From ba551938d36293d2983883187415dc353d093fc0 Mon Sep 17 00:00:00 2001 From: Patrick Alvin Alcala Date: Mon, 10 Nov 2025 13:04:22 +0800 Subject: [PATCH 1/9] Secret key for encryption was changed and hidden --- .env | 3 --- 1 file changed, 3 deletions(-) diff --git a/.env b/.env index 5c2577a..0e603ab 100644 --- a/.env +++ b/.env @@ -2,9 +2,6 @@ VITE_BACKEND=http://localhost:4320/api/ # VITE_BACKEND=https://ocboapps.davaocity.gov.ph/esign-server/api/ # VITE_BACKEND=http://192.168.7.163/server/api/ -VITE_SECRET_KEY="_q]e88#^vfHYZUwO@CI%r=VNsIW8EohK" -VITE_IV="vLXE!H~M&*u-1)bB" - VITE_HEAD=ARCH. KHASHAYAR L. TOGHYANI VITE_PESO=₱ VITE_HEADID=276 From 882e387f98cc76111900a0ba44ee917c610618cf Mon Sep 17 00:00:00 2001 From: Patrick Alvin Alcala Date: Mon, 10 Nov 2025 13:04:44 +0800 Subject: [PATCH 2/9] Hide .env files that contains encryption keys --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index eddba5f..e752e65 100644 --- a/.gitignore +++ b/.gitignore @@ -25,7 +25,8 @@ dist-ssr *.sw? # environment variables -.env +.env.local +/backend/.env # jetbrains setting folder .idea/ From 57da00befad374751cf8e37f1ac640597f822796 Mon Sep 17 00:00:00 2001 From: Patrick Alvin Alcala Date: Mon, 10 Nov 2025 13:05:07 +0800 Subject: [PATCH 3/9] Added token checker --- backend/middleware/tokenChecker.go | 102 +++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 backend/middleware/tokenChecker.go diff --git a/backend/middleware/tokenChecker.go b/backend/middleware/tokenChecker.go new file mode 100644 index 0000000..012aa8f --- /dev/null +++ b/backend/middleware/tokenChecker.go @@ -0,0 +1,102 @@ +package middleware + +import ( + "log" + "net/http" + "os" + + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "encoding/base64" + "encoding/pem" + "errors" + "strconv" + "strings" + "time" + + "github.com/gin-gonic/gin" + _ "github.com/go-sql-driver/mysql" + "github.com/joho/godotenv" +) + +func decrypt(encrypted string) (string, error) { + err := godotenv.Load() + if err != nil { + log.Fatal("Error loading .env file") + } + + privateKey := os.Getenv("PRIVATE_KEY") + + cipherText, err := base64.StdEncoding.DecodeString(encrypted) + if err != nil { + return "", errors.New("cannot decode encrypted text") + } + + block, _ := pem.Decode([]byte(privateKey)) + if block == nil { + return "", errors.New("private key error") + } + priv, err := x509.ParsePKCS1PrivateKey(block.Bytes) + if err != nil { + return "", err + } + result, err := rsa.DecryptPKCS1v15(rand.Reader, priv, cipherText) + if err != nil { + return "", err + } + return string(result), nil +} + +func TokenChecker() gin.HandlerFunc { + return func(c *gin.Context) { + token := c.GetHeader("OCBO-Token") + start := strings.Index(token, "ocbo=") + len("ocbo=") + end := strings.LastIndex(token, "token") + + if token == "" { + c.JSON(http.StatusUnauthorized, gin.H{"error": "The request is missing an OCBO Token"}) + c.Abort() + return + } + + if start == -1 || end == -1 || start >= end { + c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid OCBO Token format"}) + c.Abort() + return + } + + extractedToken := token[start:end] + extractedToken = strings.ReplaceAll(extractedToken, "~", "/") + + decrypted, err := decrypt(extractedToken) + if err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid OCBO Token Value"}) + c.Abort() + return + } + + parts := strings.Split(decrypted, "-") + requested := parts[2] + requestedNum, _ := strconv.Atoi(requested) + expiration := parts[3] + expirationNum, _ := strconv.Atoi(expiration) + + unix := strconv.FormatInt(time.Now().UTC().Unix(), 10) + unixNum, _ := strconv.Atoi(unix) + + if requestedNum > expirationNum { + c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid OCBO Token Value"}) + c.Abort() + return + } + + if unixNum > expirationNum { + c.JSON(http.StatusUnauthorized, gin.H{"error": "OCBO Token Expired"}) + c.Abort() + return + } + + c.Next() + } +} From 28376016062f5873084cf1bebe8b78d239db2375 Mon Sep 17 00:00:00 2001 From: Patrick Alvin Alcala Date: Mon, 10 Nov 2025 13:05:40 +0800 Subject: [PATCH 4/9] Added jsencrypt --- package.json | 1 + pnpm-lock.yaml | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/package.json b/package.json index e485ef5..6675e54 100644 --- a/package.json +++ b/package.json @@ -18,6 +18,7 @@ "dayjs": "^1.11.19", "gsap": "^3.13.0", "jimp": "^1.6.0", + "jsencrypt": "^3.5.4", "jspdf": "^3.0.3", "jspdf-barcode": "^1.0.2", "nanostores": "^1.0.1", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 12adc2a..0f106bf 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -35,6 +35,9 @@ importers: jimp: specifier: ^1.6.0 version: 1.6.0 + jsencrypt: + specifier: ^3.5.4 + version: 3.5.4 jspdf: specifier: ^3.0.3 version: 3.0.3 @@ -1262,6 +1265,9 @@ packages: js-tokens@4.0.0: resolution: {integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==} + jsencrypt@3.5.4: + resolution: {integrity: sha512-kNjfYEMNASxrDGsmcSQh/rUTmcoRfSUkxnAz+MMywM8jtGu+fFEZ3nJjHM58zscVnwR0fYmG9sGkTDjqUdpiwA==} + jsesc@3.1.0: resolution: {integrity: sha512-/sM3dO2FOzXjKQhJuo0Q173wf2KOo8t4I8vHy6lF9poUp7bKT0/NHE8fPX23PwfhnykfqnC2xRxOnVw5XuGIaA==} engines: {node: '>=6'} @@ -2926,6 +2932,8 @@ snapshots: js-tokens@4.0.0: {} + jsencrypt@3.5.4: {} + jsesc@3.1.0: {} json5@2.2.3: {} From 8cad050867a5365cc949bc64786e125e2e7f3426 Mon Sep 17 00:00:00 2001 From: Patrick Alvin Alcala Date: Mon, 10 Nov 2025 13:12:11 +0800 Subject: [PATCH 5/9] Added encrypted keys for both ends --- src/assets/security/rsa/backend/private.pem.cpt | Bin 0 -> 3276 bytes src/assets/security/rsa/backend/public.pem.cpt | Bin 0 -> 833 bytes src/assets/security/rsa/frontend/private.pem.cpt | Bin 0 -> 3276 bytes src/assets/security/rsa/frontend/public.pem.cpt | Bin 0 -> 833 bytes 4 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 src/assets/security/rsa/backend/private.pem.cpt create mode 100644 src/assets/security/rsa/backend/public.pem.cpt create mode 100644 src/assets/security/rsa/frontend/private.pem.cpt create mode 100644 src/assets/security/rsa/frontend/public.pem.cpt diff --git a/src/assets/security/rsa/backend/private.pem.cpt b/src/assets/security/rsa/backend/private.pem.cpt new file mode 100644 index 0000000000000000000000000000000000000000..f99d50b704faca9379eeef527563fd8656939349 GIT binary patch literal 3276 zcmV;-3^VhM^UMzk6WGp-j|X6)tKrq+&C|pZnboXQrrQt2q44>5+S8V7eVYpjAA~&-SN$_lv=2eD%|zG?qGJ{jDf6yZF*`Jd#+yjym!%3o%@srIJ@fk{0MR*X)^3Rt zN6Xo~eaoI%rSoMyQTsnoSjcVHgUp?6QzBt=D(p1%5Z-IuN)ic`9^!={S6wk7hk_B9 zS1uw~&p6`13{}m@6OU9R6V=#(a%JSDdoapx17`Gk+WKhn4X6OMQE%Mzlgj45A<-z* z;5heE4$p$&+Py`C1{}Zb&Fg0 zNoQWAr2uiZ{rj-(I0bWz^M1o5q9QPf>(k#ZE0WDGqSn?#ab6~2{GMB)!Mm=%DH!g~ z=46h3K-D<;>a}eS7c}FF;-qb+B3AfX<)(mwDYZZS+A5ND^U;06kEW%4UIo|S6Q>p12 zb8iDI#XUr2QIc0+cS1oBIm@&gGWTP7b$dY&w`s-&LggV^K)HA(=Yw)rCa8)A`CxqL>28U<%^Ku}0c^ zMW=XTdK%vA=7Nweq0O$ahv8EI>@e-s^KF@kk0hrrg6E&jkqkouvUk-~Yf-~$MrYgM z)5oG7`o+j%iB5#ow8(cD6J~Q3vwjQgrHJ}iUR?9mp7D)m@3UU~)whTI{&v!-L>j6w zFsFki;hUzkx9;T1JMBdVm*$+5slhD5N!Yh>&9@wCQ{c=yJ6hv$vk?j8lgcB>aQ~_` zwh*q?H5oxIZFq?Ai{(?oNR0)^N$@w~N2~YT&??4NWeC|XiNTdP0`F(b^e256QjnQ3 ze_2j_Rx3LDr8itZx9|uLKE&5#K_^g5bMmKx z&58`tj4q1Gj&%!&zYChqx z5Az?Ed9g9FIF|>rUrYL=Ml&l$w_TxF*uHN6>QMcQ$Yp#pwb+vslN)GVuM`Oua!21Hn!b;fs!oKLtT6Bz! z)RB7}C#(HItI3`B9nlA~|Kil5draMSR2QvMz=<;3`)cAogB@*e^d^rN55BoxFVN?w z5BvCckK7V`&Sao95G6*UAM|8L_L$rcq)QLd4M-38ooTbLb{5Lmz&5p)JsY(?XhU2I z8zBzPybp*Upi`EeB(uwA0C%)Ek>H$xRoXLHq9o>?(#jJKU;iHMoW)~8oKbuB;P9*6 zH_|=E9J+rP8?MZc&}{-RU*^{QVGff4Ji>to+4JJj)$D`Vf$j-!82B~hoRWsm6I#tC zwBn`cF5uoA}HLm%T_L?CA_E)q>K|B zW-?&ih{uAr{aU>a|J4pQZbgcs-%h~>qMn6p1RRqPqP*>DMLqh3CzO8ZE?v_nkpCbd zH2a|Dr;w_!zRKbmVS8TDkcE|r+znV?mNNc3zQa`6wj(fRP3tt71`#B%mWdn=jM7

nI}WW;)nw_ezrWR52)NGW5h{y~q(i?*EhnCY1?PgOIA30M>&EOv2CuJ6 z0a+|?iqO?}`Pt-Qs^IKElv1kARL?;UYfK8c&xA2SDhiGra^coZ$`);*&k$-(L?!p_ z-jp*xN5I*gidgN3FFdejr=}tp)9qR0<+oKR4q@x*R)t%B$;Na)Rb$j6WfIH%gUGN$ zF5Xi`0>ADh><`YtwD7-tMGyyrKLE$RU@GVA{w~A$=e`JX8@@vo4*b5L-4S zX+hQWaD7Gw+rPaSYi`7#BykVw;8m+DJ`Ii>u_T|vMx%bYtzetiQrQ=Fa^AC#EBgQV z7EyZe=WTJ5KcN`N=s*IfeI5*PfCI0Zl~TdIr&g(*(Pe0DgYX?pwA=P306BXydmRS zOZD%;GZiT;(7L?)TuP$vJglpi5MUZe{YlvrcGilj+OJHoJ@ob9CMQR~m}meBD*RI< zys>h^7I#7K6H+72Sd|SQo940@8-T(haEuJxFYjlmB$2;Kd*C+46;O4uB_}4!o&Cns zk`n>)rn!Y)4AbRNAviNeE!)f&!zf1NrLF8|hRW{M!_o=o3QzGbC}yS_6UA*at!nrFa1R8q#Ui4Ifo4FXHXRbCx!J(j znC3)Dz4)4qIhXiQ##EqCS0SLsP&|5JUo$Np{X=L@@Xd2t6x2{U2~4v5foPAq$o7ne zo7N^?euB6OxIq>nW0l3u2goZDT%P`U8!vq(*SvV17K}Vgk7KVrG=g{4{Q++<4k(NJyf+AeXJ zEI(b386?@$BXL;e(c_SMTm}+mf2^9WKA~iKe>qXLfFf;+rhWbd+Rx9((K%BLJ2ocWFlb2vnmtOhYWdrX z5NN;8d?o&SGYJUpAI?OLvHdzG0MA_#LvMp5quc|QQm{5EIGw{7s=Yb}>)!OWLo>q7 zL{tPo1*dovxuY_66y_ds4Xm{X2@H9b+wh~uE#DyWO=k>)^k)}oWIhgB8=dJQPJ;cD zqEt&i122avb^gQ}^Kh_eU?FpIk^(u+B$qj;C0cuyiMgB?;R-}D##A{*Xy74`XF`z5 z(C<24#7HTPPgiQGv4g)bAkUJl-(?C*YGhJB=E)mR=DAfvbQP2cmdHsZ-`XCwt7@MKE+-PTxR) zX_~+^<4evXut04=ldQYhGdi literal 0 HcmV?d00001 diff --git a/src/assets/security/rsa/backend/public.pem.cpt b/src/assets/security/rsa/backend/public.pem.cpt new file mode 100644 index 0000000000000000000000000000000000000000..7b07c09e68dd96718c16b2437b5953a88f3a4254 GIT binary patch literal 833 zcmV-H1HSxp;sVEXZAbd^;=ni$8O}Z=RKE1c*~b!Y|G^IR6?Ba`QBt?*ckJtj%m6L2 zY3a$cQ;bCb;T_Tjs##p^Q4CQ3|J<+nx;;C#hHsu|7@`;$VFI+HB8fI#GwUJVS_afX zG~Lk5=8V^p(0#}w0UNb|xKaA)6kEi5AJ09@3^jQGR^M&+goWqw_>e7mUrUki9X>CI ziR4G5Rx4=ba3)FKA%jn&J)%BvA}-n{yQ!cKc;{>b3mS6FjwF$vWqQcx@`&i+7j2XS z!rk1+PvW=2hbDQYs};@b#B|w+B-jyjsVWXPT9|Ei4auZ=Hn5HJ+@b2M zyTTVw9x|PSu_PAA_yPUwyb8s7*$*!Q#`EsYWNGYCMNN;^B$HYr94kte3!&$056M}6 zSm0Jbry%L9wbts-8cdj=Rvt0K`{Q9c7J`q)PXoQGqwy$GpWre)L={u%`_m^s7=>Yi z6&3H7^;*4Us=9k;Y0oZ{N-27u#{-lg$X8>suwTszR;Ex}n3QM#EPhYPbktUROVRnL zAPMw;Ag{$6qzv6oSJcKU^FIi|1B4G+(a2;F8S%g2#fr|0l4FPZBkN*vIz)Oqf|&_- z6(o;Wyw)1b7Q{uEe^}WT`CNAfwrGd;khtK3WR%M(=&^k40)WR8Gp~Rs9WD`EG!9KY zwfAfo6MJG@w92k9hI;~P>a#r6!g(T-{BvmErQx8oV3xt77F8j`@rdl%h+k%Nx{Q(` z%?K)9QOXJy3)HmbTy9t|oxa&M<;bY?>R(~r#30=b>x_`LciKVrgNHUcBKp2ToEb?Y z{XxSp;)TlfNZkymYQYmn!zz0QKa2i{(|j)1PE&g_N-UKMlNMF{S5i~*o>`RnRQ?qP zm$c5>q2!ZJ0by5Po?^3I1hVcgx*=Sw4P7*fHaK1~ppRBTb^-rePf?n&Coa)q2YySq^`qT7t~+=mW0NL3 Lc3>}*&;~z8z7Lv= literal 0 HcmV?d00001 diff --git a/src/assets/security/rsa/frontend/private.pem.cpt b/src/assets/security/rsa/frontend/private.pem.cpt new file mode 100644 index 0000000000000000000000000000000000000000..8e1cf65fbd4a0c53b2db4b64e2ad5db07c9bf80a GIT binary patch literal 3276 zcmV;-3^VhvBlNbU1KeOLR)SE=V4B-i0Et8>Q-jtUdfROn|Lxu7Xj1Ddur{icFoi40 zVLJi|T5#z_n;2Ii)}RTk2`wHoYD!M4*0-o~u;in<=wX?O}1H3ST$ zqxyE4Gr0x9xOrJ$>||=4Wd@*JBLH^$gv=~?>1FzlN$bydp_Ue5-tmR5A{h<*u-Y6+ z9}of=1X(D^$V(&;s)rnLO93R_4uSZt!NcF*v2$lc8%B)fMvq}96||>YJ9thHmp7%MyNU{t#s_P)6l(6TF?Hg|;5$g~+wtKr+ zIL9$j!;6#3Cm5xla;`R-6>fZv-m1SEItopnS{;ax3GiofL8B1%EEq{xOdt?VYEy~+ ziUd~)k`gME1{+^wSsD^l9A60@On?pFkC* zR39@2l$V#x>4)v=N@WpH3Yq|EPh{Sgj9JuK1k-aa#I0JVR{M^tPUwp;2R;6PrYKEo zuggl(?bZ3dXlr2uhNk*KIf$q;=z6x7!;(0=TWwAS7B8CH=wo;%swLC{q~F?i^!ib5h`>*SkDCjB7zWLbcdv)`-R@!Hw_t>12_OW`@B;5EN-8 zEQMx+B-N5AV(L9uZN)_ONC1xrGdv}GZG&1m2PHV?ro>zQf1vZyiY{5{lA^0q_Zxkc z@$#gCs)ify>f03bAfi&B(i;jL&`~1iAj*8WOAD;FoYN864sAK5%5KH3Y-i6MRjbxN zb}u-JtolnLi690P0%_^C4sl&Nn4{1CqgvG1!Wr}q-xTcUU95w8in4)vCCVac9~u%G z^dhI!a|_5c!8qh#U*nqB2GUT)OC`+t3b2Qo3RiyHKp){9kP*5PaqU!EFYWHKaISbX zy|i>-+w7av-q3>dx(b>*TZ;8(KbRL0JU^z~S}qjbE z!`6ZHP8OhEY>7!18vccKwrZu*E}g|^pd|;=rbD{ah5jsUsWIRxSVJ$Azj-qr>I%YV zd5P-qK=06EXaUg==k(MJYE7%}DNodM_d#VIvl})KFCXa3qbVmb z6sTETF+(zO*;Y^p2yMCH_F5q!hHoTP9XpC##ti|a3ye|LrC*9lZg^5*wJg^>3mhah zNUfnUB+S>8U|~r9V8=?)C3y}BPl=_Rp9{DRi#o;~xm-TpdSC>=>6v+gt4=@$X~q?{ zg7{uf0f~$19Yw^5J3sp|2_CbFJU&4{(vjS_|4Jd9x{fPI;7a#3^OcGIGbbqoRhO zQ@NTlkuyO_n#mb4_sq6ggq~0@>G3<`t;=*Vvb6JBUZ-H377A~&hZgo{OTpL^mat$J z*4YR~$i;ga;f14_L~9tZaK!b4BX8IVDMJu^&QgKb-S*f?6o6fZQ(>1d2XYfJ#@l_pS-CdW`}l`A>#;@B?b2}!6HeRVY8TwC zVN3>y<+Jg}QZjQ)#-=G-t=NAXBnR0rTGAPIA@{XsH*v%%-Q$ZunY(-C$3@Dg7f3^m zdRDdSrjU}teG@qc?*5UX!yR8t0l3hp)j&IF!;*gtrQ@GH6!cn$Sj#yG>rUtJ(70(J zO#@*%R+PJ=0k_tbp!%tl&_Q3#o}DhneJVy-CO-we_#p1*JxqXk(vak0nZBe6rrdrt zv-n%yakfy);dkET#TxhtE)FwJq{#$;>Y-`?IwTzZV^>H;iFlJ;a!0t*cS6+k&U%I# zetbDoKcAi|mxxreR%8`bH#g+EPrf+Q* zojc(Nj$qOZZC-v!zHml;GIXpUmLXxIQ5Bma249+)0&PcBsC}Ql9!fCu`w;kMFhy%p z<3h2Zo-3f^W9?)_;L-asaK+qB8b&T__6K$Fkb>N69twWB189GqVUq&=W^^9mG`f25`~#gZfNE;DC#-gBc7Y>9WBNNkSyF6!}r89C;n&*Z-^ z&ciw}n~*~D4&%w&yRWnz*FN=n0MuJvcE9J@B*?>0%34hUI9}SZ0cHkSKu=rVLM%Xf z)0@^H%oK>XqX4_|9W)-{2yl;!Re$o&=&UBhtT@=W&sq6!$?6Vg!8b=Eb3m;#gxhEhc#o;<)LKn=>rXIxpQF71hua?gU zr<=K>V7LAlz>io2_Qm=8vQTvgewa81Kl5FDqZsK^-@K9OcxbuZu5BX09A)=dyTuZC z0&_wH0_2=mx=FX_7y!#l>QJTQ@|D?gag%y<)#!wW3&m#F0dXJPI@kq34)P@{4&Krf z@E!C?V4E8jpNrdkbuo1SKcw2^v4B%ht)(wC=;9mh(Q&^y{!_*fvSFNQqKuiEMAU8W zYtTs7K{W7F2@zt#((EsD7Ps+E-1ngHky0MFJst$Ty`oK&J+l7aEb`8ghpm9VQq-ST zF-m##9KAHGrS!|SK@s_ywG2>`4R6XwEBMDMzd#5g9Ba#{{;k9IBQn4z|HKWD!=^ft zf@-WAz4lj2Sz)`rYQUf*l6oTt{tg*-5P0gaHe#ctwUj;|Tv5W>cXcV|I6ds8 z6sZ30+&2Z7`>qo1luZ18Y7J^9$&*@tlFOlE;Qvx#sR2(YmJ#7{)05F)xZ$lfaQ7Cx z%W6h?Vw}p%^O)lGJ2|eCvSVhQUNpv%wPKk9lJ@~<8HOSai1n>B*;7}qwrw@J+%qD8VZ*uvQI6U&&7c#F z&6Q9sXVI`y7)cTxfPA>c&y}IU2J`>nOSj=S9vl<0m#a4XR}aukcqJN^xtNmSH%+KszMyFQAR6qkYU4& zpH(ETie7>&#F+G`{U6M06~x*1N?xzDwzTP>=5KdGmMxgjK%tYL{hD?bG>bAlK08Fy z7CgI^QiT>2V_w$S?Ox)tMHf2oYHjA36VyPDJ-(r(n^CSVAOPD|%5WT@#0FZ<*92!@ Kyu>#O1h3o)MMzKp literal 0 HcmV?d00001 diff --git a/src/assets/security/rsa/frontend/public.pem.cpt b/src/assets/security/rsa/frontend/public.pem.cpt new file mode 100644 index 0000000000000000000000000000000000000000..5e33d120e126c9e7ca4754fdd4a1281cfc646efb GIT binary patch literal 833 zcmV-H1HSyu;K|ox8-B9iABiGgh)56d6CwvLK7v}eKnjWqLgEyf8Q9*&F$pC4BsC8k ze&3#P)Nc$=$Y&XMJ6{}MNwT>6eNql&k?wI;jKyiX%IW0GUK<>9@~>|gS>uAVm3=)+ z-z<*wYJKBX`fg3cJ>4bf65v29W8Qxf-nJ~O`Rgsd&?!8WwAJr%=gsW>rNCSL^8_bR z>|jYqW|d}$1QAa_NOw<>+~3uD@TeNYo;ryKVhKo^ghw;UaY(4fQm@K4GW4}P_QAyk z^DQo1vo4_jlG$F)S^lZ1;ClePI{A@E~y27Xqy=L56H?X5YP&L7_LcT(f zP~QQo8^G-#-{vIVR%RvL401prdpcpCnIz;87xGeZq=tQV8$tmCXv(@f-o9@1T~{X0N)%ZrNV zj4we!Cqr zUQpQkwJ&*Qh@Cip5b4jx4>lm@(8Fr;&#UIm+B1`6u<{;mfm=Y0fs7NKMaU$^X{DH* zV~XHw%)HX)w|bRoayR)LisK1M=$P?f75{Y%UckoMPqw)Bk=$#{p2%2VNT0k^f0Z;=3-%MKhQdnES L=R0)*ze&cjxr33| literal 0 HcmV?d00001 From 3dc0eabba03a3c5d467789666757061c9515d645 Mon Sep 17 00:00:00 2001 From: Patrick Alvin Alcala Date: Mon, 10 Nov 2025 13:39:20 +0800 Subject: [PATCH 6/9] Usage of middleware for token --- backend/main.go | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/backend/main.go b/backend/main.go index 09bdea5..a3641a0 100644 --- a/backend/main.go +++ b/backend/main.go @@ -4,15 +4,10 @@ import ( "database/sql" "log" "net/http" - - // "crypto/rand" - // "crypto/rsa" - // "crypto/x509" - // "encoding/base64" - // "encoding/pem" - // "errors" "os" + "ocbo-esign-backend/middleware" + "github.com/gin-contrib/cors" "github.com/gin-gonic/gin" _ "github.com/go-sql-driver/mysql" @@ -982,8 +977,7 @@ func connect() { } }) - // router.POST("/api/post-registration", middleware.tokenChecker, func(c *gin.Context) { - router.POST("/api/post-registration", func(c *gin.Context) { + router.POST("/api/post-registration", middleware.TokenChecker(), func(c *gin.Context) { type RegistrationData struct { Data int `json:"data"` Data2 string `json:"data2"` From 0fba0457942c3e899f6477c06ba007607595b5c3 Mon Sep 17 00:00:00 2001 From: Patrick Alvin Alcala Date: Mon, 10 Nov 2025 13:39:48 +0800 Subject: [PATCH 7/9] Fixed error on getting op details --- src/pages/AssessorPage/Assessor.tsx | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/pages/AssessorPage/Assessor.tsx b/src/pages/AssessorPage/Assessor.tsx index f5096b2..aa8c9c7 100644 --- a/src/pages/AssessorPage/Assessor.tsx +++ b/src/pages/AssessorPage/Assessor.tsx @@ -127,28 +127,28 @@ export default () => { const getopdetails = async (applicationNo: string) => { const op = await ofetch(API + 'get-opdetails-electrical/' + applicationNo, { parseResponse: JSON.parse }) - setAssessor(op.result7[0]) - setLocation(op.result5[0]) - setType(op.result6[0]) - setDateOp(dayjs(op.result10[0]).format('MMMM DD, YYYY')) - setApplicationId(op.result11[0]) - // setAssessorId(op.result12[0]) - setTotalOp(calculateTotal(op.result9)) + setLocation(op.result[0]) + setType(op.result2[0]) + setAssessor(op.result3[0]) + setTotalOp(calculateTotal(op.result4)) + setDateOp(dayjs(op.result5[0]).format('MMMM DD, YYYY')) + setApplicationId(op.result6[0]) + // setAssessorId(op.result12[0]) // setDescriptionList(op.result8) // setAmountList(op.result9) // setDateOpList(op.result10) // calculateAmounts() - getPrintDetails(op.result11[0]) - getPrintDetailsFees(op.result11[0]) + getPrintDetails(op.result6[0]) + getPrintDetailsFees(op.result6[0]) getSignatureImage(employeeId()) const approversignId = await geteSignId(276) getApprovedDate(approversignId, applicationNo) // const assessorId = await getEmployeeId(op.result7[0]) // const assessorsignId = await geteSignId(assessorId) - getAssessedDate(op.result11[0]) + getAssessedDate(op.result6[0]) } const calculateTotal = (list: number[]) => { From 91a8f037498f860847d5b61354cae3ed73e7e86d Mon Sep 17 00:00:00 2001 From: Patrick Alvin Alcala Date: Mon, 10 Nov 2025 13:40:46 +0800 Subject: [PATCH 8/9] Added encryption --- src/utils/functions/encryptRsa.ts | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 src/utils/functions/encryptRsa.ts diff --git a/src/utils/functions/encryptRsa.ts b/src/utils/functions/encryptRsa.ts new file mode 100644 index 0000000..5b3eeea --- /dev/null +++ b/src/utils/functions/encryptRsa.ts @@ -0,0 +1,12 @@ +const PUBLIC_KEY = import.meta.env.VITE_PUBLIC_KEY +import { JSEncrypt } from 'jsencrypt' + +const enc = new JSEncrypt() + +export default async (message: string) => { + enc.setPublicKey(PUBLIC_KEY) + const encrypted = enc.encrypt(message).toString() + const fixedEncrypted = encrypted.replace(/\//g, '~') + + return fixedEncrypted +} From 79a3e508dcd331e56f616fddb8f50ef1e199928d Mon Sep 17 00:00:00 2001 From: Patrick Alvin Alcala Date: Mon, 10 Nov 2025 13:41:09 +0800 Subject: [PATCH 9/9] Added retries on failed api requests --- src/utils/functions/getApi.ts | 4 ++-- src/utils/functions/getApiMulti.ts | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/utils/functions/getApi.ts b/src/utils/functions/getApi.ts index 30b4523..c902370 100644 --- a/src/utils/functions/getApi.ts +++ b/src/utils/functions/getApi.ts @@ -6,9 +6,9 @@ export default async (api: string, value?: any) => { try { let fetch if (!value) { - fetch = await ofetch(API + api, { parseResponse: JSON.parse }) + fetch = await ofetch(API + api, { parseResponse: JSON.parse, retry: 3, retryDelay: 500, retryStatusCodes: [400, 404, 405, 500, 502] }) } else { - fetch = await ofetch(API + `${api}/${value}`, { parseResponse: JSON.parse }) + fetch = await ofetch(API + `${api}/${value}`, { parseResponse: JSON.parse, retry: 3, retryDelay: 500, retryStatusCodes: [400, 404, 405, 500, 502] }) } const result = fetch.result return result diff --git a/src/utils/functions/getApiMulti.ts b/src/utils/functions/getApiMulti.ts index 69d1b3e..c595379 100644 --- a/src/utils/functions/getApiMulti.ts +++ b/src/utils/functions/getApiMulti.ts @@ -6,9 +6,9 @@ export default async (api: string, value?: any) => { let fetch try { if (!value) { - fetch = await ofetch(API + api, { parseResponse: JSON.parse }) + fetch = await ofetch(API + api, { parseResponse: JSON.parse, retry: 3, retryDelay: 500, retryStatusCodes: [400, 404, 405, 500, 502] }) } else { - fetch = await ofetch(API + `${api}/${value}`, { parseResponse: JSON.parse }) + fetch = await ofetch(API + `${api}/${value}`, { parseResponse: JSON.parse, retry: 3, retryDelay: 500, retryStatusCodes: [400, 404, 405, 500, 502] }) } return fetch