Add config system for training, trainer, membership and impressum with CMS editor

server/api/config.put.js

@@ -0,0 +1,64 @@
+import { verifyToken, getUserById } from '../utils/auth.js'
+import { promises as fs } from 'fs'
+import path from 'path'
+
+const getDataPath = (filename) => {
+  const cwd = process.cwd()
+  if (cwd.endsWith('.output')) {
+    return path.join(cwd, '../server/data', filename)
+  }
+  return path.join(cwd, 'server/data', filename)
+}
+
+export default defineEventHandler(async (event) => {
+  try {
+    const token = getCookie(event, 'auth_token')
+
+    if (!token) {
+      throw createError({
+        statusCode: 401,
+        message: 'Nicht authentifiziert.'
+      })
+    }
+
+    const decoded = verifyToken(token)
+
+    if (!decoded) {
+      throw createError({
+        statusCode: 401,
+        message: 'Ungültiges Token.'
+      })
+    }
+
+    const user = await getUserById(decoded.id)
+
+    // Only admin and vorstand can edit config
+    if (!user || (user.role !== 'admin' && user.role !== 'vorstand')) {
+      throw createError({
+        statusCode: 403,
+        message: 'Keine Berechtigung zum Bearbeiten der Konfiguration.'
+      })
+    }
+
+    const body = await readBody(event)
+
+    if (!body.config) {
+      throw createError({
+        statusCode: 400,
+        message: 'Konfigurationsdaten fehlen.'
+      })
+    }
+
+    const configFile = getDataPath('config.json')
+    await fs.writeFile(configFile, JSON.stringify(body.config, null, 2), 'utf-8')
+
+    return {
+      success: true,
+      message: 'Konfiguration erfolgreich gespeichert.'
+    }
+  } catch (error) {
+    console.error('Fehler beim Speichern der Config:', error)
+    throw error
+  }
+})
+