replit/timmy-tower
2
0
Fork 0
Code Issues 26 Pull Requests 5 Actions Packages Projects Releases Wiki Activity
Files
82a170da877ce4c9427585b6e412f3cf49e95b67
timmy-tower/artifacts/api-server/src/routes/admin-relay-queue.ts
alexpaynex ac3493fc69 task/33: Relay admin panel at /admin/relay (post-review fixes) 
## What was built
Relay operator dashboard at GET /admin/relay (clean URL, not under /api).
Served as inline vanilla-JS HTML from Express, no build step.

## Routing
admin-relay-panel.ts imported in app.ts and mounted directly via app.use()
BEFORE the /tower static middleware — so /admin/relay is the canonical URL.
Removed from routes/index.ts to avoid /api/admin/relay duplication.

## Auth (env var aligned: ADMIN_TOKEN)
- Backend (admin-relay.ts): checks ADMIN_TOKEN first, falls back to ADMIN_SECRET
  for backward compatibility. requireAdmin exported for reuse in queue router.
- admin-relay-queue.ts: removed duplicated requireAdmin, imports from admin-relay.ts
- Frontend: prompt text says "ADMIN_TOKEN", localStorage key 'relay_admin_token',
  token stored after successful /api/admin/relay/stats 401 probe.

## Stats endpoint (GET /api/admin/relay/stats) — 3 fixes:
1. approvedToday: now filters AND(status IN ('approved','auto_approved'),
   decidedAt >= UTC midnight today). Previously counted all statuses.
2. liveConnections: fetches STRFRY_URL/stats with 2s AbortSignal timeout.
   Returns null gracefully when strfry is unavailable (dev/non-Docker).
3. Drizzle imports updated: and(), inArray() added.

## Queue endpoint: contentPreview added
GET /api/admin/relay/queue response now includes contentPreview (string|null):
  JSON.parse(rawEvent).content sliced to 120 chars; gracefully null on failure.

## Admin panel features
Stats bar (4 metric cards): Pending review (yellow), Approved today (green),
Accounts (purple), Relay connections (blue — null → "n/a" in UI).

Queue tab: fetches /admin/relay/queue?status=pending (pending-only, per spec).
Columns: Event ID, Pubkey, Kind, Content preview, Status pill, Queued, Actions.
Approve/Reject buttons; 15s auto-refresh; toast feedback.

Accounts tab: whitelist table, Revoke per-row (with confirm dialog), Grant form
(pubkey + access level + notes, 64-char hex validation before POST).

Navigation: ← Timmy UI, Workshop links; Log out clears token + stops timer.

## Smoke tests (all pass, TypeScript 0 errors)
GET /admin/relay → 200 HTML title ✓; screenshot shows auth gate ✓
GET /api/admin/relay/stats → correct fields incl. liveConnections:null ✓
Queue ?status=pending filter ✓; contentPreview in queue response ✓
2026-03-19 20:50:38 +00:00

148 lines
4.7 KiB
TypeScript
Raw Blame History

/**
* admin-relay-queue.ts — Admin endpoints for the event moderation queue.
*
* Protected by ADMIN_SECRET Bearer token (same pattern as admin-relay.ts).
*
* Routes:
* GET /api/admin/relay/queue — list queue (filterable by status)
* POST /api/admin/relay/queue/:eventId/approve — admin approve
* POST /api/admin/relay/queue/:eventId/reject — admin reject
*/
import { Router, type Request, type Response } from "express";
import { db, relayEventQueue, type QueueStatus, QUEUE_STATUSES } from "@workspace/db";
import { eq } from "drizzle-orm";
import { makeLogger } from "../lib/logger.js";
import { moderationService } from "../lib/moderation.js";
import { requireAdmin } from "./admin-relay.js";
const logger = makeLogger("admin-relay-queue");
const router = Router();
// ── GET /admin/relay/queue ────────────────────────────────────────────────────
// Query param: ?status=pending|approved|rejected|auto_approved
// Default: returns all statuses.
router.get("/admin/relay/queue", requireAdmin, async (req: Request, res: Response) => {
const statusParam = req.query["status"] as string | undefined;
if (statusParam && !QUEUE_STATUSES.includes(statusParam as QueueStatus)) {
res.status(400).json({
error: `Invalid status '${statusParam}'. Must be one of: ${QUEUE_STATUSES.join(", ")}`,
});
return;
}
const rows = statusParam
? await db
.select()
.from(relayEventQueue)
.where(eq(relayEventQueue.status, statusParam as QueueStatus))
.orderBy(relayEventQueue.createdAt)
: await db
.select()
.from(relayEventQueue)
.orderBy(relayEventQueue.createdAt);
res.json({
total: rows.length,
events: rows.map((r) => {
// Parse content preview from rawEvent JSON; gracefully degrade on parse failure.
let contentPreview: string | null = null;
try {
const parsed = JSON.parse(r.rawEvent ?? "{}") as { content?: string };
contentPreview = parsed.content?.slice(0, 120) ?? null;
} catch {
contentPreview = null;
}
return {
eventId: r.eventId,
pubkey: r.pubkey,
kind: r.kind,
status: r.status,
contentPreview,
reviewedBy: r.reviewedBy,
reviewReason: r.reviewReason,
createdAt: r.createdAt,
decidedAt: r.decidedAt,
};
}),
});
});
// ── POST /admin/relay/queue/:eventId/approve ──────────────────────────────────
router.post(
"/admin/relay/queue/:eventId/approve",
requireAdmin,
async (req: Request, res: Response) => {
const { eventId } = req.params as { eventId: string };
const body = req.body as { reason?: string };
const reason = body.reason ?? "admin approval";
const rows = await db
.select({ status: relayEventQueue.status })
.from(relayEventQueue)
.where(eq(relayEventQueue.eventId, eventId))
.limit(1);
if (!rows[0]) {
res.status(404).json({ error: "Event not found in queue" });
return;
}
if (rows[0].status === "approved" || rows[0].status === "auto_approved") {
res.status(409).json({ error: "Event already approved" });
return;
}
await moderationService.decide(eventId, "approved", reason, "admin");
logger.info("admin approved queued event", {
eventId: eventId.slice(0, 8),
reason,
});
res.json({ ok: true, eventId, status: "approved", reason });
},
);
// ── POST /admin/relay/queue/:eventId/reject ───────────────────────────────────
router.post(
"/admin/relay/queue/:eventId/reject",
requireAdmin,
async (req: Request, res: Response) => {
const { eventId } = req.params as { eventId: string };
const body = req.body as { reason?: string };
const reason = body.reason ?? "admin rejection";
const rows = await db
.select({ status: relayEventQueue.status })
.from(relayEventQueue)
.where(eq(relayEventQueue.eventId, eventId))
.limit(1);
if (!rows[0]) {
res.status(404).json({ error: "Event not found in queue" });
return;
}
if (rows[0].status === "rejected") {
res.status(409).json({ error: "Event already rejected" });
return;
}
await moderationService.decide(eventId, "rejected", reason, "admin");
logger.info("admin rejected queued event", {
eventId: eventId.slice(0, 8),
reason,
});
res.json({ ok: true, eventId, status: "rejected", reason });
},
);
export default router;
Reference in New Issue View Git Blame Copy Permalink