102 lines
2.9 KiB
JavaScript
102 lines
2.9 KiB
JavaScript
import express from 'express';
|
|
import fs from 'fs';
|
|
|
|
import { createRequire } from 'module';
|
|
const require = createRequire(import.meta.url);
|
|
const multer = require('multer');
|
|
|
|
import path from 'path';
|
|
import { fileURLToPath } from 'url';
|
|
|
|
import pool from '../db.js';
|
|
|
|
const __dirname = path.dirname(fileURLToPath(import.meta.url));
|
|
const router = express.Router();
|
|
|
|
const storage = multer.diskStorage({
|
|
destination: path.join(__dirname, '../uploads'),
|
|
filename: (req, file, cb) => {
|
|
cb(null, Date.now() + '-' + file.originalname);
|
|
}
|
|
});
|
|
const upload = multer({ storage });
|
|
|
|
router.get('/upload', (req, res) => {
|
|
if (!req.user) return res.redirect('/');
|
|
res.render('upload', { user: req.user });
|
|
});
|
|
|
|
router.post('/upload', upload.single('image'), async (req, res) => {
|
|
const { title, description } = req.body;
|
|
const filename = req.file.filename;
|
|
|
|
const uploader = req.user ? req.user.displayName : 'Anonym';
|
|
|
|
await pool.query(
|
|
'INSERT INTO images (filename, title, description, uploader) VALUES ($1, $2, $3, $4)',
|
|
[filename, title, description, uploader]
|
|
);
|
|
|
|
res.redirect('/');
|
|
});
|
|
|
|
router.post('/delete/:id', async (req, res) => {
|
|
const imageId = req.params.id;
|
|
|
|
// Bild aus DB laden
|
|
const result = await pool.query('SELECT * FROM images WHERE id = $1', [imageId]);
|
|
const image = result.rows[0];
|
|
|
|
// Zugriffskontrolle
|
|
const isOwner = req.user && image && req.user.displayName === image.uploader;
|
|
const isAdmin = req.user && req.user.emails && req.user.emails[0].value === process.env.ADMIN_EMAIL;
|
|
|
|
if (!isOwner && !isAdmin) {
|
|
return res.status(403).send('🚫 Du darfst dieses Bild nicht löschen.');
|
|
}
|
|
|
|
// Datei löschen
|
|
const filePath = path.join(__dirname, '../uploads', image.filename);
|
|
fs.unlink(filePath, err => {
|
|
if (err) console.warn('⚠️ Datei konnte nicht gelöscht werden:', err.message);
|
|
});
|
|
|
|
// DB-Eintrag löschen
|
|
await pool.query('DELETE FROM images WHERE id = $1', [imageId]);
|
|
|
|
res.redirect('/');
|
|
});
|
|
|
|
router.get('/image/:id', async (req, res) => {
|
|
const imageId = req.params.id;
|
|
const result = await pool.query('SELECT * FROM images WHERE id = $1', [imageId]);
|
|
const image = result.rows[0];
|
|
|
|
const commentsResult = await pool.query(
|
|
'SELECT * FROM comments WHERE image_id = $1 ORDER BY created_at ASC',
|
|
[imageId]
|
|
);
|
|
const comments = commentsResult.rows;
|
|
|
|
res.render('image', {
|
|
user: req.user,
|
|
image,
|
|
comments
|
|
});
|
|
});
|
|
|
|
router.post('/image/:id/comment', async (req, res) => {
|
|
const imageId = req.params.id;
|
|
const author = req.user ? req.user.displayName : 'Anonym';
|
|
const content = req.body.content;
|
|
|
|
await pool.query(
|
|
'INSERT INTO comments (image_id, author, content) VALUES ($1, $2, $3)',
|
|
[imageId, author, content]
|
|
);
|
|
|
|
res.redirect(`/image/${imageId}`);
|
|
});
|
|
|
|
export default router;
|