innohub/tatort
7
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rewrite vorgang exist and token validation check to use DB

Browse Source
This commit is contained in:
Chi Cong Tran
2025-07-11 10:19:17 +02:00
parent f7245fac90
commit 9ddec90214
2 changed files with 45 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/lib/server/vorgangService.ts
View File

@@ -27,6 +27,11 @@ export const getVorgangByCaseId = async (caseId: string) => {
return list; return list;
}; };
/**
* Get Vorgang
* @param caseId
* @returns caseObj with keys `token`, `name`, `pw` || undefined
*/
export const getVorgang = function (caseId: string) { export const getVorgang = function (caseId: string) {
let getVorgang_stmt = `SELECT token, name, pw FROM cases WHERE token = ?`; let getVorgang_stmt = `SELECT token, name, pw FROM cases WHERE token = ?`;
const stmt = db.prepare(getVorgang_stmt); const stmt = db.prepare(getVorgang_stmt);
@@ -96,6 +101,23 @@ export const checkIfVorgangExists = async (caseId: string | null) => {
return true; return true;
}; };
export const vorgangExists = function (caseId: string | null) {
if (!caseId) {
return fail(400, {
success: false,
caseId,
error: { message: 'Die Vorgangsnummer darf nicht leer sein.' }
});
}
let vorgaenge = getVorgaenge();
const vorgaenge_tokens = vorgaenge.map((vorg) => vorg.token);
const found = vorgaenge_tokens.indexOf(caseId) != -1;
return found;
};
export const hasValidToken = async (caseId: string, caseToken: string) => { export const hasValidToken = async (caseId: string, caseToken: string) => {
const objPath = `${caseId}/${TOKENFILENAME}`; const objPath = `${caseId}/${TOKENFILENAME}`;
@@ -117,3 +139,17 @@ export const hasValidToken = async (caseId: string, caseToken: string) => {
} }
} }
}; };
export const tokenValid = function (caseId, caseToken) {
if (!caseToken) {
return false;
}
const vorg = getVorgang(caseId);
if (!vorg || vorg.pw !== caseToken) {
return false;
}
return true;
};

12
src/routes/(token-based)/+layout.server.ts
View File

@@ -1,4 +1,9 @@
import { checkIfVorgangExists, hasValidToken } from '$lib/server/vorgangService'; import {
checkIfVorgangExists,
hasValidToken,
tokenValid,
vorgangExists
} from '$lib/server/vorgangService';
import { redirect } from '@sveltejs/kit'; import { redirect } from '@sveltejs/kit';
import type { PageServerLoad } from './list/[vorgang]/$types'; import type { PageServerLoad } from './list/[vorgang]/$types';
@@ -12,8 +17,9 @@ export const load: PageServerLoad = async ({ params, url, locals }) => {
const caseId = params.vorgang; const caseId = params.vorgang;
const caseToken = url.searchParams.get('token'); const caseToken = url.searchParams.get('token');
const isVorgangValid = await checkIfVorgangExists(caseId); const isVorgangValid = vorgangExists(caseId);
const isTokenValid = await hasValidToken(caseId, caseToken); const isTokenValid = tokenValid(caseId, caseToken);
console.log(`--- is valid: ${isTokenValid}`);
if (!isVorgangValid || !isTokenValid) throw redirect(303, `/anmeldung`); if (!isVorgangValid || !isTokenValid) throw redirect(303, `/anmeldung`);
}; };