diff --git a/backend/main.go b/backend/main.go index 29fac77..adc0657 100644 --- a/backend/main.go +++ b/backend/main.go @@ -31,7 +31,7 @@ func getCORSConfig(env string) cors.Config { case "dev": return cors.Config{ AllowOrigins: []string{"http://localhost:5173"}, - AllowMethods: []string{"GET", "POST", "OPTIONS"}, + AllowMethods: []string{"GET", "POST", "OPTIONS", "DELETE"}, AllowHeaders: []string{"Origin", "OCBO-Token", "Content-Length", "Content-Type", "X-Server"}, ExposeHeaders: []string{"Content-Length"}, AllowCredentials: true, @@ -39,7 +39,7 @@ func getCORSConfig(env string) cors.Config { case "prod": return cors.Config{ AllowOrigins: []string{"https://ocboapps.davaocity.gov.ph", "https://esign.patalcala.com"}, - AllowMethods: []string{"GET", "POST", "OPTIONS"}, + AllowMethods: []string{"GET", "POST", "OPTIONS", "DELETE"}, // AllowHeaders: []string{"Origin", "OCBO-Token", "Content-Length", "Content-Type", "X-Server", "Authorization"}, AllowHeaders: []string{"*"}, ExposeHeaders: []string{"Content-Length"}, @@ -1419,7 +1419,7 @@ func connect() { "result": result, }) - case "get-totalamount-electrical": + case "get-totalamount-electrical": err := db.QueryRow(`SELECT IFNULL(SUM(amount), 0) AS result FROM electrical_orderofpayment_new WHERE electricalid = (SELECT electricalid FROM electrical WHERE electricalNo = ?)`, data).Scan(&result) if err != nil { c.AbortWithError(http.StatusBadRequest, err) @@ -1430,8 +1430,19 @@ func connect() { "result": result, }) - case "check-popsrecord": - err := dbpop.QueryRow("SELECT COUNT(OrderPayId) AS result FROM orderpaydetail WHERE oprefid = ?" , data).Scan(&result) + case "check-popsrecord": + err := dbpop.QueryRow("SELECT COUNT(OrderPayId) AS result FROM orderpaydetail WHERE oprefid = ?", data).Scan(&result) + if err != nil { + c.AbortWithError(http.StatusBadRequest, err) + c.String(http.StatusBadRequest, err.Error()) + return + } + c.JSON(http.StatusOK, gin.H{ + "result": result, + }) + + case "get-opdata-electrical": + err := db.QueryRow(`SELECT IFNULL(CONCAT(electricalid, '-', assessedbyid, '-', reviewedbyid, '-', SUM(ref_bldgcomputationsheetid), '-', SUM(amount)),'') AS result FROM electrical_orderofpayment_new WHERE electricalid = (SELECT electricalid FROM electrical WHERE electricalNo = ?)`, data).Scan(&result) if err != nil { c.AbortWithError(http.StatusBadRequest, err) c.String(http.StatusBadRequest, err.Error()) @@ -2265,5 +2276,221 @@ func connect() { }) + router.POST("/api/save-lockdata", middleware.TokenChecker(), func(c *gin.Context) { + type saveLockData struct { + Data string `json:"data"` //referenceNo + Data2 string `json:"data2"` //lock_data + } + var savelockData saveLockData + if err := c.ShouldBindJSON(&savelockData); err != nil { + c.String(http.StatusBadRequest, "Invalid request body") + return + } + + c.Writer.Header().Set("X-XSS-Protection", "1; mode=block") + c.Writer.Header().Set("X-Content-Type-Options", "nosniff") + c.Writer.Header().Set("X-DNS-Prefetch-Control", "off") + c.Writer.Header().Set("X-Frame-Options", "DENY") + c.Writer.Header().Set("X-Download-Options", "noopen") + c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") + + dbpost, err := db.Prepare("INSERT INTO esign_lock (esign_lockid, ?, ?)") + if err != nil { + c.AbortWithError(http.StatusInternalServerError, err) + c.String(http.StatusInternalServerError, "Internal Server Error") + return + } + defer dbpost.Close() + + exec, err := dbpost.Exec(savelockData.Data, savelockData.Data2) + if err != nil { + panic(err.Error()) + } + + affect, err := exec.RowsAffected() + if err != nil { + panic(err.Error()) + } + + if affect > 0 { + c.String(http.StatusOK, "Success on Saving Lock Data") + } else { + c.String(http.StatusInternalServerError, "Failed on Saving Lock Data") + } + }) + + router.DELETE("/api/delete-orderofpayment-electrical", middleware.TokenChecker(), func(c *gin.Context) { + type DeleteOP struct { + Data int `json:"data"` + } + var deleteOp DeleteOP + if err := c.ShouldBindJSON(&deleteOp); err != nil { + c.String(http.StatusBadRequest, "Invalid request body") + return + } + + c.Writer.Header().Set("X-XSS-Protection", "1; mode=block") + c.Writer.Header().Set("X-Content-Type-Options", "nosniff") + c.Writer.Header().Set("X-DNS-Prefetch-Control", "off") + c.Writer.Header().Set("X-Frame-Options", "DENY") + c.Writer.Header().Set("X-Download-Options", "noopen") + c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") + + var isPaid int + checkErr := db.QueryRow("SELECT is_paid FROM electrical_orderofpayment_new WHERE electricalid = ?", deleteOp.Data).Scan(&isPaid) + if checkErr != nil { + c.AbortWithError(http.StatusInternalServerError, checkErr) + c.String(http.StatusInternalServerError, "Internal Server Error") + return + } + + if isPaid == 1 { + c.String(http.StatusBadRequest, "Order of Payment has Already been Paid") + return + } + + dbpost, err := db.Prepare("DELETE FROM electrical_orderofpayment_new WHERE electricalid = ? AND is_paid = 0") + if err != nil { + c.AbortWithError(http.StatusInternalServerError, err) + c.String(http.StatusInternalServerError, "Internal Server Error") + return + } + defer dbpost.Close() + + exec, err := dbpost.Exec(deleteOp.Data) + if err != nil { + panic(err.Error()) + } + + affect, err := exec.RowsAffected() + if err != nil { + panic(err.Error()) + } + + if affect > 0 { + c.String(http.StatusOK, "Success on Deleting Order of Payment") + } else { + c.String(http.StatusInternalServerError, "Failed on Deleting Order of Payment") + } + }) + + router.DELETE("/api/delete-orderofpayment-occupancy", middleware.TokenChecker(), func(c *gin.Context) { + type DeleteOP struct { + Data int `json:"data"` + } + var deleteOp DeleteOP + if err := c.ShouldBindJSON(&deleteOp); err != nil { + c.String(http.StatusBadRequest, "Invalid request body") + return + } + + c.Writer.Header().Set("X-XSS-Protection", "1; mode=block") + c.Writer.Header().Set("X-Content-Type-Options", "nosniff") + c.Writer.Header().Set("X-DNS-Prefetch-Control", "off") + c.Writer.Header().Set("X-Frame-Options", "DENY") + c.Writer.Header().Set("X-Download-Options", "noopen") + c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") + + var isPaid int + checkErr := db.QueryRow("SELECT is_paid FROM occupancy_orderofpayment WHERE occupancyid = ?", deleteOp.Data).Scan(&isPaid) + if checkErr != nil { + c.AbortWithError(http.StatusInternalServerError, checkErr) + c.String(http.StatusInternalServerError, "Internal Server Error") + return + } + + if isPaid == 1 { + c.String(http.StatusBadRequest, "Order of Payment has Already been Paid") + return + } + + dbpost, err := db.Prepare("DELETE FROM occupancy_orderofpayment WHERE occupancyid = ? AND is_paid = 0") + if err != nil { + c.AbortWithError(http.StatusInternalServerError, err) + c.String(http.StatusInternalServerError, "Internal Server Error") + return + } + defer dbpost.Close() + + exec, err := dbpost.Exec(deleteOp.Data) + if err != nil { + panic(err.Error()) + } + + affect, err := exec.RowsAffected() + if err != nil { + panic(err.Error()) + } + + if affect > 0 { + c.String(http.StatusOK, "Success on Deleting Order of Payment") + } else { + c.String(http.StatusInternalServerError, "Failed on Deleting Order of Payment") + } + }) + + router.DELETE("/api/void-op-local", middleware.TokenChecker(), func(c *gin.Context) { + type DeleteOPLocal struct { + Data int `json:"data"` + } + var deleteOpLocal DeleteOPLocal + if err := c.ShouldBindJSON(&deleteOpLocal); err != nil { + c.String(http.StatusBadRequest, "Invalid request body") + return + } + + c.Writer.Header().Set("X-XSS-Protection", "1; mode=block") + c.Writer.Header().Set("X-Content-Type-Options", "nosniff") + c.Writer.Header().Set("X-DNS-Prefetch-Control", "off") + c.Writer.Header().Set("X-Frame-Options", "DENY") + c.Writer.Header().Set("X-Download-Options", "noopen") + c.Writer.Header().Set("Referrer-Policy", "no-referrer") + c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';") + c.Writer.Header().Set("X-Server", "OCBO Server") + + var isPaid int + checkErr := db.QueryRow("SELECT COUNT(AFNum) FROM orderpaydetails WHERE OPRefId = ?", deleteOpLocal.Data).Scan(&isPaid) + if checkErr != nil { + c.AbortWithError(http.StatusInternalServerError, checkErr) + c.String(http.StatusInternalServerError, "Internal Server Error") + return + } + + if isPaid == 1 { + c.String(http.StatusBadRequest, "Error! Payment already exist.") + return + } + + dbpost, err := db.Prepare("DELETE FROM orderpaydetails WHERE OPRefId = ?") + if err != nil { + c.AbortWithError(http.StatusInternalServerError, err) + c.String(http.StatusInternalServerError, "Internal Server Error") + return + } + defer dbpost.Close() + + exec, err := dbpost.Exec(deleteOpLocal.Data) + if err != nil { + panic(err.Error()) + } + + affect, err := exec.RowsAffected() + if err != nil { + panic(err.Error()) + } + + if affect > 0 { + c.String(http.StatusOK, "Success on Deleting POPS Local") + } else { + c.String(http.StatusInternalServerError, "Failed on Deleting POPS Local") + } + }) + router.Run(":4320") }