fix: images, couverture, slash, agents, wizard, Stripe et admin
- Collage/accès images: ownership path userId + meta legacy, 403 non caché - Couverture note: explicite (choix/aucune), plus d’auto depuis le corps - Éditeur: suppression image TipTap, sync immédiate, toolbar réordonnée - Slash: listes par titre (plus d’index), keywords nettoyés - Agents: nextRun à la réactivation, cron sans stampede null - Wizard: titres courts + mode Expert plus robuste - Stripe checkout hosted fiable; admin métriques live; dark mode IA/settings - Indexation notes courtes + test unit aligné
This commit is contained in:
@@ -3,6 +3,7 @@ import { writeFile, mkdir } from 'fs/promises'
|
||||
import path from 'path'
|
||||
import { randomUUID } from 'crypto'
|
||||
import { auth } from '@/auth'
|
||||
import { writeUploadMeta } from '@/lib/upload-access'
|
||||
|
||||
const ALLOWED_TYPES = ['image/jpeg', 'image/png', 'image/gif', 'image/webp']
|
||||
const MAX_SIZE = 5 * 1024 * 1024 // 5MB
|
||||
@@ -14,14 +15,12 @@ export async function POST(request: NextRequest) {
|
||||
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
||||
}
|
||||
|
||||
const userId = session.user.id
|
||||
const formData = await request.formData()
|
||||
const file = formData.get('file') as File
|
||||
|
||||
if (!file) {
|
||||
return NextResponse.json(
|
||||
{ error: 'No file uploaded' },
|
||||
{ status: 400 }
|
||||
)
|
||||
return NextResponse.json({ error: 'No file uploaded' }, { status: 400 })
|
||||
}
|
||||
|
||||
if (!ALLOWED_TYPES.includes(file.type)) {
|
||||
@@ -33,7 +32,6 @@ export async function POST(request: NextRequest) {
|
||||
}
|
||||
|
||||
const buffer = Buffer.from(await file.arrayBuffer())
|
||||
// Resolve extension from file name, falling back to MIME type (e.g. clipboard pastes)
|
||||
let ext = path.extname(file.name).toLowerCase()
|
||||
if (!['.jpg', '.jpeg', '.png', '.gif', '.webp'].includes(ext)) {
|
||||
const mimeToExt: Record<string, string> = {
|
||||
@@ -44,23 +42,28 @@ export async function POST(request: NextRequest) {
|
||||
}
|
||||
ext = mimeToExt[file.type] || '.png'
|
||||
}
|
||||
|
||||
const filename = `${randomUUID()}${ext}`
|
||||
|
||||
// Ensure directory exists (data/uploads is outside public/, served via API route)
|
||||
const uploadDir = path.join(process.cwd(), 'data/uploads/notes')
|
||||
// Ownership in path: /uploads/notes/{userId}/{filename}
|
||||
const relativeUnderNotes = `${userId}/${filename}`
|
||||
const uploadDir = path.join(process.cwd(), 'data', 'uploads', 'notes', userId)
|
||||
await mkdir(uploadDir, { recursive: true })
|
||||
|
||||
|
||||
const filePath = path.join(uploadDir, filename)
|
||||
await writeFile(filePath, buffer)
|
||||
await writeUploadMeta(relativeUnderNotes, userId)
|
||||
|
||||
return NextResponse.json({
|
||||
success: true,
|
||||
url: `/uploads/notes/${filename}`
|
||||
const url = `/uploads/notes/${relativeUnderNotes}`
|
||||
|
||||
return NextResponse.json({
|
||||
success: true,
|
||||
url,
|
||||
})
|
||||
} catch (error) {
|
||||
console.error('[upload]', error)
|
||||
return NextResponse.json(
|
||||
{ error: 'Failed to upload file' },
|
||||
{ status: 500 }
|
||||
{ status: 500 },
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user