unboundedpress/portfolio/server/api/admin/files.upload.js

import { existsSync, mkdirSync, writeFileSync } from 'node:fs'
import { join } from 'node:path'
import { readMultipartFormData } from 'h3'

const publicDir = './public'

const allowedFolders = ['scores', 'pubs', 'album_art', 'images', 'hdp_images']
const allowedExtensions = ['.pdf', '.jpg', '.jpeg', '.png', '.gif', '.webp', '.svg', '.mp3', '.wav', '.ogg']

function getFolderPath(folder) {
  return join(publicDir, folder)
}

function sanitizeFilename(filename) {
  return filename.replace(/[^a-zA-Z0-9._-]/g, '_')
}

export default defineEventHandler(async (event) => {
  const query = getQuery(event)
  const folder = query.folder

  if (!folder || !allowedFolders.includes(folder)) {
    throw createError({ statusCode: 400, message: 'Invalid folder' })
  }

  const folderPath = getFolderPath(folder)

  if (!existsSync(folderPath)) {
    mkdirSync(folderPath, { recursive: true })
  }

  const formData = await readMultipartFormData(event)

  if (!formData || formData.length === 0) {
    throw createError({ statusCode: 400, message: 'No file uploaded' })
  }

  const fileField = formData.find(f => f.name === 'file')

  if (!fileField || !fileField.data) {
    throw createError({ statusCode: 400, message: 'No file data' })
  }

  const ext = fileField.filename ? fileField.filename.toLowerCase().slice(fileField.filename.lastIndexOf('.')) : ''

  if (!allowedExtensions.includes(ext)) {
    throw createError({ statusCode: 400, message: `File type not allowed. Allowed: ${allowedExtensions.join(', ')}` })
  }

  const filename = fileField.filename ? sanitizeFilename(fileField.filename) : `upload${ext}`
  const filePath = join(folderPath, filename)

  writeFileSync(filePath, fileField.data)

  return {
    success: true,
    filename,
    url: `/${folder}/${filename}`
  }
})
Deployment-ready: All services configured 2026-02-23 20:24:09 +01:00			`import { existsSync, mkdirSync, writeFileSync } from 'node:fs'`
			`import { join } from 'node:path'`
			`import { readMultipartFormData } from 'h3'`

			`const publicDir = './public'`

			`const allowedFolders = ['scores', 'pubs', 'album_art', 'images', 'hdp_images']`
			`const allowedExtensions = ['.pdf', '.jpg', '.jpeg', '.png', '.gif', '.webp', '.svg', '.mp3', '.wav', '.ogg']`

			`function getFolderPath(folder) {`
			`return join(publicDir, folder)`
			`}`

			`function sanitizeFilename(filename) {`
			`return filename.replace(/[^a-zA-Z0-9._-]/g, '_')`
			`}`

			`export default defineEventHandler(async (event) => {`
			`const query = getQuery(event)`
			`const folder = query.folder`

			`if (!folder \|\| !allowedFolders.includes(folder)) {`
			`throw createError({ statusCode: 400, message: 'Invalid folder' })`
			`}`

			`const folderPath = getFolderPath(folder)`

			`if (!existsSync(folderPath)) {`
			`mkdirSync(folderPath, { recursive: true })`
			`}`

			`const formData = await readMultipartFormData(event)`

			`if (!formData \|\| formData.length === 0) {`
			`throw createError({ statusCode: 400, message: 'No file uploaded' })`
			`}`

			`const fileField = formData.find(f => f.name === 'file')`

			`if (!fileField \|\| !fileField.data) {`
			`throw createError({ statusCode: 400, message: 'No file data' })`
			`}`

			`const ext = fileField.filename ? fileField.filename.toLowerCase().slice(fileField.filename.lastIndexOf('.')) : ''`

			`if (!allowedExtensions.includes(ext)) {`
			throw createError({ statusCode: 400, message: `File type not allowed. Allowed: ${allowedExtensions.join(', ')}` })
			`}`

			const filename = fileField.filename ? sanitizeFilename(fileField.filename) : `upload${ext}`
			`const filePath = join(folderPath, filename)`

			`writeFileSync(filePath, fileField.data)`

			`return {`
			`success: true,`
			`filename,`
			url: `/${folder}/${filename}`
			`}`
			`})`