Merge remote-tracking branch 'origin/dev' into dev-maurice

# Conflicts: # client/src/components/Todo/TodoListPanel.tsx # server/src/db/migrations.ts
2026-06-22 06:41:46 +00:00 · 2026-04-17 23:44:53 +02:00
parent cd2f50bc89 9a31fcac7b
commit 189b257254
71 changed files with 2259 additions and 515 deletions
@@ -201,6 +201,63 @@ router.put('/bag-tracking', (req: Request, res: Response) => {
  res.json(result);
 });

+// ── Places Photos ───────────────────────────────────────────────────────
+
+router.get('/places-photos', (_req: Request, res: Response) => {
+  res.json(svc.getPlacesPhotos());
+});
+
+router.put('/places-photos', (req: Request, res: Response) => {
+  if (typeof req.body.enabled !== 'boolean') return res.status(400).json({ error: 'enabled must be a boolean' });
+  const result = svc.updatePlacesPhotos(req.body.enabled);
+  const authReq = req as AuthRequest;
+  writeAudit({
+    userId: authReq.user.id,
+    action: 'admin.places_photos',
+    ip: getClientIp(req),
+    details: { enabled: result.enabled },
+  });
+  res.json(result);
+});
+
+// ── Places Autocomplete ──────────────────────────────────────────────────
+
+router.get('/places-autocomplete', (_req: Request, res: Response) => {
+  res.json(svc.getPlacesAutocomplete());
+});
+
+router.put('/places-autocomplete', (req: Request, res: Response) => {
+  if (typeof req.body.enabled !== 'boolean') return res.status(400).json({ error: 'enabled must be a boolean' });
+  const result = svc.updatePlacesAutocomplete(req.body.enabled);
+  const authReq = req as AuthRequest;
+  writeAudit({
+    userId: authReq.user.id,
+    action: 'admin.places_autocomplete',
+    ip: getClientIp(req),
+    details: { enabled: result.enabled },
+  });
+  res.json(result);
+});
+
+// ── Places Details ───────────────────────────────────────────────────────
+
+router.get('/places-details', (_req: Request, res: Response) => {
+  res.json(svc.getPlacesDetails());
+});
+
+router.put('/places-details', (req: Request, res: Response) => {
+  if (typeof req.body.enabled !== 'boolean') return res.status(400).json({ error: 'enabled must be a boolean' });
+  const result = svc.updatePlacesDetails(req.body.enabled);
+  const authReq = req as AuthRequest;
+  writeAudit({
+    userId: authReq.user.id,
+    action: 'admin.places_details',
+    ip: getClientIp(req),
+    details: { enabled: result.enabled },
+  });
+  res.json(result);
+});
+
 // ── Collab Features ───────────────────────────────────────────────────────

 router.get('/collab-features', (_req: Request, res: Response) => {
@@ -115,13 +115,14 @@ router.post('/entries/:entryId/photos', authenticate, upload.array('photos', 10)

 router.post('/entries/:entryId/provider-photos', authenticate, (req: Request, res: Response) => {
  const authReq = req as AuthRequest;
-  const { provider, asset_id, asset_ids, caption } = req.body || {};
+  const { provider, asset_id, asset_ids, caption, passphrase } = req.body || {};
+  const pp = passphrase && typeof passphrase === 'string' ? passphrase : undefined;

  // Batch mode: { provider, asset_ids: string[] }
  if (Array.isArray(asset_ids) && provider) {
    const added: any[] = [];
    for (const id of asset_ids) {
-      const photo = svc.addProviderPhoto(Number(req.params.entryId), authReq.user.id, provider, String(id), caption);
+      const photo = svc.addProviderPhoto(Number(req.params.entryId), authReq.user.id, provider, String(id), caption, pp);
      if (photo) added.push(photo);
    }
    return res.status(201).json({ photos: added, added: added.length });
@@ -129,7 +130,7 @@ router.post('/entries/:entryId/provider-photos', authenticate, (req: Request, re

  // Single mode (backward compat)
  if (!provider || !asset_id) return res.status(400).json({ error: 'provider and asset_id required' });
-  const photo = svc.addProviderPhoto(Number(req.params.entryId), authReq.user.id, provider, asset_id, caption);
+  const photo = svc.addProviderPhoto(Number(req.params.entryId), authReq.user.id, provider, asset_id, caption, pp);
  if (!photo) return res.status(403).json({ error: 'Not allowed or duplicate' });
  res.status(201).json(photo);
 });
@@ -4,11 +4,14 @@ import { AuthRequest } from '../types';
 import {
  searchPlaces,
  getPlaceDetails,
+  getPlaceDetailsExpanded,
  getPlacePhoto,
  reverseGeocode,
  resolveGoogleMapsUrl,
  autocompletePlaces,
 } from '../services/mapsService';
+import { db } from '../db/database';
+import { serveFilePath } from '../services/placePhotoCache';

 const router = express.Router();

@@ -32,6 +35,9 @@ router.post('/search', authenticate, async (req: Request, res: Response) => {

 // POST /autocomplete
 router.post('/autocomplete', authenticate, async (req: Request, res: Response) => {
+  const autocompleteEnabledRow = db.prepare("SELECT value FROM app_settings WHERE key = 'places_autocomplete_enabled'").get() as { value: string } | undefined;
+  if (autocompleteEnabledRow?.value === 'false') return res.status(200).json({ suggestions: [], source: 'disabled' });
+
  const authReq = req as AuthRequest;
  const { input, lang, locationBias } = req.body;

@@ -70,11 +76,18 @@ router.post('/autocomplete', authenticate, async (req: Request, res: Response) =

 // GET /details/:placeId
 router.get('/details/:placeId', authenticate, async (req: Request, res: Response) => {
+  const detailsEnabledRow = db.prepare("SELECT value FROM app_settings WHERE key = 'places_details_enabled'").get() as { value: string } | undefined;
+  if (detailsEnabledRow?.value === 'false') return res.status(200).json({ place: null, disabled: true });
+
  const authReq = req as AuthRequest;
  const { placeId } = req.params;
+  const expand = req.query.expand as string | undefined;

  try {
-    const result = await getPlaceDetails(authReq.user.id, placeId, req.query.lang as string);
+    const refresh = req.query.refresh === '1';
+    const result = expand
+      ? await getPlaceDetailsExpanded(authReq.user.id, placeId, req.query.lang as string, refresh)
+      : await getPlaceDetails(authReq.user.id, placeId, req.query.lang as string);
    res.json(result);
  } catch (err: unknown) {
    const status = (err as { status?: number }).status || 500;
@@ -88,6 +101,12 @@ router.get('/details/:placeId', authenticate, async (req: Request, res: Response
 router.get('/place-photo/:placeId', authenticate, async (req: Request, res: Response) => {
  const authReq = req as AuthRequest;
  const { placeId } = req.params;
+
+  // Kill-switch only applies to Google Places API fetches — Wikimedia (coords: prefix) is always allowed
+  if (!placeId.startsWith('coords:')) {
+    const photosEnabledRow = db.prepare("SELECT value FROM app_settings WHERE key = 'places_photos_enabled'").get() as { value: string } | undefined;
+    if (photosEnabledRow?.value === 'false') return res.status(200).json({ photoUrl: null });
+  }
  const lat = parseFloat(req.query.lat as string);
  const lng = parseFloat(req.query.lng as string);

@@ -102,6 +121,15 @@ router.get('/place-photo/:placeId', authenticate, async (req: Request, res: Resp
  }
 });

+// GET /place-photo/:placeId/bytes — serve cached photo bytes from disk
+router.get('/place-photo/:placeId/bytes', authenticate, (req: Request, res: Response) => {
+  const { placeId } = req.params;
+  const fp = serveFilePath(placeId);
+  if (!fp) return res.status(404).json({ error: 'Photo not cached' });
+  res.set('Cache-Control', 'public, max-age=2592000, immutable');
+  res.sendFile(fp);
+});
+
 // GET /reverse
 router.get('/reverse', authenticate, async (req: Request, res: Response) => {
  const { lat, lng, lang } = req.query as { lat: string; lng: string; lang?: string };