From e5b530f9a4b757fede4ba2b11e9a50a97524f380 Mon Sep 17 00:00:00 2001
From: "gabriel.pereira" <gabriel.pereira@sothis.com.br>
Date: Fri, 9 Jan 2026 08:52:15 -0300
Subject: [PATCH] =?UTF-8?q?REFACTOR:=20Adicionado=20o=20parametro=20source?=
 =?UTF-8?q?=20no=20post=20para=20a=20API,=20e=20refatorado=20callback=20de?=
 =?UTF-8?q?=20autentica=C3=A7=C3=A3o.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 controller/viabilidadeController.js |  1 +
 routes/authRoutes.js                | 20 +++++++++++++-------
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/controller/viabilidadeController.js b/controller/viabilidadeController.js
index f60e3ad..a4142b7 100644
--- a/controller/viabilidadeController.js
+++ b/controller/viabilidadeController.js
@@ -9,6 +9,7 @@ const path = require('path');
 async function consultarViabilidadeController(req, res) {
   try {
     const data = req.body;
+    data.source = 'viabiliza.sothis.com.br';
     const result = await consultarViabilidade(data);
     res.json(result);
   } catch (error) {
diff --git a/routes/authRoutes.js b/routes/authRoutes.js
index 5e647fc..8f07b1d 100644
--- a/routes/authRoutes.js
+++ b/routes/authRoutes.js
@@ -1,14 +1,15 @@
 const express = require('express');
 const router = express.Router();
+const dotenv = require('dotenv');
+
+dotenv.config();
 
 /**
  * Página simples de login
  */
 router.get('/login', (req, res) => {
-  res.send(`
-    <h2>Login necessário</h2>
-    <a href="/auth/microsoft">Entrar com Microsoft</a>
-  `);
+  // Redirect straight to Microsoft OAuth start to avoid an extra click/page
+  return res.redirect('/auth/microsoft');
 });
 
 /**
@@ -31,7 +32,8 @@ router.get('/auth/microsoft', (req, res) => {
 /**
  * Callback do Azure
  */
-router.get('/auth/microsoft/callback', async (req, res) => {
+// shared handler so we accept both /auth/microsoft/callback and /auth/callback
+async function oauthCallbackHandler(req, res) {
   const code = req.query.code;
   // Verbose logging for debugging the OAuth callback flow
   console.log('[OAuth callback] incoming query:', {
@@ -50,7 +52,7 @@ router.get('/auth/microsoft/callback', async (req, res) => {
     console.log('[OAuth callback] exchanging code for tokens (will not log secrets)');
 
     const tokenRespRaw = await fetch(
-      `https://login.microsoftonline.com/${process.env.AZURE_TENANT_ID}/oauth2/v2.0/token`,
+      `https://login.microsoftonline.com/${process.env.OAUTH_TENANT_ID}/oauth2/v2.0/token`,
       {
         method: 'POST',
         headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
@@ -113,7 +115,11 @@ router.get('/auth/microsoft/callback', async (req, res) => {
     console.error('[OAuth callback] unexpected error during token exchange or session creation:', err && (err.stack || err.message || err));
     res.redirect('/login');
   }
-});
+}
+
+router.get('/auth/microsoft/callback', oauthCallbackHandler);
+// some Azure app registrations (or tooling like ngrok) may use /auth/callback — accept that too
+router.get('/auth/callback', oauthCallbackHandler);
 
 router.get('/logout', (req, res) => {
   req.session.destroy(() => res.redirect('/login'));