From dee760d51a99e21b5df13603f2af8cfeea046e28 Mon Sep 17 00:00:00 2001
From: "Torsten Schulz (local)" <tsschulz@gmx.net>
Date: Fri, 9 Jan 2026 09:01:23 +0100
Subject: [PATCH] Enhance newsletter subscription functionality with user
 profile integration

This commit updates the newsletter subscription component to display the user's email when logged in, improving user experience. It also adds logic to load the user's profile data upon authentication, ensuring that the email field is pre-filled for logged-in users. Additionally, the server-side subscription handler is modified to check user authentication status, allowing only logged-in users to subscribe to certain groups. This change enhances the overall subscription process and aligns it with user authentication state.
---
 pages/newsletter/subscribe.vue          | 46 +++++++++++++++++++++++--
 server/api/newsletter/subscribe.post.js | 28 +++++++++++++--
 2 files changed, 69 insertions(+), 5 deletions(-)

diff --git a/pages/newsletter/subscribe.vue b/pages/newsletter/subscribe.vue
index 74fefeb..5e67087 100644
--- a/pages/newsletter/subscribe.vue
+++ b/pages/newsletter/subscribe.vue
@@ -74,10 +74,20 @@
               v-model="form.email"
               type="email"
               required
-              class="w-full px-4 py-2 border border-gray-300 rounded-lg focus:outline-none focus:ring-2 focus:ring-primary-500"
+              :readonly="isLoggedIn"
+              :class="[
+                'w-full px-4 py-2 border rounded-lg focus:outline-none focus:ring-2 focus:ring-primary-500',
+                isLoggedIn ? 'bg-gray-100 border-gray-300 cursor-not-allowed' : 'border-gray-300'
+              ]"
               placeholder="ihre.email@example.com"
               @blur="checkSubscription"
             >
+            <p
+              v-if="isLoggedIn"
+              class="mt-1 text-xs text-gray-500"
+            >
+              Ihre E-Mail-Adresse wird aus Ihrem Profil verwendet.
+            </p>
           </div>
 
           <div>
@@ -125,13 +135,16 @@
 
 <script setup>
 import { ref, computed, onMounted } from 'vue'
+import { useAuthStore } from '~/stores/auth'
 
 useHead({
   title: 'Newsletter abonnieren - Harheimer TC',
 })
 
+const authStore = useAuthStore()
 const groups = ref([])
 const loadingGroups = ref(true)
+const loadingProfile = ref(false)
 const form = ref({
   groupId: '',
   email: '',
@@ -148,6 +161,10 @@ const selectedGroup = computed(() => {
   return groups.value.find(g => g.id === form.value.groupId)
 })
 
+const isLoggedIn = computed(() => authStore.isLoggedIn)
+const userEmail = computed(() => authStore.user?.email || '')
+const userName = computed(() => authStore.user?.name || '')
+
 async function loadGroups() {
   try {
     const response = await $fetch('/api/newsletter/groups/public-list')
@@ -160,6 +177,25 @@ async function loadGroups() {
   }
 }
 
+async function loadProfile() {
+  if (!isLoggedIn.value) {
+    return
+  }
+
+  loadingProfile.value = true
+  try {
+    const response = await $fetch('/api/profile')
+    if (response.success && response.user) {
+      form.value.email = response.user.email || ''
+      form.value.name = response.user.name || ''
+    }
+  } catch (err) {
+    console.error('Fehler beim Laden des Profils:', err)
+  } finally {
+    loadingProfile.value = false
+  }
+}
+
 async function checkSubscription() {
   if (!form.value.groupId || !form.value.email || !form.value.email.match(/^[^\s@]+@[^\s@]+\.[^\s@]+$/)) {
     alreadySubscribed.value = false
@@ -208,8 +244,12 @@ async function subscribe() {
   }
 }
 
-onMounted(() => {
-  loadGroups()
+onMounted(async () => {
+  await authStore.checkAuth()
+  await loadGroups()
+  if (isLoggedIn.value) {
+    await loadProfile()
+  }
 })
 </script>
 
diff --git a/server/api/newsletter/subscribe.post.js b/server/api/newsletter/subscribe.post.js
index 99a0b8b..f852d6e 100644
--- a/server/api/newsletter/subscribe.post.js
+++ b/server/api/newsletter/subscribe.post.js
@@ -5,6 +5,7 @@ import crypto from 'crypto'
 import fs from 'fs/promises'
 import path from 'path'
 import { assertRateLimit, getClientIp, registerRateLimitFailure, registerRateLimitSuccess } from '../../utils/rate-limit.js'
+import { getUserFromToken } from '../../utils/auth.js'
 
 // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
 // filename is always a hardcoded constant (e.g., 'newsletter-subscribers.json'), never user input
@@ -79,10 +80,33 @@ export default defineEventHandler(async (event) => {
       })
     }
 
-    if (group.type !== 'subscription' || group.sendToExternal !== true) {
+    // Prüfe ob Benutzer eingeloggt ist
+    let isLoggedIn = false
+    try {
+      const token = getCookie(event, 'auth_token') || getHeader(event, 'authorization')?.replace('Bearer ', '')
+      if (token) {
+        const user = await getUserFromToken(token)
+        if (user && user.active) {
+          isLoggedIn = true
+        }
+      }
+    } catch (_e) {
+      // Nicht eingeloggt - kein Problem
+    }
+
+    // Prüfe ob Gruppe für Abonnements verfügbar ist
+    if (group.type !== 'subscription') {
       throw createError({
         statusCode: 403,
-        statusMessage: 'Diese Newsletter-Gruppe ist nicht für externe Abonnements verfügbar'
+        statusMessage: 'Diese Newsletter-Gruppe ist nicht für Abonnements verfügbar'
+      })
+    }
+
+    // Nicht eingeloggte Benutzer können sich nur für externe Newsletter anmelden
+    if (!isLoggedIn && group.sendToExternal !== true) {
+      throw createError({
+        statusCode: 403,
+        statusMessage: 'Diese Newsletter-Gruppe ist nur für Mitglieder verfügbar. Bitte melden Sie sich an.'
       })
     }