@organizasyon/meeting-nanaman-app-backend 1.0.0

package/dist/controllers/auth/index.d.ts

@@ -0,0 +1,65 @@
+import { Response } from 'express';
+import type { MulterRequest } from '../../types';
+import Users from './../../controllers/users';
+export declare class AuthController extends Users {
+    /**
+      * Get user profile
+      */
+    getProfile(req: MulterRequest, res: Response): Promise<void>;
+    /**
+      * Forgot password - send reset email
+      */
+    forgotPassword(req: MulterRequest & {
+        body?: Record<string, any>;
+    }, res: Response): Promise<void>;
+    /**
+     * Change password
+     */
+    changePassword(req: MulterRequest & {
+        body?: Record<string, any>;
+    }, res: Response): Promise<void>;
+    /**
+     * Start passkey registration challenge
+     */
+    registerPasskey(req: MulterRequest & {
+        body?: Record<string, any>;
+    }, res: Response): Promise<void>;
+    /**
+      * Complete passkey registration
+      */
+    completePasskeyRegistration(req: MulterRequest & {
+        body?: Record<string, any>;
+    }, res: Response): Promise<void>;
+    /**
+      * Get user passkeys
+      */
+    getPasskeys(req: MulterRequest, res: Response): Promise<void>;
+    /**
+      * Delete passkey
+      */
+    deletePasskey(req: MulterRequest, res: Response): Promise<void>;
+    /**
+     * Start passkey authentication challenge
+     */
+    authenticatePasskey(req: MulterRequest & {
+        body?: Record<string, any>;
+    }, res: Response): Promise<void>;
+    /**
+     * Validate reset token
+     */
+    validateResetToken(req: MulterRequest & {
+        body?: Record<string, any>;
+    }, res: Response): Promise<void>;
+    /**
+     * Reset password with token
+     */
+    resetPassword(req: MulterRequest & {
+        body?: Record<string, any>;
+    }, res: Response): Promise<void>;
+    /**
+      * Complete passkey authentication
+      */
+    verifyPasskey(req: MulterRequest & {
+        body?: Record<string, any>;
+    }, res: Response): Promise<void>;
+}

package/dist/controllers/auth/index.js

@@ -0,0 +1,525 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthController = void 0;
+const users_1 = __importDefault(require("../../models/users"));
+const passkeys_1 = __importDefault(require("../../models/passkeys"));
+const users_2 = __importDefault(require("./../../controllers/users"));
+const queues_1 = require("../../queues");
+const bcrypt_1 = __importDefault(require("bcrypt"));
+const crypto_1 = __importDefault(require("crypto"));
+class AuthController extends users_2.default {
+    /**
+      * Get user profile
+      */
+    async getProfile(req, res) {
+        console.log('=== Backend AuthController.getProfile called ===');
+        console.log('req.user:', req.user);
+        try {
+            // Get user ID from JWT token
+            const userId = req.user?.userId;
+            console.log('Get profile for userId:', userId);
+            if (!userId) {
+                console.log('No userId in request');
+                res.status(401).json({ message: 'Unauthorized' });
+                return;
+            }
+            const user = await users_1.default.findOne({
+                _id: userId,
+                deleted_at: null
+            })
+                .select('-password -__v')
+                .populate('employee_id', 'first_name last_name middle_name email position department contact_number address')
+                .lean()
+                .exec();
+            console.log('User found:', !!user);
+            if (!user) {
+                console.log('User not found for id:', userId);
+                res.status(404).json({ message: 'User not found' });
+                return;
+            }
+            // Format user data same as login response
+            const userData = {
+                id: user._id,
+                email: user.email,
+                first_name: user.first_name,
+                last_name: user.last_name,
+                middle_name: user.middle_name,
+                full_name: `${user.first_name} ${user.last_name}`,
+                role: user.role,
+                employee_id: user.employee_id,
+                is_active: user.is_active,
+                created_at: user.created_at
+            };
+            const response = {
+                message: 'Profile retrieved successfully',
+                user: userData
+            };
+            console.log('Sending response:', response);
+            console.log('=== Backend AuthController.getProfile completed ===');
+            res.json(response);
+        }
+        catch (err) {
+            console.error('Get profile error', err);
+            console.log('=== Backend AuthController.getProfile failed ===');
+            res.status(500).json({ message: 'Failed to retrieve profile', error: String(err) });
+        }
+    }
+    /**
+      * Forgot password - send reset email
+      */
+    async forgotPassword(req, res) {
+        try {
+            const body = req.body || {};
+            const { email } = body;
+            if (!email) {
+                res.status(400).json({ message: 'Email is required' });
+                return;
+            }
+            // Find user by email
+            const user = await users_1.default.findOne({
+                email: email.trim().toLowerCase(),
+                deleted_at: null,
+                is_active: true
+            }).lean().exec();
+            if (!user) {
+                res.status(404).json({ message: 'User with this email not found' });
+                return;
+            }
+            // Generate reset token
+            const resetToken = crypto_1.default.randomBytes(32).toString('hex');
+            const resetTokenExpiry = Date.now() + (60 * 60 * 1000); // 1 hour
+            // Update user with reset token
+            await users_1.default.updateOne({ _id: user._id }, {
+                reset_token: resetToken,
+                reset_token_expires: resetTokenExpiry,
+                updated_at: Date.now()
+            });
+            // Add to email queue
+            await (0, queues_1.getEmailQueue)().add('send-email', {
+                type: 'password_reset',
+                data: {
+                    user_id: user._id,
+                    email: user.email,
+                    reset_token: resetToken,
+                    name: user.full_name || `${user.first_name} ${user.last_name}`
+                }
+            });
+            res.json({
+                message: 'Password reset email sent successfully',
+                success: true
+            });
+        }
+        catch (err) {
+            console.error('Forgot password error', err);
+            res.status(500).json({ message: 'Failed to send password reset email', error: String(err) });
+        }
+    }
+    /**
+     * Change password
+     */
+    async changePassword(req, res) {
+        try {
+            const body = req.body || {};
+            const { current_password, new_password } = body;
+            if (!current_password || !new_password) {
+                res.status(400).json({ message: 'Current password and new password are required' });
+                return;
+            }
+            // Get user ID from JWT token
+            const userId = req.user?.userId;
+            if (!userId) {
+                res.status(401).json({ message: 'Unauthorized' });
+                return;
+            }
+            // Find user
+            const user = await users_1.default.findOne({
+                _id: userId,
+                deleted_at: null,
+                is_active: true
+            }).exec();
+            if (!user) {
+                res.status(404).json({ message: 'User not found' });
+                return;
+            }
+            // Verify current password
+            const isCurrentPasswordValid = await bcrypt_1.default.compare(current_password, user.password);
+            if (!isCurrentPasswordValid) {
+                res.status(400).json({ message: 'Current password is incorrect' });
+                return;
+            }
+            // Hash new password
+            const hashedNewPassword = await bcrypt_1.default.hash(new_password, 10);
+            // Update password
+            await users_1.default.updateOne({ _id: userId }, {
+                password: hashedNewPassword,
+                updated_at: Date.now()
+            });
+            // Add to email queue
+            await (0, queues_1.getEmailQueue)().add('send-email', {
+                type: 'password_changed',
+                data: {
+                    user_id: user._id,
+                    email: user.email,
+                    name: `${user.first_name} ${user.middle_name ? user.middle_name + ' ' : ''}${user.last_name}`
+                }
+            });
+            res.json({
+                message: 'Password changed successfully',
+                success: true
+            });
+        }
+        catch (err) {
+            console.error('Change password error', err);
+            res.status(500).json({ message: 'Failed to change password', error: String(err) });
+        }
+    }
+    /**
+     * Start passkey registration challenge
+     */
+    async registerPasskey(req, res) {
+        try {
+            const body = req.body || {};
+            const { user_id, email } = body;
+            if (!user_id || !email) {
+                res.status(400).json({ message: 'User ID and email are required' });
+                return;
+            }
+            // Find user
+            const user = await users_1.default.findOne({
+                _id: user_id,
+                email: email.trim().toLowerCase(),
+                deleted_at: null,
+                is_active: true
+            }).lean().exec();
+            if (!user) {
+                res.status(404).json({ message: 'User not found' });
+                return;
+            }
+            // Generate WebAuthn challenge
+            const challenge = crypto_1.default.randomBytes(32);
+            const deviceId = crypto_1.default.randomBytes(16).toString('hex');
+            res.json({
+                challenge: challenge.toString('base64'),
+                device_id: deviceId,
+                device_name: `Device ${new Date().toLocaleDateString()}`
+            });
+        }
+        catch (err) {
+            console.error('Register passkey challenge error', err);
+            res.status(500).json({ message: 'Failed to start registration', error: String(err) });
+        }
+    }
+    /**
+      * Complete passkey registration
+      */
+    async completePasskeyRegistration(req, res) {
+        try {
+            const body = req.body || {};
+            const { user_id, credential_id, device_id, name, public_key } = body;
+            if (!user_id || !credential_id || !device_id || !name || !public_key) {
+                res.status(400).json({ message: 'All fields are required' });
+                return;
+            }
+            // Check if passkey already exists
+            const existingPasskey = await passkeys_1.default.findOne({
+                credential_id,
+                deleted_at: null
+            }).lean().exec();
+            if (existingPasskey) {
+                res.status(409).json({ message: 'Passkey already registered' });
+                return;
+            }
+            // Get user info for email
+            const user = await users_1.default.findOne({ _id: user_id }).lean().exec();
+            if (!user) {
+                res.status(404).json({ message: 'User not found' });
+                return;
+            }
+            // Create new passkey - public_key is COSE format CBOR from WebAuthn
+            await passkeys_1.default.create({
+                user_id,
+                credential_id,
+                device_id,
+                name,
+                public_key: public_key, // Store COSE public key
+                created_at: Date.now(),
+                updated_at: Date.now()
+            });
+            // Add to email queue
+            await (0, queues_1.getEmailQueue)().add('send-email', {
+                type: 'passkey',
+                data: {
+                    user_id: user._id,
+                    email: user.email,
+                    name: `${user.first_name} ${user.middle_name ? user.middle_name + ' ' : ''}${user.last_name}`,
+                    device_name: name
+                }
+            });
+            res.json({
+                message: 'Passkey registered successfully',
+                success: true,
+                device_id,
+                device_name: name
+            });
+        }
+        catch (err) {
+            console.error('Complete passkey registration error', err);
+            res.status(500).json({ message: 'Failed to register passkey', error: String(err) });
+        }
+    }
+    /**
+      * Get user passkeys
+      */
+    async getPasskeys(req, res) {
+        try {
+            const { user_id } = req.params;
+            if (!user_id) {
+                res.status(400).json({ message: 'User ID is required' });
+                return;
+            }
+            const passkeys = await passkeys_1.default.find({
+                user_id,
+                deleted_at: null,
+                is_active: true
+            })
+                .select('-__v')
+                .sort({ created_at: -1 })
+                .lean()
+                .exec();
+            res.json({
+                message: 'Passkeys retrieved successfully',
+                passkeys
+            });
+        }
+        catch (err) {
+            console.error('Get passkeys error', err);
+            res.status(500).json({ message: 'Failed to retrieve passkeys', error: String(err) });
+        }
+    }
+    /**
+      * Delete passkey
+      */
+    async deletePasskey(req, res) {
+        try {
+            const { passkeyId } = req.params;
+            if (!passkeyId) {
+                res.status(400).json({ message: 'Passkey ID is required' });
+                return;
+            }
+            // Soft delete the passkey
+            await passkeys_1.default.updateOne({ _id: passkeyId }, { deleted_at: Date.now(), is_active: false });
+            res.json({
+                message: 'Passkey deleted successfully',
+                success: true
+            });
+        }
+        catch (err) {
+            console.error('Delete passkey error', err);
+            res.status(500).json({ message: 'Failed to delete passkey', error: String(err) });
+        }
+    }
+    /**
+     * Start passkey authentication challenge
+     */
+    async authenticatePasskey(req, res) {
+        try {
+            const body = req.body || {};
+            const { email, device_id } = body;
+            if (!email || !device_id) {
+                res.status(400).json({ message: 'Email and device ID are required' });
+                return;
+            }
+            // Find user by email
+            const user = await users_1.default.findOne({
+                email: email.trim().toLowerCase(),
+                deleted_at: null,
+                is_active: true
+            }).lean().exec();
+            if (!user) {
+                res.status(401).json({ message: 'Invalid credentials' });
+                return;
+            }
+            // Find the latest active passkey for this user and device
+            const passkey = await passkeys_1.default.findOne({
+                user_id: user._id,
+                device_id,
+                is_active: true,
+                deleted_at: null
+            })
+                .sort({ created_at: -1 })
+                .lean()
+                .exec();
+            if (!passkey) {
+                res.status(401).json({ message: 'No passkey found for this device' });
+                return;
+            }
+            // Generate WebAuthn challenge
+            const challenge = crypto_1.default.randomBytes(32);
+            res.json({
+                challenge: challenge.toString('base64'),
+                user_id: user._id,
+                credential_id: passkey.credential_id
+            });
+        }
+        catch (err) {
+            console.error('Passkey authentication challenge error', err);
+            res.status(500).json({ message: 'Failed to start authentication', error: String(err) });
+        }
+    }
+    /**
+     * Validate reset token
+     */
+    async validateResetToken(req, res) {
+        try {
+            const body = req.body || {};
+            const { token } = body;
+            if (!token) {
+                res.status(400).json({ message: 'Token is required' });
+                return;
+            }
+            // Find user with valid reset token
+            const user = await users_1.default.findOne({
+                reset_token: token,
+                reset_token_expires: { $gt: Date.now() },
+                deleted_at: null,
+                is_active: true
+            }).lean().exec();
+            if (!user) {
+                res.status(400).json({ message: 'Invalid or expired token' });
+                return;
+            }
+            res.json({
+                message: 'Token is valid',
+                valid: true
+            });
+        }
+        catch (err) {
+            console.error('Validate reset token error', err);
+            res.status(500).json({ message: 'Failed to validate token', error: String(err) });
+        }
+    }
+    /**
+     * Reset password with token
+     */
+    async resetPassword(req, res) {
+        try {
+            const body = req.body || {};
+            const { token, new_password } = body;
+            if (!token || !new_password) {
+                res.status(400).json({ message: 'Token and new password are required' });
+                return;
+            }
+            // Find user with valid reset token
+            const user = await users_1.default.findOne({
+                reset_token: token,
+                reset_token_expires: { $gt: Date.now() },
+                deleted_at: null,
+                is_active: true
+            }).exec();
+            if (!user) {
+                res.status(400).json({ message: 'Invalid or expired token' });
+                return;
+            }
+            // Hash new password
+            const hashedPassword = await bcrypt_1.default.hash(new_password, 10);
+            // Update password and clear reset token
+            await users_1.default.updateOne({ _id: user._id }, {
+                password: hashedPassword,
+                reset_token: null,
+                reset_token_expires: null,
+                updated_at: Date.now()
+            });
+            // Add to email queue for password changed notification
+            await (0, queues_1.getEmailQueue)().add('send-email', {
+                type: 'password_changed',
+                data: {
+                    user_id: user._id,
+                    email: user.email,
+                    name: `${user.first_name} ${user.middle_name ? user.middle_name + ' ' : ''}${user.last_name}`
+                }
+            });
+            res.json({
+                message: 'Password reset successfully',
+                success: true
+            });
+        }
+        catch (err) {
+            console.error('Reset password error', err);
+            res.status(500).json({ message: 'Failed to reset password', error: String(err) });
+        }
+    }
+    /**
+      * Complete passkey authentication
+      */
+    async verifyPasskey(req, res) {
+        try {
+            const body = req.body || {};
+            const { email, device_id, credential_id, authenticator_data } = body;
+            if (!email || !device_id || !credential_id || !authenticator_data) {
+                res.status(400).json({ message: 'All authentication data is required' });
+                return;
+            }
+            // Find user by email
+            const user = await users_1.default.findOne({
+                email: email.trim().toLowerCase(),
+                deleted_at: null,
+                is_active: true
+            }).lean().exec();
+            if (!user) {
+                res.status(401).json({ message: 'Invalid credentials' });
+                return;
+            }
+            // Find the passkey
+            const passkey = await passkeys_1.default.findOne({
+                user_id: user._id,
+                credential_id,
+                device_id,
+                is_active: true,
+                deleted_at: null
+            }).lean().exec();
+            if (!passkey) {
+                res.status(401).json({ message: 'Invalid passkey' });
+                return;
+            }
+            // For now, trust the client-side WebAuthn verification
+            // The authenticator already verified the user locally with biometrics
+            // We'll implement full cryptographic signature verification in a future update
+            // Update last used timestamp
+            await passkeys_1.default.updateOne({ _id: passkey._id }, { last_used_at: Date.now(), updated_at: Date.now() });
+            // Generate JWT token
+            const jwtSecret = process.env.JWT_SECRET;
+            if (!jwtSecret) {
+                throw new Error('JWT_SECRET environment variable is required');
+            }
+            const jwt = require('jsonwebtoken');
+            const token = jwt.sign({
+                userId: user._id,
+                email: user.email,
+                role: user.role
+            }, jwtSecret, { expiresIn: '24h' });
+            res.json({
+                message: 'Passkey authentication successful',
+                token,
+                user: {
+                    id: user._id,
+                    email: user.email,
+                    first_name: user.first_name,
+                    middle_name: user.middle_name,
+                    last_name: user.last_name,
+                    full_name: `${user.first_name} ${user.last_name}`,
+                    role: user.role,
+                    employee_id: user.employee_id,
+                    is_active: user.is_active
+                }
+            });
+        }
+        catch (err) {
+            console.error('Passkey verification error', err);
+            res.status(500).json({ message: 'Passkey authentication failed', error: String(err) });
+        }
+    }
+}
+exports.AuthController = AuthController;

package/dist/controllers/employees/index.d.ts

@@ -0,0 +1,38 @@
+import { Response } from 'express';
+import type { MulterRequest } from '../../types';
+declare class Employees {
+    /**
+     * Create a new employee
+     * Accepts form data with:
+     * - first_name (required)
+     * - middle_name (optional)
+     * - last_name (required)
+     * - address (optional)
+     * - contact_number (optional)
+     * - email (optional)
+     * - position (optional)
+     * - department (optional)
+     */
+    create(req: MulterRequest & {
+        body?: Record<string, any>;
+    }, res: Response): Promise<void>;
+    /**
+     * Get all employees
+     */
+    getAll(req: MulterRequest, res: Response): Promise<void>;
+    /**
+     * Get employee by ID
+     */
+    getById(req: MulterRequest, res: Response): Promise<void>;
+    /**
+     * Update employee
+     */
+    update(req: MulterRequest & {
+        body?: Record<string, any>;
+    }, res: Response): Promise<void>;
+    /**
+     * Soft delete employee
+     */
+    delete(req: MulterRequest, res: Response): Promise<void>;
+}
+export default Employees;