till/hd-commerce
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hd-commerce: neutrales SQLite-Commerce-Backend (Admin + API + Demo-Storefront)

Browse Source
This commit is contained in:
Heidrich Digital
2026-06-17 12:05:29 +00:00
commit 4e8a3ab105
43 changed files with 2689 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/middleware.js
+50
View File
@@ -0,0 +1,50 @@
import { recordEvent, getSetting } from './lib/store.js';
import { createHash } from 'node:crypto';
const USER = process.env.ADMIN_USER || 'admin';
const PASS = process.env.ADMIN_PASS || 'admin';
const SKIP = ['/api/', '/uploads/', '/_astro', '/favicon', '/_image', '/robots.txt'];
function sessionHash(request) {
const ua = request.headers.get('user-agent') || '';
const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'local';
const day = new Date().toISOString().slice(0, 10);
return createHash('sha256').update(ip + ua + day).digest('hex').slice(0, 16);
}
export function onRequest({ request }, next) {
const url = new URL(request.url);
const path = url.pathname;
// --- Admin Basic-Auth ---
if (path.startsWith('/admin')) {
const hdr = request.headers.get('authorization') || '';
if (hdr.startsWith('Basic ')) {
let dec = ''; try { dec = atob(hdr.slice(6)); } catch {}
const i = dec.indexOf(':');
if (i > -1 && dec.slice(0, i) === USER && dec.slice(i + 1) === PASS) return next();
}
const shop = getSetting('shop_name', 'hd-commerce');
return new Response('Authentifizierung erforderlich', {
status: 401,
headers: { 'WWW-Authenticate': `Basic realm="${shop} Admin", charset="UTF-8"` },
});
}
// --- First-Party Pageview-Tracking (nur Storefront-GET-Seiten) ---
if (request.method === 'GET' && !SKIP.some(s => path.startsWith(s))) {
try {
recordEvent({
type: 'pageview', path,
referrer: request.headers.get('referer') || '',
utm_source: url.searchParams.get('utm_source') || '',
utm_medium: url.searchParams.get('utm_medium') || '',
utm_campaign: url.searchParams.get('utm_campaign') || '',
session: sessionHash(request),
});
} catch {}
}
return next();
}