const express = require('express'); const router = express.Router(); const db = require('../db'); const { requireAuth } = require('../middleware/auth'); // ── Ghosts (public read) ────────────────────────────── // Alle Geister laden router.get('/ghosts', async (req, res) => { try { const rows = await db.query('SELECT * FROM ghosts ORDER BY name ASC'); const ghosts = rows.map(row => ({ ...row, evidence: typeof row.evidence === 'string' ? JSON.parse(row.evidence) : row.evidence, tells: typeof row.tells === 'string' ? JSON.parse(row.tells) : row.tells, })); res.json(ghosts); } catch (e) { console.error(e); res.status(500).json({ error: 'DB-Fehler' }); } }); // ── Submissions (auth required) ─────────────────────── // Eigene Submissions laden router.get('/submissions/mine', requireAuth, async (req, res) => { try { const rows = await db.query( 'SELECT * FROM submissions WHERE discord_id = ? ORDER BY created_at DESC', [req.user.id] ); res.json(rows); } catch (e) { res.status(500).json({ error: 'DB-Fehler' }); } }); // Neue Submission einreichen router.post('/submissions', requireAuth, async (req, res) => { const { ghost_name, type, content } = req.body; if (!content?.trim()) return res.status(400).json({ error: 'Inhalt fehlt' }); if (!['tip', 'edit', 'new'].includes(type)) return res.status(400).json({ error: 'Ungültiger Typ' }); try { await db.query( `INSERT INTO submissions (ghost_name, type, username, discord_id, content) VALUES (?, ?, ?, ?, ?)`, [ghost_name || '', type, req.user.username, req.user.id, content.trim()] ); res.json({ ok: true }); } catch (e) { console.error(e); res.status(500).json({ error: 'DB-Fehler' }); } }); module.exports = router; // ── Credits (public read) ───────────────────────────── router.get('/credits', async (req, res) => { try { const rows = await db.query( 'SELECT * FROM credits ORDER BY type DESC, sort_order ASC, created_at ASC' ); res.json(rows); } catch (e) { console.error(e); res.status(500).json({ error: 'DB-Fehler' }); } });