jason/codedump
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

image fixes

Browse Source
This commit is contained in:
jason
2026-04-22 22:28:46 -05:00
parent d0cc4efe8c
commit c9aa69f767
4 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.dockerignore
+9
View File
@@ -4,3 +4,12 @@ node_modules
data data
.git .git
*.log *.log
# Agent/skills files — not part of the app
AGENTS.md
DEPLOYMENT-PROFILE.md
PROJECT-PROFILE-WORKBOOK.md
ROUTING-EXAMPLES.md
SKILLS.md
hubs/
skills/
memory/
package.json
+1 -1
View File
@@ -1,5 +1,5 @@
{ {
"name": "ai-tools-dashboard", "name": "codedump",
"version": "1.0.0", "version": "1.0.0",
"private": true, "private": true,
"workspaces": ["client", "server"], "workspaces": ["client", "server"],
server/src/index.ts
+9 -2
View File
@@ -2,6 +2,7 @@ import express from 'express';
import cors from 'cors'; import cors from 'cors';
import path from 'path'; import path from 'path';
import './db/schema'; // initialize DB + bootstrap admin import './db/schema'; // initialize DB + bootstrap admin
import { UPLOAD_PATH } from './db/schema';
import { requireAuth } from './middleware/auth'; import { requireAuth } from './middleware/auth';
import authRouter from './routes/auth'; import authRouter from './routes/auth';
import projectsRouter from './routes/projects'; import projectsRouter from './routes/projects';
@@ -16,13 +17,19 @@ const PORT = Number(process.env.PORT || 3000);
app.use(cors()); app.use(cors());
app.use(express.json({ limit: '10mb' })); app.use(express.json({ limit: '10mb' }));
// Public — auth endpoints (login doesn't require token) // Public — auth endpoints
app.use('/api/auth', authRouter); app.use('/api/auth', authRouter);
// Public — serve uploaded files as static assets.
// <img> tags and markdown renderers can't send Authorization headers,
// so file reads must be unauthenticated. POST/DELETE in uploadsRouter
// are still protected by requireAuth inside the router.
app.use('/api/uploads', express.static(UPLOAD_PATH));
// Protected — all other API routes require a valid JWT // Protected — all other API routes require a valid JWT
app.use('/api/projects', requireAuth, projectsRouter); app.use('/api/projects', requireAuth, projectsRouter);
app.use('/api/tools', requireAuth, toolsRouter); app.use('/api/tools', requireAuth, toolsRouter);
app.use('/api/uploads', requireAuth, uploadsRouter); app.use('/api/uploads', requireAuth, uploadsRouter); // handles POST + DELETE only
app.use('/api/settings', requireAuth, settingsRouter); app.use('/api/settings', requireAuth, settingsRouter);
app.use('/api/users', usersRouter); // requireAdmin applied inside router app.use('/api/users', usersRouter); // requireAdmin applied inside router
server/src/routes/uploads.ts
+1 -7
View File
@@ -3,6 +3,7 @@ import multer from 'multer';
import path from 'path'; import path from 'path';
import fs from 'fs'; import fs from 'fs';
import { v4 as uuidv4 } from 'uuid'; import { v4 as uuidv4 } from 'uuid';
// Note: GET /api/uploads/:filename is served by express.static in index.ts (no auth needed for <img> tags)
import db, { UPLOAD_PATH } from '../db/schema'; import db, { UPLOAD_PATH } from '../db/schema';
const router = Router(); const router = Router();
@@ -46,13 +47,6 @@ router.post('/projects/:projectId', upload.single('file'), (req: Request, res: R
}); });
}); });
// Get raw file
router.get('/:filename', (req: Request, res: Response) => {
const filePath = path.join(UPLOAD_PATH, path.basename(req.params.filename));
if (!fs.existsSync(filePath)) return res.status(404).json({ error: 'File not found' });
res.sendFile(filePath);
});
// Delete a document // Delete a document
router.delete('/documents/:id', (req: Request, res: Response) => { router.delete('/documents/:id', (req: Request, res: Response) => {
const doc = db.prepare('SELECT * FROM documents WHERE id = ?').get(req.params.id) as any; const doc = db.prepare('SELECT * FROM documents WHERE id = ?').get(req.params.id) as any;