bpb-website/server.js

// Load environment variables from .env file for development
if (process.env.NODE_ENV !== 'production') {
    require('dotenv').config();
}

const express = require('express');
const bodyParser = require('body-parser');
const fs = require('fs');
const path = require('path');
const cors = require('cors');

const app = express();
const port = 3050;
const ADMIN_PASSWORD = process.env.ADMIN_PASSWORD;

// --- Production Security Check ---
if (process.env.NODE_ENV === 'production' && (!ADMIN_PASSWORD || ADMIN_PASSWORD === "balloons")) {
    console.error(`
****************************************************************
** FATAL ERROR: Insecure password configuration for production! **
** Please set a secure ADMIN_PASSWORD environment variable.     **
****************************************************************
    `);
    process.exit(1); // Exit the process with an error code
}

// --- Development Warning ---
if (process.env.NODE_ENV !== 'production' && ADMIN_PASSWORD === "balloons") {
    console.warn(`
****************************************************************
** WARNING: Using default, insecure password.                 **
** This is for development only.                              **
****************************************************************
    `);
}

// --- Middleware Setup ---
// More explicit CORS configuration to allow all origins
app.use(cors({
  origin: '*'
}));
app.use(bodyParser.json());

// --- API Routes ---
const apiRouter = express.Router();

apiRouter.post('/update-status', (req, res) => {
    console.log(`[${new Date().toISOString()}] Received request for /api/update-status`);
    const { password, data } = req.body;

    if (password !== ADMIN_PASSWORD) {
        console.log(`[${new Date().toISOString()}] Failed login attempt.`);
        return res.status(401).json({ success: false, message: 'Unauthorized: Incorrect password.' });
    }

    if (!data) {
        return res.status(400).json({ success: false, message: 'Bad Request: No data provided.' });
    }

    const jsonString = JSON.stringify(data, null, 4);
    const filePath = path.join(__dirname, 'update.json');

    fs.writeFile(filePath, jsonString, (err) => {
        if (err) {
            console.error(`[${new Date().toISOString()}] Error writing to update.json:`, err);
            return res.status(500).json({ success: false, message: 'Internal Server Error: Could not write to file.' });
        }
        console.log(`[${new Date().toISOString()}] update.json was successfully updated.`);
        res.json({ success: true, message: 'Status updated successfully.' });
    });
});

// Mount the API router under the /api path
app.use('/api', apiRouter);

// --- Static Files ---
// Serve static files from the root directory (handles all other GET requests)
app.use(express.static(path.join(__dirname)));

app.listen(port, () => {
    console.log(`Server listening at http://localhost:${port}`);
    if (process.env.NODE_ENV !== 'production') {
        console.log(`Admin panel available at http://localhost:${port}/admin.html`);
    }
});