duffyduck
8a5ffbb563
validatePasswordComplexity (12 Zeichen, Groß/Klein/Zahl/Sonderzeichen) zentral in passwordGenerator.ts; jetzt erzwungen in setPortalPassword, confirmPasswordReset, register, createUser, updateUser. Neue Endpoints: - POST /customers/:id/portal/password/generate → 16-Zeichen Zufallspasswort - POST /customers/:id/portal/send-credentials → Versand per Mail (nur wenn portalEnabled aktiv) Frontend (CustomerDetail): Generate-Button vor Setzen, Send-Credentials nach gesetztem Passwort, Live-Komplexitäts-Hint (✓/○) während Eingabe, alert() durch Toast-Notifications ersetzt. Live-verifiziert: schwaches Passwort → 400 mit Detail-Fehler, komplexes Passwort → 200, Generator liefert 16-Zeichen-Passwort. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
50 lines
3.5 KiB
TypeScript
50 lines
3.5 KiB
TypeScript
import { Router } from 'express';
|
|
import * as customerController from '../controllers/customer.controller.js';
|
|
import * as stressfreiEmailController from '../controllers/stressfreiEmail.controller.js';
|
|
import { authenticate, requirePermission, requireCustomerAccess } from '../middleware/auth.js';
|
|
|
|
const router = Router();
|
|
|
|
// Customers
|
|
router.get('/', authenticate, requirePermission('customers:read'), customerController.getCustomers);
|
|
router.post('/', authenticate, requirePermission('customers:create'), customerController.createCustomer);
|
|
router.get('/:id', authenticate, requireCustomerAccess, customerController.getCustomer);
|
|
router.put('/:id', authenticate, requirePermission('customers:update'), customerController.updateCustomer);
|
|
router.delete('/:id', authenticate, requirePermission('customers:delete'), customerController.deleteCustomer);
|
|
|
|
// Addresses
|
|
router.get('/:customerId/addresses', authenticate, requireCustomerAccess, customerController.getAddresses);
|
|
router.post('/:customerId/addresses', authenticate, requirePermission('customers:update'), customerController.createAddress);
|
|
|
|
// Bank Cards
|
|
router.get('/:customerId/bank-cards', authenticate, requireCustomerAccess, customerController.getBankCards);
|
|
router.post('/:customerId/bank-cards', authenticate, requirePermission('customers:update'), customerController.createBankCard);
|
|
|
|
// Identity Documents
|
|
router.get('/:customerId/documents', authenticate, requireCustomerAccess, customerController.getDocuments);
|
|
router.post('/:customerId/documents', authenticate, requirePermission('customers:update'), customerController.createDocument);
|
|
|
|
// Meters
|
|
router.get('/:customerId/meters', authenticate, requireCustomerAccess, customerController.getMeters);
|
|
router.post('/:customerId/meters', authenticate, requirePermission('customers:update'), customerController.createMeter);
|
|
|
|
// Stressfrei-Wechseln E-Mail-Adressen
|
|
router.get('/:customerId/stressfrei-emails', authenticate, requireCustomerAccess, stressfreiEmailController.getEmailsByCustomer);
|
|
router.post('/:customerId/stressfrei-emails', authenticate, requirePermission('customers:update'), stressfreiEmailController.createEmail);
|
|
|
|
// Portal Settings
|
|
router.get('/:customerId/portal', authenticate, requirePermission('customers:update'), customerController.getPortalSettings);
|
|
router.put('/:customerId/portal', authenticate, requirePermission('customers:update'), customerController.updatePortalSettings);
|
|
router.post('/:customerId/portal/password', authenticate, requirePermission('customers:update'), customerController.setPortalPassword);
|
|
router.get('/:customerId/portal/password', authenticate, requirePermission('customers:update'), customerController.getPortalPassword);
|
|
router.post('/:customerId/portal/password/generate', authenticate, requirePermission('customers:update'), customerController.generatePortalPassword);
|
|
router.post('/:customerId/portal/send-credentials', authenticate, requirePermission('customers:update'), customerController.sendPortalCredentials);
|
|
|
|
// Representatives (Vertreter)
|
|
router.get('/:customerId/representatives', authenticate, requirePermission('customers:read'), customerController.getRepresentatives);
|
|
router.post('/:customerId/representatives', authenticate, requirePermission('customers:update'), customerController.addRepresentative);
|
|
router.delete('/:customerId/representatives/:representativeId', authenticate, requirePermission('customers:update'), customerController.removeRepresentative);
|
|
router.get('/:customerId/representatives/search', authenticate, requirePermission('customers:read'), customerController.searchForRepresentative);
|
|
|
|
export default router;
|