Compare commits
6 Commits
952c3901c1
...
0f2cf87a78
| Author | SHA1 | Date | |
|---|---|---|---|
| 0f2cf87a78 | |||
| 1fd6cb3ab3 | |||
| d402282efe | |||
| dfa5c9ade1 | |||
| 4406a86f44 | |||
| 08d83c9ed4 |
@@ -1,2 +1,3 @@
|
||||
node_modules
|
||||
build
|
||||
config.json
|
||||
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1,5 +1,6 @@
|
||||
test-results
|
||||
node_modules
|
||||
config.json
|
||||
|
||||
# Output
|
||||
.output
|
||||
|
||||
1859
package-lock.json
generated
1859
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@@ -14,7 +14,7 @@
|
||||
"lint": "prettier --check . && eslint .",
|
||||
"test:unit": "vitest",
|
||||
"test": "npm run test:unit -- --run && npm run test:e2e",
|
||||
"init_db": "npx vite-node src/init/init_db.ts"
|
||||
"init-db": "tsx ./src/init/init_db.ts"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@eslint/compat": "^1.2.9",
|
||||
@@ -25,6 +25,7 @@
|
||||
"@testing-library/jest-dom": "^6.6.3",
|
||||
"@testing-library/svelte": "^5.2.8",
|
||||
"@tsconfig/svelte": "^5.0.4",
|
||||
"@types/better-sqlite3": "^7.6.13",
|
||||
"@types/jsonwebtoken": "^9.0.9",
|
||||
"eslint": "^9.28.0",
|
||||
"eslint-config-prettier": "^10.1.5",
|
||||
@@ -35,6 +36,7 @@
|
||||
"prettier-plugin-svelte": "^3.4.0",
|
||||
"svelte": "^5.33.18",
|
||||
"svelte-check": "^4.2.1",
|
||||
"tsx": "^4.20.3",
|
||||
"typescript": "^5.8.3",
|
||||
"typescript-eslint": "^8.34.0",
|
||||
"vite": "^6.3.5",
|
||||
|
||||
@@ -10,15 +10,14 @@ let createSQLStmt = `CREATE TABLE IF NOT EXISTS users
|
||||
db.exec(createSQLStmt);
|
||||
|
||||
// check if there are any users; if not add one default admin one
|
||||
let password = 'pass-123';
|
||||
let hashedPassword = new jsSHA('SHA-512', 'TEXT').update(password).getHash('HEX');
|
||||
|
||||
let checkInsertSQLStmt = `INSERT INTO users (name, pw) SELECT 'admin', '${hashedPassword}'
|
||||
const userPassword = 'pass-123';
|
||||
const hashedUserPassword = new jsSHA('SHA-512', 'TEXT').update(userPassword).getHash('HEX');
|
||||
const checkInsertSQLStmt = `INSERT INTO users (name, pw) SELECT 'admin', '${hashedUserPassword}'
|
||||
WHERE NOT EXISTS (SELECT * FROM users);`;
|
||||
|
||||
db.exec(checkInsertSQLStmt);
|
||||
|
||||
let usersSQLStmt = `SELECT * FROM USERS`;
|
||||
const usersSQLStmt = `SELECT * FROM USERS`;
|
||||
let SQLStatement = db.prepare(usersSQLStmt);
|
||||
|
||||
// cases table
|
||||
@@ -27,11 +26,11 @@ createSQLStmt = `CREATE TABLE IF NOT EXISTS cases
|
||||
(id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
token TEXT NOT NULL UNIQUE,
|
||||
name TEXT NOT NULL UNIQUE,
|
||||
pw TEXT NOT NULL)`;
|
||||
pin TEXT NOT NULL)`;
|
||||
|
||||
db.exec(createSQLStmt);
|
||||
|
||||
let casesSQLStmt = `SELECT * FROM cases`;
|
||||
SQLStatement = db.prepare(casesSQLStmt);
|
||||
const vorgangSQLStmt = `SELECT * FROM cases`;
|
||||
SQLStatement = db.prepare(vorgangSQLStmt);
|
||||
|
||||
db.close();
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
import jwt from 'jsonwebtoken';
|
||||
import jsSHA from 'jssha';
|
||||
import process from 'process';
|
||||
import { db } from '$lib/server/dbService';
|
||||
|
||||
import config from '$lib/config';
|
||||
@@ -8,7 +7,6 @@ import config from '$lib/config';
|
||||
const SECRET = config.jwt.secret;
|
||||
const EXPIRES_IN = config.jwt.expiresIn;
|
||||
|
||||
const AUTH = config.auth;
|
||||
|
||||
export function createToken(userData) {
|
||||
return jwt.sign(userData, SECRET, { expiresIn: EXPIRES_IN });
|
||||
@@ -18,15 +16,15 @@ export function decryptToken(token: string) {
|
||||
return jwt.verify(token, SECRET);
|
||||
}
|
||||
|
||||
export function authenticate(user, pass) {
|
||||
export function authenticate(user, password) {
|
||||
let JWTToken;
|
||||
|
||||
// hash user password
|
||||
let hashedPW = new jsSHA('SHA-512', 'TEXT').update(pass).getHash('HEX');
|
||||
const hashedPW = new jsSHA('SHA-512', 'TEXT').update(password).getHash('HEX');
|
||||
|
||||
let getUserSQLStmt = 'SELECT name, pw FROM users WHERE name = ?';
|
||||
const getUserSQLStmt = 'SELECT name, pw FROM users WHERE name = ?';
|
||||
const row = db.prepare(getUserSQLStmt).get(user);
|
||||
let storedPW = row.pw;
|
||||
const storedPW = row.pw;
|
||||
|
||||
if (hashedPW && hashedPW === storedPW) {
|
||||
JWTToken = createToken({ id: user, admin: true });
|
||||
|
||||
Binary file not shown.
@@ -1,10 +0,0 @@
|
||||
export default async function get_code(case_no) {
|
||||
let url = `/api/list/${case_no}/casepw`;
|
||||
const response = await fetch(url);
|
||||
|
||||
if (response.status == 200) {
|
||||
return response.text();
|
||||
} else {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
import { client } from '$lib/minio';
|
||||
|
||||
export default async function caseNumberOccupied (caseNumber: string): Promise<boolean> {
|
||||
const prefix = `${caseNumber}`;
|
||||
export default async function vorgangNumberOccupied (vorgangNumber: string): Promise<boolean> {
|
||||
const prefix = `${vorgangNumber}`;
|
||||
const promise: Promise<boolean> = new Promise((resolve) => {
|
||||
const stream = client.listObjectsV2('tatort', prefix, false, '');
|
||||
stream.on('data', () => {
|
||||
@@ -6,11 +6,11 @@ import { db } from './dbService';
|
||||
|
||||
/**
|
||||
* Get Vorgang and corresponend list of tatorte
|
||||
* @param caseToken
|
||||
* @param vorgangToken
|
||||
* @returns
|
||||
*/
|
||||
export const getCrimesListByToken = async (caseToken: string) => {
|
||||
const prefix = `${caseToken}/`;
|
||||
export const getCrimesListByToken = async (vorgangToken: string) => {
|
||||
const prefix = `${vorgangToken}/`;
|
||||
|
||||
const stream = client.listObjectsV2(BUCKET, prefix, false, '');
|
||||
|
||||
@@ -28,46 +28,46 @@ export const getCrimesListByToken = async (caseToken: string) => {
|
||||
|
||||
/**
|
||||
* Get Vorgang
|
||||
* @param caseToken
|
||||
* @returns caseObj with keys `token`, `name`, `pw` || undefined
|
||||
* @param vorgangToken
|
||||
* @returns vorgangObj with keys `token`, `name`, `pin` || undefined
|
||||
*/
|
||||
export const getVorgangByToken = function (caseToken: string) {
|
||||
let getVorgangSQLStmt = `SELECT token, name, pw FROM cases WHERE token = ?`;
|
||||
export const getVorgangByToken = (vorgangToken: string): {token: string, name:string, pin: string} | undefined => {
|
||||
const getVorgangSQLStmt = `SELECT token, name, pin FROM cases WHERE token = ?`;
|
||||
const statement = db.prepare(getVorgangSQLStmt);
|
||||
const result = statement.get(caseToken);
|
||||
const result = statement.get(vorgangToken) as {token: string, name:string, pin: string} | undefined;
|
||||
|
||||
return result;
|
||||
};
|
||||
|
||||
/**
|
||||
* Get Vorgang
|
||||
* @param caseName
|
||||
* @returns caseObj with keys `token`, `name`, `pw` || undefined
|
||||
* @param vorgangName
|
||||
* @returns vorgangObj with keys `token`, `name`, `pin` || undefined
|
||||
*/
|
||||
export const getVorgangByName = function (caseName: string) {
|
||||
let getVorgangByNameSQLStmt = `SELECT token, name, pw FROM cases WHERE name = ?`;
|
||||
export const getVorgangByName = (vorgangName: string): {token: string, name: string, pin: string} | undefined => {
|
||||
const getVorgangByNameSQLStmt = `SELECT token, name, pin FROM cases WHERE name = ?`;
|
||||
const statement = db.prepare(getVorgangByNameSQLStmt);
|
||||
const result = statement.get(caseName);
|
||||
const result = statement.get(vorgangName) as {token: string, name: string, pin: string} | undefined;
|
||||
|
||||
return result;
|
||||
};
|
||||
|
||||
/**
|
||||
* Delete Vorgang
|
||||
* @param caseToken
|
||||
* @param vorgangToken
|
||||
* @returns int: number of changes
|
||||
*/
|
||||
export const deleteVorgangByToken = function (caseToken: string) {
|
||||
let deleteSQLStmt = 'DELETE FROM cases WHERE token = ?';
|
||||
export const deleteVorgangByToken = function (vorgangToken: string) {
|
||||
const deleteSQLStmt = 'DELETE FROM cases WHERE token = ?';
|
||||
const statement = db.prepare(deleteSQLStmt);
|
||||
const info = statement.run(caseToken);
|
||||
const info = statement.run(vorgangToken);
|
||||
|
||||
return info.changes;
|
||||
};
|
||||
|
||||
/**
|
||||
* Fetches list of vorgänge from s3 bucket
|
||||
* @returns list of available cases
|
||||
* @returns list of available vorgaenge
|
||||
*/
|
||||
export const getListOfVorgänge = async () => {
|
||||
const stream = client.listObjectsV2(BUCKET, '', false, '');
|
||||
@@ -86,15 +86,15 @@ export const getListOfVorgänge = async () => {
|
||||
|
||||
/**
|
||||
* Fetches list of vorgänge from database
|
||||
* @returns list with of available cases
|
||||
* @returns list with of available vorgaenge
|
||||
*/
|
||||
export const getVorgaenge = function () {
|
||||
let getVorgaengeSQLStmt = `SELECT token, name, pw from cases`;
|
||||
export const getVorgaenge = (): {vorgangToken: string, vorgangName: string, vorgangPIN: string}[] => {
|
||||
const getVorgaengeSQLStmt = `SELECT token, name, pin from cases`;
|
||||
const statement = db.prepare(getVorgaengeSQLStmt);
|
||||
const result = statement.all();
|
||||
const vorgaenge_list = [];
|
||||
for (const r of result) {
|
||||
const vorg = { token: r.token, name: r.name, pw: r.pw };
|
||||
const result = statement.all() as { token: string; name: string; pin: string }[];
|
||||
const vorgaenge_list: {vorgangToken: string, vorgangName: string, vorgangPIN: string}[] = [];
|
||||
for (const resultItem of result) {
|
||||
const vorg = { vorgangToken: resultItem.token, vorgangName: resultItem.name, vorgangPIN: resultItem.pin };
|
||||
vorgaenge_list.push(vorg);
|
||||
}
|
||||
|
||||
@@ -106,19 +106,19 @@ export const getVorgaenge = function () {
|
||||
* @param request
|
||||
* @returns fail or true
|
||||
*/
|
||||
export const checkIfVorgangExists = async (caseId: string | null) => {
|
||||
if (!caseId) {
|
||||
export const checkIfVorgangExists = async (vorgangId: string | null) => {
|
||||
if (!vorgangId) {
|
||||
return fail(400, {
|
||||
success: false,
|
||||
caseId,
|
||||
vorgangId,
|
||||
error: { message: 'Die Vorgangsnummer darf nicht leer sein.' }
|
||||
});
|
||||
}
|
||||
|
||||
if (typeof caseId === 'string' && !(await checkIfExactDirectoryExists(caseId))) {
|
||||
if (typeof vorgangId === 'string' && !(await checkIfExactDirectoryExists(vorgangId))) {
|
||||
return fail(400, {
|
||||
success: false,
|
||||
caseId,
|
||||
vorgangId,
|
||||
error: { message: 'Die Vorgangsnummer existiert in dieser Anwendung nicht.' }
|
||||
});
|
||||
}
|
||||
@@ -126,42 +126,42 @@ export const checkIfVorgangExists = async (caseId: string | null) => {
|
||||
return true;
|
||||
};
|
||||
|
||||
export const vorgangExists = function (caseToken: string | null) {
|
||||
if (!caseToken) {
|
||||
export const vorgangExists = function (vorgangToken: string | null) {
|
||||
if (!vorgangToken) {
|
||||
return fail(400, {
|
||||
success: false,
|
||||
caseId: caseToken,
|
||||
vorgangId: vorgangToken,
|
||||
error: { message: 'Die Vorgangsnummer darf nicht leer sein.' }
|
||||
});
|
||||
}
|
||||
|
||||
let vorgaenge = getVorgaenge();
|
||||
const vorgaenge_tokens = vorgaenge.map((vorg) => vorg.token);
|
||||
const vorgaenge = getVorgaenge();
|
||||
const vorgaengeTokens = vorgaenge.map((vorgang) => vorgang.vorgangToken);
|
||||
|
||||
const found = vorgaenge_tokens.indexOf(caseToken) != -1;
|
||||
const found = vorgaengeTokens.indexOf(vorgangToken) != -1;
|
||||
|
||||
return found;
|
||||
};
|
||||
|
||||
export const vorgangNameExists = function (caseName: string) {
|
||||
let vorgaenge = getVorgaenge();
|
||||
const vorgaengeNames = vorgaenge.map((vorg) => vorg.name);
|
||||
export const vorgangNameExists = (vorgangName: string) => {
|
||||
const vorgaenge = getVorgaenge();
|
||||
const vorgaengeNames = vorgaenge.map((vorgang) => vorgang.vorgangName);
|
||||
|
||||
const found = vorgaengeNames.indexOf(caseName) != -1;
|
||||
const found = vorgaengeNames.indexOf(vorgangName) != -1;
|
||||
|
||||
return found;
|
||||
};
|
||||
|
||||
export const hasValidToken = async (caseId: string, caseToken: string) => {
|
||||
const objPath = `${caseId}/${TOKENFILENAME}`;
|
||||
export const hasValidToken = async (vorgangId: string, vorgangToken: string) => {
|
||||
const objPath = `${vorgangId}/${TOKENFILENAME}`;
|
||||
|
||||
try {
|
||||
if (!caseToken) {
|
||||
if (!vorgangToken) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const token = await getContentOfTextObject(BUCKET, objPath);
|
||||
if (!token || token !== caseToken) {
|
||||
if (!token || token !== vorgangToken) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -174,14 +174,14 @@ export const hasValidToken = async (caseId: string, caseToken: string) => {
|
||||
}
|
||||
};
|
||||
|
||||
export const passwordValid = function (caseToken, casePassword) {
|
||||
if (!casePassword) {
|
||||
export const vorgangPINValidation = function (vorgangToken: string, vorgangPIN: string) {
|
||||
if (!vorgangPIN) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const vorg = getVorgangByToken(caseToken);
|
||||
const vorgang = getVorgangByToken(vorgangToken);
|
||||
|
||||
if (!vorg || vorg.pw !== casePassword) {
|
||||
if (!vorgang || vorgang.pin !== vorgangPIN) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,11 +1,10 @@
|
||||
import { getListOfVorgänge, getVorgaenge } from '$lib/server/vorgangService';
|
||||
import { getVorgaenge } from '$lib/server/vorgangService';
|
||||
import type { PageServerLoad } from '../../(token-based)/view/$types';
|
||||
|
||||
export const load: PageServerLoad = async () => {
|
||||
// const caseList = await getListOfVorgänge();
|
||||
const caseList = getVorgaenge();
|
||||
const vorgangList = await getVorgaenge();
|
||||
|
||||
return {
|
||||
caseList
|
||||
vorgangList
|
||||
};
|
||||
};
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
export let data: PageData;
|
||||
|
||||
const caseList = data.caseList;
|
||||
const vorgangList = data.vorgangList;
|
||||
|
||||
async function delete_item(ev: Event) {
|
||||
let delete_item = window.confirm('Bist du sicher?');
|
||||
@@ -44,20 +44,20 @@
|
||||
</div>
|
||||
<div class="mx-auto flex justify-center max-w-7xl h-full">
|
||||
<ul role="list" class="divide-y divide-gray-100">
|
||||
{#each caseList as item}
|
||||
{#each vorgangList as vorgangItem}
|
||||
<li>
|
||||
<a href="/list/{item.token}?pw={item.pw}" class="flex justify-between gap-x-6 py-5">
|
||||
<a href="/list/{vorgangItem.vorgangToken}?pin={vorgangItem.vorgangPIN}" class="flex justify-between gap-x-6 py-5">
|
||||
<div class="flex gap-x-4">
|
||||
<!-- Ordner -->
|
||||
<Folder />
|
||||
<div class="min-w-0 flex-auto">
|
||||
<span class="text-sm font-semibold leading-6 text-gray-900">{item.name}</span>
|
||||
<span class="text-sm font-semibold leading-6 text-gray-900">{vorgangItem.vorgangName}</span>
|
||||
<!-- Delete button -->
|
||||
<button
|
||||
style="padding: 2px"
|
||||
id="del__{item.token}"
|
||||
id="del__{vorgangItem.vorgangToken}"
|
||||
on:click|preventDefault={delete_item}
|
||||
aria-label="Vorgang {item.name} löschen"
|
||||
aria-label="Vorgang {vorgangItem.name} löschen"
|
||||
>
|
||||
<Trash />
|
||||
</button>
|
||||
|
||||
@@ -1,34 +1,34 @@
|
||||
import { client } from '$lib/minio';
|
||||
import { fail } from '@sveltejs/kit';
|
||||
|
||||
import caseNumberOccupied from '$lib/helper/caseNumberOccupied';
|
||||
import vorgangNumberOccupied from '$lib/helper/vorgangNumberOccupied.js';
|
||||
|
||||
/** @type {import('./$types').Actions} */
|
||||
export const actions = {
|
||||
default: async ({ request }: {request: Request}) => {
|
||||
const data = await request.formData();
|
||||
const caseNumber = data.get('caseNumber');
|
||||
const vorgangNumber = data.get('vorgangNumber');
|
||||
const description = data.get('description');
|
||||
|
||||
if (!caseNumber) {
|
||||
if (!vorgangNumber) {
|
||||
return fail(400, {
|
||||
caseNumber,
|
||||
vorgangNumber,
|
||||
description,
|
||||
error: { caseNumber: 'Es muss eine Vorgangsnummer vorhanden sein.' }
|
||||
error: { vorgangNumber: 'Es muss eine Vorgangsnummer vorhanden sein.' }
|
||||
});
|
||||
}
|
||||
|
||||
if (await caseNumberOccupied(`${caseNumber}`)) {
|
||||
if (await vorgangNumberOccupied(`${vorgangNumber}`)) {
|
||||
return fail(400, {
|
||||
caseNumber,
|
||||
vorgangNumber,
|
||||
description,
|
||||
error: { caseNumber: 'Die Vorgangsnummer wurde im System bereits angelegt.' }
|
||||
error: { vorgangNumber: 'Die Vorgangsnummer wurde im System bereits angelegt.' }
|
||||
});
|
||||
}
|
||||
|
||||
const config = `${JSON.stringify({ caseNumber, description, version: 1 })}\n`;
|
||||
const config = `${JSON.stringify({ vorgangNumber, description, version: 1 })}\n`;
|
||||
|
||||
await client.putObject('tatort', `${caseNumber}/config.json`, config, undefined, {
|
||||
await client.putObject('tatort', `${vorgangNumber}/config.json`, config, undefined, {
|
||||
'Content-Type': 'application/json'
|
||||
});
|
||||
|
||||
|
||||
@@ -27,9 +27,9 @@
|
||||
|
||||
<div class="mt-10 grid grid-cols-1 gap-x-6 gap-y-8">
|
||||
<div>
|
||||
<label for="caseNumber" class="block text-sm font-medium leading-6 text-gray-900"
|
||||
<label for="vorgangNumber" class="block text-sm font-medium leading-6 text-gray-900"
|
||||
><span class="flex"
|
||||
>{#if form?.error?.caseNumber}
|
||||
>{#if form?.error?.vorgangNumber}
|
||||
<span class="inline-block mr-1"><Exclamation /></span>
|
||||
{/if} Vorgangs-Nr.</span
|
||||
></label
|
||||
@@ -39,16 +39,16 @@
|
||||
class="flex rounded-md shadow-sm ring-1 ring-inset ring-gray-300 focus-within:ring-2 focus-within:ring-inset focus-within:ring-indigo-600"
|
||||
>
|
||||
<input
|
||||
value={form?.caseNumber ?? ''}
|
||||
value={form?.vorgangNumber ?? ''}
|
||||
type="text"
|
||||
name="caseNumber"
|
||||
id="caseNumber"
|
||||
name="vorgangNumber"
|
||||
id="vorgangNumber"
|
||||
class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 text-sm leading-6"
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
{#if form?.error?.caseNumber}
|
||||
<p class="block text-sm leading-6 text-red-900 mt-2">{form.error.caseNumber}</p>
|
||||
{#if form?.error?.vorgangNumber}
|
||||
<p class="block text-sm leading-6 text-red-900 mt-2">{form.error.vorgangNumber}</p>
|
||||
{/if}
|
||||
</div>
|
||||
|
||||
@@ -74,8 +74,8 @@
|
||||
{/if}
|
||||
</div>
|
||||
|
||||
<label for="code">
|
||||
<span >Zugangscode (optional) </span>
|
||||
<label for="vorgang-token">
|
||||
<span >Zugangstoken (optional) </span>
|
||||
</label>
|
||||
|
||||
<div class="mt-2">
|
||||
@@ -83,7 +83,7 @@
|
||||
>
|
||||
<input
|
||||
type="text"
|
||||
id="code"
|
||||
id="vorgang-token"
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -17,36 +17,31 @@ const isRequiredFieldValid = (value: unknown) => {
|
||||
export const actions = {
|
||||
url: async ({ request }: { request: Request }) => {
|
||||
const data = await request.formData();
|
||||
const caseName = data.get('vorgang');
|
||||
const vorgangName = data.get('vorgang');
|
||||
const crimeName = data.get('name');
|
||||
const type = data.get('type');
|
||||
const password = data.get('password');
|
||||
const vorgangPIN = data.get('vorgangPIN');
|
||||
const fileName = data.get('fileName');
|
||||
|
||||
// store case in database
|
||||
// skip if Vorgang exists and token not changed
|
||||
|
||||
const vorgangExists = vorgangNameExists(caseName);
|
||||
let token;
|
||||
const vorgangExists = vorgangNameExists(vorgangName);
|
||||
let vorgangToken;
|
||||
|
||||
if (!vorgangExists) {
|
||||
token = uuidv4();
|
||||
let insertSQLStatement = `INSERT INTO cases (token, name, pw) VALUES (?, ?, ?)`;
|
||||
vorgangToken = uuidv4();
|
||||
const insertSQLStatement = `INSERT INTO cases (token, name, pin) VALUES (?, ?, ?)`;
|
||||
const statement = db.prepare(insertSQLStatement);
|
||||
statement.run(token, caseName, password);
|
||||
statement.run(vorgangToken, vorgangName, vorgangPIN);
|
||||
} else {
|
||||
// vorgang exists
|
||||
// check if PW was changed, and update DB if it was
|
||||
const vorg = getVorgangByName(caseName);
|
||||
token = vorg.token;
|
||||
if (vorg.pw != password) {
|
||||
let updateSQLStmt = `UPDATE cases SET pw = ? WHERE name = ?`;
|
||||
const vorgang = getVorgangByName(vorgangName);
|
||||
vorgangToken = vorgang.token;
|
||||
if (vorgang && vorgang.pin != vorgangPIN) {
|
||||
const updateSQLStmt = `UPDATE cases SET pin = ? WHERE name = ?`;
|
||||
const statement = db.prepare(updateSQLStmt);
|
||||
statement.run(password, vorg);
|
||||
statement.run(vorgangPIN, vorgang);
|
||||
}
|
||||
}
|
||||
|
||||
let objectName = `${token}/${crimeName}`;
|
||||
let objectName = `${vorgangToken}/${crimeName}`;
|
||||
switch (type) {
|
||||
case 'image/png':
|
||||
if (!objectName.endsWith('.png')) objectName += '.png';
|
||||
@@ -65,24 +60,27 @@ export const actions = {
|
||||
const data = Object.fromEntries(requestData);
|
||||
const vorgang = data.vorgang;
|
||||
const name = data.name;
|
||||
const password = data.password;
|
||||
const vorgangPIN = data.vorgangPIN;
|
||||
let success = true;
|
||||
const err = {};
|
||||
if (isRequiredFieldValid(vorgang)) err.vorgang = null;
|
||||
else {
|
||||
if (isRequiredFieldValid(vorgang)) {
|
||||
err.vorgang = null;
|
||||
} else {
|
||||
err.vorgang = 'Das Feld Vorgang darf nicht leer bleiben.';
|
||||
success = false;
|
||||
}
|
||||
|
||||
if (isRequiredFieldValid(name)) err.name = null;
|
||||
else {
|
||||
if (isRequiredFieldValid(name)) {
|
||||
err.name = null;
|
||||
} else {
|
||||
err.name = 'Das Feld Name darf nicht leer bleiben.';
|
||||
success = false;
|
||||
}
|
||||
|
||||
if (isRequiredFieldValid(password)) err.password = null;
|
||||
else {
|
||||
err.password = 'Das Feld Zugangspasswort darf nicht leer bleiben.';
|
||||
if (isRequiredFieldValid(vorgangPIN)) {
|
||||
err.vorgangPIN = null;
|
||||
} else {
|
||||
err.vorgangPIN = 'Das Feld Zugangspasswort darf nicht leer bleiben.';
|
||||
success = false;
|
||||
}
|
||||
|
||||
|
||||
@@ -15,20 +15,20 @@
|
||||
let open = false;
|
||||
let inProgress = false;
|
||||
let vorgang = '';
|
||||
const code_len = 8;
|
||||
const PINLength = 8;
|
||||
|
||||
function generatePassword() {
|
||||
function generatePIN() {
|
||||
return Math.random()
|
||||
.toString(36)
|
||||
.slice(2, 2 + code_len);
|
||||
.slice(2, 2 + PINLength);
|
||||
}
|
||||
let zugangspasswort = ''
|
||||
let zugangspasswordOld = ''
|
||||
$: zugangspasswordOld = generatePassword();
|
||||
$: zugangspasswort = zugangspasswordOld
|
||||
let vorgangPIN = '';
|
||||
let vorgangPINOld = '';
|
||||
$: vorgangPINOld = generatePIN();
|
||||
$: vorgangPIN = vorgangPINOld;
|
||||
|
||||
let caseExisting = undefined;
|
||||
$: caseExisting = false;
|
||||
let vorgangExists = undefined;
|
||||
$: vorgangExists = false;
|
||||
|
||||
let name = '';
|
||||
let etag: string | null = null;
|
||||
@@ -42,7 +42,7 @@
|
||||
let data = new FormData();
|
||||
data.append('vorgang', vorgang);
|
||||
data.append('name', name);
|
||||
data.append('password', zugangspasswort);
|
||||
data.append('vorgangPIN', vorgangPIN);
|
||||
const response = await fetch('?/validate', { method: 'POST', body: data });
|
||||
/** @type {import('@sveltejs/kit').ActionResult} */
|
||||
const result = deserialize(await response.text());
|
||||
@@ -71,7 +71,7 @@
|
||||
let data = new FormData();
|
||||
data.append('vorgang', vorgang);
|
||||
data.append('name', name);
|
||||
data.append('password', zugangspasswort);
|
||||
data.append('vorgangPIN', vorgangPIN);
|
||||
if (files?.length === 1) {
|
||||
data.append('type', files[0].type);
|
||||
data.append('fileName', files[0].name);
|
||||
@@ -139,6 +139,7 @@
|
||||
// big endian!
|
||||
let file = files[0];
|
||||
let file_header = file.slice(0, 4);
|
||||
console.log(file_header);
|
||||
let header_bytes = await file_header.bytes();
|
||||
let file_header_hex = '0x' + header_bytes.toHex().toString();
|
||||
|
||||
@@ -151,37 +152,40 @@
|
||||
}
|
||||
|
||||
// `/(angemeldet)/view` return true or false
|
||||
async function caseExists(caseName: string) {
|
||||
|
||||
if (caseName == '') {
|
||||
zugangspasswort = zugangspasswordOld;
|
||||
async function checkVorgangExists(vorgangName: string) {
|
||||
if (vorgangName == '') {
|
||||
vorgangPIN = vorgangPINOld;
|
||||
return;
|
||||
}
|
||||
|
||||
let url = `/api/list/${caseName}`
|
||||
|
||||
try {
|
||||
const url = `/api/list/${vorgangName}`;
|
||||
const response = await fetch(url, { method: 'HEAD' });
|
||||
const status = response.status;
|
||||
|
||||
if (status == 200) {
|
||||
caseExisting = true;
|
||||
const passwort = await getPassword(caseName);
|
||||
zugangspasswort = passwort;
|
||||
|
||||
return true
|
||||
|
||||
if (response.status === 200) {
|
||||
console.log('Vorgang existiert:', vorgangName);
|
||||
vorgangExists = true;
|
||||
const token = await getVorgangPIN(vorgangName);
|
||||
vorgangPIN = token;
|
||||
return true;
|
||||
} else {
|
||||
caseExisting = false;
|
||||
zugangspasswort = zugangspasswordOld;
|
||||
return false
|
||||
console.log('Vorgang existiert nicht!');
|
||||
vorgangExists = false;
|
||||
vorgangPIN = vorgangPINOld;
|
||||
return false;
|
||||
}
|
||||
} catch (err) {
|
||||
console.error('Fehler bei checkVorgangExists:', err);
|
||||
vorgangExists = false;
|
||||
vorgangPIN = vorgangPINOld;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
async function getPassword(caseName: string) {
|
||||
async function getVorgangPIN(vorgangName: string) {
|
||||
if (vorgangName == '') return;
|
||||
|
||||
if (caseName == '') return;
|
||||
|
||||
let url = `/api/list/${caseName}/casepw`;
|
||||
let url = `/api/list/${vorgangName}/vorgangPIN`;
|
||||
const response = await fetch(url);
|
||||
|
||||
if (response.status == 200) {
|
||||
@@ -190,7 +194,6 @@
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
</script>
|
||||
|
||||
<div class="mx-auto max-w-2xl">
|
||||
@@ -211,7 +214,7 @@
|
||||
><span class="flex"
|
||||
>{#if formErrors?.vorgang}
|
||||
<span class="inline-block mr-1"><Exclamation /></span>
|
||||
{/if} Vorgang</span
|
||||
{/if} Vorgangsname</span
|
||||
></label
|
||||
>
|
||||
<div class="mt-2">
|
||||
@@ -225,14 +228,14 @@
|
||||
id="vorgang"
|
||||
autocomplete={vorgang}
|
||||
class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6"
|
||||
on:input={() => caseExists(vorgang)}
|
||||
on:input={() => checkVorgangExists(vorgang)}
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
{#if formErrors?.vorgang}
|
||||
<p class="block text-sm leading-6 text-red-900 mt-2">{formErrors.vorgang}</p>
|
||||
{/if}
|
||||
{#if caseExisting && vorgang.length > 0}
|
||||
{#if vorgangExists && vorgang.length > 0}
|
||||
<span>Datei wird zum existierenden Vorgang hinzugefügt.</span>
|
||||
{:else if vorgang.length > 0}
|
||||
<span>Neuer Vorgang wird angelegt.</span>
|
||||
@@ -244,7 +247,7 @@
|
||||
><span class="flex"
|
||||
>{#if formErrors?.name}
|
||||
<span class="inline-block mr-1"><Exclamation /></span>
|
||||
{/if} Name</span
|
||||
{/if} Modellname</span
|
||||
></label
|
||||
>
|
||||
<div class="mt-2">
|
||||
@@ -267,11 +270,11 @@
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<label for="zugangscode" class="block text-sm font-medium leading-6 text-gray-900"
|
||||
<label for="vorgang-pin" class="block text-sm font-medium leading-6 text-gray-900"
|
||||
><span class="flex"
|
||||
>{#if formErrors?.zugangscode}
|
||||
>{#if formErrors?.vorgangPIN}
|
||||
<span class="inline-block mr-1"><Exclamation /></span>
|
||||
{/if} Zugangscode</span
|
||||
{/if} Zugangs-PIN</span
|
||||
></label
|
||||
>
|
||||
<div class="mt-2">
|
||||
@@ -279,25 +282,28 @@
|
||||
class="flex rounded-md shadow-sm ring-1 ring-inset ring-gray-300 focus-within:ring-2 focus-within:ring-inset focus-within:ring-indigo-600"
|
||||
>
|
||||
<input
|
||||
bind:value={zugangspasswort}
|
||||
bind:value={vorgangPIN}
|
||||
type="text"
|
||||
name="zugangscode"
|
||||
id="zugangscode"
|
||||
on:input="{ (ev) => { zugangspasswordOld = ev.target.value }}"
|
||||
name="vorgang-pin"
|
||||
id="vorgang-pin"
|
||||
on:input={(ev) => {
|
||||
vorgangPINOld = ev.target.value;
|
||||
}}
|
||||
class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6"
|
||||
/>
|
||||
|
||||
</div>
|
||||
<button
|
||||
class="rounded-md bg-blue-500 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-indigo-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600"
|
||||
on:click="{() => {
|
||||
zugangspasswort = zugangspasswordOld = generatePassword(); }}"
|
||||
type="button">
|
||||
Generiere Zugangscode
|
||||
on:click={() => {
|
||||
vorgangPIN = vorgangPINOld = generatePIN();
|
||||
}}
|
||||
type="button"
|
||||
>
|
||||
Generiere Zugangs-PIN
|
||||
</button>
|
||||
</div>
|
||||
{#if formErrors?.code}
|
||||
<p class="block text-sm leading-6 text-red-900 mt-2">{formErrors.code}</p>
|
||||
{#if formErrors?.vorgangPIN}
|
||||
<p class="block text-sm leading-6 text-red-900 mt-2">{formErrors.vorgangPIN}</p>
|
||||
{/if}
|
||||
</div>
|
||||
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
import {
|
||||
checkIfVorgangExists,
|
||||
hasValidToken,
|
||||
passwordValid,
|
||||
vorgangPINValidation,
|
||||
vorgangExists
|
||||
} from '$lib/server/vorgangService';
|
||||
import { redirect } from '@sveltejs/kit';
|
||||
@@ -14,11 +12,11 @@ export const load: PageServerLoad = async ({ params, url, locals }) => {
|
||||
};
|
||||
}
|
||||
|
||||
const caseToken = params.vorgang;
|
||||
const casePassword = url.searchParams.get('pw');
|
||||
const vorgangToken = params.vorgang;
|
||||
const vorgangPIN = url.searchParams.get('pin');
|
||||
|
||||
const isVorgangValid = vorgangExists(caseToken);
|
||||
const isPasswordValid = passwordValid(caseToken, casePassword);
|
||||
const isVorgangValid = vorgangExists(vorgangToken);
|
||||
const isVorgangPINValid = vorgangPINValidation(vorgangToken, vorgangPIN);
|
||||
|
||||
if (!isVorgangValid || !isPasswordValid) throw redirect(303, `/anmeldung?vorgang=${caseToken}`);
|
||||
if (!isVorgangValid || !isVorgangPINValid) throw redirect(303, `/anmeldung?vorgang=${vorgangToken}`);
|
||||
};
|
||||
|
||||
@@ -2,15 +2,15 @@ import { getVorgangByToken, getCrimesListByToken } from '$lib/server/vorgangServ
|
||||
import type { PageServerLoad } from './$types';
|
||||
|
||||
export const load: PageServerLoad = async ({ params, url }) => {
|
||||
const caseToken = params.vorgang;
|
||||
const casePassword = url.searchParams.get('pw');
|
||||
const vorgangToken = params.vorgang;
|
||||
const vorgangPIN = url.searchParams.get('pin');
|
||||
|
||||
const crimesList = await getCrimesListByToken(caseToken);
|
||||
const vorgang = getVorgangByToken(caseToken);
|
||||
const crimesList = await getCrimesListByToken(vorgangToken);
|
||||
const vorgang = getVorgangByToken(vorgangToken);
|
||||
|
||||
return {
|
||||
crimesList,
|
||||
casePassword,
|
||||
vorgangPIN,
|
||||
vorgang
|
||||
};
|
||||
};
|
||||
|
||||
@@ -28,7 +28,7 @@
|
||||
|
||||
const vorgang = data.vorgang;
|
||||
const crimesList: ListItem[] = data.crimesList;
|
||||
const password: string = data.casePassword;
|
||||
const vorgangPIN: string = data.vorgangPIN;
|
||||
|
||||
let open = false;
|
||||
$: open;
|
||||
@@ -143,7 +143,7 @@
|
||||
<div class="flex flex-col items-center justify-center w-full">
|
||||
<h1 class="text-xl">Vorgang {vorgang.name}</h1>
|
||||
{#if data?.user?.admin}
|
||||
Zugangspasswort: {vorgang.pw}
|
||||
Zugangs-PIN: {vorgang.pin}
|
||||
<Button on:click={() => setClipboard($page.url.toString().split('?')[0])}>Copy Link</Button>
|
||||
{/if}
|
||||
</div>
|
||||
@@ -152,7 +152,7 @@
|
||||
{#each crimesList as item, i}
|
||||
<li>
|
||||
<a
|
||||
href="/view/{$page.params.vorgang}/{item.name}?pw={password}"
|
||||
href="/view/{$page.params.vorgang}/{item.name}?pin={vorgangPIN}"
|
||||
class=" flex justify-between gap-x-6 py-5"
|
||||
aria-label="zum 3D-modell"
|
||||
>
|
||||
|
||||
@@ -3,9 +3,9 @@ import { redirect } from '@sveltejs/kit';
|
||||
export const actions = {
|
||||
default: async ({request}: {request: Request}) => {
|
||||
const data = await request.formData();
|
||||
const caseId = data.get('case-id');
|
||||
const caseToken = data.get('case-token');
|
||||
const vorgangId = data.get('vorgang-id');
|
||||
const vorgangToken = data.get('vorgang-token');
|
||||
|
||||
if( caseId && caseToken) throw redirect(303, `/list/${caseId}?token=${caseToken}`);
|
||||
if( vorgangId && vorgangToken) throw redirect(303, `/list/${vorgangId}?token=${vorgangToken}`);
|
||||
}
|
||||
}
|
||||
@@ -16,19 +16,19 @@
|
||||
</p>
|
||||
<form method="POST">
|
||||
<BaseInputField
|
||||
id="case-id"
|
||||
name="case-id"
|
||||
id="vorgang-id"
|
||||
name="vorgang-id"
|
||||
label="Vorgangskennung"
|
||||
type="text"
|
||||
value={form?.caseId}
|
||||
value={form?.vorgangId}
|
||||
/>
|
||||
<div class="mt-5">
|
||||
<BaseInputField
|
||||
id="case-token"
|
||||
name="case-token"
|
||||
label="Zugangscode"
|
||||
id="vorgang-token"
|
||||
name="vorgang-token"
|
||||
label="Zugangstoken"
|
||||
type="text"
|
||||
value={form?.token}
|
||||
value={form?.vorgangToken}
|
||||
error={form?.error?.message}
|
||||
/>
|
||||
</div>
|
||||
|
||||
@@ -6,13 +6,11 @@ export const actions = {
|
||||
logout: (event) => logoutUser(event),
|
||||
getVorgangByToken: async ({ request }) => {
|
||||
const data = await request.formData();
|
||||
const caseToken = data.get('case-token');
|
||||
const casePassword = data.get('case-password');
|
||||
const vorgangToken = data.get('vorgang-token');
|
||||
const vorgangPIN = data.get('vorgang-pin');
|
||||
|
||||
console.log(`+++ ${caseToken} + ${casePassword}`);
|
||||
if (!vorgangToken || !vorgangPIN) return;
|
||||
|
||||
if (!caseToken || !casePassword) return;
|
||||
|
||||
throw redirect(303, `/list/${caseToken}?pw=${casePassword}`);
|
||||
throw redirect(303, `/list/${vorgangToken}?pin=${vorgangPIN}`);
|
||||
}
|
||||
} as const;
|
||||
|
||||
@@ -29,19 +29,19 @@
|
||||
<div class="mt-10">
|
||||
<form action="?/getVorgangByToken" method="POST">
|
||||
<BaseInputField
|
||||
id="case-token"
|
||||
name="case-token"
|
||||
id="vorgang-token"
|
||||
name="vorgang-token"
|
||||
label="Vorgangskennung"
|
||||
type="text"
|
||||
value={vorgangToken}
|
||||
/>
|
||||
<div class="mt-5">
|
||||
<BaseInputField
|
||||
id="case-password"
|
||||
name="case-password"
|
||||
label="Zugangspasswort"
|
||||
id="vorgang-pin"
|
||||
name="vorgang-pin"
|
||||
label="Zugangs-PIN"
|
||||
type="text"
|
||||
value={form?.password}
|
||||
value={form?.vorgangPIN}
|
||||
error={form?.error?.message}
|
||||
/>
|
||||
</div>
|
||||
|
||||
@@ -1,11 +1,5 @@
|
||||
import { client } from '$lib/minio';
|
||||
import { db } from '$lib/server/dbService';
|
||||
import {
|
||||
deleteVorgangByToken,
|
||||
getVorgangByToken,
|
||||
getVorgangByName,
|
||||
vorgangNameExists
|
||||
} from '$lib/server/vorgangService';
|
||||
import { deleteVorgangByToken, vorgangNameExists } from '$lib/server/vorgangService';
|
||||
|
||||
export async function DELETE({ params }) {
|
||||
const vorgangToken = params.vorgang;
|
||||
@@ -32,13 +26,15 @@ export async function DELETE({ params }) {
|
||||
}
|
||||
|
||||
export async function HEAD({ params }) {
|
||||
try {
|
||||
const vorgangName = params.vorgang;
|
||||
|
||||
const existing = vorgangNameExists(vorgangName);
|
||||
|
||||
if (existing) {
|
||||
return new Response(null, { status: 200 });
|
||||
} else {
|
||||
return new Response(null, { status: 404 });
|
||||
return new Response(null, {
|
||||
status: existing ? 200 : 404
|
||||
});
|
||||
} catch (err) {
|
||||
console.error('Fehler im HEAD-Handler:', err);
|
||||
return new Response(null, { status: 500 });
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,12 +4,12 @@ import { db } from '$lib/server/dbService';
|
||||
export async function GET({ params }) {
|
||||
const vorgangName = params.vorgang;
|
||||
|
||||
let getCodeSQLStatement = `SELECT pw FROM cases WHERE name = ?;`;
|
||||
const row = db.prepare(getCodeSQLStatement).get(vorgangName);
|
||||
let password = row.pw;
|
||||
const getPINSQLStatement = `SELECT pin FROM cases WHERE name = ?;`;
|
||||
const row = db.prepare(getPINSQLStatement).get(vorgangName);
|
||||
const vorgangPIN = row?.pin;
|
||||
|
||||
if (password) {
|
||||
return new Response(password, { status: 200 });
|
||||
if (vorgangPIN) {
|
||||
return new Response(vorgangPIN, { status: 200 });
|
||||
} else {
|
||||
return new Response(null, { status: 404 });
|
||||
}
|
||||
Reference in New Issue
Block a user