Stage 6

2026-04-21 11:54:13 +03:00
parent ee8928fa5f
commit fc6ef8de7e
12 changed files with 1469 additions and 1 deletions
--- a/src/handlers/handler_admin_moderation.erl
+++ b/src/handlers/handler_admin_moderation.erl
@@ -0,0 +1,130 @@
+-module(handler_admin_moderation).
+-include("records.hrl").
+
+-export([init/2]).
+
+init(Req, Opts) ->
+  handle(Req, Opts).
+
+handle(Req, _Opts) ->
+  case cowboy_req:method(Req) of
+    <<"PUT">> -> moderate(Req);
+    _ -> send_error(Req, 405, <<"Method not allowed">>)
+  end.
+
+%% PUT /v1/admin/:target_type/:id - заморозка/разморозка
+moderate(Req) ->
+  case handler_auth:authenticate(Req) of
+    {ok, AdminId, Req1} ->
+      TargetTypeBin = cowboy_req:binding(target_type, Req1),
+      TargetId = cowboy_req:binding(id, Req1),
+      TargetType = parse_target_type(TargetTypeBin),
+      {ok, Body, Req2} = cowboy_req:read_body(Req1),
+      try jsx:decode(Body, [return_maps]) of
+        #{<<"action">> := Action} ->
+          case {TargetType, Action} of
+            {calendar, <<"freeze">>} ->
+              case logic_moderation:freeze_calendar(AdminId, TargetId) of
+                {ok, Calendar} ->
+                  send_json(Req2, 200, calendar_to_json(Calendar));
+                {error, access_denied} ->
+                  send_error(Req2, 403, <<"Admin access required">>);
+                {error, not_found} ->
+                  send_error(Req2, 404, <<"Calendar not found">>);
+                {error, _} ->
+                  send_error(Req2, 500, <<"Internal server error">>)
+              end;
+            {calendar, <<"unfreeze">>} ->
+              case logic_moderation:unfreeze_calendar(AdminId, TargetId) of
+                {ok, Calendar} ->
+                  send_json(Req2, 200, calendar_to_json(Calendar));
+                {error, access_denied} ->
+                  send_error(Req2, 403, <<"Admin access required">>);
+                {error, not_found} ->
+                  send_error(Req2, 404, <<"Calendar not found">>);
+                {error, _} ->
+                  send_error(Req2, 500, <<"Internal server error">>)
+              end;
+            {event, <<"freeze">>} ->
+              case logic_moderation:freeze_event(AdminId, TargetId) of
+                {ok, Event} ->
+                  send_json(Req2, 200, event_to_json(Event));
+                {error, access_denied} ->
+                  send_error(Req2, 403, <<"Admin access required">>);
+                {error, not_found} ->
+                  send_error(Req2, 404, <<"Event not found">>);
+                {error, _} ->
+                  send_error(Req2, 500, <<"Internal server error">>)
+              end;
+            {event, <<"unfreeze">>} ->
+              case logic_moderation:unfreeze_event(AdminId, TargetId) of
+                {ok, Event} ->
+                  send_json(Req2, 200, event_to_json(Event));
+                {error, access_denied} ->
+                  send_error(Req2, 403, <<"Admin access required">>);
+                {error, not_found} ->
+                  send_error(Req2, 404, <<"Event not found">>);
+                {error, _} ->
+                  send_error(Req2, 500, <<"Internal server error">>)
+              end;
+            _ ->
+              send_error(Req2, 400, <<"Invalid target_type or action">>)
+          end;
+        _ ->
+          send_error(Req2, 400, <<"Missing action field">>)
+      catch
+        _:_ ->
+          send_error(Req2, 400, <<"Invalid JSON format">>)
+      end;
+    {error, Code, Message, Req1} ->
+      send_error(Req1, Code, Message)
+  end.
+
+%% Вспомогательные функции
+parse_target_type(<<"calendars">>) -> calendar;
+parse_target_type(<<"events">>) -> event;
+parse_target_type(_) -> undefined.
+
+calendar_to_json(Calendar) ->
+  #{
+    id => Calendar#calendar.id,
+    owner_id => Calendar#calendar.owner_id,
+    title => Calendar#calendar.title,
+    description => Calendar#calendar.description,
+    type => Calendar#calendar.type,
+    tags => Calendar#calendar.tags,
+    status => Calendar#calendar.status,
+    rating_avg => Calendar#calendar.rating_avg,
+    rating_count => Calendar#calendar.rating_count,
+    created_at => datetime_to_iso8601(Calendar#calendar.created_at),
+    updated_at => datetime_to_iso8601(Calendar#calendar.updated_at)
+  }.
+
+event_to_json(Event) ->
+  #{
+    id => Event#event.id,
+    calendar_id => Event#event.calendar_id,
+    title => Event#event.title,
+    description => Event#event.description,
+    event_type => Event#event.event_type,
+    start_time => datetime_to_iso8601(Event#event.start_time),
+    duration => Event#event.duration,
+    status => Event#event.status,
+    tags => Event#event.tags,
+    rating_avg => Event#event.rating_avg,
+    rating_count => Event#event.rating_count,
+    created_at => datetime_to_iso8601(Event#event.created_at),
+    updated_at => datetime_to_iso8601(Event#event.updated_at)
+  }.
+
+datetime_to_iso8601({{Year, Month, Day}, {Hour, Minute, Second}}) ->
+  iolist_to_binary(io_lib:format("~4..0B-~2..0B-~2..0BT~2..0B:~2..0B:~2..0BZ",
+    [Year, Month, Day, Hour, Minute, Second])).
+
+send_json(Req, Status, Data) ->
+  Body = jsx:encode(Data),
+  cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req).
+
+send_error(Req, Status, Message) ->
+  Body = jsx:encode(#{error => Message}),
+  cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req).
--- a/src/handlers/handler_banned_words.erl
+++ b/src/handlers/handler_banned_words.erl
@@ -0,0 +1,86 @@
+-module(handler_banned_words).
+-include("records.hrl").
+
+-export([init/2]).
+
+init(Req, Opts) ->
+  handle(Req, Opts).
+
+handle(Req, _Opts) ->
+  case cowboy_req:method(Req) of
+    <<"GET">> -> list_banned_words(Req);
+    <<"POST">> -> add_banned_word(Req);
+    <<"DELETE">> -> remove_banned_word(Req);
+    _ -> send_error(Req, 405, <<"Method not allowed">>)
+  end.
+
+%% GET /v1/admin/banned-words - список запрещённых слов
+list_banned_words(Req) ->
+  case handler_auth:authenticate(Req) of
+    {ok, AdminId, Req1} ->
+      case logic_moderation:list_banned_words(AdminId) of
+        {ok, Words} ->
+          send_json(Req1, 200, Words);
+        {error, access_denied} ->
+          send_error(Req1, 403, <<"Admin access required">>);
+        {error, _} ->
+          send_error(Req1, 500, <<"Internal server error">>)
+      end;
+    {error, Code, Message, Req1} ->
+      send_error(Req1, Code, Message)
+  end.
+
+%% POST /v1/admin/banned-words - добавить запрещённое слово
+add_banned_word(Req) ->
+  case handler_auth:authenticate(Req) of
+    {ok, AdminId, Req1} ->
+      {ok, Body, Req2} = cowboy_req:read_body(Req1),
+      try jsx:decode(Body, [return_maps]) of
+        #{<<"word">> := Word} ->
+          case logic_moderation:add_banned_word(AdminId, Word) of
+            {ok, _} ->
+              send_json(Req2, 201, #{word => Word, status => <<"added">>});
+            {error, already_exists} ->
+              send_error(Req2, 409, <<"Word already exists">>);
+            {error, access_denied} ->
+              send_error(Req2, 403, <<"Admin access required">>);
+            {error, _} ->
+              send_error(Req2, 500, <<"Internal server error">>)
+          end;
+        _ ->
+          send_error(Req2, 400, <<"Missing 'word' field">>)
+      catch
+        _:_ ->
+          send_error(Req2, 400, <<"Invalid JSON format">>)
+      end;
+    {error, Code, Message, Req1} ->
+      send_error(Req1, Code, Message)
+  end.
+
+%% DELETE /v1/admin/banned-words - удалить запрещённое слово
+remove_banned_word(Req) ->
+  case handler_auth:authenticate(Req) of
+    {ok, AdminId, Req1} ->
+      Word = cowboy_req:binding(word, Req1),
+      case logic_moderation:remove_banned_word(AdminId, Word) of
+        {ok, removed} ->
+          send_json(Req1, 200, #{word => Word, status => <<"removed">>});
+        {error, not_found} ->
+          send_error(Req1, 404, <<"Word not found">>);
+        {error, access_denied} ->
+          send_error(Req1, 403, <<"Admin access required">>);
+        {error, _} ->
+          send_error(Req1, 500, <<"Internal server error">>)
+      end;
+    {error, Code, Message, Req1} ->
+      send_error(Req1, Code, Message)
+  end.
+
+%% Вспомогательные функции
+send_json(Req, Status, Data) ->
+  Body = jsx:encode(Data),
+  cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req).
+
+send_error(Req, Status, Message) ->
+  Body = jsx:encode(#{error => Message}),
+  cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req).
--- a/src/handlers/handler_report_by_id.erl
+++ b/src/handlers/handler_report_by_id.erl
@@ -0,0 +1,83 @@
+-module(handler_report_by_id).
+-include("records.hrl").
+
+-export([init/2]).
+
+init(Req, Opts) ->
+  handle(Req, Opts).
+
+handle(Req, _Opts) ->
+  case cowboy_req:method(Req) of
+    <<"PUT">> -> resolve_report(Req);
+    _ -> send_error(Req, 405, <<"Method not allowed">>)
+  end.
+
+%% PUT /v1/admin/reports/:id - рассмотрение жалобы
+resolve_report(Req) ->
+  case handler_auth:authenticate(Req) of
+    {ok, AdminId, Req1} ->
+      ReportId = cowboy_req:binding(id, Req1),
+      {ok, Body, Req2} = cowboy_req:read_body(Req1),
+      try jsx:decode(Body, [return_maps]) of
+        #{<<"action">> := Action} ->
+          ActionAtom = case Action of
+                         <<"review">> -> reviewed;
+                         <<"dismiss">> -> dismissed;
+                         _ -> undefined
+                       end,
+          case ActionAtom of
+            undefined ->
+              send_error(Req2, 400, <<"Invalid action. Use 'review' or 'dismiss'">>);
+            _ ->
+              case logic_moderation:resolve_report(AdminId, ReportId, ActionAtom) of
+                {ok, Report} ->
+                  Response = report_to_json(Report),
+                  send_json(Req2, 200, Response);
+                {error, access_denied} ->
+                  send_error(Req2, 403, <<"Admin access required">>);
+                {error, already_resolved} ->
+                  send_error(Req2, 409, <<"Report already resolved">>);
+                {error, not_found} ->
+                  send_error(Req2, 404, <<"Report not found">>);
+                {error, _} ->
+                  send_error(Req2, 500, <<"Internal server error">>)
+              end
+          end;
+        _ ->
+          send_error(Req2, 400, <<"Missing action field">>)
+      catch
+        _:_ ->
+          send_error(Req2, 400, <<"Invalid JSON format">>)
+      end;
+    {error, Code, Message, Req1} ->
+      send_error(Req1, Code, Message)
+  end.
+
+%% Вспомогательные функции
+report_to_json(Report) ->
+  #{
+    id => Report#report.id,
+    reporter_id => Report#report.reporter_id,
+    target_type => Report#report.target_type,
+    target_id => Report#report.target_id,
+    reason => Report#report.reason,
+    status => Report#report.status,
+    created_at => datetime_to_iso8601(Report#report.created_at),
+    resolved_at => case Report#report.resolved_at of
+                     undefined -> null;
+                     Dt -> datetime_to_iso8601(Dt)
+                   end,
+    resolved_by => Report#report.resolved_by
+  }.
+
+datetime_to_iso8601({{Year, Month, Day}, {Hour, Minute, Second}}) ->
+  iolist_to_binary(io_lib:format("~4..0B-~2..0B-~2..0BT~2..0B:~2..0B:~2..0BZ",
+    [Year, Month, Day, Hour, Minute, Second])).
+
+send_json(Req, Status, Data) ->
+  Body = jsx:encode(Data),
+  cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req).
+
+send_error(Req, Status, Message) ->
+  Body = jsx:encode(#{error => Message}),
+  cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req).
--- a/src/handlers/handler_reports.erl
+++ b/src/handlers/handler_reports.erl
@@ -0,0 +1,113 @@
+-module(handler_reports).
+-include("records.hrl").
+
+-export([init/2]).
+
+init(Req, Opts) ->
+  handle(Req, Opts).
+
+handle(Req, _Opts) ->
+  case cowboy_req:method(Req) of
+    <<"POST">> -> create_report(Req);
+    <<"GET">> -> list_reports(Req);
+    _ -> send_error(Req, 405, <<"Method not allowed">>)
+  end.
+
+%% POST /v1/reports - создание жалобы
+create_report(Req) ->
+  case handler_auth:authenticate(Req) of
+    {ok, UserId, Req1} ->
+      {ok, Body, Req2} = cowboy_req:read_body(Req1),
+      try jsx:decode(Body, [return_maps]) of
+        Decoded when is_map(Decoded) ->
+          case Decoded of
+            #{<<"target_type">> := TargetTypeBin,
+              <<"target_id">> := TargetId,
+              <<"reason">> := Reason} ->
+              TargetType = parse_target_type(TargetTypeBin),
+              case logic_moderation:create_report(UserId, TargetType, TargetId, Reason) of
+                {ok, Report} ->
+                  Response = report_to_json(Report),
+                  send_json(Req2, 201, Response);
+                {error, target_not_found} ->
+                  send_error(Req2, 404, <<"Target not found">>);
+                {error, _} ->
+                  send_error(Req2, 500, <<"Internal server error">>)
+              end;
+            _ ->
+              send_error(Req2, 400, <<"Missing required fields">>)
+          end;
+        _ ->
+          send_error(Req2, 400, <<"Invalid JSON">>)
+      catch
+        _:_ ->
+          send_error(Req2, 400, <<"Invalid JSON format">>)
+      end;
+    {error, Code, Message, Req1} ->
+      send_error(Req1, Code, Message)
+  end.
+
+%% GET /v1/admin/reports - список всех жалоб (админ)
+list_reports(Req) ->
+  case handler_auth:authenticate(Req) of
+    {ok, AdminId, Req1} ->
+      Qs = cowboy_req:parse_qs(Req1),
+      case {proplists:get_value(<<"target_type">>, Qs), proplists:get_value(<<"target_id">>, Qs)} of
+        {undefined, _} ->
+          case logic_moderation:get_reports(AdminId) of
+            {ok, Reports} ->
+              Response = [report_to_json(R) || R <- Reports],
+              send_json(Req1, 200, Response);
+            {error, access_denied} ->
+              send_error(Req1, 403, <<"Admin access required">>);
+            {error, _} ->
+              send_error(Req1, 500, <<"Internal server error">>)
+          end;
+        {TargetTypeBin, TargetId} ->
+          TargetType = parse_target_type(TargetTypeBin),
+          case logic_moderation:get_reports_by_target(AdminId, TargetType, TargetId) of
+            {ok, Reports} ->
+              Response = [report_to_json(R) || R <- Reports],
+              send_json(Req1, 200, Response);
+            {error, access_denied} ->
+              send_error(Req1, 403, <<"Admin access required">>);
+            {error, _} ->
+              send_error(Req1, 500, <<"Internal server error">>)
+          end
+      end;
+    {error, Code, Message, Req1} ->
+      send_error(Req1, Code, Message)
+  end.
+
+%% Вспомогательные функции
+parse_target_type(<<"event">>) -> event;
+parse_target_type(<<"calendar">>) -> calendar;
+parse_target_type(_) -> undefined.
+
+report_to_json(Report) ->
+  #{
+    id => Report#report.id,
+    reporter_id => Report#report.reporter_id,
+    target_type => Report#report.target_type,
+    target_id => Report#report.target_id,
+    reason => Report#report.reason,
+    status => Report#report.status,
+    created_at => datetime_to_iso8601(Report#report.created_at),
+    resolved_at => case Report#report.resolved_at of
+                     undefined -> null;
+                     Dt -> datetime_to_iso8601(Dt)
+                   end,
+    resolved_by => Report#report.resolved_by
+  }.
+
+datetime_to_iso8601({{Year, Month, Day}, {Hour, Minute, Second}}) ->
+  iolist_to_binary(io_lib:format("~4..0B-~2..0B-~2..0BT~2..0B:~2..0B:~2..0BZ",
+    [Year, Month, Day, Hour, Minute, Second])).
+
+send_json(Req, Status, Data) ->
+  Body = jsx:encode(Data),
+  cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req).
+
+send_error(Req, Status, Message) ->
+  Body = jsx:encode(#{error => Message}),
+  cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req).