diff --git a/src/routes/api/add/+server.ts b/src/routes/api/add/+server.ts deleted file mode 100644 index 5e68748..0000000 --- a/src/routes/api/add/+server.ts +++ /dev/null @@ -1,30 +0,0 @@ -import type { RequestHandler } from '@sveltejs/kit'; -import { Recipe } from '../../../models/Recipe'; -import { dbConnect, dbDisconnect } from '../../../utils/db'; -import { error } from '@sveltejs/kit'; -import { authenticateUser } from '$lib/js/authenticate';; -// header: use for bearer token for now -// recipe json in body -export const POST: RequestHandler = async ({request, cookies}) => { - let message = await request.json() - const recipe_json = message.recipe - const user = await authenticateUser(cookies) - if(!user){ - throw error(401, "Not logged in") - } - if(!user.access.includes("rezepte")){ - throw error(401, "This user does not have permissions to add recipes") - } - else{ - await dbConnect(); - try{ - await Recipe.create(recipe_json); - } catch(e){ - throw error(400, e) - } - await dbDisconnect(); - return new Response(JSON.stringify({msg: "Added recipe successfully"}),{ - status: 200, - }); - } -}; diff --git a/src/routes/api/delete/+server.ts b/src/routes/api/delete/+server.ts deleted file mode 100644 index 468bd5b..0000000 --- a/src/routes/api/delete/+server.ts +++ /dev/null @@ -1,23 +0,0 @@ -import type { RequestHandler } from '@sveltejs/kit'; -import { Recipe } from '../../../models/Recipe'; -import { dbConnect, dbDisconnect } from '../../../utils/db'; -import type {RecipeModelType} from '../../../types/types'; -import { error } from '@sveltejs/kit'; -import { authenticateUser } from '$lib/js/authenticate'; -// header: use for bearer token for now -// recipe json in body -export const POST: RequestHandler = async ({request, cookies}) => { - let message = await request.json() - - const user = await authenticateUser(cookies) - if(!user) throw error(401, "Need to be logged in") - if(!user.access.includes("rezepte")) throw error(401, "Insufficient permissions") - - const short_name = message.old_short_name - await dbConnect(); - await Recipe.findOneAndDelete({short_name: short_name}); - await dbDisconnect(); - return new Response(JSON.stringify({msg: "Deleted recipe successfully"}),{ - status: 200, - }); -} diff --git a/src/routes/api/edit/+server.ts b/src/routes/api/edit/+server.ts deleted file mode 100644 index 6abfef9..0000000 --- a/src/routes/api/edit/+server.ts +++ /dev/null @@ -1,29 +0,0 @@ -import type { RequestHandler } from '@sveltejs/kit'; -import { Recipe } from '../../../models/Recipe'; -import { dbConnect, dbDisconnect } from '../../../utils/db'; -import type {RecipeModelType} from '../../../types/types'; -import { error } from '@sveltejs/kit'; -import { authenticateUser } from '$lib/js/authenticate'; -// header: use for bearer token for now -// recipe json in body -export const POST: RequestHandler = async ({request, cookies}) => { - let message = await request.json() - const recipe_json = message.recipe - const user = await authenticateUser(cookies) - console.log(user) - if(!user){ - throw error(403, "Not logged in") - } - else if(!user.access.includes("rezepte")){ - throw error(403, "This user does not have edit permissions for recipes") - } - else{ - await dbConnect(); - await Recipe.findOneAndUpdate({short_name: message.old_short_name }, recipe_json); - await dbDisconnect(); - return new Response(JSON.stringify({msg: "Edited recipe successfully"}),{ - status: 200, - }); - - } -}; diff --git a/src/routes/api/img/add/+server.ts b/src/routes/api/img/add/+server.ts deleted file mode 100644 index fa51487..0000000 --- a/src/routes/api/img/add/+server.ts +++ /dev/null @@ -1,46 +0,0 @@ -import path from 'path' -import type { RequestHandler } from '@sveltejs/kit'; -import { error } from '@sveltejs/kit'; -import { IMAGE_DIR } from '$env/static/private' -import sharp from 'sharp'; -import { authenticateUser } from '$lib/js/authenticate'; - -export const POST = (async ({ request, cookies }) => { - const data = await request.json(); - const user = await authenticateUser(cookies) - if (!user) throw error(401, "Need to be logged in") - if (!user.access.includes("rezepte")) throw error(401, "You don't have sufficient permissions for this") - let full_res = new Buffer.from(data.image, 'base64') - // reduce image size if over 500KB - const MAX_SIZE_KB = 500 - //const metadata = await sharp(full_res).metadata() - ////reduce image size if larger than 500KB - //if(metadata.size > MAX_SIZE_KB*1000){ - // full_res = sharp(full_res). - // webp( { quality: 70}) - // .toBuffer() - //} - await sharp(full_res) - .toFormat('webp') - .toFile(path.join(IMAGE_DIR, - "rezepte", - "full", - data.name + ".webp")) - await sharp(full_res) - .resize({ width: 800}) - .toFormat('webp') - .toFile(path.join(IMAGE_DIR, - "rezepte", - "thumb", - data.name + ".webp")) - await sharp(full_res) - .resize({ width: 20}) - .toFormat('webp') - .toFile(path.join(IMAGE_DIR, - "rezepte", - "placeholder", - data.name + ".webp")) - return new Response(JSON.stringify({msg: "Added image successfully"}),{ - status: 200, - }); -}) satisfies RequestHandler; diff --git a/src/routes/api/img/delete/+server.ts b/src/routes/api/img/delete/+server.ts deleted file mode 100644 index 6fd1691..0000000 --- a/src/routes/api/img/delete/+server.ts +++ /dev/null @@ -1,21 +0,0 @@ -import path from 'path' -import type { RequestHandler } from '@sveltejs/kit'; -import { IMAGE_DIR } from '$env/static/private' -import { unlink } from 'node:fs'; -import { error } from '@sveltejs/kit'; -import { authenticateUser } from '$lib/js/authenticate';; - -export const POST = (async ({ request, cookies }) => { - const data = await request.json(); - const user = await authenticateUser(cookies) - if(!user) throw error(401, "You need to be logged in") - if(!user.access.includes("rezepte")) throw error(401, "Your don't have the required permission for this") - [ "full", "thumb", "placeholder"].forEach((folder) => { - unlink(path.join(IMAGE_DIR, "rezepte", folder, data.name + ".webp"), (e) => { - if(e) error(404, "could not delete: " + folder + "/" + data.name + ".webp" + e) - }) - }) - return new Response(JSON.stringify({msg: "Deleted image successfully"}),{ - status: 200, - }); -}) satisfies RequestHandler; diff --git a/src/routes/api/img/mv/+server.ts b/src/routes/api/img/mv/+server.ts deleted file mode 100644 index 7add42e..0000000 --- a/src/routes/api/img/mv/+server.ts +++ /dev/null @@ -1,25 +0,0 @@ -import path from 'path' -import type { RequestHandler } from '@sveltejs/kit'; -import { IMAGE_DIR } from '$env/static/private' -import { rename } from 'node:fs'; -import { error } from '@sveltejs/kit'; -import { authenticateUser } from '$lib/js/authenticate'; - -export const POST = (async ({ request, cookies }) => { - const data = await request.json(); - const user = await authenticateUser(cookies) - if(!user) throw error(401, "need to be logged in") - if(!user.access.includes("rezepte")) throw error(401, "You don't have the required permission to do this") - - [ "full", "thumb", "placeholder"].forEach((folder) => { - const old_path = path.join(IMAGE_DIR, "rezepte", folder, data.old_name + ".webp") - rename(old_path, path.join(IMAGE_DIR, "rezepte", folder, data.new_name + ".webp"), (e) => { - console.log(e) - if(e) throw error(500, "could not mv: " + old_path) - }) - }); - - return new Response(JSON.stringify({msg: "Deleted image successfully"}),{ - status: 200, - }); -}) satisfies RequestHandler; diff --git a/src/routes/api/items/[name]/+server.ts b/src/routes/api/items/[name]/+server.ts deleted file mode 100644 index 12f2bba..0000000 --- a/src/routes/api/items/[name]/+server.ts +++ /dev/null @@ -1,17 +0,0 @@ -import { json, type RequestHandler } from '@sveltejs/kit'; -import { Recipe } from '../../../../models/Recipe'; -import { dbConnect, dbDisconnect } from '../../../../utils/db'; -import type {RecipeModelType} from '../../../../types/types'; -import { error } from '@sveltejs/kit'; - -export const GET: RequestHandler = async ({params}) => { - await dbConnect(); - let recipe = (await Recipe.findOne({ short_name: params.name}).lean()) as RecipeModelType[]; - await dbDisconnect(); - - recipe = JSON.parse(JSON.stringify(recipe)); - if(recipe == null){ - throw error(404, "Recipe not found") - } - return json(recipe); -}; diff --git a/src/routes/api/items/all_brief/+server.ts b/src/routes/api/items/all_brief/+server.ts deleted file mode 100644 index fc99258..0000000 --- a/src/routes/api/items/all_brief/+server.ts +++ /dev/null @@ -1,12 +0,0 @@ -import { json, type RequestHandler } from '@sveltejs/kit'; -import type { BriefRecipeType } from '../../../../types/types'; -import { Recipe } from '../../../../models/Recipe' -import { dbConnect, dbDisconnect } from '../../../../utils/db'; -import { rand_array } from '$lib/js/randomize'; - -export const GET: RequestHandler = async ({params}) => { - await dbConnect(); - let found_brief = rand_array(await Recipe.find({}, 'name short_name tags category icon description season').lean()) as BriefRecipeType[]; - await dbDisconnect(); - return json(JSON.parse(JSON.stringify(found_brief))); -}; diff --git a/src/routes/api/items/category/+server.ts b/src/routes/api/items/category/+server.ts deleted file mode 100644 index ca79946..0000000 --- a/src/routes/api/items/category/+server.ts +++ /dev/null @@ -1,13 +0,0 @@ -import { json, type RequestHandler } from '@sveltejs/kit'; -import { Recipe } from '../../../../models/Recipe'; -import { dbConnect, dbDisconnect } from '../../../../utils/db'; -import type {BriefRecipeType} from '../../../../types/types'; - -export const GET: RequestHandler = async ({params}) => { - await dbConnect(); - let categories = (await Recipe.distinct('category').lean()); - await dbDisconnect(); - - categories= JSON.parse(JSON.stringify(categories)); - return json(categories); -}; diff --git a/src/routes/api/items/category/[category]/+server.ts b/src/routes/api/items/category/[category]/+server.ts deleted file mode 100644 index e75a5b5..0000000 --- a/src/routes/api/items/category/[category]/+server.ts +++ /dev/null @@ -1,14 +0,0 @@ -import { json, type RequestHandler } from '@sveltejs/kit'; -import { Recipe } from '../../../../../models/Recipe'; -import { dbConnect, dbDisconnect } from '../../../../../utils/db'; -import type {BriefRecipeType} from '../../../../../types/types'; -import { rand_array } from '$lib/js/randomize'; - -export const GET: RequestHandler = async ({params}) => { - await dbConnect(); - let recipes = rand_array(await Recipe.find({category: params.category}, 'name short_name images tags category icon description season').lean()) as BriefRecipeType[]; - await dbDisconnect(); - - recipes = JSON.parse(JSON.stringify(recipes)); - return json(recipes); -}; diff --git a/src/routes/api/items/icon/+server.ts b/src/routes/api/items/icon/+server.ts deleted file mode 100644 index 8a8ecbc..0000000 --- a/src/routes/api/items/icon/+server.ts +++ /dev/null @@ -1,13 +0,0 @@ -import { json, type RequestHandler } from '@sveltejs/kit'; -import { Recipe } from '../../../../models/Recipe'; -import { dbConnect, dbDisconnect } from '../../../../utils/db'; -import type {BriefRecipeType} from '../../../../types/types'; - -export const GET: RequestHandler = async ({params}) => { - await dbConnect(); - let icons = (await Recipe.distinct('icon').lean()); - await dbDisconnect(); - - icons = JSON.parse(JSON.stringify(icons)); - return json(icons); -}; diff --git a/src/routes/api/items/icon/[icon]/+server.ts b/src/routes/api/items/icon/[icon]/+server.ts deleted file mode 100644 index 0b22e5d..0000000 --- a/src/routes/api/items/icon/[icon]/+server.ts +++ /dev/null @@ -1,14 +0,0 @@ -import { json, type RequestHandler } from '@sveltejs/kit'; -import { Recipe } from '../../../../../models/Recipe'; -import { dbConnect, dbDisconnect } from '../../../../../utils/db'; -import type {BriefRecipeType} from '../../../../../types/types'; -import { rand_array } from '$lib/js/randomize'; - -export const GET: RequestHandler = async ({params}) => { - await dbConnect(); - let recipes = rand_array(await Recipe.find({icon: params.icon}, 'name short_name images tags category icon description season').lean()) as BriefRecipeType[]; - await dbDisconnect(); - - recipes = JSON.parse(JSON.stringify(recipes)); - return json(recipes); -}; diff --git a/src/routes/api/items/in_season/[month]/+server.ts b/src/routes/api/items/in_season/[month]/+server.ts deleted file mode 100644 index c5aebc7..0000000 --- a/src/routes/api/items/in_season/[month]/+server.ts +++ /dev/null @@ -1,13 +0,0 @@ -import type {rand_array} from '$lib/js/randomize'; -import { json, type RequestHandler } from '@sveltejs/kit'; -import { Recipe } from '../../../../../models/Recipe' -import { dbConnect, dbDisconnect } from '../../../../../utils/db'; -import { rand_array } from '$lib/js/randomize'; - -export const GET: RequestHandler = async ({params}) => { - await dbConnect(); - let found_in_season = rand_array(await Recipe.find({season: params.month}, 'name short_name images tags category icon description season').lean()); - await dbDisconnect(); - found_in_season = JSON.parse(JSON.stringify(found_in_season)); - return json(found_in_season); -}; diff --git a/src/routes/api/items/tag/+server.ts b/src/routes/api/items/tag/+server.ts deleted file mode 100644 index bfc8612..0000000 --- a/src/routes/api/items/tag/+server.ts +++ /dev/null @@ -1,13 +0,0 @@ -import { json, type RequestHandler } from '@sveltejs/kit'; -import { Recipe } from '../../../../models/Recipe'; -import { dbConnect, dbDisconnect } from '../../../../utils/db'; -import type {BriefRecipeType} from '../../../../types/types'; - -export const GET: RequestHandler = async ({params}) => { - await dbConnect(); - let categories = (await Recipe.distinct('tags').lean()); - await dbDisconnect(); - - categories= JSON.parse(JSON.stringify(categories)); - return json(categories); -}; diff --git a/src/routes/api/items/tag/[tag]/+server.ts b/src/routes/api/items/tag/[tag]/+server.ts deleted file mode 100644 index 962368e..0000000 --- a/src/routes/api/items/tag/[tag]/+server.ts +++ /dev/null @@ -1,14 +0,0 @@ -import { json, type RequestHandler } from '@sveltejs/kit'; -import { Recipe } from '../../../../../models/Recipe'; -import { dbConnect, dbDisconnect } from '../../../../../utils/db'; -import type {BriefRecipeType} from '../../../../../types/types'; -import { rand_array } from '$lib/js/randomize'; - -export const GET: RequestHandler = async ({params}) => { - await dbConnect(); - let recipes = rand_array(await Recipe.find({tags: params.tag}, 'name short_name images tags category icon description season').lean()) as BriefRecipeType[]; - await dbDisconnect(); - - recipes = JSON.parse(JSON.stringify(recipes)); - return json(recipes); -}; diff --git a/src/routes/api/login/+server.ts b/src/routes/api/login/+server.ts deleted file mode 100644 index 656e5a5..0000000 --- a/src/routes/api/login/+server.ts +++ /dev/null @@ -1,46 +0,0 @@ -import type { RequestHandler } from '@sveltejs/kit'; -import { error } from '@sveltejs/kit'; -import pkg from 'jsonwebtoken'; -const { sign } = pkg; -import { verify} from 'argon2'; -import { COOKIE_SECRET } from '$env/static/private' -import { PEPPER } from '$env/static/private' - -import { dbConnect, dbDisconnect } from '../../../utils/db'; -import { User } from '../../../models/User'; - -// header: use for bearer token for now -// recipe json in body -export const POST: RequestHandler = async ({request}) => { - const {username, password} = await request.json() - await dbConnect() - let res = await User.findOne({username: username}, 'pass_hash salt').lean() - await dbDisconnect() - if(!res){ - console.log("NOT FOUND") - throw error(401, {message: "wrong password or user does not exist"}) - } - - const stored_pw = res.pass_hash - const salt = res.salt - - const isMatch = await verify(stored_pw, password + PEPPER, {salt}) - if(!isMatch){ - throw error(401, {message: "wrong password or user does not exist"}) - } - - res = await createJWT(username) - return new Response(JSON.stringify(res)) -}; - -async function createJWT(username) { - const payload = { - username: username, - }; - - const masterSecret = COOKIE_SECRET; - const secretKey = masterSecret; - const jwt = sign(payload, secretKey); - console.log(jwt) - return jwt -} diff --git a/src/routes/api/register/+server.ts b/src/routes/api/register/+server.ts deleted file mode 100644 index ce52c8f..0000000 --- a/src/routes/api/register/+server.ts +++ /dev/null @@ -1,50 +0,0 @@ -import type { RequestHandler } from '@sveltejs/kit'; -import { error } from '@sveltejs/kit'; -import { hash } from 'argon2'; -import { randomBytes } from 'crypto'; -import { ALLOW_REGISTRATION } from '$env/static/private'; -import { PEPPER } from '$env/static/private'; - -import { User } from '../../../models/User'; -import { dbConnect, dbDisconnect } from '../../../utils/db'; - -// header: use for bearer token for now -// recipe json in body -export const POST: RequestHandler = async ({request}) => { - if(ALLOW_REGISTRATION){ - const {username, password, access} = await request.json() - const salt = randomBytes(32).toString('hex'); // Generate a random salt - - const pass_hash = await hashPassword(password + PEPPER, salt) - await dbConnect(); - try{ - await User.create({ - username: username, - pass_hash: pass_hash, - salt: salt, - access: access, - }) - }catch(e){ - await dbDisconnect(); - throw error(400, e); - } - await dbDisconnect(); - return new Response(JSON.stringify({message: "User added successfully"}), - {status: 200} - ); - } - else{ - throw error(401, "user registration currently closed") - } - - -}; - -async function hashPassword(password, salt) { - try { - const hashedPassword = await hash(password, salt); // Hash the password with the salt and pepper - return hashedPassword; - } catch (error) { - console.error('Error hashing password:', error); - } -} diff --git a/src/routes/api/verify/+server.ts b/src/routes/api/verify/+server.ts deleted file mode 100644 index ad41d82..0000000 --- a/src/routes/api/verify/+server.ts +++ /dev/null @@ -1,63 +0,0 @@ -import type { RequestHandler } from '@sveltejs/kit'; -import { error } from '@sveltejs/kit'; -import pkg from 'jsonwebtoken'; -const { verify } = pkg; -import { hash} from 'argon2'; -import { randomBytes } from 'crypto'; -import { COOKIE_SECRET } from '$env/static/private' -import { ALLOW_REGISTRATION } from '$env/static/private' - -import { User } from '../../../models/User'; -import { dbConnect, dbDisconnect } from '../../../utils/db'; - - -import { getJWTFromRequest } from '../../../utils/cookie'; -// header: use for bearer token for now -// recipe json in body -export const GET: RequestHandler = async ({request}) => { - const jwt = getJWTFromRequest(request) - - // Set your master secret key (replace with your own secret) - const masterSecret = COOKIE_SECRET; - const secretKey = masterSecret - let decoded - try{ - decoded = await verify(jwt, secretKey); - } - catch(e){ - throw error(401, "Cookies have changed, please log in again") - } - - await dbConnect() - let res = await User.findOne({username: decoded.username}, 'access').lean(); - await dbDisconnect() - if(!res){ - throw error(404, "User for this Cookie does no longer exist") - } - return new Response(JSON.stringify({ - username: decoded.username, - access: res.access - }), {status: 200}) -}; - -async function hashPassword(password, salt) { - try { - const hashedPassword = await hash(password, salt); // Hash the password with the salt - return hashedPassword; - } catch (error) { - console.error('Error hashing password:', error); - } -} - - - -async function createJWT(username, userSalt) { - const payload = { - username: username, - }; - - const masterSecret = COOKIE_SECRET; - const secretKey = masterSecret + userSalt; - const jwt = sign(payload, secretKey); - return jwt -}