f034_sqlite_database #19
@@ -3,42 +3,42 @@ import jsSHA from 'jssha';
|
||||
|
||||
const db = new Database('./src/lib/data/tatort.db');
|
||||
|
||||
let create_stmt = `CREATE TABLE IF NOT EXISTS users
|
||||
let createSQLStmt = `CREATE TABLE IF NOT EXISTS users
|
||||
(id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
name TEXT NOT NULL,
|
||||
pw TEXT NOT NULL)`;
|
||||
db.exec(create_stmt);
|
||||
db.exec(createSQLStmt);
|
||||
|
||||
// check if there are any users; if not add one default admin one
|
||||
let pw = 'pass-123';
|
||||
let hashed_pw = new jsSHA('SHA-512', 'TEXT').update(pw).getHash('HEX');
|
||||
let password = 'pass-123';
|
||||
let hashedPassword = new jsSHA('SHA-512', 'TEXT').update(password).getHash('HEX');
|
||||
|
||||
let check_ins_stmt = `INSERT INTO users (name, pw) SELECT 'admin', '${hashed_pw}'
|
||||
let checkInsertSQLStmt = `INSERT INTO users (name, pw) SELECT 'admin', '${hashedPassword}'
|
||||
WHERE NOT EXISTS (SELECT * FROM users);`;
|
||||
|
||||
db.exec(check_ins_stmt);
|
||||
db.exec(checkInsertSQLStmt);
|
||||
|
||||
let users_stmt = `SELECT * FROM USERS`;
|
||||
let stmt = db.prepare(users_stmt);
|
||||
let usersSQLStmt = `SELECT * FROM USERS`;
|
||||
let SQLStatement = db.prepare(usersSQLStmt);
|
||||
console.log(`\n`, `*** Users table`);
|
||||
for (const usr of stmt.iterate()) {
|
||||
for (const usr of SQLStatement.iterate()) {
|
||||
console.log(`[r] ${usr.name} + ${usr.pw}`);
|
||||
}
|
||||
|
||||
// cases table
|
||||
|
||||
create_stmt = `CREATE TABLE IF NOT EXISTS cases
|
||||
createSQLStmt = `CREATE TABLE IF NOT EXISTS cases
|
||||
(id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
token TEXT NOT NULL UNIQUE,
|
||||
name TEXT NOT NULL UNIQUE,
|
||||
pw TEXT NOT NULL)`;
|
||||
|
||||
db.exec(create_stmt);
|
||||
db.exec(createSQLStmt);
|
||||
|
||||
let cases_stmt = `SELECT * FROM cases`;
|
||||
stmt = db.prepare(cases_stmt);
|
||||
let casesSQLStmt = `SELECT * FROM cases`;
|
||||
SQLStatement = db.prepare(casesSQLStmt);
|
||||
console.log(`\n`, `*** Cases table`);
|
||||
for (const usr of stmt.iterate()) {
|
||||
for (const usr of SQLStatement.iterate()) {
|
||||
console.log(`[r] ${usr.name} + ${usr.token} + ${usr.pw}`);
|
||||
}
|
||||
|
||||
|
||||
@@ -19,18 +19,18 @@ export function decryptToken(token: string) {
|
||||
}
|
||||
|
||||
export function authenticate(user, pass) {
|
||||
let token;
|
||||
let JWTToken;
|
||||
|
||||
// hash user password
|
||||
let hashed_pw = new jsSHA('SHA-512', 'TEXT').update(pass).getHash('HEX');
|
||||
let hashedPW = new jsSHA('SHA-512', 'TEXT').update(pass).getHash('HEX');
|
||||
|
||||
let get_usr_stmt = 'SELECT name, pw FROM users WHERE name = ?';
|
||||
const row = db.prepare(get_usr_stmt).get(user);
|
||||
let stored_pw = row.pw;
|
||||
let getUserSQLStmt = 'SELECT name, pw FROM users WHERE name = ?';
|
||||
const row = db.prepare(getUserSQLStmt).get(user);
|
||||
let storedPW = row.pw;
|
||||
|
||||
if (hashed_pw && hashed_pw === stored_pw) {
|
||||
token = createToken({ id: user, admin: true });
|
||||
if (hashedPW && hashedPW === storedPW) {
|
||||
JWTToken = createToken({ id: user, admin: true });
|
||||
}
|
||||
|
||||
return token;
|
||||
return JWTToken;
|
||||
}
|
||||
|
||||
@@ -28,23 +28,28 @@ export const getVorgangByCaseId = async (caseId: string) => {
|
||||
|
||||
/**
|
||||
* Get Vorgang
|
||||
* @param caseId
|
||||
* @param caseToken
|
||||
* @returns caseObj with keys `token`, `name`, `pw` || undefined
|
||||
*/
|
||||
export const getVorgang = function (caseId: string) {
|
||||
let getVorgang_stmt = `SELECT token, name, pw FROM cases WHERE token = ?`;
|
||||
const stmt = db.prepare(getVorgang_stmt);
|
||||
const res = stmt.get(caseId);
|
||||
export const getVorgangByToken = function (caseToken: string) {
|
||||
let getVorgangSQLStmt = `SELECT token, name, pw FROM cases WHERE token = ?`;
|
||||
const statement = db.prepare(getVorgangSQLStmt);
|
||||
const result = statement.get(caseToken);
|
||||
|
||||
return res;
|
||||
return result;
|
||||
};
|
||||
|
||||
/**
|
||||
* Get Vorgang
|
||||
* @param caseName
|
||||
* @returns caseObj with keys `token`, `name`, `pw` || undefined
|
||||
*/
|
||||
export const getVorgangByName = function (caseName: string) {
|
||||
let getVorgangByName_stmt = `SELECT token, name, pw FROM cases WHERE name = ?`;
|
||||
const stmt = db.prepare(getVorgangByName_stmt);
|
||||
const res = stmt.get(caseName);
|
||||
let getVorgangByNameSQLStmt = `SELECT token, name, pw FROM cases WHERE name = ?`;
|
||||
const statement = db.prepare(getVorgangByNameSQLStmt);
|
||||
const result = statement.get(caseName);
|
||||
|
||||
return res;
|
||||
return result;
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -53,9 +58,9 @@ export const getVorgangByName = function (caseName: string) {
|
||||
* @returns int: number of changes
|
||||
*/
|
||||
export const deleteVorgangByName = function (caseName: string) {
|
||||
let delete_stmt = 'DELETE FROM cases WHERE name = ?';
|
||||
const stmt = db.prepare(delete_stmt);
|
||||
const info = stmt.run(caseName);
|
||||
let deleteSQLStmt = 'DELETE FROM cases WHERE name = ?';
|
||||
const statement = db.prepare(deleteSQLStmt);
|
||||
const info = statement.run(caseName);
|
||||
|
||||
return info.changes;
|
||||
};
|
||||
@@ -84,11 +89,11 @@ export const getListOfVorgänge = async () => {
|
||||
* @returns list with of available cases
|
||||
*/
|
||||
export const getVorgaenge = function () {
|
||||
let getVorgaenge_stmt = `SELECT token, name, pw from cases`;
|
||||
const stmt = db.prepare(getVorgaenge_stmt);
|
||||
const res = stmt.all();
|
||||
let getVorgaengeSQLStmt = `SELECT token, name, pw from cases`;
|
||||
const statement = db.prepare(getVorgaengeSQLStmt);
|
||||
const result = statement.all();
|
||||
const vorgaenge_list = [];
|
||||
for (const r of res) {
|
||||
for (const r of result) {
|
||||
const vorg = { token: r.token, name: r.name, pw: r.pw };
|
||||
vorgaenge_list.push(vorg);
|
||||
}
|
||||
@@ -121,11 +126,11 @@ export const checkIfVorgangExists = async (caseId: string | null) => {
|
||||
return true;
|
||||
};
|
||||
|
||||
export const vorgangExists = function (caseId: string | null) {
|
||||
if (!caseId) {
|
||||
export const vorgangExists = function (caseToken: string | null) {
|
||||
if (!caseToken) {
|
||||
return fail(400, {
|
||||
success: false,
|
||||
caseId,
|
||||
caseId: caseToken,
|
||||
error: { message: 'Die Vorgangsnummer darf nicht leer sein.' }
|
||||
});
|
||||
}
|
||||
@@ -133,16 +138,16 @@ export const vorgangExists = function (caseId: string | null) {
|
||||
let vorgaenge = getVorgaenge();
|
||||
const vorgaenge_tokens = vorgaenge.map((vorg) => vorg.token);
|
||||
|
||||
const found = vorgaenge_tokens.indexOf(caseId) != -1;
|
||||
const found = vorgaenge_tokens.indexOf(caseToken) != -1;
|
||||
|
||||
return found;
|
||||
};
|
||||
|
||||
export const vorgangNameExists = function (caseName: string) {
|
||||
let vorgaenge = getVorgaenge();
|
||||
const vorgaenge_names = vorgaenge.map((vorg) => vorg.name);
|
||||
const vorgaengeNames = vorgaenge.map((vorg) => vorg.name);
|
||||
|
||||
const found = vorgaenge_names.indexOf(caseName) != -1;
|
||||
const found = vorgaengeNames.indexOf(caseName) != -1;
|
||||
|
||||
return found;
|
||||
};
|
||||
@@ -174,7 +179,7 @@ export const tokenValid = function (caseId, caseToken) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const vorg = getVorgang(caseId);
|
||||
const vorg = getVorgangByToken(caseId);
|
||||
|
||||
if (!vorg || vorg.pw !== caseToken) {
|
||||
return false;
|
||||
|
||||
@@ -21,29 +21,29 @@ export const actions = {
|
||||
const vorgang = data.get('vorgang');
|
||||
const name = data.get('name');
|
||||
const type = data.get('type');
|
||||
const code = data.get('zugangscode');
|
||||
const pw = data.get('zugangscode');
|
||||
const fileName = data.get('fileName');
|
||||
|
||||
// store case in database
|
||||
// skip if Vorgang exists and token not changed
|
||||
|
||||
const vorgang_exists = vorgangNameExists(vorgang);
|
||||
const vorgangExists = vorgangNameExists(vorgang);
|
||||
let token;
|
||||
|
||||
if (!vorgang_exists) {
|
||||
if (!vorgangExists) {
|
||||
token = uuidv4();
|
||||
let insert_stmt = `INSERT INTO cases (token, name, pw) VALUES (?, ?, ?)`;
|
||||
const stmt = db.prepare(insert_stmt);
|
||||
stmt.run(token, vorgang, code);
|
||||
let insertSQLStmt = `INSERT INTO cases (token, name, pw) VALUES (?, ?, ?)`;
|
||||
const statement = db.prepare(insertSQLStmt);
|
||||
statement.run(token, vorgang, pw);
|
||||
} else {
|
||||
// vorgang exists
|
||||
// check if PW was changed, and update DB if it was
|
||||
const vorg = getVorgangByName(vorgang);
|
||||
const vorg = getVorgangByName(vorg);
|
||||
token = vorg.token;
|
||||
if (vorg.pw != code) {
|
||||
let update_stmt = `UPDATE cases SET pw = ? WHERE name = ?`;
|
||||
const stmt = db.prepare(update_stmt);
|
||||
stmt.run(code, vorgang);
|
||||
if (vorg.pw != pw) {
|
||||
let updateSQLStmt = `UPDATE cases SET pw = ? WHERE name = ?`;
|
||||
const statement = db.prepare(updateSQLStmt);
|
||||
statement.run(pw, vorg);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -23,12 +23,12 @@
|
||||
.slice(2, 2 + code_len);
|
||||
}
|
||||
let zugangscode = ''
|
||||
let zugangscode_old = ''
|
||||
$: zugangscode_old = generate_token();
|
||||
$: zugangscode = zugangscode_old
|
||||
let zugangscodeOld = ''
|
||||
$: zugangscodeOld = generate_token();
|
||||
$: zugangscode = zugangscodeOld
|
||||
|
||||
let case_existing = undefined;
|
||||
$: case_existing = false;
|
||||
let caseExisting = undefined;
|
||||
$: caseExisting = false;
|
||||
|
||||
let name = '';
|
||||
let etag: string | null = null;
|
||||
@@ -152,37 +152,37 @@
|
||||
}
|
||||
|
||||
// `/(angemeldet)/view` return true or false
|
||||
async function case_exists(case_name: string) {
|
||||
async function caseExists(caseName: string) {
|
||||
|
||||
if (case_name == '') {
|
||||
zugangscode = zugangscode_old;
|
||||
if (caseName == '') {
|
||||
zugangscode = zugangscodeOld;
|
||||
return;
|
||||
}
|
||||
|
||||
let url = `/api/list/${case_name}`
|
||||
let url = `/api/list/${caseName}`
|
||||
|
||||
const response = await fetch(url, { method: 'HEAD'});
|
||||
const status = response.status;
|
||||
|
||||
if (status == 200) {
|
||||
case_existing = true;
|
||||
const code = await get_code(case_name);
|
||||
caseExisting = true;
|
||||
const code = await getCode(caseName);
|
||||
zugangscode = code;
|
||||
|
||||
return true
|
||||
|
||||
} else {
|
||||
case_existing = false;
|
||||
zugangscode = zugangscode_old;
|
||||
caseExisting = false;
|
||||
zugangscode = zugangscodeOld;
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
async function get_code(case_no: string) {
|
||||
async function getCode(caseName: string) {
|
||||
|
||||
if (case_no == '') return;
|
||||
if (caseName == '') return;
|
||||
|
||||
let url = `/api/list/${case_no}/code`;
|
||||
let url = `/api/list/${caseName}/code`;
|
||||
const response = await fetch(url);
|
||||
|
||||
if (response.status == 200) {
|
||||
@@ -226,14 +226,14 @@
|
||||
id="vorgang"
|
||||
autocomplete={vorgang}
|
||||
class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6"
|
||||
on:input={() => case_exists(vorgang)}
|
||||
on:input={() => caseExists(vorgang)}
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
{#if formErrors?.vorgang}
|
||||
<p class="block text-sm leading-6 text-red-900 mt-2">{formErrors.vorgang}</p>
|
||||
{/if}
|
||||
{#if case_existing && vorgang.length > 0}
|
||||
{#if caseExisting && vorgang.length > 0}
|
||||
<span>Datei wird zum existierenden Vorgang hinzugefügt.</span>
|
||||
{:else if vorgang.length > 0}
|
||||
<span>Neuer Vorgang wird angelegt.</span>
|
||||
@@ -284,7 +284,7 @@
|
||||
type="text"
|
||||
name="zugangscode"
|
||||
id="zugangscode"
|
||||
on:input="{ (ev) => { zugangscode_old = ev.target.value }}"
|
||||
on:input="{ (ev) => { zugangscodeOld = ev.target.value }}"
|
||||
class="block flex-1 border-0 bg-transparent py-1.5 pl-1 text-gray-900 placeholder:text-gray-400 focus:ring-0 sm:text-sm sm:leading-6"
|
||||
/>
|
||||
|
||||
@@ -292,7 +292,7 @@
|
||||
<button
|
||||
class="rounded-md bg-blue-500 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-indigo-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600"
|
||||
on:click="{() => {
|
||||
zugangscode = zugangscode_old = generate_token(); }}"
|
||||
zugangscode = zugangscodeOld = generate_token(); }}"
|
||||
type="button">
|
||||
Generiere Zugangscode
|
||||
</button>
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
import { getVorgang, getVorgangByCaseId } from '$lib/server/vorgangService';
|
||||
import { getVorgangByToken, getVorgangByCaseId } from '$lib/server/vorgangService';
|
||||
import type { PageServerLoad } from './$types';
|
||||
|
||||
export const load: PageServerLoad = async ({ params, url }) => {
|
||||
@@ -6,7 +6,7 @@ export const load: PageServerLoad = async ({ params, url }) => {
|
||||
const caseToken = url.searchParams.get('token');
|
||||
|
||||
const crimesList = await getVorgangByCaseId(caseId);
|
||||
const vorg = getVorgang(caseId);
|
||||
const vorg = getVorgangByToken(caseId);
|
||||
|
||||
return {
|
||||
crimesList,
|
||||
|
||||
@@ -143,7 +143,7 @@
|
||||
<div class="flex flex-col items-center justify-center w-full">
|
||||
<h1 class="text-xl">Vorgang {vorg.name}</h1>
|
||||
{#if data?.user?.admin}
|
||||
Zugangscode: {vorg.pw}
|
||||
Zugangspasswort: {vorg.pw}
|
||||
<Button on:click={() => setClipboard($page.url.toString().split('?')[0])}>Copy Link</Button>
|
||||
{/if}
|
||||
</div>
|
||||
|
||||
@@ -2,7 +2,7 @@ import { client } from '$lib/minio';
|
||||
import { db } from '$lib/server/dbService';
|
||||
import {
|
||||
deleteVorgangByName,
|
||||
getVorgang,
|
||||
getVorgangByToken,
|
||||
getVorgangByName,
|
||||
vorgangNameExists
|
||||
} from '$lib/server/vorgangService';
|
||||
@@ -11,11 +11,11 @@ export async function DELETE({ params }) {
|
||||
const vorgang = params.vorgang;
|
||||
|
||||
const vorg = getVorgangByName(vorgang);
|
||||
let vorg_token = vorg.token;
|
||||
let vorgangToken = vorg.token;
|
||||
|
||||
const object_list = await new Promise((resolve, reject) => {
|
||||
const res = [];
|
||||
const items_str = client.listObjects('tatort', vorg_token, true);
|
||||
const items_str = client.listObjects('tatort', vorgangToken, true);
|
||||
|
||||
items_str.on('data', (obj) => {
|
||||
res.push(obj.name);
|
||||
@@ -35,9 +35,9 @@ export async function DELETE({ params }) {
|
||||
}
|
||||
|
||||
export async function HEAD({ params }) {
|
||||
const vorgang_name = params.vorgang;
|
||||
const vorgangName = params.vorgang;
|
||||
|
||||
const existing = vorgangNameExists(vorgang_name);
|
||||
const existing = vorgangNameExists(vorgangName);
|
||||
|
||||
if (existing) {
|
||||
return new Response(null, { status: 200 });
|
||||
|
||||
@@ -3,14 +3,14 @@ import { db } from '$lib/server/dbService';
|
||||
|
||||
/** @type {import('./$types').RequestHandler} */
|
||||
export async function GET({ params }) {
|
||||
const vorgang_name = params.vorgang;
|
||||
const vorgangName = params.vorgang;
|
||||
|
||||
let get_code_stmt = `SELECT pw FROM cases WHERE name = ?;`;
|
||||
const row = db.prepare(get_code_stmt).get(vorgang_name);
|
||||
let pw = row.pw;
|
||||
let getCodeSQLStmt = `SELECT pw FROM cases WHERE name = ?;`;
|
||||
const row = db.prepare(getCodeSQLStmt).get(vorgangName);
|
||||
let password = row.pw;
|
||||
|
||||
if (pw) {
|
||||
return new Response(pw, { status: 200 });
|
||||
if (password) {
|
||||
return new Response(password, { status: 200 });
|
||||
} else {
|
||||
return new Response(null, { status: 404 });
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user