릴리스: v0.1.6 MariaDB 개발 환경 및 저장소 설정 정리

2026-03-19 14:48:03 +09:00
commit 0c30ae5cb3
52 changed files with 9346 additions and 0 deletions
--- a/backend/src/routes/admin.js
+++ b/backend/src/routes/admin.js
@@ -0,0 +1,64 @@
+const path = require('path')
+const express = require('express')
+const multer = require('multer')
+const { z } = require('zod')
+const { nanoid } = require('nanoid')
+const {
+  findGameById,
+  createGame,
+  updateGameThumbnail,
+  createGameItem,
+} = require('../db')
+const { requireAdmin } = require('../middleware/auth')
+
+const router = express.Router()
+
+function buildUploadFilename(file) {
+  const ext = path.extname(file.originalname || '').toLowerCase()
+  const safeExt = ext && /^[.a-z0-9]+$/.test(ext) ? ext : ''
+  return `${Date.now()}-${nanoid()}${safeExt}`
+}
+
+const upload = multer({
+  storage: multer.diskStorage({
+    destination: (req, file, cb) => cb(null, path.join(__dirname, '..', '..', 'uploads', 'games')),
+    filename: (req, file, cb) => cb(null, buildUploadFilename(file)),
+  }),
+  limits: { fileSize: 6 * 1024 * 1024 },
+})
+
+router.post('/games', requireAdmin, async (req, res) => {
+  const schema = z.object({ id: z.string().min(1), name: z.string().min(1).max(60) })
+  const parsed = schema.safeParse(req.body)
+  if (!parsed.success) return res.status(400).json({ error: 'bad_request' })
+  const exists = await findGameById(parsed.data.id)
+  if (exists) return res.status(409).json({ error: 'game_id_taken' })
+  const game = await createGame({ id: parsed.data.id, name: parsed.data.name })
+  res.json({ game })
+})
+
+router.post('/games/:gameId/thumbnail', requireAdmin, upload.single('thumbnail'), async (req, res) => {
+  if (!req.file) return res.status(400).json({ error: 'file_required' })
+  const game = await findGameById(req.params.gameId)
+  if (!game) return res.status(404).json({ error: 'not_found' })
+  const updated = await updateGameThumbnail(req.params.gameId, `/uploads/games/${req.file.filename}`)
+  res.json({ game: updated })
+})
+
+router.post('/games/:gameId/images', requireAdmin, upload.single('image'), async (req, res) => {
+  if (!req.file) return res.status(400).json({ error: 'file_required' })
+  const schema = z.object({ label: z.string().min(1).max(60) })
+  const parsed = schema.safeParse(req.body)
+  if (!parsed.success) return res.status(400).json({ error: 'bad_request' })
+  const game = await findGameById(req.params.gameId)
+  if (!game) return res.status(404).json({ error: 'not_found' })
+  const item = await createGameItem({
+    id: nanoid(),
+    gameId: game.id,
+    src: `/uploads/games/${req.file.filename}`,
+    label: parsed.data.label,
+  })
+  res.json({ item })
+})
+
+module.exports = router
--- a/backend/src/routes/auth.js
+++ b/backend/src/routes/auth.js
@@ -0,0 +1,114 @@
+const express = require('express')
+const path = require('path')
+const bcrypt = require('bcryptjs')
+const { z } = require('zod')
+const { nanoid } = require('nanoid')
+const multer = require('multer')
+const {
+  countUsers,
+  findUserByEmail,
+  findUserById,
+  createUser,
+  updateUserProfile,
+} = require('../db')
+const { requireAuth } = require('../middleware/auth')
+
+const router = express.Router()
+
+function buildUploadFilename(file) {
+  const ext = path.extname(file.originalname || '').toLowerCase()
+  const safeExt = ext && /^[.a-z0-9]+$/.test(ext) ? ext : ''
+  return `${Date.now()}-${nanoid()}${safeExt}`
+}
+
+const signupSchema = z.object({
+  email: z.string().email(),
+  password: z.string().min(6),
+})
+
+const profileSchema = z.object({
+  nickname: z.string().trim().min(1).max(40),
+})
+
+router.post('/signup', async (req, res) => {
+  const parsed = signupSchema.safeParse(req.body)
+  if (!parsed.success) return res.status(400).json({ error: 'bad_request' })
+
+  const { email, password } = parsed.data
+  const exists = await findUserByEmail(email)
+  if (exists) return res.status(409).json({ error: 'email_taken' })
+
+  const passwordHash = await bcrypt.hash(password, 10)
+  const isAdmin = (await countUsers()) === 0
+  const user = await createUser({ id: nanoid(), email, nickname: '', passwordHash, isAdmin })
+
+  req.session.userId = user.id
+  req.session.isAdmin = !!user.isAdmin
+  res.json(user)
+})
+
+router.post('/login', async (req, res) => {
+  const parsed = signupSchema.safeParse(req.body)
+  if (!parsed.success) return res.status(400).json({ error: 'bad_request' })
+
+  const { email, password } = parsed.data
+  const user = await findUserByEmail(email)
+  if (!user) return res.status(401).json({ error: 'invalid_credentials' })
+
+  const ok = await bcrypt.compare(password, user.passwordHash)
+  if (!ok) return res.status(401).json({ error: 'invalid_credentials' })
+
+  req.session.userId = user.id
+  req.session.isAdmin = !!user.isAdmin
+  res.json({
+    id: user.id,
+    email: user.email,
+    nickname: user.nickname || '',
+    isAdmin: !!user.isAdmin,
+    avatarSrc: user.avatarSrc || '',
+    createdAt: user.createdAt,
+  })
+})
+
+router.post('/logout', async (req, res) => {
+  if (!req.session) return res.json({ ok: true })
+  req.session.destroy(() => res.json({ ok: true }))
+})
+
+router.get('/me', async (req, res) => {
+  if (!req.session || !req.session.userId) return res.json({ user: null })
+  const user = await findUserById(req.session.userId)
+  if (!user) return res.json({ user: null })
+  res.json({ user })
+})
+
+router.get('/meta', async (req, res) => {
+  res.json({ hasUsers: (await countUsers()) > 0 })
+})
+
+const upload = multer({
+  storage: multer.diskStorage({
+    destination: (req, file, cb) => cb(null, path.join(__dirname, '..', '..', 'uploads', 'avatars')),
+    filename: (req, file, cb) => cb(null, buildUploadFilename(file)),
+  }),
+  limits: { fileSize: 3 * 1024 * 1024 },
+})
+
+router.post('/profile', requireAuth, upload.single('avatar'), async (req, res) => {
+  const parsed = profileSchema.safeParse(req.body)
+  if (!parsed.success) return res.status(400).json({ error: 'bad_request' })
+
+  const user = await findUserById(req.session.userId)
+  if (!user) return res.status(404).json({ error: 'not_found' })
+
+  const nextAvatarSrc = req.file ? `/uploads/avatars/${req.file.filename}` : user.avatarSrc || ''
+  const updated = await updateUserProfile({
+    id: user.id,
+    nickname: parsed.data.nickname,
+    avatarSrc: nextAvatarSrc,
+  })
+
+  res.json({ user: updated })
+})
+
+module.exports = router
--- a/backend/src/routes/games.js
+++ b/backend/src/routes/games.js
@@ -0,0 +1,31 @@
+const express = require('express')
+const { z } = require('zod')
+const { nanoid } = require('nanoid')
+const { listGames, getGameDetail, createGameSuggestion } = require('../db')
+
+const router = express.Router()
+
+router.get('/', async (req, res) => {
+  const games = await listGames()
+  res.json({ games })
+})
+
+router.get('/:gameId', async (req, res) => {
+  const detail = await getGameDetail(req.params.gameId)
+  if (!detail) return res.status(404).json({ error: 'not_found' })
+  res.json({ game: detail.game, items: detail.items })
+})
+
+router.post('/suggest', async (req, res) => {
+  const schema = z.object({ name: z.string().min(1).max(60) })
+  const parsed = schema.safeParse(req.body)
+  if (!parsed.success) return res.status(400).json({ error: 'bad_request' })
+
+  const suggestion = await createGameSuggestion({
+    id: nanoid(),
+    name: parsed.data.name,
+  })
+  res.json({ suggestion })
+})
+
+module.exports = router
--- a/backend/src/routes/tierlists.js
+++ b/backend/src/routes/tierlists.js
@@ -0,0 +1,151 @@
+const express = require('express')
+const path = require('path')
+const multer = require('multer')
+const { z } = require('zod')
+const { nanoid } = require('nanoid')
+const {
+  findTierListById,
+  listPublicTierLists,
+  listUserTierLists,
+  saveTierList,
+  createCustomItem,
+} = require('../db')
+const { requireAuth } = require('../middleware/auth')
+
+const router = express.Router()
+
+function normalizePoolItem(item) {
+  if (!item || item.origin !== 'game' || typeof item.src !== 'string') return item
+  if (item.src.startsWith('/uploads/')) return item
+
+  try {
+    const url = new URL(item.src)
+    if (url.pathname.startsWith('/uploads/')) {
+      return { ...item, src: url.pathname }
+    }
+  } catch (e) {
+    return item
+  }
+
+  return item
+}
+
+function normalizeTierList(tierList) {
+  return {
+    ...tierList,
+    pool: Array.isArray(tierList.pool) ? tierList.pool.map(normalizePoolItem) : [],
+  }
+}
+
+function buildUploadFilename(file) {
+  const ext = path.extname(file.originalname || '').toLowerCase()
+  const safeExt = ext && /^[.a-z0-9]+$/.test(ext) ? ext : ''
+  return `${Date.now()}-${nanoid()}${safeExt}`
+}
+
+const upload = multer({
+  storage: multer.diskStorage({
+    destination: (req, file, cb) => cb(null, path.join(__dirname, '..', '..', 'uploads', 'custom')),
+    filename: (req, file, cb) => cb(null, buildUploadFilename(file)),
+  }),
+  limits: { fileSize: 6 * 1024 * 1024 },
+})
+
+const tierListUpsertSchema = z.object({
+  id: z.string().optional(),
+  gameId: z.string().min(1),
+  title: z.string().min(1).max(120),
+  description: z.string().max(1000).optional().default(''),
+  isPublic: z.boolean().default(false),
+  groups: z.array(
+    z.object({
+      id: z.string().min(1),
+      name: z.string().min(1).max(16),
+      itemIds: z.array(z.string()),
+    })
+  ),
+  pool: z.array(
+    z.object({
+      id: z.string().min(1),
+      src: z.string().min(1),
+      label: z.string().min(1).max(60),
+      origin: z.enum(['game', 'custom']).default('game'),
+    })
+  ),
+})
+
+router.get('/public', async (req, res) => {
+  const gameId = req.query.gameId
+  const lists = await listPublicTierLists(gameId)
+  res.json({ tierLists: lists })
+})
+
+router.get('/me', requireAuth, async (req, res) => {
+  const lists = await listUserTierLists(req.session.userId)
+  res.json({ tierLists: lists })
+})
+
+router.get('/:id', async (req, res) => {
+  const t = await findTierListById(req.params.id)
+  if (!t) return res.status(404).json({ error: 'not_found' })
+  if (!t.isPublic) {
+    if (!req.session || req.session.userId !== t.authorId) return res.status(403).json({ error: 'forbidden' })
+  }
+  res.json({ tierList: normalizeTierList(t) })
+})
+
+router.post('/custom-items', requireAuth, upload.single('image'), async (req, res) => {
+  if (!req.file) return res.status(400).json({ error: 'file_required' })
+
+  const schema = z.object({ label: z.string().trim().min(1).max(60) })
+  const parsed = schema.safeParse(req.body)
+  if (!parsed.success) return res.status(400).json({ error: 'bad_request' })
+
+  const item = await createCustomItem({
+    id: nanoid(),
+    ownerId: req.session.userId,
+    src: `/uploads/custom/${req.file.filename}`,
+    label: parsed.data.label,
+  })
+
+  res.json({ item })
+})
+
+router.post('/', requireAuth, async (req, res) => {
+  const parsed = tierListUpsertSchema.safeParse(req.body)
+  if (!parsed.success) return res.status(400).json({ error: 'bad_request' })
+  const payload = parsed.data
+  const normalizedPool = payload.pool.map(normalizePoolItem)
+
+  let existing = null
+  if (payload.id) existing = await findTierListById(payload.id)
+
+  if (existing) {
+    if (existing.authorId !== req.session.userId) return res.status(403).json({ error: 'forbidden' })
+    const updated = await saveTierList({
+      id: existing.id,
+      authorId: existing.authorId,
+      gameId: existing.gameId,
+      title: payload.title,
+      description: payload.description || '',
+      isPublic: !!payload.isPublic,
+      groups: payload.groups,
+      pool: normalizedPool,
+    })
+    return res.json({ tierList: normalizeTierList(updated) })
+  }
+
+  const created = await saveTierList({
+    id: nanoid(),
+    authorId: req.session.userId,
+    gameId: payload.gameId,
+    title: payload.title,
+    description: payload.description || '',
+    isPublic: !!payload.isPublic,
+    groups: payload.groups,
+    pool: normalizedPool,
+  })
+  res.json({ tierList: normalizeTierList(created) })
+})
+
+module.exports = router