Berufsschule/Webshop
Berufsschule/Webshop
Template
5
2
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects 1 Releases 3 Wiki Activity

feature/scripts #49

Merged
vex merged 3 commits from feature/scripts into develop 2025-05-01 10:15:25 +00:00
Conversation 0 Commits 3 Files Changed 7 +90 -75
2 changed files with 90 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 286ffda457 - Show all commits

40
database/db_scripts/webshop_test-data.sql
View File

@ -26,45 +26,45 @@ VALUES (5, 'Holiday Deal', 'Description for Holiday Deal', 20, TRUE);
-- Users
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (1, 'User1', LOWER('User1'), 'user1@example.com', 'password123', 'bcrypt', FALSE);
VALUES (1, 'User1', LOWER('User1'), 'user1@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (2, 'User2', LOWER('User2'), 'user2@example.com', 'password123', 'bcrypt', FALSE);
VALUES (2, 'User2', LOWER('User2'), 'user2@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (3, 'User3', LOWER('User3'), 'user3@example.com', 'password123', 'bcrypt', FALSE);
VALUES (3, 'User3', LOWER('User3'), 'user3@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (4, 'User4', LOWER('User4'), 'user4@example.com', 'password123', 'bcrypt', FALSE);
VALUES (4, 'User4', LOWER('User4'), 'user4@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (5, 'User5', LOWER('User5'), 'user5@example.com', 'password123', 'bcrypt', FALSE);
VALUES (5, 'User5', LOWER('User5'), 'user5@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (6, 'User6', LOWER('User6'), 'user6@example.com', 'password123', 'bcrypt', FALSE);
VALUES (6, 'User6', LOWER('User6'), 'user6@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (7, 'User7', LOWER('User7'), 'user7@example.com', 'password123', 'bcrypt', FALSE);
VALUES (7, 'User7', LOWER('User7'), 'user7@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (8, 'User8', LOWER('User8'), 'user8@example.com', 'password123', 'bcrypt', FALSE);
VALUES (8, 'User8', LOWER('User8'), 'user8@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (9, 'User9', LOWER('User9'), 'user9@example.com', 'password123', 'bcrypt', FALSE);
VALUES (9, 'User9', LOWER('User9'), 'user9@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (10, 'User10', LOWER('User10'), 'user10@example.com', 'password123', 'bcrypt', FALSE);
VALUES (10, 'User10', LOWER('User10'), 'user10@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (11, 'User11', LOWER('User11'), 'user11@example.com', 'password123', 'bcrypt', FALSE);
VALUES (11, 'User11', LOWER('User11'), 'user11@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (12, 'User12', LOWER('User12'), 'user12@example.com', 'password123', 'bcrypt', FALSE);
VALUES (12, 'User12', LOWER('User12'), 'user12@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (13, 'User13', LOWER('User13'), 'user13@example.com', 'password123', 'bcrypt', FALSE);
VALUES (13, 'User13', LOWER('User13'), 'user13@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (14, 'User14', LOWER('User14'), 'user14@example.com', 'password123', 'bcrypt', FALSE);
VALUES (14, 'User14', LOWER('User14'), 'user14@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (15, 'User15', LOWER('User15'), 'user15@example.com', 'password123', 'bcrypt', FALSE);
VALUES (15, 'User15', LOWER('User15'), 'user15@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (16, 'User16', LOWER('User16'), 'user16@example.com', 'password123', 'bcrypt', FALSE);
VALUES (16, 'User16', LOWER('User16'), 'user16@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (17, 'User17', LOWER('User17'), 'user17@example.com', 'password123', 'bcrypt', FALSE);
VALUES (17, 'User17', LOWER('User17'), 'user17@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (18, 'User18', LOWER('User18'), 'user18@example.com', 'password123', 'bcrypt', FALSE);
VALUES (18, 'User18', LOWER('User18'), 'user18@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (19, 'User19', LOWER('User19'), 'user19@example.com', 'password123', 'bcrypt',FALSE);
VALUES (19, 'User19', LOWER('User19'), 'user19@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt',FALSE);
INSERT INTO user (id, name, lower_name, email, passwd, passwd_hash_algo, is_admin)
VALUES (20, 'User20', LOWER('User20'), 'user20@example.com', 'password123', 'bcrypt', FALSE);
VALUES (20, 'User20', LOWER('User20'), 'user20@example.com', '$2b$10$EUsWCS278AwwfZ9K7G4fkellUSPGAOs0hhXkIDbakVGJYE72mNMAC', 'bcrypt', FALSE);
-- User Addresses
INSERT INTO user_address (user_id, address_line1, address_line2, city, postal_code, country, telephone)

125
server.js
View File

@ -2,6 +2,7 @@ const express = require('express');
const session = require('express-session');
const router = require('express').Router();
const path = require('path');
const bcrypt = require('bcrypt')
require('dotenv').config({path: 'process.env'});
@ -132,59 +133,77 @@ app.get('/api/products/sportwagen', async (req, res) => {
});
});
app.post('/api/user/registration', (req, res) => {
app.post('/api/user/registration', async (req, res) => {
// SQL-Query für Nutzerregistration
const {name, lower_name, email, passwd} = req.body;
const sql = "INSERT INTO webshop.user (name, lower_name, email, passwd, passwd_hash_algo) VALUES (?, ?, ?, ?, 'none')"
try {
const hashedPassword = await bcrypt.hash(passwd, 10)
// Query abschicken
db.query(sql, [name, lower_name, email, passwd], (err, results) => {
if (err) {
if (err.code === 'ER_DUP_ENTRY'){
res.status(409).json({message: 'Diese E-Mail Adresse ist bereits registriert.'})
const sql = "INSERT INTO webshop.user (name, lower_name, email, passwd, passwd_hash_algo) VALUES (?, ?, ?, ?, 'bcrypt')"
// Query abschicken
db.query(sql, [name, lower_name, email, hashedPassword], (err, results) => {
if (err) {
if (err.code === 'ER_DUP_ENTRY') {
res.status(409).json({message: 'Diese E-Mail Adresse ist bereits registriert.'})
}
console.error('Fehler beim Schreiben in die Datenbank: ', err);
res.status(500).send('Fehler beim Schreiben in die Datenbank');
return;
}
console.error('Fehler beim Schreiben in die Datenbank: ', err);
res.status(500).send('Fehler beim Schreiben in die Datenbank');
return;
}
res.status(201).json({message: 'Nutzer erfolgreich hinzugefügt', id: results.insertId})
})
res.status(201).json({message: 'Nutzer erfolgreich hinzugefügt', id: results.insertId})
})
} catch (error) {
console.error('Hashing-Fehler: ', error)
res.status(500).json({message: 'Fehler bei der Verarbeitung'})
}
})
app.post('/api/user/login', (req, res) => {
const {email, password} = req.body
const sql = 'SELECT * FROM webshop.user WHERE email = ?'
const sql = 'SELECT id, email, name, lower_name, passwd FROM webshop.user WHERE email = ?'
db.query(sql, [email], (err, results) => {
db.query(sql, [email], async (err, results) => {
if (err) {
console.error('Fehler beim Abrufen des Nutzers: ', err)
return res.status(500).json({message: 'Serverfehler'})
}
if (results.length === 0) {
return res.status(401).json({message: 'E-Mail nicht gefunden'})
return res.status(401).json({message: 'E-Mail oder Passwort ist ungültig.'})
}
const user = results[0]
if (user.passwd !== password) {
return res.status(401).json({message: 'Falsches Passwort'})
try {
// Vergleiche gegebenes Passwort mit gespeichertem verschlüsseltem Passwort
const passwordMatch = await bcrypt.compare(password, user.passwd)
if (!passwordMatch) {
return res.status(401).json({message: 'E-Mail oder Passwort ist ungültig.'})
}
req.session.userId = user.id;
req.session.email = user.email;
req.session.vorname = user.name;
req.session.nachname = user.lower_name;
// bei erfolgreichem Login Daten ans Frontend geben
res.json({message: 'Login erfolgreich', id: user.id, name: user.name, lower_name: user.lower_name})
} catch (compareError) {
console.error('Fehler beim Verarbeiten der Anfrage: ', compareError)
return res.status(500).json({message: 'Serverfehler bei der Anmeldung'})
}
req.session.userId = user.id;
req.session.email = user.email;
req.session.vorname = user.name;
req.session.nachname = user.lower_name;
res.json({message: 'Login erfolgreich', id: user.id, name: user.name, lower_name: user.lower_name})
})
})
app.post('/api/bestellung', (req, res) => {
const { user_id, produkte } = req.body;
const {user_id, produkte} = req.body;
// produkte erwartet als Array: [{product_id: 1, quantity: 2}, {product_id: 5, quantity: 1}, ...]
if (!user_id || !Array.isArray(produkte) || produkte.length === 0) {
return res.status(400).json({ message: 'Ungültige Anfrage: user_id oder Produkte fehlen.' });
return res.status(400).json({message: 'Ungültige Anfrage: user_id oder Produkte fehlen.'});
}
// Preise der Produkte abrufen
@ -194,11 +213,11 @@ app.post('/api/bestellung', (req, res) => {
db.query(priceQuery, [productIds], (err, priceResults) => {
if (err) {
console.error('Fehler beim Abrufen der Produktpreise:', err);
return res.status(500).json({ message: 'Serverfehler beim Abrufen der Produktpreise.' });
return res.status(500).json({message: 'Serverfehler beim Abrufen der Produktpreise.'});
}
if (priceResults.length !== productIds.length) {
return res.status(400).json({ message: 'Eines oder mehrere Produkte existieren nicht.' });
return res.status(400).json({message: 'Eines oder mehrere Produkte existieren nicht.'});
}
// Total berechnen
@ -216,7 +235,7 @@ app.post('/api/bestellung', (req, res) => {
db.query(sqlOrder, [user_id, payment_id, total], (err1, result1) => {
if (err1) {
console.error('Fehler beim Erstellen der Bestellung:', err1);
return res.status(500).json({ message: 'Fehler beim Erstellen der Bestellung.' });
return res.status(500).json({message: 'Fehler beim Erstellen der Bestellung.'});
}
const orderId = result1.insertId;
@ -227,46 +246,42 @@ app.post('/api/bestellung', (req, res) => {
db.query(sqlItems, [values], (err2, result2) => {
if (err2) {
console.error('Fehler beim Einfügen der Order-Items:', err2);
return res.status(500).json({ message: 'Fehler beim Hinzufügen der Produkte zur Bestellung.' });
return res.status(500).json({message: 'Fehler beim Hinzufügen der Produkte zur Bestellung.'});
}
res.status(201).json({ message: 'Bestellung erfolgreich!', order_id: orderId, total: total.toFixed(2) });
res.status(201).json({message: 'Bestellung erfolgreich!', order_id: orderId, total: total.toFixed(2)});
});
});
});
});
app.post('/api/bestellung/daten', (req, res) => {
const { user_id } = req.body;
const {user_id} = req.body;
const sql = `
SELECT
od.id AS order_id,
od.total AS order_total,
oi.product_id,
oi.quantity,
p.name AS product_name,
p.price AS product_price
FROM
webshop.order_details od
INNER JOIN
webshop.order_items oi ON od.id = oi.order_id
INNER JOIN
webshop.product p ON oi.product_id = p.id
WHERE
od.user_id = ?
ORDER BY
od.id DESC
SELECT od.id AS order_id,
od.total AS order_total,
oi.product_id,
oi.quantity,
p.name AS product_name,
p.price AS product_price
FROM webshop.order_details od
INNER JOIN
webshop.order_items oi ON od.id = oi.order_id
INNER JOIN
webshop.product p ON oi.product_id = p.id
WHERE od.user_id = ?
ORDER BY od.id DESC
`;
db.query(sql, [user_id], (err, results) => {
if (err) {
console.error('Fehler beim Abrufen der Bestellungen: ', err);
return res.status(500).json({ message: 'Fehler beim Abrufen der Bestellungen' });
return res.status(500).json({message: 'Fehler beim Abrufen der Bestellungen'});
}
if (results.length === 0) {
return res.status(404).json({ message: 'Keine Bestellungen gefunden.' });
return res.status(404).json({message: 'Keine Bestellungen gefunden.'});
}
res.json(results);
@ -277,7 +292,7 @@ app.get('/api/pruefe-artikel', (req, res) => {
const artikelnummer = req.query.nummer;
if (!artikelnummer) {
return res.status(400).json({ error: 'Keine Artikelnummer angegeben.' });
return res.status(400).json({error: 'Keine Artikelnummer angegeben.'});
}
const query = 'SELECT id FROM webshop.product WHERE id = ?';
@ -285,11 +300,11 @@ app.get('/api/pruefe-artikel', (req, res) => {
db.query(query, [artikelnummer], (err, results) => {
if (err) {
console.error('Fehler bei der Artikelsuche:', err);
return res.status(500).json({ error: 'Serverfehler bei der Artikelsuche.' });
return res.status(500).json({error: 'Serverfehler bei der Artikelsuche.'});
}
const verfuegbar = results.length > 0;
res.json({ verfuegbar });
res.json({verfuegbar});
});
});