npm - @intranefr/superbackend - Versions diffs - 1.4.3 - Mend

@intranefr/superbackend 1.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (188) hide show

package/.commiat +4 -0
package/.env.example +47 -0
package/README.md +110 -0
package/index.js +94 -0
package/package.json +67 -0
package/public/css/styles.css +139 -0
package/public/js/animations.js +41 -0
package/sdk/error-tracking/browser/package.json +16 -0
package/sdk/error-tracking/browser/src/core.js +270 -0
package/sdk/error-tracking/browser/src/embed.js +18 -0
package/sdk/error-tracking/browser/src/index.js +1 -0
package/server.js +5 -0
package/src/admin/endpointRegistry.js +300 -0
package/src/controllers/admin.controller.js +321 -0
package/src/controllers/adminAssets.controller.js +530 -0
package/src/controllers/adminAssetsStorage.controller.js +260 -0
package/src/controllers/adminEjsVirtual.controller.js +354 -0
package/src/controllers/adminFeatureFlags.controller.js +155 -0
package/src/controllers/adminHeadless.controller.js +1071 -0
package/src/controllers/adminI18n.controller.js +604 -0
package/src/controllers/adminJsonConfigs.controller.js +97 -0
package/src/controllers/adminLlm.controller.js +273 -0
package/src/controllers/adminMigration.controller.js +257 -0
package/src/controllers/adminSeoConfig.controller.js +515 -0
package/src/controllers/adminStats.controller.js +121 -0
package/src/controllers/adminUploadNamespaces.controller.js +208 -0
package/src/controllers/assets.controller.js +248 -0
package/src/controllers/auth.controller.js +93 -0
package/src/controllers/billing.controller.js +223 -0
package/src/controllers/featureFlags.controller.js +35 -0
package/src/controllers/forms.controller.js +217 -0
package/src/controllers/globalSettings.controller.js +252 -0
package/src/controllers/headlessCrud.controller.js +126 -0
package/src/controllers/i18n.controller.js +12 -0
package/src/controllers/invite.controller.js +249 -0
package/src/controllers/jsonConfigs.controller.js +19 -0
package/src/controllers/metrics.controller.js +149 -0
package/src/controllers/notificationAdmin.controller.js +264 -0
package/src/controllers/notifications.controller.js +131 -0
package/src/controllers/org.controller.js +357 -0
package/src/controllers/orgAdmin.controller.js +491 -0
package/src/controllers/stripeAdmin.controller.js +410 -0
package/src/controllers/user.controller.js +361 -0
package/src/controllers/userAdmin.controller.js +277 -0
package/src/controllers/waitingList.controller.js +167 -0
package/src/controllers/webhook.controller.js +200 -0
package/src/middleware/auth.js +66 -0
package/src/middleware/errorCapture.js +170 -0
package/src/middleware/headlessApiTokenAuth.js +57 -0
package/src/middleware/org.js +108 -0
package/src/middleware.js +901 -0
package/src/models/ActionEvent.js +31 -0
package/src/models/ActivityLog.js +41 -0
package/src/models/Asset.js +84 -0
package/src/models/AuditEvent.js +93 -0
package/src/models/EmailLog.js +28 -0
package/src/models/ErrorAggregate.js +72 -0
package/src/models/FormSubmission.js +41 -0
package/src/models/GlobalSetting.js +38 -0
package/src/models/HeadlessApiToken.js +24 -0
package/src/models/HeadlessModelDefinition.js +41 -0
package/src/models/I18nEntry.js +77 -0
package/src/models/I18nLocale.js +33 -0
package/src/models/Invite.js +70 -0
package/src/models/JsonConfig.js +46 -0
package/src/models/Notification.js +60 -0
package/src/models/Organization.js +57 -0
package/src/models/OrganizationMember.js +43 -0
package/src/models/StripeCatalogItem.js +77 -0
package/src/models/StripeWebhookEvent.js +57 -0
package/src/models/User.js +89 -0
package/src/models/VirtualEjsFile.js +60 -0
package/src/models/VirtualEjsFileVersion.js +43 -0
package/src/models/VirtualEjsGroupChange.js +32 -0
package/src/models/WaitingList.js +41 -0
package/src/models/Webhook.js +63 -0
package/src/models/Workflow.js +29 -0
package/src/models/WorkflowExecution.js +12 -0
package/src/routes/admin.routes.js +26 -0
package/src/routes/adminAssets.routes.js +28 -0
package/src/routes/adminAssetsStorage.routes.js +13 -0
package/src/routes/adminAudit.routes.js +196 -0
package/src/routes/adminEjsVirtual.routes.js +17 -0
package/src/routes/adminErrors.routes.js +164 -0
package/src/routes/adminFeatureFlags.routes.js +12 -0
package/src/routes/adminHeadless.routes.js +38 -0
package/src/routes/adminI18n.routes.js +22 -0
package/src/routes/adminJsonConfigs.routes.js +15 -0
package/src/routes/adminLlm.routes.js +12 -0
package/src/routes/adminMigration.routes.js +81 -0
package/src/routes/adminSeoConfig.routes.js +20 -0
package/src/routes/adminUploadNamespaces.routes.js +13 -0
package/src/routes/assets.routes.js +21 -0
package/src/routes/auth.routes.js +12 -0
package/src/routes/billing.routes.js +11 -0
package/src/routes/errorTracking.routes.js +31 -0
package/src/routes/featureFlags.routes.js +9 -0
package/src/routes/forms.routes.js +9 -0
package/src/routes/formsAdmin.routes.js +13 -0
package/src/routes/globalSettings.routes.js +18 -0
package/src/routes/headless.routes.js +15 -0
package/src/routes/i18n.routes.js +8 -0
package/src/routes/invite.routes.js +9 -0
package/src/routes/jsonConfigs.routes.js +8 -0
package/src/routes/log.routes.js +111 -0
package/src/routes/metrics.routes.js +9 -0
package/src/routes/notificationAdmin.routes.js +15 -0
package/src/routes/notifications.routes.js +12 -0
package/src/routes/org.routes.js +31 -0
package/src/routes/orgAdmin.routes.js +20 -0
package/src/routes/publicAssets.routes.js +7 -0
package/src/routes/stripeAdmin.routes.js +20 -0
package/src/routes/user.routes.js +22 -0
package/src/routes/userAdmin.routes.js +15 -0
package/src/routes/waitingList.routes.js +13 -0
package/src/routes/waitingListAdmin.routes.js +9 -0
package/src/routes/webhook.routes.js +32 -0
package/src/routes/workflowWebhook.routes.js +54 -0
package/src/routes/workflows.routes.js +110 -0
package/src/services/assets.service.js +110 -0
package/src/services/audit.service.js +62 -0
package/src/services/auditLogger.js +165 -0
package/src/services/ejsVirtual.service.js +614 -0
package/src/services/email.service.js +351 -0
package/src/services/errorLogger.js +221 -0
package/src/services/featureFlags.service.js +202 -0
package/src/services/forms.service.js +214 -0
package/src/services/globalSettings.service.js +49 -0
package/src/services/headlessApiTokens.service.js +158 -0
package/src/services/headlessCrypto.service.js +31 -0
package/src/services/headlessModels.service.js +356 -0
package/src/services/i18n.service.js +314 -0
package/src/services/i18nInferredKeys.service.js +337 -0
package/src/services/jsonConfigs.service.js +392 -0
package/src/services/llm.service.js +749 -0
package/src/services/migration.service.js +581 -0
package/src/services/migrationAssets/fsLocal.js +58 -0
package/src/services/migrationAssets/index.js +134 -0
package/src/services/migrationAssets/s3.js +75 -0
package/src/services/migrationAssets/sftp.js +92 -0
package/src/services/notification.service.js +212 -0
package/src/services/objectStorage.service.js +514 -0
package/src/services/seoConfig.service.js +402 -0
package/src/services/storage.js +150 -0
package/src/services/stripe.service.js +185 -0
package/src/services/stripeHelper.service.js +264 -0
package/src/services/uploadNamespaces.service.js +326 -0
package/src/services/webhook.service.js +157 -0
package/src/services/workflow.service.js +271 -0
package/src/utils/asyncHandler.js +5 -0
package/src/utils/encryption.js +80 -0
package/src/utils/jwt.js +40 -0
package/src/utils/orgRoles.js +156 -0
package/src/utils/validation.js +26 -0
package/src/utils/webhookRetry.js +93 -0
package/views/admin-assets.ejs +444 -0
package/views/admin-audit.ejs +283 -0
package/views/admin-coolify-deploy.ejs +207 -0
package/views/admin-dashboard-home.ejs +291 -0
package/views/admin-dashboard.ejs +397 -0
package/views/admin-ejs-virtual.ejs +280 -0
package/views/admin-errors.ejs +368 -0
package/views/admin-feature-flags.ejs +390 -0
package/views/admin-forms.ejs +526 -0
package/views/admin-global-settings.ejs +436 -0
package/views/admin-headless.ejs +2020 -0
package/views/admin-i18n-locales.ejs +221 -0
package/views/admin-i18n.ejs +728 -0
package/views/admin-json-configs.ejs +410 -0
package/views/admin-llm.ejs +884 -0
package/views/admin-metrics.ejs +274 -0
package/views/admin-migration.ejs +814 -0
package/views/admin-notifications.ejs +430 -0
package/views/admin-organizations.ejs +984 -0
package/views/admin-seo-config.ejs +673 -0
package/views/admin-stripe-pricing.ejs +558 -0
package/views/admin-test.ejs +342 -0
package/views/admin-users.ejs +452 -0
package/views/admin-waiting-list.ejs +547 -0
package/views/admin-webhooks.ejs +329 -0
package/views/admin-workflows.ejs +310 -0
package/views/partials/admin-assets-script.ejs +2022 -0
package/views/partials/admin-test-sidebar.ejs +14 -0
package/views/partials/dashboard/nav-items.ejs +66 -0
package/views/partials/dashboard/palette.ejs +63 -0
package/views/partials/dashboard/sidebar.ejs +21 -0
package/views/partials/dashboard/tab-bar.ejs +26 -0
package/views/partials/footer.ejs +3 -0

package/src/services/seoConfig.service.js ADDED Viewed

@@ -0,0 +1,402 @@
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+const { execFile } = require('child_process');
+const JsonConfig = require('../models/JsonConfig');
+const GlobalSetting = require('../models/GlobalSetting');
+const { parseJsonOrThrow } = require('./jsonConfigs.service');
+const globalSettingsService = require('./globalSettings.service');
+const SEO_CONFIG_SLUG = 'seo-config';
+const DEFAULT_OG_PNG_OUTPUT_PATH = 'public/og/og-default.png';
+const DEFAULT_OG_PNG_WIDTH = 1200;
+const DEFAULT_OG_PNG_HEIGHT = 630;
+const OG_SVG_SETTING_KEY = 'seoconfig.og.svg';
+async function ensureSeoJsonConfigExists() {
+  const existing = await JsonConfig.findOne({ slug: SEO_CONFIG_SLUG });
+  if (existing) return existing;
+  const defaultConfig = {
+    siteName: '',
+    baseUrl: '',
+    defaultOgImagePath: '/og/og-default.png',
+    defaultTwitterCard: 'summary_large_image',
+    defaultRobots: 'index,follow',
+    pages: {},
+  };
+  return JsonConfig.create({
+    title: 'SEO Config',
+    slug: SEO_CONFIG_SLUG,
+    publicEnabled: false,
+    cacheTtlSeconds: 0,
+    jsonRaw: JSON.stringify(defaultConfig, null, 2),
+    jsonHash: null,
+  });
+}
+async function getSeoJsonConfig() {
+  const doc = await ensureSeoJsonConfigExists();
+  return doc.toObject ? doc.toObject() : doc;
+}
+async function getSeoConfigData() {
+  const doc = await ensureSeoJsonConfigExists();
+  const jsonRaw = String(doc.jsonRaw || '');
+  const data = parseJsonOrThrow(jsonRaw);
+  return { doc, data };
+}
+async function updateSeoJsonConfig(patch) {
+  const doc = await ensureSeoJsonConfigExists();
+  if (patch && Object.prototype.hasOwnProperty.call(patch, 'publicEnabled')) {
+    doc.publicEnabled = Boolean(patch.publicEnabled);
+  }
+  if (patch && Object.prototype.hasOwnProperty.call(patch, 'cacheTtlSeconds')) {
+    const ttl = Number(patch.cacheTtlSeconds || 0);
+    doc.cacheTtlSeconds = Number.isNaN(ttl) ? 0 : Math.max(0, ttl);
+  }
+  if (patch && Object.prototype.hasOwnProperty.call(patch, 'jsonRaw')) {
+    if (patch.jsonRaw === null || patch.jsonRaw === undefined) {
+      const err = new Error('jsonRaw is required');
+      err.code = 'VALIDATION';
+      throw err;
+    }
+    parseJsonOrThrow(patch.jsonRaw);
+    doc.jsonRaw = String(patch.jsonRaw);
+  }
+  await doc.save();
+  return doc.toObject();
+}
+async function applySeoPageEntry({ routePath, entry }) {
+  const route = String(routePath || '').trim();
+  if (!route || !route.startsWith('/')) {
+    const err = new Error('routePath must start with /');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+  const e = entry && typeof entry === 'object' ? entry : null;
+  if (!e) {
+    const err = new Error('entry is required');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+  const title = e.title !== undefined ? String(e.title || '') : '';
+  const description = e.description !== undefined ? String(e.description || '') : '';
+  const robots = e.robots !== undefined && e.robots !== null ? String(e.robots) : undefined;
+  if (!title.trim()) {
+    const err = new Error('entry.title is required');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+  if (!description.trim()) {
+    const err = new Error('entry.description is required');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+  const { doc, data } = await getSeoConfigData();
+  if (!data.pages || typeof data.pages !== 'object' || Array.isArray(data.pages)) {
+    data.pages = {};
+  }
+  const next = { title: title.trim(), description: description.trim() };
+  if (robots !== undefined) next.robots = robots;
+  data.pages[route] = next;
+  doc.jsonRaw = JSON.stringify(data, null, 2);
+  await doc.save();
+  return { routePath: route, entry: next, jsonRaw: doc.jsonRaw };
+}
+async function getOgSvgSettingRaw() {
+  const svg = await globalSettingsService.getSettingValue(OG_SVG_SETTING_KEY, '');
+  return typeof svg === 'string' ? svg : String(svg || '');
+}
+async function setOgSvgSettingRaw(svgRaw) {
+  const value = String(svgRaw || '');
+  const existing = await GlobalSetting.findOne({ key: OG_SVG_SETTING_KEY });
+  if (!existing) {
+    await GlobalSetting.create({
+      key: OG_SVG_SETTING_KEY,
+      value,
+      type: 'html',
+      description: 'Default OG image SVG (for SEO Config)',
+      templateVariables: [],
+      public: false,
+    });
+    globalSettingsService.clearSettingsCache();
+    return { created: true };
+  }
+  existing.value = value;
+  if (!existing.type) existing.type = 'html';
+  await existing.save();
+  globalSettingsService.clearSettingsCache();
+  return { created: false };
+}
+function ensurePublicOutputPathOrThrow(outputPath) {
+  const raw = String(outputPath || '').trim();
+  if (!raw) {
+    const err = new Error('outputPath is required');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+  const normalized = raw.replace(/\\/g, '/');
+  if (!normalized.startsWith('public/')) {
+    const err = new Error('outputPath must be under public/');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+  const resolved = path.resolve(process.cwd(), normalized);
+  const publicRoot = path.resolve(process.cwd(), 'public');
+  if (!resolved.startsWith(publicRoot + path.sep) && resolved !== publicRoot) {
+    const err = new Error('Invalid outputPath');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+  return { normalized, resolved, publicRoot };
+}
+function writeTempFile(prefix, ext, contents) {
+  const filePath = path.join(os.tmpdir(), `${prefix}-${Date.now()}-${Math.random().toString(16).slice(2)}.${ext}`);
+  fs.writeFileSync(filePath, contents, 'utf8');
+  return filePath;
+}
+function execFilePromise(cmd, args, opts) {
+  return new Promise((resolve, reject) => {
+    execFile(cmd, args, opts || {}, (err, stdout, stderr) => {
+      if (err) {
+        err.stdout = stdout;
+        err.stderr = stderr;
+        reject(err);
+        return;
+      }
+      resolve({ stdout, stderr });
+    });
+  });
+}
+async function tryChromeScreenshot({ htmlFilePath, tmpOutPath, width, height }) {
+  const candidates = [
+    { cmd: 'google-chrome', args: ['--headless=new'] },
+    { cmd: 'chromium', args: ['--headless'] },
+    { cmd: 'chromium-browser', args: ['--headless'] },
+  ];
+  for (const c of candidates) {
+    try {
+      await execFilePromise(
+        c.cmd,
+        [
+          ...c.args,
+          '--disable-gpu',
+          '--hide-scrollbars',
+          `--window-size=${width},${height}`,
+          `--screenshot=${tmpOutPath}`,
+          `file://${htmlFilePath}`,
+        ],
+        { timeout: 30000 },
+      );
+      return { ok: true, tool: c.cmd };
+    } catch (e) {
+      if (e && (e.code === 'ENOENT' || e.errno === -2)) {
+        continue;
+      }
+      continue;
+    }
+  }
+  return { ok: false };
+}
+async function tryRsvgConvert({ svgPath, outPath, width, height }) {
+  try {
+    await execFilePromise('rsvg-convert', ['-w', String(width), '-h', String(height), svgPath, '-o', outPath], {
+      timeout: 30000,
+    });
+    return { ok: true, tool: 'rsvg-convert' };
+  } catch (e) {
+    if (e && (e.code === 'ENOENT' || e.errno === -2)) return { ok: false };
+    return { ok: false };
+  }
+}
+async function tryImageMagick({ svgPath, outPath, width, height }) {
+  const candidates = [
+    { cmd: 'magick', args: ['-background', 'none', '-density', '192', svgPath, '-resize', `${width}x${height}!`, outPath] },
+    { cmd: 'convert', args: ['-background', 'none', '-density', '192', svgPath, '-resize', `${width}x${height}!`, outPath] },
+  ];
+  for (const c of candidates) {
+    try {
+      await execFilePromise(c.cmd, c.args, { timeout: 30000 });
+      return { ok: true, tool: c.cmd };
+    } catch (e) {
+      if (e && (e.code === 'ENOENT' || e.errno === -2)) {
+        continue;
+      }
+      continue;
+    }
+  }
+  return { ok: false };
+}
+async function tryInkscape({ svgPath, outPath, width, height }) {
+  try {
+    await execFilePromise(
+      'inkscape',
+      [svgPath, '--export-type=png', `--export-filename=${outPath}`, '-w', String(width), '-h', String(height)],
+      { timeout: 30000 },
+    );
+    return { ok: true, tool: 'inkscape' };
+  } catch (e) {
+    if (e && (e.code === 'ENOENT' || e.errno === -2)) return { ok: false };
+    return { ok: false };
+  }
+}
+async function generateOgPng({ svgRaw, outputPath, width, height }) {
+  const w = Number(width || DEFAULT_OG_PNG_WIDTH);
+  const h = Number(height || DEFAULT_OG_PNG_HEIGHT);
+  const safeWidth = Number.isFinite(w) && w > 0 ? Math.floor(w) : DEFAULT_OG_PNG_WIDTH;
+  const safeHeight = Number.isFinite(h) && h > 0 ? Math.floor(h) : DEFAULT_OG_PNG_HEIGHT;
+  const { normalized, resolved } = ensurePublicOutputPathOrThrow(outputPath || DEFAULT_OG_PNG_OUTPUT_PATH);
+  const svg = String(svgRaw || '').trim();
+  if (!svg) {
+    const err = new Error('SVG is empty');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+  fs.mkdirSync(path.dirname(resolved), { recursive: true });
+  const tmpSvg = writeTempFile('seo-og', 'svg', svg);
+  const tmpHtml = writeTempFile(
+    'seo-og',
+    'html',
+    `<!doctype html><html><head><meta charset="utf-8" />
+<meta name="viewport" content="width=${safeWidth}, height=${safeHeight}, initial-scale=1" />
+<style>
+html, body { margin: 0; padding: 0; width: ${safeWidth}px; height: ${safeHeight}px; overflow: hidden; background: transparent; }
+img { display: block; width: ${safeWidth}px; height: ${safeHeight}px; }
+</style></head><body><img src="file://${tmpSvg}" alt="og" /></body></html>`,
+  );
+  const tmpPng = path.join(os.tmpdir(), `seo-og-${Date.now()}-${Math.random().toString(16).slice(2)}.png`);
+  try {
+    const chromeRes = await tryChromeScreenshot({ htmlFilePath: tmpHtml, tmpOutPath: tmpPng, width: safeWidth, height: safeHeight });
+    if (chromeRes.ok) {
+      fs.renameSync(tmpPng, resolved);
+      return {
+        outputPath: normalized,
+        publicUrlPath: `/${normalized.replace(/^public\//, '')}`,
+        width: safeWidth,
+        height: safeHeight,
+        tool: chromeRes.tool,
+      };
+    }
+    const rsvgRes = await tryRsvgConvert({ svgPath: tmpSvg, outPath: resolved, width: safeWidth, height: safeHeight });
+    if (rsvgRes.ok) {
+      return {
+        outputPath: normalized,
+        publicUrlPath: `/${normalized.replace(/^public\//, '')}`,
+        width: safeWidth,
+        height: safeHeight,
+        tool: rsvgRes.tool,
+      };
+    }
+    const magickRes = await tryImageMagick({ svgPath: tmpSvg, outPath: resolved, width: safeWidth, height: safeHeight });
+    if (magickRes.ok) {
+      return {
+        outputPath: normalized,
+        publicUrlPath: `/${normalized.replace(/^public\//, '')}`,
+        width: safeWidth,
+        height: safeHeight,
+        tool: magickRes.tool,
+      };
+    }
+    const inkRes = await tryInkscape({ svgPath: tmpSvg, outPath: resolved, width: safeWidth, height: safeHeight });
+    if (inkRes.ok) {
+      return {
+        outputPath: normalized,
+        publicUrlPath: `/${normalized.replace(/^public\//, '')}`,
+        width: safeWidth,
+        height: safeHeight,
+        tool: inkRes.tool,
+      };
+    }
+    const err = new Error(
+      'No SVG->PNG converter found. Install one of: Chrome/Chromium (google-chrome/chromium), ImageMagick (magick/convert), librsvg (rsvg-convert), or Inkscape.',
+    );
+    err.code = 'NO_CONVERTER';
+    throw err;
+  } finally {
+    try { fs.unlinkSync(tmpSvg); } catch {}
+    try { fs.unlinkSync(tmpHtml); } catch {}
+    try { fs.unlinkSync(tmpPng); } catch {}
+  }
+}
+async function getSeoconfigOpenRouterApiKey() {
+  const scoped = await globalSettingsService.getSettingValue('seoconfig.ai.openrouter.apiKey', null);
+  if (scoped) return scoped;
+  return globalSettingsService.getSettingValue('ai.openrouter.apiKey', null);
+}
+async function getSeoconfigOpenRouterModel() {
+  const scoped = await globalSettingsService.getSettingValue('seoconfig.ai.openrouter.model', null);
+  if (scoped) return scoped;
+  const fallback = await globalSettingsService.getSettingValue('ai.openrouter.model', null);
+  if (fallback) return fallback;
+  return 'google/gemini-2.5-flash-lite';
+}
+module.exports = {
+  SEO_CONFIG_SLUG,
+  OG_SVG_SETTING_KEY,
+  DEFAULT_OG_PNG_OUTPUT_PATH,
+  DEFAULT_OG_PNG_WIDTH,
+  DEFAULT_OG_PNG_HEIGHT,
+  ensureSeoJsonConfigExists,
+  getSeoJsonConfig,
+  getSeoConfigData,
+  updateSeoJsonConfig,
+  applySeoPageEntry,
+  getOgSvgSettingRaw,
+  setOgSvgSettingRaw,
+  generateOgPng,
+  getSeoconfigOpenRouterApiKey,
+  getSeoconfigOpenRouterModel,
+};

package/src/services/storage.js ADDED Viewed

@@ -0,0 +1,150 @@
+const fs = require('fs');
+const path = require('path');
+const crypto = require('crypto');
+// Simple getSetting using process.env
+const getSetting = (key, defaultValue) => process.env[key] || defaultValue;
+const ALLOWED_TYPES = {
+  image: ['image/jpeg', 'image/png', 'image/gif', 'image/webp'],
+  video: ['video/mp4', 'video/webm', 'video/quicktime']
+};
+/**
+ * Ensure upload directory exists
+ */
+function ensureUploadDir(subdir = '') {
+  const uploadDir = getSetting('UPLOAD_DIR', 'uploads');
+  const fullPath = path.join(process.cwd(), uploadDir, subdir);
+  if (!fs.existsSync(fullPath)) {
+    fs.mkdirSync(fullPath, { recursive: true });
+  }
+  return fullPath;
+}
+/**
+ * Generate unique filename
+ */
+function generateFilename(originalName, prefix = '') {
+  const ext = path.extname(originalName).toLowerCase();
+  const hash = crypto.randomBytes(8).toString('hex');
+  const timestamp = Date.now();
+  return `${prefix}${timestamp}-${hash}${ext}`;
+}
+/**
+ * Validate file type
+ */
+function validateFileType(mimetype, allowedCategory = 'image') {
+  const allowed = ALLOWED_TYPES[allowedCategory] || ALLOWED_TYPES.image;
+  return allowed.includes(mimetype);
+}
+/**
+ * Validate file size
+ */
+function validateFileSize(size) {
+  const maxSize = parseInt(getSetting('MAX_FILE_SIZE', '10485760')); // 10MB default
+  return size <= maxSize;
+}
+/**
+ * Save uploaded file from base64 data
+ */
+async function saveBase64File(base64Data, options = {}) {
+  const { subdir = 'images', prefix = '', allowedCategory = 'image' } = options;
+  // Extract mime type and data
+  const matches = base64Data.match(/^data:([A-Za-z-+\/]+);base64,(.+)$/);
+  if (!matches || matches.length !== 3) {
+    throw new Error('Invalid base64 data');
+  }
+  const mimetype = matches[1];
+  const data = matches[2];
+  const buffer = Buffer.from(data, 'base64');
+  // Validate
+  if (!validateFileType(mimetype, allowedCategory)) {
+    throw new Error('Invalid file type');
+  }
+  if (!validateFileSize(buffer.length)) {
+    throw new Error('File too large');
+  }
+  // Get extension from mimetype
+  const ext = mimetype.split('/')[1].replace('jpeg', 'jpg');
+  const filename = generateFilename(`file.${ext}`, prefix);
+  // Save file
+  const dir = ensureUploadDir(subdir);
+  const filepath = path.join(dir, filename);
+  fs.writeFileSync(filepath, buffer);
+  // Return relative URL
+  const uploadDir = getSetting('UPLOAD_DIR', 'uploads');
+  return `/${uploadDir}/${subdir}/${filename}`;
+}
+/**
+ * Save multipart file
+ */
+async function saveMultipartFile(file, options = {}) {
+  const { subdir = 'images', prefix = '', allowedCategory = 'image' } = options;
+  // Validate
+  if (!validateFileType(file.mimetype, allowedCategory)) {
+    throw new Error('Invalid file type');
+  }
+  if (!validateFileSize(file.size)) {
+    throw new Error('File too large');
+  }
+  const filename = generateFilename(file.originalname || file.name, prefix);
+  const dir = ensureUploadDir(subdir);
+  const filepath = path.join(dir, filename);
+  // Move or copy file
+  if (file.mv) {
+    await file.mv(filepath);
+  } else if (file.path) {
+    fs.copyFileSync(file.path, filepath);
+    fs.unlinkSync(file.path);
+  } else if (file.buffer) {
+    fs.writeFileSync(filepath, file.buffer);
+  } else {
+    throw new Error('Unable to save file');
+  }
+  const uploadDir = getSetting('UPLOAD_DIR', 'uploads');
+  return `/${uploadDir}/${subdir}/${filename}`;
+}
+/**
+ * Delete file
+ */
+function deleteFile(fileUrl) {
+  if (!fileUrl) return;
+  // Convert URL to filepath
+  const filepath = path.join(process.cwd(), fileUrl);
+  if (fs.existsSync(filepath)) {
+    fs.unlinkSync(filepath);
+  }
+}
+module.exports = {
+  ensureUploadDir,
+  generateFilename,
+  validateFileType,
+  validateFileSize,
+  saveBase64File,
+  saveMultipartFile,
+  deleteFile
+};