Add sharp image processing library and update dependencies in package.json and package-lock.json; enhance Navigation component with new 'Galerie' link for improved user navigation.

server/api/galerie/[id].delete.js

@@ -0,0 +1,118 @@
+import fs from 'fs/promises'
+import path from 'path'
+import { getUserFromToken, verifyToken } from '../../utils/auth.js'
+
+// Handle both dev and production paths
+const getDataPath = (filename) => {
+  const cwd = process.cwd()
+  if (cwd.endsWith('.output')) {
+    return path.join(cwd, '../server/data', filename)
+  }
+  return path.join(cwd, 'server/data', filename)
+}
+
+const GALERIE_DIR = getDataPath('galerie')
+const GALERIE_METADATA = getDataPath('galerie-metadata.json')
+
+async function readGalerieMetadata() {
+  try {
+    const data = await fs.readFile(GALERIE_METADATA, 'utf-8')
+    return JSON.parse(data)
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      return []
+    }
+    throw error
+  }
+}
+
+async function writeGalerieMetadata(metadata) {
+  await fs.writeFile(GALERIE_METADATA, JSON.stringify(metadata, null, 2), 'utf-8')
+}
+
+export default defineEventHandler(async (event) => {
+  try {
+    // Authentifizierung prüfen
+    const token = getCookie(event, 'auth_token') || getHeader(event, 'authorization')?.replace('Bearer ', '')
+    
+    if (!token) {
+      throw createError({
+        statusCode: 401,
+        statusMessage: 'Nicht authentifiziert'
+      })
+    }
+
+    const decoded = verifyToken(token)
+    if (!decoded) {
+      throw createError({
+        statusCode: 401,
+        statusMessage: 'Ungültiges Token'
+      })
+    }
+
+    const user = await getUserFromToken(token)
+    if (!user || (user.role !== 'admin' && user.role !== 'vorstand')) {
+      throw createError({
+        statusCode: 403,
+        statusMessage: 'Keine Berechtigung zum Löschen von Bildern'
+      })
+    }
+
+    const imageId = getRouterParam(event, 'id')
+
+    if (!imageId) {
+      throw createError({
+        statusCode: 400,
+        statusMessage: 'Bild-ID erforderlich'
+      })
+    }
+
+    const metadata = await readGalerieMetadata()
+    const image = metadata.find(img => img.id === imageId)
+
+    if (!image) {
+      throw createError({
+        statusCode: 404,
+        statusMessage: 'Bild nicht gefunden'
+      })
+    }
+
+    // Lösche Dateien
+    const originalPath = path.join(GALERIE_DIR, 'originals', image.filename)
+    const previewPath = path.join(GALERIE_DIR, 'previews', image.previewFilename)
+
+    try {
+      await fs.unlink(originalPath)
+    } catch (error) {
+      console.warn('Original-Datei konnte nicht gelöscht werden:', error)
+    }
+
+    try {
+      await fs.unlink(previewPath)
+    } catch (error) {
+      console.warn('Preview-Datei konnte nicht gelöscht werden:', error)
+    }
+
+    // Entferne aus Metadaten
+    const updatedMetadata = metadata.filter(img => img.id !== imageId)
+    await writeGalerieMetadata(updatedMetadata)
+
+    return {
+      success: true,
+      message: 'Bild erfolgreich gelöscht'
+    }
+
+  } catch (error) {
+    console.error('Fehler beim Löschen des Bildes:', error)
+    
+    if (error.statusCode) {
+      throw error
+    }
+    
+    throw createError({
+      statusCode: 500,
+      statusMessage: 'Fehler beim Löschen des Bildes'
+    })
+  }
+})
+

server/api/galerie/[id].get.js

@@ -0,0 +1,125 @@
+import fs from 'fs/promises'
+import path from 'path'
+import sharp from 'sharp'
+import { getUserFromToken, verifyToken } from '../../utils/auth.js'
+
+// Handle both dev and production paths
+const getDataPath = (filename) => {
+  const cwd = process.cwd()
+  if (cwd.endsWith('.output')) {
+    return path.join(cwd, '../server/data', filename)
+  }
+  return path.join(cwd, 'server/data', filename)
+}
+
+const GALERIE_DIR = getDataPath('galerie')
+const GALERIE_METADATA = getDataPath('galerie-metadata.json')
+
+async function readGalerieMetadata() {
+  try {
+    const data = await fs.readFile(GALERIE_METADATA, 'utf-8')
+    return JSON.parse(data)
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      return []
+    }
+    throw error
+  }
+}
+
+export default defineEventHandler(async (event) => {
+  try {
+    const imageId = getRouterParam(event, 'id')
+    const query = getQuery(event)
+    const isPreview = query.preview === 'true'
+
+    if (!imageId) {
+      throw createError({
+        statusCode: 400,
+        statusMessage: 'Bild-ID erforderlich'
+      })
+    }
+
+    // Prüfe ob Benutzer eingeloggt ist
+    let isLoggedIn = false
+    const token = getCookie(event, 'auth_token') || getHeader(event, 'authorization')?.replace('Bearer ', '')
+    
+    if (token) {
+      const decoded = verifyToken(token)
+      if (decoded) {
+        const user = await getUserFromToken(token)
+        if (user && user.active) {
+          isLoggedIn = true
+        }
+      }
+    }
+
+    const metadata = await readGalerieMetadata()
+    const image = metadata.find(img => img.id === imageId)
+
+    if (!image) {
+      throw createError({
+        statusCode: 404,
+        statusMessage: 'Bild nicht gefunden'
+      })
+    }
+
+    // Prüfe Zugriffsberechtigung
+    if (!image.isPublic && !isLoggedIn) {
+      throw createError({
+        statusCode: 403,
+        statusMessage: 'Keine Berechtigung zum Anzeigen dieses Bildes'
+      })
+    }
+
+    // Bestimme Dateipfad
+    const filename = isPreview ? image.previewFilename : image.filename
+    const subdir = isPreview ? 'previews' : 'originals'
+    const filePath = path.join(GALERIE_DIR, subdir, filename)
+
+    // Prüfe ob Datei existiert
+    try {
+      await fs.access(filePath)
+    } catch {
+      throw createError({
+        statusCode: 404,
+        statusMessage: 'Bilddatei nicht gefunden'
+      })
+    }
+
+    // Bestimme MIME-Type
+    const ext = path.extname(filename).toLowerCase()
+    const mimeTypes = {
+      '.jpg': 'image/jpeg',
+      '.jpeg': 'image/jpeg',
+      '.png': 'image/png',
+      '.gif': 'image/gif',
+      '.webp': 'image/webp'
+    }
+    const contentType = mimeTypes[ext] || 'application/octet-stream'
+
+    // Datei lesen und EXIF-Orientierung korrigieren
+    const imageBuffer = await fs.readFile(filePath)
+    const correctedBuffer = await sharp(imageBuffer)
+      .rotate() // Korrigiert automatisch EXIF-Orientierung
+      .toBuffer()
+    
+    setHeader(event, 'Content-Type', contentType)
+    setHeader(event, 'Cache-Control', 'public, max-age=31536000')
+    
+    return correctedBuffer
+
+  } catch (error) {
+    console.error('Fehler beim Laden des Bildes:', error)
+    
+    if (error.statusCode) {
+      throw error
+    }
+    
+    throw createError({
+      statusCode: 500,
+      statusMessage: 'Fehler beim Laden des Bildes'
+    })
+  }
+})
+

server/api/galerie/list.get.js

@@ -0,0 +1,90 @@
+import fs from 'fs/promises'
+import path from 'path'
+import { getUserFromToken, verifyToken } from '../../utils/auth.js'
+
+// Handle both dev and production paths
+const getDataPath = (filename) => {
+  const cwd = process.cwd()
+  if (cwd.endsWith('.output')) {
+    return path.join(cwd, '../server/data', filename)
+  }
+  return path.join(cwd, 'server/data', filename)
+}
+
+const GALERIE_METADATA = getDataPath('galerie-metadata.json')
+
+async function readGalerieMetadata() {
+  try {
+    const data = await fs.readFile(GALERIE_METADATA, 'utf-8')
+    return JSON.parse(data)
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      return []
+    }
+    throw error
+  }
+}
+
+export default defineEventHandler(async (event) => {
+  try {
+    // Prüfe ob Benutzer eingeloggt ist
+    let isLoggedIn = false
+    const token = getCookie(event, 'auth_token') || getHeader(event, 'authorization')?.replace('Bearer ', '')
+    
+    if (token) {
+      const decoded = verifyToken(token)
+      if (decoded) {
+        const user = await getUserFromToken(token)
+        if (user && user.active) {
+          isLoggedIn = true
+        }
+      }
+    }
+
+    const metadata = await readGalerieMetadata()
+
+    // Filtere Bilder basierend auf Sichtbarkeit
+    const visibleImages = metadata.filter(image => {
+      // Öffentliche Bilder sind für alle sichtbar
+      if (image.isPublic) return true
+      // Private Bilder nur für eingeloggte Mitglieder
+      return isLoggedIn
+    })
+
+    // Sortiere nach Upload-Datum (neueste zuerst)
+    visibleImages.sort((a, b) => new Date(b.uploadedAt) - new Date(a.uploadedAt))
+
+    // Pagination
+    const page = parseInt(getQuery(event).page) || 1
+    const perPage = 10
+    const start = (page - 1) * perPage
+    const end = start + perPage
+    const paginatedImages = visibleImages.slice(start, end)
+
+    return {
+      success: true,
+      images: paginatedImages.map(img => ({
+        id: img.id,
+        title: img.title,
+        description: img.description,
+        isPublic: img.isPublic,
+        uploadedAt: img.uploadedAt,
+        previewFilename: img.previewFilename
+      })),
+      pagination: {
+        page,
+        perPage,
+        total: visibleImages.length,
+        totalPages: Math.ceil(visibleImages.length / perPage)
+      }
+    }
+
+  } catch (error) {
+    console.error('Fehler beim Laden der Galerie:', error)
+    throw createError({
+      statusCode: 500,
+      statusMessage: 'Fehler beim Laden der Galerie'
+    })
+  }
+})
+

server/api/galerie/upload.post.js

@@ -0,0 +1,208 @@
+import multer from 'multer'
+import fs from 'fs/promises'
+import path from 'path'
+import sharp from 'sharp'
+import { getUserFromToken, verifyToken } from '../../utils/auth.js'
+import { randomUUID } from 'crypto'
+
+// Handle both dev and production paths
+const getDataPath = (filename) => {
+  const cwd = process.cwd()
+  if (cwd.endsWith('.output')) {
+    return path.join(cwd, '../server/data', filename)
+  }
+  return path.join(cwd, 'server/data', filename)
+}
+
+const GALERIE_DIR = getDataPath('galerie')
+const GALERIE_METADATA = getDataPath('galerie-metadata.json')
+
+// Multer-Konfiguration für Bild-Uploads
+// Temporärer Dateiname, wird später basierend auf Titel umbenannt
+const storage = multer.diskStorage({
+  destination: async (req, file, cb) => {
+    try {
+      await fs.mkdir(GALERIE_DIR, { recursive: true })
+      await fs.mkdir(path.join(GALERIE_DIR, 'originals'), { recursive: true })
+      await fs.mkdir(path.join(GALERIE_DIR, 'previews'), { recursive: true })
+      cb(null, path.join(GALERIE_DIR, 'originals'))
+    } catch (error) {
+      cb(error)
+    }
+  },
+  filename: (req, file, cb) => {
+    // Temporärer Dateiname, wird später umbenannt
+    const ext = path.extname(file.originalname)
+    const tempFilename = `temp_${randomUUID()}${ext}`
+    cb(null, tempFilename)
+  }
+})
+
+const upload = multer({
+  storage,
+  fileFilter: (req, file, cb) => {
+    const allowedMimes = ['image/jpeg', 'image/jpg', 'image/png', 'image/gif', 'image/webp']
+    if (allowedMimes.includes(file.mimetype)) {
+      cb(null, true)
+    } else {
+      cb(new Error('Nur Bilddateien sind erlaubt (JPEG, PNG, GIF, WebP)'), false)
+    }
+  },
+  limits: {
+    fileSize: 10 * 1024 * 1024 // 10MB Limit
+  }
+})
+
+async function readGalerieMetadata() {
+  try {
+    const data = await fs.readFile(GALERIE_METADATA, 'utf-8')
+    return JSON.parse(data)
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      return []
+    }
+    throw error
+  }
+}
+
+async function writeGalerieMetadata(metadata) {
+  await fs.writeFile(GALERIE_METADATA, JSON.stringify(metadata, null, 2), 'utf-8')
+}
+
+export default defineEventHandler(async (event) => {
+  try {
+    // Authentifizierung prüfen
+    const token = getCookie(event, 'auth_token') || getHeader(event, 'authorization')?.replace('Bearer ', '')
+    
+    if (!token) {
+      throw createError({
+        statusCode: 401,
+        statusMessage: 'Nicht authentifiziert'
+      })
+    }
+
+    const decoded = verifyToken(token)
+    if (!decoded) {
+      throw createError({
+        statusCode: 401,
+        statusMessage: 'Ungültiges Token'
+      })
+    }
+
+    const user = await getUserFromToken(token)
+    if (!user || (user.role !== 'admin' && user.role !== 'vorstand')) {
+      throw createError({
+        statusCode: 403,
+        statusMessage: 'Keine Berechtigung zum Hochladen von Bildern'
+      })
+    }
+
+    // Multer-Middleware für multipart/form-data
+    await new Promise((resolve, reject) => {
+      upload.single('image')(event.node.req, event.node.res, (err) => {
+        if (err) reject(err)
+        else resolve()
+      })
+    })
+
+    const file = event.node.req.file
+    const body = event.node.req.body || {}
+    const isPublic = body.isPublic === 'true' || body.isPublic === true
+
+    if (!file) {
+      throw createError({
+        statusCode: 400,
+        statusMessage: 'Keine Bilddatei hochgeladen'
+      })
+    }
+
+    // Titel ist Pflichtfeld
+    if (!body.title || !body.title.trim()) {
+      // Lösche die hochgeladene Datei
+      await fs.unlink(file.path).catch(() => {})
+      throw createError({
+        statusCode: 400,
+        statusMessage: 'Titel ist ein Pflichtfeld'
+      })
+    }
+
+    // Generiere Dateinamen basierend auf Titel
+    const titleSlug = body.title.trim()
+      .toLowerCase()
+      .replace(/[^a-z0-9]+/g, '-')
+      .replace(/^-+|-+$/g, '')
+      .substring(0, 100) // Max 100 Zeichen
+    const ext = path.extname(file.originalname)
+    const filename = `${titleSlug}_${randomUUID().substring(0, 8)}${ext}`
+    const previewFilename = `preview_${filename}`
+
+    // Verschiebe die Datei zum neuen Namen
+    const originalPath = path.join(GALERIE_DIR, 'originals', filename)
+    await fs.rename(file.path, originalPath)
+    
+    const previewPath = path.join(GALERIE_DIR, 'previews', previewFilename)
+
+    // Thumbnail erstellen (150x150px) mit automatischer EXIF-Orientierungskorrektur
+    await sharp(originalPath)
+      .rotate() // Korrigiert automatisch EXIF-Orientierung
+      .resize(150, 150, {
+        fit: 'inside',
+        withoutEnlargement: true
+      })
+      .toFile(previewPath)
+
+    // Metadaten speichern
+    const metadata = await readGalerieMetadata()
+    const newImage = {
+      id: randomUUID(),
+      filename,
+      previewFilename,
+      title: body.title.trim(),
+      description: body.description || '',
+      isPublic,
+      uploadedBy: user.id,
+      uploadedAt: new Date().toISOString(),
+      originalName: file.originalname
+    }
+
+    metadata.push(newImage)
+    await writeGalerieMetadata(metadata)
+
+    return {
+      success: true,
+      message: 'Bild erfolgreich hochgeladen',
+      image: {
+        id: newImage.id,
+        title: newImage.title,
+        isPublic: newImage.isPublic
+      }
+    }
+
+  } catch (error) {
+    console.error('Fehler beim Bild-Upload:', error)
+    
+    if (error.statusCode) {
+      throw error
+    }
+    
+    if (error.code === 'LIMIT_FILE_SIZE') {
+      throw createError({
+        statusCode: 413,
+        statusMessage: 'Datei zu groß (max. 10MB)'
+      })
+    }
+    
+    if (error.message && error.message.includes('Nur Bilddateien')) {
+      throw createError({
+        statusCode: 400,
+        statusMessage: error.message
+      })
+    }
+    
+    throw createError({
+      statusCode: 500,
+      statusMessage: 'Fehler beim Hochladen des Bildes'
+    })
+  }
+})
+

server/data/galerie-metadata.json

@@ -0,0 +1,2 @@
+[
+]

server/data/users.json

@@ -1 +1 @@
-hvxN6KvvickWNnxyvIqXHN9VWFkXlbP9ivRinrShBA0a9Pq7y9QwL23SVGG/8Eu1OrbERAnSJjzyVKKfaR/5gn+a5Q+3Z8MXt+UfADTvNJB4jU+IISnRsEw8T9gXMQQNvkUygoF+qI19+vqdEjMSXTG3HvsWqvgp/0fcoT++i3v2L7UfReXm9hBJti2EiqrD03mH6t+PW31yPe8HxJTnSTCJaHzYhtjsanHE3IeYukBVhSflwtInm1hRecux1Hu1/gfnf+FqtG+9aJp81Ixdmuekk5WNckPblavBsrOHnKYHaT3GExpbK60rls2zgLqMkINg5GqePKRLIffLNU+CbOTTZkgYcLEWN4ICMGxAWAbgOxS8QLTg9iKsmhb7KkB1i4emqCFMSAbeLphbbxgEeA==
+vt5myp1IVj2hMck3wi+hrAym+ZAIGNkg5zeSZcHwpt8NV9ZIj3KD1bPEbzTT7LhmlgspNL/HmTYwdUYN/yoxOxZ5d3usU+/q690XcuP4j4PzMtRc+xXVlA2oZT2lszkZtw0sm9auHI7NCAIViCqfpmnAtjsJPy9Pguni/9BH5hMJtNzR1zg0wIgigqA0eYLatRyMusk+hq0Bv2qodwOH0V6kQ9NHAj6lR6Dehs/nO8R+qjgtvWgYjxPR8RMtn62s8zFki3YcXi8Zweb/I0XUTS9VV4EukyZXpEGDs7ECiN6nesYNAHSB/PhC8rqrPjUPPna2s2sZjVgfY8WueuODw5oArRGfgzDhCz/eqpTS5pjMSrGJ8AygrC7R+l5KSSsMN2hHn/AwY6PAhUtbLe3mmQ==