feat: implement host dashboard

Add Host Dashboard for event and guest management, accessible at /host. Backend — new /api/v1/host/* endpoints (RequireHost auth): - GET /host/event → event name + lock/release state - POST /host/event/close|open → lock or unlock uploads; SSE broadcast - POST /host/gallery/release → set release timestamp, enqueue export jobs - GET /host/users → all guests with upload count & bytes - POST /host/users/{id}/ban → ban with optional upload-hide choice - POST /host/users/{id}/unban → lift ban - PATCH /host/users/{id}/role → promote guest→host or demote host→guest - DELETE /host/upload/{id} → host-level soft-delete + SSE - DELETE /host/comment/{id} → host-level soft-delete Frontend — /host page: - Event controls: lock/unlock toggle and release-gallery button with status badges - Guest table: display name, role badge, upload count, storage used - Ban flow: modal asking whether to keep or hide the user's uploads - Promote/demote buttons respecting caller role (host can promote guests; admin can demote hosts) - auth.ts: getRole() decodes JWT payload client-side to gate the route Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-02 20:43:09 +02:00
parent 25f4fb1810
commit 71a2987a3e
5 changed files with 602 additions and 1 deletions
--- a/frontend/src/routes/host/+page.svelte
+++ b/frontend/src/routes/host/+page.svelte
@@ -0,0 +1,318 @@
+<script lang="ts">
+	import { goto } from '$app/navigation';
+	import { getToken, getRole } from '$lib/auth';
+	import { api } from '$lib/api';
+	import { onMount } from 'svelte';
+
+	interface UserSummary {
+		id: string;
+		display_name: string;
+		role: string;
+		is_banned: boolean;
+		uploads_hidden: boolean;
+		upload_count: number;
+		total_upload_bytes: number;
+		created_at: string;
+	}
+
+	interface EventStatus {
+		name: string;
+		is_active: boolean;
+		uploads_locked: boolean;
+		export_released: boolean;
+	}
+
+	let event = $state<EventStatus | null>(null);
+	let users = $state<UserSummary[]>([]);
+	let loading = $state(true);
+	let error = $state<string | null>(null);
+
+	// Ban modal state
+	let banTarget = $state<UserSummary | null>(null);
+	let banHideUploads = $state(false);
+	let banSubmitting = $state(false);
+
+	// Toast state
+	let toast = $state<string | null>(null);
+
+	onMount(async () => {
+		const token = getToken();
+		const role = getRole();
+		if (!token || (role !== 'host' && role !== 'admin')) {
+			goto('/join');
+			return;
+		}
+		await reload();
+	});
+
+	async function reload() {
+		loading = true;
+		error = null;
+		try {
+			[event, users] = await Promise.all([
+				api.get<EventStatus>('/host/event'),
+				api.get<UserSummary[]>('/host/users')
+			]);
+		} catch (e: unknown) {
+			error = e instanceof Error ? e.message : 'Fehler beim Laden.';
+		} finally {
+			loading = false;
+		}
+	}
+
+	function showToast(msg: string) {
+		toast = msg;
+		setTimeout(() => (toast = null), 3000);
+	}
+
+	async function toggleEventLock() {
+		if (!event) return;
+		try {
+			if (event.uploads_locked) {
+				await api.post('/host/event/open');
+				showToast('Uploads wurden wieder geöffnet.');
+			} else {
+				await api.post('/host/event/close');
+				showToast('Uploads wurden gesperrt.');
+			}
+			await reload();
+		} catch (e: unknown) {
+			showToast(e instanceof Error ? e.message : 'Fehler.');
+		}
+	}
+
+	async function releaseGallery() {
+		try {
+			await api.post('/host/gallery/release');
+			showToast('Galerie wurde freigegeben. Export wird vorbereitet…');
+			await reload();
+		} catch (e: unknown) {
+			showToast(e instanceof Error ? e.message : 'Fehler.');
+		}
+	}
+
+	function openBanModal(user: UserSummary) {
+		banTarget = user;
+		banHideUploads = false;
+	}
+
+	async function confirmBan() {
+		if (!banTarget) return;
+		banSubmitting = true;
+		try {
+			await api.post(`/host/users/${banTarget.id}/ban`, { hide_uploads: banHideUploads });
+			showToast(`${banTarget.display_name} wurde gesperrt.`);
+			banTarget = null;
+			await reload();
+		} catch (e: unknown) {
+			showToast(e instanceof Error ? e.message : 'Fehler.');
+		} finally {
+			banSubmitting = false;
+		}
+	}
+
+	async function unban(user: UserSummary) {
+		try {
+			await api.post(`/host/users/${user.id}/unban`);
+			showToast(`Sperre für ${user.display_name} aufgehoben.`);
+			await reload();
+		} catch (e: unknown) {
+			showToast(e instanceof Error ? e.message : 'Fehler.');
+		}
+	}
+
+	async function promoteToHost(user: UserSummary) {
+		try {
+			await api.patch(`/host/users/${user.id}/role`, { role: 'host' });
+			showToast(`${user.display_name} ist jetzt Host.`);
+			await reload();
+		} catch (e: unknown) {
+			showToast(e instanceof Error ? e.message : 'Fehler.');
+		}
+	}
+
+	async function demoteToGuest(user: UserSummary) {
+		try {
+			await api.patch(`/host/users/${user.id}/role`, { role: 'guest' });
+			showToast(`${user.display_name} ist jetzt Gast.`);
+			await reload();
+		} catch (e: unknown) {
+			showToast(e instanceof Error ? e.message : 'Fehler.');
+		}
+	}
+
+	function formatBytes(bytes: number): string {
+		if (bytes < 1024) return `${bytes} B`;
+		if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
+		return `${(bytes / (1024 * 1024)).toFixed(1)} MB`;
+	}
+
+	const myRole = getRole();
+</script>
+
+<!-- Ban modal -->
+{#if banTarget}
+	<div class="fixed inset-0 z-50 flex items-center justify-center bg-black/50 p-4">
+		<div class="w-full max-w-sm rounded-2xl bg-white p-6 shadow-xl">
+			<h2 class="mb-1 text-lg font-bold text-gray-900">Benutzer sperren</h2>
+			<p class="mb-4 text-sm text-gray-600">
+				Was soll mit den Uploads von <strong>{banTarget.display_name}</strong> passieren?
+			</p>
+			<label class="mb-4 flex cursor-pointer items-center gap-3 rounded-lg border border-gray-200 p-3">
+				<input
+					type="checkbox"
+					bind:checked={banHideUploads}
+					class="h-4 w-4 rounded border-gray-300 text-red-600 focus:ring-red-500"
+				/>
+				<span class="text-sm text-gray-700">Uploads aus der Galerie ausblenden</span>
+			</label>
+			<div class="flex gap-2">
+				<button
+					onclick={() => (banTarget = null)}
+					class="flex-1 rounded-lg border border-gray-300 py-2 text-sm text-gray-700 hover:bg-gray-50"
+				>
+					Abbrechen
+				</button>
+				<button
+					onclick={confirmBan}
+					disabled={banSubmitting}
+					class="flex-1 rounded-lg bg-red-600 py-2 text-sm font-medium text-white hover:bg-red-700 disabled:opacity-50"
+				>
+					{banSubmitting ? 'Wird gesperrt…' : 'Sperren'}
+				</button>
+			</div>
+		</div>
+	</div>
+{/if}
+
+<!-- Toast -->
+{#if toast}
+	<div class="fixed bottom-6 left-1/2 z-50 -translate-x-1/2 rounded-full bg-gray-900 px-5 py-2.5 text-sm text-white shadow-lg">
+		{toast}
+	</div>
+{/if}
+
+<div class="min-h-screen bg-gray-50">
+	<!-- Header -->
+	<div class="border-b border-gray-200 bg-white">
+		<div class="mx-auto flex max-w-3xl items-center justify-between px-4 py-4">
+			<div>
+				<h1 class="text-xl font-bold text-gray-900">Host Dashboard</h1>
+				{#if event}
+					<p class="text-sm text-gray-500">{event.name}</p>
+				{/if}
+			</div>
+			<a href="/feed" class="text-sm text-blue-600 hover:underline">Zur Galerie</a>
+		</div>
+	</div>
+
+	<div class="mx-auto max-w-3xl space-y-4 p-4">
+		{#if loading}
+			<div class="py-16 text-center text-gray-400">Laden…</div>
+		{:else if error}
+			<div class="rounded-lg bg-red-50 p-4 text-sm text-red-700">{error}</div>
+		{:else if event}
+			<!-- Event controls -->
+			<div class="rounded-xl border border-gray-200 bg-white p-5">
+				<h2 class="mb-4 font-semibold text-gray-900">Veranstaltung</h2>
+				<div class="flex flex-wrap gap-3">
+					<button
+						onclick={toggleEventLock}
+						class="rounded-lg px-4 py-2 text-sm font-medium {event.uploads_locked
+							? 'bg-green-600 text-white hover:bg-green-700'
+							: 'bg-amber-500 text-white hover:bg-amber-600'}"
+					>
+						{event.uploads_locked ? 'Uploads wieder öffnen' : 'Uploads sperren'}
+					</button>
+					<button
+						onclick={releaseGallery}
+						disabled={event.export_released}
+						class="rounded-lg px-4 py-2 text-sm font-medium {event.export_released
+							? 'cursor-default bg-gray-100 text-gray-400'
+							: 'bg-blue-600 text-white hover:bg-blue-700'}"
+					>
+						{event.export_released ? 'Galerie bereits freigegeben' : 'Galerie freigeben'}
+					</button>
+				</div>
+				<div class="mt-3 flex gap-4 text-xs text-gray-500">
+					<span class="flex items-center gap-1">
+						<span class="h-2 w-2 rounded-full {event.uploads_locked ? 'bg-red-500' : 'bg-green-500'}"></span>
+						Uploads {event.uploads_locked ? 'gesperrt' : 'offen'}
+					</span>
+					<span class="flex items-center gap-1">
+						<span class="h-2 w-2 rounded-full {event.export_released ? 'bg-blue-500' : 'bg-gray-300'}"></span>
+						Export {event.export_released ? 'freigegeben' : 'gesperrt'}
+					</span>
+				</div>
+			</div>
+
+			<!-- User management -->
+			<div class="rounded-xl border border-gray-200 bg-white">
+				<div class="border-b border-gray-100 px-5 py-4">
+					<h2 class="font-semibold text-gray-900">Gäste ({users.length})</h2>
+				</div>
+				{#if users.length === 0}
+					<p class="px-5 py-8 text-center text-sm text-gray-400">Noch keine Gäste.</p>
+				{:else}
+					<div class="divide-y divide-gray-100">
+						{#each users as user}
+							<div class="flex items-center gap-3 px-5 py-3">
+								<div class="min-w-0 flex-1">
+									<div class="flex items-center gap-2">
+										<span class="truncate font-medium text-gray-900">{user.display_name}</span>
+										{#if user.role === 'host'}
+											<span class="rounded-full bg-blue-100 px-2 py-0.5 text-xs font-medium text-blue-700">Host</span>
+										{:else if user.role === 'admin'}
+											<span class="rounded-full bg-purple-100 px-2 py-0.5 text-xs font-medium text-purple-700">Admin</span>
+										{/if}
+										{#if user.is_banned}
+											<span class="rounded-full bg-red-100 px-2 py-0.5 text-xs font-medium text-red-700">Gesperrt</span>
+										{/if}
+									</div>
+									<p class="text-xs text-gray-400">
+										{user.upload_count} Upload{user.upload_count !== 1 ? 's' : ''} · {formatBytes(user.total_upload_bytes)}
+									</p>
+								</div>
+								<div class="flex shrink-0 gap-1.5">
+									{#if user.role !== 'admin'}
+										{#if user.is_banned}
+											<button
+												onclick={() => unban(user)}
+												class="rounded-lg bg-gray-100 px-3 py-1.5 text-xs font-medium text-gray-700 hover:bg-gray-200"
+											>
+												Entsperren
+											</button>
+										{:else}
+											{#if user.role === 'guest' && (myRole === 'host' || myRole === 'admin')}
+												<button
+													onclick={() => promoteToHost(user)}
+													class="rounded-lg bg-blue-50 px-3 py-1.5 text-xs font-medium text-blue-700 hover:bg-blue-100"
+												>
+													Host
+												</button>
+											{/if}
+											{#if user.role === 'host' && myRole === 'admin'}
+												<button
+													onclick={() => demoteToGuest(user)}
+													class="rounded-lg bg-gray-100 px-3 py-1.5 text-xs font-medium text-gray-700 hover:bg-gray-200"
+												>
+													Degradieren
+												</button>
+											{/if}
+											<button
+												onclick={() => openBanModal(user)}
+												class="rounded-lg bg-red-50 px-3 py-1.5 text-xs font-medium text-red-700 hover:bg-red-100"
+											>
+												Sperren
+											</button>
+										{/if}
+									{/if}
+								</div>
+							</div>
+						{/each}
+					</div>
+				{/if}
+			</div>
+		{/if}
+	</div>
+</div>