125 lines
3.7 KiB
JavaScript
125 lines
3.7 KiB
JavaScript
import { Router } from 'express'
|
|
import { config } from '../config.js'
|
|
import {
|
|
getCustomerByAppwriteUserId,
|
|
getCustomerByEmail,
|
|
getPortalAccessByCustomerId,
|
|
updateDocument,
|
|
} from '../services/appwriteAdmin.js'
|
|
import { loginWithAppwrite } from '../services/appwriteClient.js'
|
|
import {
|
|
clearPortalSession,
|
|
requireSession,
|
|
setPortalSession,
|
|
} from '../middleware/session.js'
|
|
|
|
const router = Router()
|
|
|
|
function sanitizeCustomer(customer) {
|
|
return {
|
|
id: customer.$id,
|
|
code: customer.code || '',
|
|
name: customer.name || '',
|
|
companyName: customer.companyName || '',
|
|
email: customer.email || '',
|
|
phone: customer.phone || '',
|
|
location: customer.location || '',
|
|
customerStatus: customer.customerStatus || '',
|
|
portalAccessEnabled: Boolean(customer.portalAccessEnabled),
|
|
}
|
|
}
|
|
|
|
async function validatePortalAccess(appwriteUserId, email) {
|
|
let customer = await getCustomerByAppwriteUserId(appwriteUserId)
|
|
if (!customer && email) {
|
|
customer = await getCustomerByEmail(email)
|
|
}
|
|
if (!customer) {
|
|
const error = new Error(
|
|
`Kein Kundenkonto für diesen Login gefunden. Im Ticketsystem customers.appwriteUserId auf "${appwriteUserId}" setzen (E-Mail: ${email}).`
|
|
)
|
|
error.status = 403
|
|
throw error
|
|
}
|
|
|
|
if (!customer.portalAccessEnabled) {
|
|
const error = new Error('Portalzugang ist nicht freigeschaltet.')
|
|
error.status = 403
|
|
throw error
|
|
}
|
|
|
|
const portalAccess = await getPortalAccessByCustomerId(customer.$id)
|
|
if (!portalAccess || !portalAccess.enabled) {
|
|
const error = new Error('Portalzugang ist deaktiviert.')
|
|
error.status = 403
|
|
throw error
|
|
}
|
|
|
|
const status = (customer.customerStatus || '').toLowerCase()
|
|
if (!config.allowedCustomerStatuses.includes(status)) {
|
|
const error = new Error('Kundenkonto ist nicht aktiv.')
|
|
error.status = 403
|
|
throw error
|
|
}
|
|
|
|
return { customer, portalAccess }
|
|
}
|
|
|
|
router.post('/login', async (req, res) => {
|
|
const { email, password } = req.body || {}
|
|
if (!email || !password) {
|
|
return res.status(400).json({ error: 'E-Mail und Passwort erforderlich' })
|
|
}
|
|
|
|
try {
|
|
const user = await loginWithAppwrite(email.trim(), password)
|
|
const { customer, portalAccess } = await validatePortalAccess(user.$id, email.trim())
|
|
|
|
setPortalSession(res, {
|
|
customerId: customer.$id,
|
|
appwriteUserId: user.$id,
|
|
name: customer.name || user.name || '',
|
|
email: customer.email || user.email || email,
|
|
})
|
|
|
|
try {
|
|
await updateDocument(config.collections.customerPortalAccess, portalAccess.$id, {
|
|
lastLoginAt: new Date().toISOString(),
|
|
})
|
|
} catch (err) {
|
|
console.warn('[auth] lastLoginAt update failed:', err.message)
|
|
}
|
|
|
|
return res.json({ success: true, customer: sanitizeCustomer(customer) })
|
|
} catch (err) {
|
|
const status = err.status || 500
|
|
if (err?.message?.includes('not authorized')) {
|
|
return res.status(500).json({
|
|
error:
|
|
'Server-Konfiguration: APPWRITE_API_KEY benötigt databases.read für woms-database (customers, customerPortalAccess).',
|
|
})
|
|
}
|
|
return res.status(status).json({ error: err.message || 'Anmeldung fehlgeschlagen' })
|
|
}
|
|
})
|
|
|
|
router.post('/logout', (_req, res) => {
|
|
clearPortalSession(res)
|
|
res.json({ success: true })
|
|
})
|
|
|
|
router.get('/me', requireSession, async (req, res) => {
|
|
try {
|
|
const customer = await getCustomerByAppwriteUserId(req.session.appwriteUserId)
|
|
if (!customer) {
|
|
clearPortalSession(res)
|
|
return res.status(403).json({ error: 'Kundenkonto nicht gefunden' })
|
|
}
|
|
return res.json({ customer: sanitizeCustomer(customer) })
|
|
} catch (err) {
|
|
return res.status(500).json({ error: err.message || 'Fehler beim Laden' })
|
|
}
|
|
})
|
|
|
|
export default router
|