From 8d92e94bd65ce249a647f9b99b79d6a92d725469 Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Tue, 8 Jul 2025 09:29:06 +0200 Subject: [PATCH 01/32] populate db with default user --- src/init/init_db.js | 42 +++++++++++++++++++++++++++++++++++++++++ src/lib/data/tatort.db | Bin 0 -> 20480 bytes 2 files changed, 42 insertions(+) create mode 100644 src/init/init_db.js create mode 100644 src/lib/data/tatort.db diff --git a/src/init/init_db.js b/src/init/init_db.js new file mode 100644 index 0000000..fdf9caa --- /dev/null +++ b/src/init/init_db.js @@ -0,0 +1,42 @@ +import sqlite3 from 'sqlite3'; +import jsSHA from 'jssha'; + +const db = new sqlite3.Database('./src/lib/data/tatort.db'); + +db.serialize(() => { + // users table + + let create_stmt = `CREATE TABLE IF NOT EXISTS users + (id INTEGER PRIMARY KEY AUTOINCREMENT, + name TEXT NOT NULL, + pw TEXT NOT NULL)`; + db.run(create_stmt); + + // check if there are any users; if not add one default admin one + let pw = 'pass-123'; + let hashed_pw = new jsSHA('SHA-512', 'TEXT').update(pw).getHash('HEX'); + + let check_ins_stmt = `INSERT INTO users (name, pw) SELECT 'admin', '${hashed_pw}' + WHERE NOT EXISTS (SELECT * FROM users);`; + + db.run(check_ins_stmt); + + let users_stmt = `SELECT * FROM USERS`; + db.each(users_stmt, (err, row) => { + console.log(`xxx ${row.name} + ${row.pw}`) + }); + + // cases table + + create_stmt = `CREATE TABLE IF NOT EXISTS cases + (id INTEGER PRIMARY KEY AUTOINCREMENT, + token TEXT NOT NULL UNIQUE, + name TEXT NOT NULL, + pw TEXT NOT NULL, + created_by INTEGER NOT NULL, + FOREIGN KEY(created_by) REFERENCES users(id))`; + + db.run(create_stmt); +}); + +db.close(); diff --git a/src/lib/data/tatort.db b/src/lib/data/tatort.db new file mode 100644 index 0000000000000000000000000000000000000000..5ab89f54ecaf1ee75b802b347fd29e7c543807b9 GIT binary patch literal 20480 zcmeI&&uZH+90zc@N&l>nWj9}T&@o=i@E^s04ufSyEn%tKx(+O-AS*J2Ht8CtY&$mW zN%jJLp*=^>Q@o{X0v&AhFv?e0wj}E(OCOyCK0WCSr;6qmlaZKGkGvp;LEchI2&w42 zuJa{VscG)?2HHx=2rlA=&Wd8_Uvyp?jAw%&C(Et|IKz0?>EXgf~%0Z-_0(mre@ zJ^G&aXseqZwPPK8$m4W(DTGch&eWKu{6k9PBb~dQ4(-P6lP+KBI2I$d+;64B$4`HJ zEhkD$)u5k!xtrtSgDV5=A0@nf5YMOH_#I`@gzxi&$9w#gUKMIm=;d0LRoyV(mz78kV>7cHvz%RdTU&}Ro0juqD5n6sJ~jD}-73|THz9?B^5GvzsX~F%kqI009U<00Izz00bZa0SG_<0{?@+mQgXEmA@R!&;R Date: Wed, 9 Jul 2025 08:08:59 +0200 Subject: [PATCH 02/32] include packages --- package.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/package.json b/package.json index 105e951..eb86a15 100644 --- a/package.json +++ b/package.json @@ -44,9 +44,12 @@ "@sveltejs/adapter-node": "^5.2.12", "@tailwindcss/forms": "^0.5.10", "autoprefixer": "^10.4.21", + "crypto": "^1.0.1", "jsonwebtoken": "^9.0.2", + "jssha": "^3.3.1", "minio": "^8.0.5", "postcss": "^8.5.4", + "sqlite3": "^5.1.7", "tailwindcss": "^3.4.17" } } -- 2.43.0 From 0c6dbe30ab75030c054b6bd92940fa633aded1f7 Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Wed, 9 Jul 2025 12:07:34 +0200 Subject: [PATCH 03/32] replace with --- package.json | 1 + src/init/init_db.js | 57 +++++++++++++++++++++------------------------ src/lib/auth.ts | 52 +++++++++++++++++++++++++++++++++++------ 3 files changed, 73 insertions(+), 37 deletions(-) diff --git a/package.json b/package.json index eb86a15..ddaae9f 100644 --- a/package.json +++ b/package.json @@ -44,6 +44,7 @@ "@sveltejs/adapter-node": "^5.2.12", "@tailwindcss/forms": "^0.5.10", "autoprefixer": "^10.4.21", + "better-sqlite3": "^12.2.0", "crypto": "^1.0.1", "jsonwebtoken": "^9.0.2", "jssha": "^3.3.1", diff --git a/src/init/init_db.js b/src/init/init_db.js index fdf9caa..c47d240 100644 --- a/src/init/init_db.js +++ b/src/init/init_db.js @@ -1,42 +1,39 @@ -import sqlite3 from 'sqlite3'; +import Database from 'better-sqlite3'; import jsSHA from 'jssha'; -const db = new sqlite3.Database('./src/lib/data/tatort.db'); +const db = new Database('./src/lib/data/tatort.db'); -db.serialize(() => { - // users table +let create_stmt = `CREATE TABLE IF NOT EXISTS users + (id INTEGER PRIMARY KEY AUTOINCREMENT, + name TEXT NOT NULL, + pw TEXT NOT NULL)`; +db.exec(create_stmt); - let create_stmt = `CREATE TABLE IF NOT EXISTS users - (id INTEGER PRIMARY KEY AUTOINCREMENT, - name TEXT NOT NULL, - pw TEXT NOT NULL)`; - db.run(create_stmt); +// check if there are any users; if not add one default admin one +let pw = 'pass-123'; +let hashed_pw = new jsSHA('SHA-512', 'TEXT').update(pw).getHash('HEX'); - // check if there are any users; if not add one default admin one - let pw = 'pass-123'; - let hashed_pw = new jsSHA('SHA-512', 'TEXT').update(pw).getHash('HEX'); +let check_ins_stmt = `INSERT INTO users (name, pw) SELECT 'admin', '${hashed_pw}' + WHERE NOT EXISTS (SELECT * FROM users);`; - let check_ins_stmt = `INSERT INTO users (name, pw) SELECT 'admin', '${hashed_pw}' - WHERE NOT EXISTS (SELECT * FROM users);`; +db.exec(check_ins_stmt); - db.run(check_ins_stmt); +let users_stmt = `SELECT * FROM USERS`; +const stmt = db.prepare(users_stmt); +for (const usr of stmt.iterate()) { + console.log(`xxx ${usr.name} + ${usr.pw}`) +}; - let users_stmt = `SELECT * FROM USERS`; - db.each(users_stmt, (err, row) => { - console.log(`xxx ${row.name} + ${row.pw}`) - }); +// cases table - // cases table +create_stmt = `CREATE TABLE IF NOT EXISTS cases + (id INTEGER PRIMARY KEY AUTOINCREMENT, + token TEXT NOT NULL UNIQUE, + name TEXT NOT NULL, + pw TEXT NOT NULL, + created_by INTEGER NOT NULL, + FOREIGN KEY(created_by) REFERENCES users(id))`; - create_stmt = `CREATE TABLE IF NOT EXISTS cases - (id INTEGER PRIMARY KEY AUTOINCREMENT, - token TEXT NOT NULL UNIQUE, - name TEXT NOT NULL, - pw TEXT NOT NULL, - created_by INTEGER NOT NULL, - FOREIGN KEY(created_by) REFERENCES users(id))`; - - db.run(create_stmt); -}); +db.exec(create_stmt); db.close(); diff --git a/src/lib/auth.ts b/src/lib/auth.ts index 958bc6e..3582558 100644 --- a/src/lib/auth.ts +++ b/src/lib/auth.ts @@ -1,6 +1,12 @@ import jwt from 'jsonwebtoken'; +import jsSHA from 'jssha'; +import Database from 'better-sqlite3'; +import process from 'process'; import config from '$lib/config'; +// import db from '../init/init_db'; + +let db = new Database('./src/lib/data/tatort.db'); const SECRET = config.jwt.secret; const EXPIRES_IN = config.jwt.expiresIn; @@ -16,14 +22,46 @@ export function decryptToken(token: string) { } export function authenticate(user, pass) { - let userData = null; + // let userData = null; - if (AUTH[user]) { - const { password, ...data } = AUTH[user]; - if (password && password === pass) userData = data; + // if (AUTH[user]) { + // const { password, ...data } = AUTH[user]; + // + // // fetch user password from db; + // db.get(get_usr_stmt, [user], (err, row) => { + // console.log(`[row] ${row.name} + ${row.pw}`); + // let stored_pw = row.pw; + // // hash user password + // let hashed_pw = new jsSHA('SHA-512', 'TEXT').update(pass).getHash('HEX'); + // + // console.log(`+++ ${stored_pw} || ${hashed_pw} || ${pass}`); + // + // if (hashed_pw && hashed_pw === stored_pw) { + // console.log(`--- SUCCESS`); + // userData = data; + // } + // if (userData == null) return null; + // console.log(`^^^ ${userData}`); + // return createToken({ id: user, ...userData }); + // }); + // } + // + // if (userData == null) return null; + + let token; + + // hash user password + let hashed_pw = new jsSHA('SHA-512', 'TEXT').update(pass).getHash('HEX'); + + let get_usr_stmt = 'SELECT name, pw FROM users WHERE name = ?'; + const row = db.prepare(get_usr_stmt).get(user); + let stored_pw = row.pw; + + console.log(`+++ ${pass} || ${stored_pw} || ${hashed_pw}`); + + if (hashed_pw && hashed_pw === stored_pw) { + token = createToken({ id: user, admin: true }); } - if (userData == null) return null; - - return createToken({ id: user, ...userData }); + return token; } -- 2.43.0 From dc2d038b1b449d405ff64876fb558a6e22dd572c Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Wed, 9 Jul 2025 12:13:19 +0200 Subject: [PATCH 04/32] remove old, commented implementation of authenticate --- src/lib/auth.ts | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/src/lib/auth.ts b/src/lib/auth.ts index 3582558..8b94943 100644 --- a/src/lib/auth.ts +++ b/src/lib/auth.ts @@ -22,32 +22,6 @@ export function decryptToken(token: string) { } export function authenticate(user, pass) { - // let userData = null; - - // if (AUTH[user]) { - // const { password, ...data } = AUTH[user]; - // - // // fetch user password from db; - // db.get(get_usr_stmt, [user], (err, row) => { - // console.log(`[row] ${row.name} + ${row.pw}`); - // let stored_pw = row.pw; - // // hash user password - // let hashed_pw = new jsSHA('SHA-512', 'TEXT').update(pass).getHash('HEX'); - // - // console.log(`+++ ${stored_pw} || ${hashed_pw} || ${pass}`); - // - // if (hashed_pw && hashed_pw === stored_pw) { - // console.log(`--- SUCCESS`); - // userData = data; - // } - // if (userData == null) return null; - // console.log(`^^^ ${userData}`); - // return createToken({ id: user, ...userData }); - // }); - // } - // - // if (userData == null) return null; - let token; // hash user password -- 2.43.0 From c034064d419f02772cb59eb4cafb5a018c031ecc Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Wed, 9 Jul 2025 12:20:16 +0200 Subject: [PATCH 05/32] refactor db design --- src/init/init_db.js | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/src/init/init_db.js b/src/init/init_db.js index c47d240..7cd6adc 100644 --- a/src/init/init_db.js +++ b/src/init/init_db.js @@ -21,18 +21,16 @@ db.exec(check_ins_stmt); let users_stmt = `SELECT * FROM USERS`; const stmt = db.prepare(users_stmt); for (const usr of stmt.iterate()) { - console.log(`xxx ${usr.name} + ${usr.pw}`) -}; + console.log(`xxx ${usr.name} + ${usr.pw}`); +} // cases table create_stmt = `CREATE TABLE IF NOT EXISTS cases (id INTEGER PRIMARY KEY AUTOINCREMENT, - token TEXT NOT NULL UNIQUE, - name TEXT NOT NULL, - pw TEXT NOT NULL, - created_by INTEGER NOT NULL, - FOREIGN KEY(created_by) REFERENCES users(id))`; + token TEXT NOT NULL UNIQUE, + name TEXT NOT NULL, + pw TEXT NOT NULL)`; db.exec(create_stmt); -- 2.43.0 From f6513c9ed821b92710a53a372df3263b3e8092bc Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Thu, 10 Jul 2025 08:28:01 +0200 Subject: [PATCH 06/32] add uuid-package for token generation --- package.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index ddaae9f..88fbb61 100644 --- a/package.json +++ b/package.json @@ -51,6 +51,7 @@ "minio": "^8.0.5", "postcss": "^8.5.4", "sqlite3": "^5.1.7", - "tailwindcss": "^3.4.17" + "tailwindcss": "^3.4.17", + "uuid": "^11.1.0" } } -- 2.43.0 From 8b1b3532fc5e35d37600dbc25658dccabb1a290b Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Thu, 10 Jul 2025 08:29:07 +0200 Subject: [PATCH 07/32] refactor init-script and display tables with data --- src/init/init_db.js | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/init/init_db.js b/src/init/init_db.js index 7cd6adc..5f64089 100644 --- a/src/init/init_db.js +++ b/src/init/init_db.js @@ -19,9 +19,10 @@ let check_ins_stmt = `INSERT INTO users (name, pw) SELECT 'admin', '${hashed_pw} db.exec(check_ins_stmt); let users_stmt = `SELECT * FROM USERS`; -const stmt = db.prepare(users_stmt); +let stmt = db.prepare(users_stmt); +console.log(`\n`, `*** Users table`); for (const usr of stmt.iterate()) { - console.log(`xxx ${usr.name} + ${usr.pw}`); + console.log(`[r] ${usr.name} + ${usr.pw}`); } // cases table @@ -34,4 +35,11 @@ create_stmt = `CREATE TABLE IF NOT EXISTS cases db.exec(create_stmt); +let cases_stmt = `SELECT * FROM cases`; +stmt = db.prepare(cases_stmt); +console.log(`\n`, `*** Cases table`); +for (const usr of stmt.iterate()) { + console.log(`[r] ${usr.name} + ${usr.token} + ${usr.pw}`); +} + db.close(); -- 2.43.0 From 40599f4ffae0a9c1425c3e9d3b775e8d1109dd5a Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Thu, 10 Jul 2025 08:30:41 +0200 Subject: [PATCH 08/32] adding new vorgang in database --- .../(angemeldet)/upload/+page.server.ts | 30 +++++++++++-------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/src/routes/(angemeldet)/upload/+page.server.ts b/src/routes/(angemeldet)/upload/+page.server.ts index 1ca2879..55db9cb 100644 --- a/src/routes/(angemeldet)/upload/+page.server.ts +++ b/src/routes/(angemeldet)/upload/+page.server.ts @@ -2,6 +2,9 @@ import { Buffer } from 'buffer'; import { Readable } from 'stream'; import { client } from '$lib/minio'; import { fail } from '@sveltejs/kit'; +import { v4 as uuidv4 } from 'uuid'; + +import Database from 'better-sqlite3'; const isRequiredFieldValid = (value: unknown) => { if (value == null) return false; @@ -9,10 +12,10 @@ const isRequiredFieldValid = (value: unknown) => { if (typeof value === 'string' || value instanceof String) return value.trim() !== ''; return true; -} +}; export const actions = { - url: async ({ request }: {request: Request}) => { + url: async ({ request }: { request: Request }) => { const data = await request.formData(); const vorgang = data.get('vorgang'); const name = data.get('name'); @@ -26,22 +29,23 @@ export const actions = { if (!objectName.endsWith('.png')) objectName += '.png'; break; case '': - if (fileName?.toString().endsWith('.glb') && !objectName.endsWith('.glb')) objectName += '.glb'; + if (fileName?.toString().endsWith('.glb') && !objectName.endsWith('.glb')) + objectName += '.glb'; } const url = await client.presignedPutObject('tatort', objectName); - // store code in S3 - // tatort//__perm__ - const code_filename = '__perm__'; - const buf = Buffer.from(code, 'utf-8'); - const code_stream = Readable.from(buf); - const code_path = `${vorgang}/${code_filename}`; - await client.putObject('tatort', code_path, code_stream); + // store case in database + + let db = new Database('./src/lib/data/tatort.db'); + let token = uuidv4(); + let insert_stmt = `INSERT INTO cases (token, name, pw) VALUES (?, ?, ?)`; + const stmt = db.prepare(insert_stmt); + stmt.run(token, vorgang, code); return { url }; }, - validate: async ({ request }: {request: Request}) => { + validate: async ({ request }: { request: Request }) => { const requestData = await request.formData(); const data = Object.fromEntries(requestData); const vorgang = data.vorgang; @@ -73,7 +77,7 @@ export const actions = { return fail(400, err); }, - upload: async ({ request }: {request: Request}) => { + upload: async ({ request }: { request: Request }) => { const requestData = await request.formData(); const data = Object.fromEntries(requestData); const vorgang = data.vorgang; @@ -83,7 +87,7 @@ export const actions = { return { url }; }, - upload3: async ({ request }: {request: Request}) => { + upload3: async ({ request }: { request: Request }) => { const requestData = await request.formData(); const data = Object.fromEntries(requestData); const name = data.name; -- 2.43.0 From 307894c98005f6ffde2f0fd138704f83a51f5993 Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Thu, 10 Jul 2025 08:31:45 +0200 Subject: [PATCH 09/32] listing of cases based on db --- src/routes/(angemeldet)/list/+page.server.ts | 11 ++++++----- src/routes/(angemeldet)/list/+page.svelte | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/routes/(angemeldet)/list/+page.server.ts b/src/routes/(angemeldet)/list/+page.server.ts index 4d78120..98b3e69 100644 --- a/src/routes/(angemeldet)/list/+page.server.ts +++ b/src/routes/(angemeldet)/list/+page.server.ts @@ -1,10 +1,11 @@ -import { getListOfVorgänge } from '$lib/server/vorgangService'; +import { getListOfVorgänge, getVorgaenge } from '$lib/server/vorgangService'; import type { PageServerLoad } from '../../(token-based)/view/$types'; export const load: PageServerLoad = async () => { - const caseList = await getListOfVorgänge(); + // const caseList = await getListOfVorgänge(); + const caseList = getVorgaenge(); - return { - caseList - }; + return { + caseList + }; }; diff --git a/src/routes/(angemeldet)/list/+page.svelte b/src/routes/(angemeldet)/list/+page.svelte index b730a95..d59ad2f 100644 --- a/src/routes/(angemeldet)/list/+page.svelte +++ b/src/routes/(angemeldet)/list/+page.svelte @@ -51,7 +51,7 @@
- {item.name} + {item[1]} + {/if}
    -- 2.43.0 From a7eb81151f447693f1ad04a09b378720fd8554f2 Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Fri, 11 Jul 2025 11:39:42 +0200 Subject: [PATCH 17/32] refactor DB access --- src/lib/auth.ts | 5 +---- src/lib/server/dbService.ts | 3 +++ src/lib/server/vorgangService.ts | 3 +-- src/routes/(angemeldet)/upload/+page.server.ts | 3 +-- 4 files changed, 6 insertions(+), 8 deletions(-) create mode 100644 src/lib/server/dbService.ts diff --git a/src/lib/auth.ts b/src/lib/auth.ts index 8b94943..7397b86 100644 --- a/src/lib/auth.ts +++ b/src/lib/auth.ts @@ -1,12 +1,9 @@ import jwt from 'jsonwebtoken'; import jsSHA from 'jssha'; -import Database from 'better-sqlite3'; import process from 'process'; +import db from '$lib/server/dbService'; import config from '$lib/config'; -// import db from '../init/init_db'; - -let db = new Database('./src/lib/data/tatort.db'); const SECRET = config.jwt.secret; const EXPIRES_IN = config.jwt.expiresIn; diff --git a/src/lib/server/dbService.ts b/src/lib/server/dbService.ts new file mode 100644 index 0000000..1c562bc --- /dev/null +++ b/src/lib/server/dbService.ts @@ -0,0 +1,3 @@ +import Database from 'better-sqlite3'; + +export const db = new Database('./src/lib/data/tatort.db'); diff --git a/src/lib/server/vorgangService.ts b/src/lib/server/vorgangService.ts index d86172a..7d7c5e7 100644 --- a/src/lib/server/vorgangService.ts +++ b/src/lib/server/vorgangService.ts @@ -2,8 +2,7 @@ import { fail } from '@sveltejs/kit'; import { BUCKET, client, CONFIGFILENAME, TOKENFILENAME } from '$lib/minio'; import { checkIfExactDirectoryExists, getContentOfTextObject } from './s3ClientService'; -import Database from 'better-sqlite3'; -const db = new Database('./src/lib/data/tatort.db'); +import { db } from './dbService'; /** * Get Vorgang and corresponend list of tatorte diff --git a/src/routes/(angemeldet)/upload/+page.server.ts b/src/routes/(angemeldet)/upload/+page.server.ts index 7d413b4..8016dac 100644 --- a/src/routes/(angemeldet)/upload/+page.server.ts +++ b/src/routes/(angemeldet)/upload/+page.server.ts @@ -4,7 +4,7 @@ import { client } from '$lib/minio'; import { fail } from '@sveltejs/kit'; import { v4 as uuidv4 } from 'uuid'; -import Database from 'better-sqlite3'; +import { db } from '$lib/server/dbService'; const isRequiredFieldValid = (value: unknown) => { if (value == null) return false; @@ -25,7 +25,6 @@ export const actions = { // store case in database - let db = new Database('./src/lib/data/tatort.db'); let token = uuidv4(); let insert_stmt = `INSERT INTO cases (token, name, pw) VALUES (?, ?, ?)`; const stmt = db.prepare(insert_stmt); -- 2.43.0 From cd5389666eac68881f4a9f145f10aacfc30b33e0 Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Mon, 14 Jul 2025 08:23:27 +0200 Subject: [PATCH 18/32] fix import error from default to explicit import --- src/lib/auth.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/auth.ts b/src/lib/auth.ts index 7397b86..1248d94 100644 --- a/src/lib/auth.ts +++ b/src/lib/auth.ts @@ -1,7 +1,7 @@ import jwt from 'jsonwebtoken'; import jsSHA from 'jssha'; import process from 'process'; -import db from '$lib/server/dbService'; +import { db } from '$lib/server/dbService'; import config from '$lib/config'; -- 2.43.0 From 484acd3bcf1b434cb3b3453491be7d80fe8acb4f Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Mon, 14 Jul 2025 13:20:15 +0200 Subject: [PATCH 19/32] =?UTF-8?q?refactoring:=20'Datei=20zu=20Vorgang=20hi?= =?UTF-8?q?nzuf=C3=BCgen'=20an=20DB=20angepasst?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/lib/server/vorgangService.ts | 9 +++++ src/routes/(angemeldet)/upload/+page.svelte | 33 ++++++++----------- .../(token-based)/list/[vorgang]/+page.svelte | 2 +- src/routes/api/list/[vorgang]/+server.ts | 13 ++++++++ src/routes/api/list/[vorgang]/code/+server.ts | 22 ++++--------- 5 files changed, 43 insertions(+), 36 deletions(-) diff --git a/src/lib/server/vorgangService.ts b/src/lib/server/vorgangService.ts index 7d7c5e7..95b378e 100644 --- a/src/lib/server/vorgangService.ts +++ b/src/lib/server/vorgangService.ts @@ -117,6 +117,15 @@ export const vorgangExists = function (caseId: string | null) { return found; }; +export const vorgangNameExists = function (caseName: string) { + let vorgaenge = getVorgaenge(); + const vorgaenge_names = vorgaenge.map((vorg) => vorg.name); + + const found = vorgaenge_names.indexOf(caseName) != -1; + + return found; +}; + export const hasValidToken = async (caseId: string, caseToken: string) => { const objPath = `${caseId}/${TOKENFILENAME}`; diff --git a/src/routes/(angemeldet)/upload/+page.svelte b/src/routes/(angemeldet)/upload/+page.svelte index 0d93a8c..cabf2ab 100644 --- a/src/routes/(angemeldet)/upload/+page.svelte +++ b/src/routes/(angemeldet)/upload/+page.svelte @@ -152,40 +152,33 @@ } // `/(angemeldet)/view` return true or false - async function case_exists(case_no) { + async function case_exists(case_name: string) { - if (case_no == '') { + if (case_name == '') { zugangscode = zugangscode_old; + return; } - // ping `/view` with caseNumber in POST body - let url = '/view'; + let url = `/api/list/${case_name}` - let data = new FormData(); - data.append('caseNumber', case_no); + const response = await fetch(url, { method: 'HEAD'}); + const status = response.status; - // fetch code in parallel - const code = await get_code(case_no); - if (code != -1) { - zugangscode = code; + if (status == 200) { case_existing = true; + const code = await get_code(case_name); + zugangscode = code; + return true - } - const response = await fetch(url, { method: 'POST', body: data }); - - const res_json = await response.json(); - const status = res_json.status; - - if (status != 303) { + } else { case_existing = false; zugangscode = zugangscode_old; + return false } - - return false; } - async function get_code(case_no) { + async function get_code(case_no: string) { if (case_no == '') return; diff --git a/src/routes/(token-based)/list/[vorgang]/+page.svelte b/src/routes/(token-based)/list/[vorgang]/+page.svelte index 4c335ce..c73ac56 100644 --- a/src/routes/(token-based)/list/[vorgang]/+page.svelte +++ b/src/routes/(token-based)/list/[vorgang]/+page.svelte @@ -144,7 +144,7 @@

    Vorgang {vorg.name}

    {#if data?.user?.admin} - Zugangspasswort: {vorg.pw} + Zugangscode: {vorg.pw} {/if}
    diff --git a/src/routes/api/list/[vorgang]/+server.ts b/src/routes/api/list/[vorgang]/+server.ts index 5a76090..345b390 100644 --- a/src/routes/api/list/[vorgang]/+server.ts +++ b/src/routes/api/list/[vorgang]/+server.ts @@ -1,4 +1,5 @@ import { client } from '$lib/minio'; +import { vorgangNameExists } from '$lib/server/vorgangService'; export async function DELETE({ params }) { const vorgang = params.vorgang; @@ -22,3 +23,15 @@ export async function DELETE({ params }) { return new Response(null, { status: 204 }); } + +export async function HEAD({ params }) { + const vorgang_name = params.vorgang; + + const existing = vorgangNameExists(vorgang_name); + + if (existing) { + return new Response(null, { status: 200 }); + } else { + return new Response(null, { status: 404 }); + } +} diff --git a/src/routes/api/list/[vorgang]/code/+server.ts b/src/routes/api/list/[vorgang]/code/+server.ts index 3657b36..c2c8238 100644 --- a/src/routes/api/list/[vorgang]/code/+server.ts +++ b/src/routes/api/list/[vorgang]/code/+server.ts @@ -1,24 +1,16 @@ import { client } from '$lib/minio'; +import { db } from '$lib/server/dbService'; /** @type {import('./$types').RequestHandler} */ export async function GET({ params }) { - const prefix = params.vorgang ? `${params.vorgang}` : ''; + const vorgang_name = params.vorgang; - const code_name = '__perm__'; - const obj_path = `${prefix}/${code_name}`; + let get_code_stmt = `SELECT pw FROM cases WHERE name = ?;`; + const row = db.prepare(get_code_stmt).get(vorgang_name); + let pw = row.pw; - let result = null; - - try { - result = await client.getObject('tatort', obj_path); - } catch (error) { - if (error.name == 'S3Error') { - result = null; - } - } - - if (result != null) { - return new Response(result, { status: 200 }); + if (pw) { + return new Response(pw, { status: 200 }); } else { return new Response(null, { status: 404 }); } -- 2.43.0 From fa59db7a8861029cee9ffdb1b7ec4973c6fdf667 Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Mon, 14 Jul 2025 13:25:19 +0200 Subject: [PATCH 20/32] make 'Vorgangsname' column unique --- src/init/init_db.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/init/init_db.js b/src/init/init_db.js index 5f64089..ecdfc5a 100644 --- a/src/init/init_db.js +++ b/src/init/init_db.js @@ -30,7 +30,7 @@ for (const usr of stmt.iterate()) { create_stmt = `CREATE TABLE IF NOT EXISTS cases (id INTEGER PRIMARY KEY AUTOINCREMENT, token TEXT NOT NULL UNIQUE, - name TEXT NOT NULL, + name TEXT NOT NULL UNIQUE, pw TEXT NOT NULL)`; db.exec(create_stmt); -- 2.43.0 From 873a382f696f7644630c2291feb33a3303334175 Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Mon, 14 Jul 2025 13:54:08 +0200 Subject: [PATCH 21/32] =?UTF-8?q?refactor=20'Datei=20zu=20Vorgang=20hinzuf?= =?UTF-8?q?=C3=BCgen':=20Add=20model=20files=20to=20existing=20cases?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/lib/server/vorgangService.ts | 8 ++++++ .../(angemeldet)/upload/+page.server.ts | 25 ++++++++++++++++--- 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/src/lib/server/vorgangService.ts b/src/lib/server/vorgangService.ts index 95b378e..09887a6 100644 --- a/src/lib/server/vorgangService.ts +++ b/src/lib/server/vorgangService.ts @@ -39,6 +39,14 @@ export const getVorgang = function (caseId: string) { return res; }; +export const getVorgangByName = function (caseName: string) { + let getVorgangByName_stmt = `SELECT token, name, pw FROM cases WHERE name = ?`; + const stmt = db.prepare(getVorgangByName_stmt); + const res = stmt.get(caseName); + + return res; +}; + /** * Fetches list of vorgänge from s3 bucket * @returns list of available cases diff --git a/src/routes/(angemeldet)/upload/+page.server.ts b/src/routes/(angemeldet)/upload/+page.server.ts index 8016dac..934cf75 100644 --- a/src/routes/(angemeldet)/upload/+page.server.ts +++ b/src/routes/(angemeldet)/upload/+page.server.ts @@ -5,6 +5,7 @@ import { fail } from '@sveltejs/kit'; import { v4 as uuidv4 } from 'uuid'; import { db } from '$lib/server/dbService'; +import { getVorgangByName, vorgangExists, vorgangNameExists } from '$lib/server/vorgangService'; const isRequiredFieldValid = (value: unknown) => { if (value == null) return false; @@ -24,11 +25,27 @@ export const actions = { const fileName = data.get('fileName'); // store case in database + // skip if Vorgang exists and token not changed - let token = uuidv4(); - let insert_stmt = `INSERT INTO cases (token, name, pw) VALUES (?, ?, ?)`; - const stmt = db.prepare(insert_stmt); - stmt.run(token, vorgang, code); + const vorgang_exists = vorgangNameExists(vorgang); + let token; + + if (!vorgang_exists) { + token = uuidv4(); + let insert_stmt = `INSERT INTO cases (token, name, pw) VALUES (?, ?, ?)`; + const stmt = db.prepare(insert_stmt); + stmt.run(token, vorgang, code); + } else { + // vorgang exists + // check if PW was changed, and update DB if it was + const vorg = getVorgangByName(vorgang); + token = vorg.token; + if (vorg.pw != code) { + let update_stmt = `UPDATE cases SET pw = ? WHERE name = ?`; + const stmt = db.prepare(update_stmt); + stmt.run(code, vorgang); + } + } let objectName = `${token}/${name}`; switch (type) { -- 2.43.0 From 5070ac9f7a70e6671c23a29c0a504cb3ff1b5311 Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Tue, 15 Jul 2025 08:03:27 +0200 Subject: [PATCH 22/32] remove console.logs --- src/lib/auth.ts | 2 -- src/routes/(token-based)/list/[vorgang]/+page.svelte | 1 - 2 files changed, 3 deletions(-) diff --git a/src/lib/auth.ts b/src/lib/auth.ts index 1248d94..648f5d8 100644 --- a/src/lib/auth.ts +++ b/src/lib/auth.ts @@ -28,8 +28,6 @@ export function authenticate(user, pass) { const row = db.prepare(get_usr_stmt).get(user); let stored_pw = row.pw; - console.log(`+++ ${pass} || ${stored_pw} || ${hashed_pw}`); - if (hashed_pw && hashed_pw === stored_pw) { token = createToken({ id: user, admin: true }); } diff --git a/src/routes/(token-based)/list/[vorgang]/+page.svelte b/src/routes/(token-based)/list/[vorgang]/+page.svelte index c73ac56..16d713a 100644 --- a/src/routes/(token-based)/list/[vorgang]/+page.svelte +++ b/src/routes/(token-based)/list/[vorgang]/+page.svelte @@ -94,7 +94,6 @@ // construct PUT URL const url = $page.url; - console.log(url); let data_obj: { new_name: string; old_name: string } = { new_name: '', old_name: '' }; data_obj['new_name'] = new_name; -- 2.43.0 From 51d3f19f3efaf84ce8a4c88036c197e0dcc80a54 Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Tue, 15 Jul 2025 09:06:45 +0200 Subject: [PATCH 23/32] delete functionality for Vorgang in DB --- src/lib/server/vorgangService.ts | 13 +++++++++++++ src/routes/api/list/[vorgang]/+server.ts | 14 ++++++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/src/lib/server/vorgangService.ts b/src/lib/server/vorgangService.ts index 09887a6..acbd7c8 100644 --- a/src/lib/server/vorgangService.ts +++ b/src/lib/server/vorgangService.ts @@ -47,6 +47,19 @@ export const getVorgangByName = function (caseName: string) { return res; }; +/** + * Delete Vorgang + * @param caseName + * @returns int: number of changes + */ +export const deleteVorgangByName = function (caseName: string) { + let delete_stmt = 'DELETE FROM cases WHERE name = ?'; + const stmt = db.prepare(delete_stmt); + const info = stmt.run(caseName); + + return info.changes; +}; + /** * Fetches list of vorgänge from s3 bucket * @returns list of available cases diff --git a/src/routes/api/list/[vorgang]/+server.ts b/src/routes/api/list/[vorgang]/+server.ts index 345b390..f10a1e6 100644 --- a/src/routes/api/list/[vorgang]/+server.ts +++ b/src/routes/api/list/[vorgang]/+server.ts @@ -1,12 +1,21 @@ import { client } from '$lib/minio'; -import { vorgangNameExists } from '$lib/server/vorgangService'; +import { db } from '$lib/server/dbService'; +import { + deleteVorgangByName, + getVorgang, + getVorgangByName, + vorgangNameExists +} from '$lib/server/vorgangService'; export async function DELETE({ params }) { const vorgang = params.vorgang; + const vorg = getVorgangByName(vorgang); + let vorg_token = vorg.token; + const object_list = await new Promise((resolve, reject) => { const res = []; - const items_str = client.listObjects('tatort', vorgang, true); + const items_str = client.listObjects('tatort', vorg_token, true); items_str.on('data', (obj) => { res.push(obj.name); @@ -20,6 +29,7 @@ export async function DELETE({ params }) { }); await client.removeObjects('tatort', object_list); + deleteVorgangByName(vorgang); return new Response(null, { status: 204 }); } -- 2.43.0 From b8e50316693fd43b987d10efe3448ffe5d2af082 Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Tue, 15 Jul 2025 09:48:29 +0200 Subject: [PATCH 24/32] document DB initialization script --- README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/README.md b/README.md index b5b2950..f17397c 100644 --- a/README.md +++ b/README.md @@ -36,3 +36,24 @@ npm run build You can preview the production build with `npm run preview`. > To deploy your app, you may need to install an [adapter](https://svelte.dev/docs/kit/adapters) for your target environment. + +## Initializing the SQLite DB + +A database initialization script `init_db.js` in included in the `src/init` folder. It will create a users database (if not existing) and populate it with a default admin user. Additionally, an empty cases table will be created. + +It can be run with `node init_db.js` + +Database schema: + +Users + +- id +- name +- pw + +Cases + +- id +- token +- name +- pw -- 2.43.0 From 34d5034a713788462074d49ceb467056cf5102f8 Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Wed, 16 Jul 2025 09:39:02 +0200 Subject: [PATCH 25/32] refactoring part 1: camelcase naming, token vs pw naming --- src/init/init_db.js | 28 +++++----- src/lib/auth.ts | 16 +++--- src/lib/server/vorgangService.ts | 53 ++++++++++--------- .../(angemeldet)/upload/+page.server.ts | 22 ++++---- src/routes/(angemeldet)/upload/+page.svelte | 40 +++++++------- .../list/[vorgang]/+page.server.ts | 4 +- .../(token-based)/list/[vorgang]/+page.svelte | 2 +- src/routes/api/list/[vorgang]/+server.ts | 10 ++-- src/routes/api/list/[vorgang]/code/+server.ts | 12 ++--- 9 files changed, 96 insertions(+), 91 deletions(-) diff --git a/src/init/init_db.js b/src/init/init_db.js index ecdfc5a..3d08f0b 100644 --- a/src/init/init_db.js +++ b/src/init/init_db.js @@ -3,42 +3,42 @@ import jsSHA from 'jssha'; const db = new Database('./src/lib/data/tatort.db'); -let create_stmt = `CREATE TABLE IF NOT EXISTS users +let createSQLStmt = `CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT NOT NULL, pw TEXT NOT NULL)`; -db.exec(create_stmt); +db.exec(createSQLStmt); // check if there are any users; if not add one default admin one -let pw = 'pass-123'; -let hashed_pw = new jsSHA('SHA-512', 'TEXT').update(pw).getHash('HEX'); +let password = 'pass-123'; +let hashedPassword = new jsSHA('SHA-512', 'TEXT').update(password).getHash('HEX'); -let check_ins_stmt = `INSERT INTO users (name, pw) SELECT 'admin', '${hashed_pw}' +let checkInsertSQLStmt = `INSERT INTO users (name, pw) SELECT 'admin', '${hashedPassword}' WHERE NOT EXISTS (SELECT * FROM users);`; -db.exec(check_ins_stmt); +db.exec(checkInsertSQLStmt); -let users_stmt = `SELECT * FROM USERS`; -let stmt = db.prepare(users_stmt); +let usersSQLStmt = `SELECT * FROM USERS`; +let SQLStatement = db.prepare(usersSQLStmt); console.log(`\n`, `*** Users table`); -for (const usr of stmt.iterate()) { +for (const usr of SQLStatement.iterate()) { console.log(`[r] ${usr.name} + ${usr.pw}`); } // cases table -create_stmt = `CREATE TABLE IF NOT EXISTS cases +createSQLStmt = `CREATE TABLE IF NOT EXISTS cases (id INTEGER PRIMARY KEY AUTOINCREMENT, token TEXT NOT NULL UNIQUE, name TEXT NOT NULL UNIQUE, pw TEXT NOT NULL)`; -db.exec(create_stmt); +db.exec(createSQLStmt); -let cases_stmt = `SELECT * FROM cases`; -stmt = db.prepare(cases_stmt); +let casesSQLStmt = `SELECT * FROM cases`; +SQLStatement = db.prepare(casesSQLStmt); console.log(`\n`, `*** Cases table`); -for (const usr of stmt.iterate()) { +for (const usr of SQLStatement.iterate()) { console.log(`[r] ${usr.name} + ${usr.token} + ${usr.pw}`); } diff --git a/src/lib/auth.ts b/src/lib/auth.ts index 648f5d8..e300146 100644 --- a/src/lib/auth.ts +++ b/src/lib/auth.ts @@ -19,18 +19,18 @@ export function decryptToken(token: string) { } export function authenticate(user, pass) { - let token; + let JWTToken; // hash user password - let hashed_pw = new jsSHA('SHA-512', 'TEXT').update(pass).getHash('HEX'); + let hashedPW = new jsSHA('SHA-512', 'TEXT').update(pass).getHash('HEX'); - let get_usr_stmt = 'SELECT name, pw FROM users WHERE name = ?'; - const row = db.prepare(get_usr_stmt).get(user); - let stored_pw = row.pw; + let getUserSQLStmt = 'SELECT name, pw FROM users WHERE name = ?'; + const row = db.prepare(getUserSQLStmt).get(user); + let storedPW = row.pw; - if (hashed_pw && hashed_pw === stored_pw) { - token = createToken({ id: user, admin: true }); + if (hashedPW && hashedPW === storedPW) { + JWTToken = createToken({ id: user, admin: true }); } - return token; + return JWTToken; } diff --git a/src/lib/server/vorgangService.ts b/src/lib/server/vorgangService.ts index acbd7c8..b4b4083 100644 --- a/src/lib/server/vorgangService.ts +++ b/src/lib/server/vorgangService.ts @@ -28,23 +28,28 @@ export const getVorgangByCaseId = async (caseId: string) => { /** * Get Vorgang - * @param caseId + * @param caseToken * @returns caseObj with keys `token`, `name`, `pw` || undefined */ -export const getVorgang = function (caseId: string) { - let getVorgang_stmt = `SELECT token, name, pw FROM cases WHERE token = ?`; - const stmt = db.prepare(getVorgang_stmt); - const res = stmt.get(caseId); +export const getVorgangByToken = function (caseToken: string) { + let getVorgangSQLStmt = `SELECT token, name, pw FROM cases WHERE token = ?`; + const statement = db.prepare(getVorgangSQLStmt); + const result = statement.get(caseToken); - return res; + return result; }; +/** + * Get Vorgang + * @param caseName + * @returns caseObj with keys `token`, `name`, `pw` || undefined + */ export const getVorgangByName = function (caseName: string) { - let getVorgangByName_stmt = `SELECT token, name, pw FROM cases WHERE name = ?`; - const stmt = db.prepare(getVorgangByName_stmt); - const res = stmt.get(caseName); + let getVorgangByNameSQLStmt = `SELECT token, name, pw FROM cases WHERE name = ?`; + const statement = db.prepare(getVorgangByNameSQLStmt); + const result = statement.get(caseName); - return res; + return result; }; /** @@ -53,9 +58,9 @@ export const getVorgangByName = function (caseName: string) { * @returns int: number of changes */ export const deleteVorgangByName = function (caseName: string) { - let delete_stmt = 'DELETE FROM cases WHERE name = ?'; - const stmt = db.prepare(delete_stmt); - const info = stmt.run(caseName); + let deleteSQLStmt = 'DELETE FROM cases WHERE name = ?'; + const statement = db.prepare(deleteSQLStmt); + const info = statement.run(caseName); return info.changes; }; @@ -84,11 +89,11 @@ export const getListOfVorgänge = async () => { * @returns list with of available cases */ export const getVorgaenge = function () { - let getVorgaenge_stmt = `SELECT token, name, pw from cases`; - const stmt = db.prepare(getVorgaenge_stmt); - const res = stmt.all(); + let getVorgaengeSQLStmt = `SELECT token, name, pw from cases`; + const statement = db.prepare(getVorgaengeSQLStmt); + const result = statement.all(); const vorgaenge_list = []; - for (const r of res) { + for (const r of result) { const vorg = { token: r.token, name: r.name, pw: r.pw }; vorgaenge_list.push(vorg); } @@ -121,11 +126,11 @@ export const checkIfVorgangExists = async (caseId: string | null) => { return true; }; -export const vorgangExists = function (caseId: string | null) { - if (!caseId) { +export const vorgangExists = function (caseToken: string | null) { + if (!caseToken) { return fail(400, { success: false, - caseId, + caseId: caseToken, error: { message: 'Die Vorgangsnummer darf nicht leer sein.' } }); } @@ -133,16 +138,16 @@ export const vorgangExists = function (caseId: string | null) { let vorgaenge = getVorgaenge(); const vorgaenge_tokens = vorgaenge.map((vorg) => vorg.token); - const found = vorgaenge_tokens.indexOf(caseId) != -1; + const found = vorgaenge_tokens.indexOf(caseToken) != -1; return found; }; export const vorgangNameExists = function (caseName: string) { let vorgaenge = getVorgaenge(); - const vorgaenge_names = vorgaenge.map((vorg) => vorg.name); + const vorgaengeNames = vorgaenge.map((vorg) => vorg.name); - const found = vorgaenge_names.indexOf(caseName) != -1; + const found = vorgaengeNames.indexOf(caseName) != -1; return found; }; @@ -174,7 +179,7 @@ export const tokenValid = function (caseId, caseToken) { return false; } - const vorg = getVorgang(caseId); + const vorg = getVorgangByToken(caseId); if (!vorg || vorg.pw !== caseToken) { return false; diff --git a/src/routes/(angemeldet)/upload/+page.server.ts b/src/routes/(angemeldet)/upload/+page.server.ts index 934cf75..1797c8c 100644 --- a/src/routes/(angemeldet)/upload/+page.server.ts +++ b/src/routes/(angemeldet)/upload/+page.server.ts @@ -21,29 +21,29 @@ export const actions = { const vorgang = data.get('vorgang'); const name = data.get('name'); const type = data.get('type'); - const code = data.get('zugangscode'); + const pw = data.get('zugangscode'); const fileName = data.get('fileName'); // store case in database // skip if Vorgang exists and token not changed - const vorgang_exists = vorgangNameExists(vorgang); + const vorgangExists = vorgangNameExists(vorgang); let token; - if (!vorgang_exists) { + if (!vorgangExists) { token = uuidv4(); - let insert_stmt = `INSERT INTO cases (token, name, pw) VALUES (?, ?, ?)`; - const stmt = db.prepare(insert_stmt); - stmt.run(token, vorgang, code); + let insertSQLStmt = `INSERT INTO cases (token, name, pw) VALUES (?, ?, ?)`; + const statement = db.prepare(insertSQLStmt); + statement.run(token, vorgang, pw); } else { // vorgang exists // check if PW was changed, and update DB if it was - const vorg = getVorgangByName(vorgang); + const vorg = getVorgangByName(vorg); token = vorg.token; - if (vorg.pw != code) { - let update_stmt = `UPDATE cases SET pw = ? WHERE name = ?`; - const stmt = db.prepare(update_stmt); - stmt.run(code, vorgang); + if (vorg.pw != pw) { + let updateSQLStmt = `UPDATE cases SET pw = ? WHERE name = ?`; + const statement = db.prepare(updateSQLStmt); + statement.run(pw, vorg); } } diff --git a/src/routes/(angemeldet)/upload/+page.svelte b/src/routes/(angemeldet)/upload/+page.svelte index cabf2ab..1a87883 100644 --- a/src/routes/(angemeldet)/upload/+page.svelte +++ b/src/routes/(angemeldet)/upload/+page.svelte @@ -23,12 +23,12 @@ .slice(2, 2 + code_len); } let zugangscode = '' - let zugangscode_old = '' - $: zugangscode_old = generate_token(); - $: zugangscode = zugangscode_old + let zugangscodeOld = '' + $: zugangscodeOld = generate_token(); + $: zugangscode = zugangscodeOld - let case_existing = undefined; - $: case_existing = false; + let caseExisting = undefined; + $: caseExisting = false; let name = ''; let etag: string | null = null; @@ -152,37 +152,37 @@ } // `/(angemeldet)/view` return true or false - async function case_exists(case_name: string) { + async function caseExists(caseName: string) { - if (case_name == '') { - zugangscode = zugangscode_old; + if (caseName == '') { + zugangscode = zugangscodeOld; return; } - let url = `/api/list/${case_name}` + let url = `/api/list/${caseName}` const response = await fetch(url, { method: 'HEAD'}); const status = response.status; if (status == 200) { - case_existing = true; - const code = await get_code(case_name); + caseExisting = true; + const code = await getCode(caseName); zugangscode = code; return true } else { - case_existing = false; - zugangscode = zugangscode_old; + caseExisting = false; + zugangscode = zugangscodeOld; return false } } - async function get_code(case_no: string) { + async function getCode(caseName: string) { - if (case_no == '') return; + if (caseName == '') return; - let url = `/api/list/${case_no}/code`; + let url = `/api/list/${caseName}/code`; const response = await fetch(url); if (response.status == 200) { @@ -226,14 +226,14 @@ id="vorgang" autocomplete={vorgang} class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6" - on:input={() => case_exists(vorgang)} + on:input={() => caseExists(vorgang)} />
{#if formErrors?.vorgang}

{formErrors.vorgang}

{/if} - {#if case_existing && vorgang.length > 0} + {#if caseExisting && vorgang.length > 0} Datei wird zum existierenden Vorgang hinzugefügt. {:else if vorgang.length > 0} Neuer Vorgang wird angelegt. @@ -284,7 +284,7 @@ type="text" name="zugangscode" id="zugangscode" - on:input="{ (ev) => { zugangscode_old = ev.target.value }}" + on:input="{ (ev) => { zugangscodeOld = ev.target.value }}" class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6" /> @@ -292,7 +292,7 @@ diff --git a/src/routes/(token-based)/list/[vorgang]/+page.server.ts b/src/routes/(token-based)/list/[vorgang]/+page.server.ts index b47e459..12499ea 100644 --- a/src/routes/(token-based)/list/[vorgang]/+page.server.ts +++ b/src/routes/(token-based)/list/[vorgang]/+page.server.ts @@ -1,4 +1,4 @@ -import { getVorgang, getVorgangByCaseId } from '$lib/server/vorgangService'; +import { getVorgangByToken, getVorgangByCaseId } from '$lib/server/vorgangService'; import type { PageServerLoad } from './$types'; export const load: PageServerLoad = async ({ params, url }) => { @@ -6,7 +6,7 @@ export const load: PageServerLoad = async ({ params, url }) => { const caseToken = url.searchParams.get('token'); const crimesList = await getVorgangByCaseId(caseId); - const vorg = getVorgang(caseId); + const vorg = getVorgangByToken(caseId); return { crimesList, diff --git a/src/routes/(token-based)/list/[vorgang]/+page.svelte b/src/routes/(token-based)/list/[vorgang]/+page.svelte index 16d713a..038a2d2 100644 --- a/src/routes/(token-based)/list/[vorgang]/+page.svelte +++ b/src/routes/(token-based)/list/[vorgang]/+page.svelte @@ -143,7 +143,7 @@

Vorgang {vorg.name}

{#if data?.user?.admin} - Zugangscode: {vorg.pw} + Zugangspasswort: {vorg.pw} {/if}
diff --git a/src/routes/api/list/[vorgang]/+server.ts b/src/routes/api/list/[vorgang]/+server.ts index f10a1e6..8461eab 100644 --- a/src/routes/api/list/[vorgang]/+server.ts +++ b/src/routes/api/list/[vorgang]/+server.ts @@ -2,7 +2,7 @@ import { client } from '$lib/minio'; import { db } from '$lib/server/dbService'; import { deleteVorgangByName, - getVorgang, + getVorgangByToken, getVorgangByName, vorgangNameExists } from '$lib/server/vorgangService'; @@ -11,11 +11,11 @@ export async function DELETE({ params }) { const vorgang = params.vorgang; const vorg = getVorgangByName(vorgang); - let vorg_token = vorg.token; + let vorgangToken = vorg.token; const object_list = await new Promise((resolve, reject) => { const res = []; - const items_str = client.listObjects('tatort', vorg_token, true); + const items_str = client.listObjects('tatort', vorgangToken, true); items_str.on('data', (obj) => { res.push(obj.name); @@ -35,9 +35,9 @@ export async function DELETE({ params }) { } export async function HEAD({ params }) { - const vorgang_name = params.vorgang; + const vorgangName = params.vorgang; - const existing = vorgangNameExists(vorgang_name); + const existing = vorgangNameExists(vorgangName); if (existing) { return new Response(null, { status: 200 }); diff --git a/src/routes/api/list/[vorgang]/code/+server.ts b/src/routes/api/list/[vorgang]/code/+server.ts index c2c8238..241d7e7 100644 --- a/src/routes/api/list/[vorgang]/code/+server.ts +++ b/src/routes/api/list/[vorgang]/code/+server.ts @@ -3,14 +3,14 @@ import { db } from '$lib/server/dbService'; /** @type {import('./$types').RequestHandler} */ export async function GET({ params }) { - const vorgang_name = params.vorgang; + const vorgangName = params.vorgang; - let get_code_stmt = `SELECT pw FROM cases WHERE name = ?;`; - const row = db.prepare(get_code_stmt).get(vorgang_name); - let pw = row.pw; + let getCodeSQLStmt = `SELECT pw FROM cases WHERE name = ?;`; + const row = db.prepare(getCodeSQLStmt).get(vorgangName); + let password = row.pw; - if (pw) { - return new Response(pw, { status: 200 }); + if (password) { + return new Response(password, { status: 200 }); } else { return new Response(null, { status: 404 }); } -- 2.43.0 From 143bb128a5a746ace4830e06e794cba3713613cc Mon Sep 17 00:00:00 2001 From: Chi Cong Tran Date: Thu, 17 Jul 2025 08:09:17 +0200 Subject: [PATCH 26/32] refactoring part 2: mainly consolidation of token, ids and passwort --- src/lib/server/vorgangService.ts | 14 ++++---- src/routes/(angemeldet)/list/+page.svelte | 2 +- .../(angemeldet)/upload/+page.server.ts | 32 +++++++++---------- src/routes/(angemeldet)/upload/+page.svelte | 31 +++++++++--------- src/routes/(token-based)/+layout.server.ts | 12 +++---- .../list/[vorgang]/+page.server.ts | 14 ++++---- .../(token-based)/list/[vorgang]/+page.svelte | 10 +++--- src/routes/anmeldung/+page.server.ts | 12 ++++--- src/routes/anmeldung/+page.svelte | 18 +++++------ src/routes/api/list/[vorgang]/code/+server.ts | 5 ++- 10 files changed, 74 insertions(+), 76 deletions(-) diff --git a/src/lib/server/vorgangService.ts b/src/lib/server/vorgangService.ts index b4b4083..1b65817 100644 --- a/src/lib/server/vorgangService.ts +++ b/src/lib/server/vorgangService.ts @@ -6,11 +6,11 @@ import { db } from './dbService'; /** * Get Vorgang and corresponend list of tatorte - * @param caseId + * @param caseToken * @returns */ -export const getVorgangByCaseId = async (caseId: string) => { - const prefix = `${caseId}/`; +export const getCrimesListByToken = async (caseToken: string) => { + const prefix = `${caseToken}/`; const stream = client.listObjectsV2(BUCKET, prefix, false, ''); @@ -174,14 +174,14 @@ export const hasValidToken = async (caseId: string, caseToken: string) => { } }; -export const tokenValid = function (caseId, caseToken) { - if (!caseToken) { +export const passwordValid = function (caseToken, casePassword) { + if (!casePassword) { return false; } - const vorg = getVorgangByToken(caseId); + const vorg = getVorgangByToken(caseToken); - if (!vorg || vorg.pw !== caseToken) { + if (!vorg || vorg.pw !== casePassword) { return false; } diff --git a/src/routes/(angemeldet)/list/+page.svelte b/src/routes/(angemeldet)/list/+page.svelte index 24b1503..3dccabd 100644 --- a/src/routes/(angemeldet)/list/+page.svelte +++ b/src/routes/(angemeldet)/list/+page.svelte @@ -46,7 +46,7 @@