feat: แกไขสวน backend ใหเขากบ frontend

2025-09-27 11:30:31 +07:00
parent 4cb7801fe8
commit db7030883f
7 changed files with 693 additions and 333 deletions
--- a/backend/src/index.js
+++ b/backend/src/index.js
@@ -2,60 +2,57 @@
 // -------------------
 // Node >= 18, Express 4/5 compatible

-import fs from 'node:fs';
-import path from 'node:path';
-import express from 'express';
-import cookieParser from 'cookie-parser';
-import cors from 'cors';
+import fs from "node:fs";
+import path from "node:path";
+import express from "express";
+import cookieParser from "cookie-parser";
+import cors from "cors";

-import sql from './db/index.js';
-import healthRouter from './routes/health.js';
-import { authJwt } from './middleware/authJwt.js';
-import { loadPrincipalMw } from './middleware/loadPrincipal.js';
+import sql from "./db/index.js";
+import healthRouter from "./routes/health.js";
+import { authJwt } from "./middleware/authJwt.js";
+import { loadPrincipalMw } from "./middleware/loadPrincipal.js";

 // ROUTES
-import authRoutes from './routes/auth.js';
-import lookupRoutes from './routes/lookup.js';
-import organizationsRoutes from './routes/organizations.js';
-import projectsRoutes from './routes/projects.js';
-import correspondencesRoutes from './routes/correspondences.js';
-import rfasRoutes from './routes/rfas.js';
-import drawingsRoutes from './routes/drawings.js';
-import transmittalsRoutes from './routes/transmittals.js';
-import contractsRoutes from './routes/contracts.js';
-import contractDwgRoutes from './routes/contract_dwg.js';
-import categoriesRoutes from './routes/categories.js';
-import volumesRoutes from './routes/volumes.js';
-import uploadsRoutes from './routes/uploads.js';
-import usersRoutes from './routes/users.js';
-import permissionsRoutes from './routes/permissions.js';
-
-// import { requireAuth } from './middleware/requireAuth.js';
+import authRoutes from "./routes/auth.js";
+import lookupRoutes from "./routes/lookup.js";
+import organizationsRoutes from "./routes/organizations.js";
+import projectsRoutes from "./routes/projects.js";
+import correspondencesRoutes from "./routes/correspondences.js";
+import rfasRoutes from "./routes/rfas.js";
+import drawingsRoutes from "./routes/drawings.js";
+import transmittalsRoutes from "./routes/transmittals.js";
+import contractsRoutes from "./routes/contracts.js";
+import contractDwgRoutes from "./routes/contract_dwg.js";
+import categoriesRoutes from "./routes/categories.js";
+import volumesRoutes from "./routes/volumes.js";
+import uploadsRoutes from "./routes/uploads.js";
+import usersRoutes from "./routes/users.js";
+import permissionsRoutes from "./routes/permissions.js";

 /* ==========================
- * CONFIG (ปรับค่านี้ได้)
+ * CONFIG
 * ========================== */
-// const PORT = Number(process.env.PORT || 7001);
 const PORT = Number(process.env.PORT || 3001);
-const NODE_ENV = process.env.NODE_ENV || 'production';
+const NODE_ENV = process.env.NODE_ENV || "production";

-// Origin ของ Frontend (ถ้ามี Nginx ด้านหน้า ให้ใช้โดเมน/พอร์ตของ Frontend)
-// Origin ของ Frontend (ตั้งผ่าน ENV ในแต่ละสภาพแวดล้อม; dev ใช้ localhost)
-const FRONTEND_ORIGIN = process.env.FRONTEND_ORIGIN || 'https://lcbp3.mycloudnas.com';
+// Origin ของ Frontend (ตั้งผ่าน ENV ต่อ environment; dev ใช้ localhost)
+const FRONTEND_ORIGIN =
+  process.env.FRONTEND_ORIGIN || "https://lcbp3.np-dms.work";
 const ALLOW_ORIGINS = [
-  'http://localhost:3000',
-  'http://127.0.0.1:3000',
+  "http://localhost:3000",
+  "http://127.0.0.1:3000",
  FRONTEND_ORIGIN,
 ].filter(Boolean);

 // ที่เก็บ log ภายใน container ถูก bind ไปที่ /share/Container/dms/logs/backend
-const LOG_DIR = process.env.BACKEND_LOG_DIR || '/app/logs';
+const LOG_DIR = process.env.BACKEND_LOG_DIR || "/app/logs";

-// สร้างโฟลเดอร์ log ถ้ายังไม่มี (แก้ปัญหา Permission denied ล่วงหน้า: ให้ host map เป็น 775 และ uid=100)
+// สร้างโฟลเดอร์ log ถ้ายังไม่มี
 try {
  if (!fs.existsSync(LOG_DIR)) fs.mkdirSync(LOG_DIR, { recursive: true });
 } catch (e) {
-  console.warn('[WARN] Cannot ensure LOG_DIR:', LOG_DIR, e?.message);
+  console.warn("[WARN] Cannot ensure LOG_DIR:", LOG_DIR, e?.message);
 }

 /* ==========================
@@ -63,34 +60,41 @@ try {
 * ========================== */
 const app = express();

-// CORS แบบกำหนด origin ตามรายการที่อนุญาต + อนุญาต credentials
-app.use(cors({
-  origin(origin, cb) {
-    // อนุญาต server-to-server / curl ที่ไม่มี Origin
-    if (!origin) return cb(null, true);
-    return cb(null, ALLOW_ORIGINS.includes(origin));
-  },
-  credentials: true,
-  methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
-  allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],
-  exposedHeaders: ['Content-Disposition', 'Content-Length'],
-}));
-// จัดการ preflight ให้ครบ
-app.options('*', cors({
-  origin(origin, cb) {
-    if (!origin) return cb(null, true);
-    return cb(null, ALLOW_ORIGINS.includes(origin));
-  },
-  credentials: true,
-}));
+// ✅ อยู่หลัง NPM/Reverse proxy → ให้ trust proxy เพื่อให้ cookie secure / proto ทำงานถูก
+app.set("trust proxy", 1);
+
+// CORS แบบกำหนด origin ตามรายการที่อนุญาต + อนุญาต credentials (จำเป็นสำหรับ cookie)
+app.use(
+  cors({
+    origin(origin, cb) {
+      if (!origin) return cb(null, true); // server-to-server / curl
+      return cb(null, ALLOW_ORIGINS.includes(origin));
+    },
+    credentials: true,
+    methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
+    allowedHeaders: ["Content-Type", "Authorization", "X-Requested-With"],
+    exposedHeaders: ["Content-Disposition", "Content-Length"],
+  })
+);
+// preflight
+app.options(
+  "*",
+  cors({
+    origin(origin, cb) {
+      if (!origin) return cb(null, true);
+      return cb(null, ALLOW_ORIGINS.includes(origin));
+    },
+    credentials: true,
+  })
+);

 app.use(cookieParser());

 // Payload limits
-app.use(express.json({ limit: '10mb' }));
-app.use(express.urlencoded({ extended: true, limit: '10mb' }));
+app.use(express.json({ limit: "10mb" }));
+app.use(express.urlencoded({ extended: true, limit: "10mb" }));

-// Access log (ขั้นต่ำ): พิมพ์ลง stdout ให้ Docker เก็บ; ถ้าต้องการเขียนไฟล์ ให้เปลี่ยนเป็น fs.appendFileSync
+// Access log (ขั้นต่ำ)
 app.use((req, _res, next) => {
  console.log(`[REQ] ${req.method} ${req.originalUrl}`);
  next();
@@ -99,75 +103,78 @@ app.use((req, _res, next) => {
 /* ==========================
 * HEALTH / READY / INFO
 * ========================== */
-app.get('/health', async (req, res) => {
+app.get("/health", async (req, res) => {
  try {
-    const [[{ now }]] = await sql.query('SELECT NOW() AS now');
-    return res.json({ status: 'ok', db: 'ok', now });
+    const [[{ now }]] = await sql.query("SELECT NOW() AS now");
+    return res.json({ status: "ok", db: "ok", now });
  } catch (e) {
-    return res.status(500).json({ status: 'degraded', db: 'fail', error: e?.message });
+    return res
+      .status(500)
+      .json({ status: "degraded", db: "fail", error: e?.message });
  }
 });

 // Kubernetes-style endpoints (ถ้าใช้)
-app.get('/livez', (req, res) => res.send('ok'));
-app.get('/readyz', async (req, res) => {
+app.get("/livez", (req, res) => res.send("ok"));
+app.get("/readyz", async (req, res) => {
  try {
-    await sql.query('SELECT 1');
-    res.send('ready');
+    await sql.query("SELECT 1");
+    res.send("ready");
  } catch {
-    res.status(500).send('not-ready');
+    res.status(500).send("not-ready");
  }
 });

-// เวอร์ชัน/บิลด์ (เติมจาก ENV ถ้าต้องการ)
-app.get('/info', (req, res) => {
+app.get("/info", (req, res) => {
  res.json({
-    name: 'dms-backend',
+    name: "dms-backend",
    env: NODE_ENV,
-    version: process.env.APP_VERSION || '0.5.0',
+    version: process.env.APP_VERSION || "0.5.0",
    commit: process.env.GIT_COMMIT || undefined,
  });
 });

 /* ==========================
- * PROTECTED API
+ * ROUTES
 * ========================== */
-// ต้อง auth + principal ก่อนเข้าทุก /api/*
-app.use('/api', healthRouter);
-app.use('/api/auth', authRoutes); // login/refresh/logout (ไม่ต้องผ่าน authJwt ทั้งกลุ่ม)
-app.use('/api', authJwt(), loadPrincipalMw()); // จากนี้ต้องมี JWT + principal
+// /api/health (ถอดจาก healthRouter)
+app.use("/api", healthRouter);

-app.use('/api/lookup', lookupRoutes);
-// โมดูลหลัก
-app.use('/api/organizations', organizationsRoutes);
-app.use('/api/projects', projectsRoutes);
-app.use('/api/correspondences', correspondencesRoutes);
-app.use('/api/rfas', rfasRoutes);
-app.use('/api/drawings', drawingsRoutes);
-app.use('/api/transmittals', transmittalsRoutes);
-app.use('/api/contracts', contractsRoutes);
-app.use('/api/contract-dwg', contractDwgRoutes);
-app.use('/api/categories', categoriesRoutes);
-app.use('/api/volumes', volumesRoutes);
-app.use('/api/uploads', uploadsRoutes);
-app.use('/api/users', usersRoutes);
-app.use('/api/permissions', permissionsRoutes);
+// ✅ auth กลุ่มนี้ "ไม่ต้อง" ผ่าน authJwt
+app.use("/api/auth", authRoutes);
+
+// จากนี้ไป ทุก /api/* ต้องผ่าน JWT + principal
+app.use("/api", authJwt(), loadPrincipalMw());
+
+app.use("/api/lookup", lookupRoutes);
+app.use("/api/organizations", organizationsRoutes);
+app.use("/api/projects", projectsRoutes);
+app.use("/api/correspondences", correspondencesRoutes);
+app.use("/api/rfas", rfasRoutes);
+app.use("/api/drawings", drawingsRoutes);
+app.use("/api/transmittals", transmittalsRoutes);
+app.use("/api/contracts", contractsRoutes);
+app.use("/api/contract-dwg", contractDwgRoutes);
+app.use("/api/categories", categoriesRoutes);
+app.use("/api/volumes", volumesRoutes);
+app.use("/api/uploads", uploadsRoutes);
+app.use("/api/users", usersRoutes);
+app.use("/api/permissions", permissionsRoutes);

 /* ==========================
 * NOT FOUND & ERROR HANDLERS
 * ========================== */
 app.use((req, res) => {
-  res.status(404).json({ error: 'NOT_FOUND', path: req.originalUrl });
+  res.status(404).json({ error: "NOT_FOUND", path: req.originalUrl });
 });

-// ต้องมี 4 พารามิเตอร์เพื่อเป็น error handler ใน Express
 // eslint-disable-next-line no-unused-vars
 app.use((err, req, res, _next) => {
-  console.error('[UNHANDLED ERROR]', err);
+  console.error("[UNHANDLED ERROR]", err);
  const status = err?.status || 500;
  res.status(status).json({
-    error: 'SERVER_ERROR',
-    message: NODE_ENV === 'production' ? undefined : err?.message,
+    error: "SERVER_ERROR",
+    message: NODE_ENV === "production" ? undefined : err?.message,
  });
 });

@@ -184,17 +191,18 @@ const server = app.listen(PORT, () => {
 async function shutdown(signal) {
  try {
    console.log(`[SHUTDOWN] ${signal} received`);
-    await new Promise(resolve => server.close(resolve));
-    try { await sql.end(); } catch {}
-    console.log('[SHUTDOWN] complete');
+    await new Promise((resolve) => server.close(resolve));
+    try {
+      await sql.end();
+    } catch {}
+    console.log("[SHUTDOWN] complete");
    process.exit(0);
  } catch (e) {
-    console.error('[SHUTDOWN] error', e);
+    console.error("[SHUTDOWN] error", e);
    process.exit(1);
  }
 }
-
-process.on('SIGTERM', () => shutdown('SIGTERM'));
-process.on('SIGINT', () => shutdown('SIGINT'));
+process.on("SIGTERM", () => shutdown("SIGTERM"));
+process.on("SIGINT", () => shutdown("SIGINT"));

 export default app;