bd59243e2c
session.secret wird ohne API-Key nicht zurückgegeben. Login nutzt daher session.userId und die Admin Users API statt account.get(). Co-authored-by: Cursor <cursoragent@cursor.com>
113 lines
3.2 KiB
JavaScript
113 lines
3.2 KiB
JavaScript
import { Router } from 'express'
|
|
import { config } from '../config.js'
|
|
import {
|
|
getCustomerByAppwriteUserId,
|
|
getPortalAccessByCustomerId,
|
|
updateDocument,
|
|
} from '../services/appwriteAdmin.js'
|
|
import { loginWithAppwrite } from '../services/appwriteClient.js'
|
|
import {
|
|
clearPortalSession,
|
|
requireSession,
|
|
setPortalSession,
|
|
} from '../middleware/session.js'
|
|
|
|
const router = Router()
|
|
|
|
function sanitizeCustomer(customer) {
|
|
return {
|
|
id: customer.$id,
|
|
code: customer.code || '',
|
|
name: customer.name || '',
|
|
companyName: customer.companyName || '',
|
|
email: customer.email || '',
|
|
phone: customer.phone || '',
|
|
location: customer.location || '',
|
|
customerStatus: customer.customerStatus || '',
|
|
portalAccessEnabled: Boolean(customer.portalAccessEnabled),
|
|
}
|
|
}
|
|
|
|
async function validatePortalAccess(appwriteUserId) {
|
|
const customer = await getCustomerByAppwriteUserId(appwriteUserId)
|
|
if (!customer) {
|
|
const error = new Error('Kein Kundenkonto für diesen Login gefunden.')
|
|
error.status = 403
|
|
throw error
|
|
}
|
|
|
|
if (!customer.portalAccessEnabled) {
|
|
const error = new Error('Portalzugang ist nicht freigeschaltet.')
|
|
error.status = 403
|
|
throw error
|
|
}
|
|
|
|
const portalAccess = await getPortalAccessByCustomerId(customer.$id)
|
|
if (!portalAccess || !portalAccess.enabled) {
|
|
const error = new Error('Portalzugang ist deaktiviert.')
|
|
error.status = 403
|
|
throw error
|
|
}
|
|
|
|
const status = (customer.customerStatus || '').toLowerCase()
|
|
if (!config.allowedCustomerStatuses.includes(status)) {
|
|
const error = new Error('Kundenkonto ist nicht aktiv.')
|
|
error.status = 403
|
|
throw error
|
|
}
|
|
|
|
return { customer, portalAccess }
|
|
}
|
|
|
|
router.post('/login', async (req, res) => {
|
|
const { email, password } = req.body || {}
|
|
if (!email || !password) {
|
|
return res.status(400).json({ error: 'E-Mail und Passwort erforderlich' })
|
|
}
|
|
|
|
try {
|
|
const user = await loginWithAppwrite(email.trim(), password)
|
|
const { customer, portalAccess } = await validatePortalAccess(user.$id)
|
|
|
|
setPortalSession(res, {
|
|
customerId: customer.$id,
|
|
appwriteUserId: user.$id,
|
|
name: customer.name || user.name || '',
|
|
email: customer.email || user.email || email,
|
|
})
|
|
|
|
try {
|
|
await updateDocument(config.collections.customerPortalAccess, portalAccess.$id, {
|
|
lastLoginAt: new Date().toISOString(),
|
|
})
|
|
} catch (err) {
|
|
console.warn('[auth] lastLoginAt update failed:', err.message)
|
|
}
|
|
|
|
return res.json({ success: true, customer: sanitizeCustomer(customer) })
|
|
} catch (err) {
|
|
const status = err.status || 500
|
|
return res.status(status).json({ error: err.message || 'Anmeldung fehlgeschlagen' })
|
|
}
|
|
})
|
|
|
|
router.post('/logout', (_req, res) => {
|
|
clearPortalSession(res)
|
|
res.json({ success: true })
|
|
})
|
|
|
|
router.get('/me', requireSession, async (req, res) => {
|
|
try {
|
|
const customer = await getCustomerByAppwriteUserId(req.session.appwriteUserId)
|
|
if (!customer) {
|
|
clearPortalSession(res)
|
|
return res.status(403).json({ error: 'Kundenkonto nicht gefunden' })
|
|
}
|
|
return res.json({ customer: sanitizeCustomer(customer) })
|
|
} catch (err) {
|
|
return res.status(500).json({ error: err.message || 'Fehler beim Laden' })
|
|
}
|
|
})
|
|
|
|
export default router
|