From bb98c3656e6e88ea9e19e5a42bd43515a8eaa6f1 Mon Sep 17 00:00:00 2001
From: Jared <jared.busch@polizei.niedersachsen.de>
Date: Mon, 23 Jun 2025 14:46:09 +0200
Subject: [PATCH] tatorte only available via token

---
 src/lib/server/s3ClientService.ts             |  2 +-
 src/lib/server/vorgangService.ts              | 27 +++++++++----------
 src/routes/(token-based)/+layout.server.ts    | 22 +++++++++------
 .../list/[vorgang]/+page.server.ts            | 20 +++-----------
 .../(token-based)/list/[vorgang]/+page.svelte | 12 +++------
 .../list/[vorgang]/[tatort]/+server.ts        | 11 --------
 src/routes/(token-based)/view/+page.server.ts |  1 -
 .../view/[vorgang]/[tatort]/+page.server.ts   |  1 -
 src/routes/anmeldung/+page.server.ts          |  4 +--
 src/routes/api/tatort/+server.ts              | 15 +++++++++--
 10 files changed, 48 insertions(+), 67 deletions(-)
 delete mode 100644 src/routes/(token-based)/list/[vorgang]/[tatort]/+server.ts

diff --git a/src/lib/server/s3ClientService.ts b/src/lib/server/s3ClientService.ts
index dc497b1..c54c95c 100644
--- a/src/lib/server/s3ClientService.ts
+++ b/src/lib/server/s3ClientService.ts
@@ -19,7 +19,7 @@ export const checkIfExactDirectoryExists = (dir: string): Promise<boolean> => {
 	});
 };
 
-export const getContentofTextObject = async (bucket: string, objPath: string) => {
+export const getContentOfTextObject = async (bucket: string, objPath: string) => {
 	const res = await client.getObject(bucket, objPath);
 
 	const text = await new Response(res).text();
diff --git a/src/lib/server/vorgangService.ts b/src/lib/server/vorgangService.ts
index 0bf8469..06a9a5e 100644
--- a/src/lib/server/vorgangService.ts
+++ b/src/lib/server/vorgangService.ts
@@ -1,6 +1,6 @@
 import { fail } from '@sveltejs/kit';
 import { BUCKET, client, CONFIGFILENAME, TOKENFILENAME } from '$lib/minio';
-import { checkIfExactDirectoryExists, getContentofTextObject } from './s3ClientService';
+import { checkIfExactDirectoryExists, getContentOfTextObject } from './s3ClientService';
 
 /**
  * Get Vorgang and corresponend list of tatorte
@@ -17,12 +17,18 @@ export const getVorgangByCaseId = async (caseId: string) => {
 		const splittedNameParts = chunk.name.split('/');
 		const prefix = splittedNameParts[0];
 		const name = splittedNameParts[1];
+		
 		if (name === CONFIGFILENAME || name === TOKENFILENAME) continue;
 		list.push({ ...chunk, name: name, prefix: prefix, show_button: true });
 	}
 	return list;
 };
 
+
+/**
+ * Fetches list of vorgänge from s3 bucket
+ * @returns list of available cases
+ */
 export const getListOfVorgänge = async () => {
 	const stream = client.listObjectsV2(BUCKET, '', false, '');
 	
@@ -30,7 +36,7 @@ export const getListOfVorgänge = async () => {
 	for await (const chunk of stream) {
 		const objPath = `${chunk.prefix}${TOKENFILENAME}`;
 
-		const token = await getContentofTextObject(BUCKET, objPath);
+		const token = await getContentOfTextObject(BUCKET, objPath);
 
 		const cleanedChunkPrefix = chunk.prefix.replace(/\/$/, '');
 		list.push({ name: cleanedChunkPrefix, token: token });
@@ -43,7 +49,7 @@ export const getListOfVorgänge = async () => {
  * @param request
  * @returns fail or true
  */
-export const checkIfVorgangExists = async (caseId: string) => {
+export const checkIfVorgangExists = async (caseId: string | null) => {
 	if (!caseId) {
 		return fail(400, {
 			success: false,
@@ -68,21 +74,12 @@ export const hasValidToken = async (caseId: string, caseToken: string) => {
 
 	try {
 		if (!caseToken) {
-			return fail(400, {
-				success: false,
-				caseId,
-				error: { message: 'Bitte Zugangscode eingeben!' }
-			});
+			return false;
 		}
 
-		const token = await getContentofTextObject(BUCKET, objPath);
-
+		const token = await getContentOfTextObject(BUCKET, objPath);
 		if (!token || token !== caseToken) {
-			return fail(400, {
-				success: false,
-				caseId,
-				error: { message: 'Der Token ist ungültig.' }
-			});
+			return false;
 		}
 
 		return true;
diff --git a/src/routes/(token-based)/+layout.server.ts b/src/routes/(token-based)/+layout.server.ts
index e7a1878..6797d53 100644
--- a/src/routes/(token-based)/+layout.server.ts
+++ b/src/routes/(token-based)/+layout.server.ts
@@ -1,10 +1,16 @@
-import { type ServerLoadEvent } from '@sveltejs/kit';
-import type { PageServerLoad } from '../anmeldung/$types';
+import { checkIfVorgangExists, hasValidToken } from '$lib/server/vorgangService';
+import { redirect } from '@sveltejs/kit';
+import type { PageServerLoad } from './list/[vorgang]/$types';
+
+export const load: PageServerLoad = async ({params, url}) => {
+	
+		const caseId = params.vorgang;
+		const caseToken = url.searchParams.get('token');
+	
+		const isVorgangValid = await checkIfVorgangExists(caseId);
+		const isTokenValid = await hasValidToken(caseId, caseToken);
+
+		if(!isVorgangValid || !isTokenValid) throw redirect(303, `/anmeldung`);
+	
 
-export const load: PageServerLoad = (event: ServerLoadEvent) => {
-	if (event.locals.user) {
-		return {
-			user: event.locals.user
-		};
-	}
 };
diff --git a/src/routes/(token-based)/list/[vorgang]/+page.server.ts b/src/routes/(token-based)/list/[vorgang]/+page.server.ts
index 88a6d16..ed80765 100644
--- a/src/routes/(token-based)/list/[vorgang]/+page.server.ts
+++ b/src/routes/(token-based)/list/[vorgang]/+page.server.ts
@@ -1,28 +1,14 @@
-import { checkIfVorgangExists } from '$lib/server/vorgangService';
-import { hasValidToken } from '$lib/server/vorgangService';
 import { getVorgangByCaseId } from '$lib/server/vorgangService';
-import type { PageServerLoad } from '../../view/$types';
+import type { PageServerLoad } from './$types';
 
 export const load: PageServerLoad = async ({ params, url }) => {
 	const caseId = params.vorgang;
 	const caseToken = url.searchParams.get('token');
 
-	const isVorgangValid = await checkIfVorgangExists(caseId);
-	if (isVorgangValid !== true) {
-		return {
-			error: 'Vorgang wurde nicht gefunden.'
-		};
-	}
-	const isTokenValid = await hasValidToken(caseId, caseToken);
-	if (isTokenValid !== true) {
-		return {
-			error: 'Zugriffscode ist ungültig.'
-		};
-	}
-
 	const crimesList = await getVorgangByCaseId(caseId);
 
 	return {
-		crimesList
+		crimesList,
+		caseToken
 	};
 };
diff --git a/src/routes/(token-based)/list/[vorgang]/+page.svelte b/src/routes/(token-based)/list/[vorgang]/+page.svelte
index 73eed7d..4b3cde4 100644
--- a/src/routes/(token-based)/list/[vorgang]/+page.svelte
+++ b/src/routes/(token-based)/list/[vorgang]/+page.svelte
@@ -27,6 +27,7 @@
 	}
 
 	const crimesList: ListItem[] = data.crimesList;
+	const token: string = data.caseToken;
 
 	let open = false;
 	$: open;
@@ -138,7 +139,7 @@
 			{#each crimesList as item, i}
 				<li>
 					<a
-						href="/view/{$page.params.vorgang}/{item.name}"
+						href="/view/{$page.params.vorgang}/{item.name}?token={token}"
 						class=" flex justify-between gap-x-6 py-5"
 						aria-label="zum 3D-modell"
 					>
@@ -206,9 +207,8 @@
 												let url = new URL($page.url);
 												url.pathname += `/${filename}`;
 
-												console.log(`--- ${vorgang} + ${filename} + ${url}`);
 												try {
-													const response = await fetch(url, { method: 'DELETE' });
+													const response = await fetch(`api/${url}`, { method: 'DELETE' });
 													if (response.status == 204) {
 														setTimeout(() => {
 															window.location.reload();
@@ -264,12 +264,6 @@
 	</Modal>
 </div>
 
-{#if data.error}
-	<div class="max-w-xl mx-auto bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded relative mt-4">
-		<strong class="font-bold">Fehler: </strong>
-		<span class="block sm:inline">{data.error}</span>
-	</div>
-{/if}
 <style>
 	ul {
 		min-width: 24rem;
diff --git a/src/routes/(token-based)/list/[vorgang]/[tatort]/+server.ts b/src/routes/(token-based)/list/[vorgang]/[tatort]/+server.ts
deleted file mode 100644
index 077db3e..0000000
--- a/src/routes/(token-based)/list/[vorgang]/[tatort]/+server.ts
+++ /dev/null
@@ -1,11 +0,0 @@
-import { BUCKET, client } from '$lib/minio';
-
-export async function DELETE({ request }: { request: Request }) {
-	const url_fragments = request.url.split('/');
-	const item = url_fragments.at(-1);
-	const vorgang = url_fragments.at(-2);
-
-	await client.removeObject(BUCKET, `${vorgang}/${item}`);
-
-	return new Response(null, { status: 204 });
-}
diff --git a/src/routes/(token-based)/view/+page.server.ts b/src/routes/(token-based)/view/+page.server.ts
index 220a440..2af340a 100644
--- a/src/routes/(token-based)/view/+page.server.ts
+++ b/src/routes/(token-based)/view/+page.server.ts
@@ -1,6 +1,5 @@
 import { redirect } from '@sveltejs/kit';
 
-/** @type {import('./$types').Actions} */
 export const actions = {
 	default: async ({request}: {request: Request}) => {
 		const data = await request.formData();
diff --git a/src/routes/(token-based)/view/[vorgang]/[tatort]/+page.server.ts b/src/routes/(token-based)/view/[vorgang]/[tatort]/+page.server.ts
index 0d616c4..a604d4c 100644
--- a/src/routes/(token-based)/view/[vorgang]/[tatort]/+page.server.ts
+++ b/src/routes/(token-based)/view/[vorgang]/[tatort]/+page.server.ts
@@ -1,7 +1,6 @@
 import { client } from '$lib/minio';
 import type { PageServerLoad } from './$types';
 
-/** @type {import('./$types').PageServerLoad} */
 export const load: PageServerLoad = async ({ params }) => {
 	const { vorgang, tatort } = params;
 	const url = await client.presignedUrl('GET', 'tatort', `${vorgang}/${tatort}`);
diff --git a/src/routes/anmeldung/+page.server.ts b/src/routes/anmeldung/+page.server.ts
index 167b8ef..d656c57 100644
--- a/src/routes/anmeldung/+page.server.ts
+++ b/src/routes/anmeldung/+page.server.ts
@@ -11,9 +11,9 @@ export const actions = {
 		const caseToken = data.get('case-token');
 		
 		const isVorgangValid = await checkIfVorgangExists(caseId);
-		if (isVorgangValid !== true) return isVorgangValid;
+		if (!isVorgangValid) return isVorgangValid;
 		const isTokenValid = await hasValidToken(caseId, caseToken);
-		if ( isTokenValid !== true) return isTokenValid;
+		if (!isTokenValid) return isTokenValid;
 
 		throw redirect(303, `/list/${caseId}?token=${caseToken}`);
 	}
diff --git a/src/routes/api/tatort/+server.ts b/src/routes/api/tatort/+server.ts
index 23c4465..73f9033 100644
--- a/src/routes/api/tatort/+server.ts
+++ b/src/routes/api/tatort/+server.ts
@@ -1,7 +1,7 @@
-import { client } from '$lib/minio';
+import { BUCKET, client } from '$lib/minio';
 
 export async function GET() {
-	const stream = client.listObjectsV2('tatort', '', true);
+	const stream = client.listObjectsV2(BUCKET, '', true);
 	const result = new ReadableStream({
 		start(controller) {
 			stream.on('data', (data) => {
@@ -22,3 +22,14 @@ export async function GET() {
 		}
 	});
 }
+
+
+export async function DELETE({ request }: { request: Request }) {
+	const url_fragments = request.url.split('/');
+	const item = url_fragments.at(-1);
+	const vorgang = url_fragments.at(-2);
+
+	await client.removeObject(BUCKET, `${vorgang}/${item}`);
+
+	return new Response(null, { status: 204 });
+}