Hacker-Software
/
opencrm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
opencrm/backend/dist/services/auth.service.js

301 lines
10 KiB
JavaScript
Raw Permalink Blame History

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.login = login;
exports.customerLogin = customerLogin;
exports.setCustomerPortalPassword = setCustomerPortalPassword;
exports.getCustomerPortalPassword = getCustomerPortalPassword;
exports.createUser = createUser;
exports.getUserById = getUserById;
exports.getCustomerPortalUser = getCustomerPortalUser;
const client_1 = require("@prisma/client");
const bcryptjs_1 = __importDefault(require("bcryptjs"));
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
const encryption_js_1 = require("../utils/encryption.js");
const prisma = new client_1.PrismaClient();
// Mitarbeiter-Login
async function login(email, password) {
const user = await prisma.user.findUnique({
where: { email },
include: {
roles: {
include: {
role: {
include: {
permissions: {
include: {
permission: true,
},
},
},
},
},
},
},
});
if (!user || !user.isActive) {
throw new Error('Ungültige Anmeldedaten');
}
const isValid = await bcryptjs_1.default.compare(password, user.password);
if (!isValid) {
throw new Error('Ungültige Anmeldedaten');
}
// Collect all permissions from all roles
const permissions = new Set();
for (const userRole of user.roles) {
for (const rolePerm of userRole.role.permissions) {
permissions.add(`${rolePerm.permission.resource}:${rolePerm.permission.action}`);
}
}
const payload = {
userId: user.id,
email: user.email,
permissions: Array.from(permissions),
customerId: user.customerId ?? undefined,
isCustomerPortal: false,
};
const token = jsonwebtoken_1.default.sign(payload, process.env.JWT_SECRET || 'fallback-secret', {
expiresIn: (process.env.JWT_EXPIRES_IN || '7d'),
});
return {
token,
user: {
id: user.id,
email: user.email,
firstName: user.firstName,
lastName: user.lastName,
permissions: Array.from(permissions),
customerId: user.customerId,
isCustomerPortal: false,
},
};
}
// Kundenportal-Login
async function customerLogin(email, password) {
console.log('[CustomerLogin] Versuch mit E-Mail:', email);
const customer = await prisma.customer.findUnique({
where: { portalEmail: email },
include: {
// Kunden, die dieser Kunde vertreten kann
representingFor: {
where: { isActive: true },
include: {
customer: {
select: {
id: true,
customerNumber: true,
firstName: true,
lastName: true,
companyName: true,
type: true,
},
},
},
},
},
});
console.log('[CustomerLogin] Kunde gefunden:', customer ? `ID ${customer.id}, portalEnabled: ${customer.portalEnabled}, hasPasswordHash: ${!!customer.portalPasswordHash}` : 'NEIN');
if (!customer || !customer.portalEnabled || !customer.portalPasswordHash) {
console.log('[CustomerLogin] Abbruch: Kunde nicht gefunden oder Portal nicht aktiviert');
throw new Error('Ungültige Anmeldedaten');
}
const isValid = await bcryptjs_1.default.compare(password, customer.portalPasswordHash);
console.log('[CustomerLogin] Passwort-Check:', isValid ? 'OK' : 'FALSCH');
if (!isValid) {
throw new Error('Ungültige Anmeldedaten');
}
// Letzte Anmeldung aktualisieren
await prisma.customer.update({
where: { id: customer.id },
data: { portalLastLogin: new Date() },
});
// IDs der Kunden sammeln, die dieser Kunde vertreten kann
const representedCustomerIds = customer.representingFor.map((rep) => rep.customer.id);
// Kundenportal-Berechtigungen (eingeschränkt)
const customerPermissions = [
'contracts:read', // Eigene Verträge lesen
'customers:read', // Eigene Kundendaten lesen
];
const payload = {
email: customer.portalEmail,
permissions: customerPermissions,
customerId: customer.id,
isCustomerPortal: true,
representedCustomerIds,
};
const token = jsonwebtoken_1.default.sign(payload, process.env.JWT_SECRET || 'fallback-secret', {
expiresIn: (process.env.JWT_EXPIRES_IN || '7d'),
});
return {
token,
user: {
id: customer.id,
email: customer.portalEmail,
firstName: customer.firstName,
lastName: customer.lastName,
permissions: customerPermissions,
customerId: customer.id,
isCustomerPortal: true,
representedCustomers: customer.representingFor.map((rep) => ({
id: rep.customer.id,
customerNumber: rep.customer.customerNumber,
firstName: rep.customer.firstName,
lastName: rep.customer.lastName,
companyName: rep.customer.companyName,
type: rep.customer.type,
})),
},
};
}
// Kundenportal-Passwort setzen/ändern
async function setCustomerPortalPassword(customerId, password) {
console.log('[SetPortalPassword] Setze Passwort für Kunde:', customerId);
const hashedPassword = await bcryptjs_1.default.hash(password, 10);
const encryptedPassword = (0, encryption_js_1.encrypt)(password);
console.log('[SetPortalPassword] Hash erstellt, Länge:', hashedPassword.length);
await prisma.customer.update({
where: { id: customerId },
data: {
portalPasswordHash: hashedPassword,
portalPasswordEncrypted: encryptedPassword,
},
});
console.log('[SetPortalPassword] Passwort gespeichert');
}
// Kundenportal-Passwort im Klartext abrufen
async function getCustomerPortalPassword(customerId) {
const customer = await prisma.customer.findUnique({
where: { id: customerId },
select: { portalPasswordEncrypted: true },
});
if (!customer?.portalPasswordEncrypted) {
return null;
}
try {
return (0, encryption_js_1.decrypt)(customer.portalPasswordEncrypted);
}
catch (error) {
console.error('Fehler beim Entschlüsseln des Passworts:', error);
return null;
}
}
async function createUser(data) {
const hashedPassword = await bcryptjs_1.default.hash(data.password, 10);
const user = await prisma.user.create({
data: {
email: data.email,
password: hashedPassword,
firstName: data.firstName,
lastName: data.lastName,
customerId: data.customerId,
roles: {
create: data.roleIds.map((roleId) => ({ roleId })),
},
},
include: {
roles: {
include: {
role: true,
},
},
},
});
return {
id: user.id,
email: user.email,
firstName: user.firstName,
lastName: user.lastName,
roles: user.roles.map((ur) => ur.role.name),
};
}
async function getUserById(id) {
const user = await prisma.user.findUnique({
where: { id },
include: {
roles: {
include: {
role: {
include: {
permissions: {
include: {
permission: true,
},
},
},
},
},
},
},
});
if (!user)
return null;
console.log('auth.getUserById - user roles:', user.roles.map(ur => ur.role.name));
const permissions = new Set();
for (const userRole of user.roles) {
for (const rolePerm of userRole.role.permissions) {
permissions.add(`${rolePerm.permission.resource}:${rolePerm.permission.action}`);
}
}
console.log('auth.getUserById - permissions:', Array.from(permissions));
return {
id: user.id,
email: user.email,
firstName: user.firstName,
lastName: user.lastName,
isActive: user.isActive,
customerId: user.customerId,
roles: user.roles.map((ur) => ur.role.name),
permissions: Array.from(permissions),
isCustomerPortal: false,
};
}
// Kundenportal-Benutzer laden (für /me Endpoint)
async function getCustomerPortalUser(customerId) {
const customer = await prisma.customer.findUnique({
where: { id: customerId },
include: {
representingFor: {
where: { isActive: true },
include: {
customer: {
select: {
id: true,
customerNumber: true,
firstName: true,
lastName: true,
companyName: true,
type: true,
},
},
},
},
},
});
if (!customer || !customer.portalEnabled)
return null;
const customerPermissions = [
'contracts:read',
'customers:read',
];
return {
id: customer.id,
email: customer.portalEmail,
firstName: customer.firstName,
lastName: customer.lastName,
isActive: customer.portalEnabled,
customerId: customer.id,
permissions: customerPermissions,
isCustomerPortal: true,
representedCustomers: customer.representingFor.map((rep) => ({
id: rep.customer.id,
customerNumber: rep.customer.customerNumber,
firstName: rep.customer.firstName,
lastName: rep.customer.lastName,
companyName: rep.customer.companyName,
type: rep.customer.type,
})),
};
}
//# sourceMappingURL=auth.service.js.map
Reference in New Issue View Git Blame Copy Permalink