IO-2266 fixed key issue causing option to duplicate

Merged in release/2023-05-05 (pull request #754 )
Add firebase auth to JSR call.
2023-05-05 23:43:48 +08:00 · 2023-05-04 21:04:16 +00:00 · 2023-05-04 13:33:16 -07:00 · 2023-05-04 20:26:04 +00:00 · 2023-05-04 13:25:45 -07:00 · 2023-05-04 19:57:22 +00:00
17 changed files with 97 additions and 36 deletions
--- a/client/.env.production
+++ b/client/.env.production
@@ -1,3 +1,4 @@
+GENERATE_SOURCEMAP=false
 REACT_APP_GRAPHQL_ENDPOINT=https://db.imex.online/v1/graphql
 REACT_APP_GRAPHQL_ENDPOINT_WS=wss://db.imex.online/v1/graphql
 REACT_APP_GA_CODE=231103507
--- a/client/src/components/jobs-convert-button/jobs-convert-button.component.jsx
+++ b/client/src/components/jobs-convert-button/jobs-convert-button.component.jsx
@@ -109,8 +109,8 @@ export function JobsConvertButton({
          ]}
        >
          <Select>
-            {bodyshop.md_ins_cos.map((s) => (
-              <Select.Option key={s.name} value={s.name}>
+            {bodyshop.md_ins_cos.map((s, i) => (
+              <Select.Option key={i} value={s.name}>
                {s.name}
              </Select.Option>
            ))}
--- a/client/src/utils/RenderTemplate.js
+++ b/client/src/utils/RenderTemplate.js
@@ -1,6 +1,5 @@
 import { gql } from "@apollo/client";
 import { notification } from "antd";
-import axios from "axios";
 import jsreport from "@jsreport/browser-client";
 import _ from "lodash";
 import moment from "moment";
@@ -9,7 +8,8 @@ import { setEmailOptions } from "../redux/email/email.actions";
 import { store } from "../redux/store";
 import client from "../utils/GraphQLClient";
 import { TemplateList } from "./TemplateConstants";
-
+import cleanAxios from "./CleanAxios";
+import axios from "axios";
 const server = process.env.REACT_APP_REPORTS_SERVER_URL;

 jsreport.serverUrl = server;
@@ -26,10 +26,14 @@ export default async function RenderTemplate(
  if (window.jsr3) {
    jsreport.serverUrl = "https://reports3.test.imex.online/";
  }
+  const jsrAuth = (await axios.post("/utils/jsr")).data;
+
+  jsreport.headers["Authorization"] = jsrAuth;

  //Query assets that match the template name. Must be in format <<templateName>>.query
  let { contextData, useShopSpecificTemplate } = await fetchContextData(
-    templateObject
+    templateObject,
+    jsrAuth
  );

  const { ignoreCustomMargins } = Templates[templateObject.name];
@@ -137,11 +141,15 @@ export async function RenderTemplates(
  //Query assets that match the template name. Must be in format <<templateName>>.query
  let unsortedTemplatesAndData = [];
  let proms = [];
+  const jsrAuth = (await axios.post("/utils/jsr")).data;
+  jsreport.headers["Authorization"] = jsrAuth;
+
  templateObjects.forEach((template) => {
    proms.push(
      (async () => {
        let { contextData, useShopSpecificTemplate } = await fetchContextData(
-          template
+          template,
+          jsrAuth
        );
        unsortedTemplatesAndData.push({
          templateObject: template,
@@ -298,19 +306,22 @@ export const GenerateDocuments = async (templates) => {
  await RenderTemplates(templates, bodyshop);
 };

-const fetchContextData = async (templateObject) => {
+const fetchContextData = async (templateObject, jsrAuth) => {
  const bodyshop = store.getState().user.bodyshop;

-  jsreport.headers["Authorization"] =
+  jsreport.headers["FirebaseAuthorization"] =
    "Bearer " + (await auth.currentUser.getIdToken());

-  const folders = await axios.get(`${server}/odata/folders`);
+  const folders = await cleanAxios.get(`${server}/odata/folders`, {
+    headers: { Authorization: jsrAuth },
+  });
  const shopSpecificFolder = folders.data.value.find(
    (f) => f.name === bodyshop.imexshopid
  );

-  const jsReportQueries = await axios.get(
-    `${server}/odata/assets?$filter=name eq '${templateObject.name}.query'`
+  const jsReportQueries = await cleanAxios.get(
+    `${server}/odata/assets?$filter=name eq '${templateObject.name}.query'`,
+    { headers: { Authorization: jsrAuth } }
  );

  let templateQueryToExecute;
--- a/hasura/metadata/tables.yaml
+++ b/hasura/metadata/tables.yaml
@@ -694,6 +694,9 @@
        num_retries: 3
        timeout_sec: 60
      webhook_from_env: HASURA_API_URL
+      headers:
+        - name: event-secret
+          value_from_env: EVENT_SECRET
      request_transform:
        method: POST
        query_params: {}
@@ -4112,6 +4115,9 @@
        num_retries: 3
        timeout_sec: 60
      webhook_from_env: HASURA_API_URL
+      headers:
+        - name: event-secret
+          value_from_env: EVENT_SECRET
      request_transform:
        method: POST
        query_params: {}
@@ -4562,6 +4568,9 @@
        num_retries: 3
        timeout_sec: 60
      webhook_from_env: HASURA_API_URL
+      headers:
+        - name: event-secret
+          value_from_env: EVENT_SECRET
      request_transform:
        method: POST
        query_params: {}
@@ -5015,6 +5024,9 @@
        num_retries: 3
        timeout_sec: 60
      webhook_from_env: HASURA_API_URL
+      headers:
+        - name: event-secret
+          value_from_env: EVENT_SECRET
      request_transform:
        method: POST
        query_params: {}
@@ -5957,6 +5969,9 @@
        num_retries: 3
        timeout_sec: 60
      webhook_from_env: HASURA_API_URL
+      headers:
+        - name: event-secret
+          value_from_env: EVENT_SECRET
      request_transform:
        method: POST
        query_params: {}
--- a/hasura/migrations/1682703406197_run_sql_migration/down.sql
+++ b/hasura/migrations/1682703406197_run_sql_migration/down.sql
@@ -0,0 +1,3 @@
+-- Could not auto-generate a down migration.
+-- Please write an appropriate down migration for the SQL below:
+-- CREATE INDEX idx_associations_active_true ON associations(active) WHERE active = true;
--- a/hasura/migrations/1682703406197_run_sql_migration/up.sql
+++ b/hasura/migrations/1682703406197_run_sql_migration/up.sql
@@ -0,0 +1 @@
+CREATE INDEX idx_associations_active_true ON associations(active) WHERE active = true;
--- a/hasura/migrations/1682703475365_create_index_idx_associations_shopid_user/down.sql
+++ b/hasura/migrations/1682703475365_create_index_idx_associations_shopid_user/down.sql
@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "public"."idx_associations_shopid_user";
--- a/hasura/migrations/1682703475365_create_index_idx_associations_shopid_user/up.sql
+++ b/hasura/migrations/1682703475365_create_index_idx_associations_shopid_user/up.sql
@@ -0,0 +1,2 @@
+CREATE  INDEX "idx_associations_shopid_user" on
+  "public"."associations" using btree ("shopid", "useremail", "active");
--- a/server.js
+++ b/server.js
@@ -123,7 +123,11 @@ app.post(
  twilio.webhook({ validate: process.env.NODE_ENV === "PRODUCTION" }),
  smsStatus.status
 );
-app.post("/sms/markConversationRead", smsStatus.markConversationRead);
+app.post(
+  "/sms/markConversationRead",
+  fb.validateFirebaseIdToken,
+  smsStatus.markConversationRead
+);

 var job = require("./server/job/job");
 app.post("/job/totals", fb.validateFirebaseIdToken, job.totals);
@@ -147,11 +151,11 @@ app.post("/scheduling/job", fb.validateFirebaseIdToken, scheduling.job);
 var inlineCss = require("./server/render/inlinecss");
 app.post("/render/inlinecss", fb.validateFirebaseIdToken, inlineCss.inlinecss);

-app.post(
-  "/notifications/send",
+// app.post(
+//   "/notifications/send",

-  fb.sendNotification
-);
+//   fb.sendNotification
+// );
 app.post("/notifications/subscribe", fb.validateFirebaseIdToken, fb.subscribe);
 app.post(
  "/notifications/unsubscribe",
@@ -188,13 +192,13 @@ app.post(
 );

 //Stripe Processing
-var stripe = require("./server/stripe/payment");
-app.post("/stripe/payment", fb.validateFirebaseIdToken, stripe.payment);
-app.post(
-  "/stripe/mobilepayment",
-  fb.validateFirebaseIdToken,
-  stripe.mobile_payment
-);
+// var stripe = require("./server/stripe/payment");
+// app.post("/stripe/payment", fb.validateFirebaseIdToken, stripe.payment);
+// app.post(
+//   "/stripe/mobilepayment",
+//   fb.validateFirebaseIdToken,
+//   stripe.mobile_payment
+// );

 //Tech Console
 var tech = require("./server/tech/tech");
@@ -202,7 +206,7 @@ app.post("/tech/login", fb.validateFirebaseIdToken, tech.techLogin);

 var utils = require("./server/utils/utils");
 app.post("/utils/time", utils.servertime);
-
+app.post("/utils/jsr", fb.validateFirebaseIdToken, utils.jsrAuth);
 var qbo = require("./server/accounting/qbo/qbo");
 app.post("/qbo/authorize", fb.validateFirebaseIdToken, qbo.authorize);
 app.get("/qbo/callback", qbo.callback);
@@ -215,7 +219,7 @@ app.post("/data/ah", data.autohouse);
 app.post("/record-handler/arms", data.arms);

 var taskHandler = require("./server/tasks/tasks");
-app.post("/taskHandler", taskHandler.taskHandler);
+app.post("/taskHandler", fb.validateFirebaseIdToken, taskHandler.taskHandler);

 var mixdataUpload = require("./server/mixdata/mixdata");

@@ -228,10 +232,10 @@ app.post(

 var ioevent = require("./server/ioevent/ioevent");
 app.post("/ioevent", ioevent.default);
-app.post("/newlog", (req, res) => {
-  const { message, type, user, record, object } = req.body;
-  logger.log(message, type, user, record, object);
-});
+// app.post("/newlog", (req, res) => {
+//   const { message, type, user, record, object } = req.body;
+//   logger.log(message, type, user, record, object);
+// });

 var os = require("./server/opensearch/os-handler");
 app.post(
--- a/server/accounting/pbs/pbs-ap-allocations.js
+++ b/server/accounting/pbs/pbs-ap-allocations.js
@@ -164,7 +164,7 @@ async function PbsCalculateAllocationsAp(socket, billids) {

      let APAmount = Dinero();
      Object.keys(billHash).map((key) => {
-        if (billHash[key].Amount.getAmount() > 0) {
+        if (billHash[key].Amount.getAmount() > 0 || billHash[key].Amount.getAmount() < 0) {
          transactionObject.Posting.Lines.push({
            ...billHash[key],
            Amount: billHash[key].Amount.toFormat("0.00"),
--- a/server/data/arms.js
+++ b/server/data/arms.js
@@ -50,7 +50,7 @@ async function getEntegralShopData() {
 }

 exports.default = async (req, res) => {
-  res.sendStatus(200);
+  res.sendStatus(401);
  return;
  //Query for the List of Bodyshop Clients.
  const job = req.body.event.data.new;
--- a/server/data/autohouse.js
+++ b/server/data/autohouse.js
@@ -40,6 +40,14 @@ exports.default = async (req, res) => {

  const specificShopIds = req.body.bodyshopIds; // ['uuid]
  const { start, end, skipUpload } = req.body; //YYYY-MM-DD
+  if (
+    !start ||
+    !moment(start).isValid ||
+    req.headers["x-imex-auth"] !== process.env.AUTOHOUSE_AUTH_TOKEN
+  ) {
+    res.sendStatus(401);
+    return;
+  }
  const allxmlsToUpload = [];
  const allErrors = [];
  try {
@@ -772,7 +780,9 @@ const CreateCosts = (job) => {
        billTotalsByCostCenters[
          job.bodyshop.md_responsibility_centers.defaults.costs.MAPA
        ] = Dinero({
-          amount: (job.mixdata[0] && job.mixdata[0].totalliquidcost * 100) || 0,
+          amount: Math.round(
+            ((job.mixdata[0] && job.mixdata[0].totalliquidcost) || 0) * 100
+          ),
        });
      } else {
        billTotalsByCostCenters[
@@ -799,7 +809,7 @@ const CreateCosts = (job) => {
            (job.bodyshop.jc_hourly_rates &&
              job.bodyshop.jc_hourly_rates.mapa * 100) ||
            0,
-        }).multiply(materialsHours.mapaHrs)
+        }).multiply(job.job_totals.rates.mapa.hours)
      );
    }
  }
--- a/server/email/sendemail.js
+++ b/server/email/sendemail.js
@@ -28,7 +28,7 @@ exports.sendServerEmail = async function ({ subject, text }) {
    transporter.sendMail(
      {
        from: `ImEX Online API - ${process.env.NODE_ENV} <noreply@imex.online>`,
-        to: ["patrick@imexsystems.ca"],
+        to: ["patrick@imexsystems.ca", "support@thinkimex.com"],
        subject: subject,
        text: text,
        ses: {
--- a/server/job/job-costing.js
+++ b/server/job/job-costing.js
@@ -626,7 +626,7 @@ function GenerateCostingData(job) {
        billTotalsByCostCenters.additionalCosts[
          job.bodyshop.md_responsibility_centers.defaults.costs.MAPA
        ] = Dinero({
-          amount: (job.mixdata[0] && job.mixdata[0].totalliquidcost * 100) || 0,
+          amount: Math.round((job.mixdata[0] && job.mixdata[0].totalliquidcost || 0) * 100)
        });
      } else {
        billTotalsByCostCenters.additionalCosts[
--- a/server/job/job-status-transition.js
+++ b/server/job/job-status-transition.js
@@ -17,7 +17,7 @@ require("dotenv").config({
 });
 async function StatusTransition(req, res) {
  if (req.headers["event-secret"] !== process.env.EVENT_SECRET) {
-    res.status(403).send("Unauthorized");
+    res.status(401).send("Unauthorized");
    return;
  }
  res.sendStatus(200);
--- a/server/opensearch/os-handler.js
+++ b/server/opensearch/os-handler.js
@@ -45,6 +45,10 @@ const getClient = async () => {
 };

 async function OpenSearchUpdateHandler(req, res) {
+  if (req.headers["event-secret"] !== process.env.EVENT_SECRET) {
+    res.status(401).send("Unauthorized");
+    return;
+  }
  try {
    var osClient = await getClient();
    // const osClient = new Client({
--- a/server/utils/utils.js
+++ b/server/utils/utils.js
@@ -1,3 +1,12 @@
 exports.servertime = (req, res) => {
  res.status(200).send(new Date());
 };
+
+exports.jsrAuth = async (req, res) => {
+  res.send(
+    "Basic " +
+      Buffer.from(
+        `${process.env.JSR_USER}:${process.env.JSR_PASSWORD}`
+      ).toString("base64")
+  );
+};
Author	SHA1	Message	Date
swtmply	3c3f9521f6	IO-2266 fixed key issue causing option to duplicate	2023-05-05 23:43:48 +08:00
Patrick Fic	6155b8bf24	Merged in release/2023-05-05 (pull request #754 ) Add firebase auth to JSR call.	2023-05-04 21:04:16 +00:00
Patrick Fic	2586855f11	Add firebase auth to JSR call.	2023-05-04 13:33:16 -07:00
Patrick Fic	b3b3c4c737	Merged in release/2023-05-05 (pull request #752 ) Resolve health check	2023-05-04 20:26:04 +00:00
Patrick Fic	abe5fadeea	Resolve health check	2023-05-04 13:25:45 -07:00
Patrick Fic	f1a10e0df4	Merged in release/2023-05-05 (pull request #750 ) Release/2023 05 05	2023-05-04 19:57:22 +00:00
Patrick Fic	7dc3c00628	Revert "Merged in feature/IO-1722-job-size-color (pull request #746 )" This reverts commit `7594f53e88`, reversing changes made to `b861957342`.	2023-05-04 12:50:28 -07:00
John Allen Delos Reyes	7594f53e88	Merged in feature/IO-1722-job-size-color (pull request #746 ) Feature/IO-1722 job size color Approved-by: Patrick Fic	2023-05-04 19:03:30 +00:00
Patrick Fic	b861957342	Additional security hardening.	2023-05-04 11:59:39 -07:00
swtmply	2bf24ff5a1	IO-1722 refactor color function	2023-05-04 23:00:37 +08:00
swtmply	833baca9cc	Merge branch 'feature/IO-1722-job-size-color' of https://bitbucket.org/snaptsoft/bodyshop into feature/IO-1722-job-size-color	2023-05-04 01:27:24 +08:00
swtmply	889ef61185	IO-1722 fixed spacing on translations	2023-05-04 01:25:17 +08:00
swtmply	add1eddbc1	IO-1722 added translations	2023-05-04 01:18:16 +08:00
swtmply	0cabd80b94	IO-1722 job size color in production card	2023-05-04 00:39:50 +08:00
Patrick Fic	7f756bab88	Merged in feature/IO-2190-Autohouse (pull request #743 ) IO-2190 Autohouse & Job Costing	2023-05-02 21:53:40 +00:00
Allan Carr	99b847822f	Merged in feature/IO-2190-Autohouse (pull request #742 ) IO-2190 Autohouse & Job Costing Approved-by: Patrick Fic	2023-05-02 21:52:50 +00:00
Allan Carr	f66d9b8c09	IO-2190 Autohouse & Job Costing Insure that amount going into Dinero is Integer	2023-05-02 14:51:47 -07:00
Patrick Fic	5660de42af	Add support email to server side emails.	2023-05-02 12:31:18 -07:00
Patrick Fic	ccbe92c275	Merged in feature/IO-2190-Autohouse (pull request #741 ) IO-2190 Correct lookup location for MAPA Hrs	2023-05-02 17:06:12 +00:00
Allan Carr	b0ea8a71fb	Merged in feature/IO-2190-Autohouse (pull request #738 ) IO-2190 Correct lookup location for MAPA Hrs Approved-by: Patrick Fic	2023-05-01 22:30:13 +00:00
Allan Carr	060871306f	Merged in feature/IO-2257-PBS-EXPORT-CREDIT (pull request #737 ) IO-2257 PBS Export of Credits Approved-by: Patrick Fic	2023-05-01 22:30:00 +00:00
Allan Carr	2eb4e142ff	IO-2190 Correct lookup location for MAPA Hrs	2023-05-01 13:48:18 -07:00
Patrick Fic	adf8cf9e8d	Additional hasura indexes.	2023-05-01 13:05:59 -07:00
Allan Carr	79a90bb9ee	IO-2257 PBS Export of Credits Amounts less then 0 (ie all credits) would not get pushed to transactionObject. Expand to be both sides of zero to allow for credits within transactionObject	2023-04-27 17:13:37 -07:00
				`@@ -0,0 +1 @@`
				`CREATE INDEX idx_associations_active_true ON associations(active) WHERE active = true;`
				`@@ -0,0 +1 @@`
				`DROP INDEX IF EXISTS "public"."idx_associations_shopid_user";`