Merge pull request #18 from sensebox/development

Add: native login and new tutorial system

Author: Thiemann96

.env.example

@@ -0,0 +1,19 @@
+MONGO_USERNAME=admin
+MONGO_PASSWORD=password
+MONGO_DBNAME=blockly
+PORT=8080
+
+APP_ORIGIN=http://localhost:3000
+
+# time in seconds
+SHARE_EXPIRES_IN=
+
+JWT_SECRET=
+REFRESH_TOKEN_SECRET=
+
+
+SMTP_HOST=
+SMTP_FROM=
+SMTP_USER=
+SMTP_PASS=
+CLIENT_URL= 

.github/workflows/docker-build.yml

@@ -2,24 +2,14 @@ name: Build and Publish Docker Image to GHCR
 
 on:
   push:
-    branches:
-      - development
     tags:
-      - "v*"
-  pull_request:
-    branches:
-      - main
-  workflow_dispatch:
+      - "v*" # Triggers on version tags like v1.0.0
+  workflow_dispatch: # Allow manual trigger
 
 jobs:
   build:
     runs-on: ubuntu-latest
 
-    permissions:
-      contents: read
-      packages: write  # notwendig für GHCR push
-      pull-requests: read
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
@@ -28,7 +18,6 @@ jobs:
         uses: docker/setup-buildx-action@v2
 
       - name: Log in to GitHub Container Registry
-        if: github.event.pull_request.head.repo.full_name == github.repository  # verhindert push bei externen PRs
         uses: docker/login-action@v2
         with:
           registry: ghcr.io
@@ -38,7 +27,7 @@ jobs:
       - name: Build and push Docker image
         uses: docker/build-push-action@v5
         with:
-          push: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
+          push: true
           tags: |
             ghcr.io/${{ github.repository_owner }}/react-ardublockly-backend:latest
-            ghcr.io/${{ github.repository_owner }}/react-ardublockly-backend:${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || github.ref_name }}
+            ghcr.io/${{ github.repository_owner }}/react-ardublockly-backend:${{ github.ref_name }}

.gitignore

@@ -4,4 +4,4 @@ package-lock.json
 upload/*.jpeg
 upload/*.jpg
 upload/*.png
-
+.env

docker-compose.yml

@@ -1,4 +1,4 @@
-version: '3'
+version: "4.1"
 services:
   api:
     build: .
@@ -9,12 +9,24 @@ services:
     depends_on:
       - mongo
   mongo:
-    image: mongo:4.2
+    image: mongo:noble
     volumes:
       - ./data:/data/db
       - ./init-mongo-user.js:/docker-entrypoint-initdb.d/init-mongo-user.js:ro
     environment:
       - MONGO_INITDB_ROOT_USERNAME=${MONGO_USERNAME}
       - MONGO_INITDB_ROOT_PASSWORD=${MONGO_PASSWORD}
       - MONGO_INITDB_DATABASE=${MONGO_DBNAME}
-
+  mongo-express:
+    image: mongo-express
+    ports:
+      - "8081:8081"
+    environment:
+      - ME_CONFIG_MONGODB_SERVER=mongo
+      - ME_CONFIG_MONGODB_ADMINUSERNAME=${MONGO_USERNAME}
+      - ME_CONFIG_MONGODB_ADMINPASSWORD=${MONGO_PASSWORD}
+      - ME_CONFIG_BASICAUTH_USERNAME=admin
+      - ME_CONFIG_BASICAUTH_PASSWORD=admin123
+    depends_on:
+      - mongo
+    restart: always

helper/mailer.js

@@ -0,0 +1,48 @@
+// utils/mailer.js
+const nodemailer = require("nodemailer");
+
+const transporter = nodemailer.createTransport({
+  host: process.env.SMTP_HOST,
+  port: process.env.SMTP_PORT,
+  secure: false,
+  auth: {
+    user: process.env.SMTP_USER,
+    pass: process.env.SMTP_PASS,
+  },
+});
+
+// 🔥 NEU: Funktion, die req als Parameter nimmt, um dynamische URL zu ermitteln
+const sendResetPasswordEmail = async (req, email, resetToken) => {
+  // 1. Versuche, die Basis-URL aus dem Referer-Header abzuleiten
+  let clientBaseUrl = process.env.CLIENT_URL; // Fallback aus .env
+
+  if (req && req.get("Referer")) {
+    try {
+      const refererUrl = new URL(req.get("Referer"));
+      clientBaseUrl = `${refererUrl.protocol}//${refererUrl.host}`;
+    } catch (err) {
+      console.warn("Konnte Referer nicht parsen, verwende CLIENT_URL aus .env");
+    }
+  }
+
+  // 2. Erstelle den Reset-Link
+  const resetUrl = `${clientBaseUrl}/user/reset-password?token=${resetToken}`;
+
+  const mailOptions = {
+    from: process.env.SMTP_USER,
+    to: email,
+    subject: "Passwort zurücksetzen",
+    text: `Du hast angefordert, dein Passwort zurückzusetzen. Klicke auf den folgenden Link, um ein neues Passwort zu setzen: ${resetUrl}`,
+    html: `<p>Du hast angefordert, dein Passwort zurückzusetzen.</p><p>Klicke <a href="${resetUrl}">hier</a>, um ein neues Passwort zu setzen.</p><p>Der Link ist nur für kurze Zeit gültig.</p>`,
+  };
+
+  try {
+    await transporter.sendMail(mailOptions);
+    console.log("Reset-Email gesendet an:", email);
+  } catch (error) {
+    console.error("Fehler beim Senden der Reset-Email:", error);
+    throw new Error("E-Mail konnte nicht gesendet werden.");
+  }
+};
+
+module.exports = { sendResetPasswordEmail };

helper/userAuthorization.js

@@ -2,42 +2,71 @@
 // jshint node: true
 "use strict";
 
+const jwt = require("jsonwebtoken");
+const mongoose = require("mongoose");
+const User = require("../models/user"); // Passe Pfad
 
-const request = require('request');
+const userAuthorization = async (req, res, next) => {
+  const authHeader = req.headers.authorization;
 
+  if (!authHeader || !authHeader.startsWith("Bearer ")) {
+    return res.status(401).json({ message: "No token provided." });
+  }
 
-const userAuthorization = function(req, res, next){
-  var options = {
-    headers: {
-      'Content-type': 'application/json',
-      'Authorization': req.header('authorization')
+  const token = authHeader.split(" ")[1];
+
+  try {
+    // 🔍 Versuche zuerst, das Token als **native JWT** zu verifizieren
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+
+    // Hole Nutzer aus deiner DB
+    const user = await User.findOne({
+      _id: decoded.id,
+      authProvider: "native",
+    });
+    if (user) {
+      req.user = user;
+      return next();
     }
+    // Wenn kein nativer Nutzer gefunden → falle zu openSenseMap zurück
+  } catch (jwtError) {
+    // Token ist kein gültiges natives JWT → weiter mit openSenseMap
+  }
+
+  // 🔁 Fallback: openSenseMap-Auth (wie bisher)
+  const options = {
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: authHeader,
+    },
   };
-  request.get('https://api.opensensemap.org/users/me', options)
-    .on('response', function(response) {
-      // concatenate updates from datastream
-      var body = '';
-      response.on('data', function(chunk){
-        body += chunk;
-      });
-      response.on('end', async function(){
-        if(response.statusCode !== 200){
-          return res.status(401).send({
-            message: 'Unauthorized',
-          });
+
+  const { get } = require("request");
+  get("https://api.opensensemap.org/users/me", options)
+    .on("response", function (response) {
+      let body = "";
+      response.on("data", (chunk) => (body += chunk));
+      response.on("end", () => {
+        if (response.statusCode !== 200) {
+          return res.status(401).json({ message: "Unauthorized" });
+        }
+        try {
+          const osemUser = JSON.parse(body).data.me;
+          // Optional: Nutzer in deiner DB anlegen/aktualisieren
+          req.user = osemUser;
+          next();
+        } catch (e) {
+          return res
+            .status(401)
+            .json({ message: "Invalid openSenseMap response" });
         }
-        req.user = JSON.parse(body).data.me;
-        next();
       });
     })
-    .on('error', function(err) {
-      return res.status(401).send({
-        message: 'Unauthorized',
-      });
+    .on("error", () => {
+      return res.status(401).json({ message: "openSenseMap unreachable" });
     });
 };
 
-
 module.exports = {
-  userAuthorization
+  userAuthorization,
 };

models/gallery.js

@@ -1,29 +1,18 @@
-// jshint esversion: 6
-// jshint node: true
-"use strict";
+const mongoose = require("mongoose");
+const { Schema } = mongoose;
 
-const mongoose = require('mongoose');
-
-const GallerySchema = new mongoose.Schema({
-  title: {
-    type: String,
-    required: true
-  },
-  description: {
-    type: String,
-    required: true
+const gallerySchema = new Schema(
+  {
+    _id: { type: String, required: true },
+    title: { type: String, required: true },
+    description: { type: String },
+    xml: { type: String },
+    creator: { type: String },
   },
-  creator: {
-    type: String,
-    ref: 'User',
-    required: true
-  },
-  xml: {
-    type: String
+  {
+    timestamps: true,
+    collection: "galleries",
   }
-},{
-  timestamps: true
-});
-
+);
 
-module.exports = mongoose.model('Gallery', GallerySchema);
+module.exports = mongoose.model("Gallery", gallerySchema);

models/tutorial.js

@@ -7,24 +7,32 @@ const mongoose = require("mongoose");
 const StepSchema = new mongoose.Schema({
   type: {
     type: String,
-    enum: ["instruction", "task"],
+    enum: [
+      "instruction",
+      "task",
+      "blockly",
+      "finish",
+      "question",
+      "blocklyExample",
+    ],
     required: true,
   },
-  headline: {
+  title: {
+    type: String,
+  },
+  subtitle: {
     type: String,
-    required: true,
   },
   text: {
     type: String,
-    required: true,
   },
   requirements: {
     type: [mongoose.Schema.Types.ObjectId],
     ref: "Tutorial",
     default: undefined,
   },
-  hardware: {
-    type: [String],
+  questionData: {
+    type: [Object],
     default: undefined,
   },
   xml: {
@@ -41,7 +49,9 @@ const TutorialSchema = new mongoose.Schema(
     },
     title: {
       type: String,
-      required: true,
+    },
+    subtitle: {
+      type: String,
     },
     public: {
       type: Boolean,
@@ -57,6 +67,24 @@ const TutorialSchema = new mongoose.Schema(
       type: Number,
       required: true,
     },
+    learnings: {
+      type: [Object],
+    },
+    hardware: {
+      type: [String],
+    },
+    duration: {
+      type: String,
+    },
+    year: {
+      type: String,
+    },
+    subjects: {
+      type: [String],
+    },
+    topics: {
+      type: [String],
+    },
     steps: [
       {
         type: StepSchema,