Compare commits

...

6 Commits

17 changed files with 127 additions and 273 deletions
+3 -1
View File
@@ -4,4 +4,6 @@ certs
build
.venv
__pycache__
.pyc
.pycvapid.json
Web/vapid.json
Web/vapid_*.pem
+4 -20
View File
@@ -7060,9 +7060,7 @@ def register():
permission_preset = (request.form.get('permission_preset') or 'standard_user').strip()
use_custom_permissions = request.form.get('use_custom_permissions') == 'on'
is_student = bool(request.form.get('is_student')) if cfg.STUDENT_CARDS_MODULE_ENABLED else False
student_card_id = us.normalize_student_card_id(request.form.get('student_card_id')) if cfg.STUDENT_CARDS_MODULE_ENABLED else ''
max_borrow_days_raw = request.form.get('max_borrow_days') if cfg.STUDENT_CARDS_MODULE_ENABLED else None
if not username or not password or not name or not last_name:
flash('Bitte füllen Sie alle Felder aus', 'error')
return redirect(url_for('register'))
@@ -7081,28 +7079,14 @@ def register():
for endpoint_name, _ in PERMISSION_PAGE_OPTIONS:
page_permissions[endpoint_name] = request.form.get(f'page_{endpoint_name}') == 'on'
max_borrow_days = None
if is_student:
if not student_card_id:
flash('Für Schüler muss eine Ausweis-ID angegeben werden.', 'error')
return redirect(url_for('register'))
if us.student_card_exists(student_card_id):
flash('Die Ausweis-ID ist bereits vergeben.', 'error')
return redirect(url_for('register'))
try:
max_borrow_days = int(max_borrow_days_raw) if max_borrow_days_raw else cfg.STUDENT_DEFAULT_BORROW_DAYS
except (TypeError, ValueError):
max_borrow_days = cfg.STUDENT_DEFAULT_BORROW_DAYS
max_borrow_days = max(1, min(max_borrow_days, cfg.STUDENT_MAX_BORROW_DAYS))
us.add_user(
username,
password,
name,
last_name,
is_student=is_student,
student_card_id=student_card_id if is_student else None,
max_borrow_days=max_borrow_days,
is_student=False,
student_card_id=None,
max_borrow_days=None,
permission_preset=permission_preset,
action_permissions=action_permissions,
page_permissions=page_permissions,
+4 -4
View File
@@ -71,6 +71,10 @@ def get_current_status(ausleihung, log_changes=False, user=None):
# Bei stornierten Ausleihungen bleibt der Status immer storniert
if original_status == 'cancelled':
return 'cancelled'
# Wenn die Ausleihung bereits abgeschlossen ist, bleibt sie es
if original_status == 'completed':
return 'completed'
current_time = datetime.datetime.now()
start_time = ausleihung.get('Start')
@@ -79,10 +83,6 @@ def get_current_status(ausleihung, log_changes=False, user=None):
# Wenn kein Startdatum vorhanden ist, Status auf 'planned' setzen
if not start_time:
new_status = 'planned'
# Wenn die Ausleihung als 'completed' markiert wurde und ein Enddatum hat,
# bleibt sie bei 'completed'
elif original_status == 'completed' and end_time:
new_status = 'completed'
# Wenn die aktuelle Zeit vor dem Startdatum liegt, ist die Ausleihung geplant
elif current_time < start_time:
# DEBUG: Log info wenn Booking noch lange in der Zukunft ist
+31 -2
View File
@@ -16,11 +16,39 @@ import settings as cfg
logger = logging.getLogger(__name__)
# VAPID keys for push notifications (should be in environment variables)
# VAPID keys for push notifications
VAPID_PUBLIC_KEY = os.getenv('VAPID_PUBLIC_KEY', '')
VAPID_PRIVATE_KEY = os.getenv('VAPID_PRIVATE_KEY', '')
VAPID_SUBJECT = os.getenv('VAPID_SUBJECT', f'mailto:admin@{os.getenv("SERVER_NAME", "localhost")}')
VAPID_PRIVATE_PEM = os.path.join(os.path.dirname(__file__), 'vapid_private.pem')
VAPID_PUBLIC_PEM = os.path.join(os.path.dirname(__file__), 'vapid_public.pem')
# Auto-generate VAPID keys if none are provided
if not VAPID_PUBLIC_KEY or not VAPID_PRIVATE_KEY:
try:
from py_vapid import Vapid, b64urlencode
from cryptography.hazmat.primitives import serialization
vapid = Vapid()
if not os.path.exists(VAPID_PRIVATE_PEM):
vapid.generate_keys()
vapid.save_key(VAPID_PRIVATE_PEM)
vapid.save_public_key(VAPID_PUBLIC_PEM)
logger.info("Auto-generated new VAPID keys")
else:
vapid = Vapid.from_file(VAPID_PRIVATE_PEM)
raw_pub = vapid.public_key.public_bytes(
serialization.Encoding.X962,
serialization.PublicFormat.UncompressedPoint
)
VAPID_PUBLIC_KEY = b64urlencode(raw_pub)
VAPID_PRIVATE_KEY = VAPID_PRIVATE_PEM
except Exception as e:
logger.error(f'Could not load or generate VAPID keys: {e}')
# Push service endpoint (typically Firebase or Web Push Service)
PUSH_SERVICE_URL = 'https://fcm.googleapis.com/fcm/send' # Firebase Cloud Messaging
FCM_API_KEY = os.getenv('FCM_API_KEY', '') # Firebase API key
@@ -296,7 +324,8 @@ def _send_web_push_notification(subscription, payload):
data=json.dumps(payload),
vapid_private_key=VAPID_PRIVATE_KEY,
vapid_claims={'sub': VAPID_SUBJECT},
timeout=10
timeout=10,
ttl=3600 # Notification expires after 1 hour if device is offline
)
return True
Submodule
+1
Submodule Web/pwa-app added at da45c25039
+2 -1
View File
@@ -13,4 +13,5 @@ redis
reportlab
python-barcode
openpyxl
cryptography
cryptography
pywebpush
Binary file not shown.

After

Width:  |  Height:  |  Size: 545 B

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.8 KiB

+9 -120
View File
@@ -1,134 +1,23 @@
{
"name": "Inventarsystem",
"short_name": "Inventar",
"description": "Verwaltungssystem für Schulinventare mit Ausleihmanagement",
"name": "Ausleihsystem",
"short_name": "Ausleihe",
"description": "System zur Verwaltung von Ausleihen",
"start_url": "/",
"scope": "/",
"display": "standalone",
"orientation": "portrait-primary",
"background_color": "#ffffff",
"theme_color": "#007bff",
"dir": "ltr",
"lang": "de-DE",
"prefer_related_applications": false,
"related_applications": [],
"theme_color": "#1f2937",
"icons": [
{
"src": "/static/img/logo-72x72.png",
"sizes": "72x72",
"src": "/static/img/icon-192.png",
"type": "image/png",
"purpose": "any"
},
{
"src": "/static/img/logo-96x96.png",
"sizes": "96x96",
"type": "image/png",
"purpose": "any"
},
{
"src": "/static/img/logo-128x128.png",
"sizes": "128x128",
"type": "image/png",
"purpose": "any"
},
{
"src": "/static/img/logo-144x144.png",
"sizes": "144x144",
"type": "image/png",
"purpose": "any"
},
{
"src": "/static/img/logo-152x152.png",
"sizes": "152x152",
"type": "image/png",
"purpose": "any"
},
{
"src": "/static/img/logo-192x192.png",
"sizes": "192x192",
"type": "image/png",
"purpose": "any"
"purpose": "any maskable"
},
{
"src": "/static/img/logo-384x384.png",
"sizes": "384x384",
"src": "/static/img/icon-512.png",
"type": "image/png",
"purpose": "any"
},
{
"src": "/static/img/logo-512x512.png",
"sizes": "512x512",
"type": "image/png",
"purpose": "any"
},
{
"src": "/static/img/logo-192x192-maskable.png",
"sizes": "192x192",
"type": "image/png",
"purpose": "maskable"
},
{
"src": "/static/img/logo-512x512-maskable.png",
"sizes": "512x512",
"type": "image/png",
"purpose": "maskable"
"purpose": "any maskable"
}
],
"screenshots": [
{
"src": "/static/img/screenshot-540x720.png",
"sizes": "540x720",
"type": "image/png",
"form_factor": "narrow"
},
{
"src": "/static/img/screenshot-1280x720.png",
"sizes": "1280x720",
"type": "image/png",
"form_factor": "wide"
}
],
"categories": ["education", "productivity"],
"shortcuts": [
{
"name": "Meine Ausleihungen",
"short_name": "Ausleihungen",
"description": "Zeige meine aktuellen Ausleihungen",
"url": "/my_borrowed_items",
"icons": [
{
"src": "/static/img/shortcut-96x96.png",
"sizes": "96x96"
}
]
},
{
"name": "Kalender",
"short_name": "Kalender",
"description": "Kalender für Ausleihplanungen",
"url": "/terminplan",
"icons": [
{
"src": "/static/img/shortcut-96x96.png",
"sizes": "96x96"
}
]
}
],
"share_target": {
"action": "/share",
"method": "POST",
"enctype": "multipart/form-data",
"params": {
"title": "title",
"text": "text",
"url": "url",
"files": [
{
"name": "media",
"accept": ["image/*", "video/*"]
}
]
}
}
]
}
+18
View File
@@ -0,0 +1,18 @@
const CACHE_NAME = 'ausleihe-cache-v1';
self.addEventListener('install', (event) => {
self.skipWaiting();
});
self.addEventListener('activate', (event) => {
event.waitUntil(clients.claim());
});
self.addEventListener('fetch', (event) => {
// Einfacher Fallback aufs Netzwerk (Offline-Seite könnte hier ergänzt werden)
event.respondWith(
fetch(event.request).catch(() => {
return caches.match(event.request);
})
);
});
+1
View File
@@ -14,6 +14,7 @@
<meta name="mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<link rel="manifest" href="{{ url_for('static', filename='manifest.json') }}">
<meta name="csrf-token" content="{{ csrf_token }}">
<title>{% block title %}Inventarsystem{% endblock %}</title>
{% block head %}
-40
View File
@@ -70,27 +70,6 @@
</div>
</div>
{% if student_cards_module_enabled %}
<div class="form-group">
<label style="display:flex; align-items:center; gap:8px; color:#1f2937;">
<input type="checkbox" id="is-student" name="is_student" style="width:auto;">
Schülerkonto mit Ausweis
</label>
<div id="student-fields" style="display:none; margin-top:10px;">
<label for="student-card-id">Ausweis-ID</label>
<div class="input-container">
<span class="input-icon">🪪</span>
<input type="text" id="student-card-id" name="student_card_id" placeholder="z.B. S-2026-001">
</div>
<label for="max-borrow-days" style="margin-top:10px;">Standard-Ausleihdauer (Tage)</label>
<div class="input-container">
<span class="input-icon">📅</span>
<input type="number" id="max-borrow-days" name="max_borrow_days" min="1" max="{{ student_max_borrow_days }}" value="{{ student_default_borrow_days }}">
</div>
</div>
</div>
{% endif %}
<div class="form-group">
<label for="permission-preset">Berechtigungs-Preset</label>
<select id="permission-preset" name="permission_preset" class="form-select">
@@ -561,25 +540,6 @@ document.addEventListener('DOMContentLoaded', function () {
passwordInput.addEventListener('blur', updatePasswordRules);
updatePasswordRules();
}
{% if student_cards_module_enabled %}
const studentCheckbox = document.getElementById('is-student');
const studentFields = document.getElementById('student-fields');
const studentCardInput = document.getElementById('student-card-id');
if (!studentCheckbox || !studentFields || !studentCardInput) {
return;
}
function toggleStudentFields() {
const isChecked = studentCheckbox.checked;
studentFields.style.display = isChecked ? 'block' : 'none';
studentCardInput.required = isChecked;
}
studentCheckbox.addEventListener('change', toggleStudentFields);
toggleStudentFields();
{% endif %}
});
</script>
{% endblock %}
+41 -3
View File
@@ -51,6 +51,8 @@
<label for="booking-type">Reservierungstyp:</label>
<select id="booking-type" name="booking_type">
<option value="single">Einzeltermin</option>
<option value="range">Zeitraum</option>
<option value="recurring">Wiederkehrend</option>
</select>
</div>
@@ -624,6 +626,7 @@ document.addEventListener('DOMContentLoaded', function() {
}
const userId = document.getElementById('user-id').value || 'Admin'; // Get user ID or use fallback
const bookingType = document.getElementById('booking-type').value;
// Convert JSON data to FormData
const formData = new FormData();
@@ -631,16 +634,43 @@ document.addEventListener('DOMContentLoaded', function() {
// Add all required fields with correct names the server expects
formData.append('item_id', itemId);
formData.append('booking_date', startDate);
formData.append('booking_end_date', startDate); // For single bookings, end = start
formData.append('period_start', periodStart);
formData.append('period_end', periodEnd);
formData.append('notes', document.getElementById('booking-notes').value || '');
formData.append('booking_type', document.getElementById('booking-type').value);
formData.append('user_id', userId);
if (bookingType === 'range') {
const endDate = document.getElementById('booking-end-date').value;
if (!endDate) {
alert('Bitte wählen Sie ein Enddatum für den Zeitraum.');
return;
}
formData.append('booking_end_date', endDate);
formData.append('booking_type', 'range');
} else if (bookingType === 'recurring') {
formData.append('booking_type', 'single'); // Server expects 'single' structure for these individually sent requests
const dates = calculateDates();
if (dates.length === 0) {
alert('Es konnten keine Termine berechnet werden. Bitte überprüfen Sie Ihre Eingaben.');
return;
}
if (confirm(`Möchten Sie wirklich ${dates.length} Termine planen?`)) {
processMultipleDates(formData, dates, periodStart, periodEnd);
}
return; // Use processMultipleDates instead
} else {
formData.append('booking_end_date', startDate); // For single bookings, end = start
formData.append('booking_type', 'single');
}
const csrfToken = document.querySelector('meta[name="csrf-token"]') ? document.querySelector('meta[name="csrf-token"]').content : '';
// Submit with FormData instead of JSON
fetch('/plan_booking', {
method: 'POST',
headers: {
'X-CSRFToken': csrfToken
},
body: formData // Remove the Content-Type header and JSON.stringify
})
.then(response => {
@@ -681,8 +711,12 @@ document.addEventListener('DOMContentLoaded', function() {
// Cancel booking
document.getElementById('cancel-booking').addEventListener('click', function() {
if (confirm('Möchten Sie diese Ausleihe wirklich stornieren?')) {
const csrfToken = document.querySelector('meta[name="csrf-token"]') ? document.querySelector('meta[name="csrf-token"]').content : '';
fetch('/cancel_booking/' + currentEventId, {
method: 'POST'
method: 'POST',
headers: {
'X-CSRFToken': csrfToken
}
})
.then(response => response.json())
.then(data => {
@@ -1131,8 +1165,12 @@ document.addEventListener('DOMContentLoaded', function() {
newFormData.get('end_date'));
// Submit this booking
const csrfToken = document.querySelector('meta[name="csrf-token"]') ? document.querySelector('meta[name="csrf-token"]').content : '';
fetch('/plan_booking', {
method: 'POST',
headers: {
'X-CSRFToken': csrfToken
},
body: newFormData
})
.then(response => response.json())
+7
View File
@@ -0,0 +1,7 @@
from app import app
with app.test_client() as client:
with client.session_transaction() as sess:
sess['username'] = 'admin'
sess['admin'] = True
resp = client.get('/terminplan')
print("Status:", resp.status_code)
-81
View File
@@ -1,81 +0,0 @@
#!/bin/bash
# VAPID Key Generation Script for Web Push Notifications
# Generates VAPID (Voluntary Application Server Identification) keys required for push notifications
echo "==========================================="
echo "VAPID Key Generation for Inventarsystem"
echo "==========================================="
echo ""
# Check if Python is available
if ! command -v python3 &> /dev/null; then
echo "❌ Error: Python 3 is required but not installed."
exit 1
fi
# Check if pywebpush is installed
echo "Checking for pywebpush..."
python3 -c "import pywebpush" 2>/dev/null
if [ $? -ne 0 ]; then
echo "Installing pywebpush..."
pip3 install pywebpush
if [ $? -ne 0 ]; then
echo "❌ Error: Failed to install pywebpush"
echo "Please install manually: pip3 install pywebpush"
exit 1
fi
fi
echo "✓ pywebpush is installed"
echo ""
# Generate VAPID keys
echo "Generating VAPID keys..."
python3 << 'EOF'
from pywebpush import generate_keys
try:
keys = generate_keys()
print("✓ VAPID Keys generated successfully!")
print("")
print("PUBLIC KEY (share with browsers):")
print(keys['public_key'])
print("")
print("PRIVATE KEY (keep secret!):")
print(keys['private_key'])
print("")
print("==========================================="
print("Add these to your environment variables:")
print("==========================================="
print("")
print("export VAPID_PUBLIC_KEY='" + keys['public_key'] + "'")
print("export VAPID_PRIVATE_KEY='" + keys['private_key'] + "'")
print("export VAPID_SUBJECT='mailto:admin@yourdomain.com'")
print("")
print("Or add to your .env file:")
print("")
print("VAPID_PUBLIC_KEY=" + keys['public_key'])
print("VAPID_PRIVATE_KEY=" + keys['private_key'])
print("VAPID_SUBJECT=mailto:admin@yourdomain.com")
print("")
print("⚠️ IMPORTANT: Keep the PRIVATE KEY secret!")
print("==========================================="
except Exception as e:
print(f"❌ Error generating VAPID keys: {e}")
exit(1)
EOF
if [ $? -eq 0 ]; then
echo ""
echo "✓ Next steps:"
echo "1. Copy the PUBLIC KEY to your browser-side code"
echo "2. Set the PRIVATE KEY in your server environment"
echo "3. Update config.json with your email address"
echo "4. Test with: curl http://localhost:5000/api/push/vapid-key"
else
echo "❌ Error generating keys"
exit 1
fi
+1 -1
View File
@@ -13,4 +13,4 @@ reportlab
python-barcode
openpyxl
cryptography
pywebpush
pywebpush
+5
View File
@@ -0,0 +1,5 @@
from Web.app import app
with app.test_client() as client:
resp = client.get('/terminplan')
print(resp.status_code)
# print(resp.data.decode('utf-8')[:200])