admin/samreshu_backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

merge: feat/admin-qa for admin routes

Browse Source
This commit is contained in:
Anton
2026-03-04 16:06:32 +03:00
parent bef2dc57b5 5e207ee9b6
commit 39be02e1ca
4 changed files with 177 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/app.ts
View File

@@ -9,6 +9,7 @@ import subscriptionPlugin from './plugins/subscription.js';
import { authRoutes } from './routes/auth.js'; import { authRoutes } from './routes/auth.js';
import { profileRoutes } from './routes/profile.js'; import { profileRoutes } from './routes/profile.js';
import { testsRoutes } from './routes/tests.js'; import { testsRoutes } from './routes/tests.js';
import { adminQuestionsRoutes } from './routes/admin/questions.js';
import { env } from './config/env.js'; import { env } from './config/env.js';
import { randomUUID } from 'node:crypto'; import { randomUUID } from 'node:crypto';
@@ -79,6 +80,7 @@ export async function buildApp(): Promise<FastifyInstance> {
await app.register(authRoutes, { prefix: '/auth' }); await app.register(authRoutes, { prefix: '/auth' });
await app.register(profileRoutes, { prefix: '/profile' }); await app.register(profileRoutes, { prefix: '/profile' });
await app.register(testsRoutes, { prefix: '/tests' }); await app.register(testsRoutes, { prefix: '/tests' });
await app.register(adminQuestionsRoutes, { prefix: '/admin' });
app.get('/health', async () => ({ status: 'ok', timestamp: new Date().toISOString() })); app.get('/health', async () => ({ status: 'ok', timestamp: new Date().toISOString() }));

20
src/plugins/auth.ts
View File

@@ -1,11 +1,14 @@
import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify'; import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
import fp from 'fastify-plugin'; import fp from 'fastify-plugin';
import { eq } from 'drizzle-orm';
import { verifyToken, isAccessPayload } from '../utils/jwt.js'; import { verifyToken, isAccessPayload } from '../utils/jwt.js';
import { unauthorized } from '../utils/errors.js'; import { unauthorized, forbidden } from '../utils/errors.js';
import { users } from '../db/schema/users.js';
declare module 'fastify' { declare module 'fastify' {
interface FastifyInstance { interface FastifyInstance {
authenticate: (req: FastifyRequest, reply: FastifyReply) => Promise<void>; authenticate: (req: FastifyRequest, reply: FastifyReply) => Promise<void>;
authenticateAdmin: (req: FastifyRequest, reply: FastifyReply) => Promise<void>;
} }
interface FastifyRequest { interface FastifyRequest {
user?: { id: string; email: string }; user?: { id: string; email: string };
@@ -34,9 +37,22 @@ export async function authenticate(req: FastifyRequest, _reply: FastifyReply): P
} }
} }
export async function authenticateAdmin(req: FastifyRequest, _reply: FastifyReply): Promise<void> {
if (!req.user) {
throw unauthorized('Authentication required');
}
const [user] = await req.server.db.select({ role: users.role }).from(users).where(eq(users.id, req.user.id));
if (!user || user.role !== 'admin') {
throw forbidden('Admin access required');
}
}
const authPlugin = async (app: FastifyInstance) => { const authPlugin = async (app: FastifyInstance) => {
app.decorateRequest('user', undefined); app.decorateRequest('user', undefined);
app.decorate('authenticate', authenticate); app.decorate('authenticate', authenticate);
app.decorate('authenticateAdmin', authenticateAdmin);
}; };
export default fp(authPlugin, { name: 'auth' }); export default fp(authPlugin, { name: 'auth', dependencies: ['database'] });

131
src/routes/admin/questions.ts Normal file
View File

@@ -0,0 +1,131 @@
import type { FastifyInstance } from 'fastify';
import { AdminQuestionService } from '../../services/admin/admin-question.service.js';
import type { EditQuestionInput } from '../../services/admin/admin-question.service.js';
const STACKS = ['html', 'css', 'js', 'ts', 'react', 'vue', 'nodejs', 'git', 'web_basics'] as const;
const LEVELS = ['basic', 'beginner', 'intermediate', 'advanced', 'expert'] as const;
const QUESTION_TYPES = ['single_choice', 'multiple_select', 'true_false', 'short_text'] as const;
const listPendingQuerySchema = {
querystring: {
type: 'object',
properties: {
limit: { type: 'integer', minimum: 1, maximum: 100 },
offset: { type: 'integer', minimum: 0 },
},
additionalProperties: false,
},
};
const questionIdParamsSchema = {
params: {
type: 'object',
required: ['questionId'],
properties: {
questionId: { type: 'string', format: 'uuid' },
},
},
};
const editQuestionSchema = {
params: {
type: 'object',
required: ['questionId'],
properties: {
questionId: { type: 'string', format: 'uuid' },
},
},
body: {
type: 'object',
properties: {
stack: { type: 'string', enum: [...STACKS] },
level: { type: 'string', enum: [...LEVELS] },
type: { type: 'string', enum: [...QUESTION_TYPES] },
questionText: { type: 'string', minLength: 1 },
options: {
type: 'array',
items: {
type: 'object',
required: ['key', 'text'],
properties: {
key: { type: 'string' },
text: { type: 'string' },
},
},
},
correctAnswer: {
oneOf: [
{ type: 'string' },
{ type: 'array', items: { type: 'string' } },
],
},
explanation: { type: 'string', minLength: 1 },
},
additionalProperties: false,
},
};
export async function adminQuestionsRoutes(app: FastifyInstance) {
const adminQuestionService = new AdminQuestionService(app.db);
const { rateLimitOptions } = app;
app.get(
'/questions/pending',
{
schema: listPendingQuerySchema,
config: { rateLimit: rateLimitOptions.apiAuthed },
preHandler: [app.authenticate, app.authenticateAdmin],
},
async (req, reply) => {
const { limit, offset } = (req.query as { limit?: number; offset?: number }) ?? {};
const result = await adminQuestionService.listPending(limit, offset);
return reply.send(result);
},
);
app.post(
'/questions/:questionId/approve',
{
schema: questionIdParamsSchema,
config: { rateLimit: rateLimitOptions.apiAuthed },
preHandler: [app.authenticate, app.authenticateAdmin],
},
async (req, reply) => {
const adminId = req.user!.id;
const { questionId } = req.params as { questionId: string };
await adminQuestionService.approve(questionId, adminId);
return reply.status(204).send();
},
);
app.post(
'/questions/:questionId/reject',
{
schema: questionIdParamsSchema,
config: { rateLimit: rateLimitOptions.apiAuthed },
preHandler: [app.authenticate, app.authenticateAdmin],
},
async (req, reply) => {
const adminId = req.user!.id;
const { questionId } = req.params as { questionId: string };
await adminQuestionService.reject(questionId, adminId);
return reply.status(204).send();
},
);
app.patch(
'/questions/:questionId',
{
schema: editQuestionSchema,
config: { rateLimit: rateLimitOptions.apiAuthed },
preHandler: [app.authenticate, app.authenticateAdmin],
},
async (req, reply) => {
const adminId = req.user!.id;
const { questionId } = req.params as { questionId: string };
const body = req.body as EditQuestionInput;
const question = await adminQuestionService.edit(questionId, body, adminId);
return reply.send(question);
},
);
}

30
src/services/admin/admin-question.service.ts
View File

@@ -1,7 +1,7 @@
import { eq, asc, count } from 'drizzle-orm'; import { eq, asc, count } from 'drizzle-orm';
import type { NodePgDatabase } from 'drizzle-orm/node-postgres'; import type { NodePgDatabase } from 'drizzle-orm/node-postgres';
import type * as schema from '../../db/schema/index.js'; import type * as schema from '../../db/schema/index.js';
import { questionBank } from '../../db/schema/index.js'; import { questionBank, auditLogs } from '../../db/schema/index.js';
import { notFound } from '../../utils/errors.js'; import { notFound } from '../../utils/errors.js';
import type { Stack, Level, QuestionType } from '../../db/schema/enums.js'; import type { Stack, Level, QuestionType } from '../../db/schema/enums.js';
@@ -80,7 +80,7 @@ export class AdminQuestionService {
}; };
} }
async approve(questionId: string): Promise<void> { async approve(questionId: string, adminId: string): Promise<void> {
const [updated] = await this.db const [updated] = await this.db
.update(questionBank) .update(questionBank)
.set({ .set({
@@ -93,9 +93,16 @@ export class AdminQuestionService {
if (!updated) { if (!updated) {
throw notFound('Question not found'); throw notFound('Question not found');
} }
await this.db.insert(auditLogs).values({
adminId,
action: 'question_approved',
targetType: 'question',
targetId: questionId,
});
} }
async reject(questionId: string): Promise<void> { async reject(questionId: string, adminId: string): Promise<void> {
const [updated] = await this.db const [updated] = await this.db
.update(questionBank) .update(questionBank)
.set({ status: 'rejected' }) .set({ status: 'rejected' })
@@ -105,9 +112,16 @@ export class AdminQuestionService {
if (!updated) { if (!updated) {
throw notFound('Question not found'); throw notFound('Question not found');
} }
await this.db.insert(auditLogs).values({
adminId,
action: 'question_rejected',
targetType: 'question',
targetId: questionId,
});
} }
async edit(questionId: string, input: EditQuestionInput): Promise<PendingQuestion> { async edit(questionId: string, input: EditQuestionInput, adminId: string): Promise<PendingQuestion> {
const updates: Partial<{ const updates: Partial<{
stack: Stack; stack: Stack;
level: Level; level: Level;
@@ -156,6 +170,14 @@ export class AdminQuestionService {
throw notFound('Question not found'); throw notFound('Question not found');
} }
await this.db.insert(auditLogs).values({
adminId,
action: 'question_edited',
targetType: 'question',
targetId: questionId,
details: updates as Record<string, unknown>,
});
return { return {
id: updated.id, id: updated.id,
stack: updated.stack, stack: updated.stack,