-
+ {event?.photo_url && (
+
+ )}
-
-
-) : (
-
+ {event ? (
+ <>
+
-)}
+ )}
+
diff --git a/src/lib/uploads.ts b/src/lib/uploads.ts
new file mode 100644
index 0000000..e1d96e3
--- /dev/null
+++ b/src/lib/uploads.ts
@@ -0,0 +1,35 @@
+/* ---------------------------------------------------------------------------
+ * Event photo uploads.
+ *
+ * Files are written outside the build output (so they survive redeploys) and
+ * served back through the /uploads/[file] route. Path defaults to
+ * /data/uploads; override with BIFROST_UPLOAD_DIR on the VPS.
+ *
+ * Scope: admin-only event photos (see SPEC §8 exception). Participants cannot
+ * upload.
+ * ------------------------------------------------------------------------- */
+
+import { join } from 'node:path';
+
+export const UPLOAD_DIR =
+ process.env.BIFROST_UPLOAD_DIR ?? join(process.cwd(), 'data', 'uploads');
+
+/** Accepted MIME types → file extension. */
+export const ALLOWED_IMAGE_TYPES = new Map([
+ ['image/png', 'png'],
+ ['image/jpeg', 'jpg'],
+]);
+
+export const MAX_UPLOAD_BYTES = 5 * 1024 * 1024; // 5 MB
+
+/** Guards the served filename against path traversal. */
+export function isSafeUploadName(name: string): boolean {
+ return /^[a-z0-9][a-z0-9._-]*$/i.test(name) && !name.includes('..');
+}
+
+/** Content-type for a stored upload, by extension. */
+export const UPLOAD_CONTENT_TYPES: Record = {
+ '.png': 'image/png',
+ '.jpg': 'image/jpeg',
+ '.jpeg': 'image/jpeg',
+};
diff --git a/src/pages/api/admin/upload.ts b/src/pages/api/admin/upload.ts
new file mode 100644
index 0000000..4a51061
--- /dev/null
+++ b/src/pages/api/admin/upload.ts
@@ -0,0 +1,55 @@
+/* ---------------------------------------------------------------------------
+ * POST /api/admin/upload — fenja-only event photo upload.
+ *
+ * Accepts multipart/form-data with a single `file` (png/jpg, ≤5 MB), writes it
+ * to the upload dir under a random name, and returns { url } pointing at the
+ * /uploads/[file] serve route. The caller (admin image-upload field) stores
+ * that url in the event's photo_url.
+ * ------------------------------------------------------------------------- */
+
+import type { APIRoute } from 'astro';
+import { mkdir, writeFile } from 'node:fs/promises';
+import { join } from 'node:path';
+import { randomUUID } from 'node:crypto';
+import { UPLOAD_DIR, ALLOWED_IMAGE_TYPES, MAX_UPLOAD_BYTES } from '../../../lib/uploads';
+
+export const prerender = false;
+
+function json(body: unknown, status: number): Response {
+ return new Response(JSON.stringify(body), {
+ status,
+ headers: { 'Content-Type': 'application/json' },
+ });
+}
+
+export const POST: APIRoute = async ({ locals, request }) => {
+ if (locals.user?.role !== 'fenja') return json({ error: 'Forbidden' }, 403);
+
+ let form: FormData;
+ try {
+ form = await request.formData();
+ } catch {
+ return json({ error: 'Expected multipart form data.' }, 400);
+ }
+
+ const file = form.get('file');
+ if (!(file instanceof File) || file.size === 0) {
+ return json({ error: 'No file provided.' }, 400);
+ }
+
+ const ext = ALLOWED_IMAGE_TYPES.get(file.type);
+ if (!ext) return json({ error: 'Only PNG or JPG images are allowed.' }, 415);
+ if (file.size > MAX_UPLOAD_BYTES) {
+ return json({ error: 'Image must be 5 MB or smaller.' }, 413);
+ }
+
+ const name = `${randomUUID()}.${ext}`;
+ try {
+ await mkdir(UPLOAD_DIR, { recursive: true });
+ await writeFile(join(UPLOAD_DIR, name), Buffer.from(await file.arrayBuffer()));
+ } catch {
+ return json({ error: 'Could not save the image. Try again.' }, 500);
+ }
+
+ return json({ url: `/uploads/${name}` }, 200);
+};
diff --git a/src/pages/uploads/[file].ts b/src/pages/uploads/[file].ts
new file mode 100644
index 0000000..c733d6a
--- /dev/null
+++ b/src/pages/uploads/[file].ts
@@ -0,0 +1,35 @@
+/* ---------------------------------------------------------------------------
+ * GET /uploads/[file] — serve an uploaded event photo from the upload dir.
+ *
+ * Runtime-written files live outside the build output, so they're streamed
+ * here rather than served as static assets. Gated by the global auth
+ * middleware (viewers are logged in; the ![]()
request carries the session
+ * cookie). Filename is validated to prevent path traversal.
+ * ------------------------------------------------------------------------- */
+
+import type { APIRoute } from 'astro';
+import { readFile } from 'node:fs/promises';
+import { join, extname } from 'node:path';
+import { UPLOAD_DIR, isSafeUploadName, UPLOAD_CONTENT_TYPES } from '../../lib/uploads';
+
+export const prerender = false;
+
+export const GET: APIRoute = async ({ params }) => {
+ const file = params.file ?? '';
+ if (!isSafeUploadName(file)) return new Response('Not found', { status: 404 });
+
+ const type = UPLOAD_CONTENT_TYPES[extname(file).toLowerCase()];
+ if (!type) return new Response('Not found', { status: 404 });
+
+ try {
+ const buf = await readFile(join(UPLOAD_DIR, file));
+ return new Response(new Uint8Array(buf), {
+ headers: {
+ 'Content-Type': type,
+ 'Cache-Control': 'public, max-age=31536000, immutable',
+ },
+ });
+ } catch {
+ return new Response('Not found', { status: 404 });
+ }
+};
diff --git a/tests/admin-resources.test.ts b/tests/admin-resources.test.ts
index bce6ab1..02a9c20 100644
--- a/tests/admin-resources.test.ts
+++ b/tests/admin-resources.test.ts
@@ -35,6 +35,7 @@ const KNOWN_FIELD_KINDS: ReadonlySet = new Set([
'datetime',
'number',
'readonly',
+ 'image-upload',
]);
const KNOWN_COLUMN_KINDS: ReadonlySet = new Set([
- {weekday}
- {dayPadded}
- {monthShort} · {startTime}
-
-
-
-
-
-
+Next gathering · {eventKindLabel(event.kind).toUpperCase()}
-{event.title}
-{event.description}
-{event.location}
-
+
+
+
+
+
+ ) : (
Next gathering · {eventKindLabel(event.kind).toUpperCase()}
+
+
+
+ {weekday}
+ {dayPadded}
+ {monthShort} · {startTime}
+
+
+
+
+ {event.title}
+{event.description}
+{event.location}
+Nothing scheduled yet — when we have something, you'll be the first to know.
-