marsalva/api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Actualizar server.js

Browse Source
This commit is contained in:
marsalva
2026-02-07 18:58:53 +00:00
parent 6aafd1010e
commit 3d276434fc
1 changed files with 302 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

336
server.js
View File

@@ -1,52 +1,320 @@
import express from "express"; import express from "express";
import cors from "cors"; import cors from "cors";
import bcrypt from "bcryptjs";
import jwt from "jsonwebtoken";
import pg from "pg";
const { Pool } = pg;
const app = express(); const app = express();
app.use(cors()); app.use(cors());
app.use(express.json()); app.use(express.json());
// --- “BD” en memoria (se borra al redeploy/restart) --- // =========================
const services = []; // ENV (Coolify variables)
let nextId = 1; // =========================
const {
DATABASE_URL,
JWT_SECRET,
EVOLUTION_BASE_URL,
EVOLUTION_API_KEY,
EVOLUTION_INSTANCE,
EVOLUTION_SENDER_NUMBER
} = process.env;
if (!DATABASE_URL) console.warn("⚠️ DATABASE_URL no definido");
if (!JWT_SECRET) console.warn("⚠️ JWT_SECRET no definido");
// =========================
// DB
// =========================
const pool = new Pool({
connectionString: DATABASE_URL,
ssl: DATABASE_URL?.includes("localhost") ? false : { rejectUnauthorized: false }
});
// =========================
// Helpers
// =========================
function normalizePhone(phone) {
// Ajusta a tu gusto (E.164). Para España: +34XXXXXXXXX
let p = String(phone || "").trim().replace(/\s+/g, "");
if (!p) return "";
if (!p.startsWith("+")) {
// si meten 600..., asumimos España
if (/^\d{9}$/.test(p)) p = "+34" + p;
}
return p;
}
function genCode6() {
// 6 dígitos
return String(Math.floor(100000 + Math.random() * 900000));
}
function signToken(user) {
return jwt.sign(
{ sub: user.id, phone: user.phone, email: user.email },
JWT_SECRET,
{ expiresIn: "30d" }
);
}
function authMiddleware(req, res, next) {
const h = req.headers.authorization || "";
const token = h.startsWith("Bearer ") ? h.slice(7) : "";
if (!token) return res.status(401).json({ ok: false, error: "No token" });
try {
const payload = jwt.verify(token, JWT_SECRET);
req.user = payload;
next();
} catch {
return res.status(401).json({ ok: false, error: "Token inválido" });
}
}
// Rate-limit muy simple en memoria (para no freír el WhatsApp)
const lastSendByPhone = new Map();
function canSendCode(phone) {
const now = Date.now();
const last = lastSendByPhone.get(phone) || 0;
// 1 envío cada 60s
if (now - last < 60_000) return false;
lastSendByPhone.set(phone, now);
return true;
}
// =========================
// Evolution API (WhatsApp)
// =========================
async function sendWhatsAppCode(phone, code) {
if (!EVOLUTION_BASE_URL || !EVOLUTION_API_KEY || !EVOLUTION_INSTANCE) {
console.warn("⚠️ Evolution API env no configuradas, no envío WhatsApp.");
return { ok: false, skipped: true };
}
// OJO: el endpoint exacto puede variar según tu Evolution.
// Ajustamos a un patrón típico: /message/sendText/{instance}
const url = `${EVOLUTION_BASE_URL.replace(/\/$/, "")}/message/sendText/${encodeURIComponent(EVOLUTION_INSTANCE)}`;
const payload = {
number: phone, // normalmente en formato +34...
text: `Tu código de verificación es: ${code}\nCaduca en 10 minutos.`
};
const res = await fetch(url, {
method: "POST",
headers: {
"Content-Type": "application/json",
"apikey": EVOLUTION_API_KEY
},
body: JSON.stringify(payload)
});
const text = await res.text();
let data;
try { data = JSON.parse(text); } catch { data = text; }
if (!res.ok) {
console.error("❌ Evolution send failed:", res.status, data);
return { ok: false, status: res.status, data };
}
return { ok: true, data };
}
// =========================
// Health
// =========================
app.get("/health", async (req, res) => {
try {
const r = await pool.query("select now() as now");
res.json({ ok: true, db: true, now: r.rows[0].now });
} catch (e) {
res.json({ ok: false, db: false, error: String(e?.message || e) });
}
});
app.get("/", (req, res) => res.send("IntegraRepara API OK")); app.get("/", (req, res) => res.send("IntegraRepara API OK"));
app.get("/health", (req, res) => { // =========================
res.json({ ok: true, db: false, now: new Date().toISOString() }); // AUTH
}); // =========================
// GET /services // Registro: crea user + manda código WhatsApp
app.get("/services", (req, res) => { app.post("/auth/register", async (req, res) => {
const list = [...services].sort((a, b) => b.id - a.id); try {
res.json({ ok: true, count: list.length, services: list }); const {
}); fullName,
phone,
address,
dni,
email,
password
} = req.body || {};
// POST /services const p = normalizePhone(phone);
app.post("/services", (req, res) => {
// Tu HTML manda clientName, aquí lo acepto
const { title, client, clientName, phone, address, notes } = req.body || {};
const clientFinal = client ?? clientName;
if (!title || !clientFinal) { if (!fullName || !p || !address || !dni || !email || !password) {
return res.status(400).json({ return res.status(400).json({ ok: false, error: "Faltan campos obligatorios" });
ok: false, }
error: "Faltan campos obligatorios: title y client (o clientName)",
}); if (!canSendCode(p)) {
return res.status(429).json({ ok: false, error: "Espera 1 minuto antes de pedir otro código" });
}
const passwordHash = await bcrypt.hash(String(password), 10);
// intenta crear usuario
let user;
try {
const q = await pool.query(
`insert into users (full_name, phone, address, dni, email, password_hash, is_verified)
values ($1,$2,$3,$4,$5,$6,false)
returning id, full_name, phone, email, is_verified`,
[String(fullName).trim(), p, String(address).trim(), String(dni).trim(), String(email).trim().toLowerCase(), passwordHash]
);
user = q.rows[0];
} catch (e) {
// si ya existe por email o phone
return res.status(409).json({ ok: false, error: "Ya existe un usuario con ese teléfono o email" });
}
const code = genCode6();
const codeHash = await bcrypt.hash(code, 10);
const expiresAt = new Date(Date.now() + 10 * 60 * 1000); // 10 min
await pool.query(
`insert into login_codes (user_id, phone, code_hash, purpose, expires_at)
values ($1,$2,$3,'register_verify',$4)`,
[user.id, p, codeHash, expiresAt]
);
await sendWhatsAppCode(p, code);
res.json({ ok: true, needsVerify: true, phone: p });
} catch (e) {
res.status(500).json({ ok: false, error: String(e?.message || e) });
} }
const item = {
id: nextId++,
title: String(title).trim(),
client: String(clientFinal).trim(),
phone: phone ? String(phone).trim() : "",
address: address ? String(address).trim() : "",
notes: notes ? String(notes).trim() : "",
createdAt: new Date().toISOString(),
};
services.push(item);
res.status(201).json({ ok: true, service: item });
}); });
// Verificar código de registro: activa user + devuelve token
app.post("/auth/verify", async (req, res) => {
try {
const { phone, code } = req.body || {};
const p = normalizePhone(phone);
if (!p || !code) return res.status(400).json({ ok: false, error: "Faltan phone o code" });
const u = await pool.query(`select * from users where phone=$1`, [p]);
if (!u.rowCount) return res.status(404).json({ ok: false, error: "Usuario no existe" });
const user = u.rows[0];
// busca último código válido no consumido
const c = await pool.query(
`select * from login_codes
where phone=$1 and purpose='register_verify' and consumed_at is null and expires_at > now()
order by created_at desc
limit 1`,
[p]
);
if (!c.rowCount) return res.status(400).json({ ok: false, error: "Código inválido o caducado" });
const row = c.rows[0];
const ok = await bcrypt.compare(String(code).trim(), row.code_hash);
if (!ok) return res.status(400).json({ ok: false, error: "Código incorrecto" });
await pool.query(`update login_codes set consumed_at=now() where id=$1`, [row.id]);
await pool.query(`update users set is_verified=true where id=$1`, [user.id]);
// settings por defecto
await pool.query(
`insert into user_settings (user_id, company_name)
values ($1,$2)
on conflict (user_id) do nothing`,
[user.id, user.full_name]
);
const token = signToken(user);
res.json({ ok: true, token });
} catch (e) {
res.status(500).json({ ok: false, error: String(e?.message || e) });
}
});
// Login normal (email+password). Si quieres 2FA por WhatsApp también, lo hacemos luego.
app.post("/auth/login", async (req, res) => {
try {
const { email, password } = req.body || {};
if (!email || !password) return res.status(400).json({ ok: false, error: "Faltan email o password" });
const q = await pool.query(`select * from users where email=$1`, [String(email).trim().toLowerCase()]);
if (!q.rowCount) return res.status(401).json({ ok: false, error: "Credenciales incorrectas" });
const user = q.rows[0];
const ok = await bcrypt.compare(String(password), user.password_hash);
if (!ok) return res.status(401).json({ ok: false, error: "Credenciales incorrectas" });
if (!user.is_verified) return res.status(403).json({ ok: false, error: "Cuenta no verificada por WhatsApp" });
const token = signToken(user);
res.json({ ok: true, token });
} catch (e) {
res.status(500).json({ ok: false, error: String(e?.message || e) });
}
});
// =========================
// SERVICES (multi-tenant)
// =========================
app.get("/services", authMiddleware, async (req, res) => {
try {
const userId = req.user.sub;
const q = await pool.query(
`select * from services where user_id=$1 order by created_at desc`,
[userId]
);
res.json({ ok: true, count: q.rowCount, services: q.rows });
} catch (e) {
res.status(500).json({ ok: false, error: String(e?.message || e) });
}
});
app.post("/services", authMiddleware, async (req, res) => {
try {
const userId = req.user.sub;
const body = req.body || {};
const title = body.title;
const clientName = body.clientName ?? body.client ?? "";
if (!title) return res.status(400).json({ ok: false, error: "Falta title" });
const q = await pool.query(
`insert into services (user_id, title, client_name, phone, address, notes)
values ($1,$2,$3,$4,$5,$6)
returning *`,
[
userId,
String(title).trim(),
clientName ? String(clientName).trim() : null,
body.phone ? String(body.phone).trim() : null,
body.address ? String(body.address).trim() : null,
body.notes ? String(body.notes).trim() : null
]
);
res.status(201).json({ ok: true, service: q.rows[0] });
} catch (e) {
res.status(500).json({ ok: false, error: String(e?.message || e) });
}
});
// =========================
// STATIC (HTML)
// =========================
app.use(express.static("public"));
const port = process.env.PORT || 3000; const port = process.env.PORT || 3000;
app.listen(port, () => console.log(`🚀 API listening on :${port}`)); app.listen(port, () => console.log(`🚀 API listening on :${port}`));