Add gallery admin and video media support.

This updates gallery handling to support video playback with generated poster thumbnails, adds authenticated admin upload/delete flows, and improves dev/runtime behavior including reliable thumbnail generation and media-safe response handling. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-02 23:01:02 +12:00
parent 509e7ccb43
commit 45b31be9a7
22 changed files with 1002 additions and 217 deletions
--- a/app/internal/handlers/admin.go
+++ b/app/internal/handlers/admin.go
@@ -0,0 +1,201 @@
+package handlers
+
+import (
+	"log"
+	"net/http"
+	"time"
+
+	"technical.kiwi/website/internal/auth"
+	"technical.kiwi/website/internal/gallery"
+	"technical.kiwi/website/templates"
+)
+
+const maxUploadBytes = 32 << 20 // 32 MiB
+
+func (s *Server) adminEnabled() bool {
+	return s.Auth.Enabled
+}
+
+func (s *Server) sessionToken(r *http.Request) string {
+	c, err := r.Cookie(auth.CookieName())
+	if err != nil {
+		return ""
+	}
+	return c.Value
+}
+
+func (s *Server) isAdmin(r *http.Request) bool {
+	return s.Sessions.Valid(s.sessionToken(r))
+}
+
+func (s *Server) setSession(w http.ResponseWriter, token string) {
+	http.SetCookie(w, &http.Cookie{
+		Name:     auth.CookieName(),
+		Value:    token,
+		Path:     "/admin",
+		HttpOnly: true,
+		SameSite: http.SameSiteLaxMode,
+		MaxAge:   int((24 * time.Hour).Seconds()),
+	})
+}
+
+func (s *Server) clearSession(w http.ResponseWriter) {
+	http.SetCookie(w, &http.Cookie{
+		Name:     auth.CookieName(),
+		Value:    "",
+		Path:     "/admin",
+		HttpOnly: true,
+		MaxAge:   -1,
+	})
+}
+
+func (s *Server) requireAdmin(fn http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if !s.adminEnabled() {
+			http.Error(w, "admin disabled", http.StatusServiceUnavailable)
+			return
+		}
+		if !s.isAdmin(r) {
+			http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
+			return
+		}
+		fn(w, r)
+	}
+}
+
+func (s *Server) reloadGallery() error {
+	s.galleryMu.Lock()
+	defer s.galleryMu.Unlock()
+
+	images, err := gallery.List(s.ImagesDir)
+	if err != nil {
+		return err
+	}
+	hero, hasHero := gallery.SelectHero(images)
+	s.Images = images
+	s.Hero = hero
+	s.HasHero = hasHero
+	return nil
+}
+
+func (s *Server) adminLogin(w http.ResponseWriter, r *http.Request) {
+	if !s.adminEnabled() {
+		http.Error(w, "admin disabled: set ADMIN_USER and ADMIN_PASSWORD", http.StatusServiceUnavailable)
+		return
+	}
+	if s.isAdmin(r) {
+		http.Redirect(w, r, "/admin/", http.StatusSeeOther)
+		return
+	}
+	templates.AdminLogin("").Render(r.Context(), w)
+}
+
+func (s *Server) adminLoginPost(w http.ResponseWriter, r *http.Request) {
+	if !s.adminEnabled() {
+		http.Error(w, "admin disabled", http.StatusServiceUnavailable)
+		return
+	}
+	if err := r.ParseForm(); err != nil {
+		templates.AdminLogin("Invalid request.").Render(r.Context(), w)
+		return
+	}
+	user := r.FormValue("username")
+	pass := r.FormValue("password")
+	if !auth.CheckCredentials(s.Auth, user, pass) {
+		templates.AdminLogin("Invalid username or password.").Render(r.Context(), w)
+		return
+	}
+	token, err := s.Sessions.Create()
+	if err != nil {
+		http.Error(w, "session error", http.StatusInternalServerError)
+		return
+	}
+	s.setSession(w, token)
+	http.Redirect(w, r, "/admin/", http.StatusSeeOther)
+}
+
+func (s *Server) adminLogout(w http.ResponseWriter, r *http.Request) {
+	s.Sessions.Delete(s.sessionToken(r))
+	s.clearSession(w)
+	http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
+}
+
+func (s *Server) adminIndex(w http.ResponseWriter, r *http.Request) {
+	images, _, _ := s.snapshot()
+	albums, _ := gallery.AlbumsOnDisk(s.ImagesDir)
+	w.Header().Set("Cache-Control", "no-cache")
+	templates.AdminDashboard(images, albums, "").Render(r.Context(), w)
+}
+
+func (s *Server) adminUpload(w http.ResponseWriter, r *http.Request) {
+	r.Body = http.MaxBytesReader(w, r.Body, maxUploadBytes)
+	if err := r.ParseMultipartForm(maxUploadBytes); err != nil {
+		s.adminIndexError(w, r, "Upload too large or invalid.")
+		return
+	}
+
+	album := r.FormValue("album")
+	if album == "new" {
+		album = r.FormValue("album_new")
+	}
+
+	file, header, err := r.FormFile("image")
+	if err != nil {
+		s.adminIndexError(w, r, "Choose a JPEG image to upload.")
+		return
+	}
+	defer file.Close()
+
+	rel, err := gallery.SaveUpload(s.ImagesDir, album, header.Filename, file)
+	if err != nil {
+		s.adminIndexError(w, r, err.Error())
+		return
+	}
+
+	if err := gallery.EnsureDerivatives(s.ImagesDir, rel); err != nil {
+		log.Printf("admin upload derivatives: %v", err)
+	}
+	if err := s.reloadGallery(); err != nil {
+		log.Printf("admin reload gallery: %v", err)
+	}
+
+	if r.Header.Get("HX-Request") == "true" {
+		images, _, _ := s.snapshot()
+		templates.AdminImageTable(images).Render(r.Context(), w)
+		return
+	}
+	http.Redirect(w, r, "/admin/", http.StatusSeeOther)
+}
+
+func (s *Server) adminDelete(w http.ResponseWriter, r *http.Request) {
+	if err := r.ParseForm(); err != nil {
+		http.Error(w, "bad request", http.StatusBadRequest)
+		return
+	}
+	rel := r.FormValue("path")
+	if err := gallery.DeleteImage(s.ImagesDir, rel); err != nil {
+		s.adminIndexError(w, r, err.Error())
+		return
+	}
+	if err := s.reloadGallery(); err != nil {
+		log.Printf("admin reload gallery: %v", err)
+	}
+
+	if r.Header.Get("HX-Request") == "true" {
+		images, _, _ := s.snapshot()
+		templates.AdminImageTable(images).Render(r.Context(), w)
+		return
+	}
+	http.Redirect(w, r, "/admin/", http.StatusSeeOther)
+}
+
+func (s *Server) adminIndexError(w http.ResponseWriter, r *http.Request, msg string) {
+	images, _, _ := s.snapshot()
+	albums, _ := gallery.AlbumsOnDisk(s.ImagesDir)
+	if r.Header.Get("HX-Request") == "true" {
+		w.WriteHeader(http.StatusBadRequest)
+		templates.AdminFlash(msg).Render(r.Context(), w)
+		return
+	}
+	templates.AdminDashboard(images, albums, msg).Render(r.Context(), w)
+}