M_Kececi/bssapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: M_Kececi:76fa2040b16a55ac0e25ac408f30aaabf7680bd7
Branches Tags
M_Kececi:master
..
compare: M_Kececi:master
Branches Tags
M_Kececi:master

114 Commits
76fa2040b1 ... master

Author SHA1 Message Date
M_Kececi
d9c527d13f Merge remote-tracking branch 'origin/master' 2026-02-20 08:52:06 +03:00
M_Kececi
f6b9793c41 Merge remote-tracking branch 'origin/master' 2026-02-20 08:50:05 +03:00
M_Kececi
1ced1b1649 Merge remote-tracking branch 'origin/master' 2026-02-19 12:28:13 +03:00
M_Kececi
76e7ca2e4a Merge remote-tracking branch 'origin/master' 2026-02-19 09:32:26 +03:00
M_Kececi
ed81fdf84f Merge remote-tracking branch 'origin/master' 2026-02-19 09:03:21 +03:00
M_Kececi
026c40c0b3 Merge remote-tracking branch 'origin/master' 2026-02-19 02:00:49 +03:00
M_Kececi
0136e6638b Merge remote-tracking branch 'origin/master' 2026-02-19 01:34:56 +03:00
M_Kececi
7184a40dd3 Merge remote-tracking branch 'origin/master' 2026-02-18 17:35:15 +03:00
M_Kececi
de58ef1043 Merge remote-tracking branch 'origin/master' 2026-02-18 16:58:46 +03:00
M_Kececi
744e20591d Merge remote-tracking branch 'origin/master' 2026-02-18 16:40:55 +03:00
M_Kececi
1263531edd Merge remote-tracking branch 'origin/master' 2026-02-18 16:40:37 +03:00
M_Kececi
d2bd0684c1 Merge remote-tracking branch 'origin/master' 2026-02-18 15:44:51 +03:00
M_Kececi
13f8801379 Merge remote-tracking branch 'origin/master' 2026-02-18 15:17:46 +03:00
M_Kececi
c3a1627152 Merge remote-tracking branch 'origin/master' 2026-02-18 15:09:47 +03:00
M_Kececi
727069910d Merge remote-tracking branch 'origin/master' 2026-02-18 14:34:21 +03:00
M_Kececi
1f95099677 Merge remote-tracking branch 'origin/master' 2026-02-18 14:24:50 +03:00
M_Kececi
dc36699a2b Merge remote-tracking branch 'origin/master' 2026-02-18 14:11:37 +03:00
M_Kececi
0e63370810 Merge remote-tracking branch 'origin/master' 2026-02-18 14:07:26 +03:00
M_Kececi
ea7d426436 Merge remote-tracking branch 'origin/master' 2026-02-18 14:02:58 +03:00
M_Kececi
369db87091 Merge remote-tracking branch 'origin/master' 2026-02-18 14:02:54 +03:00
M_Kececi
400220995b Merge remote-tracking branch 'origin/master' 2026-02-18 13:51:34 +03:00
M_Kececi
eff80a3211 Merge remote-tracking branch 'origin/master' 2026-02-17 15:02:51 +03:00
M_Kececi
00fc69601e Merge remote-tracking branch 'origin/master' 2026-02-17 14:14:48 +03:00
M_Kececi
3d508868c8 Merge remote-tracking branch 'origin/master' 2026-02-17 14:11:28 +03:00
M_Kececi
46c617b8f5 Merge remote-tracking branch 'origin/master' 2026-02-17 13:30:04 +03:00
M_Kececi
3bbb8539c7 Merge remote-tracking branch 'origin/master' 2026-02-17 13:21:00 +03:00
M_Kececi
5ca00065e6 fix(deploy): stabilize sass-embedded and runtime env files 2026-02-17 13:18:21 +03:00
M_Kececi
93446e6a69 Merge remote-tracking branch 'origin/master' 2026-02-17 13:13:25 +03:00
M_Kececi
4b455814b4 Merge remote-tracking branch 'origin/master' 2026-02-17 13:07:18 +03:00
M_Kececi
291603163b Merge remote-tracking branch 'origin/master' 2026-02-17 13:01:00 +03:00
M_Kececi
e4cdae58d4 fix(deploy): remove embedded install from script; pin sass-embedded linux runtime 2026-02-17 12:56:14 +03:00
M_Kececi
6483678267 Merge remote-tracking branch 'origin/master' 2026-02-17 12:49:56 +03:00
M_Kececi
fde9b4469f Merge remote-tracking branch 'origin/master' 2026-02-17 12:41:37 +03:00
M_Kececi
90ed98d59f Merge remote-tracking branch 'origin/master' 2026-02-17 12:35:46 +03:00
M_Kececi
88c20d844f Merge remote-tracking branch 'origin/master' 2026-02-17 12:32:04 +03:00
M_Kececi
cf8352dbaf Merge remote-tracking branch 'origin/master' 2026-02-17 12:27:55 +03:00
M_Kececi
5429305a6e Merge remote-tracking branch 'origin/master' 2026-02-17 12:26:41 +03:00
M_Kececi
88c189a48d Merge remote-tracking branch 'origin/master' 2026-02-17 12:23:24 +03:00
M_Kececi
8eaee91537 Merge remote-tracking branch 'origin/master' 2026-02-17 11:53:26 +03:00
M_Kececi
199390bc66 Merge remote-tracking branch 'origin/master' 2026-02-17 11:53:12 +03:00
M_Kececi
1c1df2521e fix: detach deploy to prevent EPIPE 2026-02-17 11:48:15 +03:00
M_Kececi
68790c9f4e fix: stable webhook deploy (EPIPE safe) 2026-02-17 11:44:32 +03:00
M_Kececi
3eac743225 Merge remote-tracking branch 'origin/master' 2026-02-17 11:41:41 +03:00
M_Kececi
d82cea0b54 Add deploy and webhook config 2026-02-17 11:29:24 +03:00
M_Kececi
8c0f18eee3 ui build 2026-02-17 11:24:55 +03:00
M_Kececi
3faaf57768 Merge remote-tracking branch 'origin/master' 2026-02-17 11:11:52 +03:00
M_Kececi
10adf327f4 Merge remote-tracking branch 'origin/master' 2026-02-17 11:11:34 +03:00
M_Kececi
47b3e9172f Merge remote-tracking branch 'origin/master' 2026-02-17 11:11:20 +03:00
Your Name
9cf575d71d Merge remote-tracking branch 'origin/master' 2026-02-17 11:06:55 +03:00
MEHMETKECECI
585e98afb8 Merge remote-tracking branch 'origin/master' 2026-02-17 10:15:17 +03:00
MEHMETKECECI
76ba649366 Ignore deploy public folder 2026-02-17 09:46:25 +03:00
MEHMETKECECI
801ed23cd9 Merge remote-tracking branch 'origin/master' 2026-02-17 09:07:49 +03:00
MEHMETKECECI
2c6515b580 add gitignore for ui build 2026-02-17 08:51:59 +03:00
MEHMETKECECI
6f842043b2 Merge remote-tracking branch 'origin/master' 2026-02-16 17:29:40 +03:00
MEHMETKECECI
7edf87055e Merge remote-tracking branch 'origin/master' 2026-02-16 17:22:14 +03:00
MEHMETKECECI
484512ff25 Merge remote-tracking branch 'origin/master' 2026-02-16 17:21:20 +03:00
MEHMETKECECI
0a14f87a3e Merge remote-tracking branch 'origin/master' 2026-02-16 16:51:45 +03:00
MEHMETKECECI
daedff2880 Merge remote-tracking branch 'origin/master' 2026-02-16 16:45:04 +03:00
MEHMETKECECI
54182e97c5 Merge remote-tracking branch 'origin/master' 2026-02-16 16:07:49 +03:00
MEHMETKECECI
14d71ba925 Merge remote-tracking branch 'origin/master' 2026-02-16 16:04:13 +03:00
MEHMETKECECI
5124ad78af Merge remote-tracking branch 'origin/master' 2026-02-16 15:53:00 +03:00
MEHMETKECECI
f8b07a6aea Merge remote-tracking branch 'origin/master' 2026-02-16 15:14:50 +03:00
MEHMETKECECI
f5f37089ac Merge remote-tracking branch 'origin/master' 2026-02-16 15:14:42 +03:00
MEHMETKECECI
4b01a0835d Merge remote-tracking branch 'origin/master' 2026-02-16 15:10:37 +03:00
MEHMETKECECI
82e51bbfcd Merge remote-tracking branch 'origin/master' 2026-02-16 15:08:37 +03:00
MEHMETKECECI
0a5ffe1407 Merge remote-tracking branch 'origin/master' 2026-02-16 15:07:21 +03:00
MEHMETKECECI
5a6350250a Merge remote-tracking branch 'origin/master' 2026-02-16 14:55:41 +03:00
MEHMETKECECI
9ce85ff6b8 Merge remote-tracking branch 'origin/master' 2026-02-16 14:18:49 +03:00
MEHMETKECECI
f6e1e7d00e fix: sanitize pdf font path 2026-02-16 14:07:38 +03:00
MEHMETKECECI
a514f4dcfa fix: enforce absolute pdf font path 2026-02-16 12:25:54 +03:00
MEHMETKECECI
2f9c917a08 fix: normalize pdf font path 2026-02-16 12:14:39 +03:00
MEHMETKECECI
cb415a6f63 Merge remote-tracking branch 'origin/master' 2026-02-16 12:08:55 +03:00
MEHMETKECECI
a1ab7508c6 Merge remote-tracking branch 'origin/master' 2026-02-16 12:03:59 +03:00
MEHMETKECECI
ec6d547641 Merge remote-tracking branch 'origin/master' 2026-02-16 11:59:14 +03:00
MEHMETKECECI
96b973b71f chore: remove runtime files from repo 2026-02-16 11:40:25 +03:00
MEHMETKECECI
5c5916f58c rebuild with new font loader 2026-02-16 11:37:59 +03:00
MEHMETKECECI
f767726617 fix: linux amd64 static build 2026-02-16 11:29:29 +03:00
MEHMETKECECI
fcd31c4d7f restore gitignore 2026-02-16 11:25:16 +03:00
MEHMETKECECI
756bbe137d build linux binary 2026-02-16 11:18:39 +03:00
MEHMETKECECI
cd8c8a6e9e Merge remote-tracking branch 'origin/master' 2026-02-16 11:10:04 +03:00
MEHMETKECECI
70f097806b Merge remote-tracking branch 'origin/master' 2026-02-16 09:46:08 +03:00
MEHMETKECECI
21db754045 Merge remote-tracking branch 'origin/master' 2026-02-16 09:35:11 +03:00
MEHMETKECECI
56e40de192 Merge remote-tracking branch 'origin/master' 2026-02-15 23:23:06 +03:00
MEHMETKECECI
f338ef1986 Merge remote-tracking branch 'origin/master' 2026-02-15 21:14:10 +03:00
MEHMETKECECI
e7a776aede Merge remote-tracking branch 'origin/master' 2026-02-15 21:13:58 +03:00
MEHMETKECECI
897b153cfc Merge remote-tracking branch 'origin/master' 2026-02-15 21:01:57 +03:00
MEHMETKECECI
babf77ae17 Merge remote-tracking branch 'origin/master' 2026-02-15 20:54:47 +03:00
MEHMETKECECI
43d018f492 Merge remote-tracking branch 'origin/master' 2026-02-15 05:37:41 +03:00
MEHMETKECECI
434908495e Merge remote-tracking branch 'origin/master' 2026-02-15 05:36:19 +03:00
MEHMETKECECI
a236686f7d Merge remote-tracking branch 'origin/master' 2026-02-15 05:31:32 +03:00
MEHMETKECECI
400fa38a49 Merge remote-tracking branch 'origin/master' 2026-02-14 21:07:17 +03:00
MEHMETKECECI
4be05573eb Merge remote-tracking branch 'origin/master' 2026-02-14 20:21:33 +03:00
MEHMETKECECI
9e18ac1398 Merge remote-tracking branch 'origin/master' 2026-02-14 20:08:56 +03:00
MEHMETKECECI
7d94573bdd Merge remote-tracking branch 'origin/master' 2026-02-14 19:59:03 +03:00
MEHMETKECECI
a2a756870d Merge remote-tracking branch 'origin/master' 2026-02-14 19:57:41 +03:00
MEHMETKECECI
d0f20674ea Merge remote-tracking branch 'origin/master' 2026-02-14 19:48:53 +03:00
MEHMETKECECI
237f73a923 Merge remote-tracking branch 'origin/master' 2026-02-14 19:44:53 +03:00
MEHMETKECECI
ce110ed86f Merge remote-tracking branch 'origin/master' 2026-02-14 16:55:10 +03:00
MEHMETKECECI
6d22f5874a Merge remote-tracking branch 'origin/master' 2026-02-14 16:44:36 +03:00
MEHMETKECECI
6105be3eb3 Merge remote-tracking branch 'origin/master' 2026-02-14 16:44:28 +03:00
MEHMETKECECI
fd5b8a2954 Merge remote-tracking branch 'origin/master' 2026-02-14 16:16:47 +03:00
MEHMETKECECI
14b3d86782 Merge remote-tracking branch 'origin/master' 2026-02-14 15:57:28 +03:00
MEHMETKECECI
f079ee80da Merge remote-tracking branch 'origin/master' 2026-02-14 15:49:40 +03:00
MEHMETKECECI
3bc3543010 Merge remote-tracking branch 'origin/master' 2026-02-14 15:28:15 +03:00
MEHMETKECECI
4355a09a15 Merge remote-tracking branch 'origin/master' 2026-02-14 15:02:54 +03:00
MEHMETKECECI
5eca170e97 Merge remote-tracking branch 'origin/master' 2026-02-14 14:59:13 +03:00
MEHMETKECECI
676724b5d5 Merge remote-tracking branch 'origin/master' 2026-02-14 14:58:13 +03:00
MEHMETKECECI
1874e4c0d3 Merge remote-tracking branch 'origin/master' 2026-02-14 14:56:17 +03:00
MEHMETKECECI
a3456d388d Merge remote-tracking branch 'origin/master' 2026-02-14 14:56:06 +03:00
MEHMETKECECI
e38421db45 Merge remote-tracking branch 'origin/master' 2026-02-14 14:53:37 +03:00
MEHMETKECECI
c6007c05cb Merge remote-tracking branch 'origin/master' 2026-02-14 14:43:41 +03:00
MEHMETKECECI
406d9e8ce5 Merge remote-tracking branch 'origin/master' 2026-02-14 11:44:15 +03:00
MEHMETKECECI
1d15b619f9 Merge remote-tracking branch 'origin/master' 2026-02-14 11:11:13 +03:00
MEHMETKECECI
7b0850eb4e Merge remote-tracking branch 'origin/master' 2026-02-14 10:40:23 +03:00
76 changed files with 4580 additions and 1221 deletions
Expand all files Collapse all files

12
.gitignore vendored Normal file
View File

@@ -0,0 +1,12 @@
# Node
node_modules/
# Build
dist/
# Deploy output
svc/public/
svc/public/**
ui/dist/
ui/dist/**

212
deploy/deploy.sh Normal file
View File

@@ -0,0 +1,212 @@
#!/bin/bash
set -euo pipefail
umask 022
export NODE_OPTIONS="--max_old_space_size=4096"
export CI="true"
export npm_config_progress="false"
export npm_config_loglevel="warn"
export FORCE_COLOR="0"
LOG_FILE="/var/log/bssapp_deploy.log"
APP_DIR="/opt/bssapp"
LOCK_FILE="/tmp/bssapp_deploy.lock"
RUNTIME_BACKUP_DIR=""
RUNTIME_PRESERVE_FILES=(
".env"
"mail.env"
"svc/.env"
"svc/mail.env"
"svc/fonts"
"svc/public"
)
log_step() {
echo "== $1 =="
}
backup_runtime_files() {
RUNTIME_BACKUP_DIR="$(mktemp -d /tmp/bssapp-runtime.XXXXXX)"
for rel in "${RUNTIME_PRESERVE_FILES[@]}"; do
src="$APP_DIR/$rel"
dst="$RUNTIME_BACKUP_DIR/$rel"
if [[ -e "$src" ]]; then
mkdir -p "$(dirname "$dst")"
cp -a "$src" "$dst"
fi
done
}
restore_runtime_files() {
[[ -n "$RUNTIME_BACKUP_DIR" && -d "$RUNTIME_BACKUP_DIR" ]] || return 0
find "$RUNTIME_BACKUP_DIR" -mindepth 1 -print -quit | grep -q . || return 0
cp -a "$RUNTIME_BACKUP_DIR/." "$APP_DIR/"
}
cleanup_runtime_backup() {
if [[ -n "$RUNTIME_BACKUP_DIR" && -d "$RUNTIME_BACKUP_DIR" ]]; then
rm -rf "$RUNTIME_BACKUP_DIR"
fi
}
ensure_runtime_env_files() {
[[ -f "$APP_DIR/.env" ]] || touch "$APP_DIR/.env"
[[ -f "$APP_DIR/mail.env" ]] || touch "$APP_DIR/mail.env"
[[ -f "$APP_DIR/svc/.env" ]] || touch "$APP_DIR/svc/.env"
[[ -f "$APP_DIR/svc/mail.env" ]] || touch "$APP_DIR/svc/mail.env"
}
ensure_pdf_fonts() {
local font_dir="$APP_DIR/svc/fonts"
local sys_font_dir="/usr/share/fonts/truetype/dejavu"
mkdir -p "$font_dir"
if [[ ! -f "$font_dir/DejaVuSans.ttf" && -f "$sys_font_dir/DejaVuSans.ttf" ]]; then
cp -a "$sys_font_dir/DejaVuSans.ttf" "$font_dir/DejaVuSans.ttf"
fi
if [[ ! -f "$font_dir/DejaVuSans-Bold.ttf" && -f "$sys_font_dir/DejaVuSans-Bold.ttf" ]]; then
cp -a "$sys_font_dir/DejaVuSans-Bold.ttf" "$font_dir/DejaVuSans-Bold.ttf"
fi
if [[ ! -f "$font_dir/DejaVuSans.ttf" || ! -f "$font_dir/DejaVuSans-Bold.ttf" ]]; then
echo "ERROR: Required PDF fonts missing in $font_dir"
return 1
fi
}
ensure_ui_permissions() {
local ui_root="$APP_DIR/ui/dist/spa"
if [[ ! -d "$ui_root" ]]; then
echo "ERROR: UI build output not found at $ui_root"
return 1
fi
chmod 755 /opt "$APP_DIR" "$APP_DIR/ui" "$APP_DIR/ui/dist" "$ui_root"
find "$ui_root" -type d -exec chmod 755 {} \;
find "$ui_root" -type f -exec chmod 644 {} \;
}
ensure_ui_readable_by_nginx() {
local ui_index="$APP_DIR/ui/dist/spa/index.html"
if [[ ! -f "$ui_index" ]]; then
echo "ERROR: UI index not found at $ui_index"
return 1
fi
if id -u www-data >/dev/null 2>&1; then
if ! su -s /bin/sh -c "test -r '$ui_index'" www-data; then
echo "ERROR: www-data cannot read $ui_index"
namei -l "$ui_index" || true
return 1
fi
fi
}
build_api_binary() {
if ! command -v go >/dev/null 2>&1; then
echo "ERROR: go command not found"
return 1
fi
export GOPATH="${GOPATH:-/var/cache/bssapp-go}"
export GOMODCACHE="${GOMODCACHE:-$GOPATH/pkg/mod}"
export GOCACHE="${GOCACHE:-/var/cache/bssapp-go-build}"
mkdir -p "$GOPATH" "$GOMODCACHE" "$GOCACHE"
cd "$APP_DIR/svc"
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags="-w -s" -o "$APP_DIR/svc/bssapp" ./main.go
chmod +x "$APP_DIR/svc/bssapp"
}
restart_services() {
systemctl daemon-reload || true
systemctl restart bssapp
if ! systemctl is-active --quiet bssapp; then
echo "ERROR: bssapp service failed to start"
return 1
fi
if systemctl cat nginx >/dev/null 2>&1; then
systemctl restart nginx
if ! systemctl is-active --quiet nginx; then
echo "ERROR: nginx service failed to start"
return 1
fi
else
echo "WARN: nginx service not found; frontend may be unreachable."
fi
}
run_deploy() {
trap cleanup_runtime_backup EXIT
exec 9>"$LOCK_FILE"
if ! flock -n 9; then
echo "[$(date '+%F %T')] Deploy already running. Skipping new request."
return 0
fi
echo "=============================="
echo "[DEPLOY START] $(date '+%F %T')"
echo "=============================="
cd "$APP_DIR"
log_step "GIT SYNC"
backup_runtime_files
git fetch origin
git reset --hard origin/master
git clean -fdx \
-e .env \
-e mail.env \
-e svc/.env \
-e svc/mail.env \
-e svc/fonts \
-e svc/public \
-e svc/bssapp
restore_runtime_files
echo "DEPLOY COMMIT: $(git rev-parse --short HEAD)"
log_step "BUILD UI"
cd "$APP_DIR/ui"
npm ci --no-audit --no-fund --include=optional
npm i -D --no-audit --no-fund sass-embedded@1.93.2
npm run build
log_step "ENSURE UI PERMISSIONS"
ensure_ui_permissions
ensure_ui_readable_by_nginx
log_step "BUILD API"
build_api_binary
log_step "ENSURE ENV FILES"
ensure_runtime_env_files
log_step "ENSURE PDF FONTS"
ensure_pdf_fonts
log_step "RESTART SERVICES"
restart_services
echo "[DEPLOY FINISHED] $(date '+%F %T')"
}
if [[ "${1:-}" == "--run" ]]; then
mkdir -p "$(dirname "$LOG_FILE")"
if command -v logger >/dev/null 2>&1; then
run_deploy 2>&1 | tee -a "$LOG_FILE" >(logger -t bssapp-deploy -p user.info)
exit ${PIPESTATUS[0]}
else
run_deploy >>"$LOG_FILE" 2>&1
exit $?
fi
fi
nohup /bin/bash "$0" --run </dev/null >/dev/null 2>&1 &
exit 0

57
deploy/hooks.json Normal file
View File

@@ -0,0 +1,57 @@
[
{
"id": "bssapp-deploy",
"execute-command": "/bin/bash",
"command-working-directory": "/opt/bssapp",
"pass-arguments-to-command": [
{
"source": "string",
"name": "/opt/bssapp/deploy/deploy.sh"
}
],
"trigger-rule": {
"or": [
{
"match": {
"type": "value",
"value": "Bearer bssapp-secret-2026",
"parameter": {
"source": "header",
"name": "Authorization"
}
}
},
{
"match": {
"type": "value",
"value": "bssapp-secret-2026",
"parameter": {
"source": "header",
"name": "Authorization"
}
}
},
{
"match": {
"type": "value",
"value": "X-BSSAPP-SECRET: bssapp-secret-2026",
"parameter": {
"source": "header",
"name": "Authorization"
}
}
},
{
"match": {
"type": "value",
"value": "bssapp-secret-2026",
"parameter": {
"source": "header",
"name": "X-BSSAPP-SECRET"
}
}
}
]
}
}
]

10
svc/.env
View File

@@ -1,10 +0,0 @@
JWT_SECRET=bssapp_super_secret_key_1234567890
PASSWORD_RESET_SECRET=1dc7d6d52fd0459a8b1f288a6590428e760f54339f8e47beb20db36b6df6070b
APP_FRONTEND_URL=http://localhost:9000
API_URL=http://localhost:8080
UI_DIR=/opt/bssapp/ui/dist
POSTGRES_CONN=host=127.0.0.1 port=5432 user=postgres password=tayitkan dbname=baggib2b sslmode=disable

33
svc/.env.local Normal file
View File

@@ -0,0 +1,33 @@
# ===============================
# SECURITY
# ===============================
JWT_SECRET=bssapp_super_secret_key_1234567890
PASSWORD_RESET_SECRET=1dc7d6d52fd0459a8b1f288a6590428e760f54339f8e47beb20db36b6df6070b
# ===============================
# URLS (PRODUCTION)
# ===============================
APP_FRONTEND_URL=http://46.224.33.150
API_URL=http://46.224.33.150
# Eğer Nginx ile /api varsa:
# API_URL=http://46.224.33.150/api
# ===============================
# UI
# ===============================
UI_DIR=/opt/bssapp/ui/dist
# ===============================
# DATABASES
# ===============================
POSTGRES_CONN=host=46.224.33.150 port=5432 user=postgres password=tayitkan dbname=baggib2b sslmode=disable
MSSQL_CONN=sqlserver://sa:Gil_0150@100.127.186.137:1433?database=BAGGI_V3&encrypt=disable
# ===============================
# PDF
# ===============================
PDF_FONT_DIR=/opt/bssapp/svc/fonts
API_HOST=0.0.0.0
API_PORT=8080

13
svc/.gitignore vendored Normal file
View File

@@ -0,0 +1,13 @@
# Binary
bssapp
# Env
.env
mail.env
# Runtime fonts
fonts/*.ttf
# Go
.gocache
*.exe

15
svc/db/mssql.go
View File

@@ -4,15 +4,20 @@ import (
"database/sql"
"fmt"
"log"
"os"
"strings"
_ "github.com/microsoft/go-mssqldb"
)
var MssqlDB *sql.DB
// ConnectMSSQL MSSQL baglantisini ortam degiskeninden baslatir.
func ConnectMSSQL() {
//connString := "sqlserver://sa:Gil_0150@10.0.0.9:1433?databaseName=BAGGI_V3"
connString := "sqlserver://sa:Gil_0150@100.127.221.13:1433?databaseName=BAGGI_V3"
connString := strings.TrimSpace(os.Getenv("MSSQL_CONN"))
if connString == "" {
log.Fatal("MSSQL_CONN tanımlı değil")
}
var err error
MssqlDB, err = sql.Open("sqlserver", connString)
@@ -20,13 +25,13 @@ func ConnectMSSQL() {
log.Fatal("MSSQL bağlantı hatası:", err)
}
err = MssqlDB.Ping()
if err != nil {
if err = MssqlDB.Ping(); err != nil {
log.Fatal("MSSQL erişilemiyor:", err)
}
fmt.Println("MSSQL bağlantısı başarılı!")
fmt.Println("MSSQL bağlantısı başarılı")
}
func GetDB() *sql.DB {
return MssqlDB
}

30
svc/db/postgres.go
View File

@@ -13,14 +13,11 @@ import (
var PgDB *sql.DB
// ConnectPostgres PostgreSQL veritabanına bağlanır
// ConnectPostgres PostgreSQL veritabanına bağlanır.
func ConnectPostgres() (*sql.DB, error) {
// Bağlantı stringi (istersen .envden oku)
connStr := os.Getenv("POSTGRES_CONN")
connStr := strings.TrimSpace(os.Getenv("POSTGRES_CONN"))
if connStr == "" {
// fallback → sabit tanımlı bağlantı
connStr = "host= 46.224.33.150 port=5432 user=postgres password=tayitkan dbname=baggib2b sslmode=disable"
//connStr = "host=172.16.0.3 port=5432 user=postgres password=tayitkan dbname=baggib2b sslmode=disable"
return nil, fmt.Errorf("POSTGRES_CONN tanımlı değil")
}
db, err := sql.Open("postgres", connStr)
@@ -28,15 +25,13 @@ func ConnectPostgres() (*sql.DB, error) {
return nil, fmt.Errorf("PostgreSQL bağlantı hatası: %w", err)
}
// =======================================================
// 🔹 BAĞLANTI HAVUZU (AUDIT LOG UYUMLU)
// =======================================================
db.SetMaxOpenConns(30) // audit + api paralel çalışsın
// Bağlantı havuzu ayarları (audit log uyumlu).
db.SetMaxOpenConns(30)
db.SetMaxIdleConns(10)
db.SetConnMaxLifetime(30 * time.Minute)
db.SetConnMaxIdleTime(5 * time.Minute) // 🔥 uzun idle audit bağlantılarını kapat
db.SetConnMaxIdleTime(5 * time.Minute)
// 🔹 Test et
// Bağlantıyı test et.
if err = db.Ping(); err != nil {
// Some managed PostgreSQL servers require TLS. If the current DSN uses
// sslmode=disable and server rejects with "no encryption", retry once
@@ -45,7 +40,7 @@ func ConnectPostgres() (*sql.DB, error) {
strings.Contains(err.Error(), "no encryption") &&
strings.Contains(strings.ToLower(connStr), "sslmode=disable") {
secureConnStr := strings.Replace(connStr, "sslmode=disable", "sslmode=require", 1)
log.Println("⚠️ PostgreSQL requires TLS, retrying with sslmode=require")
log.Println("PostgreSQL TLS gerektiriyor, sslmode=require ile tekrar deneniyor")
_ = db.Close()
db, err = sql.Open("postgres", secureConnStr)
@@ -66,13 +61,12 @@ func ConnectPostgres() (*sql.DB, error) {
}
}
log.Println("PostgreSQL bağlantısı başarılı!")
log.Println("PostgreSQL bağlantısı başarılı")
PgDB = db
return db, nil
}
// GetPostgresUsers test amaçlı ilk 5 kullanıcıyı listeler
// GetPostgresUsers test amaçlı ilk 5 kullanıcıyı listeler.
func GetPostgresUsers(db *sql.DB) error {
query := `SELECT id, code, email FROM mk_dfusr ORDER BY id LIMIT 5`
rows, err := db.Query(query)
@@ -81,14 +75,14 @@ func GetPostgresUsers(db *sql.DB) error {
}
defer rows.Close()
fmt.Println("📋 İlk 5 PostgreSQL kullanıcısı:")
fmt.Println("İlk 5 PostgreSQL kullanıcısı:")
for rows.Next() {
var id int
var code, email string
if err := rows.Scan(&id, &code, &email); err != nil {
return err
}
fmt.Printf(" ID: %-4d | USER: %-20s | EMAIL: %s\n", id, code, email)
fmt.Printf(" -> ID: %-4d | USER: %-20s | EMAIL: %s\n", id, code, email)
}
return rows.Err()

BIN
svc/fonts/DejaVuSans-Bold.ttf
View File

Binary file not shown.

BIN
svc/fonts/DejaVuSans.ttf
View File

Binary file not shown.

0
svc/fonts/FreeSans.ttf
View File

0
svc/fonts/FreeSansBold.ttf
View File

4
svc/mail.env
View File

@@ -1,4 +0,0 @@
AZURE_TENANT_ID=c8e0675d-1f6e-40f3-ba5f-3d1985b92317
AZURE_CLIENT_ID=94a134b7-757f-4bcc-9e4b-d577b631a9a3
AZURE_CLIENT_SECRET=PaW8Q~9NzYXHrESZcKoP6.hRxS.CyQshvJ0Y0czx
MAIL_FROM=baggiss@baggi.com.tr

53
svc/main.go
View File

@@ -212,19 +212,19 @@ func InitRoutes(pgDB *sql.DB, mssql *sql.DB, ml *mailer.GraphMailer) *mux.Router
// ============================================================
bindV3(r, pgDB,
"/api/password/change", "POST",
"system", "update",
"auth", "update",
wrapV3(http.HandlerFunc(routes.FirstPasswordChangeHandler(pgDB))),
)
bindV3(r, pgDB,
"/api/activity-logs", "GET",
"user", "view",
"system", "read",
wrapV3(routes.AdminActivityLogsHandler(pgDB)),
)
bindV3(r, pgDB,
"/api/test-mail", "POST",
"user", "insert",
"system", "update",
wrapV3(routes.TestMailHandler(ml)),
)
@@ -235,12 +235,12 @@ func InitRoutes(pgDB *sql.DB, mssql *sql.DB, ml *mailer.GraphMailer) *mux.Router
bindV3(r, pgDB,
rolePerm, "GET",
"user", "update",
"system", "update",
wrapV3(routes.GetRolePermissionMatrix(pgDB)),
)
bindV3(r, pgDB,
rolePerm, "POST",
"user", "update",
"system", "update",
wrapV3(routes.SaveRolePermissionMatrix(pgDB)),
)
@@ -248,12 +248,12 @@ func InitRoutes(pgDB *sql.DB, mssql *sql.DB, ml *mailer.GraphMailer) *mux.Router
bindV3(r, pgDB,
userPerm, "GET",
"user", "update",
"system", "update",
wrapV3(routes.GetUserPermissionsHandler(pgDB)),
)
bindV3(r, pgDB,
userPerm, "POST",
"user", "update",
"system", "update",
wrapV3(routes.SaveUserPermissionsHandler(pgDB)),
)
@@ -286,17 +286,17 @@ func InitRoutes(pgDB *sql.DB, mssql *sql.DB, ml *mailer.GraphMailer) *mux.Router
bindV3(r, pgDB,
"/api/role-dept-permissions/list", "GET",
"user", "update",
"system", "update",
wrapV3(http.HandlerFunc(rdHandler.List)),
)
bindV3(r, pgDB,
rdPerm, "GET",
"user", "update",
"system", "update",
wrapV3(http.HandlerFunc(rdHandler.Get)),
)
bindV3(r, pgDB,
rdPerm, "POST",
"user", "update",
"system", "update",
wrapV3(http.HandlerFunc(rdHandler.Save)),
)
@@ -325,6 +325,11 @@ func InitRoutes(pgDB *sql.DB, mssql *sql.DB, ml *mailer.GraphMailer) *mux.Router
"user", "update",
wrapV3(routes.UserDetailRoute(pgDB)),
)
bindV3(r, pgDB,
"/api/users/{id}", "DELETE",
"user", "delete",
wrapV3(routes.UserDetailRoute(pgDB)),
)
bindV3(r, pgDB,
"/api/users/{id}/admin-reset-password", "POST",
@@ -434,6 +439,8 @@ func InitRoutes(pgDB *sql.DB, mssql *sql.DB, ml *mailer.GraphMailer) *mux.Router
{"/api/order/update", "POST", "update", http.HandlerFunc(routes.UpdateOrderHandler)},
{"/api/order/get/{id}", "GET", "view", routes.GetOrderByIDHandler(mssql)},
{"/api/orders/list", "GET", "view", routes.OrderListRoute(mssql)},
{"/api/orders/production-list", "GET", "update", routes.OrderProductionListRoute(mssql)},
{"/api/orders/production-items/{id}", "GET", "view", routes.OrderProductionItemsRoute(mssql)},
{"/api/orders/close-ready", "GET", "update", routes.OrderCloseReadyListRoute(mssql)},
{"/api/orders/bulk-close", "POST", "update", routes.OrderBulkCloseRoute(mssql)},
{"/api/orders/export", "GET", "export", routes.OrderListExcelRoute(mssql)},
@@ -611,8 +618,21 @@ func main() {
),
)
log.Println("✅ Server çalışıyor: http://localhost:8080")
log.Fatal(http.ListenAndServe(":8080", handler))
host := strings.TrimSpace(os.Getenv("API_HOST"))
port := strings.TrimSpace(os.Getenv("API_PORT"))
if host == "" {
host = "0.0.0.0"
}
if port == "" {
port = "8080"
}
addr := host + ":" + port
log.Println("🚀 Server running at:", addr)
log.Fatal(http.ListenAndServe(addr, handler))
}
func mountSPA(r *mux.Router) {
@@ -672,12 +692,17 @@ func uiRootDir() string {
return d
}
candidates := []string{"../ui/dist", "./ui/dist"}
candidates := []string{
"../ui/dist/spa",
"./ui/dist/spa",
"../ui/dist",
"./ui/dist",
}
for _, d := range candidates {
if fi, err := os.Stat(d); err == nil && fi.IsDir() {
return d
}
}
return "../ui/dist"
return "../ui/dist/spa"
}

34
svc/middlewares/auth_middleware.go
View File

@@ -10,29 +10,49 @@ import (
func AuthMiddleware(db *sql.DB, next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
authHeader := r.Header.Get("Authorization")
if authHeader == "" {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
log.Printf(
"AUTH_MIDDLEWARE 401 reason=missing_authorization_header method=%s path=%s",
r.Method,
r.URL.Path,
)
http.Error(w, "unauthorized: authorization header missing", http.StatusUnauthorized)
return
}
parts := strings.SplitN(authHeader, " ", 2)
if len(parts) != 2 || parts[0] != "Bearer" {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
log.Printf(
"AUTH_MIDDLEWARE 401 reason=invalid_authorization_format method=%s path=%s raw=%q",
r.Method,
r.URL.Path,
authHeader,
)
http.Error(w, "unauthorized: invalid authorization format", http.StatusUnauthorized)
return
}
claims, err := auth.ValidateToken(parts[1])
if err != nil {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
log.Printf(
"AUTH_MIDDLEWARE 401 reason=token_validation_failed method=%s path=%s err=%v",
r.Method,
r.URL.Path,
err,
)
http.Error(w, "unauthorized: token validation failed", http.StatusUnauthorized)
return
}
// 🔥 BU SATIR ŞART
ctx := auth.WithClaims(r.Context(), claims)
log.Printf("🔐 AUTH CTX SET user=%d role=%s", claims.ID, claims.RoleCode)
log.Printf(
"AUTH_MIDDLEWARE PASS user=%d role=%s method=%s path=%s",
claims.ID,
claims.RoleCode,
r.Method,
r.URL.Path,
)
next.ServeHTTP(w, r.WithContext(ctx))
})

47
svc/middlewares/authz_v2.go
View File

@@ -859,7 +859,12 @@ func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
// =====================================================
claims, ok := auth.GetClaimsFromContext(r.Context())
if !ok || claims == nil {
http.Error(w, "unauthorized", http.StatusUnauthorized)
log.Printf(
"AUTHZ_BY_ROUTE 401 reason=claims_missing method=%s path=%s",
r.Method,
r.URL.Path,
)
http.Error(w, "unauthorized: token missing or invalid", http.StatusUnauthorized)
return
}
@@ -873,7 +878,7 @@ func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
r.Method, r.URL.Path,
)
http.Error(w, "route not resolved", 403)
http.Error(w, "route not resolved", http.StatusForbidden)
return
}
@@ -881,7 +886,22 @@ func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
if err != nil {
log.Printf("❌ AUTHZ: path template error: %v", err)
http.Error(w, "route template error", 403)
http.Error(w, "route template error", http.StatusForbidden)
return
}
// Password change must be reachable for every authenticated user.
// This avoids permission deadlocks during forced first-password flow.
if pathTemplate == "/api/password/change" {
next.ServeHTTP(w, r)
return
}
// Self permission endpoints are required right after login
// to hydrate UI permission state for the authenticated user.
switch pathTemplate {
case "/api/permissions/routes", "/api/permissions/effective":
next.ServeHTTP(w, r)
return
}
@@ -908,7 +928,12 @@ func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
pathTemplate,
)
http.Error(w, "route permission not found", 403)
if pathTemplate == "/api/password/change" {
http.Error(w, "password change route permission not found", http.StatusForbidden)
return
}
http.Error(w, "route permission not found", http.StatusForbidden)
return
}
@@ -935,7 +960,12 @@ func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
err,
)
http.Error(w, "forbidden", 403)
if pathTemplate == "/api/password/change" {
http.Error(w, "password change permission check failed", http.StatusForbidden)
return
}
http.Error(w, "forbidden", http.StatusForbidden)
return
}
@@ -948,7 +978,12 @@ func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
action,
)
http.Error(w, "forbidden", 403)
if pathTemplate == "/api/password/change" {
http.Error(w, "password change forbidden: permission denied", http.StatusForbidden)
return
}
http.Error(w, "forbidden", http.StatusForbidden)
return
}

1
svc/models/orderlist.go
View File

@@ -21,6 +21,7 @@ type OrderList struct {
// Sipariş Durumu
CreditableConfirmedDate string `json:"CreditableConfirmedDate"`
IsCreditableConfirmed bool `json:"IsCreditableConfirmed"`
HasUretimUrunu bool `json:"HasUretimUrunu"`
// 💱 Para Birimi
DocCurrencyCode string `json:"DocCurrencyCode"`

19
svc/models/orderproductionitem.go Normal file
View File

@@ -0,0 +1,19 @@
package models
// ========================================================
// 📌 OrderProductionItem — U ile başlayan ürün satırı
// ========================================================
type OrderProductionItem struct {
OrderHeaderID string `json:"OrderHeaderID"`
OrderLineID string `json:"OrderLineID"`
OldItemCode string `json:"OldItemCode"`
OldColor string `json:"OldColor"`
OldDim2 string `json:"OldDim2"`
OldDesc string `json:"OldDesc"`
NewItemCode string `json:"NewItemCode"`
NewColor string `json:"NewColor"`
NewDim2 string `json:"NewDim2"`
NewDesc string `json:"NewDesc"`
}

BIN
svc/public/Baggi-Tekstil-A.s-Logolu.jpeg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 58 KiB

2
svc/queries/order_bulk_close.go
View File

@@ -183,7 +183,6 @@ WHERE
AND h.ProcessCode = 'WS'
AND h.IsClosed = 0
AND ISNULL(l.TotalAmount,0) > 0
AND (ISNULL(l.PackedAmount,0) * 100.0) / NULLIF(l.TotalAmount,0) >= 100
AND EXISTS (
SELECT 1
@@ -322,7 +321,6 @@ WHERE
) t
WHERE t.OrderHeaderID = h.OrderHeaderID
AND t.TotalAmount > 0
AND (t.PackedAmount * 100.0) / NULLIF(t.TotalAmount,0) >= 100
);
`, strings.Join(placeholders, ","), piyasaWhere)

54
svc/queries/order_write.go
View File

@@ -1103,6 +1103,38 @@ func UpdateOrder(header models.OrderHeader, lines []models.OrderDetail, user *mo
now := time.Now()
v3User := buildV3AuditUser(user)
// Hard delete bazen FK nedeniyle patlayabiliyor.
// Bu durumda satırı soft-close ederek akışı güvenli şekilde tamamlarız.
deleteOrSoftCloseLine := func(lineID string) error {
if _, err := tx.Exec(`DELETE FROM BAGGI_V3.dbo.trOrderLineCurrency WHERE OrderLineID=@p1`, lineID); err != nil {
return fmt.Errorf("line currency delete failed line_id=%s: %w", lineID, err)
}
if _, err := tx.Exec(`
DELETE FROM BAGGI_V3.dbo.trOrderLine
WHERE OrderHeaderID=@p1 AND OrderLineID=@p2 AND ISNULL(IsClosed,0)=0
`, header.OrderHeaderID, lineID); err != nil {
fmt.Printf("[ORDER_UPDATE] hard delete failed, trying qty-zero soft-close line_id=%s err=%v\n", lineID, err)
// IsClosed computed olabilir; sadece miktarları sıfırla.
if _, err2 := tx.Exec(`
UPDATE BAGGI_V3.dbo.trOrderLine
SET
Qty1 = 0,
Qty2 = 0,
CancelQty1 = 0,
CancelQty2 = 0,
LastUpdatedUserName = @p1,
LastUpdatedDate = @p2
WHERE OrderHeaderID=@p3 AND OrderLineID=@p4 AND ISNULL(IsClosed,0)=0
`, v3User, now, header.OrderHeaderID, lineID); err2 != nil {
return fmt.Errorf("line delete failed line_id=%s: %v; qty-zero soft-close failed: %w", lineID, err, err2)
}
}
return nil
}
// Döviz kuru (Header ExchangeRate fallback)
exRate := 1.0
if header.DocCurrencyCode.Valid && header.DocCurrencyCode.String != "TRY" {
@@ -1329,13 +1361,7 @@ WHERE OrderLineID=@p42 AND ISNULL(IsClosed,0)=0`)
Dim2: strings.TrimSpace(safeNS(ln.ItemDim2Code)),
}
}
if _, err := tx.Exec(`DELETE FROM BAGGI_V3.dbo.trOrderLineCurrency WHERE OrderLineID=@p1`, ln.OrderLineID); err != nil {
return nil, err
}
if _, err := tx.Exec(`
DELETE FROM BAGGI_V3.dbo.trOrderLine
WHERE OrderHeaderID=@p1 AND OrderLineID=@p2 AND ISNULL(IsClosed,0)=0
`, header.OrderHeaderID, ln.OrderLineID); err != nil {
if err := deleteOrSoftCloseLine(ln.OrderLineID); err != nil {
return nil, err
}
@@ -1356,6 +1382,15 @@ WHERE OrderHeaderID=@p1 AND OrderLineID=@p2 AND ISNULL(IsClosed,0)=0
}
}
// Edit akışında bazen stale OrderLineID gelebiliyor (silinmiş/eski satır ID'si).
// Böyle bir ID ile UPDATE denemek yerine yeni satır olarak ele al.
if !isNew && ln.OrderLineID != "" {
if _, stillOpen := existingOpen[ln.OrderLineID]; !stillOpen {
ln.OrderLineID = uuid.New().String()
isNew = true
}
}
// Variant guard
if qtyValue(ln.Qty1) > 0 {
if err := ValidateItemVariant(tx, ln); err != nil {
@@ -1482,10 +1517,7 @@ WHERE OrderHeaderID=@p1 AND OrderLineID=@p2 AND ISNULL(IsClosed,0)=0
id, meta.item, meta.color, meta.dim1, meta.dim2)
continue
}
if _, err := tx.Exec(`DELETE FROM BAGGI_V3.dbo.trOrderLineCurrency WHERE OrderLineID=@p1`, id); err != nil {
return nil, err
}
if _, err := tx.Exec(`DELETE FROM BAGGI_V3.dbo.trOrderLine WHERE OrderLineID=@p1 AND ISNULL(IsClosed,0)=0`, id); err != nil {
if err := deleteOrSoftCloseLine(id); err != nil {
return nil, err
}
}

10
svc/queries/orderlist.go
View File

@@ -112,6 +112,16 @@ SELECT
END AS PackedRatePct,
ISNULL(h.IsCreditableConfirmed,0) AS IsCreditableConfirmed,
CASE
WHEN EXISTS (
SELECT 1
FROM dbo.trOrderLine l2
WHERE l2.OrderHeaderID = h.OrderHeaderID
AND ISNULL(l2.ItemCode,'') LIKE 'U%%'
)
THEN CAST(1 AS bit)
ELSE CAST(0 AS bit)
END AS HasUretimUrunu,
ISNULL(h.Description,'') AS Description,
usd.Rate AS ExchangeRateUSD

31
svc/queries/orderproduction_items.go Normal file
View File

@@ -0,0 +1,31 @@
package queries
import (
"database/sql"
)
// ========================================================
// 📌 GetOrderProductionItems — OrderHeaderID için U ürünleri
// ========================================================
func GetOrderProductionItems(mssql *sql.DB, orderHeaderID string) (*sql.Rows, error) {
return mssql.Query(`
SELECT
CAST(l.OrderHeaderID AS NVARCHAR(50)) AS OrderHeaderID,
CAST(l.OrderLineID AS NVARCHAR(50)) AS OrderLineID,
-- Şimdilik eski alanlar boş döndürülür
CAST('' AS NVARCHAR(50)) AS OldItemCode,
CAST('' AS NVARCHAR(50)) AS OldColor,
CAST('' AS NVARCHAR(50)) AS OldDim2,
CAST('' AS NVARCHAR(250)) AS OldDesc,
ISNULL(l.ItemCode,'') AS NewItemCode,
ISNULL(l.ColorCode,'') AS NewColor,
ISNULL(l.ItemDim2Code,'') AS NewDim2,
ISNULL(l.LineDescription,'') AS NewDesc
FROM dbo.trOrderLine l
WHERE l.OrderHeaderID = @p1
AND ISNULL(l.ItemCode,'') LIKE 'U%'
ORDER BY l.SortOrder, l.OrderLineID
`, orderHeaderID)
}

269
svc/queries/orderproductionlist.go Normal file
View File

@@ -0,0 +1,269 @@
package queries
import (
"bssapp-backend/auth"
"bssapp-backend/internal/authz"
"context"
"database/sql"
"fmt"
)
// ========================================================
// 📌 GetOrderProductionList — Üretime verilecek ürün içeren siparişler
// ========================================================
func GetOrderProductionList(
ctx context.Context,
mssql *sql.DB,
pg *sql.DB,
search string,
) (*sql.Rows, error) {
claims, ok := auth.GetClaimsFromContext(ctx)
if !ok || claims == nil {
return nil, fmt.Errorf("unauthorized: claims not found")
}
// ----------------------------------------------------
// 🔐 PIYASA FILTER (ADMIN BYPASS)
// ----------------------------------------------------
piyasaWhere := "1=1"
if !claims.IsAdmin() {
codes, err := authz.GetUserPiyasaCodes(pg, int(claims.ID))
if err != nil {
return nil, fmt.Errorf("piyasa codes load error: %w", err)
}
if len(codes) == 0 {
piyasaWhere = "1=0"
} else {
piyasaWhere = authz.BuildINClause(
"UPPER(f2.CustomerAtt01)",
codes,
)
}
}
// ----------------------------------------------------
// 📄 BASE QUERY (orderlist.go ile aynı kolonlar)
// ----------------------------------------------------
baseQuery := fmt.Sprintf(`
SELECT
CAST(h.OrderHeaderID AS NVARCHAR(50)) AS OrderHeaderID,
ISNULL(h.OrderNumber, '') AS OrderNumber,
CONVERT(varchar, h.OrderDate, 23) AS OrderDate,
ISNULL(h.CurrAccCode, '') AS CurrAccCode,
ISNULL(ca.CurrAccDescription, '') AS CurrAccDescription,
ISNULL(mt.AttributeDescription, '') AS MusteriTemsilcisi,
ISNULL(py.AttributeDescription, '') AS Piyasa,
CONVERT(varchar, h.CreditableConfirmedDate,23) AS CreditableConfirmedDate,
ISNULL(h.DocCurrencyCode,'TRY') AS DocCurrencyCode,
ISNULL(l.TotalAmount,0) AS TotalAmount,
----------------------------------------------------------------
-- USD HESABI (TRY / EUR / GBP / USD DESTEKLİ)
----------------------------------------------------------------
CASE
WHEN h.DocCurrencyCode = 'USD'
THEN ISNULL(l.TotalAmount,0)
WHEN h.DocCurrencyCode = 'TRY'
AND usd.Rate > 0
THEN ISNULL(l.TotalAmount,0) / usd.Rate
WHEN h.DocCurrencyCode IN ('EUR','GBP')
AND cur.Rate > 0
AND usd.Rate > 0
THEN (ISNULL(l.TotalAmount,0) * cur.Rate) / usd.Rate
ELSE 0
END AS TotalAmountUSD,
ISNULL(l.PackedAmount,0) AS PackedAmount,
CASE
WHEN h.DocCurrencyCode = 'USD'
THEN ISNULL(l.PackedAmount,0)
WHEN h.DocCurrencyCode = 'TRY'
AND usd.Rate > 0
THEN ISNULL(l.PackedTRY,0) / usd.Rate
WHEN cur.Rate > 0
AND usd.Rate > 0
THEN (ISNULL(l.PackedAmount,0) * cur.Rate) / usd.Rate
ELSE 0
END AS PackedUSD,
CASE
WHEN ISNULL(l.TotalAmount,0) > 0
THEN (ISNULL(l.PackedAmount,0) * 100.0) / NULLIF(l.TotalAmount,0)
ELSE 0
END AS PackedRatePct,
ISNULL(h.IsCreditableConfirmed,0) AS IsCreditableConfirmed,
CAST(1 AS bit) AS HasUretimUrunu,
ISNULL(h.Description,'') AS Description,
usd.Rate AS ExchangeRateUSD
FROM dbo.trOrderHeader h
-- ✅ TOPLAM ARTIK trOrderLineCurrency'den: CurrencyCode = DocCurrencyCode
JOIN (
SELECT
l.OrderHeaderID,
SUM(ISNULL(c.NetAmount,0)) AS TotalAmount,
SUM(
CASE
WHEN ISNULL(c.CurrencyCode,'') = 'TRY'
THEN ISNULL(c.NetAmount,0)
ELSE 0
END
) AS TotalTRY,
SUM(
CASE
WHEN ISNULL(l.IsClosed,0) = 1
THEN ISNULL(c.NetAmount,0)
ELSE 0
END
) AS PackedAmount,
SUM(
CASE
WHEN ISNULL(l.IsClosed,0) = 1
AND ISNULL(c.CurrencyCode,'') = 'TRY'
THEN ISNULL(c.NetAmount,0)
ELSE 0
END
) AS PackedTRY
FROM dbo.trOrderLine l
JOIN dbo.trOrderHeader h2
ON h2.OrderHeaderID = l.OrderHeaderID
LEFT JOIN dbo.trOrderLineCurrency c
ON c.OrderLineID = l.OrderLineID
AND c.CurrencyCode = ISNULL(h2.DocCurrencyCode,'TRY')
GROUP BY l.OrderHeaderID
) l
ON l.OrderHeaderID = h.OrderHeaderID
LEFT JOIN dbo.cdCurrAccDesc ca
ON ca.CurrAccCode = h.CurrAccCode
AND ca.LangCode = 'TR'
-- müşteri temsilcisi + piyasa açıklamaları
LEFT JOIN dbo.CustomerAttributesFilter f
ON f.CurrAccCode = h.CurrAccCode
LEFT JOIN dbo.cdCurrAccAttributeDesc mt
ON mt.CurrAccTypeCode = 3
AND mt.AttributeTypeCode = 2
AND mt.AttributeCode = f.CustomerAtt02
AND mt.LangCode = 'TR'
LEFT JOIN dbo.cdCurrAccAttributeDesc py
ON py.CurrAccTypeCode = 3
AND py.AttributeTypeCode = 1
AND py.AttributeCode = f.CustomerAtt01
AND py.LangCode = 'TR'
----------------------------------------------------------------
-- USD → TRY
----------------------------------------------------------------
OUTER APPLY (
SELECT TOP 1 Rate
FROM dbo.AllExchangeRates
WHERE CurrencyCode = 'USD'
AND RelationCurrencyCode = 'TRY'
AND ExchangeTypeCode = 6
AND Rate > 0
AND Date <= CAST(GETDATE() AS date)
ORDER BY Date DESC
) usd
----------------------------------------------------------------
-- ORDER PB → TRY
----------------------------------------------------------------
OUTER APPLY (
SELECT TOP 1 Rate
FROM dbo.AllExchangeRates
WHERE CurrencyCode = h.DocCurrencyCode
AND RelationCurrencyCode = 'TRY'
AND ExchangeTypeCode = 6
AND Rate > 0
AND Date <= CAST(GETDATE() AS date)
ORDER BY Date DESC
) cur
WHERE
ISNULL(h.IsCancelOrder,0) = 0
AND h.OrderTypeCode = 1
AND h.ProcessCode = 'WS'
AND h.IsClosed = 0
-- 🔐 PIYASA AUTHZ (EXISTS — SAĞLAM YOL)
AND EXISTS (
SELECT 1
FROM dbo.CustomerAttributesFilter f2
WHERE f2.CurrAccCode = h.CurrAccCode
AND %s
)
-- ✅ Üretime verilecek ürün filtresi
AND EXISTS (
SELECT 1
FROM dbo.trOrderLine l2
WHERE l2.OrderHeaderID = h.OrderHeaderID
AND ISNULL(l2.ItemCode,'') LIKE 'U%%'
)
`, piyasaWhere)
// ----------------------------------------------------
// 🔍 SEARCH FILTER (CASE + TR SAFE)
// ----------------------------------------------------
if search != "" {
baseQuery += `
AND EXISTS (
SELECT 1
FROM dbo.trOrderHeader h2
LEFT JOIN dbo.cdCurrAccDesc ca2
ON ca2.CurrAccCode = h2.CurrAccCode
AND ca2.LangCode = 'TR'
WHERE h2.OrderHeaderID = h.OrderHeaderID
AND (
LOWER(REPLACE(REPLACE(h2.OrderNumber,'İ','I'),'ı','i'))
COLLATE Latin1_General_CI_AI LIKE LOWER(@p1)
OR LOWER(REPLACE(REPLACE(h2.CurrAccCode,'İ','I'),'ı','i'))
COLLATE Latin1_General_CI_AI LIKE LOWER(@p1)
OR LOWER(REPLACE(REPLACE(ca2.CurrAccDescription,'İ','I'),'ı','i'))
COLLATE Latin1_General_CI_AI LIKE LOWER(@p1)
OR LOWER(REPLACE(REPLACE(h2.Description,'İ','I'),'ı','i'))
COLLATE Latin1_General_CI_AI LIKE LOWER(@p1)
)
)
`
}
// ----------------------------------------------------
// 📌 ORDER
// ----------------------------------------------------
baseQuery += `
ORDER BY h.CreatedDate DESC
`
// ----------------------------------------------------
// ▶ EXECUTE
// ----------------------------------------------------
if search != "" {
searchLike := fmt.Sprintf("%%%s%%", search)
return mssql.Query(baseQuery, searchLike)
}
return mssql.Query(baseQuery)
}

231
svc/queries/statement_header.go
View File

@@ -10,75 +10,136 @@ import (
// Ana tabloyu getiren fonksiyon (Vue header tablosu için)
func GetStatements(params models.StatementParams) ([]models.StatementHeader, error) {
// AccountCode normalize: "ZLA0127" → "ZLA 0127"
if len(params.AccountCode) == 7 && strings.ContainsAny(params.AccountCode, "0123456789") {
params.AccountCode = params.AccountCode[:3] + " " + params.AccountCode[3:]
}
if strings.TrimSpace(params.LangCode) == "" {
params.LangCode = "TR"
}
// Parislemler []string → '1','2','3'
parislemFilter := "''"
if len(params.Parislemler) > 0 {
quoted := make([]string, len(params.Parislemler))
for i, v := range params.Parislemler {
quoted[i] = fmt.Sprintf("'%s'", v)
quoted := make([]string, 0, len(params.Parislemler))
for _, v := range params.Parislemler {
v = strings.TrimSpace(v)
if v == "" {
continue
}
quoted = append(quoted, fmt.Sprintf("'%s'", strings.ReplaceAll(v, "'", "''")))
}
if len(quoted) > 0 {
parislemFilter = strings.Join(quoted, ",")
}
parislemFilter = strings.Join(quoted, ",")
}
query := fmt.Sprintf(`
;WITH Opening AS (
SELECT
b.CurrAccCode AS Cari_Kod,
b.DocCurrencyCode AS Para_Birimi,
SUM(c.Debit - c.Credit) AS Devir_Bakiyesi
;WITH CurrDesc AS (
SELECT
CurrAccCode,
MAX(CurrAccDescription) AS CurrAccDescription
FROM cdCurrAccDesc
WHERE LangCode = @LangCode
GROUP BY CurrAccCode
),
/* =========================================================
✅ Bu aralıkta hareket var mı?
Varsa : Devir = startdate öncesi
Yoksa : Devir = enddate dahil (enddate itibariyle bakiye)
========================================================= */
HasMovement AS (
SELECT
CASE WHEN EXISTS (
SELECT 1
FROM trCurrAccBook b
INNER JOIN CurrAccBookATAttributesFilter f
ON f.CurrAccBookID = b.CurrAccBookID
AND f.ATAtt01 IN (%s)
WHERE b.CurrAccCode LIKE '%%' + @Carikod + '%%'
AND b.DocumentDate BETWEEN @startdate AND @enddate
) THEN 1 ELSE 0 END AS HasMov
),
/* =========================================================
✅ Opening (Devir) — TEK CARİ KOD ALTINDA KONSOLİDE
Cari_Kod = @Carikod (sabit)
========================================================= */
Opening AS (
SELECT
@Carikod AS Cari_Kod,
b.DocCurrencyCode AS Para_Birimi,
SUM(ISNULL(c.Debit,0) - ISNULL(c.Credit,0)) AS Devir_Bakiyesi
FROM trCurrAccBook b
CROSS JOIN HasMovement hm
INNER JOIN CurrAccBookATAttributesFilter f2
ON f2.CurrAccBookID = b.CurrAccBookID
AND f2.ATAtt01 IN (%s)
LEFT JOIN trCurrAccBookCurrency c
ON c.CurrAccBookID = b.CurrAccBookID
AND c.CurrencyCode = b.DocCurrencyCode
WHERE b.CurrAccCode LIKE '%%' + @Carikod + '%%'
AND b.DocumentDate < @startdate
AND EXISTS (
SELECT 1
FROM CurrAccBookATAttributesFilter f2
WHERE f2.CurrAccBookID = b.CurrAccBookID
AND f2.ATAtt01 IN (%s)
AND (
(hm.HasMov = 1 AND b.DocumentDate < @startdate) -- hareket varsa: klasik devir
OR (hm.HasMov = 0 AND b.DocumentDate <= @enddate) -- hareket yoksa: enddate itibariyle bakiye
)
GROUP BY b.CurrAccCode, b.DocCurrencyCode
GROUP BY b.DocCurrencyCode
),
/* =========================================================
✅ Hareketler (Movements) — TEK CARİ KOD ALTINDA KONSOLİDE
Cari_Kod = @Carikod (sabit)
Running sadece aralıktaki hareketlerden gelir.
========================================================= */
Movements AS (
SELECT
b.CurrAccCode AS Cari_Kod,
d.CurrAccDescription AS Cari_Isim,
CONVERT(varchar(10), b.DocumentDate, 23) AS Belge_Tarihi,
CONVERT(varchar(10), b.DueDate, 23) AS Vade_Tarihi,
b.RefNumber AS Belge_No,
SELECT
@Carikod AS Cari_Kod,
COALESCE(
(SELECT TOP 1 cd.CurrAccDescription
FROM CurrDesc cd
WHERE cd.CurrAccCode = @Carikod),
(SELECT TOP 1 cd.CurrAccDescription
FROM CurrDesc cd
WHERE cd.CurrAccCode LIKE '%%' + @Carikod + '%%'
ORDER BY cd.CurrAccCode)
) AS Cari_Isim,
CONVERT(varchar(10), b.DocumentDate, 23) AS Belge_Tarihi,
CONVERT(varchar(10), b.DueDate, 23) AS Vade_Tarihi,
b.RefNumber AS Belge_No,
b.BaseApplicationCode AS Islem_Tipi,
b.LineDescription AS Aciklama,
b.DocCurrencyCode AS Para_Birimi,
c.Debit AS Borc,
c.Credit AS Alacak,
SUM(c.Debit - c.Credit)
OVER (PARTITION BY b.CurrAccCode, c.CurrencyCode
ORDER BY b.DocumentDate, b.CurrAccBookID) AS Hareket_Bakiyesi,
b.LineDescription AS Aciklama,
b.DocCurrencyCode AS Para_Birimi,
ISNULL(c.Debit,0) AS Borc,
ISNULL(c.Credit,0) AS Alacak,
SUM(ISNULL(c.Debit,0) - ISNULL(c.Credit,0))
OVER (
PARTITION BY b.DocCurrencyCode
ORDER BY b.DocumentDate, b.CurrAccBookID
) AS Hareket_Bakiyesi,
f.ATAtt01 AS Parislemtipi
FROM trCurrAccBook b
LEFT JOIN cdCurrAccDesc d
ON b.CurrAccCode = d.CurrAccCode
INNER JOIN CurrAccBookATAttributesFilter f
ON f.CurrAccBookID = b.CurrAccBookID
AND f.ATAtt01 IN (%s)
LEFT JOIN trCurrAccBookCurrency c
ON b.CurrAccBookID = c.CurrAccBookID
AND b.DocCurrencyCode = c.CurrencyCode
LEFT JOIN CurrAccBookATAttributesFilter f
ON b.CurrAccBookID = f.CurrAccBookID
ON c.CurrAccBookID = b.CurrAccBookID
AND c.CurrencyCode = b.DocCurrencyCode
WHERE b.CurrAccCode LIKE '%%' + @Carikod + '%%'
AND b.DocumentDate BETWEEN @startdate AND @enddate
AND EXISTS (
SELECT 1
FROM CurrAccBookATAttributesFilter f2
WHERE f2.CurrAccBookID = b.CurrAccBookID
AND f2.ATAtt01 IN (%s)
)
)
SELECT
)
SELECT
m.Cari_Kod,
m.Cari_Isim,
m.Belge_Tarihi,
@@ -89,52 +150,62 @@ SELECT
m.Para_Birimi,
m.Borc,
m.Alacak,
/* ✅ Bakiye = Devir + Aralıktaki Running */
ISNULL(o.Devir_Bakiyesi,0) + m.Hareket_Bakiyesi AS Bakiye,
m.Parislemtipi AS Parislemler
FROM Movements m
LEFT JOIN Opening o
ON o.Cari_Kod = m.Cari_Kod
ON o.Cari_Kod = m.Cari_Kod
AND o.Para_Birimi = m.Para_Birimi
UNION ALL
-- Devir satırı
SELECT
@Carikod AS Cari_Kod,
MAX(d.CurrAccDescription) AS Cari_Isim,
CONVERT(varchar(10), @startdate, 23) AS Belge_Tarihi,
CONVERT(varchar(10), @startdate, 23) AS Vade_Tarihi,
'Baslangic_devir' AS Belge_No,
'Devir' AS Islem_Tipi,
'Devir Bakiyesi' AS Aciklama,
b.DocCurrencyCode AS Para_Birimi,
SUM(c.Debit) AS Borc,
SUM(c.Credit) AS Alacak,
SUM(c.Debit) - SUM(c.Credit) AS Bakiye,
(
SELECT STRING_AGG(x.ATAtt01, ',')
FROM (
SELECT DISTINCT f2.ATAtt01
FROM CurrAccBookATAttributesFilter f2
INNER JOIN trCurrAccBook bb
ON f2.CurrAccBookID = bb.CurrAccBookID
WHERE bb.CurrAccCode LIKE '%%' + @Carikod + '%%'
AND bb.DocumentDate < @startdate
AND f2.ATAtt01 IN (%s)
) x
) AS Parislemler
FROM trCurrAccBook b
LEFT JOIN cdCurrAccDesc d
ON b.CurrAccCode = d.CurrAccCode
LEFT JOIN trCurrAccBookCurrency c
ON b.CurrAccBookID = c.CurrAccBookID
AND b.DocCurrencyCode = c.CurrencyCode
WHERE b.CurrAccCode LIKE '%%' + @Carikod + '%%'
AND b.DocumentDate < @startdate
GROUP BY b.DocCurrencyCode
/* =========================================================
✅ Devir Satırı (kur bazında) — Opening'den gelir
Hareket varsa: startdate öncesi
Hareket yoksa: enddate itibariyle bakiye
========================================================= */
SELECT
o.Cari_Kod,
COALESCE(
(SELECT TOP 1 cd.CurrAccDescription
FROM CurrDesc cd
WHERE cd.CurrAccCode = @Carikod),
(SELECT TOP 1 cd.CurrAccDescription
FROM CurrDesc cd
WHERE cd.CurrAccCode LIKE '%%' + @Carikod + '%%'
ORDER BY cd.CurrAccCode)
) AS Cari_Isim,
ORDER BY Para_Birimi, Belge_Tarihi;
`, parislemFilter, parislemFilter, parislemFilter)
CONVERT(varchar(10), @startdate, 23) AS Belge_Tarihi,
CONVERT(varchar(10), @startdate, 23) AS Vade_Tarihi,
'Baslangic_devir' AS Belge_No,
'Devir' AS Islem_Tipi,
'Devir Bakiyesi' AS Aciklama,
o.Para_Birimi,
CASE WHEN o.Devir_Bakiyesi >= 0 THEN o.Devir_Bakiyesi ELSE 0 END AS Borc,
CASE WHEN o.Devir_Bakiyesi < 0 THEN ABS(o.Devir_Bakiyesi) ELSE 0 END AS Alacak,
o.Devir_Bakiyesi AS Bakiye,
CAST(NULL AS varchar(32)) AS Parislemler
FROM Opening o
ORDER BY
Para_Birimi,
Belge_Tarihi;
`,
parislemFilter, // HasMovement
parislemFilter, // Opening
parislemFilter, // Movements
)
rows, err := db.MssqlDB.Query(query,
sql.Named("startdate", params.StartDate),

179
svc/queries/statement_header_pdf.go
View File

@@ -1,187 +1,18 @@
// queries/statements_header_pdf.go
package queries
import (
"bssapp-backend/db"
"bssapp-backend/models"
"database/sql"
"fmt"
"log"
"strings"
)
// küçük yardımcı: boşlukları temizle, her değeri ayrı tırnakla sar
func buildQuotedHList(vals []string) string {
var pp []string
for _, v := range vals {
v = strings.TrimSpace(v)
if v != "" {
pp = append(pp, fmt.Sprintf("'%s'", v)) // '1','2' gibi
}
}
if len(pp) == 0 {
return ""
}
return strings.Join(pp, ",")
}
/* ============================ HEADER (Ana Tablo) ============================ */
func GetStatementsHPDF(accountCode, startDate, endDate string, parislemler []string) ([]models.StatementHeader, []string, error) {
// Account normalize
if len(accountCode) == 7 && strings.ContainsAny(accountCode, "0123456789") {
accountCode = accountCode[:3] + " " + accountCode[3:]
}
// IN list parse et
inList := buildQuotedHList(parislemler)
parislemCond := "''"
if inList != "" {
parislemCond = inList
}
query := fmt.Sprintf(`
;WITH Opening AS (
SELECT
b.CurrAccCode AS Cari_Kod,
b.DocCurrencyCode AS Para_Birimi,
SUM(c.Debit - c.Credit) AS Devir_Bakiyesi
FROM trCurrAccBook b
LEFT JOIN trCurrAccBookCurrency c
ON c.CurrAccBookID = b.CurrAccBookID
AND c.CurrencyCode = b.DocCurrencyCode
WHERE b.CurrAccCode LIKE @Carikod
AND b.DocumentDate < @StartDate
AND EXISTS (
SELECT 1
FROM CurrAccBookATAttributesFilter f2
WHERE f2.CurrAccBookID = b.CurrAccBookID
AND f2.ATAtt01 IN (%s)
)
GROUP BY b.CurrAccCode, b.DocCurrencyCode
),
Movements AS (
SELECT
b.CurrAccCode AS Cari_Kod,
d.CurrAccDescription AS Cari_Isim,
CONVERT(varchar(10), b.DocumentDate, 23) AS Belge_Tarihi,
CONVERT(varchar(10), b.DueDate, 23) AS Vade_Tarihi,
b.RefNumber AS Belge_No,
b.BaseApplicationCode AS Islem_Tipi,
b.LineDescription AS Aciklama,
b.DocCurrencyCode AS Para_Birimi,
c.Debit AS Borc,
c.Credit AS Alacak,
SUM(c.Debit - c.Credit)
OVER (PARTITION BY b.CurrAccCode, c.CurrencyCode
ORDER BY b.DocumentDate, b.CurrAccBookID) AS Hareket_Bakiyesi,
f.ATAtt01 AS Parislemler
FROM trCurrAccBook b
LEFT JOIN cdCurrAccDesc d
ON b.CurrAccCode = d.CurrAccCode AND d.LangCode = 'TR'
LEFT JOIN trCurrAccBookCurrency c
ON b.CurrAccBookID = c.CurrAccBookID
AND b.DocCurrencyCode = c.CurrencyCode
LEFT JOIN CurrAccBookATAttributesFilter f
ON b.CurrAccBookID = f.CurrAccBookID
WHERE b.CurrAccCode LIKE @Carikod
AND b.DocumentDate BETWEEN @StartDate AND @EndDate
AND EXISTS (
SELECT 1
FROM CurrAccBookATAttributesFilter f2
WHERE f2.CurrAccBookID = b.CurrAccBookID
AND f2.ATAtt01 IN (%s)
)
)`, parislemCond, parislemCond)
query += fmt.Sprintf(`
SELECT
m.Cari_Kod,
m.Cari_Isim,
m.Belge_Tarihi,
m.Vade_Tarihi,
m.Belge_No,
m.Islem_Tipi,
m.Aciklama,
m.Para_Birimi,
m.Borc,
m.Alacak,
ISNULL(o.Devir_Bakiyesi,0) + m.Hareket_Bakiyesi AS Bakiye,
m.Parislemler
FROM Movements m
LEFT JOIN Opening o
ON o.Cari_Kod = m.Cari_Kod
AND o.Para_Birimi = m.Para_Birimi
UNION ALL
-- Devir satırı
SELECT
@Carikod AS Cari_Kod,
MAX(d.CurrAccDescription) AS Cari_Isim,
CONVERT(varchar(10), @StartDate, 23) AS Belge_Tarihi,
CONVERT(varchar(10), @StartDate, 23) AS Vade_Tarihi,
'Baslangic_devir' AS Belge_No,
'Devir' AS Islem_Tipi,
'Devir Bakiyesi' AS Aciklama,
b.DocCurrencyCode AS Para_Birimi,
SUM(c.Debit) AS Borc,
SUM(c.Credit) AS Alacak,
SUM(c.Debit) - SUM(c.Credit) AS Bakiye,
(
SELECT STRING_AGG(x.ATAtt01, ',')
FROM (
SELECT DISTINCT f2.ATAtt01
FROM CurrAccBookATAttributesFilter f2
INNER JOIN trCurrAccBook bb
ON f2.CurrAccBookID = bb.CurrAccBookID
WHERE bb.CurrAccCode LIKE @Carikod
AND bb.DocumentDate < @StartDate
AND f2.ATAtt01 IN (%s)
) x
) AS Parislemler
FROM trCurrAccBook b
LEFT JOIN cdCurrAccDesc d
ON b.CurrAccCode = d.CurrAccCode AND d.LangCode = 'TR'
LEFT JOIN trCurrAccBookCurrency c
ON b.CurrAccBookID = c.CurrAccBookID
AND b.DocCurrencyCode = c.CurrencyCode
WHERE b.CurrAccCode LIKE @Carikod
AND b.DocumentDate < @StartDate
GROUP BY b.DocCurrencyCode
ORDER BY Para_Birimi, Belge_Tarihi;`, parislemCond)
rows, err := db.MssqlDB.Query(query,
sql.Named("Carikod", "%"+accountCode+"%"),
sql.Named("StartDate", startDate),
sql.Named("EndDate", endDate),
)
headers, err := getStatementsForPDF(accountCode, startDate, endDate, parislemler)
if err != nil {
log.Printf("Header sorgu hatası: %v", err)
return nil, nil, fmt.Errorf("header sorgu hatası: %v", err)
log.Printf("Header query error: %v", err)
return nil, nil, err
}
defer rows.Close()
var headers []models.StatementHeader
var belgeNos []string
for rows.Next() {
var h models.StatementHeader
if err := rows.Scan(
&h.CariKod, &h.CariIsim,
&h.BelgeTarihi, &h.VadeTarihi,
&h.BelgeNo, &h.IslemTipi,
&h.Aciklama, &h.ParaBirimi,
&h.Borc, &h.Alacak,
&h.Bakiye, &h.Parislemler,
); err != nil {
log.Printf("❌ Header scan hatası: %v", err)
return nil, nil, err
}
headers = append(headers, h)
if h.BelgeNo != "" {
belgeNos = append(belgeNos, h.BelgeNo)
}
}
log.Printf("✅ Header verileri alındı: %d kayıt, %d belge no", len(headers), len(belgeNos))
belgeNos := collectBelgeNos(headers)
log.Printf("Header rows fetched: %d, belge no count: %d", len(headers), len(belgeNos))
return headers, belgeNos, nil
}

35
svc/queries/statement_pdf_common.go Normal file
View File

@@ -0,0 +1,35 @@
package queries
import "bssapp-backend/models"
func getStatementsForPDF(
accountCode string,
startDate string,
endDate string,
parislemler []string,
) ([]models.StatementHeader, error) {
return GetStatements(models.StatementParams{
AccountCode: accountCode,
StartDate: startDate,
EndDate: endDate,
LangCode: "TR",
Parislemler: parislemler,
})
}
func collectBelgeNos(headers []models.StatementHeader) []string {
seen := make(map[string]struct{}, len(headers))
out := make([]string, 0, len(headers))
for _, h := range headers {
no := h.BelgeNo
if no == "" || no == "Baslangic_devir" {
continue
}
if _, ok := seen[no]; ok {
continue
}
seen[no] = struct{}{}
out = append(out, no)
}
return out
}

14
svc/queries/statements_detail.go
View File

@@ -31,9 +31,17 @@ SELECT
COALESCE(MAX(KisaKarDesc.AttributeDescription), '') AS Icerik,
a.ItemCode AS Urun_Kodu,
a.ColorCode AS Urun_Rengi,
SUM(a.Qty1) AS Toplam_Adet,
SUM(ABS(a.Doc_Price)) AS Toplam_Fiyat,
CAST(SUM(a.Qty1 * ABS(a.Doc_Price)) AS numeric(18,2)) AS Toplam_Tutar
SUM(a.Qty1) AS Toplam_Adet,
CAST(
SUM(a.Qty1 * ABS(a.Doc_Price))
/ NULLIF(SUM(a.Qty1),0)
AS numeric(18,4)) AS Doviz_Fiyat,
CAST(
SUM(a.Qty1 * ABS(a.Doc_Price))
AS numeric(18,2)) AS Toplam_Tutar
FROM AllInvoicesWithAttributes a
LEFT JOIN prItemAttribute AnaGrup
ON a.ItemCode = AnaGrup.ItemCode AND AnaGrup.AttributeTypeCode = 1

192
svc/queries/statements_pdf.go
View File

@@ -10,179 +10,15 @@ import (
"strings"
)
// küçük yardımcı: boşlukları temizle, her değeri ayrı tırnakla sar
func buildQuotedList(vals []string) string {
var pp []string
for _, v := range vals {
v = strings.TrimSpace(v)
if v != "" {
pp = append(pp, fmt.Sprintf("'%s'", v)) // '1','2' gibi
}
}
if len(pp) == 0 {
return ""
}
return strings.Join(pp, ",")
}
/* ============================ HEADER (Ana Tablo) ============================ */
func GetStatementsPDF(accountCode, startDate, endDate string, parislemler []string) ([]models.StatementHeader, []string, error) {
// Account normalize
if len(accountCode) == 7 && strings.ContainsAny(accountCode, "0123456789") {
accountCode = accountCode[:3] + " " + accountCode[3:]
}
// IN list parse et
inList := buildQuotedList(parislemler)
parislemCond := "''"
if inList != "" {
parislemCond = inList
}
query := fmt.Sprintf(`
;WITH Opening AS (
SELECT
b.CurrAccCode AS Cari_Kod,
b.DocCurrencyCode AS Para_Birimi,
SUM(c.Debit - c.Credit) AS Devir_Bakiyesi
FROM trCurrAccBook b
LEFT JOIN trCurrAccBookCurrency c
ON c.CurrAccBookID = b.CurrAccBookID
AND c.CurrencyCode = b.DocCurrencyCode
WHERE b.CurrAccCode LIKE @Carikod
AND b.DocumentDate < @StartDate
AND EXISTS (
SELECT 1
FROM CurrAccBookATAttributesFilter f2
WHERE f2.CurrAccBookID = b.CurrAccBookID
AND f2.ATAtt01 IN (%s)
)
GROUP BY b.CurrAccCode, b.DocCurrencyCode
),
Movements AS (
SELECT
b.CurrAccCode AS Cari_Kod,
d.CurrAccDescription AS Cari_Isim,
CONVERT(varchar(10), b.DocumentDate, 23) AS Belge_Tarihi,
CONVERT(varchar(10), b.DueDate, 23) AS Vade_Tarihi,
b.RefNumber AS Belge_No,
b.BaseApplicationCode AS Islem_Tipi,
b.LineDescription AS Aciklama,
b.DocCurrencyCode AS Para_Birimi,
c.Debit AS Borc,
c.Credit AS Alacak,
SUM(c.Debit - c.Credit)
OVER (PARTITION BY b.CurrAccCode, c.CurrencyCode
ORDER BY b.DocumentDate, b.CurrAccBookID) AS Hareket_Bakiyesi,
f.ATAtt01 AS Parislemler
FROM trCurrAccBook b
LEFT JOIN cdCurrAccDesc d
ON b.CurrAccCode = d.CurrAccCode AND d.LangCode = 'TR'
LEFT JOIN trCurrAccBookCurrency c
ON b.CurrAccBookID = c.CurrAccBookID
AND b.DocCurrencyCode = c.CurrencyCode
LEFT JOIN CurrAccBookATAttributesFilter f
ON b.CurrAccBookID = f.CurrAccBookID
WHERE b.CurrAccCode LIKE @Carikod
AND b.DocumentDate BETWEEN @StartDate AND @EndDate
AND EXISTS (
SELECT 1
FROM CurrAccBookATAttributesFilter f2
WHERE f2.CurrAccBookID = b.CurrAccBookID
AND f2.ATAtt01 IN (%s)
)
)`, parislemCond, parislemCond)
query += fmt.Sprintf(`
SELECT
m.Cari_Kod,
m.Cari_Isim,
m.Belge_Tarihi,
m.Vade_Tarihi,
m.Belge_No,
m.Islem_Tipi,
m.Aciklama,
m.Para_Birimi,
m.Borc,
m.Alacak,
ISNULL(o.Devir_Bakiyesi,0) + m.Hareket_Bakiyesi AS Bakiye,
m.Parislemler
FROM Movements m
LEFT JOIN Opening o
ON o.Cari_Kod = m.Cari_Kod
AND o.Para_Birimi = m.Para_Birimi
UNION ALL
-- Devir satırı
SELECT
@Carikod AS Cari_Kod,
MAX(d.CurrAccDescription) AS Cari_Isim,
CONVERT(varchar(10), @StartDate, 23) AS Belge_Tarihi,
CONVERT(varchar(10), @StartDate, 23) AS Vade_Tarihi,
'Baslangic_devir' AS Belge_No,
'Devir' AS Islem_Tipi,
'Devir Bakiyesi' AS Aciklama,
b.DocCurrencyCode AS Para_Birimi,
SUM(c.Debit) AS Borc,
SUM(c.Credit) AS Alacak,
SUM(c.Debit) - SUM(c.Credit) AS Bakiye,
(
SELECT STRING_AGG(x.ATAtt01, ',')
FROM (
SELECT DISTINCT f2.ATAtt01
FROM CurrAccBookATAttributesFilter f2
INNER JOIN trCurrAccBook bb
ON f2.CurrAccBookID = bb.CurrAccBookID
WHERE bb.CurrAccCode LIKE @Carikod
AND bb.DocumentDate < @StartDate
AND f2.ATAtt01 IN (%s)
) x
) AS Parislemler
FROM trCurrAccBook b
LEFT JOIN cdCurrAccDesc d
ON b.CurrAccCode = d.CurrAccCode AND d.LangCode = 'TR'
LEFT JOIN trCurrAccBookCurrency c
ON b.CurrAccBookID = c.CurrAccBookID
AND b.DocCurrencyCode = c.CurrencyCode
WHERE b.CurrAccCode LIKE @Carikod
AND b.DocumentDate < @StartDate
GROUP BY b.DocCurrencyCode
ORDER BY Para_Birimi, Belge_Tarihi;`, parislemCond)
rows, err := db.MssqlDB.Query(query,
sql.Named("Carikod", "%"+accountCode+"%"),
sql.Named("StartDate", startDate),
sql.Named("EndDate", endDate),
)
headers, err := getStatementsForPDF(accountCode, startDate, endDate, parislemler)
if err != nil {
log.Printf("Header sorgu hatası: %v", err)
return nil, nil, fmt.Errorf("header sorgu hatası: %v", err)
log.Printf("Header query error: %v", err)
return nil, nil, err
}
defer rows.Close()
var headers []models.StatementHeader
var belgeNos []string
for rows.Next() {
var h models.StatementHeader
if err := rows.Scan(
&h.CariKod, &h.CariIsim,
&h.BelgeTarihi, &h.VadeTarihi,
&h.BelgeNo, &h.IslemTipi,
&h.Aciklama, &h.ParaBirimi,
&h.Borc, &h.Alacak,
&h.Bakiye, &h.Parislemler,
); err != nil {
log.Printf("❌ Header scan hatası: %v", err)
return nil, nil, err
}
headers = append(headers, h)
if h.BelgeNo != "" {
belgeNos = append(belgeNos, h.BelgeNo)
}
}
log.Printf("✅ Header verileri alındı: %d kayıt, %d belge no", len(headers), len(belgeNos))
belgeNos := collectBelgeNos(headers)
log.Printf("Header rows fetched: %d, belge no count: %d", len(headers), len(belgeNos))
return headers, belgeNos, nil
}
@@ -191,7 +27,7 @@ ORDER BY Para_Birimi, Belge_Tarihi;`, parislemCond)
func GetDetailsMapPDF(belgeNos []string, startDate, endDate string) (map[string][]models.StatementDetail, error) {
result := make(map[string][]models.StatementDetail)
if len(belgeNos) == 0 {
log.Println("⚠️ GetDetailsMapPDF: belge listesi boş")
log.Println("GetDetailsMapPDF: belge listesi bos")
return result, nil
}
@@ -219,7 +55,11 @@ SELECT
MAX(ISNULL(KisaKarDesc.AttributeDescription, '')) AS Icerik,
a.ItemCode, a.ColorCode,
SUM(a.Qty1), SUM(ABS(a.Doc_Price)),
SUM(a.Qty1),
CAST(
SUM(a.Qty1 * ABS(a.Doc_Price))
/ NULLIF(SUM(a.Qty1), 0)
AS numeric(18,4)),
CAST(SUM(a.Qty1 * ABS(a.Doc_Price)) AS numeric(18,2))
FROM AllInvoicesWithAttributes a
@@ -258,7 +98,7 @@ LEFT JOIN cdItemAttributeDesc FitDesc
AND FitTbl.AttributeCode = FitDesc.AttributeCode
AND FitTbl.ItemTypeCode = FitDesc.ItemTypeCode
-- Kısa Karışım
-- Kisa Karisim
LEFT JOIN prItemAttribute KisaKar
ON a.ItemCode = KisaKar.ItemCode AND KisaKar.AttributeTypeCode = 41
LEFT JOIN cdItemAttributeDesc KisaKarDesc
@@ -274,8 +114,8 @@ ORDER BY a.InvoiceNumber, a.ItemCode, a.ColorCode;`, inBelge)
sql.Named("EndDate", endDate),
)
if err != nil {
log.Printf("Detay sorgu hatası: %v", err)
return nil, fmt.Errorf("detay sorgu hatası: %v", err)
log.Printf("Detail query error: %v", err)
return nil, fmt.Errorf("detay sorgu hatasi: %v", err)
}
defer rows.Close()
@@ -295,11 +135,11 @@ ORDER BY a.InvoiceNumber, a.ItemCode, a.ColorCode;`, inBelge)
&d.ToplamFiyat,
&d.ToplamTutar,
); err != nil {
log.Printf("Detay scan hatası: %v", err)
log.Printf("Detail scan error: %v", err)
return nil, err
}
result[d.BelgeRefNumarasi] = append(result[d.BelgeRefNumarasi], d)
}
log.Printf("Detay verileri alındı: %d belge için detay var", len(result))
log.Printf("Detail rows fetched for %d belge", len(result))
return result, nil
}

2
svc/queries/user_detail.go
View File

@@ -85,7 +85,7 @@ SET
full_name = $4,
email = $5,
mobile = $6,
address = NULLIF($7, ''),
address = COALESCE($7, ''),
updated_at = NOW()
WHERE id = $1
`

11
svc/repository/user_repo.go
View File

@@ -234,11 +234,18 @@ func (r *UserRepository) GetLegacyUserForLogin(login string) (*models.User, erro
COALESCE(u.upass,'') as upass,
u.is_active,
COALESCE(u.email,''),
COALESCE(u.dfrole_id,0) as role_id,
COALESCE(ru.dfrole_id,0) as role_id,
COALESCE(dr.code,'') as role_code,
COALESCE(u.force_password_change,false)
FROM dfusr u
LEFT JOIN dfrole dr ON dr.id = u.dfrole_id
LEFT JOIN LATERAL (
SELECT dfrole_id
FROM dfrole_usr
WHERE dfusr_id = u.id
ORDER BY dfrole_id
LIMIT 1
) ru ON true
LEFT JOIN dfrole dr ON dr.id = ru.dfrole_id
WHERE u.is_active = true
AND (
LOWER(u.code) = LOWER($1)

20
svc/routes/admin_reset_password.go
View File

@@ -62,7 +62,7 @@ func AdminResetPasswordHandler(db *sql.DB) http.HandlerFunc {
// ---------------------------------------------------
// 4⃣ UPDATE mk_dfusr
// ---------------------------------------------------
_, err = db.Exec(`
res, err := db.Exec(`
UPDATE mk_dfusr
SET
password_hash = $1,
@@ -77,6 +77,24 @@ func AdminResetPasswordHandler(db *sql.DB) http.HandlerFunc {
return
}
affected, _ := res.RowsAffected()
if affected == 0 {
_, err = db.Exec(`
UPDATE dfusr
SET
upass = $1,
force_password_change = true,
last_updated_date = NOW()
WHERE id = $2
AND is_active = true
`, string(hash), userID)
if err != nil {
http.Error(w, "legacy password reset failed", http.StatusInternalServerError)
return
}
}
// ---------------------------------------------------
// 5⃣ REFRESH TOKEN REVOKE
// ---------------------------------------------------

285
svc/routes/first_password_change.go
View File

@@ -6,10 +6,13 @@ import (
"bssapp-backend/internal/security"
"bssapp-backend/models"
"bssapp-backend/repository"
"bssapp-backend/services"
"database/sql"
"encoding/json"
"errors"
"log"
"net/http"
"strings"
"time"
"golang.org/x/crypto/bcrypt"
@@ -17,115 +20,254 @@ import (
func FirstPasswordChangeHandler(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json; charset=utf-8")
// --------------------------------------------------
// 1⃣ JWT CLAIMS
// --------------------------------------------------
claims, ok := auth.GetClaimsFromContext(r.Context())
if !ok || claims == nil {
http.Error(w, "unauthorized", http.StatusUnauthorized)
log.Printf(
"FIRST_PASSWORD_CHANGE 401 reason=claims_missing method=%s path=%s",
r.Method,
r.URL.Path,
)
http.Error(w, "yetkisiz: token eksik veya geçersiz", http.StatusUnauthorized)
return
}
// --------------------------------------------------
// 2⃣ PAYLOAD
// --------------------------------------------------
var req struct {
CurrentPassword string `json:"current_password"`
NewPassword string `json:"new_password"`
}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
http.Error(w, "invalid payload", http.StatusBadRequest)
http.Error(w, "geçersiz istek gövdesi", http.StatusBadRequest)
return
}
req.CurrentPassword = strings.TrimSpace(req.CurrentPassword)
req.NewPassword = strings.TrimSpace(req.NewPassword)
if req.CurrentPassword == "" || req.NewPassword == "" {
http.Error(w, "password fields required", http.StatusUnprocessableEntity)
http.Error(w, "şifre alanları zorunludur", http.StatusUnprocessableEntity)
return
}
// --------------------------------------------------
// 3⃣ LOAD USER (mk_dfusr)
// --------------------------------------------------
var currentHash string
err := db.QueryRow(`
SELECT password_hash
FROM mk_dfusr
WHERE id = $1
`, claims.ID).Scan(&currentHash)
mkRepo := repository.NewMkUserRepository(db)
legacyRepo := repository.NewUserRepository(db)
if err != nil || currentHash == "" {
http.Error(w, "user not found", http.StatusUnauthorized)
mkUser, mkErr := mkRepo.GetByID(claims.ID)
hasMkUser := mkErr == nil
if mkErr != nil && !errors.Is(mkErr, repository.ErrMkUserNotFound) {
log.Printf(
"FIRST_PASSWORD_CHANGE 500 reason=mk_lookup_failed user_id=%d err=%v",
claims.ID,
mkErr,
)
http.Error(w, "kullanıcı sorgulama hatası", http.StatusInternalServerError)
return
}
// --------------------------------------------------
// 4⃣ CURRENT PASSWORD CHECK
// --------------------------------------------------
if bcrypt.CompareHashAndPassword(
[]byte(currentHash),
[]byte(req.CurrentPassword),
) != nil {
http.Error(w, "mevcut şifre hatalı", http.StatusUnauthorized)
return
var legacyUser *models.User
// If user already exists in mk_dfusr with hash, verify against mk hash.
// Otherwise verify against legacy dfusr password before migration.
if hasMkUser && strings.TrimSpace(mkUser.PasswordHash) != "" {
if bcrypt.CompareHashAndPassword(
[]byte(mkUser.PasswordHash),
[]byte(req.CurrentPassword),
) != nil {
log.Printf(
"FIRST_PASSWORD_CHANGE 401 reason=current_password_mismatch_mk user_id=%d username=%s",
claims.ID,
claims.Username,
)
http.Error(w, "mevcut şifre hatalı", http.StatusUnauthorized)
return
}
} else {
var err error
legacyUser, err = legacyRepo.GetLegacyUserForLogin(claims.Username)
if err != nil || legacyUser == nil || !legacyUser.IsActive {
log.Printf(
"FIRST_PASSWORD_CHANGE 401 reason=legacy_user_not_found user_id=%d username=%s err=%v",
claims.ID,
claims.Username,
err,
)
http.Error(w, "yetkisiz: kullanıcı bulunamadı", http.StatusUnauthorized)
return
}
if !hasMkUser && int64(legacyUser.ID) != claims.ID {
log.Printf(
"FIRST_PASSWORD_CHANGE 401 reason=legacy_id_mismatch user_id=%d legacy_id=%d username=%s",
claims.ID,
legacyUser.ID,
claims.Username,
)
http.Error(w, "yetkisiz: kullanıcı bulunamadı", http.StatusUnauthorized)
return
}
if !services.CheckPasswordWithLegacy(legacyUser, req.CurrentPassword) {
log.Printf(
"FIRST_PASSWORD_CHANGE 401 reason=current_password_mismatch_legacy user_id=%d username=%s",
claims.ID,
claims.Username,
)
http.Error(w, "mevcut şifre hatalı", http.StatusUnauthorized)
return
}
}
// --------------------------------------------------
// 5⃣ PASSWORD POLICY
// --------------------------------------------------
if err := security.ValidatePassword(req.NewPassword); err != nil {
http.Error(w, err.Error(), http.StatusUnprocessableEntity)
return
}
// --------------------------------------------------
// 6⃣ HASH NEW PASSWORD
// --------------------------------------------------
hash, err := bcrypt.GenerateFromPassword(
[]byte(req.NewPassword),
bcrypt.DefaultCost,
)
if err != nil {
http.Error(w, "password hash error", http.StatusInternalServerError)
http.Error(w, "şifre hash hatası", http.StatusInternalServerError)
return
}
// --------------------------------------------------
// 7⃣ UPDATE mk_dfusr
// --------------------------------------------------
_, err = db.Exec(`
UPDATE mk_dfusr
SET
password_hash = $1,
force_password_change = false,
password_updated_at = NOW(),
updated_at = NOW()
WHERE id = $2
`, string(hash), claims.ID)
tx, err := db.Begin()
if err != nil {
http.Error(w, "password update failed", http.StatusInternalServerError)
http.Error(w, "işlem başlatılamadı", http.StatusInternalServerError)
return
}
defer tx.Rollback()
migratedFromLegacy := false
if hasMkUser {
res, err := tx.Exec(`
UPDATE mk_dfusr
SET
password_hash = $1,
force_password_change = false,
password_updated_at = NOW(),
updated_at = NOW()
WHERE id = $2
`, string(hash), claims.ID)
if err != nil {
log.Printf(
"FIRST_PASSWORD_CHANGE 500 reason=password_update_failed user_id=%d err=%v",
claims.ID,
err,
)
http.Error(w, "şifre güncellenemedi", http.StatusInternalServerError)
return
}
affected, _ := res.RowsAffected()
if affected == 0 {
log.Printf(
"FIRST_PASSWORD_CHANGE 500 reason=password_update_no_rows user_id=%d",
claims.ID,
)
http.Error(w, "şifre güncellenemedi", http.StatusInternalServerError)
return
}
} else {
if legacyUser == nil {
// Defensive fallback, should not happen.
legacyUser, err = legacyRepo.GetLegacyUserForLogin(claims.Username)
if err != nil || legacyUser == nil {
log.Printf(
"FIRST_PASSWORD_CHANGE 500 reason=legacy_reload_failed user_id=%d username=%s err=%v",
claims.ID,
claims.Username,
err,
)
http.Error(w, "legacy kullanıcı yeniden yüklenemedi", http.StatusInternalServerError)
return
}
if !hasMkUser && int64(legacyUser.ID) != claims.ID {
log.Printf(
"FIRST_PASSWORD_CHANGE 500 reason=legacy_reload_id_mismatch user_id=%d legacy_id=%d username=%s",
claims.ID,
legacyUser.ID,
claims.Username,
)
http.Error(w, "legacy kullanıcı yeniden yüklenemedi", http.StatusInternalServerError)
return
}
}
_, err = tx.Exec(`
INSERT INTO mk_dfusr (
id,
username,
email,
full_name,
mobile,
address,
is_active,
password_hash,
force_password_change,
password_updated_at,
created_at,
updated_at
)
VALUES (
$1,$2,$3,$4,$5,$6,$7,$8,false,NOW(),NOW(),NOW()
)
ON CONFLICT (id)
DO UPDATE SET
username = EXCLUDED.username,
email = EXCLUDED.email,
full_name = EXCLUDED.full_name,
mobile = EXCLUDED.mobile,
address = EXCLUDED.address,
is_active = EXCLUDED.is_active,
password_hash = EXCLUDED.password_hash,
force_password_change = false,
password_updated_at = NOW(),
updated_at = NOW()
`,
int64(legacyUser.ID),
strings.TrimSpace(legacyUser.Username),
strings.TrimSpace(legacyUser.Email),
strings.TrimSpace(legacyUser.FullName),
strings.TrimSpace(legacyUser.Mobile),
strings.TrimSpace(legacyUser.Address),
legacyUser.IsActive,
string(hash),
)
if err != nil {
log.Printf(
"FIRST_PASSWORD_CHANGE 500 reason=legacy_migration_failed user_id=%d username=%s err=%v",
claims.ID,
claims.Username,
err,
)
http.Error(w, "legacy geçişi başarısız", http.StatusInternalServerError)
return
}
migratedFromLegacy = true
}
if err := tx.Commit(); err != nil {
log.Printf(
"FIRST_PASSWORD_CHANGE 500 reason=tx_commit_failed user_id=%d err=%v",
claims.ID,
err,
)
http.Error(w, "işlem tamamlanamadı", http.StatusInternalServerError)
return
}
// --------------------------------------------------
// 8⃣ REFRESH TOKEN REVOKE
// --------------------------------------------------
_ = repository.
NewRefreshTokenRepository(db).
RevokeAllForUser(claims.ID)
_ = repository.NewRefreshTokenRepository(db).RevokeAllForUser(claims.ID)
// --------------------------------------------------
// 9⃣ NEW JWT (TEK DOĞRU YOL)
// --------------------------------------------------
newClaims := auth.BuildClaimsFromUser(
&models.MkUser{
ID: claims.ID,
Username: claims.Username,
RoleID: claims.RoleID,
RoleCode: claims.RoleCode,
DepartmentCodes: claims.DepartmentCodes,
V3Username: claims.V3Username,
V3UserGroup: claims.V3UserGroup,
SessionID: claims.SessionID,
@@ -140,22 +282,20 @@ func FirstPasswordChangeHandler(db *sql.DB) http.HandlerFunc {
false,
)
if err != nil {
http.Error(w, "token generation failed", http.StatusInternalServerError)
http.Error(w, "token üretilemedi", http.StatusInternalServerError)
return
}
// --------------------------------------------------
// 🔟 AUDIT
// --------------------------------------------------
source := "mk_password_update"
if migratedFromLegacy {
source = "legacy_migration_completed"
}
auditlog.ForcePasswordChangeCompleted(
r.Context(),
claims.ID,
"self_change",
source,
)
// --------------------------------------------------
// 1⃣1⃣ RESPONSE
// --------------------------------------------------
_ = json.NewEncoder(w).Encode(map[string]any{
"token": newToken,
"user": map[string]any{
@@ -163,7 +303,14 @@ func FirstPasswordChangeHandler(db *sql.DB) http.HandlerFunc {
"username": claims.Username,
"force_password_change": false,
},
"migrated_from_legacy": migratedFromLegacy,
})
log.Printf("✅ FIRST-PASS claims user=%d role=%s", claims.ID, claims.RoleCode)
log.Printf(
"FIRST_PASSWORD_CHANGE 200 user=%d role=%s migrated_from_legacy=%v",
claims.ID,
claims.RoleCode,
migratedFromLegacy,
)
}
}

157
svc/routes/login.go
View File

@@ -3,6 +3,7 @@ package routes
import (
"bssapp-backend/auth"
"bssapp-backend/internal/auditlog"
"bssapp-backend/internal/security"
"bssapp-backend/models"
"bssapp-backend/queries"
"bssapp-backend/repository"
@@ -29,6 +30,76 @@ type LoginRequest struct {
Password string `json:"password"`
}
func looksLikeBcryptHash(value string) bool {
return strings.HasPrefix(value, "$2a$") ||
strings.HasPrefix(value, "$2b$") ||
strings.HasPrefix(value, "$2y$")
}
func ensureLegacyUserReadyForSession(db *sql.DB, legacyUser *models.User) (int64, error) {
desiredID := int64(legacyUser.ID)
_, err := db.Exec(`
INSERT INTO mk_dfusr (
id,
username,
email,
full_name,
mobile,
address,
is_active,
password_hash,
force_password_change,
created_at,
updated_at
)
VALUES (
$1,$2,$3,$4,$5,$6,$7,'',true,NOW(),NOW()
)
ON CONFLICT (id)
DO UPDATE SET
username = EXCLUDED.username,
email = EXCLUDED.email,
full_name = COALESCE(NULLIF(EXCLUDED.full_name, ''), mk_dfusr.full_name),
mobile = COALESCE(NULLIF(EXCLUDED.mobile, ''), mk_dfusr.mobile),
address = COALESCE(NULLIF(EXCLUDED.address, ''), mk_dfusr.address),
is_active = EXCLUDED.is_active,
force_password_change = true,
updated_at = NOW()
`,
desiredID,
strings.TrimSpace(legacyUser.Username),
strings.TrimSpace(legacyUser.Email),
strings.TrimSpace(legacyUser.FullName),
strings.TrimSpace(legacyUser.Mobile),
strings.TrimSpace(legacyUser.Address),
legacyUser.IsActive,
)
if err == nil {
return desiredID, nil
}
mkRepo := repository.NewMkUserRepository(db)
existing, lookupErr := mkRepo.GetByUsername(legacyUser.Username)
if lookupErr != nil {
return 0, err
}
_, updErr := db.Exec(`
UPDATE mk_dfusr
SET
is_active = $1,
force_password_change = true,
updated_at = NOW()
WHERE id = $2
`, legacyUser.IsActive, existing.ID)
if updErr != nil {
return 0, updErr
}
return existing.ID, nil
}
func LoginHandler(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
@@ -83,19 +154,36 @@ func LoginHandler(db *sql.DB) http.HandlerFunc {
if err == nil {
// mk_dfusr authoritative
if strings.TrimSpace(mkUser.PasswordHash) != "" {
mkHash := strings.TrimSpace(mkUser.PasswordHash)
if mkHash != "" {
if looksLikeBcryptHash(mkHash) {
cmpErr := bcrypt.CompareHashAndPassword(
[]byte(mkHash),
[]byte(pass),
)
if cmpErr == nil {
_ = mkRepo.TouchLastLogin(mkUser.ID)
writeLoginResponse(w, db, mkUser)
return
}
if bcrypt.CompareHashAndPassword(
[]byte(mkUser.PasswordHash),
[]byte(pass),
) != nil {
http.Error(w, "Kullanıcı adı veya parola hatalı", http.StatusUnauthorized)
return
if !mkUser.ForcePasswordChange {
http.Error(w, "invalid credentials", http.StatusUnauthorized)
return
}
log.Printf(
"LOGIN FALLBACK legacy allowed (force_password_change=true) username=%s id=%d",
mkUser.Username,
mkUser.ID,
)
} else {
log.Printf(
"LOGIN FALLBACK legacy allowed (non-bcrypt mk hash) username=%s id=%d",
mkUser.Username,
mkUser.ID,
)
}
_ = mkRepo.TouchLastLogin(mkUser.ID)
writeLoginResponse(w, db, mkUser)
return
}
// password_hash boşsa legacy fallback
} else if err != repository.ErrMkUserNotFound {
@@ -133,31 +221,30 @@ func LoginHandler(db *sql.DB) http.HandlerFunc {
}
// ==================================================
// 3MIGRATION (dfusr → mk_dfusr)
// 3LEGACY SESSION (PENDING MIGRATION)
// - mk_dfusr migration is completed in /api/password/change
// ==================================================
newHash, err := bcrypt.GenerateFromPassword(
[]byte(pass),
bcrypt.DefaultCost,
)
mkID, err := ensureLegacyUserReadyForSession(db, legacyUser)
if err != nil {
http.Error(w, "Şifre üretilemedi", http.StatusInternalServerError)
log.Printf("LEGACY LOGIN MIGRATION BIND FAILED username=%s err=%v", login, err)
http.Error(w, "Giriş yapılamadı", http.StatusInternalServerError)
return
}
mkUser, err = mkRepo.CreateFromLegacy(legacyUser, string(newHash))
if err != nil {
log.Println("❌ CREATE_FROM_LEGACY FAILED:", err)
http.Error(w, "Kullanıcı migrate edilemedi", http.StatusInternalServerError)
return
mkUser = &models.MkUser{
ID: mkID,
Username: legacyUser.Username,
Email: legacyUser.Email,
IsActive: legacyUser.IsActive,
RoleID: int64(legacyUser.RoleID),
RoleCode: legacyUser.RoleCode,
ForcePasswordChange: true,
}
// 🔥 KRİTİK: TOKEN GUARD İÇİN GARANTİ
mkUser.ForcePasswordChange = true
auditlog.Write(auditlog.ActivityLog{
ActionType: "LEGACY_USER_MIGRATED",
ActionType: "LEGACY_USER_LOGIN_PENDING_MIGRATION",
ActionCategory: "security",
Description: "dfusr -> mk_dfusr on login",
Description: "legacy giriş başarılı, ilk şifre değişikliği gerekli",
IsSuccess: true,
})
@@ -216,6 +303,22 @@ func writeLoginResponse(w http.ResponseWriter, db *sql.DB, user *models.MkUser)
return
}
refreshPlain, refreshHash, err := security.GenerateRefreshToken()
if err != nil {
http.Error(w, "Refresh token üretilemedi", http.StatusInternalServerError)
return
}
refreshExp := time.Now().Add(14 * 24 * time.Hour)
rtRepo := repository.NewRefreshTokenRepository(db)
if err := rtRepo.IssueRefreshToken(user.ID, refreshHash, refreshExp); err != nil {
log.Printf("refresh token store failed user=%d err=%v", user.ID, err)
http.Error(w, "Session başlatılamadı", http.StatusInternalServerError)
return
}
setRefreshCookie(w, refreshPlain, refreshExp)
_ = json.NewEncoder(w).Encode(map[string]any{
"token": token,
"user": map[string]any{

220
svc/routes/order_pdf.go
View File

@@ -3,16 +3,19 @@ package routes
import (
"bytes"
"database/sql"
"errors"
"fmt"
"github.com/gorilla/mux"
"github.com/jung-kurt/gofpdf"
"log"
"math"
"net/http"
"os"
"runtime/debug"
"sort"
"strconv"
"strings"
"time"
"github.com/gorilla/mux"
"github.com/jung-kurt/gofpdf"
)
/* ===========================================================
@@ -238,6 +241,13 @@ func s64(v sql.NullString) string {
return v.String
}
func sOrEmpty(v sql.NullString) string {
if !v.Valid {
return ""
}
return strings.TrimSpace(v.String)
}
func normalizeBedenLabelGo(v string) string {
// 1⃣ NULL / boş / whitespace → " " (aksbir null kolonu)
s := strings.TrimSpace(v)
@@ -281,25 +291,88 @@ func normalizeBedenLabelGo(v string) string {
return s
}
func parseNumericSize(v string) (int, bool) {
s := strings.TrimSpace(strings.ToUpper(v))
if s == "" {
return 0, false
}
n, err := strconv.Atoi(s)
if err != nil {
return 0, false
}
return n, true
}
func detectBedenGroupGo(bedenList []string, ana, alt string) string {
ana = safeTrimUpper(ana)
alt = safeTrimUpper(alt)
// Ürün grubu adı doğrudan ayakkabı ise öncelikli.
if strings.Contains(ana, "AYAKKABI") || strings.Contains(alt, "AYAKKABI") {
return catAyk
}
var hasYasNumeric bool
var hasAykNumeric bool
var hasPanNumeric bool
for _, b := range bedenList {
b = safeTrimUpper(b)
switch b {
case "XS", "S", "M", "L", "XL":
case "XS", "S", "M", "L", "XL",
"2XL", "3XL", "4XL", "5XL", "6XL", "7XL":
return catGom
}
if n, ok := parseNumericSize(b); ok {
if n >= 2 && n <= 14 {
hasYasNumeric = true
}
if n >= 39 && n <= 45 {
hasAykNumeric = true
}
if n >= 38 && n <= 68 {
hasPanNumeric = true
}
}
}
if hasAykNumeric {
return catAyk
}
if strings.Contains(ana, "PANTOLON") {
return catPan
}
if hasPanNumeric {
return catPan
}
if strings.Contains(alt, "ÇOCUK") || strings.Contains(alt, "GARSON") {
return catYas
}
if hasYasNumeric {
return catYas
}
return catTak
}
func formatSizeQtyForLog(m map[string]int) string {
if len(m) == 0 {
return "{}"
}
keys := make([]string, 0, len(m))
for k := range m {
keys = append(keys, k)
}
sort.Strings(keys)
parts := make([]string, 0, len(keys))
for _, k := range keys {
parts = append(parts, fmt.Sprintf("%s:%d", k, m[k]))
}
return "{" + strings.Join(parts, ", ") + "}"
}
func defaultSizeListFor(cat string) []string {
switch cat {
case catAyk:
@@ -331,25 +404,25 @@ func contains(list []string, v string) bool {
2) PDF OLUŞTURUCU (A4 YATAY + FOOTER)
=========================================================== */
func newOrderPdf() *gofpdf.Fpdf {
func newOrderPdf() (*gofpdf.Fpdf, error) {
pdf := gofpdf.New("L", "mm", "A4", "")
pdf.SetMargins(10, 10, 10)
pdf.SetAutoPageBreak(false, 12)
// UTF8 fontlar
pdf.AddUTF8Font("dejavu", "", "fonts/DejaVuSans.ttf")
pdf.AddUTF8Font("dejavu-b", "", "fonts/DejaVuSans-Bold.ttf")
if err := registerDejavuFonts(pdf, "dejavu"); err != nil {
return nil, err
}
// Footer: sayfa numarası
pdf.AliasNbPages("")
pdf.SetFooterFunc(func() {
pdf.SetY(-10)
pdf.SetFont("dejavu", "", 8)
pdf.SetFont("dejavu", "B", 8)
txt := fmt.Sprintf("Sayfa %d/{nb}", pdf.PageNo())
pdf.CellFormat(0, 10, txt, "", 0, "R", false, 0, "")
})
return pdf
return pdf, nil
}
/* ===========================================================
@@ -373,7 +446,7 @@ func getOrderHeaderFromDB(db *sql.DB, orderID string) (*OrderHeader, error) {
ISNULL((
SELECT TOP (1) ca.AttributeDescription
FROM BAGGI_V3.dbo.cdCurrAccAttributeDesc AS ca WITH (NOLOCK)
WHERE ca.CurrAccTypeCode = 3
WHERE ca.CurrAccTypeCode IN (1,3)
AND ca.AttributeTypeCode = 2 -- 🟡 Müşteri Temsilcisi
AND ca.AttributeCode = f.CustomerAtt02
AND ca.LangCode = 'TR'
@@ -388,24 +461,36 @@ func getOrderHeaderFromDB(db *sql.DB, orderID string) (*OrderHeader, error) {
var h OrderHeader
var orderDate sql.NullTime
var orderNumber, currAccCode, currAccName, docCurrency sql.NullString
var description, internalDesc, officeCode, createdUser, customerRep sql.NullString
err := row.Scan(
&h.OrderHeaderID,
&h.OrderNumber,
&h.CurrAccCode,
&h.CurrAccName,
&h.DocCurrency,
&orderNumber,
&currAccCode,
&currAccName,
&docCurrency,
&orderDate,
&h.Description,
&h.InternalDesc,
&h.OfficeCode,
&h.CreatedUser,
&h.CustomerRep, // 🆕 buradan geliyor
&description,
&internalDesc,
&officeCode,
&createdUser,
&customerRep, // 🆕 buradan geliyor
)
if err != nil {
return nil, err
}
h.OrderNumber = sOrEmpty(orderNumber)
h.CurrAccCode = sOrEmpty(currAccCode)
h.CurrAccName = sOrEmpty(currAccName)
h.DocCurrency = sOrEmpty(docCurrency)
h.Description = sOrEmpty(description)
h.InternalDesc = sOrEmpty(internalDesc)
h.OfficeCode = sOrEmpty(officeCode)
h.CreatedUser = sOrEmpty(createdUser)
h.CustomerRep = sOrEmpty(customerRep)
if orderDate.Valid {
h.OrderDate = orderDate.Time
}
@@ -626,9 +711,8 @@ func drawOrderHeader(pdf *gofpdf.Fpdf, h *OrderHeader, showDesc bool) float64 {
/* ----------------------------------------------------
1) LOGO
---------------------------------------------------- */
logo := "./public/Baggi-Tekstil-A.s-Logolu.jpeg"
if _, err := os.Stat(logo); err == nil {
pdf.ImageOptions(logo, marginL, y, 32, 0, false, gofpdf.ImageOptions{}, 0, "")
if logoPath, err := resolvePdfImagePath("Baggi-Tekstil-A.s-Logolu.jpeg"); err == nil {
pdf.ImageOptions(logoPath, marginL, y, 32, 0, false, gofpdf.ImageOptions{}, 0, "")
}
/* ----------------------------------------------------
@@ -641,7 +725,7 @@ func drawOrderHeader(pdf *gofpdf.Fpdf, h *OrderHeader, showDesc bool) float64 {
pdf.SetFillColor(149, 113, 22) // Baggi altın
pdf.Rect(titleX, titleY, titleW, 10, "F")
pdf.SetFont("dejavu-b", "", 13)
pdf.SetFont("dejavu", "B", 13)
pdf.SetTextColor(255, 255, 255)
pdf.SetXY(titleX+4, titleY+2)
pdf.CellFormat(titleW-8, 6, "BAGGI TEKSTİL - SİPARİŞ FORMU", "", 0, "L", false, 0, "")
@@ -657,7 +741,7 @@ func drawOrderHeader(pdf *gofpdf.Fpdf, h *OrderHeader, showDesc bool) float64 {
pdf.SetDrawColor(180, 180, 180)
pdf.Rect(boxX, boxY, boxW, boxH, "")
pdf.SetFont("dejavu-b", "", 9)
pdf.SetFont("dejavu", "B", 9)
pdf.SetTextColor(149, 113, 22)
rep := strings.TrimSpace(h.CustomerRep)
if rep == "" {
@@ -712,7 +796,7 @@ func drawOrderHeader(pdf *gofpdf.Fpdf, h *OrderHeader, showDesc bool) float64 {
pdf.Rect(marginL, y, pageW-marginL*2, descBoxH, "")
// Başlık
pdf.SetFont("dejavu-b", "", 8)
pdf.SetFont("dejavu", "B", 8)
pdf.SetTextColor(149, 113, 22)
pdf.SetXY(marginL+3, y+2)
pdf.CellFormat(40, 4, "Sipariş Genel Açıklaması:", "", 0, "L", false, 0, "")
@@ -740,7 +824,7 @@ func drawOrderHeader(pdf *gofpdf.Fpdf, h *OrderHeader, showDesc bool) float64 {
===========================================================
*/
func drawGridHeader(pdf *gofpdf.Fpdf, layout pdfLayout, startY float64, catSizes CategorySizeMap) float64 {
pdf.SetFont("dejavu-b", "", 6)
pdf.SetFont("dejavu", "B", 6)
pdf.SetDrawColor(baggiGrayBorderR, baggiGrayBorderG, baggiGrayBorderB)
pdf.SetFillColor(baggiCreamR, baggiCreamG, baggiCreamB)
pdf.SetTextColor(20, 20, 20) // 🟣 TÜM HEADER YAZILARI SİYAH
@@ -896,10 +980,17 @@ func calcRowHeight(pdf *gofpdf.Fpdf, layout pdfLayout, row PdfRow) float64 {
return base
}
// Yeni: açıklama genişliği = sol + sağ
descW := layout.ColDescW
// Açıklama tek kolonda (ColDescLeft) render ediliyor.
// ColDescW set edilmediği için 0 kalabiliyor; bu durumda SplitLines patlayabiliyor.
descW := layout.ColDescLeft
if descW <= float64(2*OcellPadX) {
descW = layout.ColDescLeft + layout.ColDescRight
}
if descW <= float64(2*OcellPadX) {
return base
}
lines := pdf.SplitLines([]byte(desc), descW-2*OcellPadX)
lines := pdf.SplitLines([]byte(desc), descW-float64(2*OcellPadX))
lineH := 3.2
h := float64(len(lines))*lineH + 2
@@ -1101,7 +1192,7 @@ func drawTotalsBox(
valueX := x + w - 70 // değerlerin sağda hizalanacağı kolon
pdf.SetTextColor(149, 113, 22) // Sol başlık gold
pdf.SetFont("dejavu-b", "", 8.5)
pdf.SetFont("dejavu", "B", 8.5)
y := startY + 2
@@ -1112,7 +1203,7 @@ func drawTotalsBox(
pdf.CellFormat(80, lineH, "TOPLAM TUTAR", "", 0, "L", false, 0, "")
pdf.SetTextColor(201, 162, 39)
pdf.SetFont("dejavu-b", "", 9)
pdf.SetFont("dejavu", "B", 9)
pdf.SetXY(valueX, y)
pdf.CellFormat(65, lineH,
@@ -1127,7 +1218,7 @@ func drawTotalsBox(
if hasVat {
pdf.SetTextColor(149, 113, 22) // gold başlık
pdf.SetFont("dejavu-b", "", 8.5)
pdf.SetFont("dejavu", "B", 8.5)
pdf.SetXY(labelX, y)
pdf.CellFormat(80, lineH,
@@ -1135,7 +1226,7 @@ func drawTotalsBox(
"", 0, "L", false, 0, "")
pdf.SetTextColor(20, 20, 20)
pdf.SetFont("dejavu-b", "", 9)
pdf.SetFont("dejavu", "B", 9)
pdf.SetXY(valueX, y)
pdf.CellFormat(65, lineH,
@@ -1148,13 +1239,13 @@ func drawTotalsBox(
3⃣ KDV DAHİL TOPLAM
---------------------------------------------------- */
pdf.SetTextColor(201, 162, 39)
pdf.SetFont("dejavu-b", "", 8.5)
pdf.SetFont("dejavu", "B", 8.5)
pdf.SetXY(labelX, y)
pdf.CellFormat(80, lineH, "KDV DAHİL TOPLAM TUTAR", "", 0, "L", false, 0, "")
pdf.SetTextColor(20, 20, 20)
pdf.SetFont("dejavu-b", "", 9)
pdf.SetFont("dejavu", "B", 9)
pdf.SetXY(valueX, y)
pdf.CellFormat(65, lineH,
@@ -1183,7 +1274,7 @@ func drawGroupSummaryBar(pdf *gofpdf.Fpdf, layout pdfLayout, groupName string, t
pdf.SetDrawColor(214, 192, 106)
pdf.Rect(x, y, w, h, "DF")
pdf.SetFont("dejavu-b", "", 8.5)
pdf.SetFont("dejavu", "B", 8.5)
pdf.SetTextColor(20, 20, 20)
leftTxt := strings.ToUpper(strings.TrimSpace(groupName))
@@ -1327,11 +1418,22 @@ func OrderPDFHandler(db *sql.DB) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
orderID := mux.Vars(r)["id"]
log.Printf("📄 OrderPDFHandler start orderID=%s", orderID)
defer func() {
if rec := recover(); rec != nil {
log.Printf("❌ PANIC OrderPDFHandler orderID=%s: %v", orderID, rec)
debug.PrintStack()
http.Error(w, fmt.Sprintf("order pdf panic: %v", rec), http.StatusInternalServerError)
}
}()
if orderID == "" {
log.Printf("❌ OrderPDFHandler missing order id")
http.Error(w, "missing order id", http.StatusBadRequest)
return
}
if db == nil {
log.Printf("❌ OrderPDFHandler db is nil")
http.Error(w, "db not initialized", http.StatusInternalServerError)
return
}
@@ -1339,18 +1441,23 @@ func OrderPDFHandler(db *sql.DB) http.Handler {
// Header
header, err := getOrderHeaderFromDB(db, orderID)
if err != nil {
log.Println("header error:", err)
http.Error(w, "header not found", http.StatusInternalServerError)
log.Printf("❌ OrderPDF header error orderID=%s: %v", orderID, err)
if errors.Is(err, sql.ErrNoRows) {
http.Error(w, "order not found", http.StatusNotFound)
return
}
http.Error(w, "header not found: "+err.Error(), http.StatusInternalServerError)
return
}
// Lines
lines, err := getOrderLinesFromDB(db, orderID)
if err != nil {
log.Println("lines error:", err)
http.Error(w, "lines not found", http.StatusInternalServerError)
log.Printf("❌ OrderPDF lines error orderID=%s: %v", orderID, err)
http.Error(w, "lines not found: "+err.Error(), http.StatusInternalServerError)
return
}
log.Printf("📄 OrderPDF lines loaded orderID=%s lineCount=%d", orderID, len(lines))
// 🔹 Satırlardan KDV bilgisi yakala (ilk pozitif orana göre)
hasVat := false
var vatRate float64
@@ -1365,16 +1472,45 @@ func OrderPDFHandler(db *sql.DB) http.Handler {
// Normalize
rows := normalizeOrderLinesForPdf(lines)
log.Printf("📄 OrderPDF normalized rows orderID=%s rowCount=%d", orderID, len(rows))
for i, rr := range rows {
if i >= 30 {
break
}
log.Printf(
"📄 OrderPDF row[%d] model=%s color=%s groupMain=%q groupSub=%q category=%s totalQty=%d sizeQty=%s",
i,
rr.Model,
rr.Color,
rr.GroupMain,
rr.GroupSub,
rr.Category,
rr.TotalQty,
formatSizeQtyForLog(rr.SizeQty),
)
}
// PDF
pdf := newOrderPdf()
pdf, err := newOrderPdf()
if err != nil {
log.Printf("❌ OrderPDF init error orderID=%s: %v", orderID, err)
http.Error(w, "pdf init error: "+err.Error(), http.StatusInternalServerError)
return
}
renderOrderGrid(pdf, header, rows, hasVat, vatRate)
if err := pdf.Error(); err != nil {
log.Printf("❌ OrderPDF render error orderID=%s: %v", orderID, err)
http.Error(w, "pdf render error: "+err.Error(), http.StatusInternalServerError)
return
}
var buf bytes.Buffer
if err := pdf.Output(&buf); err != nil {
log.Printf("❌ OrderPDF output error orderID=%s: %v", orderID, err)
http.Error(w, "pdf output error: "+err.Error(), http.StatusInternalServerError)
return
}
log.Printf("✅ OrderPDF success orderID=%s bytes=%d", orderID, buf.Len())
w.Header().Set("Content-Type", "application/pdf")
w.Header().Set(

7
svc/routes/orderlist.go
View File

@@ -58,7 +58,7 @@ func OrderListRoute(mssql *sql.DB) http.Handler {
count := 0
// ==================================================
// 🧠 SCAN — SQL SELECT ile BİRE BİR (17 kolon)
// 🧠 SCAN — SQL SELECT ile BİRE BİR (18 kolon)
// ==================================================
for rows.Next() {
@@ -85,9 +85,10 @@ func OrderListRoute(mssql *sql.DB) http.Handler {
&o.PackedRatePct, // 14
&o.IsCreditableConfirmed, // 15
&o.Description, // 16
&o.HasUretimUrunu, // 16
&o.Description, // 17
&o.ExchangeRateUSD, // 17
&o.ExchangeRateUSD, // 18
)
if err != nil {

66
svc/routes/orderproductionitems.go Normal file
View File

@@ -0,0 +1,66 @@
package routes
import (
"bssapp-backend/models"
"bssapp-backend/queries"
"database/sql"
"encoding/json"
"log"
"net/http"
"github.com/gorilla/mux"
)
// ======================================================
// 📌 OrderProductionItemsRoute — U ürün satırları
// ======================================================
func OrderProductionItemsRoute(mssql *sql.DB) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json; charset=utf-8")
id := mux.Vars(r)["id"]
if id == "" {
http.Error(w, "OrderHeaderID bulunamadı", http.StatusBadRequest)
return
}
rows, err := queries.GetOrderProductionItems(mssql, id)
if err != nil {
log.Printf("❌ SQL sorgu hatası: %v", err)
http.Error(w, "Veritabanı hatası", http.StatusInternalServerError)
return
}
defer rows.Close()
list := make([]models.OrderProductionItem, 0, 100)
for rows.Next() {
var o models.OrderProductionItem
if err := rows.Scan(
&o.OrderHeaderID,
&o.OrderLineID,
&o.OldItemCode,
&o.OldColor,
&o.OldDim2,
&o.OldDesc,
&o.NewItemCode,
&o.NewColor,
&o.NewDim2,
&o.NewDesc,
); err != nil {
log.Printf("⚠️ SCAN HATASI: %v", err)
continue
}
list = append(list, o)
}
if err := rows.Err(); err != nil {
log.Printf("⚠️ rows.Err(): %v", err)
}
if err := json.NewEncoder(w).Encode(list); err != nil {
log.Printf("❌ encode error: %v", err)
}
})
}

130
svc/routes/orderproductionlist.go Normal file
View File

@@ -0,0 +1,130 @@
package routes
import (
"bssapp-backend/auth"
"bssapp-backend/db"
"bssapp-backend/models"
"bssapp-backend/queries"
"database/sql"
"encoding/json"
"log"
"net/http"
"strings"
)
// ======================================================
// 📌 OrderProductionListRoute — Üretime verilecek siparişler
// ======================================================
func OrderProductionListRoute(mssql *sql.DB) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json; charset=utf-8")
// --------------------------------------------------
// 🔍 Query Param (RAW + TRIM)
// --------------------------------------------------
raw := r.URL.Query().Get("search")
search := strings.TrimSpace(raw)
log.Printf(
"📥 /api/orders/production-list search raw=%q trimmed=%q lenRaw=%d lenTrim=%d",
raw,
search,
len(raw),
len(search),
)
// --------------------------------------------------
// 🗄 SQL CALL (WITH CONTEXT)
// --------------------------------------------------
rows, err := queries.GetOrderProductionList(
r.Context(),
mssql,
db.PgDB,
search,
)
if err != nil {
log.Printf("❌ SQL sorgu hatası: %v", err)
http.Error(w, "Veritabanı hatası", http.StatusInternalServerError)
return
}
defer rows.Close()
// --------------------------------------------------
// 📦 Sonuç Listesi
// --------------------------------------------------
list := make([]models.OrderList, 0, 100)
count := 0
// ==================================================
// 🧠 SCAN — SQL SELECT ile BİRE BİR (18 kolon)
// ==================================================
for rows.Next() {
var o models.OrderList
err = rows.Scan(
&o.OrderHeaderID, // 1
&o.OrderNumber, // 2
&o.OrderDate, // 3
&o.CurrAccCode, // 4
&o.CurrAccDescription, // 5
&o.MusteriTemsilcisi, // 6
&o.Piyasa, // 7
&o.CreditableConfirmedDate, // 8
&o.DocCurrencyCode, // 9
&o.TotalAmount, // 10
&o.TotalAmountUSD, // 11
&o.PackedAmount, // 12
&o.PackedUSD, // 13
&o.PackedRatePct, // 14
&o.IsCreditableConfirmed, // 15
&o.HasUretimUrunu, // 16
&o.Description, // 17
&o.ExchangeRateUSD, // 18
)
if err != nil {
log.Printf(
"⚠️ SCAN HATASI | OrderHeaderID=%v | err=%v",
o.OrderHeaderID,
err,
)
continue
}
list = append(list, o)
count++
}
if err := rows.Err(); err != nil {
log.Printf("⚠️ rows.Err(): %v", err)
}
// --------------------------------------------------
// 📊 RESULT LOG
// --------------------------------------------------
claims, _ := auth.GetClaimsFromContext(r.Context())
log.Printf(
"✅ Order production list DONE | user=%d | search=%q | resultCount=%d",
claims.ID,
search,
count,
)
// --------------------------------------------------
// ✅ JSON RESPONSE
// --------------------------------------------------
if err := json.NewEncoder(w).Encode(list); err != nil {
log.Printf("❌ encode error: %v", err)
}
})
}

1
svc/routes/orders.go
View File

@@ -81,6 +81,7 @@ func UpdateOrderHandler(w http.ResponseWriter, r *http.Request) {
_ = json.NewEncoder(w).Encode(map[string]any{
"code": "ORDER_UPDATE_FAILED",
"message": "Sipariş kaydedilirken beklenmeyen bir hata oluştu.",
"detail": err.Error(),
})
return
}

128
svc/routes/pdf_assets.go Normal file
View File

@@ -0,0 +1,128 @@
package routes
import (
"fmt"
"log"
"os"
"path/filepath"
"strings"
"github.com/jung-kurt/gofpdf"
)
func resolvePdfAssetPath(name string) (string, error) {
base := strings.TrimSpace(os.Getenv("PDF_FONT_DIR"))
if base == "" {
return "", fmt.Errorf("env PDF_FONT_DIR not set")
}
if !strings.HasPrefix(base, "/") {
base = "/" + base
}
name = strings.TrimSpace(name)
name = strings.TrimPrefix(name, "/")
name = strings.TrimPrefix(name, "\\")
full := filepath.Join(base, name)
full = filepath.Clean(full)
log.Printf("📄 PDF FONT PATH = %s", full)
if _, err := os.Stat(full); err != nil {
return "", fmt.Errorf("font not found: %s (%v)", full, err)
}
return full, nil
}
func resolvePdfImagePath(fileName string) (string, error) {
return resolveAssetPath(fileName, []string{
"public",
filepath.Join("svc", "public"),
})
}
func resolveAssetPath(fileName string, relativeDirs []string) (string, error) {
candidates := make([]string, 0, len(relativeDirs)*3)
for _, dir := range relativeDirs {
candidates = append(candidates,
filepath.Join(dir, fileName),
filepath.Join(".", dir, fileName),
filepath.Join("..", dir, fileName),
)
}
if exePath, err := os.Executable(); err == nil {
exeDir := filepath.Dir(exePath)
for _, dir := range relativeDirs {
candidates = append(candidates,
filepath.Join(exeDir, dir, fileName),
filepath.Join(exeDir, "..", dir, fileName),
)
}
}
seen := map[string]struct{}{}
tried := make([]string, 0, len(candidates))
for _, p := range candidates {
if abs, err := filepath.Abs(p); err == nil {
p = abs
}
if _, ok := seen[p]; ok {
continue
}
seen[p] = struct{}{}
tried = append(tried, p)
if fi, err := os.Stat(p); err == nil && !fi.IsDir() {
return p, nil
}
}
return "", fmt.Errorf("asset not found: %s (tried: %s)", fileName, strings.Join(tried, ", "))
}
func registerDejavuFonts(pdf *gofpdf.Fpdf, s string) error {
regPath, err := resolvePdfAssetPath("DejaVuSans.ttf")
if err != nil {
return err
}
boldPath, err := resolvePdfAssetPath("DejaVuSans-Bold.ttf")
if err != nil {
return err
}
// SAME FAMILY: "dejavu"
pdf.AddUTF8FontFromBytes(
"dejavu",
"",
mustReadFile(regPath),
)
pdf.AddUTF8FontFromBytes(
"dejavu",
"B",
mustReadFile(boldPath),
)
if pdf.Error() != nil {
return fmt.Errorf("font init failed: %w", pdf.Error())
}
return nil
}
func mustReadFile(path string) []byte {
b, err := os.ReadFile(path)
if err != nil {
panic("FONT READ ERROR: " + err.Error())
}
return b
}

257
svc/routes/role_department_permissions.go
View File

@@ -14,6 +14,7 @@ import (
"strings"
"github.com/gorilla/mux"
"github.com/lib/pq"
)
type IdTitleOption struct {
@@ -57,7 +58,7 @@ type RoleDepartmentPermissionHandler struct {
func NewRoleDepartmentPermissionHandler(db *sql.DB) *RoleDepartmentPermissionHandler {
return &RoleDepartmentPermissionHandler{
DB: db, // ✅ EKLENDİ
DB: db, // Added
Repo: permissions.NewRoleDepartmentPermissionRepo(db),
}
}
@@ -417,7 +418,7 @@ func (h *PermissionHandler) GetUserOverrides(w http.ResponseWriter, r *http.Requ
list, err := h.Repo.GetUserOverridesByUserID(userID)
if err != nil {
log.Println("USER OVERRIDE LOAD ERROR:", err)
log.Println("USER OVERRIDE LOAD ERROR:", err)
http.Error(w, "db error", http.StatusInternalServerError)
return
}
@@ -425,6 +426,138 @@ func (h *PermissionHandler) GetUserOverrides(w http.ResponseWriter, r *http.Requ
w.Header().Set("Content-Type", "application/json; charset=utf-8")
_ = json.NewEncoder(w).Encode(list)
}
type routePermissionSeed struct {
Module string
Action string
Path string
}
type moduleActionSeed struct {
Module string
Action string
}
type permissionSnapshot struct {
user map[string]bool
roleDept map[string]bool
role map[string]bool
}
func permissionKey(module, action string) string {
return module + "|" + action
}
func loadPermissionSnapshot(
db *sql.DB,
userID int64,
roleID int64,
deptCodes []string,
) (permissionSnapshot, error) {
snapshot := permissionSnapshot{
user: make(map[string]bool, 128),
roleDept: make(map[string]bool, 128),
role: make(map[string]bool, 128),
}
userRows, err := db.Query(`
SELECT module_code, action, allowed
FROM mk_sys_user_permissions
WHERE user_id = $1
`, userID)
if err != nil {
return snapshot, err
}
for userRows.Next() {
var module, action string
var allowed bool
if err := userRows.Scan(&module, &action, &allowed); err != nil {
_ = userRows.Close()
return snapshot, err
}
snapshot.user[permissionKey(module, action)] = allowed
}
if err := userRows.Err(); err != nil {
_ = userRows.Close()
return snapshot, err
}
_ = userRows.Close()
if len(deptCodes) > 0 {
roleDeptRows, err := db.Query(`
SELECT module_code, action, BOOL_OR(allowed) AS allowed
FROM vw_role_dept_permissions
WHERE role_id = $1
AND department_code = ANY($2)
GROUP BY module_code, action
`,
roleID,
pq.Array(deptCodes),
)
if err != nil {
return snapshot, err
}
for roleDeptRows.Next() {
var module, action string
var allowed bool
if err := roleDeptRows.Scan(&module, &action, &allowed); err != nil {
_ = roleDeptRows.Close()
return snapshot, err
}
snapshot.roleDept[permissionKey(module, action)] = allowed
}
if err := roleDeptRows.Err(); err != nil {
_ = roleDeptRows.Close()
return snapshot, err
}
_ = roleDeptRows.Close()
}
roleRows, err := db.Query(`
SELECT module_code, action, allowed
FROM mk_sys_role_permissions
WHERE role_id = $1
`, roleID)
if err != nil {
return snapshot, err
}
for roleRows.Next() {
var module, action string
var allowed bool
if err := roleRows.Scan(&module, &action, &allowed); err != nil {
_ = roleRows.Close()
return snapshot, err
}
snapshot.role[permissionKey(module, action)] = allowed
}
if err := roleRows.Err(); err != nil {
_ = roleRows.Close()
return snapshot, err
}
_ = roleRows.Close()
return snapshot, nil
}
func resolvePermissionFromSnapshot(
s permissionSnapshot,
module string,
action string,
) bool {
key := permissionKey(module, action)
if allowed, ok := s.user[key]; ok {
return allowed
}
if allowed, ok := s.roleDept[key]; ok {
return allowed
}
if allowed, ok := s.role[key]; ok {
return allowed
}
return false
}
func GetUserRoutePermissionsHandler(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
@@ -436,10 +569,16 @@ func GetUserRoutePermissionsHandler(db *sql.DB) http.HandlerFunc {
return
}
repo := permissions.NewPermissionRepository(db)
// JWTden departmanlar
depts := claims.DepartmentCodes
snapshot, err := loadPermissionSnapshot(
db,
int64(claims.ID),
int64(claims.RoleID),
claims.DepartmentCodes,
)
if err != nil {
http.Error(w, err.Error(), 500)
return
}
rows, err := db.Query(`
SELECT DISTINCT
@@ -454,17 +593,9 @@ func GetUserRoutePermissionsHandler(db *sql.DB) http.HandlerFunc {
}
defer rows.Close()
type Row struct {
Route string `json:"route"`
CanAccess bool `json:"can_access"`
}
list := make([]Row, 0, 64)
routeSeeds := make([]routePermissionSeed, 0, 128)
for rows.Next() {
var module, action, path string
if err := rows.Scan(
&module,
&action,
@@ -473,22 +604,26 @@ func GetUserRoutePermissionsHandler(db *sql.DB) http.HandlerFunc {
continue
}
allowed, err := repo.ResolvePermissionChain(
int64(claims.ID),
int64(claims.RoleID),
depts,
module,
action,
)
if err != nil {
log.Println("PERM RESOLVE ERROR:", err)
continue
}
routeSeeds = append(routeSeeds, routePermissionSeed{
Module: module,
Action: action,
Path: path,
})
}
if err := rows.Err(); err != nil {
http.Error(w, err.Error(), 500)
return
}
list := make([]Row, 0, len(routeSeeds))
for _, route := range routeSeeds {
list = append(list, Row{
Route: path,
CanAccess: allowed,
Route: route.Path,
CanAccess: resolvePermissionFromSnapshot(
snapshot,
route.Module,
route.Action,
),
})
}
@@ -507,18 +642,17 @@ func GetMyEffectivePermissions(db *sql.DB) http.HandlerFunc {
return
}
repo := permissions.NewPermissionRepository(db)
// ✅ JWT'DEN DEPARTMENTS
depts := claims.DepartmentCodes
log.Printf("🧪 EFFECTIVE PERM | user=%d role=%d depts=%v",
claims.ID,
claims.RoleID,
depts,
snapshot, err := loadPermissionSnapshot(
db,
int64(claims.ID),
int64(claims.RoleID),
claims.DepartmentCodes,
)
if err != nil {
http.Error(w, err.Error(), 500)
return
}
// all system perms
all, err := db.Query(`
SELECT DISTINCT module_code, action
FROM mk_sys_routes
@@ -529,14 +663,7 @@ func GetMyEffectivePermissions(db *sql.DB) http.HandlerFunc {
}
defer all.Close()
type Row struct {
Module string `json:"module"`
Action string `json:"action"`
Allowed bool `json:"allowed"`
}
list := make([]Row, 0, 128)
moduleActions := make([]moduleActionSeed, 0, 128)
for all.Next() {
var m, a string
@@ -544,22 +671,32 @@ func GetMyEffectivePermissions(db *sql.DB) http.HandlerFunc {
continue
}
allowed, err := repo.ResolvePermissionChain(
int64(claims.ID),
int64(claims.RoleID),
depts,
m,
a,
)
moduleActions = append(moduleActions, moduleActionSeed{
Module: m,
Action: a,
})
}
if err := all.Err(); err != nil {
http.Error(w, err.Error(), 500)
return
}
if err != nil {
continue
}
type Row struct {
Module string `json:"module"`
Action string `json:"action"`
Allowed bool `json:"allowed"`
}
list := make([]Row, 0, len(moduleActions))
for _, item := range moduleActions {
list = append(list, Row{
Module: m,
Action: a,
Allowed: allowed,
Module: item.Module,
Action: item.Action,
Allowed: resolvePermissionFromSnapshot(
snapshot,
item.Module,
item.Action,
),
})
}

41
svc/routes/statement_header_pdf.go
View File

@@ -9,8 +9,7 @@ import (
"fmt"
"log"
"net/http"
"os"
"path/filepath"
"runtime/debug"
"sort"
"strings"
"time"
@@ -53,9 +52,7 @@ var hMainWbase = []float64{
// Font dosyaları
const (
hFontFamilyReg = "dejavu"
hFontFamilyBold = "dejavu-b"
hFontPathReg = "fonts/DejaVuSans.ttf"
hFontPathBold = "fonts/DejaVuSans-Bold.ttf"
hFontFamilyBold = "dejavu"
)
// Renkler
@@ -66,13 +63,8 @@ var (
/* ============================ FONT / FORMAT ============================ */
func hEnsureFonts(pdf *gofpdf.Fpdf) {
if _, err := os.Stat(hFontPathReg); err == nil {
pdf.AddUTF8Font(hFontFamilyReg, "", hFontPathReg)
}
if _, err := os.Stat(hFontPathBold); err == nil {
pdf.AddUTF8Font(hFontFamilyBold, "", hFontPathBold)
}
func hEnsureFonts(pdf *gofpdf.Fpdf) error {
return registerDejavuFonts(pdf, hFontFamilyReg)
}
func hNormalizeWidths(base []float64, targetTotal float64) []float64 {
@@ -145,10 +137,9 @@ func hCalcRowHeightForText(pdf *gofpdf.Fpdf, text string, colWidth, lineHeight,
/* ============================ HEADER ============================ */
func hDrawPageHeader(pdf *gofpdf.Fpdf, cariKod, cariIsim, start, end string) float64 {
logoPath, _ := filepath.Abs("./public/Baggi-Tekstil-A.s-Logolu.jpeg")
// Logo
pdf.ImageOptions(logoPath, hMarginL, 2, hLogoW, 0, false, gofpdf.ImageOptions{}, 0, "")
if logoPath, err := resolvePdfImagePath("Baggi-Tekstil-A.s-Logolu.jpeg"); err == nil {
pdf.ImageOptions(logoPath, hMarginL, 2, hLogoW, 0, false, gofpdf.ImageOptions{}, 0, "")
}
// Başlıklar
pdf.SetFont(hFontFamilyBold, "", 16)
@@ -272,6 +263,14 @@ func hDrawMainDataRow(pdf *gofpdf.Fpdf, row []string, widths []float64, rowH flo
func ExportStatementHeaderReportPDFHandler(mssql *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
defer func() {
if rec := recover(); rec != nil {
log.Printf("❌ PANIC ExportStatementHeaderReportPDFHandler: %v", rec)
debug.PrintStack()
http.Error(w, fmt.Sprintf("header PDF panic: %v", rec), http.StatusInternalServerError)
}
}()
claims, ok := auth.GetClaimsFromContext(r.Context())
if !ok || claims == nil {
http.Error(w, "unauthorized", http.StatusUnauthorized)
@@ -332,7 +331,10 @@ func ExportStatementHeaderReportPDFHandler(mssql *sql.DB) http.HandlerFunc {
pdf := gofpdf.New("L", "mm", "A4", "")
pdf.SetMargins(hMarginL, hMarginT, hMarginR)
pdf.SetAutoPageBreak(false, hMarginB)
hEnsureFonts(pdf)
if err := hEnsureFonts(pdf); err != nil {
http.Error(w, "PDF font yükleme hatası: "+err.Error(), http.StatusInternalServerError)
return
}
wAvail := hPageWidth - hMarginL - hMarginR
mainWn := hNormalizeWidths(hMainWbase, wAvail)
@@ -380,6 +382,11 @@ func ExportStatementHeaderReportPDFHandler(mssql *sql.DB) http.HandlerFunc {
pdf.Ln(1)
}
if err := pdf.Error(); err != nil {
http.Error(w, "PDF render hatası: "+err.Error(), http.StatusInternalServerError)
return
}
var buf bytes.Buffer
if err := pdf.Output(&buf); err != nil {
http.Error(w, "PDF oluşturulamadı: "+err.Error(), http.StatusInternalServerError)

40
svc/routes/statements_pdf.go
View File

@@ -10,8 +10,7 @@ import (
"fmt"
"log"
"net/http"
"os"
"path/filepath"
"runtime/debug"
"sort"
"strings"
"time"
@@ -79,9 +78,7 @@ var dWbase = []float64{
// Font dosyaları
const (
fontFamilyReg = "dejavu"
fontFamilyBold = "dejavu-b"
fontPathReg = "fonts/DejaVuSans.ttf"
fontPathBold = "fonts/DejaVuSans-Bold.ttf"
fontFamilyBold = "dejavu"
)
// Kurumsal renkler
@@ -134,17 +131,8 @@ func formatCurrencyTR(n float64) string {
}
// Fontları yükle
func ensureFonts(pdf *gofpdf.Fpdf) {
if _, err := os.Stat(fontPathReg); err == nil {
pdf.AddUTF8Font(fontFamilyReg, "", fontPathReg)
} else {
log.Printf("⚠️ Font bulunamadı: %s", fontPathReg)
}
if _, err := os.Stat(fontPathBold); err == nil {
pdf.AddUTF8Font(fontFamilyBold, "", fontPathBold)
} else {
log.Printf("⚠️ Font bulunamadı: %s", fontPathBold)
}
func ensureFonts(pdf *gofpdf.Fpdf) error {
return registerDejavuFonts(pdf, fontFamilyReg)
}
// Güvenli satır kırma
@@ -237,10 +225,9 @@ func drawLabeledBox(pdf *gofpdf.Fpdf, x, y, w, h float64, label, value string, a
}
func drawPageHeader(pdf *gofpdf.Fpdf, cariKod, cariIsim, start, end string) float64 {
logoPath, _ := filepath.Abs("./public/Baggi-Tekstil-A.s-Logolu.jpeg")
// Logo
pdf.ImageOptions(logoPath, hMarginL, 2, hLogoW, 0, false, gofpdf.ImageOptions{}, 0, "")
if logoPath, err := resolvePdfImagePath("Baggi-Tekstil-A.s-Logolu.jpeg"); err == nil {
pdf.ImageOptions(logoPath, hMarginL, 2, hLogoW, 0, false, gofpdf.ImageOptions{}, 0, "")
}
// Başlıklar
pdf.SetFont(hFontFamilyBold, "", 16)
@@ -435,7 +422,8 @@ func ExportPDFHandler(mssql *sql.DB) http.HandlerFunc {
defer func() {
if rec := recover(); rec != nil {
log.Printf("❌ PANIC ExportPDFHandler: %v", rec)
http.Error(w, "PDF oluşturulurken hata oluştu", http.StatusInternalServerError)
debug.PrintStack()
http.Error(w, fmt.Sprintf("PDF oluşturulurken panic oluştu: %v", rec), http.StatusInternalServerError)
}
}()
@@ -513,7 +501,10 @@ func ExportPDFHandler(mssql *sql.DB) http.HandlerFunc {
pdf := gofpdf.New("L", "mm", "A4", "")
pdf.SetMargins(marginL, marginT, marginR)
pdf.SetAutoPageBreak(false, marginB)
ensureFonts(pdf)
if err := ensureFonts(pdf); err != nil {
http.Error(w, "PDF font yükleme hatası: "+err.Error(), http.StatusInternalServerError)
return
}
pdf.SetFont(fontFamilyReg, "", 8.5)
pdf.SetTextColor(0, 0, 0)
@@ -614,6 +605,11 @@ func ExportPDFHandler(mssql *sql.DB) http.HandlerFunc {
}
// 7) Çıktı
if err := pdf.Error(); err != nil {
http.Error(w, "PDF render hatası: "+err.Error(), http.StatusInternalServerError)
return
}
var buf bytes.Buffer
if err := pdf.Output(&buf); err != nil {
http.Error(w, "PDF oluşturulamadı: "+err.Error(), http.StatusInternalServerError)

178
svc/routes/user_detail.go
View File

@@ -1,6 +1,7 @@
package routes
import (
"bssapp-backend/auth"
"bssapp-backend/internal/auditlog"
"bssapp-backend/internal/mailer"
"bssapp-backend/internal/security"
@@ -11,9 +12,11 @@ import (
"encoding/json"
"fmt"
"io"
"log"
"net/http"
"os"
"strconv"
"strings"
"time"
"github.com/gorilla/mux"
@@ -49,6 +52,8 @@ func UserDetailRoute(db *sql.DB) http.Handler {
handleUserGet(db, w, userID)
case http.MethodPut:
handleUserUpdate(db, w, r, userID)
case http.MethodDelete:
handleUserDelete(db, w, r, userID)
case http.MethodOptions:
w.WriteHeader(http.StatusOK)
default:
@@ -210,6 +215,17 @@ func handleUserUpdate(db *sql.DB, w http.ResponseWriter, r *http.Request, userID
return
}
payload.Code = strings.TrimSpace(payload.Code)
payload.FullName = strings.TrimSpace(payload.FullName)
payload.Email = strings.TrimSpace(payload.Email)
payload.Mobile = strings.TrimSpace(payload.Mobile)
payload.Address = strings.TrimSpace(payload.Address)
if payload.Code == "" {
http.Error(w, "Kullanıcı kodu zorunludur", http.StatusUnprocessableEntity)
return
}
tx, err := db.Begin()
if err != nil {
http.Error(w, "Transaction başlatılamadı", http.StatusInternalServerError)
@@ -228,31 +244,81 @@ func handleUserUpdate(db *sql.DB, w http.ResponseWriter, r *http.Request, userID
payload.Address,
)
if err != nil {
log.Printf("❌ [UserDetail] UpdateUserHeader failed user_id=%d err=%v payload=%+v", userID, err, payload)
http.Error(w, "Header güncellenemedi", http.StatusInternalServerError)
return
}
tx.Exec(`DELETE FROM dfrole_usr WHERE dfusr_id = $1`, userID)
if _, err := tx.Exec(`DELETE FROM dfrole_usr WHERE dfusr_id = $1`, userID); err != nil {
log.Printf("❌ [UserDetail] delete roles failed user_id=%d err=%v", userID, err)
http.Error(w, "Roller temizlenemedi", http.StatusInternalServerError)
return
}
for _, code := range payload.Roles {
tx.Exec(queries.InsertUserRole, userID, code)
code = strings.TrimSpace(code)
if code == "" {
continue
}
if _, err := tx.Exec(queries.InsertUserRole, userID, code); err != nil {
log.Printf("❌ [UserDetail] insert role failed user_id=%d role=%q err=%v", userID, code, err)
http.Error(w, "Rol eklenemedi", http.StatusInternalServerError)
return
}
}
tx.Exec(`DELETE FROM dfusr_dprt WHERE dfusr_id = $1`, userID)
if _, err := tx.Exec(`DELETE FROM dfusr_dprt WHERE dfusr_id = $1`, userID); err != nil {
log.Printf("❌ [UserDetail] delete departments failed user_id=%d err=%v", userID, err)
http.Error(w, "Departmanlar temizlenemedi", http.StatusInternalServerError)
return
}
for _, d := range payload.Departments {
tx.Exec(queries.InsertUserDepartment, userID, d.Code)
code := strings.TrimSpace(d.Code)
if code == "" {
continue
}
if _, err := tx.Exec(queries.InsertUserDepartment, userID, code); err != nil {
log.Printf("❌ [UserDetail] insert department failed user_id=%d dept=%q err=%v", userID, code, err)
http.Error(w, "Departman eklenemedi", http.StatusInternalServerError)
return
}
}
tx.Exec(`DELETE FROM dfusr_piyasa WHERE dfusr_id = $1`, userID)
if _, err := tx.Exec(`DELETE FROM dfusr_piyasa WHERE dfusr_id = $1`, userID); err != nil {
log.Printf("❌ [UserDetail] delete piyasalar failed user_id=%d err=%v", userID, err)
http.Error(w, "Piyasalar temizlenemedi", http.StatusInternalServerError)
return
}
for _, p := range payload.Piyasalar {
tx.Exec(queries.InsertUserPiyasa, userID, p.Code)
code := strings.TrimSpace(p.Code)
if code == "" {
continue
}
if _, err := tx.Exec(queries.InsertUserPiyasa, userID, code); err != nil {
log.Printf("❌ [UserDetail] insert piyasa failed user_id=%d piyasa=%q err=%v", userID, code, err)
http.Error(w, "Piyasa eklenemedi", http.StatusInternalServerError)
return
}
}
tx.Exec(`DELETE FROM dfusr_nebim_user WHERE dfusr_id = $1`, userID)
if _, err := tx.Exec(`DELETE FROM dfusr_nebim_user WHERE dfusr_id = $1`, userID); err != nil {
log.Printf("❌ [UserDetail] delete nebim users failed user_id=%d err=%v", userID, err)
http.Error(w, "Nebim kullanıcıları temizlenemedi", http.StatusInternalServerError)
return
}
for _, n := range payload.NebimUsers {
tx.Exec(queries.InsertUserNebim, userID, n.Username)
username := strings.TrimSpace(n.Username)
if username == "" {
continue
}
if _, err := tx.Exec(queries.InsertUserNebim, userID, username); err != nil {
log.Printf("❌ [UserDetail] insert nebim user failed user_id=%d username=%q err=%v", userID, username, err)
http.Error(w, "Nebim kullanıcısı eklenemedi", http.StatusInternalServerError)
return
}
}
if err := tx.Commit(); err != nil {
log.Printf("❌ [UserDetail] commit failed user_id=%d err=%v", userID, err)
http.Error(w, "Commit başarısız", http.StatusInternalServerError)
return
}
@@ -260,6 +326,102 @@ func handleUserUpdate(db *sql.DB, w http.ResponseWriter, r *http.Request, userID
_ = json.NewEncoder(w).Encode(map[string]any{"success": true})
}
// ======================================================
// 🗑️ DELETE USER (HARD DELETE)
// ======================================================
func handleUserDelete(db *sql.DB, w http.ResponseWriter, r *http.Request, userID int64) {
claims, _ := auth.GetClaimsFromContext(r.Context())
if claims != nil && int64(claims.ID) == userID {
http.Error(w, "Kendi kullanicinizi silemezsiniz", http.StatusConflict)
return
}
tx, err := db.Begin()
if err != nil {
http.Error(w, "Transaction baslatilamadi", http.StatusInternalServerError)
return
}
defer tx.Rollback()
var username string
_ = tx.QueryRow(`
SELECT username
FROM mk_dfusr
WHERE id = $1
`, userID).Scan(&username)
if strings.TrimSpace(username) == "" {
_ = tx.QueryRow(`
SELECT code
FROM dfusr
WHERE id = $1
`, userID).Scan(&username)
}
if strings.TrimSpace(username) == "" {
http.Error(w, "Kullanici bulunamadi", http.StatusNotFound)
return
}
cleanupQueries := []string{
`DELETE FROM mk_refresh_tokens WHERE mk_user_id = $1`,
`DELETE FROM mk_dfusr_password_reset WHERE mk_dfusr_id = $1`,
`DELETE FROM dfusr_password_reset WHERE dfusr_id = $1`,
`DELETE FROM mk_sys_user_permissions WHERE user_id = $1`,
`DELETE FROM dfrole_usr WHERE dfusr_id = $1`,
`DELETE FROM dfusr_dprt WHERE dfusr_id = $1`,
`DELETE FROM dfusr_piyasa WHERE dfusr_id = $1`,
`DELETE FROM dfusr_nebim_user WHERE dfusr_id = $1`,
}
for _, q := range cleanupQueries {
if _, err := tx.Exec(q, userID); err != nil {
log.Printf("❌ [UserDetail] cleanup failed user_id=%d err=%v query=%s", userID, err, q)
http.Error(w, "Kullanici baglantilari silinemedi", http.StatusInternalServerError)
return
}
}
if _, err := tx.Exec(`DELETE FROM mk_dfusr WHERE id = $1`, userID); err != nil {
log.Printf("❌ [UserDetail] delete mk_dfusr failed user_id=%d err=%v", userID, err)
http.Error(w, "Kullanici silinemedi", http.StatusInternalServerError)
return
}
if _, err := tx.Exec(`DELETE FROM dfusr WHERE id = $1`, userID); err != nil {
log.Printf("❌ [UserDetail] delete dfusr failed user_id=%d err=%v", userID, err)
http.Error(w, "Kullanici silinemedi", http.StatusInternalServerError)
return
}
if err := tx.Commit(); err != nil {
log.Printf("❌ [UserDetail] delete commit failed user_id=%d err=%v", userID, err)
http.Error(w, "Commit basarisiz", http.StatusInternalServerError)
return
}
if claims != nil {
auditlog.Enqueue(r.Context(), auditlog.ActivityLog{
ActionType: "user_delete",
ActionCategory: "user_admin",
ActionTarget: fmt.Sprintf("/api/users/%d", userID),
Description: "user deleted from mk_dfusr and dfusr",
Username: claims.Username,
RoleCode: claims.RoleCode,
DfUsrID: int64(claims.ID),
TargetDfUsrID: userID,
TargetUsername: username,
IsSuccess: true,
})
}
_ = json.NewEncoder(w).Encode(map[string]any{
"success": true,
"deleted": userID,
"username": username,
})
}
// ======================================================
// 🔐 ADMIN — PASSWORD RESET MAIL
// ======================================================

141
svc/services/auth.go
View File

@@ -2,6 +2,10 @@ package services
import (
"bssapp-backend/models"
"crypto/md5"
"crypto/sha1"
"encoding/hex"
"log"
"strings"
"golang.org/x/crypto/bcrypt"
@@ -16,7 +20,6 @@ func CheckPasswordWithLegacy(user *models.User, plain string) bool {
return false
}
plain = strings.TrimSpace(plain)
if plain == "" {
return false
}
@@ -28,11 +31,100 @@ func CheckPasswordWithLegacy(user *models.User, plain string) bool {
// 1⃣ bcrypt hash mi?
if isBcryptHash(stored) {
return bcrypt.CompareHashAndPassword([]byte(stored), []byte(plain)) == nil
candidates := make([]string, 0, 10)
seen := map[string]struct{}{}
add := func(v string) {
if v == "" {
return
}
if _, ok := seen[v]; ok {
return
}
seen[v] = struct{}{}
candidates = append(candidates, v)
}
add(plain)
trimmed := strings.TrimSpace(plain)
add(trimmed)
bases := append([]string(nil), candidates...)
for _, base := range bases {
md5Sum := md5.Sum([]byte(base))
md5Hex := hex.EncodeToString(md5Sum[:])
add(md5Hex)
add(strings.ToUpper(md5Hex))
sha1Sum := sha1.Sum([]byte(base))
sha1Hex := hex.EncodeToString(sha1Sum[:])
add(sha1Hex)
add(strings.ToUpper(sha1Hex))
}
var lastErr error
for _, candidate := range candidates {
if err := bcrypt.CompareHashAndPassword([]byte(stored), []byte(candidate)); err == nil {
return true
} else {
lastErr = err
}
if encoded, ok := encodeLegacySingleByte(candidate); ok {
if err := bcrypt.CompareHashAndPassword([]byte(stored), encoded); err == nil {
return true
} else {
lastErr = err
}
}
}
if lastErr != nil {
log.Printf(
"LEGACY BCRYPT MISMATCH stored_len=%d candidates=%d last_err=%v",
len(stored),
len(candidates),
lastErr,
)
}
return false
}
// 2⃣ TAM LEGACY — düz metin (eski kayıtlar)
return stored == plain
if stored == plain {
return true
}
trimmed := strings.TrimSpace(plain)
if trimmed != plain && trimmed != "" && stored == trimmed {
return true
}
// 3⃣ Legacy hash variants seen in old dfusr.upass data.
if isHexDigest(stored, 32) {
sumRaw := md5.Sum([]byte(plain))
if strings.EqualFold(stored, hex.EncodeToString(sumRaw[:])) {
return true
}
if trimmed != plain && trimmed != "" {
sumTrim := md5.Sum([]byte(trimmed))
if strings.EqualFold(stored, hex.EncodeToString(sumTrim[:])) {
return true
}
}
}
if isHexDigest(stored, 40) {
sumRaw := sha1.Sum([]byte(plain))
if strings.EqualFold(stored, hex.EncodeToString(sumRaw[:])) {
return true
}
if trimmed != plain && trimmed != "" {
sumTrim := sha1.Sum([]byte(trimmed))
if strings.EqualFold(stored, hex.EncodeToString(sumTrim[:])) {
return true
}
}
}
return false
}
func isBcryptHash(s string) bool {
@@ -40,3 +132,46 @@ func isBcryptHash(s string) bool {
strings.HasPrefix(s, "$2b$") ||
strings.HasPrefix(s, "$2y$")
}
func isHexDigest(s string, expectedLen int) bool {
if len(s) != expectedLen {
return false
}
for _, r := range s {
if (r < '0' || r > '9') &&
(r < 'a' || r > 'f') &&
(r < 'A' || r > 'F') {
return false
}
}
return true
}
// encodeLegacySingleByte converts text to a Turkish-compatible single-byte
// representation (similar to Windows-1254 / ISO-8859-9) for legacy bcrypt data.
func encodeLegacySingleByte(s string) ([]byte, bool) {
out := make([]byte, 0, len(s))
for _, r := range s {
switch r {
case 'Ğ':
out = append(out, 0xD0)
case 'ğ':
out = append(out, 0xF0)
case 'İ':
out = append(out, 0xDD)
case 'ı':
out = append(out, 0xFD)
case 'Ş':
out = append(out, 0xDE)
case 'ş':
out = append(out, 0xFE)
default:
if r >= 0 && r <= 0xFF {
out = append(out, byte(r))
} else {
return nil, false
}
}
}
return out, true
}

2
ui/.env.development
View File

@@ -1 +1 @@
VITE_API_BASE_URL=http://localhost:8080
VITE_API_BASE_URL=http://localhost:8080/api

2
ui/.quasar/dev-spa/client-entry.js
View File

@@ -146,8 +146,6 @@ createQuasarApp(createApp, quasarUserOptions)
return Promise[ method ]([
import(/* webpackMode: "eager" */ 'boot/axios'),
import(/* webpackMode: "eager" */ 'boot/dayjs')
]).then(bootFiles => {

10
ui/package-lock.json generated
View File

@@ -7,7 +7,6 @@
"": {
"name": "baggisowtfaresystem",
"version": "0.0.1",
"hasInstallScript": true,
"dependencies": {
"@quasar/extras": "^1.16.4",
"axios": "^1.12.2",
@@ -20,7 +19,8 @@
},
"devDependencies": {
"@quasar/app-webpack": "^4.1.0",
"autoprefixer": "^10.4.2"
"autoprefixer": "^10.4.2",
"baseline-browser-mapping": "^2.9.19"
},
"engines": {
"node": "^28 || ^26 || ^24 || ^22 || ^20 || ^18",
@@ -3856,9 +3856,9 @@
"license": "MIT"
},
"node_modules/baseline-browser-mapping": {
"version": "2.8.12",
"resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.8.12.tgz",
"integrity": "sha512-vAPMQdnyKCBtkmQA6FMCBvU9qFIppS3nzyXnEM+Lo2IAhG4Mpjv9cCxMudhgV3YdNNJv6TNqXy97dfRVL2LmaQ==",
"version": "2.9.19",
"resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.19.tgz",
"integrity": "sha512-ipDqC8FrAl/76p2SSWKSI+H9tFwm7vYqXQrItCuiVPt26Km0jS+NzSsBWAaBusvSbQcfJG+JitdMm+wZAgTYqg==",
"dev": true,
"license": "Apache-2.0",
"bin": {

6
ui/package.json
View File

@@ -9,8 +9,7 @@
"scripts": {
"test": "echo \"No test specified\" && exit 0",
"dev": "quasar dev",
"build": "quasar build",
"postinstall": "quasar prepare"
"build": "quasar build"
},
"dependencies": {
"@quasar/extras": "^1.16.4",
@@ -24,7 +23,8 @@
},
"devDependencies": {
"@quasar/app-webpack": "^4.1.0",
"autoprefixer": "^10.4.2"
"autoprefixer": "^10.4.2",
"baseline-browser-mapping": "^2.9.19"
},
"browserslist": [
"last 10 Chrome versions",

15
ui/quasar.config.js
View File

@@ -2,6 +2,8 @@
import { defineConfig } from '#q-app/wrappers'
export default defineConfig(() => {
const apiBaseUrl = (process.env.VITE_API_BASE_URL || '/api').trim()
return {
/* =====================================================
@@ -33,6 +35,9 @@ export default defineConfig(() => {
===================================================== */
build: {
vueRouterMode: 'hash',
env: {
VITE_API_BASE_URL: apiBaseUrl
},
esbuildTarget: {
browser: ['es2022', 'firefox115', 'chrome115', 'safari14'],
@@ -52,14 +57,15 @@ export default defineConfig(() => {
port: 9000,
open: true,
// DEV proxy (CORSsuz)
proxy: {
'/api': {
// DEV proxy (CORS'suz)
proxy: [
{
context: ['/api'],
target: 'http://localhost:8080',
changeOrigin: true,
secure: false
}
}
]
},
/* =====================================================
@@ -119,3 +125,4 @@ export default defineConfig(() => {
}
}
})

125
ui/quasar.config.js.temporary.compiled.1771513237059.mjs Normal file
View File

@@ -0,0 +1,125 @@
/* eslint-disable */
/**
* THIS FILE IS GENERATED AUTOMATICALLY.
* 1. DO NOT edit this file directly as it won't do anything.
* 2. EDIT the original quasar.config file INSTEAD.
* 3. DO NOT git commit this file. It should be ignored.
*
* This file is still here because there was an error in
* the original quasar.config file and this allows you to
* investigate the Node.js stack error.
*
* After you fix the original file, this file will be
* deleted automatically.
**/
// quasar.config.js
import { defineConfig } from "@quasar/app-webpack/wrappers";
var quasar_config_default = defineConfig(() => {
const apiBaseUrl = (process.env.VITE_API_BASE_URL || "/api").trim();
return {
/* =====================================================
APP INFO
===================================================== */
productName: "Baggi BSS",
productDescription: "Baggi Tekstil Business Support System",
/* =====================================================
BOOT FILES
===================================================== */
boot: ["dayjs"],
/* =====================================================
GLOBAL CSS
===================================================== */
css: ["app.css"],
/* =====================================================
ICONS / FONTS
===================================================== */
extras: [
"roboto-font",
"material-icons"
],
/* =====================================================
BUILD (PRODUCTION)
===================================================== */
build: {
vueRouterMode: "hash",
env: {
VITE_API_BASE_URL: apiBaseUrl
},
esbuildTarget: {
browser: ["es2022", "firefox115", "chrome115", "safari14"],
node: "node20"
},
// Cache & performance
gzip: true,
preloadChunks: true
},
/* =====================================================
DEV SERVER (LOCAL)
===================================================== */
devServer: {
server: { type: "http" },
port: 9e3,
open: true,
// DEV proxy (CORS'suz)
proxy: [
{
context: ["/api"],
target: "http://localhost:8080",
changeOrigin: true,
secure: false
}
]
},
/* =====================================================
QUASAR FRAMEWORK
===================================================== */
framework: {
config: {
notify: {
position: "top",
timeout: 2500
}
},
lang: "tr",
plugins: [
"Loading",
"Dialog",
"Notify"
]
},
animations: [],
/* =====================================================
SSR / PWA (DISABLED)
===================================================== */
ssr: {
prodPort: 3e3,
middlewares: ["render"],
pwa: false
},
pwa: {
workboxMode: "GenerateSW"
},
/* =====================================================
MOBILE / DESKTOP
===================================================== */
capacitor: {
hideSplashscreen: true
},
electron: {
preloadScripts: ["electron-preload"],
inspectPort: 5858,
bundler: "packager",
builder: {
appId: "baggisowtfaresystem"
}
},
bex: {
extraScripts: []
}
};
});
export {
quasar_config_default as default
};

158
ui/src/css/app.css
View File

@@ -21,7 +21,7 @@
}
.q-page {
margin-top: 5px;
margin-top: 0;
}
@media (max-width: 768px) {
@@ -288,6 +288,11 @@ body {
overflow-y: auto;
overflow-x: visible;
background: #fff;
padding-top: 0 !important;
}
/* Quasar header offsetunu sadece order sayfasında sıfırla */
.q-page-container .order-page {
margin-top: calc(-1 * var(--header-h) - 58px);
}
.body--drawer-left-open .q-page-container {
@@ -344,16 +349,33 @@ body {
.filter-bar {
background: #fafafa;
border-bottom: 1px solid #ddd;
padding: 12px 24px;
padding: 8px 12px;
margin-top:0 !important;
}
.filter-bar .q-field__label {
white-space: nowrap;
overflow: hidden;
text-overflow: ellipsis;
line-height: 1.1;
font-size: 12px;
}
.filter-bar .q-field__control,
.filter-bar .q-field__native,
.filter-bar .q-field__marginal {
min-height: 36px;
}
.filter-bar-desc {
padding: 0 12px 6px;
background: #fafafa;
border-bottom: 1px solid #ddd;
}
/* 🔹 Save toolbar */
.save-toolbar {
background: var(--baggi-gold-pale);
border-top: 1px solid #ddd;
border-bottom: 1px solid #ddd;
padding: 10px 16px;
padding: 6px 10px;
display: flex;
justify-content: space-between;
align-items: center;
@@ -454,8 +476,9 @@ body {
.order-grid-header .total-row {
display: flex;
align-items: stretch;
justify-content: space-between;
justify-content: flex-start;
background: #fff59d;
grid-column: 7 / -1;
}
.order-grid-header .total-cell {
width: var(--col-adet);
@@ -469,6 +492,9 @@ body {
font-weight: 700;
font-size: 12px;
}
.order-grid-header .total-cell:last-child {
width: var(--col-termin);
}
/* ===========================================================
6⃣ SUB-HEADER (ÜRÜN GRUBU BAR) — TAM HİZALANMIŞ
=========================================================== */
@@ -614,6 +640,108 @@ body {
padding-top: var(--sub-header-h);
z-index: 100;
}
.order-scroll-y.compact-grid-header {
--grid-header-h: var(--beden-h);
}
.order-scroll-y.compact-grid-header .order-grid-header .col-fixed {
writing-mode: horizontal-tb;
transform: none;
height: var(--grid-header-h);
font-size: 10px;
line-height: 1;
white-space: nowrap;
overflow: hidden;
text-overflow: ellipsis;
padding: 0 4px;
}
.order-scroll-y.compact-grid-header .order-grid-header .total-cell {
writing-mode: horizontal-tb;
transform: none;
height: var(--grid-header-h);
font-size: 10px;
line-height: 1;
white-space: nowrap;
overflow: hidden;
text-overflow: ellipsis;
padding: 0 4px;
}
.order-grid-header.compact {
height: var(--beden-h);
}
.order-grid-header.compact .beden-block {
height: var(--beden-h);
}
.order-grid-header.compact .col-fixed,
.order-grid-header.compact .total-cell {
writing-mode: horizontal-tb;
transform: none;
height: var(--beden-h);
font-size: 10px;
line-height: 1;
white-space: nowrap;
overflow: hidden;
text-overflow: ellipsis;
padding: 0 4px;
}
.order-grid-header.compact .total-cell {
width: var(--col-adet);
}
.order-grid-header.compact .total-cell:nth-child(2) {
width: var(--col-fiyat);
}
.order-grid-header.compact .total-cell:nth-child(3) {
width: var(--col-pb);
}
.order-grid-header.compact .total-cell:nth-child(4) {
width: var(--col-tutar);
}
.order-grid-header.compact .total-cell:nth-child(5) {
width: var(--col-termin);
}
.order-grid-header.compact .grp-row {
height: var(--beden-h);
}
.order-grid-header.compact .grp-row:not(:first-child) {
display: none;
}
.order-grid-header.compact .grp-title {
display: none;
}
.order-grid-header.compact .grp-row:first-child .grp-title {
display: block;
font-size: 10px;
line-height: 1;
white-space: nowrap;
padding-right: 4px;
}
.order-grid-header.compact .grp-body {
height: var(--beden-h);
align-items: center;
}
.order-grid-header.compact .grp-cell.hdr {
height: var(--beden-h);
font-size: 10px;
}
.order-scroll-y.compact-grid-header .order-grid-header .grp-title {
display: none;
}
.order-scroll-y.compact-grid-header .order-grid-header .grp-row {
align-items: center;
height: var(--beden-h);
}
.order-scroll-y.compact-grid-header .order-grid-header .grp-body {
grid-template-rows: var(--beden-h);
align-items: center;
}
.order-scroll-y.compact-grid-header .order-grid-header .grp-cell.hdr {
height: var(--beden-h);
}
.order-scroll-y.compact-grid-header .order-grid-header .total-row {
align-items: center;
}
.order-scroll-y.compact-grid-header .order-grid-body {
padding-top: var(--sub-header-h);
}
.summary-row {
display: grid;
@@ -1086,7 +1214,7 @@ body {
z-index: 600;
background: #fff;
border-bottom: 1px solid #ddd;
padding: 10px 16px;
padding: 6px 10px;
box-shadow: 0 1px 2px rgba(0,0,0,0.06);
min-height: var(--ol-filter-h);
display: flex;
@@ -1309,7 +1437,7 @@ body {
z-index: 620;
background: #fff;
border-bottom: 1px solid #ddd;
padding: 10px 16px;
padding: 6px 10px;
box-shadow: 0 1px 2px rgba(0,0,0,0.06);
}
@@ -1530,3 +1658,21 @@ body {
gap: 2px;
}
/* ===========================================================
ORDER ENTRY POPUP EDITOR
=========================================================== */
.order-editor-card {
width: 98vw;
max-width: 1900px;
}
.order-editor-card .editor {
max-height: 76vh;
overflow: auto;
}
.order-editor-dialog .q-dialog__inner--minimized {
max-width: 98vw;
}
.order-editor-dialog .q-dialog__inner > div {
width: 98vw;
max-width: 1900px;
}

15
ui/src/layouts/MainLayout.vue
View File

@@ -209,6 +209,11 @@ const menuItems = [
to: '/app/order-gateway',
permission: 'order:view'
},
{
label: 'Üretime Verilen Siparişleri Güncelle',
to: '/app/orderproductionupdate',
permission: 'order:update'
},
{
label: 'Tamamlanan Siparişleri Toplu Kapatma',
to: '/app/order-bulk-close',
@@ -226,25 +231,25 @@ const menuItems = [
{
label: 'Rol + Departman Yetkileri',
to: '/app/role-dept-permissions',
permission: 'user:update'
permission: 'system:update'
},
{
label: 'Kullanıcı Yetkileri',
to: '/app/user-permissions',
permission: 'user:update'
permission: 'system:update'
},
{
label: 'Loglar',
to: '/app/activity-logs',
permission: 'user:view'
permission: 'system:read'
},
{
label: 'Test Mail',
to: '/app/test-mail',
permission: 'user:insert'
permission: 'system:update'
}
]
@@ -258,7 +263,7 @@ const menuItems = [
{
label: 'Kullanıcılar',
to: '/app/users',
permission: 'user:view'
permission: 'system:read'
}
]
}

4
ui/src/pages/ChangePassword.vue
View File

@@ -11,6 +11,7 @@ Mevcut şifrenizi girerek yeni şifre belirleyin
<q-separator />
<q-form @submit.prevent="submit">
<q-card-section>
<q-input
v-model="current"
@@ -46,13 +47,14 @@ class="bg-red-1 text-red q-mt-md"
<q-card-actions align="right">
<q-btn
v-if="canUpdateSystem"
type="submit"
label="GÜNCELLE"
color="primary"
:loading="loading"
:disable="!canSubmit"
@click="submit"
/>
</q-card-actions>
</q-form>
</q-card>
</q-page>

135
ui/src/pages/FirstPasswordChange.vue
View File

@@ -8,48 +8,50 @@
</div>
</q-card-section>
<q-card-section class="q-gutter-md">
<q-input
v-model="currentPassword"
type="password"
label="Mevcut Şifre"
outlined
dense
/>
<q-form @submit.prevent="submit">
<q-card-section class="q-gutter-md">
<q-input
v-model="currentPassword"
type="password"
label="Mevcut Şifre"
outlined
dense
/>
<q-input
v-model="newPassword"
type="password"
label="Yeni Şifre"
outlined
dense
/>
<q-input
v-model="newPassword"
type="password"
label="Yeni Şifre"
outlined
dense
/>
<q-input
v-model="newPassword2"
type="password"
label="Yeni Şifre (Tekrar)"
outlined
dense
/>
<q-input
v-model="newPassword2"
type="password"
label="Yeni Şifre (Tekrar)"
outlined
dense
/>
<q-banner
v-if="error"
class="bg-red-1 text-red q-mt-sm"
rounded
>
{{ error }}
</q-banner>
</q-card-section>
<q-banner
v-if="error"
class="bg-red-1 text-red q-mt-sm"
rounded
>
{{ error }}
</q-banner>
</q-card-section>
<q-card-actions align="right">
<q-btn
label="Kaydet"
color="primary"
:loading="loading"
@click="submit"
/>
</q-card-actions>
<q-card-actions align="right">
<q-btn
type="submit"
label="Kaydet"
color="primary"
:loading="loading"
/>
</q-card-actions>
</q-form>
</q-card>
</q-page>
</template>
@@ -57,7 +59,7 @@
<script setup>
import { ref } from 'vue'
import { useRouter } from 'vue-router'
import api from 'src/services/api'
import api, { extractApiErrorDetail } from 'src/services/api'
import { useAuthStore } from 'stores/authStore.js'
const router = useRouter()
@@ -69,6 +71,33 @@ const newPassword2 = ref('')
const loading = ref(false)
const error = ref('')
function resolveFirstPasswordError(status, detail) {
const text = String(detail || '').trim()
const lower = text.toLowerCase()
if (status === 401) {
if (lower.includes('mevcut sifre') || lower.includes('current password')) {
return 'Mevcut şifreyi yanlış girdiniz.'
}
if (lower.includes('token') || lower.includes('authorization')) {
return 'Oturum doğrulanamadı. Lütfen tekrar giriş yapın.'
}
return text || 'Kimlik doğrulama hatası (401). Lütfen tekrar giriş yapın.'
}
if (status === 403) {
if (lower.includes('permission')) {
return 'Şifre değiştirme yetkiniz yok (403). Sistem yöneticinize başvurun.'
}
return text || 'Bu işlem için yetkiniz yok (403).'
}
return text || 'Şifre güncellenemedi'
}
async function submit () {
error.value = ''
@@ -84,29 +113,25 @@ async function submit () {
loading.value = true
try {
// 🔐 TOKEN interceptor ile otomatik
const res = await api.post('/password/change', {
await api.post('/password/change', {
current_password: currentPassword.value,
new_password: newPassword.value
})
// 🔄 Session güncelle
auth.setSession(res.data)
auth.forcePasswordChange = false
localStorage.setItem('forcePasswordChange', '0')
router.replace('/app')
auth.clearSession()
router.replace('/login')
} catch (e) {
error.value =
e?.data?.message ||
e?.message ||
'Şifre güncellenemedi'
const status = e?.response?.status
const detail = await extractApiErrorDetail(e)
console.error('FIRST_PASSWORD_CHANGE failed', {
status,
detail
})
error.value = resolveFirstPasswordError(status, detail)
} finally {
loading.value = false
}
}
</script>

104
ui/src/pages/MainPage.vue
View File

@@ -10,66 +10,68 @@
<div class="login-title q-mt-sm">Kullanıcı Girişi</div>
</q-card-section>
<!-- FORM -->
<q-card-section>
<q-input
v-model="username"
label="Kullanıcı Adı"
dense
standout="bg-white"
class="q-mb-md custom-input"
autocomplete="username"
/>
<q-form @submit.prevent="login">
<!-- FORM -->
<q-card-section>
<q-input
v-model="username"
label="Kullanıcı Adı"
dense
standout="bg-white"
class="q-mb-md custom-input"
autocomplete="username"
/>
<q-input
v-model="password"
type="password"
label="Şifre"
dense
standout="bg-white"
class="custom-input"
autocomplete="current-password"
/>
<q-input
v-model="password"
type="password"
label="Şifre"
dense
standout="bg-white"
class="custom-input"
autocomplete="current-password"
/>
<div class="q-mt-md row items-center justify-between">
<div>
<q-checkbox
v-model="rememberUser"
label="Kullanıcıyı hatırla"
color="secondary"
dense
/>
<q-checkbox
v-model="rememberPass"
label="Parolayı kaydet"
color="secondary"
<div class="q-mt-md row items-center justify-between">
<div>
<q-checkbox
v-model="rememberUser"
label="Kullanıcıyı hatırla"
color="secondary"
dense
/>
<q-checkbox
v-model="rememberPass"
label="Parolayı kaydet"
color="secondary"
dense
/>
</div>
<q-btn
flat
dense
color="primary"
label="Şifremi Unuttum"
@click="forgotOpen = true"
/>
</div>
</q-card-section>
<!-- ACTION -->
<q-card-actions align="center">
<q-btn
flat
dense
type="submit"
label="Giriş Yap"
color="primary"
label="Şifremi Unuttum"
@click="forgotOpen = true"
glossy
unelevated
icon="login"
class="full-width"
:loading="loading"
/>
</div>
</q-card-section>
<!-- ACTION -->
<q-card-actions align="center">
<q-btn
label="Giriş Yap"
color="primary"
glossy
unelevated
icon="login"
class="full-width"
:loading="loading"
@click="login"
/>
</q-card-actions>
</q-card-actions>
</q-form>
</q-card>
<!-- 🔐 FORGOT PASSWORD -->

74
ui/src/pages/MePassword.vue
View File

@@ -11,46 +11,48 @@
<q-separator />
<q-card-section class="q-gutter-sm">
<q-input
v-model="current"
type="password"
label="Mevcut Şifre"
dense filled
/>
<q-form @submit.prevent="submit">
<q-card-section class="q-gutter-sm">
<q-input
v-model="current"
type="password"
label="Mevcut Şifre"
dense filled
/>
<q-input
v-model="password"
type="password"
label="Yeni Şifre"
dense filled
/>
<q-input
v-model="password"
type="password"
label="Yeni Şifre"
dense filled
/>
<q-input
v-model="password2"
type="password"
label="Yeni Şifre (Tekrar)"
dense filled
/>
<q-input
v-model="password2"
type="password"
label="Yeni Şifre (Tekrar)"
dense filled
/>
<q-banner
v-if="error"
class="bg-red-1 text-red q-mt-sm"
rounded
>
{{ error }}
</q-banner>
</q-card-section>
<q-banner
v-if="error"
class="bg-red-1 text-red q-mt-sm"
rounded
>
{{ error }}
</q-banner>
</q-card-section>
<q-card-actions align="right">
<q-btn
label="GÜNCELLE"
color="primary"
:loading="loading"
:disable="!canSubmit"
@click="submit"
/>
</q-card-actions>
<q-card-actions align="right">
<q-btn
type="submit"
label="GÜNCELLE"
color="primary"
:loading="loading"
:disable="!canSubmit"
/>
</q-card-actions>
</q-form>
</q-card>
</q-page>

137
ui/src/pages/OrderEntry.vue
View File

@@ -1,4 +1,4 @@
<template>
<template>
<!-- ===========================================================
🧾 ORDER ENTRY PAGE (BSSApp)
v23 Sticky-stack + Drawer uyumlu yapı
@@ -8,14 +8,15 @@
class="order-page"
>
<!-- 🔄 SAYFA LOADERI -->
<q-inner-loading :showing="loadingHeader || loadingCari || loadingModels" color="primary">
<q-inner-loading :showing="isPageBlocking" color="primary">
<q-spinner size="50px" />
</q-inner-loading>
<!-- =======================================================
🔹 STICKY STACK (Filter + Save + Header)
======================================================== -->
<div class="sticky-stack">
<template v-if="!isPageBlocking">
<!-- =======================================================
🔹 STICKY STACK (Filter + Save + Header)
======================================================== -->
<div class="sticky-stack">
<!-- 🔸 1. Satır: Filtre Bar -->
<div class="filter-bar row q-col-gutter-md q-mb-sm">
@@ -168,8 +169,22 @@
</template>
</div>
</div>
<!-- 📝 Sipariş Genel Açıklaması (filter bar altında) -->
<div class="filter-bar-desc q-mt-sm">
<q-input
v-model="form.Description"
type="textarea"
label="Sipariş Genel ıklaması"
filled
dense
autogrow
maxlength="1500"
counter
placeholder="Siparişe genel ıklama giriniz (örn. teslimat, üretim notu, müşteri isteği...)"
:disable="isClosedRow"
:readonly="isViewOnly"
/>
</div>
<!-- 🔹 Cari Bilgi Barı -->
<q-slide-transition>
@@ -212,6 +227,14 @@
<div class="save-toolbar">
<div class="text-subtitle2 text-weight-bold">Sipariş Formu</div>
<div>
<q-btn
flat
color="grey-7"
class="q-ml-sm"
:label="compactGridHeader ? 'BAŞLIK GENİŞLET' : 'BAŞLIK DARALT'"
:icon="compactGridHeader ? 'unfold_more' : 'unfold_less'"
@click="compactGridHeader = !compactGridHeader"
/>
<q-btn
v-if="isViewOnly && canExportOrder"
label="🖨 SİPARİŞİ YAZDIR"
@@ -222,7 +245,16 @@
/>
<q-btn
v-else-if="canSubmitOrder"
v-if="canMutateRows"
label="SATIR EKLE"
color="secondary"
icon="add"
class="q-ml-sm"
@click="openNewRowEditor"
:disable="isClosedRow || isViewOnly || !canMutateRows"
/>
<q-btn
v-if="canSubmitOrder"
:label="isEditMode ? 'TÜMÜNÜ GÜNCELLE' : 'TÜMÜNÜ KAYDET'"
color="primary"
icon="save"
@@ -231,24 +263,15 @@
:disable="!canSubmitOrder"
@click="confirmAndSubmit"
/>
<q-btn
label="YENİ SİPARİŞ"
v-if="canWriteOrder"
color="secondary"
icon="add_circle"
class="q-ml-sm"
@click="onResetEditorClick"
:disable="isClosedRow || !canWriteOrder"
/>
</div>
</div>
<!-- 🔹 Grid Header -->
<div class="order-grid-header">
<div class="order-grid-header" :class="{ compact: compactGridHeader }">
<div class="col-fixed model">MODEL</div>
<div class="col-fixed renk">RENK</div>
<div class="col-fixed ana">ÜRÜN ANA<br />GRUBU</div>
<div class="col-fixed alt">ÜRÜN ALT<br />GRUBU</div>
<div class="col-fixed ana">ÜRÜN ANA GRUBU</div>
<div class="col-fixed alt">ÜRÜN ALT GRUBU</div>
<div class="col-fixed aciklama-col">AÇIKLAMA</div>
<div class="beden-block">
@@ -289,7 +312,7 @@
<!-- =======================================================
🔹 GRID BODY (Final Stabil) + EDITOR aynı scrollda
======================================================== -->
<div class="order-scroll-y"> <!-- ✅ YENİ: Grid + Editor ortak dikey scroll -->
<div class="order-scroll-y" :class="{ 'compact-grid-header': compactGridHeader }"> <!-- ✅ YENİ: Grid + Editor ortak dikey scroll -->
<div class="order-grid-body">
<template v-for="grp in groupedRows" :key="grp.name">
<div :class="['summary-group', grp.open ? 'open' : 'closed']">
@@ -424,7 +447,24 @@
<!-- =======================================================
🔹 SATIR DÜZENLEYİCİ FORM (EDITOR)
======================================================== -->
<div class="editor q-mt-lg q-pa-sm">
<q-dialog
v-model="showEditor"
class="order-editor-dialog"
:maximized="$q.screen.lt.md"
full-width
transition-show="jump-down"
transition-hide="jump-up"
persistent
>
<q-card class="order-editor-card">
<q-card-section class="row items-center justify-between">
<div class="text-subtitle1 text-weight-bold">
{{ isEditing ? 'Satır Düzenle' : 'Yeni Satır' }}
</div>
<q-btn flat round icon="close" @click="showEditor = false" />
</q-card-section>
<q-separator />
<q-card-section class="editor q-pa-sm">
<!-- 🔸 1. Satır: Model ve Ürün Bilgileri -->
<div class="row q-col-gutter-sm q-mb-sm">
@@ -717,28 +757,11 @@
butonuna basarak işlemleri kaydedebilirsiniz.
</div>
<!-- =======================================================
🔹 SİPARİŞ GENEL AÇIKLAMASI
======================================================== -->
<div class="row q-mt-md">
<div class="col-12">
<q-input
v-model="form.Description"
type="textarea"
label="Sipariş Genel ıklaması"
filled
dense
autogrow
maxlength="1500"
counter
placeholder="Siparişe genel ıklama giriniz (örn. teslimat, üretim notu, müşteri isteği...)"
:disable="isClosedRow"
/>
</div>
</div>
</div> <!-- editor -->
</div> <!-- ✅ order-scroll-y -->
</q-card-section>
</q-card>
</q-dialog>
</div> <!-- ✅ order-scroll-y -->
</template>
</q-page>
<q-page
@@ -777,6 +800,8 @@ const canExportOrder = canExport('order')
const formatDate = formatDateDisplay
const showEditor = ref(false)
const compactGridHeader = ref(false)
@@ -1094,6 +1119,16 @@ const seriMultiplier = ref(1)
const loadingHeader = ref(true)
const loadingCari = ref(true)
const loadingModels = ref(true)
const isPageBlocking = computed(() => {
if (!isEditMode.value) return false
const headerReady = !!orderStore.header
return (
loadingHeader.value ||
loadingCari.value ||
loadingModels.value ||
!headerReady
)
})
/* ===========================================================
🔹 CARİ INFO STATE
=========================================================== */
@@ -2346,11 +2381,22 @@ const editRow = async (row) => {
notify: true,
loadSizes: true
})
showEditor.value = true
} catch (err) {
console.error('❌ editRow hata:', err)
}
}
const openNewRowEditor = async () => {
if (!hasRowMutationPermission()) {
notifyNoPermission('Siparis satiri ekleme/guncelleme yetkiniz yok')
return
}
await resetEditor(true)
showEditor.value = true
}
@@ -2765,6 +2811,7 @@ const onSaveOrUpdateRow = async () => {
stockMap,
$q
})
showEditor.value = false
}

17
ui/src/pages/OrderList.vue
View File

@@ -126,6 +126,13 @@
</q-icon>
</q-td>
</template>
<template #body-cell-HasUretimUrunu="props">
<q-td :props="props" class="text-left">
<span v-if="props.row.HasUretimUrunu" class="text-weight-bold text-negative">
ÜRETİME VERİLECEK ÜRÜNÜ VAR
</span>
</q-td>
</template>
<template #body-cell-OrderDate="props">
<q-td :props="props" class="text-center">
@@ -233,7 +240,7 @@ import { useQuasar } from 'quasar'
import { useOrderListStore } from 'src/stores/OrdernewListStore'
import { useAuthStore } from 'src/stores/authStore'
import { usePermission } from 'src/composables/usePermission'
import api from 'src/services/api'
import api, { extractApiErrorDetail } from 'src/services/api'
const { canRead } = usePermission()
const canReadOrder = canRead('order')
@@ -366,6 +373,7 @@ const columns = [
format: val => Number(val || 0).toLocaleString('tr-TR', { minimumFractionDigits: 2 }) + ' %'
},
{ name: 'IsCreditableConfirmed', label: 'Durum', field: 'IsCreditableConfirmed', align: 'center', sortable: true },
{ name: 'HasUretimUrunu', label: 'Üretim', field: 'HasUretimUrunu', align: 'left', sortable: true, style: 'min-width:190px;white-space:nowrap', headerStyle: 'min-width:190px;white-space:nowrap' },
{ name: 'Description', label: 'Açıklama', field: 'Description', align: 'left', sortable: false, classes: 'ol-col-desc', headerClasses: 'ol-col-desc', style: 'width:160px;max-width:160px', headerStyle: 'width:160px;max-width:160px' },
{ name: 'pdf', label: 'PDF', field: 'pdf', align: 'center', sortable: false }
]
@@ -392,8 +400,11 @@ async function printPDF (row) {
})
window.open(URL.createObjectURL(res.data), '_blank')
} catch {
$q.notify({ type: 'negative', message: 'PDF yüklenemedi' })
} catch (err) {
const detail = await extractApiErrorDetail(err)
const status = err?.status || err?.response?.status || '-'
console.error(`PDF load error [${status}] /order/pdf/${row.OrderHeaderID}: ${detail}`)
$q.notify({ type: 'negative', message: `PDF yuklenemedi (${status}): ${detail}` })
}
}
function clearFilters () {

57
ui/src/pages/OrderProductionUpdate.vue Normal file
View File

@@ -0,0 +1,57 @@
<template>
<q-page class="q-pa-md">
<div class="text-h6 text-weight-bold">Üretime Verilen Ürünler</div>
<div class="text-caption text-grey-7 q-mt-xs">
OrderHeaderID: {{ orderHeaderID || '-' }}
</div>
<q-table
class="q-mt-md"
flat
bordered
dense
separator="cell"
row-key="OrderLineID"
:rows="store.items"
:columns="columns"
:loading="store.loading"
no-data-label="Üretime verilecek ürün bulunamadı"
:rows-per-page-options="[0]"
hide-bottom
/>
<q-banner v-if="store.error" class="bg-red text-white q-mt-sm">
Hata: {{ store.error }}
</q-banner>
</q-page>
</template>
<script setup>
import { computed, onMounted, watch } from 'vue'
import { useRoute } from 'vue-router'
import { useOrderProductionItemStore } from 'src/stores/OrderProductionItemStore'
const route = useRoute()
const store = useOrderProductionItemStore()
const orderHeaderID = computed(() => String(route.params.orderHeaderID || '').trim())
const columns = [
{ name: 'OldItemCode', label: 'Eski Ürün Kodu', field: 'OldItemCode', align: 'left', sortable: true, style: 'min-width:140px;white-space:nowrap', headerStyle: 'min-width:140px;white-space:nowrap' },
{ name: 'OldColor', label: 'Eski Ürün Rengi', field: 'OldColor', align: 'left', sortable: true, style: 'min-width:120px;white-space:nowrap', headerStyle: 'min-width:120px;white-space:nowrap' },
{ name: 'OldDim2', label: 'Eski 2. Renk', field: 'OldDim2', align: 'left', sortable: true, style: 'min-width:110px;white-space:nowrap', headerStyle: 'min-width:110px;white-space:nowrap' },
{ name: 'OldDesc', label: 'Eski Açıklama', field: 'OldDesc', align: 'left', sortable: false, style: 'min-width:180px;white-space:nowrap', headerStyle: 'min-width:180px;white-space:nowrap' },
{ name: 'NewItemCode', label: 'Yeni Ürün Kodu', field: 'NewItemCode', align: 'left', sortable: true, style: 'min-width:140px;white-space:nowrap', headerStyle: 'min-width:140px;white-space:nowrap' },
{ name: 'NewColor', label: 'Yeni Ürün Rengi', field: 'NewColor', align: 'left', sortable: true, style: 'min-width:120px;white-space:nowrap', headerStyle: 'min-width:120px;white-space:nowrap' },
{ name: 'NewDim2', label: 'Yeni 2. Renk', field: 'NewDim2', align: 'left', sortable: true, style: 'min-width:110px;white-space:nowrap', headerStyle: 'min-width:110px;white-space:nowrap' },
{ name: 'NewDesc', label: 'Yeni Açıklama', field: 'NewDesc', align: 'left', sortable: false, style: 'min-width:180px;white-space:nowrap', headerStyle: 'min-width:180px;white-space:nowrap' }
]
onMounted(() => {
store.fetchItems(orderHeaderID.value)
})
watch(orderHeaderID, (id) => {
store.fetchItems(id)
})
</script>

357
ui/src/pages/OrderProductionUpdateList.vue Normal file
View File

@@ -0,0 +1,357 @@
<template>
<q-page v-if="canReadOrder" class="ol-page">
<div class="ol-filter-bar">
<div class="ol-filter-row">
<q-input
v-model="store.filters.search"
class="ol-filter-input ol-search"
dense
filled
debounce="300"
clearable
label="Arama (Sipariş No / Cari / Açıklama)"
>
<template #append>
<q-icon name="search" />
</template>
</q-input>
<q-input
v-model="store.filters.CurrAccCode"
class="ol-filter-input"
dense
filled
clearable
label="Cari Kodu"
/>
<q-input
v-model="store.filters.OrderDate"
class="ol-filter-input"
dense
filled
type="date"
label="Sipariş Tarihi"
/>
<div class="ol-filter-actions">
<q-btn
label="Temizle"
icon="clear"
color="grey-7"
flat
:disable="store.loading"
@click="clearFilters"
>
<q-tooltip>Tüm filtreleri temizle</q-tooltip>
</q-btn>
<q-btn
label="Yenile"
color="primary"
icon="refresh"
:loading="store.loading"
@click="store.fetchOrders"
/>
<q-btn
label="Excel'e Aktar"
icon="download"
color="primary"
outline
:disable="store.loading || productionOrders.length === 0"
@click="exportExcel"
/>
</div>
<div class="ol-filter-total">
<div class="ol-total-line">
<span class="ol-total-label">Toplam USD:</span>
<strong class="ol-total-value">
{{ totalVisibleUSD.toLocaleString('tr-TR', { minimumFractionDigits: 2, maximumFractionDigits: 2 }) }}
</strong>
</div>
</div>
</div>
</div>
<q-table
title="Üretime Verilecek Ürünleri Olan Siparişler"
class="ol-table"
flat
bordered
dense
separator="cell"
row-key="OrderHeaderID"
:rows="productionOrders"
:columns="columns"
:loading="store.loading"
no-data-label="Üretime verilecek sipariş bulunamadı"
:rows-per-page-options="[0]"
hide-bottom
>
<template #body-cell-open="props">
<q-td :props="props" class="text-center">
<q-btn
icon="open_in_new"
color="primary"
flat
round
dense
@click="selectOrder(props.row)"
>
<q-tooltip>Siparişi </q-tooltip>
</q-btn>
</q-td>
</template>
<template #body-cell-IsCreditableConfirmed="props">
<q-td :props="props" class="text-center q-gutter-sm">
<q-btn
icon="picture_as_pdf"
color="red"
flat
round
dense
@click="printPDF(props.row)"
>
<q-tooltip>Siparişi PDF olarak </q-tooltip>
</q-btn>
<q-icon
:name="props.row.IsCreditableConfirmed ? 'check_circle' : 'cancel'"
:color="props.row.IsCreditableConfirmed ? 'green' : 'red'"
size="20px"
>
<q-tooltip>
{{ props.row.IsCreditableConfirmed ? 'Onaylı' : 'Onaysız' }}
</q-tooltip>
</q-icon>
</q-td>
</template>
<template #body-cell-OrderDate="props">
<q-td :props="props" class="text-center">
{{ formatDate(props.row.OrderDate) }}
</q-td>
</template>
<template #body-cell-CreditableConfirmedDate="props">
<q-td :props="props" class="text-center">
{{ formatDate(props.row.CreditableConfirmedDate) }}
</q-td>
</template>
<template #body-cell-CurrAccDescription="props">
<q-td :props="props" class="ol-col-cari">
<div class="ol-col-multiline">{{ props.value }}</div>
<q-tooltip v-if="props.value">
{{ props.value }}
</q-tooltip>
</q-td>
</template>
<template #body-cell-MusteriTemsilcisi="props">
<q-td :props="props" class="ol-col-short">
<div class="ol-col-multiline">{{ props.value }}</div>
<q-tooltip v-if="props.value">
{{ props.value }}
</q-tooltip>
</q-td>
</template>
<template #body-cell-Piyasa="props">
<q-td :props="props" class="ol-col-short">
<div class="ol-col-multiline">{{ props.value }}</div>
<q-tooltip v-if="props.value">
{{ props.value }}
</q-tooltip>
</q-td>
</template>
<template #body-cell-Description="props">
<q-td :props="props" class="ol-col-desc">
<div class="ol-col-multiline">{{ props.value }}</div>
<q-tooltip v-if="props.value">
{{ props.value }}
</q-tooltip>
</q-td>
</template>
<template #body-cell-HasUretimUrunu="props">
<q-td :props="props" class="text-center">
<q-icon
:name="props.row.HasUretimUrunu ? 'check_circle' : 'cancel'"
:color="props.row.HasUretimUrunu ? 'green' : 'grey-5'"
size="18px"
/>
</q-td>
</template>
</q-table>
<q-banner v-if="store.error" class="bg-red text-white q-mt-sm">
Hata: {{ store.error }}
</q-banner>
</q-page>
<q-page v-else class="q-pa-md flex flex-center">
<div class="text-negative text-subtitle1">
Bu modüle erişim yetkiniz yok.
</div>
</q-page>
</template>
<script setup>
import { computed, onMounted, watch } from 'vue'
import { useRouter } from 'vue-router'
import { useQuasar } from 'quasar'
import { useOrderProductionUpdateStore } from 'src/stores/OrderProductionUpdateStore'
import { useAuthStore } from 'src/stores/authStore'
import { usePermission } from 'src/composables/usePermission'
import api, { extractApiErrorDetail } from 'src/services/api'
const { canRead } = usePermission()
const canReadOrder = canRead('order')
const router = useRouter()
const $q = useQuasar()
const store = useOrderProductionUpdateStore()
let searchTimer = null
watch(
() => store.filters.search,
() => {
clearTimeout(searchTimer)
searchTimer = setTimeout(() => {
store.fetchOrders()
}, 400)
}
)
const productionOrders = computed(() => store.filteredOrders)
const totalVisibleUSD = computed(() =>
productionOrders.value.reduce((sum, o) => {
const v = Number(o.TotalAmountUSD || 0)
return sum + (Number.isFinite(v) ? v : 0)
}, 0)
)
function clearFilters () {
store.filters.search = ''
store.filters.CurrAccCode = ''
store.filters.OrderDate = ''
store.fetchOrders()
}
function formatDate (v) {
if (!v) return ''
return String(v)
}
function selectOrder (row) {
if (!row?.OrderHeaderID) {
$q.notify({ type: 'warning', message: 'OrderHeaderID bulunamadı' })
return
}
router.push({
name: 'orderproductionupdate',
params: { orderHeaderID: row.OrderHeaderID }
})
}
async function printPDF (row) {
try {
const auth = useAuthStore()
if (!auth?.token) {
$q.notify({ type: 'warning', message: 'Oturum bulunamadı' })
return
}
const res = await api.get(`/order/pdf/${row.OrderHeaderID}`, {
responseType: 'blob'
})
const blob = new Blob([res.data], { type: 'application/pdf' })
const url = URL.createObjectURL(blob)
window.open(url, '_blank')
setTimeout(() => URL.revokeObjectURL(url), 2000)
} catch (err) {
const status = err?.response?.status
const detail = extractApiErrorDetail(err)
console.error(`PDF load error [${status}] /order/pdf/${row?.OrderHeaderID}: ${detail}`)
$q.notify({ type: 'negative', message: `PDF alınamadı: ${detail}` })
}
}
function exportExcel () {
const auth = useAuthStore()
if (!auth?.token) {
$q.notify({
type: 'negative',
message: 'Oturum bulunamadı'
})
return
}
const params = new URLSearchParams()
if (store.filters.search) params.append('search', store.filters.search)
api.get(`/orders/production-list?${params.toString()}`, {
responseType: 'blob'
}).then((res) => {
const blob = new Blob([res.data], { type: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' })
const url = URL.createObjectURL(blob)
const a = document.createElement('a')
a.href = url
a.download = 'uretime_verilecek_siparisler.xlsx'
a.click()
URL.revokeObjectURL(url)
}).catch((err) => {
const detail = extractApiErrorDetail(err)
$q.notify({ type: 'negative', message: `Excel alınamadı: ${detail}` })
})
}
onMounted(() => {
store.fetchOrders()
})
const columns = [
{ name: 'open', label: '', field: 'open', align: 'center', sortable: false },
{ name: 'OrderNumber', label: 'Sipariş No', field: 'OrderNumber', align: 'left', sortable: true, style: 'min-width:108px;white-space:nowrap', headerStyle: 'min-width:108px;white-space:nowrap' },
{ name: 'OrderDate', label: 'Tarih', field: 'OrderDate', align: 'center', sortable: true, style: 'min-width:82px;white-space:nowrap', headerStyle: 'min-width:82px;white-space:nowrap' },
{ name: 'CurrAccCode', label: 'Cari Kod', field: 'CurrAccCode', align: 'left', sortable: true, style: 'min-width:82px;white-space:nowrap', headerStyle: 'min-width:82px;white-space:nowrap' },
{ name: 'CurrAccDescription', label: 'Cari Adı', field: 'CurrAccDescription', align: 'left', sortable: true, classes: 'ol-col-cari', headerClasses: 'ol-col-cari', style: 'width:160px;max-width:160px', headerStyle: 'width:160px;max-width:160px' },
{ name: 'MusteriTemsilcisi', label: 'Temsilci', field: 'MusteriTemsilcisi', align: 'left', sortable: true, classes: 'ol-col-short', headerClasses: 'ol-col-short', style: 'width:88px;max-width:88px', headerStyle: 'width:88px;max-width:88px' },
{ name: 'Piyasa', label: 'Piyasa', field: 'Piyasa', align: 'left', sortable: true, classes: 'ol-col-short', headerClasses: 'ol-col-short', style: 'width:72px;max-width:72px', headerStyle: 'width:72px;max-width:72px' },
{ name: 'CreditableConfirmedDate', label: 'Onay', field: 'CreditableConfirmedDate', align: 'center', sortable: true, style: 'min-width:86px;white-space:nowrap', headerStyle: 'min-width:86px;white-space:nowrap' },
{ name: 'DocCurrencyCode', label: 'PB', field: 'DocCurrencyCode', align: 'center', sortable: true, style: 'min-width:46px;white-space:nowrap', headerStyle: 'min-width:46px;white-space:nowrap' },
{
name: 'TotalAmount',
label: 'Tutar',
field: 'TotalAmount',
align: 'right',
sortable: true,
style: 'min-width:120px;white-space:nowrap',
headerStyle: 'min-width:120px;white-space:nowrap',
format: (val, row) => Number(val || 0).toLocaleString('tr-TR', { minimumFractionDigits: 2 }) + ' ' + row.DocCurrencyCode
},
{
name: 'TotalAmountUSD',
label: 'Tutar (USD)',
field: 'TotalAmountUSD',
align: 'right',
sortable: true,
style: 'min-width:120px;white-space:nowrap',
headerStyle: 'min-width:120px;white-space:nowrap',
format: val => Number(val || 0).toLocaleString('tr-TR', { minimumFractionDigits: 2 }) + ' USD'
},
{ name: 'IsCreditableConfirmed', label: 'Durum', field: 'IsCreditableConfirmed', align: 'center', sortable: true },
{ name: 'HasUretimUrunu', label: 'Üretim', field: 'HasUretimUrunu', align: 'left', sortable: true, style: 'min-width:190px;white-space:nowrap', headerStyle: 'min-width:190px;white-space:nowrap' },
{ name: 'Description', label: 'Açıklama', field: 'Description', align: 'left', sortable: false, classes: 'ol-col-desc', headerClasses: 'ol-col-desc', style: 'width:160px;max-width:160px', headerStyle: 'width:160px;max-width:160px' }
]
</script>

132
ui/src/pages/ResetPassword.vue
View File

@@ -21,76 +21,78 @@
<q-separator />
<q-card-section>
<!-- NEW PASSWORD -->
<q-input
v-model="password"
:type="showPassword ? 'text' : 'password'"
label="Yeni Parola"
dense
filled
:rules="[passwordRule]"
>
<template #append>
<q-icon
:name="showPassword ? 'visibility_off' : 'visibility'"
class="cursor-pointer"
@click="showPassword = !showPassword"
/>
</template>
</q-input>
<q-form @submit.prevent="submit">
<q-card-section>
<!-- NEW PASSWORD -->
<q-input
v-model="password"
:type="showPassword ? 'text' : 'password'"
label="Yeni Parola"
dense
filled
:rules="[passwordRule]"
>
<template #append>
<q-icon
:name="showPassword ? 'visibility_off' : 'visibility'"
class="cursor-pointer"
@click="showPassword = !showPassword"
/>
</template>
</q-input>
<!-- STRENGTH -->
<div class="q-mt-xs">
<q-linear-progress
:value="passwordStrength.value"
:color="passwordStrength.color"
rounded
size="6px"
/>
<div class="text-caption q-mt-xs" :class="passwordStrength.textColor">
{{ passwordStrength.label }}
<!-- STRENGTH -->
<div class="q-mt-xs">
<q-linear-progress
:value="passwordStrength.value"
:color="passwordStrength.color"
rounded
size="6px"
/>
<div class="text-caption q-mt-xs" :class="passwordStrength.textColor">
{{ passwordStrength.label }}
</div>
</div>
</div>
<!-- CONFIRM -->
<q-input
v-model="password2"
:type="showPassword2 ? 'text' : 'password'"
label="Parola Tekrar"
dense
filled
class="q-mt-sm"
:rules="[confirmRule]"
>
<template #append>
<q-icon
:name="showPassword2 ? 'visibility_off' : 'visibility'"
class="cursor-pointer"
@click="showPassword2 = !showPassword2"
/>
</template>
</q-input>
<!-- CONFIRM -->
<q-input
v-model="password2"
:type="showPassword2 ? 'text' : 'password'"
label="Parola Tekrar"
dense
filled
class="q-mt-sm"
:rules="[confirmRule]"
>
<template #append>
<q-icon
:name="showPassword2 ? 'visibility_off' : 'visibility'"
class="cursor-pointer"
@click="showPassword2 = !showPassword2"
/>
</template>
</q-input>
<!-- ERROR -->
<q-banner
v-if="error"
class="bg-red-1 text-red q-mt-md"
rounded
>
{{ error }}
</q-banner>
</q-card-section>
<!-- ERROR -->
<q-banner
v-if="error"
class="bg-red-1 text-red q-mt-md"
rounded
>
{{ error }}
</q-banner>
</q-card-section>
<q-card-actions align="right">
<q-btn
label="PAROLAYI GÜNCELLE"
color="primary"
:loading="loading"
:disable="!canSubmit"
@click="submit"
/>
</q-card-actions>
<q-card-actions align="right">
<q-btn
type="submit"
label="PAROLAYI GÜNCELLE"
color="primary"
:loading="loading"
:disable="!canSubmit"
/>
</q-card-actions>
</q-form>
</q-card>
<!-- TOKEN INVALID -->

48
ui/src/pages/RoleDepartmentPermissionList.vue
View File

@@ -46,6 +46,9 @@
<q-item clickable @click="selectAllModules">
<q-item-section>Tümünü Seç</q-item-section>
</q-item>
<q-item clickable @click="clearAllModules">
<q-item-section>Tümünü Temizle</q-item-section>
</q-item>
<q-separator />
<q-item
v-for="m in store.modules"
@@ -78,6 +81,9 @@
<q-item clickable @click="selectAllActionsForActive">
<q-item-section>Tümünü Seç</q-item-section>
</q-item>
<q-item clickable @click="clearAllActionsForActive">
<q-item-section>Tümünü Temizle</q-item-section>
</q-item>
<q-separator />
<q-item
v-for="a in actionsForActiveModule"
@@ -180,6 +186,7 @@ const canUpdateUser = canUpdate('user')
const selectedModules = ref([])
const selectedActionsByModule = ref({})
const activeModuleCode = ref('')
const allowEmptySelection = ref(false)
const actionLabelMap = {
update: 'Güncelleme',
@@ -284,9 +291,15 @@ function syncSelections () {
}
const selected = selectedModules.value.filter((m) => availableModules.includes(m))
selectedModules.value = selected.length ? selected : [...availableModules]
if (selected.length) {
selectedModules.value = selected
} else {
selectedModules.value = allowEmptySelection.value ? [] : [...availableModules]
}
if (!selectedModules.value.includes(activeModuleCode.value)) {
if (!selectedModules.value.length) {
activeModuleCode.value = ''
} else if (!selectedModules.value.includes(activeModuleCode.value)) {
activeModuleCode.value = selectedModules.value[0]
}
@@ -295,7 +308,7 @@ function syncSelections () {
const allActions = actionsByModule.value[m] || []
const prev = selectedActionsByModule.value[m] || []
const filtered = prev.filter((a) => allActions.includes(a))
next[m] = filtered.length ? filtered : [...allActions]
next[m] = filtered.length ? filtered : (allowEmptySelection.value ? [] : [...allActions])
})
selectedActionsByModule.value = next
}
@@ -313,6 +326,7 @@ function isModuleSelected (moduleCode) {
}
function toggleModule (moduleCode, checked) {
allowEmptySelection.value = false
const set = new Set(selectedModules.value)
if (checked) {
set.add(moduleCode)
@@ -321,9 +335,8 @@ function toggleModule (moduleCode, checked) {
}
selectedModules.value = [...set]
if (!selectedModules.value.length) {
selectedModules.value = [moduleCode]
}
if (!selectedModules.value.includes(activeModuleCode.value)) {
activeModuleCode.value = ''
} else if (!selectedModules.value.includes(activeModuleCode.value)) {
activeModuleCode.value = selectedModules.value[0]
}
syncSelections()
@@ -334,24 +347,31 @@ function onModuleRowClick (moduleCode) {
}
function selectAllModules () {
allowEmptySelection.value = false
selectedModules.value = (store.modules || []).map((m) => m.value)
syncSelections()
}
function clearAllModules () {
allowEmptySelection.value = true
selectedModules.value = []
selectedActionsByModule.value = {}
activeModuleCode.value = ''
syncSelections()
}
function isActionSelected (moduleCode, action) {
return (selectedActionsByModule.value[moduleCode] || []).includes(action)
}
function toggleAction (moduleCode, action, checked) {
allowEmptySelection.value = false
const current = new Set(selectedActionsByModule.value[moduleCode] || [])
if (checked) {
current.add(action)
} else {
current.delete(action)
}
if (current.size === 0) {
current.add(action)
}
selectedActionsByModule.value = {
...selectedActionsByModule.value,
[moduleCode]: [...current]
@@ -359,6 +379,7 @@ function toggleAction (moduleCode, action, checked) {
}
function selectAllActionsForActive () {
allowEmptySelection.value = false
if (!activeModuleCode.value) return
selectedActionsByModule.value = {
...selectedActionsByModule.value,
@@ -366,6 +387,15 @@ function selectAllActionsForActive () {
}
}
function clearAllActionsForActive () {
allowEmptySelection.value = true
if (!activeModuleCode.value) return
selectedActionsByModule.value = {
...selectedActionsByModule.value,
[activeModuleCode.value]: []
}
}
const permissionColumns = computed(() => {
const cols = []
selectedModules.value.forEach((m) => {

104
ui/src/pages/UserDetail.vue
View File

@@ -12,7 +12,7 @@
<div class="filter-bar row q-col-gutter-md q-mb-sm">
<div class="col-3">
<div class="text-caption text-grey-7 q-mb-xs">Kullanıcı Kodu</div>
<q-input v-model="form.code" dense filled />
<q-input v-model="form.code" dense filled :rules="[codeRule]" lazy-rules />
</div>
<div class="col-4">
@@ -46,6 +46,15 @@
:loading="saving"
@click="onSave"
/>
<q-btn
v-if="canDeleteThisUser"
label="SIL"
color="negative"
icon="delete"
class="q-ml-sm"
:loading="deleting"
@click="confirmDeleteUser"
/>
<q-btn
v-if="canReadUser"
label="LİSTEYE DÖN"
@@ -156,12 +165,22 @@
filled
behavior="menu"
>
<template #selected-item="scope">
<q-chip
removable
dense
class="q-mr-xs"
@remove="scope.removeAtIndex(scope.index)"
>
{{ scope.opt.label }}
</q-chip>
</template>
<template #option="scope">
<q-item v-bind="scope.itemProps" clickable>
<q-item v-bind="scope.itemProps">
<q-item-section avatar>
<q-checkbox
:model-value="scope.selected"
@update:model-value="scope.toggleOption(scope.opt)"
tabindex="-1"
/>
</q-item-section>
<q-item-section>
@@ -205,12 +224,33 @@
filled
behavior="menu"
>
<template #before-options>
<q-item clickable @click="selectAllPiyasalar">
<q-item-section>Tümünü Seç</q-item-section>
</q-item>
<q-item clickable @click="clearPiyasalar">
<q-item-section>Temizle</q-item-section>
</q-item>
<q-separator />
</template>
<template #selected-item="scope">
<q-chip
removable
dense
class="q-mr-xs"
@remove="scope.removeAtIndex(scope.index)"
>
{{ scope.opt.label }}
</q-chip>
</template>
<template #option="scope">
<q-item v-bind="scope.itemProps" clickable>
<q-item v-bind="scope.itemProps">
<q-item-section avatar>
<q-checkbox
:model-value="scope.selected"
@update:model-value="scope.toggleOption(scope.opt)"
tabindex="-1"
@update:model-value="() => scope.toggleOption(scope.opt)"
@click.stop
/>
</q-item-section>
<q-item-section>
@@ -259,10 +299,11 @@ import { storeToRefs } from 'pinia'
import { useUserDetailStore } from 'src/stores/UserDetailStore'
import { usePermission } from 'src/composables/usePermission'
const { canRead, canWrite, canUpdate } = usePermission()
const { canRead, canWrite, canUpdate, canDelete } = usePermission()
const canReadUser = canRead('user')
const canWriteUser = canWrite('user')
const canUpdateUser = canUpdate('user')
const canDeleteUser = canDelete('user')
const $q = useQuasar()
const route = useRoute()
@@ -274,6 +315,7 @@ const {
form,
loading,
saving,
deleting,
roleOptions,
departmentOptions,
piyasaOptions,
@@ -296,6 +338,11 @@ const canAccessPage = computed(() => {
const canSaveUser = computed(() => isNew.value ? canWriteUser.value : canUpdateUser.value)
const userId = computed(() => (isEdit.value || isView.value) ? Number(route.params.id) : null)
const canDeleteThisUser = computed(() =>
(isEdit.value || isView.value) &&
!!userId.value &&
canDeleteUser.value
)
const hasPassword = computed(() => store.hasPassword)
@@ -316,6 +363,16 @@ const canSendPasswordMail = computed(() => {
return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test((form.value.email || '').trim())
})
function selectAllPiyasalar () {
form.value.piyasalar = (piyasaOptions.value || [])
.map((o) => o.value)
.filter(Boolean)
}
function clearPiyasalar () {
form.value.piyasalar = []
}
/* ================= LIFECYCLE ================= */
watch(
() => userId.value,
@@ -341,6 +398,11 @@ async function onSave () {
return
}
if (!(form.value.code || '').trim()) {
$q.notify({ type: 'negative', message: 'Kullanıcı kodu zorunludur' })
return
}
try {
console.log('🟢 onSave() START', { mode: mode.value })
@@ -381,6 +443,36 @@ function goList () {
router.push({ name: 'user-list' })
}
function confirmDeleteUser () {
if (!canDeleteThisUser.value) {
$q.notify({ type: 'negative', message: 'Silme yetkiniz yok' })
return
}
const code = (form.value.code || '').trim()
const label = code || `ID ${userId.value}`
$q.dialog({
title: 'Kullanici silinsin mi?',
message: `${label} kaydi tablodan silinecek. Bu islem geri alinamaz.`,
cancel: true,
persistent: true
}).onOk(async () => {
await deleteUser()
})
}
async function deleteUser () {
try {
await store.deleteUser(userId.value)
$q.notify({ type: 'positive', message: 'Kullanici silindi' })
await router.replace({ name: 'user-list' })
window.location.reload()
} catch {
$q.notify({ type: 'negative', message: store.error || 'Kullanici silinemedi' })
}
}
function confirmSendPasswordMail () {
$q.dialog({

159
ui/src/pages/statementofaccount.vue
View File

@@ -1,5 +1,5 @@
<template>
<q-page v-if="canReadFinance" class="q-pa-md page-col">
<q-page v-if="canReadFinance" class="q-pa-md page-col statement-page">
<!-- 🔹 Cari Kod / İsim (sabit) -->
<div class="filter-sticky">
@@ -47,7 +47,12 @@
<template #append>
<q-icon name="event" class="cursor-pointer">
<q-popup-proxy cover transition-show="scale" transition-hide="scale">
<q-date v-model="dateFrom" mask="YYYY-MM-DD" locale="tr-TR"/>
<q-date
v-model="dateFrom"
mask="YYYY-MM-DD"
locale="tr-TR"
:options="isValidFromDate"
/>
</q-popup-proxy>
</q-icon>
</template>
@@ -63,7 +68,12 @@
<template #append>
<q-icon name="event" class="cursor-pointer">
<q-popup-proxy cover transition-show="scale" transition-hide="scale">
<q-date v-model="dateTo" mask="YYYY-MM-DD" locale="tr-TR" />
<q-date
v-model="dateTo"
mask="YYYY-MM-DD"
locale="tr-TR"
:options="isValidToDate"
/>
</q-popup-proxy>
</q-icon>
</template>
@@ -163,19 +173,21 @@
<!-- Ana Tablo -->
<q-table
class="sticky-table"
class="sticky-table statement-table"
title="Hareketler"
:rows="statementheaderStore.groupedRows"
:columns="columns"
:visible-columns="visibleColumns"
:row-key="row => row.OrderHeaderID + '_' + row.OrderNumber"
:row-key="rowKeyFn"
flat
bordered
dense
hide-bottom
wrap-cells
:rows-per-page-options="[0]"
:loading="statementheaderStore.loading"
:table-style="{ tableLayout: 'auto', minWidth: '1600px' }"
:table-style="{ tableLayout: 'fixed', width: '100%' }"
>
<template #body="props">
@@ -332,6 +344,29 @@ onMounted(async () => {
const dateFrom = ref(dayjs().startOf('year').format('YYYY-MM-DD'))
const dateTo = ref(dayjs().format('YYYY-MM-DD'))
function isValidFromDate (date) {
if (!dateTo.value) return true
return !dayjs(date).isAfter(dayjs(dateTo.value), 'day')
}
function isValidToDate (date) {
if (!dateFrom.value) return true
return !dayjs(date).isBefore(dayjs(dateFrom.value), 'day')
}
function hasInvalidDateRange () {
if (!dateFrom.value || !dateTo.value) return false
return dayjs(dateFrom.value).isAfter(dayjs(dateTo.value), 'day')
}
function notifyInvalidDateRange () {
$q.notify({
type: 'warning',
message: '⚠️ Başlangıç tarihi bitiş tarihinden sonra olamaz.',
position: 'top-right'
})
}
/* Parasal İşlem Tipi */
const monetaryTypeOptions = [
{ label: '1-2 hesap', value: ['1', '2'] },
@@ -373,6 +408,11 @@ async function onFilterClick() {
return
}
if (hasInvalidDateRange()) {
notifyInvalidDateRange()
return
}
await statementheaderStore.loadStatements({
startdate: dateFrom.value,
enddate: dateTo.value,
@@ -483,6 +523,11 @@ async function handleDownload() {
return
}
if (hasInvalidDateRange()) {
notifyInvalidDateRange()
return
}
// ✅ Seçilen parasal işlem tipini gönder
const result = await downloadstpdfStore.downloadPDF(
selectedCari.value, // accountCode
@@ -524,6 +569,11 @@ async function CurrheadDownload() {
return
}
if (hasInvalidDateRange()) {
notifyInvalidDateRange()
return
}
// ✅ Yeni store fonksiyonu doğru şekilde çağrılıyor
const result = await downloadstHeadStore.handlestHeadDownload(
selectedCari.value, // accountCode
@@ -542,3 +592,100 @@ async function CurrheadDownload() {
}
</script>
<style scoped>
.statement-page {
height: calc(100vh - 56px);
display: flex;
flex-direction: column;
overflow: hidden;
}
.table-scroll {
flex: 1;
min-height: 0;
overflow: hidden;
display: flex;
flex-direction: column;
}
.sticky-bar {
position: sticky;
top: 0;
z-index: 20;
flex: 0 0 auto;
}
.statement-table {
flex: 1;
min-height: 0;
}
.statement-table :deep(.q-table__container) {
height: 100%;
display: flex;
flex-direction: column;
}
.statement-table :deep(.q-table__top) {
flex: 0 0 auto;
}
.statement-table :deep(.q-table__middle) {
flex: 1 1 auto;
min-height: 0;
overflow: auto !important;
max-height: none !important;
}
.statement-table :deep(thead th) {
position: sticky;
top: 0;
z-index: 10;
background: #fff;
}
.statement-table :deep(th),
.statement-table :deep(td) {
padding: 3px 6px !important;
font-size: 11px !important;
line-height: 1.2 !important;
}
.statement-table :deep(td) {
white-space: nowrap !important;
overflow: hidden !important;
text-overflow: ellipsis !important;
max-width: 120px;
}
.statement-table :deep(td[data-col="aciklama"]),
.statement-table :deep(th[data-col="aciklama"]) {
max-width: 220px;
}
.statement-table :deep(.resizable-cell-content) {
display: -webkit-box;
-webkit-line-clamp: 2;
-webkit-box-orient: vertical;
overflow: hidden;
white-space: normal !important;
}
@media (max-width: 1366px) {
.statement-table :deep(th),
.statement-table :deep(td) {
font-size: 10px !important;
padding: 2px 4px !important;
}
.statement-table :deep(td) {
max-width: 100px;
}
.statement-table :deep(td[data-col="aciklama"]),
.statement-table :deep(th[data-col="aciklama"]) {
max-width: 180px;
}
}
</style>

14
ui/src/router/index.js
View File

@@ -14,6 +14,9 @@ export default route(function () {
routes
})
if (typeof window !== 'undefined' && process.env.DEV) {
window.__router = router
}
/* ============================================================
🔐 GLOBAL GUARD
@@ -23,6 +26,17 @@ export default route(function () {
const auth = useAuthStore()
const perm = usePermissionStore()
if (typeof window !== 'undefined') {
console.warn('🧭 ROUTE GUARD HIT:', {
path: to.fullPath,
meta: to.meta
})
}
if (typeof window !== 'undefined' && process.env.DEV) {
window.__auth = auth
window.__perm = perm
}
/* ================= PUBLIC ================= */

28
ui/src/router/routes.js
View File

@@ -69,7 +69,7 @@ const routes = [
path: '',
name: 'dashboard',
component: () => import('pages/Dashboard.vue'),
meta: { permission: 'system:read' }
meta: {}
},
@@ -86,28 +86,28 @@ const routes = [
path: 'role-dept-permissions',
name: 'role-dept-permissions',
component: () => import('pages/RoleDepartmentPermissionGateway.vue'),
meta: { permission: 'user:update' }
meta: { permission: 'system:update' }
},
{
path: 'role-dept-permissions/list',
name: 'role-dept-permissions-list',
component: () => import('pages/RoleDepartmentPermissionList.vue'),
meta: { permission: 'user:update' }
meta: { permission: 'system:update' }
},
{
path: 'role-dept-permissions/editor',
name: 'role-dept-permissions-editor',
component: () => import('pages/RoleDepartmentPermissionPage.vue'),
meta: { permission: 'user:update' }
meta: { permission: 'system:update' }
},
{
path: 'user-permissions',
name: 'user-permissions',
component: () => import('pages/UserPermissionPage.vue'),
meta: { permission: 'user:update' }
meta: { permission: 'system:update' }
},
@@ -190,7 +190,7 @@ const routes = [
path: 'activity-logs',
name: 'activity-logs',
component: () => import('pages/ActivityLogs.vue'),
meta: { permission: 'user:view' }
meta: { permission: 'system:read' }
},
@@ -200,7 +200,7 @@ const routes = [
path: 'test-mail',
name: 'test-mail',
component: () => import('pages/TestMail.vue'),
meta: { permission: 'user:insert' }
meta: { permission: 'system:update' }
},
@@ -242,6 +242,20 @@ const routes = [
meta: { permission: 'order:view' }
},
{
path: 'orderproductionupdate',
name: 'orderproductionupdate-list',
component: () => import('pages/OrderProductionUpdateList.vue'),
meta: { permission: 'order:update' }
},
{
path: 'orderproductionupdate/:orderHeaderID',
name: 'orderproductionupdate',
component: () => import('pages/OrderProductionUpdate.vue'),
props: true,
meta: { permission: 'order:update' }
},
{
path: 'order-bulk-close',
name: 'order-bulk-close',

260
ui/src/services/api.js
View File

@@ -1,11 +1,12 @@
// src/services/api.js
import axios from 'axios'
import qs from 'qs'
import { useAuthStore } from 'stores/authStore'
// ✅ Vite uyumlu env okuma
export const API_BASE_URL =
import.meta.env.VITE_API_BASE_URL || '/api'
const rawBaseUrl =
(typeof process !== 'undefined' && process.env?.VITE_API_BASE_URL) || '/api'
export const API_BASE_URL = String(rawBaseUrl).trim().replace(/\/+$/, '')
const AUTH_REFRESH_PATH = '/auth/refresh'
const api = axios.create({
baseURL: API_BASE_URL,
@@ -15,20 +16,69 @@ const api = axios.create({
withCredentials: true
})
/* ============================
REQUEST INTERCEPTOR
============================ */
function isPublicPath(url) {
return (
url.startsWith('/auth/login') ||
url.startsWith(AUTH_REFRESH_PATH) ||
url.startsWith('/password/forgot') ||
url.startsWith('/password/reset')
)
}
function extractToken(payload) {
return (
payload?.token ||
payload?.access_token ||
payload?.data?.token ||
payload?.data?.access_token ||
''
)
}
function isHtmlLike(value) {
const text = String(value || '').trim().toLowerCase()
return text.startsWith('<!doctype html') || text.startsWith('<html')
}
function sanitizeApiErrorDetail(detail, status) {
const normalized = String(detail || '').trim()
if (!normalized) {
if (status === 504) {
return 'Gateway timeout: origin server did not respond in time.'
}
return ''
}
if (isHtmlLike(normalized)) {
if (status === 504) {
return 'Gateway timeout: origin server did not respond in time.'
}
if (status >= 500) {
return `Upstream server error (${status}).`
}
return `Unexpected HTML error response (${status || '-'})`
}
const compact = normalized.replace(/\s+/g, ' ').trim()
if (compact.length > 320) {
return `${compact.slice(0, 320)}...`
}
return compact
}
function redirectToLogin() {
if (typeof window === 'undefined') return
if (window.location.hash === '#/login') return
window.location.hash = '/login'
}
api.interceptors.request.use((config) => {
const auth = useAuthStore()
const url = config.url || ''
const isPublic =
url.startsWith('/auth/login') ||
url.startsWith('/auth/refresh') ||
url.startsWith('/password/forgot') ||
url.startsWith('/password/reset')
if (!isPublic && auth?.token) {
if (!isPublicPath(url) && auth?.token) {
config.headers ||= {}
config.headers.Authorization = `Bearer ${auth.token}`
}
@@ -36,31 +86,113 @@ api.interceptors.request.use((config) => {
return config
})
/* ============================
RESPONSE INTERCEPTOR
============================ */
let isLoggingOut = false
let refreshPromise = null
async function refreshAccessToken() {
if (refreshPromise) {
return refreshPromise
}
refreshPromise = (async () => {
const auth = useAuthStore()
const response = await api.post(
AUTH_REFRESH_PATH,
{},
{
skipAuthRefresh: true,
skipAutoLogout: true
}
)
const rawToken = extractToken(response?.data)
const token = typeof rawToken === 'string' ? rawToken.trim() : ''
const isJwt = token.split('.').length === 3
if (!token || !isJwt) {
throw new Error('Invalid refresh token response')
}
auth.setSession({
token,
user: auth.user || null
})
return token
})().finally(() => {
refreshPromise = null
})
return refreshPromise
}
function clearSessionAndRedirect() {
if (isLoggingOut) return
isLoggingOut = true
try {
useAuthStore().clearSession()
} finally {
isLoggingOut = false
redirectToLogin()
}
}
api.interceptors.response.use(
r => r,
async (error) => {
if (error?.response?.status === 401 && !isLoggingOut) {
isLoggingOut = true
const requestConfig = error?.config || {}
const status = error?.response?.status
const requestUrl = String(requestConfig.url || '')
const hasBlob = typeof Blob !== 'undefined' && error?.response?.data instanceof Blob
const isPasswordChangeRequest =
requestUrl.startsWith('/password/change') ||
requestUrl.startsWith('/me/password')
const isPublicRequest = isPublicPath(requestUrl)
if ((status >= 500 || hasBlob) && error) {
const method = String(requestConfig.method || 'GET').toUpperCase()
const detail = sanitizeApiErrorDetail(
await extractApiErrorDetail(error),
status
)
error.parsedMessage = detail
console.error(`API ${status || '-'} ${method} ${requestUrl}: ${detail}`)
}
const shouldTryRefresh =
status === 401 &&
!requestConfig._retry &&
!requestConfig.skipAuthRefresh &&
!isPasswordChangeRequest &&
!isPublicRequest
if (shouldTryRefresh) {
requestConfig._retry = true
try {
useAuthStore().clearSession()
} finally {
isLoggingOut = false
const newToken = await refreshAccessToken()
requestConfig.headers ||= {}
requestConfig.headers.Authorization = `Bearer ${newToken}`
return api(requestConfig)
} catch {
// fall through to logout
}
}
// Password change endpoints may return 401 for business reasons
// (for example current password mismatch). Keep session in that case.
if (
status === 401 &&
!isPasswordChangeRequest &&
!requestConfig.skipAutoLogout
) {
clearSessionAndRedirect()
}
return Promise.reject(error)
}
)
/* ============================
HELPERS
============================ */
export const get = (u, p = {}, c = {}) =>
api.get(u, { params: p, ...c }).then(r => r.data)
@@ -73,11 +205,75 @@ export const put = (u, b = {}, c = {}) =>
export const del = (u, p = {}, c = {}) =>
api.delete(u, { params: p, ...c }).then(r => r.data)
export const download = (u, p = {}, c = {}) =>
api.get(u, {
params: p,
responseType: 'blob',
...c
}).then(r => r.data)
async function parseBlobErrorMessage(data) {
if (!data) return ''
if (typeof Blob !== 'undefined' && data instanceof Blob) {
try {
const text = (await data.text())?.trim()
if (!text) return ''
try {
const json = JSON.parse(text)
return (
json?.detail ||
json?.message ||
json?.error ||
text
)
} catch {
return text
}
} catch {
return ''
}
}
if (typeof data === 'string') return data.trim()
if (typeof data === 'object') {
return (
data?.detail ||
data?.message ||
data?.error ||
''
)
}
return ''
}
export async function extractApiErrorDetail(err) {
const status = err?.response?.status
let detail =
err?.parsedMessage ||
err?.response?.data?.detail ||
err?.response?.data?.message ||
err?.response?.data?.error ||
''
if (!detail) {
detail = await parseBlobErrorMessage(err?.response?.data)
}
if (!detail) {
detail = err?.message || 'Request failed'
}
return sanitizeApiErrorDetail(detail, status)
}
export const download = async (u, p = {}, c = {}) => {
try {
const r = await api.get(u, { params: p, responseType: 'blob', ...c })
return r.data
} catch (err) {
const detail = await extractApiErrorDetail(err)
const wrapped = new Error(detail)
wrapped.status = err?.response?.status
wrapped.original = err
throw wrapped
}
}
export default api

34
ui/src/stores/OrderProductionItemStore.js Normal file
View File

@@ -0,0 +1,34 @@
// src/stores/OrderProductionItemStore.js
import { defineStore } from 'pinia'
import api from 'src/services/api'
export const useOrderProductionItemStore = defineStore('orderproductionitems', {
state: () => ({
items: [],
loading: false,
error: null
}),
actions: {
async fetchItems (orderHeaderID) {
if (!orderHeaderID) {
this.items = []
return
}
this.loading = true
this.error = null
try {
const res = await api.get(`/orders/production-items/${encodeURIComponent(orderHeaderID)}`)
const data = res?.data
this.items = Array.isArray(data) ? data : []
} catch (err) {
this.items = []
this.error = err?.response?.data || err?.message || 'Liste alınamadı'
} finally {
this.loading = false
}
}
}
})

166
ui/src/stores/OrderProductionUpdateStore.js Normal file
View File

@@ -0,0 +1,166 @@
// src/stores/OrderProductionUpdateStore.js
import { defineStore } from 'pinia'
import api from 'src/services/api'
let lastRequestId = 0
export const useOrderProductionUpdateStore = defineStore('orderproductionupdate', {
state: () => ({
orders: [],
loading: false,
error: null,
filters: {
search: '',
CurrAccCode: '',
OrderDate: ''
}
}),
getters: {
filteredOrders (state) {
let result = state.orders
if (state.filters.CurrAccCode) {
result = result.filter(o => o.CurrAccCode === state.filters.CurrAccCode)
}
if (state.filters.OrderDate) {
result = result.filter(o =>
o.OrderDate?.startsWith(state.filters.OrderDate)
)
}
return result
},
totalVisibleUSD () {
return this.filteredOrders.reduce((sum, o) => {
const value = Number(o.TotalAmountUSD || 0)
return sum + (Number.isFinite(value) ? value : 0)
}, 0)
},
totalPackedVisibleUSD () {
return this.filteredOrders.reduce((sum, o) => {
const value = Number(o.PackedUSD || 0)
return sum + (Number.isFinite(value) ? value : 0)
}, 0)
},
packedVisibleRatePct () {
if (!this.totalVisibleUSD) return 0
return (this.totalPackedVisibleUSD / this.totalVisibleUSD) * 100
}
},
actions: {
async fetchOrders () {
// ==============================
// 📌 REQUEST ID
// ==============================
const rid = ++lastRequestId
// ==============================
// 📌 SEARCH SNAPSHOT
// ==============================
const raw = this.filters.search ?? ''
const trimmed = String(raw).trim()
// ==============================
// 📌 REQUEST LOG
// ==============================
console.groupCollapsed(
`%c[orders-prod] FETCH rid=${rid}`,
'color:#1976d2;font-weight:bold'
)
console.log('raw =', JSON.stringify(raw), 'len=', String(raw).length)
console.log('trimmed =', JSON.stringify(trimmed), 'len=', trimmed.length)
console.log('filters =', JSON.parse(JSON.stringify(this.filters)))
console.log('lastRID =', lastRequestId)
console.groupEnd()
this.loading = true
this.error = null
try {
// ==============================
// 📌 PARAMS
// ==============================
const params = {}
if (trimmed) params.search = trimmed
// ==============================
// 📌 API CALL
// ==============================
const res = await api.get('/orders/production-list', { params })
// ==============================
// 📌 STALE CHECK
// ==============================
if (rid !== lastRequestId) {
console.warn(
`[orders-prod] IGNORE stale response rid=${rid} last=${lastRequestId}`
)
return
}
// ==============================
// 📌 DATA
// ==============================
const data = res?.data
this.orders = Array.isArray(data) ? data : []
// ==============================
// 📌 RESPONSE LOG
// ==============================
console.groupCollapsed(
`%c[orders-prod] RESPONSE rid=${rid} count=${this.orders.length}`,
'color:#2e7d32;font-weight:bold'
)
console.log('status =', res?.status)
console.log(
'sample =',
this.orders.slice(0, 5).map(o => ({
id: o.OrderHeaderID,
no: o.OrderNumber,
code: o.CurrAccCode,
name: o.CurrAccDescription
}))
)
console.groupEnd()
} catch (err) {
if (rid !== lastRequestId) return
console.error(
'[orders-prod] FETCH FAILED',
err?.response?.status,
err?.response?.data || err
)
this.orders = []
this.error =
err?.response?.data ||
err?.message ||
'Sipariş listesi alınamadı'
} finally {
if (rid === lastRequestId) {
this.loading = false
}
}
}
}
})

47
ui/src/stores/UserDetailStore.js
View File

@@ -1,6 +1,6 @@
// src/stores/userDetailStore.js
import { defineStore } from 'pinia'
import api, { get, post, put } from 'src/services/api'
import api, { get, post, put, del } from 'src/services/api'
export const useUserDetailStore = defineStore('userDetail', {
state: () => ({
@@ -11,6 +11,7 @@ export const useUserDetailStore = defineStore('userDetail', {
/* ================= FLAGS ================= */
loading: false,
saving: false,
deleting: false,
error: null,
/* ================= FORM ================= */
@@ -23,9 +24,9 @@ export const useUserDetailStore = defineStore('userDetail', {
is_active: true,
address: '',
roles: [],
departments: [],
departments: null,
piyasalar: [],
nebim_users: []
nebim_users: null
},
/* ================= LOOKUPS ================= */
@@ -49,9 +50,9 @@ export const useUserDetailStore = defineStore('userDetail', {
is_active: true,
address: '',
roles: [],
departments: [],
departments: null,
piyasalar: [],
nebim_users: []
nebim_users: null
}
this.error = null
this.hasPassword = false
@@ -91,6 +92,14 @@ export const useUserDetailStore = defineStore('userDetail', {
📦 PAYLOAD BUILDER (BACKEND SÖZLEŞMESİYLE UYUMLU)
===================================================== */
buildPayload () {
const departmentCodes = Array.isArray(this.form.departments)
? this.form.departments
: (this.form.departments ? [this.form.departments] : [])
const nebimUsernames = Array.isArray(this.form.nebim_users)
? this.form.nebim_users
: (this.form.nebim_users ? [this.form.nebim_users] : [])
return {
code: this.form.code,
full_name: this.form.full_name,
@@ -101,14 +110,11 @@ export const useUserDetailStore = defineStore('userDetail', {
roles: this.form.roles,
// ✅ TEK DEPARTMAN (string → backend array)
departments: this.form.departments
? [{ code: this.form.departments }]
: [],
departments: departmentCodes.map(code => ({ code })),
piyasalar: (this.form.piyasalar || []).map(code => ({ code })),
nebim_users: (this.form.nebim_users || []).map(username => {
nebim_users: nebimUsernames.map(username => {
const opt = (this.nebimUserOptions || []).find(x => x.value === username)
return {
username,
@@ -137,9 +143,9 @@ export const useUserDetailStore = defineStore('userDetail', {
this.form.address = data.address || ''
this.form.roles = data.roles || []
this.form.departments = (data.departments || []).map(x => x.code)
this.form.departments = (data.departments || []).map(x => x.code)[0] || null
this.form.piyasalar = (data.piyasalar || []).map(x => x.code)
this.form.nebim_users = (data.nebim_users || []).map(x => x.username)
this.form.nebim_users = (data.nebim_users || []).map(x => x.username)[0] || null
this.hasPassword = !!data.has_password
} catch (e) {
@@ -217,6 +223,23 @@ export const useUserDetailStore = defineStore('userDetail', {
}
},
/* =====================================================
🗑️ DELETE USER
===================================================== */
async deleteUser (id) {
this.deleting = true
this.error = null
try {
await del(`/users/${id}`)
} catch (e) {
this.error = 'Kullanici silinemedi'
throw e
} finally {
this.deleting = false
}
},
/* =====================================================
📚 LOOKUPS (NEW + EDIT ORTAK)
===================================================== */

45
ui/src/stores/authStore.js
View File

@@ -3,6 +3,40 @@ import { defineStore } from 'pinia'
import api from 'src/services/api'
import { usePermissionStore } from 'stores/permissionStore'
function normalizeRoleCode (value) {
return String(value || '').trim().toLowerCase()
}
function roleCodeFromUser (user) {
if (!user || typeof user !== 'object') return ''
return normalizeRoleCode(
user.role_code ??
user.roleCode ??
user.RoleCode
)
}
function decodeJwtPayload (token) {
const raw = String(token || '').trim()
if (!raw) return null
const parts = raw.split('.')
if (parts.length !== 3) return null
try {
const base64 = parts[1]
.replace(/-/g, '+')
.replace(/_/g, '/')
.padEnd(Math.ceil(parts[1].length / 4) * 4, '=')
const json = atob(base64)
return JSON.parse(json)
} catch {
return null
}
}
export const useAuthStore = defineStore('auth', {
state: () => {
let user = null
@@ -29,8 +63,13 @@ export const useAuthStore = defineStore('auth', {
mustChangePassword: s => !!s.forcePasswordChange,
// 🔥 TEK ADMIN KURALI
isAdmin: s =>
String(s.user?.role_code || '').toLowerCase() === 'admin'
isAdmin: s => {
const fromUser = roleCodeFromUser(s.user)
if (fromUser) return fromUser === 'admin'
const payload = decodeJwtPayload(s.token)
return normalizeRoleCode(payload?.role_code) === 'admin'
}
},
actions: {
@@ -39,7 +78,7 @@ export const useAuthStore = defineStore('auth', {
========================================================= */
setSession ({ token, user }) {
this.token = token
this.user = user ?? null
this.user = user || null
this.forcePasswordChange = !!user?.force_password_change
localStorage.setItem('token', token)

10
ui/src/stores/downloadstHeadStore.js
View File

@@ -1,6 +1,6 @@
// src/stores/downloadstHeadStore.js
import { defineStore } from 'pinia'
import { download } from 'src/services/api'
import { download, extractApiErrorDetail } from 'src/services/api'
export const useDownloadstHeadStore = defineStore('downloadstHead', {
actions: {
@@ -37,12 +37,14 @@ export const useDownloadstHeadStore = defineStore('downloadstHead', {
return { ok: true, message: '📄 PDF hazırlandı' }
} catch (err) {
console.error('❌ PDF açma hatası:', err)
const detail = await extractApiErrorDetail(err)
const status = err?.status || err?.response?.status || '-'
console.error(`? PDF a<>ma hatas<61> [${status}] /exportstamentheaderreport-pdf: ${detail}`)
return {
ok: false,
message:
err?.message ||
'PDF açma hatası'
detail ||
'PDF a<EFBFBD>ma hatas<EFBFBD>'
}
}
}

10
ui/src/stores/downloadstpdfStore.js
View File

@@ -1,6 +1,6 @@
// src/stores/downloadstpdfStore.js
import { defineStore } from 'pinia'
import { download } from 'src/services/api'
import { download, extractApiErrorDetail } from 'src/services/api'
export const useDownloadstpdfStore = defineStore('downloadstpdf', {
actions: {
@@ -37,13 +37,15 @@ export const useDownloadstpdfStore = defineStore('downloadstpdf', {
return { ok: true, message: '📄 PDF hazırlandı' }
} catch (err) {
console.error('❌ PDF açma hatası:', err)
const detail = await extractApiErrorDetail(err)
const status = err?.status || err?.response?.status || '-'
console.error(`? PDF a<>ma hatas<61> [${status}] /export-pdf: ${detail}`)
return {
ok: false,
message:
err?.message ||
'PDF alınamadı'
detail ||
'PDF al<EFBFBD>namad<EFBFBD>'
}
}
}

274
ui/src/stores/orderentryStore.js
View File

@@ -3,7 +3,7 @@
=========================================================== */
import { defineStore } from 'pinia'
import api from 'src/services/api'
import api, { extractApiErrorDetail } from 'src/services/api'
import dayjs from 'src/boot/dayjs'
import { ref, toRaw, nextTick } from 'vue' // ✅ düzeltildi
import { useAuthStore } from 'src/stores/authStore'
@@ -43,12 +43,12 @@ export function buildComboKey(row, beden) {
export const BEDEN_SCHEMA = [
{ key: 'tak', title: 'TAKIM ELBISE', values: ['44','46','48','50','52','54','56','58','60','62','64','66','68','70','72','74'] },
{ key: 'ayk', title: 'AYAKKABI', values: ['39','40','41','42','43','44','45'] },
{ key: 'yas', title: 'YAŞ', values: ['2','4','6','8','10','12','14'] },
{ key: 'yas', title: 'YAS', values: ['2','4','6','8','10','12','14'] },
{ key: 'pan', title: 'PANTOLON', values: ['38','40','42','44','46','48','50','52','54','56','58','60','62','64','66','68'] },
{ key: 'gom', title: 'GÖMLEK', values: ['XS','S','M','L','XL','2XL','3XL','4XL','5XL','6XL','7XL'] },
{ key: 'tak', title: 'TAKIM ELBİSE', values: ['44','46','48','50','52','54','56','58','60','62','64','66','68','70','72','74'] },
{ key: 'aksbir', title: 'AKSESUAR', values: [' ', '44', 'STD', '110CM', '115CM', '120CM', '125CM', '130CM', '135CM'] }
{ key: 'gom', title: 'GOMLEK', values: ['XS','S','M','L','XL','2XL','3XL','4XL','5XL','6XL','7XL'] },
{ key: 'aksbir', title: 'AKSESUAR', values: [' ', '44', 'STD', '110', '115', '120', '125', '130', '135'] }
]
export const schemaByKey = BEDEN_SCHEMA.reduce((m, g) => {
@@ -268,7 +268,7 @@ export const useOrderEntryStore = defineStore('orderentry', {
if (!Array.isArray(invalidList) || invalidList.length === 0) return
return new Promise(resolve => {
$q.dialog({
const dlg = $q.dialog({
title: '🚨 Tanımsız Ürün Kombinasyonları',
message: `
<div style="max-height:60vh;overflow:auto">
@@ -309,16 +309,18 @@ export const useOrderEntryStore = defineStore('orderentry', {
})
.onOk(() => resolve())
.onDismiss(() => resolve())
.onShown(() => {
// Satıra tıklama → scroll + highlight
const nodes = document.querySelectorAll('.invalid-row')
nodes.forEach(n => {
n.addEventListener('click', () => {
const ck = n.getAttribute('data-clientkey')
this.scrollToInvalidRow?.(ck)
})
// Quasar v2 chain API'de onShown yok; dialog DOM'u render olduktan sonra bağla.
setTimeout(() => {
if (!dlg) return
const nodes = document.querySelectorAll('.invalid-row')
nodes.forEach(n => {
n.addEventListener('click', () => {
const ck = n.getAttribute('data-clientkey')
this.scrollToInvalidRow?.(ck)
})
})
}, 0)
})
}
,
@@ -389,8 +391,10 @@ export const useOrderEntryStore = defineStore('orderentry', {
})
return resp.data
} catch (err) {
console.error("❌ fetchOrderPdf hata:", err)
throw err
const detail = await extractApiErrorDetail(err)
const status = err?.status || err?.response?.status || '-'
console.error(`? fetchOrderPdf hata [${status}] order=${orderId}: ${detail}`)
throw new Error(detail)
}
}
,
@@ -414,8 +418,11 @@ export const useOrderEntryStore = defineStore('orderentry', {
setTimeout(() => URL.revokeObjectURL(url), 60_000)
} catch (err) {
console.error('❌ PDF açma hatası:', err)
throw err
const detail = await extractApiErrorDetail(err)
const orderId = id || this.header?.OrderHeaderID || '-'
const status = err?.status || err?.response?.status || '-'
console.error(`? PDF a<>ma hatas<61> [${status}] order=${orderId}: ${detail}`)
throw new Error(detail)
}
}
@@ -1817,7 +1824,9 @@ export const useOrderEntryStore = defineStore('orderentry', {
// MERGE: bedenleri topluyoruz (override değil)
const merged = { ...(prevMap || {}) }
for (const [k, v] of Object.entries(newMap || {})) {
const beden = (k == null || String(k).trim() === '') ? ' ' : String(k).trim()
const beden = (k == null || String(k).trim() === '')
? ' '
: normalizeBedenLabel(String(k))
merged[beden] = Number(merged[beden] || 0) + Number(v || 0)
}
@@ -2231,11 +2240,11 @@ export const useOrderEntryStore = defineStore('orderentry', {
merged[modelKey] ??= []
const beden = (
raw.ItemDim1Code == null || String(raw.ItemDim1Code).trim() === ''
? ' '
: String(raw.ItemDim1Code).trim().toUpperCase()
)
const bedenRaw =
raw.ItemDim1Code == null
? ''
: String(raw.ItemDim1Code).trim()
const beden = bedenRaw === '' ? ' ' : normalizeBedenLabel(bedenRaw)
const qty = Number(raw.Qty1 || raw.Qty || 0)
@@ -2310,8 +2319,25 @@ export const useOrderEntryStore = defineStore('orderentry', {
row.kategori
)
const cleanedMap = { ...row.__tmpMap }
const hasNonBlankBeden = Object.keys(cleanedMap)
.some(k => String(k).trim() !== '')
// Gomlek/takim/pantolon gibi gruplarda bos beden sadece legacy kirli veri olabilir.
// Gecerli bedenler varsa bos bedeni payload/UI'dan temizliyoruz.
if (grpKey !== 'aksbir' && hasNonBlankBeden) {
delete cleanedMap[' ']
delete cleanedMap['']
if (row.lineIdMap && typeof row.lineIdMap === 'object') {
delete row.lineIdMap[' ']
delete row.lineIdMap['']
}
}
row.grpKey = grpKey
row.bedenMap = { [grpKey]: { ...row.__tmpMap } }
row.bedenMap = { [grpKey]: { ...cleanedMap } }
row.adet = Object.values(cleanedMap).reduce((a, b) => a + (Number(b) || 0), 0)
row.tutar = Number((row.adet * Number(row.fiyat || 0)).toFixed(2))
/* ===================================================
🔒 AKSBİR — BOŞLUK BEDEN GERÇEK ADETİ ALIR
@@ -2485,9 +2511,9 @@ export const useOrderEntryStore = defineStore('orderentry', {
const g = (row?.urunAnaGrubu || '').toUpperCase()
if (g.includes('TAKIM')) return 'tak'
if (g.includes('PANTOLON')) return 'pan'
if (g.includes('GÖMLEK')) return 'gom'
if (g.includes('GOMLEK')) return 'gom'
if (g.includes('AYAKKABI')) return 'ayk'
if (g.includes('YAŞ')) return 'yas'
if (g.includes('YAS')) return 'yas'
return 'tak'
},
/* =======================================================
@@ -2725,7 +2751,19 @@ export const useOrderEntryStore = defineStore('orderentry', {
======================================================= */
if (choice === 'print') {
const id = this.header?.OrderHeaderID || serverOrderId
if (id) await this.downloadOrderPdf(id)
if (id) {
try {
await this.downloadOrderPdf(id)
} catch (pdfErr) {
console.error('⚠️ PDF açılamadı, kayıt başarılı:', pdfErr)
$q.notify({
type: 'warning',
message:
pdfErr?.message ||
'Sipariş kaydedildi fakat PDF açılamadı.'
})
}
}
return
}
@@ -2743,6 +2781,7 @@ export const useOrderEntryStore = defineStore('orderentry', {
$q.notify({
type: 'negative',
message:
err?.response?.data?.detail ||
err?.response?.data?.message ||
err?.message ||
'Kayıt sırasında hata'
@@ -3054,6 +3093,12 @@ export const useOrderEntryStore = defineStore('orderentry', {
/* 🔹 BEDENSİZ / AKSBİR */
if (!hasAnyBeden) {
const allowBlankPayload =
grpKey === 'aksbir' || row._deleteSignal === true
if (!allowBlankPayload) {
continue
}
const qty = toNum(row.qty ?? row.Qty1 ?? row.miktar ?? 0)
// ✅ ComboKey stabil: bedenKey = '_'
@@ -3067,6 +3112,7 @@ export const useOrderEntryStore = defineStore('orderentry', {
orderLineId =
safeStr(lineIdMap?.[bedenKey]) ||
safeStr(lineIdMap?.[bedenPayload]) ||
safeStr(lineIdMap?.[' ']) ||
safeStr(row.OrderLineID)
}
@@ -3083,6 +3129,15 @@ export const useOrderEntryStore = defineStore('orderentry', {
/* 🔹 BEDENLİ */
for (const [bedenRaw, qtyRaw] of Object.entries(map)) {
const isBlankBeden = safeStr(bedenRaw) === ''
if (
isBlankBeden &&
grpKey !== 'aksbir' &&
row._deleteSignal !== true
) {
continue
}
const qty = toNum(qtyRaw)
// ✅ payload beden: '' / 'S' / 'M' ...
@@ -3096,6 +3151,7 @@ export const useOrderEntryStore = defineStore('orderentry', {
orderLineId =
safeStr(lineIdMap?.[bedenKey]) ||
safeStr(lineIdMap?.[bedenPayload]) ||
safeStr(lineIdMap?.[' ']) ||
(Object.keys(map).length === 1
? safeStr(row.OrderLineID)
: '')
@@ -3220,85 +3276,133 @@ export const useOrderEntryStore = defineStore('orderentry', {
/* ===========================================================
🔹 BEDEN LABEL NORMALİZASYONU (exported helper)
Size Label Normalization (frontend helper)
=========================================================== */
function safeTrimUpperJs(v) {
return (v == null ? '' : String(v)).trim().toUpperCase()
}
function normalizeTextForMatch(v) {
return safeTrimUpperJs(v)
.normalize('NFD')
.replace(/[\u0300-\u036f]/g, '')
}
function parseNumericSizeJs(v) {
const s = safeTrimUpperJs(v)
if (s === '' || !/^\d+$/.test(s)) return null
const n = Number.parseInt(s, 10)
return Number.isNaN(n) ? null : n
}
export function normalizeBedenLabel(v) {
if (v === null || v === undefined) return ' '
let s = String(v).trim()
let s = (v == null ? '' : String(v)).trim()
if (s === '') return ' '
// 44R, 50L vb. son ekleri at
s = s.replace(/(^\d+)\s*[A-Z]?$/i, '$1')
s = s.toUpperCase()
// harfli bedenlerin normalizasyonu
const map = {
'XS': 'XS', 'S': 'S', 'M': 'M', 'L': 'L', 'XL': 'XL',
'XXL': '2XL', '2XL': '2XL', '3XL': '3XL', '4XL': '4XL',
'5XL': '5XL', '6XL': '6XL', '7XL': '7XL', 'STD': 'STD'
// Backend parity: normalize common "standard size" aliases.
switch (s) {
case 'STD':
case 'STANDART':
case 'STANDARD':
case 'ONE SIZE':
case 'ONESIZE':
return 'STD'
}
if (map[s]) return map[s]
// tamamen sayıysa string olarak döndür
if (/^\d+$/.test(s)) return s
// Backend parity: only values ending with CM are converted to numeric part.
if (s.endsWith('CM')) {
const num = s.slice(0, -2).trim()
if (num !== '') return num
}
switch (s) {
case 'XS':
case 'S':
case 'M':
case 'L':
case 'XL':
case '2XL':
case '3XL':
case '4XL':
case '5XL':
case '6XL':
case '7XL':
return s
}
// virgüllü değer geldiyse ilkini al
if (s.includes(',')) return s.split(',')[0].trim()
return s
}
// Backward-compatible alias kept for older call sites/bundles.
export function normalizeBeden(v) {
return normalizeBedenLabel(v)
}
/* ===========================================================
🔹 BEDEN GRUBU ALGILAMA HELPERI
-----------------------------------------------------------
Gelen beden listesini, ürün grubu/kategori bilgisine göre
doğru grup anahtarına dönüştürür (ayk, yas, pan, gom, tak, aksbir).
-----------------------------------------------------------
=========================================================== */
Size Group Detection
- Core logic aligned with backend detectBedenGroupGo
- Keeps frontend aksbir bucket for accessory lines
=========================================================== */
export function detectBedenGroup(bedenList, urunAnaGrubu = '', urunKategori = '') {
const list = Array.isArray(bedenList) && bedenList.length > 0
? bedenList.map(v => (v || '').toString().trim().toUpperCase())
: [' ']
const list = Array.isArray(bedenList) ? bedenList : []
const ana = normalizeTextForMatch(urunAnaGrubu)
const alt = normalizeTextForMatch(urunKategori)
const ana = (urunAnaGrubu || '')
.toUpperCase()
.trim()
.replace(/\(.*?\)/g, '')
.replace(/[^A-ZÇĞİÖŞÜ0-9\s]/g, '')
.replace(/\s+/g, ' ')
const kat = (urunKategori || '').toUpperCase().trim()
// 🔸 Aksesuar ise "aksbir"
const aksesuarGruplari = [
'AKSESUAR','KRAVAT','PAPYON','KEMER','CORAP','ÇORAP',
'FULAR','MENDIL','MENDİL','KASKOL','ASKI',
'YAKA','KOL DUGMESI','KOL DÜĞMESİ'
// Frontend compatibility: accessory-only products should stay in aksbir.
const accessoryGroups = [
'AKSESUAR', 'KRAVAT', 'PAPYON', 'KEMER', 'CORAP',
'FULAR', 'MENDIL', 'KASKOL', 'ASKI', 'YAKA', 'KOL DUGMESI'
]
const giyimGruplari = ['GÖMLEK','CEKET','PANTOLON','MONT','YELEK','TAKIM','TSHIRT','TİŞÖRT']
// 🔸 Pantolon özel durumu
const clothingGroups = ['GOMLEK', 'CEKET', 'PANTOLON', 'MONT', 'YELEK', 'TAKIM', 'TSHIRT']
if (
aksesuarGruplari.some(g => ana.includes(g) || kat.includes(g)) &&
!giyimGruplari.some(g => ana.includes(g))
) return 'aksbir'
if (ana.includes('PANTOLON') && kat.includes('YETİŞKİN')) return 'pan'
// 🔸 Tamamen numerik (örneğin 39-44 arası) → ayakkabı
const allNumeric = list.every(v => /^\d+$/.test(v))
if (allNumeric) {
const nums = list.map(v => parseInt(v, 10)).filter(Boolean)
const diffs = nums.slice(1).map((v, i) => v - nums[i])
if (diffs.every(d => d === 1) && nums[0] >= 35 && nums[0] <= 46) return 'ayk'
accessoryGroups.some(g => ana.includes(g) || alt.includes(g)) &&
!clothingGroups.some(g => ana.includes(g))
) {
return 'aksbir'
}
// 🔸 Yaş grubu (çocuk/garson)
if (kat.includes('GARSON') || kat.includes('ÇOCUK')) return 'yas'
if (ana.includes('AYAKKABI') || alt.includes('AYAKKABI')) {
return 'ayk'
}
// 🔸 Harfli beden varsa doğrudan "gom" (gömlek, üst giyim)
const harfliBedenler = ['XS','S','M','L','XL','XXL','3XL','4XL']
if (list.some(b => harfliBedenler.includes(b))) return 'gom'
let hasYasNumeric = false
let hasAykNumeric = false
let hasPanNumeric = false
for (const raw of list) {
const b = safeTrimUpperJs(raw)
switch (b) {
case 'XS':
case 'S':
case 'M':
case 'L':
case 'XL':
case '2XL':
case '3XL':
case '4XL':
case '5XL':
case '6XL':
case '7XL':
return 'gom'
}
const n = parseNumericSizeJs(b)
if (n == null) continue
if (n >= 2 && n <= 14) hasYasNumeric = true
if (n >= 39 && n <= 45) hasAykNumeric = true
if (n >= 38 && n <= 68) hasPanNumeric = true
}
if (hasAykNumeric) return 'ayk'
if (ana.includes('PANTOLON')) return 'pan'
if (hasPanNumeric) return 'pan'
if (alt.includes('COCUK') || alt.includes('GARSON')) return 'yas'
if (hasYasNumeric) return 'yas'
// 🔸 Varsayılan: takım elbise
return 'tak'
}
@@ -3316,7 +3420,7 @@ export function toSummaryRowFromForm(form) {
const lbl =
rawLbl == null || String(rawLbl).trim() === ''
? ' '
: String(rawLbl).trim()
: normalizeBedenLabel(String(rawLbl))
const val = Number(values[i] || 0)
if (val > 0) {

11
ui/src/stores/permissionStore.js
View File

@@ -165,13 +165,12 @@ export const usePermissionStore = defineStore('permission', {
try {
// API ROUTES
const routesRes = await api.get('/permissions/routes')
const [routesRes, effRes] = await Promise.all([
api.get('/permissions/routes'),
api.get('/permissions/effective')
])
this.routes = routesRes.data || []
// EFFECTIVE MATRIX
const effRes = await api.get('/permissions/effective')
this.matrix = effRes.data || []
console.group('🔐 PERMISSION DEBUG')