first commit
This commit is contained in:
Stefan Hacker
+301
@@ -0,0 +1,301 @@
|
||||
"use strict";
|
||||
var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||
return (mod && mod.__esModule) ? mod : { "default": mod };
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.login = login;
|
||||
exports.customerLogin = customerLogin;
|
||||
exports.setCustomerPortalPassword = setCustomerPortalPassword;
|
||||
exports.getCustomerPortalPassword = getCustomerPortalPassword;
|
||||
exports.createUser = createUser;
|
||||
exports.getUserById = getUserById;
|
||||
exports.getCustomerPortalUser = getCustomerPortalUser;
|
||||
const client_1 = require("@prisma/client");
|
||||
const bcryptjs_1 = __importDefault(require("bcryptjs"));
|
||||
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
||||
const encryption_js_1 = require("../utils/encryption.js");
|
||||
const prisma = new client_1.PrismaClient();
|
||||
// Mitarbeiter-Login
|
||||
async function login(email, password) {
|
||||
const user = await prisma.user.findUnique({
|
||||
where: { email },
|
||||
include: {
|
||||
roles: {
|
||||
include: {
|
||||
role: {
|
||||
include: {
|
||||
permissions: {
|
||||
include: {
|
||||
permission: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
});
|
||||
if (!user || !user.isActive) {
|
||||
throw new Error('Ungültige Anmeldedaten');
|
||||
}
|
||||
const isValid = await bcryptjs_1.default.compare(password, user.password);
|
||||
if (!isValid) {
|
||||
throw new Error('Ungültige Anmeldedaten');
|
||||
}
|
||||
// Collect all permissions from all roles
|
||||
const permissions = new Set();
|
||||
for (const userRole of user.roles) {
|
||||
for (const rolePerm of userRole.role.permissions) {
|
||||
permissions.add(`${rolePerm.permission.resource}:${rolePerm.permission.action}`);
|
||||
}
|
||||
}
|
||||
const payload = {
|
||||
userId: user.id,
|
||||
email: user.email,
|
||||
permissions: Array.from(permissions),
|
||||
customerId: user.customerId ?? undefined,
|
||||
isCustomerPortal: false,
|
||||
};
|
||||
const token = jsonwebtoken_1.default.sign(payload, process.env.JWT_SECRET || 'fallback-secret', {
|
||||
expiresIn: (process.env.JWT_EXPIRES_IN || '7d'),
|
||||
});
|
||||
return {
|
||||
token,
|
||||
user: {
|
||||
id: user.id,
|
||||
email: user.email,
|
||||
firstName: user.firstName,
|
||||
lastName: user.lastName,
|
||||
permissions: Array.from(permissions),
|
||||
customerId: user.customerId,
|
||||
isCustomerPortal: false,
|
||||
},
|
||||
};
|
||||
}
|
||||
// Kundenportal-Login
|
||||
async function customerLogin(email, password) {
|
||||
console.log('[CustomerLogin] Versuch mit E-Mail:', email);
|
||||
const customer = await prisma.customer.findUnique({
|
||||
where: { portalEmail: email },
|
||||
include: {
|
||||
// Kunden, die dieser Kunde vertreten kann
|
||||
representingFor: {
|
||||
where: { isActive: true },
|
||||
include: {
|
||||
customer: {
|
||||
select: {
|
||||
id: true,
|
||||
customerNumber: true,
|
||||
firstName: true,
|
||||
lastName: true,
|
||||
companyName: true,
|
||||
type: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
});
|
||||
console.log('[CustomerLogin] Kunde gefunden:', customer ? `ID ${customer.id}, portalEnabled: ${customer.portalEnabled}, hasPasswordHash: ${!!customer.portalPasswordHash}` : 'NEIN');
|
||||
if (!customer || !customer.portalEnabled || !customer.portalPasswordHash) {
|
||||
console.log('[CustomerLogin] Abbruch: Kunde nicht gefunden oder Portal nicht aktiviert');
|
||||
throw new Error('Ungültige Anmeldedaten');
|
||||
}
|
||||
const isValid = await bcryptjs_1.default.compare(password, customer.portalPasswordHash);
|
||||
console.log('[CustomerLogin] Passwort-Check:', isValid ? 'OK' : 'FALSCH');
|
||||
if (!isValid) {
|
||||
throw new Error('Ungültige Anmeldedaten');
|
||||
}
|
||||
// Letzte Anmeldung aktualisieren
|
||||
await prisma.customer.update({
|
||||
where: { id: customer.id },
|
||||
data: { portalLastLogin: new Date() },
|
||||
});
|
||||
// IDs der Kunden sammeln, die dieser Kunde vertreten kann
|
||||
const representedCustomerIds = customer.representingFor.map((rep) => rep.customer.id);
|
||||
// Kundenportal-Berechtigungen (eingeschränkt)
|
||||
const customerPermissions = [
|
||||
'contracts:read', // Eigene Verträge lesen
|
||||
'customers:read', // Eigene Kundendaten lesen
|
||||
];
|
||||
const payload = {
|
||||
email: customer.portalEmail,
|
||||
permissions: customerPermissions,
|
||||
customerId: customer.id,
|
||||
isCustomerPortal: true,
|
||||
representedCustomerIds,
|
||||
};
|
||||
const token = jsonwebtoken_1.default.sign(payload, process.env.JWT_SECRET || 'fallback-secret', {
|
||||
expiresIn: (process.env.JWT_EXPIRES_IN || '7d'),
|
||||
});
|
||||
return {
|
||||
token,
|
||||
user: {
|
||||
id: customer.id,
|
||||
email: customer.portalEmail,
|
||||
firstName: customer.firstName,
|
||||
lastName: customer.lastName,
|
||||
permissions: customerPermissions,
|
||||
customerId: customer.id,
|
||||
isCustomerPortal: true,
|
||||
representedCustomers: customer.representingFor.map((rep) => ({
|
||||
id: rep.customer.id,
|
||||
customerNumber: rep.customer.customerNumber,
|
||||
firstName: rep.customer.firstName,
|
||||
lastName: rep.customer.lastName,
|
||||
companyName: rep.customer.companyName,
|
||||
type: rep.customer.type,
|
||||
})),
|
||||
},
|
||||
};
|
||||
}
|
||||
// Kundenportal-Passwort setzen/ändern
|
||||
async function setCustomerPortalPassword(customerId, password) {
|
||||
console.log('[SetPortalPassword] Setze Passwort für Kunde:', customerId);
|
||||
const hashedPassword = await bcryptjs_1.default.hash(password, 10);
|
||||
const encryptedPassword = (0, encryption_js_1.encrypt)(password);
|
||||
console.log('[SetPortalPassword] Hash erstellt, Länge:', hashedPassword.length);
|
||||
await prisma.customer.update({
|
||||
where: { id: customerId },
|
||||
data: {
|
||||
portalPasswordHash: hashedPassword,
|
||||
portalPasswordEncrypted: encryptedPassword,
|
||||
},
|
||||
});
|
||||
console.log('[SetPortalPassword] Passwort gespeichert');
|
||||
}
|
||||
// Kundenportal-Passwort im Klartext abrufen
|
||||
async function getCustomerPortalPassword(customerId) {
|
||||
const customer = await prisma.customer.findUnique({
|
||||
where: { id: customerId },
|
||||
select: { portalPasswordEncrypted: true },
|
||||
});
|
||||
if (!customer?.portalPasswordEncrypted) {
|
||||
return null;
|
||||
}
|
||||
try {
|
||||
return (0, encryption_js_1.decrypt)(customer.portalPasswordEncrypted);
|
||||
}
|
||||
catch (error) {
|
||||
console.error('Fehler beim Entschlüsseln des Passworts:', error);
|
||||
return null;
|
||||
}
|
||||
}
|
||||
async function createUser(data) {
|
||||
const hashedPassword = await bcryptjs_1.default.hash(data.password, 10);
|
||||
const user = await prisma.user.create({
|
||||
data: {
|
||||
email: data.email,
|
||||
password: hashedPassword,
|
||||
firstName: data.firstName,
|
||||
lastName: data.lastName,
|
||||
customerId: data.customerId,
|
||||
roles: {
|
||||
create: data.roleIds.map((roleId) => ({ roleId })),
|
||||
},
|
||||
},
|
||||
include: {
|
||||
roles: {
|
||||
include: {
|
||||
role: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
});
|
||||
return {
|
||||
id: user.id,
|
||||
email: user.email,
|
||||
firstName: user.firstName,
|
||||
lastName: user.lastName,
|
||||
roles: user.roles.map((ur) => ur.role.name),
|
||||
};
|
||||
}
|
||||
async function getUserById(id) {
|
||||
const user = await prisma.user.findUnique({
|
||||
where: { id },
|
||||
include: {
|
||||
roles: {
|
||||
include: {
|
||||
role: {
|
||||
include: {
|
||||
permissions: {
|
||||
include: {
|
||||
permission: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
});
|
||||
if (!user)
|
||||
return null;
|
||||
console.log('auth.getUserById - user roles:', user.roles.map(ur => ur.role.name));
|
||||
const permissions = new Set();
|
||||
for (const userRole of user.roles) {
|
||||
for (const rolePerm of userRole.role.permissions) {
|
||||
permissions.add(`${rolePerm.permission.resource}:${rolePerm.permission.action}`);
|
||||
}
|
||||
}
|
||||
console.log('auth.getUserById - permissions:', Array.from(permissions));
|
||||
return {
|
||||
id: user.id,
|
||||
email: user.email,
|
||||
firstName: user.firstName,
|
||||
lastName: user.lastName,
|
||||
isActive: user.isActive,
|
||||
customerId: user.customerId,
|
||||
roles: user.roles.map((ur) => ur.role.name),
|
||||
permissions: Array.from(permissions),
|
||||
isCustomerPortal: false,
|
||||
};
|
||||
}
|
||||
// Kundenportal-Benutzer laden (für /me Endpoint)
|
||||
async function getCustomerPortalUser(customerId) {
|
||||
const customer = await prisma.customer.findUnique({
|
||||
where: { id: customerId },
|
||||
include: {
|
||||
representingFor: {
|
||||
where: { isActive: true },
|
||||
include: {
|
||||
customer: {
|
||||
select: {
|
||||
id: true,
|
||||
customerNumber: true,
|
||||
firstName: true,
|
||||
lastName: true,
|
||||
companyName: true,
|
||||
type: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
});
|
||||
if (!customer || !customer.portalEnabled)
|
||||
return null;
|
||||
const customerPermissions = [
|
||||
'contracts:read',
|
||||
'customers:read',
|
||||
];
|
||||
return {
|
||||
id: customer.id,
|
||||
email: customer.portalEmail,
|
||||
firstName: customer.firstName,
|
||||
lastName: customer.lastName,
|
||||
isActive: customer.portalEnabled,
|
||||
customerId: customer.id,
|
||||
permissions: customerPermissions,
|
||||
isCustomerPortal: true,
|
||||
representedCustomers: customer.representingFor.map((rep) => ({
|
||||
id: rep.customer.id,
|
||||
customerNumber: rep.customer.customerNumber,
|
||||
firstName: rep.customer.firstName,
|
||||
lastName: rep.customer.lastName,
|
||||
companyName: rep.customer.companyName,
|
||||
type: rep.customer.type,
|
||||
})),
|
||||
};
|
||||
}
|
||||
//# sourceMappingURL=auth.service.js.map
|
||||
Reference in New Issue
Block a user