änderungen durch AI

.env

@@ -10,3 +10,5 @@ OFFLINE_SERVER_1=Test Server Alpha
 OFFLINE_SERVER_2=Test Server Beta
 
 APP_URL=https://spiel.dynastyofknights.com
+
+SESSION_SECRET=irgendein_langer_geheimer_zufallstext_123!

app.js

@@ -22,6 +22,8 @@ const equip = require("./routes/equip");
 const equipment = require("./routes/equipment");
 const blackmarket = require("./routes/blackmarket");
 
+const compression = require("compression");
+
 const app = express();
 app.set("trust proxy", 1);
 const PORT = process.env.PORT || 3000;
@@ -33,6 +35,12 @@ const PORT = process.env.PORT || 3000;
 const server = http.createServer(app);
 const io = new Server(server);
 
+/* ========================
+   Compression
+======================== */
+
+app.use(compression());
+
 /* ========================
    Security Middleware
 ======================== */
@@ -60,9 +68,14 @@ app.use(limiter);
 
 app.use(
   session({
-    secret: "dynastyofknights_secret",
+    secret: process.env.SESSION_SECRET || "dynastyofknights_secret",
     resave: false,
     saveUninitialized: false,
+    cookie: {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      maxAge: 1000 * 60 * 60 * 24,
+    },
   }),
 );
 
@@ -204,12 +217,6 @@ app.use((req, res) => {
   res.status(404).send("Seite nicht gefunden");
 });
 
-/* ========================
-   Webseite beschleunigen
-======================== */
-const compression = require("compression");
-app.use(compression());
-
 /* ========================
    Chat System
 ======================== */

public/css/building.css

@@ -474,7 +474,7 @@ body {
   filter: brightness(1.3);
 }
 
-.equip-slot:empty {
+.equip-slot:not(:has(img)) {
   opacity: 0.7;
 }
 
@@ -507,11 +507,24 @@ body {
 
 #item-tooltip {
   position: fixed;
-  background: #111;
-  border: 1px solid #555;
-  padding: 6px;
-  color: white;
+  pointer-events: none;
+
+  background: rgba(0, 0, 0, 0.85);
+  color: #fff;
+
+  padding: 8px 12px;
+  border-radius: 6px;
+
+  font-size: 14px;
+
   display: none;
+  z-index: 9999;
+
+  max-width: 200px;
+
+  border: 1px solid #555;
+
+  box-shadow: 0 0 10px rgba(0, 0, 0, 0.4);
 }
 
 /* =========================
@@ -533,14 +546,6 @@ body {
 /* =========================
    Schwarzmarkt
 ========================= */
-#market-pages {
-  display: flex;
-  flex-direction: column;
-
-  gap: 8px;
-
-  margin-top: 15px;
-}
 
 .market-page {
   padding: 8px 12px;
@@ -622,6 +627,8 @@ body {
   justify-content: center;
 
   margin-top: 15px;
+
+  /* Ehemals doppelt definiert – zusammengeführt */
 }
 
 .bag-icon {

public/js/buildings/schwarzmarkt.js

@@ -42,7 +42,11 @@ Geheimhandel
 }
 
 async function loadPages() {
+  try {
     const res = await fetch("/api/blackmarket/pages");
+
+    if (!res.ok) throw new Error("API Fehler");
+
     const data = await res.json();
 
     const container = document.getElementById("market-pages");
@@ -96,6 +100,9 @@ Kaufen
     }
 
     container.innerHTML = html;
+  } catch (err) {
+    console.error("Schwarzmarkt Fehler:", err);
+  }
 }
 
 /* Kaufen */
@@ -109,6 +116,7 @@ document.addEventListener("click", async (e) => {
 
   const page = slot.dataset.page;
 
+  try {
     const res = await fetch("/api/blackmarket/buy-page", {
       method: "POST",
       headers: {
@@ -117,6 +125,8 @@ document.addEventListener("click", async (e) => {
       body: JSON.stringify({ page }),
     });
 
+    if (!res.ok) throw new Error("API Fehler");
+
     const data = await res.json();
 
     if (data.error) {
@@ -125,6 +135,10 @@ document.addEventListener("click", async (e) => {
     }
 
     loadPages();
+  } catch (err) {
+    console.error("Kauf Fehler:", err);
+    alert("Fehler beim Kauf. Bitte erneut versuchen.");
+  }
 });
 
 /* Tabs */

public/js/buildings/wohnhaus.js

@@ -159,8 +159,15 @@ function initInventoryButtons() {
   };
 
   document.getElementById("inv-right").onclick = () => {
+    const totalPages = Math.max(
+      1,
+      Math.ceil(inventoryItems.length / slotsPerPage),
+    );
+
+    if (inventoryPage < totalPages - 1) {
       inventoryPage++;
       renderInventory();
+    }
   };
 }
 

public/js/map-ui.js

@@ -4,6 +4,8 @@ const popup = document.getElementById("building-popup");
 const title = document.getElementById("popup-title");
 const tooltip = document.getElementById("map-tooltip");
 
+const tooltipCache = {};
+
 const buildingModules = {
   11: loadWohnhaus,
   12: loadSchwarzmarkt,
@@ -136,11 +138,15 @@ document.querySelectorAll(".building").forEach((building) => {
     try {
       const id = building.dataset.id;
 
+      if (!tooltipCache[id]) {
         const res = await fetch("/api/building/" + id);
 
         if (!res.ok) throw new Error("API Fehler");
 
-      const data = await res.json();
+        tooltipCache[id] = await res.json();
+      }
+
+      const data = tooltipCache[id];
 
       tooltip.innerHTML = `
         <strong>${data.name}</strong><br>

routes/equip.js

@@ -1,12 +1,18 @@
 const express = require("express");
 const router = express.Router();
 const db = require("../database/database");
+const auth = require("../middleware/auth");
 
-router.post("/", async (req, res) => {
+router.post("/", auth, async (req, res) => {
   const userId = req.session.user.id;
 
   const { slot, itemId, itemLevelId } = req.body;
 
+  if (!slot) {
+    return res.status(400).json({ error: "Slot fehlt" });
+  }
+
+  try {
     await db.query(
       `
       INSERT INTO avatar_equipment
@@ -16,10 +22,14 @@ router.post("/", async (req, res) => {
         item_id = VALUES(item_id),
         item_level_id = VALUES(item_level_id)
     `,
-    [userId, slot, itemId, itemLevelId],
+      [userId, slot, itemId || null, itemLevelId || null],
     );
 
     res.json({ success: true });
+  } catch (err) {
+    console.error("Equip Fehler:", err);
+    res.status(500).json({ error: "DB Fehler" });
+  }
 });
 
 module.exports = router;

routes/equipment.js

@@ -1,23 +1,33 @@
 const express = require("express");
 const router = express.Router();
 const db = require("../database/database");
+const auth = require("../middleware/auth");
 
-router.get("/", async (req, res) => {
+router.get("/", auth, async (req, res) => {
   const userId = req.session.user.id;
 
+  try {
     const [rows] = await db.query(
       `
 SELECT
 ae.slot,
-items.icon
+ae.item_id,
+ae.item_level_id,
+items.icon,
+item_levels.level AS item_level
 FROM avatar_equipment ae
 LEFT JOIN items ON items.id = ae.item_id
+LEFT JOIN item_levels ON item_levels.id = ae.item_level_id
 WHERE ae.user_id=?
 `,
       [userId],
     );
 
     res.json(rows);
+  } catch (err) {
+    console.error("Equipment Fehler:", err);
+    res.status(500).json({ error: "DB Fehler" });
+  }
 });
 
 module.exports = router;

routes/inventory.js

@@ -1,10 +1,12 @@
 const express = require("express");
 const router = express.Router();
 const db = require("../database/database");
+const auth = require("../middleware/auth");
 
-router.get("/", async (req, res) => {
-  const userId = 1;
+router.get("/", auth, async (req, res) => {
+  const userId = req.session.user.id;
 
+  try {
     const [items] = await db.query(
       `
 SELECT
@@ -23,6 +25,10 @@ WHERE user_inventory.user_id=?
     );
 
     res.json(items);
+  } catch (err) {
+    console.error("Inventory Fehler:", err);
+    res.status(500).json({ error: "DB Fehler" });
+  }
 });
 
 module.exports = router;