Added new api and fixed some

2026-03-30 14:53:31 +08:00 · 2026-03-30 14:53:31 +08:00 · 094dd08707
commit 094dd08707
parent 2ee284b3e6
1 changed files with 58 additions and 3 deletions
--- a/backend/main.go
+++ b/backend/main.go
@ -40,7 +40,7 @@ func getCORSConfig(env string) cors.Config {
 		}
 	case "prod":
 		return cors.Config{
-			AllowOrigins: []string{"https://ocboapps.davaocity.gov.ph", "https://esign.patalcala.com", "http://localhost:8080", "http://192.168.7.183"},
+			AllowOrigins: []string{"https://ocboapps.davaocity.gov.ph", "https://esign.patalcala.com"},
 			AllowMethods: []string{"GET", "POST", "OPTIONS", "DELETE"},
 			// AllowHeaders:     []string{"Origin", "OCBO-Token", "Content-Length", "Content-Type", "X-Server", "Authorization"},
 			AllowHeaders:     []string{"*"},
@ -1492,7 +1492,18 @@ func connect() {
 			})

 		case "check-esigntransaction":
-			err := db.QueryRow("SELECT COUNT(esign_transactionsid) FROM esign_transactions WHERE referenceNo = ?", data).Scan(&result)
+			err := db.QueryRow("SELECT COUNT(esign_transactionsid) AS result FROM esign_transactions WHERE referenceNo = ?", data).Scan(&result)
+			if err != nil {
+				c.AbortWithError(http.StatusBadRequest, err)
+				c.String(http.StatusBadRequest, err.Error())
+				return
+			}
+			c.JSON(http.StatusOK, gin.H{
+				"result": result,
+			})
+
+		case "check-esignlock":
+			err := db.QueryRow("SELECT COUNT(esign_lockid) AS result FROM esign_lock WHERE referenceNo = ?", data).Scan(&result)
 			if err != nil {
 				c.AbortWithError(http.StatusBadRequest, err)
 				c.String(http.StatusBadRequest, err.Error())
@ -2707,7 +2718,7 @@ func connect() {
 		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
 		c.Writer.Header().Set("X-Server", "OCBO Server")

-		dbpost, err := dbpop.Prepare("DELETE FROM esign_transactions WHERE referenceNo = ?")
+		dbpost, err := db.Prepare("DELETE FROM esign_transactions WHERE referenceNo = ?")
 		if err != nil {
 			c.AbortWithError(http.StatusInternalServerError, err)
 			c.String(http.StatusInternalServerError, "Internal Server Error")
@ -2732,5 +2743,49 @@ func connect() {
 		}
 	})

+	router.DELETE("/api/delete-esignlock", middleware.TokenChecker(), func(c *gin.Context) {
+		type DeleteLock struct {
+			Data string `json:"data"`
+		}
+		var deleteLock DeleteLock
+		if err := c.ShouldBindJSON(&deleteLock); err != nil {
+			c.String(http.StatusBadRequest, "Invalid request body")
+			return
+		}
+
+		c.Writer.Header().Set("X-XSS-Protection", "1; mode=block")
+		c.Writer.Header().Set("X-Content-Type-Options", "nosniff")
+		c.Writer.Header().Set("X-DNS-Prefetch-Control", "off")
+		c.Writer.Header().Set("X-Frame-Options", "DENY")
+		c.Writer.Header().Set("X-Download-Options", "noopen")
+		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
+
+		dbpost, err := db.Prepare("DELETE FROM esign_lock WHERE referenceNo = ?")
+		if err != nil {
+			c.AbortWithError(http.StatusInternalServerError, err)
+			c.String(http.StatusInternalServerError, "Internal Server Error")
+			return
+		}
+		defer dbpost.Close()
+
+		exec, err := dbpost.Exec(deleteLock.Data)
+		if err != nil {
+			panic(err.Error())
+		}
+
+		affect, err := exec.RowsAffected()
+		if err != nil {
+			panic(err.Error())
+		}
+
+		if affect > 0 {
+			c.String(http.StatusOK, "Success on Deleting eSign Lock")
+		} else {
+			c.String(http.StatusInternalServerError, "Failed on Deleting eSign Lock")
+		}
+	})
+
 	router.Run(":4320")
 }