base commit

2026-05-03 19:57:12 +05:00
parent 9139a24093
commit fe10f25b8c
53 changed files with 2064 additions and 1071 deletions
@@ -1,5 +1,4 @@
 import crypto from 'node:crypto'
-import bcrypt from 'bcryptjs'
 import { prisma } from './prisma.js'
 import { sendLoginCodeEmail } from './email.js'

@@ -54,11 +53,4 @@ export async function verifyEmailCode({ email, purpose, code, userId = null }) {
  return true
 }

-export async function hashPassword(password) {
-  return bcrypt.hash(password, 10)
-}
-
-export async function verifyPassword(password, passwordHash) {
-  return bcrypt.compare(password, passwordHash)
-}

@@ -0,0 +1,16 @@
+import { normalizeEmail } from './auth.js'
+import { prisma } from './prisma.js'
+
+export async function ensureAdminUser() {
+  const adminEmail = normalizeEmail(process.env.ADMIN_EMAIL)
+  if (!adminEmail) return
+  if (!adminEmail.includes('@')) {
+    throw new Error('ADMIN_EMAIL должен быть валидным email')
+  }
+
+  await prisma.user.upsert({
+    where: { email: adminEmail },
+    update: {},
+    create: { email: adminEmail },
+  })
+}
@@ -0,0 +1,44 @@
+import crypto from 'node:crypto'
+import fs from 'node:fs'
+import path from 'node:path'
+
+export function safeImageExt(filename) {
+  const ext = path.extname(String(filename || '')).toLowerCase()
+  const allowed = new Set(['.png', '.jpg', '.jpeg', '.webp'])
+  return allowed.has(ext) ? ext : null
+}
+
+export function uploadError(message, statusCode = 400) {
+  const err = new Error(message)
+  err.statusCode = statusCode
+  return err
+}
+
+export async function persistMultipartImages(request, { maxFiles = 10 } = {}) {
+  if (!request.isMultipart()) {
+    throw uploadError('Ожидается multipart/form-data')
+  }
+
+  const uploadsDir = path.join(process.cwd(), 'uploads')
+  await fs.promises.mkdir(uploadsDir, { recursive: true })
+
+  const urls = []
+  const parts = request.parts()
+  for await (const part of parts) {
+    if (part.type !== 'file') continue
+    if (urls.length >= maxFiles) {
+      throw uploadError(`Можно загрузить не более ${maxFiles} файл(ов)`)
+    }
+    const ext = safeImageExt(part.filename)
+    if (!ext) {
+      throw uploadError('Разрешены только файлы: png, jpg, jpeg, webp')
+    }
+
+    const fileName = `${crypto.randomUUID()}${ext}`
+    const fullPath = path.join(uploadsDir, fileName)
+    await fs.promises.writeFile(fullPath, await part.toBuffer())
+    urls.push(`/uploads/${fileName}`)
+  }
+
+  return urls
+}