annaville-sda-site/server/index.js

import express from 'express'
import cors from 'cors'
import { fileURLToPath } from 'url'
import { promises as fs } from 'fs'
import path from 'path'
import crypto from 'crypto'
import multer from 'multer'

const app = express()
const port = process.env.PORT || 3070
const adminToken = process.env.ADMIN_TOKEN || 'Driver1'

const __filename = fileURLToPath(import.meta.url)
const __dirname = path.dirname(__filename)
const dataDir = path.join(__dirname, 'data')
const dataPath = path.join(dataDir, 'events.json')
const uploadsDir = path.join(__dirname, 'uploads')

await fs.mkdir(uploadsDir, { recursive: true })

const storage = multer.diskStorage({
  destination: (req, file, cb) => cb(null, uploadsDir),
  filename: (req, file, cb) => {
    const ext = path.extname(file.originalname || '') || '.png'
    const base = (file.originalname || 'upload')
      .replace(/[^a-z0-9]+/gi, '-')
      .replace(/^-+|-+$/g, '')
      .toLowerCase() || 'upload'
    const unique = `${base}-${Date.now()}${ext}`
    cb(null, unique)
  }
})

const allowedMimeTypes = new Set([
  'image/png',
  'image/jpeg',
  'image/gif',
  'image/webp',
  'image/svg+xml'
])

const upload = multer({
  storage,
  limits: { fileSize: 5 * 1024 * 1024 },
  fileFilter: (req, file, cb) => {
    if (allowedMimeTypes.has(file.mimetype)) {
      cb(null, true)
    } else {
      cb(new Error('Only image uploads are allowed'))
    }
  }
})

async function ensureDataFile() {
  try {
    await fs.access(dataPath)
  } catch {
    await fs.mkdir(dataDir, { recursive: true })
    await fs.writeFile(dataPath, '[]', 'utf-8')
  }
}

function slugify(text) {
  return text
    .toString()
    .toLowerCase()
    .trim()
    .replace(/[^a-z0-9]+/g, '-')
    .replace(/^-+|-+$/g, '')
}

async function readEvents() {
  await ensureDataFile()
  const raw = await fs.readFile(dataPath, 'utf-8')
  try {
    return JSON.parse(raw)
  } catch (error) {
    console.error('Failed to parse events file, resetting to []', error)
    await fs.writeFile(dataPath, '[]', 'utf-8')
    return []
  }
}

async function writeEvents(events) {
  await fs.writeFile(dataPath, JSON.stringify(events, null, 2), 'utf-8')
}

function requireAuth(req, res, next) {
  const token = req.header('x-admin-token')
  if (!token || token !== adminToken) {
    return res.status(401).json({ error: 'Unauthorized' })
  }
  return next()
}

function asyncHandler(fn) {
  return (req, res, next) => {
    Promise.resolve(fn(req, res, next)).catch(next)
  }
}

function buildEventPayload(input, base = {}) {
  const allowed = ['title', 'description', 'date', 'time', 'location', 'category', 'image']
  const payload = { ...base }
  for (const key of allowed) {
    if (key in input && input[key] !== undefined) {
      payload[key] = typeof input[key] === 'string' ? input[key].trim() : input[key]
    }
  }
  return payload
}

app.use(cors())
app.use(express.json({ limit: '1mb' }))
app.use('/uploads', express.static(uploadsDir))

app.get('/api/health', (req, res) => {
  res.json({ status: 'ok' })
})

app.get('/api/events', asyncHandler(async (req, res) => {
  const events = await readEvents()
  const sorted = events.slice().sort((a, b) => new Date(a.date) - new Date(b.date))
  res.json(sorted)
}))

app.get('/api/events/:slug', asyncHandler(async (req, res) => {
  const events = await readEvents()
  const event = events.find(e => e.slug === req.params.slug)
  if (!event) {
    return res.status(404).json({ error: 'Event not found' })
  }
  res.json(event)
}))

app.post('/api/events', requireAuth, asyncHandler(async (req, res) => {
  const data = buildEventPayload(req.body)
  if (!data.title || !data.date) {
    return res.status(400).json({ error: 'title and date are required' })
  }

  const events = await readEvents()
  const baseSlug = slugify(req.body.slug || data.title || '') || `event-${Date.now()}`
  let uniqueSlug = baseSlug
  let suffix = 1
  while (events.some(event => event.slug === uniqueSlug)) {
    uniqueSlug = `${baseSlug}-${suffix++}`
  }

  const now = new Date().toISOString()
  const newEvent = {
    id: crypto.randomUUID(),
    slug: uniqueSlug,
    createdAt: now,
    updatedAt: now,
    ...data,
  }

  events.push(newEvent)
  await writeEvents(events)
  res.status(201).json(newEvent)
}))

app.patch('/api/events/:slug', requireAuth, asyncHandler(async (req, res) => {
  const events = await readEvents()
  const index = events.findIndex(event => event.slug === req.params.slug)
  if (index === -1) {
    return res.status(404).json({ error: 'Event not found' })
  }

  const event = events[index]
  const updated = buildEventPayload(req.body, event)
  let slugToUse = event.slug
  if (req.body.slug && req.body.slug !== event.slug) {
    const requestedSlug = slugify(req.body.slug)
    let uniqueSlug = requestedSlug || event.slug
    let suffix = 1
    while (events.some((e, i) => i !== index && e.slug === uniqueSlug)) {
      uniqueSlug = `${requestedSlug}-${suffix++}`
    }
    slugToUse = uniqueSlug
  }

  const merged = {
    ...event,
    ...updated,
    slug: slugToUse,
    updatedAt: new Date().toISOString(),
  }

  events[index] = merged
  await writeEvents(events)
  res.json(merged)
}))

app.delete('/api/events/:slug', requireAuth, asyncHandler(async (req, res) => {
  const events = await readEvents()
  const index = events.findIndex(event => event.slug === req.params.slug)
  if (index === -1) {
    return res.status(404).json({ error: 'Event not found' })
  }

  const [removed] = events.splice(index, 1)
  await writeEvents(events)
  res.json({ success: true, removed })
}))

app.post('/api/uploads', requireAuth, upload.single('file'), (req, res) => {
  if (!req.file) {
    return res.status(400).json({ error: 'No file uploaded' })
  }
  const relativeUrl = `/uploads/${req.file.filename}`
  const absoluteUrl = `${req.protocol}://${req.get('host')}${relativeUrl}`
  res.status(201).json({ url: absoluteUrl, path: relativeUrl })
})

app.get('/api/admin/verify', requireAuth, (req, res) => {
  res.json({ ok: true })
})

app.use((err, req, res, next) => {
  if (err instanceof multer.MulterError) {
    return res.status(400).json({ error: err.message })
  }
  if (err && err.message === 'Only image uploads are allowed') {
    return res.status(400).json({ error: err.message })
  }
  console.error(err)
  res.status(500).json({ error: 'Internal server error' })
})

app.listen(port, () => {
  console.log(`Events API listening on port ${port}`)
})