*: added projectEdit and tweaking projectSearch

added useredit param into projectSearchController.js, also use switch case instead of if-else. projectEdit is still not working yet

Signed-off-by: supphakitd <67319010028@technictrang.ac.th>

.gitignore

@@ -2,3 +2,4 @@ node_modules
 
 package-lock.json
 /exthernal-rentroom-api
+uploads

@knowleadge/dbchange/202511300710.txt

@@ -0,0 +1,59 @@
+-- ⚠️ PostgreSQL ไม่รองรับคำสั่ง AFTER ในการเพิ่ม Column
+-- จำเป็นต้องสร้างตารางใหม่เพื่อจัดเรียงลำดับ Column
+
+BEGIN; -- เริ่ม Transaction (ถ้า Error ข้อมูลจะไม่เสียหาย)
+
+-- 1. เปลี่ยนชื่อตารางเดิมเป็น Backup
+ALTER TABLE dbo.prjmst RENAME TO prjmst_backup;
+
+-- 2. สร้างตารางใหม่โดยมี prjdoc อยู่ในตำแหน่งที่ต้องการ
+CREATE TABLE dbo.prjmst
+(
+    prjseq integer NOT NULL,
+    prjnam character varying(150) COLLATE pg_catalog."default" NOT NULL,
+    prjusrseq integer,
+    prjwntbdg numeric(14,2),
+    prjacpbdg numeric(14,2),
+    prjbdgcod character varying(3) COLLATE pg_catalog."default",
+    prjcomstt character varying(3) COLLATE pg_catalog."default",
+    
+    -- ✅ แทรก Column ใหม่ตรงนี้
+    prjdoc character varying(255) COLLATE pg_catalog."default",
+    
+    prjacpdtm character(12) COLLATE pg_catalog."default",
+    
+    CONSTRAINT prjmst_pkey PRIMARY KEY (prjseq, prjnam)
+)
+TABLESPACE pg_default;
+
+-- 3. กำหนด Owner (ถ้าจำเป็น)
+ALTER TABLE dbo.prjmst OWNER to postgres;
+
+-- 4. ย้ายข้อมูลจากตาราง Backup มาใส่ตารางใหม่ (Map ข้อมูลให้ตรง Column)
+INSERT INTO dbo.prjmst (
+    prjseq, 
+    prjnam, 
+    prjusrseq, 
+    prjwntbdg, 
+    prjacpbdg, 
+    prjbdgcod, 
+    prjcomstt, 
+    prjacpdtm
+    -- prjdoc จะเป็น NULL อัตโนมัติสำหรับข้อมูลเก่า
+)
+SELECT 
+    prjseq, 
+    prjnam, 
+    prjusrseq, 
+    prjwntbdg, 
+    prjacpbdg, 
+    prjbdgcod, 
+    prjcomstt, 
+    prjacpdtm
+FROM prjmst_backup;
+
+-- 5. ยืนยันการทำงาน
+COMMIT;
+
+-- หมายเหตุ: หลังจากตรวจสอบข้อมูลแล้ว สามารถลบตาราง Backup ได้ด้วยคำสั่ง:
+-- DROP TABLE dbo.prjmst_backup;

@knowleadge/dbchange/alter new.txt

@@ -0,0 +1,63 @@
+-- ⚠️ IMPORTANT: คำสั่ง ROLLBACK จะช่วยเคลียร์สถานะ "current transaction is aborted"
+ROLLBACK; 
+
+BEGIN;
+
+-- 1. ส่วนจัดการเปลี่ยนชื่อตารางและ Key (แบบปลอดภัย เช็คก่อนทำ)
+DO $$
+BEGIN
+    -- เช็ค: ถ้ามีตาราง 'prjmst' อยู่ และยังไม่มี 'prjmst_backup' ให้ทำการเปลี่ยนชื่อ (กรณีรันครั้งแรก)
+    IF EXISTS (SELECT FROM pg_tables WHERE schemaname = 'dbo' AND tablename = 'prjmst') THEN
+        IF NOT EXISTS (SELECT FROM pg_tables WHERE schemaname = 'dbo' AND tablename = 'prjmst_backup') THEN
+            ALTER TABLE dbo.prjmst RENAME TO prjmst_backup;
+        END IF;
+    END IF;
+
+    -- เช็ค: แก้ชื่อ Primary Key ในตาราง Backup ถ้ามันยังชื่อเดิม (แก้ปัญหา duplicate key name)
+    IF EXISTS (
+        SELECT 1 FROM pg_constraint con 
+        JOIN pg_class rel ON rel.oid = con.conrelid 
+        JOIN pg_namespace nsp ON nsp.oid = rel.relnamespace
+        WHERE nsp.nspname = 'dbo' AND rel.relname = 'prjmst_backup' AND con.conname = 'prjmst_pkey'
+    ) THEN
+        ALTER TABLE dbo.prjmst_backup RENAME CONSTRAINT prjmst_pkey TO prjmst_backup_pkey;
+    END IF;
+END $$;
+
+-- 2. สร้างตารางใหม่ (New Structure)
+-- ใช้ IF NOT EXISTS กัน Error ถ้ารันซ้ำ
+CREATE TABLE IF NOT EXISTS dbo.prjmst
+(
+    prjseq integer NOT NULL,
+    prjnam character varying(150) COLLATE pg_catalog."default" NOT NULL,
+    prjusrseq integer,
+    prjwntbdg numeric(14,2),
+    prjacpbdg numeric(14,2),
+    prjbdgcod character varying(3) COLLATE pg_catalog."default",
+    prjcomstt character varying(3) COLLATE pg_catalog."default",
+    
+    -- ✅ แทรก Column ใหม่ตรงนี้
+    prjdoc character varying(255) COLLATE pg_catalog."default",
+    
+    prjacpdtm character(12) COLLATE pg_catalog."default",
+    
+    CONSTRAINT prjmst_pkey PRIMARY KEY (prjseq, prjnam)
+)
+TABLESPACE pg_default;
+
+ALTER TABLE dbo.prjmst OWNER to postgres;
+
+-- 3. ย้ายข้อมูลกลับมา (Data Migration)
+-- เช็คก่อนว่าตารางใหม่ว่างอยู่ไหม ค่อย Insert
+INSERT INTO dbo.prjmst (
+    prjseq, prjnam, prjusrseq, prjwntbdg, prjacpbdg, prjbdgcod, prjcomstt, prjacpdtm
+)
+SELECT 
+    prjseq, prjnam, prjusrseq, prjwntbdg, prjacpbdg, prjbdgcod, prjcomstt, prjacpdtm
+FROM dbo.prjmst_backup
+WHERE NOT EXISTS (SELECT 1 FROM dbo.prjmst);
+
+COMMIT;
+
+-- หมายเหตุ: เมื่อตรวจสอบข้อมูลครบถ้วนแล้ว สามารถสั่งลบตาราง backup ได้:
+-- DROP TABLE dbo.prjmst_backup;

exthernal-accountingwep-api/src/controllers/accountingSearchController.js

@@ -25,7 +25,7 @@ export class accountingSearch {
     try {
       // let username = req.body.request.username;
       // let password = req.body.request.password;
-      let token = req.body.request.token;
+        let token = req.headers.authorization?.split(' ')[1];''
        const decoded = verifyToken(token);
 
          let id = decoded.id

exthernal-accountingwep-api/src/controllers/accountingSetupController.js

@@ -25,7 +25,7 @@ export class accountingSetup {
     try {
       // let username = req.body.request.username;
       // let password = req.body.request.password;
-      let token = req.body.request.token;
+      let token = req.headers.authorization?.split(' ')[1];
       const decoded = verifyToken(token);
 
       database = decoded.organization

exthernal-accountingwep-api/src/controllers/accountingSumController.js

@@ -2,7 +2,8 @@ import { AccountingSumService } from '../services/accountingSumService.js'
 import { sendError } from '../utils/response.js'
 import { GeneralService } from '../share/generalservice.js';
 import { trim_all_array } from '../utils/trim.js'
-import { verifyToken, generateToken } from '../utils/token.js'
+import { verifyToken, 
+         generateToken } from '../utils/token.js'
 
 export class accountingSum {
 
@@ -23,7 +24,7 @@ export class accountingSum {
     let result = []
     var aryResult
     try {
-      let token = req.body.request.token;
+      let token = req.headers.authorization?.split(' ')[1];
       const decoded = verifyToken(token);
 
       let id = decoded.id
@@ -44,7 +45,7 @@ export class accountingSum {
       if (!result) return sendError('ชื่อผู้ใช้หรือรหัสผ่านไม่ถูกต้อง', 'Invalid credentials');
 
       try {
-  // ✅ 1) เตรียม data สำหรับใช้คำนวณ
+  // 1) เตรียม data สำหรับใช้คำนวณ
   // ถ้า service คืนมาเป็น { code, message, data: [...] }
         const data = Array.isArray(result)
           ? result
@@ -57,7 +58,7 @@ export class accountingSum {
           return result;
         }
 
-        // ✅ 2) แยก income / expense
+        // 2) แยก income / expense
         const incomeList = data.filter(i => i.acttyp === 'i');
         const expenseList = data.filter(e => e.acttyp === 'e');
 
@@ -68,7 +69,7 @@ export class accountingSum {
         const profitRate = totalIncome > 0 ? (netProfit / totalIncome) * 100 : 0;
         const adjustedProfitRate = profitRate + 1.9;
 
-        // ✅ 3) แนบ summary (เหมือนที่เราทำไปก่อนหน้า)
+        // 3) แนบ summary (เหมือนที่เราทำไปก่อนหน้า)
         var summary = {
           totalIncome: totalIncome.toFixed(2),
           totalExpense: totalExpense.toFixed(2),
@@ -78,14 +79,14 @@ export class accountingSum {
           period: '30 วัน'
         };
 
-        // ✅ 4) ดึงสีจาก dtlmst (แนะนำให้เรียกจาก service เพิ่ม)
+        // 4) ดึงสีจาก dtlmst (แนะนำให้เรียกจาก service เพิ่ม)
         // ตัวอย่างสมมติ: คุณไป query มาจาก service ก่อนหน้าแล้วได้เป็น object แบบนี้
         // key = ชื่อหมวด (actcatnam หรือ code), value = color
         const categoryColorMap = await this.accountingSumService.getCategoryColorMap(database);
         // ตัวอย่างที่คาดหวังจาก service:
         // { 'ค่าอาหาร': '#FF6384', 'ค่าเดินทาง': '#36A2EB', 'ขายสินค้า': '#4BC0C0', ... }
 
-        // ✅ 5) สรุปยอดตามหมวด แล้วคำนวณ % สำหรับ expense
+        // 5) สรุปยอดตามหมวด แล้วคำนวณ % สำหรับ expense
         const expenseAgg = {};
         expenseList.forEach(row => {
           const key = row.actcatnam;             // หรือใช้รหัส category ถ้ามี เช่น row.actcatcod
@@ -122,7 +123,7 @@ export class accountingSum {
           };
         });
 
-        // ✅ 6) แนบข้อมูล pie chart เข้า result
+        // 6) แนบข้อมูล pie chart เข้า result
         var pie = {
           expense: expensePie,
           income: incomePie

exthernal-accountingwep-api/src/controllers/reportController.js

@@ -28,7 +28,7 @@ export class reportController {
             let token = req.headers.authorization?.split(' ')[1];
             const decoded = verifyToken(token);
 
-            let actnum = req.body.request.actnum;
+            let actnum = decoded.id;
             database = decoded.organization;
 
             aryResult = await this.reportService.getReportController(database, actnum);
@@ -52,7 +52,7 @@ export class reportController {
                     return aryResult;
                 }
 
-                // ✅ 2) แยก income / expense
+                // 2) แยก income / expense
                 const incomeList = data.filter(i => i.acttyp === 'i');
                 const expenseList = data.filter(e => e.acttyp === 'e');
 
@@ -63,11 +63,13 @@ export class reportController {
                 const profitRate = totalIncome > 0 ? (netProfit / totalIncome) * 100 : 0;
                 const adjustedProfitRate = profitRate + 1.9;
 
-                // ✅ 3) แนบ summary (เหมือนที่เราทำไปก่อนหน้า)
+                // 3) แนบ summary (เหมือนที่เราทำไปก่อนหน้า)
                 var summary = {
                     totalIncome: totalIncome.toFixed(2),
                     totalExpense: totalExpense.toFixed(2),
                     netProfit: netProfit.toFixed(2),
+                    profitRate: profitRate.toFixed(2) + ' %',
+                    period: '30 วัน'
                 };
 
                 // ✅ 3.5) Create actdata table with required fields grouped by actnum

exthernal-login-api/.env

@@ -13,7 +13,7 @@ SMTP_USER=lalisakuty@gmail.com
 SMTP_PASS=lurl pckw qugk tzob
 
 # REDIS
-REDIS_HOST=localhost
+REDIS_HOST=10.9.0.0
 REDIS_PORT=6379
 OTP_TTL_SECONDS=300
 

exthernal-login-api/src/services/loginservice.js

@@ -44,7 +44,7 @@ export class LoginService {
     this.generalService.devhint(2, 'loginservice.js', 'token generated successfully')
 
 
-    delete user.usrseq  
+    // delete user.usrseq  
     delete user.usrnam   
     delete user.usrpwd
     delete user.usrorg

exthernal-ttc-api/src/controllers/projectAddController.js

@@ -1,10 +1,12 @@
 import { ProjectAddService } from '../services/projectAddService.js'
 import { sendError } from '../utils/response.js'
-// import { OftenError } from '../utils/oftenError.js'
 import { GeneralService } from '../share/generalservice.js';
 import { trim_all_array } from '../utils/trim.js'
 import { verifyToken, generateToken } from '../utils/token.js'
 import { Interface } from '../interfaces/Interface.js';
+import fs from 'fs';
+import path from 'path';
+import { getDTM } from '../utils/date.js';
 
 
 export class projectAdd {
@@ -17,6 +19,7 @@ export class projectAdd {
 
   async onNavigate(req, res) {
     this.generalService.devhint(1, 'projectAdd.js', 'onNavigate() start');
+    
     let organization = req.body.organization;
     const prommis = await this.onProjectAdd(req, res, organization);
     return prommis;
@@ -30,40 +33,96 @@ export class projectAdd {
       let token = req.headers.authorization?.split(' ')[1];
       const decoded = verifyToken(token);
 
-      let name = req.body.request.prjnam;
+      const requestData = req.body; 
-      database = decoded.organization;
+      let name = requestData.prjnam;
+      
+      database = decoded.organization || 'dbo';
 
       aryResult = await this.projectAddService.getProjectAdd(database, name);
       latSeq = await this.projectAddService.getLatestProjectSeq(database);
-      //   this.generalService.devhint(1, 'budgetSearch.js', 'Login success');
+
     } catch (error) {
       idx = 1;
+      console.error(error);
     } finally {
       if (idx === 1) return sendError('เกิดข้อผิดพลาดไม่คาดคิดเกิดขึ้น', 'Unexpected error');
-      // if (!aryResult) return sendError('ไม่พบการมีอยู่ของข้อมูล', 'Cannot Find Any Data');
 
       if (aryResult == 0) {
-        let prommis = await this.makeArySave(req, latSeq[0].prjseq);
+        const currentSeq = (latSeq && latSeq[0] && latSeq[0].prjseq) ? latSeq[0].prjseq : 0;
+        let prommis = await this.makeArySave(req, currentSeq);
         return prommis
       } else {
+        if (req.files) {
+            req.files.forEach(f => {
+                if (fs.existsSync(f.path)) fs.unlinkSync(f.path);
+            });
+        }
         return sendError('คีย์หลักซ้ำในระบบ', 'Duplicate Primary Key');
       }
     }
   }
 
-
   async makeArySave(req, latseq) {
+    const requestData = req.body;
+    const nextSeq = latseq + 1;
+
+    let prjwntbdg = requestData.prjwntbdg;
+    if (!prjwntbdg || prjwntbdg === '' || prjwntbdg === 'undefined' || prjwntbdg === 'null') {
+        prjwntbdg = '0.00';
+    }
+
+    let prjusrseq = requestData.prjusrseq;
+    if (!prjusrseq || prjusrseq === '' || prjusrseq === 'undefined' || prjusrseq === 'null') {
+        prjusrseq = null;
+    }
+
+    const typ = requestData.typ; 
+
     let arysave = {
       methods: 'post',
-      prjseq: latseq+1,
+      prjseq: nextSeq,
-      prjnam: req.body.request.prjnam,
+      prjnam: requestData.prjnam,
-      prjusrseq: req.body.request.prjusrseq,
+      prjusrseq: prjusrseq, 
-      prjwntbdg: req.body.request.prjwntbdg,
+      prjwntbdg: prjwntbdg,
       prjacpbdg: '0.00',
       prjbdgcod: '',
-      prjcomstt: req.body.request.prjcomstt,
+      prjcomstt: requestData.prjcomstt || 'UAC',
-      prjacpdtm: req.body.request.prjacpdtm
+      prjacpdtm: getDTM(),
     }
+
+    let savedFileNames = [];
+    if (req.files && req.files.length > 0) {
+        if (typ === 'prj') {
+            const targetDir = `uploads/projects/${nextSeq}`;
+            
+            try {
+                if (!fs.existsSync(targetDir)) {
+                    fs.mkdirSync(targetDir, { recursive: true });
+                }
+
+                req.files.forEach(file => {
+                    const targetPath = path.join(targetDir, file.filename);
+                    fs.renameSync(file.path, targetPath);
+                    savedFileNames.push(file.filename);
+                });
+                
+                arysave.prjdoc = savedFileNames.join(',');
+
+            } catch (err) {
+                console.error('Error moving files:', err);
+                return sendError('ไม่สามารถบันทึกไฟล์ลงโฟลเดอร์โครงการได้');
+            }
+        } else {
+            arysave.prjdoc = req.files.map(f => f.filename).join(',');
+        }
+    }
+
+    if (!arysave.prjusrseq) {
+        const token = req.headers.authorization?.split(' ')[1];
+        const decoded = verifyToken(token);
+        if (decoded) arysave.prjusrseq = decoded.id;
+    }
+
     return this.Interface.saveInterface('prjmst', arysave, req);
   }
 }

exthernal-ttc-api/src/controllers/projectDownloadController.js

@@ -0,0 +1,114 @@
+import { GeneralService } from '../share/generalservice.js';
+import { sendError } from '../utils/response.js';
+import { verifyToken } from '../utils/token.js'; // ✅ เพิ่ม verifyToken
+import fs from 'fs';
+import path from 'path';
+import archiver from 'archiver';
+
+export class projectDownload {
+
+  constructor() {
+    this.generalService = new GeneralService();
+  }
+
+  async onNavigate(req, res) {
+    this.generalService.devhint(1, 'projectDownload.js', 'onNavigate() start');
+    
+    const prjseq = req.query.prjseq;
+    const docType = req.query.docType; 
+
+    // ✅ 1. แกะ Token เพื่อหา Database Schema (เพราะต้อง Query DB)
+    let token = req.headers.authorization?.split(' ')[1];
+    let database = 'dbo'; // Default
+    
+    if (token) {
+        const decoded = verifyToken(token);
+        if (decoded && decoded.organization) {
+            database = decoded.organization;
+        }
+    }
+
+    if (!prjseq) {
+        return res.status(400).json(sendError('กรุณาระบุ prjseq', 'Missing prjseq parameter'));
+    }
+
+    return await this.onProjectDownload(req, res, prjseq, docType, database);
+  }
+
+  async onProjectDownload(req, res, prjseq, docType, database) {
+    try {
+        // ✅ 2. Query เช็คค่า prjdoc ใน Database ก่อน (Source of Truth)
+        const sql = `SELECT prjdoc FROM ${database}.prjmst WHERE prjseq = $1`;
+        const result = await this.generalService.executeQueryParam(database, sql, [prjseq]);
+
+        // ถ้าไม่เจอโครงการเลย
+        if (result.length === 0) {
+            return res.json(sendError('ไม่พบข้อมูลโครงการนี้ในระบบ', 'Project not found in DB', 404));
+        }
+
+        const prjdoc = result[0].prjdoc;
+
+        // ✅ 3. เช็คว่า prjdoc ว่างหรือไม่? (null, undefined, หรือ string ว่าง)
+        if (!prjdoc || prjdoc.trim() === '') {
+             return res.json(sendError('ไม่พบเอกสารแนบในระบบ (prjdoc ว่าง)', 'No documents recorded in database', 404));
+        }
+
+        // ✅ 4. แปลงรายชื่อไฟล์จาก DB (Comma Separated) เป็น Array
+        // ตัวอย่าง: "file1.jpg,file2.pdf" -> ["file1.jpg", "file2.pdf"]
+        let dbFiles = prjdoc.split(',').map(f => f.trim()).filter(f => f !== '');
+
+        const folderPath = `uploads/projects/${prjseq}`;
+
+        // เช็คว่ามีโฟลเดอร์จริงไหม
+        if (!fs.existsSync(folderPath)) {
+            return res.json(sendError('ไม่พบไฟล์ใน Server (โฟลเดอร์สูญหาย)', 'Project folder missing on server', 404));
+        }
+
+        // ✅ 5. กรองไฟล์: ต้องมีชื่อใน DB **และ** มีไฟล์อยู่จริงบน Disk
+        // (และผ่าน filter docType ถ้ามี)
+        let validFiles = dbFiles.filter(filename => {
+            // Filter docType (ถ้าส่งมา)
+            if (docType && !filename.toLowerCase().endsWith(`.${docType.toLowerCase()}`)) {
+                return false;
+            }
+
+            // เช็คว่าไฟล์มีอยู่จริงไหม
+            const fullPath = path.join(folderPath, filename);
+            return fs.existsSync(fullPath);
+        });
+
+        // ถ้ากรองแล้วไม่เหลือไฟล์เลย
+        if (validFiles.length === 0) {
+             return res.json(sendError('ไม่พบไฟล์เอกสารที่สามารถดาวน์โหลดได้', 'No valid files found', 404));
+        }
+
+        // --- เริ่มกระบวนการ Zip ---
+        const archive = archiver('zip', { zlib: { level: 9 } });
+        const zipFilename = `project_${prjseq}_documents.zip`;
+
+        res.attachment(zipFilename);
+
+        archive.on('error', function(err) {
+            console.error('Archiver Error:', err);
+            if (!res.headersSent) {
+                 res.status(500).send({error: err.message});
+            }
+        });
+
+        archive.pipe(res);
+
+        validFiles.forEach(filename => {
+            const filePath = path.join(folderPath, filename);
+            archive.file(filePath, { name: filename });
+        });
+
+        await archive.finalize();
+
+    } catch (error) {
+        console.error('Download Controller Error:', error);
+        if (!res.headersSent) {
+            return res.json(sendError('เกิดข้อผิดพลาดในการดาวน์โหลด', 'Download Error', 500));
+        }
+    }
+  }
+}

exthernal-ttc-api/src/controllers/projectEditController.js

@@ -0,0 +1,128 @@
+import { ProjectEditService } from '../services/projectEditService.js'
+import { sendError } from '../utils/response.js'
+import { GeneralService } from '../share/generalservice.js';
+import { trim_all_array } from '../utils/trim.js'
+import { verifyToken, generateToken } from '../utils/token.js'
+import { Interface } from '../interfaces/Interface.js';
+import fs from 'fs';
+import path from 'path';
+import { getDTM } from '../utils/date.js';
+
+
+export class projectEdit {
+
+  constructor() {
+    this.generalService = new GeneralService();
+    this.Interface = new Interface();
+    this.projectEditService = new ProjectEditService();
+  }
+
+  async onNavigate(req, res) {
+    this.generalService.devhint(1, 'projectAdd.js', 'onNavigate() start');
+    
+    let organization = req.body.organization;
+    const prommis = await this.onProjectEdit(req, res, organization);
+    return prommis;
+  }
+
+  async onProjectEdit(req, res, database) {
+    let idx = -1
+    let aryResult = []
+    let latSeq = []
+    try {
+      let token = req.headers.authorization?.split(' ')[1];
+      const decoded = verifyToken(token);
+
+      const requestData = req.body; 
+      let name = requestData.prjnam;
+      
+      database = decoded.organization || 'dbo';
+
+      aryResult = await this.projectEditService.getProjectEdit(database, name);
+      latSeq = await this.projectEditService.getLatestProjectSeq(database);
+
+    } catch (error) {
+      idx = 1;
+      console.error(error);
+    } finally {
+      if (idx === 1) return sendError('เกิดข้อผิดพลาดไม่คาดคิดเกิดขึ้น', 'Unexpected error');
+
+      if (aryResult == 0) {
+        const currentSeq = (latSeq && latSeq[0] && latSeq[0].prjseq) ? latSeq[0].prjseq : 0;
+        let prommis = await this.makeArySave(req, currentSeq);
+        return prommis
+      } else {
+        if (req.files) {
+            req.files.forEach(f => {
+                if (fs.existsSync(f.path)) fs.unlinkSync(f.path);
+            });
+        }
+        return sendError('คีย์หลักซ้ำในระบบ', 'Duplicate Primary Key');
+      }
+    }
+  }
+
+  async makeArySave(req, latseq) {
+    const requestData = req.body;
+    const nextSeq = latseq + 1;
+
+    let prjwntbdg = requestData.prjwntbdg;
+    if (!prjwntbdg || prjwntbdg === '' || prjwntbdg === 'undefined' || prjwntbdg === 'null') {
+        prjwntbdg = '0.00';
+    }
+
+    let prjusrseq = requestData.prjusrseq;
+    if (!prjusrseq || prjusrseq === '' || prjusrseq === 'undefined' || prjusrseq === 'null') {
+        prjusrseq = null;
+    }
+
+    const typ = requestData.typ; 
+
+    let arysave = {
+      methods: 'post',
+      prjseq: nextSeq,
+      prjnam: requestData.prjnam,
+      prjusrseq: prjusrseq, 
+      prjwntbdg: prjwntbdg,
+      prjacpbdg: '0.00',
+      prjbdgcod: '',
+      prjcomstt: requestData.prjcomstt || 'UAC',
+      prjacpdtm: getDTM(),
+    }
+
+    let savedFileNames = [];
+    if (req.files && req.files.length > 0) {
+        if (typ === 'prj') {
+            const targetDir = `uploads/projects/${nextSeq}`;
+            
+            try {
+                if (!fs.existsSync(targetDir)) {
+                    fs.mkdirSync(targetDir, { recursive: true });
+                }
+
+                req.files.forEach(file => {
+                    const targetPath = path.join(targetDir, file.filename);
+                    fs.renameSync(file.path, targetPath);
+                    savedFileNames.push(file.filename);
+                });
+                
+                arysave.prjdoc = savedFileNames.join(',');
+
+            } catch (err) {
+                console.error('Error moving files:', err);
+                return sendError('ไม่สามารถบันทึกไฟล์ลงโฟลเดอร์โครงการได้');
+            }
+        } else {
+            arysave.prjdoc = req.files.map(f => f.filename).join(',');
+        }
+    }
+
+    if (!arysave.prjusrseq) {
+        const token = req.headers.authorization?.split(' ')[1];
+        const decoded = verifyToken(token);
+        if (decoded) arysave.prjusrseq = decoded.id;
+    }
+
+    return this.Interface.saveInterface('prjmst', arysave, req);
+  }
+}

exthernal-ttc-api/src/controllers/projectSearchController.js

@@ -23,6 +23,7 @@ export class projectSearch {
     let idx = -1
     let aryResult = []
     let condition = {}
+    let column = ""
     try {
       let token = req.headers.authorization?.split(' ')[1];
       const decoded = verifyToken(token);
@@ -31,22 +32,33 @@ export class projectSearch {
       database = decoded.organization || database
 
       let columnParams = req.query.column
-      
-  
-      if (columnParams == 'edit') {
-        let column = `prjnam, prjwntbdg, ${database}.translatedtl('COMSTT', prjcomstt) as prjcomstt`
-        condition['prjseq'] = req.body.request.prjseq
-        
-        // เรียก Service ตัวเดิม (Simple)
-        aryResult = await this.projectSearchService.getProjectSearch(database, column, condition);
-
-      } if (columnParams == 'result' || columnParams == undefined || columnParams == '') {
-        
-        // กำหนดเงื่อนไข (ถ้ามีส่งมา)
       condition['prjseq'] = req.body.request.prjseq;
 
-        //  สร้าง Column String ที่มี Subquery ดึงงบจาก trnmst
+      switch (columnParams) {
-        let column = `
+        case "user":
+          column = `prjseq, prjnam, prjwntbdg, prjcomstt, prjacpdtm,
+          (
+           SELECT trnacpdtm 
+            FROM ${database}.trnmst t 
+            WHERE trnprjseq = prjseq 
+            ORDER BY trnacpdtm DESC 
+            LIMIT 1
+          ) as trnacpdtm`
+          aryResult = await this.projectSearchService.getProjectSearch(database, column, condition);
+          break;
+
+        case "edit":
+          column = `prjseq, prjnam, prjwntbdg, prjcomstt`
+          aryResult = await this.projectSearchService.getProjectSearch(database, column, condition);
+          break;
+
+        case "useredit":
+          column = `prjseq, prjnam, prjwntbdg, prjdoc`
+          aryResult = await this.projectSearchService.getProjectSearch(database, column, condition);
+          break;
+
+        default:
+          column = `
           prjseq, 
           prjnam, 
           usrthinam as prjusrnam, 
@@ -70,9 +82,8 @@ export class projectSearch {
           prjcomstt,
           prjacpdtm
         `;
-
-        // ใช้ Service ตัวใหม่ (Detail Search / Join)
           aryResult = await this.projectSearchService.getProjectDetailSearch(database, column, condition);
+          break;
       }
 
     } catch (error) {

exthernal-ttc-api/src/middlewares/uploadMiddleware.js

@@ -0,0 +1,94 @@
+import multer from 'multer'
+import path from 'path'
+import fs from 'fs'
+import { sendError } from '../utils/response.js'
+import { getDTM } from '../utils/date.js'
+
+const tempDir = 'uploads/temp'
+if (!fs.existsSync(tempDir)) {
+  fs.mkdirSync(tempDir, { recursive: true })
+}
+
+const storage = multer.diskStorage({
+  destination: function (req, file, cb) {
+    cb(null, tempDir)
+  },
+  filename: function (req, file, cb) {
+    // ดึงนามสกุลไฟล์
+    const ext = path.extname(file.originalname);
+    
+    // ดึงชื่อไฟล์เดิม (ตัดนามสกุลออก)
+    const originalName = path.basename(file.originalname, ext);
+
+    // Clean ชื่อไฟล์: เปลี่ยน space เป็น _, ลบอักขระพิเศษ, เหลือแค่ภาษาอังกฤษ ตัวเลข และ - _
+    const cleanName = originalName.replace(/[^a-zA-Z0-9]/g, '_').substring(0, 100);
+
+    // Format: YYYYMMDDHHmm-Random-CleanName.ext
+    // ตัวอย่าง: 202511300930-1234-System_Req.docx
+    const dtm = getDTM();
+    const random = Math.round(Math.random() * 1E4);
+    
+    cb(null, `${dtm}-${random}-${cleanName}${ext}`);
+  }
+})
+
+const fileFilter = (req, file, cb) => {
+  const allowedMimes = [
+    'image/jpeg', 'image/png', 'image/jpg', 
+    'application/pdf',
+    'application/msword', 
+    'application/vnd.openxmlformats-officedocument.wordprocessingml.document'
+  ]
+  if (allowedMimes.includes(file.mimetype)) {
+    cb(null, true)
+  } else {
+    cb(new Error('รองรับเฉพาะไฟล์รูปภาพ, PDF หรือเอกสาร Word เท่านั้น'), false)
+  }
+}
+
+const upload = multer({ 
+  storage: storage,
+  fileFilter: fileFilter,
+  limits: { fileSize: 10 * 1024 * 1024 } 
+})
+
+function verifyFileSignature(filePath) {
+  try {
+    const buffer = Buffer.alloc(8)
+    const fd = fs.openSync(filePath, 'r')
+    fs.readSync(fd, buffer, 0, 8, 0)
+    fs.closeSync(fd)
+    const hex = buffer.toString('hex').toUpperCase()
+
+    if (hex.startsWith('FFD8FF')) return true      // JPG
+    if (hex.startsWith('89504E47')) return true    // PNG
+    if (hex.startsWith('25504446')) return true    // PDF
+    if (hex.startsWith('D0CF11E0')) return true    // DOC
+    if (hex.startsWith('504B0304')) return true    // DOCX
+
+    return false
+  } catch (err) {
+    return false
+  }
+}
+
+export const uploadMiddleware = (req, res, next) => {
+  const uploadHandler = upload.array('prjdoc', 10)
+
+  uploadHandler(req, res, (err) => {
+    if (err) return res.status(400).json(sendError(err.message))
+    
+    if (!req.files || req.files.length === 0) return next()
+
+    for (const file of req.files) {
+        const isSafe = verifyFileSignature(file.path)
+        if (!isSafe) {
+            req.files.forEach(f => {
+                if (fs.existsSync(f.path)) fs.unlinkSync(f.path)
+            })
+            return res.status(400).json(sendError(`ไฟล์ ${file.originalname} ไม่ปลอดภัย (Invalid Signature)`))
+        }
+    }
+    next()
+  })
+}

exthernal-ttc-api/src/middlewares/verifyEmailHandler.js

@@ -1,4 +1,4 @@
-import Redis from 'ioredis';
+import Redis from '../utils/redis.js';
 import { GeneralService } from '../share/generalservice.js';
 // import { sendError } from './response.js';
 

exthernal-ttc-api/src/routes/route.js

@@ -1,5 +1,4 @@
 import express from 'express'
-// import { budgetSetup } from '../controllers/budgetSetupController.js'
 import { budgetSearch } from '../controllers/budgetSearchController.js'
 import { budgetAdd } from '../controllers/budgetAddController.js'
 import { projectSearch } from '../controllers/projectSearchController.js'
@@ -7,9 +6,8 @@ import { projectAdd } from '../controllers/projectAddController.js'
 import { BudgetExpenseController } from '../controllers/budgetExpenseController.js'
 import { reportController } from '../controllers/reportController.js'
 import { transactionSearch } from '../controllers/transactionSearchController.js'
-
+import { uploadMiddleware } from '../middlewares/uploadMiddleware.js' 
-// import { authMiddleware } from '../middlewares/auth.js'
+import { projectDownload } from '../controllers/projectDownloadController.js' // ✅ Import
-// import { sendResponse } from '../utils/response.js'
 
 const router = express.Router()
 const controller_projectSearch_post = new projectSearch()
@@ -19,11 +17,7 @@ const controller_budgetSetup_post = new BudgetExpenseController()
 const controller_report_post = new reportController()
 const controller_projectAdd_post = new projectAdd()
 const controller_transactionSearch_post = new transactionSearch()
-
+const controller_projectDownload_get = new projectDownload()
-// router.post('/budgetSetup', async (req, res) => {
-//   const result = await controller_budgetSetup_post.onNavigate(req, res)
-//   if (result) return res.json(result)
-// })
 
 router.post('/budgetadd', async (req, res) => {
   const result = await controller_budgetAdd_post.onNavigate(req, res)
@@ -40,11 +34,21 @@ router.post('/projectsearch', async (req, res) => {
   if (result) return res.json(result)
 })
 
-router.post('/projectadd', async (req, res) => {
+router.post('/projectadd', uploadMiddleware, async (req, res) => {
   const result = await controller_projectAdd_post.onNavigate(req, res)
   if (result) return res.json(result)
 })
 
+router.post('/projectedit', uploadMiddleware, async (req, res) => {
+  const result = await controller_projectAdd_post.onNavigate(req, res)
+  if (result) return res.json(result)
+})
+
+router.get('/projectdownload', async (req, res) => {
+    // ไม่ต้อง return res.json() เพราะ Controller จัดการ Stream แล้ว
+    await controller_projectDownload_get.onNavigate(req, res)
+})
+
 router.post('/transactionsearch', async (req, res) => {
   const result = await controller_transactionSearch_post.onNavigate(req, res)
   if (result) return res.json(result)

exthernal-ttc-api/src/services/budgetExpenseService.js

@@ -120,11 +120,10 @@ export class BudgetExpenseService {
       const sqlUpdatePrj = `
         UPDATE ${database}.prjmst
         SET prjacpbdg = $1,
-            prjcomstt = $2,
+            prjcomstt = $2
-            prjacpdtm = $3
+        WHERE prjseq = $3
-        WHERE prjseq = $4
       `;
-      await client.query(sqlUpdatePrj, [formattedTotal, projectStatus, currentDTM, projectSeq]);
+      await client.query(sqlUpdatePrj, [formattedTotal, projectStatus, projectSeq]);
 
       await client.query('COMMIT'); 
       return { 

exthernal-ttc-api/src/services/projectEditService.js

@@ -0,0 +1,34 @@
+import { GeneralService } from '../share/generalservice.js'
+
+export class ProjectEditService {
+
+  constructor() {
+    this.generalService = new GeneralService()
+  }
+
+  async getProjectEdit(database, name) {
+    const sql = `
+      SELECT 
+        prjseq,
+        prjnam
+      FROM ${database}.prjmst
+      WHERE prjnam = $1
+  `
+    const params = [name]
+    const result = await this.generalService.executeQueryParam(database, sql, params);
+    return result
+  }
+
+  async getLatestProjectSeq(database) {
+    const sql = `
+      SELECT 
+        prjseq
+      FROM ${database}.prjmst
+      WHERE prjseq=(SELECT max(prjseq) FROM ${database}.prjmst)
+    `
+
+    const params = []
+    const result = await this.generalService.executeQueryParam(database, sql, params);
+    return result
+  }
+}

exthernal-ttc-api/src/services/projectSearchService.js

@@ -34,7 +34,7 @@ export class ProjectSearchService {
     const sql = `
       SELECT ${selectCol}
       FROM ${database}.prjmst p
-      LEFT JOIN ${database}.usrmst u ON prjusrseq = usrseq
+      LEFT JOIN nuttakit.usrmst u ON prjusrseq = usrseq
       LEFT JOIN ${database}.bdgmst b ON prjbdgcod = bdgcod
       WHERE 1=1
       ORDER BY prjseq ASC

exthernal-ttc-api/src/utils/redis.js

@@ -4,7 +4,19 @@ dotenv.config()
 
 const redis = new Redis({
   host: process.env.REDIS_HOST,
-  port: process.env.REDIS_PORT
+  port: process.env.REDIS_PORT,
+  connectTimeout: 10000, 
+  maxRetriesPerRequest: null
+})
+
+redis.on('error', (err) => {
+  // Log the error so you know it's happening, but don't crash
+  console.error('Redis connection error:', err.code); 
+})
+
+// Optional: Log when connected successfully
+redis.on('connect', () => {
+  console.log('Connected to Redis successfully');
 })
 
 export async function saveOtp(email, otp) {

package.json

@@ -20,6 +20,7 @@
   "author": "Nuttakit Pothong",
   "license": "MIT",
   "dependencies": {
+    "archiver": "^7.0.1",
     "bcrypt": "^6.0.0",
     "connect-redis": "^9.0.0",
     "cors": "^2.8.5",
@@ -28,6 +29,7 @@
     "express-session": "^1.18.2",
     "ioredis": "^5.8.2",
     "jsonwebtoken": "^9.0.2",
+    "multer": "^2.0.2",
     "nodemailer": "^7.0.10",
     "pg": "^8.16.3",
     "socket.io": "^4.8.1",