Merge branch 'main' of https://github.com/itsnaveenk/bazar3

2025-12-19 21:17:06 +00:00 · 2025-03-18 21:38:09 +05:30 · 2025-03-18 21:38:09 +05:30 · a501ddf0d6
commit a501ddf0d6
parent 9f9da65ace 71bb8623ec
12 changed files with 99 additions and 56 deletions
--- a/nginx.conf
+++ b/nginx.conf
@ -0,0 +1,30 @@
+user  nginx;
+worker_processes  auto;
+
+http {
+  # ...existing code...
+
+  server {
+    server_name kings.com;
+    root /var/www/kings-frontend;  # Path to your built frontend files
+    index index.html;
+    location / {
+      try_files $uri $uri/ /index.html;
+    }
+    # ...existing code...
+  }
+
+  server {
+    server_name backend.kings.com;
+    location / {
+      proxy_pass http://localhost:3000; // Forward to your Node.js backend
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+      proxy_set_header Host $host;
+      # ...existing code...
+    }
+  }
+
+  # ...existing code...
+}
--- a/server/controllers/adminController.js
+++ b/server/controllers/adminController.js
@ -27,15 +27,17 @@ exports.publishResult = async (data, authorization) => {
  const [admin] = await db.query('SELECT id FROM admins WHERE session_token = ?', [token]);
  if (!admin) throw { status: 401, message: 'Unauthorized' };

-  const { team, date, result } = data;
+  const { team, date, result, announcement_time } = data; // renamed draw_time
  // validate if the team exists
  const teams = await db.query('SELECT id FROM teams WHERE name = ?', [team.toUpperCase()]);
  if (!teams.length) throw { status: 400, message: 'Team does not exist. Create team first.' };

  // publish result using team id
  await db.query(`
-    INSERT INTO results (team_id, result_date, result)
-    VALUES (?, ?, ?)
-    ON DUPLICATE KEY UPDATE result = VALUES(result)
-  `, [teams[0].id, date, result]);
+    INSERT INTO results (team_id, result_date, result, announcement_time)
+    VALUES (?, ?, ?, COALESCE(?, '00:00:00'))
+    ON DUPLICATE KEY UPDATE
+      result = VALUES(result),
+      announcement_time = VALUES(announcement_time)
+  `, [teams[0].id, date, result, announcement_time]);
 };
--- a/server/controllers/resultController.js
+++ b/server/controllers/resultController.js
@ -7,7 +7,7 @@ exports.getMonthlyResults = async (req, res) => {
      return res.status(400).json({ error: 'Team and month are required.' });
    }
    const results = await db.query(`
-      SELECT r.result, r.result_date
+      SELECT r.result, r.result_date, r.announcement_time
      FROM results r
      JOIN teams t ON r.team_id = t.id
      WHERE t.name = ? AND DATE_FORMAT(r.result_date, '%Y-%m') = ?
@ -28,7 +28,7 @@ exports.getDailyResults = async (req, res) => {
      return res.status(400).json({ error: 'Date query parameter is required.' });
    }
    const results = await db.query(`
-      SELECT t.name as team, r.result, r.result_date
+      SELECT t.name as team, r.result, r.result_date, r.announcement_time
      FROM results r
      JOIN teams t ON r.team_id = t.id
      WHERE r.result_date = ?
--- a/server/controllers/teamController.js
+++ b/server/controllers/teamController.js
@ -12,15 +12,15 @@ exports.getAllTeams = async (req, res) => {

 exports.createTeam = async (req, res) => {
  try {
-    const { name, announcement_time } = req.body;
+    const { name } = req.body;

-    if (!name || !announcement_time) {
-      return res.status(400).json({ error: 'Name and announcement time are required' });
+    if (!name) {
+      return res.status(400).json({ error: 'Name is required' });
    }

    await db.query(
-      'INSERT INTO teams (name, announcement_time) VALUES (?, ?)',
-      [name.toUpperCase(), announcement_time]
+      'INSERT INTO teams (name) VALUES (?)',
+      [name.toUpperCase()]
    );

    res.status(201).json({ success: true, message: 'Team created successfully' });
@ -33,26 +33,14 @@ exports.createTeam = async (req, res) => {
 exports.updateTeam = async (req, res) => {
  try {
    const { id } = req.params;
-    const { name, announcement_time } = req.body;
+    const { name } = req.body;

-    if (!name && !announcement_time) {
-      return res.status(400).json({ error: 'At least one field (name or announcement time) is required' });
+    if (!name) {
+      return res.status(400).json({ error: 'At least name is required' });
    }

-    const fields = [];
-    const values = [];
-
-    if (name) {
-      fields.push('name = ?');
-      values.push(name.toUpperCase());
-    }
-
-    if (announcement_time) {
-      fields.push('announcement_time = ?');
-      values.push(announcement_time);
-    }
-
-    values.push(id);
+    const fields = ['name = ?'];
+    const values = [name.toUpperCase(), id];

    await db.query(`UPDATE teams SET ${fields.join(', ')} WHERE id = ?`, values);

--- a/server/middlewares/validation.js
+++ b/server/middlewares/validation.js
@ -2,8 +2,7 @@ const Joi = require('joi');

 exports.validateTeam = (req, res, next) => {
  const schema = Joi.object({
-    name: Joi.string().max(100).required(),
-    announcement_time: Joi.string().pattern(/^([01]\d|2[0-3]):([0-5]\d):([0-5]\d)$/).required()
+    name: Joi.string().max(100).required()
  });

  const { error } = schema.validate(req.body);
--- a/server/postman_collection.json
+++ b/server/postman_collection.json
@ -44,7 +44,7 @@
        ],
        "body": {
          "mode": "raw",
-          "raw": "{\n  \"team\": \"BIKANER SUPER\",\n  \"date\": \"2025-03-12\",\n  \"result\": \"45\"\n}"
+          "raw": "{\n  \"team\": \"BIKANER SUPER\",\n  \"date\": \"2025-03-12\",\n  \"result\": \"45\",\n  \"announcement_time\": \"02:30:00\"\n}"
        },
        "url": {
          "raw": "http://localhost:3000/admin/results",
@ -77,11 +77,15 @@
          {
            "key": "Content-Type",
            "value": "application/json"
+          },
+          {
+            "key": "Authorization",
+            "value": "Bearer <SESSION_TOKEN>"
          }
        ],
        "body": {
          "mode": "raw",
-          "raw": "{\n  \"name\": \"NEW TEAM\",\n  \"announcement_time\": \"02:30:00\"\n}"
+          "raw": "{\n  \"name\": \"NEW TEAM\"\n}"
        },
        "url": {
          "raw": "http://localhost:3000/api/teams",
@ -100,11 +104,15 @@
          {
            "key": "Content-Type",
            "value": "application/json"
+          },
+          {
+            "key": "Authorization",
+            "value": "Bearer <SESSION_TOKEN>"
          }
        ],
        "body": {
          "mode": "raw",
-          "raw": "{\n  \"name\": \"UPDATED TEAM\",\n  \"announcement_time\": \"03:00:00\"\n}"
+          "raw": "{\n  \"name\": \"UPDATED TEAM\"\n}"
        },
        "url": {
          "raw": "http://localhost:3000/api/teams/1",
@ -119,7 +127,12 @@
      "name": "Delete Team",
      "request": {
        "method": "DELETE",
-        "header": [],
+        "header": [
+          {
+            "key": "Authorization",
+            "value": "Bearer <SESSION_TOKEN>"
+          }
+        ],
        "url": {
          "raw": "http://localhost:3000/api/teams/1",
          "protocol": "http",
@ -169,7 +182,7 @@
        ],
        "body": {
          "mode": "raw",
-          "raw": "{\n  \"name\": \"<script>alert('xss');</script>\",\n  \"announcement_time\": \"02:30:00\"\n}"
+          "raw": "{\n  \"name\": \"<script>alert('xss');</script>\"\n}"
        },
        "url": {
          "raw": "http://localhost:3000/api/teams",
--- a/server/readme.md
+++ b/server/readme.md
@ -106,27 +106,27 @@ The server will listen on the port specified in your `.env` file (default is 300

 ### Team Endpoints
 - **GET /api/teams**  
-  Retrieve all teams.
+  Retrieve all teams (public).
+
 - **POST /api/teams**  
-  Create a new team. Requires `name` and `announcement_time` in the body.
-  _Request Body Example:_
+  Create a new team (admin only).  
  ```json
  {
-    "name": "NEW TEAM",
-    "announcement_time": "02:30:00"
+    "name": "NEW TEAM"
  }
  ```
+
 - **PUT /api/teams/:id**  
-  Update a team.
+  Update a team (admin only, requires Bearer token).
+
 - **DELETE /api/teams/:id**  
-  Delete a team.
+  Delete a team (admin only, requires Bearer token).

 ### Testing Sanitization
 A sample endpoint (POST /api/teams) will sanitize HTML input. For example, sending:
 ```json
 {
-  "name": "<script>alert('xss');</script>",
-  "announcement_time": "02:30:00"
+  "name": "<script>alert('xss');</script>"
 }
 ```
 will have the `<` and `>` characters escaped to protect against XSS.
--- a/server/routes/public.js
+++ b/server/routes/public.js
@ -14,7 +14,7 @@ router.get('/results', async (req, res) => {
    }

    const [result] = await db.query(`
-      SELECT r.result, r.result_date, t.name AS team
+      SELECT r.result, r.result_date, r.announcement_time, t.name AS team
      FROM results r
      JOIN teams t ON r.team_id = t.id
      WHERE t.name = ? AND r.result_date = ?
@ -39,7 +39,7 @@ router.get('/today', async (req, res) => {
    }

    const results = await db.query(`
-      SELECT t.name AS team, r.result, r.result_date
+      SELECT t.name AS team, r.result, r.result_date, r.announcement_time
      FROM results r
      JOIN teams t ON r.team_id = t.id
      WHERE r.result_date = ?
--- a/server/routes/team.js
+++ b/server/routes/team.js
@ -2,13 +2,26 @@ const express = require('express');
 const router = express.Router();
 const teamController = require('../controllers/teamController');
 const { validateTeam } = require('../middlewares/validation');
+const db = require('../db');
+
+async function requireAdmin(req, res, next) {
+  try {
+    const token = req.headers.authorization?.split(' ')[1];
+    if (!token) return res.status(401).json({ error: 'Unauthorized' });
+    const [admin] = await db.query('SELECT id FROM admins WHERE session_token = ?', [token]);
+    if (!admin) return res.status(401).json({ error: 'Unauthorized' });
+    next();
+  } catch {
+    res.status(401).json({ error: 'Unauthorized' });
+  }
+}

 router.get('/', teamController.getAllTeams);

-router.post('/', validateTeam, teamController.createTeam);
+router.post('/', requireAdmin, validateTeam, teamController.createTeam);

-router.put('/:id', validateTeam, teamController.updateTeam);
+router.put('/:id', requireAdmin, validateTeam, teamController.updateTeam);

-router.delete('/:id', teamController.deleteTeam);
+router.delete('/:id', requireAdmin, teamController.deleteTeam);

 module.exports = router;
--- a/server/schema.sql
+++ b/server/schema.sql
@ -4,7 +4,6 @@ USE kingdb_prod;
 CREATE TABLE teams (
  id INT AUTO_INCREMENT PRIMARY KEY,
  name VARCHAR(100) NOT NULL UNIQUE,
-  announcement_time TIME NOT NULL,
  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
 );

@ -12,6 +11,7 @@ CREATE TABLE results (
  id INT AUTO_INCREMENT PRIMARY KEY,
  team_id INT NOT NULL,
  result_date DATE NOT NULL,
+  announcement_time TIME NOT NULL,
  result VARCHAR(10) NOT NULL,
  FOREIGN KEY (team_id) REFERENCES teams(id) ON DELETE CASCADE,
  UNIQUE KEY uniq_team_date (team_id, result_date)
--- a/server/scripts/test-api.js
+++ b/server/scripts/test-api.js
@ -17,8 +17,7 @@ const BASE_URL = 'http://localhost:3000';
    const createTeamResponse = await axios.post(
      `${BASE_URL}/api/teams`,
      {
-        name: 'NEW TEAM',
-        announcement_time: '02:30:00'
+        name: 'NEW TEAM'
      },
      {
        headers: { Authorization: `Bearer ${sessionToken}` }
@ -35,8 +34,7 @@ const BASE_URL = 'http://localhost:3000';
    const updateTeamResponse = await axios.put(
      `${BASE_URL}/api/teams/1`,
      {
-        name: 'UPDATED TEAM',
-        announcement_time: '03:00:00'
+        name: 'UPDATED TEAM'
      },
      {
        headers: { Authorization: `Bearer ${sessionToken}` }
--- a/server/server.js
+++ b/server/server.js
@ -10,7 +10,7 @@ const teamRoutes = require('./routes/team');

 const app = express();

-app.use(cors({ origin: ['http://localhost:3000', 'https://your-production-domain.com'] }));
+app.use(cors({ origin: ['http://localhost:3000', '*', 'https://your-production-domain.com'] }));
 app.use(express.json({ limit: '10kb' }));
 app.use(security.anonymizeIP);
 app.use(security.sanitizeInput);