torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e3cb7282bcd69cec0b94eae3554f4da484d0544d
harheimertc/server/api/termine-manage.delete.js
Torsten Schulz (local) e3cb7282bc
Some checks failed
Code Analysis and Production Deploy / analyze (push) Failing after 7m29s
Details
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Details
Code Analysis and Production Deploy / deploy-test (push) Has been skipped
Details
Android implementation of sportbetrieb, 401-fix
2026-06-13 00:30:06 +02:00

61 lines
1.5 KiB
JavaScript
Raw Blame History

import { verifyToken, getUserById, hasAnyRole } from '../utils/auth.js'
import { deleteTermin } from '../utils/termine.js'
export default defineEventHandler(async (event) => {
try {
const token = getCookie(event, 'auth_token') || getHeader(event, 'authorization')?.replace(/^Bearer\s+/i, '')
if (!token) {
throw createError({
statusCode: 401,
message: 'Nicht authentifiziert.'
})
}
const decoded = verifyToken(token)
if (!decoded) {
throw createError({
statusCode: 401,
message: 'Ungültiges Token.'
})
}
const user = await getUserById(decoded.id)
// Only admin and vorstand can delete termine
if (!user || !hasAnyRole(user, 'admin', 'vorstand')) {
throw createError({
statusCode: 403,
message: 'Keine Berechtigung zum Löschen von Terminen.'
})
}
const query = getQuery(event)
const { datum, uhrzeit, titel, beschreibung, kategorie } = query
if (!datum || !titel) {
throw createError({
statusCode: 400,
message: 'Datum und Titel sind erforderlich.'
})
}
await deleteTermin({
datum,
uhrzeit: uhrzeit || '',
titel,
beschreibung: beschreibung || '',
kategorie: kategorie || 'Sonstiges'
})
return {
success: true,
message: 'Termin erfolgreich gelöscht.'
}
} catch (error) {
console.error('Fehler beim Löschen des Termins:', error)
throw error
}
})
Reference in New Issue View Git Blame Copy Permalink