feat: CalDAV-Integration für Admin-Kalender

- Neue CalDAV-Route mit PROPFIND und GET-Endpoints - ICS-Format-Generator für Buchungsdaten - Token-basierte Authentifizierung für CalDAV-Zugriff - Admin-Interface mit CalDAV-Link-Generator - Schritt-für-Schritt-Anleitung für Kalender-Apps - 24h-Token-Ablaufzeit für Sicherheit - Unterstützung für Outlook, Google Calendar, Apple Calendar, Thunderbird Fixes: Admin kann jetzt Terminkalender in externen Apps abonnieren
2025-10-06 12:41:50 +02:00
parent 244eeee142
commit fbfdceeee6
28 changed files with 3584 additions and 0 deletions
--- a/server-dist/index.js
+++ b/server-dist/index.js
@@ -0,0 +1,71 @@
+import { Hono } from "hono";
+import { serve } from '@hono/node-server';
+import { serveStatic } from '@hono/node-server/serve-static';
+import { rpcApp } from "./routes/rpc.js";
+import { caldavApp } from "./routes/caldav.js";
+import { clientEntry } from "./routes/client-entry.js";
+const app = new Hono();
+// Allow all hosts for Tailscale Funnel
+app.use("*", async (c, next) => {
+    // Accept requests from any host
+    return next();
+});
+// Health check endpoint
+app.get("/health", (c) => {
+    return c.json({ status: "ok", timestamp: new Date().toISOString() });
+});
+// Legal config endpoint (temporary fix for RPC issue)
+app.get("/api/legal-config", async (c) => {
+    try {
+        const { getLegalConfig } = await import("./lib/legal-config.js");
+        const config = getLegalConfig();
+        return c.json(config);
+    }
+    catch (error) {
+        console.error("Legal config error:", error);
+        return c.json({ error: "Failed to load legal config" }, 500);
+    }
+});
+// Security.txt endpoint (RFC 9116)
+app.get("/.well-known/security.txt", (c) => {
+    const securityContact = process.env.SECURITY_CONTACT || "security@example.com";
+    const securityText = `Contact: ${securityContact}
+Expires: 2025-12-31T23:59:59.000Z
+Preferred-Languages: de, en
+Canonical: https://${process.env.DOMAIN || 'localhost:5173'}/.well-known/security.txt
+
+# Security Policy
+# Please report security vulnerabilities responsibly by contacting us via email.
+# We will respond to security reports within 48 hours.
+# 
+# Scope: This security policy applies to the Stargirlnails booking system.
+# 
+# Rewards: We appreciate security researchers who help us improve our security.
+# While we don't have a formal bug bounty program, we may offer recognition
+# for significant security improvements.
+`;
+    return c.text(securityText, 200, {
+        "Content-Type": "text/plain; charset=utf-8",
+        "Cache-Control": "public, max-age=86400", // Cache for 24 hours
+    });
+});
+// Serve static files (only in production)
+if (process.env.NODE_ENV === 'production') {
+    app.use('/static/*', serveStatic({ root: './dist' }));
+    app.use('/assets/*', serveStatic({ root: './dist' }));
+}
+app.use('/favicon.png', serveStatic({ path: './public/favicon.png' }));
+app.route("/rpc", rpcApp);
+app.route("/caldav", caldavApp);
+app.get("/*", clientEntry);
+// Start server
+const port = process.env.PORT ? parseInt(process.env.PORT) : 3000;
+const host = process.env.HOST || "0.0.0.0";
+console.log(`🚀 Server starting on ${host}:${port}`);
+// Start the server
+serve({
+    fetch: app.fetch,
+    port,
+    hostname: host,
+});
+export default app;