Add admin panel API with CRUD for apps

- Express.js backend with JWT authentication - CRUD endpoints for apps management - Health check endpoint - Dockerfile per admin API (Node 18 Alpine) - Kubernetes: admin-api deployment, service, ingress - Admin panel at http://admin.apps.local - Updated nginx.conf to route /api to admin API - Fixed ingress rules for separate web and admin services
2026-03-18 23:01:42 +01:00
parent 533cbed8d3
commit e89989e1d9
17 changed files with 857 additions and 7 deletions
--- a/backend/server.js
+++ b/backend/server.js
@@ -0,0 +1,173 @@
+const express = require('express');
+const jwt = require('jsonwebtoken');
+const fs = require('fs');
+const path = require('path');
+
+const app = express();
+const PORT = process.env.PORT || 3000;
+const JWT_SECRET = process.env.JWT_SECRET || 'fallback-secret-key';
+const APPS_FILE = path.join(__dirname, 'data', 'apps.json');
+
+app.use(express.json());
+app.use((req, res, next) => {
+  res.setHeader('Access-Control-Allow-Origin', '*');
+  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+  if (req.method === 'OPTIONS') {
+    return res.status(200).end();
+  }
+  next();
+});
+
+// Health check
+app.get('/health', (req, res) => {
+  res.json({ status: 'ok', timestamp: new Date().toISOString() });
+});
+
+function verifyToken(req, res, next) {
+  const authHeader = req.headers.authorization;
+  if (!authHeader) {
+    return res.status(401).json({ error: 'Authorization header required' });
+  }
+  
+  try {
+    const token = authHeader.split(' ')[1];
+    const decoded = jwt.verify(token, JWT_SECRET);
+    req.auth = decoded;
+    next();
+  } catch (err) {
+    return res.status(401).json({ error: 'Invalid or expired token' });
+  }
+}
+
+function readAppsFile() {
+  try {
+    if (fs.existsSync(APPS_FILE)) {
+      const data = fs.readFileSync(APPS_FILE, 'utf8');
+      return JSON.parse(data);
+    }
+  } catch (err) {
+    console.error('Error reading apps file:', err);
+  }
+  return [];
+}
+
+function writeAppsFile(apps) {
+  try {
+    const tempFile = `${APPS_FILE}.tmp`;
+    fs.writeFileSync(tempFile, JSON.stringify(apps, null, 2));
+    fs.renameSync(tempFile, APPS_FILE);
+    return true;
+  } catch (err) {
+    console.error('Error writing apps file:', err);
+    return false;
+  }
+}
+
+app.post('/api/admin/login', (req, res) => {
+  const { token } = req.body;
+  const adminToken = process.env.ADMIN_TOKEN;
+
+  if (!adminToken) {
+    return res.status(500).json({ error: 'ADMIN_TOKEN not configured' });
+  }
+
+  if (token === adminToken) {
+    const payload = {
+      admin: true,
+      iat: Math.floor(Date.now() / 1000),
+      exp: Math.floor(Date.now() / 1000) + (60 * 60 * 24)
+    };
+    const secret = process.env.JWT_SECRET || 'fallback-secret-key';
+    const apiKey = jwt.sign(payload, secret);
+    return res.json({ apiKey });
+  }
+
+  return res.status(401).json({ error: 'Invalid token' });
+});
+
+app.get('/api/apps', (req, res) => {
+  const apps = readAppsFile();
+  return res.json(apps);
+});
+
+app.post('/api/admin/apps', verifyToken, (req, res) => {
+  if (!req.auth || !req.auth.admin) {
+    return res.status(403).json({ error: 'Admin access required' });
+  }
+  const { name, description, icon, colors, packages } = req.body;
+
+  if (!name || !description) {
+    return res.status(400).json({ error: 'Name and description are required' });
+  }
+
+  let apps = readAppsFile();
+  const newId = apps.length > 0 ? Math.max(...apps.map(a => a.id)) + 1 : 1;
+
+  const newApp = {
+    id: newId,
+    name,
+    description,
+    icon: icon || '',
+    colors: colors || { background: '', text: '' },
+    packages: packages || { apt: '', appstream: '', flatpak: '' }
+  };
+
+  apps.push(newApp);
+
+  if (writeAppsFile(apps)) {
+    return res.status(201).json(newApp);
+  }
+
+  return res.status(500).json({ error: 'Failed to save app' });
+});
+
+app.put('/api/admin/apps/:id', verifyToken, (req, res) => {
+  if (!req.auth || !req.auth.admin) {
+    return res.status(403).json({ error: 'Admin access required' });
+  }
+  const { id } = req.params;
+  const updates = req.body;
+
+  let apps = readAppsFile();
+  const appIndex = apps.findIndex(a => a.id === parseInt(id));
+
+  if (appIndex === -1) {
+    return res.status(404).json({ error: 'App not found' });
+  }
+
+  const updatedApp = { ...apps[appIndex], ...updates, id: parseInt(id) };
+  apps[appIndex] = updatedApp;
+
+  if (writeAppsFile(apps)) {
+    return res.json(updatedApp);
+  }
+
+  return res.status(500).json({ error: 'Failed to update app' });
+});
+
+app.delete('/api/admin/apps/:id', verifyToken, (req, res) => {
+  if (!req.auth || !req.auth.admin) {
+    return res.status(403).json({ error: 'Admin access required' });
+  }
+  const { id } = req.params;
+
+  let apps = readAppsFile();
+  const appIndex = apps.findIndex(a => a.id === parseInt(id));
+
+  if (appIndex === -1) {
+    return res.status(404).json({ error: 'App not found' });
+  }
+
+  apps.splice(appIndex, 1);
+
+  if (writeAppsFile(apps)) {
+    return res.json({ message: 'App deleted successfully' });
+  }
+
+  return res.status(500).json({ error: 'Failed to delete app' });
+});
+
+app.listen(PORT, () => {
+  console.log(`Admin API running on port ${PORT}`);
+});