donpat1to/Schichtenplaner
1
0
Fork 0
mirror of https://github.com/donpat1to/Schichtenplaner.git synced 2025-12-01 06:55:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

added corrected password needs

Browse Source
This commit is contained in:
Patrick Mahnke-Hartmann
2025-10-28 20:13:09 +01:00
parent b3b3250f23
commit 1927937109
4 changed files with 115 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
backend/src/middleware/rateLimit.ts
View File

@@ -1,16 +1,48 @@
import rateLimit from 'express-rate-limit'; import rateLimit from 'express-rate-limit';
import { Request } from 'express';
export const authLimiter = rateLimit({ // Helper to check if request should be limited
windowMs: 15 * 60 * 1000, // 15 minutes const shouldSkipLimit = (req: Request): boolean => {
max: 5, // Limit each IP to 5 login requests per windowMs const skipPaths = [
message: { error: 'Zu viele Login-Versuche, bitte versuchen Sie es später erneut' }, '/api/health',
standardHeaders: true, '/api/setup/status',
legacyHeaders: false, '/api/auth/validate'
}); ];
// Skip for successful GET requests (data fetching)
if (req.method === 'GET' && req.path.startsWith('/api/')) {
return true;
}
return skipPaths.includes(req.path);
};
// Main API limiter - nur für POST/PUT/DELETE
export const apiLimiter = rateLimit({ export const apiLimiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // Limit each IP to 100 requests per windowMs max: 200, // 200 non-GET requests per 15 minutes
message: {
error: 'Zu viele Anfragen, bitte verlangsamen Sie Ihre Aktionen'
},
standardHeaders: true, standardHeaders: true,
legacyHeaders: false, legacyHeaders: false,
skip: (req) => {
// ✅ Skip für GET requests (Data Fetching)
if (req.method === 'GET') return true;
// ✅ Skip für Health/Status Checks
return shouldSkipLimit(req);
}
});
// Strict limiter for auth endpoints
export const authLimiter = rateLimit({
windowMs: 15 * 60 * 1000,
max: 5,
message: {
error: 'Zu viele Login-Versuche, bitte versuchen Sie es später erneut'
},
standardHeaders: true,
legacyHeaders: false,
skipSuccessfulRequests: true,
}); });

4
backend/src/middleware/validation.ts
View File

@@ -284,7 +284,7 @@ export const validateCreateFromPreset = [
body('presetName') body('presetName')
.isLength({ min: 1 }) .isLength({ min: 1 })
.withMessage('Preset name is required') .withMessage('Preset name is required')
.isIn(['standardWeek', 'extendedWeek', 'weekendFocused', 'morningOnly', 'eveningOnly']) .isIn(['standardWeek', 'extendedWeek', 'weekendFocused', 'morningOnly', 'eveningOnly', 'ZEBRA_STANDARD'])
.withMessage('Invalid preset name'), .withMessage('Invalid preset name'),
body('name') body('name')
@@ -444,7 +444,7 @@ export const handleValidationErrors = (req: Request, res: Response, next: NextFu
const errorMessages = errors.array().map(error => ({ const errorMessages = errors.array().map(error => ({
field: error.type === 'field' ? error.path : error.type, field: error.type === 'field' ? error.path : error.type,
message: error.msg, message: error.msg,
value: error value: error.msg
})); }));
return res.status(400).json({ return res.status(400).json({

132
backend/src/server.ts
View File

@@ -1,6 +1,7 @@
// backend/src/server.ts // backend/src/server.ts
import express from 'express'; import express from 'express';
import path from 'path'; import path from 'path';
import { fileURLToPath } from 'url';
import { initializeDatabase } from './scripts/initializeDatabase.js'; import { initializeDatabase } from './scripts/initializeDatabase.js';
import fs from 'fs'; import fs from 'fs';
import helmet from 'helmet'; import helmet from 'helmet';
@@ -14,9 +15,14 @@ import scheduledShifts from './routes/scheduledShifts.js';
import schedulingRoutes from './routes/scheduling.js'; import schedulingRoutes from './routes/scheduling.js';
import { authLimiter, apiLimiter } from './middleware/rateLimit.js'; import { authLimiter, apiLimiter } from './middleware/rateLimit.js';
const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename);
const app = express(); const app = express();
const PORT = 3002; const PORT = 3002;
const isDevelopment = process.env.NODE_ENV === 'development';
// Security configuration
if (process.env.NODE_ENV === 'production') { if (process.env.NODE_ENV === 'production') {
console.info('Checking for JWT_SECRET'); console.info('Checking for JWT_SECRET');
const JWT_SECRET = process.env.JWT_SECRET; const JWT_SECRET = process.env.JWT_SECRET;
@@ -26,10 +32,9 @@ if (process.env.NODE_ENV === 'production') {
} }
} }
// Security headers // Security headers
app.use(helmet({ app.use(helmet({
contentSecurityPolicy: { contentSecurityPolicy: isDevelopment ? false : {
directives: { directives: {
defaultSrc: ["'self'"], defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'"], scriptSrc: ["'self'", "'unsafe-inline'"],
@@ -37,7 +42,7 @@ app.use(helmet({
imgSrc: ["'self'", "data:", "https:"], imgSrc: ["'self'", "data:", "https:"],
}, },
}, },
crossOriginEmbedderPolicy: false // Required for Vite dev crossOriginEmbedderPolicy: false
})); }));
// Additional security headers // Additional security headers
@@ -51,9 +56,14 @@ app.use((req, res, next) => {
// Middleware // Middleware
app.use(express.json()); app.use(express.json());
// API Routes // Rate limiting - weniger restriktiv in Development
app.use('/api/', apiLimiter); if (process.env.NODE_ENV === 'production') {
app.use('/api/', apiLimiter);
} else {
console.log('🔧 Development: Rate limiting relaxed');
}
// API Routes
app.use('/api/setup', setupRoutes); app.use('/api/setup', setupRoutes);
app.use('/api/auth', authLimiter, authRoutes); app.use('/api/auth', authLimiter, authRoutes);
app.use('/api/employees', employeeRoutes); app.use('/api/employees', employeeRoutes);
@@ -62,82 +72,86 @@ app.use('/api/scheduled-shifts', scheduledShifts);
app.use('/api/scheduling', schedulingRoutes); app.use('/api/scheduling', schedulingRoutes);
// Health route // Health route
app.get('/api/health', (req: any, res: any) => { app.get('/api/health', (req: express.Request, res: express.Response) => {
res.json({ res.json({
status: 'OK', status: 'OK',
message: 'Backend läuft!', message: 'Backend läuft!',
timestamp: new Date().toISOString() timestamp: new Date().toISOString(),
mode: process.env.NODE_ENV || 'development'
}); });
}); });
// 🆕 STATIC FILE SERVING // 🆕 IMPROVED STATIC FILE SERVING
// Use absolute path that matches Docker container structure const findFrontendBuildPath = (): string | null => {
const frontendBuildPath = path.resolve('/app/frontend-build'); const possiblePaths = [
console.log('📁 Frontend build path:', frontendBuildPath); // Production path (Docker)
'/app/frontend-build',
// Development paths
path.resolve(__dirname, '../../frontend/dist'),
path.resolve(__dirname, '../../frontend-build'),
path.resolve(process.cwd(), '../frontend/dist'),
path.resolve(process.cwd(), 'frontend-build'),
];
for (const testPath of possiblePaths) {
try {
if (fs.existsSync(testPath)) {
const indexPath = path.join(testPath, 'index.html');
if (fs.existsSync(indexPath)) {
console.log('✅ Found frontend build at:', testPath);
return testPath;
}
}
} catch (error) {
// Silent catch - just try next path
}
}
return null;
};
const frontendBuildPath = findFrontendBuildPath();
if (frontendBuildPath) { if (frontendBuildPath) {
// Serviere statische Dateien
app.use(express.static(frontendBuildPath)); app.use(express.static(frontendBuildPath));
// List files for debugging
try {
const files = fs.readdirSync(frontendBuildPath);
console.log('📄 Files in frontend-build:', files);
} catch (err) {
console.log('❌ Could not read frontend-build directory:', err);
}
console.log('✅ Static file serving configured'); console.log('✅ Static file serving configured');
} else { } else {
console.log('❌ Frontend build directory NOT FOUND in any location'); console.log(isDevelopment ?
'🔧 Development: Frontend served by Vite dev server (localhost:3003)' :
'❌ Production: No frontend build found'
);
} }
// Root route // Root route
app.get('/', apiLimiter, (req, res) => { app.get('/', (req, res) => {
if (!frontendBuildPath) { if (!frontendBuildPath) {
if (isDevelopment) {
return res.redirect('http://localhost:3003');
}
return res.status(500).send('Frontend build not found'); return res.status(500).send('Frontend build not found');
} }
const indexPath = path.join(frontendBuildPath, 'index.html'); const indexPath = path.join(frontendBuildPath, 'index.html');
console.log('📄 Serving index.html from:', indexPath); res.sendFile(indexPath);
if (fs.existsSync(indexPath)) {
res.sendFile(indexPath);
} else {
console.error('❌ index.html not found at:', indexPath);
res.status(404).send('Frontend not found - index.html missing');
}
}); });
// Client-side routing fallback // Client-side routing fallback
app.get('*', apiLimiter, (req, res) => { app.get('*', (req, res) => {
// Ignoriere API Routes
if (req.path.startsWith('/api/')) { if (req.path.startsWith('/api/')) {
return res.status(404).json({ error: 'API endpoint not found' }); return res.status(404).json({ error: 'API endpoint not found' });
} }
if (!frontendBuildPath) { if (!frontendBuildPath) {
if (isDevelopment) {
return res.redirect(`http://localhost:3003${req.path}`);
}
return res.status(500).json({ error: 'Frontend application not available' }); return res.status(500).json({ error: 'Frontend application not available' });
} }
const indexPath = path.join(frontendBuildPath, 'index.html'); const indexPath = path.join(frontendBuildPath, 'index.html');
console.log('🔄 Client-side routing for:', req.path, '->', indexPath); res.sendFile(indexPath);
if (fs.existsSync(indexPath)) {
// Use absolute path with res.sendFile
res.sendFile(indexPath, (err) => {
if (err) {
console.error('Error sending index.html:', err);
res.status(500).send('Error loading application');
}
});
} else {
console.error('❌ index.html not found for client-side routing at:', indexPath);
res.status(404).json({ error: 'Frontend application not found' });
}
}); });
// Production error handling - don't leak stack traces // Error handling
app.use((err: any, req: express.Request, res: express.Response, next: express.NextFunction) => { app.use((err: any, req: express.Request, res: express.Response, next: express.NextFunction) => {
console.error('Error:', err); console.error('Error:', err);
@@ -155,12 +169,7 @@ app.use((err: any, req: express.Request, res: express.Response, next: express.Ne
} }
}); });
// Error handling middleware // 404 handling
app.use((err: any, req: express.Request, res: express.Response, next: express.NextFunction) => {
console.error('Unhandled error:', err);
res.status(500).json({ error: 'Internal server error' });
});
app.use('*', (req, res) => { app.use('*', (req, res) => {
res.status(404).json({ error: 'Endpoint not found' }); res.status(404).json({ error: 'Endpoint not found' });
}); });
@@ -168,22 +177,20 @@ app.use('*', (req, res) => {
// Initialize the application // Initialize the application
const initializeApp = async () => { const initializeApp = async () => {
try { try {
// Initialize database with base schema
await initializeDatabase(); await initializeDatabase();
// Apply any pending migrations
const { applyMigration } = await import('./scripts/applyMigration.js'); const { applyMigration } = await import('./scripts/applyMigration.js');
await applyMigration(); await applyMigration();
// Start server only after successful initialization
app.listen(PORT, () => { app.listen(PORT, () => {
console.log('🎉 APPLICATION STARTED SUCCESSFULLY!'); console.log('🎉 APPLICATION STARTED SUCCESSFULLY!');
console.log(`📍 Port: ${PORT}`); console.log(`📍 Port: ${PORT}`);
console.log(`📍 Frontend: http://localhost:${PORT}`); console.log(`📍 Mode: ${process.env.NODE_ENV || 'development'}`);
if (frontendBuildPath) {
console.log(`📍 Frontend: http://localhost:${PORT}`);
} else if (isDevelopment) {
console.log(`📍 Frontend (Vite): http://localhost:3003`);
}
console.log(`📍 API: http://localhost:${PORT}/api`); console.log(`📍 API: http://localhost:${PORT}/api`);
console.log('');
console.log(`🔧 Setup: http://localhost:${PORT}/api/setup/status`);
console.log('📝 Create your admin account on first launch');
}); });
} catch (error) { } catch (error) {
console.error('❌ Error during initialization:', error); console.error('❌ Error during initialization:', error);
@@ -191,5 +198,4 @@ const initializeApp = async () => {
} }
}; };
// Start the application
initializeApp(); initializeApp();

8
frontend/src/pages/Employees/components/EmployeeForm.tsx
View File

@@ -185,7 +185,7 @@ const EmployeeForm: React.FC<EmployeeFormProps> = ({
// Password change logic remains the same // Password change logic remains the same
if (showPasswordSection && passwordForm.newPassword && hasRole(['admin'])) { if (showPasswordSection && passwordForm.newPassword && hasRole(['admin'])) {
if (passwordForm.newPassword.length < 6) { if (passwordForm.newPassword.length < 6) {
throw new Error('Das neue Passwort muss mindestens 6 Zeichen lang sein'); throw new Error('Das Passwort muss mindestens 6 Zeichen lang sein, Zahlen und Groß- / Kleinbuchstaben enthalten');
} }
if (passwordForm.newPassword !== passwordForm.confirmPassword) { if (passwordForm.newPassword !== passwordForm.confirmPassword) {
throw new Error('Die Passwörter stimmen nicht überein'); throw new Error('Die Passwörter stimmen nicht überein');
@@ -351,10 +351,10 @@ const EmployeeForm: React.FC<EmployeeFormProps> = ({
borderRadius: '4px', borderRadius: '4px',
fontSize: '16px' fontSize: '16px'
}} }}
placeholder="Mindestens 6 Zeichen" placeholder="Mindestens 6 Zeichen, Zahlen, Groß- / Kleinzeichen"
/> />
<div style={{ fontSize: '12px', color: '#7f8c8d', marginTop: '5px' }}> <div style={{ fontSize: '12px', color: '#7f8c8d', marginTop: '5px' }}>
Das Passwort muss mindestens 6 Zeichen lang sein. Das Passwort muss mindestens 6 Zeichen lang sein, Zahlen und Groß- / Kleinbuchstaben enthalten.
</div> </div>
</div> </div>
)} )}
@@ -672,7 +672,7 @@ const EmployeeForm: React.FC<EmployeeFormProps> = ({
borderRadius: '4px', borderRadius: '4px',
fontSize: '16px' fontSize: '16px'
}} }}
placeholder="Mindestens 6 Zeichen" placeholder="Mindestens 6 Zeichen, Zahlen, Groß- / Kleinzeichen"
/> />
</div> </div>