Admin Passwort in die db und in Backen konfiguriebar

2025-04-17 16:00:18 +02:00
parent 06693cf59a
commit b3c7113ce4
11 changed files with 366 additions and 16 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -8,7 +8,8 @@
 			"name": "praktikum",
 			"version": "0.0.1",
 			"dependencies": {
-				"@prisma/client": "^6.6.0"
+				"@prisma/client": "^6.6.0",
+				"bcryptjs": "^3.0.2"
 			},
 			"devDependencies": {
 				"@eslint/compat": "^1.2.5",
@@ -17,6 +18,7 @@
 				"@sveltejs/kit": "^2.16.0",
 				"@sveltejs/vite-plugin-svelte": "^5.0.0",
 				"@tailwindcss/postcss": "^4.1.4",
+				"@types/node": "^22.14.1",
 				"autoprefixer": "^10.4.21",
 				"eslint": "^9.18.0",
 				"eslint-config-prettier": "^10.0.1",
@@ -29,7 +31,8 @@
 				"svelte": "^5.0.0",
 				"svelte-check": "^4.0.0",
 				"tailwindcss": "^3.4.17",
-				"typescript": "^5.0.0",
+				"ts-node": "^10.9.2",
+				"typescript": "^5.8.3",
 				"typescript-eslint": "^8.20.0",
 				"vite": "^6.2.6",
 				"vite-plugin": "^0.0.0"
@@ -62,6 +65,30 @@
 				"node": ">=6.0.0"
 			}
 		},
+		"node_modules/@cspotcode/source-map-support": {
+			"version": "0.8.1",
+			"resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz",
+			"integrity": "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==",
+			"dev": true,
+			"license": "MIT",
+			"dependencies": {
+				"@jridgewell/trace-mapping": "0.3.9"
+			},
+			"engines": {
+				"node": ">=12"
+			}
+		},
+		"node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping": {
+			"version": "0.3.9",
+			"resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz",
+			"integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==",
+			"dev": true,
+			"license": "MIT",
+			"dependencies": {
+				"@jridgewell/resolve-uri": "^3.0.3",
+				"@jridgewell/sourcemap-codec": "^1.4.10"
+			}
+		},
 		"node_modules/@esbuild/aix-ppc64": {
 			"version": "0.25.2",
 			"resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.2.tgz",
@@ -1601,6 +1628,34 @@
 			"dev": true,
 			"license": "MIT"
 		},
+		"node_modules/@tsconfig/node10": {
+			"version": "1.0.11",
+			"resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz",
+			"integrity": "sha512-DcRjDCujK/kCk/cUe8Xz8ZSpm8mS3mNNpta+jGCA6USEDfktlNvm1+IuZ9eTcDbNk41BHwpHHeW+N1lKCz4zOw==",
+			"dev": true,
+			"license": "MIT"
+		},
+		"node_modules/@tsconfig/node12": {
+			"version": "1.0.11",
+			"resolved": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz",
+			"integrity": "sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag==",
+			"dev": true,
+			"license": "MIT"
+		},
+		"node_modules/@tsconfig/node14": {
+			"version": "1.0.3",
+			"resolved": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz",
+			"integrity": "sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow==",
+			"dev": true,
+			"license": "MIT"
+		},
+		"node_modules/@tsconfig/node16": {
+			"version": "1.0.4",
+			"resolved": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz",
+			"integrity": "sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA==",
+			"dev": true,
+			"license": "MIT"
+		},
 		"node_modules/@types/cookie": {
 			"version": "0.6.0",
 			"resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.6.0.tgz",
@@ -1622,6 +1677,16 @@
 			"dev": true,
 			"license": "MIT"
 		},
+		"node_modules/@types/node": {
+			"version": "22.14.1",
+			"resolved": "https://registry.npmjs.org/@types/node/-/node-22.14.1.tgz",
+			"integrity": "sha512-u0HuPQwe/dHrItgHHpmw3N2fYCR6x4ivMNbPHRkBVP4CvN+kiRrKHWk3i8tXiO/joPwXLMYvF9TTF0eqgHIuOw==",
+			"dev": true,
+			"license": "MIT",
+			"dependencies": {
+				"undici-types": "~6.21.0"
+			}
+		},
 		"node_modules/@typescript-eslint/eslint-plugin": {
 			"version": "8.30.1",
 			"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.30.1.tgz",
@@ -1851,6 +1916,19 @@
 				"acorn": "^6.0.0 || ^7.0.0 || ^8.0.0"
 			}
 		},
+		"node_modules/acorn-walk": {
+			"version": "8.3.4",
+			"resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.4.tgz",
+			"integrity": "sha512-ueEepnujpqee2o5aIYnvHU6C0A42MNdsIDeqy5BydrkuC5R1ZuUFnm27EeFJGoEHJQgn3uleRvmTXaJgfXbt4g==",
+			"dev": true,
+			"license": "MIT",
+			"dependencies": {
+				"acorn": "^8.11.0"
+			},
+			"engines": {
+				"node": ">=0.4.0"
+			}
+		},
 		"node_modules/ajv": {
 			"version": "6.12.6",
 			"resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
@@ -2010,6 +2088,15 @@
 			"dev": true,
 			"license": "MIT"
 		},
+		"node_modules/bcryptjs": {
+			"version": "3.0.2",
+			"resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-3.0.2.tgz",
+			"integrity": "sha512-k38b3XOZKv60C4E2hVsXTolJWfkGRMbILBIe2IBITXciy5bOsTKot5kDrf3ZfufQtQOUN5mXceUEpU1rTl9Uog==",
+			"license": "BSD-3-Clause",
+			"bin": {
+				"bcrypt": "bin/bcrypt"
+			}
+		},
 		"node_modules/binary-extensions": {
 			"version": "2.3.0",
 			"resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz",
@@ -2211,6 +2298,13 @@
 				"node": ">= 0.6"
 			}
 		},
+		"node_modules/create-require": {
+			"version": "1.1.1",
+			"resolved": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz",
+			"integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==",
+			"dev": true,
+			"license": "MIT"
+		},
 		"node_modules/cross-spawn": {
 			"version": "7.0.6",
 			"resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
@@ -2298,6 +2392,16 @@
 			"dev": true,
 			"license": "Apache-2.0"
 		},
+		"node_modules/diff": {
+			"version": "4.0.2",
+			"resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz",
+			"integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==",
+			"dev": true,
+			"license": "BSD-3-Clause",
+			"engines": {
+				"node": ">=0.3.1"
+			}
+		},
 		"node_modules/dlv": {
 			"version": "1.1.3",
 			"resolved": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz",
@@ -3482,6 +3586,13 @@
 				"@jridgewell/sourcemap-codec": "^1.5.0"
 			}
 		},
+		"node_modules/make-error": {
+			"version": "1.3.6",
+			"resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz",
+			"integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==",
+			"dev": true,
+			"license": "ISC"
+		},
 		"node_modules/merge2": {
 			"version": "1.4.1",
 			"resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz",
@@ -4864,6 +4975,57 @@
 			"dev": true,
 			"license": "Apache-2.0"
 		},
+		"node_modules/ts-node": {
+			"version": "10.9.2",
+			"resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz",
+			"integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==",
+			"dev": true,
+			"license": "MIT",
+			"dependencies": {
+				"@cspotcode/source-map-support": "^0.8.0",
+				"@tsconfig/node10": "^1.0.7",
+				"@tsconfig/node12": "^1.0.7",
+				"@tsconfig/node14": "^1.0.0",
+				"@tsconfig/node16": "^1.0.2",
+				"acorn": "^8.4.1",
+				"acorn-walk": "^8.1.1",
+				"arg": "^4.1.0",
+				"create-require": "^1.1.0",
+				"diff": "^4.0.1",
+				"make-error": "^1.1.1",
+				"v8-compile-cache-lib": "^3.0.1",
+				"yn": "3.1.1"
+			},
+			"bin": {
+				"ts-node": "dist/bin.js",
+				"ts-node-cwd": "dist/bin-cwd.js",
+				"ts-node-esm": "dist/bin-esm.js",
+				"ts-node-script": "dist/bin-script.js",
+				"ts-node-transpile-only": "dist/bin-transpile.js",
+				"ts-script": "dist/bin-script-deprecated.js"
+			},
+			"peerDependencies": {
+				"@swc/core": ">=1.2.50",
+				"@swc/wasm": ">=1.2.50",
+				"@types/node": "*",
+				"typescript": ">=2.7"
+			},
+			"peerDependenciesMeta": {
+				"@swc/core": {
+					"optional": true
+				},
+				"@swc/wasm": {
+					"optional": true
+				}
+			}
+		},
+		"node_modules/ts-node/node_modules/arg": {
+			"version": "4.1.3",
+			"resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz",
+			"integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==",
+			"dev": true,
+			"license": "MIT"
+		},
 		"node_modules/type-check": {
 			"version": "0.4.0",
 			"resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz",
@@ -4914,6 +5076,13 @@
 				"typescript": ">=4.8.4 <5.9.0"
 			}
 		},
+		"node_modules/undici-types": {
+			"version": "6.21.0",
+			"resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz",
+			"integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==",
+			"dev": true,
+			"license": "MIT"
+		},
 		"node_modules/update-browserslist-db": {
 			"version": "1.1.3",
 			"resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.3.tgz",
@@ -4962,6 +5131,13 @@
 			"dev": true,
 			"license": "MIT"
 		},
+		"node_modules/v8-compile-cache-lib": {
+			"version": "3.0.1",
+			"resolved": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz",
+			"integrity": "sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==",
+			"dev": true,
+			"license": "MIT"
+		},
 		"node_modules/vite": {
 			"version": "6.3.0",
 			"resolved": "https://registry.npmjs.org/vite/-/vite-6.3.0.tgz",
@@ -5197,6 +5373,16 @@
 				"node": ">= 14"
 			}
 		},
+		"node_modules/yn": {
+			"version": "3.1.1",
+			"resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz",
+			"integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==",
+			"dev": true,
+			"license": "MIT",
+			"engines": {
+				"node": ">=6"
+			}
+		},
 		"node_modules/yocto-queue": {
 			"version": "0.1.0",
 			"resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
--- a/package.json
+++ b/package.json
@@ -3,6 +3,9 @@
 	"private": true,
 	"version": "0.0.1",
 	"type": "module",
+	"prisma": {
+		"seed": "node prisma/seed.cjs"
+	},
 	"scripts": {
 		"dev": "vite dev",
 		"build": "vite build",
@@ -20,6 +23,7 @@
 		"@sveltejs/kit": "^2.16.0",
 		"@sveltejs/vite-plugin-svelte": "^5.0.0",
 		"@tailwindcss/postcss": "^4.1.4",
+		"@types/node": "^22.14.1",
 		"autoprefixer": "^10.4.21",
 		"eslint": "^9.18.0",
 		"eslint-config-prettier": "^10.0.1",
@@ -32,12 +36,14 @@
 		"svelte": "^5.0.0",
 		"svelte-check": "^4.0.0",
 		"tailwindcss": "^3.4.17",
-		"typescript": "^5.0.0",
+		"ts-node": "^10.9.2",
+		"typescript": "^5.8.3",
 		"typescript-eslint": "^8.20.0",
 		"vite": "^6.2.6",
 		"vite-plugin": "^0.0.0"
 	},
 	"dependencies": {
-		"@prisma/client": "^6.6.0"
+		"@prisma/client": "^6.6.0",
+		"bcryptjs": "^3.0.2"
 	}
 }
--- a/prisma/migrations/20250417130201_add_admin/migration.sql
+++ b/prisma/migrations/20250417130201_add_admin/migration.sql
@@ -0,0 +1,5 @@
+-- CreateTable
+CREATE TABLE "Admin" (
+    "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT DEFAULT 1,
+    "password" TEXT NOT NULL
+);
--- a/prisma/praktika.db
+++ b/prisma/praktika.db
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -8,6 +8,11 @@ datasource db {
  url      = "file:./praktika.db"
 }

+model Admin {
+  id       Int    @id @default(1)
+  password String
+}
+
 model Dienststelle {
  id    Int     @id @default(autoincrement())
  name  String  @unique
--- a/prisma/seed.cjs
+++ b/prisma/seed.cjs
@@ -0,0 +1,19 @@
+const { PrismaClient } = require('@prisma/client');
+const bcrypt = require('bcryptjs');
+
+const prisma = new PrismaClient();
+
+async function main() {
+  const plainPassword = process.env.ADMIN_PASSWORD || 'admin';
+  const hashed = await bcrypt.hash(plainPassword, 10);
+
+  await prisma.admin.upsert({
+    where: { id: 1 },
+    update: {},
+    create: { id: 1, password: hashed }
+  });
+
+  console.log('✅ Admin erstellt oder aktualisiert');
+}
+
+main().finally(() => prisma.$disconnect());
--- a/src/routes/admin/+page.svelte
+++ b/src/routes/admin/+page.svelte
@@ -39,6 +39,9 @@
        <a href="/admin/dienststellen" class="bg-green-600 text-white px-4 py-3 rounded text-center hover:bg-green-700">
          🏢 Dienststellen verwalten
        </a>
+        <a href="/admin/change-password" class="bg-cyan-600 text-white px-4 py-3 rounded text-center hover:bg-green-700">
+          👨‍💼 Passwort ädern
+        </a>
      </div>
        <button
          on:click={async () => {
--- a/src/routes/admin/change-password/+page.svelte
+++ b/src/routes/admin/change-password/+page.svelte
@@ -0,0 +1,82 @@
+<script lang="ts">
+    let oldPassword = '';
+    let newPassword = '';
+    let confirmPassword = '';
+    let message = '';
+    let error = '';
+  
+    async function changePassword() {
+      message = '';
+      error = '';
+  
+      if (newPassword !== confirmPassword) {
+        error = 'Die neuen Passwörter stimmen nicht überein.';
+        return;
+      }
+  
+      const res = await fetch('/api/admin/change-password', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        credentials: 'include',
+        body: JSON.stringify({ oldPassword, newPassword })
+      });
+  
+      const data = await res.json();
+  
+      if (!res.ok) {
+        error = data.error || 'Fehler beim Ändern des Passworts.';
+      } else {
+        message = '✅ Passwort erfolgreich geändert.';
+        oldPassword = newPassword = confirmPassword = '';
+      }
+    }
+  
+</script>
+  
+  <div class="max-w-lg mx-auto bg-white p-6 rounded-2xl shadow-md space-y-6 border border-gray-200">
+    <h2 class="text-2xl font-bold text-gray-800">🔐 Admin-Passwort ändern</h2>
+  
+    <div class="space-y-4">
+      <div>
+        <label class="block text-sm font-medium text-gray-700">Altes Passwort</label>
+        <input
+          type="password"
+          bind:value={oldPassword}
+          class="mt-1 w-full px-4 py-2 border rounded-xl focus:outline-none focus:ring-2 focus:ring-blue-500"
+        />
+      </div>
+  
+      <div>
+        <label class="block text-sm font-medium text-gray-700">Neues Passwort</label>
+        <input
+          type="password"
+          bind:value={newPassword}
+          class="mt-1 w-full px-4 py-2 border rounded-xl focus:outline-none focus:ring-2 focus:ring-blue-500"
+        />
+      </div>
+  
+      <div>
+        <label class="block text-sm font-medium text-gray-700">Neues Passwort wiederholen</label>
+        <input
+          type="password"
+          bind:value={confirmPassword}
+          class="mt-1 w-full px-4 py-2 border rounded-xl focus:outline-none focus:ring-2 focus:ring-blue-500"
+        />
+      </div>
+    </div>
+  
+    {#if error}
+      <div class="text-red-600 text-sm font-medium">{error}</div>
+    {/if}
+    {#if message}
+      <div class="text-green-600 text-sm font-medium">{message}</div>
+    {/if}
+  
+    <div class="pt-4">
+      <button
+        on:click={changePassword}
+        class="w-full bg-blue-600 hover:bg-blue-700 text-white font-semibold py-2 px-4 rounded-xl transition duration-150"
+      >
+        Passwort ändern
+      </button>
+    </div>
--- a/src/routes/api/admin/change-password/+server.ts
+++ b/src/routes/api/admin/change-password/+server.ts
@@ -0,0 +1,30 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { PrismaClient } from '@prisma/client';
+import bcrypt from 'bcryptjs';
+
+const prisma = new PrismaClient();
+
+function checkAuth(cookies: any) {
+  return cookies.get('admin_session') === 'true';
+}
+
+export const POST: RequestHandler = async ({ request, cookies }) => {
+  if (!checkAuth(cookies)) return new Response('Nicht erlaubt', { status: 401 });
+
+  const { oldPassword, newPassword } = await request.json();
+
+  const admin = await prisma.admin.findUnique({ where: { id: 1 } });
+  if (!admin) return json({ error: 'Admin nicht gefunden' }, { status: 500 });
+
+  const isValid = await bcrypt.compare(oldPassword, admin.password);
+  if (!isValid) return json({ error: 'Falsches Passwort' }, { status: 401 });
+
+  const newHashed = await bcrypt.hash(newPassword, 10);
+  await prisma.admin.update({
+    where: { id: 1 },
+    data: { password: newHashed }
+  });
+
+  return json({ success: true });
+};
--- a/src/routes/api/admin/login/+server.ts
+++ b/src/routes/api/admin/login/+server.ts
@@ -1,20 +1,29 @@
 import { json } from '@sveltejs/kit';
 import type { RequestHandler } from './$types';
+import { PrismaClient } from '@prisma/client';
+import bcrypt from 'bcryptjs';

-const ADMIN_PASS = import.meta.env.VITE_ADMIN_PASS;
+const prisma = new PrismaClient();

 export const POST: RequestHandler = async ({ request, cookies }) => {
  const { passwort } = await request.json();

-  if (passwort === ADMIN_PASS) {
+  const admin = await prisma.admin.findUnique({ where: { id: 1 } });
+  if (!admin) {
+    return json({ error: 'Kein Admin gefunden' }, { status: 500 });
+  }
+
+  const isValid = await bcrypt.compare(passwort, admin.password);
+  if (!isValid) {
+    return json({ error: 'Falsches Passwort' }, { status: 401 });
+  }
+
  cookies.set('admin_session', 'true', {
    path: '/',
    httpOnly: true,
    sameSite: 'strict',
    maxAge: 60 * 60 * 4 // 4 Stunden
  });
-    return json({ success: true });
-  }

-  return json({ error: 'Falsches Passwort' }, { status: 401 });
+  return json({ success: true });
 };
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -9,7 +9,12 @@
 		"skipLibCheck": true,
 		"sourceMap": true,
 		"strict": true,
-		"moduleResolution": "bundler"
+		"module": "ESNext",
+		"target": "ES2020",
+		"moduleResolution": "Bundler"
+	},
+	"ts-node": {
+		"esm": true
 	}
 	// Path aliases are handled by https://svelte.dev/docs/kit/configuration#alias
 	// except $lib which is handled by https://svelte.dev/docs/kit/configuration#files