SlavaVlad
cfcfa0ccee
All checks were successful
Deploy / build-and-deploy (push) Successful in 1m49s
94 lines
3.2 KiB
TypeScript
94 lines
3.2 KiB
TypeScript
import { NextRequest, NextResponse } from "next/server";
|
|
import { getServerSession } from "@/lib/auth";
|
|
import { db } from "@/lib/db";
|
|
import { images } from "@/lib/db/schema";
|
|
import { writeFile, mkdir, unlink } from "fs/promises";
|
|
import path from "path";
|
|
import { v4 as uuidv4 } from "uuid";
|
|
import { eq } from "drizzle-orm";
|
|
|
|
const UPLOAD_DIR = path.join(process.cwd(), "data", "uploads", "images");
|
|
|
|
const ALLOWED_TYPES = ["image/png", "image/jpeg", "image/gif", "image/webp"];
|
|
const MAX_SIZE = 5 * 1024 * 1024;
|
|
|
|
export async function GET() {
|
|
const session = await getServerSession();
|
|
if (!session || !session.isAdmin) {
|
|
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
|
}
|
|
try {
|
|
const all = db.select().from(images).orderBy(images.createdAt).all();
|
|
const list = all.map(i => ({
|
|
id: i.id,
|
|
originalName: i.originalName,
|
|
url: `/uploads/images/${i.storedFilename}`,
|
|
mimeType: i.mimeType,
|
|
fileSize: i.fileSize,
|
|
}));
|
|
return NextResponse.json({ images: list });
|
|
} catch {
|
|
return NextResponse.json({ images: [] });
|
|
}
|
|
}
|
|
|
|
export async function POST(req: NextRequest) {
|
|
const session = await getServerSession();
|
|
if (!session || !session.isAdmin) {
|
|
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
|
}
|
|
try {
|
|
const formData = await req.formData();
|
|
const files = formData.getAll("files") as File[];
|
|
if (!files.length) return NextResponse.json({ error: "No files" }, { status: 400 });
|
|
|
|
await mkdir(UPLOAD_DIR, { recursive: true });
|
|
const results: { url: string; originalName: string; mimeType: string; fileSize: number }[] = [];
|
|
|
|
for (const file of files) {
|
|
if (!ALLOWED_TYPES.includes(file.type)) continue;
|
|
if (file.size > MAX_SIZE) continue;
|
|
|
|
const ext = path.extname(file.name) || ".png";
|
|
const filename = `${uuidv4()}${ext}`;
|
|
const filepath = path.join(UPLOAD_DIR, filename);
|
|
const bytes = await file.arrayBuffer();
|
|
await writeFile(filepath, Buffer.from(bytes));
|
|
|
|
const id = uuidv4();
|
|
db.insert(images).values({
|
|
id,
|
|
originalName: file.name,
|
|
storedFilename: filename,
|
|
mimeType: file.type,
|
|
fileSize: file.size,
|
|
uploadedBy: session.id,
|
|
createdAt: new Date().toISOString(),
|
|
}).run();
|
|
|
|
results.push({ url: `/uploads/images/${filename}`, originalName: file.name, mimeType: file.type, fileSize: file.size });
|
|
}
|
|
|
|
return NextResponse.json({ images: results });
|
|
} catch {
|
|
return NextResponse.json({ error: "Upload failed" }, { status: 500 });
|
|
}
|
|
}
|
|
|
|
export async function DELETE(req: NextRequest) {
|
|
const session = await getServerSession();
|
|
if (!session || !session.isAdmin) {
|
|
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
|
}
|
|
const filename = req.nextUrl.searchParams.get("filename");
|
|
if (!filename) return NextResponse.json({ error: "No filename" }, { status: 400 });
|
|
try {
|
|
const filepath = path.join(UPLOAD_DIR, filename);
|
|
await unlink(filepath).catch(() => {});
|
|
db.delete(images).where(eq(images.storedFilename, filename)).run();
|
|
return NextResponse.json({ success: true });
|
|
} catch {
|
|
return NextResponse.json({ error: "Delete failed" }, { status: 500 });
|
|
}
|
|
}
|