Merge pull request 'patches v1.5.1' (#99) from develop into main

Reviewed-on: #99
2025-05-07 07:28:59 +00:00 · 2025-05-07 07:28:59 +00:00 · a36ebbd43c
commit a36ebbd43c
parent 18fd56514d 16ccd0d35f
10 changed files with 65 additions and 84 deletions
--- a/README.md
+++ b/README.md
@ -8,6 +8,8 @@ Dieses Projekt, `ff-admin-server`, ist das Backend zur Verwaltung von Mitglieder

 Eine Demo zusammen mit der `ff-admin` finden Sie unter [https://admin-demo.ff-admin.de](https://admin-demo.ff-admin.de).

+Das Handbuch zur Anwendung finden sie unter [https://ff-admin.de/ff-admin-handbook](https://ff-admin.de/ff-admin-handbook).
+
 ## Installation

 Das Image exposed nur den Port 5000. Die Env-Variable SERVER_PORT kann nur im lokal ausführenden dev-Kontext verwendet werden.
@ -25,26 +27,13 @@ services:
    container_name: ff_member_administration_server
    restart: unless-stopped
    environment:
-      - DB_TYPE=<mysql|sqlite|postgres> # default ist auf mysql gesetzt
+      - DB_TYPE=<mysql|postgres> # default ist auf mysql gesetzt
      - DB_HOST=ff-db
      - DB_PORT=<number> # default ist auf 3306 gesetzt
      - DB_NAME=ffadmin
      - DB_USERNAME=administration_backend
      - DB_PASSWORD=<dbuserpasswd>
-      - JWT_SECRET=<tobemodified>
-      - JWT_EXPIRATION=<number[m|d] - bsp.:15m> # default ist auf 15m gesetzt
-      - REFRESH_EXPIRATION=<number[m|d] - bsp.:1d> # default ist auf 1d gesetzt
-      - PWA_REFRESH_EXPIRATION=<number[m|d] - bsp.:5d> # default ist auf 5d gesetzt
-      - MAIL_USERNAME=<mailadress|username>
-      - MAIL_PASSWORD=<password>
-      - MAIL_HOST=<url>
-      - MAIL_PORT=<port> # default ist auf 587 gesetzt
-      - MAIL_SECURE=<boolean> # default ist auf false gesetzt
-      - CLUB_NAME=<tobemodified> # default ist auf FF Admin gesetzt
-      - CLUB_WEBSITE=<tobemodified>
-      - BACKUP_INTERVAL=<number of days (min. 1)> # alle x Tage, sonst keine
-      - BACKUP_COPIES=<number of parallel copies> # Anzahl parallel bestehender Backups
-      - BACKUP_AUTO_RESTORE=<boolean> # default ist auf true gesetzt
+      - APPLICATION_SECRET=<tobemodified>
      - USE_SECURITY_STRICT_LIMIT = (true|false) # default ist true
      - SECURITY_STRICT_LIMIT_WINDOW = [0-9]*(y|d|h|m|s) # default ist 15
      - SECURITY_STRICT_LIMIT_REQUEST_COUNT = strict_request_count # default ist 15
@ -91,8 +80,6 @@ networks:

 Die Verwendung von postgres wird aufgrund des Verhaltens bei Datenbank-Update-Fehlern empfohlen.

-Die Verwendung von SQLite wird nur für die Entwicklung oder lokale Tests empfohlen.
-
 Führen Sie dann den folgenden Befehl im Verzeichnis der compose-Datei aus, um den Container zu starten:

 ```sh
--- a/src/controller/authController.ts
+++ b/src/controller/authController.ts
@ -41,8 +41,6 @@ export async function login(req: Request, res: Response): Promise<any> {
  let { id } = await UserService.getByUsername(username);
  let { secret, routine } = await UserService.getUserSecretAndRoutine(id);

-  console.log(secret, passedSecret);
-
  let valid = false;
  if (routine == LoginRoutineEnum.totp) {
    valid = speakeasy.totp.verify({
--- a/src/data-source.ts
+++ b/src/data-source.ts
@ -52,7 +52,7 @@ import { TemplatesAndProtocolSort1742549956787 } from "./migrations/174254995678
 import { QueryToUUID1742922178643 } from "./migrations/1742922178643-queryToUUID";
 import { NewsletterColumnType1744351418751 } from "./migrations/1744351418751-newsletterColumnType";
 import { QueryUpdatedAt1744795756230 } from "./migrations/1744795756230-QueryUpdatedAt";
-import { SettingsFromEnv1745059495808 } from "./migrations/1745059495808-settingsFromEnv";
+import { SettingsFromEnv1745059495807 } from "./migrations/1745059495807-settingsFromEnv";
 import { MemberCreatedAt1746006549262 } from "./migrations/1746006549262-memberCreatedAt";
 import { UserLoginRoutine1746252454922 } from "./migrations/1746252454922-UserLoginRoutine";
 import { SettingsFromEnv_SET1745059495808 } from "./migrations/1745059495808-settingsFromEnv_set";
@ -119,7 +119,7 @@ const dataSource = new DataSource({
    QueryToUUID1742922178643,
    NewsletterColumnType1744351418751,
    QueryUpdatedAt1744795756230,
-    SettingsFromEnv1745059495808,
+    SettingsFromEnv1745059495807,
    SettingsFromEnv_SET1745059495808,
    MemberCreatedAt1746006549262,
    UserLoginRoutine1746252454922,
--- a/src/helpers/codingHelper.ts
+++ b/src/helpers/codingHelper.ts
@ -13,7 +13,7 @@ export abstract class CodingHelper {
        try {
          return CodingHelper.decrypt(key, val, true);
        } catch (error) {
-          console.error("Decryption error:", error);
+          console.error("Decryption error in database-read - can be ignored");
          if (fallback == "<self>") return val;
          else return fallback;
        }
@ -25,7 +25,7 @@ export abstract class CodingHelper {
        try {
          return CodingHelper.encrypt(key, valueToEncrypt, true);
        } catch (error) {
-          console.error("Encryption error:", error);
+          console.error("Encryption error in database-read - can be ignored");
          if (fallback == "<self>") return val;
          return "";
        }
--- a/src/helpers/permissionHelper.ts
+++ b/src/helpers/permissionHelper.ts
@ -17,33 +17,31 @@ export default class PermissionHelper {
    permissions: PermissionObject,
    type: PermissionType | "admin",
    section: PermissionSection,
-    module?: PermissionModule
+    module: PermissionModule
  ) {
    if (type == "admin") return permissions?.admin ?? permissions?.adminByOwner ?? false;
    if (permissions?.admin || permissions?.adminByOwner) return true;
    if (
-      (!module &&
-        permissions[section] != undefined &&
-        (permissions[section]?.all == "*" || permissions[section]?.all?.includes(type))) ||
      permissions[section]?.all == "*" ||
-      permissions[section]?.all?.includes(type)
+      permissions[section]?.all?.includes(type) ||
+      permissions[section]?.[module] == "*" ||
+      permissions[section]?.[module]?.includes(type)
    )
      return true;
-    if (module && (permissions[section]?.[module] == "*" || permissions[section]?.[module]?.includes(type)))
-      return true;
+
    return false;
  }

  static canSome(
    permissions: PermissionObject,
    checks: Array<{
-      requiredPermissions: PermissionType | "admin";
+      requiredPermission: PermissionType | "admin";
      section: PermissionSection;
-      module?: PermissionModule;
+      module: PermissionModule;
    }>
  ) {
-    checks.reduce<boolean>((prev, curr) => {
-      return prev || this.can(permissions, curr.requiredPermissions, curr.section, curr.module);
+    return checks.reduce<boolean>((prev, curr) => {
+      return prev || this.can(permissions, curr.requiredPermission, curr.section, curr.module);
    }, false);
  }

@ -66,12 +64,12 @@ export default class PermissionHelper {
  static canSomeSection(
    permissions: PermissionObject,
    checks: Array<{
-      requiredPermissions: PermissionType | "admin";
+      requiredPermission: PermissionType | "admin";
      section: PermissionSection;
    }>
  ): boolean {
    return checks.reduce<boolean>((prev, curr) => {
-      return prev || this.can(permissions, curr.requiredPermissions, curr.section);
+      return prev || this.canSection(permissions, curr.requiredPermission, curr.section);
    }, false);
  }

@ -83,7 +81,7 @@ export default class PermissionHelper {
  static passCheckMiddleware(
    requiredPermissions: PermissionType | "admin",
    section: PermissionSection,
-    module?: PermissionModule
+    module: PermissionModule
  ): (req: Request, res: Response, next: Function) => void {
    return (req: Request, res: Response, next: Function) => {
      const permissions = req.permissions;
@ -99,9 +97,9 @@ export default class PermissionHelper {

  static passCheckSomeMiddleware(
    checks: Array<{
-      requiredPermissions: PermissionType | "admin";
+      requiredPermission: PermissionType | "admin";
      section: PermissionSection;
-      module?: PermissionModule;
+      module: PermissionModule;
    }>
  ): (req: Request, res: Response, next: Function) => void {
    return (req: Request, res: Response, next: Function) => {
@ -111,9 +109,7 @@ export default class PermissionHelper {
      if (isOwner || this.canSome(permissions, checks)) {
        next();
      } else {
-        let permissionsToPass = checks.reduce<string>((prev, curr) => {
-          return prev + (prev != " or " ? "" : "") + `${curr.section}.${curr.module}.${curr.requiredPermissions}`;
-        }, "");
+        let permissionsToPass = checks.map((c) => `${c.section}.${c.module}.${c.requiredPermission}`).join(" or ");
        throw new ForbiddenRequestException(`missing permission for ${permissionsToPass}`);
      }
    };
@ -136,7 +132,7 @@ export default class PermissionHelper {
  }

  static sectionPassCheckSomeMiddleware(
-    checks: Array<{ requiredPermissions: PermissionType | "admin"; section: PermissionSection }>
+    checks: Array<{ requiredPermission: PermissionType | "admin"; section: PermissionSection }>
  ): (req: Request, res: Response, next: Function) => void {
    return (req: Request, res: Response, next: Function) => {
      const permissions = req.permissions;
@ -145,9 +141,7 @@ export default class PermissionHelper {
      if (isOwner || this.canSomeSection(permissions, checks)) {
        next();
      } else {
-        let permissionsToPass = checks.reduce<string>((prev, curr) => {
-          return prev + (prev != " or " ? "" : "") + `${curr.section}.${curr.requiredPermissions}`;
-        }, "");
+        let permissionsToPass = checks.map((c) => `${c.section}.${c.requiredPermission}`).join(" or ");
        throw new ForbiddenRequestException(`missing permission for ${permissionsToPass}`);
      }
    };
--- a/src/migrations/1745059495807-settingsFromEnv.ts
+++ b/src/migrations/1745059495807-settingsFromEnv.ts
@ -3,8 +3,8 @@ import { setting_table } from "./baseSchemaTables/admin";
 import SettingHelper from "../helpers/settingsHelper";
 import ms from "ms";

-export class SettingsFromEnv1745059495808 implements MigrationInterface {
-  name = "SettingsFromEnv1745059495808";
+export class SettingsFromEnv1745059495807 implements MigrationInterface {
+  name = "SettingsFromEnv1745059495807";

  public async up(queryRunner: QueryRunner): Promise<void> {
    await queryRunner.createTable(setting_table, true, true, true);
--- a/src/migrations/1745059495808-settingsFromEnv_set.ts
+++ b/src/migrations/1745059495808-settingsFromEnv_set.ts
@ -20,7 +20,7 @@ export class SettingsFromEnv_SET1745059495808 implements MigrationInterface {
    await SettingHelper.setSetting("mail.password", process.env.MAIL_PASSWORD);
    await SettingHelper.setSetting("mail.host", process.env.MAIL_HOST);
    await SettingHelper.setSetting("mail.port", Number(process.env.MAIL_PORT ?? "578"));
-    await SettingHelper.setSetting("mail.secure", Boolean(process.env.MAIL_SECURE ?? "false"));
+    await SettingHelper.setSetting("mail.secure", process.env.MAIL_SECURE == "true");
    await SettingHelper.setSetting("backup.interval", Number(process.env.BACKUP_INTERVAL ?? "1"));
    await SettingHelper.setSetting("backup.copies", Number(process.env.BACKUP_COPIES ?? "7"));
  }
--- a/src/routes/admin/index.ts
+++ b/src/routes/admin/index.ts
@ -33,64 +33,64 @@ var router = express.Router({ mergeParams: true });
 router.use(
  "/award",
  PermissionHelper.passCheckSomeMiddleware([
-    { requiredPermissions: "read", section: "configuration", module: "award" },
-    { requiredPermissions: "read", section: "club", module: "member" },
+    { requiredPermission: "read", section: "configuration", module: "award" },
+    { requiredPermission: "read", section: "club", module: "member" },
  ]),
  award
 );
 router.use(
  "/communicationtype",
  PermissionHelper.passCheckSomeMiddleware([
-    { requiredPermissions: "read", section: "configuration", module: "communication_type" },
-    { requiredPermissions: "read", section: "club", module: "member" },
+    { requiredPermission: "read", section: "configuration", module: "communication_type" },
+    { requiredPermission: "read", section: "club", module: "member" },
  ]),
  communicationType
 );
 router.use(
  "/executiveposition",
  PermissionHelper.passCheckSomeMiddleware([
-    { requiredPermissions: "read", section: "configuration", module: "executive_position" },
-    { requiredPermissions: "read", section: "club", module: "member" },
+    { requiredPermission: "read", section: "configuration", module: "executive_position" },
+    { requiredPermission: "read", section: "club", module: "member" },
  ]),
  executivePosition
 );
 router.use(
  "/membershipstatus",
  PermissionHelper.passCheckSomeMiddleware([
-    { requiredPermissions: "read", section: "configuration", module: "membership_status" },
-    { requiredPermissions: "read", section: "club", module: "member" },
+    { requiredPermission: "read", section: "configuration", module: "membership_status" },
+    { requiredPermission: "read", section: "club", module: "member" },
  ]),
  membershipStatus
 );
 router.use(
  "/qualification",
  PermissionHelper.passCheckSomeMiddleware([
-    { requiredPermissions: "read", section: "configuration", module: "qualification" },
-    { requiredPermissions: "read", section: "club", module: "member" },
+    { requiredPermission: "read", section: "configuration", module: "qualification" },
+    { requiredPermission: "read", section: "club", module: "member" },
  ]),
  qualification
 );
 router.use(
  "/salutation",
  PermissionHelper.passCheckSomeMiddleware([
-    { requiredPermissions: "read", section: "configuration", module: "salutation" },
-    { requiredPermissions: "read", section: "club", module: "member" },
+    { requiredPermission: "read", section: "configuration", module: "salutation" },
+    { requiredPermission: "read", section: "club", module: "member" },
  ]),
  salutation
 );
 router.use(
  "/calendartype",
  PermissionHelper.passCheckSomeMiddleware([
-    { requiredPermissions: "read", section: "configuration", module: "calendar_type" },
-    { requiredPermissions: "read", section: "club", module: "calendar" },
+    { requiredPermission: "read", section: "configuration", module: "calendar_type" },
+    { requiredPermission: "read", section: "club", module: "calendar" },
  ]),
  calendarType
 );
 router.use(
  "/querystore",
  PermissionHelper.passCheckSomeMiddleware([
-    { requiredPermissions: "read", section: "configuration", module: "query_store" },
-    { requiredPermissions: "read", section: "club", module: "listprint" },
+    { requiredPermission: "read", section: "configuration", module: "query_store" },
+    { requiredPermission: "read", section: "club", module: "listprint" },
  ]),
  queryStore
 );
@ -98,16 +98,16 @@ router.use("/template", PermissionHelper.passCheckMiddleware("read", "configurat
 router.use(
  "/templateusage",
  PermissionHelper.passCheckSomeMiddleware([
-    { requiredPermissions: "read", section: "configuration", module: "template_usage" },
-    { requiredPermissions: "read", section: "configuration", module: "template" },
+    { requiredPermission: "read", section: "configuration", module: "template_usage" },
+    { requiredPermission: "read", section: "configuration", module: "template" },
  ]),
  templateUsage
 );
 router.use(
  "/newsletterconfig",
  PermissionHelper.passCheckSomeMiddleware([
-    { requiredPermissions: "read", section: "configuration", module: "newsletter_config" },
-    { requiredPermissions: "read", section: "configuration", module: "communication_type" },
+    { requiredPermission: "read", section: "configuration", module: "newsletter_config" },
+    { requiredPermission: "read", section: "configuration", module: "communication_type" },
  ]),
  newsletterConfig
 );
@ -116,8 +116,8 @@ router.use("/member", PermissionHelper.passCheckMiddleware("read", "club", "memb
 router.use(
  "/protocol",
  PermissionHelper.passCheckSomeMiddleware([
-    { requiredPermissions: "read", section: "club", module: "protocol" },
-    { requiredPermissions: "read", section: "club", module: "member" },
+    { requiredPermission: "read", section: "club", module: "protocol" },
+    { requiredPermission: "read", section: "club", module: "member" },
  ]),
  protocol
 );
@ -125,19 +125,19 @@ router.use("/calendar", PermissionHelper.passCheckMiddleware("read", "club", "ca
 router.use(
  "/querybuilder",
  PermissionHelper.passCheckSomeMiddleware([
-    { requiredPermissions: "read", section: "club", module: "query" },
-    { requiredPermissions: "read", section: "configuration", module: "query_store" },
+    { requiredPermission: "read", section: "club", module: "query" },
+    { requiredPermission: "read", section: "configuration", module: "query_store" },
  ]),
  queryBuilder
 );
 router.use(
  "/newsletter",
  PermissionHelper.passCheckSomeMiddleware([
-    { requiredPermissions: "read", section: "club", module: "newsletter" },
-    { requiredPermissions: "read", section: "club", module: "member" },
-    { requiredPermissions: "read", section: "club", module: "calendar" },
-    { requiredPermissions: "read", section: "club", module: "query" },
-    { requiredPermissions: "read", section: "configuration", module: "query_store" },
+    { requiredPermission: "read", section: "club", module: "newsletter" },
+    { requiredPermission: "read", section: "club", module: "member" },
+    { requiredPermission: "read", section: "club", module: "calendar" },
+    { requiredPermission: "read", section: "club", module: "query" },
+    { requiredPermission: "read", section: "configuration", module: "query_store" },
  ]),
  newsletter
 );
@ -147,8 +147,8 @@ router.use("/role", PermissionHelper.passCheckMiddleware("read", "management", "
 router.use(
  "/user",
  PermissionHelper.passCheckSomeMiddleware([
-    { requiredPermissions: "read", section: "management", module: "user" },
-    { requiredPermissions: "read", section: "management", module: "role" },
+    { requiredPermission: "read", section: "management", module: "user" },
+    { requiredPermission: "read", section: "management", module: "role" },
  ]),
  user
 );
--- a/src/routes/user.ts
+++ b/src/routes/user.ts
@ -34,15 +34,15 @@ router.post("/verify", async (req, res) => {
  await verifyMyTotp(req, res);
 });

-router.post("/changepw", async (req, res) => {
+router.patch("/changepw", async (req, res) => {
  await changeMyPassword(req, res);
 });

-router.post("/changeToTOTP", async (req, res) => {
+router.patch("/changeToTOTP", async (req, res) => {
  await changeToTOTP(req, res);
 });

-router.post("/changeToPW", async (req, res) => {
+router.patch("/changeToPW", async (req, res) => {
  await changeToPW(req, res);
 });

--- a/src/type/permissionTypes.ts
+++ b/src/type/permissionTypes.ts
@ -98,5 +98,7 @@ export const sectionsAndModules: SectionsAndModulesObject = {
    "newsletter_config",
  ],
  management: ["user", "role", "webapi", "backup", "setting"],
-  additional: [],
+  additional: [
+    //{ key: "val", name: "name", type: "number", emptyIfAdmin: true },
+  ],
 };