feat(header): add admin UI and APIs for header management

2026-02-04 10:06:22 +07:00
parent 00f93cefab
commit befe6b30aa
12 changed files with 2359 additions and 1622 deletions
--- a/server.js
+++ b/server.js
@@ -34,24 +34,26 @@ app.use(express.json());
 app.use(express.urlencoded({ extended: true }));
 app.use(cookieParser());
 app.use(
-  "/assets",
-  (req, res, next) => {
-    // Cho phép mọi domain truy cập tài nguyên tĩnh
-    res.header("Access-Control-Allow-Origin", "*");
-    res.header("Access-Control-Allow-Methods", "GET");
-    next();
-  },
-  express.static(path.join(__dirname, "assets")),
+    "/assets",
+    (req, res, next) => {
+        // Cho phép mọi domain truy cập tài nguyên tĩnh
+        res.header("Access-Control-Allow-Origin", "*");
+        res.header("Access-Control-Allow-Methods", "GET");
+        next();
+    },
+    express.static(path.join(__dirname, "assets")),
 );
+
+// Serve uploads folder
 app.use(
-  "/uploads",
-  (req, res, next) => {
-    // Cho phép mọi domain truy cập tài nguyên tĩnh
-    res.header("Access-Control-Allow-Origin", "*");
-    res.header("Access-Control-Allow-Methods", "GET");
-    next();
-  },
-  express.static(path.join(__dirname, "public", "uploads")),
+    "/uploads",
+    (req, res, next) => {
+        // Cho phép mọi domain truy cập tài nguyên tĩnh
+        res.header("Access-Control-Allow-Origin", "*");
+        res.header("Access-Control-Allow-Methods", "GET");
+        next();
+    },
+    express.static(path.join(__dirname, "public", "uploads")),
 );

 // Serve other public files
@@ -59,21 +61,21 @@ app.use(express.static(path.join(__dirname, "public")));

 // Session configuration (using MongoDB store to avoid logout khi server restart)
 app.use(
-  session({
-    secret: process.env.SESSION_SECRET || "secret",
-    resave: false,
-    saveUninitialized: false,
-    store: MongoStore.create({
-      mongoUrl: process.env.MONGODB_URI,
-      collectionName: "sessions",
-      ttl: 60 * 60 * 24, // 24 hours (in seconds)
+    session({
+        secret: process.env.SESSION_SECRET || "secret",
+        resave: false,
+        saveUninitialized: false,
+        store: MongoStore.create({
+            mongoUrl: process.env.MONGODB_URI,
+            collectionName: "sessions",
+            ttl: 60 * 60 * 24, // 24 hours (in seconds)
+        }),
+        cookie: {
+            maxAge: 1000 * 60 * 60 * 24, // 24 hours
+            httpOnly: true,
+            sameSite: "lax",
+        },
    }),
-    cookie: {
-      maxAge: 1000 * 60 * 60 * 24, // 24 hours
-      httpOnly: true,
-      sameSite: "lax",
-    },
-  }),
 );

 // Flash messages
@@ -81,32 +83,32 @@ app.use(flash());

 // Global variables
 app.use((req, res, next) => {
-  // Lấy flash messages
-  const success_msg = req.flash("success_msg");
-  const error_msg = req.flash("error_msg");
-  const error = req.flash("error");
+    // Lấy flash messages
+    const success_msg = req.flash("success_msg");
+    const error_msg = req.flash("error_msg");
+    const error = req.flash("error");

-  // Lưu vào res.locals để sử dụng trong views
-  res.locals.success_msg = success_msg.length > 0 ? success_msg[0] : null;
-  res.locals.error_msg = error_msg.length > 0 ? error_msg[0] : null;
-  res.locals.error = error.length > 0 ? error[0] : null;
+    // Lưu vào res.locals để sử dụng trong views
+    res.locals.success_msg = success_msg.length > 0 ? success_msg[0] : null;
+    res.locals.error_msg = error_msg.length > 0 ? error_msg[0] : null;
+    res.locals.error = error.length > 0 ? error[0] : null;

-  // Tạo object flashMessages để sử dụng trong client-side JavaScript
-  res.locals.flashMessagesJSON = JSON.stringify({
-    success_msg: res.locals.success_msg,
-    error_msg: res.locals.error_msg,
-    error: res.locals.error,
-  });
+    // Tạo object flashMessages để sử dụng trong client-side JavaScript
+    res.locals.flashMessagesJSON = JSON.stringify({
+        success_msg: res.locals.success_msg,
+        error_msg: res.locals.error_msg,
+        error: res.locals.error,
+    });

-  res.locals.user = req.session.user || null;
-  res.locals.currentPath = req.path;
-  next();
+    res.locals.user = req.session.user || null;
+    res.locals.currentPath = req.path;
+    next();
 });

 // Kiểm tra và tạo thư mục data nếu chưa tồn tại
 const dataDir = path.join(__dirname, "data");
 if (!fs.existsSync(dataDir)) {
-  fs.mkdirSync(dataDir);
+    fs.mkdirSync(dataDir);
 }

 // Frontend URL configuration
@@ -114,39 +116,30 @@ const FRONTEND_URL = process.env.FRONTEND_URL;

 // Add frontend URL to res.locals for all requests
 app.use((req, res, next) => {
-  res.locals.frontendUrl = FRONTEND_URL;
-  res.locals.currentPath = req.path;
-  next();
+    res.locals.frontendUrl = FRONTEND_URL;
+    res.locals.currentPath = req.path;
+    next();
 });

 // Simple CORS middleware for API endpoints
 app.use((req, res, next) => {
-  // Allow requests from configured FRONTEND_URL or allow all if not set
-  const origin = req.headers.origin;
-  const allowedOrigin = FRONTEND_URL || "*";
+    // Allow requests from configured FRONTEND_URL or allow all if not set
+    const origin = req.headers.origin;
+    const allowedOrigin = FRONTEND_URL || "*";

-  if (allowedOrigin === "*" || origin === allowedOrigin) {
-    res.setHeader(
-      "Access-Control-Allow-Origin",
-      allowedOrigin === "*" ? "*" : origin,
-    );
-    res.setHeader(
-      "Access-Control-Allow-Methods",
-      "GET,POST,PUT,DELETE,OPTIONS",
-    );
-    res.setHeader(
-      "Access-Control-Allow-Headers",
-      "Content-Type, Authorization",
-    );
-    res.setHeader("Access-Control-Allow-Credentials", "true");
-  }
+    if (allowedOrigin === "*" || origin === allowedOrigin) {
+        res.setHeader("Access-Control-Allow-Origin", allowedOrigin === "*" ? "*" : origin);
+        res.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS");
+        res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
+        res.setHeader("Access-Control-Allow-Credentials", "true");
+    }

-  // Handle preflight
-  if (req.method === "OPTIONS") {
-    return res.sendStatus(204);
-  }
+    // Handle preflight
+    if (req.method === "OPTIONS") {
+        return res.sendStatus(204);
+    }

-  next();
+    next();
 });

 // Routes
@@ -160,19 +153,19 @@ app.use("/", indexRoutes);

 // 404 handler
 app.use((req, res) => {
-  res.status(404);
-  if (req.accepts("html"))
-    return res.render("page/404", {
-      title: "404 - Page Not Found",
-      layout: "layouts/main",
-    });
-  if (req.accepts("json")) return res.json({ error: "Not found" });
-  res.type("txt").send("Not found");
+    res.status(404);
+    if (req.accepts("html"))
+        return res.render("page/404", {
+            title: "404 - Page Not Found",
+            layout: "layouts/main",
+        });
+    if (req.accepts("json")) return res.json({ error: "Not found" });
+    res.type("txt").send("Not found");
 });

 // Start server
 const PORT = process.env.PORT || 3001;
 const HOST = process.env.HOST || "localhost";
 app.listen(PORT, HOST, () => {
-  console.log(`🚀 SERVER:[ http://${HOST}:${PORT} ]`);
+    console.log(`🚀 SERVER:[ http://${HOST}:${PORT} ]`);
 });