Перенести все админские эндпоинты на порт 8445 и добавить отдельную авторизацию для админов. Часть 1

src/handlers/admin/admin_handler_ticket_stats.erl

@@ -0,0 +1,50 @@
+-module(admin_handler_ticket_stats).
+-behaviour(cowboy_handler).
+-export([init/2]).
+
+-include("records.hrl").   % ← добавлено
+
+init(Req, _Opts) ->
+  case cowboy_req:method(Req) of
+    <<"GET">> -> get_stats(Req);
+    _         -> send_error(Req, 405, <<"Method not allowed">>)
+  end.
+
+get_stats(Req) ->
+  case auth_admin(Req) of
+    {ok, _AdminId, Req1} ->
+      Stats = core_ticket:stats(),
+      send_json(Req1, 200, Stats);
+    {error, Code, Message, Req1} ->
+      send_error(Req1, Code, Message)
+  end.
+
+auth_admin(Req) ->
+  case handler_auth:authenticate(Req) of
+    {ok, AdminId, Req1} ->
+      case is_admin(AdminId) of
+        true  -> {ok, AdminId, Req1};
+        false -> {error, 403, <<"Admin access required">>, Req1}
+      end;
+    {error, Code, Message, Req1} ->
+      {error, Code, Message, Req1}
+  end.
+
+is_admin(UserId) ->
+  case core_user:get_by_id(UserId) of
+    {ok, User} ->
+      Role = User#user.role,
+      Role =:= admin orelse Role =:= superadmin orelse
+        Role =:= moderator orelse Role =:= support;
+    _ -> false
+  end.
+
+send_json(Req, Status, Data) ->
+  Body = jsx:encode(Data),
+  cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req),
+  {ok, Body, []}.
+
+send_error(Req, Status, Message) ->
+  Body = jsx:encode(#{error => Message}),
+  cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req),
+  {ok, Body, []}.