donpat1to/Schichtenplaner
1
0
Fork 0
mirror of https://github.com/donpat1to/Schichtenplaner.git synced 2025-11-30 22:45:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed parsing admin setup

Browse Source
This commit is contained in:
Patrick Mahnke-Hartmann
2025-10-09 01:16:26 +02:00
parent 6052a600dd
commit 6e64343d62
7 changed files with 3084 additions and 203 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2853
backend/package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

20
backend/package.json
View File

@@ -9,20 +9,22 @@
"start": "node dist/server.js"
},
"dependencies": {
"express": "^4.18.2",
"cors": "^2.8.5",
"sqlite3": "^5.1.6",
"jsonwebtoken": "^9.0.2",
"@types/bcrypt": "^6.0.0",
"bcrypt": "^6.0.0",
"bcryptjs": "^2.4.3",
"cors": "^2.8.5",
"express": "^4.18.2",
"jsonwebtoken": "^9.0.2",
"sqlite3": "^5.1.6",
"uuid": "^9.0.0"
},
"devDependencies": {
"@types/express": "^4.17.17",
"@types/cors": "^2.8.13",
"@types/jsonwebtoken": "^9.0.2",
"@types/bcryptjs": "^2.4.2",
"@types/cors": "^2.8.13",
"@types/express": "^4.17.17",
"@types/jsonwebtoken": "^9.0.2",
"@types/uuid": "^9.0.2",
"typescript": "^5.0.0",
"ts-node": "^10.9.0"
"ts-node": "^10.9.0",
"typescript": "^5.0.0"
}
}

255
backend/src/controllers/authController.ts
View File

@@ -1,168 +1,203 @@
// backend/src/controllers/authController.ts
import { Request, Response } from 'express';
import bcrypt from 'bcryptjs';
import jwt from 'jsonwebtoken';
import { v4 as uuidv4 } from 'uuid';
import bcrypt from 'bcrypt';
import { db } from '../services/databaseService.js';
import { AuthRequest } from '../middleware/auth.js';
const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key';
const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || '7d';
export interface User {
id: number;
email: string;
name: string;
role: string;
phone?: string;
department?: string;
}
export const login = async (req: Request, res: Response): Promise<void> => {
export interface UserWithPassword extends User {
password: string;
}
export interface LoginRequest {
email: string;
password: string;
}
export interface JWTPayload {
id: number;
email: string;
role: string;
iat?: number;
exp?: number;
}
export interface RegisterRequest {
email: string;
password: string;
name: string;
phone?: string;
department?: string;
role?: string;
}
export const login = async (req: Request, res: Response) => {
try {
const { email, password } = req.body;
const { email, password } = req.body as LoginRequest;
if (!email || !password) {
res.status(400).json({ error: 'Email and password are required' });
return;
return res.status(400).json({ error: 'E-Mail und Passwort sind erforderlich' });
}
// User aus Datenbank holen
const user = await db.get<any>(
'SELECT * FROM users WHERE email = ?',
// Get user from database
const user = await db.get<UserWithPassword>(
'SELECT id, email, password, name, role, phone, department FROM users WHERE email = ?',
[email]
);
if (!user) {
res.status(401).json({ error: 'Invalid credentials' });
return;
return res.status(401).json({ error: 'Ungültige Anmeldedaten' });
}
// Passwort vergleichen
const isPasswordValid = await bcrypt.compare(password, user.password);
if (!isPasswordValid) {
res.status(401).json({ error: 'Invalid credentials' });
return;
// Verify password
const validPassword = await bcrypt.compare(password, user.password);
if (!validPassword) {
return res.status(401).json({ error: 'Ungültige Anmeldedaten' });
}
// JWT Token generieren
// Create token payload
const tokenPayload: JWTPayload = {
id: user.id,
email: user.email,
role: user.role
};
// Create token
const token = jwt.sign(
{
userId: user.id,
email: user.email,
role: user.role
},
JWT_SECRET as jwt.Secret,
{ expiresIn: JWT_EXPIRES_IN as jwt.SignOptions['expiresIn'] }
tokenPayload,
process.env.JWT_SECRET || 'your-secret-key',
{ expiresIn: '24h' }
);
// User ohne Passwort zurückgeben
// Remove password from user object
const { password: _, ...userWithoutPassword } = user;
res.json({
user: userWithoutPassword,
token,
expiresIn: JWT_EXPIRES_IN
token
});
} catch (error) {
console.error('Login error:', error);
res.status(500).json({ error: 'Internal server error' });
res.status(500).json({ error: 'Ein Fehler ist beim Login aufgetreten' });
}
};
export const register = async (req: Request, res: Response): Promise<void> => {
export const getCurrentUser = async (req: Request, res: Response) => {
try {
const { email, password, name, role = 'user' } = req.body;
if (!email || !password || !name) {
res.status(400).json({ error: 'Email, password and name are required' });
return;
const jwtUser = (req as any).user as JWTPayload;
if (!jwtUser?.id) {
return res.status(401).json({ error: 'Nicht authentifiziert' });
}
// Check if user already exists
const existingUser = await db.get<any>(
const user = await db.get<User>(
'SELECT id, email, name, role, phone, department FROM users WHERE id = ?',
[jwtUser.id]
);
if (!user) {
return res.status(404).json({ error: 'Benutzer nicht gefunden' });
}
res.json({ user });
} catch (error) {
console.error('Get current user error:', error);
res.status(500).json({ error: 'Ein Fehler ist beim Abrufen des Benutzers aufgetreten' });
}
};
export const validateToken = async (req: Request, res: Response) => {
try {
const token = req.headers.authorization?.split(' ')[1];
if (!token) {
return res.status(401).json({ error: 'Kein Token vorhanden' });
}
try {
const decoded = jwt.verify(token, process.env.JWT_SECRET || 'your-secret-key') as JWTPayload;
// Verify that the decoded token has the required fields
if (!decoded.id || !decoded.email || !decoded.role) {
throw new Error('Invalid token structure');
}
res.json({ valid: true, user: decoded });
} catch (jwtError) {
return res.status(401).json({ valid: false, error: 'Ungültiger Token' });
}
} catch (error) {
console.error('Token validation error:', error);
res.status(500).json({ valid: false, error: 'Fehler bei der Token-Validierung' });
}
};
export const register = async (req: Request, res: Response) => {
try {
const { email, password, name, phone, department, role = 'user' } = req.body as RegisterRequest;
// Validate required fields
if (!email || !password || !name) {
return res.status(400).json({
error: 'E-Mail, Passwort und Name sind erforderlich'
});
}
// Check if email already exists
const existingUser = await db.get<User>(
'SELECT id FROM users WHERE email = ?',
[email]
);
if (existingUser) {
res.status(409).json({ error: 'User already exists' });
return;
}
// Validate role
const validRoles = ['admin', 'instandhalter', 'user'];
if (!validRoles.includes(role)) {
res.status(400).json({ error: 'Invalid role' });
return;
return res.status(400).json({
error: 'Ein Benutzer mit dieser E-Mail existiert bereits'
});
}
// Hash password
const hashedPassword = await bcrypt.hash(password, 10);
const userId = uuidv4();
// Create user
await db.run(
'INSERT INTO users (id, email, password, name, role) VALUES (?, ?, ?, ?, ?)',
[userId, email, hashedPassword, name, role]
// Insert user
const result = await db.run(
`INSERT INTO users (email, password, name, role, phone, department)
VALUES (?, ?, ?, ?, ?, ?)`,
[email, hashedPassword, name, role, phone, department]
);
// Generate token
const token = jwt.sign(
{
userId,
email,
role
},
JWT_SECRET as jwt.Secret,
{ expiresIn: JWT_EXPIRES_IN as jwt.SignOptions['expiresIn'] }
if (!result.lastID) {
throw new Error('Benutzer konnte nicht erstellt werden');
}
// Get created user
const newUser = await db.get<User>(
'SELECT id, email, name, role, phone, department FROM users WHERE id = ?',
[result.lastID]
);
// Return user without password
const user = {
id: userId,
email,
name,
role,
createdAt: new Date().toISOString()
};
res.status(201).json({
user,
token,
expiresIn: JWT_EXPIRES_IN
});
res.status(201).json({ user: newUser });
} catch (error) {
console.error('Registration error:', error);
res.status(500).json({ error: 'Internal server error' });
res.status(500).json({
error: 'Fehler bei der Registrierung'
});
}
};
export const logout = async (req: AuthRequest, res: Response): Promise<void> => {
export const logout = async (req: Request, res: Response) => {
try {
// Bei JWT gibt es keinen Server-side logout, aber wir können den Token client-seitig entfernen
res.json({ message: 'Logged out successfully' });
// Note: Since we're using JWTs, we don't need to do anything server-side
// The client should remove the token from storage
res.json({ message: 'Erfolgreich abgemeldet' });
} catch (error) {
console.error('Logout error:', error);
res.status(500).json({ error: 'Internal server error' });
}
};
export const getCurrentUser = async (req: AuthRequest, res: Response): Promise<void> => {
try {
const userId = req.user?.userId;
if (!userId) {
res.status(401).json({ error: 'Not authenticated' });
return;
}
const user = await db.get<any>(
'SELECT id, email, name, role, created_at FROM users WHERE id = ?',
[userId]
);
if (!user) {
res.status(404).json({ error: 'User not found' });
return;
}
res.json(user);
} catch (error) {
console.error('Get current user error:', error);
res.status(500).json({ error: 'Internal server error' });
res.status(500).json({
error: 'Fehler beim Abmelden'
});
}
};

102
backend/src/controllers/setupController.ts
View File

@@ -1,35 +1,23 @@
// backend/src/controllers/setupController.ts
import { Request, Response } from 'express';
import bcrypt from 'bcryptjs';
import { v4 as uuidv4 } from 'uuid';
import bcrypt from 'bcrypt';
import { randomUUID } from 'crypto';
import { db } from '../services/databaseService.js';
export const checkSetupStatus = async (req: Request, res: Response): Promise<void> => {
try {
// First, ensure database is properly initialized
try {
const adminExists = await db.get<{ count: number }>(
'SELECT COUNT(*) as count FROM users WHERE role = ?',
['admin']
);
const adminExists = await db.get<{ 'COUNT(*)': number }>(
'SELECT COUNT(*) FROM users WHERE role = ?',
['admin']
);
res.json({
needsSetup: !adminExists || adminExists.count === 0,
message: adminExists && adminExists.count > 0 ? 'Admin user exists' : 'No admin user found'
});
} catch (dbError) {
console.error('Database error in checkSetupStatus:', dbError);
// If there's a database error, assume setup is needed
res.json({
needsSetup: true,
message: 'Database not ready, setup required'
});
}
res.json({
needsSetup: !adminExists || adminExists['COUNT(*)'] === 0
});
} catch (error) {
console.error('Error checking setup status:', error);
res.status(500).json({
error: 'Internal server error',
needsSetup: true
error: 'Internal server error during setup check'
});
}
};
@@ -37,66 +25,58 @@ export const checkSetupStatus = async (req: Request, res: Response): Promise<voi
export const setupAdmin = async (req: Request, res: Response): Promise<void> => {
try {
// Check if admin already exists
const adminExists = await db.get<{ count: number }>(
'SELECT COUNT(*) as count FROM users WHERE role = ?',
const adminExists = await db.get<{ 'COUNT(*)': number }>(
'SELECT COUNT(*) FROM users WHERE role = ?',
['admin']
);
if (adminExists && adminExists.count > 0) {
res.status(400).json({ error: 'Admin user already exists' });
if (adminExists && adminExists['COUNT(*)'] > 0) {
res.status(400).json({ error: 'Admin existiert bereits' });
return;
}
const { email, password, name, phone, department } = req.body;
const { password, name, phone, department } = req.body;
const email = 'admin@instandhaltung.de'; // Fixed admin email
// Validation
if (!email || !password || !name) {
res.status(400).json({ error: 'Email, password, and name are required' });
return;
}
// Email format validation
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
if (!emailRegex.test(email)) {
res.status(400).json({ error: 'Invalid email format' });
if (!password || !name) {
res.status(400).json({ error: 'Passwort und Name sind erforderlich' });
return;
}
// Password length validation
if (password.length < 6) {
res.status(400).json({ error: 'Password must be at least 6 characters long' });
return;
}
// Check if email already exists
const existingUser = await db.get<{ id: string }>(
'SELECT id FROM users WHERE email = ?',
[email]
);
if (existingUser) {
res.status(409).json({ error: 'Email already exists' });
res.status(400).json({ error: 'Das Passwort muss mindestens 6 Zeichen lang sein' });
return;
}
// Hash password
const hashedPassword = await bcrypt.hash(password, 10);
const adminId = uuidv4();
const adminId = randomUUID();
// Create admin user
await db.run(
`INSERT INTO users (id, email, password, name, role, phone, department, is_active)
VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
[adminId, email, hashedPassword, name, 'admin', phone || null, department || null, true]
);
try {
// Create admin user
await db.run(
`INSERT INTO users (id, email, password, name, role, phone, department, is_active)
VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
[adminId, email, hashedPassword, name, 'admin', phone || null, department || null, true]
);
res.status(201).json({
message: 'Admin user created successfully',
userId: adminId,
email: email
});
res.status(201).json({
success: true,
message: 'Admin erfolgreich erstellt',
email: email
});
} catch (dbError) {
console.error('Database error during admin creation:', dbError);
res.status(500).json({
error: 'Fehler beim Erstellen des Admin-Accounts'
});
}
} catch (error) {
console.error('Error in setup:', error);
res.status(500).json({ error: 'Internal server error' });
res.status(500).json({
error: 'Ein unerwarteter Fehler ist aufgetreten'
});
}
};

12
backend/src/routes/auth.ts
View File

@@ -1,12 +1,22 @@
// backend/src/routes/auth.ts
import express from 'express';
import { login, register, logout, getCurrentUser } from '../controllers/authController.js';
import {
login,
register,
logout,
getCurrentUser,
validateToken
} from '../controllers/authController.js';
import { authMiddleware } from '../middleware/auth.js';
const router = express.Router();
// Public routes
router.post('/login', login);
router.post('/register', register);
router.get('/validate', validateToken);
// Protected routes (require authentication)
router.post('/logout', authMiddleware, logout);
router.get('/me', authMiddleware, getCurrentUser);

37
backend/src/server.ts
View File

@@ -42,18 +42,13 @@ app.get('/api/initial-setup', async (req: any, res: any) => {
try {
const { db } = await import('./services/databaseService.js');
// Define proper interface for the result
interface AdminCountResult {
count: number;
}
const adminExists = await db.get<AdminCountResult>(
'SELECT COUNT(*) as count FROM users WHERE role = ?',
const adminExists = await db.get<{ 'COUNT(*)': number }>(
'SELECT COUNT(*) FROM users WHERE role = ?',
['admin']
);
res.json({
needsInitialSetup: !adminExists || adminExists.count === 0
needsInitialSetup: !adminExists || adminExists['COUNT(*)'] === 0
});
} catch (error) {
console.error('Error checking initial setup:', error);
@@ -61,23 +56,29 @@ app.get('/api/initial-setup', async (req: any, res: any) => {
}
});
// Start server
app.listen(PORT, async () => {
console.log('🎉 BACKEND STARTED SUCCESSFULLY!');
console.log(`📍 Port: ${PORT}`);
console.log(`📍 Health: http://localhost:${PORT}/api/health`);
// Initialize the application
const initializeApp = async () => {
try {
await initializeDatabase();
console.log('✅ Database initialized successfully');
await setupDefaultTemplate();
console.log('✅ Default template checked/created');
// Start server only after successful initialization
app.listen(PORT, () => {
console.log('🎉 BACKEND STARTED SUCCESSFULLY!');
console.log(`📍 Port: ${PORT}`);
console.log(`📍 Health: http://localhost:${PORT}/api/health`);
console.log('');
console.log(`🔧 Setup ready at: http://localhost:${PORT}/api/setup/status`);
console.log('📝 Create your admin account on first launch');
});
} catch (error) {
console.error('❌ Error during initialization:', error);
process.exit(1); // Exit if initialization fails
}
};
console.log('');
console.log(`🔧 Setup ready at: http://localhost:${PORT}/api/setup/status`);
console.log('📝 Create your admin account on first launch');
});
// Start the application
initializeApp();

6
backend/src/services/databaseService.ts
View File

@@ -32,11 +32,11 @@ class Database {
});
}
async run(sql: string, params: any[] = []): Promise<void> {
async run(sql: string, params: any[] = []): Promise<{ lastID?: number }> {
return new Promise((resolve, reject) => {
this.db.run(sql, params, (err) => {
this.db.run(sql, params, function(err) {
if (err) reject(err);
else resolve();
else resolve({ lastID: this.lastID });
});
});
}