error) {
console.error("Error fetching signup notifications:", error);
emitEvent("get-signup-notifications", { error: error.message }, ws.userId);
}
}
// Fetch hospital_code from the DB
const result = await db.query(
"SELECT hospital_code FROM hospitals WHERE id = ?",
[decoded.id]
);
// Validate result
if (!result || result.length === 0 || !result[0].hospital_code) {
emitEvent("get-signup-notifications", { error: "Hospital code not found." }, decoded.id);
return;
}
if (data.event === "get-app-queries") {
const hospital_code = result[0].hospital_code;
// Fetch signup notifications
const notifications = await db.query(
"SELECT * FROM hospitals WHERE hospital_code = ? AND checked = 0",
[hospital_code]
);
emitEvent("get-signup-notifications", {
message: "Notifications fetched successfully.",
notifications
}, decoded.id);
} catch (error) {
console.error("Error fetching signup notifications:", error);
emitEvent("get-signup-notifications", { error: error.message }, ws.userId);
}
}
if(data.event === "get-app-queries"){
if (!data.token || (!data.hospital_code || !data.app_user_id) ) {
if (!data.token || (!data.hospital_code || !data.app_user_id)) {
emitEvent("get-app-queries", { error: "Token missing or hospital_code or app_user_id missing" }, ws.userId);
return;
}
try {
const decoded = jwt.verify(data.token, process.env.JWT_ACCESS_TOKEN_SECRET);
const allowedRoles = ['Admin','Superadmin',8,7];
const allowedRoles = ['Admin', 'Superadmin', 8, 7];
// Role-based access check
if (!allowedRoles.includes(decoded.role)) {
@ -400,19 +400,19 @@ if (data.event === "get-signup-notifications") {
let interaction_logs;
// Fetch notifications of new signup
if(data.hospital_code.length == 0){
// Fetch notifications of new signup
if (data.hospital_code.length == 0) {
interaction_logs = await db.query(
"SELECT * FROM interaction_logs WHERE app_user_id = ?",
[data.app_user_id]
);
}
else if(data.app_user_id.length == 0){
}
else if (data.app_user_id.length == 0) {
interaction_logs = await db.query(
"SELECT * FROM interaction_logs WHERE app_user_id = ?",
[ data.app_user_id]
[data.app_user_id]
);
}
}
emitEvent("get-app-queries", {
message: "interaction logs fetched successfully.",
@ -426,53 +426,52 @@ if (data.event === "get-signup-notifications") {
if (data.event === "get-signup-notifications") {
if (!data.token) {
emitEvent("get-signup-notifications", { error: "Token missing" }, ws.userId);
return;
}
if (!data.token) {
emitEvent("get-signup-notifications", { error: "Token missing" }, ws.userId);
return;
}
try {
const decoded = jwt.verify(data.token, process.env.JWT_ACCESS_TOKEN_SECRET);
const allowedRoles = ['Admin', 'Superadmin', 8, 7];
try {
const decoded = jwt.verify(data.token, process.env.JWT_ACCESS_TOKEN_SECRET);
const allowedRoles = ['Admin', 'Superadmin', 8, 7];
// Role-based access check
if (!allowedRoles.includes(decoded.role)) {
emitEvent("get-signup-notifications", { error: "You are not authorized!" }, decoded.id);
return;
// Role-based access check
if (!allowedRoles.includes(decoded.role)) {
emitEvent("get-signup-notifications", { error: "You are not authorized!" }, decoded.id);
return;
}
console.log("decoded token ----", decoded)
// Fetch hospital_code from hospitals table
const result = await db.query(
"SELECT hospital_code FROM hospital_users WHERE id = ?",
[decoded.id]
);
if (!result || result.length === 0 || !result[0].hospital_code) {
emitEvent("get-signup-notifications", { error: "Hospital code not found" }, decoded.id);
return;
}
const hospital_code = result[0].hospital_code;
// Fetch notifications of new signups
const notifications = await db.query(
"SELECT * FROM app_users WHERE hospital_code = ? AND checked = 0",
[hospital_code]
);
emitEvent("get-signup-notifications", {
message: "Notifications fetched successfully.",
notifications
}, decoded.id);
} catch (error) {
emitEvent("get-signup-notifications", { error: error.message }, ws.userId);
}
}
console.log("decoded token ----",decoded)
// Fetch hospital_code from hospitals table
const result = await db.query(
"SELECT hospital_code FROM hospitals WHERE id = ?",
[decoded.id]
);
if (!result || result.length === 0 || !result[0].hospital_code) {
emitEvent("get-signup-notifications", { error: "Hospital code not found" }, decoded.id);
return;
}
const hospital_code = result[0].hospital_code;
// Fetch notifications of new signups
const notifications = await db.query(
"SELECT * FROM hospitals WHERE hospital_code = ? AND checked = 0",
[hospital_code]
);
emitEvent("get-signup-notifications", {
message: "Notifications fetched successfully.",
notifications
}, decoded.id);
} catch (error) {
emitEvent("get-signup-notifications", { error: error.message }, ws.userId);
}
}
@ -488,20 +487,21 @@ if (data.event === "get-signup-notifications") {
});
});
// function emitEvent(event, data, userId = null) {
// if (userId && userSockets.has(userId)) {
// const client = userSockets.get(userId);
// if (client.readyState === WebSocket.OPEN) {
// client.send(JSON.stringify({ event, data }));
// }
// } else {
// wss.clients.forEach((client) => {
// if (client.readyState === WebSocket.OPEN) {
// client.send(JSON.stringify({ event, data }));
// }
// });
// }
// }
// Add this function before the server.listen() call
function emitEvent(event, data, userId = null) {
if (userId && userSockets.has(userId)) {
const client = userSockets.get(userId);
if (client.readyState === WebSocket.OPEN) {
client.send(JSON.stringify({ event, data }));
}
} else {
wss.clients.forEach((client) => {
if (client.readyState === WebSocket.OPEN) {
client.send(JSON.stringify({ event, data }));
}
});
}
}
server.listen(40520, () => {
console.log("📡 Secure WebSocket server listening on wss://backend.spurrinai.com:40520");