Initial commit

2025-12-01 14:49:17 +00:00
commit 3480888eaa
92 changed files with 16631 additions and 0 deletions
--- a/app/uploads/[...path]/route.ts
+++ b/app/uploads/[...path]/route.ts
@@ -0,0 +1,79 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { readFile } from 'fs/promises';
+import { existsSync } from 'fs';
+import path from 'path';
+
+// Upload directory location
+const UPLOAD_DIR = path.join(process.cwd(), 'data', 'uploads');
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path: string[] }> }
+) {
+  try {
+    // Await params in Next.js 16+
+    const { path: pathSegments } = await params;
+
+    console.log('Upload request - pathSegments:', pathSegments);
+    console.log('UPLOAD_DIR:', UPLOAD_DIR);
+
+    // Get the file path from the URL
+    const filePath = path.join(UPLOAD_DIR, ...pathSegments);
+    console.log('Constructed filePath:', filePath);
+
+    // Security: Ensure the resolved path is within UPLOAD_DIR
+    const resolvedPath = path.resolve(filePath);
+    const resolvedUploadDir = path.resolve(UPLOAD_DIR);
+
+    console.log('Resolved path:', resolvedPath);
+    console.log('Resolved upload dir:', resolvedUploadDir);
+
+    if (!resolvedPath.startsWith(resolvedUploadDir)) {
+      console.log('Security check failed - path outside upload dir');
+      return NextResponse.json(
+        { error: 'Invalid file path' },
+        { status: 403 }
+      );
+    }
+
+    // Check if file exists
+    if (!existsSync(resolvedPath)) {
+      console.log('File not found at:', resolvedPath);
+      return NextResponse.json(
+        { error: 'File not found' },
+        { status: 404 }
+      );
+    }
+
+    console.log('File exists, serving...');
+
+    // Read the file
+    const fileBuffer = await readFile(resolvedPath);
+
+    // Determine content type based on file extension
+    const ext = path.extname(resolvedPath).toLowerCase();
+    const contentTypeMap: Record<string, string> = {
+      '.webp': 'image/webp',
+      '.jpg': 'image/jpeg',
+      '.jpeg': 'image/jpeg',
+      '.png': 'image/png',
+      '.gif': 'image/gif',
+    };
+
+    const contentType = contentTypeMap[ext] || 'application/octet-stream';
+
+    // Return the file with appropriate headers
+    return new NextResponse(fileBuffer, {
+      headers: {
+        'Content-Type': contentType,
+        'Cache-Control': 'public, max-age=31536000, immutable',
+      },
+    });
+  } catch (error) {
+    console.error('Error serving file:', error);
+    return NextResponse.json(
+      { error: 'Failed to serve file' },
+      { status: 500 }
+    );
+  }
+}
--- a/app/uploads/route.ts
+++ b/app/uploads/route.ts
@@ -0,0 +1,92 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { writeFile, mkdir } from 'fs/promises';
+import path from 'path';
+import { existsSync } from 'fs';
+import sharp from 'sharp';
+
+// Configuration
+const MAX_FILE_SIZE = 5 * 1024 * 1024; // 5MB
+const ALLOWED_TYPES = ['image/jpeg', 'image/jpg', 'image/png', 'image/webp', 'image/gif'];
+const UPLOAD_DIR = path.join(process.cwd(), 'data', 'uploads');
+
+// Resize configuration
+const MAX_WIDTH = 800;
+const MAX_HEIGHT = 800;
+const QUALITY = 85;
+
+export async function POST(request: NextRequest) {
+  try {
+    const formData = await request.formData();
+    const file = formData.get('file') as File;
+    const type = formData.get('type') as string; // 'wishlist' or 'item'
+
+    if (!file) {
+      return NextResponse.json(
+        { error: 'No file provided' },
+        { status: 400 }
+      );
+    }
+
+    // Validate file type
+    if (!ALLOWED_TYPES.includes(file.type)) {
+      return NextResponse.json(
+        { error: `Invalid file type. Allowed types: ${ALLOWED_TYPES.join(', ')}` },
+        { status: 400 }
+      );
+    }
+
+    // Validate file size
+    if (file.size > MAX_FILE_SIZE) {
+      return NextResponse.json(
+        { error: `File too large. Maximum size: ${MAX_FILE_SIZE / 1024 / 1024}MB` },
+        { status: 400 }
+      );
+    }
+
+    // Create upload directory if it doesn't exist
+    const typeDir = path.join(UPLOAD_DIR, type === 'wishlist' ? 'wishlists' : 'items');
+    if (!existsSync(typeDir)) {
+      // Create directory with 0775 permissions (rwxrwxr-x)
+      await mkdir(typeDir, { recursive: true, mode: 0o775 });
+    }
+
+    // Generate unique filename (always use .webp for output)
+    const timestamp = Date.now();
+    const filename = `${timestamp}-${Math.random().toString(36).substring(7)}.webp`;
+    const filepath = path.join(typeDir, filename);
+
+    // Convert file to buffer
+    const bytes = await file.arrayBuffer();
+    const buffer = Buffer.from(bytes);
+
+    // Resize and optimize image
+    const processedImage = await sharp(buffer)
+      .resize(MAX_WIDTH, MAX_HEIGHT, {
+        fit: 'inside',
+        withoutEnlargement: true,
+      })
+      .webp({ quality: QUALITY })
+      .toBuffer();
+
+    // Save processed image with proper permissions (0664 = rw-rw-r--)
+    // This respects the umask setting and ensures proper group access
+    await writeFile(filepath, processedImage, { mode: 0o664 });
+
+    console.log(`Uploaded file: ${filepath}`);
+
+    // Return the public URL (served from /uploads route)
+    const publicUrl = `/uploads/${type === 'wishlist' ? 'wishlists' : 'items'}/${filename}`;
+
+    return NextResponse.json({
+      success: true,
+      url: publicUrl,
+      filename,
+    });
+  } catch (error) {
+    console.error('Upload error:', error);
+    return NextResponse.json(
+      { error: 'Failed to upload file' },
+      { status: 500 }
+    );
+  }
+}