# Insertr Content Server

The HTTP API server that provides content storage and retrieval for the Insertr CMS system.

## 🚀 Quick Start

### Build and Run
```bash
# Build the server
go build -o insertr-server ./cmd/server

# Start with default settings
./insertr-server

# Start with custom port and database
./insertr-server --port 8080 --db ./content.db
```

### Development
```bash
# Install dependencies
go mod tidy

# Run directly with go
go run ./cmd/server --port 8080
```

## 📊 API Endpoints

The server implements the exact API contract expected by both the Go CLI client and JavaScript browser client:

### Content Retrieval
- `GET /api/content?site_id={site}` - Get all content for a site
- `GET /api/content/{id}?site_id={site}` - Get single content item
- `GET /api/content/bulk?site_id={site}&ids[]={id1}&ids[]={id2}` - Get multiple items

### Content Modification  
- `POST /api/content` - Create new content
- `PUT /api/content/{id}?site_id={site}` - Update existing content

### System
- `GET /health` - Health check endpoint

## 🗄️ Database

Uses SQLite by default for simplicity. The database schema:

```sql
CREATE TABLE content (
    id TEXT NOT NULL,
    site_id TEXT NOT NULL, 
    value TEXT NOT NULL,
    type TEXT NOT NULL CHECK (type IN ('text', 'markdown', 'link')),
    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
    updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,
    PRIMARY KEY (id, site_id)
);
```

## 🔧 Configuration

### Command Line Options
- `--port` - Server port (default: 8080)
- `--db` - SQLite database path (default: ./insertr.db)

### CORS
Currently configured for development with `Access-Control-Allow-Origin: *`.
For production, configure CORS appropriately.

## 🧪 Testing

### API Testing Examples

```bash
# Create content
curl -X POST "http://localhost:8080/api/content" \
  -H "Content-Type: application/json" \
  -d '{"id":"hero-title","value":"Welcome!","type":"text"}'

# Get content  
curl "http://localhost:8080/api/content/hero-title?site_id=demo"

# Update content
curl -X PUT "http://localhost:8080/api/content/hero-title?site_id=demo" \
  -H "Content-Type: application/json" \
  -d '{"value":"Updated Welcome!"}'
```

### Integration Testing
```bash
# From project root
./test-integration.sh
```

## 🏗️ Architecture Integration

This server bridges the gap between:

1. **Browser Editor** (`lib/`) - JavaScript client that saves edits
2. **CLI Enhancement** (`insertr-cli/`) - Go client that pulls content during builds
3. **Static Site Generation** - Enhanced HTML with database content

### Content Flow
```
Browser Edit → HTTP Server → SQLite Database
                    ↓
CLI Build Process ← HTTP Server ← SQLite Database
                    ↓
Enhanced Static Site
```

## 🚀 Production Deployment

### Docker (Recommended)
```dockerfile
FROM golang:1.21-alpine AS builder
WORKDIR /app
COPY . .
RUN go build -o insertr-server ./cmd/server

FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /root/
COPY --from=builder /app/insertr-server .
EXPOSE 8080
CMD ["./insertr-server"]
```

### Environment Variables
- `PORT` - Server port
- `DB_PATH` - Database file path
- `CORS_ORIGIN` - Allowed CORS origin for production

### Health Monitoring
The `/health` endpoint returns JSON status for monitoring:
```json
{"status":"healthy","service":"insertr-server"}
```

## 🔐 Security Considerations

### Current State (Development)
- Open CORS policy
- No authentication required
- SQLite database (single file)

### Production TODO
- [ ] JWT/OAuth authentication
- [ ] PostgreSQL database option
- [ ] Rate limiting
- [ ] Input validation and sanitization
- [ ] HTTPS enforcement
- [ ] Configurable CORS origins

---

**Status**: ✅ Fully functional development server  
**Next**: Production hardening and authentication