feat: add admin panel with user, tag, and signup management

Phase 4 — Admin Panel: - Admin dashboard with user/fave/pending-request counts - User management: create with temp password, reset password, enable/disable accounts (prevents self-disable) - Tag management: rename and delete tags - Signup request management: approve (creates user with must-reset-password) and reject pending requests - Site settings: site name, description, signup mode (open/requests/closed) - All admin routes require both login and admin role - SignupRequest model and full store (create, list pending, approve with user creation, reject) - SetMustResetPassword method on UserStore for admin password resets Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 16:09:30 +02:00 · 2026-03-29 16:09:30 +02:00 · 13aec5be6e
commit 13aec5be6e
parent 2cbbb20278
11 changed files with 778 additions and 1 deletions
--- a/internal/store/signup_request.go
+++ b/internal/store/signup_request.go
@ -7,9 +7,15 @@ import (
 	"errors"
 	"fmt"
 	"strings"
+	"time"
+
+	"kode.naiv.no/olemd/favoritter/internal/model"
 )

-var ErrSignupRequestExists = errors.New("signup request already exists")
+var (
+	ErrSignupRequestExists  = errors.New("signup request already exists")
+	ErrSignupRequestNotFound = errors.New("signup request not found")
+)

 type SignupRequestStore struct {
 	db *sql.DB
@ -39,6 +45,113 @@ func (s *SignupRequestStore) Create(username, password string) error {
 	return nil
 }

+// GetByID returns a signup request by ID.
+func (s *SignupRequestStore) GetByID(id int64) (*model.SignupRequest, error) {
+	var sr model.SignupRequest
+	var createdAt string
+	var reviewedAt sql.NullString
+	var reviewedBy sql.NullInt64
+	err := s.db.QueryRow(
+		`SELECT id, username, password_hash, status, created_at, reviewed_at, reviewed_by
+		FROM signup_requests WHERE id = ?`, id,
+	).Scan(&sr.ID, &sr.Username, &sr.PasswordHash, &sr.Status, &createdAt, &reviewedAt, &reviewedBy)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrSignupRequestNotFound
+	}
+	if err != nil {
+		return nil, err
+	}
+	sr.CreatedAt, _ = time.Parse(time.RFC3339, createdAt)
+	if reviewedAt.Valid {
+		t, _ := time.Parse(time.RFC3339, reviewedAt.String)
+		sr.ReviewedAt = &t
+	}
+	if reviewedBy.Valid {
+		sr.ReviewedBy = reviewedBy.Int64
+	}
+	return &sr, nil
+}
+
+// ListPending returns all pending signup requests, newest first.
+func (s *SignupRequestStore) ListPending() ([]*model.SignupRequest, error) {
+	rows, err := s.db.Query(
+		`SELECT id, username, password_hash, status, created_at, reviewed_at, reviewed_by
+		FROM signup_requests WHERE status = 'pending'
+		ORDER BY created_at DESC`,
+	)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var requests []*model.SignupRequest
+	for rows.Next() {
+		var sr model.SignupRequest
+		var createdAt string
+		var reviewedAt sql.NullString
+		var reviewedBy sql.NullInt64
+		if err := rows.Scan(&sr.ID, &sr.Username, &sr.PasswordHash, &sr.Status, &createdAt, &reviewedAt, &reviewedBy); err != nil {
+			return nil, err
+		}
+		sr.CreatedAt, _ = time.Parse(time.RFC3339, createdAt)
+		requests = append(requests, &sr)
+	}
+	return requests, rows.Err()
+}
+
+// Approve marks a request as approved and creates the user account.
+// The new user will have must_reset_password=1.
+func (s *SignupRequestStore) Approve(id int64, adminID int64) error {
+	sr, err := s.GetByID(id)
+	if err != nil {
+		return err
+	}
+	if sr.Status != "pending" {
+		return fmt.Errorf("request is not pending (status: %s)", sr.Status)
+	}
+
+	// Create the user with the already-hashed password.
+	_, err = s.db.Exec(
+		`INSERT INTO users (username, password_hash, must_reset_password) VALUES (?, ?, 1)`,
+		sr.Username, sr.PasswordHash,
+	)
+	if err != nil {
+		if strings.Contains(err.Error(), "UNIQUE constraint failed") {
+			return ErrUserExists
+		}
+		return fmt.Errorf("create user from request: %w", err)
+	}
+
+	// Mark the request as approved.
+	_, err = s.db.Exec(
+		`UPDATE signup_requests SET status = 'approved',
+			reviewed_at = strftime('%Y-%m-%dT%H:%M:%SZ', 'now'),
+			reviewed_by = ?
+		WHERE id = ?`,
+		adminID, id,
+	)
+	return err
+}
+
+// Reject marks a request as rejected.
+func (s *SignupRequestStore) Reject(id int64, adminID int64) error {
+	result, err := s.db.Exec(
+		`UPDATE signup_requests SET status = 'rejected',
+			reviewed_at = strftime('%Y-%m-%dT%H:%M:%SZ', 'now'),
+			reviewed_by = ?
+		WHERE id = ? AND status = 'pending'`,
+		adminID, id,
+	)
+	if err != nil {
+		return err
+	}
+	n, _ := result.RowsAffected()
+	if n == 0 {
+		return ErrSignupRequestNotFound
+	}
+	return nil
+}
+
 // PendingCount returns the number of pending signup requests.
 func (s *SignupRequestStore) PendingCount() (int, error) {
 	var n int
--- a/internal/store/user.go
+++ b/internal/store/user.go
@ -157,6 +157,21 @@ func (s *UserStore) UpdateProfile(userID int64, displayName, bio, profileVisibil
 	return err
 }

+// SetMustResetPassword sets or clears the must_reset_password flag.
+func (s *UserStore) SetMustResetPassword(userID int64, must bool) error {
+	val := 0
+	if must {
+		val = 1
+	}
+	_, err := s.db.Exec(
+		`UPDATE users SET must_reset_password = ?,
+			updated_at = strftime('%Y-%m-%dT%H:%M:%SZ', 'now')
+		WHERE id = ?`,
+		val, userID,
+	)
+	return err
+}
+
 // UpdateAvatar updates a user's avatar path.
 func (s *UserStore) UpdateAvatar(userID int64, avatarPath string) error {
 	_, err := s.db.Exec(