Middleware:
- requireTenant prueft tenant_id, Status und Demo-Ablauf (autom. Status-Update)
- requireSuperAdmin fuer cross-tenant Endpoints
- JWT enthaelt jetzt tenant_id
Auth:
- Login: SuperAdmin (tenant_id=NULL) ODER tenant-scoped User
- Demo-Ablaufs-Check beim Login
Neue Routes:
- /api/tenants (SuperAdmin: Demo-Accounts anlegen mit 30-Tage-Default,
Mail-Invite via Resend, Sample-Daten-Seed automatisch,
verlaengern, deaktivieren)
- /api/geraete (Seriennummern-Verwaltung mit Kunde-Zuordnung)
- /api/kunden-bilder/:kunde_id (Foto-Upload, max 5/Kunde)
Bestehende Routes:
- alle tenant_id-scoped (SELECT/UPDATE/DELETE)
- kunden: anlieferungshinweis + lieferzeit_bis Felder
- Cross-tenant-Refs (kunde_id/artikel_id) werden gegen Tenant validiert
Lib:
- lib/mail.js (Resend, mit Dev-Fallback)
- lib/seed.js (5 Kunden, 3 Artikel, 6 Lieferungen, 2 Geraete)
- scripts/bootstrap.js (legt SuperAdmin aus env-Vars beim Start an)
server.js: neue Routes + bootstrap-Call
65 lines
2.2 KiB
JavaScript
65 lines
2.2 KiB
JavaScript
import express from 'express';
|
|
import cors from 'cors';
|
|
import dotenv from 'dotenv';
|
|
import path from 'path';
|
|
import { fileURLToPath } from 'url';
|
|
|
|
import authRoutes from './routes/auth.js';
|
|
import tenantRoutes from './routes/tenants.js';
|
|
import kundenRoutes from './routes/kunden.js';
|
|
import kundenBilderRoutes from './routes/kunden-bilder.js';
|
|
import artikelRoutes from './routes/artikel.js';
|
|
import lieferungenRoutes from './routes/lieferungen.js';
|
|
import ruecknahmenRoutes from './routes/ruecknahmen.js';
|
|
import mitarbeiterRoutes from './routes/mitarbeiter.js';
|
|
import geraeteRoutes from './routes/geraete.js';
|
|
|
|
import { bootstrapSuperAdmin } from './scripts/bootstrap.js';
|
|
|
|
dotenv.config();
|
|
|
|
const __filename = fileURLToPath(import.meta.url);
|
|
const __dirname = path.dirname(__filename);
|
|
|
|
const app = express();
|
|
const PORT = process.env.PORT || 3001;
|
|
|
|
app.use(cors());
|
|
app.use(express.json());
|
|
app.use(express.urlencoded({ extended: true }));
|
|
app.use('/uploads', express.static(process.env.UPLOAD_DIR || path.join(__dirname, 'uploads')));
|
|
|
|
app.get('/health', (req, res) => res.json({ status: 'OK', timestamp: new Date().toISOString() }));
|
|
|
|
app.use('/api/auth', authRoutes);
|
|
app.use('/api/tenants', tenantRoutes);
|
|
app.use('/api/kunden', kundenRoutes);
|
|
app.use('/api/kunden-bilder', kundenBilderRoutes);
|
|
app.use('/api/artikel', artikelRoutes);
|
|
app.use('/api/lieferungen', lieferungenRoutes);
|
|
app.use('/api/ruecknahmen', ruecknahmenRoutes);
|
|
app.use('/api/mitarbeiter', mitarbeiterRoutes);
|
|
app.use('/api/geraete', geraeteRoutes);
|
|
|
|
app.use((err, req, res, next) => {
|
|
console.error('Fehler:', err);
|
|
if (err.name === 'MulterError') {
|
|
if (err.code === 'LIMIT_FILE_SIZE') return res.status(400).json({ error: 'Datei zu gross (max. 10MB)' });
|
|
return res.status(400).json({ error: err.message });
|
|
}
|
|
res.status(err.status || 500).json({ error: err.message || 'Interner Serverfehler' });
|
|
});
|
|
|
|
app.use((req, res) => res.status(404).json({ error: 'Route nicht gefunden' }));
|
|
|
|
// Bootstrap SuperAdmin beim Start, dann Server starten
|
|
bootstrapSuperAdmin()
|
|
.catch(err => console.error('Bootstrap-Fehler:', err))
|
|
.finally(() => {
|
|
app.listen(PORT, '0.0.0.0', () => {
|
|
console.log(`Backend laeuft auf Port ${PORT}`);
|
|
});
|
|
});
|
|
|
|
export default app;
|