Actualizar server.js

server.js

@@ -384,7 +384,6 @@ async function requirePlan(req, res, next, feature) {
 app.get("/public/portal/:token", async (req, res) => {
     try {
         const { token } = req.params;
-        const serviceIdParam = req.query.service;
 
         // 1. Buscamos al cliente por su token
         const qClient = await pool.query("SELECT * FROM clients WHERE portal_token = $1 LIMIT 1", [token]);
@@ -400,25 +399,15 @@ app.get("/public/portal/:token", async (req, res) => {
             logo: qConfig.rows[0]?.company_logo || null 
         };
 
-        // 3. TELÉFONO SEGURO
-        let phoneMatch = String(client.phone || "").replace(/\D/g, "").slice(-9);
+        // 3. TELÉFONO SEGURO: Extraemos SOLO los últimos 9 números, ignorando prefijos o símbolos
+        let phoneMatch = String(client.phone || "").replace(/\D/g, "");
+        if (phoneMatch.length > 9) phoneMatch = phoneMatch.slice(-9); 
         if (phoneMatch.length < 8) phoneMatch = "NO_VALIDO_123"; 
 
-        // 4. BÚSQUEDA BLINDADA (Hemos quitado el client_id que hacía explotar la base de datos)
-        let qServices;
-        if (serviceIdParam && !isNaN(parseInt(serviceIdParam))) {
-            qServices = await pool.query(`
-                SELECT s.id, s.service_ref, s.is_urgent, s.raw_data, s.created_at,
-                       st.name as real_status_name, st.is_final as is_status_final,
-                       u.full_name as worker_name, u.phone as worker_phone
-                FROM scraped_services s
-                LEFT JOIN users u ON u.id = s.assigned_to
-                LEFT JOIN service_statuses st ON st.id::text = (s.raw_data->>'status_operativo')::text
-                WHERE s.id = $1 AND s.owner_id = $2
-            `, [parseInt(serviceIdParam), ownerId]);
-        } else {
-            qServices = await pool.query(`
+        // 4. BÚSQUEDA FUERZA BRUTA: Limpiamos los espacios de la BD antes de buscar
+        const qServices = await pool.query(`
             SELECT s.id, s.service_ref, s.is_urgent, s.raw_data, s.created_at,
+                   NULL as client_id,
                    st.name as real_status_name, st.is_final as is_status_final,
                    u.full_name as worker_name, u.phone as worker_phone
             FROM scraped_services s
@@ -426,13 +415,13 @@ app.get("/public/portal/:token", async (req, res) => {
             LEFT JOIN service_statuses st ON st.id::text = (s.raw_data->>'status_operativo')::text
             WHERE s.owner_id = $1 AND s.provider != 'SYSTEM_BLOCK'
             AND (
-                    REPLACE(s.raw_data->>'Teléfono', ' ', '') LIKE $2
-                    OR REPLACE(s.raw_data->>'TELEFONO', ' ', '') LIKE $2
-                    OR REPLACE(s.raw_data->>'TELEFONOS', ' ', '') LIKE $2
+                REGEXP_REPLACE(s.raw_data->>'Teléfono', '\\D', '', 'g') LIKE $2
+                OR REGEXP_REPLACE(s.raw_data->>'TELEFONO', '\\D', '', 'g') LIKE $2
+                OR REGEXP_REPLACE(s.raw_data->>'TELEFONOS', '\\D', '', 'g') LIKE $2
+                OR REGEXP_REPLACE(s.raw_data::text, '\\D', '', 'g') LIKE $2
             )
             ORDER BY s.created_at DESC
         `, [ownerId, `%${phoneMatch}%`]);
-        }
 
         const formattedServices = qServices.rows.map(s => {
             return {
@@ -453,7 +442,7 @@ app.get("/public/portal/:token", async (req, res) => {
 
     } catch (e) {
         console.error("🔥 ERROR EN PORTAL:", e.message);
-        res.status(500).json({ ok: false, error: "Error de base de datos" });
+        res.status(500).json({ ok: false, error: "Error interno" });
     }
 });