From b75bf9bb30aee5e7e37471213d08c5a9fcd127be Mon Sep 17 00:00:00 2001 From: Pepe Ziberi Date: Sat, 21 Feb 2026 16:45:44 +0100 Subject: [PATCH] v1.0.3: PDF footer fix, arrow alignment, email verification workflow, account deletion --- src/app/api/auth/delete-account/route.ts | 65 ++++++++++++++ src/app/api/auth/resend-verification/route.ts | 70 +++++++++++++++ src/app/app/page.tsx | 25 +++++- src/app/login/page.tsx | 29 ++++++- src/components/layout/topbar.tsx | 86 +++++++++++++++++++ src/components/providers/auth-provider.tsx | 1 + src/lib/auth.ts | 8 +- 7 files changed, 278 insertions(+), 6 deletions(-) create mode 100644 src/app/api/auth/delete-account/route.ts create mode 100644 src/app/api/auth/resend-verification/route.ts diff --git a/src/app/api/auth/delete-account/route.ts b/src/app/api/auth/delete-account/route.ts new file mode 100644 index 0000000..8987b20 --- /dev/null +++ b/src/app/api/auth/delete-account/route.ts @@ -0,0 +1,65 @@ +import { NextRequest, NextResponse } from 'next/server' +import { prisma } from '@/lib/db' +import { getSession } from '@/lib/auth' +import bcrypt from 'bcryptjs' +import { cookies } from 'next/headers' + +// POST: User deletes their own account +export async function POST(req: NextRequest) { + try { + const session = await getSession() + if (!session) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 }) + + const { password } = await req.json() + if (!password) { + return NextResponse.json({ error: 'Passwort erforderlich' }, { status: 400 }) + } + + // Verify password + const user = await (prisma as any).user.findUnique({ + where: { id: session.id }, + select: { id: true, password: true, role: true }, + }) + if (!user) return NextResponse.json({ error: 'Benutzer nicht gefunden' }, { status: 404 }) + + const validPw = await bcrypt.compare(password, user.password) + if (!validPw) { + return NextResponse.json({ error: 'Falsches Passwort' }, { status: 403 }) + } + + // If user is the only TENANT_ADMIN, they must delete the org first or transfer ownership + if (session.tenantId && session.role === 'TENANT_ADMIN') { + const adminCount = await (prisma as any).tenantMembership.count({ + where: { tenantId: session.tenantId, role: 'TENANT_ADMIN' }, + }) + if (adminCount <= 1) { + return NextResponse.json({ + error: 'Sie sind der einzige Administrator. Bitte löschen Sie die Organisation unter Einstellungen oder übertragen Sie die Admin-Rolle.', + }, { status: 400 }) + } + } + + console.log(`[Account Delete] User ${session.id} (${session.email}) deleting own account`) + + // Clean up user data + try { await (prisma as any).upgradeRequest.deleteMany({ where: { requestedById: session.id } }) } catch {} + try { await (prisma as any).iconAsset.updateMany({ where: { ownerId: session.id }, data: { ownerId: null } }) } catch {} + try { await (prisma as any).project.updateMany({ where: { ownerId: session.id }, data: { ownerId: null } }) } catch {} + + // Remove memberships + await (prisma as any).tenantMembership.deleteMany({ where: { userId: session.id } }) + + // Delete user + await (prisma as any).user.delete({ where: { id: session.id } }) + + // Clear auth cookie + ;(await cookies()).delete('auth-token') + + console.log(`[Account Delete] User ${session.email} deleted successfully`) + + return NextResponse.json({ success: true, message: 'Konto wurde gelöscht' }) + } catch (error: any) { + console.error('[Account Delete] Error:', error?.message || error) + return NextResponse.json({ error: 'Löschung fehlgeschlagen' }, { status: 500 }) + } +} diff --git a/src/app/api/auth/resend-verification/route.ts b/src/app/api/auth/resend-verification/route.ts new file mode 100644 index 0000000..ef40eb7 --- /dev/null +++ b/src/app/api/auth/resend-verification/route.ts @@ -0,0 +1,70 @@ +import { NextRequest, NextResponse } from 'next/server' +import { prisma } from '@/lib/db' +import { sendEmail } from '@/lib/email' +import { randomBytes } from 'crypto' + +export async function POST(req: NextRequest) { + try { + const { email } = await req.json() + + if (!email) { + return NextResponse.json({ error: 'E-Mail-Adresse erforderlich.' }, { status: 400 }) + } + + const user = await (prisma as any).user.findUnique({ + where: { email }, + include: { memberships: { include: { tenant: true } } }, + }) + + if (!user) { + // Don't reveal whether user exists + return NextResponse.json({ success: true, message: 'Falls ein Konto mit dieser E-Mail existiert, wurde eine neue Bestätigungsmail gesendet.' }) + } + + if (user.emailVerified) { + return NextResponse.json({ success: true, message: 'Ihre E-Mail-Adresse ist bereits bestätigt. Sie können sich anmelden.' }) + } + + // Generate new verification token + const verificationToken = randomBytes(32).toString('hex') + await (prisma as any).user.update({ + where: { id: user.id }, + data: { emailVerificationToken: verificationToken }, + }) + + // Build verification URL + let baseUrl = process.env.NEXTAUTH_URL || req.headers.get('origin') || `${req.headers.get('x-forwarded-proto') || 'https'}://${req.headers.get('host')}` || 'http://localhost:3000' + if (baseUrl && !baseUrl.startsWith('http://') && !baseUrl.startsWith('https://')) { + baseUrl = `https://${baseUrl}` + } + const verifyUrl = `${baseUrl}/api/auth/verify-email?token=${verificationToken}` + + const orgName = user.memberships?.[0]?.tenant?.name || 'Lageplan' + + await sendEmail( + user.email, + 'E-Mail-Adresse bestätigen — Lageplan', + `
+
+

E-Mail bestätigen

+
+
+

Hallo ${user.name},

+

Bitte bestätigen Sie Ihre E-Mail-Adresse, um Ihr Konto für ${orgName} zu aktivieren.

+
+ + E-Mail bestätigen + +
+

Falls der Button nicht funktioniert, kopieren Sie diesen Link:
+ ${verifyUrl}

+
+
` + ) + + return NextResponse.json({ success: true, message: 'Bestätigungsmail wurde erneut gesendet. Bitte prüfen Sie Ihren Posteingang.' }) + } catch (error) { + console.error('Resend verification error:', error) + return NextResponse.json({ error: 'Fehler beim Senden der Bestätigungsmail.' }, { status: 500 }) + } +} diff --git a/src/app/app/page.tsx b/src/app/app/page.tsx index f103fd5..b10772d 100644 --- a/src/app/app/page.tsx +++ b/src/app/app/page.tsx @@ -19,7 +19,7 @@ import { Button } from '@/components/ui/button' import { Dialog, DialogContent, DialogHeader, DialogTitle } from '@/components/ui/dialog' import { JournalView } from '@/components/journal/journal-view' import { jsPDF } from 'jspdf' -import { Lock, Unlock, Eye } from 'lucide-react' +import { Lock, Unlock, Eye, AlertTriangle } from 'lucide-react' import { getSocket } from '@/lib/socket' import { CustomDragLayer } from '@/components/map/custom-drag-layer' @@ -1389,6 +1389,29 @@ export default function AppPage() { onLogout={logout} /> + {/* Email verification banner */} + {user && user.emailVerified === false && ( +
+ + Ihre E-Mail-Adresse wurde noch nicht bestätigt. Bitte prüfen Sie Ihren Posteingang. + +
+ )} {/* Live editing banner */} {currentProject && ( diff --git a/src/app/login/page.tsx b/src/app/login/page.tsx index e8f782a..5338b51 100644 --- a/src/app/login/page.tsx +++ b/src/app/login/page.tsx @@ -23,6 +23,8 @@ function LoginForm() { const [email, setEmail] = useState('') const [password, setPassword] = useState('') const [isLoading, setIsLoading] = useState(false) + const [resendLoading, setResendLoading] = useState(false) + const [resendSuccess, setResendSuccess] = useState(false) const [tenantLogo, setTenantLogo] = useState(null) const [tenantName, setTenantName] = useState(null) const { login } = useAuth() @@ -110,7 +112,32 @@ function LoginForm() { )} {errorParam === 'invalid-token' && (
- Ungültiger oder abgelaufener Bestätigungslink. +

Ungültiger oder abgelaufener Bestätigungslink.

+

Geben Sie Ihre E-Mail ein und klicken Sie unten, um einen neuen Link zu erhalten.

+ {resendSuccess ? ( +

Neue Bestätigungsmail gesendet!

+ ) : ( + + )}
)} diff --git a/src/components/layout/topbar.tsx b/src/components/layout/topbar.tsx index 6c868b2..bfb48ef 100644 --- a/src/components/layout/topbar.tsx +++ b/src/components/layout/topbar.tsx @@ -91,6 +91,10 @@ export function Topbar({ const [isLoadDialogOpen, setIsLoadDialogOpen] = useState(false) const [isHoseSettingsOpen, setIsHoseSettingsOpen] = useState(false) const [showPasswordDialog, setShowPasswordDialog] = useState(false) + const [showDeleteAccountDialog, setShowDeleteAccountDialog] = useState(false) + const [deleteAccountPw, setDeleteAccountPw] = useState('') + const [deleteAccountLoading, setDeleteAccountLoading] = useState(false) + const [deleteAccountError, setDeleteAccountError] = useState('') const [pwOld, setPwOld] = useState('') const [pwNew, setPwNew] = useState('') const [pwConfirm, setPwConfirm] = useState('') @@ -290,6 +294,13 @@ export function Topbar({ Administration )} + { setShowDeleteAccountDialog(true); setDeleteAccountPw(''); setDeleteAccountError('') }} + className="text-destructive focus:text-destructive" + > + + Konto löschen + Abmelden @@ -539,6 +550,81 @@ export function Topbar({ + + {/* Delete Account Dialog */} + + + + + + Konto löschen + + +
+

+ Ihr Konto wird unwiderruflich gelöscht. Ihre Projekte und Daten bleiben der Organisation erhalten, + aber Ihr persönlicher Zugang wird entfernt. +

+ {userRole === 'TENANT_ADMIN' && ( +
+ Hinweis: Als einziger Administrator müssen Sie zuerst die Organisation unter Einstellungen löschen oder die Admin-Rolle übertragen. +
+ )} +
+ + { setDeleteAccountPw(e.target.value); setDeleteAccountError('') }} + placeholder="Ihr Passwort" + className="w-full rounded-md border border-input bg-background px-3 py-2 text-sm" + autoComplete="current-password" + /> +
+ {deleteAccountError && ( +

{deleteAccountError}

+ )} +
+ + +
+
+ + ) } diff --git a/src/components/providers/auth-provider.tsx b/src/components/providers/auth-provider.tsx index a1f1397..ba43d46 100644 --- a/src/components/providers/auth-provider.tsx +++ b/src/components/providers/auth-provider.tsx @@ -9,6 +9,7 @@ export interface User { role: 'SERVER_ADMIN' | 'TENANT_ADMIN' | 'OPERATOR' | 'VIEWER' tenantId?: string tenantSlug?: string + emailVerified?: boolean } export interface TenantInfo { diff --git a/src/lib/auth.ts b/src/lib/auth.ts index e2b8cd0..f9d8f11 100644 --- a/src/lib/auth.ts +++ b/src/lib/auth.ts @@ -18,6 +18,7 @@ export interface UserPayload { role: 'SERVER_ADMIN' | 'TENANT_ADMIN' | 'OPERATOR' | 'VIEWER' tenantId?: string tenantSlug?: string + emailVerified?: boolean } export async function createToken(user: UserPayload): Promise { @@ -71,10 +72,8 @@ export async function login( return { success: false, error: 'Ungültiges Passwort' } } - // Check email verification (skip for SERVER_ADMIN and users created before verification was added) - if ((user as any).emailVerified === false && (user.role as string) !== 'SERVER_ADMIN') { - return { success: false, error: 'Bitte bestätigen Sie zuerst Ihre E-Mail-Adresse. Prüfen Sie Ihren Posteingang.' } - } + // Track email verification status (allow login regardless) + const emailVerified = (user as any).emailVerified !== false // Get first tenant membership for non-server-admins let tenantId: string | undefined @@ -102,6 +101,7 @@ export async function login( role: (user.role === 'ADMIN' ? 'SERVER_ADMIN' : user.role) as UserPayload['role'], tenantId, tenantSlug, + emailVerified, } return { success: true, user: userPayload }