Merged in release/2023-05-05 (pull request #750)

Release/2023 05 05

client/.env.production

@@ -1,3 +1,4 @@
+GENERATE_SOURCEMAP=false
 REACT_APP_GRAPHQL_ENDPOINT=https://db.imex.online/v1/graphql
 REACT_APP_GRAPHQL_ENDPOINT_WS=wss://db.imex.online/v1/graphql
 REACT_APP_GA_CODE=231103507

client/src/utils/RenderTemplate.js

@@ -1,15 +1,15 @@
 import { gql } from "@apollo/client";
 import { notification } from "antd";
-import axios from "axios";
 import jsreport from "@jsreport/browser-client";
 import _ from "lodash";
 import moment from "moment";
-import { auth } from "../firebase/firebase.utils";
+//import { auth } from "../firebase/firebase.utils";
 import { setEmailOptions } from "../redux/email/email.actions";
 import { store } from "../redux/store";
 import client from "../utils/GraphQLClient";
 import { TemplateList } from "./TemplateConstants";
-
+import cleanAxios from "./CleanAxios";
+import axios from "axios";
 const server = process.env.REACT_APP_REPORTS_SERVER_URL;
 
 jsreport.serverUrl = server;
@@ -26,10 +26,14 @@ export default async function RenderTemplate(
   if (window.jsr3) {
     jsreport.serverUrl = "https://reports3.test.imex.online/";
   }
+  const jsrAuth = (await axios.post("/utils/jsr")).data;
+  console.log("🚀 ~ file: RenderTemplate.js:30 ~ jsrAuth:", jsrAuth);
+  jsreport.headers["Authorization"] = jsrAuth;
 
   //Query assets that match the template name. Must be in format <<templateName>>.query
   let { contextData, useShopSpecificTemplate } = await fetchContextData(
-    templateObject
+    templateObject,
+    jsrAuth
   );
 
   const { ignoreCustomMargins } = Templates[templateObject.name];
@@ -137,11 +141,15 @@ export async function RenderTemplates(
   //Query assets that match the template name. Must be in format <<templateName>>.query
   let unsortedTemplatesAndData = [];
   let proms = [];
+  const jsrAuth = (await axios.post("/utils/jsr")).data;
+  jsreport.headers["Authorization"] = jsrAuth;
+
   templateObjects.forEach((template) => {
     proms.push(
       (async () => {
         let { contextData, useShopSpecificTemplate } = await fetchContextData(
-          template
+          template,
+          jsrAuth
         );
         unsortedTemplatesAndData.push({
           templateObject: template,
@@ -298,19 +306,22 @@ export const GenerateDocuments = async (templates) => {
   await RenderTemplates(templates, bodyshop);
 };
 
-const fetchContextData = async (templateObject) => {
+const fetchContextData = async (templateObject, jsrAuth) => {
   const bodyshop = store.getState().user.bodyshop;
 
-  jsreport.headers["Authorization"] =
+  // jsreport.headers["Authorization"] =
-    "Bearer " + (await auth.currentUser.getIdToken());
+  //   "Bearer " + (await auth.currentUser.getIdToken());
 
-  const folders = await axios.get(`${server}/odata/folders`);
+  const folders = await cleanAxios.get(`${server}/odata/folders`, {
+    headers: { Authorization: jsrAuth },
+  });
   const shopSpecificFolder = folders.data.value.find(
     (f) => f.name === bodyshop.imexshopid
   );
 
-  const jsReportQueries = await axios.get(
+  const jsReportQueries = await cleanAxios.get(
-    `${server}/odata/assets?$filter=name eq '${templateObject.name}.query'`
+    `${server}/odata/assets?$filter=name eq '${templateObject.name}.query'`,
+    { headers: { Authorization: jsrAuth } }
   );
 
   let templateQueryToExecute;

hasura/metadata/tables.yaml

@@ -694,6 +694,9 @@
         num_retries: 3
         timeout_sec: 60
       webhook_from_env: HASURA_API_URL
+      headers:
+        - name: event-secret
+          value_from_env: EVENT_SECRET
       request_transform:
         method: POST
         query_params: {}
@@ -4112,6 +4115,9 @@
         num_retries: 3
         timeout_sec: 60
       webhook_from_env: HASURA_API_URL
+      headers:
+        - name: event-secret
+          value_from_env: EVENT_SECRET
       request_transform:
         method: POST
         query_params: {}
@@ -4562,6 +4568,9 @@
         num_retries: 3
         timeout_sec: 60
       webhook_from_env: HASURA_API_URL
+      headers:
+        - name: event-secret
+          value_from_env: EVENT_SECRET
       request_transform:
         method: POST
         query_params: {}
@@ -5015,6 +5024,9 @@
         num_retries: 3
         timeout_sec: 60
       webhook_from_env: HASURA_API_URL
+      headers:
+        - name: event-secret
+          value_from_env: EVENT_SECRET
       request_transform:
         method: POST
         query_params: {}
@@ -5957,6 +5969,9 @@
         num_retries: 3
         timeout_sec: 60
       webhook_from_env: HASURA_API_URL
+      headers:
+        - name: event-secret
+          value_from_env: EVENT_SECRET
       request_transform:
         method: POST
         query_params: {}

hasura/migrations/1682703406197_run_sql_migration/down.sql

@@ -0,0 +1,3 @@
+-- Could not auto-generate a down migration.
+-- Please write an appropriate down migration for the SQL below:
+-- CREATE INDEX idx_associations_active_true ON associations(active) WHERE active = true;

hasura/migrations/1682703406197_run_sql_migration/up.sql

@@ -0,0 +1 @@
+CREATE INDEX idx_associations_active_true ON associations(active) WHERE active = true;

hasura/migrations/1682703475365_create_index_idx_associations_shopid_user/down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "public"."idx_associations_shopid_user";

hasura/migrations/1682703475365_create_index_idx_associations_shopid_user/up.sql

@@ -0,0 +1,2 @@
+CREATE  INDEX "idx_associations_shopid_user" on
+  "public"."associations" using btree ("shopid", "useremail", "active");

server.js

@@ -123,7 +123,11 @@ app.post(
   twilio.webhook({ validate: process.env.NODE_ENV === "PRODUCTION" }),
   smsStatus.status
 );
-app.post("/sms/markConversationRead", smsStatus.markConversationRead);
+app.post(
+  "/sms/markConversationRead",
+  fb.validateFirebaseIdToken,
+  smsStatus.markConversationRead
+);
 
 var job = require("./server/job/job");
 app.post("/job/totals", fb.validateFirebaseIdToken, job.totals);
@@ -147,11 +151,11 @@ app.post("/scheduling/job", fb.validateFirebaseIdToken, scheduling.job);
 var inlineCss = require("./server/render/inlinecss");
 app.post("/render/inlinecss", fb.validateFirebaseIdToken, inlineCss.inlinecss);
 
-app.post(
+// app.post(
-  "/notifications/send",
+//   "/notifications/send",
 
-  fb.sendNotification
+//   fb.sendNotification
-);
+// );
 app.post("/notifications/subscribe", fb.validateFirebaseIdToken, fb.subscribe);
 app.post(
   "/notifications/unsubscribe",
@@ -188,13 +192,13 @@ app.post(
 );
 
 //Stripe Processing
-var stripe = require("./server/stripe/payment");
+// var stripe = require("./server/stripe/payment");
-app.post("/stripe/payment", fb.validateFirebaseIdToken, stripe.payment);
+// app.post("/stripe/payment", fb.validateFirebaseIdToken, stripe.payment);
-app.post(
+// app.post(
-  "/stripe/mobilepayment",
+//   "/stripe/mobilepayment",
-  fb.validateFirebaseIdToken,
+//   fb.validateFirebaseIdToken,
-  stripe.mobile_payment
+//   stripe.mobile_payment
-);
+// );
 
 //Tech Console
 var tech = require("./server/tech/tech");
@@ -202,7 +206,7 @@ app.post("/tech/login", fb.validateFirebaseIdToken, tech.techLogin);
 
 var utils = require("./server/utils/utils");
 app.post("/utils/time", utils.servertime);
-
+app.post("/utils/jsr", fb.validateFirebaseIdToken, utils.jsrAuth);
 var qbo = require("./server/accounting/qbo/qbo");
 app.post("/qbo/authorize", fb.validateFirebaseIdToken, qbo.authorize);
 app.get("/qbo/callback", qbo.callback);
@@ -215,7 +219,7 @@ app.post("/data/ah", data.autohouse);
 app.post("/record-handler/arms", data.arms);
 
 var taskHandler = require("./server/tasks/tasks");
-app.post("/taskHandler", taskHandler.taskHandler);
+app.post("/taskHandler", fb.validateFirebaseIdToken, taskHandler.taskHandler);
 
 var mixdataUpload = require("./server/mixdata/mixdata");
 
@@ -228,10 +232,10 @@ app.post(
 
 var ioevent = require("./server/ioevent/ioevent");
 app.post("/ioevent", ioevent.default);
-app.post("/newlog", (req, res) => {
+// app.post("/newlog", (req, res) => {
-  const { message, type, user, record, object } = req.body;
+//   const { message, type, user, record, object } = req.body;
-  logger.log(message, type, user, record, object);
+//   logger.log(message, type, user, record, object);
-});
+// });
 
 var os = require("./server/opensearch/os-handler");
 app.post(
@@ -243,9 +247,9 @@ app.post("/search", fb.validateFirebaseIdToken, os.search);
 var cdkGetMake = require("./server/cdk/cdk-get-makes");
 app.post("/cdk/getvehicles", fb.validateFirebaseIdToken, cdkGetMake.default);
 
-app.get("/", async function (req, res) {
+// app.get("/", async function (req, res) {
-  res.status(200).send("Access Forbidden.");
+//   res.status(200).send("Access Forbidden.");
-});
+// });
 
 server.listen(port, (error) => {
   if (error) throw error;

server/accounting/pbs/pbs-ap-allocations.js

@@ -164,7 +164,7 @@ async function PbsCalculateAllocationsAp(socket, billids) {
 
       let APAmount = Dinero();
       Object.keys(billHash).map((key) => {
-        if (billHash[key].Amount.getAmount() > 0) {
+        if (billHash[key].Amount.getAmount() > 0 || billHash[key].Amount.getAmount() < 0) {
           transactionObject.Posting.Lines.push({
             ...billHash[key],
             Amount: billHash[key].Amount.toFormat("0.00"),

server/data/arms.js

@@ -50,7 +50,7 @@ async function getEntegralShopData() {
 }
 
 exports.default = async (req, res) => {
-  res.sendStatus(200);
+  res.sendStatus(401);
   return;
   //Query for the List of Bodyshop Clients.
   const job = req.body.event.data.new;

server/data/autohouse.js

@@ -40,6 +40,14 @@ exports.default = async (req, res) => {
 
   const specificShopIds = req.body.bodyshopIds; // ['uuid]
   const { start, end, skipUpload } = req.body; //YYYY-MM-DD
+  if (
+    !start ||
+    !moment(start).isValid ||
+    req.headers["x-imex-auth"] !== process.env.AUTOHOUSE_AUTH_TOKEN
+  ) {
+    res.sendStatus(401);
+    return;
+  }
   const allxmlsToUpload = [];
   const allErrors = [];
   try {
@@ -772,7 +780,9 @@ const CreateCosts = (job) => {
         billTotalsByCostCenters[
           job.bodyshop.md_responsibility_centers.defaults.costs.MAPA
         ] = Dinero({
-          amount: Math.round((job.mixdata[0] && job.mixdata[0].totalliquidcost || 0) * 100)
+          amount: Math.round(
+            ((job.mixdata[0] && job.mixdata[0].totalliquidcost) || 0) * 100
+          ),
         });
       } else {
         billTotalsByCostCenters[

server/email/sendemail.js

@@ -28,7 +28,7 @@ exports.sendServerEmail = async function ({ subject, text }) {
     transporter.sendMail(
       {
         from: `ImEX Online API - ${process.env.NODE_ENV} <noreply@imex.online>`,
-        to: ["patrick@imexsystems.ca"],
+        to: ["patrick@imexsystems.ca", "support@thinkimex.com"],
         subject: subject,
         text: text,
         ses: {

server/job/job-status-transition.js

@@ -17,7 +17,7 @@ require("dotenv").config({
 });
 async function StatusTransition(req, res) {
   if (req.headers["event-secret"] !== process.env.EVENT_SECRET) {
-    res.status(403).send("Unauthorized");
+    res.status(401).send("Unauthorized");
     return;
   }
   res.sendStatus(200);

server/opensearch/os-handler.js

@@ -45,6 +45,10 @@ const getClient = async () => {
 };
 
 async function OpenSearchUpdateHandler(req, res) {
+  if (req.headers["event-secret"] !== process.env.EVENT_SECRET) {
+    res.status(401).send("Unauthorized");
+    return;
+  }
   try {
     var osClient = await getClient();
     // const osClient = new Client({

server/utils/utils.js

@@ -1,3 +1,12 @@
 exports.servertime = (req, res) => {
   res.status(200).send(new Date());
 };
+
+exports.jsrAuth = async (req, res) => {
+  res.send(
+    "Basic " +
+      Buffer.from(
+        `${process.env.JSR_USER}:${process.env.JSR_PASSWORD}`
+      ).toString("base64")
+  );
+};