diff --git a/server.js b/server.js
index bc89235a3bde359d01ea35ea232352a5f8f93405..4c2dc8d3b004a7d203d01dfcc5577a588892be5e 100644
--- a/server.js
+++ b/server.js
@@ -2,41 +2,53 @@ const express = require("express");
const path = require("path");
const session = require("express-session");
const bcrypt = require("bcrypt");
+const multer = require("multer"); // ใช้สำหรับอัปโหลดไฟล์
const pool = require("./config/database");
require("dotenv").config();
const app = express();
-const MySQLStore = require('express-mysql-session')(session);
-const sessionStore = new MySQLStore({
- clearExpired: true,
- checkExpirationInterval: 900000,
- expiration: 86400000
-}, pool);
+// ตั้งค่า Multer สำหรับอัปโหลดไฟล์
+const upload = multer({ dest: "public/uploads/" });
+
+// ตั้งค่า MySQL Session Store
+const MySQLStore = require("express-mysql-session")(session);
+const sessionStore = new MySQLStore(
+ {
+ clearExpired: true,
+ checkExpirationInterval: 900000,
+ expiration: 86400000,
+ },
+ pool
+);
const isLoggedIn = (req, res, next) => {
if (req.session.user) {
next();
} else {
- res.redirect('/login');
+ res.redirect("/login");
}
};
-app.use(session({
- secret: process.env.SESSION_SECRET || "mysecret",
- resave: false,
- saveUninitialized: false,
- store: sessionStore,
- cookie: {
- maxAge: 24 * 60 * 60 * 1000,
- secure: false,
- httpOnly: true,
- },
-}));
+// ตั้งค่า Session Middleware
+app.use(
+ session({
+ secret: process.env.SESSION_SECRET || "mysecret",
+ resave: false,
+ saveUninitialized: false,
+ store: sessionStore,
+ cookie: {
+ maxAge: 24 * 60 * 60 * 1000,
+ secure: false,
+ httpOnly: true,
+ },
+ })
+);
app.use(express.static(path.join(__dirname, "public")));
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
+
app.use((req, res, next) => {
console.log("🔹 Session Data:", req.session);
next();
@@ -49,33 +61,24 @@ const orderRoutes = require("./shop-routes/order");
const cartRoutes = require("./shop-routes/cart");
const indexRoutes = require("./shop-routes/index");
-app.use((req, res, next) => {
- res.locals.session = req.session;
- next();
-});
-
app.use("/", indexRoutes);
app.use("/cart", cartRoutes);
app.use("/order", orderRoutes);
-app.get('/order/checkout', isLoggedIn, (req, res) => {
- res.render('checkout');
+// Checkout (ต้องล็อกอิน)
+app.get("/order/checkout", isLoggedIn, (req, res) => {
+ res.render("checkout");
});
+//อัปเดตตะกร้าสินค้า
app.post("/cart/update", async (req, res) => {
try {
const { cartItemId, quantity } = req.body;
-
if (quantity < 1) {
return res.status(400).json({ message: "Quantity must be at least 1" });
}
- // อัปเดตจำนวนสินค้าในฐานข้อมูล
- await pool.execute(
- "UPDATE cart SET quantity = ? WHERE id = ?",
- [quantity, cartItemId]
- );
-
+ await pool.execute("UPDATE cart SET quantity = ? WHERE id = ?", [quantity, cartItemId]);
res.json({ success: true, message: "Cart updated" });
} catch (error) {
console.error("Update error:", error);
@@ -83,8 +86,9 @@ app.post("/cart/update", async (req, res) => {
}
});
-app.get('/register', (req, res) => {
- res.render('register');
+// Register
+app.get("/register", (req, res) => {
+ res.render("register");
});
app.post("/register", async (req, res) => {
@@ -93,14 +97,14 @@ app.post("/register", async (req, res) => {
if (!email || !password || !name) {
return res.status(400).json({ message: "All fields are required." });
}
-
+
const hashedPassword = await bcrypt.hash(password, 10);
const [existingUser] = await pool.execute("SELECT * FROM users WHERE email = ?", [email]);
-
+
if (existingUser.length > 0) {
return res.status(400).json({ message: "Email is already registered." });
}
-
+
await pool.execute("INSERT INTO users (email, password, name) VALUES (?, ?, ?)", [email, hashedPassword, name]);
res.status(201).json({ success: true, message: "Registration successful." });
} catch (error) {
@@ -108,8 +112,9 @@ app.post("/register", async (req, res) => {
}
});
-app.get('/login', (req, res) => {
- res.render('login');
+// 🔹 Login
+app.get("/login", (req, res) => {
+ res.render("login");
});
app.post("/login", async (req, res) => {
@@ -118,12 +123,12 @@ app.post("/login", async (req, res) => {
if (!email || !password) {
return res.status(400).json({ message: "All fields are required." });
}
-
+
const [users] = await pool.execute("SELECT * FROM users WHERE email = ?", [email]);
if (users.length === 0) {
return res.status(400).json({ message: "Invalid email or password." });
}
-
+
const user = users[0];
const passwordMatch = await bcrypt.compare(password, user.password);
if (!passwordMatch) {
@@ -133,13 +138,13 @@ app.post("/login", async (req, res) => {
req.session.user = { id: user.id, email: user.email };
console.log("User logged in:", req.session);
- return res.redirect('/order/checkout');
+ return res.redirect("/order/checkout");
} catch (error) {
res.status(500).json({ message: "Login failed." });
}
});
-// Logout Routes
+// Logout
app.get("/logout", (req, res) => {
if (!req.session) {
return res.redirect("/login");
@@ -148,26 +153,13 @@ app.get("/logout", (req, res) => {
if (err) {
return res.status(500).json({ message: "Logout failed." });
}
- res.clearCookie('connect.sid');
+ res.clearCookie("connect.sid");
console.log("User logged out.");
res.redirect("/login");
});
});
-app.post("/logout", (req, res) => {
- if (!req.session) {
- return res.status(400).json({ message: "No active session." });
- }
- req.session.destroy(err => {
- if (err) {
- return res.status(500).json({ message: "Logout failed." });
- }
- res.clearCookie('connect.sid');
- console.log("User logged out (POST)");
- res.status(200).json({ message: "Logged out successfully" });
- });
-});
-
+// Search Products
app.get("/search", async (req, res) => {
const searchQuery = req.query.query;
try {
@@ -181,9 +173,42 @@ app.get("/search", async (req, res) => {
}
});
+// API: เพิ่มสินค้า
+app.post("/api/products", upload.single("image"), async (req, res) => {
+ try {
+ const { name, description, price, stock } = req.body;
+ if (!name || !description || !price || !stock) {
+ return res.status(400).json({ message: "All fields are required." });
+ }
+
+ const imageUrl = req.file ? `/uploads/${req.file.filename}` : null;
+ await pool.execute("INSERT INTO products (name, description, price, stock, image) VALUES (?, ?, ?, ?, ?)",
+ [name, description, price, stock, imageUrl]
+ );
+
+ res.status(201).json({ success: true, message: "Product added successfully." });
+ } catch (error) {
+ console.error("Error adding product:", error);
+ res.status(500).json({ message: "Failed to add product." });
+ }
+});
+
+// API: ดึงรายการสินค้า
+app.get("/api/products", async (req, res) => {
+ try {
+ const [products] = await pool.execute("SELECT * FROM products");
+ res.json(products);
+ } catch (error) {
+ console.error("Error fetching products:", error);
+ res.status(500).json({ message: "Failed to fetch products." });
+ }
+});
+
+// Middleware สำหรับจัดการข้อผิดพลาด
app.use((err, req, res, next) => {
res.status(500).json({ message: "Something went wrong." });
});
+// Start Server
const PORT = process.env.PORT || 3000;
-app.listen(PORT, () => console.log(`Server running on port ${PORT}`));
\ No newline at end of file
+app.listen(PORT, () => console.log(` Server running on port ${PORT}`));
\ No newline at end of file