import express from 'express'; import { body, validationResult } from 'express-validator'; import pool from '../config/database.js'; import { authenticateToken, requireTenant } from '../middleware/auth.js'; const router = express.Router(); router.use(authenticateToken, requireTenant); router.get('/', async (req, res) => { try { const [rows] = await pool.query( 'SELECT * FROM artikel WHERE tenant_id = ? ORDER BY bezeichnung ASC', [req.user.tenant_id] ); res.json(rows); } catch (e) { res.status(500).json({ error: 'Serverfehler' }); } }); router.get('/:id', async (req, res) => { try { const [rows] = await pool.query( 'SELECT * FROM artikel WHERE id = ? AND tenant_id = ?', [req.params.id, req.user.tenant_id] ); if (rows.length === 0) return res.status(404).json({ error: 'Artikel nicht gefunden' }); res.json(rows[0]); } catch (e) { res.status(500).json({ error: 'Serverfehler' }); } }); router.post('/', [ body('bezeichnung').notEmpty().trim(), body('pfand_betrag').isFloat({ min: 0 }) ], async (req, res) => { const errors = validationResult(req); if (!errors.isEmpty()) return res.status(400).json({ errors: errors.array() }); try { await pool.query( 'INSERT INTO artikel (id, tenant_id, bezeichnung, pfand_betrag) VALUES (UUID(), ?, ?, ?)', [req.user.tenant_id, req.body.bezeichnung, req.body.pfand_betrag] ); const [rows] = await pool.query( 'SELECT * FROM artikel WHERE tenant_id = ? ORDER BY erstellt_am DESC LIMIT 1', [req.user.tenant_id] ); res.status(201).json(rows[0]); } catch (e) { res.status(500).json({ error: 'Serverfehler' }); } }); router.put('/:id', [ body('bezeichnung').notEmpty().trim(), body('pfand_betrag').isFloat({ min: 0 }) ], async (req, res) => { const errors = validationResult(req); if (!errors.isEmpty()) return res.status(400).json({ errors: errors.array() }); try { const [r] = await pool.query( 'UPDATE artikel SET bezeichnung=?, pfand_betrag=? WHERE id=? AND tenant_id=?', [req.body.bezeichnung, req.body.pfand_betrag, req.params.id, req.user.tenant_id] ); if (r.affectedRows === 0) return res.status(404).json({ error: 'Artikel nicht gefunden' }); const [rows] = await pool.query('SELECT * FROM artikel WHERE id=? AND tenant_id=?', [req.params.id, req.user.tenant_id]); res.json(rows[0]); } catch (e) { res.status(500).json({ error: 'Serverfehler' }); } }); router.delete('/:id', async (req, res) => { try { const [r] = await pool.query('DELETE FROM artikel WHERE id=? AND tenant_id=?', [req.params.id, req.user.tenant_id]); if (r.affectedRows === 0) return res.status(404).json({ error: 'Artikel nicht gefunden' }); res.json({ message: 'Artikel geloescht' }); } catch (e) { res.status(500).json({ error: 'Serverfehler' }); } }); export default router;