Initial commit: CMS backend for Old Vine Hotel

- Complete Express.js API server
- MongoDB integration with Mongoose
- Admin authentication and authorization
- Room management (CRUD operations)
- Booking management system
- Guest management
- Payment processing (Stripe integration)
- Content management (pages, blog, gallery)
- Media upload and management
- Integration services (Booking.com, Expedia, Opera PMS, Trip.com)
- Email notifications
- Comprehensive logging and error handling

middleware/adminAuth.js

@@ -0,0 +1,68 @@
+const jwt = require('jsonwebtoken');
+const Admin = require('../models/Admin'); // We'll create this model
+
+const adminAuth = async (req, res, next) => {
+  try {
+    // Get token from header
+    const token = req.header('Authorization')?.replace('Bearer ', '');
+    
+    if (!token) {
+      return res.status(401).json({
+        success: false,
+        message: 'Access denied. Admin authentication required.'
+      });
+    }
+
+    // Verify token
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    
+    // Check if the token indicates admin user
+    if (!decoded.isAdmin) {
+      return res.status(403).json({
+        success: false,
+        message: 'Access denied. Admin privileges required.'
+      });
+    }
+    
+    // Check if role is one of the allowed admin roles
+    const allowedRoles = ['super-admin', 'admin', 'editor', 'manager'];
+    if (!allowedRoles.includes(decoded.role)) {
+      return res.status(403).json({
+        success: false,
+        message: 'Access denied. Insufficient privileges.'
+      });
+    }
+
+    // Add admin info to request object
+    req.admin = {
+      id: decoded.id,
+      email: decoded.email,
+      role: decoded.role
+    };
+    
+    next();
+  } catch (error) {
+    console.error('Admin authentication error:', error.message);
+    
+    if (error.name === 'JsonWebTokenError') {
+      return res.status(401).json({
+        success: false,
+        message: 'Invalid admin token'
+      });
+    }
+    
+    if (error.name === 'TokenExpiredError') {
+      return res.status(401).json({
+        success: false,
+        message: 'Admin token expired'
+      });
+    }
+    
+    res.status(500).json({
+      success: false,
+      message: 'Server error during admin authentication'
+    });
+  }
+};
+
+module.exports = adminAuth;

middleware/auth.js

@@ -0,0 +1,56 @@
+const jwt = require('jsonwebtoken');
+const Guest = require('../models/Guest');
+
+const auth = async (req, res, next) => {
+  try {
+    // Get token from header
+    const token = req.header('Authorization')?.replace('Bearer ', '');
+    
+    if (!token) {
+      return res.status(401).json({
+        success: false,
+        message: 'Access denied. No token provided.'
+      });
+    }
+
+    // Verify token
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    
+    // Get guest from database
+    const guest = await Guest.findById(decoded.id).select('-password');
+    
+    if (!guest || !guest.isActive) {
+      return res.status(401).json({
+        success: false,
+        message: 'Token is not valid or account is inactive'
+      });
+    }
+
+    // Add guest to request object
+    req.guest = guest;
+    next();
+  } catch (error) {
+    console.error('Authentication error:', error.message);
+    
+    if (error.name === 'JsonWebTokenError') {
+      return res.status(401).json({
+        success: false,
+        message: 'Invalid token'
+      });
+    }
+    
+    if (error.name === 'TokenExpiredError') {
+      return res.status(401).json({
+        success: false,
+        message: 'Token expired'
+      });
+    }
+    
+    res.status(500).json({
+      success: false,
+      message: 'Server error during authentication'
+    });
+  }
+};
+
+module.exports = auth;

middleware/errorHandler.js

@@ -0,0 +1,76 @@
+const logger = require('../utils/logger');
+
+const errorHandler = (err, req, res, next) => {
+  let error = { ...err };
+  error.message = err.message;
+
+  // Log error
+  logger.logError(err, {
+    method: req.method,
+    url: req.originalUrl,
+    ip: req.ip,
+    userAgent: req.get('User-Agent')
+  });
+
+  // Mongoose bad ObjectId
+  if (err.name === 'CastError') {
+    const message = 'Invalid ID format';
+    error = {
+      message,
+      statusCode: 400
+    };
+  }
+
+  // Mongoose duplicate key
+  if (err.code === 11000) {
+    const field = Object.keys(err.keyValue)[0];
+    const message = `${field} already exists`;
+    error = {
+      message,
+      statusCode: 400
+    };
+  }
+
+  // Mongoose validation error
+  if (err.name === 'ValidationError') {
+    const message = Object.values(err.errors).map(val => val.message).join(', ');
+    error = {
+      message,
+      statusCode: 400
+    };
+  }
+
+  // JWT errors
+  if (err.name === 'JsonWebTokenError') {
+    const message = 'Invalid token';
+    error = {
+      message,
+      statusCode: 401
+    };
+  }
+
+  if (err.name === 'TokenExpiredError') {
+    const message = 'Token expired';
+    error = {
+      message,
+      statusCode: 401
+    };
+  }
+
+  // Stripe errors
+  if (err.type && err.type.startsWith('Stripe')) {
+    const message = 'Payment processing error';
+    error = {
+      message,
+      statusCode: 400
+    };
+  }
+
+  res.status(error.statusCode || 500).json({
+    success: false,
+    message: error.message || 'Server Error',
+    ...(process.env.NODE_ENV === 'development' && { stack: err.stack })
+  });
+};
+
+module.exports = errorHandler;