boha_admin/app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 26 Wiki Activity

feat: add project files REST endpoints with auth and audit logging

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
BOHA
2026-03-23 10:19:11 +01:00
parent ff26dc497d
commit 49e668ee2a
3 changed files with 219 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

215
src/routes/admin/project-files.ts Normal file
View File

@@ -0,0 +1,215 @@
import fs from 'fs';
import { FastifyInstance } from 'fastify';
import multipart from '@fastify/multipart';
import prisma from '../../config/database';
import { config } from '../../config/env';
import { requirePermission } from '../../middleware/auth';
import { logAudit } from '../../services/audit';
import { success, error } from '../../utils/response';
import { NasFileManager } from '../../services/nas-file-manager';
export default async function projectFilesRoutes(fastify: FastifyInstance): Promise<void> {
await fastify.register(multipart, { limits: { fileSize: config.nas.maxUploadSize } });
const fm = new NasFileManager();
async function getProjectForFiles(projectId: number) {
if (!projectId || isNaN(projectId) || projectId <= 0) return null;
return prisma.projects.findUnique({
where: { id: projectId },
select: { id: true, project_number: true, name: true },
});
}
// GET / — list files or download
fastify.get('/', { preHandler: requirePermission('projects.view') }, async (request, reply) => {
const query = request.query as Record<string, string>;
const projectId = Number(query.project_id);
const project = await getProjectForFiles(projectId);
if (!project) return error(reply, 'Projekt nebyl nalezen', 404);
if (!fm.isConfigured()) {
return error(reply, 'Souborový systém není nakonfigurován', 500);
}
const subPath = query.path || '';
if (query.action === 'download') {
if (!subPath) return error(reply, 'Cesta k souboru je povinná');
if (!project.project_number) return error(reply, 'Projekt nemá číslo projektu');
const result = fm.downloadFile(project.project_number, subPath);
if (!result) return error(reply, 'Soubor nebyl nalezen', 404);
const stream = fs.createReadStream(result.filePath);
return reply
.header('Content-Disposition', `attachment; filename="${encodeURIComponent(result.fileName)}"`)
.header('Content-Type', result.mime)
.header('X-Content-Type-Options', 'nosniff')
.send(stream);
}
// List files
if (!project.project_number) return error(reply, 'Projekt nemá číslo projektu');
const result = fm.listFiles(project.project_number, subPath);
if (result === null) {
return error(reply, 'Složka nebyla nalezena', 404);
}
return success(reply, {
...result,
project_number: project.project_number,
folder_exists: true,
});
});
// POST / — create folder (JSON body)
fastify.post('/', { preHandler: requirePermission('projects.files') }, async (request, reply) => {
const query = request.query as Record<string, string>;
const projectId = Number(query.project_id);
const project = await getProjectForFiles(projectId);
if (!project) return error(reply, 'Projekt nebyl nalezen', 404);
if (!project.project_number) return error(reply, 'Projekt nemá číslo projektu');
if (!fm.isConfigured()) {
return error(reply, 'Souborový systém není nakonfigurován', 500);
}
const body = request.body as Record<string, unknown>;
const folderName = String(body.folder_name || '').trim();
const path = String(body.path || '');
if (!folderName) return error(reply, 'Název složky je povinný');
if ([...folderName].length > 100) return error(reply, 'Název složky je příliš dlouhý (max 100 znaků)');
// Auto-create project folder if it doesn't exist
if (!fm.projectFolderExists(project.project_number)) {
fm.createProjectFolder(project.project_number, project.name || '');
}
const err = fm.createFolder(project.project_number, path, folderName);
if (err !== null) return error(reply, err);
await logAudit({
request,
authData: request.authData,
action: 'create',
entityType: 'project_file',
entityId: project.id,
description: `Vytvořena složka '${folderName}' v projektu '${project.project_number}'`,
newValues: { folder: folderName, path },
});
return success(reply, null, 200, 'Složka byla vytvořena');
});
// POST /upload — upload file (multipart)
fastify.post('/upload', {
preHandler: requirePermission('projects.files'),
bodyLimit: config.nas.maxUploadSize,
}, async (request, reply) => {
const query = request.query as Record<string, string>;
const projectId = Number(query.project_id);
const project = await getProjectForFiles(projectId);
if (!project) return error(reply, 'Projekt nebyl nalezen', 404);
if (!project.project_number) return error(reply, 'Projekt nemá číslo projektu');
if (!fm.isConfigured()) {
return error(reply, 'Souborový systém není nakonfigurován', 500);
}
// Auto-create project folder if it doesn't exist
if (!fm.projectFolderExists(project.project_number)) {
fm.createProjectFolder(project.project_number, project.name || '');
}
const file = await request.file();
if (!file) return error(reply, 'Nebyl nahrán žádný soubor');
const subPath = query.path || '';
const fileBuffer = await file.toBuffer();
const fileName = file.filename;
const err = await fm.uploadFile(project.project_number, subPath, fileBuffer, fileName);
if (err !== null) return error(reply, err);
await logAudit({
request,
authData: request.authData,
action: 'create',
entityType: 'project_file',
entityId: project.id,
description: `Nahrán soubor do projektu '${project.project_number}'`,
newValues: { file: fileName, path: subPath },
});
return success(reply, null, 200, 'Soubor byl nahrán');
});
// PUT / — move/rename
fastify.put('/', { preHandler: requirePermission('projects.files') }, async (request, reply) => {
const query = request.query as Record<string, string>;
const projectId = Number(query.project_id);
const project = await getProjectForFiles(projectId);
if (!project) return error(reply, 'Projekt nebyl nalezen', 404);
if (!project.project_number) return error(reply, 'Projekt nemá číslo projektu');
if (!fm.isConfigured()) {
return error(reply, 'Souborový systém není nakonfigurován', 500);
}
const body = request.body as Record<string, unknown>;
const fromPath = String(body.from_path || '');
const toPath = String(body.to_path || '');
if (!fromPath || !toPath) return error(reply, 'Zdrojová i cílová cesta jsou povinné');
const err = fm.moveItem(project.project_number, fromPath, toPath);
if (err !== null) return error(reply, err);
await logAudit({
request,
authData: request.authData,
action: 'update',
entityType: 'project_file',
entityId: project.id,
description: `Přesun/přejmenování v projektu '${project.project_number}'`,
oldValues: { path: fromPath },
newValues: { path: toPath },
});
return success(reply, null, 200, 'Soubor byl přesunut');
});
// DELETE / — delete file/folder
fastify.delete('/', { preHandler: requirePermission('projects.files') }, async (request, reply) => {
const query = request.query as Record<string, string>;
const projectId = Number(query.project_id);
const project = await getProjectForFiles(projectId);
if (!project) return error(reply, 'Projekt nebyl nalezen', 404);
if (!project.project_number) return error(reply, 'Projekt nemá číslo projektu');
if (!fm.isConfigured()) {
return error(reply, 'Souborový systém není nakonfigurován', 500);
}
const filePath = query.path || '';
if (!filePath) return error(reply, 'Cesta k souboru je povinná');
const err = await fm.deleteItem(project.project_number, filePath);
if (err !== null) return error(reply, err);
await logAudit({
request,
authData: request.authData,
action: 'delete',
entityType: 'project_file',
entityId: project.id,
description: `Smazán soubor/složka v projektu '${project.project_number}'`,
oldValues: { path: filePath },
});
return success(reply, null, 200, 'Soubor byl smazán');
});
}