admin/TeamFlow--Trello-Like-
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
460f83aef816ccc973e1444948ba35bb72dbb0dd
TeamFlow--Trello-Like-/server/routes/cards.js
admin 460f83aef8 🌊 TeamFlow — Modern Trello alternative with email integration 
- Full-stack: React 18 + Express + SQLite
- Drag-and-drop kanban boards with @hello-pangea/dnd
- Google App Password email integration (SMTP + IMAP)
- Inbound email: create cards by sending emails
- Reply-to-card: email replies become comments
- Admin/user management with role-based access
- Setup wizard: email config → admin creation
- Checklists, time tracking, priorities, labels, due dates
- Real-time notifications with activity feed
- Beautiful HTML email templates
2026-04-03 15:11:27 +00:00

297 lines
15 KiB
JavaScript
Raw Blame History

import { Router } from 'express';
import db from '../db.js';
import { authMiddleware } from '../middleware/auth.js';
import { sendMail, buildCardNotificationHtml, buildCardUrl, getEmailConfig } from '../email/transporter.js';
import { v4 as uuidv4 } from 'uuid';
const router = Router();
router.use(authMiddleware);
function canAccessCard(userId, cardId) {
const card = db.prepare(`
SELECT 1 FROM cards c
JOIN lists l ON l.id = c.list_id
JOIN board_members bm ON bm.board_id = l.board_id AND bm.user_id = ?
WHERE c.id = ?
`).get(userId, cardId);
return !!card;
}
function getBoardIdForCard(cardId) {
const r = db.prepare(`SELECT l.board_id FROM cards c JOIN lists l ON l.id = c.list_id WHERE c.id = ?`).get(cardId);
return r?.board_id;
}
async function notifyCard({ cardId, userId, action, comment }) {
const card = db.prepare(`
SELECT c.*, l.board_id, b.title as board_title,
u.name as user_name, u2.email as assignee_email, u2.name as assignee_name
FROM cards c
JOIN lists l ON l.id = c.list_id
JOIN boards b ON b.id = l.board_id
LEFT JOIN users u ON u.id = ?
LEFT JOIN users u2 ON u2.id = c.assigned_to
WHERE c.id = ?
`).get(userId, cardId);
if (!card || !card.assignee_email) return;
if (card.assigned_to === userId) return;
const config = getEmailConfig();
if (!config) return;
const token = uuidv4();
db.prepare('INSERT INTO email_tokens (card_id, user_id, token, expires_at) VALUES (?, ?, ?, datetime("now", "+30 days"))')
.run(cardId, card.assigned_to, token);
db.prepare(`INSERT INTO notifications (user_id, type, title, message, card_id, board_id) VALUES (?, ?, ?, ?, ?, ?)`)
.run(card.assigned_to, action, card.title, `${card.user_name} ${action}`, cardId, card.board_id);
try {
await sendMail({
to: card.assignee_email,
subject: `[TeamFlow] ${card.user_name} ${action}${card.title}`,
html: buildCardNotificationHtml({
userName: card.user_name,
boardTitle: card.board_title,
cardTitle: card.title,
action,
cardUrl: buildCardUrl(cardId, card.board_id),
comment,
}),
replyTo: config.email,
});
} catch {}
}
// Lists
router.post('/:boardId/lists', (req, res) => {
const { title, position } = req.body;
if (!title) return res.status(400).json({ error: 'Title required' });
const maxPos = db.prepare('SELECT MAX(position) as p FROM lists WHERE board_id = ?').get(req.params.boardId);
const result = db.prepare('INSERT INTO lists (board_id, title, position) VALUES (?, ?, ?)')
.run(req.params.boardId, title, position ?? (maxPos.p || 0) + 65536);
const list = db.prepare('SELECT * FROM lists WHERE id = ?').get(result.lastInsertRowid);
res.json(list);
});
router.put('/lists/:id/reorder', (req, res) => {
const { position } = req.body;
db.prepare('UPDATE lists SET position = ? WHERE id = ?').run(position, req.params.id);
res.json({ success: true });
});
router.put('/lists/:id', (req, res) => {
const { title, is_archived } = req.body;
if (title !== undefined) db.prepare('UPDATE lists SET title = ? WHERE id = ?').run(title, req.params.id);
if (is_archived !== undefined) db.prepare('UPDATE lists SET is_archived = ? WHERE id = ?').run(is_archived ? 1 : 0, req.params.id);
res.json({ success: true });
});
// Cards
router.post('/lists/:listId/cards', async (req, res) => {
const { title, description, due_date, priority, assigned_to, labels } = req.body;
if (!title) return res.status(400).json({ error: 'Title required' });
const maxPos = db.prepare('SELECT MAX(position) as p FROM cards WHERE list_id = ?').get(req.params.listId);
const result = db.prepare('INSERT INTO cards (list_id, title, description, position, due_date, priority, assigned_to, created_by) VALUES (?, ?, ?, ?, ?, ?, ?, ?)')
.run(req.params.listId, title, description || '', (maxPos.p || 0) + 65536, due_date || null, priority || 'none', assigned_to || null, req.user.id);
if (labels?.length) {
const ins = db.prepare('INSERT OR IGNORE INTO card_labels (card_id, label_id) VALUES (?, ?)');
labels.forEach(lid => ins.run(result.lastInsertRowid, lid));
}
db.prepare('INSERT INTO card_activity (card_id, user_id, action) VALUES (?, ?, ?)').run(result.lastInsertRowid, req.user.id, 'created');
const card = db.prepare('SELECT c.*, u.name as creator_name FROM cards c LEFT JOIN users u ON u.id = c.created_by WHERE c.id = ?').get(result.lastInsertRowid);
if (assigned_to) notifyCard({ cardId: result.lastInsertRowid, userId: req.user.id, action: 'assigned you to a card' });
res.json(card);
});
router.get('/cards/:id', (req, res) => {
if (!canAccessCard(req.user.id, req.params.id)) return res.status(403).json({ error: 'Access denied' });
const card = db.prepare(`
SELECT c.*, u1.name as creator_name, u2.name as assignee_name, u2.avatar_color as assignee_color
FROM cards c
LEFT JOIN users u1 ON u1.id = c.created_by
LEFT JOIN users u2 ON u2.id = c.assigned_to
WHERE c.id = ?
`).get(req.params.id);
const labels = db.prepare(`SELECT l.* FROM card_labels cl JOIN labels l ON l.id = cl.label_id WHERE cl.card_id = ?`).all(req.params.id);
const comments = db.prepare(`
SELECT cc.*, u.name, u.avatar_color FROM card_comments cc
LEFT JOIN users u ON u.id = cc.user_id WHERE cc.card_id = ? ORDER BY cc.created_at
`).all(req.params.id);
const activity = db.prepare(`
SELECT ca.*, u.name, u.avatar_color FROM card_activity ca
LEFT JOIN users u ON u.id = ca.user_id WHERE ca.card_id = ? ORDER BY ca.created_at DESC LIMIT 50
`).all(req.params.id);
const checklists = db.prepare(`
SELECT cl.*,
(SELECT COUNT(*) FROM checklist_items WHERE checklist_id = cl.id) as total_items,
(SELECT COUNT(*) FROM checklist_items WHERE checklist_id = cl.id AND is_checked = 1) as done_items
FROM checklists cl WHERE cl.card_id = ? ORDER BY cl.position
`).all(req.params.id);
const checklistItems = {};
for (const cl of checklists) {
checklistItems[cl.id] = db.prepare('SELECT * FROM checklist_items WHERE checklist_id = ? ORDER BY position').all(cl.id);
}
res.json({ ...card, labels, comments, activity, checklists, checklistItems });
});
router.put('/cards/:id', async (req, res) => {
if (!canAccessCard(req.user.id, req.params.id)) return res.status(403).json({ error: 'Access denied' });
const { title, description, due_date, priority, color, assigned_to, list_id, position, estimated_hours, time_spent } = req.body;
const old = db.prepare('SELECT * FROM cards WHERE id = ?').get(req.params.id);
if (!old) return res.status(404).json({ error: 'Not found' });
const updates = [];
const params = [];
if (title !== undefined) { updates.push('title = ?'); params.push(title); }
if (description !== undefined) { updates.push('description = ?'); params.push(description); }
if (due_date !== undefined) { updates.push('due_date = ?'); params.push(due_date); }
if (priority !== undefined) { updates.push('priority = ?'); params.push(priority); }
if (color !== undefined) { updates.push('color = ?'); params.push(color); }
if (assigned_to !== undefined) { updates.push('assigned_to = ?'); params.push(assigned_to); }
if (list_id !== undefined) { updates.push('list_id = ?'); params.push(list_id); }
if (position !== undefined) { updates.push('position = ?'); params.push(position); }
if (estimated_hours !== undefined) { updates.push('estimated_hours = ?'); params.push(estimated_hours); }
if (time_spent !== undefined) { updates.push('time_spent = ?'); params.push(time_spent); }
updates.push("updated_at = datetime('now')");
params.push(req.params.id);
if (updates.length > 1) {
db.prepare(`UPDATE cards SET ${updates.join(', ')} WHERE id = ?`).run(...params);
}
if (assigned_to && assigned_to !== old.assigned_to) {
db.prepare('INSERT INTO card_activity (card_id, user_id, action, details) VALUES (?, ?, ?, ?)')
.run(req.params.id, req.user.id, 'assigned', `Assigned to ${assigned_to}`);
notifyCard({ cardId: req.params.id, userId: req.user.id, action: 'assigned you to a card' });
}
if (list_id && list_id !== old.list_id) {
const newList = db.prepare('SELECT title FROM lists WHERE id = ?').get(list_id);
db.prepare('INSERT INTO card_activity (card_id, user_id, action, details) VALUES (?, ?, ?, ?)')
.run(req.params.id, req.user.id, 'moved', `Moved to ${newList?.title || 'Unknown'}`);
const assignee = db.prepare('SELECT assigned_to FROM cards WHERE id = ?').get(req.params.id);
if (assignee?.assigned_to && assignee.assigned_to !== req.user.id) {
notifyCard({ cardId: req.params.id, userId: req.user.id, action: 'moved a card' });
}
}
const card = db.prepare('SELECT * FROM cards WHERE id = ?').get(req.params.id);
res.json(card);
});
router.delete('/cards/:id', (req, res) => {
if (!canAccessCard(req.user.id, req.params.id)) return res.status(403).json({ error: 'Access denied' });
db.prepare('DELETE FROM cards WHERE id = ?').run(req.params.id);
res.json({ success: true });
});
// Card reorder (batch)
router.put('/cards/reorder', (req, res) => {
const { cards } = req.body;
if (!Array.isArray(cards)) return res.status(400).json({ error: 'Cards array required' });
const update = db.prepare('UPDATE cards SET list_id = ?, position = ? WHERE id = ?');
const moveActivity = db.prepare('INSERT INTO card_activity (card_id, user_id, action, details) VALUES (?, ?, ?, ?)');
for (const c of cards) {
update.run(c.list_id, c.position, c.id);
if (c.moved && c.old_list_id !== c.list_id) {
const listName = db.prepare('SELECT title FROM lists WHERE id = ?').get(c.list_id)?.title || '';
moveActivity.run(c.id, req.user.id, 'moved', `Moved to ${listName}`);
}
}
res.json({ success: true });
});
// Comments
router.post('/cards/:id/comments', async (req, res) => {
if (!canAccessCard(req.user.id, req.params.id)) return res.status(403).json({ error: 'Access denied' });
const { content } = req.body;
if (!content) return res.status(400).json({ error: 'Content required' });
const result = db.prepare('INSERT INTO card_comments (card_id, user_id, content) VALUES (?, ?, ?)').run(req.params.id, req.user.id, content);
db.prepare('INSERT INTO card_activity (card_id, user_id, action, details) VALUES (?, ?, ?, ?)').run(req.params.id, req.user.id, 'commented', '');
notifyCard({ cardId: req.params.id, userId: req.user.id, action: 'commented on a card', comment: content });
const comment = db.prepare('SELECT cc.*, u.name, u.avatar_color FROM card_comments cc LEFT JOIN users u ON u.id = cc.user_id WHERE cc.id = ?').get(result.lastInsertRowid);
res.json(comment);
});
// Labels
router.post('/:boardId/labels', (req, res) => {
const { name, color } = req.body;
if (!name || !color) return res.status(400).json({ error: 'Name and color required' });
const result = db.prepare('INSERT INTO labels (board_id, name, color) VALUES (?, ?, ?)').run(req.params.boardId, name, color);
const label = db.prepare('SELECT * FROM labels WHERE id = ?').get(result.lastInsertRowid);
res.json(label);
});
router.put('/labels/:id', (req, res) => {
const { name, color } = req.body;
if (name !== undefined) db.prepare('UPDATE labels SET name = ? WHERE id = ?').run(name, req.params.id);
if (color !== undefined) db.prepare('UPDATE labels SET color = ? WHERE id = ?').run(color, req.params.id);
const label = db.prepare('SELECT * FROM labels WHERE id = ?').get(req.params.id);
res.json(label);
});
router.delete('/labels/:id', (req, res) => {
db.prepare('DELETE FROM labels WHERE id = ?').run(req.params.id);
res.json({ success: true });
});
router.put('/cards/:id/labels', (req, res) => {
if (!canAccessCard(req.user.id, req.params.id)) return res.status(403).json({ error: 'Access denied' });
const { labels } = req.body;
db.prepare('DELETE FROM card_labels WHERE card_id = ?').run(req.params.id);
if (labels?.length) {
const ins = db.prepare('INSERT OR IGNORE INTO card_labels (card_id, label_id) VALUES (?, ?)');
labels.forEach(lid => ins.run(req.params.id, lid));
}
res.json({ success: true });
});
// Checklists
router.post('/cards/:id/checklists', (req, res) => {
if (!canAccessCard(req.user.id, req.params.id)) return res.status(403).json({ error: 'Access denied' });
const { title } = req.body;
const maxPos = db.prepare('SELECT MAX(position) as p FROM checklists WHERE card_id = ?').get(req.params.id);
const result = db.prepare('INSERT INTO checklists (card_id, title, position) VALUES (?, ?, ?)')
.run(req.params.id, title || 'Checklist', (maxPos?.p || 0) + 65536);
const cl = db.prepare('SELECT * FROM checklists WHERE id = ?').get(result.lastInsertRowid);
res.json({ ...cl, items: [] });
});
router.post('/checklists/:id/items', (req, res) => {
const checklist = db.prepare('SELECT * FROM checklists WHERE id = ?').get(req.params.id);
if (!checklist) return res.status(404).json({ error: 'Not found' });
if (!canAccessCard(req.user.id, checklist.card_id)) return res.status(403).json({ error: 'Access denied' });
const { text } = req.body;
if (!text) return res.status(400).json({ error: 'Text required' });
const maxPos = db.prepare('SELECT MAX(position) as p FROM checklist_items WHERE checklist_id = ?').get(req.params.id);
const result = db.prepare('INSERT INTO checklist_items (checklist_id, text, position) VALUES (?, ?, ?)')
.run(req.params.id, text, (maxPos?.p || 0) + 65536);
const item = db.prepare('SELECT * FROM checklist_items WHERE id = ?').get(result.lastInsertRowid);
res.json(item);
});
router.put('/checklist-items/:id', (req, res) => {
const item = db.prepare('SELECT ci.*, cl.card_id FROM checklist_items ci JOIN checklists cl ON cl.id = ci.checklist_id WHERE ci.id = ?').get(req.params.id);
if (!item) return res.status(404).json({ error: 'Not found' });
if (!canAccessCard(req.user.id, item.card_id)) return res.status(403).json({ error: 'Access denied' });
const { text, is_checked } = req.body;
if (text !== undefined) db.prepare('UPDATE checklist_items SET text = ? WHERE id = ?').run(text, req.params.id);
if (is_checked !== undefined) db.prepare('UPDATE checklist_items SET is_checked = ? WHERE id = ?').run(is_checked ? 1 : 0, req.params.id);
const updated = db.prepare('SELECT * FROM checklist_items WHERE id = ?').get(req.params.id);
res.json(updated);
});
router.delete('/checklist-items/:id', (req, res) => {
const item = db.prepare('SELECT ci.*, cl.card_id FROM checklist_items ci JOIN checklists cl ON cl.id = ci.checklist_id WHERE ci.id = ?').get(req.params.id);
if (!item) return res.status(404).json({ error: 'Not found' });
if (!canAccessCard(req.user.id, item.card_id)) return res.status(403).json({ error: 'Access denied' });
db.prepare('DELETE FROM checklist_items WHERE id = ?').run(req.params.id);
res.json({ success: true });
});
router.delete('/checklists/:id', (req, res) => {
const cl = db.prepare('SELECT * FROM checklists WHERE id = ?').get(req.params.id);
if (!cl) return res.status(404).json({ error: 'Not found' });
if (!canAccessCard(req.user.id, cl.card_id)) return res.status(403).json({ error: 'Access denied' });
db.prepare('DELETE FROM checklists WHERE id = ?').run(req.params.id);
res.json({ success: true });
});
export default router;
Reference in New Issue View Git Blame Copy Permalink