feat: login unificado BI-CCC com deteccao automatica de role

- Adiciona coluna 'role' na tabela agentes (agente|admin) - Migra admins existentes para tabela agentes com role='admin' - Unifica login em /login com redirect baseado em role - Sessao unificada req.session.user com {id, email, nome, role, agente_id} - Middleware requireRole() para proteger rotas por role - Admin panel com selector de role ao criar/editar usuarios - Atualiza branding para "BI - CCC" com logo CambioReal - Redirects: /admin/login -> /login, /admin/logout -> /logout Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-08 13:03:52 -05:00
parent 39900c3fe8
commit be2b090ddc
9 changed files with 2710 additions and 96 deletions
--- a/src/db-local.js
+++ b/src/db-local.js
@@ -1,5 +1,6 @@
 /**
 * SQLite local — controle de agentes (auth + config)
+ * Login unificado: todos os usuarios na tabela agentes com coluna 'role'
 */
 const Database = require('better-sqlite3');
 const path = require('path');
@@ -18,9 +19,41 @@ db.exec(`
    senha_hash TEXT NOT NULL,
    agente_id INTEGER NOT NULL,
    nome TEXT NOT NULL,
+    role TEXT DEFAULT 'agente',
    ativo INTEGER DEFAULT 1,
    created_at TEXT DEFAULT (datetime('now'))
  )
 `);

+// Add role column if it doesn't exist (migration for existing databases)
+try {
+  db.exec(`ALTER TABLE agentes ADD COLUMN role TEXT DEFAULT 'agente'`);
+} catch (e) {
+  // Column already exists, ignore
+}
+
+// Legacy table - keep for reference but no longer used
+db.exec(`
+  CREATE TABLE IF NOT EXISTS admins (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    email TEXT UNIQUE NOT NULL,
+    senha_hash TEXT NOT NULL,
+    nome TEXT NOT NULL,
+    created_at TEXT DEFAULT (datetime('now'))
+  )
+`);
+
+// Migrate existing admins to agentes table with role='admin'
+const admins = db.prepare('SELECT * FROM admins').all();
+for (const admin of admins) {
+  try {
+    db.prepare(`
+      INSERT OR IGNORE INTO agentes (email, senha_hash, nome, role, agente_id, ativo)
+      VALUES (?, ?, ?, 'admin', 0, 1)
+    `).run(admin.email, admin.senha_hash, admin.nome);
+  } catch (e) {
+    // Email already exists in agentes, skip
+  }
+}
+
 module.exports = db;