fix: add admin

2026-02-14 10:14:49 +01:00
parent 2e02d6d763
commit f2b690f3f5
86 changed files with 1057 additions and 1939 deletions
--- a/server/api/admin/login.post.ts
+++ b/server/api/admin/login.post.ts
@@ -0,0 +1,28 @@
+import { signToken } from "../../middleware/adminAuth";
+
+export default defineEventHandler(async (event) => {
+  const body = await readBody<{ password?: string }>(event);
+  const adminPassword = useRuntimeConfig().adminPassword;
+
+  if (!adminPassword) {
+    throw createError({ statusCode: 500, statusMessage: "Admin password not configured" });
+  }
+
+  if (!body?.password || body.password !== adminPassword) {
+    throw createError({ statusCode: 401, statusMessage: "Invalid password" });
+  }
+
+  const payload = Date.now().toString(36);
+  const signature = signToken(payload);
+  const token = `${payload}.${signature}`;
+
+  setCookie(event, "admin-session", token, {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === "production",
+    sameSite: "strict",
+    maxAge: 60 * 60 * 24, // 24 hours
+    path: "/",
+  });
+
+  return { ok: true };
+});
--- a/server/api/admin/requests.get.ts
+++ b/server/api/admin/requests.get.ts
@@ -0,0 +1,31 @@
+export default defineEventHandler(async (event) => {
+  const query = getQuery(event);
+  const page = Math.max(1, parseInt(query.page as string) || 1);
+  const limit = Math.min(100, Math.max(1, parseInt(query.limit as string) || 50));
+  const ip = (query.ip as string) || undefined;
+
+  const db = await getDb();
+  const collection = db.collection("requests");
+
+  const filter: Record<string, unknown> = {};
+  if (ip) filter.ip = ip;
+
+  const [requests, total] = await Promise.all([
+    collection
+      .find(filter)
+      .sort({ timestamp: -1 })
+      .skip((page - 1) * limit)
+      .limit(limit)
+      .project({ _id: 0 })
+      .toArray(),
+    collection.countDocuments(filter),
+  ]);
+
+  return {
+    requests,
+    total,
+    page,
+    limit,
+    totalPages: Math.ceil(total / limit),
+  };
+});
--- a/server/api/admin/stats.get.ts
+++ b/server/api/admin/stats.get.ts
@@ -0,0 +1,54 @@
+export default defineEventHandler(async () => {
+  const db = await getDb();
+  const collection = db.collection("requests");
+
+  const now = new Date();
+  const last24h = new Date(now.getTime() - 24 * 60 * 60 * 1000);
+  const last7d = new Date(now.getTime() - 7 * 24 * 60 * 60 * 1000);
+  const last30d = new Date(now.getTime() - 30 * 24 * 60 * 60 * 1000);
+
+  const [totalRequests24h, totalRequests7d, totalRequests30d, uniqueIPs, topIPs, requestsByHour] =
+    await Promise.all([
+      collection.countDocuments({ timestamp: { $gte: last24h.toISOString() } }),
+      collection.countDocuments({ timestamp: { $gte: last7d.toISOString() } }),
+      collection.countDocuments({ timestamp: { $gte: last30d.toISOString() } }),
+      collection
+        .distinct("ip", { timestamp: { $gte: last24h.toISOString() } })
+        .then((ips) => ips.length),
+      collection
+        .aggregate([
+          { $match: { timestamp: { $gte: last24h.toISOString() } } },
+          {
+            $group: {
+              _id: "$ip",
+              count: { $sum: 1 },
+              lastSeen: { $max: "$timestamp" },
+            },
+          },
+          { $sort: { count: -1 } },
+          { $limit: 20 },
+          { $project: { _id: 0, ip: "$_id", count: 1, lastSeen: 1 } },
+        ])
+        .toArray(),
+      collection
+        .aggregate([
+          { $match: { timestamp: { $gte: last24h.toISOString() } } },
+          {
+            $group: {
+              _id: { $substr: ["$timestamp", 11, 2] },
+              count: { $sum: 1 },
+            },
+          },
+          { $sort: { _id: 1 } },
+          { $project: { _id: 0, hour: "$_id", count: 1 } },
+        ])
+        .toArray(),
+    ]);
+
+  return {
+    totalRequests: { last24h: totalRequests24h, last7d: totalRequests7d, last30d: totalRequests30d },
+    uniqueIPs,
+    topIPs,
+    requestsByHour,
+  };
+});