Add CMS features with admin interface and OAuth authentication integration

- Introduced Caddy server for serving frontend and API backend.
- Implemented admin dashboard for creating, editing, and managing events.
- Replaced session-based authentication with token-based OAuth using Gitea.
- Added support for drag-and-drop event reordering in the admin interface.
- Standardized Fastify route validation with JSON schemas.
- Enhanced authentication flow with cookie-based state and secure token storage.
- Reworked backend routes to handle publishing, event management, and content updates.
- Updated `Dockerfile.caddy` and `fly.toml` for deployment configuration.

backend/src/routes/gallery.ts

@@ -4,12 +4,17 @@ import { db } from '../config/database.js';
 import { galleryImages } from '../db/schema.js';
 import { eq } from 'drizzle-orm';
 
-const galleryImageSchema = z.object({
-  imageUrl: z.string().url(),
-  altText: z.string().min(1).max(200),
-  displayOrder: z.number().int().min(0),
-  isPublished: z.boolean().optional().default(true),
-});
+// Fastify JSON schema for gallery image body
+const galleryBodyJsonSchema = {
+  type: 'object',
+  required: ['imageUrl', 'altText', 'displayOrder'],
+  properties: {
+    imageUrl: { type: 'string', minLength: 1 },
+    altText: { type: 'string', minLength: 1, maxLength: 200 },
+    displayOrder: { type: 'integer', minimum: 0 },
+    isPublished: { type: 'boolean' },
+  },
+} as const;
 
 const galleryRoute: FastifyPluginAsync = async (fastify) => {
 
@@ -38,11 +43,11 @@ const galleryRoute: FastifyPluginAsync = async (fastify) => {
   // Create gallery image
   fastify.post('/gallery', {
     schema: {
-      body: galleryImageSchema,
+      body: galleryBodyJsonSchema,
     },
     preHandler: [fastify.authenticate],
   }, async (request, reply) => {
-    const data = request.body as z.infer<typeof galleryImageSchema>;
+    const data = request.body as any;
 
     const [newImage] = await db.insert(galleryImages).values(data).returning();
 
@@ -52,12 +57,12 @@ const galleryRoute: FastifyPluginAsync = async (fastify) => {
   // Update gallery image
   fastify.put('/gallery/:id', {
     schema: {
-      body: galleryImageSchema,
+      body: galleryBodyJsonSchema,
     },
     preHandler: [fastify.authenticate],
   }, async (request, reply) => {
     const { id } = request.params as { id: string };
-    const data = request.body as z.infer<typeof galleryImageSchema>;
+    const data = request.body as any;
 
     const [updated] = await db
       .update(galleryImages)
@@ -93,24 +98,32 @@ const galleryRoute: FastifyPluginAsync = async (fastify) => {
   // Reorder gallery images
   fastify.put('/gallery/reorder', {
     schema: {
-      body: z.object({
-        orders: z.array(z.object({
-          id: z.string().uuid(),
-          displayOrder: z.number().int().min(0),
-        })),
-      }),
+      body: {
+        type: 'object',
+        required: ['orders'],
+        properties: {
+          orders: {
+            type: 'array',
+            items: {
+              type: 'object',
+              required: ['id', 'displayOrder'],
+              properties: {
+                id: { type: 'string' },
+                displayOrder: { type: 'integer', minimum: 0 },
+              },
+            },
+          },
+        },
+      },
     },
     preHandler: [fastify.authenticate],
   }, async (request, reply) => {
     const { orders } = request.body as { orders: Array<{ id: string; displayOrder: number }> };
 
-    // Update all in transaction
-    await db.transaction(async (tx) => {
+    // Update all in synchronous transaction (better-sqlite3 requirement)
+    db.transaction((tx: any) => {
       for (const { id, displayOrder } of orders) {
-        await tx
-          .update(galleryImages)
-          .set({ displayOrder })
-          .where(eq(galleryImages.id, id));
+        tx.update(galleryImages).set({ displayOrder }).where(eq(galleryImages.id, id)).run?.();
       }
     });