knso/Webklar-Kundenbereich
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix 4

Browse Source
This commit is contained in:
KNSO
2026-05-23 01:18:44 +02:00
parent 3f2572ca59
commit 3840ecf494
8 changed files with 344 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
server/services/appwriteAdmin.js
View File

@@ -16,6 +16,15 @@ function adminHeaders() {
}
}
function formatRequestBody(body, method) {
if (!body || method === 'GET' || method === 'DELETE') return body
if (body.data !== undefined) return body
const { documentId, ...fields } = body
const payload = { data: fields }
if (documentId) payload.documentId = documentId
return payload
}
async function adminFetch(path, { method = 'GET', body, queries = [] } = {}) {
if (!config.appwrite.apiKey) {
const error = new Error('APPWRITE_API_KEY fehlt in .env')
@@ -28,10 +37,12 @@ async function adminFetch(path, { method = 'GET', body, queries = [] } = {}) {
url.searchParams.append('queries[]', q)
}
const requestBody = formatRequestBody(body, method)
const response = await fetch(url.toString(), {
method,
headers: adminHeaders(),
body: body ? JSON.stringify(body) : undefined,
body: requestBody ? JSON.stringify(requestBody) : undefined,
})
const text = await response.text()
@@ -48,6 +59,23 @@ async function adminFetch(path, { method = 'GET', body, queries = [] } = {}) {
const error = new Error(data?.message || `Appwrite ${response.status}`)
error.status = response.status >= 500 ? 500 : response.status
error.code = data?.code
error.type = data?.type
if (response.status === 401 && data?.type === 'user_unauthorized') {
// #region agent log
fetch('http://127.0.0.1:7281/ingest/30e8e71c-b377-4e72-84f9-593826c6d234', {
method: 'POST',
headers: { 'Content-Type': 'application/json', 'X-Debug-Session-Id': '80bbfc' },
body: JSON.stringify({
sessionId: '80bbfc',
location: 'appwriteAdmin.js:adminFetch',
message: 'API key unauthorized',
data: { path, status: response.status, type: data?.type, code: data?.code },
hypothesisId: 'H9',
timestamp: Date.now(),
}),
}).catch(() => {})
// #endregion
}
throw error
}
@@ -142,6 +170,24 @@ export async function upsertWebsiteProjectByRepo(repoFullName, data) {
})
}
export async function verifyDatabaseAccess() {
if (!config.appwrite.apiKey) {
return { ok: false, reason: 'APPWRITE_API_KEY fehlt' }
}
try {
await listDocuments(config.collections.customers, [Query.limit(1)])
return { ok: true }
} catch (err) {
return {
ok: false,
reason: err.message,
code: err.code,
type: err.type,
status: err.status,
}
}
}
export function createAdminClient() {
return { usesNativeFetch: true, databaseId: WOMS_DATABASE_ID }
}

67
server/services/appwriteClient.js
View File

@@ -1,5 +1,4 @@
import { config } from '../config.js'
import { deleteUserSession, getUserById } from './appwriteAdmin.js'
const DEBUG_LOG = (location, message, data, hypothesisId) => {
// #region agent log
@@ -45,9 +44,14 @@ async function appwriteFetch(path, { method = 'GET', body } = {}) {
if (!response.ok) {
const error = new Error(data?.message || `Appwrite ${response.status}`)
error.status = response.status === 401 ? 401 : response.status >= 500 ? 500 : 401
error.status = response.status
error.code = data?.code
error.type = data?.type
if (response.status === 429 || data?.type === 'general_rate_limit_exceeded') {
error.message =
'Zu viele Anmeldeversuche. Bitte warte einige Minuten, bevor du es erneut versuchst.'
error.status = 429
}
throw error
}
@@ -55,10 +59,33 @@ async function appwriteFetch(path, { method = 'GET', body } = {}) {
}
/**
* Appwrite Auth per native fetch (Node 26 + node-appwrite-Agent ist inkompatibel).
* session.secret fehlt serverseitig oft userId aus Session + Users-API.
* Login via Appwrite Auth REST. userId kommt aus der Session kein users.read nötig.
*/
let appwriteLoginBlockedUntil = 0
const APPWRITE_LOGIN_COOLDOWN_MS = 5 * 60 * 1000
const APPWRITE_RATE_LIMIT_COOLDOWN_MS = 15 * 60 * 1000
export function getLoginCooldownRemainingSec() {
const left = appwriteLoginBlockedUntil - Date.now()
return left > 0 ? Math.ceil(left / 1000) : 0
}
export function clearLoginCooldown() {
appwriteLoginBlockedUntil = 0
}
export async function loginWithAppwrite(email, password) {
const now = Date.now()
if (now < appwriteLoginBlockedUntil) {
const waitSec = Math.ceil((appwriteLoginBlockedUntil - now) / 1000)
DEBUG_LOG('appwriteClient.js:cooldown', 'login blocked locally', { waitSec }, 'H8')
const error = new Error(
`Zu viele Anmeldeversuche. Bitte warte noch ${waitSec} Sekunden.`
)
error.status = 429
throw error
}
let session
try {
session = await appwriteFetch('/account/sessions/email', {
@@ -74,6 +101,9 @@ export async function loginWithAppwrite(email, password) {
message: err?.message?.slice(0, 120),
code: err?.code,
}, 'H1')
if (err.status === 429) {
appwriteLoginBlockedUntil = Date.now() + APPWRITE_RATE_LIMIT_COOLDOWN_MS
}
const error = new Error(err.message || 'Anmeldung fehlgeschlagen')
error.status = err.status || 401
throw error
@@ -85,32 +115,9 @@ export async function loginWithAppwrite(email, password) {
throw error
}
let user
try {
user = await getUserById(session.userId)
DEBUG_LOG('appwriteClient.js:getUser', 'users.get ok', { userId: user?.$id || null }, 'H6')
} catch (err) {
DEBUG_LOG('appwriteClient.js:getUser', 'users.get fail', {
message: err?.message?.slice(0, 120),
code: err?.code,
}, 'H7')
if (err?.message?.includes('not authorized')) {
const error = new Error(
'Server-API-Key: Scope users.read erforderlich (Appwrite Console).'
)
error.status = 500
throw error
}
user = { $id: session.userId, email, name: '' }
}
if (session.$id) {
try {
await deleteUserSession(session.userId, session.$id)
} catch {
// Portal nutzt eigene Cookie-Session
}
}
const user = { $id: session.userId, email, name: '' }
DEBUG_LOG('appwriteClient.js:user', 'using session userId', { userId: user.$id }, 'H7')
clearLoginCooldown()
return user
}