fix: tailwind v4 postcss, auth-server session, eslint cleanups

2025-10-09 15:47:56 +07:00
parent 670228b76e
commit bbfbc5b910
117 changed files with 4005 additions and 3414 deletions
--- a/backend/src/routes/users.js
+++ b/backend/src/routes/users.js
@@ -1,99 +1,55 @@
-// File: backend/src/routes/users.js
-import { Router } from 'express';
-import { User, Role } from '../db/sequelize.js';
-import { authJwt } from "../middleware/authJwt.js";
-import { loadPrincipalMw } from "../middleware/loadPrincipal.js"; // แก้ไข: import ให้ถูกต้อง
-import { requirePerm } from '../middleware/requirePerm.js';
-import { hashPassword } from '../utils/passwords.js';
+// FILE: backend/src/routes/users.js
+import { Router } from "express";
+import sql from "../db/index.js";
+import { requirePerm } from "../middleware/requirePerm.js";

-const router = Router();
+const r = Router();

-// Middleware Chain ที่ถูกต้อง 100%
-router.use(authJwt(), loadPrincipalMw());
-
-// GET /api/users
-router.get('/', requirePerm('users.view'), async (req, res, next) => {
-    try {
-        const users = await User.findAll({
-            attributes: { exclude: ['password_hash'] },
-            include: [{ model: Role, attributes: ['id', 'name'], through: { attributes: [] } }],
-            order: [['username', 'ASC']]
-        });
-        res.json(users);
-    } catch (error) { next(error); }
+// ME (ทุกคน)
+r.get("/me", async (req, res) => {
+  const p = req.principal;
+  const [[u]] = await sql.query(
+    `SELECT user_id, username, email, first_name, last_name, org_id FROM users WHERE user_id=?`,
+    [p.user_id]
+  );
+  if (!u) return res.status(404).json({ error: "User not found" });
+  const [roles] = await sql.query(
+    `SELECT r.role_code, r.role_name, ur.org_id, ur.project_id
+       FROM user_roles ur JOIN roles r ON r.role_id = ur.role_id
+      WHERE ur.user_id=?`,
+    [p.user_id]
+  );
+  res.json({
+    ...u,
+    roles,
+    role_codes: roles.map((r) => r.role_code),
+    permissions: [...(p.permissions || [])],
+    project_ids: p.project_ids,
+    org_ids: p.org_ids,
+    is_superadmin: p.is_superadmin,
+  });
 });

-// POST /api/users
-router.post('/', requirePerm('users.manage'), async (req, res, next) => {
-    const { username, email, password, first_name, last_name, is_active, roles } = req.body;
-    if (!username || !email || !password) {
-        return res.status(400).json({ message: 'Username, email, and password are required' });
+// USERS LIST (ORG scope) — admin.access
+r.get(
+  "/",
+  requirePerm("admin.access", { orgParam: "org_id" }),
+  async (req, res) => {
+    const P = req.principal;
+    let rows = [];
+    if (P.is_superadmin) {
+      [rows] = await sql.query(
+        "SELECT user_id, username, email, org_id FROM users ORDER BY user_id DESC LIMIT 500"
+      );
+    } else if (P.org_ids?.length) {
+      const inSql = P.org_ids.map(() => "?").join(",");
+      [rows] = await sql.query(
+        `SELECT user_id, username, email, org_id FROM users WHERE org_id IN (${inSql}) ORDER BY user_id DESC LIMIT 500`,
+        P.org_ids
+      );
    }
-    try {
-        const password_hash = await hashPassword(password);
-        const newUser = await User.create({
-            username, email, password_hash, first_name, last_name, is_active: is_active !== false,
-            created_by: req.principal.user_id,
-            updated_by: req.principal.user_id,
-            org_id: req.principal.org_ids[0] || null,
-        });
+    res.json(rows);
+  }
+);

-        if (roles && roles.length > 0) {
-            await newUser.setRoles(roles);
-        }
-
-        const userWithRoles = await User.findByPk(newUser.id, {
-            attributes: { exclude: ['password_hash'] },
-            include: [{ model: Role, attributes: ['id', 'name'], through: { attributes: [] } }]
-        });
-        res.status(201).json(userWithRoles);
-    } catch (error) {
-        if (error.name === 'SequelizeUniqueConstraintError') {
-            return res.status(409).json({ message: 'Username or email already exists.' });
-        }
-        next(error);
-    }
-});
-
-// PUT /api/users/:id
-router.put('/:id', requirePerm('users.manage'), async (req, res, next) => {
-    const { id } = req.params;
-    const { email, first_name, last_name, is_active, roles } = req.body;
-    try {
-        const user = await User.findByPk(id);
-        if (!user) {
-            return res.status(404).json({ message: 'User not found' });
-        }
-        user.email = email ?? user.email;
-        user.first_name = first_name ?? user.first_name;
-        user.last_name = last_name ?? user.last_name;
-        user.is_active = is_active ?? user.is_active;
-        user.updated_by = req.principal.user_id;
-        await user.save();
-
-        if (roles) {
-            await user.setRoles(roles);
-        }
-        const updatedUser = await User.findByPk(id, {
-            attributes: { exclude: ['password_hash'] },
-            include: [{ model: Role, attributes: ['id', 'name'], through: { attributes: [] } }]
-        });
-        res.json(updatedUser);
-    } catch (error) { next(error); }
-});
-
-// DELETE /api/users/:id
-router.delete('/:id', requirePerm('users.manage'), async (req, res, next) => {
-    try {
-        const user = await User.findByPk(req.params.id);
-        if (!user) {
-            return res.status(404).json({ message: 'User not found' });
-        }
-        user.is_active = false;
-        user.updated_by = req.principal.user_id;
-        await user.save();
-        res.status(204).send();
-    } catch (error) { next(error); }
-});
-
-export default router;
+export default r;