Initial commit: Phase 1+2 prototype

- Go backend with SQLite, JWT auth, file CRUD - Vue 3 frontend with split/raw/WYSIWYG editor modes - Markdown preview (marked, GFM) - Formatting toolbar + keyboard shortcuts - File tree with search, create, delete - Light/dark theme toggle - Admin panel (user management) - Preferences (timezone, theme, default mode) - Shared documents section (placeholder) - Export: PDF, HTML, MD - Build daemon (Python, stdlib only) - Build job queue API - Docker deployment
2026-05-22 19:48:48 +02:00
commit 0c1047d390
26 changed files with 6206 additions and 0 deletions
@@ -0,0 +1,248 @@
+package api
+
+import (
+	"encoding/json"
+	"net/http"
+	"time"
+
+	"github.com/google/uuid"
+
+	"markdownhub/internal/auth"
+	"markdownhub/internal/files"
+)
+
+func writeJSON(w http.ResponseWriter, status int, v interface{}) {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(status)
+	json.NewEncoder(w).Encode(v)
+}
+
+func decodeBody(r *http.Request, v interface{}) error {
+	defer r.Body.Close()
+	return json.NewDecoder(r.Body).Decode(v)
+}
+
+// ─── Auth ────────────────────────────────────────────────────────────────────
+
+func (s *Server) handleLogin(w http.ResponseWriter, r *http.Request) {
+	var req struct {
+		Email    string `json:"email"`
+		Password string `json:"password"`
+	}
+	if err := decodeBody(r, &req); err != nil {
+		writeJSON(w, 400, map[string]string{"error": "invalid request"})
+		return
+	}
+
+	var id, hash string
+	var isAdmin bool
+	err := s.db.QueryRow(
+		"SELECT id, password_hash, is_admin FROM users WHERE email = ?", req.Email,
+	).Scan(&id, &hash, &isAdmin)
+	if err != nil || !auth.CheckPassword(hash, req.Password) {
+		writeJSON(w, 401, map[string]string{"error": "invalid credentials"})
+		return
+	}
+
+	token, err := auth.CreateToken(id, isAdmin, s.secret)
+	if err != nil {
+		writeJSON(w, 500, map[string]string{"error": "token creation failed"})
+		return
+	}
+
+	http.SetCookie(w, &http.Cookie{
+		Name:     "authToken",
+		Value:    token,
+		Path:     "/",
+		HttpOnly: true,
+		SameSite: http.SameSiteLaxMode,
+		Expires:  time.Now().Add(72 * time.Hour),
+	})
+
+	writeJSON(w, 200, map[string]interface{}{
+		"token":   token,
+		"userId":  id,
+		"isAdmin": isAdmin,
+	})
+}
+
+func (s *Server) handleLogout(w http.ResponseWriter, r *http.Request) {
+	http.SetCookie(w, &http.Cookie{
+		Name:     "authToken",
+		Value:    "",
+		Path:     "/",
+		HttpOnly: true,
+		MaxAge:   -1,
+	})
+	writeJSON(w, 200, map[string]string{"status": "ok"})
+}
+
+// ─── Users ───────────────────────────────────────────────────────────────────
+
+func (s *Server) handleCreateUser(w http.ResponseWriter, r *http.Request) {
+	var req struct {
+		Username string `json:"username"`
+		Email    string `json:"email"`
+		Password string `json:"password"`
+		IsAdmin  bool   `json:"isAdmin"`
+	}
+	if err := decodeBody(r, &req); err != nil || req.Email == "" || req.Password == "" || req.Username == "" {
+		writeJSON(w, 400, map[string]string{"error": "username, email, and password required"})
+		return
+	}
+
+	hash, err := auth.HashPassword(req.Password)
+	if err != nil {
+		writeJSON(w, 500, map[string]string{"error": "failed to hash password"})
+		return
+	}
+
+	id := uuid.New().String()
+	_, err = s.db.Exec(
+		"INSERT INTO users (id, username, email, password_hash, is_admin) VALUES (?, ?, ?, ?, ?)",
+		id, req.Username, req.Email, hash, req.IsAdmin,
+	)
+	if err != nil {
+		writeJSON(w, 409, map[string]string{"error": "user already exists"})
+		return
+	}
+
+	// Create user's file directory
+	files.EnsureUserDir(s.dataDir, id)
+
+	writeJSON(w, 201, map[string]interface{}{"id": id, "username": req.Username, "email": req.Email})
+}
+
+func (s *Server) handleListUsers(w http.ResponseWriter, r *http.Request) {
+	rows, err := s.db.Query("SELECT id, username, email, is_admin, created_at FROM users")
+	if err != nil {
+		writeJSON(w, 500, map[string]string{"error": "query failed"})
+		return
+	}
+	defer rows.Close()
+
+	var users []map[string]interface{}
+	for rows.Next() {
+		var id, username, email, createdAt string
+		var isAdmin bool
+		rows.Scan(&id, &username, &email, &isAdmin, &createdAt)
+		users = append(users, map[string]interface{}{
+			"id": id, "username": username, "email": email,
+			"isAdmin": isAdmin, "createdAt": createdAt,
+		})
+	}
+	if users == nil {
+		users = []map[string]interface{}{}
+	}
+	writeJSON(w, 200, users)
+}
+
+// ─── Files ───────────────────────────────────────────────────────────────────
+
+func (s *Server) handleListFiles(w http.ResponseWriter, r *http.Request) {
+	userID := getUserID(r)
+	tree, err := files.ListTree(s.dataDir, userID)
+	if err != nil {
+		writeJSON(w, 500, map[string]string{"error": "failed to list files"})
+		return
+	}
+	if tree == nil {
+		tree = []files.FileInfo{}
+	}
+	writeJSON(w, 200, tree)
+}
+
+func (s *Server) handleReadFile(w http.ResponseWriter, r *http.Request) {
+	var req struct {
+		Path string `json:"path"`
+	}
+	if err := decodeBody(r, &req); err != nil || req.Path == "" {
+		writeJSON(w, 400, map[string]string{"error": "path required"})
+		return
+	}
+
+	userID := getUserID(r)
+	content, err := files.ReadFile(s.dataDir, userID, req.Path)
+	if err != nil {
+		writeJSON(w, 404, map[string]string{"error": "file not found"})
+		return
+	}
+	created := files.GetCreatedTime(s.dataDir, userID, req.Path)
+	writeJSON(w, 200, map[string]interface{}{"path": req.Path, "content": content, "created": created})
+}
+
+func (s *Server) handleWriteFile(w http.ResponseWriter, r *http.Request) {
+	var req struct {
+		Path    string `json:"path"`
+		Content string `json:"content"`
+	}
+	if err := decodeBody(r, &req); err != nil || req.Path == "" {
+		writeJSON(w, 400, map[string]string{"error": "path required"})
+		return
+	}
+
+	userID := getUserID(r)
+	if err := files.WriteFile(s.dataDir, userID, req.Path, req.Content); err != nil {
+		writeJSON(w, 500, map[string]string{"error": "write failed"})
+		return
+	}
+	writeJSON(w, 200, map[string]string{"status": "ok", "path": req.Path})
+}
+
+func (s *Server) handleCreateFile(w http.ResponseWriter, r *http.Request) {
+	var req struct {
+		Path    string `json:"path"`
+		Content string `json:"content"`
+	}
+	if err := decodeBody(r, &req); err != nil || req.Path == "" {
+		writeJSON(w, 400, map[string]string{"error": "path required"})
+		return
+	}
+
+	userID := getUserID(r)
+	if err := files.WriteFile(s.dataDir, userID, req.Path, req.Content); err != nil {
+		writeJSON(w, 500, map[string]string{"error": "create failed"})
+		return
+	}
+	writeJSON(w, 201, map[string]string{"status": "created", "path": req.Path})
+}
+
+func (s *Server) handleCreateFolder(w http.ResponseWriter, r *http.Request) {
+	var req struct {
+		Path string `json:"path"`
+	}
+	if err := decodeBody(r, &req); err != nil || req.Path == "" {
+		writeJSON(w, 400, map[string]string{"error": "path required"})
+		return
+	}
+
+	userID := getUserID(r)
+	if err := files.CreateFolder(s.dataDir, userID, req.Path); err != nil {
+		writeJSON(w, 500, map[string]string{"error": "create folder failed"})
+		return
+	}
+	writeJSON(w, 201, map[string]string{"status": "created", "path": req.Path})
+}
+
+func (s *Server) handleDeleteFile(w http.ResponseWriter, r *http.Request) {
+	var req struct {
+		Path string `json:"path"`
+	}
+	if err := decodeBody(r, &req); err != nil || req.Path == "" {
+		writeJSON(w, 400, map[string]string{"error": "path required"})
+		return
+	}
+
+	userID := getUserID(r)
+	if err := files.DeleteFile(s.dataDir, userID, req.Path); err != nil {
+		writeJSON(w, 404, map[string]string{"error": "file not found"})
+		return
+	}
+	writeJSON(w, 200, map[string]string{"status": "deleted"})
+}
+
+func (s *Server) handleSharedFiles(w http.ResponseWriter, r *http.Request) {
+	// TODO: query permissions table for files shared with this user
+	// For now return empty list
+	writeJSON(w, 200, []files.FileInfo{})
+}