From 1e6c3b17032a5ba9487a389da32e673deac52395 Mon Sep 17 00:00:00 2001
From: titver968 <vermesan@hotmail.com>
Date: Wed, 23 Jul 2025 13:30:06 +0200
Subject: [PATCH] admin Bereich korrigiert

---
 src/routes/api/admin/login/+server.ts | 70 +++++++++++++++++++--------
 1 file changed, 50 insertions(+), 20 deletions(-)

diff --git a/src/routes/api/admin/login/+server.ts b/src/routes/api/admin/login/+server.ts
index f7ac3de..5651ed9 100644
--- a/src/routes/api/admin/login/+server.ts
+++ b/src/routes/api/admin/login/+server.ts
@@ -1,29 +1,59 @@
-import { json } from '@sveltejs/kit';
+// src/routes/api/admin/login/+server.ts
 import type { RequestHandler } from './$types';
-import { PrismaClient } from '@prisma/client';
 import bcrypt from 'bcryptjs';
+import { PrismaClient } from '@prisma/client';
 
 const prisma = new PrismaClient();
 
+//const ADMIN_PASSWORD_HASH = 'your-hashed-password-here'; // Ersetze mit deinem Hash
+
+const adminRecord = await prisma.admin.findUnique({ where: { id: 1 } });
+if (!adminRecord || !adminRecord.password) {
+  throw new Error('Admin password hash not found in database');
+} else {    
+  console.log('Admin password hash loaded successfully');
+}
+const ADMIN_PASSWORD_HASH = adminRecord.password;
+
 export const POST: RequestHandler = async ({ request, cookies }) => {
-  const { passwort } = await request.json();
+  try {
+    const { passwort } = await request.json();
 
-  const admin = await prisma.admin.findUnique({ where: { id: 1 } });
-  if (!admin) {
-    return json({ error: 'Kein Admin gefunden' }, { status: 500 });
+    if (!passwort) {
+      return new Response(
+        JSON.stringify({ message: 'Passwort erforderlich' }), 
+        { status: 400, headers: { 'Content-Type': 'application/json' } }
+      );
+    }
+
+    // Hier solltest du den Hash aus der Datenbank oder Umgebungsvariable laden
+    const isValid = await bcrypt.compare(passwort, ADMIN_PASSWORD_HASH);
+
+    if (isValid) {
+      // Setze konsistenten Cookie-Namen
+      cookies.set('admin-auth', 'authenticated', {
+        path: '/',
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        sameSite: 'strict',
+        maxAge: 60 * 60 * 24 // 24 Stunden
+      });
+
+      return new Response(
+        JSON.stringify({ success: true }), 
+        { status: 200, headers: { 'Content-Type': 'application/json' } }
+      );
+    } else {
+      return new Response(
+        JSON.stringify({ message: 'Falsches Passwort' }), 
+        { status: 401, headers: { 'Content-Type': 'application/json' } }
+      );
+    }
+  } catch (error) {
+    console.error('Login error:', error);
+    return new Response(
+      JSON.stringify({ message: 'Serverfehler' }), 
+      { status: 500, headers: { 'Content-Type': 'application/json' } }
+    );
   }
-
-  const isValid = await bcrypt.compare(passwort, admin.password);
-  if (!isValid) {
-    return json({ error: 'Falsches Passwort' }, { status: 401 });
-  }
-
-  cookies.set('admin_session', 'true', {
-    path: '/',
-    httpOnly: true,
-    sameSite: 'strict',
-    maxAge: 60 * 60 * 4 // 4 Stunden
-  });
-
-  return json({ success: true });
 };
\ No newline at end of file