delete #8
@ -1,4 +1,5 @@
|
||||
import express from 'express';
|
||||
import fs from 'fs';
|
||||
|
||||
import { createRequire } from 'module';
|
||||
const require = createRequire(import.meta.url);
|
||||
@ -39,4 +40,31 @@ router.post('/upload', upload.single('image'), async (req, res) => {
|
||||
res.redirect('/');
|
||||
});
|
||||
|
||||
router.post('/delete/:id', async (req, res) => {
|
||||
const imageId = req.params.id;
|
||||
|
||||
// Bild aus DB laden
|
||||
const result = await pool.query('SELECT * FROM images WHERE id = $1', [imageId]);
|
||||
const image = result.rows[0];
|
||||
|
||||
// Zugriffskontrolle
|
||||
const isOwner = req.user && image && req.user.displayName === image.uploader;
|
||||
const isAdmin = req.user && req.user.emails && req.user.emails[0].value === process.env.ADMIN_EMAIL;
|
||||
|
||||
if (!isOwner && !isAdmin) {
|
||||
return res.status(403).send('🚫 Du darfst dieses Bild nicht löschen.');
|
||||
}
|
||||
|
||||
// Datei löschen
|
||||
const filePath = path.join(__dirname, '../uploads', image.filename);
|
||||
fs.unlink(filePath, err => {
|
||||
if (err) console.warn('⚠️ Datei konnte nicht gelöscht werden:', err.message);
|
||||
});
|
||||
|
||||
// DB-Eintrag löschen
|
||||
await pool.query('DELETE FROM images WHERE id = $1', [imageId]);
|
||||
|
||||
res.redirect('/');
|
||||
});
|
||||
|
||||
export default router;
|
||||
|
||||
@ -1,4 +1,3 @@
|
||||
import fs from 'fs';
|
||||
import express from 'express';
|
||||
import session from 'express-session';
|
||||
import passport from 'passport';
|
||||
@ -21,7 +20,6 @@ await pool.query(`
|
||||
);
|
||||
`);
|
||||
|
||||
|
||||
dotenv.config();
|
||||
|
||||
const app = express();
|
||||
@ -41,6 +39,7 @@ function isLoggedIn(req, res, next) {
|
||||
app.get('/', async (req, res) => {
|
||||
const result = await pool.query('SELECT * FROM images ORDER BY created_at DESC');
|
||||
const images = result.rows.map(img => ({
|
||||
id: img.id,
|
||||
title: img.title,
|
||||
description: img.description,
|
||||
path: `/uploads/${img.filename}`,
|
||||
|
||||
@ -36,6 +36,11 @@
|
||||
<img src="<%= img.path %>" alt="<%= img.title %>" style="max-width: 100%; border-radius: 8px;" />
|
||||
<figcaption>Hochgeladen von <strong><%= img.uploader %></strong></figcaption>
|
||||
</figure>
|
||||
<% if (user && (user.displayName === img.uploader || user.emails[0].value === 'DEINE_ADMIN_MAIL@deine-domain.de')) { %>
|
||||
<form action="/delete/<%= img.id %>" method="POST" style="margin-top: 0.5rem;">
|
||||
<button type="submit" onclick="return confirm('Bild wirklich löschen?')">🗑️ Löschen</button>
|
||||
</form>
|
||||
<% } %>
|
||||
</article>
|
||||
<% }) %>
|
||||
<% } %>
|
||||
|
||||
@ -10,7 +10,6 @@ services:
|
||||
volumes:
|
||||
- db_data:/var/lib/postgresql/data
|
||||
|
||||
|
||||
backend:
|
||||
build: ./backend
|
||||
ports:
|
||||
@ -18,6 +17,7 @@ services:
|
||||
environment:
|
||||
GOOGLE_CLIENT_ID: your-client-id-here
|
||||
GOOGLE_CLIENT_SECRET: your-client-secret-here
|
||||
ADMIN_EMAIL: admin@domain.com
|
||||
depends_on:
|
||||
- db
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user