diff --git a/client/src/utils/RenderTemplate.js b/client/src/utils/RenderTemplate.js index acdfe1bf2..f103111cf 100644 --- a/client/src/utils/RenderTemplate.js +++ b/client/src/utils/RenderTemplate.js @@ -1,6 +1,5 @@ import { gql } from "@apollo/client"; import { notification } from "antd"; -import axios from "axios"; import jsreport from "@jsreport/browser-client"; import _ from "lodash"; import moment from "moment"; @@ -9,7 +8,8 @@ import { setEmailOptions } from "../redux/email/email.actions"; import { store } from "../redux/store"; import client from "../utils/GraphQLClient"; import { TemplateList } from "./TemplateConstants"; - +import cleanAxios from "./CleanAxios"; +import axios from "axios"; const server = process.env.REACT_APP_REPORTS_SERVER_URL; jsreport.serverUrl = server; @@ -26,10 +26,14 @@ export default async function RenderTemplate( if (window.jsr3) { jsreport.serverUrl = "https://reports3.test.imex.online/"; } + const jsrAuth = (await axios.post("/utils/jsr")).data; + + jsreport.headers["Authorization"] = jsrAuth; //Query assets that match the template name. Must be in format <>.query let { contextData, useShopSpecificTemplate } = await fetchContextData( - templateObject + templateObject, + jsrAuth ); const { ignoreCustomMargins } = Templates[templateObject.name]; @@ -137,11 +141,15 @@ export async function RenderTemplates( //Query assets that match the template name. Must be in format <>.query let unsortedTemplatesAndData = []; let proms = []; + const jsrAuth = (await axios.post("/utils/jsr")).data; + jsreport.headers["Authorization"] = jsrAuth; + templateObjects.forEach((template) => { proms.push( (async () => { let { contextData, useShopSpecificTemplate } = await fetchContextData( - template + template, + jsrAuth ); unsortedTemplatesAndData.push({ templateObject: template, @@ -298,19 +306,22 @@ export const GenerateDocuments = async (templates) => { await RenderTemplates(templates, bodyshop); }; -const fetchContextData = async (templateObject) => { +const fetchContextData = async (templateObject, jsrAuth) => { const bodyshop = store.getState().user.bodyshop; - jsreport.headers["Authorization"] = + jsreport.headers["FirebaseAuthorization"] = "Bearer " + (await auth.currentUser.getIdToken()); - const folders = await axios.get(`${server}/odata/folders`); + const folders = await cleanAxios.get(`${server}/odata/folders`, { + headers: { Authorization: jsrAuth }, + }); const shopSpecificFolder = folders.data.value.find( (f) => f.name === bodyshop.imexshopid ); - const jsReportQueries = await axios.get( - `${server}/odata/assets?$filter=name eq '${templateObject.name}.query'` + const jsReportQueries = await cleanAxios.get( + `${server}/odata/assets?$filter=name eq '${templateObject.name}.query'`, + { headers: { Authorization: jsrAuth } } ); let templateQueryToExecute; diff --git a/hasura/metadata/tables.yaml b/hasura/metadata/tables.yaml index 2d36a544e..23aefaa8e 100644 --- a/hasura/metadata/tables.yaml +++ b/hasura/metadata/tables.yaml @@ -694,6 +694,9 @@ num_retries: 3 timeout_sec: 60 webhook_from_env: HASURA_API_URL + headers: + - name: event-secret + value_from_env: EVENT_SECRET request_transform: method: POST query_params: {} @@ -4112,6 +4115,9 @@ num_retries: 3 timeout_sec: 60 webhook_from_env: HASURA_API_URL + headers: + - name: event-secret + value_from_env: EVENT_SECRET request_transform: method: POST query_params: {} @@ -4562,6 +4568,9 @@ num_retries: 3 timeout_sec: 60 webhook_from_env: HASURA_API_URL + headers: + - name: event-secret + value_from_env: EVENT_SECRET request_transform: method: POST query_params: {} @@ -5015,6 +5024,9 @@ num_retries: 3 timeout_sec: 60 webhook_from_env: HASURA_API_URL + headers: + - name: event-secret + value_from_env: EVENT_SECRET request_transform: method: POST query_params: {} @@ -5957,6 +5969,9 @@ num_retries: 3 timeout_sec: 60 webhook_from_env: HASURA_API_URL + headers: + - name: event-secret + value_from_env: EVENT_SECRET request_transform: method: POST query_params: {} diff --git a/hasura/migrations/1682698938644_create_index_job_conversations_jobid/down.sql b/hasura/migrations/1682698938644_create_index_job_conversations_jobid/down.sql new file mode 100644 index 000000000..b6ccf8a39 --- /dev/null +++ b/hasura/migrations/1682698938644_create_index_job_conversations_jobid/down.sql @@ -0,0 +1 @@ +DROP INDEX IF EXISTS "public"."job_conversations_jobid"; diff --git a/hasura/migrations/1682698938644_create_index_job_conversations_jobid/up.sql b/hasura/migrations/1682698938644_create_index_job_conversations_jobid/up.sql new file mode 100644 index 000000000..2e943a718 --- /dev/null +++ b/hasura/migrations/1682698938644_create_index_job_conversations_jobid/up.sql @@ -0,0 +1,2 @@ +CREATE INDEX "job_conversations_jobid" on + "public"."job_conversations" using btree ("jobid"); diff --git a/hasura/migrations/1682698954457_create_index_job_conversations_conversationid/down.sql b/hasura/migrations/1682698954457_create_index_job_conversations_conversationid/down.sql new file mode 100644 index 000000000..5bf3f0081 --- /dev/null +++ b/hasura/migrations/1682698954457_create_index_job_conversations_conversationid/down.sql @@ -0,0 +1 @@ +DROP INDEX IF EXISTS "public"."job_conversations_conversationid"; diff --git a/hasura/migrations/1682698954457_create_index_job_conversations_conversationid/up.sql b/hasura/migrations/1682698954457_create_index_job_conversations_conversationid/up.sql new file mode 100644 index 000000000..327ed4001 --- /dev/null +++ b/hasura/migrations/1682698954457_create_index_job_conversations_conversationid/up.sql @@ -0,0 +1,2 @@ +CREATE INDEX "job_conversations_conversationid" on + "public"."job_conversations" using btree ("conversationid"); diff --git a/hasura/migrations/1682699082565_create_index_job_conversations_job_and_conversation_id/down.sql b/hasura/migrations/1682699082565_create_index_job_conversations_job_and_conversation_id/down.sql new file mode 100644 index 000000000..d7e025c85 --- /dev/null +++ b/hasura/migrations/1682699082565_create_index_job_conversations_job_and_conversation_id/down.sql @@ -0,0 +1 @@ +DROP INDEX IF EXISTS "public"."job_conversations_job_and_conversation_id"; diff --git a/hasura/migrations/1682699082565_create_index_job_conversations_job_and_conversation_id/up.sql b/hasura/migrations/1682699082565_create_index_job_conversations_job_and_conversation_id/up.sql new file mode 100644 index 000000000..1a40c8940 --- /dev/null +++ b/hasura/migrations/1682699082565_create_index_job_conversations_job_and_conversation_id/up.sql @@ -0,0 +1,2 @@ +CREATE INDEX "job_conversations_job_and_conversation_id" on + "public"."job_conversations" using btree ("conversationid", "jobid"); diff --git a/hasura/migrations/1682699225713_create_index_idx_payments_jobid/down.sql b/hasura/migrations/1682699225713_create_index_idx_payments_jobid/down.sql new file mode 100644 index 000000000..a2f068564 --- /dev/null +++ b/hasura/migrations/1682699225713_create_index_idx_payments_jobid/down.sql @@ -0,0 +1 @@ +DROP INDEX IF EXISTS "public"."idx_payments_jobid"; diff --git a/hasura/migrations/1682699225713_create_index_idx_payments_jobid/up.sql b/hasura/migrations/1682699225713_create_index_idx_payments_jobid/up.sql new file mode 100644 index 000000000..8cee7ac44 --- /dev/null +++ b/hasura/migrations/1682699225713_create_index_idx_payments_jobid/up.sql @@ -0,0 +1,2 @@ +CREATE INDEX "idx_payments_jobid" on + "public"."payments" using btree ("jobid"); diff --git a/hasura/migrations/1682699247978_create_index_idx_mixdata_jobid/down.sql b/hasura/migrations/1682699247978_create_index_idx_mixdata_jobid/down.sql new file mode 100644 index 000000000..f00184d19 --- /dev/null +++ b/hasura/migrations/1682699247978_create_index_idx_mixdata_jobid/down.sql @@ -0,0 +1 @@ +DROP INDEX IF EXISTS "public"."idx_mixdata_jobid"; diff --git a/hasura/migrations/1682699247978_create_index_idx_mixdata_jobid/up.sql b/hasura/migrations/1682699247978_create_index_idx_mixdata_jobid/up.sql new file mode 100644 index 000000000..611ff6c0f --- /dev/null +++ b/hasura/migrations/1682699247978_create_index_idx_mixdata_jobid/up.sql @@ -0,0 +1,2 @@ +CREATE INDEX "idx_mixdata_jobid" on + "public"."mixdata" using btree ("jobid"); diff --git a/hasura/migrations/1682699275331_create_index_idx_notes_jobid/down.sql b/hasura/migrations/1682699275331_create_index_idx_notes_jobid/down.sql new file mode 100644 index 000000000..a6ceecefa --- /dev/null +++ b/hasura/migrations/1682699275331_create_index_idx_notes_jobid/down.sql @@ -0,0 +1 @@ +DROP INDEX IF EXISTS "public"."idx_notes_jobid"; diff --git a/hasura/migrations/1682699275331_create_index_idx_notes_jobid/up.sql b/hasura/migrations/1682699275331_create_index_idx_notes_jobid/up.sql new file mode 100644 index 000000000..da3ee8f13 --- /dev/null +++ b/hasura/migrations/1682699275331_create_index_idx_notes_jobid/up.sql @@ -0,0 +1,2 @@ +CREATE INDEX "idx_notes_jobid" on + "public"."notes" using btree ("jobid"); diff --git a/hasura/migrations/1682699340173_create_index_idx_users_authid/down.sql b/hasura/migrations/1682699340173_create_index_idx_users_authid/down.sql new file mode 100644 index 000000000..599333576 --- /dev/null +++ b/hasura/migrations/1682699340173_create_index_idx_users_authid/down.sql @@ -0,0 +1 @@ +DROP INDEX IF EXISTS "public"."idx_users_authid"; diff --git a/hasura/migrations/1682699340173_create_index_idx_users_authid/up.sql b/hasura/migrations/1682699340173_create_index_idx_users_authid/up.sql new file mode 100644 index 000000000..bb33ff564 --- /dev/null +++ b/hasura/migrations/1682699340173_create_index_idx_users_authid/up.sql @@ -0,0 +1,2 @@ +CREATE INDEX "idx_users_authid" on + "public"."users" using btree ("authid"); diff --git a/hasura/migrations/1682699384361_create_index_idx_employees_shopid/down.sql b/hasura/migrations/1682699384361_create_index_idx_employees_shopid/down.sql new file mode 100644 index 000000000..cc9ed43f2 --- /dev/null +++ b/hasura/migrations/1682699384361_create_index_idx_employees_shopid/down.sql @@ -0,0 +1 @@ +DROP INDEX IF EXISTS "public"."idx_employees_shopid"; diff --git a/hasura/migrations/1682699384361_create_index_idx_employees_shopid/up.sql b/hasura/migrations/1682699384361_create_index_idx_employees_shopid/up.sql new file mode 100644 index 000000000..81d9f243d --- /dev/null +++ b/hasura/migrations/1682699384361_create_index_idx_employees_shopid/up.sql @@ -0,0 +1,2 @@ +CREATE INDEX "idx_employees_shopid" on + "public"."employees" using btree ("shopid"); diff --git a/hasura/migrations/1682699481332_create_index_idx_employee_vacation_employeeid/down.sql b/hasura/migrations/1682699481332_create_index_idx_employee_vacation_employeeid/down.sql new file mode 100644 index 000000000..0ba5b0383 --- /dev/null +++ b/hasura/migrations/1682699481332_create_index_idx_employee_vacation_employeeid/down.sql @@ -0,0 +1 @@ +DROP INDEX IF EXISTS "public"."idx_employee_vacation_employeeid"; diff --git a/hasura/migrations/1682699481332_create_index_idx_employee_vacation_employeeid/up.sql b/hasura/migrations/1682699481332_create_index_idx_employee_vacation_employeeid/up.sql new file mode 100644 index 000000000..0e4074dfa --- /dev/null +++ b/hasura/migrations/1682699481332_create_index_idx_employee_vacation_employeeid/up.sql @@ -0,0 +1,2 @@ +CREATE INDEX "idx_employee_vacation_employeeid" on + "public"."employee_vacation" using btree ("employeeid"); diff --git a/hasura/migrations/1682699511254_create_index_idx_counters_shopid_type/down.sql b/hasura/migrations/1682699511254_create_index_idx_counters_shopid_type/down.sql new file mode 100644 index 000000000..301722ce7 --- /dev/null +++ b/hasura/migrations/1682699511254_create_index_idx_counters_shopid_type/down.sql @@ -0,0 +1 @@ +DROP INDEX IF EXISTS "public"."idx_counters_shopid_type"; diff --git a/hasura/migrations/1682699511254_create_index_idx_counters_shopid_type/up.sql b/hasura/migrations/1682699511254_create_index_idx_counters_shopid_type/up.sql new file mode 100644 index 000000000..d12ab6b70 --- /dev/null +++ b/hasura/migrations/1682699511254_create_index_idx_counters_shopid_type/up.sql @@ -0,0 +1,2 @@ +CREATE INDEX "idx_counters_shopid_type" on + "public"."counters" using btree ("shopid", "countertype"); diff --git a/hasura/migrations/1682699741754_run_sql_migration/down.sql b/hasura/migrations/1682699741754_run_sql_migration/down.sql new file mode 100644 index 000000000..6d390e239 --- /dev/null +++ b/hasura/migrations/1682699741754_run_sql_migration/down.sql @@ -0,0 +1,3 @@ +-- Could not auto-generate a down migration. +-- Please write an appropriate down migration for the SQL below: +-- CREATE INDEX idx_jobs_inproduction_true ON jobs(inproduction) WHERE inproduction = true; diff --git a/hasura/migrations/1682699741754_run_sql_migration/up.sql b/hasura/migrations/1682699741754_run_sql_migration/up.sql new file mode 100644 index 000000000..60357ff67 --- /dev/null +++ b/hasura/migrations/1682699741754_run_sql_migration/up.sql @@ -0,0 +1 @@ +CREATE INDEX idx_jobs_inproduction_true ON jobs(inproduction) WHERE inproduction = true; diff --git a/hasura/migrations/1682703406197_run_sql_migration/down.sql b/hasura/migrations/1682703406197_run_sql_migration/down.sql new file mode 100644 index 000000000..2143bd5a5 --- /dev/null +++ b/hasura/migrations/1682703406197_run_sql_migration/down.sql @@ -0,0 +1,3 @@ +-- Could not auto-generate a down migration. +-- Please write an appropriate down migration for the SQL below: +-- CREATE INDEX idx_associations_active_true ON associations(active) WHERE active = true; diff --git a/hasura/migrations/1682703406197_run_sql_migration/up.sql b/hasura/migrations/1682703406197_run_sql_migration/up.sql new file mode 100644 index 000000000..3b4be2f4e --- /dev/null +++ b/hasura/migrations/1682703406197_run_sql_migration/up.sql @@ -0,0 +1 @@ +CREATE INDEX idx_associations_active_true ON associations(active) WHERE active = true; diff --git a/hasura/migrations/1682703475365_create_index_idx_associations_shopid_user/down.sql b/hasura/migrations/1682703475365_create_index_idx_associations_shopid_user/down.sql new file mode 100644 index 000000000..cd3c0d006 --- /dev/null +++ b/hasura/migrations/1682703475365_create_index_idx_associations_shopid_user/down.sql @@ -0,0 +1 @@ +DROP INDEX IF EXISTS "public"."idx_associations_shopid_user"; diff --git a/hasura/migrations/1682703475365_create_index_idx_associations_shopid_user/up.sql b/hasura/migrations/1682703475365_create_index_idx_associations_shopid_user/up.sql new file mode 100644 index 000000000..21b9ca11b --- /dev/null +++ b/hasura/migrations/1682703475365_create_index_idx_associations_shopid_user/up.sql @@ -0,0 +1,2 @@ +CREATE INDEX "idx_associations_shopid_user" on + "public"."associations" using btree ("shopid", "useremail", "active"); diff --git a/server.js b/server.js index d620e5140..9b16722d7 100644 --- a/server.js +++ b/server.js @@ -125,7 +125,11 @@ app.post( twilio.webhook({ validate: process.env.NODE_ENV === "PRODUCTION" }), smsStatus.status ); -app.post("/sms/markConversationRead", smsStatus.markConversationRead); +app.post( + "/sms/markConversationRead", + fb.validateFirebaseIdToken, + smsStatus.markConversationRead +); var job = require("./server/job/job"); app.post("/job/totals", fb.validateFirebaseIdToken, job.totals); @@ -153,11 +157,11 @@ app.post("/scheduling/job", fb.validateFirebaseIdToken, scheduling.job); var inlineCss = require("./server/render/inlinecss"); app.post("/render/inlinecss", fb.validateFirebaseIdToken, inlineCss.inlinecss); -app.post( - "/notifications/send", +// app.post( +// "/notifications/send", - fb.sendNotification -); +// fb.sendNotification +// ); app.post("/notifications/subscribe", fb.validateFirebaseIdToken, fb.subscribe); app.post( "/notifications/unsubscribe", @@ -194,13 +198,13 @@ app.post( ); //Stripe Processing -var stripe = require("./server/stripe/payment"); -app.post("/stripe/payment", fb.validateFirebaseIdToken, stripe.payment); -app.post( - "/stripe/mobilepayment", - fb.validateFirebaseIdToken, - stripe.mobile_payment -); +// var stripe = require("./server/stripe/payment"); +// app.post("/stripe/payment", fb.validateFirebaseIdToken, stripe.payment); +// app.post( +// "/stripe/mobilepayment", +// fb.validateFirebaseIdToken, +// stripe.mobile_payment +// ); //Tech Console var tech = require("./server/tech/tech"); @@ -208,7 +212,7 @@ app.post("/tech/login", fb.validateFirebaseIdToken, tech.techLogin); var utils = require("./server/utils/utils"); app.post("/utils/time", utils.servertime); - +app.post("/utils/jsr", fb.validateFirebaseIdToken, utils.jsrAuth); var qbo = require("./server/accounting/qbo/qbo"); app.post("/qbo/authorize", fb.validateFirebaseIdToken, qbo.authorize); app.get("/qbo/callback", qbo.callback); @@ -221,7 +225,7 @@ app.post("/data/ah", data.autohouse); app.post("/record-handler/arms", data.arms); var taskHandler = require("./server/tasks/tasks"); -app.post("/taskHandler", taskHandler.taskHandler); +app.post("/taskHandler", fb.validateFirebaseIdToken, taskHandler.taskHandler); var mixdataUpload = require("./server/mixdata/mixdata"); @@ -259,10 +263,10 @@ app.post( var ioevent = require("./server/ioevent/ioevent"); app.post("/ioevent", ioevent.default); -app.post("/newlog", (req, res) => { - const { message, type, user, record, object } = req.body; - logger.log(message, type, user, record, object); -}); +// app.post("/newlog", (req, res) => { +// const { message, type, user, record, object } = req.body; +// logger.log(message, type, user, record, object); +// }); var os = require("./server/opensearch/os-handler"); app.post( diff --git a/server/accounting/pbs/pbs-ap-allocations.js b/server/accounting/pbs/pbs-ap-allocations.js index 8c4ebad11..10b11cb9b 100644 --- a/server/accounting/pbs/pbs-ap-allocations.js +++ b/server/accounting/pbs/pbs-ap-allocations.js @@ -164,7 +164,7 @@ async function PbsCalculateAllocationsAp(socket, billids) { let APAmount = Dinero(); Object.keys(billHash).map((key) => { - if (billHash[key].Amount.getAmount() > 0) { + if (billHash[key].Amount.getAmount() > 0 || billHash[key].Amount.getAmount() < 0) { transactionObject.Posting.Lines.push({ ...billHash[key], Amount: billHash[key].Amount.toFormat("0.00"), diff --git a/server/data/arms.js b/server/data/arms.js index ec5f337f8..382f2437b 100644 --- a/server/data/arms.js +++ b/server/data/arms.js @@ -50,7 +50,7 @@ async function getEntegralShopData() { } exports.default = async (req, res) => { - res.sendStatus(200); + res.sendStatus(401); return; //Query for the List of Bodyshop Clients. const job = req.body.event.data.new; diff --git a/server/data/autohouse.js b/server/data/autohouse.js index b4e29b086..bce69ec0f 100644 --- a/server/data/autohouse.js +++ b/server/data/autohouse.js @@ -40,6 +40,14 @@ exports.default = async (req, res) => { const specificShopIds = req.body.bodyshopIds; // ['uuid] const { start, end, skipUpload } = req.body; //YYYY-MM-DD + if ( + !start || + !moment(start).isValid || + req.headers["x-imex-auth"] !== process.env.AUTOHOUSE_AUTH_TOKEN + ) { + res.sendStatus(401); + return; + } const allxmlsToUpload = []; const allErrors = []; try { @@ -772,7 +780,9 @@ const CreateCosts = (job) => { billTotalsByCostCenters[ job.bodyshop.md_responsibility_centers.defaults.costs.MAPA ] = Dinero({ - amount: (job.mixdata[0] && job.mixdata[0].totalliquidcost * 100) || 0, + amount: Math.round( + ((job.mixdata[0] && job.mixdata[0].totalliquidcost) || 0) * 100 + ), }); } else { billTotalsByCostCenters[ @@ -799,7 +809,7 @@ const CreateCosts = (job) => { (job.bodyshop.jc_hourly_rates && job.bodyshop.jc_hourly_rates.mapa * 100) || 0, - }).multiply(materialsHours.mapaHrs) + }).multiply(job.job_totals.rates.mapa.hours) ); } } diff --git a/server/job/job-costing.js b/server/job/job-costing.js index 935d37661..94af28402 100644 --- a/server/job/job-costing.js +++ b/server/job/job-costing.js @@ -626,7 +626,7 @@ function GenerateCostingData(job) { billTotalsByCostCenters.additionalCosts[ job.bodyshop.md_responsibility_centers.defaults.costs.MAPA ] = Dinero({ - amount: (job.mixdata[0] && job.mixdata[0].totalliquidcost * 100) || 0, + amount: Math.round((job.mixdata[0] && job.mixdata[0].totalliquidcost || 0) * 100) }); } else { billTotalsByCostCenters.additionalCosts[ diff --git a/server/job/job-status-transition.js b/server/job/job-status-transition.js index 4b6a7db76..fd74a2ec3 100644 --- a/server/job/job-status-transition.js +++ b/server/job/job-status-transition.js @@ -17,7 +17,7 @@ require("dotenv").config({ }); async function StatusTransition(req, res) { if (req.headers["event-secret"] !== process.env.EVENT_SECRET) { - res.status(403).send("Unauthorized"); + res.status(401).send("Unauthorized"); return; } res.sendStatus(200); diff --git a/server/opensearch/os-handler.js b/server/opensearch/os-handler.js index 6bb2adcdc..016e9530e 100644 --- a/server/opensearch/os-handler.js +++ b/server/opensearch/os-handler.js @@ -45,6 +45,10 @@ const getClient = async () => { }; async function OpenSearchUpdateHandler(req, res) { + if (req.headers["event-secret"] !== process.env.EVENT_SECRET) { + res.status(401).send("Unauthorized"); + return; + } try { var osClient = await getClient(); // const osClient = new Client({ diff --git a/server/utils/utils.js b/server/utils/utils.js index 4587106be..ad3a06d24 100644 --- a/server/utils/utils.js +++ b/server/utils/utils.js @@ -1,3 +1,12 @@ exports.servertime = (req, res) => { res.status(200).send(new Date()); }; + +exports.jsrAuth = async (req, res) => { + res.send( + "Basic " + + Buffer.from( + `${process.env.JSR_USER}:${process.env.JSR_PASSWORD}` + ).toString("base64") + ); +};