ilia/mirror_match
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mirror_match/app/api/photos/upload-multiple/route.ts
ilia dfc2ee978d
All checks were successful
CI / skip-ci-check (push) Successful in 1m23s
Details
CI / lint-and-type-check (push) Successful in 1m46s
Details
CI / test (push) Successful in 1m51s
Details
CI / build (push) Successful in 1m54s
Details
CI / secret-scanning (push) Successful in 1m24s
Details
CI / dependency-scan (push) Successful in 1m28s
Details
CI / sast-scan (push) Successful in 2m32s
Details
CI / workflow-summary (push) Successful in 1m21s
Details
Production Deployment Fixes and Enhancements (#3) 
# Merge Request: Production Deployment Fixes and Enhancements

## Summary

This MR includes critical fixes for production deployment, authentication improvements, file upload serving, and monitoring capabilities. All changes have been tested and are ready for production.

## 🐛 Critical Fixes

### 1. Authentication & Session Management
- **Fixed TypeScript error in session callback** (`lib/auth.ts`)
  - Removed `return null` that caused build failures
  - Session callback now always returns a valid session object
- **Fixed login redirect loop** (`app/login/page.tsx`)
  - Changed from `router.push()` to `window.location.href` for full page reload
  - Ensures session cookie is available before middleware checks
- **Created proper middleware** (`proxy.ts`)
  - Next.js 16 requires `proxy.ts` instead of `middleware.ts`
  - Fixed authentication checks in Edge runtime
  - Explicitly specifies cookie name for `getToken`

### 2. Build & Deployment
- **Fixed Prisma initialization** (`lib/prisma.ts`)
  - Made Prisma client initialization lazy to fix build without DATABASE_URL
  - Uses Proxy pattern for on-demand initialization
  - Prevents build failures when DATABASE_URL not set

### 3. File Upload & Serving
- **Fixed photo upload serving** (`app/api/uploads/[filename]/route.ts`)
  - Created dedicated API route to serve uploaded files
  - Files now served via `/api/uploads/[filename]` instead of static `/uploads/`
  - Ensures files are accessible regardless of filesystem location
  - Added file existence verification and proper error handling
- **Updated upload routes** to use new API endpoint
  - `app/api/photos/upload/route.ts` - Updated to use `/api/uploads/` URLs
  - `app/api/photos/upload-multiple/route.ts` - Updated to use `/api/uploads/` URLs
- **Fixed photo display components**
  - `components/PhotoThumbnail.tsx` - Uses regular `img` tag for uploads
  - `components/PhotoImage.tsx` - Uses regular `img` tag for uploads
  - Avoids Next.js Image component issues with dynamically uploaded files

### 4. Middleware & Route Protection
- **Updated proxy middleware** (`proxy.ts`)
  - Added `/uploads` and `/api/uploads` to public routes
  - Added comprehensive activity logging
  - Improved error handling and logging

##  New Features

### Activity Logging
- **Created activity logging utility** (`lib/activity-log.ts`)
  - Structured logging for user actions
  - Tracks: page visits, photo uploads, guess submissions
  - Includes user info, IP, timestamps, and action details
- **Added activity logging to key routes**
  - `proxy.ts` - Logs all page visits and API calls
  - `app/api/photos/upload/route.ts` - Logs photo uploads
  - `app/api/photos/[photoId]/guess/route.ts` - Logs guess submissions

### Monitoring
- **Activity monitoring commands**
  - Watch logs: `sudo journalctl -u app-backend -f | grep -E "\[ACTIVITY\]|\[PHOTO_UPLOAD\]|\[GUESS_SUBMIT\]"`
  - Filter by user, action type, or time range

## 📝 Documentation Updates

- **README.md**
  - Added deployment notes section
  - Added file upload details and troubleshooting
  - Added activity monitoring commands
  - Added database query examples
  - Updated troubleshooting section

- **ARCHITECTURE.md**
  - Updated middleware references (proxy.ts instead of middleware.ts)
  - Added activity logging documentation
  - Updated photo upload flow with file upload details
  - Added file serving architecture
  - Updated guess submission flow

- **CLEANUP.md** (new)
  - Created cleanup checklist for future improvements
  - Documents debug code and verbose logging
  - Provides recommendations for optimization

## 🔧 Technical Changes

### Files Modified
- `lib/auth.ts` - Fixed session callback return type
- `app/login/page.tsx` - Fixed redirect to use full page reload
- `proxy.ts` - Created/updated middleware with activity logging
- `lib/prisma.ts` - Made initialization lazy
- `app/api/photos/upload/route.ts` - Updated file serving, added logging
- `app/api/photos/upload-multiple/route.ts` - Updated file serving
- `components/PhotoThumbnail.tsx` - Fixed image display
- `components/PhotoImage.tsx` - Fixed image display

### Files Created
- `app/api/uploads/[filename]/route.ts` - File serving API route
- `lib/activity-log.ts` - Activity logging utility
- `CLEANUP.md` - Cleanup checklist

##  Testing

- [x] Authentication flow tested (login, session persistence)
- [x] Photo upload tested (file and URL uploads)
- [x] Photo display tested (uploaded files visible to all users)
- [x] Guess submission tested
- [x] Build tested (no TypeScript errors)
- [x] Middleware tested (route protection working)
- [x] Activity logging verified

## 🚀 Deployment Notes

### Environment Variables Required
- `NODE_ENV=production`
- `NEXTAUTH_URL` - Production domain
- `NEXTAUTH_SECRET` - Secret key
- `AUTH_TRUST_HOST=true` (if using reverse proxy)
- `DATABASE_URL` - Production database connection

### Post-Deployment
1. Verify `public/uploads/` directory exists and has write permissions
2. Test photo upload and verify files are accessible
3. Monitor activity logs to ensure logging is working
4. Verify authentication flow works correctly

### Monitoring
- Watch activity logs: `sudo journalctl -u app-backend -f | grep -E "\[ACTIVITY\]|\[PHOTO_UPLOAD\]|\[GUESS_SUBMIT\]"`
- Check for errors: `sudo journalctl -u app-backend --since "1 hour ago" | grep -i error`

## 🔄 Breaking Changes

**None** - All changes are backward compatible. Existing photos with `/uploads/` URLs may need to be updated to `/api/uploads/` if files are not accessible, but the system will continue to work.

## 📋 Migration Notes

### For Existing Photos
- Photos uploaded before this change use `/uploads/` URLs
- New photos use `/api/uploads/` URLs
- Old photos will continue to work if files exist in `public/uploads/`
- Consider migrating old photo URLs if needed (optional)

## 🎯 Next Steps (Future)

See `CLEANUP.md` for recommended cleanup tasks:
- Reduce verbose logging in production
- Add log levels (DEBUG, INFO, WARN, ERROR)
- Protect debug endpoints
- Optimize activity logging

---

**Ready for Production:**  Yes
**Breaking Changes:**  No
**Requires Migration:** ⚠️ Optional (old photo URLs)

Reviewed-on: #3
2026-01-04 16:37:34 -05:00

226 lines
6.7 KiB
TypeScript
Raw Blame History

import { NextRequest, NextResponse } from "next/server"
import { auth } from "@/lib/auth"
import { prisma } from "@/lib/prisma"
import { sendNewPhotoEmail } from "@/lib/email"
import { writeFile } from "fs/promises"
import { join } from "path"
import { existsSync, mkdirSync } from "fs"
import { createHash } from "crypto"
export async function POST(req: NextRequest) {
try {
const session = await auth()
if (!session) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
}
// Verify the user exists in the database
const user = await prisma.user.findUnique({
where: { id: session.user.id },
select: { id: true },
})
if (!user) {
return NextResponse.json(
{ error: "User not found. Please log out and log back in." },
{ status: 401 }
)
}
const formData = await req.formData()
const count = parseInt(formData.get("count") as string, 10)
if (!count || count < 1) {
return NextResponse.json(
{ error: "Invalid photo count" },
{ status: 400 }
)
}
const uploadsDir = join(process.cwd(), "public", "uploads")
if (!existsSync(uploadsDir)) {
mkdirSync(uploadsDir, { recursive: true })
}
type PhotoWithUploader = {
id: string
uploaderId: string
url: string
answerName: string
points: number
createdAt: Date
uploader: { name: string }
}
const createdPhotos: PhotoWithUploader[] = []
for (let i = 0; i < count; i++) {
const answerName = (formData.get(`photo_${i}_answerName`) as string)?.trim()
const pointsStr = (formData.get(`photo_${i}_points`) as string) || "1"
const pointsValue = Math.max(1, parseInt(pointsStr, 10))
const penaltyEnabled = formData.get(`photo_${i}_penaltyEnabled`) === "true"
const penaltyPointsStr = (formData.get(`photo_${i}_penaltyPoints`) as string) || "0"
const penaltyPointsValue = Math.max(0, parseInt(penaltyPointsStr, 10))
const maxAttemptsStr = (formData.get(`photo_${i}_maxAttempts`) as string)?.trim() || ""
const maxAttemptsValue = maxAttemptsStr && parseInt(maxAttemptsStr, 10) > 0
? parseInt(maxAttemptsStr, 10)
: null
if (!answerName) {
return NextResponse.json(
{ error: `Photo ${i + 1}: Answer name is required` },
{ status: 400 }
)
}
const file = formData.get(`photo_${i}_file`) as File | null
const url = (formData.get(`photo_${i}_url`) as string)?.trim() || null
if (!file && !url) {
return NextResponse.json(
{ error: `Photo ${i + 1}: File or URL is required` },
{ status: 400 }
)
}
let photoUrl: string
let fileHash: string | null = null
if (file) {
// Handle file upload
if (!file.type.startsWith("image/")) {
return NextResponse.json(
{ error: `Photo ${i + 1}: File must be an image` },
{ status: 400 }
)
}
if (file.size > 10 * 1024 * 1024) {
return NextResponse.json(
{ error: `Photo ${i + 1}: File size must be less than 10MB` },
{ status: 400 }
)
}
const bytes = await file.arrayBuffer()
const buffer = Buffer.from(bytes)
// Calculate SHA256 hash for duplicate detection
fileHash = createHash("sha256").update(buffer).digest("hex")
// Check for duplicate file
const existingPhoto = await prisma.photo.findFirst({
// eslint-disable-next-line @typescript-eslint/no-explicit-any
where: { fileHash } as any,
})
if (existingPhoto) {
return NextResponse.json(
{ error: `Photo ${i + 1}: This photo has already been uploaded (duplicate file detected)` },
{ status: 409 }
)
}
const timestamp = Date.now()
const randomStr = Math.random().toString(36).substring(2, 15)
// Sanitize extension - only allow alphanumeric characters
const rawExtension = file.name.split(".").pop() || "jpg"
const extension = rawExtension.replace(/[^a-zA-Z0-9]/g, "").toLowerCase() || "jpg"
const filename = `${timestamp}-${i}-${randomStr}.${extension}`
// Filename is generated server-side (timestamp + random), safe for path.join
const filepath = join(uploadsDir, filename)
await writeFile(filepath, buffer)
photoUrl = `/api/uploads/${filename}`
} else if (url) {
// Handle URL upload
photoUrl = url
// Check for duplicate URL
const existingPhoto = await prisma.photo.findFirst({
where: { url: photoUrl },
})
if (existingPhoto) {
return NextResponse.json(
{ error: `Photo ${i + 1}: This photo URL has already been uploaded (duplicate URL detected)` },
{ status: 409 }
)
}
} else {
return NextResponse.json(
{ error: `Photo ${i + 1}: File or URL is required` },
{ status: 400 }
)
}
// Create photo record
const photo = await prisma.photo.create({
data: {
uploaderId: session.user.id,
url: photoUrl,
fileHash,
answerName,
points: pointsValue,
penaltyEnabled: penaltyEnabled,
penaltyPoints: penaltyPointsValue,
maxAttempts: maxAttemptsValue,
// eslint-disable-next-line @typescript-eslint/no-explicit-any
} as any,
include: {
uploader: {
select: {
name: true,
},
},
},
})
createdPhotos.push(photo)
}
// Send emails to all other users for all photos
const allUsers = await prisma.user.findMany({
where: {
id: { not: session.user.id },
},
select: {
id: true,
email: true,
name: true,
},
})
// Send emails asynchronously for all photos
Promise.all(
allUsers.map((user: { id: string; email: string; name: string }) =>
Promise.all(
createdPhotos.map((photo: PhotoWithUploader) =>
sendNewPhotoEmail(
user.email,
user.name,
photo.id,
photo.uploader.name
).catch((err) => {
console.error("Failed to send email to:", user.email, "for photo:", photo.id, err)
})
)
)
)
)
return NextResponse.json(
{ photos: createdPhotos, count: createdPhotos.length },
{ status: 201 }
)
} catch (error) {
console.error("Error uploading photos:", error)
return NextResponse.json(
{ error: "Internal server error" },
{ status: 500 }
)
}
}
Reference in New Issue View Git Blame Copy Permalink