innohub/tatort
7
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'development'

Browse Source
This commit is contained in:
Chi Cong Tran
2025-11-25 11:43:18 +01:00
parent 2d9acb402d 1158c88d43
commit e0d6e3cc62
87 changed files with 6014 additions and 2267 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.dockerignore Normal file
View File

@@ -0,0 +1,3 @@
node_modules
build
config.json

6
.gitignore vendored
View File

@@ -1,5 +1,8 @@
test-results
node_modules
config.json
src/lib/data/tatort.db
# Output
.output
@@ -22,3 +25,6 @@ Thumbs.db
# Vite
vite.config.js.timestamp-*
vite.config.ts.timestamp-*
# Jetbrains
/.idea

15
Dockerfile.dev
View File

@@ -1,18 +1,17 @@
# --- Build stage ---
FROM node:22 AS build
ENV NODE_ENV=production
FROM node:24-alpine AS build
ENV NODE_ENV=development
ENV ORIGIN=https://tatort-dev.innovation-hub-niedersachsen.de
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY package.json ./
RUN npm i --unsafe-perm
COPY . ./
COPY config.json_dev ./config.json
COPY config_dev.json ./config.json
RUN npm run build
# --- Production stage ---
FROM node:22-alpine3.20
FROM node:24-alpine
COPY --from=build /app .
ENV HOST=0.0.0.0
EXPOSE 3000
CMD ["sh", "-c", "ORIGIN=https://tatort-dev.innovation-hub-niedersachsen.de node build/index.js"]
CMD ["sh", "-c", "npm run init-db && ORIGIN=https://tatort-dev.innovation-hub-niedersachsen.de node build/index.js"]

3
Dockerfile.prod
View File

@@ -6,7 +6,7 @@ WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . ./
COPY config.json_prod ./config.json
COPY config_prod.json ./config.json
RUN npm run build
# --- Production stage ---
@@ -15,4 +15,3 @@ COPY --from=build /app .
ENV HOST=0.0.0.0
EXPOSE 3000
CMD ["sh", "-c", "ORIGIN=https://tatort.innovation-hub-niedersachsen.de node build/index.js"]

143
Jenkinsfile vendored Normal file
View File

@@ -0,0 +1,143 @@
/* groovylint-disable-next-line UnusedVariable */
@Library('InnoHub-Library') _
def didRun = false
def versionTag = 'null'
pipeline {
agent any
tools {
nodejs 'NodeJS-24.2.0'
}
environment {
REGISTRY = 'https://gitea.innovation-hub-niedersachsen.de/'
USER = 'jenkins'
TOKEN = credentials('JenkinsGitea')
}
parameters {
string(name: 'REPO_NAME', defaultValue: '', description: 'Repo Name')
string(name: 'GIT_REF', defaultValue: '', description: 'Git Ref')
}
options {
buildDiscarder(
BuildHistoryManager([
[ continueAfterMatch: false, matchAtMost: 5 ],
[ actions: [ DeleteBuild() ] ]
])
)
}
stages {
stage('Set Version Tag') {
steps {
script {
versionTag = generateVersionTag(params.GIT_REF)
echo "[INFO] Using VERSION_TAG: ${versionTag}"
}
}
}
stage('Validate Repository') {
steps {
script {
checkRepoName(params.REPO_NAME, true)
}
}
}
stage('Install Dependencies') {
steps {
script {
didRun = true
}
sh 'npm ci'
}
}
stage('Security Audit') {
steps {
script {
didRun = true
}
echo 'Start checking security vulnerabilities in npm packages'
sh 'npm audit --audit-level=moderate'
}
}
stage('Run Tests') {
steps {
sh 'npm run test'
}
}
stage('SonarQube Analysis') {
steps {
withSonarQubeEnv('sonarqube') {
sh 'sonar-scanner -Dsonar.projectKey=tatort -Dsonar.sources=src'
}
}
}
stage('Push image to gitea registry') {
when {
branch 'development'
}
steps {
script {
def imageName = "gitea.innovation-hub-niedersachsen.de/innohub/tatort-dev"
docker.withRegistry(REGISTRY, 'JenkinsGitea') {
def img = docker.build("${imageName}:${versionTag}", '-f Dockerfile.dev .')
img.push()
img.push('latest')
}
didRun = true
}
}
}
stage('Update Helm Chart Repository') {
when {
branch 'development'
}
steps {
script {
updateHelmChart([
tag: versionTag,
repoUrl: 'gitea.innovation-hub-niedersachsen.de/innohub/charts.git',
chartPath: 'tatort-dev/tatort',
chartName: 'tatort',
imageRepo: 'gitea.innovation-hub-niedersachsen.de/innohub/tatort-dev',
credentialsId: 'JenkinsGitea',
branch: 'main'
])
didRun = true
}
}
}
}
post {
success {
script {
if (didRun) {
echo 'Pipeline erfolgreich!'
discordSend description: "Running ${env.BUILD_ID} on ${env.JENKINS_URL}, ${params.GIT_REF}", footer: 'Pipeline succeeded', link: env.BUILD_URL, result: currentBuild.currentResult, title: env.JOB_NAME, webhookURL: 'https://discordapp.com/api/webhooks/1389470542691831819/NdMO17sLBG2dplp_-oh6Ff0cbPOoADl0QwXKM9UzduxU44av_ZQkQjKTmpdK7YuwcZDc'
}
}
}
failure {
script {
if (didRun) {
echo 'Pipeline fehlgeschlagen!'
discordSend description: "Running ${env.BUILD_ID} on ${env.JENKINS_URL}, ${params.GIT_REF}", footer: 'Pipeline failed', link: env.BUILD_URL, result: currentBuild.currentResult, title: env.JOB_NAME, webhookURL: 'https://discordapp.com/api/webhooks/1389470542691831819/NdMO17sLBG2dplp_-oh6Ff0cbPOoADl0QwXKM9UzduxU44av_ZQkQjKTmpdK7YuwcZDc'
}
}
}
}
}

21
README.md
View File

@@ -36,3 +36,24 @@ npm run build
You can preview the production build with `npm run preview`.
> To deploy your app, you may need to install an [adapter](https://svelte.dev/docs/kit/adapters) for your target environment.
## Initializing the SQLite DB
A database initialization script `init_db.ts` in included in the `src/init` folder. It will create a users database (if not existing) and populate it with a default admin user. Additionally, an empty cases table will be created.
It can be run with `node init_db.ts`
Database schema:
Users
- id
- name
- pw
Cases
- id
- token
- name
- pin

4
config.json
View File

@@ -8,10 +8,10 @@
},
"jwt": {
"secret": "@S2!q@@wXz$dCQ8JoVsHLpzaJ6JCfB",
"expiresIn": 36000
"expiresIn": 3600
},
"auth": {
"admin": { "password": "A-InnoHUB_2025!", "admin": true },
"user": { "password": "U-InnoHUB_2025!", "admin": false }
}
}
}

17
config_dev.json Normal file
View File

@@ -0,0 +1,17 @@
{
"minio": {
"endPoint": "sws3.innovation-hub-niedersachsen.de",
"port": 443,
"useSSL": true,
"accessKey": "wjpKrmaqXra99rX3D61H",
"secretKey": "fTPi0u0FR6Lv9Y9IKydWv6WM0EA5XrsK008HCt9u"
},
"jwt": {
"secret": "@S2!q@@wXz$dCQ8JoVsHLpzaJ6JCfB",
"expiresIn": 3600
},
"auth": {
"admin": { "password": "A-InnoHUB_2025!", "admin": true },
"user": { "password": "U-InnoHUB_2025!", "admin": false }
}
}

17
config_prod.json Normal file
View File

@@ -0,0 +1,17 @@
{
"minio": {
"endPoint": "sws3.innovation-hub-niedersachsen.de",
"port": 443,
"useSSL": true,
"accessKey": "wjpKrmaqXra99rX3D61H",
"secretKey": "fTPi0u0FR6Lv9Y9IKydWv6WM0EA5XrsK008HCt9u"
},
"jwt": {
"secret": "@S2!q@@wXz$dCQ8JoVsHLpzaJ6JCfB",
"expiresIn": 3600
},
"auth": {
"admin": { "password": "A-InnoHUB_2025!", "admin": true },
"user": { "password": "U-InnoHUB_2025!", "admin": false }
}
}

3315
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

15
package.json
View File

@@ -13,7 +13,8 @@
"format": "prettier --write .",
"lint": "prettier --check . && eslint .",
"test:unit": "vitest",
"test": "npm run test:unit -- --run && npm run test:e2e"
"test": "npm run test:unit -- --run",
"init-db": "tsx ./src/init/init_db.ts"
},
"devDependencies": {
"@eslint/compat": "^1.2.9",
@@ -21,9 +22,10 @@
"@sveltejs/adapter-auto": "^4.0.0",
"@sveltejs/kit": "^2.21.3",
"@sveltejs/vite-plugin-svelte": "^5.1.0",
"@testing-library/jest-dom": "^6.6.3",
"@testing-library/jest-dom": "^6.8.0",
"@testing-library/svelte": "^5.2.8",
"@tsconfig/svelte": "^5.0.4",
"@types/better-sqlite3": "^7.6.13",
"@types/jsonwebtoken": "^9.0.9",
"eslint": "^9.28.0",
"eslint-config-prettier": "^10.1.5",
@@ -34,19 +36,24 @@
"prettier-plugin-svelte": "^3.4.0",
"svelte": "^5.33.18",
"svelte-check": "^4.2.1",
"tsx": "^4.20.3",
"typescript": "^5.8.3",
"typescript-eslint": "^8.34.0",
"vite": "^6.3.5",
"vitest": "^3.2.3"
"vitest": "^3.2.4"
},
"dependencies": {
"@google/model-viewer": "^4.1.0",
"@sveltejs/adapter-node": "^5.2.12",
"@tailwindcss/forms": "^0.5.10",
"autoprefixer": "^10.4.21",
"bcrypt": "^6.0.0",
"better-sqlite3": "^12.2.0",
"jsonwebtoken": "^9.0.2",
"minio": "^8.0.5",
"postcss": "^8.5.4",
"tailwindcss": "^3.4.17"
"sqlite3": "^5.1.7",
"tailwindcss": "^3.4.17",
"uuid": "^11.1.0"
}
}

14
src/hooks.server.ts
View File

@@ -1,5 +1,7 @@
import { decryptToken } from '$lib/auth';
import type { Handle } from '@sveltejs/kit';
import { ROUTE_NAMES } from './routes';
export const handle: Handle = async ({ event, resolve }) => {
const jwt = event.cookies.get('session');
@@ -9,8 +11,18 @@ export const handle: Handle = async ({ event, resolve }) => {
return resolve(event);
}
} catch (_) {
event.cookies.delete('session', {path: '/'});
event.cookies.delete('session', {path: ROUTE_NAMES.ROOT});
event.locals.user = null;
}
if (event.url.pathname.startsWith('/api')) {
if (!event.locals.user) {
return new Response(JSON.stringify({ error: 'Unauthorized' }), {
status: 401,
headers: { 'Content-Type': 'application/json' }
});
}
}
return await resolve(event);
}

0
src/index.test.js → src/index.<SKIP>test.js
View File

46
src/init/init_db.ts Normal file
View File

@@ -0,0 +1,46 @@
import Database from 'better-sqlite3';
import fs from 'fs';
import path from 'path';
import { DB_FULLPATH } from '../routes';
const fullPath = DB_FULLPATH;
const dir = path.dirname(fullPath);
if (!fs.existsSync(dir)) {
fs.mkdirSync(dir);
}
const db = new Database(fullPath);
let createSQLStmt = `CREATE TABLE IF NOT EXISTS users
(id INTEGER PRIMARY KEY AUTOINCREMENT,
name TEXT NOT NULL UNIQUE,
pw TEXT NOT NULL)`;
db.exec(createSQLStmt);
// check if there are any users; if not add one default admin one
// const saltRounds = 12;
// const hashedUserPassword = bcrypt.hashSync(userPasswordHashed, saltRounds);
const hashedUserPassword = '$2b$12$d6bDzoDluXeCTuoxmWSVtOp5Cpian3mZm8qxzox6B37BIf6qtOnnG';
const checkInsertSQLStmt = `INSERT INTO users (name, pw) SELECT 'admin', '${hashedUserPassword}'
WHERE NOT EXISTS (SELECT * FROM users);`;
db.exec(checkInsertSQLStmt);
const usersSQLStmt = `SELECT * FROM USERS`;
let SQLStatement = db.prepare(usersSQLStmt);
// cases table
createSQLStmt = `CREATE TABLE IF NOT EXISTS cases
(id INTEGER PRIMARY KEY AUTOINCREMENT,
token TEXT NOT NULL UNIQUE,
name TEXT NOT NULL UNIQUE,
pin TEXT NOT NULL)`;
db.exec(createSQLStmt);
const vorgangSQLStmt = `SELECT * FROM cases`;
SQLStatement = db.prepare(vorgangSQLStmt);
db.close();

26
src/lib/auth.ts
View File

@@ -1,12 +1,12 @@
import jwt from 'jsonwebtoken';
import bcrypt from 'bcrypt';
import { db } from '$lib/server/dbService';
import config from '$lib/config';
const SECRET = config.jwt.secret;
const EXPIRES_IN = config.jwt.expiresIn;
const AUTH = config.auth;
export function createToken(userData) {
return jwt.sign(userData, SECRET, { expiresIn: EXPIRES_IN });
}
@@ -15,15 +15,21 @@ export function decryptToken(token: string) {
return jwt.verify(token, SECRET);
}
export function authenticate(user, pass) {
let userData = null;
export function authenticate(user, password) {
let JWTToken;
if (AUTH[user]) {
const { password, ...data } = AUTH[user];
if (password && password === pass) userData = data;
const getUserSQLStmt = 'SELECT name, pw FROM users WHERE name = ?';
const row = db.prepare(getUserSQLStmt).get(user);
if (!row) {
return null;
}
const storedPW = row.pw;
const isValid = bcrypt.compareSync(password, storedPW)
if (isValid) {
JWTToken = createToken({ id: user, admin: true });
}
if (userData == null) return null;
return createToken({ id: user, ...userData });
return JWTToken;
}

56
src/lib/components/Button.svelte
View File

@@ -1,3 +1,31 @@
<script lang="ts">
export let href = null;
export let type: 'button' | 'submit' | 'reset' = 'button';
export let size = 'md';
export let variant = 'primary';
export let fullWidth = false;
export let align = 'center';
export let disabled = false;
let classNames = '';
export { classNames as class };
</script>
{#if href}
<a on:click {href} class:w-full={fullWidth} class="button {variant} {size} {classNames} {align}"
><slot />
</a>
{:else}
<button
on:click
{type}
{disabled}
class:w-full={fullWidth}
class="button {variant} {size} {classNames} {align}"
>
<slot />
</button>
{/if}
<style>
.button {
@apply inline-flex;
@@ -172,31 +200,3 @@
@apply justify-end;
}
</style>
<script lang="ts">
export let href = null;
export let type = 'button';
export let size = 'md';
export let variant = 'primary';
export let fullWidth = false;
export let align = 'center';
export let disabled = false;
let classNames = '';
export { classNames as class };
</script>
{#if href}
<a on:click {href} class:w-full={fullWidth} class="button {variant} {size} {classNames} {align}"
><slot />
</a>
{:else}
<button
on:click
{type}
{disabled}
class:w-full={fullWidth}
class="button {variant} {size} {classNames} {align}"
>
<slot />
</button>
{/if}

3
src/lib/components/EmptyList.svelte Normal file
View File

@@ -0,0 +1,3 @@
<p data-testid="empty-list" class="flex justify-center m-4">
In dieser Liste sind keine Einträge vorhanden
</p>

54
src/lib/components/ExpandableForm.svelte Normal file
View File

@@ -0,0 +1,54 @@
<script lang="ts">
import { fly, scale, fade } from 'svelte/transition';
import { cubicOut } from 'svelte/easing';
import { tick } from 'svelte';
let expanded = false;
let formContainer: HTMLDivElement;
async function toggle() {
expanded = !expanded;
if (expanded) {
// Wait for DOM to update
await tick();
// Scroll smoothly into view
formContainer?.scrollIntoView({ behavior: 'smooth', block: 'start' });
}
}
</script>
<div data-testid="expand-container" class="flex flex-col items-center">
<!-- + / × button -->
<button
data-testid="expand-button"
class="flex items-center justify-center w-12 h-12 rounded-full bg-blue-600 text-white text-2xl font-bold hover:bg-blue-700 transition"
on:click={toggle}
aria-expanded={expanded}
aria-label="Add item"
>
{#if expanded}
{:else}
+
{/if}
</button>
<!-- Expandable content below button -->
{#if expanded}
<div
bind:this={formContainer}
class="w-full mt-4 flex justify-center"
transition:fade
>
<div
in:fly={{ y: 10, duration: 200, easing: cubicOut }}
out:scale={{ duration: 150 }}
class="w-full max-w-2xl"
>
<slot />
</div>
</div>
{/if}
</div>

8
src/lib/components/Footer.svelte
View File

@@ -1,6 +1,8 @@
<script>
import Profile from "$lib/icons/Profile.svelte";
import { ROUTE_NAMES } from "../../routes";
export let data;
</script>
@@ -10,19 +12,19 @@
<div class="mx-auto max-w-7xl px-6 lg:px-8">
<div class="flex justify-between divide-x divide-gray-900/5 border-x border-gray-900/5">
<a
href="/list"
href="{ROUTE_NAMES.LIST}"
class="px-4 py-1 -ml-4 flex items-center justify-center gap-x-2.5 text-sm font-semibold leading-6 text-gray-500 hover:bg-gray-200 hover:text-gray-700"
>
&copy; 2023 Innovation Hub Niedersachen
</a>
<a
href="/"
href="{ROUTE_NAMES.ROOT}"
class="px-4 py-1 flex items-center justify-center gap-x-2.5 text-sm font-semibold leading-6 text-gray-500 hover:bg-gray-200 hover:text-gray-700"
>
back
</a>
<a
href="/"
href="{ROUTE_NAMES.ROOT}"
class="px-4 py-1 -mr-4 flex items-center justify-center gap-x-2.5 text-sm font-semibold leading-6 text-gray-500 hover:bg-gray-200 hover:text-gray-700"
>
<!--icon-->

6
src/lib/components/Header.svelte
View File

@@ -1,6 +1,8 @@
<script lang="ts">
import Chevron from '$lib/icons/Chevron-right.svelte';
import { ROUTE_NAMES } from '../../routes';
export let data;
</script>
@@ -11,7 +13,7 @@
aria-label="Global"
>
<div class="flex w-48">
<a href="/" class="-m-1.5 p-1.5 w-10">
<a href="{ROUTE_NAMES.ROOT}" class="-m-1.5 p-1.5 w-10">
<span class="sr-only">Tatort Niedersachen</span>
<img class="h-8 w-auto" src="/Landeswappen_NI.svg" alt="Landeswappen Niedersachsen" />
</a>
@@ -19,7 +21,7 @@
<h1 class="text-3xl text-slate-400 font-bold">Tatort</h1>
<div class="lg:flex lg:justify-end w-48">
{#if data.user}
<form method="POST" action="/anmeldung?/logout">
<form method="POST" action="{ROUTE_NAMES.LOGOUT}">
<input type="hidden" />
<button type="submit" class="text-sm font-semibold leading-6 text-gray-900"
><span

116
src/lib/components/NameItemEditor.svelte Normal file
View File

@@ -0,0 +1,116 @@
<script lang="ts">
import Check from '$lib/icons/Check.svelte';
import Edit from '$lib/icons/Edit.svelte';
import Trash from '$lib/icons/Trash.svelte';
import X from '$lib/icons/X.svelte';
import { tick } from 'svelte';
interface ListItem {
name: string;
token?: string;
}
// props, old syntax
export let list: ListItem[] = [];
export let currentName: string;
export let vorgangToken: string | null;
export let onSave: (n: string, o: string, t?: string) => unknown = () => {};
export let onDelete: ((n: string) => unknown) | null = () => {};
let localName = currentName;
let isEditing = false;
let inputRef: HTMLInputElement | null = null;
$: error = validateName(localName);
function validateName(name: string): string {
const trimmed = name?.trim() ?? '';
if (!trimmed) return 'Name darf nicht leer sein.';
if (list.some((item) => item.name === trimmed && item.name !== currentName)) {
return 'Name existiert bereits.';
}
return '';
}
async function startEdit() {
isEditing = true;
await tick();
inputRef?.focus();
}
function cancelEdit() {
localName = currentName;
isEditing = false;
}
function commitEdit() {
if (!error && localName != currentName) onSave(localName, currentName, vorgangToken);
// restore original value
if (error) { localName = currentName }
isEditing = false;
}
function handleKeydown(event: KeyboardEvent) {
if (event.key === 'Enter') commitEdit();
if (event.key === 'Escape') cancelEdit();
}
function handleDeleteClick() {
// vorgangToken defined when deleting Vorgang, otherwise Crime
onDelete(vorgangToken || currentName);
}
</script>
<div data-testid="test-nameItemEditor" class="flex flex-col gap-1">
{#if isEditing}
<div class="flex items-center gap-1">
<input
data-testid="test-input"
bind:this={inputRef}
bind:value={localName}
onkeydown={handleKeydown}
class="flex-1 border border-gray-300 rounded px-1.5 py-0.5 text-sm focus:outline-none focus:ring-1 focus:ring-blue-500"
/>
<button
data-testid="commit-button"
disabled={!!error || localName === currentName}
onclick={commitEdit}
class="text-gray-500 hover:text-green-600 transition disabled:opacity-40"
>
<Check class="w-4 h-4" />
</button>
<button
data-testid="cancel-button"
onclick={cancelEdit}
class="text-gray-500 hover:text-red-600 transition"
>
<X class="w-4 h-4" />
</button>
</div>
{:else}
<div class="flex items-center gap-1">
<span class="text-sm font-medium text-gray-900 truncate">{localName}</span>
<button
data-testid="edit-button"
onclick={startEdit}
class="text-gray-500 hover:text-blue-600 transition"
>
<Edit class="w-4 h-4" />
</button>
{#if onDelete}
<button
data-testid="delete-button"
onclick={handleDeleteClick}
class="text-gray-500 hover:text-red-600 transition"
>
<Trash class="w-4 h-4" />
</button>
{/if}
</div>
{/if}
{#if error}
<p class="text-xs text-red-500 mt-1">{error}</p>
{/if}
</div>

2
src/lib/config.ts
View File

@@ -1,3 +1,3 @@
import { readFileSync } from 'fs';
export default JSON.parse(readFileSync('./config.json').toString());
export default JSON.parse(readFileSync('./config_prod.json').toString());

17
src/lib/helper/caseNumberOccupied.ts
View File

@@ -1,17 +0,0 @@
import { client } from '$lib/minio';
export default async function caseNumberOccupied (caseNumber: string): Promise<boolean> {
const prefix = `${caseNumber}`;
const promise: Promise<boolean> = new Promise((resolve) => {
const stream = client.listObjectsV2('tatort', prefix, false, '');
stream.on('data', () => {
stream.destroy();
resolve(true);
});
stream.on('end', () => {
resolve(false);
});
});
return promise;
}

10
src/lib/helper/getCode.ts
View File

@@ -1,10 +0,0 @@
export default async function get_code(case_no) {
let url = `/api/list/${case_no}/code`;
const response = await fetch(url);
if (response.status == 200) {
return response.text();
} else {
return -1;
}
}

17
src/lib/helper/vorgangNumberOccupied.ts Normal file
View File

@@ -0,0 +1,17 @@
import { client, BUCKET } from '$lib/minio';
export default async function vorgangNumberOccupied(vorgangNumber: string): Promise<boolean> {
const prefix = `${vorgangNumber}`;
const promise: Promise<boolean> = new Promise((resolve) => {
const stream = client.listObjectsV2(BUCKET, prefix, false, '');
stream.on('data', () => {
stream.destroy();
resolve(true);
});
stream.on('end', () => {
resolve(false);
});
});
return promise;
}

1
src/lib/icons/Profile.svelte
View File

@@ -1,4 +1,5 @@
<svg
data-testid="profile-component"
xmlns="http://www.w3.org/2000/svg"
fill="none"
viewBox="0 0 24 24"
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 402 B

After

Width:  |  Height:  |  Size: 435 B

8
src/lib/minio.ts
View File

@@ -7,4 +7,10 @@ import config from '$lib/config';
/** export const client = new Minio.Client(config.minio); */
export const client = new Client(config.minio);
export const BUCKET = 'tatort';
const isProd = process.env.NODE_ENV == 'production';
const BUCKET = isProd ? 'tatort' : 'tatort-dev';
export { BUCKET };
export const TOKENFILENAME = '__perm__';
export const CONFIGFILENAME = 'config.json';

12
src/lib/server/authService.ts
View File

@@ -1,6 +1,7 @@
import { dev } from '$app/environment';
import { fail, redirect, type Cookies, type RequestEvent } from '@sveltejs/kit';
import { authenticate } from '$lib/auth';
import { ROUTE_NAMES } from '../../routes';
const COOKIE_NAME = 'session';
@@ -11,19 +12,20 @@ export const loginUser = async ({ request, cookies }: { request: Request; cookie
const token = authenticate(user, password);
if (!token) return fail(400, { user, incorrect: true });
if (!token) return fail(400, { user, incorrect: true,
message: "Ungültige Zugangsdaten" });
cookies.set(COOKIE_NAME, token, {
path: '/',
path: ROUTE_NAMES.ROOT,
httpOnly: true,
sameSite: 'strict',
secure: !dev
});
return redirect(303, '/');
return redirect(303, ROUTE_NAMES.ROOT);
};
export const logoutUser = async (event: RequestEvent) => {
event.cookies.delete(COOKIE_NAME, { path: '/' });
event.cookies.delete(COOKIE_NAME, { path: ROUTE_NAMES.ROOT });
event.locals.user = null;
return { success: true };
return redirect(303, ROUTE_NAMES.ROOT);
};

7
src/lib/server/dbService.ts Normal file
View File

@@ -0,0 +1,7 @@
import Database from 'better-sqlite3';
import { DB_FULLPATH } from '../../routes';
// make sure the DB is initiated
import '../../init/init_db'
export const db = new Database(DB_FULLPATH);

10
src/lib/server/s3ClientService.ts
View File

@@ -1,6 +1,5 @@
import { BUCKET, client } from '$lib/minio';
export const checkIfExactDirectoryExists = (dir: string): Promise<boolean> => {
return new Promise<boolean>((resolve, reject) => {
const prefix = dir.endsWith('/') ? dir : `${dir}/`;
@@ -18,4 +17,11 @@ export const checkIfExactDirectoryExists = (dir: string): Promise<boolean> => {
stream.on('end', () => resolve(false));
});
}
};
export const getContentOfTextObject = async (bucket: string, objPath: string) => {
const res = await client.getObject(bucket, objPath);
const text = await new Response(res).text();
return text;
};

51
src/lib/server/userService.ts Normal file
View File

@@ -0,0 +1,51 @@
import { db } from '$lib/server/dbService';
export const getUsers = (): { userId: string; userName: string }[] => {
const getUsersSQLStmt = `SELECT id, name
FROM users;`;
const statement = db.prepare(getUsersSQLStmt);
const result = statement.all() as { id: string; name: string }[];
const userList: { userId: string; userName: string }[] = [];
for (const resultItem of result) {
const user = { userId: resultItem.id, userName: resultItem.name };
userList.push(user);
}
return userList;
};
export const addUser = (userName: string, userPassword: string) => {
const addUserSQLStmt = `INSERT into users(name, pw)
values (?, ?)`;
const statement = db.prepare(addUserSQLStmt);
let rowInfo;
try {
rowInfo = statement.run(userName, userPassword);
return rowInfo;
} catch (error) {
console.error('ERROR: ', error);
}
};
export const deleteUser = (userId: string) => {
// make sure to not delete the last entry
const deleteUserSQLStmt = `DELETE
FROM users
WHERE id = ?
AND (SELECT COUNT(*) FROM users) > 1;`;
const statement = db.prepare(deleteUserSQLStmt);
let rowCount;
try {
const info = statement.run(userId);
rowCount = info.changes;
} catch (error) {
console.log(error);
rowCount = 0;
}
return rowCount;
};

279
src/lib/server/vorgangService.ts
View File

@@ -1,93 +1,218 @@
import { fail, redirect } from '@sveltejs/kit';
import { BUCKET, client } from '$lib/minio';
import { checkIfExactDirectoryExists } from './s3ClientService';
import { fail } from '@sveltejs/kit';
import { BUCKET, client, CONFIGFILENAME, TOKENFILENAME } from '$lib/minio';
import { checkIfExactDirectoryExists, getContentOfTextObject } from './s3ClientService';
import { v4 as uuidv4 } from 'uuid';
import { db } from './dbService';
/**
* Checks if Vorgang exists and token is valid.
* @param request
* @returns redirect to /list/caseId or error
* Get Vorgang and corresponend list of tatorte
* @param vorgangToken
* @returns
*/
export const redirectIfVorgangExists = async (request: Request) => {
const data = await request.formData();
const caseId = data.get('case-id');
const caseToken = data.get('case-token');
export const getCrimesListByToken = async (vorgangToken: string) => {
const prefix = `${vorgangToken}/`;
if (!caseId) {
const stream = client.listObjectsV2(BUCKET, prefix, false, '');
const list = [];
for await (const chunk of stream) {
const splittedNameParts = chunk.name.split('/');
const prefix = splittedNameParts[0];
const name = splittedNameParts[1];
if (name === CONFIGFILENAME || name === TOKENFILENAME) continue;
list.push({ ...chunk, name: name, prefix: prefix, show_button: true });
}
return list;
};
/**
* Get Vorgang
* @param vorgangToken
* @returns vorgangObj with keys `token`, `name`, `pin` || undefined
*/
export const getVorgangByToken = (
vorgangToken: string
): { token: string; name: string; pin: string } | undefined => {
const getVorgangSQLStmt = `SELECT token, name, pin
FROM cases
WHERE token = ?`;
const statement = db.prepare(getVorgangSQLStmt);
const result = statement.get(vorgangToken) as
| { token: string; name: string; pin: string }
| undefined;
return result;
};
/**
* Create Vorgang, using a vorgangName and vorgangPIN
* @param vorgangName
* @param vorgangPIN
* @returns {string || false} vorgangToken if successful
*/
export const createVorgang = (vorgangName: string, vorgangPIN: string): string | boolean => {
const vorgangExists = vorgangNameExists(vorgangName);
if (vorgangExists) {
return false;
}
const vorgangToken = uuidv4();
const insertSQLStatement = `INSERT INTO cases (token, name, pin) VALUES (?, ?, ?)`;
const statement = db.prepare(insertSQLStatement);
const info = statement.run(vorgangToken, vorgangName, vorgangPIN);
if (info.changes) {
return vorgangToken;
} else {
return false;
}
};
/**
* Get Vorgang
* @param vorgangName
* @returns vorgangObj with keys `token`, `name`, `pin` || undefined
*/
export const getVorgangByName = (
vorgangName: string
): { token: string; name: string; pin: string } | undefined => {
const getVorgangByNameSQLStmt = `SELECT token, name, pin
FROM cases
WHERE name = ?`;
const statement = db.prepare(getVorgangByNameSQLStmt);
const result = statement.get(vorgangName) as
| { token: string; name: string; pin: string }
| undefined;
return result;
};
/**
* Delete Vorgang
* @param vorgangToken
* @returns int: number of changes
*/
export const deleteVorgangByToken = function (vorgangToken: string) {
const deleteSQLStmt = 'DELETE FROM cases WHERE token = ?';
const statement = db.prepare(deleteSQLStmt);
const info = statement.run(vorgangToken);
return info.changes;
};
/**
* Fetches list of vorgänge from s3 bucket
* @returns list of available vorgaenge
*/
export const getListOfVorgänge = async () => {
const stream = client.listObjectsV2(BUCKET, '', false, '');
const list = [];
for await (const chunk of stream) {
const objPath = `${chunk.prefix}${TOKENFILENAME}`;
const token = await getContentOfTextObject(BUCKET, objPath);
const cleanedChunkPrefix = chunk.prefix.replace(/\/$/, '');
list.push({ name: cleanedChunkPrefix, token: token });
}
return list;
};
/**
* Fetches list of vorgänge from database
* @returns list with of available vorgaenge
*/
export const getVorgaenge = (): {
vorgangToken: string;
vorgangName: string;
vorgangPIN: string;
}[] => {
const getVorgaengeSQLStmt = `SELECT token, name, pin
from cases`;
const statement = db.prepare(getVorgaengeSQLStmt);
const result = statement.all() as { token: string; name: string; pin: string }[];
const vorgaenge_list: { vorgangToken: string; vorgangName: string; vorgangPIN: string }[] = [];
for (const resultItem of result) {
const vorg = {
vorgangToken: resultItem.token,
vorgangName: resultItem.name,
vorgangPIN: resultItem.pin
};
vorgaenge_list.push(vorg);
}
return vorgaenge_list;
};
/**
* Checks if Vorgang exists
* @param request
* @returns fail or true
*/
export const checkIfVorgangExists = async (vorgangId: string | null) => {
if (!vorgangId) {
return fail(400, {
success: false,
caseId,
vorgangId,
error: { message: 'Die Vorgangsnummer darf nicht leer sein.' }
});
}
if (typeof caseId === 'string' && !(await checkIfExactDirectoryExists(caseId))) {
if (typeof vorgangId === 'string' && !(await checkIfExactDirectoryExists(vorgangId))) {
return fail(400, {
success: false,
caseId,
vorgangId,
error: { message: 'Die Vorgangsnummer existiert in dieser Anwendung nicht.' }
});
}
const isTokenValid = await hasValidToken(caseId, caseToken);
return true;
};
if (!isTokenValid) {
export const vorgangExists = function (vorgangToken: string | null) {
if (!vorgangToken) {
return fail(400, {
success: false,
caseId,
error: { message: 'Der Token ist ungültig.' }
vorgangId: vorgangToken,
error: { message: 'Die Vorgangsnummer darf nicht leer sein.' }
});
}
redirect(303, `/list/${caseId}`);
const vorgaenge = getVorgaenge();
const vorgaengeTokens = vorgaenge.map((vorgang) => vorgang.vorgangToken);
const found = vorgaengeTokens.indexOf(vorgangToken) != -1;
return found;
};
export const getVorgangByCaseId = ({ params }) => {
const prefix = params.vorgang ? `${params.vorgang}/` : '';
const stream = client.listObjectsV2(BUCKET, prefix, false, '');
const result = new ReadableStream({
start(controller) {
stream.on('data', (data) => {
if (prefix === '') {
if (data.prefix)
controller.enqueue(`${JSON.stringify({ ...data, name: data.prefix.slice(0, -1) })}\n`);
return;
}
export const vorgangNameExists = (vorgangName: string) => {
const vorgaenge = getVorgaenge();
const vorgaengeNames = vorgaenge.map((vorgang) => vorgang.vorgangName);
const name = data.name.slice(prefix.length);
if (name === 'config.json') return;
// zugangscode datei
if (name === '__perm__') return;
const found = vorgaengeNames.indexOf(vorgangName) != -1;
controller.enqueue(`${JSON.stringify({ ...data, name, prefix })}\n`);
});
stream.on('end', () => {
controller.close();
});
},
cancel() {
stream.destroy();
}
});
return new Response(result, {
headers: {
'content-type': 'text/event-stream'
}
});
return found;
};
const hasValidToken = async (caseId: string, caseToken: string) => {
const tokenFileName = '__perm__';
const objPath = `${caseId}/${tokenFileName}`;
export const hasValidToken = async (vorgangId: string, vorgangToken: string) => {
const objPath = `${vorgangId}/${TOKENFILENAME}`;
try {
if (!caseToken) return false;
if (!vorgangToken) {
return false;
}
const res = await client.getObject('tatort', objPath);
const token = await getContentOfTextObject(BUCKET, objPath);
if (!token || token !== vorgangToken) {
return false;
}
const savedToken = await new Response(res).text();
return savedToken === caseToken ? true : false;
return true;
} catch (error) {
if (error.name == 'S3Error') {
console.log(error);
@@ -95,3 +220,41 @@ const hasValidToken = async (caseId: string, caseToken: string) => {
}
}
};
export const vorgangPINValidation = function (vorgangToken: string, vorgangPIN: string) {
if (!vorgangPIN) {
return false;
}
const vorgang = getVorgangByToken(vorgangToken);
if (!vorgang || vorgang.pin !== vorgangPIN) {
return false;
}
return true;
};
/**
* Change VorgangName or VorgangPIN
* @param vorgangToken
* @param newValue
* @returns {int} number of affected lines
*/
export const updateVorgangAttrByToken = function (vorgangToken: string,
newValue: string,
column: string) {
const renameSQLStmt = `UPDATE cases set ${column} = ? WHERE token = ?`;
const statement = db.prepare(renameSQLStmt);
let info;
try {
info = statement.run(newValue, vorgangToken);
} catch (err) {
console.log(`error: ${err}`)
return 0;
}
return info.changes;
};

13
src/routes/(angemeldet)/+layout.server.ts
View File

@@ -1,9 +1,10 @@
import { redirect, type ServerLoadEvent } from '@sveltejs/kit';
import { type ServerLoadEvent } from '@sveltejs/kit';
import type { PageServerLoad } from '../anmeldung/$types';
export const load: PageServerLoad = (event: ServerLoadEvent) => {
if (!event.locals.user && event.url.pathname !== '/anmeldung') throw redirect(303, '/anmeldung');
return {
user: event.locals.user
};
}
if (event.locals.user) {
return {
user: event.locals.user
};
}
};

9
src/routes/(angemeldet)/+layout.svelte
View File

@@ -5,6 +5,8 @@
export let data;
</script>
{#if data.user?.admin}
<div class="h-screen v-screen flex flex-col">
<div class="flex flex-col h-full">
<Header {data}/>
@@ -16,3 +18,10 @@
</div>
</div>
{:else}
<div class="h-screen bg-white"><slot /></div>
{/if}

6
src/routes/(angemeldet)/+page.server.ts Normal file
View File

@@ -0,0 +1,6 @@
import { loginUser, logoutUser } from '$lib/server/authService';
export const actions = {
login: ({ request, cookies }) => loginUser({ request, cookies }),
logout: (event) => logoutUser(event),
} as const;

92
src/routes/(angemeldet)/+page.svelte
View File

@@ -2,60 +2,108 @@
import AddProcess from '$lib/icons/Add-Process.svelte';
import FileRect from '$lib/icons/File-rect.svelte';
import ListIcon from '$lib/icons/List-icon.svelte';
import Button from '$lib/components/Button.svelte';
import ArrowRight from '$lib/icons/Arrow-right.svelte';
import { ROUTE_NAMES } from '../index.js';
export let data;
export let form;
export let outline = true;
</script>
{#if data.user?.admin}
<div
class=" inset-x-0 top-0 -z-10 h-full flex items-center justify-center bg-white shadow-lg ring-1 ring-gray-900/5"
>
<div class="mx-auto flex justify-center max-w-7xl py-10 px-8 w-full">
{#if data.user.admin}
<div class="group relative rounded-lg p-6 text-sm leading-6 hover:bg-gray-50 w-1/4">
<div
class="flex h-11 w-11 items-center justify-center rounded-lg bg-gray-50 group-hover:bg-white"
>
<ListIcon class=" group-hover:text-indigo-600" />
</div>
<a href="/list" class="mt-6 block font-semibold text-gray-900">
Liste
<a href="{ROUTE_NAMES.LIST}" class="mt-6 block font-semibold text-gray-900">
Vorgänge
<span class="absolute inset-0"></span>
</a>
<p class="mt-1 text-gray-600">
Verschaffe Dir einen Überblick über alle gespeicherten Tatorte.
</p>
</div>
{/if}
{#if data.user.admin}
<div class="group relative rounded-lg p-6 text-sm leading-6 hover:bg-gray-50 w-1/4">
<div
class="flex h-11 w-11 items-center justify-center rounded-lg bg-gray-50 group-hover:bg-white"
>
<AddProcess class=" group-hover:text-indigo-600" />
</div>
<a href="/upload" class="mt-6 block font-semibold text-gray-900">
Hinzufügen
<span class="absolute inset-0"></span>
</a>
<p class="mt-1 text-gray-600">Fügen Sie einem Tatort Bilder hinzu.</p>
</div>
{/if}
<div class="group relative rounded-lg p-6 text-sm leading-6 hover:bg-gray-50 w-1/4">
<div
class="flex h-11 w-11 items-center justify-center rounded-lg bg-gray-50 group-hover:bg-white"
>
<FileRect class=" group-hover:text-indigo-600" {outline} />
</div>
<a href="/view" class="mt-6 block font-semibold text-gray-900">
Ansicht
<a href="{ROUTE_NAMES.USERMGMT}" class="mt-6 block font-semibold text-gray-900">
Benutzerverwaltung
<span class="absolute inset-0"></span>
</a>
<p class="mt-1 text-gray-600">Schau Dir einen Tatort in der 3D Ansicht an.</p>
<p class="mt-1 text-gray-600">Füge neue Benutzer hinzu oder entferne welche.</p>
</div>
</div>
</div>
{:else}
<div class="flex min-h-full flex-col justify-center px-6 py-12 lg:px-8">
<div class="sm:mx-auto sm:w-full sm:max-w-sm">
<img class="mx-auto h-10 w-auto" src="/Landeswappen_NI.svg" alt="Landeswappen Niedersachsen" />
<h2 class="mt-10 text-center text-2xl font-bold leading-9 tracking-tight text-gray-900">
Willkommen beim 3D Tatort
</h2>
</div>
<div class="w-full max-w-sm mx-auto">
<div class="relative mt-5 bg-gray-50 rounded-xl shadow-xl p-3 pt-1">
<div class="mt-10">
<form action="{ROUTE_NAMES.LOGIN}" method="POST">
<div>
<label for="user" class="text-sm font-medium leading-6 text-gray-900">Name</label>
<div class="mt-2">
<input
id="user"
name="user"
type="text"
autocomplete="email"
required
class="rounded-md border-0 py-1.5 text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 placeholder:text-gray-400 focus:ring-2 focus:ring-inset focus:ring-indigo-600 sm:text-sm sm:leading-6"
/>
</div>
</div>
<div>
<label for="password" class="block text-sm font-medium leading-6 text-gray-900"
>Passwort</label
>
<div class="mt-2">
<input
id="password"
name="password"
type="password"
autocomplete="current-password"
required
class="block w-full rounded-md border-0 py-1.5 text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 placeholder:text-gray-400 focus:ring-2 focus:ring-inset focus:ring-indigo-600 sm:text-sm sm:leading-6"
/>
</div>
</div>
{#if form?.incorrect}
<p class="block text-sm leading-6 text-red-900 mt-2">{form.message}</p>
{/if}
<div class="flex justify-end">
<Button type="submit" class="mt-5">Anmelden</Button>
</div>
</form>
</div>
</div>
</div>
</div>
{/if}
<style>
</style>
</style>

35
src/routes/(angemeldet)/list/+page.server.ts Normal file
View File

@@ -0,0 +1,35 @@
import { createVorgang, getVorgaenge } from '$lib/server/vorgangService';
import type { PageServerLoad } from '../../(token-based)/view/$types';
import { error, fail } from '@sveltejs/kit';
export const load: PageServerLoad = async (event) => {
if (!event.locals.user) {
error(404, 'Not Found')
}
const vorgangList = getVorgaenge();
return {
vorgangList
};
};
export const actions = {
default: async ({ request }: { request: Request }) => {
const data = await request.formData();
const vorgangName: string | null = data.get('vorgang') as string;
const vorgangPIN: string | null = data.get('pin') as string;
const err = {};
const token = createVorgang(vorgangName, vorgangPIN);
if (!token) {
err.message = "Der Vorgang konnte nicht angelegt werden"
return fail(400, err)
} else {
// success
return { token }
}
}
};

264
src/routes/(angemeldet)/list/+page.svelte Normal file
View File

@@ -0,0 +1,264 @@
<script lang="ts">
import ExpandableForm from '$lib/components/ExpandableForm.svelte';
import Trash from '$lib/icons/Trash.svelte';
import Folder from '$lib/icons/Folder.svelte';
import EmptyList from '$lib/components/EmptyList.svelte';
import NameItemEditor from '$lib/components/NameItemEditor.svelte';
import Alert from '$lib/components/Alert.svelte';
import Button from '$lib/components/Button.svelte';
import Modal from '$lib/components/Modal/Modal.svelte';
import ModalTitle from '$lib/components/Modal/ModalTitle.svelte';
import ModalContent from '$lib/components/Modal/ModalContent.svelte';
import ModalFooter from '$lib/components/Modal/ModalFooter.svelte';
import { API_ROUTES, ROUTE_NAMES } from '../../index.js';
import { invalidateAll } from '$app/navigation';
let { data, form } = $props();
let vorgangList = $state(data.vorgangList);
// same as `vorgangList` but with one different property to be used
// with ´NameItemEditor`
const derivedList = $derived.by(
() => {
return vorgangList.map(
({ vorgangName, ...rest }) => (
{
name: vorgangName,
...rest
}
)
)
}
);
let isEmptyList = vorgangList.length === 0;
let vorgangName = $state('');
let vorgangPIN = $state('');
let errorMsg = $state('');
// reset input fields when submission successful
$effect(() => {
if (form?.token) {
vorgangName = '';
vorgangPIN = '';
errorMsg = '';
}
});
async function submitVorgang(ev: Event) {
const isValid = inputValid(vorgangName, vorgangPIN);
if (!isValid) {
ev.preventDefault();
return;
}
// continue form action on server
}
/**
* Check for required fields
* @param vorgangName
* @param vorgangPIN
* @returns {boolean} Indicates whether input is valid
*/
function inputValid(vorgangName, vorgangPIN) {
if (!(vorgangName || vorgangPIN)) {
errorMsg = 'Bitte beide Felder ausfüllen.';
return false;
} else if (!vorgangName) {
errorMsg = 'Bitte einen Vorgangsnamen vergeben.';
return false;
} else if (!vorgangPIN) {
errorMsg = 'Bitte einen Vorgangs-PIN eingeben.';
return false;
}
const existing = vorgangList.some((vorg) => vorg.vorgangName === vorgangName);
if (existing) {
errorMsg = 'Der Name existiert bereits.';
return false;
}
return true;
}
async function deleteVorgang(vorgangToken: string) {
let delete_item = window.confirm('Bist du sicher?');
if (delete_item) {
let url = API_ROUTES.VORGANG(vorgangToken);
try {
const response = await fetch(url, { method: 'DELETE' });
if (response.status == 204) {
setTimeout(() => {
window.location.reload();
}, 500);
}
} catch (error) {
if (error instanceof Error) {
console.log(error.message);
} else {
console.log(error);
}
}
}
}
//Variablen für Modal
let open = $state(false);
let inProgress = $state(false);
let isError = $state(false);
async function handleSave(newName: string, oldName: string, vorgangToken: string) {
open = true;
inProgress = true;
isError = false;
try {
const res = await fetch(API_ROUTES.VORGANG(vorgangToken), {
method: 'PUT',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({ vorgangToken, oldName, newName })
});
if (!res.ok) {
throw new Error('Fehler beim Speichern');
}
await invalidateAll();
vorgangList = data.vorgangList;
open = false;
} catch (err) {
console.error('⚠️ Netzwerkfehler beim Speichern', err);
isError = true;
} finally {
inProgress = false;
}
}
async function closeModal() {
open = false;
isError = false;
}
</script>
<div class="-z-10 bg-white">
<div class="flex flex-col items-center justify-center w-full">
<h1 class="text-xl">Liste der Vorgänge</h1>
</div>
<div class="mx-auto flex justify-center max-w-7xl h-full">
<ul role="list" class="divide-y divide-gray-100">
{#if isEmptyList}
<EmptyList></EmptyList>
{:else}
{#each vorgangList as vorgangItem}
<li data-testid="test-list-item">
<div class="flex items-center justify-center gap-3">
<a
href="{ROUTE_NAMES.VORGANG(vorgangItem.vorgangToken)}"
class="flex flex-col items-center justify-center gap-2 py-4 rounded-lg hover:bg-gray-50 transition text-center"
>
<Folder class="w-6 h-6 text-gray-600" />
</a>
<NameItemEditor
list={derivedList}
currentName={vorgangItem.vorgangName}
vorgangToken={vorgangItem.vorgangToken}
onSave={handleSave}
onDelete={deleteVorgang}
/>
</div>
</li>
{/each}
{/if}
</ul>
</div>
</div>
<ExpandableForm>
<form class="flex flex-col items-center" method="POST">
<div class="flex flex-col sm:flex-row sm:space-x-4 w-full max-w-lg">
<div class="flex-1">
<label for="vorgang" class="block text-sm font-medium leading-6 text-gray-900">
<span class="flex"> Vorgangsname </span>
</label>
<div class="mt-2">
<div
class="flex rounded-md shadow-sm ring-1 ring-inset ring-gray-300 focus-within:ring-2 focus-within:ring-inset focus-within:ring-indigo-600"
>
<input
required
bind:value={vorgangName}
type="text"
name="vorgang"
id="vorgang"
class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6"
/>
</div>
</div>
</div>
<div class="flex-1 mt-4 sm:mt-0">
<label for="pin" class="block text-sm font-medium leading-6 text-gray-900">
<span class="flex"> PIN </span>
</label>
<div class="mt-2">
<div
class="flex rounded-md shadow-sm ring-1 ring-inset ring-gray-300 focus-within:ring-2 focus-within:ring-inset focus-within:ring-indigo-600"
>
<input
required
type="password"
bind:value={vorgangPIN}
name="pin"
id="pin"
class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6"
/>
</div>
</div>
</div>
</div>
{#if errorMsg}
<p>{errorMsg}</p>
{/if}
{#if form?.message}
<p>{form.message}</p>
{/if}
<button
type="submit"
on:click={submitVorgang}
class="mt-4 bg-indigo-600 text-white px-6 py-2 rounded hover:bg-indigo-700 transition"
>
Neuen Vorgang hinzufügen
</button>
</form>
</ExpandableForm>
<Modal {open}
><ModalTitle>Umbenennen</ModalTitle><ModalContent>
{#if inProgress}
<p class="py-2 mb-1">Vorgang läuft...</p>
{:else if isError}
<Alert class="w-full" type="error">Fehler beim Umbenennen</Alert>
{:else}
<Alert class="w-full">Umbenennen erfolgreich</Alert>
{/if}
</ModalContent>
<ModalFooter><Button disabled={inProgress} on:click={closeModal}>Ok</Button></ModalFooter>
</Modal>
<style>
ul {
min-width: 24rem;
}
</style>

37
src/routes/(angemeldet)/tatorte/+page.server.ts
View File

@@ -1,37 +0,0 @@
import { client } from '$lib/minio';
import { fail } from '@sveltejs/kit';
import caseNumberOccupied from '$lib/helper/caseNumberOccupied';
/** @type {import('./$types').Actions} */
export const actions = {
default: async ({ request }: {request: Request}) => {
const data = await request.formData();
const caseNumber = data.get('caseNumber');
const description = data.get('description');
if (!caseNumber) {
return fail(400, {
caseNumber,
description,
error: { caseNumber: 'Es muss eine Vorgangsnummer vorhanden sein.' }
});
}
if (await caseNumberOccupied(`${caseNumber}`)) {
return fail(400, {
caseNumber,
description,
error: { caseNumber: 'Die Vorgangsnummer wurde im System bereits angelegt.' }
});
}
const config = `${JSON.stringify({ caseNumber, description, version: 1 })}\n`;
await client.putObject('tatort', `${caseNumber}/config.json`, config, undefined, {
'Content-Type': 'application/json'
});
return { success: true };
}
};

115
src/routes/(angemeldet)/tatorte/+page.svelte
View File

@@ -1,115 +0,0 @@
<script lang="ts">
import Alert from '$lib/components/Alert.svelte';
import Button from '$lib/components/Button.svelte';
import Modal from '$lib/components/Modal/Modal.svelte';
import ModalTitle from '$lib/components/Modal/ModalTitle.svelte';
import ModalContent from '$lib/components/Modal/ModalContent.svelte';
import ModalFooter from '$lib/components/Modal/ModalFooter.svelte';
import Exclamation from '$lib/icons/Exclamation.svelte';
export let form;
let open = false;
$: open = form?.success ?? false;
</script>
<div class="mx-auto max-w-2xl">
<div class="flex flex-col items-center justify-center w-full">
<h1 class="text-xl">Neuer Vorgang</h1>
</div>
<form method="POST">
<div class="space-y-12">
<div class="border-b border-gray-900/10 pb-12">
<p class="mt-8 text-sm leading-6 text-gray-600">
This information will be displayed publicly so be careful what you share.
</p>
<div class="mt-10 grid grid-cols-1 gap-x-6 gap-y-8">
<div>
<label for="caseNumber" class="block text-sm font-medium leading-6 text-gray-900"
><span class="flex"
>{#if form?.error?.caseNumber}
<span class="inline-block mr-1"><Exclamation /></span>
{/if} Vorgangs-Nr.</span
></label
>
<div class="mt-2">
<div
class="flex rounded-md shadow-sm ring-1 ring-inset ring-gray-300 focus-within:ring-2 focus-within:ring-inset focus-within:ring-indigo-600"
>
<input
value={form?.caseNumber ?? ''}
type="text"
name="caseNumber"
id="caseNumber"
class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 text-sm leading-6"
/>
</div>
</div>
{#if form?.error?.caseNumber}
<p class="block text-sm leading-6 text-red-900 mt-2">{form.error.caseNumber}</p>
{/if}
</div>
<div>
<label for="description" class="block text-sm font-medium leading-6 text-gray-900"
><span class="flex"
>{#if form?.description}
<span class="inline-block mr-1"><Exclamation /></span>
{/if} Beschreibung</span
></label
>
<div class="mt-2">
<textarea
value={form?.description?.toString() ?? ''}
id="description"
name="description"
rows="3"
class="block w-full rounded-md border-0 py-1.5 text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 placeholder:text-gray-400 focus:ring-2 focus:ring-inset focus:ring-indigo-600 sm:text-sm sm:leading-6"
></textarea>
</div>
{#if form?.error}
<p class="block text-sm leading-6 text-red-900 mt-2">{form.description}</p>
{/if}
</div>
<label for="code">
<span >Zugangscode (optional) </span>
</label>
<div class="mt-2">
<div
>
<input
type="text"
id="code"
/>
</div>
</div>
</div>
</div>
<div class="mt-6 flex items-center justify-end gap-x-6">
<button type="button" class="text-sm font-semibold leading-6 text-gray-900">Cancel</button>
<Button
type="submit"
class="rounded-md bg-indigo-600 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-indigo-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600"
>Save</Button
>
</div>
</div>
</form>
<Modal {open}
><ModalTitle>vorgang anlegen</ModalTitle><ModalContent>
{#if form?.success}
<Alert class="w-full">Vorgang erfolgreich angelegt</Alert>
{:else}
<Alert class="w-full" type="error">Fehler beim Upload</Alert>
{/if}
</ModalContent>
<ModalFooter><Button on:click={() => (open = false)}>Ok</Button></ModalFooter>
</Modal>
</div>

74
src/routes/(angemeldet)/upload/+page.server.ts
View File

@@ -1,7 +1,8 @@
import { Buffer } from 'buffer';
import { Readable } from 'stream';
import { client } from '$lib/minio';
import { fail } from '@sveltejs/kit';
import { BUCKET, client } from '$lib/minio';
import { fail, error } from '@sveltejs/kit';
import { getVorgangByName } from '$lib/server/vorgangService';
const isRequiredFieldValid = (value: unknown) => {
if (value == null) return false;
@@ -9,88 +10,78 @@ const isRequiredFieldValid = (value: unknown) => {
if (typeof value === 'string' || value instanceof String) return value.trim() !== '';
return true;
}
};
export const actions = {
url: async ({ request }: {request: Request}) => {
url: async ({ request }: { request: Request }) => {
const data = await request.formData();
const vorgang = data.get('vorgang');
const name = data.get('name');
const type = data.get('type');
const code = data.get('zugangscode');
const fileName = data.get('fileName');
const vorgangName: string | null = data.get('vorgang') as string;
const crimeName: string | null = data.get('name') as string;
const type: string | null = data.get('type') as string;
const fileName: string | null = data.get('fileName') as string;
let objectName = `${vorgang}/${name}`;
let vorgangToken;
const vorgang = getVorgangByName(vorgangName);
vorgangToken = vorgang.token;
let objectName = `${vorgangToken}/${crimeName}`;
switch (type) {
case 'image/png':
if (!objectName.endsWith('.png')) objectName += '.png';
break;
case '':
if (fileName?.toString().endsWith('.glb') && !objectName.endsWith('.glb')) objectName += '.glb';
if (fileName?.toString().endsWith('.glb') && !objectName.endsWith('.glb'))
objectName += '.glb';
}
const url = await client.presignedPutObject('tatort', objectName);
// store code in S3
// tatort/<vorgang>/__perm__
const code_filename = '__perm__';
const buf = Buffer.from(code, 'utf-8');
const code_stream = Readable.from(buf);
const code_path = `${vorgang}/${code_filename}`;
await client.putObject('tatort', code_path, code_stream);
const url = await client.presignedPutObject(BUCKET, objectName);
return { url };
},
validate: async ({ request }: {request: Request}) => {
validate: async ({ request }: { request: Request }) => {
const requestData = await request.formData();
const data = Object.fromEntries(requestData);
const vorgang = data.vorgang;
const name = data.name;
const zugangscode = data.zugangscode;
let success = true;
const err = {};
if (isRequiredFieldValid(vorgang)) err.vorgang = null;
else {
if (isRequiredFieldValid(vorgang)) {
err.vorgang = null;
} else {
err.vorgang = 'Das Feld Vorgang darf nicht leer bleiben.';
success = false;
}
if (isRequiredFieldValid(name)) err.name = null;
else {
if (isRequiredFieldValid(name)) {
err.name = null;
} else {
err.name = 'Das Feld Name darf nicht leer bleiben.';
success = false;
}
if (isRequiredFieldValid(zugangscode)) err.zugangscode = null;
else {
err.zugangscode = 'Das Feld Zugangscode darf nicht leer bleiben.';
success = false;
}
if (success) return { success };
return fail(400, err);
},
upload: async ({ request }: {request: Request}) => {
upload: async ({ request }: { request: Request }) => {
const requestData = await request.formData();
const data = Object.fromEntries(requestData);
const vorgang = data.vorgang;
const name = data.name;
const url = await client.presignedPutObject('tatort', `${vorgang}/${name}`, 60);
const url = await client.presignedPutObject(BUCKET, `${vorgang}/${name}`, 60);
return { url };
},
upload3: async ({ request }: {request: Request}) => {
upload3: async ({ request }: { request: Request }) => {
const requestData = await request.formData();
const data = Object.fromEntries(requestData);
const name = data.name;
const stream = data.file.stream();
const metaData = { 'Content-Type': 'model-gtlf-binary', 'X-VorgangsNr': '4711' };
const result = new Promise((resolve, reject) => {
client.putObject('tatort', name, Readable.from(stream), metaData, function (err, etag) {
client.putObject(BUCKET, name, Readable.from(stream), metaData, function (err, etag) {
if (err) return reject(err);
resolve(etag);
});
@@ -107,3 +98,10 @@ export const actions = {
return { etag, error };
}
};
export const load: PageServerLoad = async (event) => {
if (!event.locals.user) {
error(404, 'Not found')
}
};

139
src/routes/(angemeldet)/upload/+page.svelte
View File

@@ -9,26 +9,27 @@
import shortenFileSize from '$lib/helper/shortenFileSize.js';
import Exclamation from '$lib/icons/Exclamation.svelte';
import FileRect from '$lib/icons/File-rect.svelte';
import { API_ROUTES, ROUTE_NAMES } from '../../index.js';
export let form;
let open = false;
let inProgress = false;
let vorgang = '';
const code_len = 8;
const PINLength = 8;
function generate_token() {
function generatePIN() {
return Math.random()
.toString(36)
.slice(2, 2 + code_len);
.toString(36)
.slice(2, 2 + PINLength);
}
let zugangscode = ''
let zugangscode_old = ''
$: zugangscode_old = generate_token();
$: zugangscode = zugangscode_old
let vorgangPIN = '';
let vorgangPINOld = '';
$: vorgangPINOld = generatePIN();
$: vorgangPIN = vorgangPINOld;
let case_existing = undefined;
$: case_existing = false;
let vorgangExists = undefined;
$: vorgangExists = false;
let name = '';
let etag: string | null = null;
@@ -36,14 +37,14 @@
$: inProgress = form === null;
let formErrors: Record<string,any> | null;
let formErrors: Record<string, any> | null;
async function validateForm() {
let data = new FormData();
data.append('vorgang', vorgang);
data.append('name', name);
data.append('zugangscode', zugangscode);
const response = await fetch('?/validate', { method: 'POST', body: data });
data.append('vorgangPIN', vorgangPIN);
const response = await fetch(ROUTE_NAMES.UPLOAD_VALIDATE, { method: 'POST', body: data });
/** @type {import('@sveltejs/kit').ActionResult} */
const result = deserialize(await response.text());
@@ -64,7 +65,6 @@
formErrors = { file: 'Keine gültige .GLD-Datei', ...formErrors };
success = false;
}
return success;
}
@@ -72,12 +72,12 @@
let data = new FormData();
data.append('vorgang', vorgang);
data.append('name', name);
data.append('zugangscode', zugangscode);
data.append('vorgangPIN', vorgangPIN);
if (files?.length === 1) {
data.append('type', files[0].type);
data.append('fileName', files[0].name);
}
const response = await fetch('?/url', { method: 'POST', body: data });
const response = await fetch(ROUTE_NAMES.UPLOAD_URL, { method: 'POST', body: data });
/** @type {import('@sveltejs/kit').ActionResult} */
const result = deserialize(await response.text());
if (result.type === 'success') return result.data?.url;
@@ -140,6 +140,7 @@
// big endian!
let file = files[0];
let file_header = file.slice(0, 4);
console.log(file_header);
let header_bytes = await file_header.bytes();
let file_header_hex = '0x' + header_bytes.toHex().toString();
@@ -151,45 +152,41 @@
return true;
}
// `/(angemeldet)/view` return true or false
async function case_exists(case_no) {
if (case_no == '') {
zugangscode = zugangscode_old;
async function checkVorgangExists(vorgangName: string) {
if (vorgangName == '') {
vorgangPIN = vorgangPINOld;
return;
}
// ping `/view` with caseNumber in POST body
let url = '/view';
try {
// `HEAD` method
const url = API_ROUTES.VORGANG_NAME_EXIST(vorgangName);
const response = await fetch(url, { method: 'HEAD' });
let data = new FormData();
data.append('caseNumber', case_no);
// fetch code in parallel
const code = await get_code(case_no);
if (code != -1) {
zugangscode = code;
case_existing = true;
return true
if (response.status === 200) {
console.log('Vorgang existiert:', vorgangName);
vorgangExists = true;
const token = await getVorgangPIN(vorgangName);
vorgangPIN = token;
return true;
} else {
console.log('Vorgang existiert nicht!');
vorgangExists = false;
vorgangPIN = vorgangPINOld;
return false;
}
} catch (err) {
console.error('Fehler bei checkVorgangExists:', err);
vorgangExists = false;
vorgangPIN = vorgangPINOld;
return false;
}
const response = await fetch(url, { method: 'POST', body: data });
const res_json = await response.json();
const status = res_json.status;
if (status != 303) {
case_existing = false;
zugangscode = zugangscode_old;
}
return false;
}
async function get_code(case_no) {
async function getVorgangPIN(vorgangName: string) {
if (vorgangName == '') return;
if (case_no == '') return;
let url = `/api/list/${case_no}/code`;
let url = API_ROUTES.VORGANG_PIN(vorgangName);
const response = await fetch(url);
if (response.status == 200) {
@@ -198,7 +195,6 @@
return -1;
}
}
</script>
<div class="mx-auto max-w-2xl">
@@ -219,7 +215,7 @@
><span class="flex"
>{#if formErrors?.vorgang}
<span class="inline-block mr-1"><Exclamation /></span>
{/if} Vorgang</span
{/if} Vorgangsname</span
></label
>
<div class="mt-2">
@@ -233,14 +229,14 @@
id="vorgang"
autocomplete={vorgang}
class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6"
on:input={() => case_exists(vorgang)}
on:input={() => checkVorgangExists(vorgang)}
/>
</div>
</div>
{#if formErrors?.vorgang}
<p class="block text-sm leading-6 text-red-900 mt-2">{formErrors.vorgang}</p>
{/if}
{#if case_existing && vorgang.length > 0}
{#if vorgangExists && vorgang.length > 0}
<span>Datei wird zum existierenden Vorgang hinzugefügt.</span>
{:else if vorgang.length > 0}
<span>Neuer Vorgang wird angelegt.</span>
@@ -249,10 +245,10 @@
<div>
<label for="name" class="block text-sm font-medium leading-6 text-gray-900"
><span class="flex"
>{#if formErrors?.name}
><span class="flex"
>{#if formErrors?.name}
<span class="inline-block mr-1"><Exclamation /></span>
{/if} Name</span
{/if} Modellname</span
></label
>
<div class="mt-2">
@@ -275,11 +271,11 @@
</div>
<div>
<label for="zugangscode" class="block text-sm font-medium leading-6 text-gray-900"
<label for="vorgang-pin" class="block text-sm font-medium leading-6 text-gray-900"
><span class="flex"
>{#if formErrors?.zugangscode}
>{#if formErrors?.vorgangPIN}
<span class="inline-block mr-1"><Exclamation /></span>
{/if} Zugangscode</span
{/if} Zugangs-PIN</span
></label
>
<div class="mt-2">
@@ -287,25 +283,28 @@
class="flex rounded-md shadow-sm ring-1 ring-inset ring-gray-300 focus-within:ring-2 focus-within:ring-inset focus-within:ring-indigo-600"
>
<input
bind:value={zugangscode}
bind:value={vorgangPIN}
type="text"
name="zugangscode"
id="zugangscode"
on:input="{ (ev) => { zugangscode_old = ev.target.value }}"
name="vorgang-pin"
id="vorgang-pin"
on:input={(ev) => {
vorgangPINOld = ev.target.value;
}}
class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6"
/>
</div>
<button
class="rounded-md bg-blue-500 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-indigo-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600"
on:click="{() => {
zugangscode = zugangscode_old = generate_token(); }}"
type="button">
Generiere Zugangscode
class="rounded-md bg-blue-500 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-indigo-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600"
on:click={() => {
vorgangPIN = vorgangPINOld = generatePIN();
}}
type="button"
>
Generiere Zugangs-PIN
</button>
</div>
{#if formErrors?.code}
<p class="block text-sm leading-6 text-red-900 mt-2">{formErrors.code}</p>
{#if formErrors?.vorgangPIN}
<p class="block text-sm leading-6 text-red-900 mt-2">{formErrors.vorgangPIN}</p>
{/if}
</div>

8
src/routes/(angemeldet)/user-management/+page.server.ts Normal file
View File

@@ -0,0 +1,8 @@
import type { PageServerLoad } from '../../(token-based)/view/$types';
import { error } from '@sveltejs/kit';
export const load: PageServerLoad = async (event) => {
if (!event.locals.user) {
error(404, 'Not Found')
}
};

211
src/routes/(angemeldet)/user-management/+page.svelte Normal file
View File

@@ -0,0 +1,211 @@
<script lang="ts">
import { onMount } from 'svelte';
import Button from '$lib/components/Button.svelte';
import { API_ROUTES } from '../../index.js';
const { data } = $props();
let userName = $state('');
let userPassword = $state('');
let userList: { userId: string; userName: string }[] = $state([]);
let addUserError = $state(false);
let addUserSuccess = $state(false);
const currentUser: string = data.user.id;
onMount(async () => {
try {
userList = await getUsers();
} catch (error) {
console.log(`An error occured while retrieving users: ${error}`);
}
});
async function getUsers() {
const URL = API_ROUTES.USERS;
try {
const response = await fetch(URL);
return await response.json();
} catch (error) {
console.log(`Error fetching users: ${error}`);
return null;
}
}
async function addUser() {
if (userName == '') {
alert('Der Benutzername darf nicht leer sein.');
return;
}
if (userPassword == '') {
alert('Das Passwort darf nicht leer sein.');
return;
}
const URL = API_ROUTES.USERS;
const userData = { userName: userName, userPassword: userPassword };
try {
const response = await fetch(URL, {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(userData)
});
if (response.ok) {
const newUser = await response.json();
userList = [...userList, newUser];
addUserSuccess = true;
resetInput();
} else {
addUserError = true;
}
} catch (error) {
console.log(`Error creating user: ${error}`);
addUserError = true;
}
}
function resetInput() {
userName = '';
userPassword = '';
addUserError = false;
setInterval(() => {
addUserSuccess = false;
}, 5000);
}
async function deleteUser(userId: string) {
const URL = API_ROUTES.USER(userId);
try {
const response = await fetch(URL, {
method: 'DELETE',
headers: {
'Content-Type': 'application/json'
}
});
if (response.status == 204) {
userList = await getUsers();
} else {
alert('Nutzer konnte nicht gelöscht werden');
}
} catch (error) {
console.log(`Error deleting users: ${error}`);
}
}
</script>
<h1 class="flex justify-center text-3xl md:text-4xl font-bold text-gray-800 dark:text-white tracking-tight mb-4">
Benutzerverwaltung
</h1>
<h1 class="flex justify-center text-lg md:text-xl font-medium text-gray-800 dark:text-white tracking-tight mb-2">
Benutzerliste
</h1>
<div class="w-1/4 mx-auto">
<table class="min-w-full border border-gray-300 rounded overflow-hidden">
<thead class="bg-gray-100 dark:bg-gray-700">
<tr>
<th class="text-left px-4 py-2">Benutzername</th>
<th class="text-center px-4 py-2">Entfernen</th>
</tr>
</thead>
<tbody>
{#each userList as userItem}
<tr class="border-t border-gray-200 dark:border-gray-600">
<td class="px-4 py-2 text-gray-800 dark:text-white">{userItem.userName}</td>
<td class="px-4 py-2 text-center">
<button
class="text-red-600 hover:text-red-800 focus:outline-none focus:ring-2 focus:ring-red-500 rounded-full p-1 transition"
on:click={() => deleteUser(userItem.userId)}
aria-label="Delete user"
>
{#if (userItem.userName != currentUser)}
<svg xmlns="http://www.w3.org/2000/svg" class="h-4 w-4" fill="none" viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M6 18L18 6M6 6l12 12" />
</svg>
{/if}
</button>
</td>
</tr>
{/each}
</tbody>
</table>
</div>
<h1 style="margin-top: 50px;"
class="flex justify-center text-lg md:text-xl font-medium text-gray-800 dark:text-white tracking-tight mb-2">
Neuer Nutzer
</h1>
<div class="mx-auto flex justify-center">
<form>
<div class="form-group">
<label for="username">Benutzername</label>
<input bind:value={userName} type="text" id="username" placeholder="Namen eingeben" />
</div>
<div class="form-group">
<label for="password">Passwort</label>
<input bind:value={userPassword} type="password" id="password" placeholder="Passwort vergeben" />
</div>
</form>
</div>
<div class="mx-auto flex flex-col items-center space-y-4" style="margin-top: 20px;">
{#if addUserError}
<div class="flex items-center bg-yellow-100 border-l-4 border-yellow-500 text-yellow-700 p-4 rounded shadow-sm"
role="alert">
<svg class="h-5 w-5 mr-3 text-yellow-500" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M12 9v2m0 4h.01M12 5a7 7 0 100 14 7 7 0 000-14z" />
</svg>
<span class="text-sm font-medium">Der Benutzer konnte nicht hinzugefügt werden.</span>
</div>
{/if}
{#if addUserSuccess}
<div class="flex items-center bg-yellow-100 border-l-4 border-yellow-500 text-yellow-700 p-4 rounded shadow-sm"
role="alert">
<svg class="h-5 w-5 mr-3 text-yellow-500" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24"
stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M12 9v2m0 4h.01M12 5a7 7 0 100 14 7 7 0 000-14z" />
</svg>
<span class="text-sm font-medium">Der Benutzer wurde hinzugefügt.</span>
</div>
{/if}
<Button on:click={addUser}>Benutzer hinzufügen</Button>
</div>
<style>
.form-group {
display: flex;
flex-direction: column;
margin-bottom: 15px;
}
label {
margin-bottom: 5px;
font-weight: bold;
}
input[type="text"],
input[type="password"] {
padding: 8px;
font-size: 16px;
border: 1px solid #ccc;
border-radius: 4px;
}
</style>

22
src/routes/(token-based)/+layout.server.ts
View File

@@ -1,10 +1,22 @@
import { type ServerLoadEvent } from '@sveltejs/kit';
import type { PageServerLoad } from '../anmeldung/$types';
import { vorgangPINValidation, vorgangExists } from '$lib/server/vorgangService';
import { redirect } from '@sveltejs/kit';
import type { LayoutServerLoad } from './$types';
import { ROUTE_NAMES } from '..';
export const load: PageServerLoad = (event: ServerLoadEvent) => {
if (event.locals.user) {
export const load: LayoutServerLoad = async ({ params, cookies, locals }) => {
if (locals.user) {
return {
user: event.locals.user
user: locals.user
};
}
const vorgangToken = params.vorgang ?? '';
const COOKIE_NAME = `token-${vorgangToken}`;
const vorgangPIN = cookies.get(COOKIE_NAME) ?? '';
const isVorgangValid = vorgangExists(vorgangToken);
const isVorgangPINValid = vorgangPINValidation(vorgangToken, vorgangPIN);
if (!isVorgangValid || !isVorgangPINValid)
throw redirect(303, ROUTE_NAMES.ANMELDUNG_VORGANG_PARAM(vorgangToken));
};

103
src/routes/(token-based)/list/+page.svelte
View File

@@ -1,103 +0,0 @@
<script lang="ts">
import { onMount } from 'svelte';
import Trash from '$lib/icons/Trash.svelte';
import Folder from '$lib/icons/Folder.svelte';
/**
* @type any[]
*/
let list: any[] = [];
//$: list;
onMount(async () => {
const response = await fetch('/api/list');
const stream = await response.body;
if (!stream) return;
const reader = stream.getReader();
while (true) {
const { done, value } = await reader.read();
if (done) return;
const objs = new TextDecoder()
.decode(value)
.split('\n')
.filter((i) => i.length > 0)
.map((i) => JSON.parse(i));
list = list.concat(objs);
}
});
async function delete_item(ev: Event) {
let delete_item = window.confirm('Bist du sicher?');
if (delete_item) {
const target = ev.currentTarget as HTMLElement | null;
if (!target) return;
let filename = target.id.split('del__')[1];
// delete request
// --------------
let url = `/api/list/${filename}`;
try {
const response = await fetch(url, { method: 'DELETE' });
if (response.status == 204) {
setTimeout(() => {
window.location.reload();
}, 500);
}
} catch (error) {
if (error instanceof Error) {
console.log(error.message);
} else {
console.log(error);
}
}
}
}
</script>
<div class="-z-10 bg-white">
<div class="flex flex-col items-center justify-center w-full">
<h1 class="text-xl">Liste der Vorgänge</h1>
</div>
<div class="mx-auto flex justify-center max-w-7xl h-full">
<ul role="list" class="divide-y divide-gray-100">
{#each list as item}
<li>
<a href="/list/{item.name}" class="flex justify-between gap-x-6 py-5">
<div class="flex gap-x-4">
<!-- Ordner -->
<Folder />
<div class="min-w-0 flex-auto">
<span class="text-sm font-semibold leading-6 text-gray-900">{item.name}</span>
<!-- Delete button -->
<button
style="padding: 2px"
id="del__{item.name}"
on:click|preventDefault={delete_item}
aria-label="Vorgang {item.name} löschen"
>
<Trash />
</button>
</div>
</div>
<div class="hidden sm:flex sm:flex-col sm:items-end">
<p class="text-sm leading-6 text-gray-900">Vorgang</p>
</div>
</a>
</li>
{/each}
</ul>
</div>
</div>
<style>
ul {
min-width: 24rem;
}
</style>

23
src/routes/(token-based)/list/[vorgang]/+page.server.ts Normal file
View File

@@ -0,0 +1,23 @@
import { getCrimesListByToken, getVorgaenge } from '$lib/server/vorgangService.js';
import type { PageServerLoad } from './$types';
export const load: PageServerLoad = async ({ params, url }) => {
const vorgangList = getVorgaenge();
const vorgangToken = params.vorgang;
const crimesList = await getCrimesListByToken(vorgangToken);
const vorgang = vorgangList.find((v) => v.vorgangToken === vorgangToken); //vorgang sollte ein eigener Typ werden, und dann kann man es hier vernünftig typisieren
if (!vorgang || !crimesList) {
throw new Error(`Fehlgeschlagen, es wurden keine Daten zum token gefunden`);
}
//Variabeln für NameItemEditor
const crimeNames: string[] = crimesList.map((l) => l.name);
return {
vorgang,
vorgangList,
crimesList,
url,
crimeNames
};
}

684
src/routes/(token-based)/list/[vorgang]/+page.svelte
View File

@@ -1,10 +1,8 @@
<script lang="ts">
import { onMount } from 'svelte';
import shortenFileSize from '$lib/helper/shortenFileSize';
import { page } from '$app/stores';
import timeElapsed from '$lib/helper/timeElapsed';
import { deserialize } from '$app/forms';
import ExpandableForm from '$lib/components/ExpandableForm.svelte';
import Alert from '$lib/components/Alert.svelte';
import Button from '$lib/components/Button.svelte';
import Modal from '$lib/components/Modal/Modal.svelte';
@@ -12,299 +10,467 @@
import ModalContent from '$lib/components/Modal/ModalContent.svelte';
import ModalFooter from '$lib/components/Modal/ModalFooter.svelte';
import Cube from '$lib/icons/Cube.svelte';
import Edit from '$lib/icons/Edit.svelte';
import Trash from '$lib/icons/Trash.svelte';
import { invalidateAll } from '$app/navigation';
import NameItemEditor from '$lib/components/NameItemEditor.svelte';
import EmptyList from '$lib/components/EmptyList.svelte';
import FileRect from '$lib/icons/File-rect.svelte';
import Exclamation from '$lib/icons/Exclamation.svelte';
import { API_ROUTES, ROUTE_NAMES } from '../../../index.js';
/** export let data; */
/** @type {import('./$types').PageData} */
export let data;
//Seite für die Tatort-Liste
let { data, form } = $props();
interface ListItem {
//sollte Typ Vorgang sein, aber der einfachheit ist es noch ListItem, damit die Komponente NameItemEditor für Vorgang und Tatort eingesetzt werden kann
name: string;
size: number;
lastModified: string | number | Date;
show_button?: boolean;
prefix?: string;
// add other properties as needed
}
let list: ListItem[] = [];
$: list;
let crimesList = $state<ListItem[]>(data.crimesList);
let vorgangName: string = data.vorgang.vorgangName;
const vorgangPIN: string = data.vorgang.vorgangPIN;
let vorgangToken: string = data.vorgang.vorgangToken;
let isEmptyList = $derived(crimesList.length === 0);
let open = false;
$: open;
let inProgress = false;
$: inProgress;
let err = false;
$: err;
// File Upload Variablen
let name = $state('');
let formErrors: Record<string, any> | null = $state(null);
let etag: string | null = $state(null);
let files: FileList | null = $state(null);
let rename_input;
$: rename_input;
// Model Variablen für Upload
let openUL = $state(false);
let inProgressUL = $state(form === null);
onMount(async () => {
const response = await fetch('/api/list/' + $page.params.vorgang);
const stream = response.body;
if (!stream) return;
async function buttonClick(event: MouseEvent) {
if (!(await validateForm())) {
event.preventDefault();
return;
}
const url = await getUrl();
openUL = true;
inProgressUL = true;
const reader = stream.getReader();
while (true) {
const { done, value } = await reader.read();
if (done) return;
const objs = new TextDecoder()
.decode(value)
.split('\n')
.filter((i) => i.length > 0)
.map((i) => JSON.parse(i));
list = list.concat(objs);
list = list.map((item) => {
item.show_button = true;
return item;
fetch(url, { method: 'PUT', body: files[0] })
.then((response) => {
inProgressUL = false;
etag = '123';
})
.catch((err) => {
inProgressUL = false;
etag = null;
console.log('ERROR', err);
});
}
});
function uploadSuccessful() {
open = false;
}
function defocus_element(i: number) {
let item = list[i];
let text_field_id = `label__${item.name}`;
async function validateForm() {
let data = new FormData();
data.append('vorgang', vorgangName);
data.append('name', name);
const response = await fetch(ROUTE_NAMES.UPLOAD_VALIDATE, { method: 'POST', body: data });
const result = deserialize(await response.text());
let text_field = document.getElementById(text_field_id);
if (text_field) {
text_field.setAttribute('contenteditable', 'false');
text_field.textContent = item.name;
let success = true;
if (result.type === 'success') {
formErrors = null;
} else {
if (result.type === 'failure' && result.data) formErrors = result.data;
success = false;
}
// reshow button
list[i].show_button = true;
return;
if (!files?.length) {
formErrors = { file: 'Sie haben keine Datei ausgewählt.', ...formErrors };
success = false;
}
if (!(await check_valid_glb_file())) {
formErrors = { file: 'Keine gültige .GLD-Datei', ...formErrors };
success = false;
}
return success;
}
async function handle_input(ev: KeyboardEvent, i: number) {
let item = list[i];
if (ev.key == 'Escape') {
let text_field_id = `label__${item.name}`;
async function uploadSuccessful() {
openUL = false;
name = '';
files = null;
await invalidateAll();
crimesList = data.crimesList;
}
let text_field = document.getElementById(text_field_id);
if (text_field) {
text_field.setAttribute('contenteditable', 'false');
text_field.textContent = item.name;
}
// `val` is hex string
function swap_endian(val) {
// from https://www.geeksforgeeks.org/bit-manipulation-swap-endianness-of-a-number/
// reshow button
item.show_button = true;
return;
let leftmost_byte = (val & eval(0x000000ff)) >> 0;
let left_middle_byte = (val & eval(0x0000ff00)) >> 8;
let right_middle_byte = (val & eval(0x00ff0000)) >> 16;
let rightmost_byte = (val & eval(0xff000000)) >> 24;
leftmost_byte <<= 24;
left_middle_byte <<= 16;
right_middle_byte <<= 8;
rightmost_byte <<= 0;
let res = leftmost_byte | left_middle_byte | right_middle_byte | rightmost_byte;
return res;
}
async function check_valid_glb_file() {
// GLD Header, magic value 0x46546C67, identifies data as binary glTF, 4 bytes
// little endian!
const GLD_MAGIC = 0x46546c67;
// big endian!
let file = files[0];
let file_header = file.slice(0, 4);
console.log(file_header);
let header_bytes = await file_header.bytes();
let file_header_hex = '0x' + header_bytes.toHex().toString();
if (GLD_MAGIC == swap_endian(file_header_hex)) {
return true;
} else {
return false;
}
if (ev.key == 'Enter') {
let name_field = ev.currentTarget as HTMLElement | null;
let new_name = name_field
? name_field.textContent || (name_field as any).innerText || ''
: '';
return true;
}
if (new_name == '') {
alert('Bitte einen gültigen Namen eingeben.');
ev.preventDefault();
return;
async function getUrl() {
let data = new FormData();
data.append('vorgang', vorgangName);
data.append('name', name);
if (files?.length === 1) {
data.append('type', files[0].type);
data.append('fileName', files[0].name);
}
const response = await fetch(ROUTE_NAMES.UPLOAD_URL, { method: 'POST', body: data });
const result = deserialize(await response.text());
if (result.type === 'success') return result.data?.url;
return null;
}
//Variablen für Modal
let open = $state(false);
let inProgress = $state(false);
let isError = $state(false);
let admin = data?.user?.admin;
async function handleSave(newName: string, oldName: string) {
open = true;
inProgress = true;
isError = false;
try {
const res = await fetch(API_ROUTES.CRIME(vorgangToken, oldName), {
method: 'PUT',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({ vorgangToken, oldName, newName })
});
if (!res.ok) {
throw new Error('Fehler beim Speichern');
}
// actual upload
// -------------
// to prevent from item being selected
ev.preventDefault();
// construct PUT URL
const url = $page.url;
console.log(url);
let data_obj: { new_name: string; old_name: string } = { new_name: '', old_name: '' };
data_obj['new_name'] = new_name;
data_obj['old_name'] =
ev.currentTarget && (ev.currentTarget as HTMLElement).id
? (ev.currentTarget as HTMLElement).id.split('__')[1]
: '';
open = true;
inProgress = true;
const response = await fetch(url, { method: 'PUT', body: JSON.stringify(data_obj) });
await invalidateAll();
crimesList = data.crimesList;
open = false;
} catch (err) {
console.error('⚠️ Netzwerkfehler beim Speichern', err);
isError = true;
} finally {
inProgress = false;
if (!response.ok) {
err = true;
if (response.status == 400) {
let json_res = await response.json();
return;
}
throw new Error(`Fehlgeschlagen: ${response.status}`);
} else {
uploadSuccessful();
setTimeout(() => {
window.location.reload();
}, 500);
}
// --- upload finished ---
return;
}
}
async function savePIN(newVorgangPIN: string, oldVorgangPIN: string) {
open = true;
inProgress = true;
isError = false;
try {
const res = await fetch(API_ROUTES.VORGANG(vorgangToken), {
method: 'PUT',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({ vorgangToken, oldVorgangPIN, newVorgangPIN,
changePIN: true})
});
if (!res.ok) {
throw new Error('Fehler beim Speichern');
}
await invalidateAll();
crimesList = data.crimesList;
open = false;
} catch (err) {
console.error('⚠️ Netzwerkfehler beim Speichern', err);
isError = true;
} finally {
inProgress = false;
}
}
async function handleDelete(tatort: string) {
open = true;
inProgress = true;
isError = false;
let path = API_ROUTES.CRIME(vorgangToken, tatort)
try {
const res = await fetch(path, {
method: 'DELETE',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({ vorgangToken, tatort })
});
if (!res.ok) {
throw new Error('Fehler beim Löschen');
}
crimesList = crimesList.filter((i) => i.name !== tatort);
await invalidateAll();
console.log('🗑️ Erfolgreich gelöscht:', path);
open = false;
} catch (err) {
console.error('⚠️ Netzwerkfehler beim Speichern', err);
isError = true;
} finally {
inProgress = false;
}
}
function constructMailToLink() {
const subject = 'Link zum Tatvorgang';
const link = data.url.origin + data.url.pathname;
const body = `Hallo,
hier ist der Link zum Tatvorgang:
${link}
Der Zugangs-PIN wird zur Sicherheit über einen zweiten Kommunikationskanal übermittelt.
Mit freundlichen Grüßen,
`;
const mailtoLink = `mailto:?subject=${encodeURIComponent(subject)}&body=${encodeURIComponent(body)}`;
return mailtoLink;
}
function closeModal() {
open = false;
isError = false;
}
</script>
<div class="-z-10 bg-white">
<div class="flex flex-col items-center justify-center w-full">
<h1 class="text-xl">Vorgang {$page.params.vorgang}</h1>
</div>
<div class="mx-auto flex justify-center max-w-7xl h-full">
<ul class="divide-y divide-gray-100">
{#each list as item, i}
<li>
<a
href="/view/{$page.params.vorgang}/{item.name}"
class=" flex justify-between gap-x-6 py-5"
aria-label="zum 3D-modell"
{#if data.vorgang && crimesList}
<div class="-z-10 bg-white">
<div class="flex flex-col items-center justify-center w-full">
<h1 class="text-xl">{vorgangName}</h1>
{#if admin}
<div class="flex items-center gap-2">
Zugangs-PIN:
<NameItemEditor
list={[]}
currentName={vorgangPIN}
onSave={savePIN}
onDelete={null}
/>
</div>
<a class="pt-2 pb-6" href={constructMailToLink()}
><Button disabled={isEmptyList}>Share Link</Button></a
>
{/if}
</div>
<div class="mx-auto flex justify-center max-w-7xl h-full">
<ul class="divide-y divide-gray-100">
{#if isEmptyList}
<EmptyList></EmptyList>
{:else}
{#each crimesList as item (item.name)}
<li
data-testid="test-list-item"
class="flex items-center justify-between gap-6 py-4 px-2 hover:bg-gray-50 rounded-lg transition"
>
<div class=" flex gap-x-4">
<Cube />
<div class="min-w-0 flex-auto">
{#if data?.user?.admin}
<span
id="label__{item.name}"
class="text-sm font-semibold leading-6 text-gray-900 inline-block min-w-1"
contenteditable={!item.show_button}
role="textbox"
tabindex="0"
aria-label="Dateiname bearbeiten"
on:focusout={() => {
defocus_element(i);
}}
on:keydown|stopPropagation={// event needed to identify ID
// TO-DO: check if event is needed or if index is sufficient
async (ev) => {
handle_input(ev, i);
}}>{item.name}</span
>
<div class="flex items-center gap-4 flex-1">
<a
data-testid="crime-link"
href="{ROUTE_NAMES.CRIME(vorgangToken, item.name, vorgangPIN)}"
class="flex items-center justify-center w-8 h-8 text-gray-600 hover:text-blue-600 transition"
aria-label="{ROUTE_NAMES.CRIME(vorgangToken, item.name, vorgangPIN)}"
title={item.name}
>
<Cube class="w-5 h-5" />
</a>
<!--<input
class="text-sm font-semibold leading-6 text-gray-900 inline-block min-w-1"
<div class="flex flex-col flex-1 min-w-0">
{#if admin}
<NameItemEditor
list={crimesList}
currentName={item.name}
onSave={handleSave}
onDelete={handleDelete}
/>
{:else}
<p
data-testid="test-nameItem-p"
class="text-sm font-semibold leading-6 text-gray-900 truncate"
>
{item.name}
</p>
{/if}
<!-- size left, last modified right -->
<div class="flex items-center justify-between mt-1 text-xs leading-5 text-gray-500">
{#if item.size}
<span>{shortenFileSize(item.size)}</span>
{:else}
<span></span>
{/if}
{#if item.lastModified}
<span>
Zuletzt geändert
<time datetime={item.lastModified}>
{timeElapsed(new Date(item.lastModified))}
</time>
</span>
{/if}
</div>
</div>
</div>
</li>
{/each}
{/if}
</ul>
</div>
{#if admin}
<div class="flex justify-center my-4">
<ExpandableForm>
<div class="mx-auto max-w-2xl">
<div class="flex flex-col items-center space-y-6">
<!-- Name Input -->
<div class="w-full max-w-md">
<label for="name" class="block text-sm font-medium leading-6 text-gray-900">
<span class="flex">
{#if formErrors?.name}
<span class="inline-block mr-1"><Exclamation /></span>
{/if} Modellname
</span>
</label>
<div class="mt-2">
<div
class="flex rounded-md shadow-sm ring-1 ring-inset ring-gray-300 focus-within:ring-2 focus-within:ring-inset focus-within:ring-indigo-600"
>
<input
bind:value={name}
type="text"
name=""
on:keydown|stopPropagation={// event needed to identify ID
// TO-DO: check if event is needed or if index is sufficient
async (ev) => {
handle_input(ev, i);
}}
bind:value={item.name}
id="label__{item.name}"
/>-->
<!-- disabled={item.show_button} -->
<!-- https://iconduck.com/icons/192863/edit-rename -->
{#if item.show_button}
<button
style="padding: 2px"
id="edit__{item.name}"
aria-label="Datei umbenennen"
on:click|preventDefault={(ev) => {
let text_field_id = `label__${item.name}`;
let text_field = document.getElementById(text_field_id);
if (text_field) {
text_field.setAttribute('contenteditable', 'true');
text_field.focus();
text_field.textContent = '';
}
// hide button
item.show_button = false;
}}
>
<Edit />
</button>
{/if}
<button
style="padding: 2px"
id="del__{item.name}"
on:click|preventDefault={async (ev) => {
let delete_item = window.confirm('Bist du sicher?');
if (delete_item) {
// bucket: tatort, name: <vorgang>/item-name
let vorgang = $page.params.vorgang;
let filename = '';
if (ev && ev.currentTarget && (ev.currentTarget as HTMLElement).id) {
filename = (ev.currentTarget as HTMLElement).id.split('del__')[1];
}
// delete request
// --------------
let url = new URL($page.url);
url.pathname += `/${filename}`;
console.log(`--- ${vorgang} + ${filename} + ${url}`);
try {
const response = await fetch(url, { method: 'DELETE' });
if (response.status == 204) {
setTimeout(() => {
window.location.reload();
}, 500);
}
} catch (error) {
if (error instanceof Error) {
console.log(error.message);
} else {
console.log(error);
}
}
}
}}
aria-label="Datei löschen"
>
<Trash />
</button>
{:else}
<span class="text-sm font-semibold leading-6 text-gray-900 inline-block min-w-1"
>{item.name}</span
>
{/if}
<p class="mt-1 truncate text-xs leading-5 text-gray-500">
{shortenFileSize(item.size)}
</p>
name="name"
id="name"
autocomplete={name}
class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6"
/>
</div>
</div>
<div class="hidden sm:flex sm:flex-col sm:items-end">
<p class="text-sm leading-6 text-gray-900">3D Tatort</p>
<p class="mt-1 text-xs leading-5 text-gray-500">
Zuletzt geändert <time datetime="2023-01-23T13:23Z"
>{timeElapsed(new Date(item.lastModified))}</time
>
</p>
</div>
</a>
</li>
{/each}
</ul>
</div>
{#if formErrors?.name}
<p class="block text-sm leading-6 text-red-900 mt-2">{formErrors.name}</p>
{/if}
</div>
<Modal {open}
><ModalTitle>Umbenennen</ModalTitle><ModalContent>
{#if inProgress}
<p class="py-2 mb-1">Vorgang läuft...</p>
{/if}
{#if err}
<Alert class="w-full" type="error">Fehler beim Umbenennen</Alert>
{/if}
</ModalContent>
<ModalFooter><Button disabled={inProgress} on:click={uploadSuccessful}>Ok</Button></ModalFooter>
</Modal>
</div>
<!-- File Upload -->
<div class="w-full max-w-md">
<label for="file" class="block text-sm font-medium leading-6 text-gray-900">
<span class="flex">
{#if formErrors?.file}
<span class="inline-block mr-1"><Exclamation /></span>
{/if} Datei
</span>
</label>
<div
class="mt-2 flex justify-center rounded-lg border border-dashed border-gray-900/25 px-6 py-10"
>
<div class="text-center">
<FileRect />
<div class="mt-4 flex text-sm leading-6 text-gray-600">
<label
for="file"
class="relative cursor-pointer rounded-md bg-white font-semibold text-indigo-600 focus-within:outline-none focus-within:ring-2 focus-within:ring-indigo-600 focus-within:ring-offset-2 hover:text-indigo-500"
>
<span>Wähle eine Datei aus</span>
<input id="file" bind:files name="file" type="file" class="sr-only" />
</label>
<p class="pl-1">oder ziehe sie ins Feld</p>
</div>
<p class="text-xs leading-5 text-gray-600">GLB Dateien bis zu 1GB</p>
{#if files?.length}
<div class="flex justify-center text-xs mt-2">
<p class="mx-2">Datei: <span class="font-bold">{files[0].name}</span></p>
<p class="mx-2">
Größe: <span class="font-bold">{shortenFileSize(files[0].size)}</span>
</p>
</div>
{/if}
</div>
</div>
{#if formErrors?.file}
<p class="block text-sm leading-6 text-red-900 mt-2">{formErrors.file}</p>
{/if}
</div>
<div class="mt-6 flex items-center justify-end gap-x-6">
<Button
on:click={buttonClick}
class="rounded-md bg-indigo-600 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-indigo-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600"
>
Hinzufügen
</Button>
</div>
</div>
</div>
</ExpandableForm>
</div>
{/if}
<Modal {open}
><ModalTitle>Umbenennen</ModalTitle><ModalContent>
{#if inProgress}
<p class="py-2 mb-1">Vorgang läuft...</p>
{:else if isError}
<Alert class="w-full" type="error">Fehler beim Umbenennen</Alert>
{:else}
<Alert class="w-full">Umbenennen erfolgreich</Alert>
{/if}
</ModalContent>
<ModalFooter><Button disabled={inProgress} on:click={closeModal}>Ok</Button></ModalFooter>
</Modal>
<Modal open={openUL}
><ModalTitle>Upload</ModalTitle><ModalContent>
{#if inProgressUL}
<p class="py-2 mb-1">Upload läuft...</p>
{:else if etag}
<Alert class="w-full">Upload erfolgreich</Alert>
{:else}
<Alert class="w-full" type="error">Fehler beim Upload</Alert>
{/if}
</ModalContent>
<ModalFooter
><Button disabled={inProgressUL} on:click={uploadSuccessful}>Ok</Button></ModalFooter
>
</Modal>
</div>
{/if}
<style>
ul {

35
src/routes/(token-based)/list/[vorgang]/+server.ts
View File

@@ -1,35 +0,0 @@
import { client } from '$lib/minio';
import { json } from '@sveltejs/kit';
// rename operation
export async function PUT({ request }: {request: Request}) {
const data = await request.json();
// Vorgang
const vorgang = request.url.split('/').at(-1);
// prepare copy, incl. check if new name exists already
const old_name = data["old_name"];
const src_full_path = `/tatort/${vorgang}/${old_name}`;
const new_name = `${vorgang}/${data["new_name"]}`;
try {
await client.statObject('tatort', new_name);
return json({ msg: 'Die Datei existiert bereits.' }, { status: 400 });
} catch (error) {
// continue operation
console.log(error, 'continue operation');
}
// actual copy operation
await client.copyObject('tatort', new_name, src_full_path)
// delete
await client.removeObject('tatort', `${vorgang}/${old_name}`)
// return success or failure
return json({ success: 'success' }, { status: 200 });
};

11
src/routes/(token-based)/list/[vorgang]/[tatort]/+server.ts
View File

@@ -1,11 +0,0 @@
import { BUCKET, client } from '$lib/minio';
export async function DELETE({ request }: { request: Request }) {
const url_fragments = request.url.split('/');
const item = url_fragments.at(-1);
const vorgang = url_fragments.at(-2);
await client.removeObject(BUCKET, `${vorgang}/${item}`);
return new Response(null, { status: 204 });
}

6
src/routes/(token-based)/view/+page.server.ts
View File

@@ -1,6 +0,0 @@
import { redirectIfVorgangExists } from '$lib/server/vorgangService';
/** @type {import('./$types').Actions} */
export const actions = {
default: async ({request}: {request: Request}) => redirectIfVorgangExists(request)
}

40
src/routes/(token-based)/view/+page.svelte
View File

@@ -1,40 +0,0 @@
<script lang="ts">
import BaseInputField from '$lib/components/BaseInputField.svelte';
import Button from '$lib/components/Button.svelte';
import ArrowRight from '$lib/icons/Arrow-right.svelte';
import Exclamation from '$lib/icons/Exclamation.svelte';
export let form;
</script>
<div class="mx-auto max-w-2xl">
<div class="flex flex-col items-center justify-center w-full">
<h1 class="text-xl">Vorgang ansehen</h1>
</div>
<p class="mt-8 mb-8 text-sm leading-6 text-gray-600">
Anhand der Vorgangsnummer werden Sie zu den Dateien des Vorgangs weitergeleitet und können sich
den Vorgang dann ansehen.
</p>
<form method="POST">
<BaseInputField
id="case-id"
name="case-id"
label="Vorgangskennung"
type="text"
value={form?.caseId}
/>
<div class="mt-5">
<BaseInputField
id="case-token"
name="case-token"
label="Zugangscode"
type="text"
value={form?.token}
error={form?.error?.message}
/>
</div>
<div class="flex justify-end pt-4">
<Button type="submit"><ArrowRight /></Button>
</div>
</form>
</div>

7
src/routes/(token-based)/view/[vorgang]/[tatort]/+page.server.ts
View File

@@ -1,9 +1,8 @@
import { client } from '$lib/minio';
import { BUCKET, client } from '$lib/minio';
import type { PageServerLoad } from './$types';
/** @type {import('./$types').PageServerLoad} */
export const load: PageServerLoad = async ({ params }) => {
const { vorgang, tatort } = params;
const url = await client.presignedUrl('GET', 'tatort', `${vorgang}/${tatort}`);
const url = await client.presignedUrl('GET', BUCKET, `${vorgang}/${tatort}`);
return { url };
}
};

65
src/routes/(token-based)/view/[vorgang]/[tatort]/+page.svelte
View File

@@ -2,6 +2,7 @@
import Panel from '$lib/components/Panel.svelte';
import { onMount } from 'svelte';
import Button from '$lib/components/Button.svelte';
import type { ModelViewerElement } from '@google/model-viewer';
export let data;
@@ -24,31 +25,32 @@
let yRotation = 0;
let zRotation = 0;
let modelViewer;
let modelViewer: ModelViewerElement | null = null;
$: style = `width: ${progress}%`;
const onProgress = ({ detail }) => {
const updateModelProgress = ({ detail }: { detail: { totalProgress: number } }) => {
progress = Math.ceil(detail.totalProgress * 100.0);
if (progress == 100) {
setTimeout(() => {
hideProgressScreen = true;
}, 250);
} else hideProgressScreen = false;
}
};
function onResetView() {
cameraAzimuth = 0;
cameraPolar = 0;
cameraZoom = 100;
modelViewer.cameraOrbit = cameraOrbit;
modelViewer.cameraTarget = cameraTarget;
modelViewer.fieldOfView = fieldOfView;
cameraAzimuth = 0;
cameraPolar = 0;
cameraZoom = 100;
fieldOfView = '10deg';
if (modelViewer) {
cameraAzimuth = 0;
cameraPolar = 0;
cameraZoom = 100;
modelViewer.cameraOrbit = cameraOrbit;
modelViewer.cameraTarget = cameraTarget;
modelViewer.fieldOfView = fieldOfView;
cameraAzimuth = 0;
cameraPolar = 0;
cameraZoom = 100;
fieldOfView = '10deg';
}
}
function updateCameraOrbit(azimuth: number, polar: number, zoom: number) {
@@ -58,10 +60,10 @@
}
</script>
<div class="h-full model w-full bg-neutral-200 p-4 transition-all delay-250">
<div class="h-full w-full bg-neutral-200 p-4 transition-all delay-250">
<!-- xr-environment -->
<model-viewer
ar
class="h-full w-full"
shadow-intensity="1"
src={data.url}
bind:this={modelViewer}
@@ -73,7 +75,7 @@
orientation={`${xRotation}deg ${yRotation}deg ${zRotation}deg`}
camera-target="0m 0m 0m"
camera-orbit={`${cameraAzimuth}deg ${cameraPolar}deg ${cameraZoom}%`}
on:progress={onProgress}
on:progress={updateModelProgress}
>
<!--Buttons zum Steuern-->
<div
@@ -81,18 +83,7 @@
class:opacity-0={!hideProgressScreen}
class:hidden={!hideProgressScreen}
>
<button slot="ar-button" id="ar-button"> 👋 Activate AR </button>
<div id="ar-prompt">AR-Prompt</div>
<button id="ar-failure"> AR is not tracking! </button>
<div class="flex flex-col bg-white/50">
<button
on:click={() => {
console.log(modelViewer.ar, modelViewer.getAttribute('ar-status'));
}}>Test</button
>
<!--3 Buttons-->
<div class="p-2">
<Button
@@ -184,22 +175,4 @@
</div>
<style>
model-viewer {
height: 100%;
width: 100%;
}
/* .vertical-slider {
writing-mode: bt-lr; /* Schreibt von unten nach oben (Vertikale Darstellung)
transform: rotate(270deg); /* Slider um 270° drehen
height: 200px;
} */
.model {
height: calc(100%-84px);
}
/* .active-border {
border: 2px blue solid;
} */
</style>

38
src/routes/anmeldung/+page.server.ts
View File

@@ -1,9 +1,35 @@
import { loginUser, logoutUser } from '$lib/server/authService';
import { redirectIfVorgangExists } from '$lib/server/vorgangService.js';
import { dev } from '$app/environment';
import { error, fail, redirect } from '@sveltejs/kit';
import { ROUTE_NAMES } from '../index.js';
import { vorgangPINValidation } from '$lib/server/vorgangService.js';
export const actions = {
login: ({ request, cookies }) => loginUser({request, cookies}),
logout: (event) => logoutUser(event),
redirectToVorgang: ({request}) => redirectIfVorgangExists(request)
default: async ({ request, cookies }) => {
const data = await request.formData();
const vorgangToken = data.get('vorgang-token');
const vorgangPIN = data.get('vorgang-pin') as string;
if (!vorgangPIN) {
return fail(400, { message: 'Bitte einen PIN eingeben.'});
}
if (!vorgangPINValidation(vorgangToken, vorgangPIN)) {
return fail(400, { message: 'Falsche Zugangsdaten.'});
}
const COOKIE_NAME = `token-${vorgangToken}`;
cookies.set(COOKIE_NAME, vorgangPIN, {
path: '/',
httpOnly: true,
sameSite: 'strict',
secure: !dev
});
throw redirect(303, ROUTE_NAMES.VORGANG(vorgangToken));
}
} as const;
export const load: PageServerLoad = async ({ url }) => {
const vorgang = url.searchParams.get('vorgang');
if (!vorgang) error(404, "Not Found");
};

100
src/routes/anmeldung/+page.svelte
View File

@@ -1,18 +1,15 @@
<script lang="ts">
import BaseInputField from '$lib/components/BaseInputField.svelte';
import Button from '$lib/components/Button.svelte';
import Modal from '$lib/components/Modal/Modal.svelte';
import ModalContent from '$lib/components/Modal/ModalContent.svelte';
import ModalFooter from '$lib/components/Modal/ModalFooter.svelte';
import ModalTitle from '$lib/components/Modal/ModalTitle.svelte';
import ArrowRight from '$lib/icons/Arrow-right.svelte';
import Login from '$lib/icons/Login.svelte';
export let form;
export let open = false;
import { page } from '$app/state';
import { ROUTE_NAMES } from '../index.js';
const vorgangToken = page.url.searchParams.get('vorgang');
</script>
{#if vorgangToken}
<div class="flex min-h-full flex-col justify-center px-6 py-12 lg:px-8">
<div class="sm:mx-auto sm:w-full sm:max-w-sm">
<img class="mx-auto h-10 w-auto" src="/Landeswappen_NI.svg" alt="Landeswappen Niedersachsen" />
@@ -24,73 +21,30 @@
<div class="w-full max-w-sm mx-auto">
<div class="relative mt-5 bg-gray-50 rounded-xl shadow-xl p-3 pt-1">
<div class="mt-10">
<form action="?/redirectToVorgang" method="POST">
<BaseInputField
id="case-id"
name="case-id"
label="Vorgangskennung"
type="text"
value={form?.caseId}
/>
<div class="mt-5">
<BaseInputField
id="case-token"
name="case-token"
label="Zugangscode"
type="text"
value={form?.token}
error={form?.error?.message}
/>
</div>
<div class="flex justify-end pt-4">
<Button type="submit"><ArrowRight /></Button>
</div>
</form>
<form method="POST">
<input type="hidden" name="vorgang-token" value={vorgangToken} />
<div class="mt-5">
<BaseInputField
id="vorgang-pin"
name="vorgang-pin"
label="Zugangs-PIN"
type="text"
value={form?.vorgangPIN}
error={form?.error?.message}
/>
</div>
{#if form?.message}
<p class="block text-sm leading-6 text-red-900 mt-2">{form.message}</p>
{/if}
<div class="flex justify-end pt-4">
<Button type="submit"><ArrowRight /></Button>
</div>
</form>
</div>
</div>
<div class="flex justify-end mt-10 px-3">
<Button on:click={() => (open = true)}><Login /></Button>
</div>
</div>
</div>
<Modal {open}>
<ModalTitle>Anmelden</ModalTitle>
<ModalContent class="flex justify-center">
<form action="?/login" method="POST">
<div>
<label for="user" class="text-sm font-medium leading-6 text-gray-900">Kennung</label>
<div class="mt-2">
<input
id="user"
name="user"
type="text"
autocomplete="email"
required
class="rounded-md border-0 py-1.5 text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 placeholder:text-gray-400 focus:ring-2 focus:ring-inset focus:ring-indigo-600 sm:text-sm sm:leading-6"
/>
</div>
</div>
<div>
<label for="password" class="block text-sm font-medium leading-6 text-gray-900"
>Passwort</label
>
<div class="mt-2">
<input
id="password"
name="password"
type="password"
autocomplete="current-password"
required
class="block w-full rounded-md border-0 py-1.5 text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 placeholder:text-gray-400 focus:ring-2 focus:ring-inset focus:ring-indigo-600 sm:text-sm sm:leading-6"
/>
</div>
</div>
<div class="flex justify-end">
<Button type="submit" class="mt-5">Anmelden</Button>
</div>
</form>
</ModalContent>
<ModalFooter><Button on:click={() => (open = false)}>Ok</Button></ModalFooter>
</Modal>
{/if}

9
src/routes/api/list/+server.ts Normal file
View File

@@ -0,0 +1,9 @@
import { getVorgaenge } from '$lib/server/vorgangService';
export async function GET() {
const vorgaenge = getVorgaenge();
return new Response(JSON.stringify(vorgaenge), {
status: 200
});
}

60
src/routes/api/list/[[vorgang]]/+server.ts
View File

@@ -1,60 +0,0 @@
import { client } from '$lib/minio';
/** @type {import('./$types').RequestHandler} */
export async function GET({ params }) {
const prefix = params.vorgang ? `${params.vorgang}/` : '';
const stream = client.listObjectsV2('tatort', prefix, false, '');
const result = new ReadableStream({
start(controller) {
stream.on('data', (data) => {
if (prefix === '') {
if (data.prefix)
controller.enqueue(`${JSON.stringify({ ...data, name: data.prefix.slice(0, -1) })}\n`);
return;
}
const name = data.name.slice(prefix.length);
if (name === 'config.json') return;
// zugangscode datei
if (name === '__perm__') return;
controller.enqueue(`${JSON.stringify({ ...data, name, prefix })}\n`);
});
stream.on('end', () => {
controller.close();
});
},
cancel() {
stream.destroy();
}
});
return new Response(result, {
headers: {
'content-type': 'text/event-stream'
}
});
}
export async function DELETE({ params }) {
const vorgang = params.vorgang;
const object_list = await new Promise((resolve, reject) => {
const res = [];
const items_str = client.listObjects('tatort', vorgang, true);
items_str.on('data', (obj) => {
res.push(obj.name);
});
items_str.on('error', reject);
items_str.on('end', async () => {
resolve(res);
});
});
await client.removeObjects('tatort', object_list);
return new Response(null, { status: 204 });
}

25
src/routes/api/list/[[vorgang]]/code/+server.ts
View File

@@ -1,25 +0,0 @@
import { client } from '$lib/minio';
/** @type {import('./$types').RequestHandler} */
export async function GET({ params }) {
const prefix = params.vorgang ? `${params.vorgang}` : '';
const code_name = '__perm__';
const obj_path = `${prefix}/${code_name}`;
let result = null;
try {
result = await client.getObject('tatort', obj_path);
} catch (error) {
if (error.name == 'S3Error') {
result = null;
}
}
if (result != null) {
return new Response(result, { status: 200 });
} else {
return new Response(null, { status: 404 });
}
}

88
src/routes/api/list/[vorgang]/+server.ts Normal file
View File

@@ -0,0 +1,88 @@
import { BUCKET, client } from '$lib/minio';
import { json } from '@sveltejs/kit';
import {
deleteVorgangByToken,
getCrimesListByToken,
vorgangNameExists,
updateVorgangAttrByToken
} from '$lib/server/vorgangService';
export async function DELETE({ params }) {
const vorgangToken = params.vorgang;
const object_list = await new Promise((resolve, reject) => {
const res = [];
const items_str = client.listObjects(BUCKET, vorgangToken, true);
items_str.on('data', (obj) => {
res.push(obj.name);
});
items_str.on('error', reject);
items_str.on('end', async () => {
resolve(res);
});
});
await client.removeObjects(BUCKET, object_list);
deleteVorgangByToken(vorgangToken);
return new Response(null, { status: 204 });
}
export async function HEAD({ params }) {
try {
const vorgangName = params.vorgang;
const existing = vorgangNameExists(vorgangName);
return new Response(null, {
status: existing ? 200 : 404
});
} catch (err) {
console.error('Fehler im HEAD-Handler:', err);
return new Response(null, { status: 500 });
}
}
export async function GET({ params }) {
try {
const vorgangToken = params.vorgang;
const crimesList = await getCrimesListByToken(vorgangToken);
return new Response(JSON.stringify(crimesList), {
status: 200
});
} catch (err) {
console.error('Fehler im GET-Handler:', err);
return new Response(null, { status: 500 });
}
}
// change Vorgang properties
export async function PUT({ request }) {
const data = await request.json();
const vorgangToken = data['vorgangToken'];
const changePIN = data['changePIN'];
let attrChanged;
let newValue;
if (changePIN) {
attrChanged = 'pin';
newValue = data['newVorgangPIN']
} else {
attrChanged = 'name';
newValue = data['newName']
}
const res = updateVorgangAttrByToken(vorgangToken, newValue, attrChanged);
if (!res) {
return json({ msg: 'Fehler beim Umbenennen' }, { status: 400 });
}
return json({ success: 'success' }, { status: 200 });
}

63
src/routes/api/list/[vorgang]/[tatort]/+server.ts Normal file
View File

@@ -0,0 +1,63 @@
import { BUCKET, client } from '$lib/minio';
import { json } from '@sveltejs/kit';
export async function GET() {
const stream = client.listObjectsV2(BUCKET, '', true);
const result = new ReadableStream({
start(controller) {
stream.on('data', (data) => {
controller.enqueue(`${JSON.stringify(data)}\n`);
});
stream.on('end', () => {
controller.close();
});
},
cancel() {
stream.destroy();
}
});
return new Response(result, {
headers: {
'content-type': 'text/event-stream'
}
});
}
export async function DELETE({ request }) {
const url_fragments = request.url.split('/');
const item = url_fragments.at(-1);
const vorgang = url_fragments.at(-2);
await client.removeObject(BUCKET, `${vorgang}/${item}`);
return new Response(null, { status: 204 });
}
// rename operation for crimes
export async function PUT({ params, request }) {
const data = await request.json();
const vorgangToken = params.vorgang;
// prepare copy, incl. check if new name exists already
const crimeOldName = data['oldName'];
const crimeS3FullBucketPathOld = `/${BUCKET}/${vorgangToken}/${crimeOldName}`;
const crimeNewName = `${vorgangToken}/${data['newName']}`;
if (!crimeOldName || !crimeNewName) {
return json({ msg: 'Der Name darf nicht leer sein.' }, { status: 400 });
}
try {
await client.statObject(BUCKET, crimeNewName);
return json({ msg: 'Die Datei existiert bereits.' }, { status: 400 });
} catch (error) {
console.log(error, 'continue operation');
}
await client.copyObject(BUCKET, crimeNewName, crimeS3FullBucketPathOld);
await client.removeObject(BUCKET, `${vorgangToken}/${crimeOldName}`);
return json({ success: 'success' }, { status: 200 });
}

24
src/routes/api/tatort/+server.ts
View File

@@ -1,24 +0,0 @@
import { client } from '$lib/minio';
export async function GET() {
const stream = client.listObjectsV2('tatort', '', true);
const result = new ReadableStream({
start(controller) {
stream.on('data', (data) => {
controller.enqueue(`${JSON.stringify(data)}\n`);
});
stream.on('end', () => {
controller.close();
});
},
cancel() {
stream.destroy();
}
});
return new Response(result, {
headers: {
'content-type': 'text/event-stream'
}
});
}

10
src/routes/api/user/+server.ts Normal file
View File

@@ -0,0 +1,10 @@
//Rollenabfrage ob Benutzer admin ist
import { json } from "@sveltejs/kit";
export async function GET({locals}) {
const isAdmin = locals.user?.admin === true;
const data = {admin: isAdmin}
return json(data)
}

31
src/routes/api/users/+server.ts Normal file
View File

@@ -0,0 +1,31 @@
import { json } from '@sveltejs/kit';
import { addUser, getUsers } from '$lib/server/userService';
import bcrypt from 'bcrypt';
const saltRounds = 12;
export function GET() {
const userList = getUsers();
return new Response(JSON.stringify(userList));
}
export async function POST({ request }) {
const data = await request.json();
const userName = data.userName;
const userPassword = data.userPassword;
if (!userName || !userPassword) {
return json({ error: 'Missing input' }, { status: 400 });
}
const hashedPassword = bcrypt.hashSync(userPassword, saltRounds);
const rowInfo = addUser(userName, hashedPassword);
if (rowInfo?.changes == 1) {
return json({ userId: rowInfo.lastInsertRowid, userName: userName }, { status: 201 });
} else {
return new Response(null, { status: 400 });
}
}

8
src/routes/api/users/[user]/+server.ts Normal file
View File

@@ -0,0 +1,8 @@
import { deleteUser } from '$lib/server/userService';
export async function DELETE({ params }) {
const userId = params.user;
const rowCount = deleteUser(userId);
return new Response(null, { status: rowCount == 1 ? 204 : 400 });
}

0
src/routes/api/vorgang/[vorgang]/+server.ts Normal file
View File

18
src/routes/api/vorgang/[vorgang]/vorgangPIN/+server.ts Normal file
View File

@@ -0,0 +1,18 @@
import { db } from '$lib/server/dbService';
/** @type {import('./$types').RequestHandler} */
export async function GET({ params }) {
const vorgangName = params.vorgang;
const getPINSQLStatement = `SELECT pin
FROM cases
WHERE name = ?;`;
const row = db.prepare(getPINSQLStatement).get(vorgangName);
const vorgangPIN = row?.pin;
if (vorgangPIN) {
return new Response(vorgangPIN, { status: 200 });
} else {
return new Response(null, { status: 404 });
}
}

41
src/routes/index.ts Normal file
View File

@@ -0,0 +1,41 @@
export const ROUTE_NAMES = {
ROOT: '/',
// (angemeldet)
LIST: '/list',
UPLOAD: '/upload',
// UPLOAD actions
UPLOAD_URL: '/upload?/url',
UPLOAD_VALIDATE: '/upload?/validate',
USERMGMT: '/user-management',
// (token-based)
VORGANG: (vorgangToken: string) => `/list/${vorgangToken}`,
CRIME: (vorgangToken: string, tatort: string) => `/view/${vorgangToken}/${tatort}`,
// Anmeldung: actions
ANMELDUNG: '/anmeldung',
LOGIN: '/?/login',
LOGOUT: '/?/logout',
ANMELDUNG_GET_VORGANG_BY_TOKEN: '/anmeldung?/getVorgangByToken',
ANMELDUNG_VORGANG_PARAM: (vorgangToken: string) => `/anmeldung?vorgang=${vorgangToken}`
};
export const API_ROUTES = {
LIST: '/api/list',
VORGANG: (vorgangToken: string) => `/api/list/${vorgangToken}`,
// via `HEAD` method
VORGANG_NAME_EXIST: (vorgangName: string) => `/api/list/${vorgangName}`,
VORGANG_PIN: (vorgangName: string) => `/api/vorgang/${vorgangName}/vorgangPIN`,
// Tatort
CRIME: (vorgangToken: string, crimeName: string) => `/api/list/${vorgangToken}/${crimeName}`,
// Users
USERS: '/api/users',
USER: (userId: string) => `/api/users/${userId}`
};
const isProd = process.env.NODE_ENV == 'production';
export const DB_FULLPATH = !isProd ? './src/lib/data/tatort.db' : '/daten/tatort.db';

37
tests/api/API_Protection.test.ts Normal file
View File

@@ -0,0 +1,37 @@
import { describe, test, expect, vi } from 'vitest';
import { handle } from '../../src/hooks.server';
const event = {
url: new URL("http://localhost/api/list"),
cookies: { get: vi.fn(() => null) },
locals: {user: null}
};
vi.mock('$lib/auth', () => ({
decryptToken: vi.fn()
}));
describe('API-Endpoints: Zugangs-Mechanismus', () => {
test('Unautorisierter Zugriff', async () => {
const resolve = vi.fn();
const response = await handle({ event, resolve });
expect(response.status).toBe(401);
const body = await response.json();
expect(body.error).toBe('Unauthorized');
expect(resolve).not.toHaveBeenCalled();
});
test('Authentifizierter Zugriff', async () => {
event.locals = {user: { id: 'admin', admin: true }}
const resolve = vi.fn(() => new Response('ok', { status: 200 }));
const response = await handle({ event, resolve });
expect(response.status).toBe(200);
expect(await response.text()).toBe('ok');
expect(resolve).toHaveBeenCalled();
});
})

49
tests/api/List.test.ts Normal file
View File

@@ -0,0 +1,49 @@
import { describe, test, expect, vi } from 'vitest';
import { GET } from '$root/routes/api/list/+server';
import { getVorgaenge } from '$lib/server/vorgangService';
// Mocks
vi.mock('$lib/server/vorgangService', () => ({
getVorgaenge: vi.fn()
}));
const event = {
locals: {
user: { id: 'admin', admin: true }
}
};
describe('API-Endpoints: list', () => {
test('Leere Liste wenn keine Vorgänge existieren', async () => {
vi.mocked(getVorgaenge).mockReturnValueOnce([]);
const response = await GET(event);
expect(response.status).toBe(200);
const json = await response.json();
expect(json).toEqual([]);
});
test('Liste mit existierenden Vorgängen', async () => {
const testVorgaenge = [
{
vorgangToken: '19f1d34e-4f31-48e8-830f-c4e42c29085e',
vorgangName: 'xyz-123',
vorgangPIN: 'pin-123'
},
{
vorgangToken: '7596e4d5-c51f-482d-a4aa-ff76434305fc',
vorgangName: 'vorgang-2',
vorgangPIN: 'pin-2'
}
];
vi.mocked(getVorgaenge).mockReturnValueOnce(testVorgaenge);
const response = await GET(event);
expect(response.status).toBe(200);
const json = await response.json();
expect(json).toEqual(testVorgaenge);
});
});

122
tests/api/ListVorgang.test.ts Normal file
View File

@@ -0,0 +1,122 @@
import { describe, test, expect, vi } from 'vitest';
import { DELETE, GET, HEAD } from '$root/routes/api/list/[vorgang]/+server';
import {
getCrimesListByToken,
vorgangNameExists,
deleteVorgangByToken
} from '$lib/server/vorgangService';
import { BUCKET, client } from '$lib/minio';
import { EventEmitter } from 'events';
// Mocks
vi.mock('$lib/server/vorgangService', () => ({
getCrimesListByToken: vi.fn(),
vorgangNameExists: vi.fn(),
deleteVorgangByToken: vi.fn()
}));
vi.mock('$lib/minio', () => ({
client: {
listObjects: vi.fn(),
removeObjects: vi.fn()
},
BUCKET: 'tatort-test'
}));
const MockEvent = {
params: { vorgang: '123' },
locals: {
user: { id: 'admin', admin: true }
}
};
describe('API-Endpoints: list/[vorgang]', () => {
test('Vorgang ohne Tatorte', async () => {
const testCrimesList = [];
vi.mocked(getCrimesListByToken).mockReturnValueOnce(testCrimesList);
const response = await GET(MockEvent);
expect(response.status).toBe(200);
const json = await response.json();
expect(json).toEqual(testCrimesList);
});
test('Vorgang mit Tatorte', async () => {
const testCrimesList = [
{
name: 'model-A',
lastModified: '2025-08-28T09:44:12.453Z',
etag: '558f35716f6af953f9bb5d75f6d77e6a',
size: 8947140,
prefix: '7596e4d5-c51f-482d-a4aa-ff76434305fc',
show_button: true
},
{
name: 'model-z',
lastModified: '2025-08-28T10:37:20.142Z',
etag: '43e3989c32c4682bee407baaf83b6fa0',
size: 35788560,
prefix: '7596e4d5-c51f-482d-a4aa-ff76434305fc',
show_button: true
}
];
vi.mocked(getCrimesListByToken).mockReturnValueOnce(testCrimesList);
const response = await GET(MockEvent);
expect(response.status).toBe(200);
const json = await response.json();
expect(json).toEqual(testCrimesList);
});
test('Vorgang existiert via HEAD', async () => {
const vorgangExists = true;
vi.mocked(vorgangNameExists).mockReturnValueOnce(vorgangExists);
const response = await HEAD(MockEvent);
expect(response.status).toBe(200);
const textContent = await response.text();
expect(textContent).toEqual('');
});
test('Vorgang existiert nicht via HEAD', async () => {
const vorgangExists = false;
vi.mocked(vorgangNameExists).mockReturnValueOnce(vorgangExists);
const response = await HEAD(MockEvent);
expect(response.status).toBe(404);
const textContent = await response.text();
expect(textContent).toEqual('');
});
test('Lösche Vorgang und dazugehörige S3 Objekte', async () => {
// Mock data
const fakeStream = new EventEmitter();
vi.mocked(client.listObjects).mockReturnValue(fakeStream);
vi.mocked(client.removeObjects).mockResolvedValue(undefined);
vi.mocked(deleteVorgangByToken).mockReturnValueOnce(undefined);
const responsePromise = DELETE(MockEvent);
const fakeCrimeNames = [
`${MockEvent.params.vorgang}/file1.glb`,
`${MockEvent.params.vorgang}/file2.glb`
];
// simulate data stream
fakeStream.emit('data', { name: fakeCrimeNames[0] });
fakeStream.emit('data', { name: fakeCrimeNames[1] });
fakeStream.emit('end');
const response = await responsePromise;
expect(client.removeObjects).toHaveBeenCalledWith(BUCKET, fakeCrimeNames);
expect(deleteVorgangByToken).toHaveBeenCalledWith(MockEvent.params.vorgang);
expect(response.status).toBe(204);
});
});

98
tests/api/ListVorgangTatort.test.ts Normal file
View File

@@ -0,0 +1,98 @@
import { describe, test, expect, vi } from 'vitest';
import { DELETE, PUT } from '$root/routes/api/list/[vorgang]/[tatort]/+server';
import { BUCKET, client } from '$lib/minio';
import { baseData } from '../fixtures';
// Mock data and methods
const fakeVorgangToken = `c399423a-ba37-4fe1-bbdf-80e5881168ff`;
const fakeCrimeOldName = `model-A`;
const fakeCrimeNewName = 'model-Z';
const fakeCrimePath = `${fakeVorgangToken}/${fakeCrimeOldName}`;
const fullFakeCrimePath = `/${BUCKET}/${fakeCrimePath}`;
const fakeCrimeAPIURL = `http://localhost:5173/api/list/${fakeCrimePath}`;
vi.mock('$lib/minio', () => ({
client: {
removeObject: vi.fn(),
statObject: vi.fn(),
copyObject: vi.fn()
},
BUCKET: 'tatort'
}));
describe('API-Endpoints: list/[vorgang]/[tatort]', () => {
test('Löschen von Tatorten', async () => {
const request = new Request(fakeCrimeAPIURL);
const locals = { user: baseData.user }
const response = await DELETE({ locals, request });
expect(client.removeObject).toHaveBeenCalledWith(BUCKET, fakeCrimePath);
expect(response.status).toBe(204);
const responseBody = await response.text();
expect(responseBody).toBe('');
});
test('Umbennen von Tatorten: Erfolgreich', async () => {
const request = new Request(fakeCrimeAPIURL, {
method: 'PUT',
body: JSON.stringify({
oldName: fakeCrimeOldName,
newName: fakeCrimeNewName
})
});
const params = { vorgang: fakeVorgangToken };
const locals = { user: baseData.user }
// Mock Datei nicht gefunden
client.statObject.mockRejectedValueOnce(new Error('NotFound'));
const response = await PUT({ locals, params, request });
const fakeCrimeNewPath = `${fakeVorgangToken}/${fakeCrimeNewName}`;
expect(client.statObject).toHaveBeenCalledWith(BUCKET, fakeCrimeNewPath);
expect(client.copyObject).toHaveBeenCalledWith(BUCKET, fakeCrimeNewPath, fullFakeCrimePath);
expect(client.removeObject).toHaveBeenCalledWith(BUCKET, fakeCrimePath);
expect(response.status).toBe(200);
});
test('Umbennen von Tatorten: Fehlende(r) Name', async () => {
const request = new Request(fakeCrimeAPIURL, {
method: 'PUT',
body: JSON.stringify({
oldName: '',
newName: ''
})
});
const locals = { user: baseData.user }
const params = { vorgang: fakeVorgangToken };
const response = await PUT({ locals, params, request });
expect(response.status).toBe(400);
});
test('Umbennen von Tatorten: Existierender Name', async () => {
const request = new Request(fakeCrimeAPIURL, {
method: 'PUT',
body: JSON.stringify({
oldName: fakeCrimeOldName,
newName: fakeCrimeNewName
})
});
const params = { vorgang: fakeVorgangToken };
const locals = { user: baseData.user }
// Datei existiert bereits
client.statObject.mockResolvedValueOnce({});
const response = await PUT({ locals, params, request });
expect(response.status).toBe(400);
const fakeCrimeNewPath = `${fakeVorgangToken}/${fakeCrimeNewName}`;
expect(client.statObject).toHaveBeenCalledWith(BUCKET, fakeCrimeNewPath);
expect(client.copyObject).not.toHaveBeenCalled();
expect(client.removeObject).not.toHaveBeenCalled();
});
});

40
tests/api/User.test.ts Normal file
View File

@@ -0,0 +1,40 @@
import { describe, test, expect } from 'vitest';
import { GET } from '$root/routes/api/user/+server';
const id = 'admin';
describe('API-Endpoints: User ist Admin', () => {
test('User ist Admin', async () => {
const admin = true;
const event = {
locals: {
user: { id, admin }
}
};
const fakeResult = { admin };
const response = await GET(event);
expect(response.status).toBe(200);
const json = await response.json();
expect(json).toEqual(fakeResult);
});
test('User ist kein Admin', async () => {
const admin = false;
const event = {
locals: {
user: { id, admin }
}
};
const fakeResult = { admin };
const response = await GET(event);
expect(response.status).toBe(200);
const json = await response.json();
expect(json).toEqual(fakeResult);
});
});

148
tests/api/Users.test.ts Normal file
View File

@@ -0,0 +1,148 @@
import { describe, test, expect, vi, beforeEach } from 'vitest';
import { GET, POST } from '$root/routes/api/users/+server';
import bcrypt from 'bcrypt';
import { addUser, getUsers } from '$lib/server/userService';
vi.mock('$lib/server/userService', () => ({
addUser: vi.fn(),
getUsers: vi.fn()
}));
vi.mock('bcrypt', () => ({
default: {
hashSync: vi.fn()
}
}));
describe('API-Endpoint: Users', () => {
// [INFO] Test auf keine User nicht notwendig, da immer min. ein User vorhanden
// Mock eingelogter User bzw. stelle locals.user zur Verfügung
const fakeLoggedInUser = { id: 'admin', admin: true };
const mockLocals = {
user: fakeLoggedInUser
};
test('Rufe Liste aller User ab', async () => {
const fakeLoggedInUser = { id: 'admin', admin: true };
const event = {
locals: {
user: fakeLoggedInUser
}
};
const fakeResult = [{ userId: 42, userName: 'admin' }];
getUsers.mockReturnValueOnce(fakeResult);
const response = await GET(event);
expect(response.status).toBe(200);
const json = await response.json();
expect(json).toEqual(fakeResult);
});
test('Füge Benutzer hinzu: Erfolgreich', async () => {
// Mocke Parameter und Funktionen von Drittparteien
const fakeUsersAPIURL = `http://localhost:5173/api/users`;
const fakeUserID = 42;
const fakeUsername = 'admin';
const fakeUserPassword = 'pass-123';
const mockRequest = new Request(fakeUsersAPIURL, {
method: 'POST',
body: JSON.stringify({
userName: fakeUsername,
userPassword: fakeUserPassword
})
});
const mockedHash = 'mocked-hash';
bcrypt.hashSync.mockReturnValueOnce(mockedHash);
const mockedRowInfo = {
changes: 1,
lastInsertRowid: fakeUserID
};
addUser.mockReturnValueOnce(mockedRowInfo);
const response = await POST({
request: mockRequest,
locals: mockLocals
});
expect(response.status).toBe(201);
const fakeResult = { userId: fakeUserID, userName: fakeUsername };
const json = await response.json();
expect(json).toEqual(fakeResult);
expect(addUser).toHaveBeenCalledWith(fakeUsername, mockedHash);
});
test('Füge Benutzer hinzu: Fehlender Name oder Passwort', async () => {
// Mocke Parameter und Funktionen von Drittparteien
const fakeUsersAPIURL = `http://localhost:5173/api/users`;
const fakeUserID = 42;
const fakeUsername = '';
const fakeUserPassword = '';
const mockRequest = new Request(fakeUsersAPIURL, {
method: 'POST',
body: JSON.stringify({
userName: fakeUsername,
userPassword: fakeUserPassword
})
});
const response = await POST({
request: mockRequest,
locals: mockLocals
});
expect(response.status).toBe(400);
const errorMessage = { error: 'Missing input' };
const json = await response.json();
expect(json).toEqual(errorMessage);
expect(addUser).not.toHaveBeenCalled();
});
test('Füge Benutzer hinzu: Nicht erfolgreich, keine Datenbankänderung', async () => {
// Mocke Parameter und Funktionen von Drittparteien
const fakeUsersAPIURL = `http://localhost:5173/api/users`;
const fakeUserID = 42;
const fakeUsername = 'admin';
const fakeUserPassword = 'pass-123';
const mockRequest = new Request(fakeUsersAPIURL, {
method: 'POST',
body: JSON.stringify({
userName: fakeUsername,
userPassword: fakeUserPassword
})
});
const mockedHash = 'mocked-hash';
bcrypt.hashSync.mockReturnValueOnce(mockedHash);
const mockedRowInfo = {
changes: 0,
lastInsertRowid: fakeUserID
};
addUser.mockReturnValueOnce(mockedRowInfo);
const response = await POST({
request: mockRequest,
locals: mockLocals
});
expect(response.status).toBe(400);
const body = await response.text();
expect(body).toEqual('');
expect(addUser).toHaveBeenCalledWith(fakeUsername, mockedHash);
});
});

45
tests/api/VorgangVorgangPIN.test.ts Normal file
View File

@@ -0,0 +1,45 @@
import { describe, test, expect, vi } from 'vitest';
import { GET } from '$root/routes/api/vorgang/[vorgang]/vorgangPIN/+server';
import { db } from '$lib/server/dbService';
import { baseData } from '../fixtures';
const mockEvent = {
params: { vorgang: '123' },
locals: { user: baseData.user }
};
vi.mock('$lib/server/dbService', () => ({
db: {
prepare: vi.fn()
}
}));
describe('API-Endpoint: Vorgang-PIN', () => {
test('Vorgang PIN: Erfolgreich', async () => {
// only interested in PIN value
const mockPIN = 'pin-123';
const mockRow = { pin: mockPIN };
const getMock = vi.fn().mockReturnValue(mockRow);
db.prepare.mockReturnValue({ get: getMock });
const response = await GET(mockEvent);
expect(response.status).toBe(200);
const body = await response.text();
expect(body).toEqual(mockPIN);
});
test('Vorgang PIN: Nicht erfolgreich', async () => {
const mockRow = {};
const getMock = vi.fn().mockReturnValue(mockRow);
db.prepare.mockReturnValue({ get: getMock });
const response = await GET(mockEvent);
expect(response.status).toBe(404);
const body = await response.text();
expect(body).toEqual('');
});
});

9
tests/components/EmptyList.view.test.ts Normal file
View File

@@ -0,0 +1,9 @@
import { render, screen } from '@testing-library/svelte';
import EmptyList from '$lib/components/EmptyList.svelte'
import { describe, expect, it } from 'vitest';
describe('Komponente: EmptyList', () => {
it('zeigt Hinweistext "Keine Einträge"', () => {
render(EmptyList);
expect(screen.getByText(/keine Einträge/i)).toBeInTheDocument(); });
});

47
tests/components/Footer.test.ts Normal file
View File

@@ -0,0 +1,47 @@
import { render, screen } from '@testing-library/svelte';
import { describe, test, expect } from 'vitest';
import { ROUTE_NAMES } from '../../src/routes';
import { baseData } from '../fixtures';
import Footer from '$lib/components/Footer.svelte';
describe('Footer component', () => {
test('Enthält Behörden-Name und entsprechenden Link', () => {
render(Footer);
const linkElement = screen.getByText('Innovation Hub', { exact: false });
expect(linkElement).toBeInTheDocument();
expect(linkElement).toHaveAttribute('href', ROUTE_NAMES.LIST);
});
test('Enthält Zurück-Button und entsprechenden Link', () => {
render(Footer);
const linkElement = screen.getByText('back');
expect(linkElement).toBeInTheDocument();
expect(linkElement).toHaveAttribute('href', ROUTE_NAMES.ROOT);
});
test('Enthält Profil-Icon und entsprechenden Link: angemeldet', () => {
render(Footer, { props: { data: baseData } });
const linkElement = screen.getByText('admin');
expect(linkElement).toBeInTheDocument();
expect(linkElement).toHaveAttribute('href', ROUTE_NAMES.ROOT);
// Check for presence of `Profile` component
const svg = screen.getByTestId('profile-component');
expect(svg).toBeTruthy();
});
test('Enthält Profil-Icon und entsprechenden Link: nicht angemeldet', () => {
const { container } = render(Footer, { props: { data: null } });
const links = container.querySelectorAll('a');
const linkElement = links[2]; // Index starts at 0
expect(linkElement).toHaveAttribute('href', ROUTE_NAMES.ROOT);
// User/View does not have any ID
const ID_displayElement = screen.queryByText('admin');
expect(ID_displayElement).not.toBeInTheDocument();
// Check for presence of `Profile` component
const svg = screen.getByTestId('profile-component');
expect(svg).toBeTruthy();
});
});

22
tests/components/Header.test.ts Normal file
View File

@@ -0,0 +1,22 @@
import { render, screen } from '@testing-library/svelte';
import { describe, test, expect } from 'vitest';
import { ROUTE_NAMES } from '../../src/routes';
import { baseData } from '../fixtures';
import Header from '$lib/components/Header.svelte';
describe('Header component', () => {
test('Enthält Landeswappen von NDS und entsprechenden Link', () => {
render(Header, { props: { data: baseData } });
const linkElement = screen.getByText('Tatort Niedersachen').closest('a');
expect(linkElement).toBeInTheDocument();
expect(linkElement).toHaveAttribute('href', ROUTE_NAMES.ROOT);
});
test('Form enthält korrekten Link', () => {
const { container } = render(Header, { props: { data: baseData } });
const formElement = container.querySelector('form');
expect(formElement).toBeInTheDocument();
expect(formElement).toHaveAttribute('action', ROUTE_NAMES.ANMELDUNG_LOGOUT);
});
});

142
tests/components/NameItemEditor.test.ts Normal file
View File

@@ -0,0 +1,142 @@
import { fireEvent, render, screen } from '@testing-library/svelte';
import { describe, expect, it, test, vi } from 'vitest';
import NameItemEditor from '$lib/components/NameItemEditor.svelte';
import { baseData } from '../fixtures';
const testCrimesListIndex = 0;
const testItem = baseData.crimesList[testCrimesListIndex];
const testCurrentName = testItem.name;
const testLocalName = 'Fall-C';
describe('NameItemEditor - Funktionalität', () => {
const onSave = vi.fn();
const onDelete = vi.fn();
const baseProps = {
list: baseData.crimesList,
currentName: testCurrentName,
onSave,
onDelete
};
test.todo('FocusIn nach Klick auf edit');
it('zeigt initial Edit/Delete Buttons und aktuellen Namen', () => {
render(NameItemEditor, { props: baseProps });
expect(screen.getByTestId('edit-button')).toBeInTheDocument();
expect(screen.getByTestId('delete-button')).toBeInTheDocument();
expect(screen.queryByTestId('commit-button')).toBeNull();
expect(screen.queryByTestId('cancel-button')).toBeNull();
expect(screen.getByText(testCurrentName)).toBeInTheDocument();
});
it('wechselt zu Commit/Cancel nach Klick auf Edit', async () => {
render(NameItemEditor, { props: baseProps });
await fireEvent.click(screen.getByTestId('edit-button'));
const input = screen.getByTestId('test-input');
expect(screen.getByTestId('commit-button')).toBeInTheDocument();
expect(screen.getByTestId('cancel-button')).toBeInTheDocument();
expect(screen.queryByTestId('edit-button')).toBeNull();
expect(screen.queryByTestId('delete-button')).toBeNull();
expect(screen.getAllByRole('textbox')).toHaveLength(1);
expect(input).toHaveValue(testCurrentName);
});
it('zeigt Fehlermeldung bei leerem Namen', async () => {
render(NameItemEditor, { props: baseProps });
await fireEvent.click(screen.getByTestId('edit-button'));
const input = screen.getByTestId('test-input');
await fireEvent.input(input, { target: { value: '' } });
expect(screen.getByText('Name darf nicht leer sein.')).toBeInTheDocument();
expect(onSave).not.toHaveBeenCalled();
});
it('entfernt Fehlermeldung live beim nächsten gültigen Tastendruck', async () => {
render(NameItemEditor, {
props: {
list: baseData.crimesList,
currentName: baseData.crimesList[0].name,
onSave: vi.fn(),
onDelete: vi.fn()
}
});
await fireEvent.click(screen.getByTestId('edit-button'));
const input = screen.getByTestId('test-input');
await fireEvent.input(input, { target: { value: '' } });
expect(screen.getByText('Name darf nicht leer sein.')).toBeInTheDocument();
await fireEvent.input(input, { target: { value: 'Fall-C' } });
expect(screen.queryByText('Name darf nicht leer sein.')).toBeNull();
});
it('zeigt Fehlermeldung bei Duplikat', async () => {
const duplicateName = baseData.crimesList[1].name;
render(NameItemEditor, { props: baseProps });
await fireEvent.click(screen.getByTestId('edit-button'));
const input = screen.getByTestId('test-input');
await fireEvent.input(input, { target: { value: duplicateName } });
expect(screen.getByText('Name existiert bereits.')).toBeInTheDocument();
expect(onSave).not.toHaveBeenCalled();
});
it('ruft onSave korrekt auf bei gültigem Namen: Tatort/Crime', async () => {
render(NameItemEditor, { props: baseProps });
await fireEvent.click(screen.getByTestId('edit-button'));
const input = screen.getByTestId('test-input');
await fireEvent.input(input, { target: { value: testLocalName } });
await fireEvent.click(screen.getByTestId('commit-button'));
expect(onSave).toHaveBeenCalledWith(testLocalName, testCurrentName, undefined);
});
it('ruft onDelete korrekt auf', async () => {
render(NameItemEditor, { props: baseProps });
await fireEvent.click(screen.getByTestId('delete-button'));
expect(onDelete).toHaveBeenCalledWith(testCurrentName);
});
it('setzt Zustand zurück bei Cancel', async () => {
render(NameItemEditor, { props: baseProps });
await fireEvent.click(screen.getByTestId('edit-button'));
const input = screen.getByTestId('test-input');
await fireEvent.input(input, { target: { value: 'Zwischentext' } });
await fireEvent.click(screen.getByTestId('cancel-button'));
expect(screen.getByText(testCurrentName)).toBeInTheDocument();
expect(screen.getByTestId('edit-button')).toBeInTheDocument();
});
it('triggert Save bei Enter-Taste: Tatort/Crime', async () => {
render(NameItemEditor, { props: baseProps });
await fireEvent.click(screen.getByTestId('edit-button'));
const input = screen.getByTestId('test-input');
await fireEvent.input(input, { target: { value: 'ViaEnter' } });
await fireEvent.keyDown(input, { key: 'Enter' });
expect(onSave).toHaveBeenCalledWith('ViaEnter', testCurrentName, undefined);
});
it('bricht ab bei Escape-Taste', async () => {
render(NameItemEditor, { props: baseProps });
await fireEvent.click(screen.getByTestId('edit-button'));
const input = screen.getByTestId('test-input');
await fireEvent.input(input, { target: { value: 'Zwischentext' } });
await fireEvent.keyDown(input, { key: 'Escape' });
expect(screen.getByText(testCurrentName)).toBeInTheDocument();
expect(onSave).not.toHaveBeenCalled();
});
});

53
tests/fixtures.ts Normal file
View File

@@ -0,0 +1,53 @@
const testUser = {
admin: true,
exp: 1757067123,
iat: 1757063523,
id: 'admin'
};
const testCrimesList = [
{
name: 'Fall-A',
lastModified: '2025-08-28T09:44:12.453Z',
etag: '558f35716f6af953f9bb5d75f6d77e6a',
size: 8947140,
prefix: '7596e4d5-c51f-482d-a4aa-ff76434305fc',
show_button: true
},
{
name: 'Fall-B',
lastModified: '2025-08-28T10:37:20.142Z',
etag: '43e3989c32c4682bee407baaf83b6fa0',
size: 35788560,
prefix: '7596e4d5-c51f-482d-a4aa-ff76434305fc',
show_button: true
}
];
const testVorgangsList = [
{
vorgangName: 'vorgang-1',
vorgangPIN: 'pin-123',
vorgangToken: 'c322f26f-8c5e-4cb9-94b3-b5433bf5109e'
},
{
vorgangName: 'vorgang-2',
vorgangPIN: 'pin-2',
vorgangToken: 'cb0051bc-5f38-47b8-943c-9352d4d9c984'
}
];
export const baseData = {
user: testUser,
vorgang: testVorgangsList[0],
vorgangList: testVorgangsList,
crimesList: testCrimesList,
url: `https://example.com/list/${testVorgangsList[0].vorgangToken}`,
crimeNames: ['modell-A', 'Fall-A']
};
export const mockEvent = {
locals: {
user: baseData.user
},
url: new URL(`https://example.com/anmeldung`)
};

143
tests/views/Anmeldung.test.ts Normal file
View File

@@ -0,0 +1,143 @@
import { describe, it, expect, vi } from 'vitest';
// import { actions } from '$root/routes/anmeldung/+page.server';
// import { load } from '$root/routes/(token-based)/+layout.server'
import { actions } from '../../src/routes/anmeldung/+page.server';
import { load } from '../../src/routes/(token-based)/+layout.server';
import { baseData } from '../fixtures';
import { ROUTE_NAMES } from '../../src/routes';
import { dev } from '$app/environment';
import { vorgangExists, vorgangPINValidation } from '$lib/server/vorgangService';
import type { Redirect } from '@sveltejs/kit';
vi.mock('$lib/server/vorgangService', () => ({
vorgangExists: vi.fn(),
vorgangPINValidation: vi.fn()
}));
describe('Vorgang Anzeige via Token', () => {
it('Setze Cookie nach erfolgreicher Eingabe', async () => {
// Mock formData
const vorgObj = baseData.vorgang;
const formData = new FormData();
formData.set('vorgang-token', vorgObj.vorgangToken);
formData.set('vorgang-pin', vorgObj.vorgangPIN);
const mockRequest = {
formData: vi.fn().mockResolvedValue(formData)
};
vi.mocked(vorgangPINValidation).mockReturnValueOnce(true);
const cookiesSet = vi.fn();
const event = {
request: mockRequest,
cookies: {
set: cookiesSet
}
};
let thrownRedirect: Redirect | undefined;
try {
await actions.default(event);
} catch (e) {
thrownRedirect = e as Redirect;
}
// Redirect bei erfolgreicher Eingabe
expect(thrownRedirect?.status).toBe(303);
expect(thrownRedirect?.location).toBe(ROUTE_NAMES.VORGANG(vorgObj.vorgangToken));
// Cookie wurde gesetzt
const COOKIE_NAME = `token-${vorgObj.vorgangToken}`;
expect(cookiesSet).toHaveBeenCalledWith(COOKIE_NAME, vorgObj.vorgangPIN, {
path: '/',
httpOnly: true,
sameSite: 'strict',
secure: !dev
});
});
it('Schlägt fehl wenn keine Daten übergeben werden', async () => {
const formData = new FormData(); // no data
const mockRequest = {
formData: vi.fn().mockResolvedValue(formData)
};
const cookiesSet = vi.fn();
const event = {
request: mockRequest,
cookies: {
set: cookiesSet
}
};
const result = await actions.default(event);
expect(result.status).toBe(400);
expect(result.data.message).toMatch(/PIN eingeben/i);
// Cookie wird nicht gesetzt
expect(cookiesSet).not.toHaveBeenCalled();
});
it.todo('Überprüfe was passiert, wenn Eingabe falsch, bzw. nicht im System passend gefunden');
});
describe('Teste Guard', () => {
it('Lese Cookie aus', async () => {
const vorgObj = baseData.vorgang;
const COOKIE_NAME = `token-${vorgObj.vorgangToken}`;
const cookiesGet = vi.fn().mockImplementation((key: string) => {
if (key === COOKIE_NAME) return vorgObj.vorgangPIN;
return undefined;
});
// mocked objects
const event = {
cookies: {
get: cookiesGet
},
locals: {},
params: { vorgang: vorgObj.vorgangToken }
};
vi.mocked(vorgangExists).mockReturnValueOnce(true);
vi.mocked(vorgangPINValidation).mockReturnValueOnce(true);
await load(event);
expect(cookiesGet).toHaveBeenCalledWith(COOKIE_NAME);
});
it('Kein Cookie gesetzt', async () => {
const vorgObj = baseData.vorgang;
const COOKIE_NAME = `token-${vorgObj.vorgangToken}`;
const cookiesGet = vi.fn().mockImplementation((key: string) => {
if (key === COOKIE_NAME) return vorgObj.vorgangPIN;
return undefined;
});
// mocked objects
const event = {
cookies: {
get: cookiesGet
},
locals: {},
params: { vorgang: vorgObj.vorgangToken }
};
vi.mocked(vorgangExists).mockReturnValueOnce(true);
vi.mocked(vorgangPINValidation).mockReturnValueOnce(false);
let thrownRedirect;
try {
await load(event);
throw new Error('Function did not throw');
} catch (e) {
thrownRedirect = e;
}
expect(thrownRedirect?.status).toBe(303);
expect(thrownRedirect?.location).toBe(
ROUTE_NAMES.ANMELDUNG_VORGANG_PARAM(vorgObj.vorgangToken)
);
expect(cookiesGet).toHaveBeenCalledWith(COOKIE_NAME);
});
});

23
tests/views/Home.view.test.ts Normal file
View File

@@ -0,0 +1,23 @@
import { render, screen } from '@testing-library/svelte';
import { describe, expect, it } from 'vitest';
import HomePage from '$root/routes/(angemeldet)/+page.svelte';
import { ROUTE_NAMES } from '../../src/routes';
import { baseData } from '../fixtures';
describe('Home-Page View', () => {
it('Überprüfe Links', () => {
render(HomePage, { props: { data: baseData } });
let linkElement = screen.getByText('Vorgänge');
expect(linkElement).toBeInTheDocument();
expect(linkElement).toHaveAttribute('href', ROUTE_NAMES.LIST);
linkElement = screen.queryByText('Hinzufügen');
expect(linkElement).not.toBeInTheDocument();
linkElement = screen.getByText('Benutzerverwaltung');
expect(linkElement).toBeInTheDocument();
expect(linkElement).toHaveAttribute('href', ROUTE_NAMES.USERMGMT);
});
});

24
tests/views/Layout.test.ts Normal file
View File

@@ -0,0 +1,24 @@
import { describe, test, expect } from 'vitest';
import { load } from '$root/routes/(angemeldet)/+layout.server';
import { ROUTE_NAMES } from '../../src/routes';
import { baseData, mockEvent } from '../fixtures';
describe('+layout.server load(): Teste korrekte URL', () => {
test('Werfe keinen Redirect und gebe nichts zurück', async () => {
const mockEvent = {
locals: {
user: null
},
url: new URL(`https://example.com/not-anmeldung`)
};
const res = load(mockEvent);
expect(res).toBe(undefined);
});
});
describe('+layout.server load(): Teste erfolgreichen Pfad', () => {
test('Werfe kein Fehler', async () => {
const result = load(mockEvent);
expect(result).toEqual({ user: baseData.user });
});
});

139
tests/views/TatortList.test.ts Normal file
View File

@@ -0,0 +1,139 @@
import { render, fireEvent, screen, within } from '@testing-library/svelte';
import { describe, it, expect, vi, test } from 'vitest';
import * as nav from '$app/navigation';
import TatortListPage from '$root/routes/(token-based)/list/[vorgang]/+page.svelte';
import { baseData } from '../fixtures';
import { tick } from 'svelte';
import { API_ROUTES } from '../../src/routes';
vi.spyOn(nav, 'invalidateAll').mockResolvedValue();
global.fetch = vi.fn().mockResolvedValue({ ok: true });
async function clickPlusButton() {
// mock animation features of the browser
window.HTMLElement.prototype.scrollIntoView = vi.fn();
window.HTMLElement.prototype.animate = vi.fn(() => ({
finished: Promise.resolve(),
cancel: vi.fn(),
}))
// button is visible
const button = screen.getByRole('button', { name: /add item/i })
expect(button).toBeInTheDocument();
await fireEvent.click(button)
}
describe('Seite: Vorgangsansicht', () => {
test.todo('Share Link disabled wenn Liste leer');
describe('Szenario: Admin + Liste gefüllt - Funktionalität', () => {
test.todo('Share Link Link generierung richtig');
it('führt PUT-Request aus und aktualisiert UI nach onSave', async () => {
const data = structuredClone(baseData);
const oldName = data.crimesList[0].name;
const newName = 'Fall-C';
render(TatortListPage, { props: { data } });
const listItem = screen.getAllByTestId('test-list-item')[0];
expect(listItem).toHaveTextContent(oldName);
await fireEvent.click(within(listItem).getByTestId('edit-button'));
const input = within(listItem).getByTestId('test-input');
await fireEvent.input(input, { target: { value: newName } });
await fireEvent.click(within(listItem).getByTestId('commit-button'));
await tick();
expect(global.fetch).toHaveBeenCalledWith(
`/api/list/${data.vorgang.vorgangToken}/${oldName}`,
expect.objectContaining({
method: 'PUT',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
vorgangToken: data.vorgang.vorgangToken,
oldName,
newName
})
})
);
expect(nav.invalidateAll).toHaveBeenCalled();
expect(within(listItem).getByText(newName)).toBeInTheDocument();
});
it('führt DELETE-Request aus und entfernt Element aus UI', async () => {
const testData = structuredClone(baseData);
const oldName = testData.crimesList[0].name;
const vorgang = testData.vorgang;
render(TatortListPage, { props: { data: testData } });
const initialItems = screen.getAllByTestId('test-list-item');
expect(initialItems).toHaveLength(testData.crimesList.length);
const listItem = screen.getAllByTestId('test-list-item')[0];
expect(listItem).toHaveTextContent(oldName);
const del = within(listItem).getByTestId('delete-button');
expect(del).toBeInTheDocument()
await fireEvent.click(within(listItem).getByTestId('delete-button'));
await tick();
let expectedPath = API_ROUTES.CRIME(vorgang.vorgangToken, oldName)
expect(global.fetch).toHaveBeenCalledWith(
expectedPath,
expect.objectContaining({
method: 'DELETE',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
vorgangToken: testData.vorgang.vorgangToken,
tatort: oldName
})
})
);
expect(nav.invalidateAll).toHaveBeenCalled();
const updatedItems = screen.queryAllByTestId('test-list-item');
expect(updatedItems).toHaveLength(testData.crimesList.length - 1);
expect(screen.queryByText(oldName)).toBeNull();
});
});
});
describe('Hinzufügen Button', () => {
it('Unexpandierter Button', () => {
const testData = { ...baseData, vorgangList: [] };
const { getByTestId } = render(TatortListPage, { props: { data: testData } });
const container = getByTestId('expand-container')
expect(container).toBeInTheDocument();
// button is visible
const button = within(container).getByRole('button')
expect(button).toBeInTheDocument();
// input fields are not visible
let label = screen.queryByText('Modellname');
expect(label).not.toBeInTheDocument();
});
it('Expandierter Button nach Klick', async () => {
const testData = { ...baseData, vorgangList: [] };
render(TatortListPage, { props: { data: testData } });
await clickPlusButton();
// input fields are visible
let label = screen.queryByText('Modellname');
expect(label).toBeInTheDocument();
});
it.todo('Check Validation: missing name', async () => {
console.log(`test: input field validation`);
});
it.todo('Create Tatort successful', async () => {
console.log(`test: tatort upload`);
});
});

115
tests/views/TatortList.view.test.ts Normal file
View File

@@ -0,0 +1,115 @@
import { render, screen, within } from '@testing-library/svelte';
import { describe, expect, it, test } from 'vitest';
import TatortListPage from '$root/routes/(token-based)/list/[vorgang]/+page.svelte';
import { baseData } from '../fixtures';
import { ROUTE_NAMES } from '../../src/routes';
describe('Seite: Vorgangsansicht', () => {
test.todo('zeigt PIN und Share-Link, wenn Admin');
test.todo('zeigt PIN und Share-Link disabeld, wenn Liste leer');
describe('Szenario: Liste leer (unabhängig von Rolle)', () => {
it('zeigt Hinweistext bei leerer Liste', () => {
const testData = { ...baseData, crimesList: [] };
const { getByTestId } = render(TatortListPage, { props: { data: testData } });
expect(getByTestId('empty-list')).toBeInTheDocument();
});
it('zeigt keinen Listeneintrag', () => {
const items = screen.queryAllByTestId('test-list-item');
expect(items).toHaveLength(0);
});
});
describe('Szenario: Liste gefüllt (unabhängig von Rolle)', () => {
it('rendert mindestens ein Listenelement bei vorhandenen crimesList-Daten', () => {
const testData = { ...baseData };
const { queryAllByTestId } = render(TatortListPage, { props: { data: testData } });
const items = queryAllByTestId('test-list-item');
expect(items.length).toBeGreaterThan(0);
});
it('zeigt für jeden Eintrag einen Link', () => {
const testData = { ...baseData };
render(TatortListPage, { props: { data: testData } });
const links = screen.queryAllByTestId('crime-link');
expect(links).toHaveLength(testData.crimesList.length);
});
it('prüft href und title jedes Links', () => {
const testData = { ...baseData };
const { queryAllByTestId } = render(TatortListPage, { props: { data: testData } });
const items = queryAllByTestId('test-list-item');
items.forEach((item, i) => {
const link = within(item).getByRole('link');
const expectedHref = ROUTE_NAMES.CRIME(testData.vorgang.vorgangToken, testData.crimesList[i].name, testData.vorgang.vorgangPIN);
expect(link).toBeInTheDocument();
expect(link).toHaveAttribute('href', expectedHref);
expect(link).toHaveAttribute('title', testData.crimesList[i].name);
});
});
test.todo('testet zuletzt angezeigt, wenn item.lastModified');
test.todo('zeigt Dateigröße, wenn item.size vorhanden ist');
});
describe('Szenario: Admin + Liste gefüllt', () => {
const testData = { ...baseData, user: { ...baseData.user, admin: true } };
it('zeigt Listeneinträge mit Komponente NameItemEditor', () => {
const { getAllByTestId } = render(TatortListPage, { props: { data: testData } });
const items = getAllByTestId('test-nameItemEditor');
expect(items.length).toBeGreaterThan(0);
});
test.todo('Modal testen, wenn open');
});
describe('Szenario: Viewer + Liste gefüllt', () => {
const testData = { ...baseData, user: { ...baseData.user, admin: false } };
it('zeigt Listeneinträge mit p', () => {
render(TatortListPage, { props: { data: testData } });
const paragraphs = screen.queryAllByTestId('test-nameItem-p');
expect(paragraphs).toHaveLength(testData.crimesList.length);
paragraphs.forEach((p, i) => {
expect(p).toHaveTextContent(testData.crimesList[i].name);
});
});
test.todo('zeigt keinen Share-Link oder PIN');
});
describe('Teste Links auf Korrektheit', () => {
it('Überprüfe Links', () => {
const crimesListOneItem = baseData.crimesList.slice(0, 1);
const crimeObj = crimesListOneItem[0];
const vorgObj = baseData.vorgangList[0]
const expectedURL = ROUTE_NAMES.CRIME(vorgObj.vorgangToken, crimeObj.name, vorgObj.vorgangPIN)
render(TatortListPage, { props: { data: { ...baseData, crimesList: crimesListOneItem } } });
const listItem = screen.getByTestId("test-list-item");
const linkElement = within(listItem).getByRole('link');
expect(linkElement).toBeInTheDocument();
expect(linkElement).toHaveAttribute('href', expectedURL);
});
});
describe('PIN Anzeige & Button', () => {
it('Teste korrekte Anzeige von PIN Komponente', () => {
const testData = { ...baseData};
render(TatortListPage, { props: { data: testData } });
const vorgObj = baseData.vorgangList[0]
// PIN is being displayed within ´NameItemEditor´
let label = screen.queryByText(vorgObj.vorgangPIN);
expect(label).toBeInTheDocument();
});
});
});

184
tests/views/VorgangList.view.test.ts Normal file
View File

@@ -0,0 +1,184 @@
import { render, fireEvent, screen, within } from '@testing-library/svelte';
import { describe, expect, it, vi } from 'vitest';
import VorgangListPage from '$root/routes/(angemeldet)/list/+page.svelte';
import { baseData } from '../fixtures';
import { ROUTE_NAMES } from '../../src/routes';
import { actions } from '../../src/routes/(angemeldet)/list/+page.server';
import { createVorgang } from '$lib/server/vorgangService';
// mock animation features of the browser
window.HTMLElement.prototype.scrollIntoView = vi.fn();
window.HTMLElement.prototype.animate = vi.fn(() => ({
finished: Promise.resolve(),
cancel: vi.fn(),
}))
describe('Vorgänge Liste Page EmptyList-Komponente View', () => {
it('zeigt EmptyList-Komponente an, wenn Liste leer ist', () => {
const testData = { ...baseData, vorgangList: [] };
const { getByTestId } = render(VorgangListPage, { props: { data: testData } });
expect(getByTestId('empty-list')).toBeInTheDocument();
});
it('zeigt Liste(mockData 2 Elemente) an, wenn Liste vorhanden ist', () => {
const testData = { ...baseData };
const { getAllByTestId } = render(VorgangListPage, { props: { data: testData } });
const items = getAllByTestId('test-list-item');
expect(items.length).toBeGreaterThan(0);
});
});
describe('Teste Links auf Korrektheit', () => {
it('Überprüfe Links', () => {
const vorgListOneItem = baseData.vorgangList.slice(0, 1);
const vorgObj = vorgListOneItem[0];
const expectedURL = ROUTE_NAMES.VORGANG(vorgObj.vorgangToken, vorgObj.vorgangPIN)
render(VorgangListPage, { props: { data: { ...baseData, vorgangList: vorgListOneItem } } });
const listItem = screen.getByTestId("test-list-item");
const linkElement = within(listItem).getByRole('link');
expect(linkElement).toBeInTheDocument();
expect(linkElement).toHaveAttribute('href', expectedURL);
});
it('Links enthalten keinen VorgangsPIN', () => {
const vorgListOneItem = baseData.vorgangList.slice(0, 1)
render(VorgangListPage, { props: { data: { ...baseData, vorgangList: vorgListOneItem } } });
const listItem = screen.getByTestId("test-list-item");
const linkElement = within(listItem).getByRole('link');
expect(linkElement.getAttribute('href')?.toLowerCase()).not.toContain('pin');
});
});
async function clickPlusButton() {
// button is visible
const button = screen.getByTestId('expand-button')
expect(button).toBeInTheDocument();
await fireEvent.click(button)
}
async function inputVorgang() {
const input = document.getElementById("vorgang");
input.value = 'test-vorgang';
// firing the event manually for Svelte
await fireEvent.input(input)
expect(input).toHaveValue('test-vorgang');
}
async function inputVorgangPIN() {
const input = document.getElementById("pin");
input.value = 'test-pin';
// firing the event manually for Svelte
await fireEvent.input(input)
expect(input).toHaveValue('test-pin');
}
describe('Hinzufügen Buton', () => {
it('Unexpandierter Button', () => {
const testData = { ...baseData, vorgangList: [] };
const { getByTestId } = render(VorgangListPage, { props: { data: testData } });
const container = getByTestId('expand-container')
expect(container).toBeInTheDocument();
// button is visible
const button = within(container).getByRole('button')
expect(button).toBeInTheDocument();
// input fields are not visible
let label = screen.queryByText('Vorgangsname');
expect(label).not.toBeInTheDocument();
});
it('Expandierter Button nach Klick', async () => {
const testData = { ...baseData, vorgangList: [] };
render(VorgangListPage, { props: { data: testData } });
await clickPlusButton()
// input fields are visible
let label = screen.queryByText('Vorgangsname');
expect(label).toBeInTheDocument();
});
it('Check Validation: missing PIN', async () => {
const testData = { ...baseData, vorgangList: [] };
render(VorgangListPage, { props: { data: testData } });
await clickPlusButton()
// input
inputVorgang();
// submit
const button = screen.getByText('Neuen Vorgang hinzufügen')
expect(button).toBeInTheDocument()
await fireEvent.click(button);
const errorMsg = 'Bitte einen Vorgangs-PIN eingeben.';
let para = await screen.getByText(errorMsg);
expect(para).toBeInTheDocument();
});
it('Create Vorgang successful', async () => {
const testData = { ...baseData, vorgangList: [] };
render(VorgangListPage, { props: { data: testData } });
await clickPlusButton();
// input fields are visible
let label = screen.queryByText('Vorgangsname');
expect(label).toBeInTheDocument();
inputVorgang();
inputVorgangPIN();
// emulate button click
const button = screen.getByText('Neuen Vorgang hinzufügen');
expect(button).toBeInTheDocument();
await fireEvent.click(button);
// no error message
label = screen.queryByText('Bitte');
expect(label).not.toBeInTheDocument();
});
it('Test default action', async () => {
vi.mock('$lib/server/vorgangService', () => ({
createVorgang: vi.fn(),
}));
const formData = new FormData(); // no data as we are mocking createVorgang
const mockRequest = {
formData: vi.fn().mockResolvedValue(formData)
};
const event = {
request: mockRequest,
};
const testVorgangToken = 'c322f26f-8c5e-4cb9-94b3-b5433bf5109e'
vi.mocked(createVorgang).mockReturnValueOnce(testVorgangToken);
const result = await actions.default(event);
expect(result).toEqual({ token: testVorgangToken });
});
});
describe('Vorgang-Operationen', () => {
it('Teste korrekte Anzeige von Vorgang-Input Komponente', () => {
const testData = { ...baseData};
const { getAllByTestId } = render(VorgangListPage, { props: { data: testData } });
let buttons = getAllByTestId('edit-button')
expect(buttons.length).toBeGreaterThan(1);
});
});

25
vite.config.ts
View File

@@ -1,19 +1,38 @@
import { svelteTesting } from '@testing-library/svelte/vite';
import { sveltekit } from '@sveltejs/kit/vite';
import path from 'path';
import { defineConfig } from 'vite';
export default defineConfig({
plugins: [sveltekit()],
resolve: {
alias: {
$lib: path.resolve('./src/lib'),
$root: path.resolve(__dirname, './src')
}
},
test: {
workspace: [
projects: [
{
extends: './vite.config.ts',
plugins: [svelteTesting()],
test: {
name: 'client',
name: 'business-logic and API',
environment: 'jsdom',
clearMocks: true,
include: ['src/**/*.svelte.{test,spec}.{js,ts}'],
include: ['tests/**/*.{test,spec}.{js,ts}', 'src/**/*.svelte.{test,spec}.{js,ts}'],
exclude: ['src/lib/server/**', 'tests/**/*.view.{test,spec}.{js,ts}'],
setupFiles: ['./vitest-setup-client.ts']
}
},
{
extends: './vite.config.ts',
plugins: [svelteTesting()],
test: {
name: 'client-view',
environment: 'jsdom',
clearMocks: true,
include: ['tests/**/*.view.{test,spec}.{js,ts}', 'src/**/*.view.svelte.{test,spec}.{js,ts}'],
exclude: ['src/lib/server/**'],
setupFiles: ['./vitest-setup-client.ts']
}