Merge branch 'release/2023-05-05' into feature/america

client/src/utils/RenderTemplate.js

@@ -1,6 +1,5 @@
 import { gql } from "@apollo/client";
 import { notification } from "antd";
-import axios from "axios";
 import jsreport from "@jsreport/browser-client";
 import _ from "lodash";
 import moment from "moment";
@@ -9,7 +8,8 @@ import { setEmailOptions } from "../redux/email/email.actions";
 import { store } from "../redux/store";
 import client from "../utils/GraphQLClient";
 import { TemplateList } from "./TemplateConstants";
-
+import cleanAxios from "./CleanAxios";
+import axios from "axios";
 const server = process.env.REACT_APP_REPORTS_SERVER_URL;
 
 jsreport.serverUrl = server;
@@ -26,10 +26,14 @@ export default async function RenderTemplate(
   if (window.jsr3) {
     jsreport.serverUrl = "https://reports3.test.imex.online/";
   }
+  const jsrAuth = (await axios.post("/utils/jsr")).data;
+
+  jsreport.headers["Authorization"] = jsrAuth;
 
   //Query assets that match the template name. Must be in format <<templateName>>.query
   let { contextData, useShopSpecificTemplate } = await fetchContextData(
-    templateObject
+    templateObject,
+    jsrAuth
   );
 
   const { ignoreCustomMargins } = Templates[templateObject.name];
@@ -137,11 +141,15 @@ export async function RenderTemplates(
   //Query assets that match the template name. Must be in format <<templateName>>.query
   let unsortedTemplatesAndData = [];
   let proms = [];
+  const jsrAuth = (await axios.post("/utils/jsr")).data;
+  jsreport.headers["Authorization"] = jsrAuth;
+
   templateObjects.forEach((template) => {
     proms.push(
       (async () => {
         let { contextData, useShopSpecificTemplate } = await fetchContextData(
-          template
+          template,
+          jsrAuth
         );
         unsortedTemplatesAndData.push({
           templateObject: template,
@@ -298,19 +306,22 @@ export const GenerateDocuments = async (templates) => {
   await RenderTemplates(templates, bodyshop);
 };
 
-const fetchContextData = async (templateObject) => {
+const fetchContextData = async (templateObject, jsrAuth) => {
   const bodyshop = store.getState().user.bodyshop;
 
-  jsreport.headers["Authorization"] =
+  jsreport.headers["FirebaseAuthorization"] =
     "Bearer " + (await auth.currentUser.getIdToken());
 
-  const folders = await axios.get(`${server}/odata/folders`);
+  const folders = await cleanAxios.get(`${server}/odata/folders`, {
+    headers: { Authorization: jsrAuth },
+  });
   const shopSpecificFolder = folders.data.value.find(
     (f) => f.name === bodyshop.imexshopid
   );
 
-  const jsReportQueries = await axios.get(
-    `${server}/odata/assets?$filter=name eq '${templateObject.name}.query'`
+  const jsReportQueries = await cleanAxios.get(
+    `${server}/odata/assets?$filter=name eq '${templateObject.name}.query'`,
+    { headers: { Authorization: jsrAuth } }
   );
 
   let templateQueryToExecute;

hasura/metadata/tables.yaml

@@ -694,6 +694,9 @@
         num_retries: 3
         timeout_sec: 60
       webhook_from_env: HASURA_API_URL
+      headers:
+        - name: event-secret
+          value_from_env: EVENT_SECRET
       request_transform:
         method: POST
         query_params: {}
@@ -4112,6 +4115,9 @@
         num_retries: 3
         timeout_sec: 60
       webhook_from_env: HASURA_API_URL
+      headers:
+        - name: event-secret
+          value_from_env: EVENT_SECRET
       request_transform:
         method: POST
         query_params: {}
@@ -4562,6 +4568,9 @@
         num_retries: 3
         timeout_sec: 60
       webhook_from_env: HASURA_API_URL
+      headers:
+        - name: event-secret
+          value_from_env: EVENT_SECRET
       request_transform:
         method: POST
         query_params: {}
@@ -5015,6 +5024,9 @@
         num_retries: 3
         timeout_sec: 60
       webhook_from_env: HASURA_API_URL
+      headers:
+        - name: event-secret
+          value_from_env: EVENT_SECRET
       request_transform:
         method: POST
         query_params: {}
@@ -5957,6 +5969,9 @@
         num_retries: 3
         timeout_sec: 60
       webhook_from_env: HASURA_API_URL
+      headers:
+        - name: event-secret
+          value_from_env: EVENT_SECRET
       request_transform:
         method: POST
         query_params: {}

hasura/migrations/1682698938644_create_index_job_conversations_jobid/down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "public"."job_conversations_jobid";

hasura/migrations/1682698938644_create_index_job_conversations_jobid/up.sql

@@ -0,0 +1,2 @@
+CREATE  INDEX "job_conversations_jobid" on
+  "public"."job_conversations" using btree ("jobid");

hasura/migrations/1682698954457_create_index_job_conversations_conversationid/down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "public"."job_conversations_conversationid";

hasura/migrations/1682698954457_create_index_job_conversations_conversationid/up.sql

@@ -0,0 +1,2 @@
+CREATE  INDEX "job_conversations_conversationid" on
+  "public"."job_conversations" using btree ("conversationid");

hasura/migrations/1682699082565_create_index_job_conversations_job_and_conversation_id/down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "public"."job_conversations_job_and_conversation_id";

hasura/migrations/1682699082565_create_index_job_conversations_job_and_conversation_id/up.sql

@@ -0,0 +1,2 @@
+CREATE  INDEX "job_conversations_job_and_conversation_id" on
+  "public"."job_conversations" using btree ("conversationid", "jobid");

hasura/migrations/1682699225713_create_index_idx_payments_jobid/down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "public"."idx_payments_jobid";

hasura/migrations/1682699225713_create_index_idx_payments_jobid/up.sql

@@ -0,0 +1,2 @@
+CREATE  INDEX "idx_payments_jobid" on
+  "public"."payments" using btree ("jobid");

hasura/migrations/1682699247978_create_index_idx_mixdata_jobid/down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "public"."idx_mixdata_jobid";

hasura/migrations/1682699247978_create_index_idx_mixdata_jobid/up.sql

@@ -0,0 +1,2 @@
+CREATE  INDEX "idx_mixdata_jobid" on
+  "public"."mixdata" using btree ("jobid");

hasura/migrations/1682699275331_create_index_idx_notes_jobid/down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "public"."idx_notes_jobid";

hasura/migrations/1682699275331_create_index_idx_notes_jobid/up.sql

@@ -0,0 +1,2 @@
+CREATE  INDEX "idx_notes_jobid" on
+  "public"."notes" using btree ("jobid");

hasura/migrations/1682699340173_create_index_idx_users_authid/down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "public"."idx_users_authid";

hasura/migrations/1682699340173_create_index_idx_users_authid/up.sql

@@ -0,0 +1,2 @@
+CREATE  INDEX "idx_users_authid" on
+  "public"."users" using btree ("authid");

hasura/migrations/1682699384361_create_index_idx_employees_shopid/down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "public"."idx_employees_shopid";

hasura/migrations/1682699384361_create_index_idx_employees_shopid/up.sql

@@ -0,0 +1,2 @@
+CREATE  INDEX "idx_employees_shopid" on
+  "public"."employees" using btree ("shopid");

hasura/migrations/1682699481332_create_index_idx_employee_vacation_employeeid/down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "public"."idx_employee_vacation_employeeid";

hasura/migrations/1682699481332_create_index_idx_employee_vacation_employeeid/up.sql

@@ -0,0 +1,2 @@
+CREATE  INDEX "idx_employee_vacation_employeeid" on
+  "public"."employee_vacation" using btree ("employeeid");

hasura/migrations/1682699511254_create_index_idx_counters_shopid_type/down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "public"."idx_counters_shopid_type";

hasura/migrations/1682699511254_create_index_idx_counters_shopid_type/up.sql

@@ -0,0 +1,2 @@
+CREATE  INDEX "idx_counters_shopid_type" on
+  "public"."counters" using btree ("shopid", "countertype");

hasura/migrations/1682699741754_run_sql_migration/down.sql

@@ -0,0 +1,3 @@
+-- Could not auto-generate a down migration.
+-- Please write an appropriate down migration for the SQL below:
+-- CREATE INDEX idx_jobs_inproduction_true ON jobs(inproduction) WHERE inproduction = true;

hasura/migrations/1682699741754_run_sql_migration/up.sql

@@ -0,0 +1 @@
+CREATE INDEX idx_jobs_inproduction_true ON jobs(inproduction) WHERE inproduction = true;

hasura/migrations/1682703406197_run_sql_migration/down.sql

@@ -0,0 +1,3 @@
+-- Could not auto-generate a down migration.
+-- Please write an appropriate down migration for the SQL below:
+-- CREATE INDEX idx_associations_active_true ON associations(active) WHERE active = true;

hasura/migrations/1682703406197_run_sql_migration/up.sql

@@ -0,0 +1 @@
+CREATE INDEX idx_associations_active_true ON associations(active) WHERE active = true;

hasura/migrations/1682703475365_create_index_idx_associations_shopid_user/down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "public"."idx_associations_shopid_user";

hasura/migrations/1682703475365_create_index_idx_associations_shopid_user/up.sql

@@ -0,0 +1,2 @@
+CREATE  INDEX "idx_associations_shopid_user" on
+  "public"."associations" using btree ("shopid", "useremail", "active");

server.js

@@ -125,7 +125,11 @@ app.post(
   twilio.webhook({ validate: process.env.NODE_ENV === "PRODUCTION" }),
   smsStatus.status
 );
-app.post("/sms/markConversationRead", smsStatus.markConversationRead);
+app.post(
+  "/sms/markConversationRead",
+  fb.validateFirebaseIdToken,
+  smsStatus.markConversationRead
+);
 
 var job = require("./server/job/job");
 app.post("/job/totals", fb.validateFirebaseIdToken, job.totals);
@@ -153,11 +157,11 @@ app.post("/scheduling/job", fb.validateFirebaseIdToken, scheduling.job);
 var inlineCss = require("./server/render/inlinecss");
 app.post("/render/inlinecss", fb.validateFirebaseIdToken, inlineCss.inlinecss);
 
-app.post(
-  "/notifications/send",
+// app.post(
+//   "/notifications/send",
 
-  fb.sendNotification
-);
+//   fb.sendNotification
+// );
 app.post("/notifications/subscribe", fb.validateFirebaseIdToken, fb.subscribe);
 app.post(
   "/notifications/unsubscribe",
@@ -194,13 +198,13 @@ app.post(
 );
 
 //Stripe Processing
-var stripe = require("./server/stripe/payment");
-app.post("/stripe/payment", fb.validateFirebaseIdToken, stripe.payment);
-app.post(
-  "/stripe/mobilepayment",
-  fb.validateFirebaseIdToken,
-  stripe.mobile_payment
-);
+// var stripe = require("./server/stripe/payment");
+// app.post("/stripe/payment", fb.validateFirebaseIdToken, stripe.payment);
+// app.post(
+//   "/stripe/mobilepayment",
+//   fb.validateFirebaseIdToken,
+//   stripe.mobile_payment
+// );
 
 //Tech Console
 var tech = require("./server/tech/tech");
@@ -208,7 +212,7 @@ app.post("/tech/login", fb.validateFirebaseIdToken, tech.techLogin);
 
 var utils = require("./server/utils/utils");
 app.post("/utils/time", utils.servertime);
-
+app.post("/utils/jsr", fb.validateFirebaseIdToken, utils.jsrAuth);
 var qbo = require("./server/accounting/qbo/qbo");
 app.post("/qbo/authorize", fb.validateFirebaseIdToken, qbo.authorize);
 app.get("/qbo/callback", qbo.callback);
@@ -221,7 +225,7 @@ app.post("/data/ah", data.autohouse);
 app.post("/record-handler/arms", data.arms);
 
 var taskHandler = require("./server/tasks/tasks");
-app.post("/taskHandler", taskHandler.taskHandler);
+app.post("/taskHandler", fb.validateFirebaseIdToken, taskHandler.taskHandler);
 
 var mixdataUpload = require("./server/mixdata/mixdata");
 
@@ -259,10 +263,10 @@ app.post(
 
 var ioevent = require("./server/ioevent/ioevent");
 app.post("/ioevent", ioevent.default);
-app.post("/newlog", (req, res) => {
-  const { message, type, user, record, object } = req.body;
-  logger.log(message, type, user, record, object);
-});
+// app.post("/newlog", (req, res) => {
+//   const { message, type, user, record, object } = req.body;
+//   logger.log(message, type, user, record, object);
+// });
 
 var os = require("./server/opensearch/os-handler");
 app.post(

server/accounting/pbs/pbs-ap-allocations.js

@@ -164,7 +164,7 @@ async function PbsCalculateAllocationsAp(socket, billids) {
 
       let APAmount = Dinero();
       Object.keys(billHash).map((key) => {
-        if (billHash[key].Amount.getAmount() > 0) {
+        if (billHash[key].Amount.getAmount() > 0 || billHash[key].Amount.getAmount() < 0) {
           transactionObject.Posting.Lines.push({
             ...billHash[key],
             Amount: billHash[key].Amount.toFormat("0.00"),

server/data/arms.js

@@ -50,7 +50,7 @@ async function getEntegralShopData() {
 }
 
 exports.default = async (req, res) => {
-  res.sendStatus(200);
+  res.sendStatus(401);
   return;
   //Query for the List of Bodyshop Clients.
   const job = req.body.event.data.new;

server/data/autohouse.js

@@ -40,6 +40,14 @@ exports.default = async (req, res) => {
 
   const specificShopIds = req.body.bodyshopIds; // ['uuid]
   const { start, end, skipUpload } = req.body; //YYYY-MM-DD
+  if (
+    !start ||
+    !moment(start).isValid ||
+    req.headers["x-imex-auth"] !== process.env.AUTOHOUSE_AUTH_TOKEN
+  ) {
+    res.sendStatus(401);
+    return;
+  }
   const allxmlsToUpload = [];
   const allErrors = [];
   try {
@@ -772,7 +780,9 @@ const CreateCosts = (job) => {
         billTotalsByCostCenters[
           job.bodyshop.md_responsibility_centers.defaults.costs.MAPA
         ] = Dinero({
-          amount: (job.mixdata[0] && job.mixdata[0].totalliquidcost * 100) || 0,
+          amount: Math.round(
+            ((job.mixdata[0] && job.mixdata[0].totalliquidcost) || 0) * 100
+          ),
         });
       } else {
         billTotalsByCostCenters[
@@ -799,7 +809,7 @@ const CreateCosts = (job) => {
             (job.bodyshop.jc_hourly_rates &&
               job.bodyshop.jc_hourly_rates.mapa * 100) ||
             0,
-        }).multiply(materialsHours.mapaHrs)
+        }).multiply(job.job_totals.rates.mapa.hours)
       );
     }
   }

server/job/job-costing.js

@@ -626,7 +626,7 @@ function GenerateCostingData(job) {
         billTotalsByCostCenters.additionalCosts[
           job.bodyshop.md_responsibility_centers.defaults.costs.MAPA
         ] = Dinero({
-          amount: (job.mixdata[0] && job.mixdata[0].totalliquidcost * 100) || 0,
+          amount: Math.round((job.mixdata[0] && job.mixdata[0].totalliquidcost || 0) * 100)
         });
       } else {
         billTotalsByCostCenters.additionalCosts[

server/job/job-status-transition.js

@@ -17,7 +17,7 @@ require("dotenv").config({
 });
 async function StatusTransition(req, res) {
   if (req.headers["event-secret"] !== process.env.EVENT_SECRET) {
-    res.status(403).send("Unauthorized");
+    res.status(401).send("Unauthorized");
     return;
   }
   res.sendStatus(200);

server/opensearch/os-handler.js

@@ -45,6 +45,10 @@ const getClient = async () => {
 };
 
 async function OpenSearchUpdateHandler(req, res) {
+  if (req.headers["event-secret"] !== process.env.EVENT_SECRET) {
+    res.status(401).send("Unauthorized");
+    return;
+  }
   try {
     var osClient = await getClient();
     // const osClient = new Client({

server/utils/utils.js

@@ -1,3 +1,12 @@
 exports.servertime = (req, res) => {
   res.status(200).send(new Date());
 };
+
+exports.jsrAuth = async (req, res) => {
+  res.send(
+    "Basic " +
+      Buffer.from(
+        `${process.env.JSR_USER}:${process.env.JSR_PASSWORD}`
+      ).toString("base64")
+  );
+};