feat: reestruturacao de menus na sidebar, niveis de acesso e migracao para postgresql/dragonflydb
continuous-integration/webhook Deploy concluido (rx.scoreodonto.com)

This commit is contained in:
VPS 4 Builder
2026-05-26 21:08:48 +02:00
parent dc1801f4a7
commit 5b0d80bf22
29 changed files with 257 additions and 7187 deletions
+10 -10
View File
@@ -19,7 +19,7 @@ router.post('/login', async (req, res) => {
// Buscar usuário
const user = await db.get(
'SELECT * FROM users WHERE username = ? OR email = ?',
'SELECT * FROM users WHERE username = $1 OR email = $2',
[username, username]
);
@@ -77,7 +77,7 @@ router.get('/verify', async (req, res) => {
const jwt = require('jsonwebtoken');
const decoded = jwt.verify(token, require('../auth').JWT_SECRET);
const user = await db.get('SELECT * FROM users WHERE id = ?', [decoded.id]);
const user = await db.get('SELECT * FROM users WHERE id = $1', [decoded.id]);
if (!user) {
return res.status(404).json({ error: 'Usuário não encontrado' });
@@ -131,7 +131,7 @@ router.post('/create-user', authenticateToken, async (req, res) => {
// Verificar se usuário já existe
const existing = await db.get(
'SELECT * FROM users WHERE username = ? OR email = ?',
'SELECT * FROM users WHERE username = $1 OR email = $2',
[username, email]
);
@@ -147,7 +147,7 @@ router.post('/create-user', authenticateToken, async (req, res) => {
// Criar usuário
const result = await db.run(
`INSERT INTO users (username, email, password_hash, clinic_name, pc_name, is_admin, created_at)
VALUES (?, ?, ?, ?, ?, ?, NOW())`,
VALUES ($1, $2, $3, $4, $5, $6, CURRENT_TIMESTAMP) RETURNING id`,
[username, email, passwordHash, clinic_name || null, pc_name || null, !!is_admin]
);
@@ -188,7 +188,7 @@ router.delete('/users/:id', authenticateToken, async (req, res) => {
if (parseInt(userId) === req.user.id) {
return res.status(400).json({ error: 'Não é possível excluir o próprio usuário admin' });
}
await db.run('DELETE FROM users WHERE id = ?', [userId]);
await db.run('DELETE FROM users WHERE id = $1', [userId]);
res.json({ success: true, message: 'Usuário excluído com sucesso' });
} catch (error) {
res.status(500).json({ error: 'Erro ao excluir usuário' });
@@ -200,7 +200,7 @@ router.post('/users/:id/token', authenticateToken, async (req, res) => {
if (!req.user.is_admin) {
return res.status(403).json({ error: 'Acesso negado' });
}
const user = await db.get('SELECT * FROM users WHERE id = ?', [req.params.id]);
const user = await db.get('SELECT * FROM users WHERE id = $1', [req.params.id]);
if (!user) return res.status(404).json({ error: 'Usuário não encontrado' });
// Gera um token com duração longa para uso no desktop (ex: 3650 dias = ~10 anos)
@@ -229,7 +229,7 @@ router.put('/update-credentials', authenticateToken, async (req, res) => {
}
// Buscar usuário atual para verificar a senha
const user = await db.get('SELECT * FROM users WHERE id = ?', [userId]);
const user = await db.get('SELECT * FROM users WHERE id = $1', [userId]);
if (!user) {
return res.status(404).json({ error: 'Usuário não encontrado' });
}
@@ -246,7 +246,7 @@ router.put('/update-credentials', authenticateToken, async (req, res) => {
// Verificar e aplicar novo username se fornecido
if (newUsername && newUsername !== user.username) {
const existing = await db.get('SELECT * FROM users WHERE username = ? AND id != ?', [newUsername, userId]);
const existing = await db.get('SELECT * FROM users WHERE username = $1 AND id != $2', [newUsername, userId]);
if (existing) {
return res.status(409).json({ error: 'Este nome de usuário já está em uso' });
}
@@ -255,7 +255,7 @@ router.put('/update-credentials', authenticateToken, async (req, res) => {
// Verificar e aplicar novo e-mail se fornecido
if (newEmail && newEmail !== user.email) {
const existing = await db.get('SELECT * FROM users WHERE email = ? AND id != ?', [newEmail, userId]);
const existing = await db.get('SELECT * FROM users WHERE email = $1 AND id != $2', [newEmail, userId]);
if (existing) {
return res.status(409).json({ error: 'Este e-mail já está em uso' });
}
@@ -272,7 +272,7 @@ router.put('/update-credentials', authenticateToken, async (req, res) => {
// Atualizar no banco de dados
await db.run(
'UPDATE users SET username = ?, email = ?, password_hash = ? WHERE id = ?',
'UPDATE users SET username = $1, email = $2, password_hash = $3 WHERE id = $4',
[finalUsername, finalEmail, finalPasswordHash, userId]
);