push

2026-02-27 15:19:24 +01:00
parent b7f8221095
commit 253c3c1c6d
134 changed files with 11188 additions and 1871 deletions
--- a/innungsapp/packages/shared/prisma/dev.db
+++ b/innungsapp/packages/shared/prisma/dev.db
--- a/innungsapp/packages/shared/prisma/prisma/dev.db
+++ b/innungsapp/packages/shared/prisma/prisma/dev.db
--- a/innungsapp/packages/shared/prisma/schema.prisma
+++ b/innungsapp/packages/shared/prisma/schema.prisma
@@ -31,6 +31,9 @@ model User {
  banReason     String?   @map("ban_reason")
  banExpires    DateTime? @map("ban_expires")

+  // Password management
+  mustChangePassword Boolean? @default(false) @map("must_change_password")
+
  // App relations
  sessions      Session[]
  accounts      Account[]
@@ -95,9 +98,21 @@ model Organization {
  plan         String    @default("pilot") // pilot | standard | pro | verband
  logoUrl      String?   @map("logo_url")
  primaryColor String    @default("#E63946") @map("primary_color")
+  secondaryColor String? @map("secondary_color")
  contactEmail String?   @map("contact_email")
  avvAccepted  Boolean   @default(false) @map("avv_accepted")
  avvAcceptedAt DateTime? @map("avv_accepted_at")
+  landingPageTitle String? @map("landing_page_title")
+  landingPageText  String? @map("landing_page_text")
+  landingPageSectionTitle String? @map("landing_page_section_title")
+  landingPageButtonText String? @map("landing_page_button_text")
+  landingPageHeroImage String? @map("landing_page_hero_image")
+  landingPageHeroOverlayOpacity Int? @default(50) @map("landing_page_hero_overlay_opacity")
+  landingPageFeatures  String? @map("landing_page_features")
+  landingPageFooter    String? @map("landing_page_footer")
+  appStoreUrl      String? @map("app_store_url")
+  playStoreUrl     String? @map("play_store_url")
+  aiEnabled    Boolean   @default(false) @map("ai_enabled")
  createdAt    DateTime  @default(now()) @map("created_at")

  members      Member[]
@@ -136,6 +151,8 @@ model Member {
  newsAuthored          News[]           @relation("NewsAuthor")
  stellen               Stelle[]
  terminAnmeldungen     TerminAnmeldung[]
+  sentMessages          Message[]
+  conversationMembers   ConversationMember[]

  @@index([orgId])
  @@index([status])
@@ -276,3 +293,47 @@ model TerminAnmeldung {
  @@unique([terminId, memberId])
  @@map("termin_anmeldungen")
 }
+
+// =============================================
+// DIREKTNACHRICHTEN (Chat)
+// =============================================
+
+model Conversation {
+  id        String   @id @default(uuid())
+  orgId     String   @map("org_id")
+  createdAt DateTime @default(now()) @map("created_at")
+  updatedAt DateTime @updatedAt @map("updated_at")
+
+  members   ConversationMember[]
+  messages  Message[]
+
+  @@index([orgId])
+  @@map("conversations")
+}
+
+model ConversationMember {
+  id             String       @id @default(uuid())
+  conversationId String       @map("conversation_id")
+  memberId       String       @map("member_id")
+  lastReadAt     DateTime?    @map("last_read_at")
+
+  conversation   Conversation @relation(fields: [conversationId], references: [id], onDelete: Cascade)
+  member         Member       @relation(fields: [memberId], references: [id], onDelete: Cascade)
+
+  @@unique([conversationId, memberId])
+  @@map("conversation_members")
+}
+
+model Message {
+  id             String       @id @default(uuid())
+  conversationId String       @map("conversation_id")
+  senderId       String       @map("sender_id")
+  body           String
+  createdAt      DateTime     @default(now()) @map("created_at")
+
+  conversation   Conversation @relation(fields: [conversationId], references: [id], onDelete: Cascade)
+  sender         Member       @relation(fields: [senderId], references: [id], onDelete: Cascade)
+
+  @@index([conversationId])
+  @@map("messages")
+}
--- a/innungsapp/packages/shared/prisma/seed-admin-password.ts
+++ b/innungsapp/packages/shared/prisma/seed-admin-password.ts
@@ -0,0 +1,47 @@
+/**
+ * Sets admin@demo.de password using better-auth's exact hash format:
+ * `${hex-salt}:${hex-scrypt-key}` (from better-auth/dist/crypto/password.mjs)
+ *
+ * Run: pnpm --filter @innungsapp/shared prisma:seed-admin
+ */
+import { PrismaClient } from '@prisma/client'
+import { scrypt, randomBytes } from 'crypto'
+import { promisify } from 'util'
+
+const scryptAsync = promisify(scrypt)
+const prisma = new PrismaClient()
+
+async function hashPassword(password: string): Promise<string> {
+  const saltBytes = randomBytes(16)
+  const salt = saltBytes.toString('hex') // better-auth uses hex-encoded salt
+  const key = await scryptAsync(
+    password.normalize('NFKC'),
+    salt,
+    64, // dkLen
+    { N: 16384, r: 16, p: 1, maxmem: 128 * 16384 * 16 * 2 }
+  ) as Buffer
+  return `${salt}:${key.toString('hex')}`
+}
+
+async function main() {
+  console.log('Generating better-auth compatible hash...')
+  const hash = await hashPassword('demo1234')
+
+  await prisma.account.upsert({
+    where: { id: 'demo-admin-account-id' },
+    update: { password: hash },
+    create: {
+      id: 'demo-admin-account-id',
+      accountId: 'demo-admin-user-id',
+      providerId: 'credential',
+      userId: 'demo-admin-user-id',
+      password: hash,
+    },
+  })
+
+  console.log('Done! Login: admin@demo.de / demo1234')
+}
+
+main()
+  .catch((e) => { console.error(e); process.exit(1) })
+  .finally(() => prisma.$disconnect())
--- a/innungsapp/packages/shared/prisma/seed-demo-members.ts
+++ b/innungsapp/packages/shared/prisma/seed-demo-members.ts
@@ -0,0 +1,80 @@
+/**
+ * Creates User accounts + passwords for the 3 demo members so they can log in.
+ * Run: pnpm --filter @innungsapp/shared prisma:seed-demo-members
+ */
+import { PrismaClient } from '@prisma/client'
+import { scrypt, randomBytes } from 'crypto'
+import { promisify } from 'util'
+
+const scryptAsync = promisify(scrypt)
+const prisma = new PrismaClient()
+
+async function hashPassword(password: string): Promise<string> {
+  const salt = randomBytes(16).toString('hex')
+  const key = await scryptAsync(password.normalize('NFKC'), salt, 64, {
+    N: 16384, r: 16, p: 1, maxmem: 128 * 16384 * 16 * 2,
+  }) as Buffer
+  return `${salt}:${key.toString('hex')}`
+}
+
+const DEMO_MEMBERS = [
+  { id: 'demo-maria-user-id', accountId: 'demo-maria-account-id', name: 'Maria Schmidt', email: 'schmidt@schmidt-elektrik.de', password: 'demo1234' },
+  { id: 'demo-klaus-user-id', accountId: 'demo-klaus-account-id', name: 'Klaus Müller', email: 'mueller@elektro-mueller.de', password: 'demo1234' },
+  { id: 'demo-thomas-user-id', accountId: 'demo-thomas-account-id', name: 'Thomas Weber', email: 'weber@weber-elektro.de', password: 'demo1234' },
+]
+
+async function main() {
+  const org = await prisma.organization.findFirst({ where: { slug: 'innung-elektro-stuttgart' } })
+  if (!org) throw new Error('Org not found — run pnpm db:seed first')
+
+  for (const m of DEMO_MEMBERS) {
+    const hash = await hashPassword(m.password)
+
+    // Create User
+    const user = await prisma.user.upsert({
+      where: { email: m.email },
+      update: {},
+      create: { id: m.id, name: m.name, email: m.email, emailVerified: true },
+    })
+
+    // Create password account
+    await prisma.account.upsert({
+      where: { id: m.accountId },
+      update: { password: hash },
+      create: {
+        id: m.accountId,
+        accountId: user.id,
+        providerId: 'credential',
+        userId: user.id,
+        password: hash,
+      },
+    })
+
+    // Create org role
+    await prisma.userRole.upsert({
+      where: { orgId_userId: { orgId: org.id, userId: user.id } },
+      update: {},
+      create: { orgId: org.id, userId: user.id, role: 'member' },
+    })
+
+    // Link first unlinked member record to user (skip if already linked)
+    const existingMember = await prisma.member.findFirst({
+      where: { email: m.email, orgId: org.id },
+      orderBy: { createdAt: 'asc' },
+    })
+    if (existingMember && existingMember.userId === null) {
+      await prisma.member.update({
+        where: { id: existingMember.id },
+        data: { userId: user.id },
+      })
+    }
+
+    console.log(`✓ ${m.name} — ${m.email} / ${m.password}`)
+  }
+
+  console.log('\nAlle Demo-Mitglieder können sich jetzt einloggen!')
+}
+
+main()
+  .catch((e) => { console.error(e); process.exit(1) })
+  .finally(() => prisma.$disconnect())
--- a/innungsapp/packages/shared/prisma/seed-superadmin.ts
+++ b/innungsapp/packages/shared/prisma/seed-superadmin.ts
@@ -1,16 +1,22 @@
 import { PrismaClient } from '@prisma/client'
-import bcrypt from 'bcryptjs'
+import { scrypt, randomBytes } from 'crypto'
+import { promisify } from 'util'

+const scryptAsync = promisify(scrypt)
 const prisma = new PrismaClient()

+async function hashPassword(password: string): Promise<string> {
+    const salt = randomBytes(16).toString('hex')
+    const key = await scryptAsync(password.normalize('NFKC'), salt, 64, {
+        N: 16384, r: 16, p: 1, maxmem: 128 * 16384 * 16 * 2,
+    }) as Buffer
+    return `${salt}:${key.toString('hex')}`
+}
+
 async function main() {
-    console.log('Seeding superadmin with fresh bcryptjs hash...')
-
-    // Generate hash using bcryptjs, rounds=10
-    const salt = bcrypt.genSaltSync(10)
-    const hash = bcrypt.hashSync('demo1234', salt)
-
-    console.log('Generated hash:', hash)
+    console.log('Seeding superadmin...')
+    const hash = await hashPassword('demo1234')
+    console.log('Hash generated.')

    const superAdminUser = await prisma.user.upsert({
        where: { email: 'superadmin@innungsapp.de' },
@@ -25,9 +31,7 @@ async function main() {

    await prisma.account.upsert({
        where: { id: 'superadmin-account-id' },
-        update: {
-            password: hash
-        },
+        update: { password: hash },
        create: {
            id: 'superadmin-account-id',
            accountId: superAdminUser.id,
@@ -37,7 +41,7 @@ async function main() {
        },
    })

-    console.log('Superadmin updated! Email: superadmin@innungsapp.de, Password: demo1234')
+    console.log('Done! Login: superadmin@innungsapp.de / demo1234')
 }

 main()
--- a/innungsapp/packages/shared/prisma/seed.ts
+++ b/innungsapp/packages/shared/prisma/seed.ts
@@ -1,12 +1,9 @@
 import { PrismaClient } from '@prisma/client'
+import bcrypt from 'bcryptjs'

 const prisma = new PrismaClient()

-// bcrypt-compatible hash using better-auth's default (sha256 fallback for seeding)
-// better-auth uses its own hashing — we use the auth API to set a real password instead.
-// For seeding we insert a known bcrypt hash for "demo1234".
-// Generated with: https://bcrypt-generator.com/ (rounds=10)
-const DEMO_PASSWORD_HASH = '$2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lHny'
+const DEMO_PASSWORD_HASH = bcrypt.hashSync('demo1234', 10)

 async function main() {
  console.log('Seeding database...')
@@ -42,7 +39,7 @@ async function main() {
  // Create password account so email+password login works in dev
  await prisma.account.upsert({
    where: { id: 'demo-admin-account-id' },
-    update: {},
+    update: { password: DEMO_PASSWORD_HASH },
    create: {
      id: 'demo-admin-account-id',
      accountId: adminUser.id,
--- a/innungsapp/packages/shared/prisma/test-hash.ts
+++ b/innungsapp/packages/shared/prisma/test-hash.ts
@@ -1,14 +0,0 @@
-import { auth } from '../apps/admin/lib/auth'
-
-async function main() {
-    const password = 'demo1234'
-
-    // Actually better-auth 1.x exports a util or hashes internally. 
-    // An easy way to fix a user is to just update their password using the auth instance
-    // but since we want to strictly seed the DB, let's just generate it using the bcrypt package directly.
-
-    // For now let's just use the `better-auth` API directly if possible?
-    // Wait, let's look at how better auth handles hashing. 
-}
-
-main()