From dfa5c9ade1874d1c67365254b7605e637b034e31 Mon Sep 17 00:00:00 2001
From: Jared <jared.busch@polizei.niedersachsen.de>
Date: Mon, 28 Jul 2025 11:39:33 +0200
Subject: [PATCH] revised init db pw to pin, and check name routine

---
 package.json                                  |   3 +-
 src/init/init_db.ts                           |   2 +-
 src/lib/data/tatort.db                        | Bin 20480 -> 24576 bytes
 src/lib/server/vorgangService.ts              |   4 +-
 src/routes/(angemeldet)/list/+page.server.ts  |   2 +-
 src/routes/(angemeldet)/upload/+page.svelte   |  70 ++++++++++--------
 src/routes/api/list/[vorgang]/+server.ts      |  21 +++---
 .../api/list/[vorgang]/vorgangPIN/+server.ts  |   2 +-
 8 files changed, 55 insertions(+), 49 deletions(-)

diff --git a/package.json b/package.json
index ee0e0ce..9d7f33c 100644
--- a/package.json
+++ b/package.json
@@ -13,7 +13,8 @@
 		"format": "prettier --write .",
 		"lint": "prettier --check . && eslint .",
 		"test:unit": "vitest",
-		"test": "npm run test:unit -- --run && npm run test:e2e"
+		"test": "npm run test:unit -- --run && npm run test:e2e",
+		"init-db": "tsx ./src/init/init_db.ts"
 	},
 	"devDependencies": {
 		"@eslint/compat": "^1.2.9",
diff --git a/src/init/init_db.ts b/src/init/init_db.ts
index 8cb6846..3d3fed4 100644
--- a/src/init/init_db.ts
+++ b/src/init/init_db.ts
@@ -12,7 +12,7 @@ db.exec(createSQLStmt);
 // check if there are any users; if not add one default admin one
 const userPassword = 'pass-123';
 const hashedUserPassword = new jsSHA('SHA-512', 'TEXT').update(userPassword).getHash('HEX');
-const checkInsertSQLStmt = `INSERT INTO users (name, pin) SELECT 'admin', '${hashedUserPassword}'
+const checkInsertSQLStmt = `INSERT INTO users (name, pw) SELECT 'admin', '${hashedUserPassword}'
                     WHERE NOT EXISTS (SELECT * FROM users);`;
 
 db.exec(checkInsertSQLStmt);
diff --git a/src/lib/data/tatort.db b/src/lib/data/tatort.db
index 5ab89f54ecaf1ee75b802b347fd29e7c543807b9..f554e23a622fca898aeb3d9e5ef557a343cfc16b 100644
GIT binary patch
delta 141
zcmZozz}Rqrae_P}+e8H?kuD)#eqIJv-d_y->HMO+zxW>UZQm>?(89~rXvNGfE-ud4
z6g+t+ulD2@y!w-6_*5pl@(E4W=Mxku$jnm+ag7L3@bd@aP#+&nP1ecx_>|a<k`s$l
ni`gdM;cMd*V}uyNJvo~nWP~wLyTar&K7q~u`57G+IS2p%mCYvp

delta 239
zcmZoTz}T>Wae_P}>qG@7p`t~+{Ok-Yyz3eG6Z!dh*Yn-k*l5km)uhGDE-o(4*kU}H
zg-?63HlOk2NIuQUwS40BI$R3KprBkK#5E#B!OtIvLw$VEq?3zM6H8K4;*%;BJpDpk
z-CculsdV!Xa`klgQ}A|;)IjLcR0wi)a}9F!b9N0@C@oGc;waY0OwrWTWSP8^PiZn6
de-ft*BiN};;*$&cAx;H4lNsoa&5!wI9RM1wI<No$

diff --git a/src/lib/server/vorgangService.ts b/src/lib/server/vorgangService.ts
index ec7afe9..344f01b 100644
--- a/src/lib/server/vorgangService.ts
+++ b/src/lib/server/vorgangService.ts
@@ -143,8 +143,8 @@ export const vorgangExists = function (vorgangToken: string | null) {
 	return found;
 };
 
-export const vorgangNameExists = function (vorgangName: string) {
-	const vorgaenge = getVorgaenge();
+export const vorgangNameExists = async (vorgangName: string) => {
+	const vorgaenge = await getVorgaenge();
 	const vorgaengeNames = vorgaenge.map((vorgang) => vorgang.vorgangName);
 
 	const found = vorgaengeNames.indexOf(vorgangName) != -1;
diff --git a/src/routes/(angemeldet)/list/+page.server.ts b/src/routes/(angemeldet)/list/+page.server.ts
index 2053a67..5187d43 100644
--- a/src/routes/(angemeldet)/list/+page.server.ts
+++ b/src/routes/(angemeldet)/list/+page.server.ts
@@ -2,7 +2,7 @@ import { getVorgaenge } from '$lib/server/vorgangService';
 import type { PageServerLoad } from '../../(token-based)/view/$types';
 
 export const load: PageServerLoad = async () => {
-	const vorgangList = getVorgaenge();
+	const vorgangList = await getVorgaenge();
 
 	return {
 		vorgangList
diff --git a/src/routes/(angemeldet)/upload/+page.svelte b/src/routes/(angemeldet)/upload/+page.svelte
index 4a0240c..0b8b350 100644
--- a/src/routes/(angemeldet)/upload/+page.svelte
+++ b/src/routes/(angemeldet)/upload/+page.svelte
@@ -19,13 +19,13 @@
 
 	function generatePIN() {
 		return Math.random()
-		.toString(36)
-		.slice(2, 2 + PINLength);
+			.toString(36)
+			.slice(2, 2 + PINLength);
 	}
-	let vorgangPIN = ''
-	let vorgangPINOld = ''
+	let vorgangPIN = '';
+	let vorgangPINOld = '';
 	$: vorgangPINOld = generatePIN();
-	$: vorgangPIN = vorgangPINOld
+	$: vorgangPIN = vorgangPINOld;
 
 	let vorgangExists = undefined;
 	$: vorgangExists = false;
@@ -36,7 +36,7 @@
 
 	$: inProgress = form === null;
 
-	let formErrors: Record<string,any> | null;
+	let formErrors: Record<string, any> | null;
 
 	async function validateForm() {
 		let data = new FormData();
@@ -139,6 +139,7 @@
 		// big endian!
 		let file = files[0];
 		let file_header = file.slice(0, 4);
+		console.log(file_header);
 		let header_bytes = await file_header.bytes();
 		let file_header_hex = '0x' + header_bytes.toHex().toString();
 
@@ -152,33 +153,36 @@
 
 	// `/(angemeldet)/view` return true or false
 	async function checkVorgangExists(vorgangName: string) {
-
 		if (vorgangName == '') {
 			vorgangPIN = vorgangPINOld;
 			return;
 		}
 
-		let url = `/api/list/${vorgangName}`
+		try {
+			const url = `/api/list/${vorgangName}`;
+			const response = await fetch(url, { method: 'HEAD' });
 
-		const response = await fetch(url, { method: 'HEAD'});
-		const status = response.status;
-
-		if (status == 200) {
-			vorgangExists = true;
-			const token = await getVorgangPIN(vorgangName);
-			vorgangPIN = token;
-
-			return true
-
-		} else {
+			if (response.status === 200) {
+				console.log('Vorgang existiert:', vorgangName);
+				vorgangExists = true;
+				const token = await getVorgangPIN(vorgangName);
+				vorgangPIN = token;
+				return true;
+			} else {
+				console.log('Vorgang existiert nicht!');
+				vorgangExists = false;
+				vorgangPIN = vorgangPINOld;
+				return false;
+			}
+		} catch (err) {
+			console.error('Fehler bei checkVorgangExists:', err);
 			vorgangExists = false;
 			vorgangPIN = vorgangPINOld;
-			return false
+			return false;
 		}
 	}
 
 	async function getVorgangPIN(vorgangName: string) {
-
 		if (vorgangName == '') return;
 
 		let url = `/api/list/${vorgangName}/vorgangPIN`;
@@ -190,7 +194,6 @@
 			return -1;
 		}
 	}
-
 </script>
 
 <div class="mx-auto max-w-2xl">
@@ -211,7 +214,7 @@
 							><span class="flex"
 								>{#if formErrors?.vorgang}
 									<span class="inline-block mr-1"><Exclamation /></span>
-								{/if} Vorgang</span
+								{/if} Vorgangsname</span
 							></label
 						>
 						<div class="mt-2">
@@ -241,10 +244,10 @@
 
 					<div>
 						<label for="name" class="block text-sm font-medium leading-6 text-gray-900"
-						><span class="flex"
-							>{#if formErrors?.name}
+							><span class="flex"
+								>{#if formErrors?.name}
 									<span class="inline-block mr-1"><Exclamation /></span>
-								{/if} Name</span
+								{/if} Modellname</span
 							></label
 						>
 						<div class="mt-2">
@@ -283,16 +286,19 @@
 									type="text"
 									name="vorgang-pin"
 									id="vorgang-pin"
-									on:input="{ (ev) => { vorgangPINOld = ev.target.value }}"
+									on:input={(ev) => {
+										vorgangPINOld = ev.target.value;
+									}}
 									class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6"
 								/>
-
 							</div>
 							<button
-							class="rounded-md bg-blue-500 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-indigo-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600"
-							on:click="{() => {
-							vorgangPIN = vorgangPINOld = generatePIN(); }}"
-							type="button">
+								class="rounded-md bg-blue-500 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-indigo-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600"
+								on:click={() => {
+									vorgangPIN = vorgangPINOld = generatePIN();
+								}}
+								type="button"
+							>
 								Generiere Zugangs-PIN
 							</button>
 						</div>
diff --git a/src/routes/api/list/[vorgang]/+server.ts b/src/routes/api/list/[vorgang]/+server.ts
index 0a1cb3d..7894437 100644
--- a/src/routes/api/list/[vorgang]/+server.ts
+++ b/src/routes/api/list/[vorgang]/+server.ts
@@ -1,8 +1,5 @@
 import { client } from '$lib/minio';
-import {
-	deleteVorgangByToken,
-	vorgangNameExists
-} from '$lib/server/vorgangService';
+import { deleteVorgangByToken, vorgangNameExists } from '$lib/server/vorgangService';
 
 export async function DELETE({ params }) {
 	const vorgangToken = params.vorgang;
@@ -29,13 +26,15 @@ export async function DELETE({ params }) {
 }
 
 export async function HEAD({ params }) {
-	const vorgangName = params.vorgang;
+	try {
+		const vorgangName = params.vorgang;
+		const existing = await vorgangNameExists(vorgangName);
 
-	const existing = vorgangNameExists(vorgangName);
-
-	if (existing) {
-		return new Response(null, { status: 200 });
-	} else {
-		return new Response(null, { status: 404 });
+		return new Response(null, {
+			status: existing ? 200 : 404
+		});
+	} catch (err) {
+		console.error('Fehler im HEAD-Handler:', err);
+		return new Response(null, { status: 500 });
 	}
 }
diff --git a/src/routes/api/list/[vorgang]/vorgangPIN/+server.ts b/src/routes/api/list/[vorgang]/vorgangPIN/+server.ts
index 3ead69f..cc53d52 100644
--- a/src/routes/api/list/[vorgang]/vorgangPIN/+server.ts
+++ b/src/routes/api/list/[vorgang]/vorgangPIN/+server.ts
@@ -6,7 +6,7 @@ export async function GET({ params }) {
 
 	const getPINSQLStatement = `SELECT pin FROM cases WHERE name = ?;`;
 	const row = db.prepare(getPINSQLStatement).get(vorgangName);
-	const vorgangPIN = row.pin;
+	const vorgangPIN = row?.pin;
 
 	if (vorgangPIN) {
 		return new Response(vorgangPIN, { status: 200 });