payfrit/payfrit-biz
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2026-03-21. You can view files and clone it, but cannot push or open issues or pull requests.
payfrit-biz/api/auth/validateToken.cfm
John Mizerek 39448c5d91 Fix prefixed column names in auth, orders, portal team, users search, workers APIs 
Updated Users (UserID, UserFirstName, UserLastName, UserEmailAddress, UserContactNumber),
ServicePoints (ServicePointID, ServicePointName, ServicePointTypeID), and Businesses
(BusinessID, BusinessName, BusinessTaxRate, BusinessPhone) column references with proper
prefixed names and AS aliases for API compatibility.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-31 17:43:33 -08:00

72 lines
2 KiB
Text
Raw Blame History

<cfsetting showdebugoutput="false">
<cfsetting enablecfoutputonly="true">
<cfcontent type="application/json; charset=utf-8" reset="true">
<cfscript>
// Validate a user token (for WebSocket server authentication)
// Input: Token
// Output: { OK: true, UserID: ..., UserType: 'customer'/'worker' }
function apiAbort(required struct payload) {
writeOutput(serializeJSON(payload));
abort;
}
function readJsonBody() {
var raw = getHttpRequestData().content;
if (isNull(raw)) raw = "";
if (!len(trim(raw))) return {};
try {
var data = deserializeJSON(raw);
if (isStruct(data)) return data;
} catch (any e) {}
return {};
}
try {
data = readJsonBody();
token = trim(structKeyExists(data, "Token") ? data.Token : "");
if (!len(token)) {
apiAbort({ "OK": false, "ERROR": "missing_params", "MESSAGE": "Token is required" });
}
// Look up the token
qToken = queryExecute("
SELECT ut.UserID, u.UserFirstName AS FirstName, u.UserLastName AS LastName
FROM UserTokens ut
JOIN Users u ON u.UserID = ut.UserID
WHERE ut.Token = :token
LIMIT 1
", { token: { value: token, cfsqltype: "cf_sql_varchar" } }, { datasource: "payfrit" });
if (qToken.recordCount == 0) {
apiAbort({ "OK": false, "ERROR": "invalid_token", "MESSAGE": "Token is invalid or expired" });
}
userID = qToken.UserID;
// Determine if user is a worker (has any active employment)
qWorker = queryExecute("
SELECT COUNT(*) as cnt
FROM Employees
WHERE UserID = :userID AND IsActive = 1
", { userID: { value: userID, cfsqltype: "cf_sql_integer" } }, { datasource: "payfrit" });
userType = qWorker.cnt > 0 ? "worker" : "customer";
apiAbort({
"OK": true,
"UserID": userID,
"UserType": userType,
"UserName": trim(qToken.FirstName & " " & qToken.LastName)
});
} catch (any e) {
apiAbort({
"OK": false,
"ERROR": "server_error",
"MESSAGE": e.message
});
}
</cfscript>
Reference in a new issue View git blame Copy permalink