Convert Server from submodule to normal files

Server/backend/server.js

@@ -0,0 +1,54 @@
+import express from "express";
+import { Client, Account, Databases } from "node-appwrite";
+import dotenv from "dotenv";
+
+dotenv.config();
+
+const app = express();
+app.use(express.json());
+
+const PORT = process.env.PORT || 3000;
+
+function makeUserClient(jwt) {
+  const client = new Client()
+    .setEndpoint(process.env.APPWRITE_ENDPOINT)
+    .setProject(process.env.APPWRITE_PROJECT_ID)
+    .setJWT(jwt);
+  return client;
+}
+
+function makeAdminClient() {
+  const client = new Client()
+    .setEndpoint(process.env.APPWRITE_ENDPOINT)
+    .setProject(process.env.APPWRITE_PROJECT_ID)
+    .setKey(process.env.APPWRITE_API_KEY);
+  return client;
+}
+
+app.post("/api/action", async (req, res) => {
+  try {
+    const auth = req.headers.authorization || "";
+    const jwt = auth.startsWith("Bearer ") ? auth.slice(7) : "";
+    if (!jwt) return res.status(401).json({ ok: false, error: "missing token" });
+
+    // 1) user token validieren
+    const userClient = makeUserClient(jwt);
+    const account = new Account(userClient);
+    const user = await account.get(); // wirft Fehler, wenn JWT ungueltig/abgelaufen
+
+    // 2) privilegierte Aktion nur serverseitig mit Admin Key
+    const adminClient = makeAdminClient();
+    const db = new Databases(adminClient);
+
+    // Beispiel: lies etwas, das nur du lesen darfst
+    // const data = await db.listDocuments("dbId", "collectionId");
+
+    return res.json({ ok: true, userId: user.$id, info: "action allowed" });
+  } catch (e) {
+    return res.status(401).json({ ok: false, error: "unauthorized" });
+  }
+});
+
+app.listen(PORT, () => {
+  console.log(`Backend server running on port ${PORT}`);
+});