create-nodemin-app 1.0.16

package/templates/HRMS_Mongodb/backend/package.json

@@ -0,0 +1,26 @@
+{
+  "name": "dab-hrms-backend",
+  "version": "1.0.0",
+  "description": "DAB Enterprise HRMS API",
+  "main": "src/server.js",
+  "type": "module",
+  "scripts": {
+    "start": "node src/server.js",
+    "dev": "nodemon src/server.js",
+    "seed": "node src/utils/seed.js"
+  },
+  "dependencies": {
+    "bcryptjs": "^2.4.3",
+    "cors": "^2.8.5",
+    "dotenv": "^16.4.7",
+    "express": "^4.21.2",
+    "express-mongo-sanitize": "^2.2.0",
+    "express-rate-limit": "^7.5.0",
+    "express-validator": "^7.2.1",
+    "helmet": "^8.0.0",
+    "jsonwebtoken": "^9.0.2",
+    "mongoose": "^8.9.3",
+    "nodemon": "^3.1.14",
+    "xss-clean": "^0.1.4"
+  }
+}

package/templates/HRMS_Mongodb/backend/src/config/db.js

@@ -0,0 +1,9 @@
+import mongoose from 'mongoose';
+
+const connectDB = async () => {
+  const uri = process.env.MONGODB_URI || 'mongodb://127.0.0.1:27017/dab_hrms';
+  await mongoose.connect(uri);
+  console.log(`MongoDB connected: ${mongoose.connection.host}`);
+};
+
+export default connectDB;

package/templates/HRMS_Mongodb/backend/src/controllers/authController.js

@@ -0,0 +1,187 @@
+import jwt from 'jsonwebtoken';
+import User from '../models/User.js';
+import Employee from '../models/Employee.js';
+import Department from '../models/Department.js';
+import Position from '../models/Position.js';
+
+// --- Helper Functions ---
+
+const signToken = (id) =>
+  jwt.sign({ id }, process.env.JWT_SECRET, {
+    expiresIn: process.env.JWT_EXPIRE || '7d',
+  });
+
+const sendTokenResponse = (user, statusCode, res) => {
+  const token = signToken(user._id);
+  const userObj = user.toObject();
+  delete userObj.password;
+
+  res.status(statusCode).json({
+    success: true,
+    token,
+    user: userObj,
+  });
+};
+
+// --- Authentication Controllers ---
+
+/**
+ * @desc    Authenticate user & get token
+ * @route   POST /api/auth/login
+ * @access  Public
+ */
+export const login = async (req, res, next) => {
+  try {
+    const { userName, password } = req.body;
+
+    const user = await User.findOne({ userName })
+      .select('+password')
+      .populate({
+        path: 'employee',
+        populate: [{ path: 'department' }, { path: 'position' }],
+      });
+
+    if (!user || !(await user.comparePassword(password))) {
+      return res.status(401).json({ success: false, message: 'Invalid username or password' });
+    }
+
+    sendTokenResponse(user, 200, res);
+  } catch (error) {
+    next(error);
+  }
+};
+
+/**
+ * @desc    Register a new user and employee profile
+ * @route   POST /api/auth/register
+ * @access  Public
+ */
+export const register = async (req, res, next) => {
+  try {
+    const { userName, password, email } = req.body;
+    const formattedEmail = email.toLowerCase().trim();
+
+    const existingUser = await User.findOne({ userName });
+    if (existingUser) {
+      return res.status(400).json({ success: false, message: 'Username is already taken' });
+    }
+
+    const existingEmail = await Employee.findOne({ empEmail: formattedEmail });
+    if (existingEmail) {
+      return res.status(400).json({ success: false, message: 'An account with this email already exists' });
+    }
+
+    let department = await Department.findOne().sort({ departName: 1 });
+    if (!department) {
+      department = await Department.create({
+        departName: 'General Administration',
+        departname: 'General Administration'
+      });
+    }
+
+    let position = await Position.findOne().sort({ posName: 1 });
+    if (!position) {
+      position = await Position.create({
+        posName: 'Staff Member',
+        posname: 'Staff Member',
+        RequiredQualification: 'Not Specified',
+        requiredQualification: 'Not Specified'
+      });
+    }
+
+    const employee = await Employee.create({
+      empFirstName: userName,
+      empLastName: 'Employee',
+      empEmail: formattedEmail,
+      empTelephone: 'N/A',
+      empGender: 'Other',
+      empAddress: 'Kigali, Rwanda',
+      empDateOfBirth: new Date('1995-01-01'),
+      empHireDate: new Date(),
+      empStatus: 'Active',
+      department: department._id,
+      position: position._id,
+    });
+
+    await User.create({
+      userName,
+      password,
+      employee: employee._id,
+    });
+
+    res.status(201).json({
+      success: true,
+      message: 'Your account has been created. You can now sign in.',
+    });
+  } catch (error) {
+    next(error);
+  }
+};
+
+/**
+ * @desc    Custom User-defined Password Provision (Reset Flow)
+ * @route   POST /api/auth/reset-password
+ * @access  Public
+ */
+export const resetPassword = async (req, res, next) => {
+  try {
+    const { email, password, confirmPassword } = req.body;
+
+    // 1. Core Defensively Safe Parameter Checks (Prevents uncaught crashes changing to 404s)
+    if (!email) {
+      return res.status(400).json({ success: false, message: 'Email field is empty or format was corrupted' });
+    }
+
+    if (!password || !confirmPassword) {
+      return res.status(400).json({ success: false, message: 'Please provide and confirm your new password' });
+    }
+
+    if (password !== confirmPassword) {
+      return res.status(400).json({ success: false, message: 'Passwords do not match' });
+    }
+    
+    if (password.length < 6) {
+      return res.status(400).json({ success: false, message: 'Password must be at least 6 characters long' });
+    }
+
+    // Convert safely now that we verified the email variable string exists
+    const formattedEmail = String(email).toLowerCase().trim();
+
+    // 2. Query and link database profiles
+    const employee = await Employee.findOne({ empEmail: formattedEmail });
+    if (!employee) {
+      return res.status(404).json({
+        success: false,
+        message: 'No account found with this email address',
+      });
+    }
+
+    const user = await User.findOne({ employee: employee._id }).select('+password');
+    if (!user) {
+      return res.status(404).json({
+        success: false,
+        message: 'No user account linked to this employee email',
+      });
+    }
+
+    // 3. Mutate fields (triggers pre-save password encryption inside User schema automatically)
+    user.password = password;
+    await user.save();
+
+    res.status(200).json({
+      success: true,
+      message: 'Your password has been reset successfully. You can now use your new password to sign in.',
+    });
+  } catch (error) {
+    next(error);
+  }
+};
+
+/**
+ * @desc    Get currently logged-in user profile details
+ * @route   GET /api/auth/me
+ * @access  Private
+ */
+export const getMe = async (req, res) => {
+  res.status(200).json({ success: true, user: req.user });
+};

package/templates/HRMS_Mongodb/backend/src/controllers/departmentController.js

@@ -0,0 +1,70 @@
+import Department from '../models/Department.js';
+import Employee from '../models/Employee.js';
+
+export const getDepartments = async (req, res, next) => {
+  try {
+    const departments = await Department.find().sort({ departName: 1 });
+    res.status(200).json({ success: true, count: departments.length, data: departments });
+  } catch (error) {
+    next(error);
+  }
+};
+
+export const getDepartment = async (req, res, next) => {
+  try {
+    const department = await Department.findById(req.params.id);
+    if (!department) {
+      return res.status(404).json({ success: false, message: 'Department not found' });
+    }
+    const employees = await Employee.find({ department: department._id })
+      .populate('position')
+      .select('empFirstName empLastName empEmail empStatus');
+      
+    res.status(200).json({ success: true, data: { ...department.toObject(), employees } });
+  } catch (error) {
+    next(error);
+  }
+};
+
+export const createDepartment = async (req, res, next) => {
+  try {
+    const department = await Department.create(req.body);
+    res.status(201).json({ success: true, data: department });
+  } catch (error) {
+    next(error);
+  }
+};
+
+export const updateDepartment = async (req, res, next) => {
+  try {
+    const department = await Department.findByIdAndUpdate(req.params.id, req.body, {
+      new: true,
+      runValidators: true,
+    });
+    if (!department) {
+      return res.status(404).json({ success: false, message: 'Department not found' });
+    }
+    res.status(200).json({ success: true, data: department });
+  } catch (error) {
+    next(error);
+  }
+};
+
+export const deleteDepartment = async (req, res, next) => {
+  try {
+    const count = await Employee.countDocuments({ department: req.params.id });
+    if (count > 0) {
+      return res.status(400).json({
+        success: false,
+        message: `Cannot delete department with ${count} assigned employee(s)`,
+      });
+    }
+    const department = await Department.findByIdAndDelete(req.params.id);
+    if (!department) {
+      return res.status(404).json({ success: false, message: 'Department not found' });
+    }
+    res.status(200).json({ success: true, message: 'Department deleted successfully' });
+  } catch (error) {
+    next(error);
+  }
+};

package/templates/HRMS_Mongodb/backend/src/controllers/employeeController.js

@@ -0,0 +1,178 @@
+import Employee from '../models/Employee.js';
+
+export const getEmployees = async (req, res, next) => {
+  try {
+    const employees = await Employee.find()
+      .populate('department')
+      .populate('position')
+      .sort({ createdAt: -1 });
+
+    res.status(200).json({ success: true, count: employees.length, data: employees });
+  } catch (error) {
+    next(error);
+  }
+};
+
+export const getEmployee = async (req, res, next) => {
+  try {
+    const employee = await Employee.findById(req.params.id)
+      .populate('department')
+      .populate('position');
+
+    if (!employee) {
+      return res.status(404).json({ success: false, message: 'Employee not found' });
+    }
+
+    res.status(200).json({ success: true, data: employee });
+  } catch (error) {
+    next(error);
+  }
+};
+
+export const createEmployee = async (req, res, next) => {
+  try {
+    const employee = await Employee.create(req.body);
+    const populated = await Employee.findById(employee._id)
+      .populate('department')
+      .populate('position');
+
+    res.status(201).json({ success: true, data: populated });
+  } catch (error) {
+    next(error);
+  }
+};
+
+export const updateEmployee = async (req, res, next) => {
+  try {
+    const employee = await Employee.findByIdAndUpdate(req.params.id, req.body, {
+      new: true,
+      runValidators: true,
+    })
+      .populate('department')
+      .populate('position');
+
+    if (!employee) {
+      return res.status(404).json({ success: false, message: 'Employee not found' });
+    }
+
+    res.status(200).json({ success: true, data: employee });
+  } catch (error) {
+    next(error);
+  }
+};
+
+export const deleteEmployee = async (req, res, next) => {
+  try {
+    const employee = await Employee.findByIdAndDelete(req.params.id);
+
+    if (!employee) {
+      return res.status(404).json({ success: false, message: 'Employee not found' });
+    }
+
+    res.status(200).json({ success: true, message: 'Employee deleted successfully' });
+  } catch (error) {
+    next(error);
+  }
+};
+
+// 1. FIXED & UPDATED STATS METHOD
+export const getEmployeeStats = async (req, res, next) => {
+  try {
+    // Run separate asynchronous database counts in parallel for optimal efficiency
+    const [
+      total,
+      active,
+      onLeave,
+      left,
+      blacklisted,
+      deceased,
+      onMission
+    ] = await Promise.all([
+      Employee.countDocuments(),
+      Employee.countDocuments({ empStatus: 'Active' }),
+      Employee.countDocuments({ empStatus: 'On Leave' }),
+      Employee.countDocuments({ empStatus: 'Left' }),
+      Employee.countDocuments({ empStatus: 'Blacklisted' }),
+      Employee.countDocuments({ empStatus: 'Deceased' }),
+      Employee.countDocuments({ empStatus: 'On Mission' })
+    ]);
+    
+    const byDepartment = await Employee.aggregate([
+      {
+        $lookup: {
+          from: 'departments',
+          localField: 'department',
+          foreignField: '_id',
+          as: 'dept',
+        },
+      },
+      { $unwind: '$dept' },
+      { $group: { _id: '$dept.departName', count: { $sum: 1 } } },
+      { $sort: { count: -1 } },
+    ]);
+
+    res.status(200).json({
+      success: true,
+      data: { 
+        total, 
+        active, 
+        onLeave,
+        left,
+        blacklisted,
+        deceased,
+        onMission,
+        byDepartment 
+      },
+    });
+  } catch (error) {
+    next(error);
+  }
+};
+
+// Leave Report
+export const getLeaveReport = async (req, res, next) => {
+  try {
+    const leaveReport = await Employee.aggregate([
+      // A. Match only people on leave
+      { $match: { empStatus: 'On Leave' } },
+      // B. Lookup relationship attributes inside the departments collection
+      {
+        $lookup: {
+          from: 'departments',
+          localField: 'department',
+          foreignField: '_id',
+          as: 'deptDetails'
+        }
+      },
+      { $unwind: { path: '$deptDetails', preserveNullAndEmptyArrays: true } },
+      // C. Group documents under department designations
+      {
+        $group: {
+          _id: { $ifNull: ['$deptDetails.departName', 'Unassigned Department'] },
+          employees: {
+            $push: {
+              id: '$_id',
+              name: { $concat: ['$empFirstName', ' ', '$empLastName'] },
+              email: '$empEmail',
+              telephone: '$empTelephone',
+              status: '$empStatus'
+            }
+          },
+          totalInDepartment: { $sum: 1 }
+        }
+      },
+      { $sort: { _id: 1 } }
+    ]);
+
+    // Calculate absolute sum aggregate metrics total
+    const grandTotal = leaveReport.reduce((acc, current) => acc + current.totalInDepartment, 0);
+
+    res.status(200).json({
+      success: true,
+      totalEmployeesOnLeave: grandTotal,
+      reportData: leaveReport
+    });
+  } catch (error) {
+    next(error);
+  }
+};

package/templates/HRMS_Mongodb/backend/src/controllers/positionController.js

@@ -0,0 +1,66 @@
+import Position from '../models/Position.js';
+import Employee from '../models/Employee.js';
+
+export const getPositions = async (req, res, next) => {
+  try {
+    const positions = await Position.find().sort({ posName: 1 });
+    res.status(200).json({ success: true, count: positions.length, data: positions });
+  } catch (error) {
+    next(error);
+  }
+};
+
+export const getPosition = async (req, res, next) => {
+  try {
+    const position = await Position.findById(req.params.id);
+    if (!position) {
+      return res.status(404).json({ success: false, message: 'Position not found' });
+    }
+    res.status(200).json({ success: true, data: position });
+  } catch (error) {
+    next(error);
+  }
+};
+
+export const createPosition = async (req, res, next) => {
+  try {
+    const position = await Position.create(req.body);
+    res.status(201).json({ success: true, data: position });
+  } catch (error) {
+    next(error);
+  }
+};
+
+export const updatePosition = async (req, res, next) => {
+  try {
+    const position = await Position.findByIdAndUpdate(req.params.id, req.body, {
+      new: true,
+      runValidators: true,
+    });
+    if (!position) {
+      return res.status(404).json({ success: false, message: 'Position not found' });
+    }
+    res.status(200).json({ success: true, data: position });
+  } catch (error) {
+    next(error);
+  }
+};
+
+export const deletePosition = async (req, res, next) => {
+  try {
+    const count = await Employee.countDocuments({ position: req.params.id });
+    if (count > 0) {
+      return res.status(400).json({
+        success: false,
+        message: `Cannot delete position with ${count} assigned employee(s)`,
+      });
+    }
+    const position = await Position.findByIdAndDelete(req.params.id);
+    if (!position) {
+      return res.status(404).json({ success: false, message: 'Position not found' });
+    }
+    res.status(200).json({ success: true, message: 'Position deleted successfully' });
+  } catch (error) {
+    next(error);
+  }
+};

package/templates/HRMS_Mongodb/backend/src/middleware/auth.js

@@ -0,0 +1,57 @@
+import jwt from 'jsonwebtoken';
+import User from '../models/User.js';
+
+/**
+ * @desc    Protect routes - Verify JWT token and attach fully populated user to request
+ */
+export const protect = async (req, res, next) => {
+  let token;
+
+  // 1. Check for token in the Authorization header
+  if (
+    req.headers.authorization &&
+    req.headers.authorization.startsWith('Bearer')
+  ) {
+    token = req.headers.authorization.split(' ')[1];
+  }
+
+  // 2. Make sure token exists
+  if (!token) {
+    return res.status(401).json({ 
+      success: false, 
+      message: 'Not authorized to access this route. Token missing.' 
+    });
+  }
+
+  try {
+    // 3. Verify token encryption integrity
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+
+    // 4. Fetch the user identity and deeply populate structural profile links
+    // This matches the exact payload configuration of the login controller
+    req.user = await User.findById(decoded.id).populate({
+      path: 'employee',
+      populate: [
+        { path: 'department' }, 
+        { path: 'position' }
+      ],
+    });
+
+    // 5. Ensure the database document still exists
+    if (!req.user) {
+      return res.status(401).json({ 
+        success: false, 
+        message: 'The user belonging to this token no longer exists.' 
+      });
+    }
+
+    // 6. Grant access to the protected controller route
+    next();
+  } catch (error) {
+    console.error('Auth middleware verification failure:', error.message);
+    return res.status(401).json({ 
+      success: false, 
+      message: 'Not authorized to access this route. Session expired or invalid.' 
+    });
+  }
+};

package/templates/HRMS_Mongodb/backend/src/middleware/errorHandler.js

@@ -0,0 +1,32 @@
+export const notFound = (req, res, next) => {
+  const error = new Error(`Not found - ${req.originalUrl}`);
+  res.status(404);
+  next(error);
+};
+
+export const errorHandler = (err, req, res, next) => {
+  const statusCode = res.statusCode === 200 ? 500 : res.statusCode;
+
+  if (err.name === 'ValidationError') {
+    const messages = Object.values(err.errors).map((e) => e.message);
+    return res.status(400).json({ success: false, message: messages.join(', ') });
+  }
+
+  if (err.code === 11000) {
+    const field = Object.keys(err.keyValue)[0];
+    return res.status(400).json({
+      success: false,
+      message: `${field} already exists.`,
+    });
+  }
+
+  if (err.name === 'CastError') {
+    return res.status(400).json({ success: false, message: 'Invalid resource ID.' });
+  }
+
+  res.status(statusCode).json({
+    success: false,
+    message: err.message || 'Server error',
+    ...(process.env.NODE_ENV === 'development' && { stack: err.stack }),
+  });
+};

package/templates/HRMS_Mongodb/backend/src/middleware/restrictToAdmin.js

@@ -0,0 +1,5 @@
+// Neutralized middleware to guarantee system compatibility across legacy controller layers
+export const restrictToAdmin = (req, res, next) => {
+    // Everyone has absolute privileges - immediately pass control down the chain
+    next();
+  };

package/templates/HRMS_Mongodb/backend/src/middleware/validate.js

@@ -0,0 +1,13 @@
+import { validationResult } from 'express-validator';
+
+export const validate = (req, res, next) => {
+  const errors = validationResult(req);
+  if (!errors.isEmpty()) {
+    return res.status(400).json({
+      success: false,
+      message: 'Validation failed',
+      errors: errors.array().map((e) => ({ field: e.path, message: e.msg })),
+    });
+  }
+  next();
+};

package/templates/HRMS_Mongodb/backend/src/models/Department.js

@@ -0,0 +1,19 @@
+import mongoose from 'mongoose';
+
+const departmentSchema = new mongoose.Schema(
+  {
+    departName: {
+      type: String,
+      required: [true, 'Department name is required'],
+      unique: true,
+      trim: true,
+    },
+    description: {
+      type: String,
+      trim: true,
+    },
+  },
+  { timestamps: true }
+);
+
+export default mongoose.model('Department', departmentSchema);