diff --git a/config/email.js b/config/email.js index 1feb88e..bc5b4c4 100644 --- a/config/email.js +++ b/config/email.js @@ -12,19 +12,6 @@ const smtpConfig = { }; // Debug-Logging der SMTP-Konfiguration -console.log('=== SMTP CONFIGURATION DEBUG ==='); -console.log('Host:', smtpConfig.host); -console.log('Port:', smtpConfig.port); -console.log('Secure:', smtpConfig.secure); -console.log('User:', smtpConfig.auth.user); -console.log('Pass:', smtpConfig.auth.pass.replace(/./g, '*')); // Passwort maskieren -console.log('Environment Variables:'); -console.log(' SMTP_HOST:', process.env.SMTP_HOST || 'undefined'); -console.log(' SMTP_PORT:', process.env.SMTP_PORT || 'undefined'); -console.log(' SMTP_USER:', process.env.SMTP_USER || 'undefined'); -console.log(' SMTP_PASS:', process.env.SMTP_PASS ? '***' : 'undefined'); -console.log('================================'); - const transporter = nodemailer.createTransport(smtpConfig); // E-Mail-Template für Passwort-Reset diff --git a/controllers/userController.js b/controllers/userController.js index 8417681..43f56d2 100644 --- a/controllers/userController.js +++ b/controllers/userController.js @@ -2,22 +2,29 @@ const { User } = require('../models'); exports.getAllUsers = async (req, res) => { try { - const users = await User.findAll({order: [['name', 'ASC']]}); + const users = await User.findAll({ + order: [['name', 'ASC']], + attributes: ['id', 'name', 'email', 'active', 'created_at'] // Passwort ausschließen + }); res.status(200).json(users); } catch (error) { + console.error('Error fetching users:', error); res.status(500).json({ message: 'Error fetching users' }); } }; exports.getUserById = async (req, res) => { try { - const user = await User.findByPk(req.params.id); + const user = await User.findByPk(req.params.id, { + attributes: ['id', 'name', 'email', 'active', 'created_at'] // Passwort ausschließen + }); if (user) { res.status(200).json(user); } else { res.status(404).json({ message: 'User not found' }); } } catch (error) { + console.error('Error fetching user:', error); res.status(500).json({ message: 'Error fetching user' }); } }; @@ -25,8 +32,19 @@ exports.getUserById = async (req, res) => { exports.createUser = async (req, res) => { try { const user = await User.create(req.body); - res.status(201).json(user); + + // Sichere User-Daten zurückgeben (ohne Passwort) + const safeUser = { + id: user.id, + name: user.name, + email: user.email, + active: user.active, + created_at: user.created_at + }; + + res.status(201).json(safeUser); } catch (error) { + console.error('Error creating user:', error); res.status(500).json({ message: 'Error creating user' }); } }; @@ -35,12 +53,37 @@ exports.updateUser = async (req, res) => { try { const user = await User.findByPk(req.params.id); if (user) { - await user.update(req.body); - res.status(200).json(user); + // Erstelle eine Kopie der Request-Daten ohne sensible Felder + const updateData = { ...req.body }; + + // Entferne sensible Felder, die niemals über diese Route geändert werden dürfen + delete updateData.password; + delete updateData.id; + delete updateData.created_at; + + // Setze updated_at auf aktuelle Zeit + updateData.updated_at = new Date(); + + // Logging für Debugging + console.log('Updating user:', req.params.id, 'with data:', updateData); + + await user.update(updateData); + + // Sichere User-Daten zurückgeben (ohne Passwort) + const safeUser = { + id: user.id, + name: user.name, + email: user.email, + active: user.active, + created_at: user.created_at + }; + + res.status(200).json(safeUser); } else { res.status(404).json({ message: 'User not found' }); } } catch (error) { + console.error('Error updating user:', error); res.status(500).json({ message: 'Error updating user' }); } }; @@ -55,6 +98,7 @@ exports.deleteUser = async (req, res) => { res.status(404).json({ message: 'User not found' }); } } catch (error) { + console.error('Error deleting user:', error); res.status(500).json({ message: 'Error deleting user' }); } };