Add presentation upload and management features to room functionality

server/config/bbb.js

@@ -16,10 +16,13 @@ function buildUrl(apiCall, params = {}) {
   return `${BBB_URL}${apiCall}?${queryString}`;
 }
 
-async function apiCall(apiCallName, params = {}) {
+async function apiCall(apiCallName, params = {}, xmlBody = null) {
   const url = buildUrl(apiCallName, params);
   try {
-    const response = await fetch(url);
+    const fetchOptions = xmlBody
+      ? { method: 'POST', headers: { 'Content-Type': 'application/xml' }, body: xmlBody }
+      : {};
+    const response = await fetch(url, fetchOptions);
     const xml = await response.text();
     const result = await xml2js.parseStringPromise(xml, {
       explicitArray: false,
@@ -39,7 +42,7 @@ function getRoomPasswords(uid) {
   return { moderatorPW: modPw, attendeePW: attPw };
 }
 
-export async function createMeeting(room, logoutURL, loginURL = null) {
+export async function createMeeting(room, logoutURL, loginURL = null, presentationUrl = null) {
   const { moderatorPW, attendeePW } = getRoomPasswords(room.uid);
 
   // Build welcome message with guest invite link
@@ -77,7 +80,13 @@ export async function createMeeting(room, logoutURL, loginURL = null) {
   if (room.access_code) {
     params.lockSettingsLockOnJoin = 'true';
   }
-  return apiCall('create', params);
+
+  // Build optional presentation XML body
+  const xmlBody = presentationUrl
+    ? `<modules><module name="presentation"><document url="${presentationUrl}" /></module></modules>`
+    : null;
+
+  return apiCall('create', params, xmlBody);
 }
 
 export async function joinMeeting(uid, name, isModerator = false, avatarURL = null) {

server/config/database.js

@@ -157,6 +157,7 @@ export async function initDatabase() {
         record_meeting INTEGER DEFAULT 1,
         guest_access INTEGER DEFAULT 0,
         moderator_code TEXT,
+        presentation_file TEXT DEFAULT NULL,
         created_at TIMESTAMP DEFAULT NOW(),
         updated_at TIMESTAMP DEFAULT NOW()
       );
@@ -244,6 +245,7 @@ export async function initDatabase() {
         record_meeting INTEGER DEFAULT 1,
         guest_access INTEGER DEFAULT 0,
         moderator_code TEXT,
+        presentation_file TEXT DEFAULT NULL,
         created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
         updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,
         FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
@@ -349,6 +351,9 @@ export async function initDatabase() {
     await db.exec("ALTER TABLE users ADD COLUMN display_name TEXT DEFAULT ''");
     await db.exec("UPDATE users SET display_name = name WHERE display_name = ''");
   }
+  if (!(await db.columnExists('rooms', 'presentation_file'))) {
+    await db.exec('ALTER TABLE rooms ADD COLUMN presentation_file TEXT DEFAULT NULL');
+  }
 
   // ── Default admin ───────────────────────────────────────────────────────
   const adminEmail = process.env.ADMIN_EMAIL || 'admin@example.com';

server/index.js

@@ -30,6 +30,10 @@ async function start() {
   await initDatabase();
   initMailer();
 
+  // Serve uploaded files (avatars, presentations)
+  const uploadsPath = path.join(__dirname, '..', 'uploads');
+  app.use('/uploads', express.static(uploadsPath));
+
   // API Routes
   app.use('/api/auth', authRoutes);
   app.use('/api/rooms', roomRoutes);

server/middleware/auth.js

@@ -14,7 +14,7 @@ export async function authenticateToken(req, res, next) {
   try {
     const decoded = jwt.verify(token, JWT_SECRET);
     const db = getDb();
-    const user = await db.get('SELECT id, name, display_name, email, role, theme, language, avatar_color, avatar_image FROM users WHERE id = ?', [decoded.userId]);
+    const user = await db.get('SELECT id, name, display_name, email, role, theme, language, avatar_color, avatar_image, email_verified FROM users WHERE id = ?', [decoded.userId]);
     if (!user) {
       return res.status(401).json({ error: 'User not found' });
     }

server/routes/auth.js

@@ -83,7 +83,7 @@ router.post('/register', async (req, res) => {
     );
 
     const token = generateToken(result.lastInsertRowid);
-    const user = await db.get('SELECT id, name, display_name, email, role, theme, language, avatar_color, avatar_image FROM users WHERE id = ?', [result.lastInsertRowid]);
+    const user = await db.get('SELECT id, name, display_name, email, role, theme, language, avatar_color, avatar_image, email_verified FROM users WHERE id = ?', [result.lastInsertRowid]);
 
     res.status(201).json({ token, user });
   } catch (err) {
@@ -243,7 +243,7 @@ router.put('/profile', authenticateToken, async (req, res) => {
       WHERE id = ?
     `, [name, display_name, email?.toLowerCase(), theme, language, avatar_color, req.user.id]);
 
-    const updated = await db.get('SELECT id, name, display_name, email, role, theme, language, avatar_color, avatar_image FROM users WHERE id = ?', [req.user.id]);
+    const updated = await db.get('SELECT id, name, display_name, email, role, theme, language, avatar_color, avatar_image, email_verified FROM users WHERE id = ?', [req.user.id]);
     res.json({ user: updated });
   } catch (err) {
     console.error('Profile update error:', err);
@@ -312,8 +312,7 @@ router.post('/avatar', authenticateToken, async (req, res) => {
     fs.writeFileSync(filepath, buffer);
 
     await db.run('UPDATE users SET avatar_image = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?', [filename, req.user.id]);
-    const updated = await db.get('SELECT id, name, display_name, email, role, theme, language, avatar_color, avatar_image FROM users WHERE id = ?', [req.user.id]);
-
+    const updated = await db.get('SELECT id, name, display_name, email, role, theme, language, avatar_color, avatar_image, email_verified FROM users WHERE id = ?', [req.user.id]);
     res.json({ user: updated });
   } catch (err) {
     console.error('Avatar upload error:', err);
@@ -331,7 +330,7 @@ router.delete('/avatar', authenticateToken, async (req, res) => {
       if (fs.existsSync(oldPath)) fs.unlinkSync(oldPath);
     }
     await db.run('UPDATE users SET avatar_image = NULL, updated_at = CURRENT_TIMESTAMP WHERE id = ?', [req.user.id]);
-    const updated = await db.get('SELECT id, name, display_name, email, role, theme, language, avatar_color, avatar_image FROM users WHERE id = ?', [req.user.id]);
+    const updated = await db.get('SELECT id, name, display_name, email, role, theme, language, avatar_color, avatar_image, email_verified FROM users WHERE id = ?', [req.user.id]);
     res.json({ user: updated });
   } catch (err) {
     console.error('Avatar delete error:', err);

server/routes/rooms.js

@@ -1,5 +1,8 @@
 import { Router } from 'express';
 import crypto from 'crypto';
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
 import { getDb } from '../config/database.js';
 import { authenticateToken } from '../middleware/auth.js';
 import {
@@ -10,6 +13,11 @@ import {
   isMeetingRunning,
 } from '../config/bbb.js';
 
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const presentationsDir = path.join(__dirname, '..', '..', 'uploads', 'presentations');
+if (!fs.existsSync(presentationsDir)) fs.mkdirSync(presentationsDir, { recursive: true });
+
 const router = Router();
 
 // Build avatar URL for a user (uploaded image or generated initials)
@@ -19,7 +27,7 @@ function getUserAvatarURL(req, user) {
     return `${baseUrl}/api/auth/avatar/${user.avatar_image}`;
   }
   const color = user.avatar_color ? `?color=${encodeURIComponent(user.avatar_color)}` : '';
-  return `${baseUrl}/api/auth/avatar/initials/${encodeURIComponent(user.name)}${color}`;
+  return `${baseUrl}/api/auth/avatar/initials/${encodeURIComponent(user.display_name || user.name)}${color}`;
 }
 
 // GET /api/rooms - List user's rooms (owned + shared)
@@ -343,9 +351,13 @@ router.post('/:uid/start', authenticateToken, async (req, res) => {
 
     const baseUrl = `${req.protocol}://${req.get('host')}`;
     const loginURL = `${baseUrl}/join/${room.uid}`;
-    await createMeeting(room, baseUrl, loginURL);
+    const presentationUrl = room.presentation_file
+      ? `${baseUrl}/uploads/presentations/${room.presentation_file}`
+      : null;
+    await createMeeting(room, baseUrl, loginURL, presentationUrl);
     const avatarURL = getUserAvatarURL(req, req.user);
-    const joinUrl = await joinMeeting(room.uid, req.user.name, true, avatarURL);
+    const displayName = req.user.display_name || req.user.name;
+    const joinUrl = await joinMeeting(room.uid, displayName, true, avatarURL);
     res.json({ joinUrl });
   } catch (err) {
     console.error('Start meeting error:', err);
@@ -379,7 +391,7 @@ router.post('/:uid/join', authenticateToken, async (req, res) => {
     const isShared = !isOwner && await db.get('SELECT id FROM room_shares WHERE room_id = ? AND user_id = ?', [room.id, req.user.id]);
     const isModerator = isOwner || !!isShared || room.all_join_moderator;
     const avatarURL = getUserAvatarURL(req, req.user);
-    const joinUrl = await joinMeeting(room.uid, req.user.name, isModerator, avatarURL);
+    const joinUrl = await joinMeeting(room.uid, req.user.display_name || req.user.name, isModerator, avatarURL);
     res.json({ joinUrl });
   } catch (err) {
     console.error('Join meeting error:', err);
@@ -523,4 +535,73 @@ router.get('/:uid/status', async (req, res) => {
   }
 });
 
+// POST /api/rooms/:uid/presentation - Upload a presentation file for the room
+router.post('/:uid/presentation', authenticateToken, async (req, res) => {
+  try {
+    const db = getDb();
+    const room = await db.get('SELECT * FROM rooms WHERE uid = ? AND user_id = ?', [req.params.uid, req.user.id]);
+    if (!room) return res.status(404).json({ error: 'Room not found or no permission' });
+
+    const buffer = await new Promise((resolve, reject) => {
+      const chunks = [];
+      req.on('data', chunk => chunks.push(chunk));
+      req.on('end', () => resolve(Buffer.concat(chunks)));
+      req.on('error', reject);
+    });
+
+    const contentType = req.headers['content-type'] || '';
+    const extMap = {
+      'application/pdf': 'pdf',
+      'application/vnd.ms-powerpoint': 'ppt',
+      'application/vnd.openxmlformats-officedocument.presentationml.presentation': 'pptx',
+      'application/vnd.oasis.opendocument.presentation': 'odp',
+      'application/msword': 'doc',
+      'application/vnd.openxmlformats-officedocument.wordprocessingml.document': 'docx',
+    };
+    const ext = extMap[contentType];
+    if (!ext) return res.status(400).json({ error: 'Unsupported file type. Allowed: PDF, PPT, PPTX, ODP, DOC, DOCX' });
+
+    // Max 50MB
+    if (buffer.length > 50 * 1024 * 1024) return res.status(400).json({ error: 'File must not exceed 50MB' });
+
+    const filename = `${room.uid}_${Date.now()}.${ext}`;
+    const filepath = path.join(presentationsDir, filename);
+
+    // Remove old presentation file if exists
+    if (room.presentation_file) {
+      const oldPath = path.join(presentationsDir, room.presentation_file);
+      if (fs.existsSync(oldPath)) fs.unlinkSync(oldPath);
+    }
+
+    fs.writeFileSync(filepath, buffer);
+    await db.run('UPDATE rooms SET presentation_file = ?, updated_at = CURRENT_TIMESTAMP WHERE uid = ?', [filename, req.params.uid]);
+    const updated = await db.get('SELECT * FROM rooms WHERE uid = ?', [req.params.uid]);
+    res.json({ room: updated });
+  } catch (err) {
+    console.error('Presentation upload error:', err);
+    res.status(500).json({ error: 'Presentation could not be uploaded' });
+  }
+});
+
+// DELETE /api/rooms/:uid/presentation - Remove presentation file
+router.delete('/:uid/presentation', authenticateToken, async (req, res) => {
+  try {
+    const db = getDb();
+    const room = await db.get('SELECT * FROM rooms WHERE uid = ? AND user_id = ?', [req.params.uid, req.user.id]);
+    if (!room) return res.status(404).json({ error: 'Room not found or no permission' });
+
+    if (room.presentation_file) {
+      const filepath = path.join(presentationsDir, room.presentation_file);
+      if (fs.existsSync(filepath)) fs.unlinkSync(filepath);
+    }
+
+    await db.run('UPDATE rooms SET presentation_file = NULL, updated_at = CURRENT_TIMESTAMP WHERE uid = ?', [req.params.uid]);
+    const updated = await db.get('SELECT * FROM rooms WHERE uid = ?', [req.params.uid]);
+    res.json({ room: updated });
+  } catch (err) {
+    console.error('Presentation delete error:', err);
+    res.status(500).json({ error: 'Presentation could not be removed' });
+  }
+});
+
 export default router;