177 lines
5.3 KiB
JavaScript
177 lines
5.3 KiB
JavaScript
const express = require('express');
|
|
const router = express.Router();
|
|
const multer = require('multer');
|
|
const path = require('path');
|
|
const fs = require('fs');
|
|
const sharp = require('sharp');
|
|
const adminAuth = require('../middleware/adminAuth');
|
|
|
|
// --- Helpers ---
|
|
const getUploadsDir = () => {
|
|
const envDir = (process.env.UPLOADS_DIR || '').trim();
|
|
if (envDir) return path.isAbsolute(envDir) ? envDir : path.resolve(process.cwd(), envDir);
|
|
return path.resolve(__dirname, '..', 'uploads');
|
|
};
|
|
|
|
const uploadsDir = getUploadsDir();
|
|
const urlPrefix = (process.env.UPLOADS_URL_PREFIX || '/uploads').replace(/\/$/, '');
|
|
|
|
// Ensure uploads directory exists
|
|
if (!fs.existsSync(uploadsDir)) {
|
|
fs.mkdirSync(uploadsDir, { recursive: true });
|
|
}
|
|
|
|
// Configure multer for file upload
|
|
const storage = multer.diskStorage({
|
|
destination: (req, file, cb) => cb(null, uploadsDir),
|
|
filename: (req, file, cb) => {
|
|
const uniqueSuffix = Date.now() + '-' + Math.round(Math.random() * 1e9);
|
|
const ext = path.extname(file.originalname).toLowerCase();
|
|
const name = path
|
|
.basename(file.originalname, ext)
|
|
.replace(/[^a-z0-9]/gi, '-')
|
|
.replace(/-+/g, '-')
|
|
.replace(/^-|-$/g, '')
|
|
.toLowerCase();
|
|
|
|
cb(null, `${name || 'file'}-${uniqueSuffix}${ext || ''}`);
|
|
},
|
|
});
|
|
|
|
const fileFilter = (req, file, cb) => {
|
|
// Accept images only
|
|
if (file.mimetype && file.mimetype.startsWith('image/')) return cb(null, true);
|
|
cb(new Error('Only image files are allowed'), false);
|
|
};
|
|
|
|
const upload = multer({
|
|
storage,
|
|
fileFilter,
|
|
limits: { fileSize: 10 * 1024 * 1024 }, // 10MB
|
|
});
|
|
|
|
async function optimizeImageIfPossible(filePath, extLower) {
|
|
if (extLower === '.gif') return;
|
|
|
|
const tmpPath = `${filePath}.tmp`;
|
|
|
|
let pipeline = sharp(filePath).resize(1920, 1080, {
|
|
fit: 'inside',
|
|
withoutEnlargement: true,
|
|
});
|
|
|
|
if (extLower === '.png') {
|
|
pipeline = pipeline.png({ quality: 85, compressionLevel: 9 });
|
|
} else if (extLower === '.webp') {
|
|
pipeline = pipeline.webp({ quality: 85 });
|
|
} else {
|
|
pipeline = pipeline.jpeg({ quality: 85 });
|
|
}
|
|
|
|
await pipeline.toFile(tmpPath);
|
|
fs.unlinkSync(filePath);
|
|
fs.renameSync(tmpPath, filePath);
|
|
}
|
|
|
|
// @route POST /api/upload
|
|
// @desc Upload single or multiple images
|
|
// @access Private (Admin)
|
|
router.post('/', adminAuth, upload.array('images', 10), async (req, res) => {
|
|
try {
|
|
if (!req.files || req.files.length === 0) {
|
|
return res.status(400).json({ success: false, message: 'No files uploaded' });
|
|
}
|
|
|
|
const uploadedFiles = [];
|
|
|
|
for (const file of req.files) {
|
|
try {
|
|
const extLower = path.extname(file.filename).toLowerCase();
|
|
await optimizeImageIfPossible(file.path, extLower);
|
|
|
|
uploadedFiles.push({
|
|
filename: file.filename,
|
|
originalName: file.originalname,
|
|
url: `${urlPrefix}/${file.filename}`,
|
|
mimeType: file.mimetype,
|
|
uploadedAt: new Date(),
|
|
});
|
|
} catch (e) {
|
|
console.error('Error processing image:', e);
|
|
uploadedFiles.push({
|
|
filename: file.filename,
|
|
originalName: file.originalname,
|
|
url: `${urlPrefix}/${file.filename}`,
|
|
mimeType: file.mimetype,
|
|
uploadedAt: new Date(),
|
|
error: 'Optimization failed',
|
|
});
|
|
}
|
|
}
|
|
|
|
res.json({
|
|
success: true,
|
|
message: 'Files uploaded successfully',
|
|
data: { files: uploadedFiles },
|
|
});
|
|
} catch (error) {
|
|
console.error('Upload error:', error);
|
|
res.status(500).json({ success: false, message: error.message || 'Error uploading files' });
|
|
}
|
|
});
|
|
|
|
// @route GET /api/upload/list
|
|
// @desc Get list of uploaded files
|
|
// @access Private (Admin)
|
|
router.get('/list', adminAuth, async (req, res) => {
|
|
try {
|
|
const files = fs.readdirSync(uploadsDir);
|
|
|
|
const fileList = files
|
|
.filter((f) => !f.startsWith('.'))
|
|
.map((filename) => {
|
|
const filePath = path.join(uploadsDir, filename);
|
|
const stats = fs.statSync(filePath);
|
|
return {
|
|
filename,
|
|
url: `${urlPrefix}/${filename}`,
|
|
size: stats.size,
|
|
uploadedAt: stats.mtime,
|
|
};
|
|
})
|
|
.sort((a, b) => b.uploadedAt - a.uploadedAt);
|
|
|
|
res.json({ success: true, data: { files: fileList, total: fileList.length } });
|
|
} catch (error) {
|
|
console.error('List files error:', error);
|
|
res.status(500).json({ success: false, message: 'Error listing files' });
|
|
}
|
|
});
|
|
|
|
// @route DELETE /api/upload/:filename
|
|
// @desc Delete an uploaded file
|
|
// @access Private (Admin)
|
|
router.delete('/:filename', adminAuth, async (req, res) => {
|
|
try {
|
|
const { filename } = req.params;
|
|
|
|
// Security check: prevent path traversal
|
|
if (filename.includes('..') || filename.includes('/') || filename.includes('\\')) {
|
|
return res.status(400).json({ success: false, message: 'Invalid filename' });
|
|
}
|
|
|
|
const filePath = path.join(uploadsDir, filename);
|
|
|
|
if (!fs.existsSync(filePath)) {
|
|
return res.status(404).json({ success: false, message: 'File not found' });
|
|
}
|
|
|
|
fs.unlinkSync(filePath);
|
|
res.json({ success: true, message: 'File deleted successfully' });
|
|
} catch (error) {
|
|
console.error('Delete file error:', error);
|
|
res.status(500).json({ success: false, message: 'Error deleting file' });
|
|
}
|
|
});
|
|
|
|
module.exports = router; |