g/ember-market-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

other

Browse Source
This commit is contained in:
NotII
2025-03-10 17:39:37 +00:00
parent c08df8919d
commit 20d5559832
69 changed files with 7676 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
.env.backend Normal file
View File

@@ -0,0 +1,29 @@
MONGO_URI=mongodb://root:OkZl9TEPteFk75@captain.inboxi.ng/mydatabase?authSource=admin
PORT=3001
JWT_SECRET=450417bc552e573f95c6d115b45dee27b8c544e5015ec8dd34147d59e1b0c360e3ab705e08511285bd0f5900e11cc4b6841f6391b24dc2c0e86ac2de473f4cb60b18fdc995304a27225db7ea13cece60f4afa50296a7b640b2042fe9072e1cd675cbd134ffeef9ee5a4b234830c53b98b21dcf8224acc6aec3745f5b7e46106eb2db946263cbf3d41add1a269d96de4034533cc9dcf1b74a155eccd0eae55cd958150c31ef0518346ac0471b7b5c83a6e4b26f9526b1c6702c65c38166db4bde57da1ba65a425e4ffba14b86d0279b907bd2eb29a86fd5b57ed78f5319dd5d78dc258cd801595978e042c4a2ca355825d894f8c4fcd39b57a3f78b1a9fd563758f0688d8f3b439c1cdfd161eb92e5ffea647b3a69c2889acd79e33c3a7dd64d32ddd14919be47cbfc46cea68df355f041530a3b0cddfb1042f7f96af7316a66a09fde4e18391dbe5d001a75ae8f8d44edc764b418a7525f55d5d593ca219336f467090b3d329528fd6535ad2c706eda9ed481da824931167dc4fa44a51cdbd13202ffea1375380c8dbdfec85665612c66d2df4bb44a322c54915fb46da50db6ff8e02d4b602069f0267fd29ec4bf865ac03597488d4ac59837fc1d51704f8dcf176681713ee9a24c3abaf58907f01581f7b2ac44a98cf177d6403ef1cf2b61e92cfa2939654ac9ef805d717c846520a02e6e054bcd2fee5394e1a05eb3d85f0d
INTERNAL_API_KEY=5cffe0dedbbcc8761f6ddc7dc7cc2d299d599
ENCRYPTION_KEY=48c66ee5a54e596e2029ea832a512401099533ece34cb0fbbb8c4023ca68ba8e
ENCRYPTION_IV=539e26d426cd4bac9844a8e446d63ab1
BTC_RPC_USER=your_rpc_user
BTC_RPC_PASSWORD=your_rpc_password
BTC_RPC_HOST=127.0.0.1
BTC_RPC_PORT=8332
LTC_RPC_USER=notiiwasntherexdddd
LTC_RPC_PASSWORD=NYwsxePgMrThiapHnfCzUfaEfVlNKZECwvlqhHcWjerlZfcaTp
LTC_RPC_HOST=127.0.0.1
LTC_RPC_PORT=9332
XMR_RPC_USER=your_rpc_user
XMR_RPC_PASSWORD=your_rpc_password
XMR_RPC_HOST=127.0.0.1
XMR_RPC_PORT=18081
OkZl9TEPteFk75=OkZl9TEPteFk75
WL4E8H72nvSF=WL4E8H72nvSF

5
.env.tor Normal file
View File

@@ -0,0 +1,5 @@
# Tor-specific environment variables
# Using relative URLs for maximum compatibility
NEXT_PUBLIC_API_URL=/api
# Flag to indicate we're running in Tor mode
NEXT_PUBLIC_TOR_MODE=true

83
COMBINED-README.md Normal file
View File

@@ -0,0 +1,83 @@
# Ember Market Integrated Application
This project combines both the Ember Market frontend (Next.js) and backend (Express) into a single application. This approach eliminates the need to run two separate servers and avoids routing conflicts between Next.js and Express.
## Setup Instructions
1. **Clone both repositories** if you haven't already:
```bash
git clone https://github.com/your-username/ember-market-frontend.git
git clone https://github.com/your-username/ember-market-backend.git
```
2. **Install dependencies**:
```bash
cd ember-market-frontend
npm install
```
3. **Run the setup script** to copy backend files to the frontend project:
```bash
npm run setup-backend
```
4. **Update environment variables**:
- The setup script copies the backend `.env` file to `.env.backend` in the frontend project
- Make sure to review and adjust environment variables as needed
- Ensure MongoDB connection string and other critical variables are set correctly
## Running the Application
### Development Mode
```bash
npm run dev:custom
```
This starts the combined server in development mode on port 3000 (or the port specified in your environment variables).
### Production Mode
```bash
npm run build
npm run start:custom
```
## How It Works
This integration uses a custom Express server that:
1. Handles API routes at `/api/*` using the existing Express backend code
2. Delegates all other routes to Next.js to handle frontend rendering
### Key Files
- `server.js`: Custom server that combines Express and Next.js
- `setup-backend.js`: Script to copy backend files into the frontend project
- `next.config.mjs`: Configured to work with the custom Express server
## API Routes
All backend API routes are available at the same paths as before, but now they're served from the same server as your frontend:
- Authentication: `/api/auth/*`
- Products: `/api/products/*`
- Orders: `/api/orders/*`
- etc.
## Development Workflow
When making changes:
1. **Frontend changes**: Modify files in the frontend project as usual
2. **Backend changes**: You have two options:
- Make changes in the original backend repo and run `npm run setup-backend` to sync
- Make changes directly in the frontend project's `backend/` directory
Remember that changes made directly in the frontend project's `backend/` directory won't automatically sync back to the original backend repository.
## Troubleshooting
- **Port conflicts**: Make sure no other service is using port 3000 (or your configured port)
- **MongoDB connection issues**: Verify your connection string in the environment variables
- **Path issues**: Ensure paths in imports are correct for the new project structure

4
Dockerfile
View File

@@ -7,7 +7,7 @@ RUN npm install --force
COPY . .
ENV NEXT_PUBLIC_API_URL=https://internal-api.inboxi.ng/api
ENV NEXT_PUBLIC_API_URL=/api
# Build the Next.js application
RUN npm run build
@@ -28,7 +28,7 @@ COPY --from=builder /app/node_modules ./node_modules
EXPOSE 3000
ENV NODE_ENV=production
ENV NEXT_PUBLIC_API_URL=https://internal-api.inboxi.ng/api
ENV NEXT_PUBLIC_API_URL=/api
# Start Next.js server

61
TOR-README.md Normal file
View File

@@ -0,0 +1,61 @@
# Ember Market on Tor
This document explains how to run Ember Market in a Tor-friendly way, ensuring compatibility with .onion domains and the Tor network.
## Tor-Optimized Configuration
The application is designed to work seamlessly with Tor by:
1. Using relative URLs throughout the codebase
2. Avoiding hardcoded domain names
3. Ensuring all API requests work regardless of the domain
## Running in Tor Mode
To start the application in Tor mode:
```bash
# Development
npm run dev:tor
# Production
npm run start:tor
```
These commands use the `.env.tor` configuration file, which sets appropriate environment variables for Tor usage.
## Accessing via .onion Domain
When deployed to a Tor hidden service:
1. The application automatically detects the .onion domain
2. All API requests are made relative to the current domain
3. No changes are needed to the codebase or configuration
## Security Considerations for Tor
- All API requests use relative URLs to prevent domain leakage
- Authentication is performed on the same domain to maintain anonymity
- No external resources are loaded that could compromise Tor anonymity
## Deployment to a Tor Hidden Service
To deploy as a Tor hidden service:
1. Set up a Tor hidden service pointing to the application port (default: 3000)
2. Use the `start:tor` script to ensure proper environment variables
3. The application will automatically work with the .onion domain
## Checking Tor Compatibility
To verify the application is working correctly with Tor:
1. Check network requests in the browser's developer tools
2. All API requests should go to relative paths (e.g., `/api/auth/me`)
3. No absolute URLs should be used in requests
## Troubleshooting Tor Issues
- If authentication fails, check that cookies are enabled in your Tor browser
- If API requests fail, verify that the application is accessible via the .onion domain
- For security issues, ensure JavaScript is enabled for the .onion domain in Tor browser settings

45
app/dashboard/page.tsx
View File

@@ -1,6 +1,9 @@
'use client';
import { useEffect, useState } from 'react';
import Dashboard from "@/components/dashboard/dashboard";
import Content from "@/components/dashboard/content";
import { fetchServer } from '@/lib/server-service';
import { fetchClient } from '@/lib/client-service';
// ✅ Corrected Vendor Type
interface Vendor {
@@ -22,13 +25,43 @@ interface OrderStats {
cancelledOrders: number;
}
export default async function DashboardPage() {
const [userResponse, orderStats] = await Promise.all([
fetchServer<User>("/auth/me"),
fetchServer<OrderStats>("/orders/stats"),
export default function DashboardPage() {
const [vendor, setVendor] = useState<Vendor | null>(null);
const [orderStats, setOrderStats] = useState<OrderStats | null>(null);
const [loading, setLoading] = useState(true);
const [error, setError] = useState<string | null>(null);
useEffect(() => {
async function fetchData() {
try {
setLoading(true);
// Fetch data from API using relative URLs and client-side fetch
const [userResponse, stats] = await Promise.all([
fetchClient<User>("auth/me"),
fetchClient<OrderStats>("orders/stats"),
]);
const vendor = userResponse.vendor;
setVendor(userResponse.vendor);
setOrderStats(stats);
} catch (err) {
console.error('Error fetching dashboard data:', err);
setError('Failed to load dashboard data');
} finally {
setLoading(false);
}
}
fetchData();
}, []);
if (loading) {
return <Dashboard><div>Loading dashboard...</div></Dashboard>;
}
if (error || !vendor || !orderStats) {
return <Dashboard><div>Error: {error || 'Failed to load data'}</div></Dashboard>;
}
return (
<Dashboard>

19
backend/config/db.js Normal file
View File

@@ -0,0 +1,19 @@
import mongoose from "mongoose";
import dotenv from "dotenv";
dotenv.config();
const connectDB = async () => {
try {
await mongoose.connect(process.env.MONGO_URI, {
useNewUrlParser: true,
useUnifiedTopology: true,
});
console.log("✅ MongoDB Connected");
} catch (error) {
console.error("❌ MongoDB Connection Error:", error);
process.exit(1); // Exit on failure
}
};
export default connectDB;

521
backend/controllers/chat.controller.js Normal file
View File

@@ -0,0 +1,521 @@
import Chat from "../models/Chat.model.js";
import Store from "../models/Store.model.js";
import Vendor from "../models/Vendor.model.js";
import { encryptWithPGP } from "../utils/encryptPgp.js";
import logger from "../utils/logger.js";
import { sendTelegramMessage } from "../utils/telegramUtils.js";
import axios from "axios";
// Get all chats for a vendor
export const getVendorChats = async (req, res) => {
try {
const { vendorId } = req.params;
// Check if vendor exists and requester has access
if (req.user._id.toString() !== vendorId) {
return res.status(403).json({ error: "Not authorized to access these chats" });
}
const chats = await Chat.find({ vendorId })
.sort({ lastUpdated: -1 })
.select("-messages") // Don't include messages in the list view
.lean();
return res.status(200).json(chats);
} catch (error) {
logger.error("Error getting vendor chats", { error: error.message, stack: error.stack });
return res.status(500).json({ error: "Server error getting chats" });
}
};
// Get all messages in a specific chat
export const getChatMessages = async (req, res) => {
try {
const { chatId } = req.params;
const { markAsRead = "true" } = req.query; // Default to true for backward compatibility
const shouldMarkAsRead = markAsRead === "true";
const chat = await Chat.findById(chatId).lean();
if (!chat) {
return res.status(404).json({ error: "Chat not found" });
}
// Check if user has access to this chat
if (req.user && chat.vendorId.toString() !== req.user._id.toString()) {
return res.status(403).json({ error: "Not authorized to access this chat" });
}
// Only mark messages as read if markAsRead parameter is true
if (shouldMarkAsRead) {
// Mark all vendor messages as read if the request is from the buyer
if (req.telegramUser && chat.buyerId === req.telegramUser.telegramId) {
await Chat.updateMany(
{ _id: chatId, "messages.sender": "vendor", "messages.read": false },
{ $set: { "messages.$[elem].read": true } },
{ arrayFilters: [{ "elem.sender": "vendor", "elem.read": false }] }
);
}
// Mark all buyer messages as read if the request is from the vendor
if (req.user && chat.vendorId.toString() === req.user._id.toString()) {
await Chat.updateMany(
{ _id: chatId, "messages.sender": "buyer", "messages.read": false },
{ $set: { "messages.$[elem].read": true } },
{ arrayFilters: [{ "elem.sender": "buyer", "elem.read": false }] }
);
}
}
return res.status(200).json(chat);
} catch (error) {
logger.error("Error getting chat messages", { error: error.message, stack: error.stack });
return res.status(500).json({ error: "Server error getting chat messages" });
}
};
// Explicitly mark messages as read
export const markMessagesAsRead = async (req, res) => {
try {
const { chatId } = req.params;
const chat = await Chat.findById(chatId);
if (!chat) {
return res.status(404).json({ error: "Chat not found" });
}
// Check if user has access to this chat
if (req.user && chat.vendorId.toString() !== req.user._id.toString()) {
return res.status(403).json({ error: "Not authorized to access this chat" });
}
// Mark all buyer messages as read if the request is from the vendor
if (req.user && chat.vendorId.toString() === req.user._id.toString()) {
await Chat.updateMany(
{ _id: chatId, "messages.sender": "buyer", "messages.read": false },
{ $set: { "messages.$[elem].read": true } },
{ arrayFilters: [{ "elem.sender": "buyer", "elem.read": false }] }
);
logger.info("Marked all buyer messages as read", { chatId });
}
return res.status(200).json({ success: true });
} catch (error) {
logger.error("Error marking messages as read", { error: error.message, stack: error.stack });
return res.status(500).json({ error: "Server error marking messages as read" });
}
};
// Send a message from vendor to buyer
export const sendVendorMessage = async (req, res) => {
try {
const { chatId } = req.params;
const { content, attachments } = req.body;
if (!content && (!attachments || attachments.length === 0)) {
return res.status(400).json({ error: "Message content or attachments required" });
}
const chat = await Chat.findById(chatId);
if (!chat) {
return res.status(404).json({ error: "Chat not found" });
}
// Check vendor authorization
if (chat.vendorId.toString() !== req.user._id.toString()) {
return res.status(403).json({ error: "Not authorized to send messages in this chat" });
}
// Create the new message
const newMessage = {
sender: "vendor",
buyerId: chat.buyerId,
vendorId: chat.vendorId,
content: content || "",
attachments: attachments || [],
read: false,
createdAt: new Date()
};
// Add message to chat
chat.messages.push(newMessage);
chat.lastUpdated = new Date();
await chat.save();
// Send notification to Telegram client if configured
try {
const store = await Store.findById(chat.storeId);
if (!store) {
logger.warn("Store not found for chat notification", { chatId, storeId: chat.storeId });
} else {
// Get store name for the notification
const storeName = store.storeName || "Vendor";
// Check if store has telegram token
if (store.telegramToken) {
logger.info("Sending Telegram notification", { buyerId: chat.buyerId, storeId: store._id });
// Format the message with emoji and preview
const notificationMessage = `📬 New message from ${storeName}: ${content.substring(0, 50)}${content.length > 50 ? '...' : ''}`;
// Use the sendTelegramMessage utility instead of axios
const success = await sendTelegramMessage(
store.telegramToken,
chat.buyerId,
notificationMessage
);
if (success) {
logger.info("Telegram notification sent successfully", { chatId, buyerId: chat.buyerId });
} else {
logger.error("Failed to send Telegram notification", {
chatId,
buyerId: chat.buyerId
});
}
} else {
logger.warn("Store missing telegramToken", { storeId: store._id });
}
}
} catch (notifyError) {
// Log but don't fail if notification fails
logger.error("Notification system error", {
error: notifyError.message,
stack: notifyError.stack,
chatId
});
}
return res.status(201).json(newMessage);
} catch (error) {
logger.error("Error sending vendor message", { error: error.message, stack: error.stack });
return res.status(500).json({ error: "Server error sending message" });
}
};
// Process an incoming message from the Telegram client
export const processTelegramMessage = async (req, res) => {
try {
const { buyerId, storeId, content, attachments } = req.body;
if (!buyerId || !storeId) {
return res.status(400).json({ error: "Buyer ID and Store ID are required" });
}
if (!content && (!attachments || attachments.length === 0)) {
return res.status(400).json({ error: "Message content or attachments required" });
}
// Find the store
const store = await Store.findById(storeId);
if (!store) {
logger.error("Store not found for Telegram message", { storeId });
return res.status(404).json({ error: "Store not found" });
}
// Check if vendorId field exists in store
if (!store.vendorId) {
logger.error("Store missing vendorId field", { storeId, store });
return res.status(500).json({ error: "Store data is invalid (missing vendorId)" });
}
// Find or create a chat
let chat = await Chat.findOne({ buyerId, storeId });
if (!chat) {
// Create a new chat
chat = new Chat({
buyerId,
vendorId: store.vendorId,
storeId,
messages: [],
});
}
// Create the new message
const newMessage = {
sender: "buyer",
buyerId,
vendorId: store.vendorId,
content: content || "",
attachments: attachments || [],
read: false,
createdAt: new Date()
};
// Add message to chat
chat.messages.push(newMessage);
chat.lastUpdated = new Date();
await chat.save();
return res.status(201).json({
success: true,
chatId: chat._id,
message: newMessage
});
} catch (error) {
logger.error("Error processing Telegram message", { error: error.message, stack: error.stack });
return res.status(500).json({ error: "Server error processing message" });
}
};
// Get unread message counts for a vendor
export const getVendorUnreadCounts = async (req, res) => {
try {
const { vendorId } = req.params;
// Check if vendor is authorized
if (req.user._id.toString() !== vendorId) {
return res.status(403).json({ error: "Not authorized" });
}
// Find all chats for this vendor
const chats = await Chat.find({ vendorId });
// Calculate unread counts
const result = {
totalUnread: 0,
chatCounts: {}
};
chats.forEach(chat => {
const unreadCount = chat.messages.filter(
msg => msg.sender === "buyer" && !msg.read
).length;
if (unreadCount > 0) {
result.totalUnread += unreadCount;
result.chatCounts[chat._id] = unreadCount;
}
});
return res.status(200).json(result);
} catch (error) {
logger.error("Error getting unread counts", { error: error.message, stack: error.stack });
return res.status(500).json({ error: "Server error getting unread counts" });
}
};
// Create a new chat directly (for customer service purposes)
export const createChat = async (req, res) => {
try {
const { buyerId, storeId, initialMessage } = req.body;
if (!buyerId || !storeId) {
return res.status(400).json({ error: "Buyer ID and Store ID are required" });
}
// Find the store and vendor
const store = await Store.findById(storeId);
console.log("Store data:", JSON.stringify(store, null, 2));
console.log("Authenticated user:", JSON.stringify(req.user, null, 2));
if (!store) {
return res.status(404).json({ error: "Store not found" });
}
// Check if vendorId field exists in store
if (!store.vendorId) {
logger.error("Store missing vendorId field", { storeId, store });
return res.status(500).json({ error: "Store data is invalid (missing vendorId)" });
}
// Check if requester is authorized for this store
if (req.user._id.toString() !== store.vendorId.toString()) {
return res.status(403).json({ error: "Not authorized to create chats for this store" });
}
// Check if chat already exists
const existingChat = await Chat.findOne({ buyerId, storeId });
if (existingChat) {
return res.status(409).json({
error: "Chat already exists",
chatId: existingChat._id
});
}
// Create a new chat
const chat = new Chat({
buyerId,
vendorId: store.vendorId,
storeId,
messages: [],
});
// Add initial message if provided
if (initialMessage) {
chat.messages.push({
sender: "vendor",
buyerId,
vendorId: store.vendorId,
content: initialMessage,
read: false,
createdAt: new Date()
});
}
chat.lastUpdated = new Date();
await chat.save();
// Send notification to Telegram if configured
try {
if (initialMessage) {
// Get store name for the notification
const storeName = store.storeName || "Vendor";
// Check if store has telegram token
if (store.telegramToken) {
logger.info("Sending Telegram notification for new chat", { buyerId, storeId: store._id });
// Format the message with emoji and preview
const notificationMessage = `📬 New chat created by ${storeName}: ${initialMessage.substring(0, 50)}${initialMessage.length > 50 ? '...' : ''}`;
// Use the sendTelegramMessage utility instead of axios
const success = await sendTelegramMessage(
store.telegramToken,
buyerId,
notificationMessage
);
if (success) {
logger.info("Telegram notification for new chat sent successfully", { chatId: chat._id, buyerId });
} else {
logger.error("Failed to send Telegram notification for new chat", {
chatId: chat._id,
buyerId
});
}
} else {
logger.warn("Store missing telegramToken for new chat notification", { storeId: store._id });
}
}
} catch (notifyError) {
logger.error("Notification system error for new chat", {
error: notifyError.message,
stack: notifyError.stack,
chatId: chat._id,
buyerId,
storeId
});
}
return res.status(201).json({
success: true,
chatId: chat._id
});
} catch (error) {
logger.error("Error creating chat", { error: error.message, stack: error.stack });
return res.status(500).json({ error: "Server error creating chat" });
}
};
// Create a chat from Telegram client
export const createTelegramChat = async (req, res) => {
try {
const { buyerId, storeId, initialMessage } = req.body;
if (!buyerId || !storeId) {
return res.status(400).json({ error: "Buyer ID and Store ID are required" });
}
// Find the store
const store = await Store.findById(storeId);
if (!store) {
logger.error("Store not found for Telegram chat creation", { storeId });
return res.status(404).json({ error: "Store not found" });
}
// Check if vendorId field exists in store
if (!store.vendorId) {
logger.error("Store missing vendorId field", { storeId, store });
return res.status(500).json({ error: "Store data is invalid (missing vendorId)" });
}
// Check if chat already exists
const existingChat = await Chat.findOne({ buyerId, storeId });
// If chat exists, just return it
if (existingChat) {
logger.info("Chat already exists, returning existing chat", {
chatId: existingChat._id,
buyerId,
storeId
});
// Add initial message to existing chat if provided
if (initialMessage) {
existingChat.messages.push({
sender: "buyer",
buyerId,
vendorId: store.vendorId,
content: initialMessage,
read: false,
createdAt: new Date()
});
existingChat.lastUpdated = new Date();
await existingChat.save();
// Notify vendor about the new message
// This would typically be done through a notification system
logger.info("Added message to existing chat", {
chatId: existingChat._id,
buyerId,
message: initialMessage.substring(0, 50)
});
}
return res.status(200).json({
message: "Using existing chat",
chatId: existingChat._id
});
}
// Create a new chat
const chat = new Chat({
buyerId,
vendorId: store.vendorId,
storeId,
messages: [],
});
// Add initial message if provided
if (initialMessage) {
chat.messages.push({
sender: "buyer",
buyerId,
vendorId: store.vendorId,
content: initialMessage,
read: false,
createdAt: new Date()
});
}
chat.lastUpdated = new Date();
await chat.save();
logger.info("New chat created from Telegram", {
chatId: chat._id,
buyerId,
storeId
});
return res.status(201).json({
message: "Chat created successfully",
chatId: chat._id
});
} catch (error) {
logger.error("Error creating chat from Telegram", {
error: error.message,
stack: error.stack,
buyerId: req.body.buyerId,
storeId: req.body.storeId
});
return res.status(500).json({ error: "Server error creating chat" });
}
};

69
backend/controllers/cryptoController.js Normal file
View File

@@ -0,0 +1,69 @@
import ky from "ky";
import logger from "../utils/logger.js"
// Global object to store the latest crypto prices
const cryptoPrices = {
btc: null,
ltc: null,
xmr: null,
lastUpdated: null,
};
/**
* Fetch crypto prices from the CoinGecko API and update the global `cryptoPrices` object.
*/
const fetchCryptoPrices = async () => {
try {
const url =
"https://api.coingecko.com/api/v3/simple/price?ids=bitcoin,litecoin,monero&vs_currencies=gbp";
// Fetch using Ky with automatic JSON parsing
const data = await ky.get(url).json();
// Update the stored crypto prices
cryptoPrices.btc = data.bitcoin?.gbp ?? null;
cryptoPrices.ltc = data.litecoin?.gbp ?? null;
cryptoPrices.xmr = data.monero?.gbp ?? null;
cryptoPrices.lastUpdated = new Date().toISOString();
logger.info("✅ Crypto prices updated", { cryptoPrices });
} catch (error) {
logger.error("❌ Error fetching crypto prices", {
message: error.message || "Unknown error",
});
}
};
/**
* Starts the automatic crypto price updater.
* @param {number} interval - Update interval in seconds.
*/
const startCryptoPriceUpdater = (interval) => {
logger.info(`🚀 Starting crypto price updater (every ${interval} seconds)`);
fetchCryptoPrices(); // Fetch immediately
setInterval(fetchCryptoPrices, interval * 1000); // Fetch periodically
};
/**
* API Route: Get the latest crypto prices.
* @route GET /api/crypto
*/
const getCryptoPrices = async (req, res) => {
try {
res.json({
success: true,
prices: cryptoPrices,
});
} catch (error) {
logger.error("❌ Error getting crypto prices", {
message: error.message || "Unknown error",
});
res.status(500).json({ success: false, error: "Internal Server Error" });
}
};
const returnCryptoPrices = () => {
return cryptoPrices;
};
export { startCryptoPriceUpdater, getCryptoPrices, returnCryptoPrices };

271
backend/controllers/promotion.controller.js Normal file
View File

@@ -0,0 +1,271 @@
import Promotion from "../models/Promotion.model.js";
import logger from "../utils/logger.js";
/**
* Get all promotions for a store
*/
export const getPromotions = async (req, res) => {
try {
const { query } = req;
const filter = { storeId: req.user.storeId };
// Apply filters if provided
if (query.isActive) {
filter.isActive = query.isActive === 'true';
}
if (query.search) {
filter.code = { $regex: query.search, $options: 'i' };
}
// Handle date filters
if (query.active === 'true') {
const now = new Date();
filter.startDate = { $lte: now };
filter.$or = [
{ endDate: null },
{ endDate: { $gte: now } }
];
filter.isActive = true;
}
const promotions = await Promotion.find(filter).sort({ createdAt: -1 });
return res.status(200).json(promotions);
} catch (error) {
logger.error("Error fetching promotions", { error });
return res.status(500).json({ message: "Failed to fetch promotions", error: error.message });
}
};
/**
* Get a single promotion by ID
*/
export const getPromotionById = async (req, res) => {
try {
const { id } = req.params;
const promotion = await Promotion.findOne({
_id: id,
storeId: req.user.storeId
});
if (!promotion) {
return res.status(404).json({ message: "Promotion not found" });
}
return res.status(200).json(promotion);
} catch (error) {
logger.error("Error fetching promotion", { error });
return res.status(500).json({ message: "Failed to fetch promotion", error: error.message });
}
};
/**
* Create a new promotion
*/
export const createPromotion = async (req, res) => {
try {
const {
code,
discountType,
discountValue,
minOrderAmount = 0,
maxUsage = null,
isActive = true,
startDate = new Date(),
endDate = null,
description = ""
} = req.body;
// Validate required fields
if (!code || !discountType || discountValue === undefined) {
return res.status(400).json({ message: "Code, discount type, and discount value are required" });
}
// Check if code already exists for this store
const existingPromo = await Promotion.findOne({
storeId: req.user.storeId,
code: code.toUpperCase()
});
if (existingPromo) {
return res.status(400).json({ message: "A promotion with this code already exists" });
}
// Create new promotion
const newPromotion = new Promotion({
storeId: req.user.storeId,
code: code.toUpperCase(),
discountType,
discountValue,
minOrderAmount,
maxUsage,
isActive,
startDate,
endDate,
description
});
await newPromotion.save();
return res.status(201).json(newPromotion);
} catch (error) {
logger.error("Error creating promotion", { error });
if (error.name === 'ValidationError') {
return res.status(400).json({
message: "Invalid promotion data",
details: Object.values(error.errors).map(err => err.message)
});
}
return res.status(500).json({ message: "Failed to create promotion", error: error.message });
}
};
/**
* Update an existing promotion
*/
export const updatePromotion = async (req, res) => {
try {
const { id } = req.params;
const updates = req.body;
// Ensure the promotion exists and belongs to the vendor's store
const promotion = await Promotion.findOne({
_id: id,
storeId: req.user.storeId
});
if (!promotion) {
return res.status(404).json({ message: "Promotion not found" });
}
// Remove storeId from updates if present (can't change store)
if (updates.storeId) {
delete updates.storeId;
}
// Ensure code is uppercase if present
if (updates.code) {
updates.code = updates.code.toUpperCase();
// Check if updated code conflicts with existing promo
const codeExists = await Promotion.findOne({
storeId: req.user.storeId,
code: updates.code,
_id: { $ne: id } // Exclude current promotion
});
if (codeExists) {
return res.status(400).json({ message: "A promotion with this code already exists" });
}
}
// Update the promotion
const updatedPromotion = await Promotion.findByIdAndUpdate(
id,
{ ...updates, updatedAt: new Date() },
{ new: true, runValidators: true }
);
return res.status(200).json(updatedPromotion);
} catch (error) {
logger.error("Error updating promotion", { error });
if (error.name === 'ValidationError') {
return res.status(400).json({
message: "Invalid promotion data",
details: Object.values(error.errors).map(err => err.message)
});
}
return res.status(500).json({ message: "Failed to update promotion", error: error.message });
}
};
/**
* Delete a promotion
*/
export const deletePromotion = async (req, res) => {
try {
const { id } = req.params;
// Ensure the promotion exists and belongs to the vendor's store
const promotion = await Promotion.findOne({
_id: id,
storeId: req.user.storeId
});
if (!promotion) {
return res.status(404).json({ message: "Promotion not found" });
}
await Promotion.findByIdAndDelete(id);
return res.status(200).json({ message: "Promotion deleted successfully" });
} catch (error) {
logger.error("Error deleting promotion", { error });
return res.status(500).json({ message: "Failed to delete promotion", error: error.message });
}
};
/**
* Validate a promotion code for a store
*/
export const validatePromotion = async (req, res) => {
try {
const { code, orderTotal } = req.body;
const { storeId } = req.params;
if (!code || !storeId) {
return res.status(400).json({ message: "Promotion code and store ID are required" });
}
// Find the promotion
const promotion = await Promotion.findOne({
storeId,
code: code.toUpperCase(),
isActive: true,
});
if (!promotion) {
return res.status(404).json({ message: "Promotion not found or inactive" });
}
// Check if the promotion is valid
if (!promotion.isValid()) {
return res.status(400).json({ message: "Promotion is no longer valid" });
}
// Check minimum order amount
if (orderTotal && orderTotal < promotion.minOrderAmount) {
return res.status(400).json({
message: `Order total must be at least £${promotion.minOrderAmount} to use this promotion`,
minOrderAmount: promotion.minOrderAmount
});
}
// Calculate discount if order total provided
let discountAmount = null;
if (orderTotal) {
discountAmount = promotion.calculateDiscount(orderTotal);
}
return res.status(200).json({
promotion: {
_id: promotion._id,
code: promotion.code,
discountType: promotion.discountType,
discountValue: promotion.discountValue,
minOrderAmount: promotion.minOrderAmount,
},
discountAmount,
message: "Promotion is valid"
});
} catch (error) {
logger.error("Error validating promotion", { error });
return res.status(500).json({ message: "Failed to validate promotion", error: error.message });
}
};

151
backend/controllers/stock.controller.js Normal file
View File

@@ -0,0 +1,151 @@
import Product from "../models/Product.model.js";
import Order from "../models/Order.model.js";
import Store from "../models/Store.model.js";
import mongoose from "mongoose";
import logger from "../utils/logger.js";
/**
* Updates a product's stock quantity
*/
export const updateStock = async (req, res) => {
try {
const { productId } = req.params;
const { currentStock, stockTracking, lowStockThreshold } = req.body;
if (currentStock === undefined) {
return res.status(400).json({ message: "Stock quantity is required" });
}
// Validate product exists and belongs to the vendor's store
const product = await Product.findOne({
_id: productId,
storeId: req.user.storeId
});
if (!product) {
return res.status(404).json({ message: "Product not found" });
}
// Update stock values
let stockStatus = "in_stock";
if (currentStock <= 0) {
stockStatus = "out_of_stock";
} else if (currentStock <= (lowStockThreshold || product.lowStockThreshold)) {
stockStatus = "low_stock";
}
const updatedProduct = await Product.findByIdAndUpdate(
productId,
{
currentStock: currentStock,
stockTracking: stockTracking !== undefined ? stockTracking : product.stockTracking,
lowStockThreshold: lowStockThreshold !== undefined ? lowStockThreshold : product.lowStockThreshold,
stockStatus: stockStatus
},
{ new: true }
);
return res.status(200).json(updatedProduct);
} catch (error) {
logger.error("Error updating stock", { error });
return res.status(500).json({ message: "Failed to update stock", error: error.message });
}
};
/**
* Gets stock information for all products in a store
*/
export const getStoreStock = async (req, res) => {
try {
const products = await Product.find({ storeId: req.user.storeId })
.select('_id name currentStock stockTracking stockStatus lowStockThreshold')
.sort({ stockStatus: 1, name: 1 });
return res.status(200).json(products);
} catch (error) {
logger.error("Error fetching store stock", { error });
return res.status(500).json({ message: "Failed to fetch stock information", error: error.message });
}
};
/**
* Updates stock levels when an order is placed
* This should be called from the order creation logic
*/
export const decreaseStockOnOrder = async (order) => {
try {
// Process each ordered product
for (const item of order.products) {
const product = await Product.findById(item.productId);
// Skip if product doesn't exist or stock tracking is disabled
if (!product || !product.stockTracking) continue;
// Calculate new stock level
let newStock = Math.max(0, product.currentStock - item.quantity);
let stockStatus = "in_stock";
if (newStock <= 0) {
stockStatus = "out_of_stock";
} else if (newStock <= product.lowStockThreshold) {
stockStatus = "low_stock";
}
// Update the product stock
await Product.findByIdAndUpdate(
item.productId,
{
currentStock: newStock,
stockStatus: stockStatus
},
{ new: true }
);
}
return true;
} catch (error) {
logger.error("Error decreasing stock on order", { orderId: order._id, error });
return false;
}
};
/**
* Restores stock when an order is cancelled
*/
export const restoreStockOnCancel = async (order) => {
try {
// Process each ordered product
for (const item of order.products) {
const product = await Product.findById(item.productId);
// Skip if product doesn't exist or stock tracking is disabled
if (!product || !product.stockTracking) continue;
// Calculate new stock level
let newStock = product.currentStock + item.quantity;
let stockStatus = "in_stock";
if (newStock <= 0) {
stockStatus = "out_of_stock";
} else if (newStock <= product.lowStockThreshold) {
stockStatus = "low_stock";
}
// Update the product stock
await Product.findByIdAndUpdate(
item.productId,
{
currentStock: newStock,
stockStatus: stockStatus
},
{ new: true }
);
}
return true;
} catch (error) {
logger.error("Error restoring stock on cancel", { orderId: order._id, error });
return false;
}
};

39
backend/controllers/vendor.controller.js Normal file
View File

@@ -0,0 +1,39 @@
// Handle notifications from Telegram to vendors
export const notifyVendor = async (req, res) => {
try {
const { buyerId, storeId, message, source } = req.body;
if (!buyerId || !storeId || !message) {
return res.status(400).json({ error: "Missing required parameters" });
}
// Find the store and check if it exists
const store = await Store.findById(storeId);
if (!store) {
logger.warn("Store not found for vendor notification", { storeId });
return res.status(404).json({ error: "Store not found" });
}
// Get the vendor
const vendor = await Vendor.findById(store.vendorId);
if (!vendor) {
logger.warn("Vendor not found for notification", { storeId, vendorId: store.vendorId });
return res.status(404).json({ error: "Vendor not found" });
}
// Future enhancement: could implement WebSocket/Server-Sent Events for real-time notifications
// For now, we'll just track that the notification was processed
logger.info("Processed vendor notification", {
buyerId,
storeId,
vendorId: vendor._id,
source: source || "unknown"
});
return res.status(200).json({ success: true });
} catch (error) {
logger.error("Error processing vendor notification", { error: error.message, stack: error.stack });
return res.status(500).json({ error: "Server error processing notification" });
}
};

112
backend/index.js Normal file
View File

@@ -0,0 +1,112 @@
import express from "express";
import dotenv from "dotenv";
import cors from "cors";
import connectDB from "./config/db.js";
import logger from "./utils/logger.js";
// Routes
import authRoutes from "./routes/auth.routes.js";
import inviteRoutes from "./routes/invites.routes.js";
import staffAuthRoutes from "./routes/staffAuth.routes.js";
import orderRoutes from "./routes/orders.routes.js";
import productRoutes from "./routes/products.routes.js";
import categoryRoutes from "./routes/categories.routes.js";
import shippingRoutes from "./routes/shipping.routes.js";
import storeRoutes from "./routes/storefront.routes.js";
import cryptoRoutes from "./routes/crypto.routes.js";
import blockedUsersRoutes from "./routes/blockedUsers.routes.js";
import chatRoutes from "./routes/chat.routes.js";
import stockRoutes from "./routes/stock.routes.js";
import promotionRoutes from "./routes/promotion.routes.js";
import { startCryptoPriceUpdater } from "./controllers/cryptoController.js";
// Direct routes for Telegram API to bypass JWT middleware
import { protectTelegramApi } from "./middleware/telegramAuthMiddleware.js";
import { processTelegramMessage, createTelegramChat } from "./controllers/chat.controller.js";
dotenv.config();
const app = express();
connectDB();
// Add security headers and handle CORS
app.use((req, res, next) => {
// Basic security headers
res.setHeader('X-Content-Type-Options', 'nosniff');
res.setHeader('X-Frame-Options', 'DENY');
res.setHeader('X-XSS-Protection', '1; mode=block');
// Handle CORS
const origin = req.headers.origin;
const host = req.headers.host;
// For Tor (null origin), use the .onion address if we're on the API domain
if (!origin || origin === 'null') {
if (host.includes('internal-api')) {
res.setHeader('Access-Control-Allow-Origin', 'http://6n6f6krmcudhzalzuqckms5bhc4afxc7xgjngumkafvgzmjmd2tmzeid.onion');
} else {
res.setHeader('Access-Control-Allow-Origin', `https://${host}`);
}
} else {
res.setHeader('Access-Control-Allow-Origin', origin);
}
// Always enable credentials since we're using specific origins
res.setHeader('Access-Control-Allow-Credentials', 'true');
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With, Accept, Origin');
res.setHeader('Access-Control-Expose-Headers', 'Content-Type, Authorization');
res.setHeader('Access-Control-Max-Age', '86400');
// Log the request for debugging
logger.info(`Request from ${req.ip} - Origin: ${origin || 'null'} - Host: ${host}`);
// Handle preflight requests
if (req.method === 'OPTIONS') {
res.status(204).end();
return;
}
next();
});
// Parse JSON for all routes
app.use(express.json({ limit: "15mb" }));
// Direct routes for Telegram API to bypass JWT middleware
app.post("/telegram/message", protectTelegramApi, processTelegramMessage);
app.post("/telegram/create", protectTelegramApi, createTelegramChat);
app.get("/telegram/test-auth", protectTelegramApi, (req, res) => {
res.status(200).json({
success: true,
message: "Authentication successful",
headers: {
authHeader: req.headers.authorization ? req.headers.authorization.substring(0, 10) + "..." : "undefined",
xApiKey: req.headers['x-api-key'] ? req.headers['x-api-key'].substring(0, 10) + "..." : "undefined"
}
});
});
// Register API routes
app.use("/api/products", productRoutes);
app.use("/api/chats", chatRoutes);
app.use("/api/auth", authRoutes);
app.use("/api/staff/auth", staffAuthRoutes);
app.use("/api/invite", inviteRoutes);
app.use("/api/orders", orderRoutes);
app.use("/api/categories", categoryRoutes);
app.use("/api/shipping-options", shippingRoutes);
app.use("/api/storefront", storeRoutes);
app.use("/api/crypto", cryptoRoutes);
app.use("/api/blocked-users", blockedUsersRoutes);
app.use("/api/stock", stockRoutes);
app.use("/api/promotions", promotionRoutes);
startCryptoPriceUpdater(60);
const PORT = process.env.PORT || 3001;
app.listen(PORT, () => {
logger.info(`Server running on port ${PORT}`);
});

10
backend/middleware/apiAuthMiddleware.js Normal file
View File

@@ -0,0 +1,10 @@
export const protectCrypto = async (req, res, next) => {
if (
req.headers.authorization &&
req.headers.authorization === process.env.INTERNAL_API_KEY
) {
return next();
}
return res.status(403).json({ error: "Forbidden: Invalid API key" });
};

32
backend/middleware/authMiddleware.js Normal file
View File

@@ -0,0 +1,32 @@
import jwt from "jsonwebtoken";
import Vendor from "../models/Vendor.model.js";
export const protectVendor = async (req, res, next) => {
if (req.method === "OPTIONS") {
return res.status(200).end();
}
let token;
if (
req.headers.authorization &&
req.headers.authorization.startsWith("Bearer")
) {
try {
token = req.headers.authorization.split(" ")[1];
const decoded = jwt.verify(token, process.env.JWT_SECRET);
const vendor = await Vendor.findById(decoded.id);
if (!vendor) return res.status(401).json({ message: "Unauthorized" });
req.user = vendor;
req.user.storeId = vendor.storeId;
next();
} catch (error) {
return res.status(401).json({ message: "Token failed" });
}
} else {
return res.status(401).json({ message: "Not authorized, no token" });
}
};

49
backend/middleware/staffAuthMiddleware.js Normal file
View File

@@ -0,0 +1,49 @@
import jwt from "jsonwebtoken";
import Staff from "../models/Staff.model.js";
/**
* Middleware to protect staff-only routes - Verify JWT from DB
*/
export const protectStaff = async (req, res, next) => {
let token = req.headers.authorization;
if (!token || !token.startsWith("Bearer ")) {
return res.status(401).json({ error: "Not authorized, no token" });
}
try {
token = token.split(" ")[1];
const decoded = jwt.verify(token, process.env.JWT_SECRET);
// Verify staff user exists and token matches stored value
const staff = await Staff.findById(decoded.id);
if (!staff || staff.currentToken !== token) {
return res.status(401).json({ error: "Invalid or expired session" });
}
req.user = staff; // Attach staff user data to request
next();
} catch (error) {
res.status(401).json({ error: "Token is invalid or expired" });
}
};
/**
* 📌 Staff Logout - Remove JWT from Database
*/
export const logoutStaff = async (req, res) => {
try {
const staff = await Staff.findById(req.user.id);
if (!staff) {
return res.status(401).json({ error: "User not found" });
}
// Clear stored token
staff.currentToken = null;
await staff.save();
res.json({ message: "Logged out successfully" });
} catch (error) {
res.status(500).json({ error: error.message });
}
};

70
backend/middleware/telegramAuthMiddleware.js Normal file
View File

@@ -0,0 +1,70 @@
import logger from "../utils/logger.js";
// Middleware for protecting Telegram API routes
export const protectTelegramApi = async (req, res, next) => {
// Log the headers for debugging
logger.info("Telegram API request headers:", {
authorization: req.headers.authorization ? req.headers.authorization.substring(0, 10) + "..." : "undefined",
"x-api-key": req.headers['x-api-key'] ? req.headers['x-api-key'].substring(0, 10) + "..." : "undefined",
method: req.method,
path: req.path,
allHeaders: JSON.stringify(req.headers)
});
// Full debug for non-production environments
logger.info("FULL HEADER DEBUG (KEYS ONLY):", Object.keys(req.headers));
logger.info("AUTH HEADER TYPE:", typeof req.headers.authorization);
const expectedKey = process.env.INTERNAL_API_KEY;
logger.info("Expected API Key (first 10 chars):", expectedKey ? expectedKey.substring(0, 10) + "..." : "undefined");
// Check if the environment variable is actually defined
if (!expectedKey) {
logger.error("INTERNAL_API_KEY environment variable is not defined");
return res.status(500).json({ error: "Server configuration error" });
}
// Check if API key is in the expected header
if (req.headers.authorization === expectedKey) {
logger.info("Telegram API auth successful via Authorization header");
return next();
}
// Also try x-api-key as a fallback
if (req.headers['x-api-key'] === expectedKey) {
logger.info("Telegram API auth successful via x-api-key header");
return next();
}
// Try trimming whitespace
if (req.headers.authorization && req.headers.authorization.trim() === expectedKey) {
logger.info("Telegram API auth successful via Authorization header (after trimming)");
return next();
}
// Also try x-api-key with trimming
if (req.headers['x-api-key'] && req.headers['x-api-key'].trim() === expectedKey) {
logger.info("Telegram API auth successful via x-api-key header (after trimming)");
return next();
}
// Check for Bearer prefix and try to extract the token
if (req.headers.authorization && req.headers.authorization.startsWith('Bearer ')) {
const token = req.headers.authorization.substring(7).trim();
if (token === expectedKey) {
logger.info("Telegram API auth successful via Bearer token in Authorization header");
return next();
}
}
logger.warn("Telegram API auth failed:", {
expectedKeyPrefix: expectedKey ? expectedKey.substring(0, 5) + "..." : "undefined",
expectedKeyLength: expectedKey ? expectedKey.length : 0,
authHeaderPrefix: req.headers.authorization ? req.headers.authorization.substring(0, 5) + "..." : "undefined",
authHeaderLength: req.headers.authorization ? req.headers.authorization.length : 0,
xApiKeyPrefix: req.headers['x-api-key'] ? req.headers['x-api-key'].substring(0, 5) + "..." : "undefined",
xApiKeyLength: req.headers['x-api-key'] ? req.headers['x-api-key'].length : 0
});
return res.status(401).json({ error: "Unauthorized: Invalid API key" });
};

32
backend/middleware/vendorAuthMiddleware.js Normal file
View File

@@ -0,0 +1,32 @@
import jwt from "jsonwebtoken";
import Vendor from "../models/Vendor.model.js";
export const protectVendor = async (req, res, next) => {
if (req.method === "OPTIONS") {
return res.status(200).end();
}
let token;
if (
req.headers.authorization &&
req.headers.authorization.startsWith("Bearer")
) {
try {
token = req.headers.authorization.split(" ")[1];
const decoded = jwt.verify(token, process.env.JWT_SECRET);
const vendor = await Vendor.findById(decoded.id);
if (!vendor) return res.status(401).json({ message: "Unauthorized" });
req.user = vendor;
req.user.storeId = vendor.storeId;
next();
} catch (error) {
return res.status(401).json({ message: "Token failed" });
}
} else {
return res.status(401).json({ message: "Not authorized, no token" });
}
};

14
backend/models/BlockedUser.model.js Normal file
View File

@@ -0,0 +1,14 @@
import mongoose from "mongoose";
const BlockedUserSchema = new mongoose.Schema({
telegramUserId: { type: Number, required: true, unique: true },
reason: { type: String },
blockedBy: {
type: mongoose.Schema.Types.ObjectId,
ref: "Staff",
required: true
},
blockedAt: { type: Date, default: Date.now }
});
export default mongoose.model("BlockedUser", BlockedUserSchema);

10
backend/models/Buyer.model.js Normal file
View File

@@ -0,0 +1,10 @@
import mongoose from 'mongoose';
const BuyerSchema = new mongoose.Schema({
telegramId: { type: Number, required: true, unique: true },
username: { type: String, required: true },
createdAt: { type: Date, default: Date.now },
banned: { type: Boolean, default: false }
});
export default mongoose.model('Buyer', BuyerSchema);

68
backend/models/Chat.model.js Normal file
View File

@@ -0,0 +1,68 @@
import mongoose from "mongoose";
const MessageSchema = new mongoose.Schema({
sender: {
type: String,
enum: ["buyer", "vendor"],
required: true
},
buyerId: {
type: String,
required: true
},
vendorId: {
type: mongoose.Schema.Types.ObjectId,
ref: "Vendor",
required: true
},
content: {
type: String,
required: true
},
attachments: [{
type: String,
required: false
}],
read: {
type: Boolean,
default: false
},
createdAt: {
type: Date,
default: Date.now
}
});
const ChatSchema = new mongoose.Schema({
buyerId: {
type: String,
required: true
},
vendorId: {
type: mongoose.Schema.Types.ObjectId,
ref: "Vendor",
required: true
},
storeId: {
type: mongoose.Schema.Types.ObjectId,
ref: "Store",
required: true
},
messages: [MessageSchema],
orderId: {
type: mongoose.Schema.Types.ObjectId,
ref: "Order",
required: false
},
lastUpdated: {
type: Date,
default: Date.now
}
});
// Create indexes for faster queries
ChatSchema.index({ buyerId: 1, vendorId: 1 });
ChatSchema.index({ vendorId: 1, lastUpdated: -1 });
ChatSchema.index({ buyerId: 1, lastUpdated: -1 });
export default mongoose.model("Chat", ChatSchema);

43
backend/models/Escrow.model.js Normal file
View File

@@ -0,0 +1,43 @@
import mongoose from "mongoose";
const EscrowSchema = new mongoose.Schema({
orderId: {
type: mongoose.Schema.Types.ObjectId,
ref: "Order",
required: true,
},
buyerId: {
type: mongoose.Schema.Types.ObjectId,
ref: "Buyer",
required: true,
},
vendorId: {
type: mongoose.Schema.Types.ObjectId,
ref: "Vendor",
required: true,
},
amount: {
type: Number,
required: true,
min: 0.01,
},
currency: {
type: String,
enum: ["ltc", "btc", "xmr"],
required: true,
},
status: {
type: String,
enum: ["held", "released", "disputed"],
default: "held",
},
releaseDate: {
type: Date,
required: true,
default: function () {
return new Date(Date.now() + 8 * 24 * 60 * 60 * 1000); // Auto set to 8 days from now
},
},
});
export default mongoose.model("Escrow", EscrowSchema);

40
backend/models/Invitation.model.js Normal file
View File

@@ -0,0 +1,40 @@
import mongoose from "mongoose";
const InvitationSchema = new mongoose.Schema({
code: {
type: String,
required: true,
unique: true,
},
createdBy: {
type: mongoose.Schema.Types.ObjectId,
ref: 'Staffs',
required: true,
},
isUsed: {
type: Boolean,
default: false,
},
usedBy: {
type: mongoose.Schema.Types.ObjectId,
ref: 'Vendor',
default: null,
},
expiresAt: {
type: Date,
required: true,
},
createdAt: {
type: Date,
default: Date.now,
},
usedAt: {
type: Date,
default: null,
}
});
InvitationSchema.index({ expiresAt: 1 }, { expireAfterSeconds: 0 });
InvitationSchema.index({ code: 1 });
export default mongoose.model("Invitation", InvitationSchema);

100
backend/models/Order.model.js Normal file
View File

@@ -0,0 +1,100 @@
import mongoose from "mongoose";
import AutoIncrement from "mongoose-sequence";
const connection = mongoose.connection;
const OrderSchema = new mongoose.Schema({
orderId: { type: Number, unique: true },
vendorId: {
type: mongoose.Schema.Types.ObjectId,
ref: "Vendor",
required: true,
},
storeId: {
type: mongoose.Schema.Types.ObjectId,
ref: "Store",
required: true,
},
pgpAddress: { type: String, required: true },
orderDate: { type: Date, default: Date.now, },
txid: { type: Array, default: [] },
products: [
{
productId: {
type: mongoose.Schema.Types.ObjectId,
ref: "Product",
required: true,
},
quantity: { type: Number, required: true, min: 0.1 },
pricePerUnit: { type: Number, required: true, min: 0.01 },
totalItemPrice: { type: Number, required: true, min: 0.01 },
},
],
shippingMethod: { type: Object },
totalPrice: { type: Number, required: true, min: 0.01 },
// Promotion fields
promotion: {
type: mongoose.Schema.Types.ObjectId,
ref: "Promotion",
default: null
},
promotionCode: {
type: String,
default: null
},
discountAmount: {
type: Number,
default: 0,
min: 0
},
subtotalBeforeDiscount: {
type: Number,
default: 0,
min: 0
},
status: {
type: String,
enum: [
"unpaid",
"cancelled",
"confirming",
"paid",
"shipped",
"disputed",
"completed",
"acknowledged"
],
default: "unpaid",
},
paymentAddress: { type: String, required: true },
wallet: {
type: mongoose.Schema.Types.ObjectId,
ref: "Wallet",
},
cryptoTotal: { type: Number, required: true, default: 0 },
//txid: { type: String, default: null },
telegramChatId: { type: String, default: null },
telegramBuyerId: { type: String, default: null },
telegramUsername: { type: String, default: null },
trackingNumber: { type: String, default: null },
escrowExpiresAt: {
type: Date,
required: true,
default: () => new Date(Date.now() + 8 * 24 * 60 * 60 * 1000),
},
});
OrderSchema.plugin(AutoIncrement(connection), { inc_field: "orderId" });
export default mongoose.model("Order", OrderSchema);

69
backend/models/Product.model.js Normal file
View File

@@ -0,0 +1,69 @@
import mongoose from "mongoose";
const ProductSchema = new mongoose.Schema({
storeId: {
type: mongoose.Schema.Types.ObjectId,
ref: "Store",
required: true,
},
category: {
type: mongoose.Schema.Types.ObjectId,
required: true,
ref: "Store.categories"
},
name: { type: String, required: true },
description: { type: String },
unitType: {
type: String,
enum: ["pcs", "gr", "kg"],
required: true,
},
// Add inventory tracking fields
stockTracking: { type: Boolean, default: true },
currentStock: {
type: Number,
default: 0,
validate: {
validator: function(value) {
return !this.stockTracking || value >= 0;
},
message: "Stock cannot be negative"
}
},
lowStockThreshold: { type: Number, default: 10 },
stockStatus: {
type: String,
enum: ["in_stock", "low_stock", "out_of_stock"],
default: "out_of_stock"
},
pricing: [
{
minQuantity: {
type: Number,
required: true,
validate: {
validator: function(value) {
if (this.parent().unitType === "gr") {
return value >= 0.1;
}
return value >= 1;
},
message: "Invalid minQuantity for unitType"
}
},
pricePerUnit: {
type: Number,
required: true,
min: 0.01
},
},
],
image: { type: String },
});
export default mongoose.model("Product", ProductSchema);

126
backend/models/Promotion.model.js Normal file
View File

@@ -0,0 +1,126 @@
import mongoose from "mongoose";
const PromotionSchema = new mongoose.Schema(
{
storeId: {
type: mongoose.Schema.Types.ObjectId,
ref: "Store",
required: [true, "Store ID is required"]
},
code: {
type: String,
required: [true, "Promotion code is required"],
trim: true,
uppercase: true,
minlength: [3, "Promotion code must be at least 3 characters"],
maxlength: [20, "Promotion code cannot exceed 20 characters"]
},
discountType: {
type: String,
required: [true, "Discount type is required"],
enum: {
values: ["percentage", "fixed"],
message: "Discount type must be either percentage or fixed"
}
},
discountValue: {
type: Number,
required: [true, "Discount value is required"],
validate: {
validator: function(value) {
if (this.discountType === "percentage") {
return value > 0 && value <= 100;
}
return value > 0;
},
message: props =>
props.value <= 0
? "Discount value must be greater than 0"
: "Percentage discount cannot exceed 100%"
}
},
minOrderAmount: {
type: Number,
default: 0,
min: [0, "Minimum order amount cannot be negative"]
},
maxUsage: {
type: Number,
default: null
},
usageCount: {
type: Number,
default: 0
},
isActive: {
type: Boolean,
default: true
},
startDate: {
type: Date,
default: Date.now
},
endDate: {
type: Date,
default: null
},
description: {
type: String,
trim: true,
maxlength: [200, "Description cannot exceed 200 characters"]
}
},
{
timestamps: true
}
);
// Compound index to ensure unique promo codes per store
PromotionSchema.index({ storeId: 1, code: 1 }, { unique: true });
// Check if a promotion is valid and can be applied
PromotionSchema.methods.isValid = function() {
const now = new Date();
// Check if promotion is active
if (!this.isActive) return false;
// Check if promotion has expired
if (this.endDate && now > this.endDate) return false;
// Check if promotion has reached max usage (if set)
if (this.maxUsage !== null && this.usageCount >= this.maxUsage) return false;
return true;
};
// Calculate discount amount for a given order total
PromotionSchema.methods.calculateDiscount = function(orderTotal) {
if (!this.isValid()) {
return 0;
}
if (orderTotal < this.minOrderAmount) {
return 0;
}
let discountAmount = 0;
if (this.discountType === "percentage") {
discountAmount = (orderTotal * this.discountValue) / 100;
} else {
// Fixed amount discount
discountAmount = this.discountValue;
// Ensure discount doesn't exceed order total
if (discountAmount > orderTotal) {
discountAmount = orderTotal;
}
}
return parseFloat(discountAmount.toFixed(2));
};
const Promotion = mongoose.model("Promotion", PromotionSchema);
export default Promotion;

54
backend/models/PromotionUse.model.js Normal file
View File

@@ -0,0 +1,54 @@
import mongoose from 'mongoose';
const PromotionUseSchema = new mongoose.Schema(
{
promotionId: {
type: mongoose.Schema.Types.ObjectId,
ref: 'Promotion',
required: [true, 'Promotion ID is required']
},
orderId: {
type: mongoose.Schema.Types.ObjectId,
ref: 'Order',
required: [true, 'Order ID is required']
},
userId: {
type: mongoose.Schema.Types.ObjectId,
ref: 'User',
required: [true, 'User ID is required']
},
storeId: {
type: mongoose.Schema.Types.ObjectId,
ref: 'Store',
required: [true, 'Store ID is required']
},
code: {
type: String,
required: [true, 'Promotion code is required']
},
discountType: {
type: String,
enum: ['percentage', 'fixed'],
required: [true, 'Discount type is required']
},
discountValue: {
type: Number,
required: [true, 'Discount value is required']
},
discountAmount: {
type: Number,
required: [true, 'Discount amount is required']
},
orderTotal: {
type: Number,
required: [true, 'Order total is required']
}
},
{
timestamps: true
}
);
const PromotionUse = mongoose.model('PromotionUse', PromotionUseSchema);
export default PromotionUse;

11
backend/models/Staff.model.js Normal file
View File

@@ -0,0 +1,11 @@
import mongoose from "mongoose";
const StaffSchema = new mongoose.Schema({
username: { type: String, required: true, unique: true },
passwordHash: { type: String, required: true },
role: { type: String, enum: ["admin", "moderator"], default: "moderator" },
currentToken: { type: String, default: null },
createdAt: { type: Date, default: Date.now },
});
export default mongoose.model("Staff", StaffSchema);

132
backend/models/Store.model.js Normal file
View File

@@ -0,0 +1,132 @@
import mongoose from "mongoose";
import { type } from "os";
const CategorySchema = new mongoose.Schema({
_id: {
type: mongoose.Schema.Types.ObjectId,
auto: true
},
name: {
type: String,
required: true
},
parentId: {
type: mongoose.Schema.Types.ObjectId,
default: null
}
}, { _id: true });
const StoreSchema = new mongoose.Schema({
vendorId: {
type: mongoose.Schema.Types.ObjectId,
ref: "Vendor",
required: true
},
storeName: {
type: String,
required: true
},
welcomeMessage: {
type: String,
default: "Welcome to my store!"
},
telegramToken: {
type: String,
default: ""
},
pgpKey: {
type: String,
default: ""
},
createdAt: {
type: Date,
default: Date.now
},
shipsFrom: {
type: String,
default: "UK",
},
shipsTo: {
type: String,
default: "UK",
},
categories: [CategorySchema],
shippingOptions: [
{
name: {
type: String,
required: true
},
price: {
type: Number,
required: true,
min: 0
}
}
],
wallets:{
type: Object,
default: {
"litecoin": "",
"bitcoin": "",
"monero":""
}
},
feeRate:{
type: Number,
default: 2
}
});
// Add a method to get category hierarchy
StoreSchema.methods.getCategoryHierarchy = function() {
const categories = this.categories.toObject();
// Helper function to build tree structure
const buildTree = (parentId = null) => {
return categories
.filter(cat =>
(!parentId && !cat.parentId) ||
(cat.parentId?.toString() === parentId?.toString())
)
.map(cat => ({
...cat,
children: buildTree(cat._id)
}));
};
return buildTree();
};
// Add validation to prevent circular references
CategorySchema.pre('save', function(next) {
if (!this.parentId) {
return next();
}
const checkCircular = (categoryId, parentId) => {
if (!parentId) return false;
if (categoryId.toString() === parentId.toString()) return true;
const parent = this.parent().categories.id(parentId);
if (!parent) return false;
return checkCircular(categoryId, parent.parentId);
};
if (checkCircular(this._id, this.parentId)) {
next(new Error('Circular reference detected in category hierarchy'));
} else {
next();
}
});
// Add index for better query performance
StoreSchema.index({ 'categories.name': 1, 'categories.parentId': 1 });
const Store = mongoose.model("Store", StoreSchema);
export default Store;

22
backend/models/TelegramUser.model.js Normal file
View File

@@ -0,0 +1,22 @@
import mongoose from "mongoose";
const { Schema, model, Types } = mongoose;
/**
* Defines the schema for Telegram users.
* - `telegramUserId`: Unique Telegram user ID.
* - `stores`: Array of objects storing store references and chat IDs.
* - `createdAt`: Timestamp for when the user was added.
*/
const TelegramUserSchema = new Schema({
telegramUserId: { type: Number, required: true, unique: true },
stores: [
{
store: { type: Types.ObjectId, ref: "Store", required: true },
chatId: { type: Number, required: true }
}
],
createdAt: { type: Date, default: Date.now }
});
export default model("TelegramUser", TelegramUserSchema);

13
backend/models/Vendor.model.js Normal file
View File

@@ -0,0 +1,13 @@
import mongoose from "mongoose";
const VendorSchema = new mongoose.Schema({
username: { type: String, required: true, unique: true },
passwordHash: { type: String, required: true },
currentToken: { type: String, default: null },
storeId: { type: mongoose.Schema.Types.ObjectId, ref: "Store", default: null },
pgpKey: { type: String, default: ""},
lastOnline: { type: Date, default: Date.now },
createdAt: { type: Date, default: Date.now },
});
export default mongoose.model("Vendor", VendorSchema);

56
backend/models/Wallet.model.js Normal file
View File

@@ -0,0 +1,56 @@
import mongoose from "mongoose";
import crypto from "crypto";
// Set default values if environment variables are not available
const encryptionKeyHex = process.env.ENCRYPTION_KEY || '48c66ee5a54e596e2029ea832a512401099533ece34cb0fbbb8c4023ca68ba8e';
const encryptionIvHex = process.env.ENCRYPTION_IV || '539e26d426cd4bac9844a8e446d63ab1';
const algorithm = "aes-256-cbc";
const encryptionKey = Buffer.from(encryptionKeyHex, "hex");
const iv = Buffer.from(encryptionIvHex, "hex");
function encrypt(text) {
const cipher = crypto.createCipheriv(algorithm, encryptionKey, iv);
let encrypted = cipher.update(text, "utf8", "hex");
encrypted += cipher.final("hex");
return encrypted;
}
function decrypt(text) {
const decipher = crypto.createDecipheriv(algorithm, encryptionKey, iv);
let decrypted = decipher.update(text, "hex", "utf8");
decrypted += decipher.final("utf8");
return decrypted;
}
const WalletSchema = new mongoose.Schema({
walletName: {
type: String,
},
orderId: {
type: mongoose.Schema.Types.ObjectId,
ref: "Order",
required: true,
unique: true,
},
address: {
type: String,
required: true,
},
encryptedPrivateKey: {
type: String,
required: true,
},
});
WalletSchema.pre("save", function (next) {
if (!this.isModified("encryptedPrivateKey")) return next();
this.encryptedPrivateKey = encrypt(this.encryptedPrivateKey);
next();
});
WalletSchema.methods.getDecryptedPrivateKey = function () {
return decrypt(this.encryptedPrivateKey);
};
export default mongoose.model("Wallet", WalletSchema);

158
backend/routes/auth.routes.js Normal file
View File

@@ -0,0 +1,158 @@
import express from "express";
import bcrypt from "bcryptjs";
import jwt from "jsonwebtoken";
import Vendor from "../models/Vendor.model.js";
import Store from "../models/Store.model.js";
import Invitation from "../models/Invitation.model.js";
import { protectVendor } from "../middleware/vendorAuthMiddleware.js";
const router = express.Router();
/**
* Register a New Vendor (and create a corresponding Store)
* @route POST /api/auth/register
*/
router.post("/register", async (req, res) => {
const { username, password, invitationCode } = req.body;
try {
if (!username || !password || !invitationCode) {
return res.status(400).json({ error: "All fields are required." });
}
// Verify invitation code
const invitation = await Invitation.findOne({
code: invitationCode,
isUsed: false,
});
console.log(`Invitation: ${invitation}`);
if (!invitation) {
return res.status(400).json({ error: "Invalid or used invitation code." });
}
// Check if vendor already exists
const existingVendor = await Vendor.findOne({ username });
if (existingVendor) {
return res.status(400).json({ error: "Vendor already exists." });
}
// Hash the password
const hashedPassword = await bcrypt.hash(password, 10);
// Create the vendor
const vendor = new Vendor({
username,
passwordHash: hashedPassword,
});
await vendor.save();
// Create a store for this vendor
const store = new Store({
vendorId: vendor._id,
storeName: `${username}'s Store`,
welcomeMessage: "Welcome to my store!",
categories: [],
});
await store.save();
// Attach `storeId` to vendor
vendor.storeId = store._id;
await vendor.save();
// Mark invitation as used
invitation.isUsed = true;
invitation.usedBy = vendor._id;
invitation.usedAt = new Date();
await invitation.save();
return res
.status(201)
.json({ message: "Vendor registered successfully", store });
} catch (error) {
console.error("Error registering vendor:", error);
return res.status(500).json({ error: error.message });
}
});
/**
* Vendor Login
* @route POST /api/auth/login
*/
router.post("/login", async (req, res) => {
const { username, password } = req.body;
try {
if (!username || !password) {
return res.status(400).json({ error: "Username and password are required." });
}
const vendor = await Vendor.findOne({ username });
if (!vendor) {
return res.status(401).json({ error: "Invalid credentials." });
}
const isMatch = await bcrypt.compare(password, vendor.passwordHash);
if (!isMatch) {
return res.status(401).json({ error: "Invalid credentials." });
}
// Generate a JWT
const token = jwt.sign(
{ id: vendor._id, role: "vendor" },
process.env.JWT_SECRET,
{ expiresIn: "7d" }
);
// Store the token in the DB to identify the current session
vendor.currentToken = token;
await vendor.save();
return res.json({ token, role: "vendor" });
} catch (error) {
console.error("Error logging in vendor:", error);
return res.status(500).json({ error: error.message });
}
});
/**
* Vendor Logout
* @route POST /api/auth/logout
* @access Private (Vendors only)
*/
router.post("/logout", protectVendor, async (req, res) => {
try {
await Vendor.findByIdAndUpdate(req.user._id, { currentToken: null });
return res.json({ message: "Successfully logged out." });
} catch (error) {
console.error("Error logging out vendor:", error);
return res.status(500).json({ error: "Failed to log out." });
}
});
/**
* Get Vendor Info
* @route GET /api/auth/me
* @access Private (Vendors only)
*/
router.get("/me", protectVendor, async (req, res) => {
try {
const vendor = await Vendor.findById(req.user._id).select("-passwordHash -currentToken");
if (!vendor) {
return res.status(404).json({ error: "Vendor not found." });
}
vendor.lastOnline = new Date();
await vendor.save();
const store = await Store.findOne({ vendorId: vendor._id });
return res.json({ vendor, store });
} catch (error) {
console.error("Error fetching vendor info:", error);
return res.status(500).json({ error: "Failed to fetch vendor data." });
}
});
export default router;

75
backend/routes/blockedUsers.routes.js Normal file
View File

@@ -0,0 +1,75 @@
import express from "express";
import { protectStaff } from "../middleware/staffAuthMiddleware.js";
import BlockedUser from "../models/BlockedUser.model.js";
const router = express.Router();
/**
* Get all blocked users
* @route GET /api/blocked-users
* @access Private (Staff only)
*/
router.get("/", protectStaff, async (req, res) => {
try {
const blockedUsers = await BlockedUser.find()
.sort({ blockedAt: -1 });
res.json(blockedUsers);
} catch (error) {
console.error("Error fetching blocked users:", error);
res.status(500).json({ error: "Failed to fetch blocked users" });
}
});
/**
* Block a user
* @route POST /api/blocked-users
* @access Private (Staff only)
*/
router.post("/", protectStaff, async (req, res) => {
try {
const { telegramUserId, reason } = req.body;
if (!telegramUserId) {
return res.status(400).json({ error: "Telegram user ID is required" });
}
const existingBlock = await BlockedUser.findOne({ telegramUserId });
if (existingBlock) {
return res.status(400).json({ error: "User is already blocked" });
}
const blockedUser = await BlockedUser.create({
telegramUserId,
reason,
blockedBy: req.user._id
});
res.status(201).json(blockedUser);
} catch (error) {
console.error("Error blocking user:", error);
res.status(500).json({ error: "Failed to block user" });
}
});
/**
* Unblock a user
* @route DELETE /api/blocked-users/:telegramUserId
* @access Private (Staff only)
*/
router.delete("/:telegramUserId", protectStaff, async (req, res) => {
try {
const { telegramUserId } = req.params;
const result = await BlockedUser.findOneAndDelete({ telegramUserId });
if (!result) {
return res.status(404).json({ error: "User is not blocked" });
}
res.json({ message: "User unblocked successfully" });
} catch (error) {
console.error("Error unblocking user:", error);
res.status(500).json({ error: "Failed to unblock user" });
}
});
export default router;

154
backend/routes/categories.routes.js Normal file
View File

@@ -0,0 +1,154 @@
import express from "express";
import Store from "../models/Store.model.js";
import { protectVendor } from "../middleware/vendorAuthMiddleware.js";
const router = express.Router();
/**
* 📌 Fetch all categories for the vendor's store
*/
router.get("/", protectVendor, async (req, res) => {
try {
const store = await Store.findById(req.user.storeId);
if (!store) return res.status(404).json({ message: "Store not found" });
res.json(store.categories);
} catch (error) {
res.status(500).json({ message: "Failed to fetch categories", error });
}
});
/**
* 📌 Add a new category
*/
router.post("/", protectVendor, async (req, res) => {
try {
const { name, parentId } = req.body;
const store = await Store.findById(req.user.storeId);
if (!store) return res.status(404).json({ message: "Store not found" });
// Check if the category name already exists at the same level
const categoryExists = store.categories.some(category =>
category.name === name &&
(!parentId ? !category.parentId : category.parentId?.toString() === parentId)
);
if (categoryExists) {
return res.status(400).json({ message: "Category already exists at this level" });
}
// If parentId is provided, verify it exists
if (parentId) {
const parentExists = store.categories.some(cat => cat._id.toString() === parentId);
if (!parentExists) {
return res.status(400).json({ message: "Parent category not found" });
}
}
// Add the new category with a unique _id, name, and optional parentId
const newCategory = {
name,
...(parentId && { parentId }) // Only add parentId if it exists
};
store.categories.push(newCategory);
await store.save();
// Get the newly created category with its _id
const createdCategory = store.categories[store.categories.length - 1];
res.status(201).json({
_id: createdCategory._id,
name: createdCategory.name,
parentId: createdCategory.parentId
});
} catch (error) {
console.error("Error adding category:", error);
res.status(400).json({ message: "Failed to add category", error });
}
});
/**
* 📌 Update a category
*/
router.put("/:categoryId", protectVendor, async (req, res) => {
try {
const { categoryId } = req.params;
const { name } = req.body;
const store = await Store.findById(req.user.storeId);
if (!store) return res.status(404).json({ message: "Store not found" });
// Find the category
const category = store.categories.id(categoryId);
if (!category) {
return res.status(404).json({ message: "Category not found" });
}
// Check if the new name already exists at the same level (excluding this category)
const categoryExists = store.categories.some(cat =>
cat.name === name &&
cat._id.toString() !== categoryId &&
(!category.parentId ? !cat.parentId : cat.parentId?.toString() === category.parentId.toString())
);
if (categoryExists) {
return res.status(400).json({ message: "Category name already exists at this level" });
}
// Update the category
category.name = name;
await store.save();
res.json({
_id: category._id,
name: category.name,
parentId: category.parentId
});
} catch (error) {
console.error("Error updating category:", error);
res.status(400).json({ message: "Failed to update category", error });
}
});
/**
* 📌 Delete a category and its subcategories
*/
router.delete("/:categoryId", protectVendor, async (req, res) => {
const { categoryId } = req.params;
try {
const store = await Store.findById(req.user.storeId);
if (!store) {
return res.status(404).json({ message: "Store not found" });
}
// Find all subcategories recursively
const getAllSubcategoryIds = (categoryId) => {
const subcategories = store.categories.filter(cat =>
cat.parentId?.toString() === categoryId
);
return [
categoryId,
...subcategories.flatMap(subcat => getAllSubcategoryIds(subcat._id.toString()))
];
};
const categoryIdsToDelete = getAllSubcategoryIds(categoryId);
// Remove all categories and their subcategories
store.categories = store.categories.filter(
cat => !categoryIdsToDelete.includes(cat._id.toString())
);
// Save the updated store document
await store.save();
res.status(200).json({ message: "Category and subcategories deleted successfully" });
} catch (error) {
console.error("Error deleting category:", error);
res.status(500).json({ message: "Failed to delete category", error });
}
});
export default router;

41
backend/routes/chat.routes.js Normal file
View File

@@ -0,0 +1,41 @@
import express from "express";
import {
getVendorChats,
getChatMessages,
sendVendorMessage,
processTelegramMessage,
getVendorUnreadCounts,
createChat,
createTelegramChat,
markMessagesAsRead
} from "../controllers/chat.controller.js";
import { protectVendor as vendorAuth } from "../middleware/vendorAuthMiddleware.js";
import { protectTelegramApi } from "../middleware/telegramAuthMiddleware.js";
const router = express.Router();
// Routes that require vendor authentication
router.get("/vendor/:vendorId", vendorAuth, getVendorChats);
router.get("/vendor/:vendorId/unread", vendorAuth, getVendorUnreadCounts);
router.get("/:chatId", vendorAuth, getChatMessages);
router.post("/:chatId/message", vendorAuth, sendVendorMessage);
router.post("/:chatId/mark-read", vendorAuth, markMessagesAsRead);
router.post("/create", vendorAuth, createChat);
// Routes for Telegram client (secured with API key)
router.post("/telegram/message", protectTelegramApi, processTelegramMessage);
router.post("/telegram/create", protectTelegramApi, createTelegramChat);
// Test route for Telegram API auth
router.get("/telegram/test-auth", protectTelegramApi, (req, res) => {
res.status(200).json({
success: true,
message: "Authentication successful",
headers: {
authHeader: req.headers.authorization ? req.headers.authorization.substring(0, 10) + "..." : "undefined",
xApiKey: req.headers['x-api-key'] ? req.headers['x-api-key'].substring(0, 10) + "..." : "undefined"
}
});
});
export default router;

9
backend/routes/crypto.routes.js Normal file
View File

@@ -0,0 +1,9 @@
import express from "express";
import ky from "ky"
import { getCryptoPrices } from "../controllers/cryptoController.js";
const router = express.Router();
router.get("/", getCryptoPrices);
export default router;

21
backend/routes/invites.routes.js Normal file
View File

@@ -0,0 +1,21 @@
import express from "express";
import crypto from "crypto";
import { protectStaff } from "../middleware/staffAuthMiddleware.js";
import Invitation from "../models/Invitation.model.js";
const router = express.Router();
router.post("/generate", protectStaff, async (req, res) => {
try {
const invitationCode = crypto.randomBytes(6).toString("hex");
const invitation = new Invitation({ code: invitationCode, createdBy: req.user._id });
await invitation.save();
res.status(201).json({ invitationCode });
} catch (error) {
res.status(500).json({ error: error.message });
}
});
export default router;

598
backend/routes/orders.routes.js Normal file
View File

@@ -0,0 +1,598 @@
import express from "express";
import { protectVendor } from "../middleware/vendorAuthMiddleware.js";
import { protectCrypto } from "../middleware/apiAuthMiddleware.js";
import Order from "../models/Order.model.js";
import Wallet from "../models/Wallet.model.js";
import crypto from "crypto";
import { setupWallet } from "../utils/litecoin/index.js";
import { returnCryptoPrices } from "../controllers/cryptoController.js";
import Store from "../models/Store.model.js";
import { sendTelegramMessage } from "../utils/telegramUtils.js"
import Product from "../models/Product.model.js";
import mongoose from "mongoose";
import { decreaseStockOnOrder, restoreStockOnCancel } from "../controllers/stock.controller.js";
const router = express.Router();
/**
* 📌 Get Orders for Vendor
* @route GET /api/orders
* @access Private (Vendors only)
*/
router.get("/", protectVendor, async (req, res) => {
try {
// Extract query params for filtering and navigation
const { status, page = 1, limit = 25, before, after, storeId } = req.query;
// Initialize query object
let query = {};
// Use storeId from query parameter if provided, otherwise use the one from user object
query.storeId = storeId || req.user.storeId;
// If for some reason there's no storeId in user object and none provided in query
if (!query.storeId) {
return res.status(400).json({ error: "No store ID found. Please specify a storeId parameter." });
}
// Filter by order status if provided
if (status) {
query.status = status;
}
// Add orderId filters for navigation
if (before) {
query.orderId = { $lt: before };
} else if (after) {
query.orderId = { $gt: after };
}
// Count total orders for pagination
const totalOrders = await Order.countDocuments(query);
// Fetch orders with pagination and sorting
const orders = await Order.find(query)
.sort({ orderId: -1 }) // Always sort by newest first
.limit(parseInt(limit))
.skip((parseInt(page) - 1) * parseInt(limit));
res.json({
orders,
page: parseInt(page),
totalPages: Math.ceil(totalOrders / limit),
totalOrders,
});
} catch (error) {
console.error("Error fetching orders:", error);
res.status(500).json({ error: "Failed to retrieve orders" });
}
});
router.get("/stats", protectVendor, async (req, res) => {
try {
const vendorId = req.user._id;
const totalOrders = await Order.countDocuments({ vendorId });
const pendingOrders = await Order.countDocuments({
vendorId,
status: { $in: ["unpaid", "confirming"] },
});
const ongoingOrders = await Order.countDocuments({
vendorId,
status: { $in: ["paid", "shipped"] },
});
const cancelledOrders = await Order.countDocuments({
vendorId,
status: "cancelled",
});
const completedOrders = await Order.countDocuments({
vendorId,
status: "completed",
});
res.json({ totalOrders, pendingOrders, ongoingOrders, cancelledOrders, completedOrders });
} catch (error) {
console.error("Error fetching order stats:", error);
res.status(500).json({ error: "Failed to retrieve order statistics" });
}
});
/**
* 📌 Get Vendor's Best Selling Products
* @route GET /api/orders/top-products
* @access Private (Vendors only)
* @returns Most sold products for the logged-in vendor
*/
router.get("/top-products", protectVendor, async (req, res) => {
try {
const vendorId = req.user._id;
// Find the vendor's store
const store = await Store.findOne({ vendorId });
if (!store) {
return res.status(404).json({ message: "Store not found for this vendor" });
}
// Aggregate orders to find the vendor's best-selling products
const topProducts = await Order.aggregate([
// Match only orders for this vendor
{ $match: { vendorId: new mongoose.Types.ObjectId(vendorId) } },
// Unwind the products array
{ $unwind: "$products" },
// Group by product ID and count occurrences
{
$group: {
_id: "$products.productId",
count: { $sum: 1 },
revenue: { $sum: "$products.price" }
}
},
// Sort by count in descending order
{ $sort: { count: -1 } },
// Limit to top 10 products
{ $limit: 10 }
]);
// Get the actual product details
const productIds = topProducts.map(item => item._id);
const products = await Product.find({
_id: { $in: productIds },
storeId: store._id
}).select('name price image');
// Combine the count with product details
const result = topProducts.map(item => {
const productDetails = products.find(p => p._id.toString() === item._id.toString());
return {
id: item._id,
name: productDetails?.name || 'Unknown Product',
price: productDetails?.price || 0,
image: productDetails?.image || '',
count: item.count,
revenue: item.revenue
};
});
res.json(result);
} catch (error) {
console.error("Error fetching top products:", error);
res.status(500).json({ error: "Failed to fetch top products data" });
}
});
router.post("/create", protectCrypto, async (req, res) => {
try {
const { vendorId, storeId, products, totalPrice, shippingMethod, telegramChatId, telegramBuyerId, telegramUsername, cryptoCurrency, pgpAddress } = req.body;
console.log("Create order request:", req.body);
if (!vendorId || !storeId || !products || !totalPrice || !shippingMethod || !cryptoCurrency || !pgpAddress) {
console.log("Missing required fields");
return res.status(400).json({ error: "Missing required fields" });
}
/*
// TEMPORARILY DISABLED: Stock check disabled to give vendors time to add stock
// Check stock levels before creating order
const outOfStockProducts = [];
for (const item of products) {
const product = await Product.findOne({ _id: item.productId, storeId });
if (product && product.stockTracking && product.currentStock < item.quantity) {
outOfStockProducts.push({
productId: item.productId,
name: product.name,
requested: item.quantity,
available: product.currentStock
});
}
}
// If any products are out of stock, return an error
if (outOfStockProducts.length > 0) {
return res.status(400).json({
error: "Some products are out of stock or have insufficient quantity",
outOfStockProducts
});
}
*/
const cryptoPrices = returnCryptoPrices();
const cryptoRate = cryptoPrices[cryptoCurrency.toLowerCase()];
if (!cryptoRate) {
console.log("Invalid or unsupported cryptocurrency");
return res.status(400).json({ error: "Invalid or unsupported cryptocurrency" });
}
const cryptoTotal = (totalPrice / cryptoRate).toFixed(8);
const walletName = "order_" + crypto.randomBytes(8).toString("hex");
const walletData = await setupWallet(walletName);
if (!walletData || !walletData.address || !walletData.privKey) {
return res.status(500).json({ error: "Failed to generate payment address" });
}
// ✅ Create Order with `cryptoTotal`
const newOrder = await Order.create({
vendorId,
storeId,
products,
pgpAddress,
totalPrice,
cryptoTotal,
shippingMethod,
telegramChatId,
telegramUsername,
telegramBuyerId,
status: "unpaid",
paymentAddress: walletData.address,
});
// ✅ Link the Wallet to the Order
const newWallet = await Wallet.create({
walletName,
orderId: newOrder._id,
address: walletData.address,
encryptedPrivateKey: walletData.privKey,
});
// ✅ Update Order with Wallet ID
newOrder.wallet = newWallet._id;
await newOrder.save();
// TEMPORARILY DISABLED: Stock decrease disabled to give vendors time to add stock
// Decrease stock for ordered products
// await decreaseStockOnOrder(newOrder);
res.status(201).json({
message: "Order created successfully",
order: newOrder,
paymentAddress: walletData.address,
walletName: walletName,
cryptoTotal,
});
} catch (error) {
console.error("Error creating order:", error);
res.status(500).json({ error: "Failed to create order", details: error.message });
}
});
router.put("/:id/status", protectVendor, async (req, res) => {
try {
const { id } = req.params;
const { status } = req.body;
if (!status || !["acknowledged", "paid", "shipped", "completed", "cancelled"].includes(status)) {
return res.status(400).json({ message: "Invalid status" });
}
// Get storeId from req.user
const storeId = req.user.storeId;
if (!storeId) {
return res.status(400).json({ message: "No store associated with this user" });
}
// Find order by ID and storeId
const order = await Order.findOne({ _id: id, storeId });
if (!order) {
return res.status(404).json({ message: "Order not found" });
}
const previousStatus = order.status;
// TEMPORARILY DISABLED: Stock restoration disabled to give vendors time to add stock
// Handle stock changes based on status transitions
/*
if (status === "cancelled" && previousStatus !== "cancelled") {
// Restore stock quantities if order is cancelled
await restoreStockOnCancel(order);
}
*/
const store = await Store.findById(order.storeId);
if (!store) return res.status(404).json({ message: "Store not found" });
order.status = status;
await order.save();
if (store.telegramToken && order.telegramChatId) {
let message = '';
switch (status) {
case 'acknowledged':
message = `✅ Your order ${order.orderId} has been acknowledged.`;
break;
case 'paid':
message = `💰 Your order ${order.orderId} has been marked as paid.`;
break;
case 'shipped':
message = `🚚 Your order ${order.orderId} has been shipped!`;
break;
case 'completed':
message = `🎉 Your order ${order.orderId} has been completed.`;
break;
case 'cancelled':
message = `❌ Your order ${order.orderId} has been cancelled.`;
break;
}
if (message) {
const sent = await sendTelegramMessage(store.telegramToken, order.telegramChatId, message);
if (!sent) {
console.error(`Failed to notify user ${order.telegramChatId} about status update to ${status}.`);
}
}
}
return res.status(200).json({ message: "Order status updated successfully" });
} catch (error) {
console.error("❌ Error updating order status:", error);
return res.status(500).json({ error: "Failed to update order status", details: error.message });
}
});
router.get("/:id", protectVendor, async (req, res) => {
if (!req.params.id) return res.status(400).json({ message: "Missing order ID" });
try {
// Get storeId from req.user
const storeId = req.user.storeId;
if (!storeId) {
return res.status(400).json({ message: "No store associated with this user" });
}
// Find order by ID and storeId
const order = await Order.findOne({ _id: req.params.id, storeId: storeId });
if(!order) return res.status(404).json({ message: "Order not found for this store" });
return res.status(200).json(order);
} catch (error) {
console.error("Error fetching order:", error);
res.status(500).json({ error: "Failed to retrieve order" });
}
})
/**
* Mark Multiple Orders as Shipped
* @route POST /api/orders/mark-shipped
* @access Private (Vendors only)
*/
router.post("/mark-shipped", protectVendor, async (req, res) => {
try {
const { orderIds } = req.body;
if (!Array.isArray(orderIds) || orderIds.length === 0) {
return res.status(400).json({ error: "Order IDs array is required" });
}
// Get storeId from req.user
const storeId = req.user.storeId;
if (!storeId) {
return res.status(400).json({ error: "No store associated with this user" });
}
const updatedOrders = [];
const failedOrders = [];
// Get store for notifications
const store = await Store.findById(storeId);
if (!store) {
return res.status(404).json({ error: "Store not found" });
}
for (const orderId of orderIds) {
try {
// Find and update order using storeId instead of vendorId
const order = await Order.findOne({ _id: orderId, storeId: storeId });
if (!order) {
failedOrders.push({ orderId, reason: "Order not found or not associated with this store" });
continue;
}
if (order.status !== "paid") {
failedOrders.push({ orderId, reason: "Order must be in paid status to be marked as shipped" });
continue;
}
order.status = "shipped";
await order.save();
updatedOrders.push(order);
// Send notification if possible
if (store.telegramToken && order.telegramChatId) {
const message = `🚚 Your order ${order.orderId} has been marked as shipped!`;
const sent = await sendTelegramMessage(store.telegramToken, order.telegramChatId, message);
if (!sent) {
console.error(`Failed to notify user ${order.telegramChatId} about shipping update.`);
}
}
} catch (error) {
console.error(`Error updating order ${orderId}:`, error);
failedOrders.push({ orderId, reason: "Internal server error" });
}
}
return res.json({
message: "Orders processed",
success: {
count: updatedOrders.length,
orders: updatedOrders.map(o => ({
id: o._id,
orderId: o.orderId,
status: o.status
}))
},
failed: {
count: failedOrders.length,
orders: failedOrders
}
});
} catch (error) {
console.error("Error marking orders as shipped:", error);
return res.status(500).json({
error: "Failed to mark orders as shipped",
details: error.message
});
}
});
/**
* Update Order Tracking Number
* @route PUT /api/orders/:id/tracking
* @access Private (Vendors only)
*/
router.put("/:id/tracking", protectVendor, async (req, res) => {
const { id } = req.params;
const { trackingNumber } = req.body;
if (!id) return res.status(400).json({ error: "Missing order ID" });
if (!trackingNumber) return res.status(400).json({ error: "Missing tracking number" });
try {
// Get storeId from req.user
const storeId = req.user.storeId;
if (!storeId) {
return res.status(400).json({ error: "No store associated with this user" });
}
// Use storeId for lookup instead of vendorId
const order = await Order.findOne({ _id: id, storeId: storeId });
if (!order) return res.status(404).json({ error: "Order not found for this store" });
// Only allow tracking updates for paid or shipped orders
if (order.status !== "paid" && order.status !== "shipped") {
return res.status(400).json({ error: "Can only add tracking to paid or shipped orders" });
}
// Get store details for notification
const store = await Store.findById(order.storeId);
if (!store) return res.status(404).json({ error: "Store not found" });
// Update the order with tracking number
order.trackingNumber = trackingNumber;
await order.save();
// Send tracking notification
if (store.telegramToken && order.telegramChatId) {
const message = `📦 Tracking added for order ${order.orderId}\!`;
const sent = await sendTelegramMessage(store.telegramToken, order.telegramChatId, message);
if (!sent) {
console.error(`Failed to notify user ${order.telegramChatId} about tracking update.`);
}
}
return res.json({
message: "Tracking number updated successfully",
order: {
id: order._id,
orderId: order.orderId,
status: order.status,
trackingNumber: order.trackingNumber
}
});
} catch (error) {
console.error("Error updating tracking number:", error);
return res.status(500).json({
error: "Failed to update tracking number",
details: error.message
});
}
});
/**
* Delete Order
* @route DELETE /api/orders/:id
* @access Private (Vendors only)
*/
router.delete("/:id", protectVendor, async (req, res) => {
try {
const { id } = req.params;
// Get storeId from req.user
const storeId = req.user.storeId;
if (!storeId) {
return res.status(400).json({ message: "No store associated with this user" });
}
// Find order by ID and storeId
const order = await Order.findOne({ _id: id, storeId: storeId });
if (!order) {
return res.status(404).json({ message: "Order not found for this store" });
}
// Delete associated wallet if exists
if (order.wallet) {
await Wallet.findByIdAndDelete(order.wallet);
}
// Delete the order
await Order.findByIdAndDelete(id);
res.status(200).json({ message: "Order deleted successfully" });
} catch (error) {
console.error("Error deleting order:", error);
res.status(500).json({ error: "Failed to delete order" });
}
});
/**
* 📌 Get Adjacent Orders (for navigation)
* @route GET /api/orders/adjacent/:orderId
* @access Private (Vendors only)
* @description Returns the immediately previous and next orders by orderId
*/
router.get("/adjacent/:orderId", protectVendor, async (req, res) => {
try {
const { orderId } = req.params;
const numericOrderId = parseInt(orderId);
if (isNaN(numericOrderId)) {
return res.status(400).json({ error: "Invalid order ID format" });
}
// Get the store ID from user or query parameter
const storeId = req.query.storeId || req.user.storeId;
if (!storeId) {
return res.status(400).json({ error: "No store ID found. Please specify a storeId parameter." });
}
// Find the next newer order (higher orderId)
const newerOrder = await Order.findOne({
storeId,
orderId: { $gt: numericOrderId }
})
.sort({ orderId: 1 }) // Ascending to get the immediately next one
.select('_id orderId')
.lean();
// Find the next older order (lower orderId)
const olderOrder = await Order.findOne({
storeId,
orderId: { $lt: numericOrderId }
})
.sort({ orderId: -1 }) // Descending to get the immediately previous one
.select('_id orderId')
.lean();
res.json({
current: { orderId: numericOrderId },
newer: newerOrder || null,
older: olderOrder || null
});
} catch (error) {
console.error("Error fetching adjacent orders:", error);
res.status(500).json({ error: "Failed to retrieve adjacent orders" });
}
});
export default router;

456
backend/routes/products.routes.js Normal file
View File

@@ -0,0 +1,456 @@
import express from "express";
import Product from "../models/Product.model.js";
import multer from "multer";
import sharp from "sharp";
import { protectVendor } from "../middleware/authMiddleware.js";
import fs from "fs";
import path, { dirname } from "path";
import Store from "../models/Store.model.js";
import mongoose from "mongoose";
import { fileURLToPath } from "url";
const router = express.Router();
// Get the current directory and set up a relative uploads path
const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename);
const uploadsDir = path.join(process.cwd(), 'uploads');
if (!fs.existsSync(uploadsDir)) {
fs.mkdirSync(uploadsDir, { recursive: true });
}
const upload = multer({
storage: multer.memoryStorage(),
limits: { fileSize: 15 * 1024 * 1024 },
fileFilter: (req, file, cb) => {
if (file.mimetype.startsWith("image/")) {
cb(null, true);
} else {
cb(new Error("Only image files are allowed!"), false);
}
},
});
const handleMulterError = (err, req, res, next) => {
if (err instanceof multer.MulterError) {
if (err.code === "LIMIT_FILE_SIZE") {
return res.status(400).json({ message: "File size too large. Maximum allowed size is 15 MB." });
}
return res.status(400).json({ message: "Multer error occurred.", error: err.message });
}
next(err);
};
router.use(handleMulterError)
// 📌 Upload Image for Product
router.put("/:id/image", protectVendor, upload.single("file"), handleMulterError, async (req, res) => {
try {
const productId = req.params.id;
if (!productId) return res.status(400).json({ message: "Missing product ID." });
const product = await Product.findOne({ _id: productId, storeId: req.user.storeId });
if (!product) {
return res.status(404).json({ message: "Product not found." });
}
const file = req.file;
if (!file) return res.status(400).json({ message: "No file uploaded." });
// Generate a new filename for the uploaded image
const outputFileName = `${Date.now()}-${file.originalname.split('.').slice(0, -1).join('.')}.jpg`;
const outputFilePath = path.join(uploadsDir, outputFileName);
await sharp(file.buffer)
.jpeg({ quality: 80 })
.toFile(outputFilePath);
// Check the final file size
const stats = fs.statSync(outputFilePath);
if (stats.size > 10 * 1024 * 1024) {
fs.unlinkSync(outputFilePath);
return res.status(400).json({ message: "File size too large after processing." });
}
// Update the product in the database
const updatedProduct = await Product.findOneAndUpdate(
{ _id: productId, storeId: req.user.storeId },
{ image: outputFileName },
{ new: true }
);
if (!updatedProduct) {
fs.unlinkSync(outputFilePath); // Clean up uploaded file if product not found
return res.status(404).json({ message: "Product not found." });
}
res.json(updatedProduct);
} catch (error) {
if(req.file){
const outputFileName = `${Date.now()}-${req.file.originalname.split('.').slice(0, -1).join('.')}.jpg`;
const outputFilePath = path.join(uploadsDir, outputFileName);
if (fs.existsSync(outputFilePath)) {
fs.unlinkSync(outputFilePath);
}
}
res.status(500).json({ message: "Failed to upload image.", error });
}
});
router.use(express.json({ limit: "50mb" }));
router.get("/", protectVendor, async (req, res) => {
try {
if (!req.user.storeId) {
return res.status(400).json({ message: "Store not found for this vendor" });
}
const products = await Product.find({ storeId: req.user.storeId }).select("-base64Image");
res.json(products);
} catch (error) {
res.status(500).json({ message: "Failed to fetch products", error });
}
});
// 📌 Add New Product
router.post("/", protectVendor, async (req, res) => {
try {
if (!req.user.storeId) {
return res.status(400).json({ message: "Store not found for this vendor" });
}
const { name, description, category, unitType, pricing } = req.body;
if (!name || !category || !unitType || !pricing || !pricing.length) {
return res.status(400).json({ message: "Missing required fields" });
}
const formattedPricing = pricing.map((tier) => ({
minQuantity: tier.minQuantity,
pricePerUnit: tier.pricePerUnit,
}));
const newProduct = new Product({
storeId: req.user.storeId,
name,
description,
category,
unitType,
pricing: formattedPricing,
});
const savedProduct = await newProduct.save();
res.status(201).json(savedProduct);
} catch (error) {
res.status(400).json({ message: "Failed to add product", error });
}
});
// 📌 Edit a Product by ID
router.put("/:id", protectVendor, async (req, res) => {
try {
const productId = req.params.id;
const updatableFields = ["name", "description", "category", "unitType"];
const updateFields = {};
for (const field of updatableFields) {
if (req.body[field] !== undefined) {
updateFields[field] = req.body[field];
}
}
if (req.body.pricing !== undefined) {
if (!Array.isArray(req.body.pricing)) {
return res.status(400).json({ message: "Pricing must be an array" });
}
updateFields.pricing = req.body.pricing.map((tier) => ({
minQuantity: tier.minQuantity,
pricePerUnit: tier.pricePerUnit,
}));
}
const updatedProduct = await Product.findOneAndUpdate(
{ _id: productId, storeId: req.user.storeId },
updateFields,
{ new: true }
);
if (!updatedProduct) {
return res
.status(404)
.json({ message: "Product not found or not owned by this store" });
}
return res.json(updatedProduct);
} catch (error) {
res.status(400).json({ message: "Failed to update product", error });
}
});
router.get("/:id/image", async (req, res) => {
try {
const productId = req.params.id;
const product = await Product.findById(productId);
if (!product || !product.image) {
return res.status(404).json({ message: "Image not found" });
}
const imagePath = path.join(uploadsDir, product.image);
console.log("Image path:", imagePath);
if (fs.existsSync(imagePath)) {
res.sendFile(imagePath);
} else {
res.status(404).json({ message: "Image file does not exist" });
}
} catch (error) {
console.error("Error fetching image:", error);
res.status(400).json({ message: "Failed to fetch image", error });
}
});
router.delete("/:id", protectVendor, async (req, res) => {
try {
const productId = req.params.id;
const deletedProduct = await Product.findByIdAndDelete({ _id: productId, storeId: req.user.storeId });
if (!deletedProduct) {
return res.status(404).json({ message: "Product not found" });
}
res.json({ message: "Product deleted successfully" });
} catch (error) {
res.status(400).json({ message: "Failed to delete product", error });
}
});
router.get("/:id", protectVendor, async (req, res) => {
try {
const productId = req.params.id;
const product = await Product.findById(productId);
if (!product) {
return res.status(404).json({ message: "Product not found" });
}
res.status(200).json(product);
} catch (error) {
res.status(400).json({ message: "Failed to fetch product", error });
}
});
// Helper function to escape special regex characters
function escapeRegExp(string) {
return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
}
// Helper function to standardize unit types
function standardizeUnitType(unit) {
const unitMap = {
'gram': 'gr',
'grams': 'gr',
'g': 'gr',
'gr': 'gr',
'piece': 'pcs',
'pieces': 'pcs',
'pcs': 'pcs',
'kilo': 'kg',
'kilos': 'kg',
'kilogram': 'kg',
'kilograms': 'kg',
'kg': 'kg'
};
return unitMap[unit.toLowerCase()] || unit.toLowerCase();
}
// 📌 Batch Add Products
router.post("/batch", protectVendor, async (req, res) => {
try {
if (!req.user.storeId) {
return res.status(400).json({ message: "Store not found for this vendor" });
}
const { products } = req.body;
if (!Array.isArray(products) || products.length === 0) {
return res.status(400).json({ message: "Products array is required and cannot be empty" });
}
// Get store to validate categories
const store = await Store.findById(req.user.storeId);
if (!store) {
return res.status(404).json({ message: "Store not found" });
}
const processedProducts = [];
const skippedProducts = [];
let completedCount = 0;
console.log(`Starting batch processing of ${products.length} products...`);
for (const product of products) {
const { name, category, subcategory, prices } = product;
completedCount++;
// Validate required fields
if (!name || !category || !prices || !Array.isArray(prices) || prices.length === 0) {
console.log(`Skipping product ${completedCount}/${products.length}: Missing required fields`);
skippedProducts.push({ name: name || 'Unknown', reason: 'Missing required fields' });
continue;
}
// Check if product already exists - with escaped special characters
const escapedName = escapeRegExp(name);
const existingProduct = await Product.findOne({
storeId: req.user.storeId,
name: { $regex: new RegExp(`^${escapedName}$`, 'i') }
});
if (existingProduct) {
console.log(`Skipping product ${completedCount}/${products.length}: "${name}" already exists`);
skippedProducts.push({ name, reason: 'Product already exists' });
continue;
}
// Find or create main category
let targetCategory;
const existingMainCategory = store.categories.find(cat =>
cat.name.toLowerCase() === category.toLowerCase() && !cat.parentId
);
if (!existingMainCategory) {
const newCategory = {
_id: new mongoose.Types.ObjectId(),
name: category,
parentId: null
};
store.categories.push(newCategory);
targetCategory = newCategory;
console.log(`Created new main category: ${category}`);
} else {
targetCategory = existingMainCategory;
}
// If subcategory is provided, find or create it
if (subcategory) {
const existingSubcategory = store.categories.find(cat =>
cat.name.toLowerCase() === subcategory.toLowerCase() &&
cat.parentId?.toString() === targetCategory._id.toString()
);
if (existingSubcategory) {
targetCategory = existingSubcategory;
} else {
const newSubcategory = {
_id: new mongoose.Types.ObjectId(),
name: subcategory,
parentId: targetCategory._id
};
store.categories.push(newSubcategory);
targetCategory = newSubcategory;
console.log(`Created new subcategory: ${subcategory} under ${category}`);
}
}
console.log(targetCategory._id)
// Convert prices array to pricing format
const pricing = prices.map(price => ({
minQuantity: price.quantity,
pricePerUnit: price.pricePerUnit
}));
const standardizedUnitType = standardizeUnitType(prices[0].unit);
// Validate unit type
if (!["pcs", "gr", "kg"].includes(standardizedUnitType)) {
console.log(`Skipping product ${completedCount}/${products.length}: Invalid unit type "${prices[0].unit}"`);
skippedProducts.push({ name, reason: `Invalid unit type: ${prices[0].unit}` });
continue;
}
const newProduct = new Product({
storeId: req.user.storeId,
name,
category: targetCategory._id,
unitType: standardizedUnitType,
pricing
});
try {
await store.save();
const savedProduct = await newProduct.save();
processedProducts.push(savedProduct);
console.log(`Processed ${completedCount}/${products.length}: Successfully added "${name}"`);
} catch (error) {
console.error(`Failed to save product ${completedCount}/${products.length}: "${name}"`, error);
skippedProducts.push({ name, reason: `Save error: ${error.message}` });
}
}
console.log(`Batch processing completed. Processed: ${processedProducts.length}, Skipped: ${skippedProducts.length}`);
if (processedProducts.length === 0) {
return res.status(400).json({
message: "No valid products were processed",
totalSubmitted: products.length,
totalProcessed: 0,
skippedProducts
});
}
res.status(201).json({
message: "Products batch processed successfully",
totalSubmitted: products.length,
totalProcessed: processedProducts.length,
totalSkipped: skippedProducts.length,
products: processedProducts,
skippedProducts,
categories: store.categories
});
} catch (error) {
console.error("Batch processing error:", error);
res.status(500).json({
message: "Failed to process product batch",
error: error.message
});
}
});
// 📌 Disable stock tracking for all products (one-time setup route)
router.post("/disable-stock-tracking", protectVendor, async (req, res) => {
try {
// Ensure the user has admin privileges or apply appropriate restrictions here
if (!req.user.storeId) {
return res.status(400).json({ message: "Store not found for this vendor" });
}
// Update all products for this store to disable stock tracking
const result = await Product.updateMany(
{ storeId: req.user.storeId },
{
stockTracking: false,
stockStatus: "in_stock" // Set a default status to avoid UI issues
}
);
res.status(200).json({
message: "Stock tracking disabled for all products",
modifiedCount: result.modifiedCount,
matchedCount: result.matchedCount
});
} catch (error) {
console.error("Error disabling stock tracking:", error);
res.status(500).json({ message: "Failed to disable stock tracking", error: error.message });
}
});
export default router;

24
backend/routes/promotion.routes.js Normal file
View File

@@ -0,0 +1,24 @@
import express from "express";
import {
getPromotions,
getPromotionById,
createPromotion,
updatePromotion,
deletePromotion,
validatePromotion
} from "../controllers/promotion.controller.js";
import { protectVendor } from "../middleware/vendorAuthMiddleware.js";
const router = express.Router();
// Vendor routes for managing their own promotions (protected)
router.get("/", protectVendor, getPromotions);
router.get("/:id", protectVendor, getPromotionById);
router.post("/", protectVendor, createPromotion);
router.put("/:id", protectVendor, updatePromotion);
router.delete("/:id", protectVendor, deletePromotion);
// Public route for validating a promotion code
router.post("/validate/:storeId", validatePromotion);
export default router;

151
backend/routes/shipping.routes.js Normal file
View File

@@ -0,0 +1,151 @@
import express from "express";
import Store from "../models/Store.model.js";
import { protectVendor } from "../middleware/authMiddleware.js"; // Protect the vendor
import mongoose from "mongoose"; // Import mongoose to use ObjectId
const router = express.Router();
/**
* 📌 Get Shipping Options for Vendor's Store
* @route GET /api/shipping-options
* @access Private (Vendors only)
*/
router.get("/", protectVendor, async (req, res) => {
try {
if (!req.user.storeId) {
return res
.status(400)
.json({ message: "Store not found for this vendor" });
}
const store = await Store.findOne({ vendorId: req.user._id }).select(
"shippingOptions"
);
if (!store) {
return res.status(404).json({ message: "Store not found" });
}
res.json(store.shippingOptions);
} catch (error) {
res
.status(500)
.json({ message: "Failed to fetch shipping options", error });
}
});
/**
* 📌 Add New Shipping Option for Vendor's Store
* @route POST /api/shipping-options
* @access Private (Vendors only)
*/
router.post("/", protectVendor, async (req, res) => {
const { name, price } = req.body;
if (!name || !price) {
return res.status(400).json({ message: "Missing required fields" });
}
try {
// Find the store by vendorId (user)
const store = await Store.findOne({ vendorId: req.user._id });
if (!store) {
return res.status(404).json({ message: "Store not found" });
}
// Add the new shipping option to the store's shippingOptions array
store.shippingOptions.push({ name, price });
// Save the store with the new shipping option
await store.save();
res.status(201).json(store.shippingOptions);
} catch (error) {
res.status(500).json({ message: "Failed to add shipping option", error });
}
});
/**
* 📌 Delete Shipping Option for Vendor's Store
* @route DELETE /api/shipping-options/:id
* @access Private (Vendors only)
*/
router.delete("/:id", protectVendor, async (req, res) => {
const { id } = req.params;
try {
const store = await Store.findOne({ vendorId: req.user._id });
if (!store) {
return res.status(404).json({ message: "Store not found" });
}
// Use find to find the shipping option by its 'id' field
const shippingOption = store.shippingOptions.find(
(option) => option.id.toString() === id
);
if (!shippingOption) {
return res.status(404).json({ message: "Shipping option not found" });
}
// Remove the shipping option
const index = store.shippingOptions.indexOf(shippingOption);
store.shippingOptions.splice(index, 1); // Remove the shipping option from the array
await store.save(); // Save the updated store
res.status(204).json({ message: "Shipping option deleted successfully" });
} catch (error) {
console.error(error);
res
.status(500)
.json({ message: "Failed to delete shipping option", error });
}
});
/**
* 📌 Edit Shipping Option for Vendor's Store
* @route PUT /api/shipping-options/:id
* @access Private (Vendors only)
*/
router.put("/:id", protectVendor, async (req, res) => {
const { name, price } = req.body;
const { id } = req.params;
if (!name || !price) {
return res.status(400).json({ message: "Missing required fields" });
}
try {
const store = await Store.findOne({ vendorId: req.user._id });
if (!store) {
return res.status(404).json({ message: "Store not found" });
}
// Use find to find the shipping option by its 'id' field
const shippingOption = store.shippingOptions.find(
(option) => option.id.toString() === id
);
if (!shippingOption) {
return res.status(404).json({ message: "Shipping option not found" });
}
shippingOption.name = name; // Update the name
shippingOption.price = price; // Update the price
await store.save(); // Save the updated store
res.json(shippingOption); // Return the updated shipping option
} catch (error) {
console.error(error);
res
.status(500)
.json({ message: "Failed to update shipping option", error });
}
});
export default router;

84
backend/routes/staffAuth.routes.js Normal file
View File

@@ -0,0 +1,84 @@
import express from "express";
import bcrypt from "bcryptjs";
import jwt from "jsonwebtoken";
import Staff from "../models/Staff.model.js";
import { protectStaff, logoutStaff } from "../middleware/staffAuthMiddleware.js";
const router = express.Router();
/**
* 📌 Staff Login - Store JWT in Database
*/
router.post("/login", async (req, res) => {
const { username, password } = req.body;
try {
const staff = await Staff.findOne({ username });
if (!staff) {
return res.status(401).json({ error: "Staff user not found" });
}
const isMatch = await bcrypt.compare(password, staff.passwordHash);
if (!isMatch) {
return res.status(401).json({ error: "Invalid credentials" });
}
// Generate JWT for Staff/Admin
const token = jwt.sign(
{ id: staff._id, role: staff.role },
process.env.JWT_SECRET,
{ expiresIn: "7d" }
);
// Store token in database
staff.currentToken = token;
await staff.save();
res.json({ token, role: staff.role });
} catch (error) {
res.status(500).json({ error: error.message });
}
});
/**
* 📌 Staff Logout - Remove JWT from Database
*/
router.post("/logout", protectStaff, logoutStaff);
/**
* 📌 Force Logout All Staff Users (Admin Only)
*/
router.post("/logout/all", protectStaff, async (req, res) => {
try {
if (req.user.role !== "admin") {
return res.status(403).json({ error: "Access restricted to admins only" });
}
await Staff.updateMany({}, { currentToken: null });
res.json({ message: "All staff users have been logged out" });
} catch (error) {
res.status(500).json({ error: "Failed to log out all staff users" });
}
});
/**
* 📌 Check Staff Sessions (Admin Only)
*/
router.get("/sessions", protectStaff, async (req, res) => {
try {
if (req.user.role !== "admin") {
return res.status(403).json({ error: "Access restricted to admins only" });
}
const activeSessions = await Staff.find({ currentToken: { $ne: null } })
.select("username role currentToken createdAt");
res.json({ activeSessions });
} catch (error) {
res.status(500).json({ error: "Failed to fetch active sessions" });
}
});
export default router;

13
backend/routes/stock.routes.js Normal file
View File

@@ -0,0 +1,13 @@
import express from "express";
import { protectVendor } from "../middleware/authMiddleware.js";
import { updateStock, getStoreStock } from "../controllers/stock.controller.js";
const router = express.Router();
// Get all product stock information for a store
router.get("/", protectVendor, getStoreStock);
// Update stock for a specific product
router.put("/:productId", protectVendor, updateStock);
export default router;

265
backend/routes/storefront.routes.js Normal file
View File

@@ -0,0 +1,265 @@
import express from "express";
import { protectVendor } from "../middleware/vendorAuthMiddleware.js";
import Store from "../models/Store.model.js";
import TelegramUser from "../models/TelegramUser.model.js";
import { sendBulkTelegramMessages } from "../utils/telegramUtils.js";
import multer from "multer";
import sharp from "sharp";
import fs from "fs";
import path from "path";
import { fileURLToPath } from "url";
const router = express.Router();
// Get the current directory and set up a relative path for uploads
const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename);
const uploadsBaseDir = path.join(process.cwd(), 'uploads');
const broadcastsDir = path.join(uploadsBaseDir, 'broadcasts');
console.log('Upload directory:', {
path: broadcastsDir,
exists: fs.existsSync(broadcastsDir),
absolutePath: path.resolve(broadcastsDir)
});
// Create both the base uploads directory and the broadcasts subdirectory
if (!fs.existsSync(uploadsBaseDir)) {
fs.mkdirSync(uploadsBaseDir, { recursive: true });
}
if (!fs.existsSync(broadcastsDir)) {
fs.mkdirSync(broadcastsDir, { recursive: true });
}
const upload = multer({
storage: multer.memoryStorage(),
limits: { fileSize: 10 * 1024 * 1024 }, // 10MB limit for Telegram
fileFilter: (req, file, cb) => {
if (file.mimetype.startsWith("image/")) {
cb(null, true);
} else {
cb(new Error("Only image files are allowed!"), false);
}
},
});
const handleMulterError = (err, req, res, next) => {
if (err instanceof multer.MulterError) {
if (err.code === "LIMIT_FILE_SIZE") {
return res.status(400).json({ error: "File size too large. Maximum allowed size is 10MB." });
}
return res.status(400).json({ error: "Upload error occurred.", details: err.message });
}
next(err);
};
/**
* Get Storefront Details
* @route GET /api/storefront
* @access Private (Vendors only)
*/
router.get("/", protectVendor, async (req, res) => {
try {
const storeId = req.user.storeId;
const store = await Store.findById(storeId);
if (!store) {
return res.status(404).json({ error: "Storefront not found" });
}
return res.json(store);
} catch (error) {
console.error("Error fetching storefront:", error);
return res.status(500).json({ error: "Failed to retrieve storefront" });
}
});
/**
* Update Storefront Settings
* @route PUT /api/storefront
* @access Private (Vendors only)
*/
router.put("/", protectVendor, async (req, res) => {
try {
const storeId = req.user.storeId;
const { pgpKey, welcomeMessage, telegramToken, shipsFrom, shipsTo, wallets } = req.body;
const updatedStore = await Store.findByIdAndUpdate(
storeId,
{
...(pgpKey !== undefined && { pgpKey }),
...(welcomeMessage !== undefined && { welcomeMessage }),
...(telegramToken !== undefined && { telegramToken }),
...(shipsFrom !== undefined && { shipsFrom }),
...(shipsTo !== undefined && { shipsTo }),
...(wallets !== undefined && { wallets })
},
{ new: true }
);
if (!updatedStore) {
return res.status(404).json({ error: "Storefront not found" });
}
return res.json({
message: "Storefront updated successfully",
store: updatedStore,
});
} catch (error) {
console.error("Error updating storefront:", error);
return res.status(500).json({ error: "Failed to update storefront" });
}
});
/**
* Broadcast a Message
* @route POST /api/storefront/broadcast
* @access Private (Vendors only)
*/
router.post("/broadcast", protectVendor, upload.single("file"), handleMulterError, async (req, res) => {
let photoPath = null;
try {
const storeId = req.user.storeId;
const { message } = req.body;
// Handle image upload if present
if (req.file) {
const outputFileName = `${Date.now()}-${req.file.originalname.split('.').slice(0, -1).join('.')}.jpg`;
const outputFilePath = path.join(broadcastsDir, outputFileName);
// Ensure upload directory exists
if (!fs.existsSync(broadcastsDir)) {
fs.mkdirSync(broadcastsDir, { recursive: true });
}
console.log('Processing upload:', {
fileName: outputFileName,
filePath: outputFilePath,
absolutePath: path.resolve(outputFilePath),
uploadDirExists: fs.existsSync(broadcastsDir),
uploadDirContents: fs.readdirSync(broadcastsDir)
});
try {
// Process and save the image
await sharp(req.file.buffer)
.resize(1280, 1280, { fit: 'inside', withoutEnlargement: true })
.jpeg({ quality: 80 })
.toFile(outputFilePath);
// Verify file was saved and get stats
await new Promise((resolve, reject) => {
fs.stat(outputFilePath, (err, stats) => {
if (err) {
console.error('Error verifying file:', err);
reject(err);
} else {
console.log('File processed and verified:', {
path: outputFilePath,
size: stats.size,
exists: fs.existsSync(outputFilePath),
stats: stats
});
resolve(stats);
}
});
});
// Additional verification
if (!fs.existsSync(outputFilePath)) {
throw new Error('File was not saved successfully');
}
const stats = fs.statSync(outputFilePath);
if (stats.size > 10 * 1024 * 1024) {
fs.unlinkSync(outputFilePath);
return res.status(400).json({ error: "File size too large after processing." });
}
// Set the photo path for sending
photoPath = outputFilePath;
} catch (err) {
console.error("Error processing image:", {
error: err,
outputFilePath,
exists: fs.existsSync(outputFilePath)
});
// Cleanup if file exists
if (outputFilePath && fs.existsSync(outputFilePath)) {
fs.unlinkSync(outputFilePath);
}
return res.status(500).json({ error: "Failed to process image file." });
}
} else if (!message || !message.trim()) {
return res.status(400).json({ error: "Either message or image must be provided" });
}
const users = await TelegramUser.find({ "stores.store": storeId });
if (!users.length) {
return res.status(404).json({ error: "No users found to broadcast to." });
}
const store = await Store.findById(storeId);
if (!store || !store.telegramToken) {
return res.status(400).json({ error: "Store has no Telegram bot token configured." });
}
// Flatten out each store entry to gather all chat IDs belonging to this store
const chatIds = users.flatMap((user) =>
user.stores
.filter((s) => s.store.toString() === storeId.toString())
.map((s) => s.chatId)
);
console.log("Broadcasting to chat IDs:", chatIds);
try {
if (photoPath) {
console.log('Sending photo broadcast:', {
photoPath,
exists: fs.existsSync(photoPath),
stats: fs.existsSync(photoPath) ? fs.statSync(photoPath) : null
});
await sendBulkTelegramMessages(store.telegramToken, chatIds, message, photoPath);
} else {
await sendBulkTelegramMessages(store.telegramToken, chatIds, message);
}
return res.json({
message: "Broadcast sent successfully",
totalUsers: chatIds.length,
});
} catch (error) {
console.error("Error sending broadcast:", {
error: error.message,
photoPath,
messageLength: message?.length,
fileExists: photoPath ? fs.existsSync(photoPath) : null
});
throw error;
}
} catch (error) {
console.error("Error broadcasting message:", error);
return res.status(500).json({
error: "Failed to broadcast message",
details: error.message,
});
} finally {
// Clean up the file after everything is done
if (photoPath && fs.existsSync(photoPath)) {
try {
fs.unlinkSync(photoPath);
} catch (err) {
console.error("Error cleaning up file:", err);
}
}
}
});
export default router;

17
backend/scripts/disableAllStockTracking.js Normal file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env node
import disableStockTrackingForAllProducts from '../utils/disableStockTracking.js';
import logger from '../utils/logger.js';
logger.info('Starting script to disable stock tracking for all products');
disableStockTrackingForAllProducts()
.then((result) => {
logger.info('Operation completed successfully!');
logger.info(`Modified ${result.modifiedCount} products out of ${result.matchedCount} total products`);
process.exit(0);
})
.catch((error) => {
logger.error('Operation failed:', error);
process.exit(1);
});

8
backend/test.js Normal file
View File

@@ -0,0 +1,8 @@
import logger from './utils/logger.js';
logger.info('Backend integration test successful!');
console.log('Backend integration test successful!');
export default function testBackendIntegration() {
return { success: true, message: 'Backend integration test successful!' };
}

44
backend/utils/createAdmin.js Normal file
View File

@@ -0,0 +1,44 @@
import mongoose from "mongoose";
import bcrypt from "bcryptjs";
import dotenv from "dotenv";
import Staff from "../models/Staff.model.js";
dotenv.config();
mongoose
.connect(process.env.MONGO_URI, {
useNewUrlParser: true,
useUnifiedTopology: true,
})
.then(() => console.log("✅ MongoDB Connected"))
.catch((err) => console.error("❌ MongoDB Connection Error:", err));
const createAdmin = async () => {
const username = "admin";
const password = "88sO)£2igu-:";
try {
const existingAdmin = await Staff.findOne({ username });
if (existingAdmin) {
console.log("⚠️ Admin user already exists.");
process.exit(1);
}
const hashedPassword = await bcrypt.hash(password, 10);
const admin = new Staff({
username,
passwordHash: hashedPassword,
role: "admin",
});
await admin.save();
console.log(`✅ Admin user '${username}' created successfully!`);
process.exit();
} catch (error) {
console.error("❌ Error creating admin user:", error);
process.exit(1);
}
};
createAdmin();

56
backend/utils/createFakeOrder.js Normal file
View File

@@ -0,0 +1,56 @@
import mongoose from "mongoose";
import dotenv from "dotenv";
import Order from "../models/Order.model.js"; // Adjust path if needed
import Vendor from "../models/Vendor.model.js"; // Import Vendor model
dotenv.config();
// ✅ Connect to MongoDB
const mongoUri = process.env.MONGO_URI || "mongodb://localhost:27017/yourDatabaseName";
mongoose
.connect(mongoUri, { useNewUrlParser: true, useUnifiedTopology: true })
.then(() => console.log("✅ Connected to MongoDB"))
.catch((err) => console.error("❌ MongoDB Connection Error:", err));
// ✅ Insert Fake Order for an Existing Vendor
async function insertFakeOrder() {
try {
// ✅ Find an existing vendor
const existingVendor = await Vendor.findOne();
if (!existingVendor) {
console.log("❌ No vendors found. Create a vendor first.");
return;
}
console.log(`✅ Using Vendor: ${existingVendor.username} (${existingVendor._id})`);
const fakeOrder = new Order({
buyerId: new mongoose.Types.ObjectId(), // Fake buyer
vendorId: existingVendor._id, // Assign to existing vendor
storeId: new mongoose.Types.ObjectId(),
products: [
{
productId: new mongoose.Types.ObjectId(),
quantity: 2,
pricePerUnit: 25.99,
totalItemPrice: 51.98,
},
],
totalPrice: 51.98,
status: "paid",
paymentAddress: "ltc1qxyzfakeaddress123456",
txid: "faketxid1234567890abcdef",
escrowExpiresAt: new Date(Date.now() + 8 * 24 * 60 * 60 * 1000), // 8 days from now
});
const savedOrder = await fakeOrder.save();
console.log("✅ Fake Order Inserted:", savedOrder);
} catch (error) {
console.error("❌ Error inserting fake order:", error);
} finally {
mongoose.connection.close(); // Close DB connection
}
}
// ✅ Run Script
insertFakeOrder();

67
backend/utils/createInvitation.js Normal file
View File

@@ -0,0 +1,67 @@
import mongoose from "mongoose";
import dotenv from "dotenv";
import Staff from "../models/Staff.model.js"
import Invitation from "../models/Invitation.model.js"
import crypto from "crypto";
dotenv.config();
// ✅ Connect to MongoDB
const mongoUri = process.env.MONGO_URI;
mongoose
.connect(mongoUri, { useNewUrlParser: true, useUnifiedTopology: true })
.then(() => console.log("✅ Connected to MongoDB"))
.catch((err) => console.error("❌ MongoDB Connection Error:", err));
const generateInviteCode = () => {
return crypto.randomBytes(16).toString('hex');
};
const createInvitation = async (staffEmail) => {
try {
// Find staff member
const staff = await Staff.findOne({ username: "admin" });
if (!staff) {
throw new Error("Staff member not found");
}
// Check if staff has permission to create invitations
if (!['admin', 'support'].includes(staff.role)) {
throw new Error("Insufficient permissions to create vendor invitations");
}
// Generate unique invite code
const inviteCode = generateInviteCode();
// Create invitation
const invitation = await Invitation.create({
code: inviteCode,
createdBy: staff._id,
expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000), // 7 days from now
isUsed: false
});
console.log(`✅ Vendor invitation created successfully!
Code: ${invitation.code}
Created by: ${staff.email}
Expires: ${invitation.expiresAt}
`);
// Exit process after creating invitation
process.exit(0);
} catch (error) {
console.error("❌ Error creating invitation:", error.message);
process.exit(1);
}
};
// Get staff email from command line argument
const staffEmail = process.argv[2];
if (!staffEmail) {
console.error("❌ Please provide staff email: node createInvitation.js <staffEmail>");
process.exit(1);
}
createInvitation(staffEmail);

7
backend/utils/createKeys.js Normal file
View File

@@ -0,0 +1,7 @@
import crypto from "crypto";
const encryptionKey = crypto.randomBytes(32).toString("hex"); // 32 bytes (256-bit)
const iv = crypto.randomBytes(16).toString("hex"); // 16 bytes (128-bit)
console.log("Encryption Key:", encryptionKey);
console.log("IV:", iv);

55
backend/utils/disableStockTracking.js Normal file
View File

@@ -0,0 +1,55 @@
import mongoose from 'mongoose';
import dotenv from 'dotenv';
import Product from '../models/Product.model.js';
import logger from './logger.js';
// Load environment variables
dotenv.config();
// Connect to MongoDB
mongoose.connect(process.env.MONGO_URI)
.then(() => logger.info('MongoDB connected'))
.catch(err => {
logger.error('MongoDB connection error:', err);
process.exit(1);
});
async function disableStockTrackingForAllProducts() {
try {
logger.info('Disabling stock tracking for all products...');
const result = await Product.updateMany(
{}, // Empty filter matches all documents
{
stockTracking: false,
stockStatus: "in_stock" // Set a default status
}
);
logger.info(`Stock tracking disabled for ${result.modifiedCount} products out of ${result.matchedCount} total products`);
return result;
} catch (error) {
logger.error('Error disabling stock tracking:', error);
throw error;
} finally {
// Close database connection
mongoose.connection.close();
logger.info('Database connection closed');
}
}
// Execute the function if this script is run directly
if (process.argv[1].includes('disableStockTracking.js')) {
disableStockTrackingForAllProducts()
.then(() => {
logger.info('Script completed successfully');
process.exit(0);
})
.catch(err => {
logger.error('Script failed:', err);
process.exit(1);
});
}
export default disableStockTrackingForAllProducts;

54
backend/utils/encryptPgp.js Normal file
View File

@@ -0,0 +1,54 @@
import * as openpgp from 'openpgp';
import logger from './logger.js';
/**
* Encrypts a message using PGP
* @param {string} message - The message to encrypt
* @param {string} publicKey - PGP public key for encryption
* @returns {Promise<string>} - The encrypted message
*/
export const encryptWithPGP = async (message, publicKey) => {
try {
// Parse the public key
const decodedPublicKey = await openpgp.readKey({ armoredKey: publicKey });
// Encrypt the message
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: message }),
encryptionKeys: decodedPublicKey
});
return encrypted;
} catch (error) {
logger.error('Error during PGP encryption', { error: error.message });
throw new Error('Failed to encrypt message: ' + error.message);
}
};
/**
* Decrypts a message using PGP
* @param {string} encryptedMessage - The encrypted message
* @param {string} privateKey - PGP private key for decryption
* @param {string} passphrase - Passphrase for the private key
* @returns {Promise<string>} - The decrypted message
*/
export const decryptWithPGP = async (encryptedMessage, privateKey, passphrase) => {
try {
// Parse the private key
const decodedPrivateKey = await openpgp.readPrivateKey({
armoredKey: privateKey
});
// Decrypt the message
const decrypted = await openpgp.decrypt({
message: await openpgp.readMessage({ armoredMessage: encryptedMessage }),
decryptionKeys: decodedPrivateKey,
config: { allowInsecureDecryptionWithSignature: true }
});
return decrypted.data;
} catch (error) {
logger.error('Error during PGP decryption', { error: error.message });
throw new Error('Failed to decrypt message: ' + error.message);
}
};

96
backend/utils/litecoin/index.js Normal file
View File

@@ -0,0 +1,96 @@
import ky from "ky";
const rpcUrl = "http://152.53.124.126:9332/";
const rpcUser = "notiiwasntherexdddd";
const rpcPassword = "NYwsxePgMrThiapHnfCzUfaEfVlNKZECwvlqhHcWjerlZfcaTp";
const headers = {
"Content-Type": "application/json",
Authorization: `Basic ${Buffer.from(`${rpcUser}:${rpcPassword}`).toString(
"base64"
)}`,
};
async function callRpc(method, params = [], walletName = null) {
console.log(`Calling RPC method: ${method} with params: ${JSON.stringify(params)}`);
const url = walletName ? `${rpcUrl}wallet/${walletName}` : rpcUrl;
try {
const response = await ky
.post(url, {
json: {
jsonrpc: "1.0",
id: "curltest",
method,
params,
},
headers,
})
.json();
console.log(
`RPC Response for method ${method}:`,
JSON.stringify(response, null, 2)
);
if (response.error) {
throw new Error(`RPC Error: ${JSON.stringify(response.error, null, 2)}`);
}
return response.result;
} catch (error) {
console.error(`Error calling RPC method ${method}:`, error);
throw error;
}
}
async function createWallet(walletName) {
const result = await callRpc("createwallet", [walletName]);
console.log("Wallet created:", result);
return result;
}
async function generateAddress(walletName = null) {
const address = await callRpc("getnewaddress", [], walletName);
console.log("Generated Address:", address);
return address;
}
async function checkWalletLoaded(walletName) {
const walletInfo = await callRpc("getwalletinfo", [], walletName);
console.log("Wallet Info:", walletInfo);
return walletInfo;
}
async function walletExists(walletName) {
try {
await callRpc("getwalletinfo", [], walletName);
return true;
} catch (error) {
return false;
}
}
async function dumpPrivateKey(address, walletName) {
const privateKey = await callRpc("dumpprivkey", [address], walletName);
console.log("Private Key:", privateKey);
return privateKey;
}
async function setupWallet(walletName) {
const createResult = await createWallet(walletName);
const address = await generateAddress(walletName);
console.log("Address:", address);
console.log("Wallet Name:", walletName);
console.log("Create Result:", createResult);
const privKey = await dumpPrivateKey(address, walletName);
console.log("Wallet Info:", privKey);
return { address, privKey };
}
export { setupWallet };

77
backend/utils/logger.js Normal file
View File

@@ -0,0 +1,77 @@
const colors = {
reset: "\x1b[0m",
bright: "\x1b[1m",
dim: "\x1b[2m",
underscore: "\x1b[4m",
blink: "\x1b[5m",
reverse: "\x1b[7m",
hidden: "\x1b[8m",
fgBlack: "\x1b[30m",
fgRed: "\x1b[31m",
fgGreen: "\x1b[32m",
fgYellow: "\x1b[33m",
fgBlue: "\x1b[34m",
fgMagenta: "\x1b[35m",
fgCyan: "\x1b[36m",
fgWhite: "\x1b[37m",
bgBlack: "\x1b[40m",
bgRed: "\x1b[41m",
bgGreen: "\x1b[42m",
bgYellow: "\x1b[43m",
bgBlue: "\x1b[44m",
bgMagenta: "\x1b[45m",
bgCyan: "\x1b[46m",
bgWhite: "\x1b[47m",
};
/**
* Formats a timestamp for logging.
* @returns {string} Formatted timestamp
*/
const getTimestamp = () => {
return new Date().toISOString();
};
/**
* Logs an INFO message.
* @param {string} message - Log message
* @param {Object} [data] - Additional data
*/
const info = (message, data = null) => {
console.log(`${colors.fgGreen}[INFO] ${getTimestamp()} - ${message}${colors.reset}`);
if (data) console.log(data);
};
/**
* Logs a WARNING message.
* @param {string} message - Log message
* @param {Object} [data] - Additional data
*/
const warn = (message, data = null) => {
console.warn(`${colors.fgYellow}[WARN] ${getTimestamp()} - ${message}${colors.reset}`);
if (data) console.warn(data);
};
/**
* Logs an ERROR message.
* @param {string} message - Log message
* @param {Object} [data] - Additional data
*/
const error = (message, data = null) => {
console.error(`${colors.fgRed}[ERROR] ${getTimestamp()} - ${message}${colors.reset}`);
if (data) console.error(data);
};
/**
* Logs a DEBUG message.
* @param {string} message - Log message
* @param {Object} [data] - Additional data
*/
const debug = (message, data = null) => {
console.log(`${colors.fgBlue}[DEBUG] ${getTimestamp()} - ${message}${colors.reset}`);
if (data) console.log(data);
};
export default { info, warn, error, debug };

171
backend/utils/telegramUtils.js Normal file
View File

@@ -0,0 +1,171 @@
import ky from "ky";
import logger from "../utils/logger.js";
import FormData from "form-data";
import fs from "fs";
import path from "path";
// Function to escape special characters for MarkdownV2
const escapeMarkdown = (text) => {
return text.replace(/([_*\[\]()~`>#+=|{}.!\\-])/g, '\\$1');
};
// Function to preserve markdown formatting while escaping other special characters
const preserveMarkdown = (text) => {
// First, temporarily replace valid markdown
text = text
.replace(/\*\*(.*?)\*\*/g, '%%%BOLD%%%$1%%%BOLD%%%')
.replace(/__(.*?)__/g, '%%%ITALIC%%%$1%%%ITALIC%%%')
.replace(/`(.*?)`/g, '%%%CODE%%%$1%%%CODE%%%')
.replace(/\[(.*?)\]\((.*?)\)/g, '%%%LINK_TEXT%%%$1%%%LINK_URL%%%$2%%%LINK%%%');
// Escape all special characters
text = escapeMarkdown(text);
// Restore markdown formatting
return text
.replace(/%%%BOLD%%%(.*?)%%%BOLD%%%/g, '*$1*')
.replace(/%%%ITALIC%%%(.*?)%%%ITALIC%%%/g, '_$1_')
.replace(/%%%CODE%%%(.*?)%%%CODE%%%/g, '`$1`')
.replace(/%%%LINK_TEXT%%%(.*?)%%%LINK_URL%%%(.*?)%%%LINK%%%/g, '[$1]($2)');
};
/**
* Sends a message via a Telegram bot.
* @param {string} telegramToken - The bot's API token.
* @param {number} chatId - The recipient's Telegram chat ID.
* @param {string} message - The message text.
* @param {string} [photoPath] - Optional path to photo file.
* @returns {Promise<boolean>} - Returns `true` if the message is sent successfully, otherwise `false`.
*/
export const sendTelegramMessage = async (telegramToken, chatId, message, photoPath = null) => {
try {
// Process message text if it exists
const processedMessage = message?.trim() ? preserveMarkdown(message) : '';
if (photoPath) {
const formData = new FormData();
formData.append('chat_id', chatId);
// Debug information before reading file
logger.info('Attempting to read file:', {
photoPath,
exists: fs.existsSync(photoPath),
stats: fs.existsSync(photoPath) ? fs.statSync(photoPath) : null,
dirname: path.dirname(photoPath),
basename: path.basename(photoPath)
});
try {
// Ensure the file exists before reading
if (!fs.existsSync(photoPath)) {
throw new Error(`File does not exist at path: ${photoPath}`);
}
// Create read stream and append to FormData
const photoStream = fs.createReadStream(photoPath);
formData.append('photo', photoStream);
if (processedMessage) {
formData.append('caption', processedMessage);
formData.append('parse_mode', 'MarkdownV2');
}
// Debug the FormData contents
logger.info('FormData created:', {
boundaryUsed: formData.getBoundary?.() || 'No boundary found',
headers: formData.getHeaders?.() || 'No headers available',
messageLength: processedMessage.length
});
// Wait for the entire request to complete
await new Promise((resolve, reject) => {
formData.submit({
host: 'api.telegram.org',
path: `/bot${telegramToken}/sendPhoto`,
protocol: 'https:',
}, (err, res) => {
if (err) {
reject(err);
return;
}
let data = '';
res.on('data', chunk => {
data += chunk;
});
res.on('end', () => {
try {
const response = JSON.parse(data);
if (!response.ok) {
reject(new Error(response.description || 'Failed to send photo'));
} else {
resolve(response);
}
} catch (e) {
reject(new Error('Failed to parse Telegram response'));
}
});
});
});
} catch (error) {
// Log detailed error information
logger.error(`❌ Telegram API Error for chat ${chatId}:`, {
error: error.message,
response: error.response ? await error.response.json().catch(() => ({})) : undefined,
photoPath,
messageLength: processedMessage.length,
fileExists: fs.existsSync(photoPath),
fileStats: fs.existsSync(photoPath) ? fs.statSync(photoPath) : null
});
throw error;
}
} else {
try {
await ky.post(`https://api.telegram.org/bot${telegramToken}/sendMessage`, {
json: {
chat_id: chatId,
text: processedMessage,
parse_mode: "MarkdownV2",
},
timeout: 5000,
});
} catch (error) {
// Log detailed error information
logger.error(`❌ Telegram API Error for chat ${chatId}:`, {
error: error.message,
response: await error.response?.json().catch(() => ({})),
messageLength: processedMessage.length
});
throw error;
}
}
logger.info(`✅ Telegram message sent to ${chatId}`);
return true;
} catch (error) {
logger.error(`❌ Failed to send Telegram message to ${chatId}: ${error.message}`);
return false;
}
};
/**
* Sends messages in bulk while respecting Telegram's rate limits.
* @param {string} telegramToken - The bot's API token.
* @param {Array<number>} chatIds - An array of chat IDs to send to.
* @param {string} message - The message text.
* @param {string} [photoPath] - Optional path to photo file.
* @returns {Promise<void>}
*/
export const sendBulkTelegramMessages = async (telegramToken, chatIds, message, photoPath = null) => {
for (let i = 0; i < chatIds.length; i++) {
const chatId = chatIds[i];
await sendTelegramMessage(telegramToken, chatId, message, photoPath);
if ((i + 1) % 30 === 0) {
logger.info(`⏳ Rate limit pause (sent ${i + 1} messages)...`);
await new Promise((resolve) => setTimeout(resolve, 1000));
}
}
};

0
backend/utils/walletUtils.js Normal file
View File

2
docker-compose.yml
View File

@@ -42,7 +42,7 @@ services:
- web
environment:
- NODE_ENV=production
- NEXT_PUBLIC_API_URL=https://internal-api.inboxi.ng/api
- NEXT_PUBLIC_API_URL=/api
restart: unless-stopped
networks:

BIN
lib/.server-service.ts.swp Normal file
View File

Binary file not shown.

33
lib/auth-helpers.ts Normal file
View File

@@ -0,0 +1,33 @@
'use client';
// Helper function to verify authentication with the local API
export async function verifyAuth(token: string) {
try {
// Use a properly formed URL with origin
const origin = typeof window !== 'undefined' ? window.location.origin : '';
const authEndpoint = new URL('/api/auth/me', origin).toString();
console.log(`Verifying auth with ${authEndpoint} using token: ${token.substring(0, 10)}...`);
const response = await fetch(authEndpoint, {
method: "GET",
headers: {
"Content-Type": "application/json",
Authorization: `Bearer ${token}`,
},
// Prevent caching of auth requests
cache: 'no-store'
});
if (!response.ok) {
console.error(`Auth verification failed: ${response.status}`);
return false;
}
return await response.json();
} catch (error) {
console.error("Authentication verification failed:", error);
console.error("Error details:", error instanceof Error ? error.message : 'Unknown error');
return false;
}
}

49
lib/client-service.ts
View File

@@ -21,31 +21,44 @@ function getAuthToken(): string | null {
?.split('=')[1] || null;
}
/**
* Gets the API base URL for client-side fetch calls
*/
function getClientApiBaseUrl(): string {
// For client-side, we can access window.location if in browser
if (typeof window !== 'undefined') {
// Use the same origin (which includes the correct port)
return `${window.location.origin}/api`;
}
// Fallback when window is not available
// For development mode, use port 3001 to match our server
if (process.env.NODE_ENV === 'development') {
return 'http://localhost:3001/api';
}
// Default fallback - relative URL
return '/api';
}
export async function fetchClient<T>(
endpoint: string,
options: FetchOptions = {}
): Promise<T> {
const { method = 'GET', body, headers = {}, ...rest } = options;
// Get the base API URL from environment or fallback
const apiUrl = process.env.NEXT_PUBLIC_API_URL || 'http://localhost:3001';
try {
// Get the base API URL
const baseUrl = getClientApiBaseUrl();
// Ensure the endpoint starts with a slash
const normalizedEndpoint = endpoint.startsWith('/') ? endpoint : `/${endpoint}`;
// Ensure endpoint doesn't start with a slash if baseUrl ends with one
const normalizedEndpoint = endpoint.startsWith('/') ? endpoint.substring(1) : endpoint;
// For the specific case of internal-api.inboxi.ng - remove duplicate /api
let url;
if (apiUrl.includes('internal-api.inboxi.ng')) {
// Special case for internal-api.inboxi.ng
if (normalizedEndpoint.startsWith('/api/')) {
url = `${apiUrl}${normalizedEndpoint.substring(4)}`; // Remove the /api part
} else {
url = `${apiUrl}${normalizedEndpoint}`;
}
} else {
// Normal case for other environments
url = `${apiUrl}${normalizedEndpoint}`;
}
// Ensure baseUrl ends with a slash if it doesn't already
const normalizedBaseUrl = baseUrl.endsWith('/') ? baseUrl : `${baseUrl}/`;
// Combine them for the final URL
const url = `${normalizedBaseUrl}${normalizedEndpoint}`;
// Get auth token from cookies
const authToken = getAuthToken();
@@ -79,7 +92,6 @@ export async function fetchClient<T>(
fetchOptions.body = JSON.stringify(body);
}
try {
const response = await fetch(url, fetchOptions);
if (!response.ok) {
@@ -97,6 +109,7 @@ export async function fetchClient<T>(
return data;
} catch (error) {
console.error('API request failed:', error);
console.error('Error details:', error instanceof Error ? error.message : 'Unknown error');
// Only show toast if this is a client-side error (not during SSR)
if (typeof window !== 'undefined') {

46
lib/server-service.ts
View File

@@ -1,6 +1,36 @@
import { cookies } from 'next/headers';
import { redirect } from 'next/navigation';
/**
* Gets the base URL for server API requests with proper fallbacks
*/
function getBaseUrl() {
// For server components, we normally would use environment variables
// But we need to be careful with how they're accessed
// Try to get the API URL from environment variables
const apiUrl = process.env.NEXT_PUBLIC_API_URL;
// We need to get the host from somewhere to construct the URL
// In production, we can rely on the VERCEL_URL or similar
if (process.env.VERCEL_URL) {
return `https://${process.env.VERCEL_URL}/api`;
}
// If we have a configured API URL, use that
if (apiUrl) {
// If it's already an absolute URL, use it
if (apiUrl.startsWith('http')) {
return apiUrl;
}
// Otherwise, it's likely a relative path like /api
return `http://localhost:3000${apiUrl.startsWith('/') ? apiUrl : `/${apiUrl}`}`;
}
// Last resort fallback for development
return 'http://localhost:3000/api';
}
/**
* Server-side fetch wrapper with authentication.
*/
@@ -14,8 +44,20 @@ export async function fetchServer<T = unknown>(
if (!authToken) redirect('/login');
try {
console.log(`${endpoint}`)
const res = await fetch(`${process.env.NEXT_PUBLIC_API_URL}${endpoint}`, {
const baseUrl = getBaseUrl();
// Ensure endpoint doesn't start with a slash if baseUrl ends with one
const normalizedEndpoint = endpoint.startsWith('/') ? endpoint.substring(1) : endpoint;
// Ensure baseUrl ends with a slash if it doesn't already
const normalizedBaseUrl = baseUrl.endsWith('/') ? baseUrl : `${baseUrl}/`;
// Combine them to get a complete URL
const url = `${normalizedBaseUrl}${normalizedEndpoint}`;
console.log(`Server fetch to: ${url}`);
const res = await fetch(url, {
...options,
headers: {
'Content-Type': 'application/json',

32
lib/server-utils.ts Normal file
View File

@@ -0,0 +1,32 @@
/**
* Helper function to construct proper URLs for server components.
* In Next.js server components, relative URLs don't work in fetch() calls.
*/
export function getServerApiUrl(endpoint: string): string {
// Base API URL - use a hardcoded value for server components
// This must be an absolute URL with protocol and domain
const baseUrl = process.env.NEXT_PUBLIC_API_URL || 'http://localhost:3000/api';
// Ensure endpoint doesn't start with a slash if baseUrl ends with one
const normalizedEndpoint = endpoint.startsWith('/') ? endpoint.substring(1) : endpoint;
// Ensure the baseUrl ends with a slash if it doesn't already
const normalizedBaseUrl = baseUrl.endsWith('/') ? baseUrl : `${baseUrl}/`;
// Combine them to get a complete URL
return `${normalizedBaseUrl}${normalizedEndpoint}`;
}
/**
* Helper to detect if code is running on server or client
*/
export function isServer(): boolean {
return typeof window === 'undefined';
}
/**
* Helper to detect if code is running in development mode
*/
export function isDevelopment(): boolean {
return process.env.NODE_ENV === 'development';
}

13
middleware.ts
View File

@@ -10,19 +10,30 @@ export async function middleware(req: NextRequest) {
}
try {
const res = await fetch(`${process.env.NEXT_PUBLIC_API_URL}/auth/me`, {
// Make sure we use a complete URL with protocol
// When running locally with integrated backend, we need to specify the full URL including protocol
const origin = req.nextUrl.origin;
const authEndpoint = new URL("/api/auth/me", origin).toString();
console.log("Verifying authentication with endpoint:", authEndpoint);
const res = await fetch(authEndpoint, {
method: "GET",
headers: {
"Content-Type": "application/json",
Authorization: `Bearer ${token}`,
},
// Ensure we're not caching authentication checks
cache: 'no-store'
});
if (!res.ok) {
console.error(`Auth check failed with status: ${res.status}`);
return NextResponse.redirect(new URL("/auth/login", req.url));
}
} catch (error) {
console.error("Authentication validation failed:", error);
console.error("Error details:", error instanceof Error ? error.message : 'Unknown error');
return NextResponse.redirect(new URL("/auth/login", req.url));
}

40
next.config.mjs
View File

@@ -8,6 +8,46 @@ const nextConfig = {
},
],
},
// Disable Next.js handling of API routes that our Express server will handle
async rewrites() {
return [
{
// Don't rewrite actual Next.js API routes
source: "/api/_next/:path*",
destination: "/api/_next/:path*",
},
{
// Rewrite API requests to be handled by our custom Express server
source: "/api/:path*",
destination: "/api/:path*",
},
];
},
// Make environment variables available to both client and server components
env: {
// For integrated backend, use http://localhost:3000/api
NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL || 'http://localhost:3000/api',
},
// Prevent dynamic URLs from being hard-coded at build time
// This is important for Tor compatibility
experimental: {
// This prevents URLs from being hardcoded at build time
esmExternals: true,
},
// Ensure server components can handle URL objects
serverComponentsExternalPackages: ['next/dist/compiled/path-to-regexp'],
// Allow server-side fetch calls to the local API
serverRuntimeConfig: {
apiUrl: 'http://localhost:3000/api',
},
// Special handling for server components
webpack: (config, { isServer }) => {
if (isServer) {
// Server-side specific config
}
return config;
},
};
export default nextConfig;

2185
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

19
package.json
View File

@@ -2,10 +2,16 @@
"name": "my-v0-project",
"version": "0.1.0",
"private": true,
"type": "module",
"scripts": {
"dev": "next dev",
"dev:custom": "node server.js",
"dev:tor": "NODE_ENV=production node -r dotenv/config server.js dotenv_config_path=.env.tor",
"build": "next build",
"start": "next start",
"start:custom": "NODE_ENV=production node server.js",
"start:tor": "NODE_ENV=production node -r dotenv/config server.js dotenv_config_path=.env.tor",
"setup-backend": "node setup-backend.js",
"lint": "next lint"
},
"dependencies": {
@@ -39,17 +45,28 @@
"@radix-ui/react-tooltip": "^1.1.6",
"autoprefixer": "^10.4.20",
"axios": "^1.8.1",
"bcrypt": "^5.1.1",
"bcryptjs": "^2.4.3",
"class-variance-authority": "^0.7.1",
"clsx": "^2.1.1",
"cmdk": "1.0.4",
"cors": "^2.8.5",
"date-fns": "4.1.0",
"dotenv": "^16.4.7",
"embla-carousel-react": "8.5.1",
"express": "^4.21.2",
"form-data": "^4.0.2",
"input-otp": "1.4.1",
"jsonwebtoken": "^9.0.2",
"jwt-decode": "^4.0.0",
"ky": "^1.7.5",
"lucide-react": "^0.454.0",
"mongoose": "^8.9.6",
"mongoose-sequence": "^6.0.1",
"multer": "^1.4.5-lts.1",
"next": "14.2.16",
"next-themes": "latest",
"openpgp": "^6.1.0",
"react": "^18",
"react-day-picker": "8.10.1",
"react-dom": "^18",
@@ -57,9 +74,11 @@
"react-markdown": "^10.0.0",
"react-resizable-panels": "^2.1.7",
"recharts": "2.15.0",
"sharp": "^0.33.5",
"sonner": "^1.7.4",
"tailwind-merge": "^2.5.5",
"tailwindcss-animate": "^1.0.7",
"uuid": "^11.0.5",
"vaul": "^0.9.6",
"zod": "^3.24.1"
},

127
server.js Normal file
View File

@@ -0,0 +1,127 @@
// Load environment variables first
import dotenv from 'dotenv';
// Load backend-specific environment variables
dotenv.config({ path: '.env.backend' });
// Then load frontend environment variables (will override if there are duplicates)
dotenv.config();
import express from 'express';
import { createServer } from 'http';
import { parse } from 'url';
import next from 'next';
import cors from 'cors';
import { dirname, join } from 'path';
import { fileURLToPath } from 'url';
// Import your backend routes
import connectDB from './backend/config/db.js';
import authRoutes from './backend/routes/auth.routes.js';
import inviteRoutes from './backend/routes/invites.routes.js';
import staffAuthRoutes from './backend/routes/staffAuth.routes.js';
import orderRoutes from './backend/routes/orders.routes.js';
import productRoutes from './backend/routes/products.routes.js';
import categoryRoutes from './backend/routes/categories.routes.js';
import shippingRoutes from './backend/routes/shipping.routes.js';
import storeRoutes from './backend/routes/storefront.routes.js';
import cryptoRoutes from './backend/routes/crypto.routes.js';
import blockedUsersRoutes from './backend/routes/blockedUsers.routes.js';
import chatRoutes from './backend/routes/chat.routes.js';
import stockRoutes from './backend/routes/stock.routes.js';
import promotionRoutes from './backend/routes/promotion.routes.js';
import { startCryptoPriceUpdater } from './backend/controllers/cryptoController.js';
import { protectTelegramApi } from './backend/middleware/telegramAuthMiddleware.js';
import { processTelegramMessage, createTelegramChat } from './backend/controllers/chat.controller.js';
import logger from './backend/utils/logger.js';
const dev = process.env.NODE_ENV !== 'production';
const hostname = 'localhost';
// Use port 3000 for the integrated application
// Original backend was on 3001, which is causing the conflict
const port = process.env.PORT || 3000;
// Initialize Next.js
const app = next({ dev, hostname, port });
const handle = app.getRequestHandler();
app.prepare().then(() => {
const server = express();
// Connect to MongoDB
connectDB();
// Add security headers and handle CORS
server.use((req, res, next) => {
// Basic security headers
res.setHeader('X-Content-Type-Options', 'nosniff');
res.setHeader('X-Frame-Options', 'DENY');
res.setHeader('X-XSS-Protection', '1; mode=block');
// Handle CORS
const origin = req.headers.origin;
const host = req.headers.host;
// CORS handling (simplified for local development)
res.setHeader('Access-Control-Allow-Origin', origin || '*');
res.setHeader('Access-Control-Allow-Credentials', 'true');
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With, Accept, Origin');
res.setHeader('Access-Control-Expose-Headers', 'Content-Type, Authorization');
res.setHeader('Access-Control-Max-Age', '86400');
// Log the request for debugging
logger.info(`Request from ${req.ip} - Origin: ${origin || 'null'} - Host: ${host}`);
// Handle preflight requests
if (req.method === 'OPTIONS') {
res.status(204).end();
return;
}
next();
});
// Parse JSON for all routes
server.use(express.json({ limit: "15mb" }));
// Direct routes for Telegram API to bypass JWT middleware
server.post("/api/telegram/message", protectTelegramApi, processTelegramMessage);
server.post("/api/telegram/create", protectTelegramApi, createTelegramChat);
server.get("/api/telegram/test-auth", protectTelegramApi, (req, res) => {
res.status(200).json({
success: true,
message: "Authentication successful",
headers: {
authHeader: req.headers.authorization ? req.headers.authorization.substring(0, 10) + "..." : "undefined",
xApiKey: req.headers['x-api-key'] ? req.headers['x-api-key'].substring(0, 10) + "..." : "undefined"
}
});
});
// Register API routes
server.use("/api/products", productRoutes);
server.use("/api/chats", chatRoutes);
server.use("/api/auth", authRoutes);
server.use("/api/staff/auth", staffAuthRoutes);
server.use("/api/invite", inviteRoutes);
server.use("/api/orders", orderRoutes);
server.use("/api/categories", categoryRoutes);
server.use("/api/shipping-options", shippingRoutes);
server.use("/api/storefront", storeRoutes);
server.use("/api/crypto", cryptoRoutes);
server.use("/api/blocked-users", blockedUsersRoutes);
server.use("/api/stock", stockRoutes);
server.use("/api/promotions", promotionRoutes);
// Start crypto price updater
startCryptoPriceUpdater(60);
// For all other routes, use Next.js
server.all('*', (req, res) => {
return handle(req, res);
});
server.listen(port, () => {
console.log(`> Ready on http://${hostname}:${port}`);
});
});

75
setup-backend.js Normal file
View File

@@ -0,0 +1,75 @@
import fs from 'fs';
import path from 'path';
import { fileURLToPath } from 'url';
const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename);
const backendPath = path.join(__dirname, '..', 'ember-market-backend');
const targetPath = path.join(__dirname, 'backend');
// Create backend directory if it doesn't exist
if (!fs.existsSync(targetPath)) {
fs.mkdirSync(targetPath, { recursive: true });
}
// Function to copy directory recursively
function copyDir(src, dest) {
// Create destination directory if it doesn't exist
if (!fs.existsSync(dest)) {
fs.mkdirSync(dest, { recursive: true });
}
// Read contents of source directory
const entries = fs.readdirSync(src, { withFileTypes: true });
for (const entry of entries) {
const srcPath = path.join(src, entry.name);
const destPath = path.join(dest, entry.name);
// Skip node_modules and .git directories
if (entry.name === 'node_modules' || entry.name === '.git') {
console.log(`Skipping ${entry.name}`);
continue;
}
if (entry.isDirectory()) {
// Recursive call for directories
copyDir(srcPath, destPath);
} else {
// Copy file
fs.copyFileSync(srcPath, destPath);
console.log(`Copied: ${srcPath} -> ${destPath}`);
}
}
}
// Copy files from backend to frontend/backend
try {
// Copy main backend directories
const dirsToSync = ['config', 'controllers', 'middleware', 'models', 'routes', 'scripts', 'utils'];
dirsToSync.forEach(dir => {
const sourcePath = path.join(backendPath, dir);
const destPath = path.join(targetPath, dir);
if (fs.existsSync(sourcePath)) {
copyDir(sourcePath, destPath);
} else {
console.warn(`Warning: Directory ${sourcePath} does not exist`);
}
});
// Copy .env file (you might want to modify this for different environments)
const envSource = path.join(backendPath, '.env');
const envDest = path.join(__dirname, '.env.backend');
if (fs.existsSync(envSource)) {
fs.copyFileSync(envSource, envDest);
console.log(`Copied: ${envSource} -> ${envDest}`);
}
console.log('Backend setup completed successfully!');
} catch (error) {
console.error('Error setting up backend:', error);
}