Feature/create batch

backend/db.js → backend/config/db.js

@@ -5,10 +5,8 @@ dotenv.config();
 const connectDB = async () => {
   try {
     const ConnectDB = process.env.MONGODB_URI;
-    await mongoose.connect(ConnectDB, {
-      useNewUrlParser: true,
-      useUnifiedTopology: true,
-    });
+    //Removing the options as they are no longer needed from mongoose6+
+    await mongoose.connect(ConnectDB);
     console.log("MongoDB Connected");
   } catch (error) {
     console.error("MongoDB Connection Error:", error);

backend/models/passportConfig.js → backend/config/passportConfig.js

@@ -1,17 +1,7 @@
 const passport = require("passport");
-const LocalStrategy = require("passport-local");
 const GoogleStrategy = require("passport-google-oauth20");
 const isIITBhilaiEmail = require("../utils/isIITBhilaiEmail");
-const { User } = require("./schema");
-// Local Strategy
-passport.use(
-  new LocalStrategy(
-    {
-      usernameField: "email",
-    },
-    User.authenticate(),
-  ),
-);
+const { User } = require("../models/schema");
 
 // Google OAuth Strategy
 passport.use(

backend/controllers/certificateController.js

@@ -0,0 +1,157 @@
+const {
+  User,
+  PositionHolder,
+  Position,
+  OrganizationalUnit,
+} = require("../models/schema");
+const { CertificateBatch } = require("../models/certificateSchema");
+const { validateBatchSchema, zodObjectId } = require("../utils/batchValidate");
+
+async function createBatch(req, res) {
+  //console.log(req.user);
+  const id = req.user.id;
+  const user = await User.findById(id);
+  if (!user) {
+    return res.status(404).json({ messge: "Invalid data (User not found)" });
+  }
+
+  if (user.role && user.role !== "CLUB_COORDINATOR") {
+    return res
+      .status(403)
+      .json({ message: "Not authorized to perform the task" });
+  }
+
+  //to get user club
+  // positionHolders({user_id: id}) -> positions({_id: position_id}) -> organizationalUnit({_id: unit_id}) -> unit_id = "Club name"
+  const { title, unit_id, commonData, template_id, users } = req.body;
+  const validation = validateBatchSchema.safeParse({
+    title,
+    unit_id,
+    commonData,
+    template_id,
+    users,
+  });
+
+  if (!validation.success) {
+    return res.status(400).json({ message: "Invalid data sent" });
+  }
+
+  console.log(id);
+  // Get coordinator's position and unit
+  const positionHolder = await PositionHolder.findOne({ user_id: id });
+  console.log(positionHolder._id);
+  if (!positionHolder) {
+    return res
+      .status(403)
+      .json({ message: "You are not part of any position in a unit" });
+  }
+
+  const position = await Position.findById(positionHolder.position_id);
+  console.log(position._id);
+  if (!position) {
+    return res.status(403).json({ message: "Your position is invalid" });
+  }
+
+  const userUnitId = position.unit_id.toString();
+  if (userUnitId !== unit_id) {
+    return res
+      .status(403)
+      .json({
+        message:
+          "You are not authorized to initiate batches outside of your club",
+      });
+  }
+
+  //const clubId = unit_id;
+  // Ensure unit_id is a Club
+  const unitObj = await OrganizationalUnit.findById(unit_id);
+  if (!unitObj || unitObj.type !== "Club") {
+    return res
+      .status(403)
+      .json({ message: "Invalid Data: unit is not a Club" });
+  }
+  console.log(unitObj._id);
+
+  // Get council (parent unit) and ensure it's a Council
+  if (!unitObj.parent_unit_id) {
+    return res
+      .status(403)
+      .json({ message: "Invalid Data: club does not belong to a council" });
+  }
+  console.log(unitObj.parent_unit_id);
+
+  const councilObj = await OrganizationalUnit.findById(unitObj.parent_unit_id);
+  if (!councilObj || councilObj.type !== "Council") {
+    return res.status(403).json({ message: "Invalid Data: council not found" });
+  }
+
+  //const councilId = councilObj._id.toString();
+  const presidentOrgUnitId = councilObj.parent_unit_id;
+  const category = councilObj.category.toUpperCase();
+
+  // Resolve General Secretary and President for the council (server-side, tamper-proof)
+  const gensecObj = await User.findOne({ role: `GENSEC_${category}` });
+  console.log(gensecObj._id);
+
+  const presidentPosition = await Position.findOne({
+    unit_id: presidentOrgUnitId,
+    title: /president/i,
+  });
+  if (!presidentPosition) {
+    return res
+      .status(500)
+      .json({ message: "President position not found for council" });
+  }
+  console.log(presidentPosition._id);
+
+  const presidentHolder = await PositionHolder.findOne({
+    position_id: presidentPosition._id,
+  });
+  const presidentId = presidentHolder.user_id.toString();
+  console.log(presidentId);
+  const presidentObj = await User.findById(presidentId);
+
+  console.log(presidentObj._id);
+  if (!gensecObj || !presidentObj) {
+    return res.status(500).json({ message: "Approvers not found" });
+  }
+
+  const approverIds = [gensecObj._id.toString(), presidentId];
+
+  const userChecks = await Promise.all(
+    users.map(async (uid) => {
+      const validation = zodObjectId.safeParse(uid);
+      if (!validation) {
+        return { uid, ok: false, reason: "Invalid ID" };
+      }
+
+      const userObj = await User.findById(uid);
+      if (!userObj) return { uid, ok: false, reason: "User not found" };
+
+      return { uid, ok: true };
+    }),
+  );
+
+  const invalidData = userChecks.filter((c) => !c.ok);
+  if (invalidData.length > 0) {
+    return res
+      .status(400)
+      .json({ message: "Invalid user data sent", details: invalidData });
+  }
+
+  const newBatch = await CertificateBatch.create({
+    title,
+    unit_id,
+    commonData,
+    templateId: template_id,
+    initiatedBy: id,
+    approverIds,
+    users,
+  });
+
+  res.json({ message: "New Batch created successfully", details: newBatch });
+}
+
+module.exports = {
+  createBatch,
+};

backend/index.js

@@ -1,13 +1,13 @@
 const express = require("express");
 require("dotenv").config();
 // eslint-disable-next-line node/no-unpublished-require
+const { connectDB } = require("./config/db.js");
+const cookieParser = require("cookie-parser");
 const cors = require("cors");
 const routes_auth = require("./routes/auth");
 const routes_general = require("./routes/route");
 const session = require("express-session");
-const bodyParser = require("body-parser");
-const { connectDB } = require("./db");
-const myPassport = require("./models/passportConfig"); // Adjust the path accordingly
+const myPassport = require("./config/passportConfig.js"); // Adjust the path accordingly
 const onboardingRoutes = require("./routes/onboarding.js");
 const profileRoutes = require("./routes/profile.js");
 const feedbackRoutes = require("./routes/feedbackRoutes.js");
@@ -18,20 +18,22 @@ const positionsRoutes = require("./routes/positionRoutes.js");
 const organizationalUnitRoutes = require("./routes/orgUnit.js");
 const announcementRoutes = require("./routes/announcements.js");
 const dashboardRoutes = require("./routes/dashboard.js");
-
 const analyticsRoutes = require("./routes/analytics.js");
+const certificateRoutes = require("./routes/certificateRoutes.js");
 const app = express();
 
 if (process.env.NODE_ENV === "production") {
   app.set("trust proxy", 1);
 }
 
 app.use(cors({ origin: process.env.FRONTEND_URL, credentials: true }));
-
 // Connect to MongoDB
 connectDB();
 
-app.use(bodyParser.json());
+app.use(cookieParser());
+
+//Replaced bodyParser with express.json() - the new standard
+app.use(express.json());
 
 app.use(
   session({
@@ -67,6 +69,7 @@ app.use("/api/announcements", announcementRoutes);
 app.use("/api/dashboard", dashboardRoutes);
 app.use("/api/announcements", announcementRoutes);
 app.use("/api/analytics", analyticsRoutes);
+app.use("/api/certificate-batches", certificateRoutes);
 
 // Start the server
 app.listen(process.env.PORT || 8000, () => {

backend/middlewares/isAuthenticated.js

@@ -1,7 +1,76 @@
+const jwt = require("jsonwebtoken");
+
+//Passport based middleware to check whether the req are coming from authenticated users
 function isAuthenticated(req, res, next) {
   if (req.isAuthenticated && req.isAuthenticated()) {
     return next();
   }
   return res.status(401).json({ message: "Unauthorized: Please login first" });
 }
-module.exports = isAuthenticated;
+
+//Token based middleware to check whether the req are coming from authenticated users or not
+
+function jwtIsAuthenticated(req, res, next) {
+  let token;
+  const headerData = req.headers.authorization;
+  if (!headerData || !headerData.startsWith("Bearer ")) {
+    return res.status(401).json({ message: "User not authenticated " });
+  }
+
+  token = headerData.split(" ")[1];
+  try {
+    const userData = jwt.verify(token, process.env.JWT_SECRET_TOKEN);
+    req.user = userData;
+    //console.log(userData);
+    next();
+  } catch (err) {
+    res.status(401).json({ message: "Invalid or expired token sent" });
+  }
+}
+
+module.exports = {
+  isAuthenticated,
+  jwtIsAuthenticated,
+};
+
+/*
+
+const presidentObj = await User.findById(presidentId);
+
+    console.log(presidentObj._id);
+    if(!gensecObj || !presidentObj) {
+      return res.status(500).json({ message: "Approvers not found" });
+    }
+
+    const approverIds = [gensecObj._id.toString(), presidentId];
+
+    const userChecks = await Promise.all(
+        users.map(async (uid) => {
+            const validation = zodObjectId.safeParse(uid);
+            if(!validation){
+                return {uid, ok: false, reason:"Invalid ID"};
+            }
+
+            const userObj = await User.findById(uid);
+            if(!userObj) return {uid, ok:false, reason: "User not found"};
+
+            return {uid, ok: true};
+        })
+    );
+
+    const invalidData = userChecks.filter((c) => !c.ok);
+    if(invalidData.length > 0){
+        return res.status(400).json({message: "Invalid user data sent", details: invalidData});
+    }
+
+    const newBatch = await CertificateBatch.create({
+        title,
+        unit_id,
+        commonData,
+        template_id,
+        initiatedBy: id,
+        approverIds,
+        users
+    });
+
+*/