Adding features

2025-10-05 16:15:09 +01:00 · 2025-10-05 16:15:09 +01:00 · 2b55ca4104
commit 2b55ca4104
parent 600fef2b7c
75 changed files with 9796 additions and 2759 deletions
--- a/server/api/updates/[id].delete.js
+++ b/server/api/updates/[id].delete.js
@ -0,0 +1,59 @@
+import jwt from "jsonwebtoken";
+import Update from "../../models/update.js";
+import { connectDB } from "../../utils/mongoose.js";
+
+export default defineEventHandler(async (event) => {
+  await connectDB();
+
+  const token = getCookie(event, "auth-token");
+
+  if (!token) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Not authenticated",
+    });
+  }
+
+  let memberId;
+  try {
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    memberId = decoded.memberId;
+  } catch (err) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Invalid or expired token",
+    });
+  }
+
+  const id = getRouterParam(event, "id");
+
+  try {
+    const update = await Update.findById(id);
+
+    if (!update) {
+      throw createError({
+        statusCode: 404,
+        statusMessage: "Update not found",
+      });
+    }
+
+    // Check if user is the author
+    if (update.author.toString() !== memberId) {
+      throw createError({
+        statusCode: 403,
+        statusMessage: "You can only delete your own updates",
+      });
+    }
+
+    await Update.findByIdAndDelete(id);
+
+    return { success: true };
+  } catch (error) {
+    if (error.statusCode) throw error;
+    console.error("Delete update error:", error);
+    throw createError({
+      statusCode: 500,
+      statusMessage: "Failed to delete update",
+    });
+  }
+});
--- a/server/api/updates/[id].get.js
+++ b/server/api/updates/[id].get.js
@ -0,0 +1,60 @@
+import jwt from "jsonwebtoken";
+import Update from "../../models/update.js";
+import { connectDB } from "../../utils/mongoose.js";
+
+export default defineEventHandler(async (event) => {
+  await connectDB();
+
+  const id = getRouterParam(event, "id");
+  const token = getCookie(event, "auth-token");
+  let memberId = null;
+
+  // Check if user is authenticated
+  if (token) {
+    try {
+      const decoded = jwt.verify(token, process.env.JWT_SECRET);
+      memberId = decoded.memberId;
+    } catch (err) {
+      // Token invalid, continue as non-member
+    }
+  }
+
+  try {
+    const update = await Update.findById(id).populate("author", "name avatar");
+
+    if (!update) {
+      throw createError({
+        statusCode: 404,
+        statusMessage: "Update not found",
+      });
+    }
+
+    // Check privacy permissions
+    if (update.privacy === "private") {
+      // Only author can view private updates
+      if (!memberId || update.author._id.toString() !== memberId) {
+        throw createError({
+          statusCode: 403,
+          statusMessage: "You don't have permission to view this update",
+        });
+      }
+    } else if (update.privacy === "members") {
+      // Must be authenticated to view members-only updates
+      if (!memberId) {
+        throw createError({
+          statusCode: 403,
+          statusMessage: "You must be a member to view this update",
+        });
+      }
+    }
+
+    return update;
+  } catch (error) {
+    if (error.statusCode) throw error;
+    console.error("Get update error:", error);
+    throw createError({
+      statusCode: 500,
+      statusMessage: "Failed to fetch update",
+    });
+  }
+});
--- a/server/api/updates/[id].patch.js
+++ b/server/api/updates/[id].patch.js
@ -0,0 +1,68 @@
+import jwt from "jsonwebtoken";
+import Update from "../../models/update.js";
+import { connectDB } from "../../utils/mongoose.js";
+
+export default defineEventHandler(async (event) => {
+  await connectDB();
+
+  const token = getCookie(event, "auth-token");
+
+  if (!token) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Not authenticated",
+    });
+  }
+
+  let memberId;
+  try {
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    memberId = decoded.memberId;
+  } catch (err) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Invalid or expired token",
+    });
+  }
+
+  const id = getRouterParam(event, "id");
+  const body = await readBody(event);
+
+  try {
+    const update = await Update.findById(id);
+
+    if (!update) {
+      throw createError({
+        statusCode: 404,
+        statusMessage: "Update not found",
+      });
+    }
+
+    // Check if user is the author
+    if (update.author.toString() !== memberId) {
+      throw createError({
+        statusCode: 403,
+        statusMessage: "You can only edit your own updates",
+      });
+    }
+
+    // Update allowed fields
+    if (body.content !== undefined) update.content = body.content;
+    if (body.images !== undefined) update.images = body.images;
+    if (body.privacy !== undefined) update.privacy = body.privacy;
+    if (body.commentsEnabled !== undefined)
+      update.commentsEnabled = body.commentsEnabled;
+
+    await update.save();
+    await update.populate("author", "name avatar");
+
+    return update;
+  } catch (error) {
+    if (error.statusCode) throw error;
+    console.error("Update edit error:", error);
+    throw createError({
+      statusCode: 500,
+      statusMessage: "Failed to update",
+    });
+  }
+});
--- a/server/api/updates/index.get.js
+++ b/server/api/updates/index.get.js
@ -0,0 +1,56 @@
+import jwt from "jsonwebtoken";
+import Update from "../../models/update.js";
+import { connectDB } from "../../utils/mongoose.js";
+
+export default defineEventHandler(async (event) => {
+  await connectDB();
+
+  const token = getCookie(event, "auth-token");
+  let memberId = null;
+
+  // Check if user is authenticated
+  if (token) {
+    try {
+      const decoded = jwt.verify(token, process.env.JWT_SECRET);
+      memberId = decoded.memberId;
+    } catch (err) {
+      // Token invalid, continue as non-member
+    }
+  }
+
+  const query = getQuery(event);
+  const limit = parseInt(query.limit) || 20;
+  const skip = parseInt(query.skip) || 0;
+
+  try {
+    // Build privacy filter
+    let privacyFilter;
+    if (!memberId) {
+      // Not authenticated - only show public updates
+      privacyFilter = { privacy: "public" };
+    } else {
+      // Authenticated member - show public and members-only updates
+      privacyFilter = { privacy: { $in: ["public", "members"] } };
+    }
+
+    const updates = await Update.find(privacyFilter)
+      .populate("author", "name avatar")
+      .sort({ createdAt: -1 })
+      .limit(limit)
+      .skip(skip);
+
+    const total = await Update.countDocuments(privacyFilter);
+
+    return {
+      updates,
+      total,
+      hasMore: skip + limit < total,
+    };
+  } catch (error) {
+    console.error("Get updates error:", error);
+    throw createError({
+      statusCode: 500,
+      statusMessage: "Failed to fetch updates",
+    });
+  }
+});
--- a/server/api/updates/index.post.js
+++ b/server/api/updates/index.post.js
@ -0,0 +1,57 @@
+import jwt from "jsonwebtoken";
+import Update from "../../models/update.js";
+import { connectDB } from "../../utils/mongoose.js";
+
+export default defineEventHandler(async (event) => {
+  await connectDB();
+
+  const token = getCookie(event, "auth-token");
+
+  if (!token) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Not authenticated",
+    });
+  }
+
+  let memberId;
+  try {
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    memberId = decoded.memberId;
+  } catch (err) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Invalid or expired token",
+    });
+  }
+
+  const body = await readBody(event);
+
+  if (!body.content || !body.content.trim()) {
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Content is required",
+    });
+  }
+
+  try {
+    const update = await Update.create({
+      author: memberId,
+      content: body.content,
+      images: body.images || [],
+      privacy: body.privacy || "members",
+      commentsEnabled: body.commentsEnabled ?? true,
+    });
+
+    // Populate author details
+    await update.populate("author", "name avatar");
+
+    return update;
+  } catch (error) {
+    console.error("Create update error:", error);
+    throw createError({
+      statusCode: 500,
+      statusMessage: "Failed to create update",
+    });
+  }
+});
--- a/server/api/updates/my-updates.get.js
+++ b/server/api/updates/my-updates.get.js
@ -0,0 +1,53 @@
+import jwt from "jsonwebtoken";
+import Update from "../../models/update.js";
+import { connectDB } from "../../utils/mongoose.js";
+
+export default defineEventHandler(async (event) => {
+  await connectDB();
+
+  const token = getCookie(event, "auth-token");
+
+  if (!token) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Not authenticated",
+    });
+  }
+
+  let memberId;
+  try {
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    memberId = decoded.memberId;
+  } catch (err) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Invalid or expired token",
+    });
+  }
+
+  const query = getQuery(event);
+  const limit = parseInt(query.limit) || 20;
+  const skip = parseInt(query.skip) || 0;
+
+  try {
+    const updates = await Update.find({ author: memberId })
+      .populate("author", "name avatar")
+      .sort({ createdAt: -1 })
+      .limit(limit)
+      .skip(skip);
+
+    const total = await Update.countDocuments({ author: memberId });
+
+    return {
+      updates,
+      total,
+      hasMore: skip + limit < total,
+    };
+  } catch (error) {
+    console.error("Get my updates error:", error);
+    throw createError({
+      statusCode: 500,
+      statusMessage: "Failed to fetch updates",
+    });
+  }
+});
--- a/server/api/updates/user/[id].get.js
+++ b/server/api/updates/user/[id].get.js
@ -0,0 +1,76 @@
+import jwt from "jsonwebtoken";
+import Update from "../../../models/update.js";
+import Member from "../../../models/member.js";
+import { connectDB } from "../../../utils/mongoose.js";
+
+export default defineEventHandler(async (event) => {
+  await connectDB();
+
+  const userId = getRouterParam(event, "id");
+  const token = getCookie(event, "auth-token");
+  let currentMemberId = null;
+
+  // Check if user is authenticated
+  if (token) {
+    try {
+      const decoded = jwt.verify(token, process.env.JWT_SECRET);
+      currentMemberId = decoded.memberId;
+    } catch (err) {
+      // Token invalid, continue as non-member
+    }
+  }
+
+  const query = getQuery(event);
+  const limit = parseInt(query.limit) || 20;
+  const skip = parseInt(query.skip) || 0;
+
+  try {
+    // Verify the user exists
+    const user = await Member.findById(userId);
+    if (!user) {
+      throw createError({
+        statusCode: 404,
+        statusMessage: "User not found",
+      });
+    }
+
+    // Build privacy filter
+    let privacyFilter;
+    if (!currentMemberId) {
+      // Not authenticated - only show public updates
+      privacyFilter = { author: userId, privacy: "public" };
+    } else if (currentMemberId === userId) {
+      // Viewing own updates - show all
+      privacyFilter = { author: userId };
+    } else {
+      // Authenticated member viewing another's updates - show public and members-only
+      privacyFilter = { author: userId, privacy: { $in: ["public", "members"] } };
+    }
+
+    const updates = await Update.find(privacyFilter)
+      .populate("author", "name avatar")
+      .sort({ createdAt: -1 })
+      .limit(limit)
+      .skip(skip);
+
+    const total = await Update.countDocuments(privacyFilter);
+
+    return {
+      updates,
+      total,
+      hasMore: skip + limit < total,
+      user: {
+        _id: user._id,
+        name: user.name,
+        avatar: user.avatar,
+      },
+    };
+  } catch (error) {
+    if (error.statusCode) throw error;
+    console.error("Get user updates error:", error);
+    throw createError({
+      statusCode: 500,
+      statusMessage: "Failed to fetch user updates",
+    });
+  }
+});