From 04827b1a39a4ecd9b2d9e6a8af1bd03735437563 Mon Sep 17 00:00:00 2001 From: AlexBocken Date: Sat, 22 Jul 2023 13:08:41 +0200 Subject: [PATCH] move API routes as cleanup --- src/routes/(main)/abrechnung/+page.svelte | 11 +--- src/routes/(main)/login/+page.server.ts | 2 +- src/routes/(main)/register/+page.server.ts | 2 +- src/routes/(main)/settings/+page.server.ts | 2 +- src/routes/(rezepte)/rezepte/+page.server.ts | 4 +- src/routes/(rezepte)/rezepte/[name]/+page.ts | 2 +- src/routes/(rezepte)/rezepte/add/+page.svelte | 4 +- .../(rezepte)/rezepte/category/+page.ts | 2 +- .../rezepte/category/[category]/+page.ts | 2 +- .../rezepte/edit/[name]/+page.server.ts | 2 +- .../rezepte/edit/[name]/+page.svelte | 12 ++--- src/routes/(rezepte)/rezepte/icon/+page.ts | 2 +- .../(rezepte)/rezepte/icon/[icon]/+page.ts | 4 +- src/routes/(rezepte)/rezepte/season/+page.ts | 2 +- .../(rezepte)/rezepte/season/[month]/+page.ts | 4 +- src/routes/(rezepte)/rezepte/tag/+page.ts | 2 +- .../(rezepte)/rezepte/tag/[tag]/+page.ts | 2 +- src/routes/api/rezepte/add/+server.ts | 30 +++++++++++ src/routes/api/rezepte/delete/+server.ts | 23 +++++++++ src/routes/api/rezepte/edit/+server.ts | 29 +++++++++++ src/routes/api/rezepte/img/add/+server.ts | 46 +++++++++++++++++ src/routes/api/rezepte/img/delete/+server.ts | 21 ++++++++ src/routes/api/rezepte/img/mv/+server.ts | 25 ++++++++++ .../api/rezepte/items/[name]/+server.ts | 17 +++++++ .../api/rezepte/items/all_brief/+server.ts | 12 +++++ .../api/rezepte/items/category/+server.ts | 13 +++++ .../items/category/[category]/+server.ts | 14 ++++++ src/routes/api/rezepte/items/icon/+server.ts | 13 +++++ .../api/rezepte/items/icon/[icon]/+server.ts | 14 ++++++ .../items/in_season/[month]/+server.ts | 13 +++++ src/routes/api/rezepte/items/tag/+server.ts | 13 +++++ .../api/rezepte/items/tag/[tag]/+server.ts | 14 ++++++ src/routes/api/user/admin/users/+server.ts | 23 +++++++++ src/routes/api/user/change_pw/+server.ts | 40 +++++++++++++++ src/routes/api/user/login/+server.ts | 46 +++++++++++++++++ src/routes/api/user/register/+server.ts | 50 +++++++++++++++++++ 36 files changed, 482 insertions(+), 35 deletions(-) create mode 100644 src/routes/api/rezepte/add/+server.ts create mode 100644 src/routes/api/rezepte/delete/+server.ts create mode 100644 src/routes/api/rezepte/edit/+server.ts create mode 100644 src/routes/api/rezepte/img/add/+server.ts create mode 100644 src/routes/api/rezepte/img/delete/+server.ts create mode 100644 src/routes/api/rezepte/img/mv/+server.ts create mode 100644 src/routes/api/rezepte/items/[name]/+server.ts create mode 100644 src/routes/api/rezepte/items/all_brief/+server.ts create mode 100644 src/routes/api/rezepte/items/category/+server.ts create mode 100644 src/routes/api/rezepte/items/category/[category]/+server.ts create mode 100644 src/routes/api/rezepte/items/icon/+server.ts create mode 100644 src/routes/api/rezepte/items/icon/[icon]/+server.ts create mode 100644 src/routes/api/rezepte/items/in_season/[month]/+server.ts create mode 100644 src/routes/api/rezepte/items/tag/+server.ts create mode 100644 src/routes/api/rezepte/items/tag/[tag]/+server.ts create mode 100644 src/routes/api/user/admin/users/+server.ts create mode 100644 src/routes/api/user/change_pw/+server.ts create mode 100644 src/routes/api/user/login/+server.ts create mode 100644 src/routes/api/user/register/+server.ts diff --git a/src/routes/(main)/abrechnung/+page.svelte b/src/routes/(main)/abrechnung/+page.svelte index 8ecd334..018cef2 100644 --- a/src/routes/(main)/abrechnung/+page.svelte +++ b/src/routes/(main)/abrechnung/+page.svelte @@ -1,10 +1 @@ - - -
- - -
+

WIP

diff --git a/src/routes/(main)/login/+page.server.ts b/src/routes/(main)/login/+page.server.ts index 4d07f8a..f8ebd72 100644 --- a/src/routes/(main)/login/+page.server.ts +++ b/src/routes/(main)/login/+page.server.ts @@ -11,7 +11,7 @@ export const load: PageServerLoad = async ({ locals }) => { export const actions: Actions = { login: async (event) => { const data = await event.request.formData() - const res = await event.fetch('/api/login', + const res = await event.fetch('/api/user/login', {method: 'POST', body: JSON.stringify({ username: data.get('username'), diff --git a/src/routes/(main)/register/+page.server.ts b/src/routes/(main)/register/+page.server.ts index 5f92c0c..5f5b626 100644 --- a/src/routes/(main)/register/+page.server.ts +++ b/src/routes/(main)/register/+page.server.ts @@ -10,7 +10,7 @@ export const load: PageServerLoad = async ({ locals }) => { export const actions: Actions = { register: async (event) => { const data = await event.request.formData(); - const res = await event.fetch('/api/register', + const res = await event.fetch('/api/user/register', {method: 'POST', body: JSON.stringify({ diff --git a/src/routes/(main)/settings/+page.server.ts b/src/routes/(main)/settings/+page.server.ts index 0f60df9..1f2ba02 100644 --- a/src/routes/(main)/settings/+page.server.ts +++ b/src/routes/(main)/settings/+page.server.ts @@ -15,7 +15,7 @@ export const actions: Actions = { }, login: async (event) => { const data = await event.request.formData() - const res = await event.fetch('/api/login', + const res = await event.fetch('/api/user/login', {method: 'POST', body: JSON.stringify({ username: data.get('username'), diff --git a/src/routes/(rezepte)/rezepte/+page.server.ts b/src/routes/(rezepte)/rezepte/+page.server.ts index f6e2ade..6bc2e24 100644 --- a/src/routes/(rezepte)/rezepte/+page.server.ts +++ b/src/routes/(rezepte)/rezepte/+page.server.ts @@ -2,8 +2,8 @@ import type { PageServerLoad } from "./$types"; export async function load({ fetch }) { let current_month = new Date().getMonth() + 1 - const res_season = await fetch(`/api/items/in_season/` + current_month); - const res_all_brief = await fetch(`/api/items/all_brief`); + const res_season = await fetch(`/api/rezepte/items/in_season/` + current_month); + const res_all_brief = await fetch(`/api/rezepte/items/all_brief`); const item_season = await res_season.json(); const item_all_brief = await res_all_brief.json(); return { diff --git a/src/routes/(rezepte)/rezepte/[name]/+page.ts b/src/routes/(rezepte)/rezepte/[name]/+page.ts index faecdd4..b6487ee 100644 --- a/src/routes/(rezepte)/rezepte/[name]/+page.ts +++ b/src/routes/(rezepte)/rezepte/[name]/+page.ts @@ -1,7 +1,7 @@ import { error } from "@sveltejs/kit"; export async function load({ fetch, params}) { - const res = await fetch(`/api/items/${params.name}`); + const res = await fetch(`/api/rezepte/items/${params.name}`); let item = await res.json(); if(!res.ok){ throw error(res.status, item.message) diff --git a/src/routes/(rezepte)/rezepte/add/+page.svelte b/src/routes/(rezepte)/rezepte/add/+page.svelte index a047c78..d624e4c 100644 --- a/src/routes/(rezepte)/rezepte/add/+page.svelte +++ b/src/routes/(rezepte)/rezepte/add/+page.svelte @@ -86,7 +86,7 @@ image: img_local, name: short_name, } - await fetch(`/api/img/add`, { + await fetch(`/api/rezepte/img/add`, { method: 'POST', headers: { 'Content-Type': 'application/json', @@ -101,7 +101,7 @@ upload_img() console.log(add_info.total_time) - const res = await fetch('/api/add', { + const res = await fetch('/api/rezepte/add', { method: 'POST', body: JSON.stringify({ recipe: { diff --git a/src/routes/(rezepte)/rezepte/category/+page.ts b/src/routes/(rezepte)/rezepte/category/+page.ts index 0381050..666d883 100644 --- a/src/routes/(rezepte)/rezepte/category/+page.ts +++ b/src/routes/(rezepte)/rezepte/category/+page.ts @@ -1,7 +1,7 @@ import type { PageLoad } from "./$types"; export async function load({ fetch}) { - const res = await fetch(`/api/items/category`); + const res = await fetch(`/api/rezepte/items/category`); const categories= await res.json(); return {categories} }; diff --git a/src/routes/(rezepte)/rezepte/category/[category]/+page.ts b/src/routes/(rezepte)/rezepte/category/[category]/+page.ts index a21ae88..c49346d 100644 --- a/src/routes/(rezepte)/rezepte/category/[category]/+page.ts +++ b/src/routes/(rezepte)/rezepte/category/[category]/+page.ts @@ -1,7 +1,7 @@ import type { PageLoad } from "./$types"; export async function load({ fetch, params }) { - const res = await fetch(`/api/items/category/${params.category}`); + const res = await fetch(`/api/rezepte/items/category/${params.category}`); const items = await res.json(); return { category: params.category, diff --git a/src/routes/(rezepte)/rezepte/edit/[name]/+page.server.ts b/src/routes/(rezepte)/rezepte/edit/[name]/+page.server.ts index a28d9ca..081f885 100644 --- a/src/routes/(rezepte)/rezepte/edit/[name]/+page.server.ts +++ b/src/routes/(rezepte)/rezepte/edit/[name]/+page.server.ts @@ -2,7 +2,7 @@ import type { PageLoad } from "./$types"; export async function load({ fetch, params, locals}) { let current_month = new Date().getMonth() + 1 - const res = await fetch(`/api/items/${params.name}`); + const res = await fetch(`/api/rezepte/items/${params.name}`); const recipe = await res.json(); return {recipe: recipe, user: locals.user diff --git a/src/routes/(rezepte)/rezepte/edit/[name]/+page.svelte b/src/routes/(rezepte)/rezepte/edit/[name]/+page.svelte index 647e08c..96de157 100644 --- a/src/routes/(rezepte)/rezepte/edit/[name]/+page.svelte +++ b/src/routes/(rezepte)/rezepte/edit/[name]/+page.svelte @@ -96,7 +96,7 @@ if(!response){ return } - const res_img = await fetch('/api/img/delete', { + const res_img = await fetch('/api/rezepte/img/delete', { method: 'POST', body: JSON.stringify({ name: old_short_name, @@ -112,7 +112,7 @@ return } return - const res = await fetch('/api/delete', { + const res = await fetch('/api/rezepte/delete', { method: 'POST', body: JSON.stringify({ old_short_name, @@ -141,7 +141,7 @@ console.log("img_local", img_local) if(img_local != ""){ async function delete_img(){ - const res = await fetch('/api/img/delete', { + const res = await fetch('/api/rezepte/img/delete', { method: 'POST', body: JSON.stringify({ name: old_short_name, @@ -161,7 +161,7 @@ image: img_local, name: short_name, } - const res = await fetch(`/api/img/add`, { + const res = await fetch(`/api/rezepte/img/add`, { method: 'POST', headers: { 'Content-Type': 'application/json', @@ -181,7 +181,7 @@ // case new short_name: else if(short_name != old_short_name){ console.log("MOVING") - const res_img = await fetch('/api/img/mv', { + const res_img = await fetch('/api/rezepte/img/mv', { method: 'POST', headers: { 'Content-Type': 'application/json', @@ -199,7 +199,7 @@ return } } - const res = await fetch('/api/edit', { + const res = await fetch('/api/rezepte/edit', { method: 'POST', body: JSON.stringify({ recipe: { diff --git a/src/routes/(rezepte)/rezepte/icon/+page.ts b/src/routes/(rezepte)/rezepte/icon/+page.ts index f788408..c3df7f8 100644 --- a/src/routes/(rezepte)/rezepte/icon/+page.ts +++ b/src/routes/(rezepte)/rezepte/icon/+page.ts @@ -2,7 +2,7 @@ import type { PageLoad } from "./$types"; export async function load({ fetch }) { let current_month = new Date().getMonth() + 1 - const res_icons = await fetch(`/api/items/icon`); + const res_icons = await fetch(`/api/rezepte/items/icon`); const item = await res_icons.json(); return { icons: item, diff --git a/src/routes/(rezepte)/rezepte/icon/[icon]/+page.ts b/src/routes/(rezepte)/rezepte/icon/[icon]/+page.ts index 064261f..c33ab08 100644 --- a/src/routes/(rezepte)/rezepte/icon/[icon]/+page.ts +++ b/src/routes/(rezepte)/rezepte/icon/[icon]/+page.ts @@ -1,8 +1,8 @@ import type { PageLoad } from "./$types"; export async function load({ fetch, params }) { - const res_season = await fetch(`/api/items/icon/` + params.icon); - const res_icons = await fetch(`/api/items/icon`); + const res_season = await fetch(`/api/rezepte/items/icon/` + params.icon); + const res_icons = await fetch(`/api/rezepte/items/icon`); const icons = await res_icons.json(); const item_season = await res_season.json(); return { diff --git a/src/routes/(rezepte)/rezepte/season/+page.ts b/src/routes/(rezepte)/rezepte/season/+page.ts index 0ff98a1..80a6d3f 100644 --- a/src/routes/(rezepte)/rezepte/season/+page.ts +++ b/src/routes/(rezepte)/rezepte/season/+page.ts @@ -2,7 +2,7 @@ import type { PageLoad } from "./$types"; export async function load({ fetch }) { let current_month = new Date().getMonth() + 1 - const res_season = await fetch(`/api/items/in_season/` + current_month); + const res_season = await fetch(`/api/rezepte/items/in_season/` + current_month); const item_season = await res_season.json(); return { season: item_season, diff --git a/src/routes/(rezepte)/rezepte/season/[month]/+page.ts b/src/routes/(rezepte)/rezepte/season/[month]/+page.ts index 6e66f10..ea4c55a 100644 --- a/src/routes/(rezepte)/rezepte/season/[month]/+page.ts +++ b/src/routes/(rezepte)/rezepte/season/[month]/+page.ts @@ -1,8 +1,8 @@ import type { PageLoad } from "./$types"; export async function load({ fetch, params }) { - const res_season = await fetch(`/api/items/in_season/` + params.month); - const res_all_brief = await fetch(`/api/items/all_brief`); + const res_season = await fetch(`/api/rezepte/items/in_season/` + params.month); + const res_all_brief = await fetch(`/api/rezepte/items/all_brief`); const item_season = await res_season.json(); const item_all_brief = await res_all_brief.json(); return { diff --git a/src/routes/(rezepte)/rezepte/tag/+page.ts b/src/routes/(rezepte)/rezepte/tag/+page.ts index 9f687a2..34a3755 100644 --- a/src/routes/(rezepte)/rezepte/tag/+page.ts +++ b/src/routes/(rezepte)/rezepte/tag/+page.ts @@ -1,7 +1,7 @@ import type { PageLoad } from "./$types"; export async function load({ fetch}) { - const res = await fetch(`/api/items/tag`); + const res = await fetch(`/api/rezepte/items/tag`); const tags = await res.json(); return {tags} }; diff --git a/src/routes/(rezepte)/rezepte/tag/[tag]/+page.ts b/src/routes/(rezepte)/rezepte/tag/[tag]/+page.ts index ac99b03..0d4e238 100644 --- a/src/routes/(rezepte)/rezepte/tag/[tag]/+page.ts +++ b/src/routes/(rezepte)/rezepte/tag/[tag]/+page.ts @@ -1,7 +1,7 @@ import type { PageLoad } from "./$types"; export async function load({ fetch, params }) { - const res_tag = await fetch(`/api/items/tag/${params.tag}`); + const res_tag = await fetch(`/api/rezepte/items/tag/${params.tag}`); const items_tag = await res_tag.json(); return { tag: params.tag, diff --git a/src/routes/api/rezepte/add/+server.ts b/src/routes/api/rezepte/add/+server.ts new file mode 100644 index 0000000..9df6ca8 --- /dev/null +++ b/src/routes/api/rezepte/add/+server.ts @@ -0,0 +1,30 @@ +import type { RequestHandler } from '@sveltejs/kit'; +import { Recipe } from '../../../../models/Recipe'; +import { dbConnect, dbDisconnect } from '../../../../utils/db'; +import { error } from '@sveltejs/kit'; +import { authenticateUser } from '$lib/js/authenticate';; +// header: use for bearer token for now +// recipe json in body +export const POST: RequestHandler = async ({request, cookies}) => { + let message = await request.json() + const recipe_json = message.recipe + const user = await authenticateUser(cookies) + if(!user){ + throw error(401, "Not logged in") + } + if(!user.access.includes("rezepte")){ + throw error(401, "This user does not have permissions to add recipes") + } + else{ + await dbConnect(); + try{ + await Recipe.create(recipe_json); + } catch(e){ + throw error(400, e) + } + await dbDisconnect(); + return new Response(JSON.stringify({msg: "Added recipe successfully"}),{ + status: 200, + }); + } +}; diff --git a/src/routes/api/rezepte/delete/+server.ts b/src/routes/api/rezepte/delete/+server.ts new file mode 100644 index 0000000..98479d7 --- /dev/null +++ b/src/routes/api/rezepte/delete/+server.ts @@ -0,0 +1,23 @@ +import type { RequestHandler } from '@sveltejs/kit'; +import { Recipe } from '../../../../models/Recipe'; +import { dbConnect, dbDisconnect } from '../../../../utils/db'; +import type {RecipeModelType} from '../../../../types/types'; +import { error } from '@sveltejs/kit'; +import { authenticateUser } from '$lib/js/authenticate'; +// header: use for bearer token for now +// recipe json in body +export const POST: RequestHandler = async ({request, cookies}) => { + let message = await request.json() + + const user = await authenticateUser(cookies) + if(!user) throw error(401, "Need to be logged in") + if(!user.access.includes("rezepte")) throw error(401, "Insufficient permissions") + + const short_name = message.old_short_name + await dbConnect(); + await Recipe.findOneAndDelete({short_name: short_name}); + await dbDisconnect(); + return new Response(JSON.stringify({msg: "Deleted recipe successfully"}),{ + status: 200, + }); +} diff --git a/src/routes/api/rezepte/edit/+server.ts b/src/routes/api/rezepte/edit/+server.ts new file mode 100644 index 0000000..b608732 --- /dev/null +++ b/src/routes/api/rezepte/edit/+server.ts @@ -0,0 +1,29 @@ +import type { RequestHandler } from '@sveltejs/kit'; +import { Recipe } from '../../../../models/Recipe'; +import { dbConnect, dbDisconnect } from '../../../../utils/db'; +import type {RecipeModelType} from '../../../../types/types'; +import { error } from '@sveltejs/kit'; +import { authenticateUser } from '$lib/js/authenticate'; +// header: use for bearer token for now +// recipe json in body +export const POST: RequestHandler = async ({request, cookies}) => { + let message = await request.json() + const recipe_json = message.recipe + const user = await authenticateUser(cookies) + console.log(user) + if(!user){ + throw error(403, "Not logged in") + } + else if(!user.access.includes("rezepte")){ + throw error(403, "This user does not have edit permissions for recipes") + } + else{ + await dbConnect(); + await Recipe.findOneAndUpdate({short_name: message.old_short_name }, recipe_json); + await dbDisconnect(); + return new Response(JSON.stringify({msg: "Edited recipe successfully"}),{ + status: 200, + }); + + } +}; diff --git a/src/routes/api/rezepte/img/add/+server.ts b/src/routes/api/rezepte/img/add/+server.ts new file mode 100644 index 0000000..fa51487 --- /dev/null +++ b/src/routes/api/rezepte/img/add/+server.ts @@ -0,0 +1,46 @@ +import path from 'path' +import type { RequestHandler } from '@sveltejs/kit'; +import { error } from '@sveltejs/kit'; +import { IMAGE_DIR } from '$env/static/private' +import sharp from 'sharp'; +import { authenticateUser } from '$lib/js/authenticate'; + +export const POST = (async ({ request, cookies }) => { + const data = await request.json(); + const user = await authenticateUser(cookies) + if (!user) throw error(401, "Need to be logged in") + if (!user.access.includes("rezepte")) throw error(401, "You don't have sufficient permissions for this") + let full_res = new Buffer.from(data.image, 'base64') + // reduce image size if over 500KB + const MAX_SIZE_KB = 500 + //const metadata = await sharp(full_res).metadata() + ////reduce image size if larger than 500KB + //if(metadata.size > MAX_SIZE_KB*1000){ + // full_res = sharp(full_res). + // webp( { quality: 70}) + // .toBuffer() + //} + await sharp(full_res) + .toFormat('webp') + .toFile(path.join(IMAGE_DIR, + "rezepte", + "full", + data.name + ".webp")) + await sharp(full_res) + .resize({ width: 800}) + .toFormat('webp') + .toFile(path.join(IMAGE_DIR, + "rezepte", + "thumb", + data.name + ".webp")) + await sharp(full_res) + .resize({ width: 20}) + .toFormat('webp') + .toFile(path.join(IMAGE_DIR, + "rezepte", + "placeholder", + data.name + ".webp")) + return new Response(JSON.stringify({msg: "Added image successfully"}),{ + status: 200, + }); +}) satisfies RequestHandler; diff --git a/src/routes/api/rezepte/img/delete/+server.ts b/src/routes/api/rezepte/img/delete/+server.ts new file mode 100644 index 0000000..6fd1691 --- /dev/null +++ b/src/routes/api/rezepte/img/delete/+server.ts @@ -0,0 +1,21 @@ +import path from 'path' +import type { RequestHandler } from '@sveltejs/kit'; +import { IMAGE_DIR } from '$env/static/private' +import { unlink } from 'node:fs'; +import { error } from '@sveltejs/kit'; +import { authenticateUser } from '$lib/js/authenticate';; + +export const POST = (async ({ request, cookies }) => { + const data = await request.json(); + const user = await authenticateUser(cookies) + if(!user) throw error(401, "You need to be logged in") + if(!user.access.includes("rezepte")) throw error(401, "Your don't have the required permission for this") + [ "full", "thumb", "placeholder"].forEach((folder) => { + unlink(path.join(IMAGE_DIR, "rezepte", folder, data.name + ".webp"), (e) => { + if(e) error(404, "could not delete: " + folder + "/" + data.name + ".webp" + e) + }) + }) + return new Response(JSON.stringify({msg: "Deleted image successfully"}),{ + status: 200, + }); +}) satisfies RequestHandler; diff --git a/src/routes/api/rezepte/img/mv/+server.ts b/src/routes/api/rezepte/img/mv/+server.ts new file mode 100644 index 0000000..7add42e --- /dev/null +++ b/src/routes/api/rezepte/img/mv/+server.ts @@ -0,0 +1,25 @@ +import path from 'path' +import type { RequestHandler } from '@sveltejs/kit'; +import { IMAGE_DIR } from '$env/static/private' +import { rename } from 'node:fs'; +import { error } from '@sveltejs/kit'; +import { authenticateUser } from '$lib/js/authenticate'; + +export const POST = (async ({ request, cookies }) => { + const data = await request.json(); + const user = await authenticateUser(cookies) + if(!user) throw error(401, "need to be logged in") + if(!user.access.includes("rezepte")) throw error(401, "You don't have the required permission to do this") + + [ "full", "thumb", "placeholder"].forEach((folder) => { + const old_path = path.join(IMAGE_DIR, "rezepte", folder, data.old_name + ".webp") + rename(old_path, path.join(IMAGE_DIR, "rezepte", folder, data.new_name + ".webp"), (e) => { + console.log(e) + if(e) throw error(500, "could not mv: " + old_path) + }) + }); + + return new Response(JSON.stringify({msg: "Deleted image successfully"}),{ + status: 200, + }); +}) satisfies RequestHandler; diff --git a/src/routes/api/rezepte/items/[name]/+server.ts b/src/routes/api/rezepte/items/[name]/+server.ts new file mode 100644 index 0000000..cd3652c --- /dev/null +++ b/src/routes/api/rezepte/items/[name]/+server.ts @@ -0,0 +1,17 @@ +import { json, type RequestHandler } from '@sveltejs/kit'; +import { Recipe } from '../../../../../models/Recipe'; +import { dbConnect, dbDisconnect } from '../../../../../utils/db'; +import type {RecipeModelType} from '../../../../../types/types'; +import { error } from '@sveltejs/kit'; + +export const GET: RequestHandler = async ({params}) => { + await dbConnect(); + let recipe = (await Recipe.findOne({ short_name: params.name}).lean()) as RecipeModelType[]; + await dbDisconnect(); + + recipe = JSON.parse(JSON.stringify(recipe)); + if(recipe == null){ + throw error(404, "Recipe not found") + } + return json(recipe); +}; diff --git a/src/routes/api/rezepte/items/all_brief/+server.ts b/src/routes/api/rezepte/items/all_brief/+server.ts new file mode 100644 index 0000000..a95d44d --- /dev/null +++ b/src/routes/api/rezepte/items/all_brief/+server.ts @@ -0,0 +1,12 @@ +import { json, type RequestHandler } from '@sveltejs/kit'; +import type { BriefRecipeType } from '../../../../../types/types'; +import { Recipe } from '../../../../../models/Recipe' +import { dbConnect, dbDisconnect } from '../../../../../utils/db'; +import { rand_array } from '$lib/js/randomize'; + +export const GET: RequestHandler = async ({params}) => { + await dbConnect(); + let found_brief = rand_array(await Recipe.find({}, 'name short_name tags category icon description season').lean()) as BriefRecipeType[]; + await dbDisconnect(); + return json(JSON.parse(JSON.stringify(found_brief))); +}; diff --git a/src/routes/api/rezepte/items/category/+server.ts b/src/routes/api/rezepte/items/category/+server.ts new file mode 100644 index 0000000..6fe5113 --- /dev/null +++ b/src/routes/api/rezepte/items/category/+server.ts @@ -0,0 +1,13 @@ +import { json, type RequestHandler } from '@sveltejs/kit'; +import { Recipe } from '../../../../../models/Recipe'; +import { dbConnect, dbDisconnect } from '../../../../../utils/db'; +import type {BriefRecipeType} from '../../../../../types/types'; + +export const GET: RequestHandler = async ({params}) => { + await dbConnect(); + let categories = (await Recipe.distinct('category').lean()); + await dbDisconnect(); + + categories= JSON.parse(JSON.stringify(categories)); + return json(categories); +}; diff --git a/src/routes/api/rezepte/items/category/[category]/+server.ts b/src/routes/api/rezepte/items/category/[category]/+server.ts new file mode 100644 index 0000000..2891d0a --- /dev/null +++ b/src/routes/api/rezepte/items/category/[category]/+server.ts @@ -0,0 +1,14 @@ +import { json, type RequestHandler } from '@sveltejs/kit'; +import { Recipe } from '../../../../../../models/Recipe'; +import { dbConnect, dbDisconnect } from '../../../../../../utils/db'; +import type {BriefRecipeType} from '../../../../../../types/types'; +import { rand_array } from '$lib/js/randomize'; + +export const GET: RequestHandler = async ({params}) => { + await dbConnect(); + let recipes = rand_array(await Recipe.find({category: params.category}, 'name short_name images tags category icon description season').lean()) as BriefRecipeType[]; + await dbDisconnect(); + + recipes = JSON.parse(JSON.stringify(recipes)); + return json(recipes); +}; diff --git a/src/routes/api/rezepte/items/icon/+server.ts b/src/routes/api/rezepte/items/icon/+server.ts new file mode 100644 index 0000000..f82ac7f --- /dev/null +++ b/src/routes/api/rezepte/items/icon/+server.ts @@ -0,0 +1,13 @@ +import { json, type RequestHandler } from '@sveltejs/kit'; +import { Recipe } from '../../../../../models/Recipe'; +import { dbConnect, dbDisconnect } from '../../../../../utils/db'; +import type {BriefRecipeType} from '../../../../../types/types'; + +export const GET: RequestHandler = async ({params}) => { + await dbConnect(); + let icons = (await Recipe.distinct('icon').lean()); + await dbDisconnect(); + + icons = JSON.parse(JSON.stringify(icons)); + return json(icons); +}; diff --git a/src/routes/api/rezepte/items/icon/[icon]/+server.ts b/src/routes/api/rezepte/items/icon/[icon]/+server.ts new file mode 100644 index 0000000..631ec9b --- /dev/null +++ b/src/routes/api/rezepte/items/icon/[icon]/+server.ts @@ -0,0 +1,14 @@ +import { json, type RequestHandler } from '@sveltejs/kit'; +import { Recipe } from '../../../../../../models/Recipe'; +import { dbConnect, dbDisconnect } from '../../../../../../utils/db'; +import type {BriefRecipeType} from '../../../../../../types/types'; +import { rand_array } from '$lib/js/randomize'; + +export const GET: RequestHandler = async ({params}) => { + await dbConnect(); + let recipes = rand_array(await Recipe.find({icon: params.icon}, 'name short_name images tags category icon description season').lean()) as BriefRecipeType[]; + await dbDisconnect(); + + recipes = JSON.parse(JSON.stringify(recipes)); + return json(recipes); +}; diff --git a/src/routes/api/rezepte/items/in_season/[month]/+server.ts b/src/routes/api/rezepte/items/in_season/[month]/+server.ts new file mode 100644 index 0000000..8660f4b --- /dev/null +++ b/src/routes/api/rezepte/items/in_season/[month]/+server.ts @@ -0,0 +1,13 @@ +import type {rand_array} from '$lib/js/randomize'; +import { json, type RequestHandler } from '@sveltejs/kit'; +import { Recipe } from '../../../../../../models/Recipe' +import { dbConnect, dbDisconnect } from '../../../../../../utils/db'; +import { rand_array } from '$lib/js/randomize'; + +export const GET: RequestHandler = async ({params}) => { + await dbConnect(); + let found_in_season = rand_array(await Recipe.find({season: params.month}, 'name short_name images tags category icon description season').lean()); + await dbDisconnect(); + found_in_season = JSON.parse(JSON.stringify(found_in_season)); + return json(found_in_season); +}; diff --git a/src/routes/api/rezepte/items/tag/+server.ts b/src/routes/api/rezepte/items/tag/+server.ts new file mode 100644 index 0000000..258ce6f --- /dev/null +++ b/src/routes/api/rezepte/items/tag/+server.ts @@ -0,0 +1,13 @@ +import { json, type RequestHandler } from '@sveltejs/kit'; +import { Recipe } from '../../../../../models/Recipe'; +import { dbConnect, dbDisconnect } from '../../../../../utils/db'; +import type {BriefRecipeType} from '../../../../../types/types'; + +export const GET: RequestHandler = async ({params}) => { + await dbConnect(); + let categories = (await Recipe.distinct('tags').lean()); + await dbDisconnect(); + + categories= JSON.parse(JSON.stringify(categories)); + return json(categories); +}; diff --git a/src/routes/api/rezepte/items/tag/[tag]/+server.ts b/src/routes/api/rezepte/items/tag/[tag]/+server.ts new file mode 100644 index 0000000..cfa00d3 --- /dev/null +++ b/src/routes/api/rezepte/items/tag/[tag]/+server.ts @@ -0,0 +1,14 @@ +import { json, type RequestHandler } from '@sveltejs/kit'; +import { Recipe } from '../../../../../../models/Recipe'; +import { dbConnect, dbDisconnect } from '../../../../../../utils/db'; +import type {BriefRecipeType} from '../../../../../../types/types'; +import { rand_array } from '$lib/js/randomize'; + +export const GET: RequestHandler = async ({params}) => { + await dbConnect(); + let recipes = rand_array(await Recipe.find({tags: params.tag}, 'name short_name images tags category icon description season').lean()) as BriefRecipeType[]; + await dbDisconnect(); + + recipes = JSON.parse(JSON.stringify(recipes)); + return json(recipes); +}; diff --git a/src/routes/api/user/admin/users/+server.ts b/src/routes/api/user/admin/users/+server.ts new file mode 100644 index 0000000..0926f05 --- /dev/null +++ b/src/routes/api/user/admin/users/+server.ts @@ -0,0 +1,23 @@ +import type { RequestHandler } from '@sveltejs/kit'; +import { error } from '@sveltejs/kit'; + +import { dbConnect, dbDisconnect } from '../../../../../utils/db'; +import { User } from '../../../../../models/User'; +import { get_username } from '$lib/js/get_username'; + +// header: use for bearer token for now +// recipe json in body +export const POST: RequestHandler = async ({cookies}) => { + const requesting_user = await get_username(cookies) + await dbConnect() + let res = await User.findOne({username: requesting_user}, 'access').lean() + if(!res.access.contains("admin")){ + await dbDisconnect() + throw error(401, {message: "Your user does not have the permissions to do this"}) + } + else{ + let res = await User.find({}, 'username access').lean() + await dbDisconnect() + return { res } + } +}; diff --git a/src/routes/api/user/change_pw/+server.ts b/src/routes/api/user/change_pw/+server.ts new file mode 100644 index 0000000..7a82df7 --- /dev/null +++ b/src/routes/api/user/change_pw/+server.ts @@ -0,0 +1,40 @@ +import type { RequestHandler } from '@sveltejs/kit'; +import { error } from '@sveltejs/kit'; +import { hash } from 'argon2'; + +import { PEPPER } from '$env/static/private'; + +import { User } from '../../../../models/User'; +import { dbConnect, dbDisconnect } from '../../../../utils/db'; + +// header: use for bearer token for now +// recipe json in body +export const POST: RequestHandler = async ({request}) => { + const {username, old_password, new_password} = await request.json() + await dbConnect(); + const salt = await User.findOne({username: username}, 'salt'); + const pass_hash = await hashPassword(old_password + PEPPER, salt) + try{ + await User.updateOne({ + username: username, + pass_hash: pass_hash, + }) + }catch(e){ + await dbDisconnect(); + throw error(400, e); + } + await dbDisconnect(); + return new Response(JSON.stringify({message: "User added successfully"}), + {status: 200} + ); + } +}; + +async function hashPassword(password, salt) { + try { + const hashedPassword = await hash(password, salt); // Hash the password with the salt and pepper + return hashedPassword; + } catch (error) { + console.error('Error hashing password:', error); + } +} diff --git a/src/routes/api/user/login/+server.ts b/src/routes/api/user/login/+server.ts new file mode 100644 index 0000000..e5e24d5 --- /dev/null +++ b/src/routes/api/user/login/+server.ts @@ -0,0 +1,46 @@ +import type { RequestHandler } from '@sveltejs/kit'; +import { error } from '@sveltejs/kit'; +import pkg from 'jsonwebtoken'; +const { sign } = pkg; +import { verify} from 'argon2'; +import { COOKIE_SECRET } from '$env/static/private' +import { PEPPER } from '$env/static/private' + +import { dbConnect, dbDisconnect } from '../../../../utils/db'; +import { User } from '../../../../models/User'; + +// header: use for bearer token for now +// recipe json in body +export const POST: RequestHandler = async ({request}) => { + const {username, password} = await request.json() + await dbConnect() + let res = await User.findOne({username: username}, 'pass_hash salt').lean() + await dbDisconnect() + if(!res){ + console.log("NOT FOUND") + throw error(401, {message: "wrong password or user does not exist"}) + } + + const stored_pw = res.pass_hash + const salt = res.salt + + const isMatch = await verify(stored_pw, password + PEPPER, {salt}) + if(!isMatch){ + throw error(401, {message: "wrong password or user does not exist"}) + } + + res = await createJWT(username) + return new Response(JSON.stringify(res)) +}; + +async function createJWT(username) { + const payload = { + username: username, + }; + + const masterSecret = COOKIE_SECRET; + const secretKey = masterSecret; + const jwt = sign(payload, secretKey); + console.log(jwt) + return jwt +} diff --git a/src/routes/api/user/register/+server.ts b/src/routes/api/user/register/+server.ts new file mode 100644 index 0000000..8b91f63 --- /dev/null +++ b/src/routes/api/user/register/+server.ts @@ -0,0 +1,50 @@ +import type { RequestHandler } from '@sveltejs/kit'; +import { error } from '@sveltejs/kit'; +import { hash } from 'argon2'; +import { randomBytes } from 'crypto'; +import { ALLOW_REGISTRATION } from '$env/static/private'; +import { PEPPER } from '$env/static/private'; + +import { User } from '../../../../models/User'; +import { dbConnect, dbDisconnect } from '../../../../utils/db'; + +// header: use for bearer token for now +// recipe json in body +export const POST: RequestHandler = async ({request}) => { + if(ALLOW_REGISTRATION){ + const {username, password} = await request.json() + const salt = randomBytes(32).toString('hex'); // Generate a random salt + + const pass_hash = await hashPassword(password + PEPPER, salt) + await dbConnect(); + try{ + await User.create({ + username: username, + pass_hash: pass_hash, + salt: salt, + access: [], + }) + }catch(e){ + await dbDisconnect(); + throw error(400, e); + } + await dbDisconnect(); + return new Response(JSON.stringify({message: "User added successfully"}), + {status: 200} + ); + } + else{ + throw error(401, "user registration currently closed") + } + + +}; + +async function hashPassword(password, salt) { + try { + const hashedPassword = await hash(password, salt); // Hash the password with the salt and pepper + return hashedPassword; + } catch (error) { + console.error('Error hashing password:', error); + } +}