diff --git a/Dockerfile b/Dockerfile
index af553f8..5eeeabf 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,6 +15,7 @@ RUN npm install
COPY server.js ./
COPY database.js ./
COPY index.html ./
+COPY admin.html ./
COPY manifest.json ./
COPY service-worker.js ./
@@ -24,6 +25,9 @@ COPY .env* ./
# Copy PWA icons
COPY icon-*.png ./
+# Copy monster images
+COPY mapgameimgs ./mapgameimgs
+
# Copy .well-known directory for app verification
COPY .well-known ./.well-known
diff --git a/admin.html b/admin.html
new file mode 100644
index 0000000..b1ab10f
--- /dev/null
+++ b/admin.html
@@ -0,0 +1,1199 @@
+
+
+
+
+
+ HikeMap Admin
+
+
+
+
+
+
+
HikeMap Admin
+
You must be logged in as an admin to access this page.
+
Go to Login
+
+
+
+
+
+
+
+
+
+
+
+
+
+ | Name |
+ Key |
+ Level |
+ HP |
+ ATK |
+ DEF |
+ XP |
+ Enabled |
+ Actions |
+
+
+
+ | Loading... |
+
+
+
+
+
+
+
+
+
+
+ | Username |
+ Character |
+ Race/Class |
+ Level |
+ Stats |
+ Role |
+ Actions |
+
+
+
+ | Loading... |
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
${monsterType.icon}
+
diff --git a/mapgameimgs/default100.png b/mapgameimgs/default100.png
new file mode 100755
index 0000000..d08e384
Binary files /dev/null and b/mapgameimgs/default100.png differ
diff --git a/mapgameimgs/default50.png b/mapgameimgs/default50.png
new file mode 100755
index 0000000..5283d19
Binary files /dev/null and b/mapgameimgs/default50.png differ
diff --git a/server.js b/server.js
index 4647e9b..51e002c 100644
--- a/server.js
+++ b/server.js
@@ -71,6 +71,9 @@ app.get('/default.kml', async (req, res) => {
// Serve .well-known directory for app verification
app.use('/.well-known', express.static(path.join(__dirname, '.well-known')));
+// Serve monster images
+app.use('/mapgameimgs', express.static(path.join(__dirname, 'mapgameimgs')));
+
// Serve other static files
app.use(express.static(path.join(__dirname)));
@@ -382,6 +385,17 @@ function optionalAuth(req, res, next) {
next();
}
+// Admin-only middleware - requires valid auth AND admin status
+function adminOnly(req, res, next) {
+ authenticateToken(req, res, () => {
+ const user = db.getUserById(req.user.userId);
+ if (!user || !user.is_admin) {
+ return res.status(403).json({ error: 'Admin access required' });
+ }
+ next();
+ });
+}
+
// ============================================
// Authentication Endpoints
// ============================================
@@ -906,6 +920,180 @@ app.delete('/api/user/monsters/:monsterId', authenticateToken, (req, res) => {
}
});
+// ============================================
+// Admin Endpoints
+// ============================================
+
+// Serve admin page
+app.get('/admin', (req, res) => {
+ res.sendFile(path.join(__dirname, 'admin.html'));
+});
+
+// Get all monster types (admin - includes disabled)
+app.get('/api/admin/monster-types', adminOnly, (req, res) => {
+ try {
+ const types = db.getAllMonsterTypes(false); // Include disabled
+ // Return with snake_case for frontend compatibility
+ const formatted = types.map(t => ({
+ id: t.id,
+ key: t.id, // Use id as key for compatibility
+ name: t.name,
+ icon: t.icon,
+ min_level: t.min_level || 1,
+ max_level: t.max_level || 5,
+ base_hp: t.base_hp,
+ base_atk: t.base_atk,
+ base_def: t.base_def,
+ base_xp: t.xp_reward,
+ spawn_weight: t.spawn_weight || 100,
+ dialogues: t.dialogues,
+ enabled: !!t.enabled,
+ created_at: t.created_at
+ }));
+ res.json({ monsterTypes: formatted });
+ } catch (err) {
+ console.error('Admin get monster types error:', err);
+ res.status(500).json({ error: 'Failed to get monster types' });
+ }
+});
+
+// Create monster type
+app.post('/api/admin/monster-types', adminOnly, (req, res) => {
+ try {
+ const data = req.body;
+ // Accept either 'id' or 'key' as the monster identifier
+ const monsterId = data.id || data.key;
+ if (!monsterId || !data.name) {
+ return res.status(400).json({ error: 'Missing required fields (key and name)' });
+ }
+ // Ensure id is set for the database function
+ data.id = monsterId;
+ db.createMonsterType(data);
+ res.json({ success: true });
+ } catch (err) {
+ console.error('Admin create monster type error:', err);
+ res.status(500).json({ error: 'Failed to create monster type' });
+ }
+});
+
+// Update monster type
+app.put('/api/admin/monster-types/:id', adminOnly, (req, res) => {
+ try {
+ const data = req.body;
+ db.updateMonsterType(req.params.id, data);
+ res.json({ success: true });
+ } catch (err) {
+ console.error('Admin update monster type error:', err);
+ res.status(500).json({ error: 'Failed to update monster type' });
+ }
+});
+
+// Delete monster type
+app.delete('/api/admin/monster-types/:id', adminOnly, (req, res) => {
+ try {
+ db.deleteMonsterType(req.params.id);
+ res.json({ success: true });
+ } catch (err) {
+ console.error('Admin delete monster type error:', err);
+ res.status(500).json({ error: 'Failed to delete monster type' });
+ }
+});
+
+// Get all users
+app.get('/api/admin/users', adminOnly, (req, res) => {
+ try {
+ const users = db.getAllUsers();
+ // Return flat structure with snake_case for frontend compatibility
+ const formatted = users.map(u => ({
+ id: u.id,
+ username: u.username,
+ email: u.email,
+ created_at: u.created_at,
+ total_points: u.total_points,
+ finds_count: u.finds_count,
+ avatar_icon: u.avatar_icon,
+ avatar_color: u.avatar_color,
+ is_admin: !!u.is_admin,
+ character_name: u.character_name,
+ race: u.race,
+ class: u.class,
+ level: u.level || 1,
+ xp: u.xp || 0,
+ hp: u.hp || 0,
+ max_hp: u.max_hp || 0,
+ mp: u.mp || 0,
+ max_mp: u.max_mp || 0,
+ atk: u.atk || 0,
+ def: u.def || 0,
+ unlocked_skills: u.unlocked_skills
+ }));
+ res.json({ users: formatted });
+ } catch (err) {
+ console.error('Admin get users error:', err);
+ res.status(500).json({ error: 'Failed to get users' });
+ }
+});
+
+// Update user RPG stats
+app.put('/api/admin/users/:id', adminOnly, (req, res) => {
+ try {
+ const stats = req.body;
+ db.updateUserRpgStats(req.params.id, stats);
+ res.json({ success: true });
+ } catch (err) {
+ console.error('Admin update user error:', err);
+ res.status(500).json({ error: 'Failed to update user' });
+ }
+});
+
+// Toggle admin status
+app.put('/api/admin/users/:id/admin', adminOnly, (req, res) => {
+ try {
+ const { isAdmin } = req.body;
+ db.setUserAdmin(req.params.id, isAdmin);
+ res.json({ success: true });
+ } catch (err) {
+ console.error('Admin toggle admin error:', err);
+ res.status(500).json({ error: 'Failed to toggle admin status' });
+ }
+});
+
+// Reset user progress
+app.delete('/api/admin/users/:id/reset', adminOnly, (req, res) => {
+ try {
+ db.resetUserProgress(req.params.id);
+ res.json({ success: true });
+ } catch (err) {
+ console.error('Admin reset user error:', err);
+ res.status(500).json({ error: 'Failed to reset user progress' });
+ }
+});
+
+// Get game settings
+app.get('/api/admin/settings', adminOnly, (req, res) => {
+ try {
+ const settings = db.getAllSettings();
+ res.json(settings);
+ } catch (err) {
+ console.error('Admin get settings error:', err);
+ res.status(500).json({ error: 'Failed to get settings' });
+ }
+});
+
+// Update game settings
+app.put('/api/admin/settings', adminOnly, (req, res) => {
+ try {
+ const settings = req.body;
+ for (const [key, value] of Object.entries(settings)) {
+ db.setSetting(key, JSON.stringify(value));
+ }
+ res.json({ success: true });
+ } catch (err) {
+ console.error('Admin update settings error:', err);
+ res.status(500).json({ error: 'Failed to update settings' });
+ }
+});
+
// Function to send push notification to all subscribers
async function sendPushNotification(title, body, data = {}) {
const notification = {
@@ -1163,6 +1351,9 @@ server.listen(PORT, async () => {
// Seed default monsters if they don't exist
db.seedDefaultMonsters();
+ // Seed default game settings if they don't exist
+ db.seedDefaultSettings();
+
// Clean expired tokens periodically
setInterval(() => {
try {
