diff --git a/README.md b/README.md index 17ee5d8..e04ac3d 100644 --- a/README.md +++ b/README.md @@ -20,13 +20,13 @@ Um den Container hochzufahren, erstellen Sie eine `docker-compose.yml` Datei mit version: "3" services: - ff-ff-admin-server: + ff-admin-server: image: docker.registry.jk-effects.cloud/ehrenamt/ff-admin/server:latest container_name: ff_member_administration_server restart: unless-stopped environment: - DB_TYPE= # default ist auf mysql gesetzt - - DB_HOST=ffm-db + - DB_HOST=ff-db - DB_PORT= # default ist auf 3306 gesetzt - DB_NAME=ffadmin - DB_USERNAME=administration_backend diff --git a/src/controller/admin/club/memberController.ts b/src/controller/admin/club/memberController.ts index ec99ef3..18c9cf5 100644 --- a/src/controller/admin/club/memberController.ts +++ b/src/controller/admin/club/memberController.ts @@ -290,7 +290,7 @@ export async function createMember(req: Request, res: Response): Promise { const lastname = req.body.lastname; const nameaffix = req.body.nameaffix; const birthdate = req.body.birthdate; - const internalId = req.body.internalId; + const internalId = req.body.internalId || null; let createMember: CreateMemberCommand = { salutationId, diff --git a/src/routes/index.ts b/src/routes/index.ts index ed10173..eca2062 100644 --- a/src/routes/index.ts +++ b/src/routes/index.ts @@ -14,10 +14,11 @@ import auth from "./auth"; import admin from "./admin/index"; import user from "./user"; import detectPWA from "../middleware/detectPWA"; -import api from "./webapi"; +import webapi from "./webapi"; import authenticateAPI from "../middleware/authenticateAPI"; import server from "./server"; import PermissionHelper from "../helpers/permissionHelper"; +import preventWebapiAccess from "../middleware/preventWebApiAccess"; export default (app: Express) => { app.set("query parser", "extended"); @@ -32,14 +33,14 @@ export default (app: Express) => { app.use(detectPWA); app.use("/api/public", publicAvailable); - app.use("/api/setup", allowSetup, setup); - app.use("/api/reset", reset); - app.use("/api/invite", invite); - app.use("/api/auth", auth); - app.use("/api/webapi", authenticateAPI, api); + app.use("/api/setup", preventWebapiAccess, allowSetup, setup); + app.use("/api/reset", preventWebapiAccess, reset); + app.use("/api/invite", preventWebapiAccess, invite); + app.use("/api/auth", preventWebapiAccess, auth); + app.use("/api/webapi", authenticateAPI, webapi); app.use(authenticate); app.use("/api/admin", admin); - app.use("/api/user", user); - app.use("/api/server", PermissionHelper.isAdminMiddleware(), server); + app.use("/api/user", preventWebapiAccess, user); + app.use("/api/server", preventWebapiAccess, PermissionHelper.isAdminMiddleware(), server); app.use(errorHandler); }; diff --git a/src/service/club/member/memberService.ts b/src/service/club/member/memberService.ts index 35b8c1d..9b289d9 100644 --- a/src/service/club/member/memberService.ts +++ b/src/service/club/member/memberService.ts @@ -69,7 +69,7 @@ export default abstract class MemberService { } if (ids.length != 0) { - query = query.where({ id: ids }); + query = query.where("member.id IN (:...ids)", { ids: ids }); } if (!noLimit) {