initiation librodrome

server/api/admin/media/[...path].delete.ts

@@ -0,0 +1,31 @@
+import { unlink } from 'node:fs/promises'
+import { join } from 'node:path'
+
+export default defineEventHandler(async (event) => {
+  const path = getRouterParam(event, 'path')
+
+  if (!path) {
+    throw createError({ statusCode: 400, statusMessage: 'No path provided' })
+  }
+
+  // Prevent path traversal
+  if (path.includes('..')) {
+    throw createError({ statusCode: 400, statusMessage: 'Invalid path' })
+  }
+
+  const publicDir = join(process.cwd(), 'public')
+  const filePath = join(publicDir, path)
+
+  // Ensure file is within public dir
+  if (!filePath.startsWith(publicDir)) {
+    throw createError({ statusCode: 400, statusMessage: 'Invalid path' })
+  }
+
+  try {
+    await unlink(filePath)
+    return { ok: true }
+  }
+  catch {
+    throw createError({ statusCode: 404, statusMessage: 'File not found' })
+  }
+})

server/api/admin/media/index.get.ts

@@ -0,0 +1,52 @@
+import { readdir, stat } from 'node:fs/promises'
+import { join, relative } from 'node:path'
+
+interface MediaFile {
+  name: string
+  path: string
+  size: number
+  type: string
+  modifiedAt: string
+}
+
+export default defineEventHandler(async () => {
+  const publicDir = join(process.cwd(), 'public')
+  const files: MediaFile[] = []
+
+  await walk(publicDir, publicDir, files)
+
+  return files.sort((a, b) => b.modifiedAt.localeCompare(a.modifiedAt))
+})
+
+async function walk(dir: string, root: string, files: MediaFile[]) {
+  const entries = await readdir(dir, { withFileTypes: true })
+
+  for (const entry of entries) {
+    const fullPath = join(dir, entry.name)
+
+    // Skip hidden files and gratewizard-app
+    if (entry.name.startsWith('.') || entry.name === 'gratewizard-app') continue
+
+    if (entry.isDirectory()) {
+      await walk(fullPath, root, files)
+    }
+    else {
+      const info = await stat(fullPath)
+      const relPath = '/' + relative(root, fullPath)
+      const ext = entry.name.split('.').pop()?.toLowerCase() ?? ''
+
+      let type = 'other'
+      if (['jpg', 'jpeg', 'png', 'gif', 'webp', 'svg'].includes(ext)) type = 'image'
+      else if (['mp3', 'wav', 'ogg', 'flac', 'm4a'].includes(ext)) type = 'audio'
+      else if (['pdf'].includes(ext)) type = 'document'
+
+      files.push({
+        name: entry.name,
+        path: relPath,
+        size: info.size,
+        type,
+        modifiedAt: info.mtime.toISOString(),
+      })
+    }
+  }
+}

server/api/admin/media/upload.post.ts

@@ -0,0 +1,37 @@
+import { writeFile, mkdir } from 'node:fs/promises'
+import { join, dirname } from 'node:path'
+
+export default defineEventHandler(async (event) => {
+  const formData = await readMultipartFormData(event)
+
+  if (!formData || formData.length === 0) {
+    throw createError({ statusCode: 400, statusMessage: 'No files provided' })
+  }
+
+  const publicDir = join(process.cwd(), 'public')
+  const uploaded: string[] = []
+
+  for (const file of formData) {
+    if (!file.filename || !file.data) continue
+
+    // Sanitize filename
+    const safeName = file.filename.replace(/[^a-zA-Z0-9._-]/g, '_')
+
+    // Determine subdirectory from content type
+    let subdir = 'uploads'
+    const type = file.type ?? ''
+    if (type.startsWith('image/')) subdir = 'images'
+    else if (type.startsWith('audio/')) subdir = 'audio'
+    else if (type === 'application/pdf') subdir = 'pdf'
+
+    const targetDir = join(publicDir, subdir)
+    await mkdir(targetDir, { recursive: true })
+
+    const targetPath = join(targetDir, safeName)
+    await writeFile(targetPath, file.data)
+
+    uploaded.push(`/${subdir}/${safeName}`)
+  }
+
+  return { ok: true, files: uploaded }
+})