payfrit/payfrit-works
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
payfrit-works/api/auth/login.cfm
John Mizerek 41122fc0fb fix: correct CFScript syntax in login endpoint 
- Fix cflock to lock in CFScript
- Remove var keyword at top-level scope (outside functions)
- Fixes 500 error and now returns proper JSON responses
2025-12-29 10:01:43 -08:00

114 lines
2.7 KiB
Text
Raw Blame History

<cfsetting showdebugoutput="false">
<cfsetting enablecfoutputonly="true">
<cfscript>
/*
PATH:
C:\lucee\tomcat\webapps\ROOT\biz.payfrit.com\api\auth\login.cfm
INPUT (JSON):
{ "username": "...", "password": "..." }
OUTPUT (JSON):
{ OK:true, ERROR:"", UserID:123, UserFirstName:"...", Token:"..." }
Uses existing UserTokens table:
TokenID (auto), UserID, Token, CreatedAt (DEFAULT CURRENT_TIMESTAMP)
-> INSERT does NOT include CreatedAt.
*/
function apiAbort(required struct payload) {
writeOutput(serializeJSON(payload));
abort;
}
function readJsonBody() {
var raw = getHttpRequestData().content;
if (isNull(raw)) raw = "";
if (!len(trim(raw))) return {};
try {
var data = deserializeJSON(raw);
if (isStruct(data)) return data;
} catch (any e) {}
return {};
}
function normalizeUsername(required string u) {
var x = trim(arguments.u);
x = replace(x, " ", "", "all");
x = replace(x, "(", "", "all");
x = replace(x, ")", "", "all");
x = replace(x, "-", "", "all");
return x;
}
data = readJsonBody();
username = structKeyExists(data, "username") ? normalizeUsername("" & data.username) : "";
password = structKeyExists(data, "password") ? ("" & data.password) : "";
if (!len(username) || !len(password)) {
apiAbort({ "OK": false, "ERROR": "missing_fields" });
}
try {
q = queryExecute(
"
SELECT UserID, UserFirstName
FROM Users
WHERE
(
(UserEmailAddress = ?) OR
(UserContactNumber = ?)
)
AND UserPassword = ?
AND UserIsEmailVerified = 1
AND UserIsContactVerified > 0
LIMIT 1
",
[
{ value = username, cfsqltype = "cf_sql_varchar" },
{ value = username, cfsqltype = "cf_sql_varchar" },
{ value = hash(password), cfsqltype = "cf_sql_varchar" }
],
{ datasource = "payfrit" }
);
if (q.recordCount NEQ 1) {
apiAbort({ "OK": false, "ERROR": "bad_credentials" });
}
token = replace(createUUID(), "-", "", "all");
queryExecute(
"INSERT INTO UserTokens (UserID, Token) VALUES (?, ?)",
[
{ value = q.UserID, cfsqltype = "cf_sql_integer" },
{ value = token, cfsqltype = "cf_sql_varchar" }
],
{ datasource = "payfrit" }
);
// Optional: also set session for browser tools
lock timeout="15" throwontimeout="yes" type="exclusive" scope="session" {
session.UserID = q.UserID;
}
request.UserID = q.UserID;
writeOutput(serializeJSON({
"OK": true,
"ERROR": "",
"UserID": q.UserID,
"UserFirstName": q.UserFirstName,
"Token": token
}));
abort;
} catch (any e) {
apiAbort({
"OK": false,
"ERROR": "server_error",
"MESSAGE": "DB error during login",
"DETAIL": e.message
});
}
</cfscript>
Reference in a new issue View git blame Copy permalink