feat: Phase 1 — Projektstruktur, DB-Schema, Auth-System

- Vollständige Verzeichnisstruktur gemäß CLAUDE.md - Express-Server mit Helmet, Sessions, Rate Limiting, SPA-Fallback - SQLite-Schema (Migration v1): 10 Tabellen, updated_at-Triggers, Indizes - Versioniertes Migrations-System (schema_migrations) - Auth-Routen: Login, Logout, /me, Admin-User-CRUD - Frontend App-Shell: SPA-Router, API-Client, Design-System (CSS Tokens) - PWA: Service Worker, Web App Manifest - Setup-Script für ersten Admin-User (node setup.js) - DB-Tests mit node:sqlite built-in: 29/29 bestanden - Docker Compose + Dockerfile + Nginx-Beispielkonfiguration Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-24 14:32:36 +01:00
parent b3a6a6da2a
commit d49cbe33b3
44 changed files with 6635 additions and 0 deletions
@@ -0,0 +1,95 @@
+/**
+ * Modul: API-Client
+ * Zweck: Fetch-Wrapper mit Session-Auth, einheitlicher Fehlerbehandlung und JSON-Parsing
+ * Abhängigkeiten: keine
+ */
+
+const API_BASE = '/api/v1';
+
+/**
+ * Zentraler Fetch-Wrapper.
+ * Setzt Content-Type, handhabt 401-Redirects und parsed JSON-Fehler.
+ *
+ * @param {string} path - API-Pfad ohne /api/v1 (z.B. '/tasks')
+ * @param {RequestInit} options - Fetch-Optionen
+ * @returns {Promise<any>} Geparstes JSON oder wirft einen Fehler
+ */
+async function apiFetch(path, options = {}) {
+  const url = `${API_BASE}${path}`;
+
+  const response = await fetch(url, {
+    credentials: 'same-origin',
+    headers: {
+      'Content-Type': 'application/json',
+      ...options.headers,
+    },
+    ...options,
+  });
+
+  if (response.status === 401) {
+    // Session abgelaufen → zur Login-Seite
+    window.dispatchEvent(new CustomEvent('auth:expired'));
+    throw new Error('Sitzung abgelaufen.');
+  }
+
+  const data = await response.json().catch(() => null);
+
+  if (!response.ok) {
+    const message = data?.error || `HTTP ${response.status}`;
+    throw new ApiError(message, response.status, data);
+  }
+
+  return data;
+}
+
+/**
+ * Strukturierter API-Fehler mit HTTP-Status-Code.
+ */
+class ApiError extends Error {
+  constructor(message, status, data = null) {
+    super(message);
+    this.name = 'ApiError';
+    this.status = status;
+    this.data = data;
+  }
+}
+
+// --------------------------------------------------------
+// Convenience-Methoden
+// --------------------------------------------------------
+
+const api = {
+  get: (path) => apiFetch(path, { method: 'GET' }),
+
+  post: (path, body) => apiFetch(path, {
+    method: 'POST',
+    body: JSON.stringify(body),
+  }),
+
+  put: (path, body) => apiFetch(path, {
+    method: 'PUT',
+    body: JSON.stringify(body),
+  }),
+
+  patch: (path, body) => apiFetch(path, {
+    method: 'PATCH',
+    body: JSON.stringify(body),
+  }),
+
+  delete: (path) => apiFetch(path, { method: 'DELETE' }),
+};
+
+// --------------------------------------------------------
+// Auth-spezifische Methoden
+// --------------------------------------------------------
+
+const auth = {
+  login: (username, password) => api.post('/auth/login', { username, password }),
+  logout: () => api.post('/auth/logout'),
+  me: () => api.get('/auth/me'),
+  getUsers: () => api.get('/auth/users'),
+  createUser: (data) => api.post('/auth/users', data),
+  deleteUser: (id) => api.delete(`/auth/users/${id}`),
+};
+
+export { api, auth, ApiError };