diff --git a/server.js b/server.js index bae7e34..46511ad 100644 --- a/server.js +++ b/server.js @@ -384,7 +384,6 @@ async function requirePlan(req, res, next, feature) { app.get("/public/portal/:token", async (req, res) => { try { const { token } = req.params; - const serviceIdParam = req.query.service; // 1. Buscamos al cliente por su token const qClient = await pool.query("SELECT * FROM clients WHERE portal_token = $1 LIMIT 1", [token]); @@ -400,39 +399,29 @@ app.get("/public/portal/:token", async (req, res) => { logo: qConfig.rows[0]?.company_logo || null }; - // 3. TELÉFONO SEGURO - let phoneMatch = String(client.phone || "").replace(/\D/g, "").slice(-9); + // 3. TELÉFONO SEGURO: Extraemos SOLO los últimos 9 números, ignorando prefijos o símbolos + let phoneMatch = String(client.phone || "").replace(/\D/g, ""); + if (phoneMatch.length > 9) phoneMatch = phoneMatch.slice(-9); if (phoneMatch.length < 8) phoneMatch = "NO_VALIDO_123"; - // 4. BÚSQUEDA BLINDADA (Hemos quitado el client_id que hacía explotar la base de datos) - let qServices; - if (serviceIdParam && !isNaN(parseInt(serviceIdParam))) { - qServices = await pool.query(` - SELECT s.id, s.service_ref, s.is_urgent, s.raw_data, s.created_at, - st.name as real_status_name, st.is_final as is_status_final, - u.full_name as worker_name, u.phone as worker_phone - FROM scraped_services s - LEFT JOIN users u ON u.id = s.assigned_to - LEFT JOIN service_statuses st ON st.id::text = (s.raw_data->>'status_operativo')::text - WHERE s.id = $1 AND s.owner_id = $2 - `, [parseInt(serviceIdParam), ownerId]); - } else { - qServices = await pool.query(` - SELECT s.id, s.service_ref, s.is_urgent, s.raw_data, s.created_at, - st.name as real_status_name, st.is_final as is_status_final, - u.full_name as worker_name, u.phone as worker_phone - FROM scraped_services s - LEFT JOIN users u ON u.id = s.assigned_to - LEFT JOIN service_statuses st ON st.id::text = (s.raw_data->>'status_operativo')::text - WHERE s.owner_id = $1 AND s.provider != 'SYSTEM_BLOCK' - AND ( - REPLACE(s.raw_data->>'Teléfono', ' ', '') LIKE $2 - OR REPLACE(s.raw_data->>'TELEFONO', ' ', '') LIKE $2 - OR REPLACE(s.raw_data->>'TELEFONOS', ' ', '') LIKE $2 - ) - ORDER BY s.created_at DESC - `, [ownerId, `%${phoneMatch}%`]); - } + // 4. BÚSQUEDA FUERZA BRUTA: Limpiamos los espacios de la BD antes de buscar + const qServices = await pool.query(` + SELECT s.id, s.service_ref, s.is_urgent, s.raw_data, s.created_at, + NULL as client_id, + st.name as real_status_name, st.is_final as is_status_final, + u.full_name as worker_name, u.phone as worker_phone + FROM scraped_services s + LEFT JOIN users u ON u.id = s.assigned_to + LEFT JOIN service_statuses st ON st.id::text = (s.raw_data->>'status_operativo')::text + WHERE s.owner_id = $1 AND s.provider != 'SYSTEM_BLOCK' + AND ( + REGEXP_REPLACE(s.raw_data->>'Teléfono', '\\D', '', 'g') LIKE $2 + OR REGEXP_REPLACE(s.raw_data->>'TELEFONO', '\\D', '', 'g') LIKE $2 + OR REGEXP_REPLACE(s.raw_data->>'TELEFONOS', '\\D', '', 'g') LIKE $2 + OR REGEXP_REPLACE(s.raw_data::text, '\\D', '', 'g') LIKE $2 + ) + ORDER BY s.created_at DESC + `, [ownerId, `%${phoneMatch}%`]); const formattedServices = qServices.rows.map(s => { return { @@ -453,7 +442,7 @@ app.get("/public/portal/:token", async (req, res) => { } catch (e) { console.error("🔥 ERROR EN PORTAL:", e.message); - res.status(500).json({ ok: false, error: "Error de base de datos" }); + res.status(500).json({ ok: false, error: "Error interno" }); } });