Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 | 1x 1x 1x 1x 1x 1x 9x 9x 8x 8x 3x 5x 5x 5x 5x 1x 7x 7x 6x 6x 6x 6x 6x 2x 6x 6x 6x 6x 6x 6x 1x 6x 1x 6x 6x 1x 5x 5x 4x 1x 1x 1x 4x 4x 3x 2x 1x 1x 1x | /**
* Admin gift catalog routes — CRUD.
*
* POST /gifts → Create new gift (admin)
* PUT /gifts/:id → Update gift fields (admin)
* DELETE /gifts/:id → Delete gift (admin)
*/
const router = require('express').Router();
const { db } = require('../utils/firebase');
const { requireAdmin } = require('../middleware/auth');
const { generateId, now } = require('../utils/helpers');
const log = require('../utils/log');
// ── Create gift ──
router.post('/gifts', async (req, res) => {
try {
if (requireAdmin(req, res)) return;
const body = req.body;
if (!body?.name || body.coinValue === null || body.coinValue === undefined) {
return res.status(400).json({ error: 'name and coinValue required' });
}
const id = body.id || generateId();
const giftData = {
id,
name: body.name,
coinValue: body.coinValue,
animationUrl: body.animationUrl ?? body.animation_url ?? '',
soundUrl: body.soundUrl ?? body.sound_url ?? '',
iconUrl: body.iconUrl ?? body.icon_url ?? '',
order: body.order ?? 0,
expiresAfterDays: body.expiresAfterDays ?? body.expires_after_days ?? null,
showInStore: body.showInStore !== false && body.show_in_store !== false,
showOnWheel: body.showOnWheel !== false && body.show_on_wheel !== false,
weight: body.weight ?? 1,
};
await Promise.all([
db.doc(`gifts/${id}`).set(giftData),
db.doc(`adminAuditLog/${generateId()}`).set({
adminId: req.auth.uid,
action: 'CREATE_GIFT',
targetUserId: null,
details: `Created gift: ${body.name} (${id})`,
createdAt: now(),
}),
]);
res.json({ success: true, id });
} catch (err) {
log.error('admin-gifts', 'POST /gifts failed', { error: err.message });
res.status(500).json({ error: 'Internal server error' });
}
});
// ── Update gift ──
router.put('/gifts/:id', async (req, res) => {
try {
if (requireAdmin(req, res)) return;
const body = req.body;
Iif (!body) return res.status(400).json({ error: 'Invalid JSON body' });
// Build camelCase update object from either camelCase or snake_case input
const updates = {};
if ('name' in body) updates.name = body.name;
if ('coinValue' in body || 'coin_value' in body)
updates.coinValue = body.coinValue ?? body.coin_value;
Iif ('animationUrl' in body || 'animation_url' in body)
updates.animationUrl = body.animationUrl ?? body.animation_url;
Iif ('soundUrl' in body || 'sound_url' in body)
updates.soundUrl = body.soundUrl ?? body.sound_url;
Iif ('iconUrl' in body || 'icon_url' in body) updates.iconUrl = body.iconUrl ?? body.icon_url;
Iif ('order' in body) updates.order = body.order;
Iif ('expiresAfterDays' in body || 'expires_after_days' in body)
updates.expiresAfterDays = body.expiresAfterDays ?? body.expires_after_days;
if ('showInStore' in body || 'show_in_store' in body)
updates.showInStore = !!(body.showInStore ?? body.show_in_store);
if ('showOnWheel' in body || 'show_on_wheel' in body)
updates.showOnWheel = !!(body.showOnWheel ?? body.show_on_wheel);
Iif ('weight' in body) updates.weight = body.weight;
if (Object.keys(updates).length === 0)
return res.status(400).json({ error: 'No valid fields to update' });
log.info('admin-gifts', 'Updating gift', {
adminId: req.auth.uid,
giftId: req.params.id,
fields: Object.keys(updates),
});
await db.doc(`gifts/${req.params.id}`).update(updates);
res.json({ success: true });
} catch (err) {
log.error('admin-gifts', 'PUT /gifts/:id failed', {
giftId: req.params.id,
error: err.message,
});
res.status(500).json({ error: 'Internal server error' });
}
});
// ── Delete gift ──
router.delete('/gifts/:id', async (req, res) => {
try {
if (requireAdmin(req, res)) return;
await Promise.all([
db.doc(`gifts/${req.params.id}`).delete(),
db.doc(`adminAuditLog/${generateId()}`).set({
adminId: req.auth.uid,
action: 'DELETE_GIFT',
targetUserId: null,
details: `Deleted gift: ${req.params.id}`,
createdAt: now(),
}),
]);
res.json({ success: true });
} catch (err) {
log.error('admin-gifts', 'DELETE /gifts/:id failed', {
giftId: req.params.id,
error: err.message,
});
res.status(500).json({ error: 'Internal server error' });
}
});
module.exports = router;
|