const express = require('express');
const router = express.Router();
const pool = require('../config/database');
// Middleware ตรวจสอบการ Login
function isAuthenticated(req, res, next) {
if (req.session && req.session.user) {
return next(); // ถ้า Login แล้วให้ไปต่อ
} else {
res.redirect('/login'); // ถ้ายังไม่ได้ Login ให้ Redirect ไปที่หน้า Login
}
}
router.use((req, res, next) => {
console.log("🔹 Session ID:", req.session.id);
console.log("🔹 Session Data:", req.session);
next();
});
// แสดงประวัติออเดอร์ (เฉพาะผู้ที่ Login)
router.get('/history', isAuthenticated, async (req, res) => {
if (!req.session.id) {
return res.status(400).json({ message: "Session ID not found. Please login again." });
}
try {
const [orders] = await pool.query(
`SELECT
orders.id,
orders.total_amount,
orders.status,
orders.shipping_address,
orders.created_at,
GROUP_CONCAT(
CONCAT(products.name, ' x ', order_items.quantity, ' (฿', order_items.price, ')')
SEPARATOR ', '
) as items_detail
FROM orders
JOIN order_items ON orders.id = order_items.order_id
JOIN products ON order_items.product_id = products.id
WHERE orders.session_id = ?
GROUP BY orders.id
ORDER BY orders.created_at DESC`,
[req.session.id]
);
res.render('order-history', { orders });
} catch (error) {
console.error(error);
res.status(500).send('Error fetching order history');
}
});
// แสดงรายละเอียดออเดอร์ (เฉพาะผู้ที่ Login)
router.get('/order-details/:orderId', isAuthenticated, async (req, res) => {
try {
if (!req.session.id) {
return res.status(400).json({ message: "Session ID not found. Please login again." });
}
const { orderId } = req.params;
console.log(`🔹 Fetching order ID: ${orderId}, Session ID: ${req.session.id}`);
// ดึงข้อมูลคำสั่งซื้อ
const [orderResults] = await pool.query(
`SELECT id, total_amount, status, shipping_address, created_at
FROM orders WHERE id = ? AND session_id = ?`,
[orderId, req.session.id]
);
if (orderResults.length === 0) {
console.log("Order not found or no permission.");
return res.status(404).json({ message: "ไม่พบคำสั่งซื้อ หรือไม่มีสิทธิ์เข้าถึง" });
}
// ดึงรายการสินค้าใน order_items
const [orderItems] = await pool.query(
`SELECT order_items.order_id, order_items.product_id, products.name,
order_items.quantity, order_items.price
FROM order_items
JOIN products ON order_items.product_id = products.id
WHERE order_items.order_id = ?`,
[orderId]
);
console.log("Order Items:", orderItems);
res.json({
order: orderResults[0],
items: orderItems
});
} catch (error) {
console.error("Error fetching order:", error);
res.status(500).json({ message: "Something went wrong.", error: error.message });
}
});
// อัปเดตที่อยู่จัดส่งของคำสั่งซื้อ
router.put('/order-details/:orderId', isAuthenticated, async (req, res) => {
try {
console.log("Updating order...");
console.log("Session ID:", req.session.id);
console.log("New Address:", req.body.shipping_address);
const [orderResults] = await pool.query(
`SELECT id, session_id FROM orders WHERE id = ?`,
[req.params.orderId]
);
if (orderResults.length === 0) {
console.log("Order not found!");
return res.status(404).json({ message: "ไม่พบคำสั่งซื้อ" });
}
console.log("Order Session ID:", orderResults[0].session_id);
console.log("Request Session ID:", req.session.id);
// ตรวจสอบว่าผู้ใช้มีสิทธิ์แก้ไขที่อยู่หรือไม่
if (orderResults[0].session_id !== req.session.id) {
console.log("Session ID ไม่ตรงกัน!");
return res.status(403).json({ message: "ไม่มีสิทธิ์แก้ไขที่อยู่นี้" });
}
// อัปเดตที่อยู่
const [result] = await pool.query(
"UPDATE orders SET shipping_address = ? WHERE id = ? AND session_id = ?",
[req.body.shipping_address, req.params.orderId, req.session.id]
);
if (result.affectedRows === 0) {
return res.status(404).json({ message: "ไม่สามารถอัปเดตที่อยู่ได้" });
}
res.json({ message: "อัปเดตที่อยู่สำเร็จ!" });
} catch (error) {
console.error("ERROR:", error);
res.status(500).json({ message: "เกิดข้อผิดพลาด", error: error.message });
}
});
// ป้องกันไม่ให้เข้า Checkout ถ้าไม่ได้ Login
router.get('/checkout', isAuthenticated, async (req, res) => {
try {
const [cartItems] = await pool.query(
`SELECT cart_items.*, products.name, products.price
FROM cart_items
JOIN products ON cart_items.product_id = products.id
WHERE cart_items.session_id = ?`,
[req.session.id]
);
const total = cartItems.reduce((sum, item) => sum + (item.price * item.quantity), 0);
// ต้องส่ง user ไปที่ checkout.ejs
res.render('checkout', { user: req.session.user, cartItems, total });
} catch (error) {
console.error(error);
res.status(500).send('Error loading checkout');
}
});
// บันทึกออเดอร์
router.post('/create', isAuthenticated, async (req, res) => {
if (!req.session.id) {
return res.status(400).json({ message: "Session ID not found. Please login again." });
}
console.log("🔹 Creating order with Session ID:", req.session.id);
const { address } = req.body;
const conn = await pool.getConnection();
try {
await conn.beginTransaction();
const [cartItems] = await conn.query(
`SELECT cart_items.*, products.price
FROM cart_items
JOIN products ON cart_items.product_id = products.id
WHERE cart_items.session_id = ?`,
[req.session.id]
);
if (cartItems.length === 0) {
return res.status(400).send('Cart is empty');
}
const total = cartItems.reduce((sum, item) => sum + (item.price * item.quantity), 0);
if (!req.session.id) {
return res.status(400).json({ message: "Session ID not found. Please login again." });
}
const [order] = await conn.query(
'INSERT INTO orders (session_id, total_amount, status, shipping_address) VALUES (?, ?, ?, ?)',
[req.session.id, total, 'pending', address]
);
// ตรวจสอบว่า INSERT สำเร็จหรือไม่
if (!order.insertId) {
throw new Error("Failed to create order.");
}
for (const item of cartItems) {
await conn.query(
'INSERT INTO order_items (order_id, product_id, quantity, price) VALUES (?, ?, ?, ?)',
[order.insertId, item.product_id, item.quantity, item.price]
);
await conn.query(
'UPDATE products SET stock = stock - ? WHERE id = ?',
[item.quantity, item.product_id]
);
}
await conn.query('DELETE FROM cart_items WHERE session_id = ?', [req.session.id]);
await conn.commit();
res.redirect('/order/confirmation');
} catch (error) {
await conn.rollback();
console.error(error);
res.status(500).send('Error creating order');
} finally {
conn.release();
}
});
router.get('/confirmation', (req, res) => {
res.render('confirmation');
});
module.exports = router;