Merge pull request 'feat: lookup by id in customer search' (#61) from cust-search into main

Reviewed-on: #61

app/delivery/middleware/auth.go

@@ -10,14 +10,14 @@ import (
 	"git.ma-al.com/goc_daniel/b2b/app/model"
 	"git.ma-al.com/goc_daniel/b2b/app/service/authService"
 	constdata "git.ma-al.com/goc_daniel/b2b/app/utils/const_data"
+	"git.ma-al.com/goc_daniel/b2b/app/utils/localeExtractor"
 
 	"github.com/gofiber/fiber/v3"
 )
 
 // AuthMiddleware creates authentication middleware
-func AuthMiddleware() fiber.Handler {
+func Authenticate() fiber.Handler {
 	authService := authService.NewAuthService()
-
 	return func(c fiber.Ctx) error {
 		// Get token from Authorization header
 		authHeader := c.Get("Authorization")
@@ -25,17 +25,13 @@ func AuthMiddleware() fiber.Handler {
 			// Try to get from cookie
 			authHeader = c.Cookies("access_token")
 			if authHeader == "" {
-				return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
-					"error": "authorization token required",
-				})
+				return c.Next()
 			}
 		} else {
 			// Extract token from "Bearer <token>"
 			parts := strings.Split(authHeader, " ")
 			if len(parts) != 2 || parts[0] != "Bearer" {
-				return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
-					"error": "invalid authorization header format",
-				})
+				return c.Next()
 			}
 			authHeader = parts[1]
 		}
@@ -43,24 +39,18 @@ func AuthMiddleware() fiber.Handler {
 		// Validate token
 		claims, err := authService.ValidateToken(authHeader)
 		if err != nil {
-			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
-				"error": "invalid or expired token",
-			})
+			return c.Next()
 		}
 
 		// Get user from database
 		user, err := authService.GetUserByID(claims.UserID)
 		if err != nil {
-			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
-				"error": "user not found",
-			})
+			return c.Next()
 		}
 
 		// Check if user is active
 		if !user.IsActive {
-			return c.Status(fiber.StatusForbidden).JSON(fiber.Map{
-				"error": "user account is inactive",
-			})
+			return c.Next()
 		}
 
 		// Create locale. LangID is overwritten by auth Token
@@ -79,9 +69,7 @@ func AuthMiddleware() fiber.Handler {
 
 		// We now populate the target user
 		if model.CustomerRole(user.Role.Name) != model.RoleAdmin {
-			return c.Status(fiber.StatusForbidden).JSON(fiber.Map{
-				"error": "admin access required",
-			})
+			return c.Next()
 		}
 
 		targetUserID, err := strconv.Atoi(targetUserIDAttribute)
@@ -114,6 +102,18 @@ func AuthMiddleware() fiber.Handler {
 	}
 }
 
+func Authorize() fiber.Handler {
+	return func(c fiber.Ctx) error {
+		_, ok := localeExtractor.GetUserID(c)
+		if !ok {
+			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
+				"error": "not authenticated",
+			})
+		}
+		return c.Next()
+	}
+}
+
 // Webdav
 func Webdav() fiber.Handler {
 	authService := authService.NewAuthService()

app/delivery/web/api/public/auth.go

@@ -49,7 +49,7 @@ func AuthHandlerRoutes(r fiber.Router) fiber.Router {
 	r.Get("/google", handler.GoogleLogin)
 	r.Get("/google/callback", handler.GoogleCallback)
 
-	authProtected := r.Group("", middleware.AuthMiddleware())
+	authProtected := r.Group("", middleware.Authorize())
 	authProtected.Get("/me", handler.Me)
 	authProtected.Post("/update-choice", handler.UpdateJWTToken)
 

app/delivery/web/api/public/routing.go

@@ -2,6 +2,7 @@ package public
 
 import (
 	"git.ma-al.com/goc_daniel/b2b/app/service/menuService"
+	constdata "git.ma-al.com/goc_daniel/b2b/app/utils/const_data"
 	"git.ma-al.com/goc_daniel/b2b/app/utils/i18n"
 	"git.ma-al.com/goc_daniel/b2b/app/utils/localeExtractor"
 	"git.ma-al.com/goc_daniel/b2b/app/utils/nullable"
@@ -31,12 +32,21 @@ func RoutingHandlerRoutes(r fiber.Router) fiber.Router {
 }
 
 func (h *RoutingHandler) GetRouting(c fiber.Ctx) error {
-	lang_id, ok := localeExtractor.GetLangID(c)
+	langId, ok := localeExtractor.GetLangID(c)
 	if !ok {
-		return c.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
-			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrBadAttribute)))
+		return c.Status(responseErrors.GetErrorStatus(responseErrors.ErrInvalidBody)).
+			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrInvalidBody)))
 	}
-	menu, err := h.menuService.GetRoutes(lang_id)
+
+	var roleId uint
+	customer, ok := localeExtractor.GetCustomer(c)
+	if !ok {
+		roleId = constdata.UNLOGGED_USER_ROLE_ID
+	} else {
+		roleId = customer.RoleID
+	}
+
+	menu, err := h.menuService.GetRoutes(langId, roleId)
 	if err != nil {
 		return c.Status(responseErrors.GetErrorStatus(err)).
 			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, err)))

app/delivery/web/api/restricted/customer.go

@@ -3,6 +3,7 @@ package restricted
 import (
 	"strconv"
 
+	"git.ma-al.com/goc_daniel/b2b/app/delivery/middleware"
 	"git.ma-al.com/goc_daniel/b2b/app/delivery/middleware/perms"
 	"git.ma-al.com/goc_daniel/b2b/app/model"
 	"git.ma-al.com/goc_daniel/b2b/app/service/customerService"
@@ -30,7 +31,7 @@ func CustomerHandlerRoutes(r fiber.Router) fiber.Router {
 	handler := NewCustomerHandler()
 
 	r.Get("", handler.customerData)
-	r.Get("/list", handler.listCustomers)
+	r.Get("/list", middleware.Require(perms.UserReadAny), handler.listCustomers)
 	return r
 }
 
@@ -75,10 +76,6 @@ func (h *customerHandler) listCustomers(fc fiber.Ctx) error {
 		return fc.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
 			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrBadAttribute)))
 	}
-	if !user.HasPermission(perms.UserReadAny) {
-		return fc.Status(fiber.StatusForbidden).
-			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrForbidden)))
-	}
 
 	p, filt, err := query_params.ParseFilters[model.Customer](fc, columnMappingListUsers)
 	if err != nil {
@@ -87,12 +84,6 @@ func (h *customerHandler) listCustomers(fc fiber.Ctx) error {
 	}
 
 	search := fc.Query("search")
-	if search != "" {
-		if !user.HasPermission(perms.UserReadAny) {
-			return fc.Status(fiber.StatusForbidden).
-				JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrForbidden)))
-		}
-	}
 
 	customer, err := h.service.Find(user.LangID, p, filt, search)
 	if err != nil {

app/delivery/web/init.go

@@ -86,9 +86,10 @@ func (s *Server) Setup() error {
 
 	// API routes
 	s.api = s.app.Group("/api/v1")
+	s.api.Use(middleware.Authenticate())
 	s.public = s.api.Group("/public")
 	s.restricted = s.api.Group("/restricted")
-	s.restricted.Use(middleware.AuthMiddleware())
+	s.restricted.Use(middleware.Authorize())
 	s.webdav = s.api.Group("/webdav")
 	s.webdav.Use(middleware.Webdav())
 

app/model/routing.go

@@ -7,7 +7,6 @@ type Route struct {
 	Component string  `gorm:"type:varchar(255);not null;comment:path to component file" json:"component"`
 	Meta      *string `gorm:"type:longtext;default:'{}'" json:"meta,omitempty"`
 	Active    *bool   `gorm:"type:tinyint;default:1" json:"active,omitempty"`
-	SortOrder *int    `gorm:"type:int;default:0" json:"sort_order,omitempty"`
 }
 
 func (Route) TableName() string {

app/repos/customerRepo/customerRepo.go

@@ -1,6 +1,7 @@
 package customerRepo
 
 import (
+	"fmt"
 	"strings"
 
 	"git.ma-al.com/goc_daniel/b2b/app/db"
@@ -80,13 +81,16 @@ func (repo *CustomerRepo) Find(langId uint, p find.Paging, filt *filters.Filters
 		for _, word := range words {
 
 			conditions = append(conditions, `
-			(LOWER(first_name) LIKE ? OR
+			(
+			 id = ? OR
+			 LOWER(first_name) LIKE ? OR
 			 LOWER(last_name) LIKE ? OR
 			 LOWER(email) LIKE ?)
 		`)
 
+			args = append(args, strings.ToLower(word))
 			for range 3 {
-				args = append(args, "%"+strings.ToLower(word)+"%")
+				args = append(args, fmt.Sprintf("%%%s%%", strings.ToLower(word)))
 			}
 		}
 
@@ -110,88 +114,3 @@ func (repo *CustomerRepo) Save(customer *model.Customer) error {
 func (repo *CustomerRepo) Create(customer *model.Customer) error {
 	return db.DB.Create(customer).Error
 }
-
-// func (repo *CustomerRepo) Search(
-// 	customerId uint,
-// 	partnerCode string,
-// 	p find.Paging,
-// 	filt *filters.FiltersList,
-// 	search string,
-// ) (found find.Found[model.UserInList], err error) {
-// 	words := strings.Fields(search)
-// 	if len(words) > 5 {
-// 		words = words[:5]
-// 	}
-
-// 	query := ctx.DB().
-// 		Model(&model.Customer{}).
-// 		Select("customer.id AS id, customer.first_name as first_name, customer.last_name as last_name, customer.phone_number AS phone_number, customer.email AS email, count(distinct investment_plan_contract.id) as iiplan_purchases, count(distinct `order`.id) as single_purchases, entity.name as entity_name").
-// 		Where("customer.id <> ?", customerId).
-// 		Where("(customer.id IN (SELECT id FROM customer WHERE partner_code IN (WITH RECURSIVE partners AS (SELECT code AS dst FROM partner WHERE code = ? UNION SELECT code FROM partner JOIN partners ON partners.dst = partner.superior_code) SELECT dst FROM partners)) OR customer.recommender_code = ?)", partnerCode, partnerCode).
-// 		Scopes(view.CustomerListQuery())
-
-// 	var conditions []string
-// 	var args []interface{}
-// 	for _, word := range words {
-
-// 		conditions = append(conditions, `
-// 			(LOWER(first_name) LIKE ? OR
-// 			 LOWER(last_name) LIKE ? OR
-// 			 phone_number LIKE ? OR
-// 			 LOWER(email) LIKE ?)
-// 		`)
-
-// 		for i := 0; i < 4; i++ {
-// 			args = append(args, "%"+strings.ToLower(word)+"%")
-// 		}
-// 	}
-
-// 	finalQuery := strings.Join(conditions, " AND ")
-
-// 	query = query.Where(finalQuery, args...).
-// 		Scopes(filt.All()...)
-
-// 	found, err = find.Paginate[V](ctx, p, query)
-
-// 	return found, errs.Recorded(span, err)
-// }
-
-// func (repo *ListRepo) ListUsers(id_lang uint, p find.Paging, filt *filters.FiltersList) (find.Found[model.UserInList], error) {
-// 	var list []model.UserInList
-// 	var total int64
-
-// 	query := db.Get().
-// 		Table("b2b_customers AS users").
-// 		Select(`
-// 			users.id AS id,
-// 			users.email AS email,
-// 			users.first_name AS first_name,
-// 			users.last_name AS last_name,
-// 			users.role AS role
-// 		`)
-
-// 	// Apply all filters
-// 	if filt != nil {
-// 		filt.ApplyAll(query)
-// 	}
-
-// 	//  run counter first as query is without limit and offset
-// 	err := query.Count(&total).Error
-// 	if err != nil {
-// 		return find.Found[model.UserInList]{}, err
-// 	}
-
-// 	err = query.
-// 		Order("users.id DESC").
-// 		Limit(p.Limit()).
-// 		Offset(p.Offset()).
-// 		Find(&list).Error
-// 	if err != nil {
-// 		return find.Found[model.UserInList]{}, err
-// 	}
-
-// 	return find.Found[model.UserInList]{
-// 		Items: list,
-// 		Count: uint(total),
-// 	}, nil
-// }

app/repos/productsRepo/productsRepo.go

@@ -18,7 +18,7 @@ type UIProductsRepo interface {
 	// GetJSON(p_id_product, p_id_shop, p_id_lang, p_id_customer, b2b_id_country, p_quantity int) (*json.RawMessage, error)
 	Find(id_lang uint, userID uint, p find.Paging, filt *filters.FiltersList) (*find.Found[model.ProductInList], error)
 	GetProductVariants(langID uint, productID uint, shopID uint, customerID uint, countryID uint, quantity uint) ([]view.ProductAttribute, error)
-	GetBase(p_id_product, p_id_shop, p_id_lang uint) (view.Product, error)
+	GetBase(p_id_product, p_id_shop, p_id_lang, p_id_customer uint) (view.Product, error)
 	GetPrice(p_id_product uint, productAttributeID *uint, p_id_shop uint, p_id_customer uint, p_id_country uint, p_quantity uint) (view.Price, error)
 	GetVariants(p_id_product, p_id_shop, p_id_lang, p_id_customer, p_id_country, p_quantity uint) ([]view.ProductAttribute, error)
 	AddToFavorites(userID uint, productID uint) error
@@ -33,11 +33,11 @@ func New() UIProductsRepo {
 	return &ProductsRepo{}
 }
 
-func (repo *ProductsRepo) GetBase(p_id_product, p_id_shop, p_id_lang uint) (view.Product, error) {
+func (repo *ProductsRepo) GetBase(p_id_product, p_id_shop, p_id_lang, p_id_customer uint) (view.Product, error) {
 	var result view.Product
 
-	err := db.DB.Raw(`CALL get_product_base(?,?,?)`,
-		p_id_product, p_id_shop, p_id_lang).
+	err := db.DB.Raw(`CALL get_product_base(?,?,?,?)`,
+		p_id_product, p_id_shop, p_id_lang, p_id_customer).
 		Scan(&result).Error
 
 	return result, err

app/repos/routesRepo/routesRepo.go

@@ -7,7 +7,7 @@ import (
 )
 
 type UIRoutesRepo interface {
-	GetRoutes(langId uint) ([]model.Route, error)
+	GetRoutes(langId uint, roleId uint) ([]model.Route, error)
 	GetTopMenu(id uint, roleId uint) ([]model.B2BTopMenu, error)
 }
 
@@ -17,13 +17,18 @@ func New() UIRoutesRepo {
 	return &RoutesRepo{}
 }
 
-func (p *RoutesRepo) GetRoutes(langId uint) ([]model.Route, error) {
+func (p *RoutesRepo) GetRoutes(langId uint, roleId uint) ([]model.Route, error) {
 	routes := []model.Route{}
-	err := db.DB.Find(&routes, model.Route{Active: nullable.GetNil(true)}).Error
-	if err != nil {
-		return nil, err
-	}
-	return routes, nil
+
+	err := db.
+		Get().
+		Model(model.Route{}).
+		Joins("JOIN b2b_route_roles rr ON rr.route_id = b2b_routes.id").
+		Where(model.Route{Active: nullable.GetNil(true)}).
+		Where("rr.role_id = ?", roleId).
+		Find(&routes).Error
+
+	return routes, err
 }
 
 func (p *RoutesRepo) GetTopMenu(langId uint, roleId uint) ([]model.B2BTopMenu, error) {

app/service/menuService/menuService.go

@@ -102,8 +102,8 @@ func (s *MenuService) createTree(index int, all_categories *([]model.ScannedCate
 	return node, true
 }
 
-func (s *MenuService) GetRoutes(id_lang uint) ([]model.Route, error) {
-	return s.routesRepo.GetRoutes(id_lang)
+func (s *MenuService) GetRoutes(id_lang, roleId uint) ([]model.Route, error) {
+	return s.routesRepo.GetRoutes(id_lang, roleId)
 }
 
 func (s *MenuService) scannedToNormalCategory(scanned model.ScannedCategory) model.Category {

app/service/productService/productService.go

@@ -27,7 +27,7 @@ func (s *ProductService) Get(
 	p_id_product, p_id_lang, p_id_customer, b2b_id_country, p_quantity uint,
 ) (*json.RawMessage, error) {
 
-	product, err := s.productsRepo.GetBase(p_id_product, constdata.SHOP_ID, p_id_lang)
+	product, err := s.productsRepo.GetBase(p_id_product, constdata.SHOP_ID, p_id_lang, p_id_customer)
 	if err != nil {
 		return nil, err
 	}

app/utils/const_data/consts.go

@@ -32,3 +32,5 @@ const WEBDAV_TRIMMED_ROOT = "localhost:3000/api/v1/webdav/storage"
 const NON_ALNUM_REGEX = `[^a-z0-9]+`
 const MULTI_DASH_REGEX = `-+`
 const SLUG_REGEX = `^[a-z0-9]+(?:-[a-z0-9]+)*$`
+
+const UNLOGGED_USER_ROLE_ID = 4

bruno/api_v1/routes/Routes.yml

@@ -0,0 +1,15 @@
+info:
+  name: Routes
+  type: http
+  seq: 1
+
+http:
+  method: GET
+  url: ""
+  auth: inherit
+
+settings:
+  encodeUrl: true
+  timeout: 0
+  followRedirects: true
+  maxRedirects: 5

bruno/api_v1/routes/folder.yml

@@ -0,0 +1,7 @@
+info:
+  name: routes
+  type: folder
+  seq: 10
+
+request:
+  auth: inherit

i18n/migrations/20260302163100_routes.sql

@@ -42,6 +42,11 @@ INSERT IGNORE INTO `b2b_top_menu` (`menu_id`, `label`, `parent_id`, `params`, `a
 (3, JSON_COMPACT('{"name":"admin-products","trans":{"pl":{"label":"admin-products"},"en":{"label":"admin-products"},"de":{"label":"admin-products"}}}'),1,JSON_COMPACT('{}'),1,1),
 (9, JSON_COMPACT('{"name":"carts","trans":{"pl":{"label":"Koszyki"},"en":{"label":"Carts"},"de":{"label":"Warenkörbe"}}}'),3,JSON_COMPACT('{"route": {"name": "home", "params":{"locale": ""}}}'),1,1);
 
+CREATE TABLE `b2b_route_roles` ( 
+  `route_id` INT NOT NULL,
+  `role_id` BIGINT UNSIGNED NOT NULL,
+   PRIMARY KEY (`id`, `role_id`)
+);
 
 
 -- +goose Down

i18n/migrations/20260302163122_create_tables.sql

@@ -338,6 +338,24 @@ ON b2b_specific_price_customer (b2b_id_customer);
 CREATE INDEX idx_bsp_country_rel
 ON b2b_specific_price_country (b2b_id_country);
 
+CREATE TABLE b2b_route_roles ( 
+  route_id INT NOT NULL,
+  role_id BIGINT UNSIGNED NOT NULL,
+  PRIMARY KEY (route_id, role_id),
+  INDEX idx_role_id (role_id),
+  INDEX idx_route_id (route_id),
+  CONSTRAINT FK_b2b_route_roles_route_id
+    FOREIGN KEY (route_id)
+    REFERENCES b2b_routes (id)
+    ON DELETE CASCADE
+    ON UPDATE CASCADE,
+  CONSTRAINT FK_b2b_route_roles_role_id
+    FOREIGN KEY (role_id)
+    REFERENCES b2b_roles (id)
+    ON DELETE CASCADE
+    ON UPDATE CASCADE
+) ENGINE=InnoDB;
+
 DELIMITER //
 
 CREATE FUNCTION IF NOT EXISTS slugify_eu(input TEXT)
@@ -438,6 +456,7 @@ DROP TABLE IF EXISTS b2b_customer_carts;
 DROP TABLE IF EXISTS b2b_specific_price_country;
 DROP TABLE IF EXISTS b2b_specific_price_customer;
 DROP TABLE IF EXISTS b2b_specific_price_product_attribute;
+DROP TABLE IF EXISTS b2b_route_roles;
 DROP TABLE IF EXISTS b2b_specific_price_category;
 DROP TABLE IF EXISTS b2b_specific_price_product;
 DROP TABLE IF EXISTS b2b_specific_price;

i18n/migrations/20260302163123_create_tables_data.sql

@@ -10,6 +10,7 @@ VALUES
 INSERT INTO `b2b_roles` (`name`, `id`) VALUES ('user','1');
 INSERT INTO `b2b_roles` (`name`, `id`) VALUES ('admin','2');
 INSERT INTO `b2b_roles` (`name`, `id`) VALUES ('super_admin','3');
+INSERT INTO `b2b_roles` (`name`, `id`) VALUES ('unlogged','4');
 
 
 -- insert sample admin user admin@ma-al.com/Maal12345678
@@ -58,4 +59,32 @@ INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '6'
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '7');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '8');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '9');
+
+INSERT INTO `b2b_route_roles` (`route_id`, `role_id`) VALUES
+(1, '1'),
+(1, '2'),
+(1, '3'),
+(2, '1'),
+(2, '2'),
+(2, '3'),
+(3, '1'),
+(3, '2'),
+(3, '3'),
+(3, '4'),
+(4, '1'),
+(4, '2'),
+(4, '3'),
+(4, '4'),
+(5, '1'),
+(5, '2'),
+(5, '3'),
+(5, '4'),
+(6, '1'),
+(6, '2'),
+(6, '3'),
+(6, '4'),
+(7, '1'),
+(7, '2'),
+(7, '3'),
+(7, '4');
 -- +goose Down

i18n/migrations/20260319163200_procedures.sql

@@ -319,7 +319,8 @@ DROP PROCEDURE IF EXISTS get_product_base //
 CREATE PROCEDURE get_product_base(
   IN p_id_product INT,
   IN p_id_shop INT,
-  IN p_id_lang INT
+  IN p_id_lang INT,
+  IN p_id_customer INT
 )
 BEGIN
     SELECT
@@ -376,14 +377,12 @@ BEGIN
         
         -- Relations
         m.name AS manufacturer,
-        cl.name AS category
+        cl.name AS category,
 
-        -- This doesn't fit to base product, I'll add proper is_favorite to product later
-
-        -- EXISTS(
-        --   SELECT 1 FROM b2b_favorites f
-        --   WHERE f.user_id = p_id_customer AND f.product_id = p_id_product
-        -- ) AS is_favorite
+        EXISTS(
+          SELECT 1 FROM b2b_favorites f
+          WHERE f.user_id = p_id_customer AND f.product_id = p_id_product
+        ) AS is_favorite