Merge pull request 'f034_sqlite_database' (#19) from f034_sqlite_database into development

Reviewed-on: #19

README.md

@@ -36,3 +36,24 @@ npm run build
 You can preview the production build with `npm run preview`.
 
 > To deploy your app, you may need to install an [adapter](https://svelte.dev/docs/kit/adapters) for your target environment.
+
+## Initializing the SQLite DB
+
+A database initialization script `init_db.js` in included in the `src/init` folder. It will create a users database (if not existing) and populate it with a default admin user. Additionally, an empty cases table will be created.
+
+It can be run with `node init_db.js`
+
+Database schema:
+
+Users
+
+- id
+- name
+- pw
+
+Cases
+
+- id
+- token
+- name
+- pw

package.json

@@ -13,7 +13,8 @@
 		"format": "prettier --write .",
 		"lint": "prettier --check . && eslint .",
 		"test:unit": "vitest",
-		"test": "npm run test:unit -- --run && npm run test:e2e"
+		"test": "npm run test:unit -- --run && npm run test:e2e",
+		"init_db": "npx vite-node src/init/init_db.ts"
 	},
 	"devDependencies": {
 		"@eslint/compat": "^1.2.9",
@@ -44,9 +45,13 @@
 		"@sveltejs/adapter-node": "^5.2.12",
 		"@tailwindcss/forms": "^0.5.10",
 		"autoprefixer": "^10.4.21",
+		"better-sqlite3": "^12.2.0",
 		"jsonwebtoken": "^9.0.2",
+		"jssha": "^3.3.1",
 		"minio": "^8.0.5",
 		"postcss": "^8.5.4",
-		"tailwindcss": "^3.4.17"
+		"sqlite3": "^5.1.7",
+		"tailwindcss": "^3.4.17",
+		"uuid": "^11.1.0"
 	}
 }

src/init/init_db.ts

@@ -0,0 +1,37 @@
+import Database from 'better-sqlite3';
+import jsSHA from 'jssha';
+
+const db = new Database('./src/lib/data/tatort.db');
+
+let createSQLStmt = `CREATE TABLE IF NOT EXISTS users
+        (id INTEGER PRIMARY KEY AUTOINCREMENT,
+            name TEXT NOT NULL,
+            pw TEXT NOT NULL)`;
+db.exec(createSQLStmt);
+
+// check if there are any users; if not add one default admin one
+let password = 'pass-123';
+let hashedPassword = new jsSHA('SHA-512', 'TEXT').update(password).getHash('HEX');
+
+let checkInsertSQLStmt = `INSERT INTO users (name, pw) SELECT 'admin', '${hashedPassword}'
+                    WHERE NOT EXISTS (SELECT * FROM users);`;
+
+db.exec(checkInsertSQLStmt);
+
+let usersSQLStmt = `SELECT * FROM USERS`;
+let SQLStatement = db.prepare(usersSQLStmt);
+
+// cases table
+
+createSQLStmt = `CREATE TABLE IF NOT EXISTS cases
+        (id INTEGER PRIMARY KEY AUTOINCREMENT,
+        token TEXT NOT NULL UNIQUE,
+        name TEXT NOT NULL UNIQUE,
+        pw TEXT NOT NULL)`;
+
+db.exec(createSQLStmt);
+
+let casesSQLStmt = `SELECT * FROM cases`;
+SQLStatement = db.prepare(casesSQLStmt);
+
+db.close();

src/lib/auth.ts

@@ -1,4 +1,7 @@
 import jwt from 'jsonwebtoken';
+import jsSHA from 'jssha';
+import process from 'process';
+import { db } from '$lib/server/dbService';
 
 import config from '$lib/config';
 
@@ -16,14 +19,18 @@ export function decryptToken(token: string) {
 }
 
 export function authenticate(user, pass) {
-	let userData = null;
+	let JWTToken;
 
-	if (AUTH[user]) {
+	// hash user password
-		const { password, ...data } = AUTH[user];
+	let hashedPW = new jsSHA('SHA-512', 'TEXT').update(pass).getHash('HEX');
-		if (password && password === pass) userData = data;
+
+	let getUserSQLStmt = 'SELECT name, pw FROM users WHERE name = ?';
+	const row = db.prepare(getUserSQLStmt).get(user);
+	let storedPW = row.pw;
+
+	if (hashedPW && hashedPW === storedPW) {
+		JWTToken = createToken({ id: user, admin: true });
 	}
 
-	if (userData == null) return null;
+	return JWTToken;
-
-	return createToken({ id: user, ...userData });
 }

src/lib/helper/getCode.ts

@@ -1,5 +1,5 @@
 export default async function get_code(case_no) {
-	let url = `/api/list/${case_no}/code`;
+	let url = `/api/list/${case_no}/casepw`;
 	const response = await fetch(url);
 
 	if (response.status == 200) {

src/lib/server/dbService.ts

@@ -0,0 +1,3 @@
+import Database from 'better-sqlite3';
+
+export const db = new Database('./src/lib/data/tatort.db');

src/lib/server/vorgangService.ts

@@ -2,13 +2,15 @@ import { fail } from '@sveltejs/kit';
 import { BUCKET, client, CONFIGFILENAME, TOKENFILENAME } from '$lib/minio';
 import { checkIfExactDirectoryExists, getContentOfTextObject } from './s3ClientService';
 
+import { db } from './dbService';
+
 /**
  * Get Vorgang and corresponend list of tatorte
- * @param caseId
+ * @param caseToken
  * @returns
  */
-export const getVorgangByCaseId = async (caseId: string) => {
+export const getCrimesListByToken = async (caseToken: string) => {
-	const prefix = `${caseId}/`;
+	const prefix = `${caseToken}/`;
 
 	const stream = client.listObjectsV2(BUCKET, prefix, false, '');
 
@@ -17,13 +19,51 @@ export const getVorgangByCaseId = async (caseId: string) => {
 		const splittedNameParts = chunk.name.split('/');
 		const prefix = splittedNameParts[0];
 		const name = splittedNameParts[1];
-		
+
 		if (name === CONFIGFILENAME || name === TOKENFILENAME) continue;
 		list.push({ ...chunk, name: name, prefix: prefix, show_button: true });
 	}
 	return list;
 };
 
+/**
+ * Get Vorgang
+ * @param caseToken
+ * @returns caseObj with keys `token`, `name`, `pw` || undefined
+ */
+export const getVorgangByToken = function (caseToken: string) {
+	let getVorgangSQLStmt = `SELECT token, name, pw FROM cases WHERE token = ?`;
+	const statement = db.prepare(getVorgangSQLStmt);
+	const result = statement.get(caseToken);
+
+	return result;
+};
+
+/**
+ * Get Vorgang
+ * @param caseName
+ * @returns caseObj with keys `token`, `name`, `pw` || undefined
+ */
+export const getVorgangByName = function (caseName: string) {
+	let getVorgangByNameSQLStmt = `SELECT token, name, pw FROM cases WHERE name = ?`;
+	const statement = db.prepare(getVorgangByNameSQLStmt);
+	const result = statement.get(caseName);
+
+	return result;
+};
+
+/**
+ * Delete Vorgang
+ * @param caseToken
+ * @returns int: number of changes
+ */
+export const deleteVorgangByToken = function (caseToken: string) {
+	let deleteSQLStmt = 'DELETE FROM cases WHERE token = ?';
+	const statement = db.prepare(deleteSQLStmt);
+	const info = statement.run(caseToken);
+
+	return info.changes;
+};
 
 /**
  * Fetches list of vorgänge from s3 bucket
@@ -31,7 +71,7 @@ export const getVorgangByCaseId = async (caseId: string) => {
  */
 export const getListOfVorgänge = async () => {
 	const stream = client.listObjectsV2(BUCKET, '', false, '');
-	
+
 	const list = [];
 	for await (const chunk of stream) {
 		const objPath = `${chunk.prefix}${TOKENFILENAME}`;
@@ -44,6 +84,23 @@ export const getListOfVorgänge = async () => {
 	return list;
 };
 
+/**
+ * Fetches list of vorgänge from database
+ * @returns list with of available cases
+ */
+export const getVorgaenge = function () {
+	let getVorgaengeSQLStmt = `SELECT token, name, pw from cases`;
+	const statement = db.prepare(getVorgaengeSQLStmt);
+	const result = statement.all();
+	const vorgaenge_list = [];
+	for (const r of result) {
+		const vorg = { token: r.token, name: r.name, pw: r.pw };
+		vorgaenge_list.push(vorg);
+	}
+
+	return vorgaenge_list;
+};
+
 /**
  * Checks if Vorgang exists
  * @param request
@@ -69,6 +126,32 @@ export const checkIfVorgangExists = async (caseId: string | null) => {
 	return true;
 };
 
+export const vorgangExists = function (caseToken: string | null) {
+	if (!caseToken) {
+		return fail(400, {
+			success: false,
+			caseId: caseToken,
+			error: { message: 'Die Vorgangsnummer darf nicht leer sein.' }
+		});
+	}
+
+	let vorgaenge = getVorgaenge();
+	const vorgaenge_tokens = vorgaenge.map((vorg) => vorg.token);
+
+	const found = vorgaenge_tokens.indexOf(caseToken) != -1;
+
+	return found;
+};
+
+export const vorgangNameExists = function (caseName: string) {
+	let vorgaenge = getVorgaenge();
+	const vorgaengeNames = vorgaenge.map((vorg) => vorg.name);
+
+	const found = vorgaengeNames.indexOf(caseName) != -1;
+
+	return found;
+};
+
 export const hasValidToken = async (caseId: string, caseToken: string) => {
 	const objPath = `${caseId}/${TOKENFILENAME}`;
 
@@ -90,3 +173,17 @@ export const hasValidToken = async (caseId: string, caseToken: string) => {
 		}
 	}
 };
+
+export const passwordValid = function (caseToken, casePassword) {
+	if (!casePassword) {
+		return false;
+	}
+
+	const vorg = getVorgangByToken(caseToken);
+
+	if (!vorg || vorg.pw !== casePassword) {
+		return false;
+	}
+
+	return true;
+};

src/routes/(angemeldet)/list/+page.server.ts

@@ -1,10 +1,11 @@
-import { getListOfVorgänge } from '$lib/server/vorgangService';
+import { getListOfVorgänge, getVorgaenge } from '$lib/server/vorgangService';
 import type { PageServerLoad } from '../../(token-based)/view/$types';
 
 export const load: PageServerLoad = async () => {
-    const caseList = await getListOfVorgänge();
+	// const caseList = await getListOfVorgänge();
+	const caseList = getVorgaenge();
 
-    return {
+	return {
-        caseList
+		caseList
-    };
+	};
 };

src/routes/(angemeldet)/list/+page.svelte

@@ -46,7 +46,7 @@
 		<ul role="list" class="divide-y divide-gray-100">
 			{#each caseList as item}
 				<li>
-					<a href="/list/{item.name}?token={item.token}" class="flex justify-between gap-x-6 py-5">
+					<a href="/list/{item.token}?pw={item.pw}" class="flex justify-between gap-x-6 py-5">
 						<div class="flex gap-x-4">
 							<!-- Ordner -->
 							<Folder />
@@ -55,7 +55,7 @@
 								<!-- Delete button -->
 								<button
 									style="padding: 2px"
-									id="del__{item.name}"
+									id="del__{item.token}"
 									on:click|preventDefault={delete_item}
 									aria-label="Vorgang {item.name} löschen"
 								>

src/routes/(angemeldet)/upload/+page.server.ts

@@ -1,7 +1,10 @@
-import { Buffer } from 'buffer';
 import { Readable } from 'stream';
 import { client } from '$lib/minio';
 import { fail } from '@sveltejs/kit';
+import { v4 as uuidv4 } from 'uuid';
+
+import { db } from '$lib/server/dbService';
+import { getVorgangByName, vorgangNameExists } from '$lib/server/vorgangService';
 
 const isRequiredFieldValid = (value: unknown) => {
 	if (value == null) return false;
@@ -9,47 +12,62 @@ const isRequiredFieldValid = (value: unknown) => {
 	if (typeof value === 'string' || value instanceof String) return value.trim() !== '';
 
 	return true;
-}
+};
 
 export const actions = {
-	url: async ({ request }: {request: Request}) => {
+	url: async ({ request }: { request: Request }) => {
 		const data = await request.formData();
-		const vorgang = data.get('vorgang');
+		const caseName = data.get('vorgang');
-		const name = data.get('name');
+		const crimeName = data.get('name');
 		const type = data.get('type');
-		const code = data.get('zugangscode');
+		const password = data.get('password');
 		const fileName = data.get('fileName');
 
-		let objectName = `${vorgang}/${name}`;
+		// store case in database
+		// skip if Vorgang exists and token not changed
+
+		const vorgangExists = vorgangNameExists(caseName);
+		let token;
+
+		if (!vorgangExists) {
+			token = uuidv4();
+			let insertSQLStatement = `INSERT INTO cases (token, name, pw) VALUES (?, ?, ?)`;
+			const statement = db.prepare(insertSQLStatement);
+			statement.run(token, caseName, password);
+		} else {
+			// vorgang exists
+			// check if PW was changed, and update DB if it was
+			const vorg = getVorgangByName(caseName);
+			token = vorg.token;
+			if (vorg.pw != password) {
+				let updateSQLStmt = `UPDATE cases SET pw = ? WHERE name = ?`;
+				const statement = db.prepare(updateSQLStmt);
+				statement.run(password, vorg);
+			}
+		}
+
+		let objectName = `${token}/${crimeName}`;
 		switch (type) {
 			case 'image/png':
 				if (!objectName.endsWith('.png')) objectName += '.png';
 				break;
 			case '':
-				if (fileName?.toString().endsWith('.glb') && !objectName.endsWith('.glb')) objectName += '.glb';
+				if (fileName?.toString().endsWith('.glb') && !objectName.endsWith('.glb'))
+					objectName += '.glb';
 		}
 
 		const url = await client.presignedPutObject('tatort', objectName);
 
-		// store code in S3
-		// tatort/<vorgang>/__perm__
-		const code_filename = '__perm__';
-		const buf = Buffer.from(code, 'utf-8');
-		const code_stream = Readable.from(buf);
-		const code_path = `${vorgang}/${code_filename}`;
-		await client.putObject('tatort', code_path, code_stream);
-
 		return { url };
 	},
-	validate: async ({ request }: {request: Request}) => {
+	validate: async ({ request }: { request: Request }) => {
 		const requestData = await request.formData();
 		const data = Object.fromEntries(requestData);
 		const vorgang = data.vorgang;
 		const name = data.name;
-		const zugangscode = data.zugangscode;
+		const password = data.password;
 		let success = true;
 		const err = {};
-
 		if (isRequiredFieldValid(vorgang)) err.vorgang = null;
 		else {
 			err.vorgang = 'Das Feld Vorgang darf nicht leer bleiben.';
@@ -62,9 +80,9 @@ export const actions = {
 			success = false;
 		}
 
-		if (isRequiredFieldValid(zugangscode)) err.zugangscode = null;
+		if (isRequiredFieldValid(password)) err.password = null;
 		else {
-			err.zugangscode = 'Das Feld Zugangscode darf nicht leer bleiben.';
+			err.password = 'Das Feld Zugangspasswort darf nicht leer bleiben.';
 			success = false;
 		}
 
@@ -73,7 +91,7 @@ export const actions = {
 		return fail(400, err);
 	},
 
-	upload: async ({ request }: {request: Request}) => {
+	upload: async ({ request }: { request: Request }) => {
 		const requestData = await request.formData();
 		const data = Object.fromEntries(requestData);
 		const vorgang = data.vorgang;
@@ -83,7 +101,7 @@ export const actions = {
 
 		return { url };
 	},
-	upload3: async ({ request }: {request: Request}) => {
+	upload3: async ({ request }: { request: Request }) => {
 		const requestData = await request.formData();
 		const data = Object.fromEntries(requestData);
 		const name = data.name;

src/routes/(angemeldet)/upload/+page.svelte

@@ -17,18 +17,18 @@
 	let vorgang = '';
 	const code_len = 8;
 
-	function generate_token() {
+	function generatePassword() {
 		return Math.random()
 		.toString(36)
 		.slice(2, 2 + code_len);
 	}
-	let zugangscode = ''
+	let zugangspasswort = ''
-	let zugangscode_old = ''
+	let zugangspasswordOld = ''
-	$: zugangscode_old = generate_token();
+	$: zugangspasswordOld = generatePassword();
-	$: zugangscode = zugangscode_old
+	$: zugangspasswort = zugangspasswordOld
 
-	let case_existing = undefined;
+	let caseExisting = undefined;
-	$: case_existing = false;
+	$: caseExisting = false;
 
 	let name = '';
 	let etag: string | null = null;
@@ -42,7 +42,7 @@
 		let data = new FormData();
 		data.append('vorgang', vorgang);
 		data.append('name', name);
-		data.append('zugangscode', zugangscode);
+		data.append('password', zugangspasswort);
 		const response = await fetch('?/validate', { method: 'POST', body: data });
 		/** @type {import('@sveltejs/kit').ActionResult} */
 		const result = deserialize(await response.text());
@@ -64,7 +64,6 @@
 			formErrors = { file: 'Keine gültige .GLD-Datei', ...formErrors };
 			success = false;
 		}
-
 		return success;
 	}
 
@@ -72,7 +71,7 @@
 		let data = new FormData();
 		data.append('vorgang', vorgang);
 		data.append('name', name);
-		data.append('zugangscode', zugangscode);
+		data.append('password', zugangspasswort);
 		if (files?.length === 1) {
 			data.append('type', files[0].type);
 			data.append('fileName', files[0].name);
@@ -152,44 +151,37 @@
 	}
 
 	// `/(angemeldet)/view` return true or false
-	async function case_exists(case_no) {
+	async function caseExists(caseName: string) {
 
-		if (case_no == '') {
+		if (caseName == '') {
-			zugangscode = zugangscode_old;
+			zugangspasswort = zugangspasswordOld;
+			return;
 		}
 
-		// ping `/view` with caseNumber in POST body
+		let url = `/api/list/${caseName}`
-		let url = '/view';
 
-		let data = new FormData();
+		const response = await fetch(url, { method: 'HEAD'});
-		data.append('caseNumber', case_no);
+		const status = response.status;
+
+		if (status == 200) {
+			caseExisting = true;
+			const passwort = await getPassword(caseName);
+			zugangspasswort = passwort;
 
-		// fetch code in parallel
-		const code = await get_code(case_no);
-		if (code != -1) {
-			zugangscode = code;
-			case_existing = true;
 			return true
+
+		} else {
+			caseExisting = false;
+			zugangspasswort = zugangspasswordOld;
+			return false
 		}
-
-		const response = await fetch(url, { method: 'POST', body: data });
-
-		const res_json = await response.json();
-		const status = res_json.status;
-
-		if (status != 303) {
-			case_existing = false;
-			zugangscode = zugangscode_old;
-		}
-
-		return false;
 	}
 
-	async function get_code(case_no) {
+	async function getPassword(caseName: string) {
 
-		if (case_no == '') return;
+		if (caseName == '') return;
 
-		let url = `/api/list/${case_no}/code`;
+		let url = `/api/list/${caseName}/casepw`;
 		const response = await fetch(url);
 
 		if (response.status == 200) {
@@ -233,14 +225,14 @@
 									id="vorgang"
 									autocomplete={vorgang}
 									class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6"
-									on:input={() => case_exists(vorgang)}
+									on:input={() => caseExists(vorgang)}
 								/>
 							</div>
 						</div>
 						{#if formErrors?.vorgang}
 							<p class="block text-sm leading-6 text-red-900 mt-2">{formErrors.vorgang}</p>
 						{/if}
-						{#if case_existing && vorgang.length > 0}
+						{#if caseExisting && vorgang.length > 0}
 							<span>Datei wird zum existierenden Vorgang hinzugefügt.</span>
 						{:else if vorgang.length > 0}
 							<span>Neuer Vorgang wird angelegt.</span>
@@ -287,11 +279,11 @@
 								class="flex rounded-md shadow-sm ring-1 ring-inset ring-gray-300 focus-within:ring-2 focus-within:ring-inset focus-within:ring-indigo-600"
 							>
 								<input
-									bind:value={zugangscode}
+									bind:value={zugangspasswort}
 									type="text"
 									name="zugangscode"
 									id="zugangscode"
-									on:input="{ (ev) => { zugangscode_old = ev.target.value }}"
+									on:input="{ (ev) => { zugangspasswordOld = ev.target.value }}"
 									class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6"
 								/>
 
@@ -299,7 +291,7 @@
 							<button
 							class="rounded-md bg-blue-500 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-indigo-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600"
 							on:click="{() => {
-							zugangscode = zugangscode_old = generate_token(); }}"
+							zugangspasswort = zugangspasswordOld = generatePassword(); }}"
 							type="button">
 								Generiere Zugangscode
 							</button>

src/routes/(token-based)/+layout.server.ts

@@ -1,4 +1,9 @@
-import { checkIfVorgangExists, hasValidToken } from '$lib/server/vorgangService';
+import {
+	checkIfVorgangExists,
+	hasValidToken,
+	passwordValid,
+	vorgangExists
+} from '$lib/server/vorgangService';
 import { redirect } from '@sveltejs/kit';
 import type { PageServerLoad } from './list/[vorgang]/$types';
 
@@ -9,11 +14,11 @@ export const load: PageServerLoad = async ({ params, url, locals }) => {
 		};
 	}
 
-	const caseId = params.vorgang;
+	const caseToken = params.vorgang;
-	const caseToken = url.searchParams.get('token');
+	const casePassword = url.searchParams.get('pw');
 
-	const isVorgangValid = await checkIfVorgangExists(caseId);
+	const isVorgangValid = vorgangExists(caseToken);
-	const isTokenValid = await hasValidToken(caseId, caseToken);
+	const isPasswordValid = passwordValid(caseToken, casePassword);
 
-	if (!isVorgangValid || !isTokenValid) throw redirect(303, `/anmeldung`);
+	if (!isVorgangValid || !isPasswordValid) throw redirect(303, `/anmeldung?vorgang=${caseToken}`);
 };

src/routes/(token-based)/list/[vorgang]/+page.server.ts

@@ -1,14 +1,16 @@
-import { getVorgangByCaseId } from '$lib/server/vorgangService';
+import { getVorgangByToken, getCrimesListByToken } from '$lib/server/vorgangService';
 import type { PageServerLoad } from './$types';
 
 export const load: PageServerLoad = async ({ params, url }) => {
-	const caseId = params.vorgang;
+	const caseToken = params.vorgang;
-	const caseToken = url.searchParams.get('token');
+	const casePassword = url.searchParams.get('pw');
 
-	const crimesList = await getVorgangByCaseId(caseId);
+	const crimesList = await getCrimesListByToken(caseToken);
+	const vorgang = getVorgangByToken(caseToken);
 
 	return {
 		crimesList,
-		caseToken
+		casePassword,
+		vorgang
 	};
 };

src/routes/(token-based)/list/[vorgang]/+page.svelte

@@ -26,8 +26,9 @@
 		// add other properties as needed
 	}
 
+	const vorgang = data.vorgang;
 	const crimesList: ListItem[] = data.crimesList;
-	const token: string = data.caseToken;
+	const password: string = data.casePassword;
 
 	let open = false;
 	$: open;
@@ -93,7 +94,6 @@
 
 			// construct PUT URL
 			const url = $page.url;
-			console.log(url);
 
 			let data_obj: { new_name: string; old_name: string } = { new_name: '', old_name: '' };
 			data_obj['new_name'] = new_name;
@@ -128,18 +128,31 @@
 			return;
 		}
 	}
+
+	async function setClipboard(text) {
+		const type = "text/plain";
+		const clipboardItemData = {
+			[type]: text,
+		};
+		const clipboardItem = new ClipboardItem(clipboardItemData);
+		await navigator.clipboard.write([clipboardItem]);
+	}
 </script>
 
 <div class="-z-10 bg-white">
 	<div class="flex flex-col items-center justify-center w-full">
-		<h1 class="text-xl">Vorgang {$page.params.vorgang}</h1>
+		<h1 class="text-xl">Vorgang {vorgang.name}</h1>
+		{#if data?.user?.admin}
+		Zugangspasswort: {vorgang.pw}
+		<Button on:click={() => setClipboard($page.url.toString().split('?')[0])}>Copy Link</Button>
+		{/if}
 	</div>
 	<div class="mx-auto flex justify-center max-w-7xl h-full">
 		<ul class="divide-y divide-gray-100">
 			{#each crimesList as item, i}
 				<li>
 					<a
-						href="/view/{$page.params.vorgang}/{item.name}?token={token}"
+						href="/view/{$page.params.vorgang}/{item.name}?pw={password}"
 						class=" flex justify-between gap-x-6 py-5"
 						aria-label="zum 3D-modell"
 					>

src/routes/anmeldung/+page.server.ts

@@ -4,13 +4,15 @@ import { redirect } from '@sveltejs/kit';
 export const actions = {
 	login: ({ request, cookies }) => loginUser({ request, cookies }),
 	logout: (event) => logoutUser(event),
-	getVorgangById: async ({ request }) => {
+	getVorgangByToken: async ({ request }) => {
 		const data = await request.formData();
-		const caseId = data.get('case-id');
 		const caseToken = data.get('case-token');
+		const casePassword = data.get('case-password');
 
-		if (!caseId || !caseToken) return;
+		console.log(`+++ ${caseToken} + ${casePassword}`);
 
-		throw redirect(303, `/list/${caseId}?token=${caseToken}`);
+		if (!caseToken || !casePassword) return;
+
+		throw redirect(303, `/list/${caseToken}?pw=${casePassword}`);
 	}
-} as const;
+} as const;

src/routes/anmeldung/+page.svelte

@@ -11,6 +11,9 @@
 	export let form;
 
 	export let open = false;
+
+	import { page } from '$app/state';
+	const vorgangToken = page.url.searchParams.get('vorgang');
 </script>
 
 <div class="flex min-h-full flex-col justify-center px-6 py-12 lg:px-8">
@@ -24,21 +27,21 @@
 	<div class="w-full max-w-sm mx-auto">
 		<div class="relative mt-5 bg-gray-50 rounded-xl shadow-xl p-3 pt-1">
 			<div class="mt-10">
-				<form action="?/getVorgangById" method="POST">
+				<form action="?/getVorgangByToken" method="POST">
 					<BaseInputField
-						id="case-id"
+						id="case-token"
-						name="case-id"
+						name="case-token"
 						label="Vorgangskennung"
 						type="text"
-						value={form?.caseId}
+						value={vorgangToken}
 					/>
 					<div class="mt-5">
 						<BaseInputField
-							id="case-token"
+							id="case-password"
-							name="case-token"
+							name="case-password"
-							label="Zugangscode"
+							label="Zugangspasswort"
 							type="text"
-							value={form?.token}
+							value={form?.password}
 							error={form?.error?.message}
 						/>
 					</div>

src/routes/api/list/[vorgang]/+server.ts

@@ -1,11 +1,18 @@
 import { client } from '$lib/minio';
+import { db } from '$lib/server/dbService';
+import {
+	deleteVorgangByToken,
+	getVorgangByToken,
+	getVorgangByName,
+	vorgangNameExists
+} from '$lib/server/vorgangService';
 
 export async function DELETE({ params }) {
-	const vorgang = params.vorgang;
+	const vorgangToken = params.vorgang;
 
 	const object_list = await new Promise((resolve, reject) => {
 		const res = [];
-		const items_str = client.listObjects('tatort', vorgang, true);
+		const items_str = client.listObjects('tatort', vorgangToken, true);
 
 		items_str.on('data', (obj) => {
 			res.push(obj.name);
@@ -19,6 +26,19 @@ export async function DELETE({ params }) {
 	});
 
 	await client.removeObjects('tatort', object_list);
+	deleteVorgangByToken(vorgangToken);
 
 	return new Response(null, { status: 204 });
 }
+
+export async function HEAD({ params }) {
+	const vorgangName = params.vorgang;
+
+	const existing = vorgangNameExists(vorgangName);
+
+	if (existing) {
+		return new Response(null, { status: 200 });
+	} else {
+		return new Response(null, { status: 404 });
+	}
+}

src/routes/api/list/[vorgang]/casepw/+server.ts

@@ -0,0 +1,16 @@
+import { db } from '$lib/server/dbService';
+
+/** @type {import('./$types').RequestHandler} */
+export async function GET({ params }) {
+	const vorgangName = params.vorgang;
+
+	let getCodeSQLStatement = `SELECT pw FROM cases WHERE name = ?;`;
+	const row = db.prepare(getCodeSQLStatement).get(vorgangName);
+	let password = row.pw;
+
+	if (password) {
+		return new Response(password, { status: 200 });
+	} else {
+		return new Response(null, { status: 404 });
+	}
+}

src/routes/api/list/[vorgang]/code/+server.ts

@@ -1,25 +0,0 @@
-import { client } from '$lib/minio';
-
-/** @type {import('./$types').RequestHandler} */
-export async function GET({ params }) {
-	const prefix = params.vorgang ? `${params.vorgang}` : '';
-
-	const code_name = '__perm__';
-	const obj_path = `${prefix}/${code_name}`;
-
-	let result = null;
-
-	try {
-		result = await client.getObject('tatort', obj_path);
-	} catch (error) {
-		if (error.name == 'S3Error') {
-			result = null;
-		}
-	}
-
-	if (result != null) {
-		return new Response(result, { status: 200 });
-	} else {
-		return new Response(null, { status: 404 });
-	}
-}