import express from 'express'; import { body, validationResult } from 'express-validator'; import pool from '../config/database.js'; import { authenticateToken, requireTenant } from '../middleware/auth.js'; const router = express.Router(); router.use(authenticateToken, requireTenant); router.get('/', async (req, res) => { try { const [rows] = await pool.query( 'SELECT * FROM kunden WHERE tenant_id = ? ORDER BY name ASC', [req.user.tenant_id] ); res.json(rows); } catch (e) { res.status(500).json({ error: 'Serverfehler' }); } }); router.get('/:id', async (req, res) => { try { const [rows] = await pool.query( 'SELECT * FROM kunden WHERE id = ? AND tenant_id = ?', [req.params.id, req.user.tenant_id] ); if (rows.length === 0) return res.status(404).json({ error: 'Kunde nicht gefunden' }); const [bilder] = await pool.query( 'SELECT id, dateiname, beschreibung, sortierung FROM kunden_bilder WHERE kunde_id = ? AND tenant_id = ? ORDER BY sortierung, erstellt_am', [req.params.id, req.user.tenant_id] ); res.json({ ...rows[0], bilder }); } catch (e) { res.status(500).json({ error: 'Serverfehler' }); } }); router.post('/', [ body('name').notEmpty().trim(), body('email').optional({ checkFalsy: true }).isEmail().normalizeEmail(), body('lieferzeit_bis').optional({ checkFalsy: true }).matches(/^\d{1,2}:\d{2}$/), body('anrede').optional({ checkFalsy: true }).isIn(['Herr', 'Frau', 'Firma']) ], async (req, res) => { const errors = validationResult(req); if (!errors.isEmpty()) return res.status(400).json({ errors: errors.array() }); const { name, email, telefon, adresse, ansprechpartner, notiz, anrede, anlieferungshinweis, lieferzeit_bis } = req.body; try { const [result] = await pool.query( `INSERT INTO kunden (id, tenant_id, name, email, telefon, adresse, ansprechpartner, notiz, anrede, anlieferungshinweis, lieferzeit_bis) VALUES (UUID(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`, [req.user.tenant_id, name, email || null, telefon || null, adresse || null, ansprechpartner || null, notiz || null, anrede || null, anlieferungshinweis || null, lieferzeit_bis || null] ); // Re-fetch via tenant + name (id ist UUID, neuer Wert kennen wir nicht direkt) const [rows] = await pool.query( 'SELECT * FROM kunden WHERE tenant_id = ? ORDER BY erstellt_am DESC LIMIT 1', [req.user.tenant_id] ); res.status(201).json(rows[0]); } catch (e) { console.error('POST kunden:', e); res.status(500).json({ error: 'Serverfehler' }); } }); router.put('/:id', [ body('name').notEmpty().trim(), body('email').optional({ checkFalsy: true }).isEmail().normalizeEmail(), body('lieferzeit_bis').optional({ checkFalsy: true }).matches(/^\d{1,2}:\d{2}$/), body('anrede').optional({ checkFalsy: true }).isIn(['Herr', 'Frau', 'Firma']) ], async (req, res) => { const errors = validationResult(req); if (!errors.isEmpty()) return res.status(400).json({ errors: errors.array() }); const { name, email, telefon, adresse, ansprechpartner, notiz, anrede, anlieferungshinweis, lieferzeit_bis } = req.body; try { const [r] = await pool.query( `UPDATE kunden SET name=?, email=?, telefon=?, adresse=?, ansprechpartner=?, notiz=?, anrede=?, anlieferungshinweis=?, lieferzeit_bis=? WHERE id=? AND tenant_id=?`, [name, email || null, telefon || null, adresse || null, ansprechpartner || null, notiz || null, anrede || null, anlieferungshinweis || null, lieferzeit_bis || null, req.params.id, req.user.tenant_id] ); if (r.affectedRows === 0) return res.status(404).json({ error: 'Kunde nicht gefunden' }); const [rows] = await pool.query('SELECT * FROM kunden WHERE id = ? AND tenant_id = ?', [req.params.id, req.user.tenant_id]); res.json(rows[0]); } catch (e) { res.status(500).json({ error: 'Serverfehler' }); } }); router.delete('/:id', async (req, res) => { try { const [r] = await pool.query('DELETE FROM kunden WHERE id=? AND tenant_id=?', [req.params.id, req.user.tenant_id]); if (r.affectedRows === 0) return res.status(404).json({ error: 'Kunde nicht gefunden' }); res.json({ message: 'Kunde geloescht' }); } catch (e) { res.status(500).json({ error: 'Serverfehler' }); } }); export default router;