initial OIDC setup
This commit is contained in:
@@ -1,61 +0,0 @@
|
||||
import type { RequestHandler } from '@sveltejs/kit';
|
||||
import { Payment } from '../../../../models/Payment';
|
||||
import { dbConnect, dbDisconnect } from '../../../../utils/db';
|
||||
import { error } from '@sveltejs/kit';
|
||||
import { authenticateUser } from '$lib/js/authenticate';;
|
||||
import sharp from 'sharp';
|
||||
import path from 'path';
|
||||
import {IMAGE_DIR} from '$env/static/private';
|
||||
|
||||
export const POST: RequestHandler = async ({request, cookies}) => {
|
||||
const user = await authenticateUser(cookies)
|
||||
if(!user){
|
||||
throw error(401, "Not logged in")
|
||||
}
|
||||
if(!user.access.includes("abrechnung")){
|
||||
throw error(401, "This user does not have permissions to add payments")
|
||||
}
|
||||
else{
|
||||
const formData = await request.formData();
|
||||
const json = {
|
||||
amount: formData.get("amount"),
|
||||
for_self: formData.get("for_self"),
|
||||
for_other: formData.get("for_other"),
|
||||
payee: formData.get("payee"),
|
||||
added_by: user._id
|
||||
}
|
||||
await dbConnect();
|
||||
let id;
|
||||
try{
|
||||
id = (await Payment.create(json))._id.toString();
|
||||
} catch(e){
|
||||
await dbDisconnect();
|
||||
throw error(400, e)
|
||||
}
|
||||
|
||||
await dbDisconnect();
|
||||
const img = formData.get("file")
|
||||
if(img){
|
||||
//this feels stupid, is there a smarter way directly to Buffer?
|
||||
const full_res = Buffer.from(await img.arrayBuffer())
|
||||
|
||||
await sharp(full_res)
|
||||
.toFormat('webp')
|
||||
.toFile(path.join(IMAGE_DIR,
|
||||
"abrechnung",
|
||||
"full",
|
||||
id + '.webp'))
|
||||
|
||||
await sharp(full_res)
|
||||
.resize({width: 20})
|
||||
.toFormat('webp')
|
||||
.toFile(path.join(IMAGE_DIR,
|
||||
"abrechnung",
|
||||
"placeholder",
|
||||
id + '.webp'))
|
||||
}
|
||||
return new Response(JSON.stringify({message: "Added payment successfully"}),{
|
||||
status: 200,
|
||||
});
|
||||
}
|
||||
};
|
||||
@@ -1,24 +0,0 @@
|
||||
import type { RequestHandler } from '@sveltejs/kit';
|
||||
import { Payment } from '../../../../models/Payment';
|
||||
import { dbConnect, dbDisconnect } from '../../../../utils/db';
|
||||
import { error } from '@sveltejs/kit';
|
||||
import { authenticateUser } from '$lib/js/authenticate';
|
||||
// header: use for bearer token for now
|
||||
// recipe json in body
|
||||
export const POST: RequestHandler = async ({request, cookies}) => {
|
||||
let json = await request.json()
|
||||
|
||||
const user = await authenticateUser(cookies)
|
||||
if(!user) throw error(401, "Need to be logged in")
|
||||
if(!user.access.includes("abrechnung")){
|
||||
throw error(401, "Insufficient permissions")
|
||||
}
|
||||
else{
|
||||
await dbConnect();
|
||||
await Payment.findOneAndDelete({_id: json.id});
|
||||
await dbDisconnect();
|
||||
return new Response(JSON.stringify({msg: "Deleted payment successfully"}),{
|
||||
status: 200,
|
||||
});
|
||||
}
|
||||
}
|
||||
@@ -1,27 +0,0 @@
|
||||
import type { RequestHandler } from '@sveltejs/kit';
|
||||
import { Payment } from '../../../../models/Payment';
|
||||
import { dbConnect, dbDisconnect } from '../../../../utils/db';
|
||||
import { error } from '@sveltejs/kit';
|
||||
import { authenticateUser } from '$lib/js/authenticate';
|
||||
// header: use for bearer token for now
|
||||
// recipe json in body
|
||||
export const POST: RequestHandler = async ({request, cookies}) => {
|
||||
let message = await request.json()
|
||||
const json = message.payment
|
||||
const user = await authenticateUser(cookies)
|
||||
if(!user){
|
||||
throw error(403, "Not logged in")
|
||||
}
|
||||
else if(!user.access.includes("abrechnung")){
|
||||
throw error(403, "This user does not have edit permissions for payments")
|
||||
}
|
||||
else{
|
||||
await dbConnect();
|
||||
await Payment.findOneAndUpdate({_id: json.id}, json);
|
||||
await dbDisconnect();
|
||||
return new Response(JSON.stringify({msg: "Edited payment successfully"}),{
|
||||
status: 200,
|
||||
});
|
||||
|
||||
}
|
||||
};
|
||||
@@ -1,27 +0,0 @@
|
||||
import type { RequestHandler } from '@sveltejs/kit';
|
||||
import { Payment } from '../../../../../models/Payment';
|
||||
import { dbConnect, dbDisconnect } from '../../../../../utils/db';
|
||||
import { error } from '@sveltejs/kit';
|
||||
import { authenticateUser } from '$lib/js/authenticate';
|
||||
// header: use for bearer token for now
|
||||
// recipe json in body
|
||||
export const POST: RequestHandler = async ({request, cookies}) => {
|
||||
let message = await request.json()
|
||||
const json = message.payment
|
||||
const user = await authenticateUser(cookies)
|
||||
if(!user){
|
||||
throw error(403, "Not logged in")
|
||||
}
|
||||
else if(!user.access.includes("abrechnung")){
|
||||
throw error(403, "This user does not have edit permissions for payments")
|
||||
}
|
||||
else{
|
||||
await dbConnect();
|
||||
const payment = await Payment.findOne({_id: json.id}).lean();
|
||||
await dbDisconnect();
|
||||
return new Response(JSON.stringify({payment}),{
|
||||
status: 200,
|
||||
});
|
||||
|
||||
}
|
||||
};
|
||||
@@ -1,28 +0,0 @@
|
||||
import type { RequestHandler } from '@sveltejs/kit';
|
||||
import { Payment } from '../../../../../models/Payment';
|
||||
import { dbConnect, dbDisconnect } from '../../../../../utils/db';
|
||||
import { error } from '@sveltejs/kit';
|
||||
import { authenticateUser } from '$lib/js/authenticate';
|
||||
// header: use for bearer token for now
|
||||
// recipe json in body
|
||||
export const POST: RequestHandler = async ({request, cookies, params}) => {
|
||||
let message = await request.json()
|
||||
const n = params.range
|
||||
const start = message?.start ?? 0;
|
||||
const user = await authenticateUser(cookies)
|
||||
if(!user){
|
||||
throw error(403, "Not logged in")
|
||||
}
|
||||
else if(!user.access.includes("abrechnung")){
|
||||
throw error(403, "This user does not have viewing permissions for payments")
|
||||
}
|
||||
else{
|
||||
await dbConnect();
|
||||
const payments = await Payment.find({}).sort({ date: -1 }).skip(start).limit(n).lean()
|
||||
await dbDisconnect();
|
||||
return new Response(JSON.stringify({payments}),{
|
||||
status: 200,
|
||||
});
|
||||
|
||||
}
|
||||
};
|
||||
@@ -1,26 +0,0 @@
|
||||
import type { RequestHandler } from '@sveltejs/kit';
|
||||
import { Payment } from '../../../../models/Payment';
|
||||
import { dbConnect, dbDisconnect } from '../../../../utils/db';
|
||||
import { error } from '@sveltejs/kit';
|
||||
import { authenticateUser } from '$lib/js/authenticate';
|
||||
import { User } from '../../../../models/User';
|
||||
// header: use for bearer token for now
|
||||
// recipe json in body
|
||||
export const GET: RequestHandler = async ({request, cookies}) => {
|
||||
const user = await authenticateUser(cookies)
|
||||
if(!user){
|
||||
throw error(403, "Not logged in")
|
||||
}
|
||||
else if(!user.access.includes("abrechnung")){
|
||||
throw error(403, "This user does not have edit permissions for payments")
|
||||
}
|
||||
else{
|
||||
await dbConnect();
|
||||
const users = await User.find({access: "abrechnung"}, 'username').lean()
|
||||
await dbDisconnect();
|
||||
return new Response(JSON.stringify({users}),{
|
||||
status: 200,
|
||||
});
|
||||
|
||||
}
|
||||
};
|
||||
@@ -2,29 +2,28 @@ import type { RequestHandler } from '@sveltejs/kit';
|
||||
import { Recipe } from '../../../../models/Recipe';
|
||||
import { dbConnect, dbDisconnect } from '../../../../utils/db';
|
||||
import { error } from '@sveltejs/kit';
|
||||
import { authenticateUser } from '$lib/js/authenticate';;
|
||||
// header: use for bearer token for now
|
||||
// recipe json in body
|
||||
export const POST: RequestHandler = async ({request, cookies}) => {
|
||||
export const POST: RequestHandler = async ({request, cookies, locals}) => {
|
||||
let message = await request.json()
|
||||
const recipe_json = message.recipe
|
||||
const user = await authenticateUser(cookies)
|
||||
if(!user){
|
||||
let auth = await locals.auth();
|
||||
/*const user = session.user;*/
|
||||
console.log(auth)
|
||||
if(!auth){
|
||||
throw error(401, "Not logged in")
|
||||
}
|
||||
if(!user.access.includes("rezepte")){
|
||||
/*if(!user.access.includes("rezepte")){
|
||||
throw error(401, "This user does not have permissions to add recipes")
|
||||
}
|
||||
else{
|
||||
await dbConnect();
|
||||
try{
|
||||
await Recipe.create(recipe_json);
|
||||
} catch(e){
|
||||
throw error(400, e)
|
||||
}
|
||||
await dbDisconnect();
|
||||
return new Response(JSON.stringify({msg: "Added recipe successfully"}),{
|
||||
status: 200,
|
||||
});
|
||||
}
|
||||
}*/
|
||||
await dbConnect();
|
||||
try{
|
||||
await Recipe.create(recipe_json);
|
||||
} catch(e){
|
||||
throw error(400, e)
|
||||
}
|
||||
await dbDisconnect();
|
||||
return new Response(JSON.stringify({msg: "Added recipe successfully"}),{
|
||||
status: 200,
|
||||
});
|
||||
};
|
||||
|
||||
@@ -3,15 +3,13 @@ import { Recipe } from '../../../../models/Recipe';
|
||||
import { dbConnect, dbDisconnect } from '../../../../utils/db';
|
||||
import type {RecipeModelType} from '../../../../types/types';
|
||||
import { error } from '@sveltejs/kit';
|
||||
import { authenticateUser } from '$lib/js/authenticate';
|
||||
// header: use for bearer token for now
|
||||
// recipe json in body
|
||||
export const POST: RequestHandler = async ({request, cookies}) => {
|
||||
export const POST: RequestHandler = async ({request, locals}) => {
|
||||
let message = await request.json()
|
||||
|
||||
const user = await authenticateUser(cookies)
|
||||
if(!user) throw error(401, "Need to be logged in")
|
||||
if(!user.access.includes("rezepte")) throw error(401, "Insufficient permissions")
|
||||
const auth = await locals.auth();
|
||||
if(!auth) throw error(401, "Need to be logged in")
|
||||
|
||||
const short_name = message.old_short_name
|
||||
await dbConnect();
|
||||
|
||||
@@ -3,20 +3,15 @@ import { Recipe } from '../../../../models/Recipe';
|
||||
import { dbConnect, dbDisconnect } from '../../../../utils/db';
|
||||
import type {RecipeModelType} from '../../../../types/types';
|
||||
import { error } from '@sveltejs/kit';
|
||||
import { authenticateUser } from '$lib/js/authenticate';
|
||||
// header: use for bearer token for now
|
||||
// recipe json in body
|
||||
export const POST: RequestHandler = async ({request, cookies}) => {
|
||||
export const POST: RequestHandler = async ({request, locals}) => {
|
||||
let message = await request.json()
|
||||
const recipe_json = message.recipe
|
||||
const user = await authenticateUser(cookies)
|
||||
console.log(user)
|
||||
if(!user){
|
||||
const auth = await locals.auth();
|
||||
if(!auth){
|
||||
throw error(403, "Not logged in")
|
||||
}
|
||||
else if(!user.access.includes("rezepte")){
|
||||
throw error(403, "This user does not have edit permissions for recipes")
|
||||
}
|
||||
else{
|
||||
await dbConnect();
|
||||
await Recipe.findOneAndUpdate({short_name: message.old_short_name }, recipe_json);
|
||||
|
||||
@@ -3,13 +3,11 @@ import type { RequestHandler } from '@sveltejs/kit';
|
||||
import { error } from '@sveltejs/kit';
|
||||
import { IMAGE_DIR } from '$env/static/private'
|
||||
import sharp from 'sharp';
|
||||
import { authenticateUser } from '$lib/js/authenticate';
|
||||
|
||||
export const POST = (async ({ request, cookies }) => {
|
||||
export const POST = (async ({ request, locals}) => {
|
||||
const data = await request.json();
|
||||
const user = await authenticateUser(cookies)
|
||||
if (!user) throw error(401, "Need to be logged in")
|
||||
if (!user.access.includes("rezepte")) throw error(401, "You don't have sufficient permissions for this")
|
||||
const auth = await locals.auth();
|
||||
if (!auth) throw error(401, "Need to be logged in")
|
||||
let full_res = new Buffer.from(data.image, 'base64')
|
||||
// reduce image size if over 500KB
|
||||
const MAX_SIZE_KB = 500
|
||||
|
||||
@@ -3,13 +3,12 @@ import type { RequestHandler } from '@sveltejs/kit';
|
||||
import { IMAGE_DIR } from '$env/static/private'
|
||||
import { unlink } from 'node:fs';
|
||||
import { error } from '@sveltejs/kit';
|
||||
import { authenticateUser } from '$lib/js/authenticate';;
|
||||
|
||||
export const POST = (async ({ request, cookies }) => {
|
||||
export const POST = (async ({ request, locals}) => {
|
||||
const data = await request.json();
|
||||
const user = await authenticateUser(cookies)
|
||||
if(!user) throw error(401, "You need to be logged in")
|
||||
if(!user.access.includes("rezepte")) throw error(401, "Your don't have the required permission for this")
|
||||
const auth = await locals.auth()
|
||||
if(!auth) throw error(401, "You need to be logged in")
|
||||
|
||||
[ "full", "thumb", "placeholder"].forEach((folder) => {
|
||||
unlink(path.join(IMAGE_DIR, "rezepte", folder, data.name + ".webp"), (e) => {
|
||||
if(e) error(404, "could not delete: " + folder + "/" + data.name + ".webp" + e)
|
||||
|
||||
@@ -3,13 +3,11 @@ import type { RequestHandler } from '@sveltejs/kit';
|
||||
import { IMAGE_DIR } from '$env/static/private'
|
||||
import { rename } from 'node:fs';
|
||||
import { error } from '@sveltejs/kit';
|
||||
import { authenticateUser } from '$lib/js/authenticate';
|
||||
|
||||
export const POST = (async ({ request, cookies }) => {
|
||||
export const POST = (async ({ request, locals}) => {
|
||||
const data = await request.json();
|
||||
const user = await authenticateUser(cookies)
|
||||
if(!user) throw error(401, "need to be logged in")
|
||||
if(!user.access.includes("rezepte")) throw error(401, "You don't have the required permission to do this")
|
||||
const auth = await locals.auth();
|
||||
if(!auth ) throw error(401, "need to be logged in")
|
||||
|
||||
[ "full", "thumb", "placeholder"].forEach((folder) => {
|
||||
const old_path = path.join(IMAGE_DIR, "rezepte", folder, data.old_name + ".webp")
|
||||
|
||||
Reference in New Issue
Block a user