File size: 8,201 Bytes
fcf8749 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 | const prisma = require('../config/database');
const { generateAccessToken, refreshAccessToken } = require('../config/jwt');
const Joi = require('joi');
const twilio = require('twilio');
const crypto = require('crypto');
const dotenv = require('dotenv');
dotenv.config();
// In-memory OTP store: phone β { otp, expiresAt, attempts }
const otpStore = new Map();
const OTP_TTL = 5 * 60 * 1000; // 5 minutes
const MAX_ATT = 3;
function makeTwilioClient() {
try {
return twilio(process.env.TWILIO_ACCOUNT_SID, process.env.TWILIO_AUTH_TOKEN);
} catch { return null; }
}
/**
* POST /api/auth/login β Send OTP via Twilio SMS
*/
const sendOTP = async (req, res) => {
try {
const schema = Joi.object({
phone: Joi.string().pattern(/^\+?\d{7,15}$/).required().messages({
'string.pattern.base': 'Phone must be a valid number (e.g. +91XXXXXXXXXX)',
}),
role: Joi.string().valid('DRIVER', 'SHIPPER', 'DISPATCHER').default('DRIVER'),
});
const { error } = schema.validate(req.body);
if (error) return res.status(400).json({ success: false, message: error.details[0].message });
const { phone } = req.body;
// Rate limit: block if previous OTP not expired & too many attempts
const existing = otpStore.get(phone);
if (existing && Date.now() < existing.expiresAt && existing.attempts >= MAX_ATT) {
const wait = Math.ceil((existing.expiresAt - Date.now()) / 1000);
return res.status(429).json({ success: false, message: `Too many attempts. Retry in ${wait}s.` });
}
const otp = Math.floor(100000 + Math.random() * 900000).toString();
otpStore.set(phone, { otp, expiresAt: Date.now() + OTP_TTL, attempts: 0 });
// Try Twilio β fall back gracefully in demo mode
const client = makeTwilioClient();
let smsSent = false;
if (client && process.env.TWILIO_PHONE_NUMBER) {
try {
await client.messages.create({
body: `Your FairRelay login code is: ${otp}. Valid for 5 minutes. Do not share.`,
from: process.env.TWILIO_PHONE_NUMBER,
to: phone,
});
smsSent = true;
console.log(`[OTP] SMS sent to ${phone.slice(0, 5)}***`);
} catch (twilioErr) {
console.warn('[OTP] Twilio send failed (demo mode):', twilioErr.message);
}
}
const IS_PROD = process.env.NODE_ENV === 'production';
res.status(200).json({
success: true,
message: smsSent ? 'OTP sent to your phone.' : (IS_PROD ? 'OTP service unavailable. Please try again later.' : `Demo mode β OTP is: ${otp}`),
data: { phone, demo: !smsSent, otp: (!IS_PROD && !smsSent) ? otp : undefined },
});
} catch (err) {
console.error('sendOTP error:', err.message);
res.status(500).json({ success: false, message: err.message || 'Failed to send OTP' });
}
};
/**
* POST /api/auth/verify-otp β Verify OTP and issue JWT
*/
const verifyOTP = async (req, res) => {
try {
const schema = Joi.object({
phone: Joi.string().pattern(/^\+?\d{7,15}$/).required(),
otp: Joi.string().length(6).required(),
role: Joi.string().valid('DRIVER', 'SHIPPER', 'DISPATCHER').optional(),
});
const { error } = schema.validate(req.body);
if (error) return res.status(400).json({ success: false, message: error.details[0].message });
const { phone, otp, role } = req.body;
// Validate OTP from in-memory store
const record = otpStore.get(phone);
if (!record) {
return res.status(400).json({ success: false, message: 'No OTP found. Request a new one.' });
}
if (Date.now() > record.expiresAt) {
otpStore.delete(phone);
return res.status(400).json({ success: false, message: 'OTP expired. Request a new one.' });
}
record.attempts += 1;
if (record.otp !== otp.trim()) {
if (record.attempts >= MAX_ATT) {
otpStore.delete(phone);
return res.status(429).json({ success: false, message: 'Too many failed attempts. Request a new OTP.' });
}
return res.status(400).json({ success: false, message: `Invalid OTP. ${MAX_ATT - record.attempts} attempt(s) left.` });
}
otpStore.delete(phone); // β
OTP matched β clean up
// Find or create user β with full DB offline fallback
let user;
let isDemo = false;
try {
user = await prisma.user.findUnique({
where: { phone },
include: { trucks: { select: { id: true, licensePlate: true, model: true } } },
});
if (!user) {
user = await prisma.user.create({
data: { phone, role: role || 'DISPATCHER', name: `User_${phone.slice(-4)}` },
include: { trucks: true },
});
}
await prisma.user.update({ where: { id: user.id }, data: { lastActiveDate: new Date() } });
} catch (dbErr) {
console.warn('[Auth] DB offline β using demo user:', dbErr.message);
isDemo = true;
user = {
id: `demo-${crypto.randomUUID()}`,
name: `Dispatcher_${phone.slice(-4)}`,
phone,
role: role || 'DISPATCHER',
status: 'ACTIVE',
rating: 5.0,
deliveriesCount: 0,
totalEarnings: 0,
weeklyEarnings: 0,
trucks: [],
};
}
const token = generateAccessToken({ userId: user.id, role: user.role });
res.status(200).json({
success: true,
message: isDemo ? 'Login successful (demo mode)' : 'Login successful',
data: {
token,
user: {
id: user.id,
name: user.name,
phone: user.phone,
role: user.role,
status: user.status,
rating: user.rating,
deliveriesCount: user.deliveriesCount,
totalEarnings: user.totalEarnings,
weeklyEarnings: user.weeklyEarnings,
trucks: user.trucks || [],
},
},
});
} catch (err) {
console.error('verifyOTP error:', err.message);
res.status(500).json({ success: false, message: err.message || 'OTP verification failed' });
}
};
/**
* GET /api/auth/profile β Get authenticated user profile (PROTECTED)
*/
const getProfile = async (req, res) => {
try {
const userId = req.user.id;
const user = await prisma.user.findUnique({
where: { id: userId },
include: {
trucks: { select: { id: true, licensePlate: true, model: true, capacity: true, currentLat: true, currentLng: true } },
transactions: { take: 5, orderBy: { createdAt: 'desc' }, select: { id: true, amount: true, type: true, description: true, route: true, createdAt: true } },
},
});
if (!user) return res.status(404).json({ success: false, message: 'User not found' });
res.status(200).json({
success: true,
data: {
id: user.id, name: user.name, phone: user.phone, role: user.role,
status: user.status, rating: user.rating, deliveriesCount: user.deliveriesCount,
totalEarnings: user.totalEarnings, weeklyEarnings: user.weeklyEarnings,
weeklyKmDriven: user.weeklyKmDriven, trucks: user.trucks || [],
recentTransactions: user.transactions || [], lastActiveDate: user.lastActiveDate,
},
});
} catch (err) {
console.error('getProfile error:', err.message);
res.status(500).json({ success: false, message: 'Failed to fetch profile' });
}
};
/**
* POST /api/auth/refresh-token
*/
const refreshToken = async (req, res) => {
try {
const { error } = Joi.object({ refreshToken: Joi.string().required().label('Refresh token') }).validate(req.body);
if (error) return res.status(400).json({ success: false, message: error.details[0].message });
const newAccessToken = refreshAccessToken(req.body.refreshToken);
res.status(200).json({ success: true, message: 'Token refreshed successfully', data: { accessToken: newAccessToken } });
} catch (err) {
console.error('refreshToken error:', err.message);
if (err.message === 'Invalid refresh token') {
return res.status(403).json({ success: false, message: 'Invalid or expired refresh token' });
}
res.status(500).json({ success: false, message: 'Token refresh failed' });
}
};
module.exports = { sendOTP, verifyOTP, getProfile, refreshToken };
|