Initial backend import

2026-05-16 00:18:22 +08:00
commit 141d92dc15
22 changed files with 2028 additions and 0 deletions
--- a/internal/handlers/admin.go
+++ b/internal/handlers/admin.go
@@ -0,0 +1,386 @@
+package handlers
+
+import (
+	"context"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/arkie/ark-database/internal/auth"
+	"github.com/go-chi/chi/v5"
+	"github.com/google/uuid"
+	"github.com/jackc/pgx/v5"
+	"github.com/jackc/pgx/v5/pgxpool"
+	"golang.org/x/crypto/bcrypt"
+)
+
+type loginReq struct {
+	Email    string `json:"email"`
+	Password string `json:"password"`
+}
+
+func AdminLogin(secret string) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req loginReq
+		if err := jsonDecode(r, &req); err != nil {
+			http.Error(w, "bad json", http.StatusBadRequest)
+			return
+		}
+		pool := poolFrom(r)
+		var id int
+		var hash string
+		err := pool.QueryRow(r.Context(), `SELECT id, password_hash FROM admins WHERE lower(email) = lower($1)`, strings.TrimSpace(req.Email)).Scan(&id, &hash)
+		if err != nil {
+			http.Error(w, "invalid credentials", http.StatusUnauthorized)
+			return
+		}
+		if bcrypt.CompareHashAndPassword([]byte(hash), []byte(req.Password)) != nil {
+			http.Error(w, "invalid credentials", http.StatusUnauthorized)
+			return
+		}
+		tok, err := auth.SignAdmin(secret, id, req.Email, 7*24*time.Hour)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		writeJSON(w, map[string]any{"token": tok})
+	}
+}
+
+func AdminDashboard(w http.ResponseWriter, r *http.Request) {
+	pool := poolFrom(r)
+	ctx := r.Context()
+	var total, published int
+	_ = pool.QueryRow(ctx, `SELECT COUNT(*) FROM resources`).Scan(&total)
+	_ = pool.QueryRow(ctx, `SELECT COUNT(*) FROM resources WHERE status = 'published'`).Scan(&published)
+	var views, downloads, favs, shares int64
+	_ = pool.QueryRow(ctx, `SELECT COALESCE(SUM(view_count),0), COALESCE(SUM(download_count),0), COALESCE(SUM(favorite_count),0), COALESCE(SUM(share_count),0) FROM resources`).Scan(&views, &downloads, &favs, &shares)
+	var todayNew int
+	_ = pool.QueryRow(ctx, `SELECT COUNT(*) FROM resources WHERE created_at::date = (now() at time zone 'utc')::date`).Scan(&todayNew)
+
+	rows, err := pool.Query(ctx, `
+		SELECT r.id, r.title, r.download_count, r.favorite_count, r.view_count
+		FROM resources r WHERE r.status = 'published' ORDER BY (r.download_count + r.favorite_count) DESC LIMIT 8`)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	defer rows.Close()
+	type hot struct {
+		ID       string `json:"id"`
+		Title    string `json:"title"`
+		Download int    `json:"downloads"`
+		Favorite int    `json:"favorites"`
+		View     int    `json:"views"`
+	}
+	hotList := make([]hot, 0)
+	for rows.Next() {
+		var id uuid.UUID
+		var h hot
+		if err := rows.Scan(&id, &h.Title, &h.Download, &h.Favorite, &h.View); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		h.ID = id.String()
+		hotList = append(hotList, h)
+	}
+	if err := rows.Err(); err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	writeJSON(w, map[string]any{
+		"totalResources": total,
+		"published":      published,
+		"todayNew":       todayNew,
+		"totalViews":     views,
+		"totalDownloads": downloads,
+		"totalFavorites": favs,
+		"totalShares":    shares,
+		"hotResources":   hotList,
+	})
+}
+
+type adminResource struct {
+	ID             string   `json:"id"`
+	Title          string   `json:"title"`
+	Description    string   `json:"description"`
+	Type           string   `json:"type"`
+	Language       string   `json:"language"`
+	CategoryID     int      `json:"categoryId"`
+	CoverImage     string   `json:"coverImage"`
+	FileURL        string   `json:"fileUrl"`
+	PreviewURL     string   `json:"previewUrl"`
+	ExternalURL    string   `json:"externalUrl"`
+	BodyText       string   `json:"bodyText"`
+	BadgeLabel     string   `json:"badgeLabel"`
+	IsPublic       bool     `json:"isPublic"`
+	IsDownloadable bool     `json:"isDownloadable"`
+	IsRecommended  bool     `json:"isRecommended"`
+	SortOrder      int      `json:"sortOrder"`
+	Status         string   `json:"status"`
+	PublishedAt    *string  `json:"publishedAt"`
+	Tags           []string `json:"tags"`
+	ViewCount      int      `json:"viewCount"`
+	DownloadCount  int      `json:"downloadCount"`
+}
+
+func AdminListResources(w http.ResponseWriter, r *http.Request) {
+	pool := poolFrom(r)
+	page := atoiDef(r.URL.Query().Get("page"), 1)
+	limit := atoiDef(r.URL.Query().Get("limit"), 20)
+	if limit > 100 {
+		limit = 100
+	}
+	offset := (page - 1) * limit
+	var total int
+	if err := pool.QueryRow(r.Context(), `SELECT COUNT(*) FROM resources`).Scan(&total); err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	rows, err := pool.Query(r.Context(), `
+		SELECT r.id, r.title, COALESCE(r.description,''), r.type, r.language, r.category_id,
+			COALESCE(r.cover_image,''), COALESCE(r.file_url,''), COALESCE(r.preview_url,''), COALESCE(r.external_url,''), COALESCE(r.body_text,''),
+			COALESCE(r.badge_label,''), r.is_public, r.is_downloadable, r.is_recommended, r.sort_order, r.status, r.published_at, r.view_count, r.download_count
+		FROM resources r
+		ORDER BY r.updated_at DESC
+		LIMIT $1 OFFSET $2`, limit, offset)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	defer rows.Close()
+	list := make([]adminResource, 0)
+	for rows.Next() {
+		var ar adminResource
+		var id uuid.UUID
+		var pub *time.Time
+		if err := rows.Scan(&id, &ar.Title, &ar.Description, &ar.Type, &ar.Language, &ar.CategoryID, &ar.CoverImage, &ar.FileURL, &ar.PreviewURL, &ar.ExternalURL, &ar.BodyText,
+			&ar.BadgeLabel, &ar.IsPublic, &ar.IsDownloadable, &ar.IsRecommended, &ar.SortOrder, &ar.Status, &pub, &ar.ViewCount, &ar.DownloadCount); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		ar.ID = id.String()
+		if pub != nil {
+			s := pub.UTC().Format(time.RFC3339)
+			ar.PublishedAt = &s
+		}
+		tags, _ := loadTagNames(r.Context(), pool, id)
+		ar.Tags = tags
+		list = append(list, ar)
+	}
+	if err := rows.Err(); err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	writeJSON(w, map[string]any{"items": list, "page": page, "limit": limit, "total": total})
+}
+
+type searchLogRow struct {
+	ID        int64  `json:"id"`
+	Query     string `json:"query"`
+	CreatedAt string `json:"createdAt"`
+}
+
+func AdminSearchLogs(w http.ResponseWriter, r *http.Request) {
+	pool := poolFrom(r)
+	limit := atoiDef(r.URL.Query().Get("limit"), 200)
+	if limit > 500 {
+		limit = 500
+	}
+	rows, err := pool.Query(r.Context(), `SELECT id, query, created_at FROM search_logs ORDER BY id DESC LIMIT $1`, limit)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	defer rows.Close()
+	out := make([]searchLogRow, 0)
+	for rows.Next() {
+		var row searchLogRow
+		var created time.Time
+		if err := rows.Scan(&row.ID, &row.Query, &created); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		row.CreatedAt = created.UTC().Format(time.RFC3339)
+		out = append(out, row)
+	}
+	if err := rows.Err(); err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	writeJSON(w, map[string]any{"items": out})
+}
+
+func AdminGetResource(w http.ResponseWriter, r *http.Request) {
+	pool := poolFrom(r)
+	rid, err := uuid.Parse(chi.URLParam(r, "id"))
+	if err != nil {
+		http.Error(w, "bad id", http.StatusBadRequest)
+		return
+	}
+	row := pool.QueryRow(r.Context(), `
+		SELECT r.id, r.title, COALESCE(r.description,''), r.type, r.language, r.category_id,
+			COALESCE(r.cover_image,''), COALESCE(r.file_url,''), COALESCE(r.preview_url,''), COALESCE(r.external_url,''), COALESCE(r.body_text,''),
+			COALESCE(r.badge_label,''), r.is_public, r.is_downloadable, r.is_recommended, r.sort_order, r.status, r.published_at, r.view_count, r.download_count
+		FROM resources r WHERE r.id = $1`, rid)
+	var ar adminResource
+	var rowID uuid.UUID
+	var pub *time.Time
+	if err := row.Scan(&rowID, &ar.Title, &ar.Description, &ar.Type, &ar.Language, &ar.CategoryID, &ar.CoverImage, &ar.FileURL, &ar.PreviewURL, &ar.ExternalURL, &ar.BodyText,
+		&ar.BadgeLabel, &ar.IsPublic, &ar.IsDownloadable, &ar.IsRecommended, &ar.SortOrder, &ar.Status, &pub, &ar.ViewCount, &ar.DownloadCount); err != nil {
+		if err == pgx.ErrNoRows {
+			http.NotFound(w, r)
+			return
+		}
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	ar.ID = rowID.String()
+	tags, _ := loadTagNames(r.Context(), pool, rowID)
+	ar.Tags = tags
+	if pub != nil {
+		s := pub.UTC().Format(time.RFC3339)
+		ar.PublishedAt = &s
+	}
+	writeJSON(w, ar)
+}
+
+func AdminCreateResource(w http.ResponseWriter, r *http.Request) {
+	pool := poolFrom(r)
+	var ar adminResource
+	if err := jsonDecode(r, &ar); err != nil {
+		http.Error(w, "bad json", http.StatusBadRequest)
+		return
+	}
+	adminCreateResource(w, r, pool, &ar)
+}
+
+func AdminUpdateResource(w http.ResponseWriter, r *http.Request) {
+	pool := poolFrom(r)
+	var ar adminResource
+	if err := jsonDecode(r, &ar); err != nil {
+		http.Error(w, "bad json", http.StatusBadRequest)
+		return
+	}
+	id, err := uuid.Parse(chi.URLParam(r, "id"))
+	if err != nil {
+		http.Error(w, "bad id", http.StatusBadRequest)
+		return
+	}
+	adminUpdateResource(w, r, pool, id, &ar)
+}
+
+func adminCreateResource(w http.ResponseWriter, r *http.Request, pool *pgxpool.Pool, ar *adminResource) {
+	ctx := r.Context()
+	var pub *time.Time
+	if ar.Status == "published" {
+		t := time.Now().UTC()
+		pub = &t
+	}
+	row := pool.QueryRow(ctx, `
+		INSERT INTO resources (category_id, title, description, type, language, cover_image, file_url, preview_url, external_url, body_text, badge_label,
+			is_public, is_downloadable, is_recommended, sort_order, status, published_at)
+		VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17)
+		RETURNING id`,
+		ar.CategoryID, ar.Title, nullIfEmpty(ar.Description), ar.Type, ar.Language, nullIfEmpty(ar.CoverImage), nullIfEmpty(ar.FileURL), nullIfEmpty(ar.PreviewURL),
+		nullIfEmpty(ar.ExternalURL), nullIfEmpty(ar.BodyText), nullIfEmpty(ar.BadgeLabel), ar.IsPublic, ar.IsDownloadable, ar.IsRecommended, ar.SortOrder, ar.Status, pub,
+	)
+	var newID uuid.UUID
+	if err := row.Scan(&newID); err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+	_ = replaceTags(ctx, pool, newID, ar.Tags)
+	ar.ID = newID.String()
+	writeJSON(w, ar)
+}
+
+func adminUpdateResource(w http.ResponseWriter, r *http.Request, pool *pgxpool.Pool, id uuid.UUID, ar *adminResource) {
+	ctx := r.Context()
+	var pub *time.Time
+	if ar.PublishedAt != nil && *ar.PublishedAt != "" {
+		t, err := time.Parse(time.RFC3339, *ar.PublishedAt)
+		if err == nil {
+			pub = &t
+		}
+	} else if ar.Status == "published" {
+		// keep existing published_at if already set
+		var existing *time.Time
+		_ = pool.QueryRow(ctx, `SELECT published_at FROM resources WHERE id = $1`, id).Scan(&existing)
+		if existing == nil {
+			t := time.Now().UTC()
+			pub = &t
+		} else {
+			pub = existing
+		}
+	}
+	cmd, err := pool.Exec(ctx, `
+		UPDATE resources SET
+			category_id = $1, title = $2, description = $3, type = $4, language = $5,
+			cover_image = $6, file_url = $7, preview_url = $8, external_url = $9, body_text = $10, badge_label = $11,
+			is_public = $12, is_downloadable = $13, is_recommended = $14, sort_order = $15, status = $16, published_at = COALESCE($17, published_at),
+			updated_at = NOW()
+		WHERE id = $18`,
+		ar.CategoryID, ar.Title, nullIfEmpty(ar.Description), ar.Type, ar.Language, nullIfEmpty(ar.CoverImage), nullIfEmpty(ar.FileURL), nullIfEmpty(ar.PreviewURL),
+		nullIfEmpty(ar.ExternalURL), nullIfEmpty(ar.BodyText), nullIfEmpty(ar.BadgeLabel), ar.IsPublic, ar.IsDownloadable, ar.IsRecommended, ar.SortOrder, ar.Status, pub, id,
+	)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+	if cmd.RowsAffected() == 0 {
+		http.NotFound(w, r)
+		return
+	}
+	_ = replaceTags(ctx, pool, id, ar.Tags)
+	writeJSON(w, map[string]any{"ok": true})
+}
+
+func nullIfEmpty(s string) any {
+	if strings.TrimSpace(s) == "" {
+		return nil
+	}
+	return s
+}
+
+func replaceTags(ctx context.Context, pool *pgxpool.Pool, resourceID uuid.UUID, tags []string) error {
+	_, err := pool.Exec(ctx, `DELETE FROM resource_tags WHERE resource_id = $1`, resourceID)
+	if err != nil {
+		return err
+	}
+	for _, t := range tags {
+		t = strings.TrimSpace(t)
+		if t == "" {
+			continue
+		}
+		var tid int
+		slug := tagSlug(t)
+		err := pool.QueryRow(ctx, `INSERT INTO tags (name, slug) VALUES ($1, $2)
+			ON CONFLICT (slug) DO UPDATE SET name = EXCLUDED.name RETURNING id`, t, slug).Scan(&tid)
+		if err != nil {
+			_ = pool.QueryRow(ctx, `SELECT id FROM tags WHERE slug = $1`, slug).Scan(&tid)
+		}
+		_, _ = pool.Exec(ctx, `INSERT INTO resource_tags (resource_id, tag_id) VALUES ($1,$2) ON CONFLICT DO NOTHING`, resourceID, tid)
+	}
+	return nil
+}
+
+func AdminDeleteResource(w http.ResponseWriter, r *http.Request) {
+	pool := poolFrom(r)
+	id, err := uuid.Parse(chi.URLParam(r, "id"))
+	if err != nil {
+		http.Error(w, "bad id", http.StatusBadRequest)
+		return
+	}
+	cmd, err := pool.Exec(r.Context(), `DELETE FROM resources WHERE id = $1`, id)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	if cmd.RowsAffected() == 0 {
+		http.NotFound(w, r)
+		return
+	}
+	writeJSON(w, map[string]any{"ok": true})
+}