everything

2025-10-28 14:48:44 +11:00
parent 788b46a5ea
commit d5818bcf13
10 changed files with 1060 additions and 0 deletions
--- a/internal/auth/admin_middleware.go
+++ b/internal/auth/admin_middleware.go
@@ -0,0 +1,48 @@
+package auth
+
+import (
+	"context"
+	"database/sql"
+	"log"
+	"net/http"
+
+	ory "github.com/ory/client-go"
+
+	"decor-by-hannahs/internal/db"
+)
+
+func AdminMiddleware(oryClient *ory.APIClient, queries *db.Queries) func(http.HandlerFunc) http.HandlerFunc {
+	return func(next http.HandlerFunc) http.HandlerFunc {
+		return func(w http.ResponseWriter, r *http.Request) {
+			cookies := r.Header.Get("Cookie")
+			session, _, err := oryClient.FrontendAPI.ToSession(r.Context()).Cookie(cookies).Execute()
+			
+			if err != nil || session == nil || session.Active == nil || !*session.Active {
+				http.Error(w, "Unauthorized - Please log in", http.StatusUnauthorized)
+				return
+			}
+
+			email := getEmailFromSession(session)
+			if email == "" {
+				http.Error(w, "No email in session", http.StatusBadRequest)
+				return
+			}
+
+			oryID := sql.NullString{String: session.Identity.Id, Valid: true}
+			user, err := queries.GetUserByOryID(r.Context(), oryID)
+			if err != nil {
+				http.Error(w, "User not found", http.StatusUnauthorized)
+				return
+			}
+
+			if !user.IsAdmin.Bool {
+				log.Printf("Non-admin user %s attempted to access admin area", email)
+				http.Error(w, "Forbidden - Admin access required", http.StatusForbidden)
+				return
+			}
+
+			ctx := context.WithValue(r.Context(), "user", user)
+			next.ServeHTTP(w, r.WithContext(ctx))
+		}
+	}
+}
--- a/internal/handlers/admin.go
+++ b/internal/handlers/admin.go
@@ -0,0 +1,102 @@
+package handlers
+
+import (
+	"database/sql"
+	"html/template"
+	"log"
+	"net/http"
+	"strconv"
+
+	ory "github.com/ory/client-go"
+
+	"decor-by-hannahs/internal/db"
+)
+
+type AdminBooking struct {
+	ID            int64
+	UserEmail     string
+	ServiceName   string
+	ServiceOption string
+	EventType     string
+	EventDate     string
+	Address       string
+	Notes         string
+	Status        string
+	CreatedAt     string
+}
+
+type AdminData struct {
+	ActivePage    string
+	Authenticated bool
+	OryLoginURL   string
+	Bookings      []AdminBooking
+}
+
+func AdminHandler(q *db.Queries, tmpl *template.Template, oryClient *ory.APIClient) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		data := AdminData{
+			ActivePage:    "admin",
+			Authenticated: isAuthenticated(r, oryClient),
+			OryLoginURL:   "/login",
+		}
+
+		bookings, err := q.ListAllBookingsWithDetails(r.Context())
+		if err != nil {
+			log.Printf("Error fetching bookings: %v", err)
+		} else {
+			for _, b := range bookings {
+				data.Bookings = append(data.Bookings, AdminBooking{
+					ID:            b.ID,
+					UserEmail:     b.UserEmail,
+					ServiceName:   b.ServiceName,
+					ServiceOption: nullStringToString(b.ServiceOption),
+					EventType:     nullStringToString(b.EventType),
+					EventDate:     b.EventDate.Format("January 2, 2006"),
+					Address:       nullStringToString(b.Address),
+					Notes:         nullStringToString(b.Notes),
+					Status:        nullStringToString(b.Status),
+					CreatedAt:     b.CreatedAt.Time.Format("Jan 2, 2006 3:04 PM"),
+				})
+			}
+		}
+
+		if err := tmpl.ExecuteTemplate(w, "admin.tmpl", data); err != nil {
+			log.Printf("Error rendering admin template: %v", err)
+			http.Error(w, "Failed to render page", http.StatusInternalServerError)
+			return
+		}
+	}
+}
+
+func AdminUpdateBookingHandler(q *db.Queries, oryClient *ory.APIClient) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodPost {
+			http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+			return
+		}
+
+		bookingID, err := strconv.ParseInt(r.FormValue("booking_id"), 10, 64)
+		if err != nil {
+			http.Error(w, "Invalid booking ID", http.StatusBadRequest)
+			return
+		}
+
+		status := r.FormValue("status")
+		if status == "" {
+			http.Error(w, "Status is required", http.StatusBadRequest)
+			return
+		}
+
+		err = q.UpdateBookingStatus(r.Context(), db.UpdateBookingStatusParams{
+			ID:     bookingID,
+			Status: sql.NullString{String: status, Valid: true},
+		})
+		if err != nil {
+			log.Printf("Error updating booking: %v", err)
+			http.Error(w, "Failed to update booking", http.StatusInternalServerError)
+			return
+		}
+
+		http.Redirect(w, r, "/admin", http.StatusSeeOther)
+	}
+}
--- a/internal/tmpl/admin.tmpl
+++ b/internal/tmpl/admin.tmpl
@@ -0,0 +1,139 @@
+{{define "admin.tmpl"}}
+<!doctype html>
+<html>
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Admin - Decor By Hannahs</title>
+<link rel="stylesheet" href="/static/css/styles.css">
+<script>
+(function() {
+  const savedTheme = localStorage.getItem('theme') || 'light';
+  document.documentElement.setAttribute('data-theme', savedTheme);
+})();
+</script>
+<script src="/static/js/alpine.js" defer></script>
+<script src="/static/htmx/htmx.min.js" defer></script>
+<script src="/static/js/drawer.js" defer></script>
+<style>
+.admin-table {
+  width: 100%;
+  border-collapse: collapse;
+  margin-top: 1rem;
+}
+.admin-table th,
+.admin-table td {
+  padding: 0.75rem;
+  text-align: left;
+  border-bottom: 1px solid hsl(var(--border));
+}
+.admin-table th {
+  background: hsl(var(--muted) / 0.3);
+  font-weight: 600;
+}
+.admin-table tr:hover {
+  background: hsl(var(--muted) / 0.1);
+}
+.status-select {
+  padding: 0.25rem 0.5rem;
+  border: 1px solid hsl(var(--border));
+  border-radius: 4px;
+  background: white;
+}
+.update-btn {
+  padding: 0.25rem 0.75rem;
+  background: hsl(var(--primary));
+  color: white;
+  border: none;
+  border-radius: 4px;
+  cursor: pointer;
+  font-size: 0.875rem;
+}
+.update-btn:hover {
+  opacity: 0.9;
+}
+</style>
+</head>
+
+<body>
+{{template "header" .}}
+
+<main>
+<div style="max-width: 1400px; margin: 0 auto;">
+<div style="margin-bottom: 2rem;">
+<h1 style="font-size: 2.5rem; font-weight: 700; margin-bottom: 0.5rem;">Admin Dashboard</h1>
+<p style="color: hsl(var(--muted-foreground)); font-size: 1.125rem;">Manage bookings and orders</p>
+</div>
+
+<div class="card">
+<div class="card-header">
+<h3 class="card-title">All Bookings</h3>
+<p class="card-description">View and update booking statuses</p>
+</div>
+<div class="card-content">
+{{if .Bookings}}
+<div style="overflow-x: auto;">
+<table class="admin-table">
+<thead>
+<tr>
+<th>ID</th>
+<th>Customer</th>
+<th>Service</th>
+<th>Event Type</th>
+<th>Event Date</th>
+<th>Address</th>
+<th>Status</th>
+<th>Created</th>
+<th>Action</th>
+</tr>
+</thead>
+<tbody>
+{{range .Bookings}}
+<tr>
+<td>{{.ID}}</td>
+<td>{{.UserEmail}}</td>
+<td>{{.ServiceOption}}</td>
+<td>{{.EventType}}</td>
+<td>{{.EventDate}}</td>
+<td style="max-width: 200px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;">{{.Address}}</td>
+<td>
+<span class="status-badge status-{{.Status}}">{{.Status}}</span>
+</td>
+<td>{{.CreatedAt}}</td>
+<td>
+<form method="POST" action="/admin/update-booking" style="display: flex; gap: 0.5rem; align-items: center;">
+<input type="hidden" name="booking_id" value="{{.ID}}">
+<select name="status" class="status-select">
+<option value="pending" {{if eq .Status "pending"}}selected{{end}}>Pending</option>
+<option value="confirmed" {{if eq .Status "confirmed"}}selected{{end}}>Confirmed</option>
+<option value="completed" {{if eq .Status "completed"}}selected{{end}}>Completed</option>
+<option value="cancelled" {{if eq .Status "cancelled"}}selected{{end}}>Cancelled</option>
+</select>
+<button type="submit" class="update-btn">Update</button>
+</form>
+</td>
+</tr>
+{{if .Notes}}
+<tr>
+<td colspan="9" style="background: hsl(var(--muted) / 0.2); font-size: 0.875rem;">
+<strong>Notes:</strong> {{.Notes}}
+</td>
+</tr>
+{{end}}
+{{end}}
+</tbody>
+</table>
+</div>
+{{else}}
+<p style="color: hsl(var(--muted-foreground));">No bookings yet.</p>
+{{end}}
+</div>
+</div>
+</div>
+</main>
+
+{{template "footer"}}
+{{template "theme-script"}}
+</body>
+</html>
+{{end}}