feat: bootstrap backend API, schema and forgejo task issues

2026-03-04 16:03:04 +00:00 · 2026-03-04 16:03:04 +00:00 · 09ea388190
commit 09ea388190
parent 77e837cc25
15 changed files with 1557 additions and 0 deletions
--- a/backend/src/routes/auth.js
+++ b/backend/src/routes/auth.js
@ -0,0 +1,53 @@
+import { Router } from 'express';
+import bcrypt from 'bcryptjs';
+import jwt from 'jsonwebtoken';
+import { z } from 'zod';
+import { pool } from '../db/connection.js';
+
+const router = Router();
+
+const registerSchema = z.object({
+  email: z.string().email(),
+  password: z.string().min(8),
+  displayName: z.string().min(2).max(120)
+});
+
+router.post('/register', async (req, res) => {
+  const parsed = registerSchema.safeParse(req.body);
+  if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });
+
+  const { email, password, displayName } = parsed.data;
+  const passwordHash = await bcrypt.hash(password, 12);
+
+  try {
+    const [result] = await pool.query(
+      'INSERT INTO users (email, password_hash, display_name) VALUES (?, ?, ?)',
+      [email, passwordHash, displayName]
+    );
+
+    const token = jwt.sign({ userId: result.insertId, email }, process.env.JWT_SECRET, { expiresIn: '7d' });
+    return res.status(201).json({ token });
+  } catch (err) {
+    if (err.code === 'ER_DUP_ENTRY') return res.status(409).json({ error: 'Email already exists' });
+    return res.status(500).json({ error: 'Registration failed' });
+  }
+});
+
+router.post('/login', async (req, res) => {
+  const parsed = z.object({ email: z.string().email(), password: z.string().min(1) }).safeParse(req.body);
+  if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });
+
+  const { email, password } = parsed.data;
+  const [rows] = await pool.query('SELECT id, email, password_hash FROM users WHERE email = ? LIMIT 1', [email]);
+  const user = rows[0];
+
+  if (!user) return res.status(401).json({ error: 'Invalid credentials' });
+
+  const ok = await bcrypt.compare(password, user.password_hash);
+  if (!ok) return res.status(401).json({ error: 'Invalid credentials' });
+
+  const token = jwt.sign({ userId: user.id, email: user.email }, process.env.JWT_SECRET, { expiresIn: '7d' });
+  return res.json({ token });
+});
+
+export default router;
--- a/backend/src/routes/helpRequests.js
+++ b/backend/src/routes/helpRequests.js
@ -0,0 +1,36 @@
+import { Router } from 'express';
+import { z } from 'zod';
+import { pool } from '../db/connection.js';
+import { requireAuth } from '../middleware/auth.js';
+
+const router = Router();
+
+router.get('/', async (_req, res) => {
+  const [rows] = await pool.query(
+    `SELECT hr.id, hr.title, hr.description, hr.value_chf, hr.status, hr.created_at, u.display_name requester_name
+     FROM help_requests hr
+     JOIN users u ON u.id = hr.requester_id
+     ORDER BY hr.created_at DESC`
+  );
+  res.json(rows);
+});
+
+router.post('/', requireAuth, async (req, res) => {
+  const parsed = z.object({
+    title: z.string().min(3).max(180),
+    description: z.string().min(5),
+    valueChf: z.number().positive()
+  }).safeParse(req.body);
+
+  if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });
+
+  const { title, description, valueChf } = parsed.data;
+  const [result] = await pool.query(
+    'INSERT INTO help_requests (requester_id, title, description, value_chf) VALUES (?, ?, ?, ?)',
+    [req.user.userId, title, description, valueChf]
+  );
+
+  res.status(201).json({ id: result.insertId });
+});
+
+export default router;
--- a/backend/src/routes/offers.js
+++ b/backend/src/routes/offers.js
@ -0,0 +1,64 @@
+import { Router } from 'express';
+import { z } from 'zod';
+import { pool } from '../db/connection.js';
+import { requireAuth } from '../middleware/auth.js';
+
+const router = Router();
+
+router.post('/:requestId', requireAuth, async (req, res) => {
+  const requestId = Number(req.params.requestId);
+  const parsed = z.object({ amountChf: z.number().positive(), message: z.string().max(2000).optional() }).safeParse(req.body);
+  if (!parsed.success || Number.isNaN(requestId)) return res.status(400).json({ error: 'Invalid payload' });
+
+  const { amountChf, message } = parsed.data;
+  const [result] = await pool.query(
+    `INSERT INTO offers (request_id, helper_id, amount_chf, message)
+     VALUES (?, ?, ?, ?)`,
+    [requestId, req.user.userId, amountChf, message || null]
+  );
+
+  await pool.query('UPDATE help_requests SET status = ? WHERE id = ?', ['negotiating', requestId]);
+
+  res.status(201).json({ id: result.insertId });
+});
+
+router.post('/negotiation/:offerId', requireAuth, async (req, res) => {
+  const offerId = Number(req.params.offerId);
+  const parsed = z.object({ amountChf: z.number().positive(), message: z.string().max(2000).optional() }).safeParse(req.body);
+  if (!parsed.success || Number.isNaN(offerId)) return res.status(400).json({ error: 'Invalid payload' });
+
+  const { amountChf, message } = parsed.data;
+  const [result] = await pool.query(
+    `INSERT INTO negotiations (offer_id, sender_id, amount_chf, message)
+     VALUES (?, ?, ?, ?)`,
+    [offerId, req.user.userId, amountChf, message || null]
+  );
+
+  await pool.query('UPDATE offers SET status = ? WHERE id = ?', ['countered', offerId]);
+
+  res.status(201).json({ id: result.insertId });
+});
+
+router.post('/accept/:offerId', requireAuth, async (req, res) => {
+  const offerId = Number(req.params.offerId);
+  if (Number.isNaN(offerId)) return res.status(400).json({ error: 'Invalid offerId' });
+
+  const [offers] = await pool.query(
+    'SELECT id, request_id, amount_chf FROM offers WHERE id = ? LIMIT 1',
+    [offerId]
+  );
+  const offer = offers[0];
+  if (!offer) return res.status(404).json({ error: 'Offer not found' });
+
+  await pool.query('UPDATE offers SET status = ? WHERE id = ?', ['accepted', offerId]);
+  await pool.query('UPDATE help_requests SET status = ? WHERE id = ?', ['agreed', offer.request_id]);
+
+  const [dealResult] = await pool.query(
+    'INSERT INTO deals (request_id, offer_id, agreed_amount_chf) VALUES (?, ?, ?)',
+    [offer.request_id, offer.id, offer.amount_chf]
+  );
+
+  res.status(201).json({ dealId: dealResult.insertId });
+});
+
+export default router;
--- a/backend/src/routes/reviews.js
+++ b/backend/src/routes/reviews.js
@ -0,0 +1,29 @@
+import { Router } from 'express';
+import { z } from 'zod';
+import { pool } from '../db/connection.js';
+import { requireAuth } from '../middleware/auth.js';
+
+const router = Router();
+
+router.post('/:dealId', requireAuth, async (req, res) => {
+  const dealId = Number(req.params.dealId);
+  const parsed = z.object({ revieweeId: z.number().int().positive(), rating: z.number().int().min(1).max(5), comment: z.string().max(2000).optional() }).safeParse(req.body);
+
+  if (!parsed.success || Number.isNaN(dealId)) return res.status(400).json({ error: 'Invalid payload' });
+
+  const now = new Date();
+  const earliest = new Date(now.getTime() + 2 * 24 * 60 * 60 * 1000);
+  const latest = new Date(now.getTime() + 14 * 24 * 60 * 60 * 1000);
+
+  const { revieweeId, rating, comment } = parsed.data;
+
+  const [result] = await pool.query(
+    `INSERT INTO reviews (deal_id, reviewer_id, reviewee_id, rating, comment, earliest_prompt_at, latest_prompt_at)
+     VALUES (?, ?, ?, ?, ?, ?, ?)`,
+    [dealId, req.user.userId, revieweeId, rating, comment || null, earliest, latest]
+  );
+
+  res.status(201).json({ id: result.insertId });
+});
+
+export default router;