diff --git a/server.js b/server.js index 78b633b..fe106a7 100644 --- a/server.js +++ b/server.js @@ -341,35 +341,16 @@ app.post('/subscribe', authenticateToken, async (req, res) => { } }); - app.get('/api/user/notes', authenticateToken, async (req, res) => { - try { - const notes = await db.all("SELECT admin_username, note_text, created_at FROM notes WHERE employee_user_id = ? ORDER BY created_at DESC", [req.user.id]); - try { - const userSubs = await db.all('SELECT subscription_object FROM subscriptions WHERE user_id = ?', [userId]); - const payload = JSON.stringify({ - title: 'You Have a New Note', - body: `A new note has been added by ${adminUsername}.` - }); - - const promises = userSubs.map(s => { - const subscription = JSON.parse(s.subscription_object); - return webpush.sendNotification(subscription, payload).catch(err => { - if (err.statusCode === 410) db.run('DELETE FROM subscriptions WHERE subscription_object = ?', [s.subscription_object]); - else console.error('Error sending employee notification:', err); - }); - }); - - await Promise.all(promises); -} catch (notifyError) { - console.error('Failed to send employee notification:', notifyError); -} - - res.json(notes); - } catch (err) { - res.status(500).json({ message: 'Failed to fetch notes.' }); - } - }); +app.get('/api/user/notes', authenticateToken, async (req, res) => { + try { + const notes = await db.all("SELECT admin_username, note_text, created_at FROM notes WHERE employee_user_id = ? ORDER BY created_at DESC", [req.user.id]); + // The notification block has been removed from here. + res.json(notes); + } catch (err) { + res.status(500).json({ message: 'Failed to fetch notes.' }); + } +}); // --- Admin User Management --- app.get('/api/admin/users', authenticateToken, requireRole('admin'), async (req, res) => { @@ -617,17 +598,40 @@ app.post('/api/admin/notify', authenticateToken, requireRole('admin'), async (re } }); - app.post('/api/admin/notes', authenticateToken, requireRole('admin'), async (req, res) => { +app.post('/api/admin/notes', authenticateToken, requireRole('admin'), async (req, res) => { + try { + const { userId, noteText } = req.body; + const adminUsername = req.user.username; + if (!userId || !noteText) return res.status(400).json({ message: "Employee and note text are required." }); + + await db.run('INSERT INTO notes (admin_username, employee_user_id, note_text) VALUES (?, ?, ?)', [adminUsername, userId, noteText]); + + // --- START: NOTIFICATION CODE (Correct Placement) --- try { - const { userId, noteText } = req.body; - const adminUsername = req.user.username; - if (!userId || !noteText) return res.status(400).json({ message: "Employee and note text are required." }); - await db.run('INSERT INTO notes (admin_username, employee_user_id, note_text) VALUES (?, ?, ?)', [adminUsername, userId, noteText]); - res.status(201).json({ message: "Note successfully posted." }); - } catch (err) { - res.status(500).json({ message: 'Failed to post note.' }); + const userSubs = await db.all('SELECT subscription_object FROM subscriptions WHERE user_id = ?', [userId]); + const payload = JSON.stringify({ + title: 'You Have a New Note', + body: `A new note has been added by ${adminUsername}.` + }); + + const promises = userSubs.map(s => { + const subscription = JSON.parse(s.subscription_object); + return webpush.sendNotification(subscription, payload).catch(err => { + if (err.statusCode === 410) db.run('DELETE FROM subscriptions WHERE subscription_object = ?', [s.subscription_object]); + else console.error('Error sending employee notification:', err); + }); + }); + await Promise.all(promises); + } catch (notifyError) { + console.error('Failed to send employee notification:', notifyError); } - }); + // --- END: NOTIFICATION CODE --- + + res.status(201).json({ message: "Note successfully posted." }); + } catch (err) { + res.status(500).json({ message: 'Failed to post note.' }); + } +}); // NEW: Endpoint to UPDATE a specific time-off request app.put('/api/user/time-off-requests/:id', authenticateToken, async (req, res) => {