From 22373f3e32a9b4f609eb4e6bd530248a476f6451 Mon Sep 17 00:00:00 2001
From: marsalva <info@marsalva.es>
Date: Wed, 4 Mar 2026 08:41:41 +0000
Subject: [PATCH] Actualizar server.js

---
 server.js | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/server.js b/server.js
index 8d7fa80..bae7e34 100644
--- a/server.js
+++ b/server.js
@@ -404,12 +404,11 @@ app.get("/public/portal/:token", async (req, res) => {
         let phoneMatch = String(client.phone || "").replace(/\D/g, "").slice(-9);
         if (phoneMatch.length < 8) phoneMatch = "NO_VALIDO_123"; 
 
-        // 4. CONSTRUIMOS LA BÚSQUEDA (Doble vía para evitar colapsos)
+        // 4. BÚSQUEDA BLINDADA (Hemos quitado el client_id que hacía explotar la base de datos)
         let qServices;
         if (serviceIdParam && !isNaN(parseInt(serviceIdParam))) {
-            // Si nos envían el ID por URL, buscamos ESE servicio exacto
             qServices = await pool.query(`
-                SELECT s.id, s.service_ref, s.is_urgent, s.raw_data, s.created_at, s.client_id,
+                SELECT s.id, s.service_ref, s.is_urgent, s.raw_data, s.created_at,
                        st.name as real_status_name, st.is_final as is_status_final,
                        u.full_name as worker_name, u.phone as worker_phone
                 FROM scraped_services s
@@ -418,9 +417,8 @@ app.get("/public/portal/:token", async (req, res) => {
                 WHERE s.id = $1 AND s.owner_id = $2
             `, [parseInt(serviceIdParam), ownerId]);
         } else {
-            // Si no hay ID, buscamos por el teléfono
             qServices = await pool.query(`
-                SELECT s.id, s.service_ref, s.is_urgent, s.raw_data, s.created_at, s.client_id,
+                SELECT s.id, s.service_ref, s.is_urgent, s.raw_data, s.created_at,
                        st.name as real_status_name, st.is_final as is_status_final,
                        u.full_name as worker_name, u.phone as worker_phone
                 FROM scraped_services s
@@ -428,13 +426,12 @@ app.get("/public/portal/:token", async (req, res) => {
                 LEFT JOIN service_statuses st ON st.id::text = (s.raw_data->>'status_operativo')::text
                 WHERE s.owner_id = $1 AND s.provider != 'SYSTEM_BLOCK'
                 AND (
-                    s.client_id = $2 
-                    OR REPLACE(s.raw_data->>'Teléfono', ' ', '') LIKE $3
-                    OR REPLACE(s.raw_data->>'TELEFONO', ' ', '') LIKE $3
-                    OR REPLACE(s.raw_data->>'TELEFONOS', ' ', '') LIKE $3
+                    REPLACE(s.raw_data->>'Teléfono', ' ', '') LIKE $2
+                    OR REPLACE(s.raw_data->>'TELEFONO', ' ', '') LIKE $2
+                    OR REPLACE(s.raw_data->>'TELEFONOS', ' ', '') LIKE $2
                 )
                 ORDER BY s.created_at DESC
-            `, [ownerId, client.id, `%${phoneMatch}%`]);
+            `, [ownerId, `%${phoneMatch}%`]);
         }
 
         const formattedServices = qServices.rows.map(s => {
@@ -456,8 +453,7 @@ app.get("/public/portal/:token", async (req, res) => {
 
     } catch (e) {
         console.error("🔥 ERROR EN PORTAL:", e.message);
-        // AHORA EL SERVIDOR LE CHIVARÁ AL NAVEGADOR EL MOTIVO EXACTO DEL ERROR
-        res.status(500).json({ ok: false, error: e.message, debug_stack: e.stack });
+        res.status(500).json({ ok: false, error: "Error de base de datos" });
     }
 });