feat: upload images vers bucket Supabase privé avec Signed URLs
- Nouvelle route POST /api/admin/upload : upload multipart vers le bucket private-gallery, validation MIME + taille (max 5 Mo), retourne storage:path - lib/site-images.ts : détecte le préfixe "storage:" et génère une Signed URL temporaire (60 min) côté serveur avant chaque rendu de page - GET /api/admin/site-images : résout aussi les signed URLs pour les previews admin (champ previewUrl distinct de url brute) - PUT /api/admin/site-images : accepte désormais les chemins "storage:..." en plus des URLs externes - Page admin images : drag & drop + input file avec upload automatique + sauvegarde en BDD, badge "bucket privé", instructions SQL pour créer la table et la policy du bucket private-gallery https://claude.ai/code/session_01PzA98VhLMmsHpzs7gnLHGs
This commit is contained in:
Claude
@@ -10,6 +10,9 @@ interface SiteImageRow {
|
||||
updated_at: string;
|
||||
}
|
||||
|
||||
const BUCKET = "private-gallery";
|
||||
const SIGNED_URL_TTL = 3600; // 1 heure
|
||||
|
||||
async function checkAdmin() {
|
||||
const supabase = await createClient();
|
||||
const {
|
||||
@@ -27,6 +30,21 @@ async function checkAdmin() {
|
||||
return (profile as Pick<Profile, "is_admin"> | null)?.is_admin === true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Génère une URL de prévisualisation pour l'admin.
|
||||
* Pour les chemins "storage:", crée une Signed URL temporaire.
|
||||
* Pour les URLs externes, retourne l'URL telle quelle.
|
||||
*/
|
||||
async function resolvePreviewUrl(rawUrl: string): Promise<string> {
|
||||
if (!rawUrl.startsWith("storage:")) return rawUrl;
|
||||
const filePath = rawUrl.slice("storage:".length);
|
||||
const adminClient = createAdminClient();
|
||||
const { data } = await adminClient.storage
|
||||
.from(BUCKET)
|
||||
.createSignedUrl(filePath, SIGNED_URL_TTL);
|
||||
return data?.signedUrl ?? rawUrl;
|
||||
}
|
||||
|
||||
// GET - Récupérer toutes les images
|
||||
export async function GET() {
|
||||
const isAdmin = await checkAdmin();
|
||||
@@ -35,20 +53,25 @@ export async function GET() {
|
||||
}
|
||||
|
||||
try {
|
||||
const supabase = createAdminClient();
|
||||
const { data } = await supabase.from("site_images").select("*");
|
||||
const adminClient = createAdminClient();
|
||||
const { data } = await adminClient.from("site_images").select("*");
|
||||
const rows = (data ?? []) as unknown as SiteImageRow[];
|
||||
|
||||
// Merge defaults avec les valeurs en base
|
||||
const images = Object.entries(DEFAULT_IMAGES).map(([key, def]) => {
|
||||
const saved = rows.find((d) => d.key === key);
|
||||
return {
|
||||
key,
|
||||
url: saved?.url || def.url,
|
||||
label: def.label,
|
||||
updated_at: saved?.updated_at || null,
|
||||
};
|
||||
});
|
||||
// Merge defaults avec les valeurs en base, résoudre les signed URLs en parallèle
|
||||
const images = await Promise.all(
|
||||
Object.entries(DEFAULT_IMAGES).map(async ([key, def]) => {
|
||||
const saved = rows.find((d) => d.key === key);
|
||||
const rawUrl = saved?.url || def.url;
|
||||
const previewUrl = await resolvePreviewUrl(rawUrl);
|
||||
return {
|
||||
key,
|
||||
url: rawUrl, // valeur brute stockée (ex: "storage:hero_portrait/image.jpg")
|
||||
previewUrl, // URL résolvée pour l'affichage dans le navigateur
|
||||
label: def.label,
|
||||
updated_at: saved?.updated_at || null,
|
||||
};
|
||||
})
|
||||
);
|
||||
|
||||
return NextResponse.json({ images });
|
||||
} catch {
|
||||
@@ -56,6 +79,7 @@ export async function GET() {
|
||||
const images = Object.entries(DEFAULT_IMAGES).map(([key, def]) => ({
|
||||
key,
|
||||
url: def.url,
|
||||
previewUrl: def.url,
|
||||
label: def.label,
|
||||
updated_at: null,
|
||||
}));
|
||||
@@ -77,11 +101,14 @@ export async function PUT(request: NextRequest) {
|
||||
return NextResponse.json({ error: "key et url requis" }, { status: 400 });
|
||||
}
|
||||
|
||||
// Vérifier que l'URL est valide
|
||||
try {
|
||||
new URL(url);
|
||||
} catch {
|
||||
return NextResponse.json({ error: "URL invalide" }, { status: 400 });
|
||||
// Accepter soit une URL externe (https://...) soit un chemin storage (storage:...)
|
||||
const isStoragePath = url.startsWith("storage:");
|
||||
if (!isStoragePath) {
|
||||
try {
|
||||
new URL(url);
|
||||
} catch {
|
||||
return NextResponse.json({ error: "URL invalide" }, { status: 400 });
|
||||
}
|
||||
}
|
||||
|
||||
const success = await updateSiteImage(key, url);
|
||||
|
||||
85
app/api/admin/upload/route.ts
Normal file
85
app/api/admin/upload/route.ts
Normal file
@@ -0,0 +1,85 @@
|
||||
import { NextRequest, NextResponse } from "next/server";
|
||||
import { createClient, createAdminClient } from "@/lib/supabase/server";
|
||||
import type { Profile } from "@/types/database.types";
|
||||
|
||||
const BUCKET = "private-gallery";
|
||||
|
||||
async function checkAdmin() {
|
||||
const supabase = await createClient();
|
||||
const {
|
||||
data: { user },
|
||||
} = await supabase.auth.getUser();
|
||||
if (!user) return false;
|
||||
|
||||
const adminClient = createAdminClient();
|
||||
const { data: profile } = await adminClient
|
||||
.from("profiles")
|
||||
.select("is_admin")
|
||||
.eq("id", user.id)
|
||||
.single();
|
||||
|
||||
return (profile as Pick<Profile, "is_admin"> | null)?.is_admin === true;
|
||||
}
|
||||
|
||||
// POST - Upload un fichier dans le bucket private-gallery
|
||||
export async function POST(request: NextRequest) {
|
||||
const isAdmin = await checkAdmin();
|
||||
if (!isAdmin) {
|
||||
return NextResponse.json({ error: "Non autorisé" }, { status: 401 });
|
||||
}
|
||||
|
||||
let formData: FormData;
|
||||
try {
|
||||
formData = await request.formData();
|
||||
} catch {
|
||||
return NextResponse.json({ error: "Corps de requête invalide" }, { status: 400 });
|
||||
}
|
||||
|
||||
const file = formData.get("file") as File | null;
|
||||
const imageKey = formData.get("key") as string | null;
|
||||
|
||||
if (!file || !imageKey) {
|
||||
return NextResponse.json({ error: "Champs 'file' et 'key' requis" }, { status: 400 });
|
||||
}
|
||||
|
||||
// Valider le type MIME
|
||||
const allowedTypes = ["image/jpeg", "image/png", "image/webp", "image/gif", "image/avif"];
|
||||
if (!allowedTypes.includes(file.type)) {
|
||||
return NextResponse.json(
|
||||
{ error: "Type de fichier non supporté. Utilisez JPEG, PNG, WebP, GIF ou AVIF." },
|
||||
{ status: 400 }
|
||||
);
|
||||
}
|
||||
|
||||
// Limiter à 5 Mo
|
||||
if (file.size > 5 * 1024 * 1024) {
|
||||
return NextResponse.json({ error: "Fichier trop volumineux (max 5 Mo)" }, { status: 400 });
|
||||
}
|
||||
|
||||
// Construire le chemin : ex. "hero/image.jpg"
|
||||
const ext = file.name.split(".").pop() ?? "jpg";
|
||||
const sanitizedKey = imageKey.replace(/[^a-zA-Z0-9_-]/g, "_");
|
||||
const filePath = `${sanitizedKey}/image.${ext}`;
|
||||
|
||||
const arrayBuffer = await file.arrayBuffer();
|
||||
const buffer = new Uint8Array(arrayBuffer);
|
||||
|
||||
const adminClient = createAdminClient();
|
||||
const { error } = await adminClient.storage
|
||||
.from(BUCKET)
|
||||
.upload(filePath, buffer, {
|
||||
contentType: file.type,
|
||||
upsert: true,
|
||||
});
|
||||
|
||||
if (error) {
|
||||
return NextResponse.json(
|
||||
{ error: `Erreur upload Supabase : ${error.message}` },
|
||||
{ status: 500 }
|
||||
);
|
||||
}
|
||||
|
||||
// Retourner le chemin avec préfixe "storage:"
|
||||
const storagePath = `storage:${filePath}`;
|
||||
return NextResponse.json({ storagePath, filePath });
|
||||
}
|
||||
Reference in New Issue
Block a user