ulsklyc
72d6d5126e
- server/services/google-calendar.js: OAuth 2.0, bidirektionaler Sync via Google Calendar API v3, inkrementeller syncToken, 410-Fallback auf Vollsync - server/services/apple-calendar.js: CalDAV via tsdav (dynamic ESM import), minimaler ICS-Parser + ICS-Builder, bidirektionaler Sync - server/routes/calendar.js: 7 neue Sync-Routen (google/auth, google/callback, google/sync, google/status, google/disconnect, apple/status, apple/sync) - server/db.js: Migration 2 — sync_config Tabelle + idx_calendar_external_id - server/db-schema-test.js: MIGRATIONS_SQL[2] für Tests synchronisiert - server/auth.js: PATCH /me/password Endpoint - server/index.js: Auto-Sync-Scheduler (setInterval, SYNC_INTERVAL_MINUTES) - public/pages/settings.js: vollständige Settings-Seite (Konto, Passwort, Kalender-Sync-Status + Aktionen, Familienmitglieder-Verwaltung) - public/styles/settings.css: neue Stylesheet-Datei - public/index.html + public/sw.js: settings.css eingebunden und gecacht - .env.example: SYNC_INTERVAL_MINUTES ergänzt - README.md: vollständige Setup-Anleitung, Google/Apple-Sync-Dokumentation, modernes GitHub-Layout mit Badges und aufklappbaren Abschnitten Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
193 lines
7.0 KiB
JavaScript
193 lines
7.0 KiB
JavaScript
/**
|
|
* Modul: Server Entry Point
|
|
* Zweck: Express-App initialisieren, Middleware einbinden, Routen registrieren
|
|
* Abhängigkeiten: express, helmet, dotenv, server/db.js, server/auth.js, server/routes/*
|
|
*/
|
|
|
|
'use strict';
|
|
|
|
require('dotenv').config();
|
|
const express = require('express');
|
|
const helmet = require('helmet');
|
|
const rateLimit = require('express-rate-limit');
|
|
const path = require('path');
|
|
const db = require('./db');
|
|
const { router: authRouter, sessionMiddleware, requireAuth } = require('./auth');
|
|
const { csrfMiddleware } = require('./middleware/csrf');
|
|
const googleCalendar = require('./services/google-calendar');
|
|
const appleCalendar = require('./services/apple-calendar');
|
|
|
|
const app = express();
|
|
const PORT = process.env.PORT || 3000;
|
|
|
|
// --------------------------------------------------------
|
|
// Datenbank initialisieren
|
|
// --------------------------------------------------------
|
|
db.init();
|
|
|
|
// --------------------------------------------------------
|
|
// Security-Middleware
|
|
// --------------------------------------------------------
|
|
app.use(helmet({
|
|
contentSecurityPolicy: {
|
|
directives: {
|
|
defaultSrc: ["'self'"],
|
|
scriptSrc: [
|
|
"'self'",
|
|
// Alpine.js CDN
|
|
'https://cdn.jsdelivr.net',
|
|
// Lucide Icons CDN
|
|
'https://unpkg.com',
|
|
],
|
|
styleSrc: ["'self'", "'unsafe-inline'"],
|
|
imgSrc: ["'self'", 'data:', 'https://openweathermap.org'],
|
|
connectSrc: ["'self'"],
|
|
fontSrc: ["'self'"],
|
|
objectSrc: ["'none'"],
|
|
frameSrc: ["'none'"],
|
|
},
|
|
},
|
|
hsts: {
|
|
maxAge: 31536000,
|
|
includeSubDomains: true,
|
|
preload: true,
|
|
},
|
|
}));
|
|
|
|
// Trust Proxy für korrekte IP hinter Nginx
|
|
app.set('trust proxy', 1);
|
|
|
|
// --------------------------------------------------------
|
|
// Request-Parsing
|
|
// --------------------------------------------------------
|
|
app.use(express.json({ limit: '1mb' }));
|
|
app.use(express.urlencoded({ extended: true, limit: '1mb' }));
|
|
|
|
// --------------------------------------------------------
|
|
// Sessions
|
|
// --------------------------------------------------------
|
|
app.use(sessionMiddleware);
|
|
|
|
// --------------------------------------------------------
|
|
// API-Antworten: kein Browser-Caching (Sicherheit + Aktualität)
|
|
// --------------------------------------------------------
|
|
app.use('/api/', (req, res, next) => {
|
|
res.setHeader('Cache-Control', 'no-store');
|
|
next();
|
|
});
|
|
|
|
// --------------------------------------------------------
|
|
// Statische Dateien (Frontend) — differenzierte Caching-Strategie
|
|
//
|
|
// HTML + JS + CSS: no-cache (Browser revalidiert via ETag/304, kein stale Content
|
|
// nach Deployment). Bei unverändertem File → 304 Not Modified ohne Übertragung.
|
|
// Bilder + Icons + Fonts: 30 Tage immutable (ändern sich praktisch nie).
|
|
// manifest.json + sw.js: no-cache (PWA-Updates sollen sofort greifen).
|
|
// --------------------------------------------------------
|
|
app.use(express.static(path.join(__dirname, '..', 'public'), {
|
|
etag: true,
|
|
lastModified: true,
|
|
setHeaders(res, filePath) {
|
|
const ext = path.extname(filePath).toLowerCase();
|
|
if (['.png', '.jpg', '.jpeg', '.ico', '.svg', '.webp', '.woff2', '.woff'].includes(ext)) {
|
|
res.setHeader('Cache-Control', 'public, max-age=2592000, immutable'); // 30 Tage
|
|
} else {
|
|
// HTML, JS, CSS, JSON, manifest, sw — immer revalidieren
|
|
res.setHeader('Cache-Control', 'no-cache, must-revalidate');
|
|
}
|
|
},
|
|
}));
|
|
|
|
// --------------------------------------------------------
|
|
// Globaler API-Rate-Limiter (Schritt 29)
|
|
// Verhindert Brute-Force und DoS auf allen API-Endpunkten.
|
|
// Login hat einen eigenen, strengeren Limiter (auth.js).
|
|
// --------------------------------------------------------
|
|
const apiLimiter = rateLimit({
|
|
windowMs: 60_000, // 1 Minute
|
|
max: 300, // 300 Requests/Minute pro IP (großzügig für Familien-App)
|
|
standardHeaders: true,
|
|
legacyHeaders: false,
|
|
message: { error: 'Zu viele Anfragen. Bitte warte kurz.', code: 429 },
|
|
skip: (req) => req.path === '/health', // Health-Check ausgenommen
|
|
});
|
|
app.use('/api/', apiLimiter);
|
|
|
|
// --------------------------------------------------------
|
|
// API-Routen
|
|
// --------------------------------------------------------
|
|
app.use('/api/v1/auth', authRouter);
|
|
|
|
// Alle weiteren API-Routen erfordern Authentifizierung + CSRF-Schutz
|
|
app.use('/api/v1', requireAuth);
|
|
app.use('/api/v1', csrfMiddleware);
|
|
app.use('/api/v1/dashboard', require('./routes/dashboard'));
|
|
app.use('/api/v1/tasks', require('./routes/tasks'));
|
|
app.use('/api/v1/shopping', require('./routes/shopping'));
|
|
app.use('/api/v1/meals', require('./routes/meals'));
|
|
app.use('/api/v1/calendar', require('./routes/calendar'));
|
|
app.use('/api/v1/notes', require('./routes/notes'));
|
|
app.use('/api/v1/contacts', require('./routes/contacts'));
|
|
app.use('/api/v1/budget', require('./routes/budget'));
|
|
app.use('/api/v1/weather', require('./routes/weather'));
|
|
|
|
// --------------------------------------------------------
|
|
// Health-Check (für Docker)
|
|
// --------------------------------------------------------
|
|
app.get('/health', (req, res) => {
|
|
res.json({ status: 'ok', timestamp: new Date().toISOString() });
|
|
});
|
|
|
|
// --------------------------------------------------------
|
|
// SPA Fallback: Alle nicht-API-Routen → index.html
|
|
// --------------------------------------------------------
|
|
app.get('*', (req, res) => {
|
|
if (req.path.startsWith('/api/')) {
|
|
return res.status(404).json({ error: 'Nicht gefunden.', code: 404 });
|
|
}
|
|
res.sendFile(path.join(__dirname, '..', 'public', 'index.html'));
|
|
});
|
|
|
|
// --------------------------------------------------------
|
|
// Globaler Error-Handler
|
|
// --------------------------------------------------------
|
|
app.use((err, req, res, _next) => {
|
|
console.error('[Server] Unbehandelter Fehler:', err);
|
|
res.status(500).json({ error: 'Interner Serverfehler.', code: 500 });
|
|
});
|
|
|
|
// --------------------------------------------------------
|
|
// Auto-Sync Scheduler (Google + Apple Calendar)
|
|
// --------------------------------------------------------
|
|
|
|
const SYNC_INTERVAL_MS = (parseInt(process.env.SYNC_INTERVAL_MINUTES, 10) || 15) * 60_000;
|
|
|
|
async function runSync() {
|
|
const { connected: googleConnected } = googleCalendar.getStatus();
|
|
if (googleConnected) {
|
|
googleCalendar.sync().catch((e) => console.error('[Sync] Google Fehler:', e.message));
|
|
}
|
|
|
|
const { configured: appleConfigured } = appleCalendar.getStatus();
|
|
if (appleConfigured) {
|
|
appleCalendar.sync().catch((e) => console.error('[Sync] Apple Fehler:', e.message));
|
|
}
|
|
}
|
|
|
|
// --------------------------------------------------------
|
|
// Server starten
|
|
// --------------------------------------------------------
|
|
app.listen(PORT, () => {
|
|
console.log(`[Oikos] Server läuft auf Port ${PORT}`);
|
|
console.log(`[Oikos] Umgebung: ${process.env.NODE_ENV || 'development'}`);
|
|
|
|
// Erster Sync nach 10 Sekunden (warten bis DB vollständig initialisiert)
|
|
setTimeout(() => {
|
|
runSync();
|
|
setInterval(runSync, SYNC_INTERVAL_MS);
|
|
console.log(`[Sync] Auto-Sync alle ${SYNC_INTERVAL_MS / 60_000} Minuten aktiv.`);
|
|
}, 10_000);
|
|
});
|
|
|
|
module.exports = app;
|