f034_sqlite_database #19
@@ -6,11 +6,11 @@ import { db } from './dbService';
|
||||
|
||||
/**
|
||||
* Get Vorgang and corresponend list of tatorte
|
||||
* @param caseId
|
||||
* @param caseToken
|
||||
* @returns
|
||||
*/
|
||||
export const getVorgangByCaseId = async (caseId: string) => {
|
||||
const prefix = `${caseId}/`;
|
||||
export const getCrimesListByToken = async (caseToken: string) => {
|
||||
const prefix = `${caseToken}/`;
|
||||
|
||||
const stream = client.listObjectsV2(BUCKET, prefix, false, '');
|
||||
|
||||
@@ -174,14 +174,14 @@ export const hasValidToken = async (caseId: string, caseToken: string) => {
|
||||
}
|
||||
};
|
||||
|
||||
export const tokenValid = function (caseId, caseToken) {
|
||||
if (!caseToken) {
|
||||
export const passwordValid = function (caseToken, casePassword) {
|
||||
if (!casePassword) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const vorg = getVorgangByToken(caseId);
|
||||
const vorg = getVorgangByToken(caseToken);
|
||||
|
||||
if (!vorg || vorg.pw !== caseToken) {
|
||||
if (!vorg || vorg.pw !== casePassword) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@@ -46,7 +46,7 @@
|
||||
<ul role="list" class="divide-y divide-gray-100">
|
||||
{#each caseList as item}
|
||||
<li>
|
||||
<a href="/list/{item.token}?token={item.pw}" class="flex justify-between gap-x-6 py-5">
|
||||
<a href="/list/{item.token}?pw={item.pw}" class="flex justify-between gap-x-6 py-5">
|
||||
<div class="flex gap-x-4">
|
||||
<!-- Ordner -->
|
||||
<Folder />
|
||||
|
||||
@@ -1,11 +1,10 @@
|
||||
import { Buffer } from 'buffer';
|
||||
import { Readable } from 'stream';
|
||||
import { client } from '$lib/minio';
|
||||
import { fail } from '@sveltejs/kit';
|
||||
import { v4 as uuidv4 } from 'uuid';
|
||||
|
||||
import { db } from '$lib/server/dbService';
|
||||
import { getVorgangByName, vorgangExists, vorgangNameExists } from '$lib/server/vorgangService';
|
||||
import { getVorgangByName, vorgangNameExists } from '$lib/server/vorgangService';
|
||||
|
||||
const isRequiredFieldValid = (value: unknown) => {
|
||||
if (value == null) return false;
|
||||
@@ -18,36 +17,36 @@ const isRequiredFieldValid = (value: unknown) => {
|
||||
export const actions = {
|
||||
url: async ({ request }: { request: Request }) => {
|
||||
const data = await request.formData();
|
||||
const vorgang = data.get('vorgang');
|
||||
const name = data.get('name');
|
||||
const caseName = data.get('vorgang');
|
||||
const crimeName = data.get('name');
|
||||
const type = data.get('type');
|
||||
const pw = data.get('zugangscode');
|
||||
const password = data.get('password');
|
||||
const fileName = data.get('fileName');
|
||||
|
||||
// store case in database
|
||||
// skip if Vorgang exists and token not changed
|
||||
|
||||
const vorgangExists = vorgangNameExists(vorgang);
|
||||
const vorgangExists = vorgangNameExists(caseName);
|
||||
let token;
|
||||
|
||||
if (!vorgangExists) {
|
||||
token = uuidv4();
|
||||
let insertSQLStmt = `INSERT INTO cases (token, name, pw) VALUES (?, ?, ?)`;
|
||||
const statement = db.prepare(insertSQLStmt);
|
||||
statement.run(token, vorgang, pw);
|
||||
let insertSQLStatement = `INSERT INTO cases (token, name, pw) VALUES (?, ?, ?)`;
|
||||
const statement = db.prepare(insertSQLStatement);
|
||||
statement.run(token, caseName, password);
|
||||
} else {
|
||||
// vorgang exists
|
||||
// check if PW was changed, and update DB if it was
|
||||
const vorg = getVorgangByName(vorg);
|
||||
const vorg = getVorgangByName(caseName);
|
||||
token = vorg.token;
|
||||
if (vorg.pw != pw) {
|
||||
if (vorg.pw != password) {
|
||||
let updateSQLStmt = `UPDATE cases SET pw = ? WHERE name = ?`;
|
||||
const statement = db.prepare(updateSQLStmt);
|
||||
statement.run(pw, vorg);
|
||||
statement.run(password, vorg);
|
||||
}
|
||||
}
|
||||
|
||||
let objectName = `${token}/${name}`;
|
||||
let objectName = `${token}/${crimeName}`;
|
||||
switch (type) {
|
||||
case 'image/png':
|
||||
if (!objectName.endsWith('.png')) objectName += '.png';
|
||||
@@ -66,10 +65,9 @@ export const actions = {
|
||||
const data = Object.fromEntries(requestData);
|
||||
const vorgang = data.vorgang;
|
||||
const name = data.name;
|
||||
const zugangscode = data.zugangscode;
|
||||
const password = data.password;
|
||||
|
jared marked this conversation as resolved
|
||||
let success = true;
|
||||
const err = {};
|
||||
|
||||
if (isRequiredFieldValid(vorgang)) err.vorgang = null;
|
||||
else {
|
||||
err.vorgang = 'Das Feld Vorgang darf nicht leer bleiben.';
|
||||
@@ -82,9 +80,9 @@ export const actions = {
|
||||
success = false;
|
||||
}
|
||||
|
||||
if (isRequiredFieldValid(zugangscode)) err.zugangscode = null;
|
||||
if (isRequiredFieldValid(password)) err.password = null;
|
||||
else {
|
||||
err.zugangscode = 'Das Feld Zugangscode darf nicht leer bleiben.';
|
||||
err.password = 'Das Feld Zugangspasswort darf nicht leer bleiben.';
|
||||
success = false;
|
||||
}
|
||||
|
||||
|
||||
@@ -17,15 +17,15 @@
|
||||
let vorgang = '';
|
||||
const code_len = 8;
|
||||
|
||||
function generate_token() {
|
||||
function generatePassword() {
|
||||
|
jared marked this conversation as resolved
trachi93
commented
[JB] Ich würde es nicht Password nennen, entweder vorgangsPassword oder vorgangsToken oder so und das stringent durch, an allen Codestellen. [JB] Ich würde es nicht Password nennen, entweder vorgangsPassword oder vorgangsToken oder so und das stringent durch, an allen Codestellen.
|
||||
return Math.random()
|
||||
.toString(36)
|
||||
.slice(2, 2 + code_len);
|
||||
}
|
||||
let zugangscode = ''
|
||||
let zugangscodeOld = ''
|
||||
$: zugangscodeOld = generate_token();
|
||||
$: zugangscode = zugangscodeOld
|
||||
let zugangspasswort = ''
|
||||
let zugangspasswordOld = ''
|
||||
$: zugangspasswordOld = generatePassword();
|
||||
$: zugangspasswort = zugangspasswordOld
|
||||
|
||||
let caseExisting = undefined;
|
||||
$: caseExisting = false;
|
||||
@@ -42,7 +42,7 @@
|
||||
let data = new FormData();
|
||||
data.append('vorgang', vorgang);
|
||||
data.append('name', name);
|
||||
data.append('zugangscode', zugangscode);
|
||||
data.append('password', zugangspasswort);
|
||||
const response = await fetch('?/validate', { method: 'POST', body: data });
|
||||
/** @type {import('@sveltejs/kit').ActionResult} */
|
||||
const result = deserialize(await response.text());
|
||||
@@ -64,7 +64,6 @@
|
||||
formErrors = { file: 'Keine gültige .GLD-Datei', ...formErrors };
|
||||
success = false;
|
||||
}
|
||||
|
||||
return success;
|
||||
}
|
||||
|
||||
@@ -72,7 +71,7 @@
|
||||
let data = new FormData();
|
||||
data.append('vorgang', vorgang);
|
||||
data.append('name', name);
|
||||
data.append('zugangscode', zugangscode);
|
||||
data.append('password', zugangspasswort);
|
||||
if (files?.length === 1) {
|
||||
data.append('type', files[0].type);
|
||||
data.append('fileName', files[0].name);
|
||||
@@ -155,7 +154,7 @@
|
||||
async function caseExists(caseName: string) {
|
||||
|
||||
if (caseName == '') {
|
||||
zugangscode = zugangscodeOld;
|
||||
zugangspasswort = zugangspasswordOld;
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -166,19 +165,19 @@
|
||||
|
||||
if (status == 200) {
|
||||
caseExisting = true;
|
||||
const code = await getCode(caseName);
|
||||
zugangscode = code;
|
||||
const passwort = await getPassword(caseName);
|
||||
zugangspasswort = passwort;
|
||||
|
||||
return true
|
||||
|
||||
} else {
|
||||
caseExisting = false;
|
||||
zugangscode = zugangscodeOld;
|
||||
zugangspasswort = zugangspasswordOld;
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
async function getCode(caseName: string) {
|
||||
async function getPassword(caseName: string) {
|
||||
|
||||
if (caseName == '') return;
|
||||
|
||||
@@ -280,11 +279,11 @@
|
||||
class="flex rounded-md shadow-sm ring-1 ring-inset ring-gray-300 focus-within:ring-2 focus-within:ring-inset focus-within:ring-indigo-600"
|
||||
>
|
||||
<input
|
||||
bind:value={zugangscode}
|
||||
bind:value={zugangspasswort}
|
||||
type="text"
|
||||
name="zugangscode"
|
||||
id="zugangscode"
|
||||
on:input="{ (ev) => { zugangscodeOld = ev.target.value }}"
|
||||
on:input="{ (ev) => { zugangspasswordOld = ev.target.value }}"
|
||||
class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6"
|
||||
/>
|
||||
|
||||
@@ -292,7 +291,7 @@
|
||||
<button
|
||||
class="rounded-md bg-blue-500 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-indigo-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600"
|
||||
on:click="{() => {
|
||||
zugangscode = zugangscodeOld = generate_token(); }}"
|
||||
zugangspasswort = zugangspasswordOld = generatePassword(); }}"
|
||||
type="button">
|
||||
Generiere Zugangscode
|
||||
</button>
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import {
|
||||
checkIfVorgangExists,
|
||||
hasValidToken,
|
||||
tokenValid,
|
||||
passwordValid,
|
||||
vorgangExists
|
||||
} from '$lib/server/vorgangService';
|
||||
import { redirect } from '@sveltejs/kit';
|
||||
@@ -14,11 +14,11 @@ export const load: PageServerLoad = async ({ params, url, locals }) => {
|
||||
};
|
||||
}
|
||||
|
||||
const caseId = params.vorgang;
|
||||
const caseToken = url.searchParams.get('token');
|
||||
const caseToken = params.vorgang;
|
||||
const casePassword = url.searchParams.get('pw');
|
||||
|
||||
const isVorgangValid = vorgangExists(caseId);
|
||||
const isTokenValid = tokenValid(caseId, caseToken);
|
||||
const isVorgangValid = vorgangExists(caseToken);
|
||||
const isPasswordValid = passwordValid(caseToken, casePassword);
|
||||
|
||||
if (!isVorgangValid || !isTokenValid) throw redirect(303, `/anmeldung?vorgang=${caseId}`);
|
||||
if (!isVorgangValid || !isPasswordValid) throw redirect(303, `/anmeldung?vorgang=${caseToken}`);
|
||||
};
|
||||
|
||||
@@ -1,16 +1,16 @@
|
||||
import { getVorgangByToken, getVorgangByCaseId } from '$lib/server/vorgangService';
|
||||
import { getVorgangByToken, getCrimesListByToken } from '$lib/server/vorgangService';
|
||||
import type { PageServerLoad } from './$types';
|
||||
|
||||
export const load: PageServerLoad = async ({ params, url }) => {
|
||||
const caseId = params.vorgang;
|
||||
const caseToken = url.searchParams.get('token');
|
||||
const caseToken = params.vorgang;
|
||||
const casePassword = url.searchParams.get('pw');
|
||||
|
||||
const crimesList = await getVorgangByCaseId(caseId);
|
||||
const vorg = getVorgangByToken(caseId);
|
||||
const crimesList = await getCrimesListByToken(caseToken);
|
||||
const vorgang = getVorgangByToken(caseToken);
|
||||
|
||||
return {
|
||||
crimesList,
|
||||
caseToken,
|
||||
vorg
|
||||
casePassword,
|
||||
vorgang
|
||||
};
|
||||
};
|
||||
|
||||
@@ -26,9 +26,9 @@
|
||||
// add other properties as needed
|
||||
}
|
||||
|
||||
const vorg = data.vorg;
|
||||
const vorgang = data.vorgang;
|
||||
const crimesList: ListItem[] = data.crimesList;
|
||||
const token: string = data.caseToken;
|
||||
const password: string = data.casePassword;
|
||||
|
||||
let open = false;
|
||||
$: open;
|
||||
@@ -141,9 +141,9 @@
|
||||
|
||||
<div class="-z-10 bg-white">
|
||||
<div class="flex flex-col items-center justify-center w-full">
|
||||
<h1 class="text-xl">Vorgang {vorg.name}</h1>
|
||||
<h1 class="text-xl">Vorgang {vorgang.name}</h1>
|
||||
{#if data?.user?.admin}
|
||||
Zugangspasswort: {vorg.pw}
|
||||
Zugangspasswort: {vorgang.pw}
|
||||
<Button on:click={() => setClipboard($page.url.toString().split('?')[0])}>Copy Link</Button>
|
||||
{/if}
|
||||
</div>
|
||||
@@ -152,7 +152,7 @@
|
||||
{#each crimesList as item, i}
|
||||
<li>
|
||||
<a
|
||||
href="/view/{$page.params.vorgang}/{item.name}?token={token}"
|
||||
href="/view/{$page.params.vorgang}/{item.name}?pw={password}"
|
||||
class=" flex justify-between gap-x-6 py-5"
|
||||
aria-label="zum 3D-modell"
|
||||
>
|
||||
|
||||
@@ -4,13 +4,15 @@ import { redirect } from '@sveltejs/kit';
|
||||
export const actions = {
|
||||
login: ({ request, cookies }) => loginUser({ request, cookies }),
|
||||
logout: (event) => logoutUser(event),
|
||||
getVorgangById: async ({ request }) => {
|
||||
getVorgangByToken: async ({ request }) => {
|
||||
const data = await request.formData();
|
||||
const caseId = data.get('case-id');
|
||||
const caseToken = data.get('case-token');
|
||||
const casePassword = data.get('case-password');
|
||||
|
||||
if (!caseId || !caseToken) return;
|
||||
console.log(`+++ ${caseToken} + ${casePassword}`);
|
||||
|
||||
throw redirect(303, `/list/${caseId}?token=${caseToken}`);
|
||||
if (!caseToken || !casePassword) return;
|
||||
|
||||
throw redirect(303, `/list/${caseToken}?pw=${casePassword}`);
|
||||
}
|
||||
} as const;
|
||||
} as const;
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
export let open = false;
|
||||
|
||||
import { page } from '$app/state';
|
||||
const vorgang_token = page.url.searchParams.get('vorgang');
|
||||
const vorgangToken = page.url.searchParams.get('vorgang');
|
||||
</script>
|
||||
|
||||
<div class="flex min-h-full flex-col justify-center px-6 py-12 lg:px-8">
|
||||
@@ -27,21 +27,21 @@
|
||||
<div class="w-full max-w-sm mx-auto">
|
||||
<div class="relative mt-5 bg-gray-50 rounded-xl shadow-xl p-3 pt-1">
|
||||
<div class="mt-10">
|
||||
<form action="?/getVorgangById" method="POST">
|
||||
<form action="?/getVorgangByToken" method="POST">
|
||||
<BaseInputField
|
||||
id="case-id"
|
||||
name="case-id"
|
||||
id="case-token"
|
||||
name="case-token"
|
||||
label="Vorgangskennung"
|
||||
type="text"
|
||||
value={vorgang_token}
|
||||
value={vorgangToken}
|
||||
/>
|
||||
<div class="mt-5">
|
||||
<BaseInputField
|
||||
id="case-token"
|
||||
name="case-token"
|
||||
label="Zugangscode"
|
||||
id="case-password"
|
||||
name="case-password"
|
||||
label="Zugangspasswort"
|
||||
type="text"
|
||||
value={form?.token}
|
||||
value={form?.password}
|
||||
error={form?.error?.message}
|
||||
/>
|
||||
</div>
|
||||
|
||||
@@ -1,12 +1,11 @@
|
||||
import { client } from '$lib/minio';
|
||||
import { db } from '$lib/server/dbService';
|
||||
|
||||
/** @type {import('./$types').RequestHandler} */
|
||||
export async function GET({ params }) {
|
||||
const vorgangName = params.vorgang;
|
||||
|
||||
let getCodeSQLStmt = `SELECT pw FROM cases WHERE name = ?;`;
|
||||
const row = db.prepare(getCodeSQLStmt).get(vorgangName);
|
||||
let getCodeSQLStatement = `SELECT pw FROM cases WHERE name = ?;`;
|
||||
const row = db.prepare(getCodeSQLStatement).get(vorgangName);
|
||||
let password = row.pw;
|
||||
|
||||
if (password) {
|
||||
|
||||
Reference in New Issue
Block a user
[JB] Was meint hier password? Ist es nicht der vorgangstoken?
Projektweite Umbenennung erfolgt im separaten branch.