Intento de Creador

backend/src/index.js

@@ -23,21 +23,41 @@ app.get('/', (req, res) => {
   res.send('ALPR Backend Running');
 });
 
+const authRoutes = require('./routes/auth');
+const { authenticateToken, isAdmin } = require('./middleware/auth');
+
+app.use('/api/auth', authRoutes);
+
 // Plates CRUD
-app.get('/api/plates', async (req, res) => {
+app.get('/api/plates', authenticateToken, async (req, res) => {
   try {
-    const plates = await prisma.plate.findMany();
+    // Users see their own plates? Or all? 
+    // Requirement: "usuarios al agregar nuevas patentes, deberan ser permitidas por el administrador"
+    // Let's users see all but maybe status distinguishes them.
+    // For now, let's return all.
+    const plates = await prisma.plate.findMany({
+      include: { addedBy: { select: { username: true } } }
+    });
     res.json(plates);
   } catch (err) {
     res.status(500).json({ error: err.message });
   }
 });
 
-app.post('/api/plates', async (req, res) => {
-  const { number, owner, status } = req.body;
+app.post('/api/plates', authenticateToken, async (req, res) => {
+  const { number, owner } = req.body;
+  const isAdm = req.user.role === 'ADMIN';
+  // Admin -> ALLOWED, User -> PENDING
+  const status = isAdm ? 'ALLOWED' : 'PENDING';
+
   try {
     const plate = await prisma.plate.create({
-      data: { number, owner, status: status || 'ALLOWED' }
+      data: {
+        number,
+        owner,
+        status,
+        addedById: req.user.id
+      }
     });
     res.json(plate);
   } catch (err) {
@@ -45,6 +65,37 @@ app.post('/api/plates', async (req, res) => {
   }
 });
 
+// Admin: Approve/Reject Plate
+app.put('/api/plates/:id/approve', authenticateToken, isAdmin, async (req, res) => {
+  const { id } = req.params;
+  const { status } = req.body; // ALLOWED or DENIED
+
+  if (!['ALLOWED', 'DENIED'].includes(status)) {
+    return res.status(400).json({ error: 'Invalid status' });
+  }
+
+  try {
+    const plate = await prisma.plate.update({
+      where: { id: parseInt(id) },
+      data: { status }
+    });
+    res.json(plate);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// Admin: Delete Plate (Optional but good to have)
+app.delete('/api/plates/:id', authenticateToken, isAdmin, async (req, res) => {
+  const { id } = req.params;
+  try {
+    await prisma.plate.delete({ where: { id: parseInt(id) } });
+    res.json({ message: 'Plate deleted' });
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
 // History Endpoint
 app.get('/api/history', async (req, res) => {
   const { date } = req.query; // Format: YYYY-MM-DD
@@ -159,7 +210,28 @@ app.post('/api/detect', async (req, res) => {
   }
 });
 
+const bcrypt = require('bcryptjs');
+
 const PORT = process.env.PORT || 3000;
-server.listen(PORT, () => {
+server.listen(PORT, async () => {
   console.log(`Server running on port ${PORT}`);
+
+  // Seed Admin User if none exists
+  try {
+    const userCount = await prisma.user.count();
+    if (userCount === 0) {
+      console.log('No users found. Creating default admin user...');
+      const hashedPassword = await bcrypt.hash('admin123', 10);
+      await prisma.user.create({
+        data: {
+          username: 'admin',
+          password: hashedPassword,
+          role: 'ADMIN'
+        }
+      });
+      console.log('Default admin created: admin / admin123');
+    }
+  } catch (err) {
+    console.error('Error seeding admin user:', err);
+  }
 });

backend/src/middleware/auth.js

@@ -0,0 +1,26 @@
+const jwt = require('jsonwebtoken');
+
+const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key-change-this';
+
+const authenticateToken = (req, res, next) => {
+    const authHeader = req.headers['authorization'];
+    const token = authHeader && authHeader.split(' ')[1];
+
+    if (!token) return res.sendStatus(401);
+
+    jwt.verify(token, JWT_SECRET, (err, user) => {
+        if (err) return res.sendStatus(403);
+        req.user = user;
+        next();
+    });
+};
+
+const isAdmin = (req, res, next) => {
+    if (req.user && req.user.role === 'ADMIN') {
+        next();
+    } else {
+        res.status(403).json({ error: 'Admin access required' });
+    }
+};
+
+module.exports = { authenticateToken, isAdmin, JWT_SECRET };

backend/src/routes/auth.js

@@ -0,0 +1,77 @@
+const express = require('express');
+const router = express.Router();
+const jwt = require('jsonwebtoken');
+const bcrypt = require('bcryptjs');
+const { PrismaClient } = require('@prisma/client');
+const { JWT_SECRET, authenticateToken, isAdmin } = require('../middleware/auth');
+
+const prisma = new PrismaClient();
+
+// Register (Protected - Admin only or Open? Plan said Admin creates users)
+// Let's allow open registration but default to USER role, or only Admin can create.
+// Requirement: "administrador sea capaz de crear y borrar usuarios".
+// So we will make register protected by isAdmin or just login.
+// For initial setup we might need a seed or allow open registration for the first user.
+// Let's implement a public login and a protected register for now.
+
+router.post('/login', async (req, res) => {
+    const { username, password } = req.body;
+
+    try {
+        const user = await prisma.user.findUnique({ where: { username } });
+        if (!user) return res.status(400).json({ error: 'User not found' });
+
+        const validPassword = await bcrypt.compare(password, user.password);
+        if (!validPassword) return res.status(400).json({ error: 'Invalid password' });
+
+        const token = jwt.sign({ id: user.id, username: user.username, role: user.role }, JWT_SECRET, { expiresIn: '1h' });
+        res.json({ token, role: user.role, username: user.username });
+    } catch (err) {
+        res.status(500).json({ error: err.message });
+    }
+});
+
+// Admin: Create User
+router.post('/register', authenticateToken, isAdmin, async (req, res) => {
+    const { username, password, role } = req.body;
+
+    try {
+        const hashedPassword = await bcrypt.hash(password, 10);
+        const user = await prisma.user.create({
+            data: {
+                username,
+                password: hashedPassword,
+                role: role || 'USER'
+            }
+        });
+        res.json({ message: 'User created', userId: user.id });
+    } catch (err) {
+        res.status(500).json({ error: err.message });
+    }
+});
+
+// Admin: Delete User
+router.delete('/:id', authenticateToken, isAdmin, async (req, res) => {
+    const { id } = req.params;
+    try {
+        await prisma.user.delete({ where: { id: parseInt(id) } });
+        res.json({ message: 'User deleted' });
+    } catch (err) {
+        res.status(500).json({ error: err.message });
+    }
+});
+
+// Admin: List Users
+router.get('/', authenticateToken, isAdmin, async (req, res) => {
+    try {
+        const users = await prisma.user.findMany({
+            select: { id: true, username: true, role: true } // Don't return passwords
+        });
+        res.json(users);
+    } catch (err) {
+        res.status(500).json({ error: err.message });
+    }
+});
+
+
+module.exports = router;