PTS/SkyArtShop
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix admin route access and backend configuration

Browse Source 
- Added /admin redirect to login page in nginx config
- Fixed backend server.js route ordering for proper admin handling
- Updated authentication middleware and routes
- Added user management routes
- Configured PostgreSQL integration
- Updated environment configuration
This commit is contained in:
Local Server
2025-12-13 22:34:11 -06:00
parent 8bb6430a70
commit 703ab57984
253 changed files with 29870 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
backend/routes/admin.js
View File

@@ -1,79 +1,97 @@
const express = require('express');
const { query } = require('../config/database');
const { requireAuth } = require('../middleware/auth');
const express = require("express");
const { query } = require("../config/database");
const { requireAuth } = require("../middleware/auth");
const router = express.Router();
router.get('/dashboard', requireAuth, async (req, res) => {
// Dashboard stats API
router.get("/dashboard/stats", requireAuth, async (req, res) => {
try {
const productsCount = await query('SELECT COUNT(*) FROM products');
const ordersCount = await query('SELECT COUNT(*) FROM orders');
const usersCount = await query('SELECT COUNT(*) FROM appusers');
const pagesCount = await query('SELECT COUNT(*) FROM pages');
const recentOrders = await query(
'SELECT id, ordernumber, totalamount, status, createdat FROM orders ORDER BY createdat DESC LIMIT 5'
);
res.render('admin/dashboard', {
title: 'Dashboard - SkyArtShop Admin',
user: req.session,
const productsCount = await query("SELECT COUNT(*) FROM products");
const projectsCount = await query("SELECT COUNT(*) FROM portfolioprojects");
const blogCount = await query("SELECT COUNT(*) FROM blogposts");
const pagesCount = await query("SELECT COUNT(*) FROM pages");
res.json({
success: true,
stats: {
products: productsCount.rows[0].count,
orders: ordersCount.rows[0].count,
users: usersCount.rows[0].count,
pages: pagesCount.rows[0].count
products: parseInt(productsCount.rows[0].count),
projects: parseInt(projectsCount.rows[0].count),
blog: parseInt(blogCount.rows[0].count),
pages: parseInt(pagesCount.rows[0].count),
},
user: {
name: req.session.name,
email: req.session.email,
role: req.session.role,
},
recentOrders: recentOrders.rows
});
} catch (error) {
console.error('Dashboard error:', error);
res.status(500).send('Server error');
console.error("Dashboard error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
router.get('/products', requireAuth, async (req, res) => {
// Products API
router.get("/products", requireAuth, async (req, res) => {
try {
const result = await query(
'SELECT id, name, price, stockquantity, isactive, createdat FROM products ORDER BY createdat DESC'
"SELECT id, name, price, stockquantity, isactive, createdat FROM products ORDER BY createdat DESC"
);
res.render('admin/products', {
title: 'Products - SkyArtShop Admin',
user: req.session,
products: result.rows
res.json({
success: true,
products: result.rows,
});
} catch (error) {
console.error('Products error:', error);
res.status(500).send('Server error');
console.error("Products error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
router.get('/orders', requireAuth, async (req, res) => {
// Portfolio Projects API
router.get("/portfolio/projects", requireAuth, async (req, res) => {
try {
const result = await query(
'SELECT id, ordernumber, totalamount, status, createdat FROM orders ORDER BY createdat DESC'
"SELECT id, title, description, imageurl, categoryid, createdat FROM portfolioprojects ORDER BY createdat DESC"
);
res.render('admin/orders', {
title: 'Orders - SkyArtShop Admin',
user: req.session,
orders: result.rows
res.json({
success: true,
projects: result.rows,
});
} catch (error) {
console.error('Orders error:', error);
res.status(500).send('Server error');
console.error("Portfolio error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
router.get('/users', requireAuth, async (req, res) => {
// Blog Posts API
router.get("/blog", requireAuth, async (req, res) => {
try {
const result = await query(
'SELECT id, email, name, role, createdat, lastlogin FROM adminusers ORDER BY createdat DESC'
"SELECT id, title, slug, excerpt, ispublished, createdat FROM blogposts ORDER BY createdat DESC"
);
res.render('admin/users', {
title: 'Admin Users - SkyArtShop Admin',
user: req.session,
users: result.rows
res.json({
success: true,
posts: result.rows,
});
} catch (error) {
console.error('Users error:', error);
res.status(500).send('Server error');
console.error("Blog error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
// Pages API
router.get("/pages", requireAuth, async (req, res) => {
try {
const result = await query(
"SELECT id, title, slug, ispublished, createdat FROM pages ORDER BY createdat DESC"
);
res.json({
success: true,
pages: result.rows,
});
} catch (error) {
console.error("Pages error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});

93
backend/routes/auth.js
View File

@@ -1,49 +1,100 @@
const express = require("express");
const bcrypt = require("bcrypt");
const { query } = require("../config/database");
const { redirectIfAuth } = require("../middleware/auth");
const router = express.Router();
router.get("/login", redirectIfAuth, (req, res) => {
res.render("admin/login", {
error: req.query.error,
title: "Admin Login - SkyArtShop",
});
});
// Login endpoint (JSON API)
router.post("/login", async (req, res) => {
const { email, password } = req.body;
try {
const result = await query(
"SELECT id, email, name, passwordhash, role FROM adminusers WHERE email = $1",
`
SELECT u.id, u.email, u.username, u.passwordhash, u.role_id, u.isactive,
r.name as role_name, r.permissions
FROM adminusers u
LEFT JOIN roles r ON u.role_id = r.id
WHERE u.email = $1
`,
[email]
);
if (result.rows.length === 0) {
return res.redirect("/admin/login?error=invalid");
return res
.status(401)
.json({ success: false, message: "Invalid email or password" });
}
const admin = result.rows[0];
// Check if user is active
if (!admin.isactive) {
return res
.status(401)
.json({ success: false, message: "Account is deactivated" });
}
const validPassword = await bcrypt.compare(password, admin.passwordhash);
if (!validPassword) {
return res.redirect("/admin/login?error=invalid");
return res
.status(401)
.json({ success: false, message: "Invalid email or password" });
}
await query("UPDATE adminusers SET lastlogin = NOW() WHERE id = $1", [
// Update last login
await query("UPDATE adminusers SET last_login = NOW() WHERE id = $1", [
admin.id,
]);
req.session.adminId = admin.id;
req.session.email = admin.email;
req.session.name = admin.name;
req.session.role = admin.role;
res.redirect("/admin/dashboard");
// Store user info in session
req.session.user = {
id: admin.id,
email: admin.email,
username: admin.username,
role_id: admin.role_id,
role_name: admin.role_name,
permissions: admin.permissions,
};
// Save session before responding
req.session.save((err) => {
if (err) {
console.error("Session save error:", err);
return res
.status(500)
.json({ success: false, message: "Session error" });
}
res.json({
success: true,
user: req.session.user,
});
});
} catch (error) {
console.error("Login error:", error);
res.redirect("/admin/login?error=server");
res.status(500).json({ success: false, message: "Server error" });
}
});
router.get("/logout", (req, res) => {
// Check session endpoint
router.get("/session", (req, res) => {
if (req.session && req.session.user) {
res.json({
authenticated: true,
user: req.session.user,
});
} else {
res.status(401).json({ authenticated: false });
}
});
// Logout endpoint
router.post("/logout", (req, res) => {
req.session.destroy((err) => {
if (err) console.error("Logout error:", err);
res.redirect("/admin/login");
if (err) {
console.error("Logout error:", err);
return res.status(500).json({ success: false, message: "Logout failed" });
}
res.json({ success: true, message: "Logged out successfully" });
});
});

128
backend/routes/public.js
View File

@@ -1,38 +1,122 @@
const express = require('express');
const { query } = require('../config/database');
const express = require("express");
const { query } = require("../config/database");
const router = express.Router();
router.get('/', async (req, res) => {
// Get all products
router.get("/products", async (req, res) => {
try {
const products = await query(
'SELECT id, name, description, price, imageurl FROM products WHERE isactive = true ORDER BY createdat DESC LIMIT 8'
const result = await query(
"SELECT id, name, description, shortdescription, price, imageurl, images, category, color, stockquantity, isactive, createdat FROM products WHERE isactive = true ORDER BY createdat DESC"
);
const sections = await query(
'SELECT * FROM homepagesections ORDER BY displayorder ASC'
);
res.render('public/home', {
title: 'Welcome - SkyArtShop',
products: products.rows,
sections: sections.rows
res.json({
success: true,
products: result.rows,
});
} catch (error) {
console.error('Home page error:', error);
res.status(500).send('Server error');
console.error("Products API error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
router.get('/shop', async (req, res) => {
// Get featured products
router.get("/products/featured", async (req, res) => {
try {
const products = await query(
'SELECT id, name, description, price, imageurl, category FROM products WHERE isactive = true ORDER BY name ASC'
const limit = parseInt(req.query.limit) || 4;
const result = await query(
"SELECT id, name, description, price, imageurl, images FROM products WHERE isactive = true ORDER BY createdat DESC LIMIT $1",
[limit]
);
res.render('public/shop', {
title: 'Shop - SkyArtShop',
products: products.rows
res.json({
success: true,
products: result.rows,
});
} catch (error) {
console.error('Shop page error:', error);
res.status(500).send('Server error');
console.error("Featured products error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
// Get single product
router.get("/products/:id", async (req, res) => {
try {
const result = await query(
"SELECT * FROM products WHERE id = $1 AND isactive = true",
[req.params.id]
);
if (result.rows.length === 0) {
return res
.status(404)
.json({ success: false, message: "Product not found" });
}
res.json({
success: true,
product: result.rows[0],
});
} catch (error) {
console.error("Product detail error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
// Get site settings
router.get("/settings", async (req, res) => {
try {
const result = await query("SELECT * FROM sitesettings LIMIT 1");
res.json({
success: true,
settings: result.rows[0] || {},
});
} catch (error) {
console.error("Settings error:", error);
res.json({ success: true, settings: {} });
}
});
// Get homepage sections
router.get("/homepage/sections", async (req, res) => {
try {
const result = await query(
"SELECT * FROM homepagesections ORDER BY displayorder ASC"
);
res.json({
success: true,
sections: result.rows,
});
} catch (error) {
console.error("Homepage sections error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
// Get portfolio projects
router.get("/portfolio/projects", async (req, res) => {
try {
const result = await query(
"SELECT id, title, description, imageurl, categoryid, createdat FROM portfolioprojects ORDER BY createdat DESC"
);
res.json({
success: true,
projects: result.rows,
});
} catch (error) {
console.error("Portfolio error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
// Get blog posts
router.get("/blog/posts", async (req, res) => {
try {
const result = await query(
"SELECT id, title, slug, excerpt, content, imageurl, ispublished, createdat FROM blogposts WHERE ispublished = true ORDER BY createdat DESC"
);
res.json({
success: true,
posts: result.rows,
});
} catch (error) {
console.error("Blog posts error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});

334
backend/routes/users.js Normal file
View File

@@ -0,0 +1,334 @@
const express = require("express");
const bcrypt = require("bcrypt");
const { query } = require("../config/database");
const { requireAuth, requireRole } = require("../middleware/auth");
const router = express.Router();
// Require admin role for all routes
router.use(requireAuth);
router.use(requireRole("role-admin"));
// Get all users with roles
router.get("/", async (req, res) => {
try {
const result = await query(`
SELECT
u.id, u.username, u.email, u.role_id, u.isactive,
u.last_login, u.createdat, u.password_never_expires,
u.password_expires_at, u.last_password_change,
r.name as role_name, r.description as role_description
FROM adminusers u
LEFT JOIN roles r ON u.role_id = r.id
ORDER BY u.createdat DESC
`);
res.json({
success: true,
users: result.rows,
});
} catch (error) {
console.error("Get users error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
// Get all roles
router.get("/roles", async (req, res) => {
try {
const result = await query(`
SELECT id, name, description, permissions
FROM roles
ORDER BY name
`);
res.json({
success: true,
roles: result.rows,
});
} catch (error) {
console.error("Get roles error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
// Create new user
router.post("/", async (req, res) => {
try {
const { username, email, password, role_id, password_never_expires } =
req.body;
// Validate required fields
if (!username || !email || !password || !role_id) {
return res.status(400).json({
success: false,
message: "Username, email, password, and role are required",
});
}
// Check if user already exists
const existing = await query("SELECT id FROM adminusers WHERE email = $1", [
email,
]);
if (existing.rows.length > 0) {
return res.status(400).json({
success: false,
message: "User with this email already exists",
});
}
// Hash password
const hashedPassword = await bcrypt.hash(password, 10);
// Calculate password expiry (90 days from now if not never expires)
let passwordExpiresAt = null;
if (!password_never_expires) {
const expiryDate = new Date();
expiryDate.setDate(expiryDate.getDate() + 90);
passwordExpiresAt = expiryDate.toISOString();
}
// Insert new user
const result = await query(
`
INSERT INTO adminusers (
id, username, email, passwordhash, role_id,
password_never_expires, password_expires_at,
isactive, created_by, createdat, last_password_change
) VALUES (
'user-' || gen_random_uuid()::text,
$1, $2, $3, $4, $5, $6, true, $7, NOW(), NOW()
)
RETURNING id, username, email, role_id, isactive, createdat
`,
[
username,
email,
hashedPassword,
role_id,
password_never_expires || false,
passwordExpiresAt,
req.session.user.email,
]
);
res.json({
success: true,
message: "User created successfully",
user: result.rows[0],
});
} catch (error) {
console.error("Create user error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
// Update user
router.put("/:id", async (req, res) => {
try {
const { id } = req.params;
const { username, email, role_id, isactive, password_never_expires } =
req.body;
// Build update query dynamically
const updates = [];
const values = [];
let paramCount = 1;
if (username !== undefined) {
updates.push(`username = $${paramCount++}`);
values.push(username);
}
if (email !== undefined) {
updates.push(`email = $${paramCount++}`);
values.push(email);
}
if (role_id !== undefined) {
updates.push(`role_id = $${paramCount++}`);
values.push(role_id);
}
if (isactive !== undefined) {
updates.push(`isactive = $${paramCount++}`);
values.push(isactive);
}
if (password_never_expires !== undefined) {
updates.push(`password_never_expires = $${paramCount++}`);
values.push(password_never_expires);
// If setting to never expire, clear expiry date
if (password_never_expires) {
updates.push(`password_expires_at = NULL`);
}
}
updates.push(`updated_at = NOW()`);
values.push(id);
const result = await query(
`
UPDATE adminusers
SET ${updates.join(", ")}
WHERE id = $${paramCount}
RETURNING id, username, email, role_id, isactive, password_never_expires
`,
values
);
if (result.rows.length === 0) {
return res.status(404).json({
success: false,
message: "User not found",
});
}
res.json({
success: true,
message: "User updated successfully",
user: result.rows[0],
});
} catch (error) {
console.error("Update user error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
// Reset user password
router.post("/:id/reset-password", async (req, res) => {
try {
const { id } = req.params;
const { new_password } = req.body;
if (!new_password || new_password.length < 6) {
return res.status(400).json({
success: false,
message: "Password must be at least 6 characters long",
});
}
// Hash new password
const hashedPassword = await bcrypt.hash(new_password, 10);
// Get user's password expiry setting
const userResult = await query(
"SELECT password_never_expires FROM adminusers WHERE id = $1",
[id]
);
if (userResult.rows.length === 0) {
return res.status(404).json({
success: false,
message: "User not found",
});
}
// Calculate new expiry date (90 days from now if not never expires)
let passwordExpiresAt = null;
if (!userResult.rows[0].password_never_expires) {
const expiryDate = new Date();
expiryDate.setDate(expiryDate.getDate() + 90);
passwordExpiresAt = expiryDate.toISOString();
}
// Update password
await query(
`
UPDATE adminusers
SET passwordhash = $1,
password_expires_at = $2,
last_password_change = NOW(),
updated_at = NOW()
WHERE id = $3
`,
[hashedPassword, passwordExpiresAt, id]
);
res.json({
success: true,
message: "Password reset successfully",
});
} catch (error) {
console.error("Reset password error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
// Delete user
router.delete("/:id", async (req, res) => {
try {
const { id } = req.params;
// Prevent deleting yourself
if (id === req.session.user.id) {
return res.status(400).json({
success: false,
message: "Cannot delete your own account",
});
}
const result = await query(
"DELETE FROM adminusers WHERE id = $1 RETURNING id",
[id]
);
if (result.rows.length === 0) {
return res.status(404).json({
success: false,
message: "User not found",
});
}
res.json({
success: true,
message: "User deleted successfully",
});
} catch (error) {
console.error("Delete user error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
// Toggle user active status
router.post("/:id/toggle-status", async (req, res) => {
try {
const { id } = req.params;
// Prevent deactivating yourself
if (id === req.session.user.id) {
return res.status(400).json({
success: false,
message: "Cannot deactivate your own account",
});
}
const result = await query(
`
UPDATE adminusers
SET isactive = NOT isactive,
updated_at = NOW()
WHERE id = $1
RETURNING id, isactive
`,
[id]
);
if (result.rows.length === 0) {
return res.status(404).json({
success: false,
message: "User not found",
});
}
res.json({
success: true,
message: `User ${
result.rows[0].isactive ? "activated" : "deactivated"
} successfully`,
isactive: result.rows[0].isactive,
});
} catch (error) {
console.error("Toggle status error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
module.exports = router;