// src/controllers/orderController.js
const Order = require('../models/Order');
const Product = require('../models/Product');
const sendTelegramAlert = require('../utils/telegram');
// @desc Create new order
// @route POST /api/orders
// @access Private
const addOrderItems = async (req, res) => {
const {
orderItems,
paymentMethod,
totalAmount, // In a strict app, calculate this on backend. For now, we trust frontend but verify basics.
pickupDate
} = req.body;
if (orderItems && orderItems.length === 0) {
return res.status(400).json({ message: 'No order items' });
}
try {
// Optional: You could verify stock here and decrement it
// For simplicity in this version, we just record the order
const order = new Order({
user: req.user._id,
items: orderItems.map((x) => ({
...x,
product: x.product,
})),
totalAmount,
paymentMethod,
pickupDate
});
const createdOrder = await order.save();
const alertMsg = `
💰 New Order Received!
--------------------------------
Customer: ${req.user.name}
Amount: ₹${totalAmount}
Items: ${orderItems.length} items
Payment: ${paymentMethod === 'ONLINE_UPI' ? 'UPI' : 'Cash'}
--------------------------------
Check Admin Panel for details.
`;
// We don't await this so it doesn't slow down the user response
sendTelegramAlert(alertMsg);
res.status(201).json(createdOrder);
} catch (error) {
res.status(500).json({ message: error.message });
}
};
// @desc Get order by ID
// @route GET /api/orders/:id
// @access Private
const getOrderById = async (req, res) => {
try {
// Populate user name and email attached to order
const order = await Order.findById(req.params.id).populate(
'user',
'name phone email'
);
if (order) {
// Ensure only Admin or the Order Owner can view it
if (req.user.role === 'admin' || order.user._id.toString() === req.user._id.toString()) {
res.json(order);
} else {
res.status(401).json({ message: 'Not authorized to view this order' });
}
} else {
res.status(404).json({ message: 'Order not found' });
}
} catch (error) {
res.status(500).json({ message: error.message });
}
};
// @desc Get logged in user orders
// @route GET /api/orders/myorders
// @access Private
const getMyOrders = async (req, res) => {
try {
const orders = await Order.find({ user: req.user._id }).sort({ createdAt: -1 });
res.json(orders);
} catch (error) {
res.status(500).json({ message: error.message });
}
};
// @desc Get all orders
// @route GET /api/orders
// @access Private/Admin
const getOrders = async (req, res) => {
try {
// Populate user info so Admin knows who ordered
const orders = await Order.find({})
.populate('user', 'id name phone')
.sort({ createdAt: -1 });
res.json(orders);
} catch (error) {
res.status(500).json({ message: error.message });
}
};
// @desc Update order status
// @route PUT /api/orders/:id/status
// @access Private/Admin
const updateOrderStatus = async (req, res) => {
const { status } = req.body; // e.g. "Ready for Pickup"
try {
const order = await Order.findById(req.params.id);
if (order) {
order.status = status;
if (status === 'Completed') {
// If completed, we assume payment is done (Cash or UPI verified)
// You can add specific payment logic here if needed
}
const updatedOrder = await order.save();
// 🔥 Cancel Alert
if (status === 'Cancelled') {
sendTelegramAlert(`❌ Order Cancelled\nOrder #${order._id} was marked as Cancelled.`);
}
res.json(updatedOrder);
} else {
res.status(404).json({ message: 'Order not found' });
}
} catch (error) {
res.status(500).json({ message: error.message });
}
};
module.exports = {
addOrderItems,
getOrderById,
getMyOrders,
getOrders,
updateOrderStatus,
};