added file upload and storage

2025-07-11 14:21:51 -04:00
parent 14cbbccd3a
commit 31ce343566
8 changed files with 240 additions and 2 deletions
--- a/app/api/files/upload/route.ts
+++ b/app/api/files/upload/route.ts
@@ -0,0 +1,86 @@
+import { getServerSession } from "next-auth";
+import { NextRequest, NextResponse } from "next/server";
+import { authOptions } from "../../auth/[...nextauth]/route";
+import { canUploadOrViewFiles } from "@/lib/auth/checkRole";
+import { v4 as uuidv4 } from 'uuid';
+import path from "path";
+import { mkdirSync, existsSync, writeFileSync } from 'fs';
+import { prisma } from "@/lib/prisma";
+
+const MAX_SIZE_MB = parseInt(process.env.UPLOAD_FILE_SIZE || '10', 10);
+const MAX_SIZE_BYTES = MAX_SIZE_MB * 1024 * 1024;
+
+// Ensure it's relative to project root
+const UPLOAD_DIR = path.join(process.cwd(), 'data/uploads');
+
+export const config = {
+  api: {
+    bodyParser: false,
+  },
+};
+
+export async function POST(req: NextRequest) {
+  const session = await getServerSession(authOptions);
+  const user = session?.user;
+
+  if (!user || !canUploadOrViewFiles(user.role)) {
+    return NextResponse.json({ message: "Unauthorized" }, { status: 401 });
+  }
+
+  try {
+    const formData = await req.formData();
+    const file = formData.get("file") as File | null;
+    const eventId = formData.get("eventId") as string | null;
+
+    if (!file) {
+      return NextResponse.json({ error: "No file uploaded" }, { status: 400 });
+    }
+
+    if (file.size > MAX_SIZE_BYTES) {
+      return NextResponse.json({ error: `File exceeds ${MAX_SIZE_MB}MB` }, { status: 400 });
+    }
+
+    const allowedTypes = ["application/pdf", "image/jpeg", "image/png", "text/plain"];
+    if (!allowedTypes.includes(file.type)) {
+      return NextResponse.json({ error: "Unsupported file type" }, { status: 400 });
+    }
+
+    // Ensure uploads directory exists
+    if (!existsSync(UPLOAD_DIR)) {
+      mkdirSync(UPLOAD_DIR, { recursive: true });
+    }
+
+    // Create unique filename
+    const safeFileName = `${uuidv4()}-${file.name}`;
+    const fullPath = path.join(UPLOAD_DIR, safeFileName);
+
+    const arrayBuffer = await file.arrayBuffer();
+    const buffer = Buffer.from(arrayBuffer);
+    writeFileSync(fullPath, buffer);
+
+    // Save metadata in DB
+    const saved = await prisma.fileUpload.create({
+      data: {
+        filename: file.name,
+        filepath: fullPath,
+        filetype: file.type,
+        filesize: file.size,
+        uploadedBy: {
+          connect: { email: user.email! },
+        },
+        event: eventId ? {
+          connect: { id: eventId }
+        } : undefined,
+      },
+    });
+
+    return NextResponse.json({
+      message: "File uploaded successfully",
+      file: saved,
+    }, { status: 201 });
+
+  } catch (error) {
+    console.error("File upload error:", error);
+    return NextResponse.json({ error: "Internal server error" }, { status: 500 });
+  }
+}