fabritsky/corp-address-book
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4e0615a7c5c2dda17a7a00395c4200c428c663b7
corp-address-book/backend/server.js
T

428 lines
14 KiB
JavaScript
Raw Blame History

require('dotenv').config();
const express = require('express');
const cors = require('cors');
const path = require('path');
const fs = require('fs');
const jwt = require('jsonwebtoken');
const bcrypt = require('bcryptjs');
const db = require('./db');
const app = express();
const PORT = process.env.PORT || 8180;
const JWT_SECRET = process.env.JWT_SECRET;
const ADMIN_USER = process.env.ADMIN_USERNAME || 'admin';
const ADMIN_PASS = process.env.ADMIN_PASSWORD;
if (!JWT_SECRET || !ADMIN_PASS) {
console.error('Missing required ADMIN_PASSWORD or JWT_SECRET environment variable.');
process.exit(1);
}
const ADMIN_PASS_HASH = bcrypt.hashSync(ADMIN_PASS, 10);
console.log(`=========================================`);
console.log(`Intranet Address Book Server starting...`);
console.log(`Admin Username: ${ADMIN_USER}`);
console.log(`Admin Password: ****** (From Env)`);
console.log(`Default Port: ${PORT}`);
console.log(`=========================================`);
app.use(cors());
app.use(express.json());
// Serve React static build files
const publicDir = path.join(__dirname, 'public');
if (fs.existsSync(publicDir)) {
app.use(express.static(publicDir));
}
// Authentication Middleware
function authenticateToken(req, res, next) {
const authHeader = req.headers['authorization'];
const token = authHeader && authHeader.split(' ')[1];
if (!token) return res.status(401).json({ error: 'Access denied. No token provided.' });
jwt.verify(token, JWT_SECRET, (err, user) => {
if (err) return res.status(403).json({ error: 'Invalid or expired token.' });
req.user = user;
next();
});
}
// ==========================================
// API ROUTES
// ==========================================
// 1. Auth Endpoint
app.post('/api/auth/login', (req, res) => {
const { username, password } = req.body;
if (!username || !password) {
return res.status(400).json({ error: 'Username and password are required' });
}
if (username === ADMIN_USER && bcrypt.compareSync(password, ADMIN_PASS_HASH)) {
const token = jwt.sign({ username }, JWT_SECRET, { expiresIn: '24h' });
return res.json({ token, username });
}
return res.status(401).json({ error: 'Incorrect username or password' });
});
// 2. Departments Endpoints
app.get('/api/departments', async (req, res) => {
try {
const rows = await db.all('SELECT * FROM departments ORDER BY name ASC');
res.json(rows);
} catch (error) {
res.status(500).json({ error: error.message });
}
});
app.post('/api/departments', authenticateToken, async (req, res) => {
const { name } = req.body;
if (!name || name.trim() === '') {
return res.status(400).json({ error: 'Department name is required' });
}
try {
const result = await db.run('INSERT INTO departments (name) VALUES (?)', [name.trim()]);
res.status(201).json({ id: result.id, name: name.trim() });
} catch (error) {
if (error.message.includes('UNIQUE')) {
return res.status(400).json({ error: 'Department already exists' });
}
res.status(500).json({ error: error.message });
}
});
app.delete('/api/departments/:id', authenticateToken, async (req, res) => {
const { id } = req.params;
try {
await db.run('UPDATE employees SET department_id = NULL WHERE department_id = ?', [id]);
const result = await db.run('DELETE FROM departments WHERE id = ?', [id]);
res.json({ success: true, changes: result.changes });
} catch (error) {
res.status(500).json({ error: error.message });
}
});
app.put('/api/departments/:id', authenticateToken, async (req, res) => {
const { id } = req.params;
const { name } = req.body;
if (!name || name.trim() === '') {
return res.status(400).json({ error: 'Department name is required' });
}
try {
const result = await db.run('UPDATE departments SET name = ? WHERE id = ?', [name.trim(), id]);
if (result.changes === 0) {
return res.status(404).json({ error: 'Department not found' });
}
res.json({ id: parseInt(id, 10), name: name.trim() });
} catch (error) {
if (error.message.includes('UNIQUE')) {
return res.status(400).json({ error: 'Department with this name already exists' });
}
res.status(500).json({ error: error.message });
}
});
// 3. Companies Endpoints (New dictionary CRUD)
app.get('/api/companies', async (req, res) => {
try {
const rows = await db.all('SELECT * FROM companies ORDER BY name ASC');
res.json(rows);
} catch (error) {
res.status(500).json({ error: error.message });
}
});
app.post('/api/companies', authenticateToken, async (req, res) => {
const { name } = req.body;
if (!name || name.trim() === '') {
return res.status(400).json({ error: 'Company name is required' });
}
try {
const result = await db.run('INSERT INTO companies (name) VALUES (?)', [name.trim()]);
res.status(201).json({ id: result.id, name: name.trim() });
} catch (error) {
if (error.message.includes('UNIQUE')) {
return res.status(400).json({ error: 'Company already exists' });
}
res.status(500).json({ error: error.message });
}
});
app.delete('/api/companies/:id', authenticateToken, async (req, res) => {
const { id } = req.params;
try {
await db.run('UPDATE employees SET company_id = NULL WHERE company_id = ?', [id]);
const result = await db.run('DELETE FROM companies WHERE id = ?', [id]);
res.json({ success: true, changes: result.changes });
} catch (error) {
res.status(500).json({ error: error.message });
}
});
app.put('/api/companies/:id', authenticateToken, async (req, res) => {
const { id } = req.params;
const { name } = req.body;
if (!name || name.trim() === '') {
return res.status(400).json({ error: 'Company name is required' });
}
try {
const result = await db.run('UPDATE companies SET name = ? WHERE id = ?', [name.trim(), id]);
if (result.changes === 0) {
return res.status(404).json({ error: 'Company not found' });
}
res.json({ id: parseInt(id, 10), name: name.trim() });
} catch (error) {
if (error.message.includes('UNIQUE')) {
return res.status(400).json({ error: 'Company with this name already exists' });
}
res.status(500).json({ error: error.message });
}
});
// 4. Employees Endpoints (Search & List)
app.get('/api/employees', async (req, res) => {
const { search, departmentId } = req.query;
let sql = `
SELECT e.*, d.name as department_name, c.name as company_name
FROM employees e
LEFT JOIN departments d ON e.department_id = d.id
LEFT JOIN companies c ON e.company_id = c.id
`;
const params = [];
const conditions = [];
if (departmentId) {
conditions.push('e.department_id = ?');
params.push(departmentId);
}
if (conditions.length > 0) {
sql += ' WHERE ' + conditions.join(' AND ');
}
sql += ' ORDER BY e.name ASC';
try {
let rows = await db.all(sql, params);
if (search && search.trim() !== '') {
const cleanSearch = search.trim().toLowerCase();
const normalizePhone = (p) => {
if (!p) return '';
const digits = p.replace(/\D/g, '');
if (digits.length === 11 && (digits.startsWith('7') || digits.startsWith('8'))) {
return digits.slice(1);
}
return digits;
};
const searchDigits = normalizePhone(cleanSearch);
rows = rows.filter(e => {
const nameMatch = e.name && e.name.toLowerCase().includes(cleanSearch);
const jobMatch = e.job_title && e.job_title.toLowerCase().includes(cleanSearch);
const emailMatch = e.email && e.email.toLowerCase().includes(cleanSearch);
const deptMatch = e.department_name && e.department_name.toLowerCase().includes(cleanSearch);
const compMatch = e.company_name && e.company_name.toLowerCase().includes(cleanSearch);
const buildMatch = e.building && e.building.toLowerCase().includes(cleanSearch);
const floorMatch = e.floor && e.floor.toLowerCase().includes(cleanSearch);
let phoneMatch = false;
if (searchDigits.length > 0 && e.phone) {
const empPhoneDigits = normalizePhone(e.phone);
if (empPhoneDigits.includes(searchDigits)) {
phoneMatch = true;
}
}
return nameMatch || jobMatch || emailMatch || deptMatch || compMatch || buildMatch || floorMatch || phoneMatch;
});
}
res.json(rows);
} catch (error) {
res.status(500).json({ error: error.message });
}
});
// Create Employee
app.post('/api/employees', authenticateToken, async (req, res) => {
const { name, company_id, job_title, department_id, phone, email, building, floor } = req.body;
if (!name || !job_title) {
return res.status(400).json({ error: 'Name and Job Title are required fields.' });
}
try {
const result = await db.run(`
INSERT INTO employees (name, company_id, job_title, department_id, phone, email, building, floor)
VALUES (?, ?, ?, ?, ?, ?, ?, ?)
`, [
name.trim(),
company_id || null,
job_title.trim(),
department_id || null,
phone ? phone.trim() : '',
email ? email.trim() : '',
building ? building.trim() : '',
floor ? floor.trim() : ''
]);
const newEmp = await db.get(`
SELECT e.*, d.name as department_name, c.name as company_name
FROM employees e
LEFT JOIN departments d ON e.department_id = d.id
LEFT JOIN companies c ON e.company_id = c.id
WHERE e.id = ?
`, [result.id]);
res.status(201).json(newEmp);
} catch (error) {
res.status(500).json({ error: error.message });
}
});
// Update Employee
app.put('/api/employees/:id', authenticateToken, async (req, res) => {
const { id } = req.params;
const { name, company_id, job_title, department_id, phone, email, building, floor } = req.body;
if (!name || !job_title) {
return res.status(400).json({ error: 'Name and Job Title are required fields.' });
}
try {
await db.run(`
UPDATE employees
SET name = ?, company_id = ?, job_title = ?, department_id = ?, phone = ?, email = ?, building = ?, floor = ?
WHERE id = ?
`, [
name.trim(),
company_id || null,
job_title.trim(),
department_id || null,
phone ? phone.trim() : '',
email ? email.trim() : '',
building ? building.trim() : '',
floor ? floor.trim() : '',
id
]);
const updatedEmp = await db.get(`
SELECT e.*, d.name as department_name, c.name as company_name
FROM employees e
LEFT JOIN departments d ON e.department_id = d.id
LEFT JOIN companies c ON e.company_id = c.id
WHERE e.id = ?
`, [id]);
res.json(updatedEmp);
} catch (error) {
res.status(500).json({ error: error.message });
}
});
// Delete Employee
app.delete('/api/employees/:id', authenticateToken, async (req, res) => {
const { id } = req.params;
try {
const result = await db.run('DELETE FROM employees WHERE id = ?', [id]);
res.json({ success: true, changes: result.changes });
} catch (error) {
res.status(500).json({ error: error.message });
}
});
// Bulk Export (JSON dump of departments, companies, and employees)
app.get('/api/admin/export', authenticateToken, async (req, res) => {
try {
const employees = await db.all('SELECT * FROM employees');
const departments = await db.all('SELECT * FROM departments');
const companies = await db.all('SELECT * FROM companies');
res.json({ employees, departments, companies });
} catch (error) {
res.status(500).json({ error: error.message });
}
});
// Bulk Import
app.post('/api/admin/import', authenticateToken, async (req, res) => {
const { employees, departments, companies } = req.body;
if (!Array.isArray(employees) || !Array.isArray(departments) || !Array.isArray(companies)) {
return res.status(400).json({ error: 'Invalid data format. Expected arrays for employees, departments, and companies.' });
}
try {
// Truncate existing data
await db.run('DELETE FROM employees');
await db.run('DELETE FROM departments');
await db.run('DELETE FROM companies');
// Reset autoincrement sequence
await db.run("UPDATE sqlite_sequence SET seq = 0 WHERE name = 'employees'");
await db.run("UPDATE sqlite_sequence SET seq = 0 WHERE name = 'departments'");
await db.run("UPDATE sqlite_sequence SET seq = 0 WHERE name = 'companies'");
// Insert departments
const deptIdMapping = {};
for (const d of departments) {
const result = await db.run('INSERT INTO departments (name) VALUES (?)', [d.name]);
deptIdMapping[d.id] = result.id;
}
// Insert companies
const compIdMapping = {};
for (const c of companies) {
const result = await db.run('INSERT INTO companies (name) VALUES (?)', [c.name]);
compIdMapping[c.id] = result.id;
}
// Insert employees
for (const e of employees) {
const newDeptId = e.department_id ? (deptIdMapping[e.department_id] || null) : null;
const newCompId = e.company_id ? (compIdMapping[e.company_id] || null) : null;
await db.run(`
INSERT INTO employees (name, company_id, job_title, department_id, phone, email, building, floor)
VALUES (?, ?, ?, ?, ?, ?, ?, ?)
`, [
e.name,
newCompId,
e.job_title,
newDeptId,
e.phone || '',
e.email || '',
e.building || '',
e.floor || ''
]);
}
res.json({ success: true, message: `Imported ${departments.length} departments, ${companies.length} companies and ${employees.length} employees.` });
} catch (error) {
res.status(500).json({ error: error.message });
}
});
// Catch-all route to serve Index.html
if (fs.existsSync(publicDir)) {
app.get('*', (req, res) => {
res.sendFile(path.join(publicDir, 'index.html'));
});
}
// Start Server
app.listen(PORT, '0.0.0.0', () => {
console.log(`Server is running on http://localhost:${PORT}`);
console.log(`Ready for Intranet users!`);
});
Reference in New Issue View Git Blame Copy Permalink