Add server, routes, views, CLI, CSS, and integration tests

- Server factory with Fastify plugins (JWT, cookie, multipart, formbody, static) - Auth middleware: requireAuth preHandler (401 for API, redirect for pages) - Auth API routes: POST /api/v1/auth/login, POST /api/v1/auth/logout - File API routes: GET/POST /api/v1/files, DELETE /api/v1/files/:id - Page routes: /, /login, /logout, /upload, /files, /files/:id/delete, /f/:id, /f/:id/raw - HTML views: layout, login, upload, file-list, file-view, not-found - CLI register-user script - public/style.css dark theme - Test helpers: createTestApp, loginAs, buildMultipart - Integration tests for auth API, file API, and page routes (51 tests passing) - Update CLAUDE.md with red/green TDD and commit instructions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-03 15:55:14 -08:00
parent 157d1e8230
commit 8fd1464b9d
19 changed files with 1180 additions and 1 deletions
--- a/src/routes/api/v1/files.ts
+++ b/src/routes/api/v1/files.ts
@@ -0,0 +1,71 @@
+import type { FastifyPluginAsync } from 'fastify';
+import { extname } from 'path';
+import { nanoid } from 'nanoid';
+import type Database from 'better-sqlite3';
+import type { Config } from '../../../config.ts';
+import type { Logger } from '../../../middleware/logging.ts';
+import type { JwtPayload } from '../../../types.ts';
+import { createFile, getFilesByUserId, getFileById, deleteFile } from '../../../db/files.ts';
+import { saveFile, deleteStoredFile } from '../../../services/storage.ts';
+import { requireAuth } from '../../../middleware/auth.ts';
+
+interface Deps {
+  db: Database.Database;
+  config: Config;
+  logger: Logger;
+}
+
+export const filesApiRoutes: FastifyPluginAsync<{ deps: Deps }> = async (app, { deps }) => {
+  const { db, config } = deps;
+
+  app.get('/', { preHandler: requireAuth }, async (request, reply) => {
+    const { sub: userId } = request.user as JwtPayload;
+    const files = getFilesByUserId(db, userId);
+    reply.send({ files });
+  });
+
+  app.post('/', { preHandler: requireAuth }, async (request, reply) => {
+    const { sub: userId } = request.user as JwtPayload;
+    const data = await request.file();
+
+    if (!data) {
+      return reply.status(400).send({ error: 'No file uploaded' });
+    }
+
+    const fileBuffer = await data.toBuffer();
+    const id = nanoid();
+    const ext = extname(data.filename);
+    const storedName = `${id}${ext}`;
+
+    await saveFile(config.uploadDir, storedName, fileBuffer);
+
+    const file = createFile(db, {
+      id,
+      userId,
+      originalName: data.filename,
+      mimeType: data.mimetype,
+      size: fileBuffer.length,
+      storedName,
+    });
+
+    reply.status(201).send({ file, url: `${config.baseUrl}/f/${id}` });
+  });
+
+  app.delete('/:id', { preHandler: requireAuth }, async (request, reply) => {
+    const { sub: userId } = request.user as JwtPayload;
+    const { id } = request.params as { id: string };
+
+    const file = getFileById(db, id);
+    if (!file) {
+      return reply.status(404).send({ error: 'File not found' });
+    }
+
+    const deleted = deleteFile(db, id, userId);
+    if (!deleted) {
+      return reply.status(403).send({ error: 'Forbidden' });
+    }
+
+    await deleteStoredFile(config.uploadDir, file.stored_name);
+    reply.send({ ok: true });
+  });
+};