feat: Add advanced video gallery, update components, and enhance backend

- Add VideoGallery component with YouTube-style hover previews and playback continuity
- Add VideoPlayer component with full controls and keyboard shortcuts
- Add new components: Alert, Loader, FeaturedVideos, QuickActionBox, AboutEuphoric
- Add video imports utility for centralized video management
- Add Alert context and hooks for toast notifications
- Add 404 page for better error handling
- Enhance backend with Redis caching support (optional, graceful fallback)
- Update README with comprehensive documentation of new features
- Add multiple video assets for gallery
- Improve accessibility with ARIA labels and focus management
- Add mobile tap-to-play support for video gallery

Author: laveshparyani

README.md

@@ -8,17 +8,17 @@
     "build": "echo 'Backend build complete'"
   },
   "dependencies": {
-    "express": "^4.18.2",
-    "mysql2": "^3.6.5",
     "cors": "^2.8.5",
-    "helmet": "^7.1.0",
     "dotenv": "^16.3.1",
+    "express": "^4.18.2",
     "express-rate-limit": "^7.1.5",
     "express-validator": "^7.0.1",
-    "nodemailer": "^6.9.7"
+    "helmet": "^7.1.0",
+    "mysql2": "^3.6.5",
+    "nodemailer": "^6.9.7",
+    "redis": "^5.10.0"
   },
   "devDependencies": {
     "nodemon": "^3.0.2"
   }
 }
-

assets/edd10a0b-0637-4617-8704-893f820eff3f.MP4

@@ -1,28 +1,79 @@
-import mysql from 'mysql2/promise'
-import dotenv from 'dotenv'
+import mysql from "mysql2/promise";
+import dotenv from "dotenv";
 
-dotenv.config()
+dotenv.config();
 
-const pool = mysql.createPool({
-  host: process.env.DB_HOST || 'localhost',
-  user: process.env.DB_USER || 'root',
-  password: process.env.DB_PASSWORD || '',
-  database: process.env.DB_NAME || 'euphoric_db',
+// Database connection configuration
+const dbConfig = {
+  host: process.env.DB_HOST || "localhost",
+  user: process.env.DB_USER || "root",
+  password: process.env.DB_PASSWORD || "",
+  database: process.env.DB_NAME || "euphoric_db",
   waitForConnections: true,
   connectionLimit: 10,
   queueLimit: 0,
-})
+  // Enable multiple statements if needed
+  multipleStatements: false,
+  // Connection timeout
+  connectTimeout: 10000,
+  // SSL configuration (set to false for local development)
+  ssl: process.env.DB_SSL === "true" ? {} : false,
+};
 
-// Test connection
+// Create connection pool
+const pool = mysql.createPool(dbConfig);
+
+// Test connection with better error handling
 pool
   .getConnection()
   .then((connection) => {
-    console.log('✅ Database connected successfully')
-    connection.release()
+    console.log("✅ Database connected successfully");
+    connection.release();
   })
   .catch((error) => {
-    console.error('❌ Database connection error:', error.message)
-  })
+    console.error("❌ Database connection error:", error.message);
 
-export default pool
+    // Provide helpful error messages
+    if (
+      error.code === "ER_NOT_SUPPORTED_AUTH_MODE" ||
+      error.code === "AUTH_SWITCH_PLUGIN_ERROR" ||
+      error.message.includes("auth_gssapi_client") ||
+      error.message.includes("unknown plugin")
+    ) {
+      console.error("\n💡 Authentication Plugin Error Detected");
+      console.error(
+        "   This usually happens with MySQL 8.0+ default authentication."
+      );
+      console.error(
+        "   Your MySQL user is using an unsupported authentication method."
+      );
+      console.error("\n   To fix this, run these SQL commands in MySQL:");
+      console.error(
+        `   ALTER USER '${dbConfig.user}'@'${dbConfig.host}' IDENTIFIED WITH mysql_native_password BY '${dbConfig.password}';`
+      );
+      console.error("   FLUSH PRIVILEGES;");
+      console.error("\n   Or if using a different host:");
+      console.error(
+        `   ALTER USER '${dbConfig.user}'@'%' IDENTIFIED WITH mysql_native_password BY '${dbConfig.password}';`
+      );
+      console.error("   FLUSH PRIVILEGES;");
+      console.error("\n   After running these commands, restart the backend server.");
+    } else if (error.code === "ECONNREFUSED") {
+      console.error("\n💡 Connection Refused");
+      console.error("   Make sure MySQL server is running and accessible.");
+      console.error(`   Check host: ${dbConfig.host}, port: 3306`);
+    } else if (error.code === "ER_ACCESS_DENIED_ERROR") {
+      console.error("\n💡 Access Denied");
+      console.error("   Check your database credentials in .env file:");
+      console.error(`   DB_USER: ${dbConfig.user}`);
+      console.error(`   DB_PASSWORD: ${dbConfig.password ? "***" : "(empty)"}`);
+    } else if (error.code === "ER_BAD_DB_ERROR") {
+      console.error("\n💡 Database Not Found");
+      console.error(`   Database '${dbConfig.database}' does not exist.`);
+      console.error(
+        "   Create it with: CREATE DATABASE " + dbConfig.database + ";"
+      );
+    }
+  });
 
+export default pool;

backend/package.json

@@ -17,17 +17,19 @@ const createTransporter = () => {
 // Create enquiry
 export const createEnquiry = async (req, res) => {
   try {
+    // Validation handled by middleware
     const { name, phone, email, message } = req.body
 
-    // Validation
-    if (!name || !email || !message) {
-      return res.status(400).json({ error: 'Name, email, and message are required' })
-    }
+    // Additional sanitization
+    const sanitizedName = name.trim().substring(0, 100)
+    const sanitizedEmail = email.trim().toLowerCase().substring(0, 255)
+    const sanitizedPhone = phone ? phone.trim().replace(/[^0-9+\-() ]/g, '').substring(0, 20) : null
+    const sanitizedMessage = message.trim().substring(0, 2000)
 
-    // Save to database
+    // Save to database using prepared statements
     const [result] = await pool.execute(
       'INSERT INTO enquiries (name, phone, email, message) VALUES (?, ?, ?, ?)',
-      [name, phone || null, email, message]
+      [sanitizedName, sanitizedPhone, sanitizedEmail, sanitizedMessage]
     )
 
     // Send email if configured
@@ -40,11 +42,11 @@ export const createEnquiry = async (req, res) => {
           subject: `New Enquiry from ${name}`,
           html: `
             <h2>New Enquiry Received</h2>
-            <p><strong>Name:</strong> ${name}</p>
-            <p><strong>Phone:</strong> ${phone || 'Not provided'}</p>
-            <p><strong>Email:</strong> ${email}</p>
+            <p><strong>Name:</strong> ${sanitizedName}</p>
+            <p><strong>Phone:</strong> ${sanitizedPhone || 'Not provided'}</p>
+            <p><strong>Email:</strong> ${sanitizedEmail}</p>
             <p><strong>Message:</strong></p>
-            <p>${message}</p>
+            <p>${sanitizedMessage.replace(/\n/g, '<br>')}</p>
           `,
         })
       } catch (emailError) {

backend/src/config/database.js

@@ -1,11 +1,24 @@
 import pool from '../config/database.js'
+import { getCache, setCache, deleteCache, invalidateCachePattern } from '../utils/cache.js'
 
 // Get all events
 export const getEvents = async (req, res) => {
   try {
+    // Try to get from cache
+    const cacheKey = 'events:upcoming'
+    const cached = await getCache(cacheKey)
+    if (cached) {
+      return res.json(cached)
+    }
+
+    // Fetch from database using prepared statement
     const [events] = await pool.execute(
       'SELECT * FROM events WHERE date >= CURDATE() ORDER BY date ASC'
     )
+
+    // Cache for 30 minutes
+    await setCache(cacheKey, events, 1800)
+
     res.json(events)
   } catch (error) {
     console.error('Error fetching events:', error)
@@ -33,22 +46,27 @@ export const getEvent = async (req, res) => {
 // Create a new event
 export const createEvent = async (req, res) => {
   try {
+    // Validation handled by middleware
     const { title, date, location, image, description } = req.body
 
-    // Validation
-    if (!title || !date || !location) {
-      return res.status(400).json({ error: 'Title, date, and location are required' })
-    }
+    // Sanitize inputs
+    const sanitizedTitle = title.trim().substring(0, 200)
+    const sanitizedLocation = location.trim().substring(0, 200)
+    const sanitizedDescription = description ? description.trim().substring(0, 2000) : null
 
+    // Use prepared statements
     const [result] = await pool.execute(
       'INSERT INTO events (title, date, location, image, description) VALUES (?, ?, ?, ?, ?)',
-      [title, date, location, image || null, description || null]
+      [sanitizedTitle, date, sanitizedLocation, image || null, sanitizedDescription]
     )
 
     const [newEvent] = await pool.execute('SELECT * FROM events WHERE id = ?', [
       result.insertId,
     ])
 
+    // Invalidate cache
+    await invalidateCachePattern('events:*')
+
     res.status(201).json(newEvent[0])
   } catch (error) {
     console.error('Error creating event:', error)
@@ -62,16 +80,26 @@ export const updateEvent = async (req, res) => {
     const { id } = req.params
     const { title, date, location, image, description } = req.body
 
+    // Sanitize inputs
+    const sanitizedTitle = title ? title.trim().substring(0, 200) : null
+    const sanitizedLocation = location ? location.trim().substring(0, 200) : null
+    const sanitizedDescription = description ? description.trim().substring(0, 2000) : null
+
+    // Use prepared statements with parameterized query
     const [result] = await pool.execute(
       'UPDATE events SET title = ?, date = ?, location = ?, image = ?, description = ? WHERE id = ?',
-      [title, date, location, image || null, description || null, id]
+      [sanitizedTitle, date, sanitizedLocation, image || null, sanitizedDescription, parseInt(id, 10)]
     )
 
     if (result.affectedRows === 0) {
       return res.status(404).json({ error: 'Event not found' })
     }
 
-    const [updatedEvent] = await pool.execute('SELECT * FROM events WHERE id = ?', [id])
+    const [updatedEvent] = await pool.execute('SELECT * FROM events WHERE id = ?', [parseInt(id, 10)])
+    
+    // Invalidate cache
+    await invalidateCachePattern('events:*')
+
     res.json(updatedEvent[0])
   } catch (error) {
     console.error('Error updating event:', error)
@@ -83,12 +111,17 @@ export const updateEvent = async (req, res) => {
 export const deleteEvent = async (req, res) => {
   try {
     const { id } = req.params
-    const [result] = await pool.execute('DELETE FROM events WHERE id = ?', [id])
+    
+    // Use prepared statement with parameterized query
+    const [result] = await pool.execute('DELETE FROM events WHERE id = ?', [parseInt(id, 10)])
 
     if (result.affectedRows === 0) {
       return res.status(404).json({ error: 'Event not found' })
     }
 
+    // Invalidate cache
+    await invalidateCachePattern('events:*')
+
     res.json({ message: 'Event deleted successfully' })
   } catch (error) {
     console.error('Error deleting event:', error)

backend/src/controllers/enquiryController.js

@@ -1,11 +1,24 @@
 import pool from '../config/database.js'
+import { getCache, setCache, deleteCache } from '../utils/cache.js'
 
 // Get all reviews
 export const getReviews = async (req, res) => {
   try {
+    // Try to get from cache
+    const cacheKey = 'reviews:all'
+    const cached = await getCache(cacheKey)
+    if (cached) {
+      return res.json(cached)
+    }
+
+    // Fetch from database
     const [reviews] = await pool.execute(
       'SELECT * FROM reviews ORDER BY created_at DESC'
     )
+
+    // Cache for 1 hour
+    await setCache(cacheKey, reviews, 3600)
+
     res.json(reviews)
   } catch (error) {
     console.error('Error fetching reviews:', error)
@@ -16,26 +29,26 @@ export const getReviews = async (req, res) => {
 // Create a new review
 export const createReview = async (req, res) => {
   try {
+    // Validation is handled by middleware, but we sanitize here too
     const { name, message, rating } = req.body
 
-    // Validation
-    if (!name || !message || !rating) {
-      return res.status(400).json({ error: 'Name, message, and rating are required' })
-    }
-
-    if (rating < 1 || rating > 5) {
-      return res.status(400).json({ error: 'Rating must be between 1 and 5' })
-    }
+    // Additional sanitization (validation middleware already handled basic validation)
+    const sanitizedName = name.trim().substring(0, 100)
+    const sanitizedMessage = message.trim().substring(0, 1000)
 
+    // Use prepared statements (already done, but ensuring)
     const [result] = await pool.execute(
       'INSERT INTO reviews (name, message, rating) VALUES (?, ?, ?)',
-      [name, message, rating]
+      [sanitizedName, sanitizedMessage, parseInt(rating, 10)]
     )
 
     const [newReview] = await pool.execute('SELECT * FROM reviews WHERE id = ?', [
       result.insertId,
     ])
 
+    // Invalidate cache
+    await deleteCache('reviews:all')
+
     res.status(201).json(newReview[0])
   } catch (error) {
     console.error('Error creating review:', error)

backend/src/controllers/eventsController.js

@@ -2,6 +2,11 @@ import pool from '../config/database.js'
 
 const initDatabase = async () => {
   try {
+    // Test connection first
+    const connection = await pool.getConnection()
+    await connection.ping()
+    connection.release()
+
     // Create reviews table
     await pool.execute(`
       CREATE TABLE IF NOT EXISTS reviews (
@@ -42,6 +47,26 @@ const initDatabase = async () => {
     console.log('✅ Database tables initialized successfully')
   } catch (error) {
     console.error('❌ Error initializing database:', error.message)
+    
+    // Provide specific help for authentication errors
+    if (error.message.includes('auth_gssapi_client') || error.message.includes('authentication')) {
+      console.error('\n🔧 FIX REQUIRED: MySQL Authentication Plugin Issue')
+      console.error('   Your MySQL user is using an unsupported authentication method.')
+      console.error('\n   Run these commands in MySQL to fix:')
+      console.error('   ----------------------------------------')
+      const user = process.env.DB_USER || 'root'
+      const host = process.env.DB_HOST || 'localhost'
+      console.error(`   ALTER USER '${user}'@'${host}' IDENTIFIED WITH mysql_native_password BY '${process.env.DB_PASSWORD || ''}';`)
+      console.error('   FLUSH PRIVILEGES;')
+      console.error('   ----------------------------------------')
+      console.error('\n   Or if connecting from any host:')
+      console.error(`   ALTER USER '${user}'@'%' IDENTIFIED WITH mysql_native_password BY '${process.env.DB_PASSWORD || ''}';`)
+      console.error('   FLUSH PRIVILEGES;')
+      console.error('\n   After running these commands, restart the backend server.')
+    }
+    
+    // Re-throw to prevent server from starting without database
+    throw error
   }
 }
 

backend/src/controllers/reviewsController.js

@@ -1,6 +1,7 @@
 import express from 'express'
 import { createEnquiry } from '../controllers/enquiryController.js'
 import rateLimit from 'express-rate-limit'
+import { enquiryValidation, handleValidationErrors } from '../utils/validation.js'
 
 const router = express.Router()
 
@@ -9,9 +10,11 @@ const createEnquiryLimiter = rateLimit({
   windowMs: 15 * 60 * 1000, // 15 minutes
   max: 10, // Limit each IP to 10 requests per windowMs
   message: 'Too many enquiry submissions, please try again later.',
+  standardHeaders: true,
+  legacyHeaders: false,
 })
 
-router.post('/', createEnquiryLimiter, createEnquiry)
+router.post('/', createEnquiryLimiter, enquiryValidation, handleValidationErrors, createEnquiry)
 
 export default router