Implementiere Kundenportal mit zentraler Appwrite-Anbindung.

Express-Server für Appwrite-Auth, Session, Projekt-Dashboard und Gitea-Webhook; statisches Frontend und Schema-Dokumentation für woms-database.

Co-authored-by: Cursor <cursoragent@cursor.com>

server/middleware/session.js

@@ -0,0 +1,49 @@
+import cookieParser from 'cookie-parser'
+import { config } from '../config.js'
+
+const SESSION_MAX_AGE_MS = 7 * 24 * 60 * 60 * 1000
+
+export function sessionMiddleware() {
+  return cookieParser(config.sessionSecret)
+}
+
+export function setPortalSession(res, data) {
+  res.cookie(config.cookieName, JSON.stringify(data), {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === 'production',
+    sameSite: 'lax',
+    maxAge: SESSION_MAX_AGE_MS,
+    signed: true,
+  })
+}
+
+export function clearPortalSession(res) {
+  res.clearCookie(config.cookieName, {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === 'production',
+    sameSite: 'lax',
+    signed: true,
+  })
+}
+
+export function requireSession(req, res, next) {
+  const raw = req.signedCookies?.[config.cookieName]
+  if (!raw) {
+    return res.status(401).json({ error: 'Nicht angemeldet' })
+  }
+
+  try {
+    const session = JSON.parse(raw)
+    if (!session.customerId || !session.appwriteUserId) {
+      return res.status(401).json({ error: 'Ungültige Session' })
+    }
+    req.session = session
+    next()
+  } catch {
+    return res.status(401).json({ error: 'Ungültige Session' })
+  }
+}
+
+export function getSessionCustomerId(req) {
+  return req.session?.customerId
+}