marsalva/api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Actualizar server.js

Browse Source
This commit is contained in:
marsalva
2026-03-02 08:07:24 +00:00
parent 4c5894c9ea
commit 83e967679c
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
server.js
View File

@@ -2456,17 +2456,21 @@ pool.query(`
app.post("/services/:id/log", authMiddleware, async (req, res) => { app.post("/services/:id/log", authMiddleware, async (req, res) => {
try { try {
const { action, details } = req.body; const { action, details } = req.body;
// Buscamos el nombre de quien hace la acción const serviceId = req.params.id;
// Verificamos propiedad antes de insertar
const check = await pool.query("SELECT id FROM scraped_services WHERE id=$1 AND owner_id=$2", [serviceId, req.user.accountId]);
if (check.rowCount === 0) return res.status(403).json({ ok: false, error: "No autorizado" });
const userQ = await pool.query("SELECT full_name FROM users WHERE id=$1", [req.user.sub]); const userQ = await pool.query("SELECT full_name FROM users WHERE id=$1", [req.user.sub]);
const userName = userQ.rows[0]?.full_name || "Sistema"; const userName = userQ.rows[0]?.full_name || "Sistema";
await pool.query( await pool.query(
"INSERT INTO scraped_service_logs (scraped_id, user_name, action, details) VALUES ($1, $2, $3, $4)", "INSERT INTO scraped_service_logs (scraped_id, user_name, action, details) VALUES ($1, $2, $3, $4)",
[req.params.id, userName, action, details || ""] [serviceId, userName, action, details || ""]
); );
res.json({ ok: true }); res.json({ ok: true });
} catch(e) { } catch(e) {
console.error("Error Log:", e);
res.status(500).json({ ok: false }); res.status(500).json({ ok: false });
} }
}); });
@@ -2474,8 +2478,7 @@ app.post("/services/:id/log", authMiddleware, async (req, res) => {
// Ruta para LEER el historial de un servicio // Ruta para LEER el historial de un servicio
app.get("/services/:id/logs", authMiddleware, async (req, res) => { app.get("/services/:id/logs", authMiddleware, async (req, res) => {
try { try {
// BLINDAJE: Cruzamos el log con la tabla scraped_services // JOIN para asegurar que el log pertenece a un servicio del dueño actual
// para asegurar que el servicio pertenece al dueño del token
const q = await pool.query(` const q = await pool.query(`
SELECT l.* FROM scraped_service_logs l SELECT l.* FROM scraped_service_logs l
JOIN scraped_services s ON l.scraped_id = s.id JOIN scraped_services s ON l.scraped_id = s.id