diff --git a/src/routes/(main)/login/+page.server.ts b/src/routes/(main)/login/+page.server.ts
deleted file mode 100644
index f900f9a..0000000
--- a/src/routes/(main)/login/+page.server.ts
+++ /dev/null
@@ -1,35 +0,0 @@
-import { redirect } from "@sveltejs/kit"
-import type { Actions, PageServerLoad } from "./$types"
-import { error } from "@sveltejs/kit"
-
-export const actions: Actions = {
- login: async (event) => {
- const data = await event.request.formData()
- const res = await event.fetch('/api/user/login',
- {method: 'POST',
- body: JSON.stringify({
- username: data.get('username'),
- password: data.get('password'),
- })
- }
- )
- const jwt = await res.json()
- if(res.ok){
- event.cookies.set("UserSession", jwt, {
- path: "/",
- httpOnly: true,
- sameSite: "strict",
- secure: process.env.NODE_ENV === "production",
- maxAge: 60 * 60 * 24 * 7, // 1 week
- })
-
- throw redirect(303, "/")
- }
- else{
- throw error(401, jwt.message)
- }
- },
- logout: async () => {
- throw redirect(303, "/logout")
- },
-}
diff --git a/src/routes/(main)/login/+page.svelte b/src/routes/(main)/login/+page.svelte
deleted file mode 100644
index 1a42eaa..0000000
--- a/src/routes/(main)/login/+page.svelte
+++ /dev/null
@@ -1,23 +0,0 @@
-
-
diff --git a/src/routes/(main)/login/.jukit/.jukit_info.json b/src/routes/(main)/login/.jukit/.jukit_info.json
deleted file mode 100644
index 92c7342..0000000
--- a/src/routes/(main)/login/.jukit/.jukit_info.json
+++ /dev/null
@@ -1 +0,0 @@
-{"terminal": "nvimterm"}
\ No newline at end of file
diff --git a/src/routes/(main)/logout/+page.server.ts b/src/routes/(main)/logout/+page.server.ts
deleted file mode 100644
index 7184399..0000000
--- a/src/routes/(main)/logout/+page.server.ts
+++ /dev/null
@@ -1,8 +0,0 @@
-import redirect from "@sveltejs/kit"
-import type { Actions } from './$types';
-
-export const actions: Actions = {
- default: async ({cookies}) => {
- cookies.delete("UserSession")
- }
-} satisfies Actions;
diff --git a/src/routes/(main)/logout/+page.svelte b/src/routes/(main)/logout/+page.svelte
deleted file mode 100644
index 61da226..0000000
--- a/src/routes/(main)/logout/+page.svelte
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
diff --git a/src/routes/api/payments/add/+server.ts b/src/routes/api/payments/add/+server.ts
deleted file mode 100644
index 2646a52..0000000
--- a/src/routes/api/payments/add/+server.ts
+++ /dev/null
@@ -1,61 +0,0 @@
-import type { RequestHandler } from '@sveltejs/kit';
-import { Payment } from '../../../../models/Payment';
-import { dbConnect, dbDisconnect } from '../../../../utils/db';
-import { error } from '@sveltejs/kit';
-import { authenticateUser } from '$lib/js/authenticate';;
-import sharp from 'sharp';
-import path from 'path';
-import {IMAGE_DIR} from '$env/static/private';
-
-export const POST: RequestHandler = async ({request, cookies}) => {
- const user = await authenticateUser(cookies)
- if(!user){
- throw error(401, "Not logged in")
- }
- if(!user.access.includes("abrechnung")){
- throw error(401, "This user does not have permissions to add payments")
- }
- else{
- const formData = await request.formData();
- const json = {
- amount: formData.get("amount"),
- for_self: formData.get("for_self"),
- for_other: formData.get("for_other"),
- payee: formData.get("payee"),
- added_by: user._id
- }
- await dbConnect();
- let id;
- try{
- id = (await Payment.create(json))._id.toString();
- } catch(e){
- await dbDisconnect();
- throw error(400, e)
- }
-
- await dbDisconnect();
- const img = formData.get("file")
- if(img){
- //this feels stupid, is there a smarter way directly to Buffer?
- const full_res = Buffer.from(await img.arrayBuffer())
-
- await sharp(full_res)
- .toFormat('webp')
- .toFile(path.join(IMAGE_DIR,
- "abrechnung",
- "full",
- id + '.webp'))
-
- await sharp(full_res)
- .resize({width: 20})
- .toFormat('webp')
- .toFile(path.join(IMAGE_DIR,
- "abrechnung",
- "placeholder",
- id + '.webp'))
- }
- return new Response(JSON.stringify({message: "Added payment successfully"}),{
- status: 200,
- });
- }
-};
diff --git a/src/routes/api/payments/delete/+server.ts b/src/routes/api/payments/delete/+server.ts
deleted file mode 100644
index 1c42309..0000000
--- a/src/routes/api/payments/delete/+server.ts
+++ /dev/null
@@ -1,24 +0,0 @@
-import type { RequestHandler } from '@sveltejs/kit';
-import { Payment } from '../../../../models/Payment';
-import { dbConnect, dbDisconnect } from '../../../../utils/db';
-import { error } from '@sveltejs/kit';
-import { authenticateUser } from '$lib/js/authenticate';
-// header: use for bearer token for now
-// recipe json in body
-export const POST: RequestHandler = async ({request, cookies}) => {
- let json = await request.json()
-
- const user = await authenticateUser(cookies)
- if(!user) throw error(401, "Need to be logged in")
- if(!user.access.includes("abrechnung")){
- throw error(401, "Insufficient permissions")
- }
- else{
- await dbConnect();
- await Payment.findOneAndDelete({_id: json.id});
- await dbDisconnect();
- return new Response(JSON.stringify({msg: "Deleted payment successfully"}),{
- status: 200,
- });
- }
-}
diff --git a/src/routes/api/payments/edit/+server.ts b/src/routes/api/payments/edit/+server.ts
deleted file mode 100644
index 2bed766..0000000
--- a/src/routes/api/payments/edit/+server.ts
+++ /dev/null
@@ -1,27 +0,0 @@
-import type { RequestHandler } from '@sveltejs/kit';
-import { Payment } from '../../../../models/Payment';
-import { dbConnect, dbDisconnect } from '../../../../utils/db';
-import { error } from '@sveltejs/kit';
-import { authenticateUser } from '$lib/js/authenticate';
-// header: use for bearer token for now
-// recipe json in body
-export const POST: RequestHandler = async ({request, cookies}) => {
- let message = await request.json()
- const json = message.payment
- const user = await authenticateUser(cookies)
- if(!user){
- throw error(403, "Not logged in")
- }
- else if(!user.access.includes("abrechnung")){
- throw error(403, "This user does not have edit permissions for payments")
- }
- else{
- await dbConnect();
- await Payment.findOneAndUpdate({_id: json.id}, json);
- await dbDisconnect();
- return new Response(JSON.stringify({msg: "Edited payment successfully"}),{
- status: 200,
- });
-
- }
-};
diff --git a/src/routes/api/payments/item/[id]/+server.ts b/src/routes/api/payments/item/[id]/+server.ts
deleted file mode 100644
index 6d64686..0000000
--- a/src/routes/api/payments/item/[id]/+server.ts
+++ /dev/null
@@ -1,27 +0,0 @@
-import type { RequestHandler } from '@sveltejs/kit';
-import { Payment } from '../../../../../models/Payment';
-import { dbConnect, dbDisconnect } from '../../../../../utils/db';
-import { error } from '@sveltejs/kit';
-import { authenticateUser } from '$lib/js/authenticate';
-// header: use for bearer token for now
-// recipe json in body
-export const POST: RequestHandler = async ({request, cookies}) => {
- let message = await request.json()
- const json = message.payment
- const user = await authenticateUser(cookies)
- if(!user){
- throw error(403, "Not logged in")
- }
- else if(!user.access.includes("abrechnung")){
- throw error(403, "This user does not have edit permissions for payments")
- }
- else{
- await dbConnect();
- const payment = await Payment.findOne({_id: json.id}).lean();
- await dbDisconnect();
- return new Response(JSON.stringify({payment}),{
- status: 200,
- });
-
- }
-};
diff --git a/src/routes/api/payments/items/[range]/+server.ts b/src/routes/api/payments/items/[range]/+server.ts
deleted file mode 100644
index 6bd8e42..0000000
--- a/src/routes/api/payments/items/[range]/+server.ts
+++ /dev/null
@@ -1,28 +0,0 @@
-import type { RequestHandler } from '@sveltejs/kit';
-import { Payment } from '../../../../../models/Payment';
-import { dbConnect, dbDisconnect } from '../../../../../utils/db';
-import { error } from '@sveltejs/kit';
-import { authenticateUser } from '$lib/js/authenticate';
-// header: use for bearer token for now
-// recipe json in body
-export const POST: RequestHandler = async ({request, cookies, params}) => {
- let message = await request.json()
- const n = params.range
- const start = message?.start ?? 0;
- const user = await authenticateUser(cookies)
- if(!user){
- throw error(403, "Not logged in")
- }
- else if(!user.access.includes("abrechnung")){
- throw error(403, "This user does not have viewing permissions for payments")
- }
- else{
- await dbConnect();
- const payments = await Payment.find({}).sort({ date: -1 }).skip(start).limit(n).lean()
- await dbDisconnect();
- return new Response(JSON.stringify({payments}),{
- status: 200,
- });
-
- }
-};
diff --git a/src/routes/api/payments/payees/+server.ts b/src/routes/api/payments/payees/+server.ts
deleted file mode 100644
index 8fd7a60..0000000
--- a/src/routes/api/payments/payees/+server.ts
+++ /dev/null
@@ -1,26 +0,0 @@
-import type { RequestHandler } from '@sveltejs/kit';
-import { Payment } from '../../../../models/Payment';
-import { dbConnect, dbDisconnect } from '../../../../utils/db';
-import { error } from '@sveltejs/kit';
-import { authenticateUser } from '$lib/js/authenticate';
-import { User } from '../../../../models/User';
-// header: use for bearer token for now
-// recipe json in body
-export const GET: RequestHandler = async ({request, cookies}) => {
- const user = await authenticateUser(cookies)
- if(!user){
- throw error(403, "Not logged in")
- }
- else if(!user.access.includes("abrechnung")){
- throw error(403, "This user does not have edit permissions for payments")
- }
- else{
- await dbConnect();
- const users = await User.find({access: "abrechnung"}, 'username').lean()
- await dbDisconnect();
- return new Response(JSON.stringify({users}),{
- status: 200,
- });
-
- }
-};
diff --git a/src/routes/api/rezepte/add/+server.ts b/src/routes/api/rezepte/add/+server.ts
index 9df6ca8..1324489 100644
--- a/src/routes/api/rezepte/add/+server.ts
+++ b/src/routes/api/rezepte/add/+server.ts
@@ -2,29 +2,28 @@ import type { RequestHandler } from '@sveltejs/kit';
import { Recipe } from '../../../../models/Recipe';
import { dbConnect, dbDisconnect } from '../../../../utils/db';
import { error } from '@sveltejs/kit';
-import { authenticateUser } from '$lib/js/authenticate';;
// header: use for bearer token for now
// recipe json in body
-export const POST: RequestHandler = async ({request, cookies}) => {
+export const POST: RequestHandler = async ({request, cookies, locals}) => {
let message = await request.json()
const recipe_json = message.recipe
- const user = await authenticateUser(cookies)
- if(!user){
+ let auth = await locals.auth();
+ /*const user = session.user;*/
+ console.log(auth)
+ if(!auth){
throw error(401, "Not logged in")
}
- if(!user.access.includes("rezepte")){
+ /*if(!user.access.includes("rezepte")){
throw error(401, "This user does not have permissions to add recipes")
- }
- else{
- await dbConnect();
- try{
- await Recipe.create(recipe_json);
- } catch(e){
- throw error(400, e)
- }
- await dbDisconnect();
- return new Response(JSON.stringify({msg: "Added recipe successfully"}),{
- status: 200,
- });
- }
+ }*/
+ await dbConnect();
+ try{
+ await Recipe.create(recipe_json);
+ } catch(e){
+ throw error(400, e)
+ }
+ await dbDisconnect();
+ return new Response(JSON.stringify({msg: "Added recipe successfully"}),{
+ status: 200,
+ });
};
diff --git a/src/routes/api/rezepte/delete/+server.ts b/src/routes/api/rezepte/delete/+server.ts
index 98479d7..ecc02a9 100644
--- a/src/routes/api/rezepte/delete/+server.ts
+++ b/src/routes/api/rezepte/delete/+server.ts
@@ -3,15 +3,13 @@ import { Recipe } from '../../../../models/Recipe';
import { dbConnect, dbDisconnect } from '../../../../utils/db';
import type {RecipeModelType} from '../../../../types/types';
import { error } from '@sveltejs/kit';
-import { authenticateUser } from '$lib/js/authenticate';
// header: use for bearer token for now
// recipe json in body
-export const POST: RequestHandler = async ({request, cookies}) => {
+export const POST: RequestHandler = async ({request, locals}) => {
let message = await request.json()
- const user = await authenticateUser(cookies)
- if(!user) throw error(401, "Need to be logged in")
- if(!user.access.includes("rezepte")) throw error(401, "Insufficient permissions")
+ const auth = await locals.auth();
+ if(!auth) throw error(401, "Need to be logged in")
const short_name = message.old_short_name
await dbConnect();
diff --git a/src/routes/api/rezepte/edit/+server.ts b/src/routes/api/rezepte/edit/+server.ts
index b608732..330b622 100644
--- a/src/routes/api/rezepte/edit/+server.ts
+++ b/src/routes/api/rezepte/edit/+server.ts
@@ -3,20 +3,15 @@ import { Recipe } from '../../../../models/Recipe';
import { dbConnect, dbDisconnect } from '../../../../utils/db';
import type {RecipeModelType} from '../../../../types/types';
import { error } from '@sveltejs/kit';
-import { authenticateUser } from '$lib/js/authenticate';
// header: use for bearer token for now
// recipe json in body
-export const POST: RequestHandler = async ({request, cookies}) => {
+export const POST: RequestHandler = async ({request, locals}) => {
let message = await request.json()
const recipe_json = message.recipe
- const user = await authenticateUser(cookies)
- console.log(user)
- if(!user){
+ const auth = await locals.auth();
+ if(!auth){
throw error(403, "Not logged in")
}
- else if(!user.access.includes("rezepte")){
- throw error(403, "This user does not have edit permissions for recipes")
- }
else{
await dbConnect();
await Recipe.findOneAndUpdate({short_name: message.old_short_name }, recipe_json);
diff --git a/src/routes/api/rezepte/img/add/+server.ts b/src/routes/api/rezepte/img/add/+server.ts
index fa51487..7924ac1 100644
--- a/src/routes/api/rezepte/img/add/+server.ts
+++ b/src/routes/api/rezepte/img/add/+server.ts
@@ -3,13 +3,11 @@ import type { RequestHandler } from '@sveltejs/kit';
import { error } from '@sveltejs/kit';
import { IMAGE_DIR } from '$env/static/private'
import sharp from 'sharp';
-import { authenticateUser } from '$lib/js/authenticate';
-export const POST = (async ({ request, cookies }) => {
+export const POST = (async ({ request, locals}) => {
const data = await request.json();
- const user = await authenticateUser(cookies)
- if (!user) throw error(401, "Need to be logged in")
- if (!user.access.includes("rezepte")) throw error(401, "You don't have sufficient permissions for this")
+ const auth = await locals.auth();
+ if (!auth) throw error(401, "Need to be logged in")
let full_res = new Buffer.from(data.image, 'base64')
// reduce image size if over 500KB
const MAX_SIZE_KB = 500
diff --git a/src/routes/api/rezepte/img/delete/+server.ts b/src/routes/api/rezepte/img/delete/+server.ts
index 6fd1691..a98e9e8 100644
--- a/src/routes/api/rezepte/img/delete/+server.ts
+++ b/src/routes/api/rezepte/img/delete/+server.ts
@@ -3,13 +3,12 @@ import type { RequestHandler } from '@sveltejs/kit';
import { IMAGE_DIR } from '$env/static/private'
import { unlink } from 'node:fs';
import { error } from '@sveltejs/kit';
-import { authenticateUser } from '$lib/js/authenticate';;
-export const POST = (async ({ request, cookies }) => {
+export const POST = (async ({ request, locals}) => {
const data = await request.json();
- const user = await authenticateUser(cookies)
- if(!user) throw error(401, "You need to be logged in")
- if(!user.access.includes("rezepte")) throw error(401, "Your don't have the required permission for this")
+ const auth = await locals.auth()
+ if(!auth) throw error(401, "You need to be logged in")
+
[ "full", "thumb", "placeholder"].forEach((folder) => {
unlink(path.join(IMAGE_DIR, "rezepte", folder, data.name + ".webp"), (e) => {
if(e) error(404, "could not delete: " + folder + "/" + data.name + ".webp" + e)
diff --git a/src/routes/api/rezepte/img/mv/+server.ts b/src/routes/api/rezepte/img/mv/+server.ts
index 7add42e..840bcd8 100644
--- a/src/routes/api/rezepte/img/mv/+server.ts
+++ b/src/routes/api/rezepte/img/mv/+server.ts
@@ -3,13 +3,11 @@ import type { RequestHandler } from '@sveltejs/kit';
import { IMAGE_DIR } from '$env/static/private'
import { rename } from 'node:fs';
import { error } from '@sveltejs/kit';
-import { authenticateUser } from '$lib/js/authenticate';
-export const POST = (async ({ request, cookies }) => {
+export const POST = (async ({ request, locals}) => {
const data = await request.json();
- const user = await authenticateUser(cookies)
- if(!user) throw error(401, "need to be logged in")
- if(!user.access.includes("rezepte")) throw error(401, "You don't have the required permission to do this")
+ const auth = await locals.auth();
+ if(!auth ) throw error(401, "need to be logged in")
[ "full", "thumb", "placeholder"].forEach((folder) => {
const old_path = path.join(IMAGE_DIR, "rezepte", folder, data.old_name + ".webp")
diff --git a/src/routes/rezepte/+layout.server.ts b/src/routes/rezepte/+layout.server.ts
index 8c67955..090a40e 100644
--- a/src/routes/rezepte/+layout.server.ts
+++ b/src/routes/rezepte/+layout.server.ts
@@ -1,5 +1,8 @@
-import { get_username } from '$lib/js/get_username';;
+import type { Actions, PageServerLoad } from "./$types"
+import { error } from "@sveltejs/kit"
-export const load = (async ({cookies}) => {
- return { user: await get_username(cookies) }
+export const load = (async ({cookies, locals}) => {
+ return {
+ session: await locals.getSession()
+ }
});
diff --git a/src/routes/rezepte/+layout.svelte b/src/routes/rezepte/+layout.svelte
index 939ed30..334cbfb 100644
--- a/src/routes/rezepte/+layout.svelte
+++ b/src/routes/rezepte/+layout.svelte
@@ -3,8 +3,8 @@ import Header from '$lib/components/Header.svelte'
import UserHeader from '$lib/components/UserHeader.svelte';
export let data
let username = ""
-if(data.user){
- username = data.user.username
+if(data.session){
+ username = data.session.user.name
}