Ajuste de cadastro/gerenciamento de usuarios e seguranca de endpoints
continuous-integration/webhook Falha no deploy (rx.scoreodonto.com)

This commit is contained in:
VPS 4 Builder
2026-05-26 20:48:21 +02:00
parent da40ab11f6
commit dc1801f4a7
7 changed files with 104 additions and 24 deletions
+20 -10
View File
@@ -121,7 +121,7 @@ router.post('/create-user', authenticateToken, async (req, res) => {
return res.status(403).json({ error: 'Apenas administradores podem criar usuários' });
}
const { username, email, password, clinic_name, pc_name } = req.body;
const { username, email, password, clinic_name, pc_name, is_admin } = req.body;
if (!username || !email || !password) {
return res.status(400).json({
@@ -146,9 +146,9 @@ router.post('/create-user', authenticateToken, async (req, res) => {
// Criar usuário
const result = await db.run(
`INSERT INTO users (username, email, password_hash, clinic_name, pc_name, created_at)
VALUES (?, ?, ?, ?, ?, NOW())`,
[username, email, passwordHash, clinic_name || null, pc_name || null]
`INSERT INTO users (username, email, password_hash, clinic_name, pc_name, is_admin, created_at)
VALUES (?, ?, ?, ?, ?, ?, NOW())`,
[username, email, passwordHash, clinic_name || null, pc_name || null, !!is_admin]
);
res.json({
@@ -217,14 +217,14 @@ router.post('/users/:id/token', authenticateToken, async (req, res) => {
router.put('/update-credentials', authenticateToken, async (req, res) => {
try {
const { currentPassword, newUsername, newPassword } = req.body;
const { currentPassword, newUsername, newEmail, newPassword } = req.body;
const userId = req.user.id;
if (!currentPassword) {
return res.status(400).json({ error: 'A senha atual é obrigatória' });
}
if (!newUsername && !newPassword) {
if (!newUsername && !newEmail && !newPassword) {
return res.status(400).json({ error: 'Nenhum dado novo foi fornecido para atualização' });
}
@@ -241,6 +241,7 @@ router.put('/update-credentials', authenticateToken, async (req, res) => {
}
let finalUsername = user.username;
let finalEmail = user.email;
let finalPasswordHash = user.password_hash;
// Verificar e aplicar novo username se fornecido
@@ -252,6 +253,15 @@ router.put('/update-credentials', authenticateToken, async (req, res) => {
finalUsername = newUsername;
}
// Verificar e aplicar novo e-mail se fornecido
if (newEmail && newEmail !== user.email) {
const existing = await db.get('SELECT * FROM users WHERE email = ? AND id != ?', [newEmail, userId]);
if (existing) {
return res.status(409).json({ error: 'Este e-mail já está em uso' });
}
finalEmail = newEmail;
}
// Verificar e aplicar nova senha se fornecido
if (newPassword) {
if (newPassword.length < 4) {
@@ -262,12 +272,12 @@ router.put('/update-credentials', authenticateToken, async (req, res) => {
// Atualizar no banco de dados
await db.run(
'UPDATE users SET username = ?, password_hash = ? WHERE id = ?',
[finalUsername, finalPasswordHash, userId]
'UPDATE users SET username = ?, email = ?, password_hash = ? WHERE id = ?',
[finalUsername, finalEmail, finalPasswordHash, userId]
);
// Gerar novo token pois o username pode ter mudado
const updatedUser = { id: userId, username: finalUsername, email: user.email };
// Gerar novo token pois o username ou e-mail podem ter mudado
const updatedUser = { id: userId, username: finalUsername, email: finalEmail, is_admin: user.is_admin };
const newToken = generateToken(updatedUser);
res.json({