feat: postal inquiry

add: edit user
update: now admin can see other admins
2026-02-03 12:38:09 +03:30 · 2026-02-01 15:31:46 +03:30 · 2026-02-01 15:17:13 +03:30
2 changed files with 127 additions and 20 deletions
--- a/routes/nationalDocumentsRoutes.js
+++ b/routes/nationalDocumentsRoutes.js
@@ -57,7 +57,7 @@ async function performLogin() {

      response.on("end", () => {
        const csrfMatch = data.match(
-          /<input name="__RequestVerificationToken" type="hidden" value="([^"]+)"/
+          /<input name="__RequestVerificationToken" type="hidden" value="([^"]+)"/,
        );
        const csrfToken = csrfMatch ? csrfMatch[1] : null;

@@ -362,6 +362,70 @@ async function makeVeterinaryTransferRequest(trIDCode, cookie) {
  return finalInfo;
 }

+async function makePostcodeInquiryRequest(postcode, cookie) {
+  const payloadData = querystring.stringify({
+    postcode,
+  });
+
+  const requestOptions = {
+    hostname: "ba124.ir",
+    path: "/Inquiries/CallAddressWithPostcodeInquiry",
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
+      "Content-Length": Buffer.byteLength(payloadData),
+      "User-Agent":
+        "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36",
+      Accept: "application/json, text/javascript, */*; q=0.01",
+      "Accept-Encoding": "gzip, deflate, br",
+      "Accept-Language":
+        "en-US,en;q=0.9,fa-IR;q=0.8,fa;q=0.7,ar-AE;q=0.6,ar;q=0.5,en-GB;q=0.4",
+      Connection: "keep-alive",
+      Cookie: cookie,
+      Host: "ba124.ir",
+      Origin: "https://ba124.ir",
+      Referer: "https://ba124.ir/Inquiries/AddressWithPostcodeInquiry",
+      "Sec-Ch-Ua":
+        '"Chromium";v="142", "Google Chrome";v="142", "Not_A Brand";v="99"',
+      "Sec-Ch-Ua-Mobile": "?0",
+      "Sec-Ch-Ua-Platform": '"Linux"',
+      "Sec-Fetch-Dest": "empty",
+      "Sec-Fetch-Mode": "cors",
+      "Sec-Fetch-Site": "same-origin",
+      "X-Requested-With": "XMLHttpRequest",
+    },
+  };
+
+  const finalInfo = await new Promise((resolve, reject) => {
+    const request = https.request(requestOptions, (response) => {
+      const chunks = [];
+
+      response.on("data", (chunk) => {
+        chunks.push(chunk);
+      });
+
+      response.on("end", () => {
+        try {
+          const raw = Buffer.concat(chunks);
+          const jsonData = parseBaJsonResponse(response, raw);
+          resolve(jsonData);
+        } catch (error) {
+          reject(new Error(`Invalid JSON response: ${error.message}`));
+        }
+      });
+    });
+
+    request.on("error", (error) => {
+      reject(error);
+    });
+
+    request.write(payloadData);
+    request.end();
+  });
+
+  return finalInfo;
+}
+
 async function makeAgriWindowsUnitsRequest(PartIdCode, cookie) {
  const payloadData = querystring.stringify({
    PartIdCode,
@@ -540,4 +604,32 @@ router.get("/inquiry-farm", async (req, res) => {
  }
 });

+router.get("/postcode-inquiry", async (req, res) => {
+  const { postcode } = req.query;
+
+  if (!postcode) {
+    return res.status(400).json({
+      error: "Missing required field: postcode",
+    });
+  }
+
+  try {
+    let finalCookie = await performLogin();
+    let finalInfo = await makePostcodeInquiryRequest(postcode, finalCookie);
+
+    while (finalInfo && finalInfo.error) {
+      console.log("Session expired, retrying login and request...");
+      finalCookie = await performLogin();
+      finalInfo = await makePostcodeInquiryRequest(postcode, finalCookie);
+    }
+
+    res.json(finalInfo);
+  } catch (error) {
+    res.status(500).json({
+      error: "Failed to fetch postcode inquiry info",
+      message: error.message,
+    });
+  }
+});
+
 module.exports = router;
--- a/routes/userRoutes.js
+++ b/routes/userRoutes.js
@@ -86,10 +86,13 @@ router.get("/user_profile/:userId", async (req, res) => {
 router.get("/users/:province", async (req, res) => {
  try {
    const province = req.params.province;
+    const requestingUser = await User.findById(req.userId);

-    const users = (await User.find({ province: province })).filter(
-      (item) => !item.permissions.includes("admin")
-    );
+    let users = await User.find({ province });
+
+    if (!requestingUser?.permissions?.includes("admin")) {
+      users = users.filter((item) => !item.permissions?.includes("admin"));
+    }

    res.status(200).json(users);
  } catch (error) {
@@ -120,13 +123,25 @@ router.delete("/users/:userId", async (req, res) => {
 router.put("/user/:userId", async (req, res) => {
  try {
    const userId = req.params.userId;
-    const { mobile, password, fullname, pic, province, permissions } = req.body;
+    const { mobile, password, fullname, pic, province, permissions, city } =
+      req.body;

-    const updatedUser = await User.findByIdAndUpdate(
-      userId,
-      { mobile, password, fullname, pic, province, permissions },
-      { new: true } // Set { new: true } to return the updated document
-    );
+    const updateFields = {
+      mobile,
+      fullname,
+      pic,
+      province,
+      permissions,
+      city: city ?? "",
+    };
+
+    if (password && String(password).trim() !== "") {
+      updateFields.password = await bcrypt.hash(password, 10);
+    }
+
+    const updatedUser = await User.findByIdAndUpdate(userId, updateFields, {
+      new: true,
+    });

    if (!updatedUser) {
      return res.status(404).json({ message: "User not found" });
Author	SHA1	Message	Date
wixarm	61509ff6a6	feat: postal inquiry	2026-02-03 12:38:09 +03:30
wixarm	7f3e910328	add: edit user	2026-02-01 15:31:46 +03:30
wixarm	e4f1af8569	update: now admin can see other admins	2026-02-01 15:17:13 +03:30