adminpepe/Lageplan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.0.3: PDF footer fix, arrow alignment, email verification workflow, account deletion

Browse Source
This commit is contained in:
Pepe Ziberi
2026-02-21 16:45:44 +01:00
parent 25d3d553ff
commit b75bf9bb30
7 changed files with 278 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
src/app/api/auth/delete-account/route.ts Normal file
View File

@@ -0,0 +1,65 @@
import { NextRequest, NextResponse } from 'next/server'
import { prisma } from '@/lib/db'
import { getSession } from '@/lib/auth'
import bcrypt from 'bcryptjs'
import { cookies } from 'next/headers'
// POST: User deletes their own account
export async function POST(req: NextRequest) {
try {
const session = await getSession()
if (!session) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
const { password } = await req.json()
if (!password) {
return NextResponse.json({ error: 'Passwort erforderlich' }, { status: 400 })
}
// Verify password
const user = await (prisma as any).user.findUnique({
where: { id: session.id },
select: { id: true, password: true, role: true },
})
if (!user) return NextResponse.json({ error: 'Benutzer nicht gefunden' }, { status: 404 })
const validPw = await bcrypt.compare(password, user.password)
if (!validPw) {
return NextResponse.json({ error: 'Falsches Passwort' }, { status: 403 })
}
// If user is the only TENANT_ADMIN, they must delete the org first or transfer ownership
if (session.tenantId && session.role === 'TENANT_ADMIN') {
const adminCount = await (prisma as any).tenantMembership.count({
where: { tenantId: session.tenantId, role: 'TENANT_ADMIN' },
})
if (adminCount <= 1) {
return NextResponse.json({
error: 'Sie sind der einzige Administrator. Bitte löschen Sie die Organisation unter Einstellungen oder übertragen Sie die Admin-Rolle.',
}, { status: 400 })
}
}
console.log(`[Account Delete] User ${session.id} (${session.email}) deleting own account`)
// Clean up user data
try { await (prisma as any).upgradeRequest.deleteMany({ where: { requestedById: session.id } }) } catch {}
try { await (prisma as any).iconAsset.updateMany({ where: { ownerId: session.id }, data: { ownerId: null } }) } catch {}
try { await (prisma as any).project.updateMany({ where: { ownerId: session.id }, data: { ownerId: null } }) } catch {}
// Remove memberships
await (prisma as any).tenantMembership.deleteMany({ where: { userId: session.id } })
// Delete user
await (prisma as any).user.delete({ where: { id: session.id } })
// Clear auth cookie
;(await cookies()).delete('auth-token')
console.log(`[Account Delete] User ${session.email} deleted successfully`)
return NextResponse.json({ success: true, message: 'Konto wurde gelöscht' })
} catch (error: any) {
console.error('[Account Delete] Error:', error?.message || error)
return NextResponse.json({ error: 'Löschung fehlgeschlagen' }, { status: 500 })
}
}

70
src/app/api/auth/resend-verification/route.ts Normal file
View File

@@ -0,0 +1,70 @@
import { NextRequest, NextResponse } from 'next/server'
import { prisma } from '@/lib/db'
import { sendEmail } from '@/lib/email'
import { randomBytes } from 'crypto'
export async function POST(req: NextRequest) {
try {
const { email } = await req.json()
if (!email) {
return NextResponse.json({ error: 'E-Mail-Adresse erforderlich.' }, { status: 400 })
}
const user = await (prisma as any).user.findUnique({
where: { email },
include: { memberships: { include: { tenant: true } } },
})
if (!user) {
// Don't reveal whether user exists
return NextResponse.json({ success: true, message: 'Falls ein Konto mit dieser E-Mail existiert, wurde eine neue Bestätigungsmail gesendet.' })
}
if (user.emailVerified) {
return NextResponse.json({ success: true, message: 'Ihre E-Mail-Adresse ist bereits bestätigt. Sie können sich anmelden.' })
}
// Generate new verification token
const verificationToken = randomBytes(32).toString('hex')
await (prisma as any).user.update({
where: { id: user.id },
data: { emailVerificationToken: verificationToken },
})
// Build verification URL
let baseUrl = process.env.NEXTAUTH_URL || req.headers.get('origin') || `${req.headers.get('x-forwarded-proto') || 'https'}://${req.headers.get('host')}` || 'http://localhost:3000'
if (baseUrl && !baseUrl.startsWith('http://') && !baseUrl.startsWith('https://')) {
baseUrl = `https://${baseUrl}`
}
const verifyUrl = `${baseUrl}/api/auth/verify-email?token=${verificationToken}`
const orgName = user.memberships?.[0]?.tenant?.name || 'Lageplan'
await sendEmail(
user.email,
'E-Mail-Adresse bestätigen — Lageplan',
`<div style="font-family:sans-serif;max-width:600px;margin:0 auto;">
<div style="background:#dc2626;color:white;padding:20px 24px;border-radius:12px 12px 0 0;">
<h1 style="margin:0;font-size:22px;">E-Mail bestätigen</h1>
</div>
<div style="border:1px solid #e5e7eb;border-top:none;padding:24px;border-radius:0 0 12px 12px;">
<p>Hallo <strong>${user.name}</strong>,</p>
<p>Bitte bestätigen Sie Ihre E-Mail-Adresse, um Ihr Konto für <strong>${orgName}</strong> zu aktivieren.</p>
<div style="text-align:center;margin:24px 0;">
<a href="${verifyUrl}" style="background:#dc2626;color:white;padding:12px 32px;text-decoration:none;border-radius:8px;font-weight:600;display:inline-block;">
E-Mail bestätigen
</a>
</div>
<p style="color:#666;font-size:13px;">Falls der Button nicht funktioniert, kopieren Sie diesen Link:<br/>
<a href="${verifyUrl}" style="word-break:break-all;">${verifyUrl}</a></p>
</div>
</div>`
)
return NextResponse.json({ success: true, message: 'Bestätigungsmail wurde erneut gesendet. Bitte prüfen Sie Ihren Posteingang.' })
} catch (error) {
console.error('Resend verification error:', error)
return NextResponse.json({ error: 'Fehler beim Senden der Bestätigungsmail.' }, { status: 500 })
}
}

25
src/app/app/page.tsx
View File

@@ -19,7 +19,7 @@ import { Button } from '@/components/ui/button'
import { Dialog, DialogContent, DialogHeader, DialogTitle } from '@/components/ui/dialog' import { Dialog, DialogContent, DialogHeader, DialogTitle } from '@/components/ui/dialog'
import { JournalView } from '@/components/journal/journal-view' import { JournalView } from '@/components/journal/journal-view'
import { jsPDF } from 'jspdf' import { jsPDF } from 'jspdf'
import { Lock, Unlock, Eye } from 'lucide-react' import { Lock, Unlock, Eye, AlertTriangle } from 'lucide-react'
import { getSocket } from '@/lib/socket' import { getSocket } from '@/lib/socket'
import { CustomDragLayer } from '@/components/map/custom-drag-layer' import { CustomDragLayer } from '@/components/map/custom-drag-layer'
@@ -1389,6 +1389,29 @@ export default function AppPage() {
onLogout={logout} onLogout={logout}
/> />
{/* Email verification banner */}
{user && user.emailVerified === false && (
<div className="flex items-center justify-center gap-3 px-4 py-2 bg-amber-50 dark:bg-amber-950/40 border-b border-amber-200 dark:border-amber-800 text-sm text-amber-800 dark:text-amber-300">
<AlertTriangle className="w-4 h-4 shrink-0" />
<span>Ihre E-Mail-Adresse wurde noch nicht bestätigt. Bitte prüfen Sie Ihren Posteingang.</span>
<button
onClick={async () => {
try {
const res = await fetch('/api/auth/resend-verification', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ email: user.email }),
})
if (res.ok) toast({ title: 'Bestätigungsmail gesendet', description: 'Bitte prüfen Sie Ihren Posteingang.' })
else toast({ title: 'Fehler', description: 'Konnte Bestätigungsmail nicht senden.', variant: 'destructive' })
} catch { toast({ title: 'Fehler', description: 'Verbindungsfehler.', variant: 'destructive' }) }
}}
className="shrink-0 text-xs font-semibold underline hover:no-underline text-amber-700 dark:text-amber-400"
>
Erneut senden
</button>
</div>
)}
{/* Live editing banner */} {/* Live editing banner */}
{currentProject && ( {currentProject && (

29
src/app/login/page.tsx
View File

@@ -23,6 +23,8 @@ function LoginForm() {
const [email, setEmail] = useState('') const [email, setEmail] = useState('')
const [password, setPassword] = useState('') const [password, setPassword] = useState('')
const [isLoading, setIsLoading] = useState(false) const [isLoading, setIsLoading] = useState(false)
const [resendLoading, setResendLoading] = useState(false)
const [resendSuccess, setResendSuccess] = useState(false)
const [tenantLogo, setTenantLogo] = useState<string | null>(null) const [tenantLogo, setTenantLogo] = useState<string | null>(null)
const [tenantName, setTenantName] = useState<string | null>(null) const [tenantName, setTenantName] = useState<string | null>(null)
const { login } = useAuth() const { login } = useAuth()
@@ -110,7 +112,32 @@ function LoginForm() {
)} )}
{errorParam === 'invalid-token' && ( {errorParam === 'invalid-token' && (
<div className="bg-red-50 dark:bg-red-950/30 border border-red-200 dark:border-red-800 rounded-lg p-3 mb-4 text-sm text-red-700 dark:text-red-400 text-center"> <div className="bg-red-50 dark:bg-red-950/30 border border-red-200 dark:border-red-800 rounded-lg p-3 mb-4 text-sm text-red-700 dark:text-red-400 text-center">
Ungültiger oder abgelaufener Bestätigungslink. <p>Ungültiger oder abgelaufener Bestätigungslink.</p>
<p className="mt-1 text-xs">Geben Sie Ihre E-Mail ein und klicken Sie unten, um einen neuen Link zu erhalten.</p>
{resendSuccess ? (
<p className="mt-2 text-green-600 dark:text-green-400 font-medium">Neue Bestätigungsmail gesendet!</p>
) : (
<button
type="button"
disabled={resendLoading || !email}
onClick={async () => {
setResendLoading(true)
try {
const res = await fetch('/api/auth/resend-verification', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ email }),
})
if (res.ok) setResendSuccess(true)
else toast({ title: 'Fehler', description: 'Konnte Bestätigungsmail nicht senden.', variant: 'destructive' })
} catch { toast({ title: 'Fehler', description: 'Verbindungsfehler.', variant: 'destructive' }) }
setResendLoading(false)
}}
className="mt-2 text-xs font-medium text-red-600 dark:text-red-400 underline hover:no-underline disabled:opacity-50"
>
{resendLoading ? 'Wird gesendet...' : 'Bestätigungsmail erneut senden'}
</button>
)}
</div> </div>
)} )}

86
src/components/layout/topbar.tsx
View File

@@ -91,6 +91,10 @@ export function Topbar({
const [isLoadDialogOpen, setIsLoadDialogOpen] = useState(false) const [isLoadDialogOpen, setIsLoadDialogOpen] = useState(false)
const [isHoseSettingsOpen, setIsHoseSettingsOpen] = useState(false) const [isHoseSettingsOpen, setIsHoseSettingsOpen] = useState(false)
const [showPasswordDialog, setShowPasswordDialog] = useState(false) const [showPasswordDialog, setShowPasswordDialog] = useState(false)
const [showDeleteAccountDialog, setShowDeleteAccountDialog] = useState(false)
const [deleteAccountPw, setDeleteAccountPw] = useState('')
const [deleteAccountLoading, setDeleteAccountLoading] = useState(false)
const [deleteAccountError, setDeleteAccountError] = useState('')
const [pwOld, setPwOld] = useState('') const [pwOld, setPwOld] = useState('')
const [pwNew, setPwNew] = useState('') const [pwNew, setPwNew] = useState('')
const [pwConfirm, setPwConfirm] = useState('') const [pwConfirm, setPwConfirm] = useState('')
@@ -290,6 +294,13 @@ export function Topbar({
Administration Administration
</DropdownMenuItem> </DropdownMenuItem>
)} )}
<DropdownMenuItem
onClick={() => { setShowDeleteAccountDialog(true); setDeleteAccountPw(''); setDeleteAccountError('') }}
className="text-destructive focus:text-destructive"
>
<Trash2 className="w-4 h-4 mr-2" />
Konto löschen
</DropdownMenuItem>
<DropdownMenuItem onClick={onLogout} className="text-destructive focus:text-destructive"> <DropdownMenuItem onClick={onLogout} className="text-destructive focus:text-destructive">
<LogOut className="w-4 h-4 mr-2" /> <LogOut className="w-4 h-4 mr-2" />
Abmelden Abmelden
@@ -539,6 +550,81 @@ export function Topbar({
</div> </div>
</DialogContent> </DialogContent>
</Dialog> </Dialog>
{/* Delete Account Dialog */}
<Dialog open={showDeleteAccountDialog} onOpenChange={setShowDeleteAccountDialog}>
<DialogContent className="max-w-sm">
<DialogHeader>
<DialogTitle className="flex items-center gap-2 text-destructive">
<AlertTriangle className="w-5 h-5" />
Konto löschen
</DialogTitle>
</DialogHeader>
<div className="space-y-4">
<p className="text-sm text-muted-foreground">
Ihr Konto wird unwiderruflich gelöscht. Ihre Projekte und Daten bleiben der Organisation erhalten,
aber Ihr persönlicher Zugang wird entfernt.
</p>
{userRole === 'TENANT_ADMIN' && (
<div className="bg-amber-50 dark:bg-amber-950/30 rounded-lg p-3 text-xs text-amber-800 dark:text-amber-300 border border-amber-200 dark:border-amber-800">
<strong>Hinweis:</strong> Als einziger Administrator müssen Sie zuerst die Organisation unter Einstellungen löschen oder die Admin-Rolle übertragen.
</div>
)}
<div className="space-y-1.5">
<label className="text-sm font-medium">Passwort zur Bestätigung</label>
<input
type="password"
value={deleteAccountPw}
onChange={(e) => { setDeleteAccountPw(e.target.value); setDeleteAccountError('') }}
placeholder="Ihr Passwort"
className="w-full rounded-md border border-input bg-background px-3 py-2 text-sm"
autoComplete="current-password"
/>
</div>
{deleteAccountError && (
<p className="text-sm text-destructive">{deleteAccountError}</p>
)}
<div className="flex gap-2 justify-end">
<Button
variant="outline"
size="sm"
onClick={() => setShowDeleteAccountDialog(false)}
disabled={deleteAccountLoading}
>
Abbrechen
</Button>
<Button
variant="destructive"
size="sm"
disabled={deleteAccountLoading || !deleteAccountPw}
onClick={async () => {
setDeleteAccountLoading(true)
setDeleteAccountError('')
try {
const res = await fetch('/api/auth/delete-account', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ password: deleteAccountPw }),
})
const data = await res.json()
if (res.ok) {
window.location.href = '/'
} else {
setDeleteAccountError(data.error || 'Löschung fehlgeschlagen')
}
} catch {
setDeleteAccountError('Verbindungsfehler')
} finally {
setDeleteAccountLoading(false)
}
}}
>
{deleteAccountLoading ? 'Wird gelöscht...' : 'Konto endgültig löschen'}
</Button>
</div>
</div>
</DialogContent>
</Dialog>
</header> </header>
) )
} }

1
src/components/providers/auth-provider.tsx
View File

@@ -9,6 +9,7 @@ export interface User {
role: 'SERVER_ADMIN' | 'TENANT_ADMIN' | 'OPERATOR' | 'VIEWER' role: 'SERVER_ADMIN' | 'TENANT_ADMIN' | 'OPERATOR' | 'VIEWER'
tenantId?: string tenantId?: string
tenantSlug?: string tenantSlug?: string
emailVerified?: boolean
} }
export interface TenantInfo { export interface TenantInfo {

8
src/lib/auth.ts
View File

@@ -18,6 +18,7 @@ export interface UserPayload {
role: 'SERVER_ADMIN' | 'TENANT_ADMIN' | 'OPERATOR' | 'VIEWER' role: 'SERVER_ADMIN' | 'TENANT_ADMIN' | 'OPERATOR' | 'VIEWER'
tenantId?: string tenantId?: string
tenantSlug?: string tenantSlug?: string
emailVerified?: boolean
} }
export async function createToken(user: UserPayload): Promise<string> { export async function createToken(user: UserPayload): Promise<string> {
@@ -71,10 +72,8 @@ export async function login(
return { success: false, error: 'Ungültiges Passwort' } return { success: false, error: 'Ungültiges Passwort' }
} }
// Check email verification (skip for SERVER_ADMIN and users created before verification was added) // Track email verification status (allow login regardless)
if ((user as any).emailVerified === false && (user.role as string) !== 'SERVER_ADMIN') { const emailVerified = (user as any).emailVerified !== false
return { success: false, error: 'Bitte bestätigen Sie zuerst Ihre E-Mail-Adresse. Prüfen Sie Ihren Posteingang.' }
}
// Get first tenant membership for non-server-admins // Get first tenant membership for non-server-admins
let tenantId: string | undefined let tenantId: string | undefined
@@ -102,6 +101,7 @@ export async function login(
role: (user.role === 'ADMIN' ? 'SERVER_ADMIN' : user.role) as UserPayload['role'], role: (user.role === 'ADMIN' ? 'SERVER_ADMIN' : user.role) as UserPayload['role'],
tenantId, tenantId,
tenantSlug, tenantSlug,
emailVerified,
} }
return { success: true, user: userPayload } return { success: true, user: userPayload }