code base

2025-07-13 22:49:55 +05:30
parent d4f21c9a99
commit cd43f0e98e
96 changed files with 17779 additions and 0 deletions
--- a/frontend/src/services/applicationStatusAction.js
+++ b/frontend/src/services/applicationStatusAction.js
@@ -0,0 +1,52 @@
+import { json } from "react-router-dom";
+import { toastSuccess, toastError, toastWarning } from "../utils/toast";
+
+export async function applicationStatusAction({ request, params }) {
+  const formData = await request.formData();
+  const action = formData.get("action")
+
+  try {
+    if (action === "accepted") {
+      const expenses = JSON.parse(formData.get("expenses"));
+      const hasUnverifiedExpense = expenses.some(item => item?.proofStatus !== "verified");
+      
+      if (hasUnverifiedExpense) {
+        toastWarning("Please verify all the proofs before approving");
+        return json(
+          { message: "Please verify all the proofs before approving" },
+          { status: 400 }
+        );
+      }
+    }
+
+    const res = await fetch(
+      `${
+        import.meta.env.VITE_APP_API_URL
+      }/validator/statusAction`,
+      {
+        method: "PUT",
+        credentials: "include",
+        body: formData,
+      }
+    );
+
+    if (res.status === 401) {
+      return json({ message: "Unauthorized access" }, { status: res.status });
+    }
+
+    if (!res.ok) {
+      toastError(res.statusText);
+      return json({ message: res.statusText }, { status: res.status });
+    }
+
+    toastSuccess(`Application ${action.slice(0, 1).toUpperCase() + action.slice(1).toLowerCase()} Successfully`);
+
+    window.location.reload()
+
+    return null;
+    
+  } catch (error) {
+    console.error("Fetch error:", error);
+    throw json({ message: error.message }, { status: error.status || 500 });
+  }
+}
--- a/frontend/src/services/upsertApplicationAction.js
+++ b/frontend/src/services/upsertApplicationAction.js
@@ -0,0 +1,49 @@
+import { json, redirect } from 'react-router-dom';
+import { toastSuccess, toastError, toastSecurityAlert } from '../utils/toast';
+
+export async function upsertApplicationAction({ request }) {
+  const formData = await request.formData();
+
+  const resubmission = JSON.parse(formData.get('resubmission'));
+  formData.delete('resubmission');
+  
+  try {
+    let res;
+    if (resubmission) {
+      res = await fetch(`${import.meta.env.VITE_APP_API_URL}/applicant/resubmit-application`, {
+        method: 'PUT',
+        credentials: 'include',
+        body: formData
+      });
+    } else {
+      res = await fetch(`${import.meta.env.VITE_APP_API_URL}/applicant/create-application`, {
+        method: 'POST',
+        credentials: 'include',
+        body: formData
+      });
+    }
+
+    if (res.status === 401) {
+      return json({ message: 'Unauthorized access' }, { status: res.status });
+    }
+
+    if (!res.ok) {
+      const errorData = await res.text();
+      
+      // Check for field tampering attempt
+      if (errorData.includes("Forbidden: Field") && errorData.includes("Tampering detected")) {
+        toastSecurityAlert("SECURITY ALERT: Your submission was blocked because form tampering was detected. Disabled fields cannot be modified. This incident has been logged.");
+      } else {
+        toastError(errorData);
+      }
+      
+      return json({ message: errorData }, { status: res.status });
+    }
+    
+    toastSuccess("Application Submitted Successfully");
+    return redirect("../dashboard/pending");
+  } catch (error) {
+    console.error('Fetch error:', error);
+    return json({ message: error.message || 'An unexpected error occurred' }, { status: error.status || 500 });
+  }
+}
--- a/frontend/src/services/userDataLoader.js
+++ b/frontend/src/services/userDataLoader.js
@@ -0,0 +1,58 @@
+import axios from "axios";
+import { json, redirect } from "react-router-dom";
+import { toastError } from "../utils/toast";
+
+async function userDataLoader({ params, request }) {
+  try {
+    const res = await axios.get(`${import.meta.env.VITE_APP_API_URL}/general/dataRoot`, {
+      withCredentials: true,
+    });
+
+    if (res.status === 401 || res.status === 403) {
+      toastError("Unauthorized Access. Please Login.");
+      return redirect("/"); // Redirect to login page
+    }
+
+    const userRole = res.data.role; 
+    const url = new URL(request.url);
+    const userRoleInURL = url.pathname.split("/")[1];
+
+    // Role-based route protection
+    if (userRoleInURL === "applicant" && userRole !== "Applicant") {
+      toastError("Access Denied: Applicant Role Required.");
+      return redirect("/");
+    }
+
+    if (userRoleInURL === "validator" && userRole !== "Validator") {
+      toastError("Access Denied: Validator Role Required.");
+      return redirect("/");
+    }
+
+    return { data: res.data };
+
+  } catch (error) {
+    // Handle errors during the request
+    if (error.response && (error.response.status === 401 || error.response.status === 403)) {
+      toastError(error.response?.data?.message || "Unauthorized Access.");
+      
+      // Log out the user if unauthorized or forbidden
+      await fetch(`${import.meta.env.VITE_APP_API_URL}/logout`, {
+        method: 'GET',
+        credentials: 'include', // Include credentials (cookies) for logout
+      });
+
+      return redirect("/"); // Redirect to login page
+    }
+
+    // If the error isn't related to authorization, return a network error
+    throw json(
+      {
+        message: error.response?.data?.message || "Network error. Please try again later.",
+        status: error.response?.status || 500,
+      },
+      { status: error.response?.status || 500 }
+    );
+  }
+}
+
+export default userDataLoader;