torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance security and error handling in various components by refining error catch blocks to ignore specific errors, improving code clarity and consistency across the application.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 4m10s
Details

Browse Source
This commit is contained in:
Torsten Schulz (local)
2025-12-20 15:05:49 +01:00
parent c9037fec45
commit 6fda6ebad0
42 changed files with 117 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/api/cms/satzung-upload.post.js
View File

@@ -97,7 +97,7 @@ export default defineEventHandler(async (event) => {
// Versuche pdftotext zu verwenden (falls auf dem System installiert)
const { stdout } = await execAsync(`pdftotext "${file.path}" -`)
extractedText = stdout
} catch (error) {
} catch (_error) {
console.log('pdftotext nicht verfügbar, verwende Fallback-Text')
// Fallback: Verwende den bekannten Satzungsinhalt
extractedText = `Vereinssatzung

2
server/api/config.get.js
View File

@@ -13,7 +13,7 @@ const getDataPath = (filename) => {
return path.join(cwd, 'server/data', filename)
}
export default defineEventHandler(async (event) => {
export default defineEventHandler(async (_event) => {
try {
const configFile = getDataPath('config.json')
const data = await fs.readFile(configFile, 'utf-8')

2
server/api/members/toggle-mannschaftsspieler.post.js
View File

@@ -1,5 +1,5 @@
import { verifyToken, getUserById, hasAnyRole, readUsers, writeUsers } from '../../utils/auth.js'
import { readMembers, writeMembers, getMemberById } from '../../utils/members.js'
import { readMembers, writeMembers } from '../../utils/members.js'
export default defineEventHandler(async (event) => {
try {

41
server/api/membership/generate-pdf.post.js
View File

@@ -3,10 +3,9 @@ import { exec } from 'child_process'
import { promisify } from 'util'
import fs from 'fs/promises'
import path from 'path'
import { encrypt } from '../../utils/encryption.js'
import { PDFDocument, rgb, StandardFonts } from 'pdf-lib'
import { StandardFonts } from 'pdf-lib'
const require = createRequire(import.meta.url)
// const require = createRequire(import.meta.url) // Nicht verwendet
const execAsync = promisify(exec)
function mapFieldValue(data, name) {
@@ -39,7 +38,7 @@ function setTextFieldIfEmpty(field, val) {
const cur = field.getText()
if (cur && String(cur).trim() !== '') return
}
} catch (_e) {
} catch {
// Feld nicht lesbar, ignorieren
}
if (val != null && String(val).trim() !== '') field.setText(val)
@@ -60,11 +59,11 @@ function setCheckboxIfNeeded(field, name, data) {
if (mapped === 'true' || mapped === 'ja' || mapped === 'checked') {
try {
if (!(typeof field.isChecked === 'function' && field.isChecked())) field.check && field.check()
} catch (_e) {
} catch {
field.check && field.check()
}
}
} catch (_e) {
} catch {
// Feld nicht verarbeitbar, ignorieren
}
}
@@ -87,7 +86,7 @@ async function fillFormFields(pdfDoc, form, data) {
try {
const helv2 = await pdfDoc.embedFont(StandardFonts.Helvetica)
form.updateFieldAppearances(helv2)
} catch (_e) {
} catch {
// Schriftart nicht einbettbar, ignorieren
}
}
@@ -285,7 +284,7 @@ Unterschrift ${data.isVolljaehrig ? '' : '(bei Minderjährigen Unterschrift eine
return result
}
async function generateSimplePDF(data, filename, event) {
async function generateSimplePDF(data, filename, _event) {
// Fallback: HTML zu PDF mit puppeteer oder ähnlich
// Für jetzt: Einfache Textdatei
const textContent = `
@@ -317,7 +316,7 @@ function getDataPath(filename) {
return path.join(projectRoot, 'server', 'data', filename)
}
async function sendMembershipEmail(data, filename, event) {
async function sendMembershipEmail(data, _filename, _event) {
try {
const configPath = getDataPath('config.json')
const configData = await fs.readFile(configPath, 'utf8')
@@ -425,7 +424,7 @@ export default defineEventHandler(async (event) => {
if (!res.ok) throw new Error(`Template konnte nicht geladen werden: ${res.status}`)
arrayBuffer = await res.arrayBuffer()
}
} catch (e) {
} catch (_e) {
throw new Error('Template-Laden fehlgeschlagen: ' + e.message)
}
@@ -433,7 +432,7 @@ export default defineEventHandler(async (event) => {
let form
try {
form = pdfDoc.getForm()
} catch (e) {
} catch (_e) {
form = null
}
@@ -442,7 +441,7 @@ export default defineEventHandler(async (event) => {
// Koordinaten (in PDF-Punkten) müssen ggf. feinjustiert werden.
const pages = pdfDoc.getPages()
const firstPage = pages[0]
const { width, height } = firstPage.getSize()
firstPage.getSize()
// Schätzwerte: (x, y) in Punkten von linker unteren Ecke
// Diese Werte müssen nach Sichtprüfung justiert werden.
@@ -522,7 +521,7 @@ export default defineEventHandler(async (event) => {
} else if (data.mitgliedschaftsart === 'passiv') {
firstPage.drawText('X', { x: coords.mitglied_checkbox_passiv.x, y: coords.mitglied_checkbox_passiv.y, size: 12, font: helveticaFont })
}
} catch (e) {
} catch (_e) {
console.warn('Fehler beim Zeichnen der Checkbox:', e.message)
}
// Debug overlay: zeichne Marker an allen Koordinaten, wenn data.debug === true
@@ -542,11 +541,11 @@ export default defineEventHandler(async (event) => {
// small label a bit to the right
firstPage.drawText(key, { x: c.x + 8, y: c.y - 1, size: 7, color: rgb(0.6, 0, 0), font: helveticaFont })
}
} catch (e) {
} catch (_e) {
console.warn('Debug overlay fehlgeschlagen:', e.message)
}
}
} catch (e) {
} catch (_e) {
console.warn('Fehler beim positional drawing:', e.message)
}
@@ -601,7 +600,7 @@ export default defineEventHandler(async (event) => {
continue
}
}
} catch (e) {
} catch (_e) {
// ignore getter errors and proceed to set
}
const val = mapValue(lower)
@@ -626,7 +625,7 @@ export default defineEventHandler(async (event) => {
if (lower.includes('passiv') && data.mitgliedschaftsart === 'passiv') field.check && field.check()
}
}
} catch (e) {
} catch (_e) {
// ignore isChecked errors
}
continue
@@ -637,12 +636,12 @@ export default defineEventHandler(async (event) => {
if (!(typeof field.isChecked === 'function' && field.isChecked())) {
field.check && field.check()
}
} catch (e) {
} catch (_e) {
field.check && field.check()
}
}
}
} catch (e) {
} catch (_e) {
console.warn('Fehler beim Befüllen Feld', fname, e.message)
}
}
@@ -651,7 +650,7 @@ export default defineEventHandler(async (event) => {
try {
const helv2 = await pdfDoc.embedFont(StandardFonts.Helvetica)
form.updateFieldAppearances(helv2)
} catch (e) {
} catch (_e) {
console.warn('Warning: could not update field appearances after mapping fields:', e.message)
}
@@ -678,7 +677,7 @@ export default defineEventHandler(async (event) => {
// filename is generated from timestamp, not user input, path traversal prevented
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
await fs.copyFile(finalPdfPath, path.join(repoUploads, `${filename}.pdf`))
} catch (e) {
} catch (_e) {
console.warn('Kopie in repo public/uploads fehlgeschlagen:', e.message)
}
usedTemplate = true

2
server/api/membership/update-status.put.js
View File

@@ -1,6 +1,6 @@
import fs from 'fs/promises'
import path from 'path'
import { decryptObject, encryptObject } from '../../utils/encryption.js'
import { decryptObject } from '../../utils/encryption.js'
import { saveMember } from '../../utils/members.js'
export default defineEventHandler(async (event) => {

3
server/api/newsletter/groups/[id]/posts/create.post.js
View File

@@ -3,7 +3,6 @@ import path from 'path'
import { getUserFromToken, hasAnyRole } from '../../../../../utils/auth.js'
import { randomUUID } from 'crypto'
import { getRecipientsByGroup, getNewsletterSubscribers, generateUnsubscribeToken } from '../../../../../utils/newsletter.js'
import { encryptObject, decryptObject } from '../../../../../utils/encryption.js'
import nodemailer from 'nodemailer'
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
@@ -81,7 +80,7 @@ async function loadLogoAsBase64() {
}
// Erstellt Newsletter-HTML mit Header und Footer
async function createNewsletterHTML(post, group, unsubscribeToken = null, creatorName = null, creatorEmail = null) {
async function createNewsletterHTML(post, group, unsubscribeToken = null, _creatorName = null, _creatorEmail = null) {
const config = await loadConfig()
const clubName = config.verein?.name || 'Harheimer Tischtennis-Club 1954 e.V.'
const baseUrl = process.env.NUXT_PUBLIC_BASE_URL || 'http://localhost:3100'

5
server/api/newsletter/groups/[id]/posts/list.get.js
View File

@@ -1,7 +1,6 @@
import fs from 'fs/promises'
import path from 'path'
import { getUserFromToken, hasAnyRole } from '../../../../../utils/auth.js'
import { encryptObject, decryptObject } from '../../../../../utils/encryption.js'
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
// filename is always a hardcoded constant (e.g., 'newsletter-posts.json'), never user input
@@ -32,7 +31,7 @@ function isEncrypted(data) {
return false
}
return false
} catch (e) {
} catch (_e) {
return true
}
}
@@ -52,7 +51,7 @@ async function readPosts() {
const plainData = JSON.parse(data)
console.warn('Entschlüsselung fehlgeschlagen, versuche als unverschlüsseltes Format zu lesen')
return plainData
} catch (parseError) {
} catch (_parseError) {
console.error('Konnte Newsletter-Posts weder entschlüsseln noch als JSON lesen')
return []
}

2
server/api/newsletter/groups/public-list.get.js
View File

@@ -40,7 +40,7 @@ export default defineEventHandler(async (event) => {
isLoggedIn = true
}
}
} catch (e) {
} catch (_e) {
// Nicht eingeloggt - kein Problem
}

2
server/api/profile.put.js
View File

@@ -1,4 +1,4 @@
import { verifyToken, getUserById, readUsers, writeUsers, verifyPassword, hashPassword, migrateUserRoles } from '../utils/auth.js'
import { verifyToken, readUsers, writeUsers, verifyPassword, hashPassword, migrateUserRoles } from '../utils/auth.js'
export default defineEventHandler(async (event) => {
try {

2
server/api/spielplan.get.js
View File

@@ -8,7 +8,7 @@ export default defineEventHandler(async (event) => {
// Prüfe ob Datei existiert
try {
await fs.access(filePath)
} catch (error) {
} catch (_error) {
return {
success: false,
message: 'Spielplan-Datei nicht gefunden',

2
server/api/spielplan/download/[filename].get.js
View File

@@ -60,7 +60,7 @@ export default defineEventHandler(async (event) => {
// Prüfe ob Datei existiert
try {
await fs.access(filePath)
} catch (error) {
} catch (_error) {
// Fallback: Erstelle eine informative HTML-Seite
const htmlContent = `
<!DOCTYPE html>

8
server/api/spielplan/pdf.get.js
View File

@@ -19,7 +19,7 @@ export default defineEventHandler(async (event) => {
try {
csvContent = await fs.readFile(csvPath, 'utf-8')
} catch (error) {
} catch (_error) {
throw createError({
statusCode: 404,
statusMessage: 'Spielplandaten nicht gefunden'
@@ -192,7 +192,7 @@ export default defineEventHandler(async (event) => {
if (isNaN(spielDatum.getTime())) return false
return spielDatum >= currentSaisonStart && spielDatum <= currentSaisonEnd
} catch (error) {
} catch (_error) {
return false
}
})
@@ -357,7 +357,7 @@ ${hallenListe.map(halle => {
const tempDir = path.join(process.cwd(), 'temp')
try {
await fs.mkdir(tempDir, { recursive: true })
} catch (error) {
} catch (_error) {
// Verzeichnis existiert bereits
}
@@ -384,7 +384,7 @@ ${hallenListe.map(halle => {
await fs.unlink(pdfFile)
await fs.unlink(tempTexFile.replace('.tex', '.log'))
await fs.unlink(tempTexFile.replace('.tex', '.aux'))
} catch (error) {
} catch (_error) {
console.error('Fehler beim Löschen temporärer Dateien:', error)
}
}, 5000)