knso/Webklar-Kundenbereich
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix 4

Browse Source
This commit is contained in:
KNSO
2026-05-23 01:18:44 +02:00
parent 3f2572ca59
commit 3840ecf494
8 changed files with 344 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
server/routes/auth.js
View File

@@ -6,10 +6,9 @@ import {
getPortalAccessByCustomerId,
updateDocument,
} from '../services/appwriteAdmin.js'
import { loginWithAppwrite } from '../services/appwriteClient.js'
import { loginWithAppwrite, getLoginCooldownRemainingSec } from '../services/appwriteClient.js'
import {
clearPortalSession,
requireSession,
setPortalSession,
} from '../middleware/session.js'
@@ -65,6 +64,14 @@ async function validatePortalAccess(appwriteUserId, email) {
return { customer, portalAccess }
}
router.get('/login-status', (_req, res) => {
const retryAfterSeconds = getLoginCooldownRemainingSec()
res.json({
blocked: retryAfterSeconds > 0,
retryAfterSeconds,
})
})
router.post('/login', async (req, res) => {
const { email, password } = req.body || {}
if (!email || !password) {
@@ -93,6 +100,14 @@ router.post('/login', async (req, res) => {
return res.json({ success: true, customer: sanitizeCustomer(customer) })
} catch (err) {
const status = err.status || 500
if (status === 429) {
return res.status(429).json({
error:
err.message ||
'Zu viele Anmeldeversuche. Bitte warte einige Minuten, bevor du es erneut versuchst.',
retryAfterSeconds: getLoginCooldownRemainingSec(),
})
}
if (err?.message?.includes('not authorized')) {
return res.status(500).json({
error:
@@ -108,14 +123,28 @@ router.post('/logout', (_req, res) => {
res.json({ success: true })
})
router.get('/me', requireSession, async (req, res) => {
router.get('/me', async (req, res) => {
const raw = req.signedCookies?.[config.cookieName]
if (!raw) {
return res.json({ authenticated: false })
}
try {
const customer = await getCustomerByAppwriteUserId(req.session.appwriteUserId)
const session = JSON.parse(raw)
if (!session.customerId || !session.appwriteUserId) {
return res.json({ authenticated: false })
}
const customer = await getCustomerByAppwriteUserId(session.appwriteUserId)
if (!customer) {
clearPortalSession(res)
return res.status(403).json({ error: 'Kundenkonto nicht gefunden' })
return res.json({ authenticated: false })
}
return res.json({ customer: sanitizeCustomer(customer) })
return res.json({
authenticated: true,
customer: sanitizeCustomer(customer),
})
} catch (err) {
return res.status(500).json({ error: err.message || 'Fehler beim Laden' })
}