newportsite 1.1.3

package/src/lib/scheduler/schedulerdialog.component.ts

@@ -0,0 +1,208 @@
+import {
+  Component,
+  HostListener,
+  AfterViewInit,
+  DestroyRef,
+  inject,
+  input,
+  output,
+  viewChild,
+  computed,
+  effect,
+  ChangeDetectionStrategy,
+} from '@angular/core';
+import { takeUntilDestroyed } from '@angular/core/rxjs-interop';
+
+import { GlobalService } from '../services/global.service';
+
+import { AppMessageService } from '../services/message.service';
+
+import { BsModalRef, ModalDirective } from 'ngx-bootstrap/modal';
+
+import { FormBuilder, Validators, ReactiveFormsModule } from '@angular/forms';
+
+import { ManagmentService } from '../home/model/services/index';
+import { ManagmentInterface, TransportInterface } from '../interfaces';
+import { NgxModalDraggableDirective } from '../directives/component.draggable';
+import { NgStyle } from '@angular/common';
+import { InputDirective } from '../directives/input.directive';
+
+interface AssignedType {
+  id: any;
+  name: any;
+}
+
+@Component({
+  selector: 'schedulerdialog',
+  templateUrl: 'schedulerdialog.component.html',
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  imports: [
+    ModalDirective,
+    NgxModalDraggableDirective,
+    NgStyle,
+    ReactiveFormsModule,
+    InputDirective,
+  ],
+})
+export class SchedulerDialogComponent implements AfterViewInit {
+  gsv = inject(GlobalService);
+  msg = inject(AppMessageService);
+  fbl = inject(FormBuilder);
+  msv = inject(ManagmentService);
+  private destroyRef = inject(DestroyRef);
+
+  readonly modal = viewChild.required<ModalDirective>('modal');
+
+  show = input<boolean>(false);
+  title = input<string>('');
+  text = input<string>('');
+  showconfirm = input<boolean>(false);
+  width = input<number>(0);
+  height = input<number>(0);
+  top = input<number>(0);
+  left = input<number>(0);
+
+  schedulerDialogResult = output<any>();
+
+  public remove: boolean = false;
+
+  public assigneds: AssignedType[] = [];
+
+  public schedulerInfo: SchedulerInfo = new SchedulerInfo();
+
+  public profileform = this.fbl.group({
+    assigned: [this.schedulerInfo.assigned, Validators.required],
+    description: [this.schedulerInfo.description, Validators.required],
+  });
+
+  public selected = -1;
+
+  public bsModalRef!: BsModalRef;
+
+  public managment!: ManagmentInterface;
+
+  readonly contextStyle = computed(() => ({
+    position: 'absolute',
+    top: this.top() + 'px',
+    left: this.left() + 'px',
+    width: this.width() + 'px',
+    height: this.height() + 'px',
+    pointerEvents: 'auto',
+  }));
+
+  /** Loads the assignee lookup table and wires the show-effect to open the modal. */
+  public constructor() {
+    this.managment = this.gsv.getManagmentInterface();
+    this.gsv.setLoaderState(true);
+    this.managment.appId = this.gsv.getYear() < 2024 ? 'TAB' : 'TBB';
+    this.managment.year = this.gsv.getYear();
+    this.managment.entId = this.gsv.getYear() < 2024 ? 'TIA' : 'MTBB_TIA';
+    this.managment.keyId = '1';
+    this.managment.functionId = 'read';
+    this.managment.keys = 'prg=0';
+    this.msv
+      .getData(this.managment)
+      .pipe(takeUntilDestroyed())
+      .subscribe({
+        next: (data: TransportInterface) => {
+          const modules = JSON.parse(data.dataFile as string).entities.filter(
+            (a: any) => a.name === this.managment.entId.toLocaleLowerCase()
+          )[0].modules;
+          modules.forEach((item: any) => {
+            this.assigneds.push({
+              id: item.members.filter((e: any) => e.name === 'tipo')[0].value,
+              name: item.members.filter((e: any) => e.name === 'descrizione')[0]
+                .value,
+            });
+          });
+          this.gsv.setLoaderState(false);
+        },
+        error: () => {
+          this.gsv.setLoaderState(false);
+        },
+      });
+
+    effect(() => {
+      if (this.show()) {
+        if ((this.gsv.getDialog()!.tag as any)?.extendedProps !== undefined) {
+          this.remove = true;
+          this.profileform.patchValue({
+            assigned: (this.gsv.getDialog()!.tag as any)?.extendedProps?.assigned,
+            description: (this.gsv.getDialog()!.tag as any)?.title?.split('-')[1],
+          });
+        }
+        this.openModal();
+      }
+    });
+  }
+
+  /** Lifecycle: resets the reactive form on first render. */
+  public ngAfterViewInit(): void {
+    this.profileform.reset();
+  }
+
+  @HostListener('document:keydown.escape', ['$event']) onKeydownHandler(
+    event: KeyboardEvent
+  ) {
+    event.stopImmediatePropagation();
+    this.remove = false;
+    this.closeDetail(false);
+  }
+
+  /** Shows the Bootstrap modal for the selected calendar event. */
+  public openModal() {
+    this.modal().show();
+  }
+
+  /** Returns the localised label for the close button ('Remove' in delete mode, 'Close' otherwise). */
+  get closeButtonText() {
+    return this.remove
+      ? this.msg?.get('app.remove')
+      : this.msg?.get('app.close');
+  }
+
+  /** Closes the modal and triggers deletion of the current event. */
+  public closeAndRemove() {
+    this.closeDetail(false, this.remove);
+  }
+
+  /**
+   * Hides the modal, serialises the form to a SchedulerInfo object, and emits
+   * schedulerDialogResult with the confirm status, event tag, staff assignment, and delete flag.
+   */
+  public closeDetail(status: boolean, remove: boolean = false) {
+    if (this.modal().isShown !== undefined) {
+      this.remove = remove;
+      const sch = this.profileform.value as SchedulerInfo;
+      this.modal().hide();
+      if (sch.assigned === null) {
+        this.schedulerDialogResult.emit({
+          value: status,
+          tag: this.gsv.getDialog()!.tag,
+          props: [''],
+          delete: this.remove,
+        });
+      } else {
+        this.schedulerDialogResult.emit({
+          value: status,
+          tag: this.gsv.getDialog()!.tag,
+          props: [
+            this.assigneds[parseFloat(sch?.assigned?.toString() ?? '-1') - 1]
+              .name +
+              '-' +
+              sch?.description?.toUpperCase(),
+            sch?.assigned,
+          ],
+          delete: this.remove,
+        });
+      }
+      this.profileform.reset();
+      this.remove = false;
+    }
+  }
+}
+
+class SchedulerInfo {
+  public description: string = '';
+  public assigned: number = -1;
+}

package/src/lib/scheduler/services/scheduler.service.ts

@@ -0,0 +1,133 @@
+import { Injectable, inject } from '@angular/core';
+import { HttpClient, HttpErrorResponse } from '@angular/common/http';
+import { Observable, throwError } from 'rxjs';
+import { GlobalService } from '../../services/global.service';
+
+import { SchedulerInterface, TransportInterface } from '../../interfaces/index';
+
+import { catchError, retry } from 'rxjs/operators';
+
+@Injectable()
+export class SchedulerService {
+  private http = inject(HttpClient);
+  private globalService = inject(GlobalService);
+
+  private schedulersUrl: string =
+    this.globalService.restService() + 'scheduler';
+
+  /** Sends DELETE DeleteSchedulerItem/{year}/{id} to remove a calendar event. */
+  public deleteItem(scheduler: SchedulerInterface): Observable<boolean> {
+    return this.http
+      .delete<boolean>(
+        this.schedulersUrl +
+          '/' +
+          'DeleteSchedulerItem' +
+          '/' +
+          scheduler.year +
+          '/' +
+          scheduler.id,
+        this.globalService.jwt()
+      )
+      .pipe(retry(3), catchError(this.handleError));
+  }
+
+  /** Fetches a single scheduler record by year and id. */
+  public getSchedulerData(
+    scheduler: SchedulerInterface
+  ): Observable<TransportInterface> {
+    return this.http
+      .get<TransportInterface>(
+        this.schedulersUrl +
+          '/' +
+          'GetSchedulerData' +
+          '/' +
+          scheduler.year +
+          '/' +
+          scheduler.id,
+        this.globalService.jwt()
+      )
+      .pipe(retry(3), catchError(this.handleError));
+  }
+
+  /** Fetches all scheduler records for the given year. */
+  public getSchedulerDataAll(
+    scheduler: SchedulerInterface
+  ): Observable<TransportInterface> {
+    return this.http
+      .get<TransportInterface>(
+        this.schedulersUrl + '/' + 'GetSchedulerDataAll' + '/' + scheduler.year,
+        this.globalService.jwt()
+      )
+      .pipe(retry(3), catchError(this.handleError));
+  }
+
+  /** Fetches scheduler records within the given date range; throws if start/end are missing. */
+  public getSchedulerDataRange(
+    scheduler: SchedulerInterface
+  ): Observable<TransportInterface> {
+    if (!scheduler.start || !scheduler.end) {
+      return throwError(() => new Error('Start and end dates are required'));
+    }
+
+    return this.http
+      .get<TransportInterface>(
+        this.schedulersUrl +
+          '/' +
+          'GetSchedulerDataRange' +
+          '/' +
+          scheduler.year +
+          '/' +
+          scheduler.start.toDateString() +
+          '/' +
+          scheduler.end.toDateString(),
+        this.globalService.jwt()
+      )
+      .pipe(retry(3), catchError(this.handleError));
+  }
+
+  /** Sends POST to create a new scheduler event. */
+  public postData(
+    scheduler: SchedulerInterface
+  ): Observable<TransportInterface> {
+    return this.http
+      .post<TransportInterface>(
+        this.schedulersUrl,
+        JSON.stringify(scheduler),
+        this.globalService.jwt()
+      )
+      .pipe(retry(3), catchError(this.handleError));
+  }
+
+  /** Sends PUT to update an existing scheduler event. */
+  public putData(
+    scheduler: SchedulerInterface
+  ): Observable<TransportInterface> {
+    return this.http
+      .put<TransportInterface>(
+        this.schedulersUrl,
+        JSON.stringify(scheduler),
+        this.globalService.jwt()
+      )
+      .pipe(retry(3), catchError(this.handleError));
+  }
+
+  /** Maps client-side network errors and HTTP status codes to a typed Error observable. */
+  private handleError(error: HttpErrorResponse): Observable<never> {
+    let errorMessage = 'An error occurred';
+
+    if (error.error instanceof ErrorEvent) {
+      // Client-side or network error
+      errorMessage = `Client Error: ${error.error.message}`;
+      console.error('Client-side error:', error.error.message);
+    } else {
+      // Backend error
+      errorMessage = `Server Error (${error.status}): ${error.message}`;
+      console.error(
+        `Backend returned code ${error.status}, body:`,
+        error.error
+      );
+    }
+
+    return throwError(() => new Error(errorMessage));
+  }
+}

package/src/lib/services/auth-state.service.ts

@@ -0,0 +1,129 @@
+import { Injectable, PLATFORM_ID, inject } from '@angular/core';
+import { isPlatformBrowser } from '@angular/common';
+import { HttpClient, HttpHeaders } from '@angular/common/http';
+import { BehaviorSubject, Observable, throwError } from 'rxjs';
+import { catchError, filter, switchMap, take, tap } from 'rxjs/operators';
+import { User } from '../auth/models/index';
+import { NEWPORT_CONFIG } from '../config';
+
+@Injectable({ providedIn: 'root' })
+export class AuthStateService {
+  private http = inject(HttpClient);
+  private config = inject(NEWPORT_CONFIG);
+  private readonly isBrowser = isPlatformBrowser(inject(PLATFORM_ID));
+
+  private isRefreshing = false;
+  private refreshTokenSubject = new BehaviorSubject<string | null>(null);
+
+  /** Returns true if a non-expired JWT token exists in the current session. */
+  public isLogged(): boolean {
+    const user = this.getCurrentUser();
+    if (!user?.token) return false;
+    return !this.isTokenExpired(user.token);
+  }
+
+  /** Reads and deserialises the current user from sessionStorage; returns null on SSR or parse error. */
+  public getCurrentUser(): User | null {
+    if (!this.isBrowser) return null;
+    try {
+      const userStr = sessionStorage.getItem('currentUser');
+      return userStr ? JSON.parse(userStr) : null;
+    } catch (error) {
+      console.error('Error reading currentUser from sessionStorage:', error);
+      return null;
+    }
+  }
+
+  /** Persists the given user to sessionStorage, or removes the entry when null. */
+  public setCurrentUser(currentUser: User | null): void {
+    if (!this.isBrowser) return;
+    try {
+      if (currentUser) {
+        sessionStorage.setItem('currentUser', JSON.stringify(currentUser));
+      } else {
+        sessionStorage.removeItem('currentUser');
+      }
+    } catch (error) {
+      console.error('Error writing currentUser to sessionStorage:', error);
+    }
+  }
+
+  /** Returns the display name of the currently logged-in user, or an empty string. */
+  public loggedUser(): string {
+    return this.getCurrentUser()?.name ?? '';
+  }
+
+  public jwt(): { headers: HttpHeaders };
+  public jwt(fileType: string): { headers: HttpHeaders; reportProgress: boolean; responseType: 'blob' };
+  /** Builds the HTTP options object with the Authorization header; adds blob/progress options when fileType is provided. */
+  public jwt(fileType?: string): { headers: HttpHeaders; reportProgress?: boolean; responseType?: 'blob' } {
+    const headers = this.getHeaders(this.getCurrentUser());
+    if (!fileType) {
+      return { headers };
+    }
+    return { headers, reportProgress: true, responseType: 'blob' };
+  }
+
+  /** Constructs an HttpHeaders object with JSON content-type and, if a user is provided, a Bearer token. */
+  public getHeaders(user: User | null): HttpHeaders {
+    if (user !== null && user !== undefined) {
+      return new HttpHeaders()
+        .set('Content-Type', 'application/json')
+        .set('Authorization', 'Bearer ' + user.token);
+    }
+    return new HttpHeaders().set('Content-Type', 'application/json');
+  }
+
+  /**
+   * Performs the token refresh call against POST {apiUrl}users/refresh.
+   * Concurrent callers wait on refreshTokenSubject instead of issuing
+   * duplicate refresh requests.
+   */
+  public refreshAccessToken(): Observable<string> {
+    if (this.isRefreshing) {
+      return this.refreshTokenSubject.pipe(
+        filter((token): token is string => token !== null),
+        take(1)
+      );
+    }
+
+    const user = this.getCurrentUser();
+    if (!user?.refreshToken) {
+      return throwError(() => new Error('No refresh token available'));
+    }
+
+    this.isRefreshing = true;
+    this.refreshTokenSubject.next(null);
+
+    return this.http
+      .post<User>(
+        `${this.config.apiUrl}users/refresh`,
+        { refreshToken: user.refreshToken },
+        { headers: new HttpHeaders({ 'Content-Type': 'application/json' }) }
+      )
+      .pipe(
+        tap((refreshed) => {
+          const updated: User = { ...user, token: refreshed.token, refreshToken: refreshed.refreshToken };
+          this.setCurrentUser(updated);
+          this.isRefreshing = false;
+          this.refreshTokenSubject.next(refreshed.token);
+        }),
+        switchMap((refreshed) => [refreshed.token]),
+        catchError((err) => {
+          this.isRefreshing = false;
+          this.refreshTokenSubject.next(null);
+          return throwError(() => err);
+        })
+      );
+  }
+
+  /** Returns true if the JWT payload's exp claim is in the past. */
+  private isTokenExpired(token: string): boolean {
+    try {
+      const payload = JSON.parse(atob(token.split('.')[1]));
+      return payload.exp ? payload.exp * 1000 < Date.now() : false;
+    } catch {
+      return true;
+    }
+  }
+}

package/src/lib/services/auth.interceptor.spec.ts

@@ -0,0 +1,144 @@
+import { TestBed } from '@angular/core/testing';
+import { HttpClient, provideHttpClient, withInterceptors } from '@angular/common/http';
+import { HttpTestingController, provideHttpClientTesting } from '@angular/common/http/testing';
+import { Router } from '@angular/router';
+import { Location } from '@angular/common';
+import { authInterceptor } from './auth.interceptor';
+import { GlobalService } from './global.service';
+import { User } from '../auth/models/index';
+import { NEWPORT_CONFIG } from '../config';
+
+const TEST_CONFIG = { apiUrl: 'http://test/', logicFactory: () => {}, projectsInfoLoader: () => Promise.resolve({}) };
+
+describe('authInterceptor', () => {
+  let http: HttpClient;
+  let httpMock: HttpTestingController;
+  let gsv: GlobalService;
+
+  const routerStub = { navigateByUrl: jest.fn().mockResolvedValue(true) };
+  const locationStub = { normalize: (url: string) => url };
+
+  function makeJwt(exp: number): string {
+    return `header.${btoa(JSON.stringify({ exp }))}.sig`;
+  }
+
+  function loggedInUser(): User {
+    return {
+      name: 'Mario',
+      token: makeJwt(Math.floor(Date.now() / 1000) + 3600),
+      refreshToken: 'valid-refresh-token',
+    } as unknown as User;
+  }
+
+  beforeEach(() => {
+    localStorage.clear();
+    jest.clearAllMocks();
+    TestBed.configureTestingModule({
+      providers: [
+        GlobalService,
+        { provide: Router, useValue: routerStub },
+        { provide: Location, useValue: locationStub },
+        { provide: NEWPORT_CONFIG, useValue: TEST_CONFIG },
+        provideHttpClient(withInterceptors([authInterceptor])),
+        provideHttpClientTesting(),
+      ],
+    });
+    http = TestBed.inject(HttpClient);
+    httpMock = TestBed.inject(HttpTestingController);
+    gsv = TestBed.inject(GlobalService);
+  });
+
+  afterEach(() => httpMock.verify());
+
+  it('adds Authorization header when user has a valid token', () => {
+    gsv.setCurrentUser(loggedInUser());
+
+    http.get('/api/test').subscribe();
+    const req = httpMock.expectOne('/api/test');
+
+    expect(req.request.headers.get('Authorization')).toMatch(/^Bearer /);
+    req.flush({});
+  });
+
+  it('does not override an existing Authorization header', () => {
+    gsv.setCurrentUser(loggedInUser());
+
+    http.get('/api/test', { headers: { Authorization: 'Bearer custom-token' } }).subscribe();
+    const req = httpMock.expectOne('/api/test');
+
+    expect(req.request.headers.get('Authorization')).toBe('Bearer custom-token');
+    req.flush({});
+  });
+
+  it('does not add Authorization header when no user is logged in', () => {
+    http.get('/api/test').subscribe();
+    const req = httpMock.expectOne('/api/test');
+
+    expect(req.request.headers.has('Authorization')).toBe(false);
+    req.flush({});
+  });
+
+  it('calls logOff when the server returns 401 and refresh also fails', () => {
+    const logOffSpy = jest.spyOn(gsv, 'logOff').mockImplementation(() => {});
+    gsv.setCurrentUser(loggedInUser());
+
+    http.get('/api/test').subscribe({ error: () => {} });
+    httpMock.expectOne('/api/test').flush('Unauthorized', { status: 401, statusText: 'Unauthorized' });
+    httpMock.expectOne('http://test/users/refresh').flush('Unauthorized', { status: 401, statusText: 'Unauthorized' });
+
+    expect(logOffSpy).toHaveBeenCalledTimes(1);
+  });
+
+  it('calls logOff when 401 occurs and no refresh token is stored', () => {
+    const logOffSpy = jest.spyOn(gsv, 'logOff').mockImplementation(() => {});
+
+    http.get('/api/test').subscribe({ error: () => {} });
+    httpMock.expectOne('/api/test').flush('Unauthorized', { status: 401, statusText: 'Unauthorized' });
+
+    expect(logOffSpy).toHaveBeenCalledTimes(1);
+  });
+
+  it('does not call logOff for 500 errors', () => {
+    const logOffSpy = jest.spyOn(gsv, 'logOff').mockImplementation(() => {});
+
+    http.get('/api/test').subscribe({ error: () => {} });
+    const req = httpMock.expectOne('/api/test');
+    req.flush('Server error', { status: 500, statusText: 'Internal Server Error' });
+
+    expect(logOffSpy).not.toHaveBeenCalled();
+  });
+
+  it('retries the original request with the new token after a successful refresh', done => {
+    const user = loggedInUser();
+    gsv.setCurrentUser(user);
+
+    http.get('/api/test').subscribe({
+      next: (data) => {
+        expect(data).toEqual({ ok: true });
+        done();
+      },
+    });
+
+    httpMock.expectOne('/api/test').flush('', { status: 401, statusText: 'Unauthorized' });
+    httpMock.expectOne('http://test/users/refresh').flush({
+      token: makeJwt(Math.floor(Date.now() / 1000) + 7200),
+      refreshToken: 'new-refresh-token',
+    });
+    httpMock.expectOne('/api/test').flush({ ok: true });
+  });
+
+  it('re-throws an error after a 401 when refresh also fails', done => {
+    gsv.setCurrentUser(loggedInUser());
+    jest.spyOn(gsv, 'logOff').mockImplementation(() => {});
+
+    http.get('/api/test').subscribe({
+      error: err => {
+        expect(err).toBeTruthy();
+        done();
+      },
+    });
+
+    httpMock.expectOne('/api/test').flush('', { status: 401, statusText: 'Unauthorized' });
+    httpMock.expectOne('http://test/users/refresh').flush('', { status: 401, statusText: 'Unauthorized' });
+  });
+});

package/src/lib/services/auth.interceptor.ts

@@ -0,0 +1,44 @@
+import { HttpErrorResponse, HttpInterceptorFn } from '@angular/common/http';
+import { inject } from '@angular/core';
+import { catchError, switchMap, throwError } from 'rxjs';
+import { GlobalService } from './global.service';
+import { AuthStateService } from './auth-state.service';
+
+/**
+ * Attaches the JWT Bearer token to every outgoing request.
+ * On 401, attempts a single token refresh via POST users/refresh and retries
+ * the original request. If the refresh also fails the user is logged out.
+ * Concurrent 401s are queued by AuthStateService and resolved together.
+ */
+export const authInterceptor: HttpInterceptorFn = (req, next) => {
+  const gsv = inject(GlobalService);
+  const authState = inject(AuthStateService);
+
+  const isRefreshCall = req.url.includes('users/refresh');
+
+  let authReq = req;
+  if (!req.headers.has('Authorization') && !isRefreshCall) {
+    const user = gsv.getCurrentUser();
+    if (user?.token) {
+      authReq = req.clone({ setHeaders: { Authorization: `Bearer ${user.token}` } });
+    }
+  }
+
+  return next(authReq).pipe(
+    catchError((error: HttpErrorResponse) => {
+      if (error.status === 401 && !isRefreshCall) {
+        return authState.refreshAccessToken().pipe(
+          switchMap((newToken) => {
+            const retryReq = req.clone({ setHeaders: { Authorization: `Bearer ${newToken}` } });
+            return next(retryReq);
+          }),
+          catchError((refreshError) => {
+            gsv.logOff();
+            return throwError(() => refreshError);
+          })
+        );
+      }
+      return throwError(() => error);
+    })
+  );
+};