base commit

server/src/index.js

@@ -2,6 +2,9 @@ import 'dotenv/config'
 import Fastify from 'fastify'
 import cors from '@fastify/cors'
 import jwt from '@fastify/jwt'
+import multipart from '@fastify/multipart'
+import fastifyStatic from '@fastify/static'
+import path from 'node:path'
 import { registerAuth } from './plugins/auth.js'
 import { registerApiRoutes } from './routes/api.js'
 import { registerAuthRoutes } from './routes/auth.js'
@@ -23,6 +26,19 @@ await fastify.register(jwt, {
   secret: process.env.JWT_SECRET || 'dev-jwt-secret-change-me',
 })
 
+await fastify.register(multipart, {
+  limits: {
+    files: 10,
+    fileSize: 10 * 1024 * 1024,
+  },
+})
+
+const uploadsDir = path.join(process.cwd(), 'uploads')
+await fastify.register(fastifyStatic, {
+  root: uploadsDir,
+  prefix: '/uploads/',
+})
+
 fastify.decorate('authenticate', async function authenticate(request, reply) {
   try {
     await request.jwtVerify()

server/src/routes/api.js

@@ -1,4 +1,7 @@
 import { prisma } from '../lib/prisma.js'
+import crypto from 'node:crypto'
+import fs from 'node:fs'
+import path from 'node:path'
 
 function slugify(input) {
   return input
@@ -8,6 +11,12 @@ function slugify(input) {
     .replace(/[^a-z0-9-а-яё]/gi, '')
 }
 
+function safeExtFromFilename(filename) {
+  const ext = path.extname(String(filename || '')).toLowerCase()
+  const allowed = new Set(['.png', '.jpg', '.jpeg', '.webp'])
+  return allowed.has(ext) ? ext : null
+}
+
 export async function registerApiRoutes(fastify) {
   fastify.get('/api/categories', async () => {
     return prisma.category.findMany({ orderBy: { sort: 'asc' } })
@@ -21,7 +30,7 @@ export async function registerApiRoutes(fastify) {
     }
     return prisma.product.findMany({
       where,
-      include: { category: true },
+      include: { category: true, images: { orderBy: { sort: 'asc' } } },
       orderBy: { createdAt: 'desc' },
     })
   })
@@ -30,7 +39,7 @@ export async function registerApiRoutes(fastify) {
     const { id } = request.params
     const product = await prisma.product.findFirst({
       where: { id, published: true },
-      include: { category: true },
+      include: { category: true, images: { orderBy: { sort: 'asc' } } },
     })
     if (!product) {
       reply.code(404).send({ error: 'Товар не найден' })
@@ -46,12 +55,45 @@ export async function registerApiRoutes(fastify) {
     { preHandler: [fastify.verifyAdmin] },
     async () => {
       return prisma.product.findMany({
-        include: { category: true },
+        include: { category: true, images: { orderBy: { sort: 'asc' } } },
         orderBy: { updatedAt: 'desc' },
       })
     },
   )
 
+  fastify.post(
+    '/api/admin/uploads',
+    { preHandler: [fastify.verifyAdmin] },
+    async (request, reply) => {
+      if (!request.isMultipart()) {
+        reply.code(400).send({ error: 'Ожидается multipart/form-data' })
+        return
+      }
+
+      const uploadsDir = path.join(process.cwd(), 'uploads')
+      await fs.promises.mkdir(uploadsDir, { recursive: true })
+
+      const urls = []
+      const parts = request.parts()
+
+      for await (const part of parts) {
+        if (part.type !== 'file') continue
+        const ext = safeExtFromFilename(part.filename)
+        if (!ext) {
+          reply.code(400).send({ error: 'Разрешены только файлы: png, jpg, jpeg, webp' })
+          return
+        }
+        const id = crypto.randomUUID()
+        const fileName = `${id}${ext}`
+        const fullPath = path.join(uploadsDir, fileName)
+        await fs.promises.writeFile(fullPath, await part.toBuffer())
+        urls.push(`/uploads/${fileName}`)
+      }
+
+      return { urls }
+    },
+  )
+
   fastify.post(
     '/api/admin/products',
     { preHandler: [fastify.verifyAdmin] },
@@ -74,6 +116,19 @@ export async function registerApiRoutes(fastify) {
         reply.code(400).send({ error: 'Некорректная цена (priceCents ≥ 0)' })
         return
       }
+      const inStock =
+        body.inStock === undefined || body.inStock === null ? true : Boolean(body.inStock)
+      const leadTimeDaysRaw = body.leadTimeDays
+      const leadTimeDays =
+        leadTimeDaysRaw === undefined || leadTimeDaysRaw === null || leadTimeDaysRaw === ''
+          ? null
+          : Number(leadTimeDaysRaw)
+      if (!inStock) {
+        if (!Number.isFinite(leadTimeDays) || leadTimeDays <= 0) {
+          reply.code(400).send({ error: 'Если "под заказ", укажите срок исполнения (дней) > 0' })
+          return
+        }
+      }
       const exists = await prisma.product.findUnique({ where: { slug } })
       if (exists) {
         reply.code(409).send({ error: 'Такой slug уже занят' })
@@ -83,13 +138,25 @@ export async function registerApiRoutes(fastify) {
         data: {
           title,
           slug,
+          shortDescription: body.shortDescription ? String(body.shortDescription) : null,
           description: body.description ? String(body.description) : null,
           priceCents: Math.round(priceCents),
           imageUrl: body.imageUrl ? String(body.imageUrl) : null,
           published: Boolean(body.published),
+          inStock,
+          leadTimeDays: inStock ? null : Math.round(leadTimeDays),
           categoryId,
+          images: Array.isArray(body.imageUrls)
+            ? {
+                create: body.imageUrls
+                  .map((u) => String(u || '').trim())
+                  .filter(Boolean)
+                  .slice(0, 10)
+                  .map((u, idx) => ({ url: u, sort: idx })),
+              }
+            : undefined,
         },
-        include: { category: true },
+        include: { category: true, images: { orderBy: { sort: 'asc' } } },
       })
       reply.code(201).send(product)
     },
@@ -121,6 +188,9 @@ export async function registerApiRoutes(fastify) {
           data.slug = s
         }
       }
+      if (body.shortDescription !== undefined) {
+        data.shortDescription = body.shortDescription ? String(body.shortDescription) : null
+      }
       if (body.description !== undefined) {
         data.description = body.description ? String(body.description) : null
       }
@@ -138,10 +208,48 @@ export async function registerApiRoutes(fastify) {
       if (body.published !== undefined) data.published = Boolean(body.published)
       if (body.categoryId !== undefined) data.categoryId = String(body.categoryId)
 
+      if (body.inStock !== undefined) data.inStock = Boolean(body.inStock)
+      if (body.leadTimeDays !== undefined) {
+        const v = body.leadTimeDays
+        const n = v === null || v === '' ? null : Number(v)
+        if (n !== null && (!Number.isFinite(n) || n <= 0)) {
+          reply.code(400).send({ error: 'Срок исполнения должен быть числом дней > 0' })
+          return
+        }
+        data.leadTimeDays = n === null ? null : Math.round(n)
+      }
+
+      const nextInStock = data.inStock ?? existing.inStock
+      const nextLead = data.leadTimeDays ?? existing.leadTimeDays
+      if (!nextInStock && (!Number.isFinite(nextLead) || nextLead === null || nextLead <= 0)) {
+        reply.code(400).send({ error: 'Если "под заказ", укажите срок исполнения (дней) > 0' })
+        return
+      }
+      if (nextInStock && data.leadTimeDays !== undefined) {
+        data.leadTimeDays = null
+      }
+
+      const imagesUpdate =
+        body.imageUrls !== undefined
+          ? {
+              deleteMany: {},
+              create: Array.isArray(body.imageUrls)
+                ? body.imageUrls
+                    .map((u) => String(u || '').trim())
+                    .filter(Boolean)
+                    .slice(0, 10)
+                    .map((u, idx) => ({ url: u, sort: idx }))
+                : [],
+            }
+          : undefined
+
       const product = await prisma.product.update({
         where: { id },
-        data,
-        include: { category: true },
+        data: {
+          ...data,
+          images: imagesUpdate,
+        },
+        include: { category: true, images: { orderBy: { sort: 'asc' } } },
       })
       return product
     },