init

backend/src/main.rs

@@ -0,0 +1,177 @@
+use axum::{
+    extract::{DefaultBodyLimit, Multipart, Path, State},
+    http::{HeaderMap, StatusCode},
+    response::{IntoResponse, Json},
+    routing::{get, post},
+    Router,
+};
+use serde::{Deserialize, Serialize};
+use std::{env, fs, path::PathBuf, sync::Arc};
+use tower_http::{
+    cors::{Any, CorsLayer},
+    services::ServeDir,
+};
+use tracing::{error, info};
+
+#[derive(Clone)]
+struct AppState {
+    admin_token: String,
+    data_dir: PathBuf,
+}
+
+#[derive(Serialize)]
+struct PostInfo {
+    slug: String,
+}
+
+#[derive(Serialize)]
+struct PostDetail {
+    slug: String,
+    content: String,
+}
+
+#[derive(Serialize)]
+struct ErrorResponse {
+    error: String,
+}
+
+#[derive(Serialize)]
+struct UploadResponse {
+    url: String,
+}
+
+#[tokio::main]
+async fn main() {
+    tracing_subscriber::fmt::init();
+    dotenvy::dotenv().ok();
+
+    let port = env::var("PORT").unwrap_or_else(|_| "3000".to_string());
+    let admin_token = env::var("ADMIN_TOKEN").unwrap_or_else(|_| "secret".to_string());
+    let data_dir_str = env::var("DATA_DIR").unwrap_or_else(|_| "../data".to_string());
+    let data_dir = PathBuf::from(data_dir_str);
+
+    // Ensure directories exist
+    let posts_dir = data_dir.join("posts");
+    let uploads_dir = data_dir.join("uploads");
+    fs::create_dir_all(&posts_dir).expect("Failed to create posts directory");
+    fs::create_dir_all(&uploads_dir).expect("Failed to create uploads directory");
+
+    let state = Arc::new(AppState {
+        admin_token,
+        data_dir,
+    });
+
+    let cors = CorsLayer::new()
+        .allow_origin(Any)
+        .allow_methods(Any)
+        .allow_headers(Any);
+
+    let app = Router::new()
+        .route("/api/posts", get(list_posts))
+        .route("/api/posts/:slug", get(get_post))
+        .route("/api/upload", post(upload_file))
+        .nest_service("/uploads", ServeDir::new(uploads_dir))
+        .layer(DefaultBodyLimit::max(10 * 1024 * 1024)) // 10MB limit
+        .layer(cors)
+        .with_state(state);
+
+    let addr = format!("0.0.0.0:{}", port);
+    info!("Starting server on {}", addr);
+    let listener = tokio::net::TcpListener::bind(&addr).await.unwrap();
+    axum::serve(listener, app).await.unwrap();
+}
+
+async fn list_posts(State(state): State<Arc<AppState>>) -> impl IntoResponse {
+    let posts_dir = state.data_dir.join("posts");
+    let mut posts = Vec::new();
+
+    if let Ok(entries) = fs::read_dir(posts_dir) {
+        for entry in entries.flatten() {
+            let path = entry.path();
+            if path.extension().and_then(|e| e.to_str()) == Some("md") {
+                if let Some(slug) = path.file_stem().and_then(|s| s.to_str()) {
+                    posts.push(PostInfo {
+                        slug: slug.to_string(),
+                    });
+                }
+            }
+        }
+    }
+
+    Json(posts)
+}
+
+async fn get_post(
+    State(state): State<Arc<AppState>>,
+    Path(slug): Path<String>,
+) -> Result<Json<PostDetail>, (StatusCode, Json<ErrorResponse>)> {
+    let file_path = state.data_dir.join("posts").join(format!("{}.md", slug));
+    
+    // Security check to prevent directory traversal
+    if file_path.parent() != Some(&state.data_dir.join("posts")) {
+        return Err((
+            StatusCode::BAD_REQUEST,
+            Json(ErrorResponse { error: "Invalid slug".to_string() }),
+        ));
+    }
+
+    match fs::read_to_string(&file_path) {
+        Ok(content) => Ok(Json(PostDetail { slug, content })),
+        Err(_) => Err((
+            StatusCode::NOT_FOUND,
+            Json(ErrorResponse { error: "Post not found".to_string() }),
+        )),
+    }
+}
+
+async fn upload_file(
+    State(state): State<Arc<AppState>>,
+    headers: HeaderMap,
+    mut multipart: Multipart,
+) -> Result<Json<UploadResponse>, (StatusCode, Json<ErrorResponse>)> {
+    // Basic Auth Check
+    let auth_header = headers.get("Authorization").and_then(|h| h.to_str().ok());
+    if auth_header != Some(&format!("Bearer {}", state.admin_token)) {
+        return Err((
+            StatusCode::UNAUTHORIZED,
+            Json(ErrorResponse { error: "Unauthorized".to_string() }),
+        ));
+    }
+
+    while let Some(field) = multipart.next_field().await.map_err(|_| {
+        (StatusCode::BAD_REQUEST, Json(ErrorResponse { error: "Multipart error".to_string() }))
+    })? {
+        if let Some(file_name) = field.file_name() {
+            let file_name = slug::slugify(file_name);
+            let uploads_dir = state.data_dir.join("uploads");
+            let file_path = uploads_dir.join(&file_name);
+
+            // Simple conflict resolution
+            let final_path = if file_path.exists() {
+                let timestamp = chrono::Utc::now().timestamp();
+                uploads_dir.join(format!("{}_{}", timestamp, file_name))
+            } else {
+                file_path
+            };
+
+            let final_name = final_path.file_name().unwrap().to_str().unwrap().to_string();
+
+            let data = field.bytes().await.map_err(|_| {
+                (StatusCode::INTERNAL_SERVER_ERROR, Json(ErrorResponse { error: "Read error".to_string() }))
+            })?;
+
+            fs::write(&final_path, &data).map_err(|_| {
+                (StatusCode::INTERNAL_SERVER_ERROR, Json(ErrorResponse { error: "Write error".to_string() }))
+            })?;
+
+            return Ok(Json(UploadResponse {
+                url: format!("/uploads/{}", final_name),
+            }));
+        }
+    }
+
+    Err((
+        StatusCode::BAD_REQUEST,
+        Json(ErrorResponse { error: "No file found".to_string() }),
+    ))
+}