Ohjeet: kuva-upload -toiminto Markdown-editoriin

- "Kuva" -nappi toolbarissa avaa tiedostovalitsimen - Kuva uploadataan serverille (max 5MB, PNG/JPG/GIF/WebP) - Markdown ![kuva](url) -tagi lisätään automaattisesti editoriin - Kuva renderöityy lukunäkymässä ja esikatselussa - API: guide_image_upload (upload) + guide_image (serve) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 12:24:36 +02:00
parent 7c4060bfa8
commit 565259423d
3 changed files with 92 additions and 0 deletions
--- a/api.php
+++ b/api.php
@@ -2006,6 +2006,68 @@ switch ($action) {
        echo json_encode(['success' => true]);
        break;

+    case 'guide_image_upload':
+        requireAuth();
+        requireAdmin();
+        $companyId = requireCompany();
+        if ($method !== 'POST') break;
+        if (empty($_FILES['image'])) {
+            http_response_code(400);
+            echo json_encode(['error' => 'Kuva puuttuu']);
+            break;
+        }
+        $file = $_FILES['image'];
+        if ($file['error'] !== UPLOAD_ERR_OK) {
+            http_response_code(400);
+            echo json_encode(['error' => 'Kuvan lähetys epäonnistui']);
+            break;
+        }
+        if ($file['size'] > 5 * 1024 * 1024) {
+            http_response_code(400);
+            echo json_encode(['error' => 'Kuva on liian suuri (max 5 MB)']);
+            break;
+        }
+        $allowedExt = ['png', 'jpg', 'jpeg', 'gif', 'webp'];
+        $ext = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
+        if (!in_array($ext, $allowedExt)) {
+            http_response_code(400);
+            echo json_encode(['error' => 'Sallitut tiedostotyypit: PNG, JPG, GIF, WebP']);
+            break;
+        }
+        $imgDir = getCompanyDir($companyId) . '/guide_images';
+        if (!file_exists($imgDir)) mkdir($imgDir, 0755, true);
+        $filename = uniqid() . '.' . ($ext === 'jpeg' ? 'jpg' : $ext);
+        if (move_uploaded_file($file['tmp_name'], $imgDir . '/' . $filename)) {
+            $url = 'api.php?action=guide_image&file=' . urlencode($filename);
+            echo json_encode(['success' => true, 'url' => $url, 'filename' => $filename]);
+        } else {
+            http_response_code(500);
+            echo json_encode(['error' => 'Tallennusvirhe']);
+        }
+        break;
+
+    case 'guide_image':
+        requireAuth();
+        $companyId = requireCompany();
+        $filename = basename($_GET['file'] ?? '');
+        if (!$filename || !preg_match('/^[a-f0-9]+\.(png|jpg|gif|webp)$/', $filename)) {
+            http_response_code(400);
+            echo 'Virheellinen tiedostonimi';
+            break;
+        }
+        $path = getCompanyDir($companyId) . '/guide_images/' . $filename;
+        if (!file_exists($path)) {
+            http_response_code(404);
+            echo 'Kuvaa ei löydy';
+            break;
+        }
+        $mimes = ['png' => 'image/png', 'jpg' => 'image/jpeg', 'gif' => 'image/gif', 'webp' => 'image/webp'];
+        $ext = pathinfo($filename, PATHINFO_EXTENSION);
+        header('Content-Type: ' . ($mimes[$ext] ?? 'application/octet-stream'));
+        header('Cache-Control: public, max-age=86400');
+        readfile($path);
+        exit;
+
    // ---------- ARCHIVE ----------
    case 'archived_customers':
        requireAuth();