marsalva/api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Actualizar server.js

Browse Source
This commit is contained in:
marsalva
2026-03-04 08:45:48 +00:00
parent 22373f3e32
commit 8c107e0339
1 changed files with 22 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
server.js
View File

@@ -384,7 +384,6 @@ async function requirePlan(req, res, next, feature) {
app.get("/public/portal/:token", async (req, res) => { app.get("/public/portal/:token", async (req, res) => {
try { try {
const { token } = req.params; const { token } = req.params;
const serviceIdParam = req.query.service;
// 1. Buscamos al cliente por su token // 1. Buscamos al cliente por su token
const qClient = await pool.query("SELECT * FROM clients WHERE portal_token = $1 LIMIT 1", [token]); const qClient = await pool.query("SELECT * FROM clients WHERE portal_token = $1 LIMIT 1", [token]);
@@ -400,39 +399,29 @@ app.get("/public/portal/:token", async (req, res) => {
logo: qConfig.rows[0]?.company_logo || null logo: qConfig.rows[0]?.company_logo || null
}; };
// 3. TELÉFONO SEGURO // 3. TELÉFONO SEGURO: Extraemos SOLO los últimos 9 números, ignorando prefijos o símbolos
let phoneMatch = String(client.phone || "").replace(/\D/g, "").slice(-9); let phoneMatch = String(client.phone || "").replace(/\D/g, "");
if (phoneMatch.length > 9) phoneMatch = phoneMatch.slice(-9);
if (phoneMatch.length < 8) phoneMatch = "NO_VALIDO_123"; if (phoneMatch.length < 8) phoneMatch = "NO_VALIDO_123";
// 4. BÚSQUEDA BLINDADA (Hemos quitado el client_id que hacía explotar la base de datos) // 4. BÚSQUEDA FUERZA BRUTA: Limpiamos los espacios de la BD antes de buscar
let qServices; const qServices = await pool.query(`
if (serviceIdParam && !isNaN(parseInt(serviceIdParam))) { SELECT s.id, s.service_ref, s.is_urgent, s.raw_data, s.created_at,
qServices = await pool.query(` NULL as client_id,
SELECT s.id, s.service_ref, s.is_urgent, s.raw_data, s.created_at, st.name as real_status_name, st.is_final as is_status_final,
st.name as real_status_name, st.is_final as is_status_final, u.full_name as worker_name, u.phone as worker_phone
u.full_name as worker_name, u.phone as worker_phone FROM scraped_services s
FROM scraped_services s LEFT JOIN users u ON u.id = s.assigned_to
LEFT JOIN users u ON u.id = s.assigned_to LEFT JOIN service_statuses st ON st.id::text = (s.raw_data->>'status_operativo')::text
LEFT JOIN service_statuses st ON st.id::text = (s.raw_data->>'status_operativo')::text WHERE s.owner_id = $1 AND s.provider != 'SYSTEM_BLOCK'
WHERE s.id = $1 AND s.owner_id = $2 AND (
`, [parseInt(serviceIdParam), ownerId]); REGEXP_REPLACE(s.raw_data->>'Teléfono', '\\D', '', 'g') LIKE $2
} else { OR REGEXP_REPLACE(s.raw_data->>'TELEFONO', '\\D', '', 'g') LIKE $2
qServices = await pool.query(` OR REGEXP_REPLACE(s.raw_data->>'TELEFONOS', '\\D', '', 'g') LIKE $2
SELECT s.id, s.service_ref, s.is_urgent, s.raw_data, s.created_at, OR REGEXP_REPLACE(s.raw_data::text, '\\D', '', 'g') LIKE $2
st.name as real_status_name, st.is_final as is_status_final, )
u.full_name as worker_name, u.phone as worker_phone ORDER BY s.created_at DESC
FROM scraped_services s `, [ownerId, `%${phoneMatch}%`]);
LEFT JOIN users u ON u.id = s.assigned_to
LEFT JOIN service_statuses st ON st.id::text = (s.raw_data->>'status_operativo')::text
WHERE s.owner_id = $1 AND s.provider != 'SYSTEM_BLOCK'
AND (
REPLACE(s.raw_data->>'Teléfono', ' ', '') LIKE $2
OR REPLACE(s.raw_data->>'TELEFONO', ' ', '') LIKE $2
OR REPLACE(s.raw_data->>'TELEFONOS', ' ', '') LIKE $2
)
ORDER BY s.created_at DESC
`, [ownerId, `%${phoneMatch}%`]);
}
const formattedServices = qServices.rows.map(s => { const formattedServices = qServices.rows.map(s => {
return { return {
@@ -453,7 +442,7 @@ app.get("/public/portal/:token", async (req, res) => {
} catch (e) { } catch (e) {
console.error("🔥 ERROR EN PORTAL:", e.message); console.error("🔥 ERROR EN PORTAL:", e.message);
res.status(500).json({ ok: false, error: "Error de base de datos" }); res.status(500).json({ ok: false, error: "Error interno" });
} }
}); });