106// app.dropanchor.getGlobalFeed
107app.get("/app.dropanchor.getGlobalFeed", async (c) => {
108 // Authenticate request to prevent scraping
109 const authContext = await authenticateRequest(c);
110 if (!authContext) {
1// Integration tests for API endpoints
2import { assertEquals } from "https://deno.land/std@0.208.0/assert/mod.ts";
3
147 await response.text(); // Consume response body
148
149 // Check that response includes CORS headers for API endpoints
150 assertEquals(response.status, 200);
151 // Note: Some CORS headers may be added by Val Town automatically
169});
170
171Deno.test("Integration - content-type should be JSON for API responses", async () => {
172 const response = await fetch(`${BASE_URL}/health`);
173 const data = await response.json(); // Consume as JSON instead of text
24var cookieClose;
25var cookieBanner;
26var baseUrl_dev_env = "https://api-dev.lelivrescolaire.fr";
27var baseUrl_prod_env = "https://api.lelivrescolaire.fr";
28var checkDev = new RegExp(/www\.lelivrescolaire\.fr|^lelivrescolaire\.fr/g);
29var baseUrl = checkDev.test(document.location.hostname)
202}
203
204function capitalizeFirstLetter(str) {
205 return str.trim().charAt(0).toUpperCase() + str.trim().slice(1).toLowerCase();
206}
114- `vip_levels_v2` - VIP āĻ˛ā§āĻā§āĻ˛ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨
115
116## đ§ API Endpoints
117
118### Authentication
119- `POST /api/auth/register` - āĻ¨āĻ¤ā§āĻ¨ āĻāĻāĻžāĻāĻ¨ā§āĻ āĻ¤ā§āĻ°āĻŋ
120- `POST /api/auth/login` - āĻ˛āĻāĻāĻ¨
121- `POST /api/auth/verify` - āĻā§āĻā§āĻ¨ āĻ¯āĻžāĻāĻžāĻ
122
123### Tasks
124- `GET /api/tasks` - āĻāĻžāĻ¸ā§āĻ āĻ¤āĻžāĻ˛āĻŋāĻāĻž
125- `POST /api/tasks/complete` - āĻāĻžāĻ¸ā§āĻ āĻ¸āĻŽā§āĻĒāĻ¨ā§āĻ¨
126- `GET /api/tasks/history` - āĻāĻžāĻ¸ā§āĻ āĻāĻ¤āĻŋāĻšāĻžāĻ¸
127- `GET /api/tasks/today-summary` - āĻāĻāĻā§āĻ° āĻ¸āĻžāĻŽāĻžāĻ°āĻŋ
128
129### Payments
130- `GET /api/payments/transactions` - āĻ˛ā§āĻ¨āĻĻā§āĻ¨ā§āĻ° āĻāĻ¤āĻŋāĻšāĻžāĻ¸
131- `POST /api/payments/deposit` - āĻĄāĻŋāĻĒā§āĻāĻŋāĻ āĻ°āĻŋāĻā§āĻ¯āĻŧā§āĻ¸ā§āĻ
132- `POST /api/payments/withdraw` - āĻāĻāĻĨāĻĄā§āĻ° āĻ°āĻŋāĻā§āĻ¯āĻŧā§āĻ¸ā§āĻ
133- `GET /api/payments/vip-levels` - VIP āĻ˛ā§āĻā§āĻ˛ āĻ¤āĻžāĻ˛āĻŋāĻāĻž
134- `GET /api/payments/methods` - āĻĒā§āĻŽā§āĻ¨ā§āĻ āĻŽā§āĻĨāĻĄ
135
136### Admin
137- `POST /api/admin/login` - āĻāĻĄāĻŽāĻŋāĻ¨ āĻ˛āĻāĻāĻ¨
138- `GET /api/admin/dashboard` - āĻĄā§āĻ¯āĻžāĻļāĻŦā§āĻ°ā§āĻĄ āĻ¸ā§āĻā§āĻ¯āĻžāĻāĻ¸
139- `GET /api/admin/users` - āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§ āĻ¤āĻžāĻ˛āĻŋāĻāĻž
140- `GET /api/admin/transactions` - āĻ˛ā§āĻ¨āĻĻā§āĻ¨ āĻ¤āĻžāĻ˛āĻŋāĻāĻž
141- `POST /api/admin/transactions/:id/status` - āĻ˛ā§āĻ¨āĻĻā§āĻ¨ āĻ
āĻ¨ā§āĻŽā§āĻĻāĻ¨
142- `POST /api/admin/users/:id/toggle-status` - āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§ āĻ¸ā§āĻā§āĻ¯āĻžāĻāĻžāĻ¸
143- `POST /api/admin/broadcast` - āĻŦā§āĻ°āĻĄāĻāĻžāĻ¸ā§āĻ āĻ¨ā§āĻāĻŋāĻĢāĻŋāĻā§āĻļāĻ¨
144
145## đą āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°ā§āĻ° āĻ¨āĻŋāĻ°ā§āĻĻā§āĻļāĻ¨āĻž
170- **Input Validation**: āĻ¸āĻŦ āĻāĻ¨āĻĒā§āĻ āĻ¯āĻžāĻāĻžāĻ
171- **SQL Injection Protection**: Parameterized queries
172- **Rate Limiting**: API āĻāĻ˛ āĻ¸ā§āĻŽāĻžāĻŦāĻĻā§āĻ§āĻ¤āĻž
173- **CORS Protection**: āĻā§āĻ°āĻ¸-āĻ
āĻ°āĻŋāĻāĻŋāĻ¨ āĻ¨āĻŋāĻ°āĻžāĻĒāĻ¤ā§āĻ¤āĻž
174
38 };
39
40 const response = await fetch('/api/admin/dashboard', { headers });
41 if (response.ok) {
42 const data = await response.json();
54 try {
55 const token = localStorage.getItem('adminToken');
56 const response = await fetch('/api/admin/users', {
57 headers: { 'Authorization': `Bearer ${token}` }
58 });
72 try {
73 const token = localStorage.getItem('adminToken');
74 const response = await fetch('/api/admin/transactions', {
75 headers: { 'Authorization': `Bearer ${token}` }
76 });
102 try {
103 const token = localStorage.getItem('adminToken');
104 const response = await fetch(`/api/admin/transactions/${transactionId}/status`, {
105 method: 'POST',
106 headers: {
127 try {
128 const token = localStorage.getItem('adminToken');
129 const response = await fetch(`/api/admin/users/${userId}/toggle-status`, {
130 method: 'POST',
131 headers: { 'Authorization': `Bearer ${token}` }
31
32 // Load tasks
33 const tasksResponse = await fetch('/api/tasks', { headers });
34 if (tasksResponse.ok) {
35 const tasksData = await tasksResponse.json();
38
39 // Load transactions
40 const transactionsResponse = await fetch('/api/payments/transactions', { headers });
41 if (transactionsResponse.ok) {
42 const transactionsData = await transactionsResponse.json();
45
46 // Load today's summary
47 const summaryResponse = await fetch('/api/tasks/today-summary', { headers });
48 if (summaryResponse.ok) {
49 const summaryData = await summaryResponse.json();
74 try {
75 const token = localStorage.getItem('authToken');
76 const response = await fetch('/api/tasks/complete', {
77 method: 'POST',
78 headers: {
49 if (isAdminLogin) {
50 // Admin login
51 const response = await fetch('/api/admin/login', {
52 method: 'POST',
53 headers: { 'Content-Type': 'application/json' },
67 } else if (isLogin) {
68 // User login
69 const response = await fetch('/api/auth/login', {
70 method: 'POST',
71 headers: { 'Content-Type': 'application/json' },
85 } else {
86 // User registration
87 const response = await fetch('/api/auth/register', {
88 method: 'POST',
89 headers: { 'Content-Type': 'application/json' },
31 if (adminToken) {
32 // Check admin token validity
33 const response = await fetch('/api/admin/dashboard', {
34 headers: {
35 'Authorization': `Bearer ${adminToken}`
47 if (token) {
48 // Verify user token
49 const response = await fetch('/api/auth/verify', {
50 method: 'POST',
51 headers: {
17await runMigrations();
18
19// API Routes
20app.route('/api/auth', auth);
21app.route('/api/tasks', tasks);
22app.route('/api/payments', payments);
23app.route('/api/admin', admin);
24
25// Serve static files
50 status: 'ok',
51 timestamp: new Date().toISOString(),
52 message: 'EarnBD API is running'
53 });
54});
78
79const getRandomVerse = async () => {
80 const ESV_API_TOKEN = Deno.env.get("ESV_API_TOKEN");
81 const reference = getRandomVerseReference();
82 const params = new URLSearchParams({
93 "indent-psalm-doxology": "0"
94 });
95 const url = `https://api.esv.org/v3/passage/text/?${params.toString()}`;
96 const resp = await fetch(url, {
97 headers: {
98 Authorization: `Token ${ESV_API_TOKEN}`,
99 },
100 });
