torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: torsten:backup/remove-public-data-20260211-113634
Branches Tags
torsten:main torsten:backup/remove-public-data-20260211-113634
...
pull from: torsten:main
Branches Tags
torsten:main torsten:backup/remove-public-data-20260211-113634

48 Commits
backup/rem ... main

Author SHA1 Message Date
Torsten Schulz (local)
49e7255062 Enhance CSV saving functionality by adding token retrieval from authorization header if not present in cookies. Update tests to validate CSV saving for users with 'vorstand' role.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 56s
Details
2026-03-18 13:12:32 +01:00
Torsten Schulz (local)
74246e6b08 Implement status toggle functionality for contact requests, updating the status display and adding error handling. Enhance the UI with a new button for marking requests as completed or reopening them.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 56s
Details
2026-03-11 21:16:03 +01:00
Torsten Schulz (local)
6230c96bc9 Refactor links section to use dynamic rendering with computed properties, enhancing maintainability and scalability. Add new 'Links' tab in CMS for better navigation.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 56s
Details
2026-03-04 16:05:34 +01:00
Torsten Schulz (local)
3fb40bd87d Erweitere die Navigation um einen neuen Link zu "Links" und aktualisiere die Logik zur Bestimmung des aktuellen Submenüs, um die neue Route zu berücksichtigen.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 57s
Details
2026-03-04 14:53:11 +01:00
Torsten Schulz (local)
46c2c14ae8 Füge Unterstützung für Kontaktanfragen hinzu, einschließlich neuer Routen und Berechtigungen für Trainer und Vorstand. Aktualisiere E-Mail-Versandlogik, um Anfragen an alle relevanten Empfänger weiterzuleiten.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 56s
Details
2026-02-26 14:28:54 +01:00
Torsten Schulz (local)
ff8c1970df Ersetze Willkommensnachricht durch Geburtstags-Widget mit dynamischer Anzeige der nächsten Geburtstage
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 54s
Details
2026-02-14 16:39:52 +01:00
Torsten Schulz (local)
8347a86727 Entferne die JSON-Darstellung des Mitglieds aus der Mitgliederansicht
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 57s
Details
2026-02-14 16:26:58 +01:00
Torsten Schulz (local)
9a6d32dcb3 Füge ESM-Importe und Skriptbeschreibung für das Aufteilen von Namen in Benutzer- und Bewerbungsdateien hinzu
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 46s
Details
2026-02-14 16:25:29 +01:00
Torsten Schulz (local)
161618f6fb Füge Skripte zum Aufteilen von Namen in firstName und lastName für Mitglieder und Bewerbungen hinzu, einschließlich Backup-Funktionalität.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 51s
Details
2026-02-14 15:58:11 +01:00
Torsten Schulz (local)
0b3fba44a4 Füge Skript zum Aufteilen von Namen in firstName und lastName für Benutzer hinzu
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 48s
Details
2026-02-14 15:50:37 +01:00
Torsten Schulz (local)
d35e1c9a3e Füge Vorname und Nachname in das Registrierungsformular und die Mitgliederverwaltung ein
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 50s
Details
2026-02-14 15:48:56 +01:00
Torsten Schulz (local)
528353132a Füge die Anzeige des Mitgliedsnamens in der Mitgliederansicht hinzu
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 51s
Details
2026-02-14 03:45:51 +01:00
Torsten Schulz (local)
cd5e5cd781 Füge die Anzeige der Mitgliederdaten im JSON-Format in der Mitgliederansicht hinzu
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 51s
Details
2026-02-14 03:42:58 +01:00
Torsten Schulz (local)
ebbffcc5c4 Füge die Anzeige des Mitgliedsnamens in der Mitgliederansicht hinzu
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 52s
Details
2026-02-14 03:38:39 +01:00
Torsten Schulz (local)
5c760d7fa8 Füge Sichtbarkeits-Flags für E-Mail und Telefon in der Mitgliederansicht hinzu
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 48s
Details
2026-02-14 03:31:28 +01:00
Torsten Schulz (local)
d40073ac7b Füge Sichtbarkeits-Flags für E-Mail, Telefon, Adresse und Geburtstag in der Mitgliederansicht hinzu
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 51s
Details
2026-02-14 03:23:59 +01:00
Torsten Schulz (local)
b25cf13d3c Füge Sichtbarkeits-Flags für Mitglieder hinzu, um die Anzeige von E-Mail, Telefon, Adresse und Geburtstag zu steuern
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 52s
Details
2026-02-14 03:16:28 +01:00
Torsten Schulz (local)
3287102761 Füge Vorname und Nachname zu den Mitgliederdaten hinzu
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 54s
Details
2026-02-14 03:08:19 +01:00
Torsten Schulz (local)
08624cabbe Verbessere die Sichtbarkeit von Mitgliederdaten, indem das Geburtsdatum im Edit-Formular hinzugefügt wird
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 52s
Details
2026-02-14 03:05:15 +01:00
Torsten Schulz (local)
d37f182928 Füge Skript hinzu, um Sichtbarkeitsflags für Mitglieder auf true zu setzen
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 49s
Details
2026-02-14 02:58:30 +01:00
Torsten Schulz (local)
79c45be7c7 Füge Skript hinzu, um das Sichtbarkeitsflag für Geburtstage aller Mitglieder auf true zu setzen
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 47s
Details
2026-02-14 02:52:44 +01:00
Torsten Schulz (local)
d52f3ffc8d Füge Skript hinzu, um das Sichtbarkeitsflag für Geburtstage aller Mitglieder auf true zu setzen
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 47s
Details
2026-02-14 02:50:57 +01:00
Torsten Schulz (local)
64baaf8535 Füge Skript hinzu, um das Sichtbarkeitsflag für Geburtstage aller Mitglieder auf true zu setzen
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 52s
Details
2026-02-14 02:48:30 +01:00
Torsten Schulz (local)
e665495003 Verbessere die Sortierlogik in der Mitgliederliste für Namen, Nachnamen und Geburtstage mit robusteren Vergleichen
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 52s
Details
2026-02-14 02:42:43 +01:00
Torsten Schulz (local)
8f444c59eb Füge Sortieroptionen zur Mitgliederliste hinzu und verbessere die Sortierung nach Nachname und Geburtstag
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 51s
Details
2026-02-14 02:36:26 +01:00
Torsten Schulz (local)
8117335af9 Entferne die Sortieroptionen und passe die Mitgliederanzeige an, um die Sortierung direkt aus der Mitgliederliste zu entfernen
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Has been cancelled
Details
2026-02-14 02:36:19 +01:00
Torsten Schulz (local)
85ec99b08c Optimiere das Template der Mitgliederliste durch Entfernen von überflüssigem Code und verbessere die Sortieroptionen
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 1m1s
Details
2026-02-14 02:28:40 +01:00
Torsten Schulz (local)
04571e6444 Verbessere die Struktur des Templates in der Mitgliederliste und füge Sortieroptionen hinzu
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 51s
Details
2026-02-14 02:22:52 +01:00
Torsten Schulz (local)
5799f97570 Entferne überflüssige Zeile im Template der Mitgliederliste
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 52s
Details
2026-02-14 02:17:27 +01:00
Torsten Schulz (local)
8ab08f4c09 Füge Header und Sortieroptionen zur Mitgliederliste hinzu
Some checks are pending
Code Analysis (JS/Vue) / analyze (push) Has started running
Details
2026-02-14 02:16:36 +01:00
Torsten Schulz (local)
fcf3168692 Entferne überflüssige geschweifte Klammer in der formatDate-Funktion
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 56s
Details
2026-02-14 02:13:25 +01:00
Torsten Schulz (local)
cfd209d7ee Filtere den Admin-Account aus der Mitgliederliste heraus, um die Sichtbarkeit zu verbessern
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 53s
Details
2026-02-14 02:07:45 +01:00
Torsten Schulz (local)
ee1709ffb2 Füge Sortieroptionen für Mitgliederliste hinzu und implementiere Sortierlogik nach Name, Nachname und Geburtstag
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 50s
Details
2026-02-14 02:06:36 +01:00
Torsten Schulz (local)
8bb02b6e4a Füge dotenv-Konfiguration zum Skript hinzu, um Umgebungsvariablen zu laden
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 50s
Details
2026-02-14 02:00:39 +01:00
Torsten Schulz (local)
7a20af2772 Füge active-Feld zu Mitgliedsdaten hinzu und implementiere Skript zum Aktivieren aller Mitglieder
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 52s
Details
2026-02-14 01:54:39 +01:00
Torsten Schulz (local)
3e610e68b6 Füge Debug-Logs hinzu, um alle geladenen Mitglieder (decryptet) anzuzeigen
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 53s
Details
2026-02-14 01:47:20 +01:00
Torsten Schulz (local)
485b21c13e Füge Diagnose-Skript hinzu, um Mitglieder aus members.json mit Status und Sichtbarkeit anzuzeigen
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 46s
Details
2026-02-14 01:43:18 +01:00
Torsten Schulz (local)
08b1edc354 Füge Skript zum Re-Encryptieren von Klartext-Mitgliedsanträgen hinzu; implementiere Backup-Funktion und Fehlerbehandlung
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 47s
Details
2026-02-14 01:37:42 +01:00
Torsten Schulz (local)
6e297c682c Füge Geburtstags-Widget hinzu und implementiere Geburtstagsladefunktion; erweitere Sichtbarkeitseinstellungen für Geburtstage in Profil und API
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 49s
Details
2026-02-13 17:27:27 +01:00
Torsten Schulz (local)
3d3e22bb1b Implementiere zentralen E-Mail-Service für Registrierungsbenachrichtigungen und entferne veralteten Code
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 48s
Details
2026-02-11 15:41:03 +01:00
Torsten Schulz (local)
d18b671532 Ändere Sichtbarkeitseinstellungen für Mitglieder: Standardmäßig sichtbar für alle eingeloggten Mitglieder, es sei denn, sie sind explizit verborgen.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 51s
Details
2026-02-11 14:37:13 +01:00
Torsten Schulz (local)
af3c0164ef Füge Sichtbarkeitsoptionen für Mitglieder und registrierte Benutzer hinzu; aktualisiere die Sichtbarkeitseinstellungen basierend auf Benutzerpräferenzen in der Mitgliederabfrage und dem Sichtbarkeits-Skript.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 50s
Details
2026-02-11 14:25:49 +01:00
Torsten Schulz (local)
c681194462 Make visibility opt-in by default; coerce visibility booleans; only 'vorstand' overrides
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 51s
Details
2026-02-11 14:10:54 +01:00
Torsten Schulz (local)
141a15a6cb Respect per-user visibility; only 'vorstand' overrides visibility; UI shows contactHidden per-member
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 47s
Details
2026-02-11 13:27:24 +01:00
Torsten (PC)
ce5915a3bc fixed .gitignore
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 51s
Details
2026-02-11 13:08:07 +01:00
Torsten Schulz (local)
677140bd33 Füge Sichtbarkeitspräferenzen für Mitgliederprofile hinzu: Ermögliche Benutzern, ihre E-Mail, Telefonnummer und Adresse für andere eingeloggte Mitglieder sichtbar zu machen. Aktualisiere die API, um diese Einstellungen zu respektieren und bei der Profildatenrückgabe zu berücksichtigen.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 47s
Details
2026-02-11 13:04:45 +01:00
Torsten Schulz (local)
8a1e309eba Verbessere Mitgliederabfrage: Filtere manuelle Mitglieder nach aktiven/akzeptierten Status und entferne nicht benötigte Datenschutzlogik.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 44s
Details
2026-02-11 12:49:14 +01:00
Torsten Schulz (local)
0d533710cd Refactor file handling to prioritize internal data directories for backups and uploads; enhance error handling and logging for metadata and CSV operations.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 47s
Details
2026-02-11 11:42:24 +01:00
61 changed files with 2728 additions and 489 deletions
Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -154,3 +154,7 @@ server/data/**
!server/data/.gitkeep !server/data/.gitkeep
public/data/** public/data/**
public/uploads/** public/uploads/**
backups/*
public/data
server/data
public/uploads

2
components/Contact.vue
View File

@@ -202,7 +202,7 @@
</p> </p>
</form> </form>
<p class="mt-4 text-sm text-gray-600 text-center"> <p class="mt-4 text-sm text-gray-600 text-center">
Ihre Nachricht wird direkt an j.dichmann@gmx.de gesendet Ihre Nachricht wird an den Vorstand und die Trainer weitergeleitet
</p> </p>
</div> </div>
</div> </div>

2
components/Membership.vue
View File

@@ -109,7 +109,7 @@
</a> </a>
<span class="text-sm text-gray-500">oder</span> <span class="text-sm text-gray-500">oder</span>
<NuxtLink <NuxtLink
to="/satzung" to="/verein/satzung"
class="inline-flex items-center px-6 py-3 bg-gray-100 hover:bg-gray-200 text-gray-900 font-semibold rounded-lg transition-colors" class="inline-flex items-center px-6 py-3 bg-gray-100 hover:bg-gray-200 text-gray-900 font-semibold rounded-lg transition-colors"
> >
<Eye <Eye

2
components/MembershipNoQuestions.vue
View File

@@ -109,7 +109,7 @@
</a> </a>
<span class="text-sm text-gray-500">oder</span> <span class="text-sm text-gray-500">oder</span>
<NuxtLink <NuxtLink
to="/satzung" to="/verein/satzung"
class="inline-flex items-center px-6 py-3 bg-gray-100 hover:bg-gray-200 text-gray-900 font-semibold rounded-lg transition-colors" class="inline-flex items-center px-6 py-3 bg-gray-100 hover:bg-gray-200 text-gray-900 font-semibold rounded-lg transition-colors"
> >
<Eye <Eye

57
components/Navigation.vue
View File

@@ -36,7 +36,7 @@
<button <button
class="px-4 py-2 text-gray-300 hover:text-white font-medium transition-all rounded-lg hover:bg-primary-700/50" class="px-4 py-2 text-gray-300 hover:text-white font-medium transition-all rounded-lg hover:bg-primary-700/50"
:class="(route.path.startsWith('/verein/') || route.path.startsWith('/vorstand') || route.path.startsWith('/vereinsmeisterschaften') || currentSubmenu === 'verein') ? 'text-white bg-primary-600' : ''" :class="(route.path.startsWith('/verein/') || route.path.startsWith('/vorstand') || route.path.startsWith('/vereinsmeisterschaften') || route.path.startsWith('/links') || currentSubmenu === 'verein') ? 'text-white bg-primary-600' : ''"
@click="toggleSubmenu('verein')" @click="toggleSubmenu('verein')"
> >
Verein Verein
@@ -177,6 +177,13 @@
> >
Galerie Galerie
</NuxtLink> </NuxtLink>
<NuxtLink
to="/links"
class="px-2.5 py-1 text-xs text-gray-300 hover:text-white hover:bg-primary-700/50 rounded transition-all"
active-class="text-white bg-primary-600"
>
Links
</NuxtLink>
</template> </template>
<!-- Mannschaften Submenu --> <!-- Mannschaften Submenu -->
@@ -299,6 +306,16 @@
Newsletter Newsletter
</NuxtLink> </NuxtLink>
</template> </template>
<template v-if="canAccessContactRequests">
<div class="h-3 w-px bg-primary-700" />
<NuxtLink
to="/cms/kontaktanfragen"
class="px-2.5 py-1 text-xs text-gray-300 hover:text-white hover:bg-primary-700/50 rounded transition-all"
active-class="text-white bg-primary-600"
>
Kontaktanfragen
</NuxtLink>
</template>
<template v-if="isAdmin"> <template v-if="isAdmin">
<div class="h-3 w-px bg-primary-700" /> <div class="h-3 w-px bg-primary-700" />
<div class="relative inline-block"> <div class="relative inline-block">
@@ -371,6 +388,13 @@
> >
Mitgliederverwaltung Mitgliederverwaltung
</NuxtLink> </NuxtLink>
<NuxtLink
to="/cms/kontaktanfragen"
class="block px-4 py-2 text-sm text-gray-300 hover:bg-primary-600 hover:text-white transition-colors"
@click="showCmsDropdown = false"
>
Kontaktanfragen
</NuxtLink>
<div class="border-t border-gray-700 my-1" /> <div class="border-t border-gray-700 my-1" />
<NuxtLink <NuxtLink
to="/cms/einstellungen" to="/cms/einstellungen"
@@ -497,6 +521,13 @@
> >
Galerie Galerie
</NuxtLink> </NuxtLink>
<NuxtLink
to="/links"
class="block px-4 py-2 text-sm text-gray-400 hover:text-white hover:bg-primary-700/50 rounded-lg transition-colors"
@click="isMobileMenuOpen = false"
>
Links
</NuxtLink>
<NuxtLink <NuxtLink
to="/newsletter/subscribe" to="/newsletter/subscribe"
class="block px-4 py-2 text-sm text-gray-400 hover:text-white hover:bg-primary-700/50 rounded-lg transition-colors" class="block px-4 py-2 text-sm text-gray-400 hover:text-white hover:bg-primary-700/50 rounded-lg transition-colors"
@@ -707,6 +738,16 @@
Newsletter Newsletter
</NuxtLink> </NuxtLink>
</template> </template>
<template v-if="canAccessContactRequests && !isAdmin">
<div class="border-t border-primary-700/20 my-2" />
<NuxtLink
to="/cms/kontaktanfragen"
class="block px-4 py-2 text-sm text-yellow-300 hover:text-white hover:bg-primary-700/50 rounded-lg transition-colors"
@click="isMobileMenuOpen = false"
>
Kontaktanfragen
</NuxtLink>
</template>
<template v-if="isAdmin"> <template v-if="isAdmin">
<div class="border-t border-primary-700/20 my-2" /> <div class="border-t border-primary-700/20 my-2" />
<NuxtLink <NuxtLink
@@ -744,6 +785,13 @@
> >
Mitgliederverwaltung Mitgliederverwaltung
</NuxtLink> </NuxtLink>
<NuxtLink
to="/cms/kontaktanfragen"
class="block px-4 py-2 text-sm text-yellow-300 hover:text-white hover:bg-primary-700/50 rounded-lg transition-colors"
@click="isMobileMenuOpen = false"
>
Kontaktanfragen
</NuxtLink>
<NuxtLink <NuxtLink
to="/cms/inhalte" to="/cms/inhalte"
class="block px-4 py-2 text-sm text-yellow-300 hover:text-white hover:bg-primary-700/50 rounded-lg transition-colors" class="block px-4 py-2 text-sm text-yellow-300 hover:text-white hover:bg-primary-700/50 rounded-lg transition-colors"
@@ -825,11 +873,16 @@ const canAccessNewsletter = computed(() => {
const store = getAuthStore() const store = getAuthStore()
return store?.hasAnyRole('admin', 'vorstand', 'newsletter') ?? false return store?.hasAnyRole('admin', 'vorstand', 'newsletter') ?? false
}) })
const canAccessContactRequests = computed(() => {
const store = getAuthStore()
return store?.hasAnyRole('admin', 'vorstand', 'trainer') ?? false
})
// Automatisches Setzen des Submenus basierend auf der Route // Automatisches Setzen des Submenus basierend auf der Route
const currentSubmenu = computed(() => { const currentSubmenu = computed(() => {
const path = route.path const path = route.path
if (path.startsWith('/verein/') || path.startsWith('/vorstand') || if (path.startsWith('/verein/') || path.startsWith('/vorstand') ||
path.startsWith('/links') ||
path.startsWith('/vereinsmeisterschaften')) { path.startsWith('/vereinsmeisterschaften')) {
return 'verein' return 'verein'
} }
@@ -949,7 +1002,7 @@ const toggleSubmenu = (menu) => {
if (menu === 'newsletter' && !path.startsWith('/newsletter')) { if (menu === 'newsletter' && !path.startsWith('/newsletter')) {
navigateTo('/newsletter/subscribe') navigateTo('/newsletter/subscribe')
} else if (menu === 'verein' && !path.startsWith('/verein/') && !path.startsWith('/vorstand') && !path.startsWith('/vereinsmeisterschaften')) { } else if (menu === 'verein' && !path.startsWith('/verein/') && !path.startsWith('/vorstand') && !path.startsWith('/vereinsmeisterschaften') && !path.startsWith('/links')) {
navigateTo('/verein/ueber-uns') navigateTo('/verein/ueber-uns')
} else if (menu === 'mannschaften' && !path.startsWith('/mannschaften') && !path.startsWith('/spielsysteme')) { } else if (menu === 'mannschaften' && !path.startsWith('/mannschaften') && !path.startsWith('/spielsysteme')) {
navigateTo('/mannschaften') navigateTo('/mannschaften')

303
components/cms/CmsLinks.vue Normal file
View File

@@ -0,0 +1,303 @@
<template>
<div class="bg-white rounded-xl shadow-sm border border-gray-200 p-6">
<div class="flex items-center justify-between mb-4">
<h2 class="text-xl font-semibold text-gray-900">
Links bearbeiten
</h2>
<button
type="button"
class="inline-flex items-center px-4 py-2 rounded-lg bg-primary-600 text-white hover:bg-primary-700 disabled:opacity-50 disabled:cursor-not-allowed text-sm"
:disabled="saving"
@click="save"
>
{{ saving ? 'Speichert...' : 'Speichern' }}
</button>
</div>
<p class="text-sm text-gray-500 mb-6">
Diese Übersicht wird auf der öffentlichen Seite als Karten dargestellt.
</p>
<div class="space-y-6">
<div
v-for="(section, sectionIndex) in sections"
:key="section.id"
class="border border-gray-200 rounded-lg p-4"
>
<div class="flex items-center gap-3 mb-4">
<input
v-model="section.title"
type="text"
class="flex-1 px-3 py-2 border border-gray-300 rounded-lg focus:outline-none focus:ring-2 focus:ring-primary-500"
placeholder="Block-Titel"
>
<button
type="button"
class="px-3 py-2 text-sm bg-red-100 text-red-700 rounded-lg hover:bg-red-200"
@click="removeSection(sectionIndex)"
>
Block löschen
</button>
</div>
<div class="space-y-3">
<div
v-for="(item, itemIndex) in section.items"
:key="item.id"
class="grid md:grid-cols-12 gap-2"
>
<input
v-model="item.label"
type="text"
class="md:col-span-4 px-3 py-2 border border-gray-300 rounded-lg focus:outline-none focus:ring-2 focus:ring-primary-500"
placeholder="Link-Text"
>
<input
v-model="item.href"
type="url"
class="md:col-span-5 px-3 py-2 border border-gray-300 rounded-lg focus:outline-none focus:ring-2 focus:ring-primary-500"
placeholder="https://..."
>
<input
v-model="item.description"
type="text"
class="md:col-span-2 px-3 py-2 border border-gray-300 rounded-lg focus:outline-none focus:ring-2 focus:ring-primary-500"
placeholder="Beschreibung (optional)"
>
<button
type="button"
class="md:col-span-1 px-2 py-2 text-sm bg-red-100 text-red-700 rounded-lg hover:bg-red-200"
@click="removeItem(sectionIndex, itemIndex)"
>
X
</button>
</div>
</div>
<div class="mt-3">
<button
type="button"
class="px-3 py-2 text-sm bg-gray-100 text-gray-800 rounded-lg hover:bg-gray-200"
@click="addItem(sectionIndex)"
>
Link hinzufügen
</button>
</div>
</div>
</div>
<div class="mt-6">
<button
type="button"
class="px-4 py-2 text-sm bg-primary-100 text-primary-800 rounded-lg hover:bg-primary-200"
@click="addSection"
>
Block hinzufügen
</button>
</div>
</div>
</template>
<script setup>
import { ref, onMounted } from 'vue'
const saving = ref(false)
const sections = ref([])
function createId() {
const c = globalThis?.crypto
if (c && typeof c.randomUUID === 'function') return c.randomUUID()
return `id-${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`
}
const defaultSections = [
{
id: createId(),
title: 'Ergebnisse & Portale',
items: [
{ id: createId(), label: 'MyTischtennis.de', href: 'http://www.mytischtennis.de/public/home', description: '(offizielle QTTR-Werte)' },
{ id: createId(), label: 'Click-tt Ergebnisse', href: 'http://httv.click-tt.de/', description: '(offizieller Ergebnisdienst HTTV)' },
{ id: createId(), label: 'Tischtennis Pur - das Tischtennis Portal', href: 'https://www.tischtennis-pur.de/', description: '(Informationen, Blogs, Fachbeiträge, Tipps)' },
{ id: createId(), label: 'Liveticker 2. und 3. TT-Bundesliga', href: 'https://ticker.tt-news.com/', description: '' }
]
},
{
id: createId(),
title: 'Verbände',
items: [
{ id: createId(), label: 'Hessischer Tischtennisverband (HTTV)', href: 'http://www.httv.de/', description: '' },
{ id: createId(), label: 'Deutscher Tischtennisbund (DTTB)', href: 'http://www.tischtennis.de/aktuelles/', description: '' },
{ id: createId(), label: 'European Table Tennis Union (ETTU)', href: 'http://www.ettu.org/', description: '' },
{ id: createId(), label: 'International Table Tennis Federation (ITTF)', href: 'https://www.ittf.com/', description: '' }
]
},
{
id: createId(),
title: 'Regionale Links',
items: [
{ id: createId(), label: 'Stadt Frankfurt', href: 'http://www.frankfurt.de/', description: '' },
{ id: createId(), label: 'Vereinsring Harheim', href: 'http://www.harheim.com/', description: '' }
]
},
{
id: createId(),
title: 'Partner & Vereine',
items: [
{ id: createId(), label: 'TTC OE Bad Homburg', href: 'http://www.ttcoe.de/', description: '' },
{ id: createId(), label: 'SpVgg Steinkirchen e.V.', href: 'https://www.spvgg-steinkirchen.de/menue-abteilungen/abteilungen/tischtennis', description: '' },
{ id: createId(), label: 'Ergebnisse SpVgg Steinkirchen', href: 'https://www.mytischtennis.de/clicktt/ByTTV/24-25/ligen/Bezirksklasse-A-Gruppe-2-IN-PAF/gruppe/466925/tabelle/gesamt/', description: '' }
]
}
]
function createHtmlFromSections(inputSections) {
const safeSections = Array.isArray(inputSections) ? inputSections : []
return safeSections
.filter((s) => s.title && Array.isArray(s.items) && s.items.length > 0)
.map((section) => {
const itemsHtml = section.items
.filter((item) => item.label && item.href)
.map((item) => {
const description = item.description ? ` ${item.description}` : ''
return `<li><a href="${item.href}" target="_blank" rel="noopener noreferrer">${item.label}</a>${description}</li>`
})
.join('')
return `<h2>${section.title}</h2><ul>${itemsHtml}</ul>`
})
.join('\n')
}
function normalizeSections(rawSections) {
if (!Array.isArray(rawSections) || rawSections.length === 0) {
return JSON.parse(JSON.stringify(defaultSections))
}
return rawSections.map((section) => ({
id: section.id || createId(),
title: section.title || '',
items: Array.isArray(section.items)
? section.items.map((item) => ({
id: item.id || createId(),
label: item.label || '',
href: item.href || '',
description: item.description || ''
}))
: []
}))
}
function stripTags(html) {
if (!html) return ''
return String(html)
.replace(/<[^>]*>/g, '')
.replace(/&nbsp;/g, ' ')
.replace(/&amp;/g, '&')
.trim()
}
function parseLinksHtml(html) {
if (!html || typeof html !== 'string') return []
const sectionsParsed = []
const sectionPattern = /<h2[^>]*>([\s\S]*?)<\/h2>\s*<ul[^>]*>([\s\S]*?)<\/ul>/gi
let sectionMatch
while ((sectionMatch = sectionPattern.exec(html)) !== null) {
const title = stripTags(sectionMatch[1])
const ulContent = sectionMatch[2] || ''
const itemPattern = /<li[^>]*>([\s\S]*?)<\/li>/gi
const items = []
let itemMatch
while ((itemMatch = itemPattern.exec(ulContent)) !== null) {
const liHtml = itemMatch[1] || ''
const anchorMatch = liHtml.match(/<a[^>]*href=["']([^"']+)["'][^>]*>([\s\S]*?)<\/a>/i)
const href = anchorMatch ? String(anchorMatch[1]).trim() : ''
const label = anchorMatch ? stripTags(anchorMatch[2]) : stripTags(liHtml)
let description = ''
if (anchorMatch) {
description = stripTags(liHtml.replace(anchorMatch[0], ''))
}
if (label || href || description) {
items.push({
id: createId(),
label,
href,
description
})
}
}
if (title || items.length > 0) {
sectionsParsed.push({
id: createId(),
title,
items
})
}
}
return sectionsParsed
}
function addSection() {
sections.value.push({
id: createId(),
title: '',
items: [{ id: createId(), label: '', href: '', description: '' }]
})
}
function removeSection(index) {
sections.value.splice(index, 1)
}
function addItem(sectionIndex) {
sections.value[sectionIndex].items.push({
id: createId(),
label: '',
href: '',
description: ''
})
}
function removeItem(sectionIndex, itemIndex) {
sections.value[sectionIndex].items.splice(itemIndex, 1)
}
async function load() {
try {
const current = await $fetch('/api/config')
const configured = current?.seiten?.linksStructured
if (Array.isArray(configured) && configured.length > 0) {
sections.value = normalizeSections(configured)
return
}
const html = current?.seiten?.links
const parsed = parseLinksHtml(html)
sections.value = normalizeSections(parsed)
} catch {
sections.value = JSON.parse(JSON.stringify(defaultSections))
}
}
async function save() {
saving.value = true
try {
const current = await $fetch('/api/config')
const cleanedSections = normalizeSections(sections.value)
const linksHtml = createHtmlFromSections(cleanedSections)
const updated = {
...current,
seiten: {
...(current?.seiten || {}),
linksStructured: cleanedSections,
links: linksHtml
}
}
await $fetch('/api/config', { method: 'PUT', body: updated })
try { window.showSuccessModal && window.showSuccessModal('Erfolg', 'Links erfolgreich gespeichert.') } catch {}
} catch (error) {
const msg = error?.data?.message || 'Fehler beim Speichern der Links'
try { window.showErrorModal && window.showErrorModal('Fehler', msg) } catch {}
} finally {
saving.value = false
}
}
onMounted(load)
</script>

44
deploy-production.sh
View File

@@ -100,6 +100,18 @@ if ls public/data/*.csv >/dev/null 2>&1; then
else else
echo " No public CSVs to backup (public/data/*.csv not found)" echo " No public CSVs to backup (public/data/*.csv not found)"
fi fi
# Prefer internal public-data under server/data/public-data for backups; fallback to legacy public/data
if ls server/data/public-data/*.csv >/dev/null 2>&1; then
mkdir -p "$BACKUP_DIR/public-data"
cp -a server/data/public-data/*.csv "$BACKUP_DIR/public-data/"
echo " Backed up server/data/public-data/*.csv -> $BACKUP_DIR/public-data/"
elif ls public/data/*.csv >/dev/null 2>&1; then
mkdir -p "$BACKUP_DIR/public-data"
cp -a public/data/*.csv "$BACKUP_DIR/public-data/"
echo " Backed up public/data/*.csv -> $BACKUP_DIR/public-data/"
else
echo " No public CSVs to backup (server/data/public-data or public/data not found)"
fi
# 2. Handle local changes and Git Pull # 2. Handle local changes and Git Pull
echo "2. Handling local changes and pulling latest from git..." echo "2. Handling local changes and pulling latest from git..."
@@ -158,6 +170,38 @@ if [ -d ".output" ]; then
if [ -d ".output" ]; then if [ -d ".output" ]; then
echo "ERROR: .output konnte auch nach erneutem Versuch nicht gelöscht werden!" echo "ERROR: .output konnte auch nach erneutem Versuch nicht gelöscht werden!"
echo "Bitte manuell prüfen und löschen: rm -rf .output" echo "Bitte manuell prüfen und löschen: rm -rf .output"
if ls "$BACKUP_DIR/public-data"/*.csv >/dev/null 2>&1; then
# Restore into internal storage (server/data/public-data)
mkdir -p server/data/public-data
for csv_file in "$BACKUP_DIR/public-data"/*.csv; do
filename=$(basename "$csv_file")
cp -f "$csv_file" "server/data/public-data/$filename"
if [ -f "server/data/public-data/$filename" ]; then
backup_size=$(stat -f%z "$csv_file" 2>/dev/null || stat -c%s "$csv_file" 2>/dev/null || echo "0")
restored_size=$(stat -f%z "server/data/public-data/$filename" 2>/dev/null || stat -c%s "server/data/public-data/$filename" 2>/dev/null || echo "0")
if [ "$backup_size" = "$restored_size" ] && [ "$backup_size" != "0" ]; then
echo " \u2713 Restored server/data/public-data/$filename from backup ($backup_size bytes)"
else
echo " \u26a0 WARNING: server/data/public-data/$filename size mismatch (Backup: $backup_size, Restored: $restored_size)"
fi
else
echo " \u274c ERROR: Konnte server/data/public-data/$filename nicht wiederherstellen!"
fi
done
echo " \u2713 All public-data files restored into server/data/public-data ($BACKUP_DIR/public-data)."
# Optional: synchronize internal public-data into public/data for legacy builds
# This uses the project's sync script and forces overwrite in public/data.
if command -v node >/dev/null 2>&1 && [ -f scripts/sync-public-data.js ]; then
echo " Synchronizing server/data/public-data -> public/data (using scripts/sync-public-data.js --force)"
node scripts/sync-public-data.js --force || echo " WARNING: sync script failed"
else
echo " Note: To publish CSVs to public/data run: node scripts/sync-public-data.js --force"
fi
else
echo " No public CSVs to restore"
fi
exit 1 exit 1
fi fi
fi fi

46
deploy-test.sh
View File

@@ -92,12 +92,17 @@ else
exit 1 exit 1
fi fi
if ls public/data/*.csv >/dev/null 2>&1; then # Prefer internal public-data under server/data/public-data for backups; fallback to legacy public/data
if ls server/data/public-data/*.csv >/dev/null 2>&1; then
mkdir -p "$BACKUP_DIR/public-data"
cp -a server/data/public-data/*.csv "$BACKUP_DIR/public-data/"
echo " Backed up server/data/public-data/*.csv -> $BACKUP_DIR/public-data/"
elif ls public/data/*.csv >/dev/null 2>&1; then
mkdir -p "$BACKUP_DIR/public-data" mkdir -p "$BACKUP_DIR/public-data"
cp -a public/data/*.csv "$BACKUP_DIR/public-data/" cp -a public/data/*.csv "$BACKUP_DIR/public-data/"
echo " Backed up public/data/*.csv -> $BACKUP_DIR/public-data/" echo " Backed up public/data/*.csv -> $BACKUP_DIR/public-data/"
else else
echo " No public CSVs to backup (public/data/*.csv not found)" echo " No public CSVs to backup (server/data/public-data or public/data not found)"
fi fi
# 2. Handle local changes and Git Pull # 2. Handle local changes and Git Pull
@@ -310,38 +315,33 @@ echo " Restored server/data from backup ($BACKUP_DIR/server-data)."
# Stelle alle CSVs wieder her # Stelle alle CSVs wieder her
if ls "$BACKUP_DIR/public-data"/*.csv >/dev/null 2>&1; then if ls "$BACKUP_DIR/public-data"/*.csv >/dev/null 2>&1; then
mkdir -p public/data # Restore into internal storage (server/data/public-data)
mkdir -p server/data/public-data
# WICHTIG: Überschreibe auch Dateien, die aus dem Git-Repository kommen
# Verwende cp mit -f (force) um sicherzustellen, dass Backup-Dateien Vorrang haben
for csv_file in "$BACKUP_DIR/public-data"/*.csv; do for csv_file in "$BACKUP_DIR/public-data"/*.csv; do
filename=$(basename "$csv_file") filename=$(basename "$csv_file")
# Überschreibe explizit, auch wenn Datei bereits existiert cp -f "$csv_file" "server/data/public-data/$filename"
cp -f "$csv_file" "public/data/$filename" if [ -f "server/data/public-data/$filename" ]; then
# Stelle sicher, dass die Datei wirklich überschrieben wurde
if [ -f "public/data/$filename" ]; then
# Prüfe, ob die Datei wirklich vom Backup kommt (Größenvergleich)
backup_size=$(stat -f%z "$csv_file" 2>/dev/null || stat -c%s "$csv_file" 2>/dev/null || echo "0") backup_size=$(stat -f%z "$csv_file" 2>/dev/null || stat -c%s "$csv_file" 2>/dev/null || echo "0")
restored_size=$(stat -f%z "public/data/$filename" 2>/dev/null || stat -c%s "public/data/$filename" 2>/dev/null || echo "0") restored_size=$(stat -f%z "server/data/public-data/$filename" 2>/dev/null || stat -c%s "server/data/public-data/$filename" 2>/dev/null || echo "0")
if [ "$backup_size" = "$restored_size" ] && [ "$backup_size" != "0" ]; then if [ "$backup_size" = "$restored_size" ] && [ "$backup_size" != "0" ]; then
echo " Restored public/data/$filename from backup ($backup_size bytes)" echo " \u2713 Restored server/data/public-data/$filename from backup ($backup_size bytes)"
else else
echo " WARNING: public/data/$filename Größe stimmt nicht überein (Backup: $backup_size, Restored: $restored_size)" echo " \u26a0 WARNING: server/data/public-data/$filename size mismatch (Backup: $backup_size, Restored: $restored_size)"
fi fi
else else
echo " ERROR: Konnte public/data/$filename nicht wiederherstellen!" echo " \u274c ERROR: Konnte server/data/public-data/$filename nicht wiederherstellen!"
fi fi
done done
echo " All public/data/*.csv files restored from backup ($BACKUP_DIR/public-data)." echo " \u2713 All public-data files restored into server/data/public-data ($BACKUP_DIR/public-data)."
# Zusätzliche Sicherheit: Entferne public/data Dateien aus Git-Index, falls sie getrackt sind # Optional: synchronize internal public-data into public/data for legacy builds
# (nach dem Restore, damit sie nicht beim nächsten git reset überschrieben werden) # This uses the project's sync script and forces overwrite in public/data.
if git ls-files --error-unmatch public/data/*.csv >/dev/null 2>&1; then if command -v node >/dev/null 2>&1 && [ -f scripts/sync-public-data.js ]; then
echo " WARNING: public/data/*.csv Dateien sind noch im Git getrackt!" echo " Synchronizing server/data/public-data -> public/data (using scripts/sync-public-data.js --force)"
echo " Entferne sie aus dem Git-Index (Dateien bleiben erhalten)..." node scripts/sync-public-data.js --force || echo " WARNING: sync script failed"
git rm --cached public/data/*.csv 2>/dev/null || true else
echo " ✓ public/data/*.csv aus Git-Index entfernt" echo " Note: To publish CSVs to public/data run: node scripts/sync-public-data.js --force"
fi fi
else else
echo " No public CSVs to restore" echo " No public CSVs to restore"

5
middleware/auth.js
View File

@@ -19,12 +19,17 @@ export default defineNuxtRouteMiddleware(async (to, _from) => {
if (to.path.startsWith('/cms')) { if (to.path.startsWith('/cms')) {
const roles = auth.value.roles || (auth.value.role ? [auth.value.role] : []) const roles = auth.value.roles || (auth.value.role ? [auth.value.role] : [])
const hasAccess = roles.includes('admin') || roles.includes('vorstand') || roles.includes('newsletter') const hasAccess = roles.includes('admin') || roles.includes('vorstand') || roles.includes('newsletter')
const canAccessContactRequests = roles.includes('admin') || roles.includes('vorstand') || roles.includes('trainer')
// Newsletter-Seite nur für Newsletter-Rolle, Admin oder Vorstand // Newsletter-Seite nur für Newsletter-Rolle, Admin oder Vorstand
if (to.path.startsWith('/cms/newsletter')) { if (to.path.startsWith('/cms/newsletter')) {
if (!hasAccess) { if (!hasAccess) {
return navigateTo('/mitgliederbereich') return navigateTo('/mitgliederbereich')
} }
} else if (to.path.startsWith('/cms/kontaktanfragen')) {
if (!canAccessContactRequests) {
return navigateTo('/mitgliederbereich')
}
} else { } else {
// Andere CMS-Seiten nur für Admin oder Vorstand // Andere CMS-Seiten nur für Admin oder Vorstand
const isAdmin = roles.includes('admin') || roles.includes('vorstand') const isAdmin = roles.includes('admin') || roles.includes('vorstand')

12
package-lock.json generated
View File

@@ -9581,9 +9581,9 @@
} }
}, },
"node_modules/nanotar": { "node_modules/nanotar": {
"version": "0.2.0", "version": "0.2.1",
"resolved": "https://registry.npmjs.org/nanotar/-/nanotar-0.2.0.tgz", "resolved": "https://registry.npmjs.org/nanotar/-/nanotar-0.2.1.tgz",
"integrity": "sha512-9ca1h0Xjvo9bEkE4UOxgAzLV0jHKe6LMaxo37ND2DAhhAtd0j8pR1Wxz+/goMrZO8AEZTWCmyaOsFI/W5AdpCQ==", "integrity": "sha512-MUrzzDUcIOPbv7ubhDV/L4CIfVTATd9XhDE2ixFeCrM5yp9AlzUpn91JrnN0HD6hksdxvz9IW9aKANz0Bta0GA==",
"license": "MIT" "license": "MIT"
}, },
"node_modules/natural-compare": { "node_modules/natural-compare": {
@@ -11377,9 +11377,9 @@
} }
}, },
"node_modules/qs": { "node_modules/qs": {
"version": "6.14.1", "version": "6.14.2",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz", "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
"integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==", "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
"dev": true, "dev": true,
"license": "BSD-3-Clause", "license": "BSD-3-Clause",
"dependencies": { "dependencies": {

3
package.json
View File

@@ -12,6 +12,9 @@
"start": "nuxt start --port 3100", "start": "nuxt start --port 3100",
"postinstall": "nuxt prepare", "postinstall": "nuxt prepare",
"test": "vitest run", "test": "vitest run",
"check-security": "node scripts/verify-no-public-writes.js",
"smoke-local": "BASE_URL=http://127.0.0.1:3100 node scripts/smoke-tests.js",
"sync-public-data": "node scripts/sync-public-data.js",
"test:watch": "vitest watch", "test:watch": "vitest watch",
"lint": "eslint . --fix" "lint": "eslint . --fix"
}, },

15
pages/cms/benutzer.vue
View File

@@ -70,6 +70,9 @@
<option value="newsletter"> <option value="newsletter">
Newsletter Newsletter
</option> </option>
<option value="trainer">
Trainer
</option>
</select> </select>
<!-- Approve Button --> <!-- Approve Button -->
@@ -177,10 +180,11 @@
'bg-red-100 text-red-800': role === 'admin', 'bg-red-100 text-red-800': role === 'admin',
'bg-blue-100 text-blue-800': role === 'vorstand', 'bg-blue-100 text-blue-800': role === 'vorstand',
'bg-green-100 text-green-800': role === 'newsletter', 'bg-green-100 text-green-800': role === 'newsletter',
'bg-amber-100 text-amber-800': role === 'trainer',
'bg-gray-100 text-gray-800': role === 'mitglied' 'bg-gray-100 text-gray-800': role === 'mitglied'
}" }"
> >
{{ role === 'admin' ? 'Admin' : role === 'vorstand' ? 'Vorstand' : role === 'newsletter' ? 'Newsletter' : 'Mitglied' }} {{ role === 'admin' ? 'Admin' : role === 'vorstand' ? 'Vorstand' : role === 'newsletter' ? 'Newsletter' : role === 'trainer' ? 'Trainer' : 'Mitglied' }}
</span> </span>
</div> </div>
<button <button
@@ -280,6 +284,15 @@
> >
<span class="ml-2 text-sm text-gray-700">Newsletter</span> <span class="ml-2 text-sm text-gray-700">Newsletter</span>
</label> </label>
<label class="flex items-center">
<input
v-model="selectedRoles"
type="checkbox"
value="trainer"
class="h-4 w-4 text-primary-600 focus:ring-primary-500 border-gray-300 rounded"
>
<span class="ml-2 text-sm text-gray-700">Trainer</span>
</label>
<label class="flex items-center"> <label class="flex items-center">
<input <input
v-model="selectedRoles" v-model="selectedRoles"

9
pages/cms/einstellungen.vue
View File

@@ -324,6 +324,14 @@
class="w-full px-4 py-2 border border-gray-300 rounded-lg focus:outline-none focus:ring-2 focus:ring-primary-500" class="w-full px-4 py-2 border border-gray-300 rounded-lg focus:outline-none focus:ring-2 focus:ring-primary-500"
> >
</div> </div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-2">E-Mail</label>
<input
v-model="trainer.email"
type="email"
class="w-full px-4 py-2 border border-gray-300 rounded-lg focus:outline-none focus:ring-2 focus:ring-primary-500"
>
</div>
<div> <div>
<label class="block text-sm font-medium text-gray-700 mb-2">Zusatzinfo</label> <label class="block text-sm font-medium text-gray-700 mb-2">Zusatzinfo</label>
<div class="flex space-x-2"> <div class="flex space-x-2">
@@ -668,6 +676,7 @@ const addTrainer = () => {
name: '', name: '',
lizenz: '', lizenz: '',
schwerpunkt: '', schwerpunkt: '',
email: '',
zusatz: '' zusatz: ''
}) })
} }

64
pages/cms/index.vue
View File

@@ -7,6 +7,26 @@
<div class="w-24 h-1 bg-primary-600 mb-8" /> <div class="w-24 h-1 bg-primary-600 mb-8" />
<div class="grid md:grid-cols-2 lg:grid-cols-3 gap-6"> <div class="grid md:grid-cols-2 lg:grid-cols-3 gap-6">
<!-- Geburtstage Widget -->
<div class="bg-white p-6 rounded-xl shadow-lg border border-gray-100">
<div class="flex items-center mb-4">
<div class="w-12 h-12 bg-pink-100 rounded-lg flex items-center justify-center">
<Calendar :size="20" class="text-pink-600" />
</div>
<h2 class="ml-4 text-xl font-semibold text-gray-900">Geburtstage (nächste 4 Wochen)</h2>
</div>
<div v-if="loadingBirthdays" class="text-sm text-gray-500">Lade...</div>
<ul v-else class="space-y-2">
<li v-for="b in birthdays" :key="b.name + b.dayMonth" class="flex items-center justify-between p-3 border border-gray-100 rounded-lg">
<div class="min-w-0">
<div class="font-medium text-gray-900 truncate">{{ b.name }}</div>
<div class="text-xs text-gray-600">{{ b.dayMonth }}</div>
</div>
<div class="text-sm text-gray-500">{{ b.inDays === 0 ? 'Heute' : (b.inDays === 1 ? 'Morgen' : 'in ' + b.inDays + ' Tagen') }}</div>
</li>
<li v-if="birthdays.length === 0" class="text-sm text-gray-600">Keine Geburtstage in den nächsten 4 Wochen.</li>
</ul>
</div>
<!-- Inhalte (gruppiert) --> <!-- Inhalte (gruppiert) -->
<NuxtLink <NuxtLink
to="/cms/inhalte" to="/cms/inhalte"
@@ -90,6 +110,27 @@
</p> </p>
</NuxtLink> </NuxtLink>
<!-- Kontaktanfragen -->
<NuxtLink
to="/cms/kontaktanfragen"
class="bg-white p-6 rounded-xl shadow-lg border border-gray-100 hover:shadow-xl transition-all group"
>
<div class="flex items-center mb-4">
<div class="w-12 h-12 bg-emerald-100 rounded-lg flex items-center justify-center group-hover:bg-emerald-600 transition-colors">
<Mail
:size="24"
class="text-emerald-600 group-hover:text-white"
/>
</div>
<h2 class="ml-4 text-xl font-semibold text-gray-900">
Kontaktanfragen
</h2>
</div>
<p class="text-gray-600">
Kontaktformular-Anfragen einsehen und beantworten
</p>
</NuxtLink>
<!-- Startseite --> <!-- Startseite -->
<NuxtLink <NuxtLink
to="/cms/startseite" to="/cms/startseite"
@@ -159,10 +200,31 @@
</template> </template>
<script setup> <script setup>
import { Newspaper, Calendar, Users, UserCog, Settings, Layout } from 'lucide-vue-next' import { Newspaper, Calendar, Users, UserCog, Settings, Layout, Mail } from 'lucide-vue-next'
import { ref, onMounted } from 'vue'
const authStore = useAuthStore() const authStore = useAuthStore()
const birthdays = ref([])
const loadingBirthdays = ref(true)
const loadBirthdays = async () => {
loadingBirthdays.value = true
try {
const res = await $fetch('/api/birthdays')
birthdays.value = res.birthdays || []
} catch (e) {
console.error('Fehler beim Laden der Geburtstage', e)
birthdays.value = []
} finally {
loadingBirthdays.value = false
}
}
onMounted(() => {
loadBirthdays()
})
definePageMeta({ definePageMeta({
middleware: 'auth', middleware: 'auth',
layout: 'default' layout: 'default'

5
pages/cms/inhalte.vue
View File

@@ -29,6 +29,7 @@
<CmsGeschichte v-if="activeTab === 'geschichte'" /> <CmsGeschichte v-if="activeTab === 'geschichte'" />
<CmsTtRegeln v-if="activeTab === 'tt-regeln'" /> <CmsTtRegeln v-if="activeTab === 'tt-regeln'" />
<CmsSatzung v-if="activeTab === 'satzung'" /> <CmsSatzung v-if="activeTab === 'satzung'" />
<CmsLinks v-if="activeTab === 'links'" />
</div> </div>
</div> </div>
</div> </div>
@@ -40,6 +41,7 @@ import CmsUeberUns from '~/components/cms/CmsUeberUns.vue'
import CmsGeschichte from '~/components/cms/CmsGeschichte.vue' import CmsGeschichte from '~/components/cms/CmsGeschichte.vue'
import CmsTtRegeln from '~/components/cms/CmsTtRegeln.vue' import CmsTtRegeln from '~/components/cms/CmsTtRegeln.vue'
import CmsSatzung from '~/components/cms/CmsSatzung.vue' import CmsSatzung from '~/components/cms/CmsSatzung.vue'
import CmsLinks from '~/components/cms/CmsLinks.vue'
definePageMeta({ definePageMeta({
middleware: 'auth', middleware: 'auth',
@@ -56,6 +58,7 @@ const tabs = [
{ id: 'ueber-uns', label: 'Über uns' }, { id: 'ueber-uns', label: 'Über uns' },
{ id: 'geschichte', label: 'Geschichte' }, { id: 'geschichte', label: 'Geschichte' },
{ id: 'tt-regeln', label: 'TT-Regeln' }, { id: 'tt-regeln', label: 'TT-Regeln' },
{ id: 'satzung', label: 'Satzung' } { id: 'satzung', label: 'Satzung' },
{ id: 'links', label: 'Links' }
] ]
</script> </script>

255
pages/cms/kontaktanfragen.vue Normal file
View File

@@ -0,0 +1,255 @@
<template>
<div class="min-h-full py-16 bg-gray-50">
<div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8">
<div class="flex items-center justify-between mb-6">
<div>
<h1 class="text-4xl font-display font-bold text-gray-900">
Kontaktanfragen
</h1>
<div class="w-24 h-1 bg-primary-600 mt-4" />
</div>
<button
class="px-4 py-2 bg-primary-600 text-white rounded-lg hover:bg-primary-700"
:disabled="isLoading"
@click="loadRequests"
>
{{ isLoading ? 'Lädt...' : 'Aktualisieren' }}
</button>
</div>
<div class="mb-4 flex items-center justify-end">
<label class="inline-flex items-center gap-2 text-sm text-gray-700">
<input
v-model="showAnswered"
type="checkbox"
class="h-4 w-4 rounded border-gray-300 text-primary-600 focus:ring-primary-500"
>
Bearbeitete Anfragen anzeigen
</label>
</div>
<div v-if="isLoading" class="text-center py-12 text-gray-600">
Lade Kontaktanfragen...
</div>
<div v-else-if="filteredRequests.length === 0" class="bg-white rounded-xl shadow p-8 text-center text-gray-600">
{{ showAnswered ? 'Aktuell liegen keine Kontaktanfragen vor.' : 'Aktuell liegen keine offenen Kontaktanfragen vor.' }}
</div>
<div v-else class="space-y-4">
<div
v-for="request in filteredRequests"
:key="request.id"
class="bg-white rounded-xl shadow border border-gray-100"
>
<div class="p-5 border-b border-gray-100 flex items-start justify-between gap-4">
<div>
<p class="text-lg font-semibold text-gray-900">
{{ request.subject }}
</p>
<p class="text-sm text-gray-600">
Von {{ request.name }} ({{ request.email }}){{ request.phone ? ` · ${request.phone}` : '' }}
</p>
<p class="text-xs text-gray-500 mt-1">
Eingegangen: {{ formatDate(request.createdAt) }}
</p>
</div>
<span
class="px-2.5 py-1 rounded-full text-xs font-semibold"
:class="request.status === 'beantwortet' ? 'bg-green-100 text-green-800' : 'bg-yellow-100 text-yellow-800'"
>
{{ request.status === 'beantwortet' ? 'Erledigt' : 'Offen' }}
</span>
</div>
<div class="p-5">
<p class="text-gray-800 whitespace-pre-wrap">
{{ request.message }}
</p>
<div v-if="Array.isArray(request.replies) && request.replies.length > 0" class="mt-5 border-t border-gray-100 pt-4">
<h3 class="text-sm font-semibold text-gray-700 mb-2">
Antworten
</h3>
<div class="space-y-2">
<div
v-for="reply in request.replies"
:key="reply.id"
class="bg-gray-50 rounded-lg p-3"
>
<p class="text-xs text-gray-500 mb-1">
{{ formatDate(reply.createdAt) }}{{ reply.responderEmail ? ` · ${reply.responderEmail}` : '' }}
</p>
<p class="text-sm text-gray-800 whitespace-pre-wrap">
{{ reply.message }}
</p>
</div>
</div>
</div>
<div class="mt-4 flex justify-end gap-2">
<button
type="button"
class="px-4 py-2 border border-gray-300 text-gray-700 rounded-lg hover:bg-gray-50"
:disabled="togglingId === request.id"
@click="toggleStatus(request)"
>
{{ togglingId === request.id ? '…' : (request.status === 'beantwortet' ? 'Wieder öffnen' : 'Als erledigt markieren') }}
</button>
<button
class="px-4 py-2 bg-primary-600 text-white rounded-lg hover:bg-primary-700"
@click="openReplyModal(request)"
>
Antworten
</button>
</div>
</div>
</div>
</div>
</div>
<div
v-if="replyModalOpen && selectedRequest"
class="fixed inset-0 z-50 bg-black/50 flex items-center justify-center p-4"
@click.self="closeReplyModal"
>
<div class="bg-white rounded-xl shadow-2xl max-w-2xl w-full p-6">
<h2 class="text-2xl font-display font-bold text-gray-900 mb-2">
Antwort senden
</h2>
<p class="text-sm text-gray-600 mb-4">
An: {{ selectedRequest.email }}<br>
Betreff: <strong>Aw: {{ selectedRequest.subject }}</strong>
</p>
<textarea
v-model="replyText"
rows="8"
class="w-full px-4 py-3 border border-gray-300 rounded-lg focus:ring-2 focus:ring-primary-600"
placeholder="Ihre Antwort..."
/>
<div v-if="errorMessage" class="mt-3 text-sm text-red-600">
{{ errorMessage }}
</div>
<div class="mt-5 flex justify-end gap-3">
<button
class="px-4 py-2 bg-gray-100 text-gray-700 rounded-lg hover:bg-gray-200"
:disabled="isSendingReply"
@click="closeReplyModal"
>
Abbrechen
</button>
<button
class="px-4 py-2 bg-primary-600 text-white rounded-lg hover:bg-primary-700 disabled:opacity-50"
:disabled="isSendingReply || !replyText.trim()"
@click="sendReply"
>
{{ isSendingReply ? 'Sende...' : 'Antwort senden' }}
</button>
</div>
</div>
</div>
</div>
</template>
<script setup>
import { ref, computed, onMounted } from 'vue'
const requests = ref([])
const isLoading = ref(false)
const replyModalOpen = ref(false)
const selectedRequest = ref(null)
const replyText = ref('')
const isSendingReply = ref(false)
const errorMessage = ref('')
const showAnswered = ref(false)
const togglingId = ref(null)
const filteredRequests = computed(() => {
if (showAnswered.value) return requests.value
return requests.value.filter((request) => request.status !== 'beantwortet')
})
const formatDate = (value) => {
if (!value) return '-'
return new Date(value).toLocaleString('de-DE')
}
const loadRequests = async () => {
isLoading.value = true
try {
requests.value = await $fetch('/api/cms/contact-requests')
} catch (error) {
console.error('Fehler beim Laden der Kontaktanfragen:', error)
requests.value = []
} finally {
isLoading.value = false
}
}
const openReplyModal = (request) => {
selectedRequest.value = request
replyText.value = ''
errorMessage.value = ''
replyModalOpen.value = true
}
const closeReplyModal = () => {
replyModalOpen.value = false
selectedRequest.value = null
replyText.value = ''
errorMessage.value = ''
}
const toggleStatus = async (request) => {
togglingId.value = request.id
try {
await $fetch(`/api/cms/contact-requests/${request.id}/toggle-status`, {
method: 'PATCH'
})
await loadRequests()
} catch (error) {
console.error('Fehler beim Umschalten des Status:', error)
if (window.showErrorModal) {
window.showErrorModal('Fehler', error?.data?.statusMessage || 'Status konnte nicht geändert werden.')
}
} finally {
togglingId.value = null
}
}
const sendReply = async () => {
if (!selectedRequest.value) return
const text = replyText.value.trim()
if (!text) return
isSendingReply.value = true
errorMessage.value = ''
try {
await $fetch(`/api/cms/contact-requests/${selectedRequest.value.id}/reply`, {
method: 'POST',
body: { message: text }
})
closeReplyModal()
await loadRequests()
if (window.showSuccessModal) {
window.showSuccessModal('Erfolg', 'Antwort wurde erfolgreich versendet.')
}
} catch (error) {
console.error('Fehler beim Senden der Antwort:', error)
errorMessage.value = error?.data?.statusMessage || error?.data?.message || 'Antwort konnte nicht gesendet werden.'
} finally {
isSendingReply.value = false
}
}
onMounted(loadRequests)
definePageMeta({
middleware: 'auth',
layout: 'default'
})
useHead({
title: 'Kontaktanfragen - CMS - Harheimer TC'
})
</script>

162
pages/links.vue Normal file
View File

@@ -0,0 +1,162 @@
<template>
<div class="min-h-full py-16 bg-gray-50">
<div class="max-w-6xl mx-auto px-4 sm:px-6 lg:px-8">
<h1 class="text-4xl sm:text-5xl font-display font-bold text-gray-900 mb-6">
Links
</h1>
<div class="w-24 h-1 bg-primary-600 mb-8" />
<p class="text-lg text-gray-600 mb-10">
Nützliche Verweise rund um Tischtennis, Verbände, Ergebnisse und Partner.
</p>
<div class="grid md:grid-cols-2 gap-6">
<section
v-for="section in sections"
:key="section.title"
class="bg-white rounded-xl shadow-lg p-6"
>
<h2 class="text-2xl font-display font-bold text-gray-900 mb-4">
{{ section.title }}
</h2>
<ul class="space-y-3">
<li
v-for="(item, idx) in section.items"
:key="`${section.title}-${idx}`"
>
<a
:href="item.href"
target="_blank"
rel="noopener noreferrer"
class="text-primary-700 hover:text-primary-900 font-medium"
>
{{ item.label }}
</a>
<span
v-if="item.description"
class="text-gray-600"
> {{ item.description }}</span>
</li>
</ul>
</section>
</div>
</div>
</div>
</template>
<script setup>
import { ref, computed, onMounted } from 'vue'
const rawContent = ref('')
const defaultLinksHtml = `
<h2>Ergebnisse &amp; Portale</h2>
<ul>
<li><a href="http://www.mytischtennis.de/public/home" target="_blank" rel="noopener noreferrer">MyTischtennis.de</a> (offizielle QTTR-Werte)</li>
<li><a href="http://httv.click-tt.de/" target="_blank" rel="noopener noreferrer">Click-tt Ergebnisse</a> (offizieller Ergebnisdienst HTTV)</li>
<li><a href="https://www.tischtennis-pur.de/" target="_blank" rel="noopener noreferrer">Tischtennis Pur - das Tischtennis Portal</a> (Informationen, Blogs, Fachbeiträge, Tipps)</li>
<li><a href="https://ticker.tt-news.com/" target="_blank" rel="noopener noreferrer">Liveticker 2. und 3. TT-Bundesliga</a></li>
</ul>
<h2>Verbände</h2>
<ul>
<li><a href="http://www.httv.de/" target="_blank" rel="noopener noreferrer">Hessischer Tischtennisverband (HTTV)</a></li>
<li><a href="http://www.tischtennis.de/aktuelles/" target="_blank" rel="noopener noreferrer">Deutscher Tischtennisbund (DTTB)</a></li>
<li><a href="http://www.ettu.org/" target="_blank" rel="noopener noreferrer">European Table Tennis Union (ETTU)</a></li>
<li><a href="https://www.ittf.com/" target="_blank" rel="noopener noreferrer">International Table Tennis Federation (ITTF)</a></li>
</ul>
<h2>Regionale Links</h2>
<ul>
<li><a href="http://www.frankfurt.de/" target="_blank" rel="noopener noreferrer">Stadt Frankfurt</a></li>
<li><a href="http://www.harheim.com/" target="_blank" rel="noopener noreferrer">Vereinsring Harheim</a></li>
</ul>
<h2>Partner &amp; Vereine</h2>
<ul>
<li><a href="http://www.ttcoe.de/" target="_blank" rel="noopener noreferrer">TTC OE Bad Homburg</a></li>
<li><a href="https://www.spvgg-steinkirchen.de/menue-abteilungen/abteilungen/tischtennis" target="_blank" rel="noopener noreferrer">SpVgg Steinkirchen e.V.</a></li>
<li><a href="https://www.mytischtennis.de/clicktt/ByTTV/24-25/ligen/Bezirksklasse-A-Gruppe-2-IN-PAF/gruppe/466925/tabelle/gesamt/" target="_blank" rel="noopener noreferrer">Ergebnisse SpVgg Steinkirchen</a></li>
</ul>
`
const sections = computed(() => parseLinksHtml(rawContent.value))
function stripTags(html) {
return String(html || '')
.replace(/<[^>]*>/g, '')
.replace(/&nbsp;/g, ' ')
.replace(/&amp;/g, '&')
.replace(/&quot;/g, '"')
.replace(/&#39;/g, "'")
.replace(/\s+/g, ' ')
.trim()
}
function parseLinksHtml(html) {
const source = String(html || '')
const sectionRegex = /<h2[^>]*>([\s\S]*?)<\/h2>([\s\S]*?)(?=<h2[^>]*>|$)/gi
const liRegex = /<li[^>]*>([\s\S]*?)<\/li>/gi
const anchorRegex = /<a[^>]*href=["']([^"']+)["'][^>]*>([\s\S]*?)<\/a>/i
const parsed = []
let sectionMatch
while ((sectionMatch = sectionRegex.exec(source)) !== null) {
const title = stripTags(sectionMatch[1])
const body = sectionMatch[2]
const items = []
let liMatch
while ((liMatch = liRegex.exec(body)) !== null) {
const liContent = liMatch[1]
const anchorMatch = anchorRegex.exec(liContent)
if (!anchorMatch) continue
const href = anchorMatch[1].trim()
const label = stripTags(anchorMatch[2])
const remainder = liContent.replace(anchorMatch[0], '')
const desc = stripTags(remainder)
items.push({
href,
label,
description: desc || ''
})
}
if (title && items.length > 0) {
parsed.push({ title, items })
}
}
return parsed
}
async function loadConfig() {
try {
const data = await $fetch('/api/config')
const structured = data?.seiten?.linksStructured
if (Array.isArray(structured) && structured.length > 0) {
const htmlFromStructured = structured
.filter((section) => section?.title && Array.isArray(section?.items) && section.items.length > 0)
.map((section) => {
const itemsHtml = section.items
.filter((item) => item?.label && item?.href)
.map((item) => `<li><a href="${item.href}" target="_blank" rel="noopener noreferrer">${item.label}</a>${item.description ? ` ${item.description}` : ''}</li>`)
.join('')
return `<h2>${section.title}</h2><ul>${itemsHtml}</ul>`
})
.join('\n')
rawContent.value = htmlFromStructured || defaultLinksHtml
return
}
const links = data?.seiten?.links
rawContent.value = typeof links === 'string' && links.trim() ? links : defaultLinksHtml
} catch {
rawContent.value = defaultLinksHtml
}
}
onMounted(loadConfig)
useHead({
title: 'Links - Harheimer TC',
})
</script>

4
pages/login.vue
View File

@@ -154,7 +154,9 @@ const handleLogin = async () => {
// Redirect based on role // Redirect based on role
setTimeout(() => { setTimeout(() => {
const roles = response.user.roles || (response.user.role ? [response.user.role] : []) const roles = response.user.roles || (response.user.role ? [response.user.role] : [])
if (roles.includes('admin') || roles.includes('vorstand') || roles.includes('newsletter')) { if (roles.includes('trainer')) {
router.push('/cms/kontaktanfragen')
} else if (roles.includes('admin') || roles.includes('vorstand') || roles.includes('newsletter')) {
router.push('/cms') router.push('/cms')
} else { } else {
router.push('/mitgliederbereich') router.push('/mitgliederbereich')

74
pages/mitgliederbereich/index.vue
View File

@@ -71,54 +71,56 @@
</NuxtLink> </NuxtLink>
</div> </div>
<!-- Welcome Message --> <!-- Geburtstage Widget (statt Willkommens-Kachel) -->
<div class="bg-white p-8 rounded-xl shadow-lg border border-gray-100"> <div class="bg-white p-6 rounded-xl shadow-lg border border-gray-100">
<h2 class="text-2xl font-display font-bold text-gray-900 mb-4"> <div class="flex items-center mb-4">
Willkommen, {{ authStore.user?.name || 'Mitglied' }}! <div class="w-12 h-12 bg-pink-100 rounded-lg flex items-center justify-center">
</h2> <Calendar :size="20" class="text-pink-600" />
<p class="text-gray-600 mb-6">
Hier finden Sie alle wichtigen Informationen und Funktionen für Mitglieder des Harheimer TC.
</p>
<div class="grid sm:grid-cols-2 gap-4">
<div class="flex items-start">
<Check
:size="20"
class="text-primary-600 mr-2 mt-0.5"
/>
<span class="text-gray-700">Zugriff auf Mitgliederliste mit Kontaktdaten</span>
</div> </div>
<div class="flex items-start"> <h2 class="ml-4 text-xl font-semibold text-gray-900">Geburtstage (nächste 4 Wochen)</h2>
<Check
:size="20"
class="text-primary-600 mr-2 mt-0.5"
/>
<span class="text-gray-700">Vereinsnews und Ankündigungen</span>
</div>
<div class="flex items-start">
<Check
:size="20"
class="text-primary-600 mr-2 mt-0.5"
/>
<span class="text-gray-700">Profilverwaltung und Passwort ändern</span>
</div>
<div class="flex items-start">
<Check
:size="20"
class="text-primary-600 mr-2 mt-0.5"
/>
<span class="text-gray-700">Weitere Funktionen folgen in Kürze</span>
</div> </div>
<div v-if="loadingBirthdays" class="text-sm text-gray-500">Lade...</div>
<ul v-else class="space-y-2">
<li v-for="b in birthdays" :key="b.name + b.dayMonth" class="flex items-center justify-between p-3 border border-gray-100 rounded-lg">
<div class="min-w-0">
<div class="font-medium text-gray-900 truncate">{{ b.name }}</div>
<div class="text-xs text-gray-600">{{ b.dayMonth }}</div>
</div> </div>
<div class="text-sm text-gray-500">{{ b.inDays === 0 ? 'Heute' : (b.inDays === 1 ? 'Morgen' : 'in ' + b.inDays + ' Tagen') }}</div>
</li>
<li v-if="birthdays.length === 0" class="text-sm text-gray-600">Keine Geburtstage in den nächsten 4 Wochen.</li>
</ul>
</div> </div>
</div> </div>
</div> </div>
</template> </template>
<script setup> <script setup>
import { User, Users, Newspaper, Check } from 'lucide-vue-next' import { User, Users, Newspaper, Check, Calendar } from 'lucide-vue-next'
import { ref, onMounted } from 'vue'
const authStore = useAuthStore() const authStore = useAuthStore()
const birthdays = ref([])
const loadingBirthdays = ref(true)
const loadBirthdays = async () => {
loadingBirthdays.value = true
try {
const res = await $fetch('/api/birthdays')
birthdays.value = res.birthdays || []
} catch (e) {
console.error('Fehler beim Laden der Geburtstage', e)
birthdays.value = []
} finally {
loadingBirthdays.value = false
}
}
onMounted(() => {
loadBirthdays()
})
definePageMeta({ definePageMeta({
middleware: 'auth', middleware: 'auth',
layout: 'default' layout: 'default'

190
pages/mitgliederbereich/mitglieder.vue
View File

@@ -54,6 +54,16 @@
</div> </div>
</div> </div>
<!-- Sortieroptionen -->
<div class="mb-4 flex items-center space-x-2">
<label for="sortMode" class="text-sm text-gray-700">Sortieren nach:</label>
<select id="sortMode" v-model="sortMode" class="px-2 py-1 border rounded">
<option value="name">Name (Vorname Nachname)</option>
<option value="lastname">Nachname (Nachname Vorname)</option>
<option value="birthday">Geburtstag</option>
</select>
</div>
<!-- Loading State --> <!-- Loading State -->
<div <div
v-if="isLoading" v-if="isLoading"
@@ -99,13 +109,21 @@
</thead> </thead>
<tbody class="bg-white divide-y divide-gray-200"> <tbody class="bg-white divide-y divide-gray-200">
<tr <tr
v-for="member in members" v-for="member in sortedMembers"
:key="member.id" :key="member.id"
class="hover:bg-gray-50" class="hover:bg-gray-50"
> >
<td class="px-4 py-3 whitespace-nowrap"> <td class="px-4 py-3 whitespace-nowrap">
<div class="text-sm font-medium text-gray-900"> <div class="text-sm font-medium text-gray-900">
<template v-if="member.lastName || member.firstName">
{{ member.firstName }} {{ member.lastName }}
</template>
<template v-else>
{{ member.name }} {{ member.name }}
</template>
</div>
<div v-if="member.birthday" class="text-xs text-gray-500">
🎂 {{ formatBirthday(member.birthday) }}
</div> </div>
<div <div
v-if="member.notes" v-if="member.notes"
@@ -115,42 +133,30 @@
</div> </div>
</td> </td>
<td class="px-4 py-3 whitespace-nowrap"> <td class="px-4 py-3 whitespace-nowrap">
<template v-if="canViewContactData"> <template v-if="member.showEmail && member.email">
<a <a
v-if="member.email"
:href="`mailto:${member.email}`" :href="`mailto:${member.email}`"
class="text-sm text-primary-600 hover:text-primary-800" class="text-sm text-primary-600 hover:text-primary-800"
> >
{{ member.email }} {{ member.email }}
</a> </a>
<span
v-else
class="text-sm text-gray-400"
>-</span>
</template> </template>
<span <template v-else>
v-else <span class="text-sm text-gray-400">Kontaktdaten nur für Vorstand sichtbar</span>
class="text-sm text-gray-400" </template>
>Nur für Vorstand</span>
</td> </td>
<td class="px-4 py-3 whitespace-nowrap"> <td class="px-4 py-3 whitespace-nowrap">
<template v-if="canViewContactData"> <template v-if="member.showPhone && member.phone">
<a <a
v-if="member.phone"
:href="`tel:${member.phone}`" :href="`tel:${member.phone}`"
class="text-sm text-primary-600 hover:text-primary-800" class="text-sm text-primary-600 hover:text-primary-800"
> >
{{ member.phone }} {{ member.phone }}
</a> </a>
<span
v-else
class="text-sm text-gray-400"
>-</span>
</template> </template>
<span <template v-else>
v-else <span class="text-sm text-gray-400">Kontaktdaten nur für Vorstand sichtbar</span>
class="text-sm text-gray-400" </template>
>Nur für Vorstand</span>
</td> </td>
<td class="px-4 py-3 whitespace-nowrap"> <td class="px-4 py-3 whitespace-nowrap">
<button <button
@@ -241,7 +247,7 @@
class="space-y-4" class="space-y-4"
> >
<div <div
v-for="member in members" v-for="member in sortedMembers"
:key="member.id" :key="member.id"
class="bg-white p-6 rounded-xl shadow-lg border border-gray-100" class="bg-white p-6 rounded-xl shadow-lg border border-gray-100"
> >
@@ -249,7 +255,15 @@
<div class="flex-1"> <div class="flex-1">
<div class="flex items-center mb-2"> <div class="flex items-center mb-2">
<h3 class="text-xl font-semibold text-gray-900"> <h3 class="text-xl font-semibold text-gray-900">
<template v-if="member.lastName || member.firstName">
{{ member.firstName }} {{ member.lastName }}
</template>
<template v-else>
{{ member.name }} {{ member.name }}
</template>
<span v-if="member.birthday" class="text-xs text-gray-500 ml-2">
🎂 {{ formatBirthday(member.birthday) }}
</span>
</h3> </h3>
<span <span
v-if="member.hasLogin" v-if="member.hasLogin"
@@ -296,43 +310,32 @@
</div> </div>
<div class="grid sm:grid-cols-2 gap-3 text-gray-600"> <div class="grid sm:grid-cols-2 gap-3 text-gray-600">
<template v-if="canViewContactData"> <template v-if="!(member.showEmail && member.email) && !(member.showPhone && member.phone)">
<div <div class="col-span-2 flex items-center text-gray-500 text-sm italic">
v-if="member.email" <Mail :size="16" class="mr-2" />
class="flex items-center" Kontaktdaten nur für Vorstand sichtbar
>
<Mail
:size="16"
class="mr-2 text-primary-600"
/>
<a
:href="`mailto:${member.email}`"
class="hover:text-primary-600"
>{{ member.email }}</a>
</div>
<div
v-if="member.phone"
class="flex items-center"
>
<Phone
:size="16"
class="mr-2 text-primary-600"
/>
<a
:href="`tel:${member.phone}`"
class="hover:text-primary-600"
>{{ member.phone }}</a>
</div> </div>
</template> </template>
<div <template v-else>
v-else <div v-if="member.showEmail && member.email" class="flex items-center">
class="col-span-2 flex items-center text-gray-500 text-sm italic" <Mail :size="16" class="mr-2 text-primary-600" />
> <a :href="`mailto:${member.email}`" class="hover:text-primary-600">{{ member.email }}</a>
<Mail </div>
:size="16" <div v-if="member.showPhone && member.phone" class="flex items-center">
class="mr-2" <Phone :size="16" class="mr-2 text-primary-600" />
/> <a :href="`tel:${member.phone}`" class="hover:text-primary-600">{{ member.phone }}</a>
Kontaktdaten nur für Vorstand sichtbar </div>
</template>
<!-- Sichtbarkeits-Flags anzeigen -->
<div class="col-span-2 flex items-center gap-2 mt-2 text-xs text-gray-500">
<span v-if="member.showEmail" title="E-Mail sichtbar">📧</span>
<span v-else title="E-Mail verborgen" class="opacity-40">📧</span>
<span v-if="member.showPhone" title="Telefon sichtbar">📞</span>
<span v-else title="Telefon verborgen" class="opacity-40">📞</span>
<span v-if="member.showAddress" title="Adresse sichtbar">🏠</span>
<span v-else title="Adresse verborgen" class="opacity-40">🏠</span>
<span v-if="member.showBirthday" title="Geburtstag sichtbar">🎂</span>
<span v-else title="Geburtstag verborgen" class="opacity-40">🎂</span>
</div> </div>
<div <div
v-if="member.address" v-if="member.address"
@@ -770,6 +773,79 @@
</template> </template>
<script setup> <script setup>
// ...existing code...
const sortMode = ref('name')
const sortedMembers = computed(() => {
if (!Array.isArray(members.value)) return []
const arr = [...members.value]
if (sortMode.value === 'name') {
arr.sort((a, b) => {
// Sortiere nach Vorname Nachname (firstName lastName)
const af = (a.firstName || '').toLocaleLowerCase()
const bf = (b.firstName || '').toLocaleLowerCase()
const al = (a.lastName || '').toLocaleLowerCase()
const bl = (b.lastName || '').toLocaleLowerCase()
if (af === bf) return al.localeCompare(bl)
return af.localeCompare(bf)
})
} else if (sortMode.value === 'lastname') {
arr.sort((a, b) => {
// Sortiere nach Nachname, dann Vorname
const al = (a.lastName || '').toLocaleLowerCase()
const bl = (b.lastName || '').toLocaleLowerCase()
if (al === bl) {
const af = (a.firstName || '').toLocaleLowerCase()
const bf = (b.firstName || '').toLocaleLowerCase()
return af.localeCompare(bf)
}
return al.localeCompare(bl)
})
} else if (sortMode.value === 'birthday') {
arr.sort((a, b) => {
// Robust: akzeptiere YYYY-MM-DD, DD.MM.YYYY, ggf. nur MM-TT
function parseBirthday(val) {
if (!val) return null
if (val.includes('-')) {
const parts = val.split('-')
if (parts.length === 3) return { m: parts[1].padStart(2, '0'), d: parts[2].padStart(2, '0') }
} else if (val.includes('.')) {
const parts = val.split('.')
if (parts.length >= 2) return { d: parts[0].padStart(2, '0'), m: parts[1].padStart(2, '0') }
}
return null
}
const ad = parseBirthday(a.birthday)
const bd = parseBirthday(b.birthday)
if (!ad && !bd) return 0
if (!ad) return 1
if (!bd) return -1
// Monat zuerst, dann Tag
if (ad.m === bd.m) return ad.d.localeCompare(bd.d)
return ad.m.localeCompare(bd.m)
})
}
return arr
})
function formatBirthday(dateStr) {
// Erwartet YYYY-MM-DD oder DD.MM.YYYY
if (!dateStr) return ''
if (dateStr.includes('-')) {
const [, m, d] = dateStr.split('-')
return `${d}.${m}.`
} else if (dateStr.includes('.')) {
const parts = dateStr.split('.')
if (parts.length >= 2) return `${parts[0]}.${parts[1]}.`
}
return dateStr
}
// members muss showBirthday und birthday enthalten:
// showBirthday: true, wenn das Mitglied die Anzeige erlaubt
// birthday: im Format YYYY-MM-DD oder DD.MM.YYYY
// Falls die Datenstruktur anders ist, bitte anpassen!
import { ref, computed, onMounted } from 'vue' import { ref, computed, onMounted } from 'vue'
import { UserPlus, Mail, Phone, MapPin, FileText, Clock, Edit, Trash2, Loader2, AlertCircle, Table2, Grid3x3 } from 'lucide-vue-next' import { UserPlus, Mail, Phone, MapPin, FileText, Clock, Edit, Trash2, Loader2, AlertCircle, Table2, Grid3x3 } from 'lucide-vue-next'

32
pages/mitgliederbereich/profil.vue
View File

@@ -77,6 +77,29 @@
> >
</div> </div>
<!-- Sichtbarkeits-Einstellungen -->
<div class="mt-4 border-t border-gray-100 pt-4">
<h3 class="text-sm font-medium text-gray-900 mb-2">Sichtbarkeit für andere Mitglieder</h3>
<div class="flex flex-col gap-2 text-sm text-gray-700">
<label class="inline-flex items-center">
<input type="checkbox" class="mr-2" v-model="visibility.showEmail" :disabled="isSaving" />
E-Mail für alle eingeloggten Mitglieder sichtbar
</label>
<label class="inline-flex items-center">
<input type="checkbox" class="mr-2" v-model="visibility.showPhone" :disabled="isSaving" />
Telefonnummer für alle eingeloggten Mitglieder sichtbar
</label>
<label class="inline-flex items-center">
<input type="checkbox" class="mr-2" v-model="visibility.showAddress" :disabled="isSaving" />
Adresse für alle eingeloggten Mitglieder sichtbar
</label>
<label class="inline-flex items-center">
<input type="checkbox" class="mr-2" v-model="visibility.showBirthday" :disabled="isSaving" />
Geburtstag für alle eingeloggten Mitglieder sichtbar
</label>
</div>
</div>
<!-- Passwort ändern --> <!-- Passwort ändern -->
<div class="border-t border-gray-200 pt-6 mt-6"> <div class="border-t border-gray-200 pt-6 mt-6">
<h3 class="text-lg font-semibold text-gray-900 mb-4"> <h3 class="text-lg font-semibold text-gray-900 mb-4">
@@ -279,6 +302,13 @@ const formData = ref({
phone: '' phone: ''
}) })
// Visibility preferences for other logged-in members
const visibility = ref({
showEmail: true,
showPhone: true,
showAddress: false
})
const passwordData = ref({ const passwordData = ref({
current: '', current: '',
new: '', new: '',
@@ -297,6 +327,7 @@ const loadProfile = async () => {
email: response.user.email, email: response.user.email,
phone: response.user.phone || '' phone: response.user.phone || ''
} }
visibility.value = response.user.visibility || visibility.value
} catch { } catch {
errorMessage.value = 'Fehler beim Laden des Profils.' errorMessage.value = 'Fehler beim Laden des Profils.'
} finally { } finally {
@@ -398,6 +429,7 @@ const handleSave = async () => {
name: formData.value.name, name: formData.value.name,
email: formData.value.email, email: formData.value.email,
phone: formData.value.phone, phone: formData.value.phone,
visibility: visibility.value,
currentPassword: passwordData.value.current || undefined, currentPassword: passwordData.value.current || undefined,
newPassword: passwordData.value.new || undefined newPassword: passwordData.value.new || undefined
} }

42
pages/registrieren.vue
View File

@@ -32,22 +32,40 @@
</div> </div>
--> -->
<!-- Name --> <!-- Vorname -->
<div> <div>
<label <label
for="name" for="firstName"
class="block text-sm font-medium text-gray-700 mb-2" class="block text-sm font-medium text-gray-700 mb-2"
> >
Vollständiger Name Vorname
</label> </label>
<input <input
id="name" id="firstName"
v-model="formData.name" v-model="formData.firstName"
type="text" type="text"
required required
autocomplete="name" autocomplete="given-name"
class="w-full px-4 py-3 border border-gray-300 rounded-lg focus:ring-2 focus:ring-primary-600 focus:border-transparent transition-all" class="w-full px-4 py-3 border border-gray-300 rounded-lg focus:ring-2 focus:ring-primary-600 focus:border-transparent transition-all"
placeholder="Max Mustermann" placeholder="Max"
>
</div>
<!-- Nachname -->
<div>
<label
for="lastName"
class="block text-sm font-medium text-gray-700 mb-2"
>
Nachname
</label>
<input
id="lastName"
v-model="formData.lastName"
type="text"
required
autocomplete="family-name"
class="w-full px-4 py-3 border border-gray-300 rounded-lg focus:ring-2 focus:ring-primary-600 focus:border-transparent transition-all"
placeholder="Mustermann"
> >
</div> </div>
@@ -318,7 +336,8 @@ import { AlertCircle, Check, Loader2, Info } from 'lucide-vue-next'
// console.log('[DEBUG] Component setup started') // console.log('[DEBUG] Component setup started')
const formData = ref({ const formData = ref({
name: '', firstName: '',
lastName: '',
email: '', email: '',
phone: '', phone: '',
password: '', password: '',
@@ -400,7 +419,9 @@ const handleRegister = async () => {
const response = await $fetch('/api/auth/register', { const response = await $fetch('/api/auth/register', {
method: 'POST', method: 'POST',
body: { body: {
name: formData.value.name, firstName: formData.value.firstName,
lastName: formData.value.lastName,
name: `${formData.value.firstName} ${formData.value.lastName}`.trim(),
email: formData.value.email, email: formData.value.email,
phone: formData.value.phone, phone: formData.value.phone,
password: formData.value.password password: formData.value.password
@@ -412,7 +433,8 @@ const handleRegister = async () => {
// Reset form // Reset form
formData.value = { formData.value = {
name: '', firstName: '',
lastName: '',
email: '', email: '',
phone: '', phone: '',
password: '', password: '',

25
scripts/README-split-names.md Normal file
View File

@@ -0,0 +1,25 @@
Split-Name Scripts
Diese Scripts helfen, das Feld `name` in `firstName` und `lastName` zu splitten, für verschiedene Datenquellen im Projekt.
Available scripts:
- `scripts/split-names-in-users.js` (CommonJS)
- Splittet `server/data/users.json` und ergänzt fehlende `firstName`/`lastName`.
- Erstellt ein Backup `users.json.bak.<timestamp>` falls Änderungen gemacht werden.
- Ausführen: `node scripts/split-names-in-users.js`
- `scripts/split-names-in-members.js` (ESM)
- Liest `members.json` über `server/utils/members.js` (beachtet Verschlüsselung), führt Dry-Run by default.
- Mit `--apply` werden Änderungen geschrieben und ein Backup erstellt.
- Ausführen (dry-run): `node scripts/split-names-in-members.js`
- Ausführen (apply): `node scripts/split-names-in-members.js --apply`
- `scripts/split-names-in-membership-apps.js` (CommonJS)
- Bearbeitet alle JSON-Dateien in `server/data/membership-applications/` und erstellt `.bak` Backups pro Datei.
- Ausführen: `node scripts/split-names-in-membership-apps.js`
Hinweis:
- Die Scripts sind vorsichtig: sie erstellen Backups bevor sie schreiben (außer beim Dry-Run für members.js).
- `split-names-in-members.js` nutzt die vorhandenen `readMembers`/`writeMembers` Utilities, um Verschlüsselung zu respektieren.
- Teste zuerst mit DRY-RUN oder in einer Kopie des Datenverzeichnisses.

80
scripts/check-visibility.js Normal file
View File

@@ -0,0 +1,80 @@
#!/usr/bin/env node
(async () => {
try {
const { readMembers } = await import('../server/utils/members.js')
const auth = await import('../server/utils/auth.js')
const { readUsers } = auth
const manual = await readMembers()
const users = await readUsers()
// Build simple merged list similar to members.get
const merged = []
// Add manual members
for (const m of manual) {
const fullName = `${m.firstName || ''} ${m.lastName || ''}`.trim()
const vis = m.visibility || {}
const visibility = {
showEmail: vis.showEmail === undefined ? false : Boolean(vis.showEmail),
showPhone: vis.showPhone === undefined ? false : Boolean(vis.showPhone),
showAddress: vis.showAddress === undefined ? false : Boolean(vis.showAddress)
}
merged.push({
id: m.id || null,
name: fullName || m.name || '(kein name)',
email: m.email || '',
phone: m.phone || '',
address: m.address || '',
source: 'manual',
visibility,
raw: m
})
}
// Add registered users (default visibility: false unless stored)
for (const u of users) {
if (!u.active) continue
const visibility = u.visibility || { showEmail: false, showPhone: false, showAddress: false }
merged.push({
id: u.id,
name: u.name,
email: u.email || '',
phone: u.phone || '',
address: u.address || '',
source: 'login',
visibility,
raw: u
})
}
merged.sort((a, b) => a.name.localeCompare(b.name))
const viewers = [
{ label: 'unauthenticated', isPrivileged: false },
{ label: 'admin', isPrivileged: false },
{ label: 'vorstand', isPrivileged: true }
]
for (const v of viewers) {
console.log('\n=== Viewer:', v.label, ' (vorstand override:', v.isPrivileged, ') ===')
for (const m of merged) {
const hadEmail = !!m.email
const hadPhone = !!m.phone
const showEmail = v.isPrivileged || Boolean(m.visibility.showEmail)
const showPhone = v.isPrivileged || Boolean(m.visibility.showPhone)
const contactHidden = (!showEmail && hadEmail) || (!showPhone && hadPhone)
console.log(`- ${m.name}`)
console.log(` source: ${m.source} roles?: ${m.raw.roles || m.raw.role || ''}`)
console.log(` email: ${hadEmail ? (showEmail ? m.email : '<HIDDEN>') : '-'}`)
console.log(` phone: ${hadPhone ? (showPhone ? m.phone : '<HIDDEN>') : '-'}`)
if (contactHidden) console.log(' -> contactHidden = true')
}
}
process.exit(0)
} catch (e) {
console.error('ERROR', e)
process.exit(2)
}
})()

22
scripts/diagnose-members-visibility.js Normal file
View File

@@ -0,0 +1,22 @@
// Diagnose-Skript: Zeigt alle Mitglieder aus members.json mit Status und Sichtbarkeit
import { readMembers } from '../server/utils/members.js'
async function main() {
const members = await readMembers()
if (!members || members.length === 0) {
console.log('Keine Mitglieder geladen (members.json leer oder nicht entschlüsselbar)')
return
}
for (const m of members) {
const status = m.active === true ? 'active' : (m.status ? m.status : 'inactive')
const vis = m.visibility || {}
console.log(`ID: ${m.id || '-'} | Name: ${m.firstName || ''} ${m.lastName || ''}`)
console.log(` Status: ${status}`)
console.log(` Email: ${m.email || '-'} | Phone: ${m.phone || '-'}`)
console.log(` Sichtbarkeit:`, vis)
console.log('---')
}
console.log(`Insgesamt: ${members.length} Mitglieder geladen.`)
}
main()

37
scripts/inspect-forms.js
View File

@@ -60,25 +60,34 @@ async function inspect(pdfPath) {
async function main() { async function main() {
const repoRoot = process.cwd() const repoRoot = process.cwd()
const template = path.join(repoRoot, 'server', 'templates', 'mitgliedschaft-fillable.pdf') const template = path.join(repoRoot, 'server', 'templates', 'mitgliedschaft-fillable.pdf')
// pick latest generated PDF in public/uploads that is not the sample
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal // Prefer internal upload directory used by the API (server/data/uploads).
const uploads = path.join(repoRoot, 'public', 'uploads') // If legacy files exist in public/uploads, warn and inspect them as well.
const internalUploads = path.join(repoRoot, 'server', 'data', 'uploads')
const publicUploads = path.join(repoRoot, 'public', 'uploads')
let pdfFiles = [] let pdfFiles = []
if (fs.existsSync(uploads)) { if (fs.existsSync(internalUploads)) {
pdfFiles = fs.readdirSync(uploads).filter(f => f.toLowerCase().endsWith('.pdf')) pdfFiles = fs.readdirSync(internalUploads).filter(f => f.toLowerCase().endsWith('.pdf'))
.map(f => { .map(f => {
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal const filePath = path.join(internalUploads, f)
const filePath = path.join(uploads, f) return { f, mtime: fs.statSync(filePath).mtimeMs, dir: internalUploads }
return { f, mtime: fs.statSync(filePath).mtimeMs }
}) })
.sort((a,b) => b.mtime - a.mtime)
.map(x => x.f)
} }
const apiPdf = pdfFiles.find(n => !n.includes('sample')) || pdfFiles[0]
// Do NOT fall back to public/uploads to avoid encouraging public exposure.
if (pdfFiles.length === 0) {
if (fs.existsSync(publicUploads)) {
console.warn('WARN: PDFs exist in public/uploads. Please migrate them to server/data/uploads using scripts/migrate-public-galerie-to-metadata.js')
}
}
pdfFiles = pdfFiles.sort((a, b) => b.mtime - a.mtime)
const apiPdfEntry = pdfFiles.find(e => !e.f.includes('sample')) || pdfFiles[0]
await inspect(template) await inspect(template)
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal if (apiPdfEntry) await inspect(path.join(apiPdfEntry.dir, apiPdfEntry.f))
if (apiPdf) await inspect(path.join(uploads, apiPdf)) else console.log('No API-generated PDF found in server/data/uploads or public/uploads')
else console.log('No API-generated PDF found in public/uploads')
} }
main().catch(e => { console.error(e); process.exit(1) }) main().catch(e => { console.error(e); process.exit(1) })

54
scripts/re-encrypt-membership-applications.js Normal file
View File

@@ -0,0 +1,54 @@
// Re-Encrypt Klartext-Mitgliedsanträge mit aktuellem ENCRYPTION_KEY
// Backup wird als .bak angelegt
import fs from 'fs/promises'
import path from 'path'
import { encryptObject } from '../server/utils/encryption.js'
const DIR = path.join(process.cwd(), 'server/data/membership-applications')
const KEY = process.env.ENCRYPTION_KEY
if (!KEY) {
console.error('ENCRYPTION_KEY fehlt! Bitte als Environment-Variable setzen.')
process.exit(1)
}
async function reencryptFile(file) {
const filePath = path.join(DIR, file)
try {
const content = await fs.readFile(filePath, 'utf8')
// Prüfe, ob bereits verschlüsselt (v2: Prefix)
if (content.startsWith('v2:')) {
console.log('Überspringe (bereits verschlüsselt):', file)
return false
}
// Prüfe, ob Klartext-JSON
if (!content.trim().startsWith('{')) {
console.warn('Überspringe (kein Klartext-JSON):', file)
return false
}
// Backup anlegen
await fs.copyFile(filePath, filePath + '.bak')
// Verschlüsseln
const obj = JSON.parse(content)
const encrypted = encryptObject(obj, KEY)
await fs.writeFile(filePath, encrypted, 'utf8')
console.log('Re-Encrypted:', file)
return true
} catch (e) {
console.error('Fehler bei', file, ':', e.message)
return false
}
}
async function main() {
const files = await fs.readdir(DIR)
let changed = 0
for (const file of files) {
if (!file.endsWith('.json')) continue
const ok = await reencryptFile(file)
if (ok) changed++
}
console.log('Fertig. Re-encrypted:', changed, 'Dateien.')
}
main()

22
scripts/set-all-members-active.js Normal file
View File

@@ -0,0 +1,22 @@
// Setzt für alle Mitglieder in members.json das Feld active: true und verschlüsselt neu
import 'dotenv/config'
import { readMembers, writeMembers } from '../server/utils/members.js'
async function main() {
const members = await readMembers()
if (!members || members.length === 0) {
console.log('Keine Mitglieder geladen (members.json leer oder nicht entschlüsselbar)')
return
}
let changed = 0
for (const m of members) {
if (m.active !== true) {
m.active = true
changed++
}
}
await writeMembers(members)
console.log(`Fertig. ${changed} Mitglieder auf active: true gesetzt und gespeichert.`)
}
main()

69
scripts/set-visibility.js Normal file
View File

@@ -0,0 +1,69 @@
#!/usr/bin/env node
import arg from 'arg'
async function main() {
const args = arg({
'--email': String,
'--showEmail': Boolean,
'--showPhone': Boolean,
'--showAddress': Boolean,
'--target': String // 'members'|'users'|'both'
})
const email = args['--email']
if (!email) {
console.error('Usage: node scripts/set-visibility.js --email <email> [--showEmail] [--showPhone] [--showAddress] [--target both|members|users]')
process.exit(2)
}
const showEmail = '--showEmail' in args ? Boolean(args['--showEmail']) : undefined
const showPhone = '--showPhone' in args ? Boolean(args['--showPhone']) : undefined
const showAddress = '--showAddress' in args ? Boolean(args['--showAddress']) : undefined
const target = args['--target'] || 'both'
const membersUtils = await import('../server/utils/members.js')
const authUtils = await import('../server/utils/auth.js')
if (target === 'both' || target === 'members') {
const members = await membersUtils.readMembers()
let changed = false
for (const m of members) {
if ((m.email || '').toLowerCase() === email.toLowerCase()) {
m.visibility = m.visibility || {}
if (showEmail !== undefined) m.visibility.showEmail = showEmail
if (showPhone !== undefined) m.visibility.showPhone = showPhone
if (showAddress !== undefined) m.visibility.showAddress = showAddress
changed = true
console.log('Updated manual member visibility for', email)
}
}
if (changed) {
await membersUtils.writeMembers(members)
console.log('Wrote members.json')
}
}
if (target === 'both' || target === 'users') {
const users = await authUtils.readUsers()
let changed = false
for (const u of users) {
if ((u.email || '').toLowerCase() === email.toLowerCase()) {
u.visibility = u.visibility || {}
if (showEmail !== undefined) u.visibility.showEmail = showEmail
if (showPhone !== undefined) u.visibility.showPhone = showPhone
if (showAddress !== undefined) u.visibility.showAddress = showAddress
changed = true
console.log('Updated user visibility for', email)
}
}
if (changed) {
await authUtils.writeUsers(users)
console.log('Wrote users.json')
}
}
}
main().catch(e => {
console.error(e)
process.exit(1)
})

80
scripts/split-names-in-members.js Normal file
View File

@@ -0,0 +1,80 @@
#!/usr/bin/env node
import fs from 'fs'
import { promises as fsp } from 'fs'
import path from 'path'
import { readMembers, writeMembers } from '../server/utils/members.js'
// Script to split `name` into firstName/lastName for members.json.
// Usage:
// node scripts/split-names-in-members.js # dry-run, no writes
// node scripts/split-names-in-members.js --apply # apply changes and create backup
const MEMBERS_FILE_PATH = path.join(process.cwd(), 'server/data/members.json')
function extractNames(name) {
if (!name || typeof name !== 'string') return { firstName: '', lastName: '' }
const parts = name.trim().split(/\s+/)
if (parts.length === 1) return { firstName: parts[0], lastName: '' }
return { firstName: parts[0], lastName: parts.slice(1).join(' ') }
}
async function main() {
const apply = process.argv.includes('--apply')
console.log('Reading members via server utils (handles encryption)...')
const members = await readMembers()
if (!Array.isArray(members)) {
console.error('Unerwartetes Format von members:', typeof members)
process.exit(2)
}
let changed = false
for (const m of members) {
if ((!m.firstName || !m.lastName) && m.name) {
const { firstName, lastName } = extractNames(m.name)
if (!m.firstName) m.firstName = firstName
if (!m.lastName) m.lastName = lastName
changed = true
}
}
if (!changed) {
console.log('Keine Änderungen erforderlich. Alle Mitglieder haben firstName/lastName.')
return
}
console.log(`Gefundene Änderungen: Mitglieder mit ergänztenn Namen werden ${apply ? 'angewendet' : 'nur angezeigt (dry-run)'}.`)
if (!apply) {
console.log('Vorschau der Änderungen (erstes 10 geänderte Mitglieder):')
let count = 0
for (const m of members) {
if (m.firstName || m.lastName) {
console.log('-', m.id || '(keine id)', m.firstName, m.lastName, '-', m.name)
count++
if (count >= 10) break
}
}
console.log('\nFühre das Skript mit --apply aus, um die Änderungen dauerhaft zu schreiben (Backup wird erstellt).')
return
}
// Create backup of raw file (may be encrypted)
const timestamp = new Date().toISOString().replace(/[:.]/g, '-')
const backupPath = MEMBERS_FILE_PATH + `.bak.${timestamp}`
try {
await fsp.copyFile(MEMBERS_FILE_PATH, backupPath)
console.log('Backup erstellt:', backupPath)
} catch (err) {
console.warn('Konnte kein Backup anlegen (Datei evtl. nicht vorhanden):', err.message)
}
// Write members using writeMembers (will handle encryption)
await writeMembers(members)
console.log('Mitglieder erfolgreich aktualisiert und verschlüsselt gespeichert.')
}
main().catch(err => {
console.error('Fehler:', err)
process.exit(1)
})

61
scripts/split-names-in-membership-apps.js Normal file
View File

@@ -0,0 +1,61 @@
#!/usr/bin/env node
// Script to split name field in membership application JSON files under server/data/membership-applications/ (ESM)
// It will create backups for each modified file.
import fs from 'fs'
import path from 'path'
import { fileURLToPath } from 'url'
const __filename = fileURLToPath(import.meta.url)
const __dirname = path.dirname(__filename)
const APPS_DIR = path.join(__dirname, '../server/data/membership-applications')
function extractNames(name) {
if (!name || typeof name !== 'string') return { firstName: '', lastName: '' }
const parts = name.trim().split(/\s+/)
if (parts.length === 1) return { firstName: parts[0], lastName: '' }
return { firstName: parts[0], lastName: parts.slice(1).join(' ') }
}
function main() {
if (!fs.existsSync(APPS_DIR)) {
console.error('membership-applications Verzeichnis nicht gefunden:', APPS_DIR)
process.exit(1)
}
const files = fs.readdirSync(APPS_DIR).filter(f => f.endsWith('.json'))
if (files.length === 0) {
console.log('Keine Bewerbungsdateien gefunden.')
return
}
let modified = 0
for (const file of files) {
const p = path.join(APPS_DIR, file)
let data
try {
data = JSON.parse(fs.readFileSync(p, 'utf8'))
} catch (err) {
console.error('Fehler beim Lesen von', p, err.message)
continue
}
if ((!data.firstName || !data.lastName) && data.name) {
const { firstName, lastName } = extractNames(data.name)
data.firstName = data.firstName || firstName
data.lastName = data.lastName || lastName
// Backup
const backup = p + '.bak'
fs.copyFileSync(p, backup)
fs.writeFileSync(p, JSON.stringify(data, null, 2))
modified++
console.log('Updated', p, '-> backup at', backup)
}
}
console.log('Done. Modified files:', modified)
}
main()

49
scripts/split-names-in-users.js Normal file
View File

@@ -0,0 +1,49 @@
#!/usr/bin/env node
// Script: split-names-in-users.js (ESM)
// Splittet das Feld "name" in firstName und lastName für alle User in users.json, falls noch nicht vorhanden.
// Backup wird automatisch angelegt.
import fs from 'fs'
import path from 'path'
import { fileURLToPath } from 'url'
const __filename = fileURLToPath(import.meta.url)
const __dirname = path.dirname(__filename)
const usersPath = path.join(__dirname, '../server/data/users.json')
const backupPath = usersPath + '.bak.' + new Date().toISOString().replace(/[:.]/g, '-')
function extractNames(name) {
if (!name || typeof name !== 'string') return { firstName: '', lastName: '' }
const parts = name.trim().split(/\s+/)
if (parts.length === 1) return { firstName: parts[0], lastName: '' }
return { firstName: parts[0], lastName: parts.slice(1).join(' ') }
}
function main() {
if (!fs.existsSync(usersPath)) {
console.error('users.json nicht gefunden:', usersPath)
process.exit(1)
}
const users = JSON.parse(fs.readFileSync(usersPath, 'utf8'))
let changed = false
for (const user of users) {
if ((!user.firstName || !user.lastName) && user.name) {
const { firstName, lastName } = extractNames(user.name)
if (!user.firstName) user.firstName = firstName
if (!user.lastName) user.lastName = lastName
changed = true
}
}
if (changed) {
fs.copyFileSync(usersPath, backupPath)
fs.writeFileSync(usersPath, JSON.stringify(users, null, 2))
console.log('Felder firstName/lastName ergänzt. Backup:', backupPath)
} else {
console.log('Keine Änderungen nötig. Alle Namen bereits gesplittet.')
}
}
main()

58
server/api/auth/register.post.js
View File

@@ -1,5 +1,5 @@
import { readUsers, writeUsers, hashPassword } from '../../utils/auth.js' import { readUsers, writeUsers, hashPassword } from '../../utils/auth.js'
import nodemailer from 'nodemailer' import { sendRegistrationNotification } from '../../utils/email-service.js'
import { assertPasswordNotPwned } from '../../utils/hibp.js' import { assertPasswordNotPwned } from '../../utils/hibp.js'
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
@@ -55,61 +55,11 @@ export default defineEventHandler(async (event) => {
users.push(newUser) users.push(newUser)
await writeUsers(users) await writeUsers(users)
// Send notification email to admin // Send notification to Vorstand/admin via central email service
try { try {
const smtpUser = process.env.SMTP_USER await sendRegistrationNotification({ name, email, phone })
const smtpPass = process.env.SMTP_PASS
if (!smtpUser || !smtpPass) {
console.warn('SMTP-Credentials fehlen! E-Mail-Versand wird übersprungen.')
console.warn(`SMTP_USER=${smtpUser ? 'gesetzt' : 'FEHLT'}, SMTP_PASS=${smtpPass ? 'gesetzt' : 'FEHLT'}`)
// Continue without sending email
} else {
const transporter = nodemailer.createTransport({
host: process.env.SMTP_HOST || 'smtp.gmail.com',
port: process.env.SMTP_PORT || 587,
secure: false,
auth: {
user: smtpUser,
pass: smtpPass
}
})
// Email to admin
await transporter.sendMail({
from: process.env.SMTP_FROM || 'noreply@harheimertc.de',
to: process.env.SMTP_ADMIN || 'j.dichmann@gmx.de',
subject: 'Neue Registrierung - Harheimer TC',
html: `
<h2>Neue Registrierung</h2>
<p>Ein neuer Benutzer hat sich registriert und wartet auf Freigabe:</p>
<ul>
<li><strong>Name:</strong> ${name}</li>
<li><strong>E-Mail:</strong> ${email}</li>
<li><strong>Telefon:</strong> ${phone || 'Nicht angegeben'}</li>
</ul>
<p>Bitte prüfen Sie die Registrierung im CMS.</p>
`
})
// Email to user
await transporter.sendMail({
from: process.env.SMTP_FROM || 'noreply@harheimertc.de',
to: email,
subject: 'Registrierung erhalten - Harheimer TC',
html: `
<h2>Registrierung erhalten</h2>
<p>Hallo ${name},</p>
<p>vielen Dank für Ihre Registrierung beim Harheimer TC!</p>
<p>Ihre Anfrage wird vom Vorstand geprüft. Sie erhalten eine E-Mail, sobald Ihr Zugang freigeschaltet wurde.</p>
<br>
<p>Mit sportlichen Grüßen,<br>Ihr Harheimer TC</p>
`
})
}
} catch (emailError) { } catch (emailError) {
console.error('E-Mail-Versand fehlgeschlagen:', emailError) console.error('Registrierungs-Benachrichtigung fehlgeschlagen:', emailError)
// Continue anyway - user is registered
} }
return { return {

90
server/api/birthdays.get.js Normal file
View File

@@ -0,0 +1,90 @@
import { readMembers, normalizeDate } from '../utils/members.js'
import { readUsers, migrateUserRoles, getUserFromToken, verifyToken } from '../utils/auth.js'
// Helper: returns array of upcoming birthdays within daysAhead (inclusive)
function getUpcomingBirthdays(entries, daysAhead = 28) {
const now = new Date()
const results = []
// iterate entries with geburtsdatum and name
for (const e of entries) {
const raw = e.geburtsdatum
if (!raw) continue
const parsed = new Date(raw)
if (isNaN(parsed.getTime())) continue
// Build next occurrence for this year
const thisYear = now.getFullYear()
const occ = new Date(thisYear, parsed.getMonth(), parsed.getDate())
// If already passed this year, consider next year
if (occ < now) {
occ.setFullYear(thisYear + 1)
}
const diffDays = Math.ceil((occ - now) / (1000 * 60 * 60 * 24))
if (diffDays >= 0 && diffDays <= daysAhead) {
results.push({
name: e.name || `${e.firstName || ''} ${e.lastName || ''}`.trim(),
dayMonth: `${String(occ.getDate()).padStart(2, '0')}.${String(occ.getMonth()+1).padStart(2, '0')}`,
date: occ,
diffDays
})
}
}
// Sort by upcoming date
results.sort((a, b) => a.date - b.date)
return results
}
export default defineEventHandler(async (event) => {
try {
// Determine viewer for visibility rules; token optional
const token = getCookie(event, 'auth_token')
let currentUser = null
if (token) {
const decoded = verifyToken(token)
if (decoded) {
currentUser = await getUserFromToken(token)
}
}
const manualMembers = await readMembers()
const registeredUsers = await readUsers()
// Build unified list of candidates with geburtsdatum and visibility
const candidates = []
for (const m of manualMembers) {
const isAccepted = m.active === true || (m.status && String(m.status).toLowerCase() === 'accepted') || m.accepted === true
if (!isAccepted) continue
const vis = m.visibility || {}
const showBirthday = vis.showBirthday === undefined ? true : Boolean(vis.showBirthday)
candidates.push({ name: `${m.firstName || ''} ${m.lastName || ''}`.trim(), geburtsdatum: m.geburtsdatum, visibility: { showBirthday }, source: 'manual' })
}
for (const u of registeredUsers) {
if (!u.active) continue
const vis = u.visibility || {}
const showBirthday = vis.showBirthday === undefined ? true : Boolean(vis.showBirthday)
candidates.push({ name: u.name, geburtsdatum: u.geburtsdatum, visibility: { showBirthday }, source: 'login' })
}
// Respect visibility: if viewer is vorstand they see all birthdays
const isPrivilegedViewer = currentUser ? (Array.isArray(currentUser.roles) ? currentUser.roles.includes('vorstand') : currentUser.role === 'vorstand') : false
const filtered = candidates.filter(c => c.geburtsdatum && (isPrivilegedViewer || c.visibility.showBirthday === true))
const upcoming = getUpcomingBirthdays(filtered, 28)
// Return only next 4 weeks entries with name and dayMonth
return {
success: true,
birthdays: upcoming.map(b => ({ name: b.name, dayMonth: b.dayMonth, inDays: b.diffDays }))
}
} catch (error) {
console.error('Fehler beim Abrufen der Geburtstage:', error)
throw error
}
})

17
server/api/cms/contact-requests.get.js Normal file
View File

@@ -0,0 +1,17 @@
import { getUserFromToken, hasAnyRole } from '../../utils/auth.js'
import { readContactRequests } from '../../utils/contact-requests.js'
export default defineEventHandler(async (event) => {
const token = getCookie(event, 'auth_token')
const currentUser = token ? await getUserFromToken(token) : null
if (!currentUser || !hasAnyRole(currentUser, 'admin', 'vorstand', 'trainer')) {
throw createError({
statusCode: 403,
statusMessage: 'Zugriff verweigert'
})
}
const requests = await readContactRequests()
return requests
})

75
server/api/cms/contact-requests/[id]/reply.post.js Normal file
View File

@@ -0,0 +1,75 @@
import nodemailer from 'nodemailer'
import { getUserFromToken, hasAnyRole } from '../../../../utils/auth.js'
import { addContactReply, readContactRequests } from '../../../../utils/contact-requests.js'
function createTransporter() {
const smtpUser = process.env.SMTP_USER
const smtpPass = process.env.SMTP_PASS || process.env.EMAIL_PASSWORD
if (!smtpUser || !smtpPass) return null
return nodemailer.createTransport({
host: process.env.SMTP_HOST || 'smtp.gmail.com',
port: Number(process.env.SMTP_PORT || 587),
secure: process.env.SMTP_SECURE === 'true',
auth: { user: smtpUser, pass: smtpPass }
})
}
export default defineEventHandler(async (event) => {
const token = getCookie(event, 'auth_token')
const currentUser = token ? await getUserFromToken(token) : null
if (!currentUser || !hasAnyRole(currentUser, 'admin', 'vorstand', 'trainer')) {
throw createError({
statusCode: 403,
statusMessage: 'Zugriff verweigert'
})
}
const body = await readBody(event)
const replyMessage = String(body?.message || '').trim()
if (!replyMessage) {
throw createError({ statusCode: 400, statusMessage: 'Antworttext fehlt' })
}
const requestId = getRouterParam(event, 'id')
if (!requestId) {
throw createError({ statusCode: 400, statusMessage: 'Anfrage-ID fehlt' })
}
const all = await readContactRequests()
const target = all.find((r) => r.id === requestId)
if (!target) {
throw createError({ statusCode: 404, statusMessage: 'Anfrage nicht gefunden' })
}
const transporter = createTransporter()
if (!transporter) {
throw createError({
statusCode: 500,
statusMessage: 'SMTP ist nicht konfiguriert'
})
}
const originalSubject = target.subject || 'Kontaktanfrage'
const responseSubject = `Aw: ${originalSubject}`
await transporter.sendMail({
from: `"Harheimer TC" <${process.env.SMTP_FROM || process.env.SMTP_USER}>`,
to: target.email,
subject: responseSubject,
text: replyMessage
})
const responderEmail = currentUser.email || ''
const updated = await addContactReply({
requestId,
replyText: replyMessage,
responderEmail
})
return {
success: true,
request: updated
}
})

33
server/api/cms/contact-requests/[id]/toggle-status.patch.js Normal file
View File

@@ -0,0 +1,33 @@
import { getUserFromToken, hasAnyRole } from '../../../../utils/auth.js'
import { readContactRequests, updateContactRequestStatus } from '../../../../utils/contact-requests.js'
export default defineEventHandler(async (event) => {
const token = getCookie(event, 'auth_token')
const currentUser = token ? await getUserFromToken(token) : null
if (!currentUser || !hasAnyRole(currentUser, 'admin', 'vorstand', 'trainer')) {
throw createError({
statusCode: 403,
statusMessage: 'Zugriff verweigert'
})
}
const requestId = getRouterParam(event, 'id')
if (!requestId) {
throw createError({ statusCode: 400, statusMessage: 'Anfrage-ID fehlt' })
}
const all = await readContactRequests()
const target = all.find((r) => r.id === requestId)
if (!target) {
throw createError({ statusCode: 404, statusMessage: 'Anfrage nicht gefunden' })
}
const newStatus = target.status === 'beantwortet' ? 'offen' : 'beantwortet'
const updated = await updateContactRequestStatus(requestId, newStatus)
return {
success: true,
request: updated
}
})

11
server/api/cms/satzung-upload.post.js
View File

@@ -26,9 +26,12 @@ const getDataPath = (filename) => {
} }
// Multer-Konfiguration für PDF-Uploads // Multer-Konfiguration für PDF-Uploads
// Store uploads in internal data directory instead of public/
const DOCUMENTS_DIR = getDataPath('documents')
const storage = multer.diskStorage({ const storage = multer.diskStorage({
destination: (req, file, cb) => { destination: (req, file, cb) => {
cb(null, 'public/documents/') cb(null, DOCUMENTS_DIR)
}, },
filename: (req, file, cb) => { filename: (req, file, cb) => {
cb(null, 'satzung.pdf') cb(null, 'satzung.pdf')
@@ -75,7 +78,8 @@ export default defineEventHandler(async (event) => {
} }
try { try {
await fs.mkdir(path.join(process.cwd(), 'public', 'documents'), { recursive: true }) // Ensure internal documents dir exists
await fs.mkdir(DOCUMENTS_DIR, { recursive: true })
// Multer-Middleware für File-Upload // Multer-Middleware für File-Upload
await new Promise((resolve, reject) => { await new Promise((resolve, reject) => {
@@ -133,8 +137,9 @@ export default defineEventHandler(async (event) => {
configData.seiten = {} configData.seiten = {}
} }
// Serve the uploaded statute via internal media proxy
configData.seiten.satzung = { configData.seiten.satzung = {
pdfUrl: '/documents/satzung.pdf', pdfUrl: '/api/media/documents/satzung.pdf',
content: htmlContent content: htmlContent
} }

63
server/api/cms/save-csv.post.js
View File

@@ -4,7 +4,15 @@ import { getUserFromToken, hasAnyRole } from '../../utils/auth.js'
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
try { try {
const token = getCookie(event, 'auth_token') let token = getCookie(event, 'auth_token')
if (!token) {
const authHeader = getHeader(event, 'authorization')
if (authHeader && authHeader.startsWith('Bearer ')) {
token = authHeader.substring(7).trim()
}
}
const currentUser = token ? await getUserFromToken(token) : null const currentUser = token ? await getUserFromToken(token) : null
if (!currentUser) { if (!currentUser) {
@@ -45,25 +53,12 @@ export default defineEventHandler(async (event) => {
}) })
} }
// Wichtig: In Production werden statische Dateien aus `.output/public` ausgeliefert. // Neuer Ablauf (Option B): Schreibe CSVs ausschließlich in internes Datenverzeichnis,
// Wenn PM2 `cwd` auf das Repo-Root setzt, ist `process.cwd()` NICHT `.output` // damit keine direkten Schreibzugriffe auf `public/` stattfinden.
// daher schreiben wir robust in alle sinnvollen Zielorte: // Später kann ein kontrollierter Deploy-/Sync-Prozess die Daten aus `server/data/public-data`
// - `.output/public/data/<file>` (damit die laufende Instanz sofort die neuen Daten liefert) // in die öffentlich ausgelieferte `public/`-Location übernehmen.
// - `public/data/<file>` (damit der nächste Build die Daten wieder übernimmt)
//
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
// filename is validated against allowlist above, path traversal prevented
const cwd = process.cwd() const cwd = process.cwd()
const pathExists = async (p) => {
try {
await fs.access(p)
return true
} catch {
return false
}
}
const writeFileAtomicAndVerify = async (targetPath, data) => { const writeFileAtomicAndVerify = async (targetPath, data) => {
const dataDir = path.dirname(targetPath) const dataDir = path.dirname(targetPath)
await fs.mkdir(dataDir, { recursive: true }) await fs.mkdir(dataDir, { recursive: true })
@@ -97,47 +92,25 @@ export default defineEventHandler(async (event) => {
} }
} }
// Preferred: das tatsächlich ausgelieferte Verzeichnis in Production // Ziel: internes Datenverzeichnis unter `server/data/public-data` (persistente, interne Quelle)
// (Nuxt/Nitro serve static aus `.output/public`) const internalPaths = [
const preferredPaths = [] path.join(cwd, 'server/data/public-data', filename),
if (await pathExists(path.join(cwd, '.output/public'))) { path.join(cwd, '../server/data/public-data', filename)
preferredPaths.push(path.join(cwd, '.output/public/data', filename))
}
if (await pathExists(path.join(cwd, '../.output/public'))) {
preferredPaths.push(path.join(cwd, '../.output/public/data', filename))
}
// Fallbacks: Source-Public (für Persistenz bei nächstem Build) und diverse cwd-Layouts
const fallbackPaths = [
path.join(cwd, 'public/data', filename),
path.join(cwd, '../public/data', filename)
] ]
const uniquePaths = [...new Set([...preferredPaths, ...fallbackPaths])] const uniquePaths = [...new Set([...internalPaths])]
const writeResults = [] const writeResults = []
const writeErrors = [] const writeErrors = []
let wrotePreferred = false
for (const targetPath of uniquePaths) { for (const targetPath of uniquePaths) {
try { try {
await writeFileAtomicAndVerify(targetPath, content) await writeFileAtomicAndVerify(targetPath, content)
writeResults.push(targetPath) writeResults.push(targetPath)
if (preferredPaths.includes(targetPath)) wrotePreferred = true
} catch (e) { } catch (e) {
writeErrors.push({ targetPath, error: e?.message || String(e) }) writeErrors.push({ targetPath, error: e?.message || String(e) })
} }
} }
// Wenn wir ein `.output/public` gefunden haben, MUSS auch dorthin geschrieben worden sein.
// Sonst melden wir nicht "Erfolg", weil die laufende Instanz dann weiterhin alte/defekte Daten ausliefert.
if (preferredPaths.length > 0 && !wrotePreferred) {
console.error('CSV wurde NICHT in .output/public geschrieben. Errors:', writeErrors)
throw createError({
statusCode: 500,
statusMessage: 'CSV konnte nicht in das ausgelieferte Verzeichnis geschrieben werden'
})
}
if (writeResults.length === 0) { if (writeResults.length === 0) {
console.error('Konnte CSV-Datei in keinen Zielpfad schreiben:', writeErrors) console.error('Konnte CSV-Datei in keinen Zielpfad schreiben:', writeErrors)
throw createError({ throw createError({

23
server/api/cms/users/list.get.js
View File

@@ -17,25 +17,32 @@ export default defineEventHandler(async (event) => {
const isVorstand = hasRole(currentUser, 'vorstand') const isVorstand = hasRole(currentUser, 'vorstand')
// Return users without Passwörter; Kontaktdaten nur für Vorstand // Nur Admin oder Vorstand duerfen vollen Benutzer-Contact und Rollen sehen.
const canSeePrivate = hasAnyRole(currentUser, 'admin', 'vorstand')
const safeUsers = users.map(u => { const safeUsers = users.map(u => {
const migrated = migrateUserRoles({ ...u }) const migrated = migrateUserRoles({ ...u })
const roles = Array.isArray(migrated.roles) ? migrated.roles : (migrated.role ? [migrated.role] : ['mitglied']) const roles = Array.isArray(migrated.roles) ? migrated.roles : (migrated.role ? [migrated.role] : ['mitglied'])
const email = isVorstand ? u.email : undefined return canSeePrivate
const phone = isVorstand ? (u.phone || '') : undefined ? {
return {
id: u.id, id: u.id,
email, email: u.email,
name: u.name, name: u.name,
roles: roles, roles: roles,
role: roles[0] || 'mitglied', // Rückwärtskompatibilität role: roles[0] || 'mitglied',
phone, phone: u.phone || '',
active: u.active, active: u.active,
created: u.created, created: u.created,
lastLogin: u.lastLogin lastLogin: u.lastLogin
} }
: {
id: u.id,
name: u.name,
role: roles[0] || 'mitglied',
active: u.active,
lastLogin: u.lastLogin
}
}) })
return { return {

2
server/api/cms/users/update-role.post.js
View File

@@ -16,7 +16,7 @@ export default defineEventHandler(async (event) => {
const body = await readBody(event) const body = await readBody(event)
const { userId, roles } = body const { userId, roles } = body
const validRoles = ['mitglied', 'vorstand', 'admin', 'newsletter'] const validRoles = ['mitglied', 'vorstand', 'admin', 'newsletter', 'trainer']
const rolesArray = Array.isArray(roles) ? roles : (roles ? [roles] : ['mitglied']) const rolesArray = Array.isArray(roles) ? roles : (roles ? [roles] : ['mitglied'])
if (!rolesArray.every(r => validRoles.includes(r))) { if (!rolesArray.every(r => validRoles.includes(r))) {

158
server/api/contact.post.js
View File

@@ -1,10 +1,93 @@
import nodemailer from 'nodemailer' import nodemailer from 'nodemailer'
import { promises as fs } from 'fs'
import path from 'path'
import { createContactRequest } from '../utils/contact-requests.js'
import { readUsers, migrateUserRoles } from '../utils/auth.js'
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
// filename is always a hardcoded constant ('config.json'), never user input
const getDataPath = (filename) => {
const cwd = process.cwd()
if (cwd.endsWith('.output')) return path.join(cwd, '../server/data', filename)
return path.join(cwd, 'server/data', filename)
}
async function loadConfig() {
try {
const configFile = getDataPath('config.json')
const raw = await fs.readFile(configFile, 'utf-8')
return JSON.parse(raw)
} catch (error) {
console.error('Fehler beim Laden der Konfiguration für Kontaktanfragen:', error)
return {}
}
}
async function collectRecipients(config) {
const recipients = []
// Vorstand
if (config?.vorstand && typeof config.vorstand === 'object') {
for (const member of Object.values(config.vorstand)) {
if (member?.email && typeof member.email === 'string' && member.email.trim()) {
recipients.push(member.email.trim())
}
}
}
// Trainer
if (Array.isArray(config?.trainer)) {
for (const trainer of config.trainer) {
if (trainer?.email && typeof trainer.email === 'string' && trainer.email.trim()) {
recipients.push(trainer.email.trim())
}
}
}
// Zusätzlich: Benutzer mit Trainer-Rolle aus dem Login-System
try {
const users = await readUsers()
for (const rawUser of users) {
const user = migrateUserRoles({ ...rawUser })
const roles = Array.isArray(user.roles) ? user.roles : []
if (roles.includes('trainer') && user.email && String(user.email).trim()) {
recipients.push(String(user.email).trim())
}
}
} catch (error) {
console.error('Fehler beim Laden der Trainer-Empfänger aus Benutzerdaten:', error)
}
const unique = [...new Set(recipients)]
if (unique.length > 0) return unique
// Fallback
if (config?.website?.verantwortlicher?.email) {
return [config.website.verantwortlicher.email]
}
if (process.env.SMTP_USER) {
return [process.env.SMTP_USER]
}
return ['j.dichmann@gmx.de']
}
function createTransporter() {
const smtpUser = process.env.SMTP_USER
const smtpPass = process.env.SMTP_PASS || process.env.EMAIL_PASSWORD
if (!smtpUser || !smtpPass) return null
return nodemailer.createTransport({
host: process.env.SMTP_HOST || 'smtp.gmail.com',
port: Number(process.env.SMTP_PORT || 587),
secure: process.env.SMTP_SECURE === 'true',
auth: { user: smtpUser, pass: smtpPass }
})
}
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
try { try {
const body = await readBody(event) const body = await readBody(event)
// Validierung der Eingabedaten
if (!body.name || !body.email || !body.subject || !body.message) { if (!body.name || !body.email || !body.subject || !body.message) {
throw createError({ throw createError({
statusCode: 400, statusCode: 400,
@@ -12,7 +95,6 @@ export default defineEventHandler(async (event) => {
}) })
} }
// E-Mail-Validierung
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/ const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
if (!emailRegex.test(body.email)) { if (!emailRegex.test(body.email)) {
throw createError({ throw createError({
@@ -21,34 +103,32 @@ export default defineEventHandler(async (event) => {
}) })
} }
// SMTP-Konfiguration (hier können Sie Ihre SMTP-Daten eintragen) // Anfrage immer speichern, auch wenn E-Mail-Versand fehlschlägt.
const smtpUser = process.env.SMTP_USER || 'j.dichmann@gmx.de' await createContactRequest({
const smtpPass = process.env.SMTP_PASS || process.env.EMAIL_PASSWORD name: String(body.name).trim(),
email: String(body.email).trim(),
if (!smtpUser || !smtpPass) { phone: body.phone ? String(body.phone).trim() : '',
throw createError({ subject: String(body.subject).trim(),
statusCode: 500, message: String(body.message).trim()
statusMessage: 'SMTP-Credentials fehlen! Bitte setzen Sie SMTP_USER und SMTP_PASS in der .env Datei.'
})
}
const transporter = nodemailer.createTransport({
host: process.env.SMTP_HOST || 'smtp.gmail.com',
port: process.env.SMTP_PORT || 587,
secure: false, // true für 465, false für andere Ports
auth: {
user: smtpUser,
pass: smtpPass
}
}) })
// E-Mail-Template const config = await loadConfig()
const recipients = await collectRecipients(config)
const transporter = createTransporter()
if (!transporter) {
return {
success: true,
message: 'Anfrage wurde gespeichert. E-Mail-Versand ist aktuell nicht konfiguriert.'
}
}
const nowLabel = new Date().toLocaleString('de-DE')
const emailHtml = ` const emailHtml = `
<div style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto;"> <div style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto;">
<h2 style="color: #dc2626; border-bottom: 2px solid #dc2626; padding-bottom: 10px;"> <h2 style="color: #dc2626; border-bottom: 2px solid #dc2626; padding-bottom: 10px;">
Neue Kontaktanfrage - Harheimer TC Neue Kontaktanfrage - Harheimer TC
</h2> </h2>
<div style="background-color: #f9fafb; padding: 20px; border-radius: 8px; margin: 20px 0;"> <div style="background-color: #f9fafb; padding: 20px; border-radius: 8px; margin: 20px 0;">
<h3 style="color: #374151; margin-top: 0;">Kontaktdaten:</h3> <h3 style="color: #374151; margin-top: 0;">Kontaktdaten:</h3>
<p><strong>Name:</strong> ${body.name}</p> <p><strong>Name:</strong> ${body.name}</p>
@@ -56,21 +136,18 @@ export default defineEventHandler(async (event) => {
<p><strong>Telefon:</strong> ${body.phone || 'Nicht angegeben'}</p> <p><strong>Telefon:</strong> ${body.phone || 'Nicht angegeben'}</p>
<p><strong>Betreff:</strong> ${body.subject}</p> <p><strong>Betreff:</strong> ${body.subject}</p>
</div> </div>
<div style="background-color: #ffffff; padding: 20px; border: 1px solid #e5e7eb; border-radius: 8px;"> <div style="background-color: #ffffff; padding: 20px; border: 1px solid #e5e7eb; border-radius: 8px;">
<h3 style="color: #374151; margin-top: 0;">Nachricht:</h3> <h3 style="color: #374151; margin-top: 0;">Nachricht:</h3>
<p style="white-space: pre-wrap; line-height: 1.6;">${body.message}</p> <p style="white-space: pre-wrap; line-height: 1.6;">${body.message}</p>
</div> </div>
<div style="margin-top: 30px; padding-top: 20px; border-top: 1px solid #e5e7eb; color: #6b7280; font-size: 14px;"> <div style="margin-top: 30px; padding-top: 20px; border-top: 1px solid #e5e7eb; color: #6b7280; font-size: 14px;">
<p>Diese Nachricht wurde über das Kontaktformular der Harheimer TC Website gesendet.</p> <p>Diese Nachricht wurde über das Kontaktformular der Harheimer TC Website gesendet.</p>
<p>Zeitstempel: ${new Date().toLocaleString('de-DE')}</p> <p>Zeitstempel: ${nowLabel}</p>
</div> </div>
</div> </div>
` `
const emailText = ` const emailText = `Neue Kontaktanfrage - Harheimer TC
Neue Kontaktanfrage - Harheimer TC
Kontaktdaten: Kontaktdaten:
Name: ${body.name} Name: ${body.name}
@@ -83,36 +160,29 @@ ${body.message}
--- ---
Diese Nachricht wurde über das Kontaktformular der Harheimer TC Website gesendet. Diese Nachricht wurde über das Kontaktformular der Harheimer TC Website gesendet.
Zeitstempel: ${new Date().toLocaleString('de-DE')} Zeitstempel: ${nowLabel}`
`
// E-Mail senden await transporter.sendMail({
const mailOptions = { from: `"Harheimer TC Website" <${process.env.SMTP_FROM || process.env.SMTP_USER}>`,
from: `"Harheimer TC Website" <${process.env.SMTP_USER || 'j.dichmann@gmx.de'}>`, to: recipients.join(', '),
to: 'j.dichmann@gmx.de',
replyTo: body.email, replyTo: body.email,
subject: `Kontaktanfrage: ${body.subject}`, subject: `Kontaktanfrage: ${body.subject}`,
text: emailText, text: emailText,
html: emailHtml html: emailHtml
} })
await transporter.sendMail(mailOptions)
return { return {
success: true, success: true,
message: 'E-Mail wurde erfolgreich gesendet!' message: 'Anfrage wurde erfolgreich gesendet.'
} }
} catch (error) { } catch (error) {
console.error('Fehler beim Senden der E-Mail:', error) console.error('Fehler bei Kontaktanfrage:', error)
if (error.statusCode) { if (error.statusCode) throw error
throw error
}
throw createError({ throw createError({
statusCode: 500, statusCode: 500,
statusMessage: 'Fehler beim Senden der E-Mail. Bitte versuchen Sie es später erneut.' statusMessage: 'Fehler beim Senden der Anfrage. Bitte versuchen Sie es später erneut.'
}) })
} }
}) })

46
server/api/galerie/list.get.js
View File

@@ -45,35 +45,49 @@ export default defineEventHandler(async (event) => {
} }
} }
const metadata = await readGalerieMetadata() let metadata = []
try {
metadata = await readGalerieMetadata()
if (!Array.isArray(metadata)) {
console.warn('Galerie-Metadaten haben unerwartetes Format, verwende leere Liste')
metadata = []
}
} catch (e) {
console.error('Fehler beim Lesen der Galerie-Metadaten, liefere leeres Ergebnis:', e.message)
metadata = []
}
// Filtere Bilder basierend auf Sichtbarkeit // Filtere Bilder basierend auf Sichtbarkeit
const visibleImages = metadata.filter(image => { const visibleImages = metadata.filter(image => {
// Öffentliche Bilder sind für alle sichtbar // Defensive checks
if (!image || typeof image !== 'object') return false
if (image.isPublic) return true if (image.isPublic) return true
// Private Bilder nur für eingeloggte Mitglieder
return isLoggedIn return isLoggedIn
}) })
// Sortiere nach Upload-Datum (neueste zuerst) // Sortiere nach Upload-Datum (neueste zuerst) - defensive
visibleImages.sort((a, b) => new Date(b.uploadedAt) - new Date(a.uploadedAt)) visibleImages.sort((a, b) => {
const ta = new Date(a.uploadedAt || 0).getTime()
const tb = new Date(b.uploadedAt || 0).getTime()
return tb - ta
})
// Pagination // Pagination (defensive defaults)
const page = parseInt(getQuery(event).page) || 1 const page = Math.max(1, parseInt(getQuery(event).page) || 1)
const perPage = 10 const perPage = Math.max(1, parseInt(getQuery(event).perPage) || 10)
const start = (page - 1) * perPage const start = (page - 1) * perPage
const end = start + perPage const paginatedImages = visibleImages.slice(start, start + perPage)
const paginatedImages = visibleImages.slice(start, end)
// Konsistente Rückgabeform
return { return {
success: true, success: true,
images: paginatedImages.map(img => ({ images: paginatedImages.map(img => ({
id: img.id, id: img.id || img.filename || null,
title: img.title, title: img.title || '',
description: img.description, description: img.description || '',
isPublic: img.isPublic, isPublic: !!img.isPublic,
uploadedAt: img.uploadedAt, uploadedAt: img.uploadedAt || null,
previewFilename: img.previewFilename previewFilename: img.previewFilename || null
})), })),
pagination: { pagination: {
page, page,

3
server/api/mannschaften.get.js
View File

@@ -15,7 +15,10 @@ export default defineEventHandler(async (event) => {
const cwd = process.cwd() const cwd = process.cwd()
const filename = 'mannschaften.csv' const filename = 'mannschaften.csv'
// Prefer server/data, then .output/public/data, then public/data
const candidates = [ const candidates = [
path.join(cwd, '.output/server/data', filename),
path.join(cwd, 'server/data', filename),
path.join(cwd, '.output/public/data', filename), path.join(cwd, '.output/public/data', filename),
path.join(cwd, 'public/data', filename), path.join(cwd, 'public/data', filename),
path.join(cwd, '../.output/public/data', filename), path.join(cwd, '../.output/public/data', filename),

142
server/api/members.get.js
View File

@@ -28,6 +28,17 @@ export default defineEventHandler(async (event) => {
const manualMembers = await readMembers() const manualMembers = await readMembers()
const registeredUsers = await readUsers() const registeredUsers = await readUsers()
// Debug: Log alle geladenen Mitglieder (decryptet)
console.log('--- DEBUG: Decrypted manualMembers ---')
if (Array.isArray(manualMembers)) {
for (const m of manualMembers) {
console.log(JSON.stringify(m, null, 2))
}
console.log('--- Gesamt:', manualMembers.length, 'Mitglieder ---')
} else {
console.log('manualMembers ist kein Array:', manualMembers)
}
// Merge members: combine manual + registered, detect duplicates // Merge members: combine manual + registered, detect duplicates
const mergedMembers = [] const mergedMembers = []
@@ -35,14 +46,30 @@ export default defineEventHandler(async (event) => {
const emailToIndexMap = new Map() // email -> index in mergedMembers const emailToIndexMap = new Map() // email -> index in mergedMembers
const nameToIndexMap = new Map() // name -> index in mergedMembers const nameToIndexMap = new Map() // name -> index in mergedMembers
// First, add all manual members and build lookup maps // First, add manual members that are active/accepted (filter out pending applications)
for (let i = 0; i < manualMembers.length; i++) { for (let i = 0; i < manualMembers.length; i++) {
const member = manualMembers[i] const member = manualMembers[i]
// Normalize acceptance flags: accept if member.active===true or member.status==='accepted' or member.accepted===true
const isAccepted = member.active === true || (member.status && String(member.status).toLowerCase() === 'accepted') || member.accepted === true
if (!isAccepted) {
// Skip applications that are not yet accepted
continue
}
const normalizedEmail = member.email?.toLowerCase().trim() || '' const normalizedEmail = member.email?.toLowerCase().trim() || ''
const fullName = `${member.firstName || ''} ${member.lastName || ''}`.trim() const fullName = `${member.firstName || ''} ${member.lastName || ''}`.trim()
const normalizedName = fullName.toLowerCase() const normalizedName = fullName.toLowerCase()
const memberIndex = mergedMembers.length const memberIndex = mergedMembers.length
// Ensure visibility flags are booleans for manual entries
const vis = member.visibility || {}
member.visibility = {
// Default: visible to all logged-in members unless explicitly hidden
showEmail: vis.showEmail === undefined ? true : Boolean(vis.showEmail),
showPhone: vis.showPhone === undefined ? true : Boolean(vis.showPhone),
// Address remains private by default
showAddress: vis.showAddress === undefined ? false : Boolean(vis.showAddress)
}
mergedMembers.push({ mergedMembers.push({
...member, ...member,
name: fullName, // Computed for display name: fullName, // Computed for display
@@ -73,6 +100,14 @@ export default defineEventHandler(async (event) => {
const normalizedEmail = user.email?.toLowerCase().trim() || '' const normalizedEmail = user.email?.toLowerCase().trim() || ''
const normalizedName = user.name?.toLowerCase().trim() || '' const normalizedName = user.name?.toLowerCase().trim() || ''
// Hilfsfunktion: Extrahiere Vorname/Nachname aus user.name
function extractNames(name) {
if (!name || typeof name !== 'string') return { firstName: '', lastName: '' }
const parts = name.trim().split(/\s+/)
if (parts.length === 1) return { firstName: parts[0], lastName: '' }
return { firstName: parts[0], lastName: parts.slice(1).join(' ') }
}
// Check if this user matches an existing manual member using O(1) lookup // Check if this user matches an existing manual member using O(1) lookup
let matchedManualIndex = -1 let matchedManualIndex = -1
@@ -108,6 +143,8 @@ export default defineEventHandler(async (event) => {
// Merge with existing manual member // Merge with existing manual member
const migratedUser = migrateUserRoles({ ...user }) const migratedUser = migrateUserRoles({ ...user })
const roles = Array.isArray(migratedUser.roles) ? migratedUser.roles : (migratedUser.role ? [migratedUser.role] : ['mitglied']) const roles = Array.isArray(migratedUser.roles) ? migratedUser.roles : (migratedUser.role ? [migratedUser.role] : ['mitglied'])
// Extrahiere Namen nur, wenn Felder leer sind
const { firstName, lastName } = extractNames(user.name)
mergedMembers[matchedManualIndex] = { mergedMembers[matchedManualIndex] = {
...mergedMembers[matchedManualIndex], ...mergedMembers[matchedManualIndex],
hasLogin: true, hasLogin: true,
@@ -115,21 +152,44 @@ export default defineEventHandler(async (event) => {
loginRoles: roles, loginRoles: roles,
loginRole: roles[0] || 'mitglied', // Rückwärtskompatibilität loginRole: roles[0] || 'mitglied', // Rückwärtskompatibilität
lastLogin: user.lastLogin, lastLogin: user.lastLogin,
isMannschaftsspieler: user.isMannschaftsspieler === true || mergedMembers[matchedManualIndex].isMannschaftsspieler === true isMannschaftsspieler: user.isMannschaftsspieler === true || mergedMembers[matchedManualIndex].isMannschaftsspieler === true,
firstName: mergedMembers[matchedManualIndex].firstName || firstName,
lastName: mergedMembers[matchedManualIndex].lastName || lastName,
editable: true
}
// If the registered user has visibility preferences, apply them (coerce to booleans)
if (user.visibility && typeof user.visibility === 'object') {
const vis = mergedMembers[matchedManualIndex].visibility || {}
mergedMembers[matchedManualIndex].visibility = {
showEmail: user.visibility.showEmail === undefined ? Boolean(vis.showEmail) : Boolean(user.visibility.showEmail),
showPhone: user.visibility.showPhone === undefined ? Boolean(vis.showPhone) : Boolean(user.visibility.showPhone),
showAddress: user.visibility.showAddress === undefined ? Boolean(vis.showAddress) : Boolean(user.visibility.showAddress)
}
} }
} else { } else {
// Add as new member (from login system) // Add as new member (from login system)
const migratedUser = migrateUserRoles({ ...user }) const migratedUser = migrateUserRoles({ ...user })
const roles = Array.isArray(migratedUser.roles) ? migratedUser.roles : (migratedUser.role ? [migratedUser.role] : ['mitglied']) const roles = Array.isArray(migratedUser.roles) ? migratedUser.roles : (migratedUser.role ? [migratedUser.role] : ['mitglied'])
// Registered-only user: default to privacy-preserving visibility (hidden) unless user explicitly set visibility elsewhere
// Use stored visibility from user if present, otherwise default to false
const userVis = user.visibility || {}
const { firstName, lastName } = extractNames(user.name)
mergedMembers.push({ mergedMembers.push({
id: user.id, id: user.id,
name: user.name, name: user.name,
firstName,
lastName,
email: user.email, email: user.email,
phone: user.phone || '', phone: user.phone || '',
address: '', address: '',
visibility: {
showEmail: userVis.showEmail === undefined ? true : Boolean(userVis.showEmail),
showPhone: userVis.showPhone === undefined ? true : Boolean(userVis.showPhone),
showAddress: userVis.showAddress === undefined ? false : Boolean(userVis.showAddress)
},
notes: `Rolle(n): ${roles.join(', ')}`, notes: `Rolle(n): ${roles.join(', ')}`,
source: 'login', source: 'login',
editable: false, editable: true,
hasLogin: true, hasLogin: true,
loginEmail: user.email, loginEmail: user.email,
loginRoles: roles, loginRoles: roles,
@@ -142,21 +202,75 @@ export default defineEventHandler(async (event) => {
// Sort by name // Sort by name
mergedMembers.sort((a, b) => a.name.localeCompare(b.name)) mergedMembers.sort((a, b) => a.name.localeCompare(b.name))
// Die Mitgliederliste ist nur für authentifizierte Nutzer sichtbar (siehe oben).
// Respektiere individuelle Sichtbarkeitspräferenzen (user.visibility)
const currentUserToken = token
const isViewerAuthenticated = !!currentUser
// Only 'vorstand' may override member visibility
const isPrivilegedViewer = currentUser ? hasRole(currentUser, 'vorstand') : false
// Serverseitiger Datenschutz: Kontaktdaten nur für Vorstand // Filtere den Admin-Account heraus
const isVorstand = hasRole(currentUser, 'vorstand') const filteredMembers = mergedMembers.filter(m => m.email?.toLowerCase() !== 'admin@harheimertc.de')
const safeMembers = isVorstand const sanitizedMembers = filteredMembers.map(member => {
? mergedMembers // Default: show email/phone/address to other logged-in members unless member.visibility explicitly hides them
: mergedMembers.map(m => ({ const visibility = member.visibility || {}
...m,
email: undefined, const showEmail = visibility.showEmail === undefined ? true : Boolean(visibility.showEmail)
phone: undefined, const showPhone = visibility.showPhone === undefined ? true : Boolean(visibility.showPhone)
address: undefined const showAddress = visibility.showAddress === undefined ? false : Boolean(visibility.showAddress)
}))
// Determine if contact info existed but was hidden to the viewer
const hadEmail = !!member.email
const hadPhone = !!member.phone
const hadAddress = !!member.address
const hadBirthday = !!member.geburtsdatum
const emailVisible = (isPrivilegedViewer || (isViewerAuthenticated && showEmail))
const phoneVisible = (isPrivilegedViewer || (isViewerAuthenticated && showPhone))
const addressVisible = (isPrivilegedViewer || (isViewerAuthenticated && showAddress))
const birthdayVisible = (isPrivilegedViewer || (isViewerAuthenticated && (member.visibility && member.visibility.showBirthday !== undefined ? Boolean(member.visibility.showBirthday) : true)))
const contactHidden = (!emailVisible && hadEmail) || (!phoneVisible && hadPhone) || (!addressVisible && hadAddress)
return {
id: member.id,
name: member.name,
firstName: member.firstName || '',
lastName: member.lastName || '',
source: member.source,
editable: member.editable,
hasLogin: member.hasLogin,
loginRoles: member.loginRoles,
loginRole: member.loginRole,
lastLogin: member.lastLogin,
isMannschaftsspieler: member.isMannschaftsspieler,
notes: member.notes || '',
// Sichtbarkeits-Flags explizit mitgeben
showEmail: visibility.showEmail === undefined ? true : Boolean(visibility.showEmail),
showPhone: visibility.showPhone === undefined ? true : Boolean(visibility.showPhone),
showAddress: visibility.showAddress === undefined ? false : Boolean(visibility.showAddress),
showBirthday: visibility.showBirthday === undefined ? true : Boolean(visibility.showBirthday),
// Privileged viewers (vorstand) always see contact fields
email: emailVisible ? member.email : undefined,
phone: phoneVisible ? member.phone : undefined,
address: addressVisible ? member.address : undefined,
// Birthday: expose only day + month and only if allowed; do not expose year or age
birthday: (birthdayVisible && hadBirthday) ? (function(){
try {
const d = new Date(member.geburtsdatum)
if (isNaN(d.getTime())) return undefined
const day = `${d.getDate()}`.padStart(2, '0')
const month = `${d.getMonth()+1}`.padStart(2, '0')
return `${day}.${month}`
} catch (_e) {
return undefined
}
})() : undefined,
geburtsdatum: member.geburtsdatum || undefined // Originalfeld für das Edit-Formular
}
})
return { return {
success: true, success: true,
members: safeMembers members: sanitizedMembers
} }
} catch (error) { } catch (error) {
console.error('Fehler beim Abrufen der Mitgliederliste:', error) console.error('Fehler beim Abrufen der Mitgliederliste:', error)

5
server/api/members.post.js
View File

@@ -48,7 +48,7 @@ export default defineEventHandler(async (event) => {
} }
const body = await readBody(event) const body = await readBody(event)
const { id, firstName, lastName, geburtsdatum, email, phone, address, notes, isMannschaftsspieler } = body const { id, firstName, lastName, geburtsdatum, email, phone, address, notes, isMannschaftsspieler, active } = body
if (!firstName || !lastName) { if (!firstName || !lastName) {
throw createError({ throw createError({
@@ -74,7 +74,8 @@ export default defineEventHandler(async (event) => {
phone: phone || '', phone: phone || '',
address: address || '', address: address || '',
notes: notes || '', notes: notes || '',
isMannschaftsspieler: isMannschaftsspieler === true || isMannschaftsspieler === 'true' isMannschaftsspieler: isMannschaftsspieler === true || isMannschaftsspieler === 'true',
active: typeof active === 'boolean' ? active : true
}) })
return { return {

7
server/api/membership/applications.get.js
View File

@@ -4,6 +4,13 @@ import { decryptObject } from '../../utils/encryption.js'
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
try { try {
// Nur Vorstand oder Admin darf Mitgliedschaftsantraege lesen
const token = getCookie(event, 'auth_token')
const currentUser = token ? await getUserFromToken(token) : null
if (!currentUser || !hasAnyRole(currentUser, 'admin', 'vorstand')) {
throw createError({ statusCode: 403, statusMessage: 'Zugriff verweigert' })
}
const config = useRuntimeConfig() const config = useRuntimeConfig()
const encryptionKey = config.encryptionKey || 'local_development_encryption_key_change_in_production' const encryptionKey = config.encryptionKey || 'local_development_encryption_key_change_in_production'

65
server/api/membership/generate-pdf.post.js
View File

@@ -5,6 +5,7 @@ import fs from 'fs/promises'
import path from 'path' import path from 'path'
import { StandardFonts } from 'pdf-lib' import { StandardFonts } from 'pdf-lib'
import { getDownloadCookieOptionsWithMaxAge } from '../../utils/cookies.js' import { getDownloadCookieOptionsWithMaxAge } from '../../utils/cookies.js'
import { sendMembershipEmail as sendMembershipEmailUtil } from '../../utils/email-service.js'
// const require = createRequire(import.meta.url) // Nicht verwendet // const require = createRequire(import.meta.url) // Nicht verwendet
const execAsync = promisify(exec) const execAsync = promisify(exec)
@@ -317,59 +318,7 @@ function getDataPath(filename) {
return path.join(projectRoot, 'server', 'data', filename) return path.join(projectRoot, 'server', 'data', filename)
} }
async function sendMembershipEmail(data, _filename, _event) { // Use central email service
try {
const configPath = getDataPath('config.json')
const configData = await fs.readFile(configPath, 'utf8')
const config = JSON.parse(configData)
let recipients = []
let subject = `Neuer Mitgliedschaftsantrag - ${data.vorname} ${data.nachname}`
// Sammle alle verfügbaren E-Mail-Adressen
const availableEmails = []
// Vorsitzender E-Mail hinzufügen (falls vorhanden)
if (config.vorstand.vorsitzender.email && config.vorstand.vorsitzender.email.trim() !== '') {
availableEmails.push(config.vorstand.vorsitzender.email)
}
// Schriftführer E-Mail hinzufügen (falls vorhanden)
if (config.vorstand.schriftfuehrer.email && config.vorstand.schriftfuehrer.email.trim() !== '') {
availableEmails.push(config.vorstand.schriftfuehrer.email)
}
// Fallback: Wenn keine E-Mails verfügbar sind, verwende tsschulz@tsschulz.de
if (availableEmails.length === 0) {
recipients = ['tsschulz@tsschulz.de']
} else {
recipients = availableEmails
}
// In nicht-Produktionsumgebung: Alle E-Mails an tsschulz@tsschulz.de
if (process.env.NODE_ENV !== 'production') {
recipients = ['tsschulz@tsschulz.de']
}
const message = `Ein neuer Mitgliedschaftsantrag wurde eingereicht.
Antragsteller: ${data.vorname} ${data.nachname}
Mitgliedschaftsart: ${data.mitgliedschaftsart}
Volljährig: ${data.isVolljaehrig ? 'Ja' : 'Nein'}
Das ausgefüllte Formular ist als Anhang verfügbar.`
// E-Mail-Versand implementieren (hier würde normalerweise nodemailer verwendet)
console.log('E-Mail würde gesendet werden an:', recipients)
console.log('Betreff:', subject)
console.log('Nachricht:', message)
return { success: true, recipients, subject, message }
} catch (error) {
console.error('Fehler beim Senden der E-Mail:', error)
return { success: false, error: error.message }
}
}
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
try { try {
@@ -678,8 +627,8 @@ export default defineEventHandler(async (event) => {
let emailResult let emailResult
if (usedTemplate) { if (usedTemplate) {
// E-Mail senden // E-Mail senden via zentralen Service (pass full path)
emailResult = await sendMembershipEmail(data, filename, event) emailResult = await sendMembershipEmailUtil(data, finalPdfPath)
// Antragsdaten verschlüsselt speichern // Antragsdaten verschlüsselt speichern
const encryptionKey = process.env.ENCRYPTION_KEY || 'local_development_encryption_key_change_in_production' const encryptionKey = process.env.ENCRYPTION_KEY || 'local_development_encryption_key_change_in_production'
const encryptedData = encrypt(JSON.stringify(data), encryptionKey) const encryptedData = encrypt(JSON.stringify(data), encryptionKey)
@@ -731,8 +680,8 @@ export default defineEventHandler(async (event) => {
const finalPdfPath = path.join(uploadsDir, `${filename}.pdf`) const finalPdfPath = path.join(uploadsDir, `${filename}.pdf`)
await fs.copyFile(pdfPath, finalPdfPath) await fs.copyFile(pdfPath, finalPdfPath)
// E-Mail senden // E-Mail senden via zentralen Service (pass full path)
emailResult = await sendMembershipEmail(data, filename, event) emailResult = await sendMembershipEmailUtil(data, finalPdfPath)
// Antragsdaten verschlüsselt speichern // Antragsdaten verschlüsselt speichern
const encryptionKey = process.env.ENCRYPTION_KEY || 'local_development_encryption_key_change_in_production' const encryptionKey = process.env.ENCRYPTION_KEY || 'local_development_encryption_key_change_in_production'
@@ -764,7 +713,7 @@ export default defineEventHandler(async (event) => {
const fallbackFilename = await generateSimplePDF(data, filename, event) const fallbackFilename = await generateSimplePDF(data, filename, event)
// E-Mail senden (Fallback) // E-Mail senden (Fallback)
const emailResult = await sendMembershipEmail(data, filename, event) const emailResult = await sendMembershipEmailUtil(data, path.join(uploadsDir, `${filename}.txt`))
console.log('LaTeX nicht verfügbar, verwende Fallback-Lösung') console.log('LaTeX nicht verfügbar, verwende Fallback-Lösung')
console.log('E-Mail würde gesendet werden an:', emailResult.recipients || []) console.log('E-Mail würde gesendet werden an:', emailResult.recipients || [])

35
server/api/profile.get.js
View File

@@ -1,51 +1,36 @@
import { verifyToken, getUserById, migrateUserRoles } from '../utils/auth.js' import { verifyToken, getUserFromToken } from '../utils/auth.js'
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
try { try {
const token = getCookie(event, 'auth_token') const token = getCookie(event, 'auth_token')
if (!token) { if (!token) {
throw createError({ throw createError({ statusCode: 401, message: 'Nicht authentifiziert.' })
statusCode: 401,
message: 'Nicht authentifiziert.'
})
} }
const decoded = verifyToken(token) const decoded = verifyToken(token)
if (!decoded) { if (!decoded) {
throw createError({ throw createError({ statusCode: 401, message: 'Ungültiges Token.' })
statusCode: 401,
message: 'Ungültiges Token.'
})
} }
const user = await getUserById(decoded.id) const user = await getUserFromToken(token)
if (!user) {
if (!user || user.active === false) { throw createError({ statusCode: 404, message: 'Benutzer nicht gefunden.' })
throw createError({
statusCode: 403,
message: 'Benutzer nicht gefunden oder inaktiv.'
})
} }
const migratedUser = migrateUserRoles({ ...user }) // Rückgabe des eigenen Profils inkl. Sichtbarkeitspräferenzen
const roles = Array.isArray(migratedUser.roles) ? migratedUser.roles : (migratedUser.role ? [migratedUser.role] : ['mitglied'])
// Return user data (without password)
return { return {
success: true, success: true,
user: { user: {
id: user.id, id: user.id,
email: user.email,
name: user.name, name: user.name,
email: user.email,
phone: user.phone || '', phone: user.phone || '',
roles: roles, visibility: Object.assign({ showBirthday: true }, (user.visibility || {}))
role: roles[0] || 'mitglied' // Rückwärtskompatibilität
} }
} }
} catch (error) { } catch (error) {
console.error('Profil-Abruf-Fehler:', error) console.error('Fehler beim Laden des Profil:', error)
throw error throw error
} }
}) })

13
server/api/profile.put.js
View File

@@ -59,6 +59,18 @@ export default defineEventHandler(async (event) => {
user.email = email user.email = email
user.phone = phone || '' user.phone = phone || ''
// Optional visibility preferences (what to show to other logged-in members)
// Expected shape: { showEmail: boolean, showPhone: boolean, showAddress: boolean, showBirthday: boolean }
const visibility = body.visibility || body.visibilityPreferences || null
if (visibility && typeof visibility === 'object') {
user.visibility = user.visibility || {}
// Coerce values to booleans to be robust against string values from clients
if (visibility.showEmail !== undefined) user.visibility.showEmail = Boolean(visibility.showEmail)
if (visibility.showPhone !== undefined) user.visibility.showPhone = Boolean(visibility.showPhone)
if (visibility.showAddress !== undefined) user.visibility.showAddress = Boolean(visibility.showAddress)
if (visibility.showBirthday !== undefined) user.visibility.showBirthday = Boolean(visibility.showBirthday)
}
// Handle password change // Handle password change
if (currentPassword && newPassword) { if (currentPassword && newPassword) {
const isValid = await verifyPassword(currentPassword, user.password) const isValid = await verifyPassword(currentPassword, user.password)
@@ -93,6 +105,7 @@ export default defineEventHandler(async (event) => {
email: user.email, email: user.email,
name: user.name, name: user.name,
phone: user.phone, phone: user.phone,
visibility: user.visibility || {},
roles: roles, roles: roles,
role: roles[0] || 'mitglied' // Rückwärtskompatibilität role: roles[0] || 'mitglied' // Rückwärtskompatibilität
} }

11
server/api/spielplan/pdf.get.js
View File

@@ -13,10 +13,15 @@ export default defineEventHandler(async (event) => {
}) })
} }
// Lade Spielplandaten // Lade Spielplandaten - bevorzugt aus server/data
const csvPath = path.join(process.cwd(), 'public/data/spielplan.csv') let csvPath = path.join(process.cwd(), 'server/data/spielplan.csv')
let csvContent try {
await fs.access(csvPath)
} catch {
csvPath = path.join(process.cwd(), 'public/data/spielplan.csv')
}
let csvContent
try { try {
csvContent = await fs.readFile(csvPath, 'utf-8') csvContent = await fs.readFile(csvPath, 'utf-8')
} catch (_error) { } catch (_error) {

9
server/api/termine.get.js
View File

@@ -5,13 +5,20 @@ export default defineEventHandler(async (event) => {
try { try {
const cwd = process.cwd() const cwd = process.cwd()
// In production (.output/server), working dir is .output // Prefer internal server/data, fallback to public/data
let csvPath let csvPath
if (cwd.endsWith('.output')) { if (cwd.endsWith('.output')) {
csvPath = path.join(cwd, '../server/data/termine.csv')
// fallback
if (!(await fs.access(csvPath).then(()=>true).catch(()=>false))) {
csvPath = path.join(cwd, '../public/data/termine.csv') csvPath = path.join(cwd, '../public/data/termine.csv')
}
} else { } else {
csvPath = path.join(cwd, 'server/data/termine.csv')
if (!(await fs.access(csvPath).then(()=>true).catch(()=>false))) {
csvPath = path.join(cwd, 'public/data/termine.csv') csvPath = path.join(cwd, 'public/data/termine.csv')
} }
}
const csv = await fs.readFile(csvPath, 'utf-8') const csv = await fs.readFile(csvPath, 'utf-8')
const lines = csv.split('\n').filter(line => line.trim() !== '') const lines = csv.split('\n').filter(line => line.trim() !== '')

8
server/api/vereinsmeisterschaften.get.js
View File

@@ -5,13 +5,19 @@ export default defineEventHandler(async (event) => {
try { try {
const cwd = process.cwd() const cwd = process.cwd()
// In production (.output/server), working dir is .output // Prefer internal server/data, fallback to public/data
let csvPath let csvPath
if (cwd.endsWith('.output')) { if (cwd.endsWith('.output')) {
csvPath = path.join(cwd, '../server/data/vereinsmeisterschaften.csv')
if (!(await fs.access(csvPath).then(()=>true).catch(()=>false))) {
csvPath = path.join(cwd, '../public/data/vereinsmeisterschaften.csv') csvPath = path.join(cwd, '../public/data/vereinsmeisterschaften.csv')
}
} else { } else {
csvPath = path.join(cwd, 'server/data/vereinsmeisterschaften.csv')
if (!(await fs.access(csvPath).then(()=>true).catch(()=>false))) {
csvPath = path.join(cwd, 'public/data/vereinsmeisterschaften.csv') csvPath = path.join(cwd, 'public/data/vereinsmeisterschaften.csv')
} }
}
// CSV-Datei direkt als Text zurückgeben (keine Caching-Probleme) // CSV-Datei direkt als Text zurückgeben (keine Caching-Probleme)
const csv = await fs.readFile(csvPath, 'utf-8') const csv = await fs.readFile(csvPath, 'utf-8')

44
server/set-all-birthday-visible.cjs Normal file
View File

@@ -0,0 +1,44 @@
// Script: set-all-birthday-visible.cjs
// Setzt für alle Mitglieder das Flag visibility.showBirthday auf true
const fs = require('fs')
const path = require('path')
const membersPath = path.join(__dirname, 'data', 'members.json')
let raw
try {
raw = fs.readFileSync(membersPath, 'utf8')
} catch (e) {
console.error('Fehler beim Lesen von members.json:', e)
process.exit(1)
}
let members
try {
members = JSON.parse(raw)
} catch (e) {
console.error('Fehler beim Parsen von members.json:', e)
process.exit(1)
}
if (!Array.isArray(members)) {
console.error('members.json ist kein Array!')
process.exit(1)
}
let changed = 0
for (const m of members) {
if (!m.visibility) m.visibility = {}
if (m.visibility.showBirthday !== true) {
m.visibility.showBirthday = true
changed++
}
}
if (changed > 0) {
fs.writeFileSync(membersPath, JSON.stringify(members, null, 2), 'utf8')
console.log(`Flag für ${changed} Mitglieder gesetzt.`)
} else {
console.log('Alle Mitglieder hatten das Flag bereits gesetzt.')
}

44
server/set-all-birthday-visible.js Normal file
View File

@@ -0,0 +1,44 @@
// Script: set-all-birthday-visible.js
// Setzt für alle Mitglieder das Flag visibility.showBirthday auf true
const fs = require('fs')
const path = require('path')
const membersPath = path.join(__dirname, 'data', 'members.json')
let raw
try {
raw = fs.readFileSync(membersPath, 'utf8')
} catch (e) {
console.error('Fehler beim Lesen von members.json:', e)
process.exit(1)
}
let members
try {
members = JSON.parse(raw)
} catch (e) {
console.error('Fehler beim Parsen von members.json:', e)
process.exit(1)
}
if (!Array.isArray(members)) {
console.error('members.json ist kein Array!')
process.exit(1)
}
let changed = 0
for (const m of members) {
if (!m.visibility) m.visibility = {}
if (m.visibility.showBirthday !== true) {
m.visibility.showBirthday = true
changed++
}
}
if (changed > 0) {
fs.writeFileSync(membersPath, JSON.stringify(members, null, 2), 'utf8')
console.log(`Flag für ${changed} Mitglieder gesetzt.`)
} else {
console.log('Alle Mitglieder hatten das Flag bereits gesetzt.')
}

33
server/set-all-birthday-visible.mjs Normal file
View File

@@ -0,0 +1,33 @@
// Script: set-all-birthday-visible.mjs
// Setzt für alle Mitglieder das Flag visibility.showBirthday auf true (mit Entschlüsselung)
import { readMembers, writeMembers } from './utils/members.js';
import dotenv from 'dotenv';
import path from 'path';
import { fileURLToPath } from 'url';
dotenv.config({ path: path.resolve(process.cwd(), '.env') });
async function main() {
let members = await readMembers();
if (!Array.isArray(members)) {
console.error('members.json ist kein Array!')
process.exit(1)
}
let changed = 0;
for (const m of members) {
if (!m.visibility) m.visibility = {};
if (m.visibility.showBirthday !== true) {
m.visibility.showBirthday = true;
changed++;
}
}
if (changed > 0) {
await writeMembers(members);
console.log(`Flag für ${changed} Mitglieder gesetzt.`);
} else {
console.log('Alle Mitglieder hatten das Flag bereits gesetzt.');
}
}
main();

72
server/set-all-visibility-flags.mjs Normal file
View File

@@ -0,0 +1,72 @@
// Script: set-all-visibility-flags.mjs
// Setzt für alle Mitglieder in allen relevanten Dateien alle visibility-Flags auf true (inkl. Entschlüsselung)
import { readMembers, writeMembers } from './utils/members.js';
import dotenv from 'dotenv';
import path from 'path';
import { fileURLToPath } from 'url';
import fs from 'fs/promises';
dotenv.config({ path: path.resolve(process.cwd(), '.env') });
const usersPath = path.resolve(process.cwd(), 'server/data/users.json');
async function updateVisibility(obj) {
let changed = 0;
if (Array.isArray(obj)) {
for (const m of obj) {
if (!m.visibility) m.visibility = {};
if (m.visibility.showEmail !== true) { m.visibility.showEmail = true; changed++; }
if (m.visibility.showPhone !== true) { m.visibility.showPhone = true; changed++; }
if (m.visibility.showAddress !== true) { m.visibility.showAddress = true; changed++; }
if (m.visibility.showBirthday !== true) { m.visibility.showBirthday = true; changed++; }
}
}
return changed;
}
async function updateUsersFile() {
let changed = 0;
try {
let raw = await fs.readFile(usersPath, 'utf8');
let users;
if (raw.trim().startsWith('v2:')) {
// encrypted, try to use decryptObject from encryption.js
const { decryptObject } = await import('./utils/encryption.js');
const key = process.env.ENCRYPTION_KEY || 'local_development_encryption_key_change_in_production';
users = decryptObject(raw, key);
} else {
users = JSON.parse(raw);
}
changed = await updateVisibility(users);
// write back (encrypted if vorher encrypted)
if (raw.trim().startsWith('v2:')) {
const { encryptObject } = await import('./utils/encryption.js');
const key = process.env.ENCRYPTION_KEY || 'local_development_encryption_key_change_in_production';
const encrypted = encryptObject(users, key);
await fs.writeFile(usersPath, encrypted, 'utf8');
} else {
await fs.writeFile(usersPath, JSON.stringify(users, null, 2), 'utf8');
}
return changed;
} catch (e) {
console.error('Fehler beim Bearbeiten von users.json:', e);
return 0;
}
}
async function main() {
let changedMembers = 0;
let changedUsers = 0;
// members.json (manuelle Mitglieder)
let members = await readMembers();
changedMembers = await updateVisibility(members);
if (changedMembers > 0) {
await writeMembers(members);
}
// users.json (Login-System)
changedUsers = await updateUsersFile();
console.log(`members.json: ${changedMembers} Änderungen, users.json: ${changedUsers} Änderungen`);
}
main();

98
server/utils/contact-requests.js Normal file
View File

@@ -0,0 +1,98 @@
import { promises as fs } from 'fs'
import path from 'path'
import { randomUUID } from 'crypto'
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
// filename is always a hardcoded constant, never user input
const getDataPath = (filename) => {
const cwd = process.cwd()
if (cwd.endsWith('.output')) {
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
return path.join(cwd, '../server/data', filename)
}
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
return path.join(cwd, 'server/data', filename)
}
const CONTACT_REQUESTS_FILE = getDataPath('contact-requests.json')
export async function readContactRequests() {
try {
const raw = await fs.readFile(CONTACT_REQUESTS_FILE, 'utf-8')
const parsed = JSON.parse(raw)
return Array.isArray(parsed) ? parsed : []
} catch (error) {
if (error.code === 'ENOENT') return []
console.error('Fehler beim Lesen der Kontaktanfragen:', error)
return []
}
}
export async function writeContactRequests(items) {
await fs.writeFile(CONTACT_REQUESTS_FILE, JSON.stringify(items, null, 2), 'utf-8')
}
export async function createContactRequest(data) {
const current = await readContactRequests()
const now = new Date().toISOString()
const item = {
id: randomUUID(),
createdAt: now,
updatedAt: now,
status: 'offen',
name: data.name,
email: data.email,
phone: data.phone || '',
subject: data.subject,
message: data.message,
replies: []
}
current.unshift(item)
await writeContactRequests(current)
return item
}
export async function addContactReply({ requestId, replyText, responderEmail }) {
const current = await readContactRequests()
const index = current.findIndex((r) => r.id === requestId)
if (index === -1) return null
const now = new Date().toISOString()
const request = current[index]
const replies = Array.isArray(request.replies) ? request.replies : []
replies.push({
id: randomUUID(),
createdAt: now,
responderEmail: responderEmail || '',
message: replyText
})
current[index] = {
...request,
status: 'beantwortet',
replies,
updatedAt: now
}
await writeContactRequests(current)
return current[index]
}
export async function updateContactRequestStatus(requestId, newStatus) {
const validStatuses = ['offen', 'beantwortet']
if (!validStatuses.includes(newStatus)) return null
const current = await readContactRequests()
const index = current.findIndex((r) => r.id === requestId)
if (index === -1) return null
const now = new Date().toISOString()
current[index] = {
...current[index],
status: newStatus,
updatedAt: now
}
await writeContactRequests(current)
return current[index]
}

85
server/utils/email-service.js
View File

@@ -56,25 +56,29 @@ function getEmailRecipients(data, config) {
const recipients = [] const recipients = []
// Add 1. Vorsitzender // Config uses a 'vorstand' object with nested roles; collect all emails
if (config.vorsitzender && config.vorsitzender.email) { if (config.vorstand && typeof config.vorstand === 'object') {
recipients.push(config.vorsitzender.email) Object.values(config.vorstand).forEach((member) => {
if (member && member.email && typeof member.email === 'string' && member.email.trim() !== '') {
recipients.push(member.email.trim())
}
})
} }
// Add Schriftführer // For minors, also add first trainer email if configured (trainer is an array)
if (config.schriftfuehrer && config.schriftfuehrer.email) { if (!data.isVolljaehrig && Array.isArray(config.trainer) && config.trainer.length > 0 && config.trainer[0].email) {
recipients.push(config.schriftfuehrer.email) recipients.push(config.trainer[0].email)
}
// For minors, also add 1. Trainer
if (!data.isVolljaehrig && config.trainer && config.trainer.email) {
recipients.push(config.trainer.email)
} }
// Fallback if no recipients found // Fallback if no recipients found
if (recipients.length === 0) { if (recipients.length === 0) {
// Prefer website verantwortlicher if set
if (config.website && config.website.verantwortlicher && config.website.verantwortlicher.email) {
recipients.push(config.website.verantwortlicher.email)
} else {
recipients.push('tsschulz@tsschulz.de') recipients.push('tsschulz@tsschulz.de')
} }
}
return recipients return recipients
} }
@@ -94,7 +98,7 @@ function createTransporter() {
) )
} }
return nodemailer.createTransporter({ return nodemailer.createTransport({
host: process.env.SMTP_HOST || 'localhost', host: process.env.SMTP_HOST || 'localhost',
port: parseInt(process.env.SMTP_PORT) || 587, port: parseInt(process.env.SMTP_PORT) || 587,
secure: process.env.SMTP_SECURE === 'true', secure: process.env.SMTP_SECURE === 'true',
@@ -162,3 +166,60 @@ Das ausgefüllte Formular ist als Anhang verfügbar.`
} }
} }
} }
/**
* Sends a simple registration notification to Vorstand/admin and a confirmation to user.
* @param {Object} data - { name, email, phone }
*/
export async function sendRegistrationNotification(data) {
try {
const config = await loadConfig()
const recipients = getEmailRecipients(data, config)
// Create transporter
const transporter = createTransporter()
// Notify Vorstand/admin
const adminSubject = 'Neue Registrierung - Harheimer TC'
const adminHtml = `
<h2>Neue Registrierung</h2>
<p>Ein neuer Benutzer hat sich registriert und wartet auf Freigabe:</p>
<ul>
<li><strong>Name:</strong> ${data.name}</li>
<li><strong>E-Mail:</strong> ${data.email}</li>
<li><strong>Telefon:</strong> ${data.phone || 'Nicht angegeben'}</li>
</ul>
<p>Bitte prüfen Sie die Registrierung im CMS.</p>
`
await transporter.sendMail({
from: process.env.SMTP_FROM || 'noreply@harheimertc.de',
to: recipients.join(', '),
subject: adminSubject,
html: adminHtml
})
// Confirmation to user
const userSubject = 'Registrierung erhalten - Harheimer TC'
const userHtml = `
<h2>Registrierung erhalten</h2>
<p>Hallo ${data.name},</p>
<p>vielen Dank für Ihre Registrierung beim Harheimer TC!</p>
<p>Ihre Anfrage wird vom Vorstand geprüft. Sie erhalten eine E-Mail, sobald Ihr Zugang freigeschaltet wurde.</p>
<br>
<p>Mit sportlichen Grüßen,<br>Ihr Harheimer TC</p>
`
await transporter.sendMail({
from: process.env.SMTP_FROM || 'noreply@harheimertc.de',
to: data.email,
subject: userSubject,
html: userHtml
})
return { success: true, recipients }
} catch (error) {
console.error('sendRegistrationNotification failed:', error.message || error)
throw error
}
}

14
server/utils/termine.js
View File

@@ -2,20 +2,16 @@ import { promises as fs } from 'fs'
import path from 'path' import path from 'path'
import { randomUUID } from 'crypto' import { randomUUID } from 'crypto'
// Handle both dev and production paths // Use internal server/data directory for Termine CSV to avoid writing to public/
// filename is always a hardcoded constant (e.g., 'termine.csv'), never user input
const getDataPath = (filename) => { const getDataPath = (filename) => {
const cwd = process.cwd() const cwd = process.cwd()
// In production (.output/server), working dir is .output // Prefer server/data in both production and development
// e.g. project-root/server/data/termine.csv or .output/server/data/termine.csv
if (cwd.endsWith('.output')) { if (cwd.endsWith('.output')) {
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal return path.join(cwd, '../server/data', filename)
return path.join(cwd, '../public/data', filename)
} }
return path.join(cwd, 'server/data', filename)
// In development, working dir is project root
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
return path.join(cwd, 'public/data', filename)
} }
const TERMINE_FILE = getDataPath('termine.csv') const TERMINE_FILE = getDataPath('termine.csv')

48
tests/cms-files-endpoints.spec.ts
View File

@@ -37,7 +37,38 @@ vi.mock('child_process', () => ({
})) }))
vi.mock('util', () => ({ vi.mock('util', () => ({
promisify: () => () => Promise.resolve({ stdout: 'PDF Inhalt', stderr: '' }) promisify: () => () => Promise.resolve({
stdout: `§ 1 Name und Sitz
Der Verein führt den Namen Harheimer TC.
§ 2 Zweck
Der Verein verfolgt ausschließlich und unmittelbar gemeinnützige Zwecke.
§ 3 Mitgliedschaft
(1) Mitglied kann jede natürliche Person werden.
(2) Über die Aufnahme entscheidet der Vorstand.
§ 4 Beiträge
Die Mitglieder zahlen Beiträge nach Maßgabe der Beitragsordnung.
§ 5 Vorstand
Der Vorstand besteht aus dem Vorsitzenden, dem Schriftführer und dem Kassenwart.
§ 6 Schlussbestimmungen
Diese Satzung tritt mit Beschluss der Mitgliederversammlung in Kraft.
Zusätzlicher Satzungstext zur Plausibilitätsprüfung.
Zusätzlicher Satzungstext zur Plausibilitätsprüfung.
Zusätzlicher Satzungstext zur Plausibilitätsprüfung.
Zusätzlicher Satzungstext zur Plausibilitätsprüfung.
Zusätzlicher Satzungstext zur Plausibilitätsprüfung.
`,
stderr: ''
})
}))
vi.mock('../server/utils/upload-validation.js', () => ({
assertPdfMagicHeader: vi.fn().mockResolvedValue(undefined)
})) }))
import saveCsvHandler from '../server/api/cms/save-csv.post.js' import saveCsvHandler from '../server/api/cms/save-csv.post.js'
@@ -67,11 +98,26 @@ describe('CMS File Endpoints', () => {
mockSuccessReadBody({ filename: 'mannschaften.csv', content: 'data' }) mockSuccessReadBody({ filename: 'mannschaften.csv', content: 'data' })
vi.spyOn(fs, 'mkdir').mockResolvedValue(undefined) vi.spyOn(fs, 'mkdir').mockResolvedValue(undefined)
vi.spyOn(fs, 'writeFile').mockResolvedValue(undefined) vi.spyOn(fs, 'writeFile').mockResolvedValue(undefined)
vi.spyOn(fs, 'rename').mockResolvedValue(undefined)
vi.spyOn(fs, 'stat').mockResolvedValue({ size: Buffer.byteLength('data', 'utf8') } as any)
const response = await saveCsvHandler(event) const response = await saveCsvHandler(event)
expect(response.success).toBe(true) expect(response.success).toBe(true)
expect(fs.writeFile).toHaveBeenCalled() expect(fs.writeFile).toHaveBeenCalled()
}) })
it('erlaubt vorstand beim CSV-Speichern', async () => {
const event = createEvent({ cookies: { auth_token: 'token' } })
mockSuccessReadBody({ filename: 'spielplan.csv', content: 'kopf;wert' })
vi.spyOn(fs, 'mkdir').mockResolvedValue(undefined)
vi.spyOn(fs, 'writeFile').mockResolvedValue(undefined)
vi.spyOn(fs, 'rename').mockResolvedValue(undefined)
vi.spyOn(fs, 'stat').mockResolvedValue({ size: Buffer.byteLength('kopf;wert', 'utf8') } as any)
getUserFromToken.mockResolvedValue({ id: 'vorstand', role: 'vorstand' })
const response = await saveCsvHandler(event)
expect(response.success).toBe(true)
})
}) })
describe('POST /api/cms/upload-spielplan-pdf', () => { describe('POST /api/cms/upload-spielplan-pdf', () => {