https://pastein.ru/t/828
Загрузка данных
const express = require("express");
const { Pool } = require("pg");
const app = express();
app.use(express.json());
app.use(express.static("public"));
const db = new Pool({
user: "de-user10",
host: "de-db.ptk.itiscaf.ru",
database: "de-user10",
password: "fGz0uG18uK",
port: 5441
});
app.post("/register", async (req, res) => {
try {
const { login, password, name, surname, phone, email } = req.body;
await db.query(
`INSERT INTO users
(login,password,name,surname,phone,email,role)
VALUES ($1,$2,$3,$4,$5,$6,'user')`,
[login, password, name, surname, phone, email]
);
res.send("ok");
} catch {
res.send("error");
}
});
app.post("/login", async (req, res) => {
const { login, password } = req.body;
if (login === "admin" && password === "restaurant") {
return res.json({ role: "admin" });
}
const r = await db.query(
"SELECT * FROM users WHERE login=$1 AND password=$2",
[login, password]
);
res.json(r.rows[0] || {});
});
app.post("/book", async (req, res) => {
const { user_id, date_time, guests, phone } = req.body;
await db.query(
`INSERT INTO bookings
(user_id,date_time,guests,phone,status)
VALUES ($1,$2,$3,$4,'Новое')`,
[user_id, date_time, guests, phone]
);
res.send("ok");
});
app.get("/my/:id", async (req, res) => {
const r = await db.query(
"SELECT * FROM bookings WHERE user_id=$1",
[req.params.id]
);
res.json(r.rows);
});
app.get("/admin/bookings", async (_, res) => {
const r = await db.query("SELECT * FROM bookings");
res.json(r.rows);
});
app.post("/admin/status", async (req, res) => {
const { id, status } = req.body;
await db.query(
"UPDATE bookings SET status=$1 WHERE id=$2",
[status, id]
);
res.send("ok");
});
app.post("/admin/visit", async (req, res) => {
const { id } = req.body;
await db.query(
"UPDATE bookings SET status='Посещено' WHERE id=$1",
[id]
);
res.send("ok");
});
app.post("/review", async (req, res) => {
const { user_id, booking_id, text } = req.body;
const check = await db.query(
`SELECT * FROM bookings
WHERE id=$1 AND user_id=$2 AND status='Посещено'`,
[booking_id, user_id]
);
if (check.rows.length === 0) {
return res.status(403).send("not allowed");
}
await db.query(
`INSERT INTO reviews (user_id, booking_id, text)
VALUES ($1,$2,$3)`,
[user_id, booking_id, text]
);
res.send("ok");
});
app.listen(3000, () => {
console.log("http://localhost:3000");
});
const post = (url, data) =>
fetch(url, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify(data)
});
function getUser() {
return JSON.parse(localStorage.getItem("user") || "{}");
}
async function login() {
const loginVal = document.getElementById("login").value.trim();
const passwordVal = document.getElementById("password").value.trim();
if (!loginVal || !passwordVal) {
alert("Введите логин и пароль");
return;
}
let d = await post("/login", {
login: loginVal,
password: passwordVal
}).then(r => r.json());
console.log("LOGIN:", d);
if (d && d.id) {
localStorage.setItem("user", JSON.stringify(d));
location.href = "book.html";
} else if (d.role === "admin") {
localStorage.setItem("user", JSON.stringify(d));
location.href = "admin.html";
} else {
alert("Неверный логин или пароль");
}
}
async function register() {
const loginVal = document.getElementById("login").value.trim();
const passwordVal = document.getElementById("password").value.trim();
const nameVal = document.getElementById("name").value.trim();
const surnameVal = document.getElementById("surname").value.trim();
const phoneVal = document.getElementById("phone").value.trim();
const emailVal = document.getElementById("email").value.trim();
if (!loginVal || !passwordVal) {
alert("Заполните логин и пароль");
return;
}
let r = await post("/register", {
login: loginVal,
password: passwordVal,
name: nameVal,
surname: surnameVal,
phone: phoneVal,
email: emailVal
});
if (await r.text() === "ok") {
alert("Регистрация успешна");
location.href = "login.html";
} else {
alert("Ошибка регистрации");
}
}
async function book() {
const u = getUser();
if (!u.id) {
alert("Сначала войдите");
location.href = "login.html";
return;
}
await post("/book", {
user_id: u.id,
date_time: document.getElementById("date_time").value,
guests: document.getElementById("guests").value,
phone: document.getElementById("phone").value
});
alert("Забронировано");
location.href = "my.html";
}
async function loadMy() {
const u = getUser();
if (!u.id) return;
let d = await fetch("/my/" + u.id).then(r => r.json());
document.getElementById("list").innerHTML =
d.map(x => `
<div class="card">
${x.date_time} — ${x.status}
${x.status === "Посещено" ? `
<textarea id="r${x.id}" placeholder="Ваш отзыв"></textarea>
<button onclick="review(${x.id})">Отзыв</button>
` : ""}
</div>
`).join("");
}
async function review(id) {
const u = getUser();
await post("/review", {
user_id: u.id,
booking_id: id,
text: document.getElementById("r" + id).value
});
alert("Отзыв отправлен");
}
async function loadAdmin() {
let d = await fetch("/admin/bookings").then(r => r.json());
document.getElementById("list").innerHTML =
d.map(x => `
<div class="card">
${x.date_time} — ${x.status}
<button onclick="update(${x.id},'Принято')">✔</button>
<button onclick="update(${x.id},'Отменено')">✖</button>
<button onclick="visit(${x.id})">Посещено</button>
</div>
`).join("");
}
async function update(id, status) {
await post("/admin/status", { id, status });
loadAdmin();
}
async function visit(id) {
await post("/admin/visit", { id });
loadAdmin();
}