import express from 'express'; import { body, validationResult } from 'express-validator'; import pool from '../config/database.js'; import { authenticateToken, requireTenant } from '../middleware/auth.js'; import { upload } from '../middleware/upload.js'; const router = express.Router(); router.use(authenticateToken, requireTenant); const baseSelect = ` SELECT l.*, k.name AS kunde_name, a.bezeichnung AS artikel_bezeichnung, a.pfand_betrag, m.name AS mitarbeiter_name FROM lieferungen l LEFT JOIN kunden k ON l.kunde_id = k.id LEFT JOIN artikel a ON l.artikel_id = a.id LEFT JOIN mitarbeiter m ON l.mitarbeiter_id = m.id`; router.get('/', async (req, res) => { try { const [rows] = await pool.query( `${baseSelect} WHERE l.tenant_id = ? ORDER BY l.erstellt_am DESC`, [req.user.tenant_id] ); res.json(rows); } catch (e) { res.status(500).json({ error: 'Serverfehler' }); } }); router.get('/kunde/:kunde_id', async (req, res) => { try { const [rows] = await pool.query( `${baseSelect} WHERE l.tenant_id = ? AND l.kunde_id = ? ORDER BY l.erstellt_am DESC`, [req.user.tenant_id, req.params.kunde_id] ); res.json(rows); } catch (e) { res.status(500).json({ error: 'Serverfehler' }); } }); router.post('/', upload.single('foto'), [ body('kunde_id').notEmpty(), body('artikel_id').notEmpty(), body('anzahl').isInt({ min: 1 }) ], async (req, res) => { const errors = validationResult(req); if (!errors.isEmpty()) return res.status(400).json({ errors: errors.array() }); const foto_url = req.file ? `/uploads/${req.file.filename}` : null; try { // Sicherstellen: kunde_id + artikel_id gehören dem Tenant const [[k]] = await pool.query('SELECT id FROM kunden WHERE id=? AND tenant_id=?', [req.body.kunde_id, req.user.tenant_id]); const [[a]] = await pool.query('SELECT id FROM artikel WHERE id=? AND tenant_id=?', [req.body.artikel_id, req.user.tenant_id]); if (!k || !a) return res.status(400).json({ error: 'Kunde oder Artikel nicht im Tenant' }); const [result] = await pool.query( `INSERT INTO lieferungen (tenant_id, kunde_id, artikel_id, anzahl, foto_url, mitarbeiter_id) VALUES (?, ?, ?, ?, ?, ?)`, [req.user.tenant_id, req.body.kunde_id, req.body.artikel_id, req.body.anzahl, foto_url, req.user.id] ); const [rows] = await pool.query(`${baseSelect} WHERE l.id = ?`, [result.insertId]); res.status(201).json(rows[0]); } catch (e) { console.error('POST lieferungen:', e); res.status(500).json({ error: 'Serverfehler' }); } }); router.delete('/:id', async (req, res) => { try { const [r] = await pool.query('DELETE FROM lieferungen WHERE id=? AND tenant_id=?', [req.params.id, req.user.tenant_id]); if (r.affectedRows === 0) return res.status(404).json({ error: 'Lieferung nicht gefunden' }); res.json({ message: 'Lieferung gelöscht' }); } catch (e) { res.status(500).json({ error: 'Serverfehler' }); } }); export default router;