feat: scaffold Antonym fashion store

Anonymous Bitcoin-only fashion e-commerce with: - Vue 3 + Tailwind 4 frontend with glassmorphism dark/light design system - Express 5 + SQLite backend with BTCPay Server integration - Nostr identity (NIP-07/keypair) for anonymous purchase tracking - ChaCha20-Poly1305 encrypted shipping addresses - Admin panel with order/product/stock management - SVG logo splash animation with clip-path reveal - 5 seeded products across 4 categories Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 00:23:21 +00:00
commit 54500a68e6
64 changed files with 6983 additions and 0 deletions
--- a/server/routes/admin.ts
+++ b/server/routes/admin.ts
@@ -0,0 +1,22 @@
+import { Router } from 'express'
+import { rateLimit, createSession, deleteSession, verifyPassword, adminAuth } from '../middleware/adminAuth.js'
+import { requireBody } from '../middleware/validate.js'
+
+export const adminRouter = Router()
+
+adminRouter.post('/login', rateLimit, requireBody('password'), (req, res) => {
+  const { password } = req.body as { password: string }
+  if (!verifyPassword(password)) { res.status(401).json({ error: { code: 'INVALID_PASSWORD', message: 'Invalid password' } }); return }
+  const token = createSession()
+  res.cookie('admin_session', token, { httpOnly: true, sameSite: 'strict', secure: process.env.NODE_ENV === 'production', maxAge: 24 * 60 * 60 * 1000 })
+  res.json({ ok: true })
+})
+
+adminRouter.post('/logout', adminAuth, (req, res) => {
+  const token = req.cookies?.admin_session
+  if (token) deleteSession(token)
+  res.clearCookie('admin_session')
+  res.json({ ok: true })
+})
+
+adminRouter.get('/verify', adminAuth, (_req, res) => { res.json({ ok: true }) })