refactor viewer-login page with error messages and validation

2025-10-30 08:57:58 +01:00
parent e26b36121a
commit c857041e21
2 changed files with 22 additions and 45 deletions
--- a/src/routes/anmeldung/+page.server.ts
+++ b/src/routes/anmeldung/+page.server.ts
@@ -1,18 +1,20 @@
 import { dev } from '$app/environment';
-import { loginUser, logoutUser } from '$lib/server/authService';
-import { fail, redirect } from '@sveltejs/kit';
+import { error, fail, redirect } from '@sveltejs/kit';
 import { ROUTE_NAMES } from '../index.js';
+import { vorgangPINValidation } from '$lib/server/vorgangService.js';

 export const actions = {
-	login: ({ request, cookies }) => loginUser({ request, cookies }),
-	logout: (event) => logoutUser(event),
-	getVorgangByToken: async ({ request, cookies }) => {
+	default: async ({ request, cookies }) => {
 		const data = await request.formData();
 		const vorgangToken = data.get('vorgang-token');
 		const vorgangPIN = data.get('vorgang-pin') as string;

-		if (!vorgangToken || !vorgangPIN) {
-			return fail(400, { message: 'Token oder PIN fehlen' });
+		if (!vorgangPIN) {
+			return fail(400, { message: 'Bitte einen PIN eingeben.'});
+		}
+
+		if (!vorgangPINValidation(vorgangToken, vorgangPIN)) {
+			return fail(400, { message: 'Falsche Zugangsdaten.'});
 		}

 		const COOKIE_NAME = `token-${vorgangToken}`;
@@ -26,3 +28,8 @@ export const actions = {
 		throw redirect(303, ROUTE_NAMES.VORGANG(vorgangToken));
 	}
 } as const;
+
+export const load: PageServerLoad = async ({ url }) => {
+	const vorgang = url.searchParams.get('vorgang');
+	if (!vorgang) error(404, "Not Found");
+};