新增管理員頁面、Word PDF 預覽、租賃日期欄位、SSL docker-compose

- 新增 /admin.html：上傳/刪除範本，HTTP Basic Auth 保護 - Word 預覽改用 LibreOffice PDF 轉換，帶入表單參數即時顯示 - 新增租賃開始/結束年月日、租期年數佔位符支援 - 預覽 loading 遮罩，修正 hidden 被 CSS display:flex 覆蓋的問題 - 左右欄 UI 重構，右欄固定顯示 Word 預覽 - 新增 docker-compose.yml + nginx SSL reverse proxy - admin 密碼改由 ADMIN_PASSWORD 環境變數設定 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-15 23:02:33 +08:00
parent a318c18214
commit 89a4f891c2
17 changed files with 950 additions and 101 deletions
--- a/server.js
+++ b/server.js
@@ -1,16 +1,54 @@
 const express = require('express');
 const path = require('node:path');
+const multer = require('multer');
 const {
  createContractPdf,
  listTemplates,
+  getTemplatePreviewPdf,
+  saveTemplate,
+  deleteTemplate,
 } = require('./src/contractService');

 const app = express();
-const port = Number(process.env.PORT || 3005);
+const port = Number(process.env.PORT || 3001);
+const ADMIN_PASSWORD = process.env.ADMIN_PASSWORD || 'admin';
+
+if (!process.env.ADMIN_PASSWORD) {
+  console.warn('[warn] ADMIN_PASSWORD 未設定，使用預設密碼 "admin"');
+}

 app.use(express.json({ limit: '1mb' }));
 app.use(express.static(path.join(__dirname, 'public')));

+function adminAuth(req, res, next) {
+  const auth = req.headers.authorization || '';
+  if (!auth.startsWith('Basic ')) {
+    return res.status(401).json({ error: '需要管理員驗證。' });
+  }
+  const decoded = Buffer.from(auth.slice(6), 'base64').toString('utf-8');
+  const password = decoded.slice(decoded.indexOf(':') + 1);
+  if (password !== ADMIN_PASSWORD) {
+    return res.status(401).json({ error: '密碼錯誤。' });
+  }
+  next();
+}
+
+const upload = multer({
+  storage: multer.memoryStorage(),
+  fileFilter: (_req, file, cb) => {
+    const name = Buffer.from(file.originalname, 'latin1').toString('utf8');
+    file.originalname = name;
+    const ext = path.extname(name).toLowerCase();
+    if (ext === '.doc' || ext === '.docx') return cb(null, true);
+    const err = new Error('僅接受 .doc / .docx 檔案。');
+    err.exposeToClient = true;
+    cb(err);
+  },
+  limits: { fileSize: 10 * 1024 * 1024 },
+});
+
+// ── Public routes ──────────────────────────────────────────
+
 app.get('/api/health', (_req, res) => {
  res.json({ ok: true });
 });
@@ -23,6 +61,20 @@ app.get('/api/templates', async (_req, res, next) => {
  }
 });

+app.get('/api/templates/:name/preview', async (req, res) => {
+  try {
+    const pdfBuffer = await getTemplatePreviewPdf(req.params.name, req.query);
+    res.setHeader('Content-Type', 'application/pdf');
+    res.setHeader('Cache-Control', 'no-store');
+    res.send(pdfBuffer);
+  } catch (error) {
+    console.error(error);
+    const msg = error.exposeToClient ? error.message : '預覽失敗';
+    res.status(error.exposeToClient ? 400 : 500)
+      .send(`<!DOCTYPE html><html><body style="padding:20px;color:#666;font-family:sans-serif">${msg}</body></html>`);
+  }
+});
+
 app.post('/api/contracts/pdf', async (req, res) => {
  try {
    const result = await createContractPdf({
@@ -30,6 +82,8 @@ app.post('/api/contracts/pdf', async (req, res) => {
      monthlyRent: req.body.monthlyRent,
      paymentDay: req.body.paymentDay,
      deposit: req.body.deposit,
+      leaseStart: req.body.leaseStart,
+      leaseEnd: req.body.leaseEnd,
    });

    res.setHeader('Content-Type', 'application/pdf');
@@ -50,9 +104,48 @@ app.post('/api/contracts/pdf', async (req, res) => {
  }
 });

+// ── Admin routes ───────────────────────────────────────────
+
+app.get('/api/admin/check', adminAuth, (_req, res) => {
+  res.json({ ok: true });
+});
+
+app.post('/api/admin/templates', adminAuth, (req, res) => {
+  upload.single('template')(req, res, async (err) => {
+    if (err) {
+      const status = err.exposeToClient || err instanceof multer.MulterError ? 400 : 500;
+      return res.status(status).json({ error: err.message });
+    }
+    try {
+      if (!req.file) return res.status(400).json({ error: '請選擇檔案。' });
+      const name = await saveTemplate(req.file.originalname, req.file.buffer);
+      res.json({ ok: true, name });
+    } catch (error) {
+      console.error(error);
+      res.status(error.exposeToClient ? 400 : 500).json({
+        error: error.exposeToClient ? error.message : '上傳失敗。',
+      });
+    }
+  });
+});
+
+app.delete('/api/admin/templates/:name', adminAuth, async (req, res, next) => {
+  try {
+    await deleteTemplate(req.params.name);
+    res.json({ ok: true });
+  } catch (error) {
+    next(error);
+  }
+});
+
+// ── Error handler ──────────────────────────────────────────
+
 app.use((error, _req, res, _next) => {
  console.error(error);
-  res.status(500).json({ error: '伺服器發生錯誤。' });
+  const status = error.exposeToClient ? 400 : 500;
+  res.status(status).json({
+    error: error.exposeToClient ? error.message : '伺服器發生錯誤。',
+  });
 });

 app.listen(port, () => {