Compare commits
4 Commits
feat/tests
...
feat/admin
| Author | SHA1 | Date | |
|---|---|---|---|
|
5e207ee9b6 | ||
|
|
7bea8585c5 | ||
|
|
7cfc8fb12e | ||
|
|
9bada23e2e |
@@ -9,6 +9,7 @@ import subscriptionPlugin from './plugins/subscription.js';
|
||||
import { authRoutes } from './routes/auth.js';
|
||||
import { profileRoutes } from './routes/profile.js';
|
||||
import { testsRoutes } from './routes/tests.js';
|
||||
import { adminQuestionsRoutes } from './routes/admin/questions.js';
|
||||
import { env } from './config/env.js';
|
||||
import { randomUUID } from 'node:crypto';
|
||||
|
||||
@@ -79,6 +80,7 @@ export async function buildApp(): Promise<FastifyInstance> {
|
||||
await app.register(authRoutes, { prefix: '/auth' });
|
||||
await app.register(profileRoutes, { prefix: '/profile' });
|
||||
await app.register(testsRoutes, { prefix: '/tests' });
|
||||
await app.register(adminQuestionsRoutes, { prefix: '/admin' });
|
||||
|
||||
app.get('/health', async () => ({ status: 'ok', timestamp: new Date().toISOString() }));
|
||||
|
||||
|
||||
@@ -1,11 +1,14 @@
|
||||
import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
|
||||
import fp from 'fastify-plugin';
|
||||
import { eq } from 'drizzle-orm';
|
||||
import { verifyToken, isAccessPayload } from '../utils/jwt.js';
|
||||
import { unauthorized } from '../utils/errors.js';
|
||||
import { unauthorized, forbidden } from '../utils/errors.js';
|
||||
import { users } from '../db/schema/users.js';
|
||||
|
||||
declare module 'fastify' {
|
||||
interface FastifyInstance {
|
||||
authenticate: (req: FastifyRequest, reply: FastifyReply) => Promise<void>;
|
||||
authenticateAdmin: (req: FastifyRequest, reply: FastifyReply) => Promise<void>;
|
||||
}
|
||||
interface FastifyRequest {
|
||||
user?: { id: string; email: string };
|
||||
@@ -34,9 +37,22 @@ export async function authenticate(req: FastifyRequest, _reply: FastifyReply): P
|
||||
}
|
||||
}
|
||||
|
||||
export async function authenticateAdmin(req: FastifyRequest, _reply: FastifyReply): Promise<void> {
|
||||
if (!req.user) {
|
||||
throw unauthorized('Authentication required');
|
||||
}
|
||||
|
||||
const [user] = await req.server.db.select({ role: users.role }).from(users).where(eq(users.id, req.user.id));
|
||||
|
||||
if (!user || user.role !== 'admin') {
|
||||
throw forbidden('Admin access required');
|
||||
}
|
||||
}
|
||||
|
||||
const authPlugin = async (app: FastifyInstance) => {
|
||||
app.decorateRequest('user', undefined);
|
||||
app.decorate('authenticate', authenticate);
|
||||
app.decorate('authenticateAdmin', authenticateAdmin);
|
||||
};
|
||||
|
||||
export default fp(authPlugin, { name: 'auth' });
|
||||
export default fp(authPlugin, { name: 'auth', dependencies: ['database'] });
|
||||
|
||||
131
src/routes/admin/questions.ts
Normal file
131
src/routes/admin/questions.ts
Normal file
@@ -0,0 +1,131 @@
|
||||
import type { FastifyInstance } from 'fastify';
|
||||
import { AdminQuestionService } from '../../services/admin/admin-question.service.js';
|
||||
import type { EditQuestionInput } from '../../services/admin/admin-question.service.js';
|
||||
|
||||
const STACKS = ['html', 'css', 'js', 'ts', 'react', 'vue', 'nodejs', 'git', 'web_basics'] as const;
|
||||
const LEVELS = ['basic', 'beginner', 'intermediate', 'advanced', 'expert'] as const;
|
||||
const QUESTION_TYPES = ['single_choice', 'multiple_select', 'true_false', 'short_text'] as const;
|
||||
|
||||
const listPendingQuerySchema = {
|
||||
querystring: {
|
||||
type: 'object',
|
||||
properties: {
|
||||
limit: { type: 'integer', minimum: 1, maximum: 100 },
|
||||
offset: { type: 'integer', minimum: 0 },
|
||||
},
|
||||
additionalProperties: false,
|
||||
},
|
||||
};
|
||||
|
||||
const questionIdParamsSchema = {
|
||||
params: {
|
||||
type: 'object',
|
||||
required: ['questionId'],
|
||||
properties: {
|
||||
questionId: { type: 'string', format: 'uuid' },
|
||||
},
|
||||
},
|
||||
};
|
||||
|
||||
const editQuestionSchema = {
|
||||
params: {
|
||||
type: 'object',
|
||||
required: ['questionId'],
|
||||
properties: {
|
||||
questionId: { type: 'string', format: 'uuid' },
|
||||
},
|
||||
},
|
||||
body: {
|
||||
type: 'object',
|
||||
properties: {
|
||||
stack: { type: 'string', enum: [...STACKS] },
|
||||
level: { type: 'string', enum: [...LEVELS] },
|
||||
type: { type: 'string', enum: [...QUESTION_TYPES] },
|
||||
questionText: { type: 'string', minLength: 1 },
|
||||
options: {
|
||||
type: 'array',
|
||||
items: {
|
||||
type: 'object',
|
||||
required: ['key', 'text'],
|
||||
properties: {
|
||||
key: { type: 'string' },
|
||||
text: { type: 'string' },
|
||||
},
|
||||
},
|
||||
},
|
||||
correctAnswer: {
|
||||
oneOf: [
|
||||
{ type: 'string' },
|
||||
{ type: 'array', items: { type: 'string' } },
|
||||
],
|
||||
},
|
||||
explanation: { type: 'string', minLength: 1 },
|
||||
},
|
||||
additionalProperties: false,
|
||||
},
|
||||
};
|
||||
|
||||
export async function adminQuestionsRoutes(app: FastifyInstance) {
|
||||
const adminQuestionService = new AdminQuestionService(app.db);
|
||||
const { rateLimitOptions } = app;
|
||||
|
||||
app.get(
|
||||
'/questions/pending',
|
||||
{
|
||||
schema: listPendingQuerySchema,
|
||||
config: { rateLimit: rateLimitOptions.apiAuthed },
|
||||
preHandler: [app.authenticate, app.authenticateAdmin],
|
||||
},
|
||||
async (req, reply) => {
|
||||
const { limit, offset } = (req.query as { limit?: number; offset?: number }) ?? {};
|
||||
const result = await adminQuestionService.listPending(limit, offset);
|
||||
return reply.send(result);
|
||||
},
|
||||
);
|
||||
|
||||
app.post(
|
||||
'/questions/:questionId/approve',
|
||||
{
|
||||
schema: questionIdParamsSchema,
|
||||
config: { rateLimit: rateLimitOptions.apiAuthed },
|
||||
preHandler: [app.authenticate, app.authenticateAdmin],
|
||||
},
|
||||
async (req, reply) => {
|
||||
const adminId = req.user!.id;
|
||||
const { questionId } = req.params as { questionId: string };
|
||||
await adminQuestionService.approve(questionId, adminId);
|
||||
return reply.status(204).send();
|
||||
},
|
||||
);
|
||||
|
||||
app.post(
|
||||
'/questions/:questionId/reject',
|
||||
{
|
||||
schema: questionIdParamsSchema,
|
||||
config: { rateLimit: rateLimitOptions.apiAuthed },
|
||||
preHandler: [app.authenticate, app.authenticateAdmin],
|
||||
},
|
||||
async (req, reply) => {
|
||||
const adminId = req.user!.id;
|
||||
const { questionId } = req.params as { questionId: string };
|
||||
await adminQuestionService.reject(questionId, adminId);
|
||||
return reply.status(204).send();
|
||||
},
|
||||
);
|
||||
|
||||
app.patch(
|
||||
'/questions/:questionId',
|
||||
{
|
||||
schema: editQuestionSchema,
|
||||
config: { rateLimit: rateLimitOptions.apiAuthed },
|
||||
preHandler: [app.authenticate, app.authenticateAdmin],
|
||||
},
|
||||
async (req, reply) => {
|
||||
const adminId = req.user!.id;
|
||||
const { questionId } = req.params as { questionId: string };
|
||||
const body = req.body as EditQuestionInput;
|
||||
const question = await adminQuestionService.edit(questionId, body, adminId);
|
||||
return reply.send(question);
|
||||
},
|
||||
);
|
||||
}
|
||||
194
src/services/admin/admin-question.service.ts
Normal file
194
src/services/admin/admin-question.service.ts
Normal file
@@ -0,0 +1,194 @@
|
||||
import { eq, asc, count } from 'drizzle-orm';
|
||||
import type { NodePgDatabase } from 'drizzle-orm/node-postgres';
|
||||
import type * as schema from '../../db/schema/index.js';
|
||||
import { questionBank, auditLogs } from '../../db/schema/index.js';
|
||||
import { notFound } from '../../utils/errors.js';
|
||||
import type { Stack, Level, QuestionType } from '../../db/schema/enums.js';
|
||||
|
||||
type Db = NodePgDatabase<typeof schema>;
|
||||
|
||||
export type PendingQuestion = {
|
||||
id: string;
|
||||
stack: Stack;
|
||||
level: Level;
|
||||
type: QuestionType;
|
||||
questionText: string;
|
||||
options: Array<{ key: string; text: string }> | null;
|
||||
correctAnswer: string | string[];
|
||||
explanation: string;
|
||||
source: string;
|
||||
createdAt: Date;
|
||||
};
|
||||
|
||||
export type EditQuestionInput = {
|
||||
stack?: Stack;
|
||||
level?: Level;
|
||||
type?: QuestionType;
|
||||
questionText?: string;
|
||||
options?: Array<{ key: string; text: string }> | null;
|
||||
correctAnswer?: string | string[];
|
||||
explanation?: string;
|
||||
};
|
||||
|
||||
export type ListPendingResult = {
|
||||
questions: PendingQuestion[];
|
||||
total: number;
|
||||
};
|
||||
|
||||
export class AdminQuestionService {
|
||||
constructor(private readonly db: Db) {}
|
||||
|
||||
async listPending(limit = 50, offset = 0): Promise<ListPendingResult> {
|
||||
const questions = await this.db
|
||||
.select({
|
||||
id: questionBank.id,
|
||||
stack: questionBank.stack,
|
||||
level: questionBank.level,
|
||||
type: questionBank.type,
|
||||
questionText: questionBank.questionText,
|
||||
options: questionBank.options,
|
||||
correctAnswer: questionBank.correctAnswer,
|
||||
explanation: questionBank.explanation,
|
||||
source: questionBank.source,
|
||||
createdAt: questionBank.createdAt,
|
||||
})
|
||||
.from(questionBank)
|
||||
.where(eq(questionBank.status, 'pending'))
|
||||
.orderBy(asc(questionBank.createdAt))
|
||||
.limit(limit)
|
||||
.offset(offset);
|
||||
|
||||
const [{ count: totalCount }] = await this.db
|
||||
.select({ count: count() })
|
||||
.from(questionBank)
|
||||
.where(eq(questionBank.status, 'pending'));
|
||||
|
||||
return {
|
||||
questions: questions.map((q) => ({
|
||||
id: q.id,
|
||||
stack: q.stack,
|
||||
level: q.level,
|
||||
type: q.type,
|
||||
questionText: q.questionText,
|
||||
options: q.options,
|
||||
correctAnswer: q.correctAnswer,
|
||||
explanation: q.explanation,
|
||||
source: q.source,
|
||||
createdAt: q.createdAt,
|
||||
})),
|
||||
total: totalCount ?? 0,
|
||||
};
|
||||
}
|
||||
|
||||
async approve(questionId: string, adminId: string): Promise<void> {
|
||||
const [updated] = await this.db
|
||||
.update(questionBank)
|
||||
.set({
|
||||
status: 'approved',
|
||||
approvedAt: new Date(),
|
||||
})
|
||||
.where(eq(questionBank.id, questionId))
|
||||
.returning({ id: questionBank.id });
|
||||
|
||||
if (!updated) {
|
||||
throw notFound('Question not found');
|
||||
}
|
||||
|
||||
await this.db.insert(auditLogs).values({
|
||||
adminId,
|
||||
action: 'question_approved',
|
||||
targetType: 'question',
|
||||
targetId: questionId,
|
||||
});
|
||||
}
|
||||
|
||||
async reject(questionId: string, adminId: string): Promise<void> {
|
||||
const [updated] = await this.db
|
||||
.update(questionBank)
|
||||
.set({ status: 'rejected' })
|
||||
.where(eq(questionBank.id, questionId))
|
||||
.returning({ id: questionBank.id });
|
||||
|
||||
if (!updated) {
|
||||
throw notFound('Question not found');
|
||||
}
|
||||
|
||||
await this.db.insert(auditLogs).values({
|
||||
adminId,
|
||||
action: 'question_rejected',
|
||||
targetType: 'question',
|
||||
targetId: questionId,
|
||||
});
|
||||
}
|
||||
|
||||
async edit(questionId: string, input: EditQuestionInput, adminId: string): Promise<PendingQuestion> {
|
||||
const updates: Partial<{
|
||||
stack: Stack;
|
||||
level: Level;
|
||||
type: QuestionType;
|
||||
questionText: string;
|
||||
options: Array<{ key: string; text: string }> | null;
|
||||
correctAnswer: string | string[];
|
||||
explanation: string;
|
||||
}> = {};
|
||||
|
||||
if (input.stack !== undefined) updates.stack = input.stack;
|
||||
if (input.level !== undefined) updates.level = input.level;
|
||||
if (input.type !== undefined) updates.type = input.type;
|
||||
if (input.questionText !== undefined) updates.questionText = input.questionText;
|
||||
if (input.options !== undefined) updates.options = input.options;
|
||||
if (input.correctAnswer !== undefined) updates.correctAnswer = input.correctAnswer;
|
||||
if (input.explanation !== undefined) updates.explanation = input.explanation;
|
||||
|
||||
if (Object.keys(updates).length === 0) {
|
||||
const [existing] = await this.db
|
||||
.select()
|
||||
.from(questionBank)
|
||||
.where(eq(questionBank.id, questionId));
|
||||
if (!existing) throw notFound('Question not found');
|
||||
return {
|
||||
id: existing.id,
|
||||
stack: existing.stack,
|
||||
level: existing.level,
|
||||
type: existing.type,
|
||||
questionText: existing.questionText,
|
||||
options: existing.options,
|
||||
correctAnswer: existing.correctAnswer,
|
||||
explanation: existing.explanation,
|
||||
source: existing.source,
|
||||
createdAt: existing.createdAt,
|
||||
};
|
||||
}
|
||||
|
||||
const [updated] = await this.db
|
||||
.update(questionBank)
|
||||
.set(updates)
|
||||
.where(eq(questionBank.id, questionId))
|
||||
.returning();
|
||||
|
||||
if (!updated) {
|
||||
throw notFound('Question not found');
|
||||
}
|
||||
|
||||
await this.db.insert(auditLogs).values({
|
||||
adminId,
|
||||
action: 'question_edited',
|
||||
targetType: 'question',
|
||||
targetId: questionId,
|
||||
details: updates as Record<string, unknown>,
|
||||
});
|
||||
|
||||
return {
|
||||
id: updated.id,
|
||||
stack: updated.stack,
|
||||
level: updated.level,
|
||||
type: updated.type,
|
||||
questionText: updated.questionText,
|
||||
options: updated.options,
|
||||
correctAnswer: updated.correctAnswer,
|
||||
explanation: updated.explanation,
|
||||
source: updated.source,
|
||||
createdAt: updated.createdAt,
|
||||
};
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user