git.stevedylan.dev

chore: initial refactor d29d0533

Steve · 2026-04-14 20:09 19 file(s) · +2724 −2855

Cargo.lock +1 −1


[[package]]
name = "jotts"
version = "0.1.2"
version = "0.2.0"
dependencies = [
 "andromeda-auth",
 "arboard",

apps/cellar/src/auth.rs +4 −38

                return Ok(AuthSession);
            }
        }
        let path = parts.uri.path_and_query()
        let path = parts
            .uri
            .path_and_query()
            .map(|pq| pq.as_str())
            .unwrap_or(parts.uri.path());
        let login_url = format!("/admin/login?next={}", urlencoding(path));


fn is_valid_session(state: &AppState, token: &str) -> bool {
    match db::get_session_expiry(&state.db, token) {
        Ok(Some(expires_at)) => {
            let now = chrono_now();
            expires_at > now
        }
        Ok(Some(expires_at)) => expires_at > andromeda_auth::datetime::now_datetime_string(),
        _ => false,
    }
}

pub fn chrono_now() -> String {
    use std::time::{SystemTime, UNIX_EPOCH};
    let secs = SystemTime::now()
        .duration_since(UNIX_EPOCH)
        .unwrap()
        .as_secs();
    let days_since_epoch = secs / 86400;
    let time_of_day = secs % 86400;
    let hours = time_of_day / 3600;
    let minutes = (time_of_day % 3600) / 60;
    let seconds = time_of_day % 60;

    let (year, month, day) = days_to_ymd(days_since_epoch as i64);
    format!(
        "{:04}-{:02}-{:02} {:02}:{:02}:{:02}",
        year, month, day, hours, minutes, seconds
    )
}

fn urlencoding(s: &str) -> String {
    let mut out = String::with_capacity(s.len());
    for b in s.bytes() {

    }
    out
}

fn days_to_ymd(mut days: i64) -> (i64, i64, i64) {
    days += 719468;
    let era = if days >= 0 { days } else { days - 146096 } / 146097;
    let doe = (days - era * 146097) as u32;
    let yoe = (doe - doe / 1460 + doe / 36524 - doe / 146096) / 365;
    let y = yoe as i64 + era * 400;
    let doy = doe - (365 * yoe + yoe / 4 - yoe / 100);
    let mp = (5 * doy + 2) / 153;
    let d = doy - (153 * mp + 2) / 5 + 1;
    let m = if mp < 10 { mp + 3 } else { mp - 9 };
    let y = if m <= 2 { y + 1 } else { y };
    (y, m as i64, d as i64)
}

apps/cellar/src/server.rs (deleted) +0 −1092

use askama::Template;
use image::ImageDecoder;
use askama_web::WebTemplate;
use axum::{
    extract::{DefaultBodyLimit, Multipart, Path, Query, State},
    http::{HeaderValue, StatusCode},
    response::{Html, IntoResponse, Json, Redirect, Response},
    routing::{get, post},
    Router,
};
use rust_embed::Embed;
use std::sync::Arc;

use crate::auth;
use crate::claude;
use crate::db::{self, Db, Wine};

#[derive(Clone)]
pub struct AppState {
    pub db: Db,
    pub app_password: String,
    pub cookie_secure: bool,
    pub anthropic_api_key: Option<String>,
}

#[derive(Embed)]
#[folder = "static/"]
struct Static;

// --- Templates ---

#[derive(Template)]
#[template(path = "base.html")]
struct BaseTemplate;

#[derive(Template)]
#[template(path = "login.html")]
struct LoginTemplate {
    error: Option<String>,
    next: Option<String>,
}

struct WineWithSvg {
    wine: Wine,
    pentagon_svg: String,
}

#[derive(Template)]
#[template(path = "index.html")]
struct IndexTemplate {
    wines: Vec<WineWithSvg>,
}

#[derive(Template)]
#[template(path = "wine.html")]
struct WineDetailTemplate {
    wine: Wine,
    pentagon_svg: String,
    bars_svg: String,
}

#[derive(Template)]
#[template(path = "admin.html")]
struct AdminTemplate {
    wines: Vec<Wine>,
}

#[derive(Template)]
#[template(path = "wine_form.html")]
struct WineFormTemplate {
    wine: Option<Wine>,
    error: Option<String>,
    has_anthropic_key: bool,
}

#[derive(Template)]
#[template(path = "wishlist.html")]
struct WishlistTemplate {
    wines: Vec<Wine>,
    is_admin: bool,
}

#[derive(Template)]
#[template(path = "wishlist_form.html")]
struct WishlistFormTemplate {
    wine: Option<Wine>,
    error: Option<String>,
    has_anthropic_key: bool,
}

// --- Query/Form structs ---

#[derive(serde::Deserialize, Default)]
pub struct FlashQuery {
    pub error: Option<String>,
    pub next: Option<String>,
}

#[derive(serde::Deserialize)]
struct LoginForm {
    password: String,
}

// --- Static file handlers ---

fn mime_from_path(path: &str) -> &'static str {
    match path.rsplit('.').next().unwrap_or("") {
        "css" => "text/css",
        "js" => "application/javascript",
        "html" => "text/html",
        "png" => "image/png",
        "jpg" | "jpeg" => "image/jpeg",
        "ico" => "image/x-icon",
        "svg" => "image/svg+xml",
        "woff" | "woff2" => "font/woff2",
        "ttf" => "font/ttf",
        "otf" => "font/otf",
        "json" | "webmanifest" => "application/json",
        _ => "application/octet-stream",
    }
}

async fn serve_static(Path(path): Path<String>) -> Response {
    match Static::get(&path) {
        Some(file) => {
            let mime = mime_from_path(&path);
            (
                StatusCode::OK,
                [(axum::http::header::CONTENT_TYPE, HeaderValue::from_static(mime))],
                file.data.to_vec(),
            )
                .into_response()
        }
        None => StatusCode::NOT_FOUND.into_response(),
    }
}

// --- Pentagon SVG ---

fn build_pentagon_svg(
    sweetness: i32,
    acidity: i32,
    tannin: i32,
    alcohol: i32,
    body: i32,
    size: f64,
    show_labels: bool,
) -> String {
    let cx = size / 2.0;
    let cy = size / 2.0;
    let margin = if show_labels { 30.0 } else { 5.0 };
    let r = size / 2.0 - margin;

    let scores = [sweetness, acidity, tannin, alcohol, body];
    let labels = ["Sweetness", "Acidity", "Tannin", "Alcohol", "Body"];

    let angles: Vec<f64> = (0..5)
        .map(|i| (-90.0_f64 + 72.0 * i as f64).to_radians())
        .collect();

    let mut svg = format!(
        r#"<svg viewBox="0 0 {s} {s}" width="100%" xmlns="http://www.w3.org/2000/svg">"#,
        s = size
    );

    // Grid pentagons at 20%, 40%, 60%, 80%
    for pct in &[0.2, 0.4, 0.6, 0.8] {
        let points: String = angles
            .iter()
            .map(|a| format!("{:.1},{:.1}", cx + r * pct * a.cos(), cy + r * pct * a.sin()))
            .collect::<Vec<_>>()
            .join(" ");
        svg.push_str(&format!(
            r#"<polygon points="{}" fill="none" stroke="white" stroke-opacity="0.12" stroke-width="0.75"/>"#,
            points
        ));
    }

    // Outer pentagon (100%)
    let outline: String = angles
        .iter()
        .map(|a| format!("{:.1},{:.1}", cx + r * a.cos(), cy + r * a.sin()))
        .collect::<Vec<_>>()
        .join(" ");
    svg.push_str(&format!(
        r#"<polygon points="{}" fill="none" stroke="white" stroke-opacity="0.25" stroke-width="1"/>"#,
        outline
    ));

    // Axis lines from center to each vertex
    for a in &angles {
        svg.push_str(&format!(
            r#"<line x1="{:.1}" y1="{:.1}" x2="{:.1}" y2="{:.1}" stroke="white" stroke-opacity="0.12" stroke-width="0.75"/>"#,
            cx, cy, cx + r * a.cos(), cy + r * a.sin()
        ));
    }

    // Data polygon
    let data_points: Vec<(f64, f64)> = scores
        .iter()
        .zip(&angles)
        .map(|(s, a)| {
            let d = (*s as f64 / 5.0) * r;
            (cx + d * a.cos(), cy + d * a.sin())
        })
        .collect();

    let data_str: String = data_points
        .iter()
        .map(|(x, y)| format!("{:.1},{:.1}", x, y))
        .collect::<Vec<_>>()
        .join(" ");
    svg.push_str(&format!(
        r#"<polygon points="{}" fill="white" fill-opacity="0.08" stroke="white" stroke-width="1.5"/>"#,
        data_str
    ));

    // Data dots
    for (x, y) in &data_points {
        svg.push_str(&format!(
            r#"<circle cx="{:.1}" cy="{:.1}" r="2.5" fill="white"/>"#,
            x, y
        ));
    }

    // Labels
    if show_labels {
        for (i, label) in labels.iter().enumerate() {
            let a = angles[i];
            let label_dist = r + 18.0;
            let lx = cx + label_dist * a.cos();
            let ly = cy + label_dist * a.sin() + 3.5;
            svg.push_str(&format!(
                r#"<text x="{:.1}" y="{:.1}" fill="white" fill-opacity="0.5" font-size="9" font-family="Commit Mono, monospace" text-anchor="middle">{}</text>"#,
                lx, ly, label
            ));
        }
    }

    svg.push_str("</svg>");
    svg
}

fn build_bars_svg(
    clarity: i32,
    color_intensity: i32,
    aroma_intensity: i32,
    nose_complexity: i32,
    width: f64,
) -> String {
    let bar_height = 4.0;
    let row_height = 22.0;
    let section_gap = 14.0;
    let label_width = 100.0;
    let track_left = label_width + 4.0;
    let track_width = width - track_left - 10.0;
    let header_size = 9.0;

    let sections: &[(&str, &[(&str, i32)])] = &[
        ("Appearance", &[("Clarity", clarity), ("Intensity", color_intensity)]),
        ("Nose", &[("Aroma", aroma_intensity), ("Complexity", nose_complexity)]),
    ];

    let total_rows: usize = sections.iter().map(|(_, attrs)| attrs.len()).sum();
    let total_height = (sections.len() as f64) * (header_size + 8.0)
        + (total_rows as f64) * row_height
        + section_gap;

    let mut svg = format!(
        r#"<svg viewBox="0 0 {w} {h}" width="100%" xmlns="http://www.w3.org/2000/svg">"#,
        w = width,
        h = total_height
    );

    let mut y = 4.0;

    for (si, (section_name, attrs)) in sections.iter().enumerate() {
        if si > 0 {
            y += section_gap;
        }

        svg.push_str(&format!(
            r#"<text x="0" y="{:.1}" fill="white" fill-opacity="0.4" font-size="{}" font-family="Commit Mono, monospace" text-transform="uppercase" letter-spacing="1">{}</text>"#,
            y + header_size, header_size, section_name
        ));
        y += header_size + 8.0;

        for (label, score) in *attrs {
            let bar_y = y + (row_height - bar_height) / 2.0;
            let fill_width = (*score as f64 / 5.0) * track_width;

            svg.push_str(&format!(
                r#"<text x="0" y="{:.1}" fill="white" fill-opacity="0.5" font-size="9" font-family="Commit Mono, monospace">{}</text>"#,
                y + row_height / 2.0 + 3.0, label
            ));

            svg.push_str(&format!(
                r#"<rect x="{:.1}" y="{:.1}" width="{:.1}" height="{:.1}" rx="2" fill="white" fill-opacity="0.08"/>"#,
                track_left, bar_y, track_width, bar_height
            ));

            if fill_width > 0.0 {
                svg.push_str(&format!(
                    r#"<rect x="{:.1}" y="{:.1}" width="{:.1}" height="{:.1}" rx="2" fill="white" fill-opacity="0.6"/>"#,
                    track_left, bar_y, fill_width, bar_height
                ));

            }

            y += row_height;
        }
    }

    svg.push_str("</svg>");
    svg
}

// --- Auth handlers ---

async fn get_login(Query(q): Query<FlashQuery>) -> Response {
    WebTemplate(LoginTemplate { error: q.error, next: q.next }).into_response()
}

async fn post_login(
    Query(q): Query<FlashQuery>,
    State(state): State<Arc<AppState>>,
    axum::extract::Form(form): axum::extract::Form<LoginForm>,
) -> Response {
    let next = q.next.as_deref().unwrap_or("/admin");
    if !auth::verify_password(&form.password, &state.app_password) {
        return Redirect::to(&format!("/admin/login?error=Invalid+password&next={}", urlencoded(next))).into_response();
    }

    let token = auth::generate_session_token();

    let expires_at = {
        use std::time::{SystemTime, UNIX_EPOCH};
        let secs = SystemTime::now()
            .duration_since(UNIX_EPOCH)
            .unwrap()
            .as_secs()
            + 7 * 24 * 3600;
        let days = secs / 86400;
        let tod = secs % 86400;
        let (y, m, d) = days_to_ymd(days as i64);
        format!(
            "{:04}-{:02}-{:02} {:02}:{:02}:{:02}",
            y,
            m,
            d,
            tod / 3600,
            (tod % 3600) / 60,
            tod % 60
        )
    };

    if let Err(e) = db::insert_session(&state.db, &token, &expires_at) {
        tracing::error!("Failed to create session: {}", e);
        return Redirect::to("/admin/login?error=Server+error").into_response();
    }

    let _ = db::prune_expired_sessions(&state.db);

    let cookie = auth::build_session_cookie(&token, state.cookie_secure);
    // Only allow relative redirects to prevent open redirect
    let redirect_to = if next.starts_with('/') { next } else { "/admin" };
    let mut resp = Redirect::to(redirect_to).into_response();
    resp.headers_mut().insert(
        axum::http::header::SET_COOKIE,
        HeaderValue::from_str(&cookie).unwrap(),
    );
    resp
}

async fn get_logout(State(state): State<Arc<AppState>>, headers: axum::http::HeaderMap) -> Response {
    if let Some(cookie_header) = headers.get("cookie").and_then(|v| v.to_str().ok()) {
        for part in cookie_header.split(';') {
            let part = part.trim();
            if let Some(val) = part.strip_prefix("session=") {
                let val = val.trim();
                if !val.is_empty() {
                    let _ = db::delete_session(&state.db, val);
                }
            }
        }
    }

    let cookie = auth::clear_session_cookie();
    let mut resp = Redirect::to("/admin/login").into_response();
    resp.headers_mut().insert(
        axum::http::header::SET_COOKIE,
        HeaderValue::from_str(&cookie).unwrap(),
    );
    resp
}

// --- Public handlers ---

async fn get_index(State(state): State<Arc<AppState>>) -> Response {
    match db::get_cellar_wines(&state.db) {
        Ok(wines) => {
            let wines: Vec<WineWithSvg> = wines
                .into_iter()
                .map(|wine| {
                    let pentagon_svg = build_pentagon_svg(
                        wine.sweetness,
                        wine.acidity,
                        wine.tannin,
                        wine.alcohol,
                        wine.body,
                        80.0,
                        false,
                    );
                    WineWithSvg { wine, pentagon_svg }
                })
                .collect();
            WebTemplate(IndexTemplate { wines }).into_response()
        }
        Err(e) => {
            tracing::error!("Failed to list wines: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
        }
    }
}

async fn get_wine_detail(
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
) -> Response {
    match db::get_wine_by_short_id(&state.db, &short_id) {
        Ok(Some(wine)) => {
            let pentagon_svg = build_pentagon_svg(
                wine.sweetness,
                wine.acidity,
                wine.tannin,
                wine.alcohol,
                wine.body,
                250.0,
                true,
            );
            let bars_svg = build_bars_svg(
                wine.clarity,
                wine.color_intensity,
                wine.aroma_intensity,
                wine.nose_complexity,
                250.0,
            );
            WebTemplate(WineDetailTemplate { wine, pentagon_svg, bars_svg }).into_response()
        }
        Ok(None) => (StatusCode::NOT_FOUND, Html("Wine not found".to_string())).into_response(),
        Err(e) => {
            tracing::error!("Failed to get wine: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
        }
    }
}

async fn get_wine_image(
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
) -> Response {
    match db::get_wine_image(&state.db, &short_id) {
        Ok(Some((bytes, mime))) => {
            let content_type = HeaderValue::from_str(&mime).unwrap_or_else(|_| {
                HeaderValue::from_static("application/octet-stream")
            });
            (
                StatusCode::OK,
                [(axum::http::header::CONTENT_TYPE, content_type)],
                bytes,
            )
                .into_response()
        }
        Ok(None) => StatusCode::NOT_FOUND.into_response(),
        Err(e) => {
            tracing::error!("Failed to get wine image: {}", e);
            StatusCode::INTERNAL_SERVER_ERROR.into_response()
        }
    }
}

// --- Admin handlers ---

async fn get_admin(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
) -> Response {
    match db::get_cellar_wines(&state.db) {
        Ok(wines) => WebTemplate(AdminTemplate { wines }).into_response(),
        Err(e) => {
            tracing::error!("Failed to list wines: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
        }
    }
}

async fn get_new_wine(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Query(q): Query<FlashQuery>,
) -> Response {
    WebTemplate(WineFormTemplate {
        wine: None,
        error: q.error,
        has_anthropic_key: state.anthropic_api_key.is_some(),
    })
    .into_response()
}

async fn get_edit_wine(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
    Query(q): Query<FlashQuery>,
) -> Response {
    match db::get_wine_by_short_id(&state.db, &short_id) {
        Ok(Some(wine)) => WebTemplate(WineFormTemplate {
            wine: Some(wine),
            error: q.error,
            has_anthropic_key: state.anthropic_api_key.is_some(),
        })
        .into_response(),
        Ok(None) => (StatusCode::NOT_FOUND, Html("Wine not found".to_string())).into_response(),
        Err(e) => {
            tracing::error!("Failed to get wine: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
        }
    }
}

// --- Image processing ---

fn process_image(data: &[u8]) -> Result<Vec<u8>, String> {
    let reader = image::ImageReader::new(std::io::Cursor::new(data))
        .with_guessed_format()
        .map_err(|e| format!("Failed to read image: {}", e))?;
    let mut decoder = reader
        .into_decoder()
        .map_err(|e| format!("Failed to create decoder: {}", e))?;
    let orientation = decoder.orientation().unwrap_or(image::metadata::Orientation::NoTransforms);
    let mut img = image::DynamicImage::from_decoder(decoder)
        .map_err(|e| format!("Failed to decode image: {}", e))?;
    img.apply_orientation(orientation);
    let mut output = Vec::new();
    let encoder = image::codecs::jpeg::JpegEncoder::new_with_quality(&mut output, 75);
    img.write_with_encoder(encoder)
        .map_err(|e| format!("JPEG encoding failed: {}", e))?;
    Ok(output)
}

// --- Multipart parsing ---

struct WineFormData {
    name: String,
    origin: String,
    grape: String,
    notes: String,
    background: String,
    image: Option<Vec<u8>>,
    image_mime: Option<String>,
    sweetness: i32,
    acidity: i32,
    tannin: i32,
    alcohol: i32,
    body: i32,
    clarity: i32,
    color_intensity: i32,
    aroma_intensity: i32,
    nose_complexity: i32,
}

async fn parse_wine_multipart(mut multipart: Multipart) -> Result<WineFormData, String> {
    let mut name = String::new();
    let mut origin = String::new();
    let mut grape = String::new();
    let mut notes = String::new();
    let mut background = String::new();
    let mut image: Option<Vec<u8>> = None;
    let mut image_mime: Option<String> = None;
    let mut sweetness = 3;
    let mut acidity = 3;
    let mut tannin = 3;
    let mut alcohol = 3;
    let mut body = 3;
    let mut clarity = 3;
    let mut color_intensity = 3;
    let mut aroma_intensity = 3;
    let mut nose_complexity = 3;

    while let Ok(Some(field)) = multipart.next_field().await {
        let field_name = field.name().unwrap_or("").to_string();
        match field_name.as_str() {
            "image" => {
                let bytes = field.bytes().await.map_err(|e| format!("Failed to read image: {}", e))?;
                if !bytes.is_empty() {
                    let processed = process_image(&bytes)?;
                    image = Some(processed);
                    image_mime = Some("image/jpeg".to_string());
                }
            }
            "name" => name = field.text().await.unwrap_or_default(),
            "origin" => origin = field.text().await.unwrap_or_default(),
            "grape" => grape = field.text().await.unwrap_or_default(),
            "notes" => notes = field.text().await.unwrap_or_default(),
            "background" => background = field.text().await.unwrap_or_default(),
            "sweetness" => sweetness = field.text().await.unwrap_or_default().parse().unwrap_or(3),
            "acidity" => acidity = field.text().await.unwrap_or_default().parse().unwrap_or(3),
            "tannin" => tannin = field.text().await.unwrap_or_default().parse().unwrap_or(3),
            "alcohol" => alcohol = field.text().await.unwrap_or_default().parse().unwrap_or(3),
            "body" => body = field.text().await.unwrap_or_default().parse().unwrap_or(3),
            "clarity" => clarity = field.text().await.unwrap_or_default().parse().unwrap_or(3),
            "color_intensity" => color_intensity = field.text().await.unwrap_or_default().parse().unwrap_or(3),
            "aroma_intensity" => aroma_intensity = field.text().await.unwrap_or_default().parse().unwrap_or(3),
            "nose_complexity" => nose_complexity = field.text().await.unwrap_or_default().parse().unwrap_or(3),
            _ => {}
        }
    }

    if name.trim().is_empty() {
        return Err("Name is required".to_string());
    }

    // Clamp scores to 1-5
    let clamp = |v: i32| v.max(1).min(5);
    Ok(WineFormData {
        name: name.trim().to_string(),
        origin: origin.trim().to_string(),
        grape: grape.trim().to_string(),
        notes: notes.trim().to_string(),
        background: background.trim().to_string(),
        image,
        image_mime,
        sweetness: clamp(sweetness),
        acidity: clamp(acidity),
        tannin: clamp(tannin),
        alcohol: clamp(alcohol),
        body: clamp(body),
        clarity: clamp(clarity),
        color_intensity: clamp(color_intensity),
        aroma_intensity: clamp(aroma_intensity),
        nose_complexity: clamp(nose_complexity),
    })
}

async fn post_new_wine(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    multipart: Multipart,
) -> Response {
    let data = match parse_wine_multipart(multipart).await {
        Ok(data) => data,
        Err(e) => {
            return Redirect::to(&format!("/admin/new?error={}", urlencoded(&e))).into_response();
        }
    };

    match db::create_wine(
        &state.db,
        &data.name,
        &data.origin,
        &data.grape,
        &data.notes,
        data.image.as_deref(),
        data.image_mime.as_deref(),
        data.sweetness,
        data.acidity,
        data.tannin,
        data.alcohol,
        data.body,
        data.clarity,
        data.color_intensity,
        data.aroma_intensity,
        data.nose_complexity,
        &data.background,
        false,
    ) {
        Ok(wine) => Redirect::to(&format!("/wines/{}", wine.short_id)).into_response(),
        Err(e) => {
            tracing::error!("Failed to create wine: {}", e);
            Redirect::to("/admin/new?error=Failed+to+create+wine").into_response()
        }
    }
}

async fn post_edit_wine(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
    multipart: Multipart,
) -> Response {
    let data = match parse_wine_multipart(multipart).await {
        Ok(data) => data,
        Err(e) => {
            return Redirect::to(&format!("/admin/edit/{}?error={}", short_id, urlencoded(&e)))
                .into_response();
        }
    };

    match db::update_wine(
        &state.db,
        &short_id,
        &data.name,
        &data.origin,
        &data.grape,
        &data.notes,
        data.sweetness,
        data.acidity,
        data.tannin,
        data.alcohol,
        data.body,
        data.clarity,
        data.color_intensity,
        data.aroma_intensity,
        data.nose_complexity,
        &data.background,
    ) {
        Ok(Some(_)) => {
            if let Some(image) = &data.image {
                if let Some(mime) = &data.image_mime {
                    if let Err(e) = db::update_wine_image(&state.db, &short_id, image, mime) {
                        tracing::error!("Failed to update wine image: {}", e);
                    }
                }
            }
            Redirect::to(&format!("/wines/{}", short_id)).into_response()
        }
        Ok(None) => (StatusCode::NOT_FOUND, Html("Wine not found".to_string())).into_response(),
        Err(e) => {
            tracing::error!("Failed to update wine: {}", e);
            Redirect::to(&format!(
                "/admin/edit/{}?error=Failed+to+update+wine",
                short_id
            ))
            .into_response()
        }
    }
}

async fn post_delete_wine(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
) -> Response {
    match db::delete_wine(&state.db, &short_id) {
        Ok(_) => Redirect::to("/admin").into_response(),
        Err(e) => {
            tracing::error!("Failed to delete wine: {}", e);
            Redirect::to("/admin").into_response()
        }
    }
}

// --- Wishlist ---

struct WishlistFormData {
    name: String,
    origin: String,
    grape: String,
    notes: String,
    background: String,
    image: Option<Vec<u8>>,
    image_mime: Option<String>,
}

async fn parse_wishlist_multipart(mut multipart: Multipart) -> Result<WishlistFormData, String> {
    let mut name = String::new();
    let mut origin = String::new();
    let mut grape = String::new();
    let mut notes = String::new();
    let mut background = String::new();
    let mut image: Option<Vec<u8>> = None;
    let mut image_mime: Option<String> = None;

    while let Ok(Some(field)) = multipart.next_field().await {
        let field_name = field.name().unwrap_or("").to_string();
        match field_name.as_str() {
            "image" => {
                let bytes = field.bytes().await.map_err(|e| format!("Failed to read image: {}", e))?;
                if !bytes.is_empty() {
                    let processed = process_image(&bytes)?;
                    image = Some(processed);
                    image_mime = Some("image/jpeg".to_string());
                }
            }
            "name" => name = field.text().await.unwrap_or_default(),
            "origin" => origin = field.text().await.unwrap_or_default(),
            "grape" => grape = field.text().await.unwrap_or_default(),
            "notes" => notes = field.text().await.unwrap_or_default(),
            "background" => background = field.text().await.unwrap_or_default(),
            _ => {}
        }
    }

    if name.trim().is_empty() {
        return Err("Name is required".to_string());
    }

    Ok(WishlistFormData {
        name: name.trim().to_string(),
        origin: origin.trim().to_string(),
        grape: grape.trim().to_string(),
        notes: notes.trim().to_string(),
        background: background.trim().to_string(),
        image,
        image_mime,
    })
}

async fn get_wishlist(
    State(state): State<Arc<AppState>>,
    headers: axum::http::HeaderMap,
) -> Response {
    let is_admin = auth::is_authenticated(&state, &headers);
    match db::get_wishlist_wines(&state.db) {
        Ok(wines) => WebTemplate(WishlistTemplate { wines, is_admin }).into_response(),
        Err(e) => {
            tracing::error!("Failed to list wishlist: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
        }
    }
}

async fn get_new_wishlist_wine(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Query(q): Query<FlashQuery>,
) -> Response {
    WebTemplate(WishlistFormTemplate {
        wine: None,
        error: q.error,
        has_anthropic_key: state.anthropic_api_key.is_some(),
    })
    .into_response()
}

async fn get_edit_wishlist_wine(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
    Query(q): Query<FlashQuery>,
) -> Response {
    match db::get_wine_by_short_id(&state.db, &short_id) {
        Ok(Some(wine)) => WebTemplate(WishlistFormTemplate {
            wine: Some(wine),
            error: q.error,
            has_anthropic_key: state.anthropic_api_key.is_some(),
        })
        .into_response(),
        Ok(None) => (StatusCode::NOT_FOUND, Html("Wine not found".to_string())).into_response(),
        Err(e) => {
            tracing::error!("Failed to get wine: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
        }
    }
}

async fn post_new_wishlist_wine(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    multipart: Multipart,
) -> Response {
    let data = match parse_wishlist_multipart(multipart).await {
        Ok(data) => data,
        Err(e) => {
            return Redirect::to(&format!("/admin/wishlist/new?error={}", urlencoded(&e))).into_response();
        }
    };

    match db::create_wine(
        &state.db,
        &data.name,
        &data.origin,
        &data.grape,
        &data.notes,
        data.image.as_deref(),
        data.image_mime.as_deref(),
        3, 3, 3, 3, 3, 3, 3, 3, 3,
        &data.background,
        true,
    ) {
        Ok(_) => Redirect::to("/wishlist").into_response(),
        Err(e) => {
            tracing::error!("Failed to create wishlist wine: {}", e);
            Redirect::to("/admin/wishlist/new?error=Failed+to+create+wine").into_response()
        }
    }
}

async fn post_edit_wishlist_wine(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
    multipart: Multipart,
) -> Response {
    let data = match parse_wishlist_multipart(multipart).await {
        Ok(data) => data,
        Err(e) => {
            return Redirect::to(&format!("/admin/wishlist/edit/{}?error={}", short_id, urlencoded(&e)))
                .into_response();
        }
    };

    match db::update_wishlist_wine(
        &state.db,
        &short_id,
        &data.name,
        &data.origin,
        &data.grape,
        &data.notes,
        &data.background,
    ) {
        Ok(Some(_)) => {
            if let Some(image) = &data.image {
                if let Some(mime) = &data.image_mime {
                    if let Err(e) = db::update_wine_image(&state.db, &short_id, image, mime) {
                        tracing::error!("Failed to update wine image: {}", e);
                    }
                }
            }
            Redirect::to("/wishlist").into_response()
        }
        Ok(None) => (StatusCode::NOT_FOUND, Html("Wine not found".to_string())).into_response(),
        Err(e) => {
            tracing::error!("Failed to update wishlist wine: {}", e);
            Redirect::to(&format!(
                "/admin/wishlist/edit/{}?error=Failed+to+update+wine",
                short_id
            ))
            .into_response()
        }
    }
}

async fn post_delete_wishlist_wine(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
) -> Response {
    match db::delete_wine(&state.db, &short_id) {
        Ok(_) => Redirect::to("/wishlist").into_response(),
        Err(e) => {
            tracing::error!("Failed to delete wine: {}", e);
            Redirect::to("/wishlist").into_response()
        }
    }
}

async fn post_promote_wine(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
) -> Response {
    match db::promote_wine(&state.db, &short_id) {
        Ok(true) => Redirect::to(&format!("/admin/edit/{}", short_id)).into_response(),
        Ok(false) => (StatusCode::NOT_FOUND, Html("Wine not found".to_string())).into_response(),
        Err(e) => {
            tracing::error!("Failed to promote wine: {}", e);
            Redirect::to("/wishlist").into_response()
        }
    }
}

// --- Claude vision handler ---

async fn post_analyze_image(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    mut multipart: Multipart,
) -> Response {
    let api_key = match &state.anthropic_api_key {
        Some(key) => key.clone(),
        None => {
            return (StatusCode::BAD_REQUEST, Json(serde_json::json!({"error": "No API key configured"})))
                .into_response();
        }
    };

    let mut image_bytes: Option<Vec<u8>> = None;
    let mut media_type = String::from("image/jpeg");

    while let Ok(Some(field)) = multipart.next_field().await {
        if field.name() == Some("image") {
            media_type = field.content_type().unwrap_or("image/jpeg").to_string();
            if let Ok(bytes) = field.bytes().await {
                if !bytes.is_empty() {
                    image_bytes = Some(bytes.to_vec());
                }
            }
        }
    }

    let image_bytes = match image_bytes {
        Some(bytes) => bytes,
        None => {
            return (StatusCode::BAD_REQUEST, Json(serde_json::json!({"error": "No image provided"})))
                .into_response();
        }
    };

    match claude::analyze_wine_image(&api_key, &image_bytes, &media_type).await {
        Ok(result) => (StatusCode::OK, Json(result)).into_response(),
        Err(e) => {
            tracing::error!("Claude analysis failed: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, Json(serde_json::json!({"error": e})))
                .into_response()
        }
    }
}

// --- Helpers ---

fn urlencoded(s: &str) -> String {
    s.replace(' ', "+")
        .replace('&', "%26")
        .replace('=', "%3D")
}

fn days_to_ymd(mut days: i64) -> (i64, i64, i64) {
    days += 719468;
    let era = if days >= 0 { days } else { days - 146096 } / 146097;
    let doe = (days - era * 146097) as u32;
    let yoe = (doe - doe / 1460 + doe / 36524 - doe / 146096) / 365;
    let y = yoe as i64 + era * 400;
    let doy = doe - (365 * yoe + yoe / 4 - yoe / 100);
    let mp = (5 * doy + 2) / 153;
    let d = doy - (153 * mp + 2) / 5 + 1;
    let m = if mp < 10 { mp + 3 } else { mp - 9 };
    let y = if m <= 2 { y + 1 } else { y };
    (y, m as i64, d as i64)
}

// --- Router ---

pub async fn run(host: String, port: u16) {
    dotenvy::dotenv().ok();

    let db = db::init_db();

    if let Err(e) = db::prune_expired_sessions(&db) {
        tracing::warn!("Failed to prune sessions: {}", e);
    }

    let app_password = std::env::var("CELLAR_PASSWORD").unwrap_or_else(|_| {
        tracing::warn!("CELLAR_PASSWORD not set, using default 'changeme'");
        "changeme".to_string()
    });

    let cookie_secure = std::env::var("COOKIE_SECURE")
        .map(|v| v == "true")
        .unwrap_or(false);

    let anthropic_api_key = std::env::var("ANTHROPIC_API_KEY").ok().filter(|k| !k.is_empty());

    let state = Arc::new(AppState {
        db,
        app_password,
        cookie_secure,
        anthropic_api_key,
    });

    let app = Router::new()
        // Public routes
        .route("/", get(get_index))
        .route("/wines/{short_id}", get(get_wine_detail))
        .route("/wines/{short_id}/image", get(get_wine_image))
        // Admin auth routes
        .route("/admin/login", get(get_login).post(post_login))
        .route("/admin/logout", get(get_logout))
        // Admin protected routes
        .route("/admin", get(get_admin))
        .route("/admin/new", get(get_new_wine).post(post_new_wine))
        .route("/admin/edit/{short_id}", get(get_edit_wine).post(post_edit_wine))
        .route("/admin/delete/{short_id}", post(post_delete_wine))
        // Wishlist public (admin actions inline when authenticated)
        .route("/wishlist", get(get_wishlist))
        .route("/admin/wishlist/new", get(get_new_wishlist_wine).post(post_new_wishlist_wine))
        .route("/admin/wishlist/edit/{short_id}", get(get_edit_wishlist_wine).post(post_edit_wishlist_wine))
        .route("/admin/wishlist/delete/{short_id}", post(post_delete_wishlist_wine))
        .route("/admin/wishlist/promote/{short_id}", post(post_promote_wine))
        // Claude vision
        .route("/admin/analyze-image", post(post_analyze_image))
        // Static assets
        .route("/static/{*path}", get(serve_static))
        .layer(DefaultBodyLimit::max(10 * 1024 * 1024))
        .with_state(state);

    let addr = format!("{}:{}", host, port);
    tracing::info!("Listening on http://{}", addr);

    let listener = tokio::net::TcpListener::bind(&addr).await.unwrap();
    axum::serve(listener, app).await.unwrap();
}

apps/cellar/src/server/handlers/admin.rs (added) +440 −0

1	+	use askama_web::WebTemplate;
2	+	use axum::{
3	+	extract::{Multipart, Path, Query, State},
4	+	http::{HeaderValue, StatusCode},
5	+	response::{Html, IntoResponse, Json, Redirect, Response},
6	+	};
7	+	use std::sync::Arc;
8	+
9	+	use super::super::*;
10	+	use crate::{auth, claude, db};
11	+
12	+	// --- Auth handlers ---
13	+
14	+	pub async fn get_login(Query(q): Query<FlashQuery>) -> Response {
15	+	WebTemplate(LoginTemplate { error: q.error, next: q.next }).into_response()
16	+	}
17	+
18	+	pub async fn post_login(
19	+	Query(q): Query<FlashQuery>,
20	+	State(state): State<Arc<AppState>>,
21	+	axum::extract::Form(form): axum::extract::Form<LoginForm>,
22	+	) -> Response {
23	+	let next = q.next.as_deref().unwrap_or("/admin");
24	+	if !auth::verify_password(&form.password, &state.app_password) {
25	+	return Redirect::to(&format!(
26	+	"/admin/login?error=Invalid+password&next={}",
27	+	urlencoded(next)
28	+	))
29	+	.into_response();
30	+	}
31	+
32	+	let token = auth::generate_session_token();
33	+
34	+	let expires_at = andromeda_auth::datetime::expiry_datetime_string(7 * 24 * 3600);
35	+
36	+	if let Err(e) = db::insert_session(&state.db, &token, &expires_at) {
37	+	tracing::error!("Failed to create session: {}", e);
38	+	return Redirect::to("/admin/login?error=Server+error").into_response();
39	+	}
40	+
41	+	let _ = db::prune_expired_sessions(&state.db);
42	+
43	+	let cookie = auth::build_session_cookie(&token, state.cookie_secure);
44	+	let redirect_to = if next.starts_with('/') { next } else { "/admin" };
45	+	let mut resp = Redirect::to(redirect_to).into_response();
46	+	resp.headers_mut().insert(
47	+	axum::http::header::SET_COOKIE,
48	+	HeaderValue::from_str(&cookie).unwrap(),
49	+	);
50	+	resp
51	+	}
52	+
53	+	pub async fn get_logout(
54	+	State(state): State<Arc<AppState>>,
55	+	headers: axum::http::HeaderMap,
56	+	) -> Response {
57	+	if let Some(cookie_header) = headers.get("cookie").and_then(\|v\| v.to_str().ok()) {
58	+	for part in cookie_header.split(';') {
59	+	let part = part.trim();
60	+	if let Some(val) = part.strip_prefix("session=") {
61	+	let val = val.trim();
62	+	if !val.is_empty() {
63	+	let _ = db::delete_session(&state.db, val);
64	+	}
65	+	}
66	+	}
67	+	}
68	+
69	+	let cookie = auth::clear_session_cookie();
70	+	let mut resp = Redirect::to("/admin/login").into_response();
71	+	resp.headers_mut().insert(
72	+	axum::http::header::SET_COOKIE,
73	+	HeaderValue::from_str(&cookie).unwrap(),
74	+	);
75	+	resp
76	+	}
77	+
78	+	// --- Admin wine handlers ---
79	+
80	+	pub async fn get_admin(
81	+	_session: auth::AuthSession,
82	+	State(state): State<Arc<AppState>>,
83	+	) -> Response {
84	+	match db::get_cellar_wines(&state.db) {
85	+	Ok(wines) => WebTemplate(AdminTemplate { wines }).into_response(),
86	+	Err(e) => {
87	+	tracing::error!("Failed to list wines: {}", e);
88	+	(StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
89	+	}
90	+	}
91	+	}
92	+
93	+	pub async fn get_new_wine(
94	+	_session: auth::AuthSession,
95	+	State(state): State<Arc<AppState>>,
96	+	Query(q): Query<FlashQuery>,
97	+	) -> Response {
98	+	WebTemplate(WineFormTemplate {
99	+	wine: None,
100	+	error: q.error,
101	+	has_anthropic_key: state.anthropic_api_key.is_some(),
102	+	})
103	+	.into_response()
104	+	}
105	+
106	+	pub async fn get_edit_wine(
107	+	_session: auth::AuthSession,
108	+	State(state): State<Arc<AppState>>,
109	+	Path(short_id): Path<String>,
110	+	Query(q): Query<FlashQuery>,
111	+	) -> Response {
112	+	match db::get_wine_by_short_id(&state.db, &short_id) {
113	+	Ok(Some(wine)) => WebTemplate(WineFormTemplate {
114	+	wine: Some(wine),
115	+	error: q.error,
116	+	has_anthropic_key: state.anthropic_api_key.is_some(),
117	+	})
118	+	.into_response(),
119	+	Ok(None) => (StatusCode::NOT_FOUND, Html("Wine not found".to_string())).into_response(),
120	+	Err(e) => {
121	+	tracing::error!("Failed to get wine: {}", e);
122	+	(StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
123	+	}
124	+	}
125	+	}
126	+
127	+	pub async fn post_new_wine(
128	+	_session: auth::AuthSession,
129	+	State(state): State<Arc<AppState>>,
130	+	multipart: Multipart,
131	+	) -> Response {
132	+	let data = match parse_wine_multipart(multipart).await {
133	+	Ok(data) => data,
134	+	Err(e) => {
135	+	return Redirect::to(&format!("/admin/new?error={}", urlencoded(&e))).into_response();
136	+	}
137	+	};
138	+
139	+	match db::create_wine(
140	+	&state.db,
141	+	&data.name,
142	+	&data.origin,
143	+	&data.grape,
144	+	&data.notes,
145	+	data.image.as_deref(),
146	+	data.image_mime.as_deref(),
147	+	data.sweetness,
148	+	data.acidity,
149	+	data.tannin,
150	+	data.alcohol,
151	+	data.body,
152	+	data.clarity,
153	+	data.color_intensity,
154	+	data.aroma_intensity,
155	+	data.nose_complexity,
156	+	&data.background,
157	+	false,
158	+	) {
159	+	Ok(wine) => Redirect::to(&format!("/wines/{}", wine.short_id)).into_response(),
160	+	Err(e) => {
161	+	tracing::error!("Failed to create wine: {}", e);
162	+	Redirect::to("/admin/new?error=Failed+to+create+wine").into_response()
163	+	}
164	+	}
165	+	}
166	+
167	+	pub async fn post_edit_wine(
168	+	_session: auth::AuthSession,
169	+	State(state): State<Arc<AppState>>,
170	+	Path(short_id): Path<String>,
171	+	multipart: Multipart,
172	+	) -> Response {
173	+	let data = match parse_wine_multipart(multipart).await {
174	+	Ok(data) => data,
175	+	Err(e) => {
176	+	return Redirect::to(&format!(
177	+	"/admin/edit/{}?error={}",
178	+	short_id,
179	+	urlencoded(&e)
180	+	))
181	+	.into_response();
182	+	}
183	+	};
184	+
185	+	match db::update_wine(
186	+	&state.db,
187	+	&short_id,
188	+	&data.name,
189	+	&data.origin,
190	+	&data.grape,
191	+	&data.notes,
192	+	data.sweetness,
193	+	data.acidity,
194	+	data.tannin,
195	+	data.alcohol,
196	+	data.body,
197	+	data.clarity,
198	+	data.color_intensity,
199	+	data.aroma_intensity,
200	+	data.nose_complexity,
201	+	&data.background,
202	+	) {
203	+	Ok(Some(_)) => {
204	+	if let Some(image) = &data.image {
205	+	if let Some(mime) = &data.image_mime {
206	+	if let Err(e) = db::update_wine_image(&state.db, &short_id, image, mime) {
207	+	tracing::error!("Failed to update wine image: {}", e);
208	+	}
209	+	}
210	+	}
211	+	Redirect::to(&format!("/wines/{}", short_id)).into_response()
212	+	}
213	+	Ok(None) => (StatusCode::NOT_FOUND, Html("Wine not found".to_string())).into_response(),
214	+	Err(e) => {
215	+	tracing::error!("Failed to update wine: {}", e);
216	+	Redirect::to(&format!(
217	+	"/admin/edit/{}?error=Failed+to+update+wine",
218	+	short_id
219	+	))
220	+	.into_response()
221	+	}
222	+	}
223	+	}
224	+
225	+	pub async fn post_delete_wine(
226	+	_session: auth::AuthSession,
227	+	State(state): State<Arc<AppState>>,
228	+	Path(short_id): Path<String>,
229	+	) -> Response {
230	+	match db::delete_wine(&state.db, &short_id) {
231	+	Ok(_) => Redirect::to("/admin").into_response(),
232	+	Err(e) => {
233	+	tracing::error!("Failed to delete wine: {}", e);
234	+	Redirect::to("/admin").into_response()
235	+	}
236	+	}
237	+	}
238	+
239	+	// --- Wishlist handlers ---
240	+
241	+	pub async fn get_new_wishlist_wine(
242	+	_session: auth::AuthSession,
243	+	State(state): State<Arc<AppState>>,
244	+	Query(q): Query<FlashQuery>,
245	+	) -> Response {
246	+	WebTemplate(WishlistFormTemplate {
247	+	wine: None,
248	+	error: q.error,
249	+	has_anthropic_key: state.anthropic_api_key.is_some(),
250	+	})
251	+	.into_response()
252	+	}
253	+
254	+	pub async fn get_edit_wishlist_wine(
255	+	_session: auth::AuthSession,
256	+	State(state): State<Arc<AppState>>,
257	+	Path(short_id): Path<String>,
258	+	Query(q): Query<FlashQuery>,
259	+	) -> Response {
260	+	match db::get_wine_by_short_id(&state.db, &short_id) {
261	+	Ok(Some(wine)) => WebTemplate(WishlistFormTemplate {
262	+	wine: Some(wine),
263	+	error: q.error,
264	+	has_anthropic_key: state.anthropic_api_key.is_some(),
265	+	})
266	+	.into_response(),
267	+	Ok(None) => (StatusCode::NOT_FOUND, Html("Wine not found".to_string())).into_response(),
268	+	Err(e) => {
269	+	tracing::error!("Failed to get wine: {}", e);
270	+	(StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
271	+	}
272	+	}
273	+	}
274	+
275	+	pub async fn post_new_wishlist_wine(
276	+	_session: auth::AuthSession,
277	+	State(state): State<Arc<AppState>>,
278	+	multipart: Multipart,
279	+	) -> Response {
280	+	let data = match parse_wishlist_multipart(multipart).await {
281	+	Ok(data) => data,
282	+	Err(e) => {
283	+	return Redirect::to(&format!("/admin/wishlist/new?error={}", urlencoded(&e)))
284	+	.into_response();
285	+	}
286	+	};
287	+
288	+	match db::create_wine(
289	+	&state.db,
290	+	&data.name,
291	+	&data.origin,
292	+	&data.grape,
293	+	&data.notes,
294	+	data.image.as_deref(),
295	+	data.image_mime.as_deref(),
296	+	3, 3, 3, 3, 3, 3, 3, 3, 3,
297	+	&data.background,
298	+	true,
299	+	) {
300	+	Ok(_) => Redirect::to("/wishlist").into_response(),
301	+	Err(e) => {
302	+	tracing::error!("Failed to create wishlist wine: {}", e);
303	+	Redirect::to("/admin/wishlist/new?error=Failed+to+create+wine").into_response()
304	+	}
305	+	}
306	+	}
307	+
308	+	pub async fn post_edit_wishlist_wine(
309	+	_session: auth::AuthSession,
310	+	State(state): State<Arc<AppState>>,
311	+	Path(short_id): Path<String>,
312	+	multipart: Multipart,
313	+	) -> Response {
314	+	let data = match parse_wishlist_multipart(multipart).await {
315	+	Ok(data) => data,
316	+	Err(e) => {
317	+	return Redirect::to(&format!(
318	+	"/admin/wishlist/edit/{}?error={}",
319	+	short_id,
320	+	urlencoded(&e)
321	+	))
322	+	.into_response();
323	+	}
324	+	};
325	+
326	+	match db::update_wishlist_wine(
327	+	&state.db,
328	+	&short_id,
329	+	&data.name,
330	+	&data.origin,
331	+	&data.grape,
332	+	&data.notes,
333	+	&data.background,
334	+	) {
335	+	Ok(Some(_)) => {
336	+	if let Some(image) = &data.image {
337	+	if let Some(mime) = &data.image_mime {
338	+	if let Err(e) = db::update_wine_image(&state.db, &short_id, image, mime) {
339	+	tracing::error!("Failed to update wine image: {}", e);
340	+	}
341	+	}
342	+	}
343	+	Redirect::to("/wishlist").into_response()
344	+	}
345	+	Ok(None) => (StatusCode::NOT_FOUND, Html("Wine not found".to_string())).into_response(),
346	+	Err(e) => {
347	+	tracing::error!("Failed to update wishlist wine: {}", e);
348	+	Redirect::to(&format!(
349	+	"/admin/wishlist/edit/{}?error=Failed+to+update+wine",
350	+	short_id
351	+	))
352	+	.into_response()
353	+	}
354	+	}
355	+	}
356	+
357	+	pub async fn post_delete_wishlist_wine(
358	+	_session: auth::AuthSession,
359	+	State(state): State<Arc<AppState>>,
360	+	Path(short_id): Path<String>,
361	+	) -> Response {
362	+	match db::delete_wine(&state.db, &short_id) {
363	+	Ok(_) => Redirect::to("/wishlist").into_response(),
364	+	Err(e) => {
365	+	tracing::error!("Failed to delete wine: {}", e);
366	+	Redirect::to("/wishlist").into_response()
367	+	}
368	+	}
369	+	}
370	+
371	+	pub async fn post_promote_wine(
372	+	_session: auth::AuthSession,
373	+	State(state): State<Arc<AppState>>,
374	+	Path(short_id): Path<String>,
375	+	) -> Response {
376	+	match db::promote_wine(&state.db, &short_id) {
377	+	Ok(true) => Redirect::to(&format!("/admin/edit/{}", short_id)).into_response(),
378	+	Ok(false) => (StatusCode::NOT_FOUND, Html("Wine not found".to_string())).into_response(),
379	+	Err(e) => {
380	+	tracing::error!("Failed to promote wine: {}", e);
381	+	Redirect::to("/wishlist").into_response()
382	+	}
383	+	}
384	+	}
385	+
386	+	// --- Claude vision handler ---
387	+
388	+	pub async fn post_analyze_image(
389	+	_session: auth::AuthSession,
390	+	State(state): State<Arc<AppState>>,
391	+	mut multipart: Multipart,
392	+	) -> Response {
393	+	let api_key = match &state.anthropic_api_key {
394	+	Some(key) => key.clone(),
395	+	None => {
396	+	return (
397	+	StatusCode::BAD_REQUEST,
398	+	Json(serde_json::json!({"error": "No API key configured"})),
399	+	)
400	+	.into_response();
401	+	}
402	+	};
403	+
404	+	let mut image_bytes: Option<Vec<u8>> = None;
405	+	let mut media_type = String::from("image/jpeg");
406	+
407	+	while let Ok(Some(field)) = multipart.next_field().await {
408	+	if field.name() == Some("image") {
409	+	media_type = field.content_type().unwrap_or("image/jpeg").to_string();
410	+	if let Ok(bytes) = field.bytes().await {
411	+	if !bytes.is_empty() {
412	+	image_bytes = Some(bytes.to_vec());
413	+	}
414	+	}
415	+	}
416	+	}
417	+
418	+	let image_bytes = match image_bytes {
419	+	Some(bytes) => bytes,
420	+	None => {
421	+	return (
422	+	StatusCode::BAD_REQUEST,
423	+	Json(serde_json::json!({"error": "No image provided"})),
424	+	)
425	+	.into_response();
426	+	}
427	+	};
428	+
429	+	match claude::analyze_wine_image(&api_key, &image_bytes, &media_type).await {
430	+	Ok(result) => (StatusCode::OK, Json(result)).into_response(),
431	+	Err(e) => {
432	+	tracing::error!("Claude analysis failed: {}", e);
433	+	(
434	+	StatusCode::INTERNAL_SERVER_ERROR,
435	+	Json(serde_json::json!({"error": e})),
436	+	)
437	+	.into_response()
438	+	}
439	+	}
440	+	}

apps/cellar/src/server/handlers/mod.rs (added) +2 −0

	1	+	pub mod admin;
	2	+	pub mod public;

apps/cellar/src/server/handlers/public.rs (added) +121 −0

1	+	use askama_web::WebTemplate;
2	+	use axum::{
3	+	extract::{Path, State},
4	+	http::{HeaderValue, StatusCode},
5	+	response::{Html, IntoResponse, Response},
6	+	};
7	+	use std::sync::Arc;
8	+
9	+	use super::super::*;
10	+	use crate::{auth, db};
11	+
12	+	pub async fn serve_static(Path(path): Path<String>) -> Response {
13	+	match Static::get(&path) {
14	+	Some(file) => {
15	+	let mime = mime_from_path(&path);
16	+	(
17	+	StatusCode::OK,
18	+	[(axum::http::header::CONTENT_TYPE, HeaderValue::from_static(mime))],
19	+	file.data.to_vec(),
20	+	)
21	+	.into_response()
22	+	}
23	+	None => StatusCode::NOT_FOUND.into_response(),
24	+	}
25	+	}
26	+
27	+	pub async fn get_index(State(state): State<Arc<AppState>>) -> Response {
28	+	match db::get_cellar_wines(&state.db) {
29	+	Ok(wines) => {
30	+	let wines: Vec<WineWithSvg> = wines
31	+	.into_iter()
32	+	.map(\|wine\| {
33	+	let pentagon_svg = build_pentagon_svg(
34	+	wine.sweetness,
35	+	wine.acidity,
36	+	wine.tannin,
37	+	wine.alcohol,
38	+	wine.body,
39	+	80.0,
40	+	false,
41	+	);
42	+	WineWithSvg { wine, pentagon_svg }
43	+	})
44	+	.collect();
45	+	WebTemplate(IndexTemplate { wines }).into_response()
46	+	}
47	+	Err(e) => {
48	+	tracing::error!("Failed to list wines: {}", e);
49	+	(StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
50	+	}
51	+	}
52	+	}
53	+
54	+	pub async fn get_wine_detail(
55	+	State(state): State<Arc<AppState>>,
56	+	Path(short_id): Path<String>,
57	+	) -> Response {
58	+	match db::get_wine_by_short_id(&state.db, &short_id) {
59	+	Ok(Some(wine)) => {
60	+	let pentagon_svg = build_pentagon_svg(
61	+	wine.sweetness,
62	+	wine.acidity,
63	+	wine.tannin,
64	+	wine.alcohol,
65	+	wine.body,
66	+	250.0,
67	+	true,
68	+	);
69	+	let bars_svg = build_bars_svg(
70	+	wine.clarity,
71	+	wine.color_intensity,
72	+	wine.aroma_intensity,
73	+	wine.nose_complexity,
74	+	250.0,
75	+	);
76	+	WebTemplate(WineDetailTemplate { wine, pentagon_svg, bars_svg }).into_response()
77	+	}
78	+	Ok(None) => (StatusCode::NOT_FOUND, Html("Wine not found".to_string())).into_response(),
79	+	Err(e) => {
80	+	tracing::error!("Failed to get wine: {}", e);
81	+	(StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
82	+	}
83	+	}
84	+	}
85	+
86	+	pub async fn get_wine_image(
87	+	State(state): State<Arc<AppState>>,
88	+	Path(short_id): Path<String>,
89	+	) -> Response {
90	+	match db::get_wine_image(&state.db, &short_id) {
91	+	Ok(Some((bytes, mime))) => {
92	+	let content_type = HeaderValue::from_str(&mime)
93	+	.unwrap_or_else(\|_\| HeaderValue::from_static("application/octet-stream"));
94	+	(
95	+	StatusCode::OK,
96	+	[(axum::http::header::CONTENT_TYPE, content_type)],
97	+	bytes,
98	+	)
99	+	.into_response()
100	+	}
101	+	Ok(None) => StatusCode::NOT_FOUND.into_response(),
102	+	Err(e) => {
103	+	tracing::error!("Failed to get wine image: {}", e);
104	+	StatusCode::INTERNAL_SERVER_ERROR.into_response()
105	+	}
106	+	}
107	+	}
108	+
109	+	pub async fn get_wishlist(
110	+	State(state): State<Arc<AppState>>,
111	+	headers: axum::http::HeaderMap,
112	+	) -> Response {
113	+	let is_admin = auth::is_authenticated(&state, &headers);
114	+	match db::get_wishlist_wines(&state.db) {
115	+	Ok(wines) => WebTemplate(WishlistTemplate { wines, is_admin }).into_response(),
116	+	Err(e) => {
117	+	tracing::error!("Failed to list wishlist: {}", e);
118	+	(StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
119	+	}
120	+	}
121	+	}

apps/cellar/src/server/mod.rs (added) +545 −0

1	+	use askama::Template;
2	+	use axum::{
3	+	extract::{DefaultBodyLimit, Multipart},
4	+	routing::{get, post},
5	+	Router,
6	+	};
7	+	use image::ImageDecoder;
8	+	use rust_embed::Embed;
9	+	use std::sync::Arc;
10	+
11	+	use crate::db::{self, Db, Wine};
12	+
13	+	mod handlers;
14	+
15	+	#[derive(Clone)]
16	+	pub struct AppState {
17	+	pub db: Db,
18	+	pub app_password: String,
19	+	pub cookie_secure: bool,
20	+	pub anthropic_api_key: Option<String>,
21	+	}
22	+
23	+	#[derive(Embed)]
24	+	#[folder = "static/"]
25	+	struct Static;
26	+
27	+	// --- Templates ---
28	+
29	+	#[derive(Template)]
30	+	#[template(path = "base.html")]
31	+	struct BaseTemplate;
32	+
33	+	#[derive(Template)]
34	+	#[template(path = "login.html")]
35	+	struct LoginTemplate {
36	+	error: Option<String>,
37	+	next: Option<String>,
38	+	}
39	+
40	+	struct WineWithSvg {
41	+	wine: Wine,
42	+	pentagon_svg: String,
43	+	}
44	+
45	+	#[derive(Template)]
46	+	#[template(path = "index.html")]
47	+	struct IndexTemplate {
48	+	wines: Vec<WineWithSvg>,
49	+	}
50	+
51	+	#[derive(Template)]
52	+	#[template(path = "wine.html")]
53	+	struct WineDetailTemplate {
54	+	wine: Wine,
55	+	pentagon_svg: String,
56	+	bars_svg: String,
57	+	}
58	+
59	+	#[derive(Template)]
60	+	#[template(path = "admin.html")]
61	+	struct AdminTemplate {
62	+	wines: Vec<Wine>,
63	+	}
64	+
65	+	#[derive(Template)]
66	+	#[template(path = "wine_form.html")]
67	+	struct WineFormTemplate {
68	+	wine: Option<Wine>,
69	+	error: Option<String>,
70	+	has_anthropic_key: bool,
71	+	}
72	+
73	+	#[derive(Template)]
74	+	#[template(path = "wishlist.html")]
75	+	struct WishlistTemplate {
76	+	wines: Vec<Wine>,
77	+	is_admin: bool,
78	+	}
79	+
80	+	#[derive(Template)]
81	+	#[template(path = "wishlist_form.html")]
82	+	struct WishlistFormTemplate {
83	+	wine: Option<Wine>,
84	+	error: Option<String>,
85	+	has_anthropic_key: bool,
86	+	}
87	+
88	+	// --- Query/Form structs ---
89	+
90	+	#[derive(serde::Deserialize, Default)]
91	+	pub struct FlashQuery {
92	+	pub error: Option<String>,
93	+	pub next: Option<String>,
94	+	}
95	+
96	+	#[derive(serde::Deserialize)]
97	+	struct LoginForm {
98	+	password: String,
99	+	}
100	+
101	+	// --- Helpers ---
102	+
103	+	fn mime_from_path(path: &str) -> &'static str {
104	+	match path.rsplit('.').next().unwrap_or("") {
105	+	"css" => "text/css",
106	+	"js" => "application/javascript",
107	+	"html" => "text/html",
108	+	"png" => "image/png",
109	+	"jpg" \| "jpeg" => "image/jpeg",
110	+	"ico" => "image/x-icon",
111	+	"svg" => "image/svg+xml",
112	+	"woff" \| "woff2" => "font/woff2",
113	+	"ttf" => "font/ttf",
114	+	"otf" => "font/otf",
115	+	"json" \| "webmanifest" => "application/json",
116	+	_ => "application/octet-stream",
117	+	}
118	+	}
119	+
120	+	fn urlencoded(s: &str) -> String {
121	+	s.replace(' ', "+")
122	+	.replace('&', "%26")
123	+	.replace('=', "%3D")
124	+	}
125	+
126	+	// --- Pentagon SVG ---
127	+
128	+	fn build_pentagon_svg(
129	+	sweetness: i32,
130	+	acidity: i32,
131	+	tannin: i32,
132	+	alcohol: i32,
133	+	body: i32,
134	+	size: f64,
135	+	show_labels: bool,
136	+	) -> String {
137	+	let cx = size / 2.0;
138	+	let cy = size / 2.0;
139	+	let margin = if show_labels { 30.0 } else { 5.0 };
140	+	let r = size / 2.0 - margin;
141	+
142	+	let scores = [sweetness, acidity, tannin, alcohol, body];
143	+	let labels = ["Sweetness", "Acidity", "Tannin", "Alcohol", "Body"];
144	+
145	+	let angles: Vec<f64> = (0..5)
146	+	.map(\|i\| (-90.0_f64 + 72.0 * i as f64).to_radians())
147	+	.collect();
148	+
149	+	let mut svg = format!(
150	+	r#"<svg viewBox="0 0 {s} {s}" width="100%" xmlns="http://www.w3.org/2000/svg">"#,
151	+	s = size
152	+	);
153	+
154	+	for pct in &[0.2, 0.4, 0.6, 0.8] {
155	+	let points: String = angles
156	+	.iter()
157	+	.map(\|a\| format!("{:.1},{:.1}", cx + r * pct * a.cos(), cy + r * pct * a.sin()))
158	+	.collect::<Vec<_>>()
159	+	.join(" ");
160	+	svg.push_str(&format!(
161	+	r#"<polygon points="{}" fill="none" stroke="white" stroke-opacity="0.12" stroke-width="0.75"/>"#,
162	+	points
163	+	));
164	+	}
165	+
166	+	let outline: String = angles
167	+	.iter()
168	+	.map(\|a\| format!("{:.1},{:.1}", cx + r * a.cos(), cy + r * a.sin()))
169	+	.collect::<Vec<_>>()
170	+	.join(" ");
171	+	svg.push_str(&format!(
172	+	r#"<polygon points="{}" fill="none" stroke="white" stroke-opacity="0.25" stroke-width="1"/>"#,
173	+	outline
174	+	));
175	+
176	+	for a in &angles {
177	+	svg.push_str(&format!(
178	+	r#"<line x1="{:.1}" y1="{:.1}" x2="{:.1}" y2="{:.1}" stroke="white" stroke-opacity="0.12" stroke-width="0.75"/>"#,
179	+	cx, cy, cx + r * a.cos(), cy + r * a.sin()
180	+	));
181	+	}
182	+
183	+	let data_points: Vec<(f64, f64)> = scores
184	+	.iter()
185	+	.zip(&angles)
186	+	.map(\|(s, a)\| {
187	+	let d = (s as f64 / 5.0) r;
188	+	(cx + d * a.cos(), cy + d * a.sin())
189	+	})
190	+	.collect();
191	+
192	+	let data_str: String = data_points
193	+	.iter()
194	+	.map(\|(x, y)\| format!("{:.1},{:.1}", x, y))
195	+	.collect::<Vec<_>>()
196	+	.join(" ");
197	+	svg.push_str(&format!(
198	+	r#"<polygon points="{}" fill="white" fill-opacity="0.08" stroke="white" stroke-width="1.5"/>"#,
199	+	data_str
200	+	));
201	+
202	+	for (x, y) in &data_points {
203	+	svg.push_str(&format!(
204	+	r#"<circle cx="{:.1}" cy="{:.1}" r="2.5" fill="white"/>"#,
205	+	x, y
206	+	));
207	+	}
208	+
209	+	if show_labels {
210	+	for (i, label) in labels.iter().enumerate() {
211	+	let a = angles[i];
212	+	let label_dist = r + 18.0;
213	+	let lx = cx + label_dist * a.cos();
214	+	let ly = cy + label_dist * a.sin() + 3.5;
215	+	svg.push_str(&format!(
216	+	r#"<text x="{:.1}" y="{:.1}" fill="white" fill-opacity="0.5" font-size="9" font-family="Commit Mono, monospace" text-anchor="middle">{}</text>"#,
217	+	lx, ly, label
218	+	));
219	+	}
220	+	}
221	+
222	+	svg.push_str("</svg>");
223	+	svg
224	+	}
225	+
226	+	fn build_bars_svg(
227	+	clarity: i32,
228	+	color_intensity: i32,
229	+	aroma_intensity: i32,
230	+	nose_complexity: i32,
231	+	width: f64,
232	+	) -> String {
233	+	let bar_height = 4.0;
234	+	let row_height = 22.0;
235	+	let section_gap = 14.0;
236	+	let label_width = 100.0;
237	+	let track_left = label_width + 4.0;
238	+	let track_width = width - track_left - 10.0;
239	+	let header_size = 9.0;
240	+
241	+	let sections: &[(&str, &[(&str, i32)])] = &[
242	+	("Appearance", &[("Clarity", clarity), ("Intensity", color_intensity)]),
243	+	("Nose", &[("Aroma", aroma_intensity), ("Complexity", nose_complexity)]),
244	+	];
245	+
246	+	let total_rows: usize = sections.iter().map(\|(_, attrs)\| attrs.len()).sum();
247	+	let total_height = (sections.len() as f64) * (header_size + 8.0)
248	+	+ (total_rows as f64) * row_height
249	+	+ section_gap;
250	+
251	+	let mut svg = format!(
252	+	r#"<svg viewBox="0 0 {w} {h}" width="100%" xmlns="http://www.w3.org/2000/svg">"#,
253	+	w = width,
254	+	h = total_height
255	+	);
256	+
257	+	let mut y = 4.0;
258	+
259	+	for (si, (section_name, attrs)) in sections.iter().enumerate() {
260	+	if si > 0 {
261	+	y += section_gap;
262	+	}
263	+
264	+	svg.push_str(&format!(
265	+	r#"<text x="0" y="{:.1}" fill="white" fill-opacity="0.4" font-size="{}" font-family="Commit Mono, monospace" text-transform="uppercase" letter-spacing="1">{}</text>"#,
266	+	y + header_size, header_size, section_name
267	+	));
268	+	y += header_size + 8.0;
269	+
270	+	for (label, score) in *attrs {
271	+	let bar_y = y + (row_height - bar_height) / 2.0;
272	+	let fill_width = (score as f64 / 5.0) track_width;
273	+
274	+	svg.push_str(&format!(
275	+	r#"<text x="0" y="{:.1}" fill="white" fill-opacity="0.5" font-size="9" font-family="Commit Mono, monospace">{}</text>"#,
276	+	y + row_height / 2.0 + 3.0, label
277	+	));
278	+
279	+	svg.push_str(&format!(
280	+	r#"<rect x="{:.1}" y="{:.1}" width="{:.1}" height="{:.1}" rx="2" fill="white" fill-opacity="0.08"/>"#,
281	+	track_left, bar_y, track_width, bar_height
282	+	));
283	+
284	+	if fill_width > 0.0 {
285	+	svg.push_str(&format!(
286	+	r#"<rect x="{:.1}" y="{:.1}" width="{:.1}" height="{:.1}" rx="2" fill="white" fill-opacity="0.6"/>"#,
287	+	track_left, bar_y, fill_width, bar_height
288	+	));
289	+	}
290	+
291	+	y += row_height;
292	+	}
293	+	}
294	+
295	+	svg.push_str("</svg>");
296	+	svg
297	+	}
298	+
299	+	// --- Image processing ---
300	+
301	+	fn process_image(data: &[u8]) -> Result<Vec<u8>, String> {
302	+	let reader = image::ImageReader::new(std::io::Cursor::new(data))
303	+	.with_guessed_format()
304	+	.map_err(\|e\| format!("Failed to read image: {}", e))?;
305	+	let mut decoder = reader
306	+	.into_decoder()
307	+	.map_err(\|e\| format!("Failed to create decoder: {}", e))?;
308	+	let orientation = decoder
309	+	.orientation()
310	+	.unwrap_or(image::metadata::Orientation::NoTransforms);
311	+	let mut img = image::DynamicImage::from_decoder(decoder)
312	+	.map_err(\|e\| format!("Failed to decode image: {}", e))?;
313	+	img.apply_orientation(orientation);
314	+	let mut output = Vec::new();
315	+	let encoder = image::codecs::jpeg::JpegEncoder::new_with_quality(&mut output, 75);
316	+	img.write_with_encoder(encoder)
317	+	.map_err(\|e\| format!("JPEG encoding failed: {}", e))?;
318	+	Ok(output)
319	+	}
320	+
321	+	// --- Multipart parsing ---
322	+
323	+	struct WineFormData {
324	+	name: String,
325	+	origin: String,
326	+	grape: String,
327	+	notes: String,
328	+	background: String,
329	+	image: Option<Vec<u8>>,
330	+	image_mime: Option<String>,
331	+	sweetness: i32,
332	+	acidity: i32,
333	+	tannin: i32,
334	+	alcohol: i32,
335	+	body: i32,
336	+	clarity: i32,
337	+	color_intensity: i32,
338	+	aroma_intensity: i32,
339	+	nose_complexity: i32,
340	+	}
341	+
342	+	async fn parse_wine_multipart(mut multipart: Multipart) -> Result<WineFormData, String> {
343	+	let mut name = String::new();
344	+	let mut origin = String::new();
345	+	let mut grape = String::new();
346	+	let mut notes = String::new();
347	+	let mut background = String::new();
348	+	let mut image: Option<Vec<u8>> = None;
349	+	let mut image_mime: Option<String> = None;
350	+	let mut sweetness = 3;
351	+	let mut acidity = 3;
352	+	let mut tannin = 3;
353	+	let mut alcohol = 3;
354	+	let mut body = 3;
355	+	let mut clarity = 3;
356	+	let mut color_intensity = 3;
357	+	let mut aroma_intensity = 3;
358	+	let mut nose_complexity = 3;
359	+
360	+	while let Ok(Some(field)) = multipart.next_field().await {
361	+	let field_name = field.name().unwrap_or("").to_string();
362	+	match field_name.as_str() {
363	+	"image" => {
364	+	let bytes = field.bytes().await.map_err(\|e\| format!("Failed to read image: {}", e))?;
365	+	if !bytes.is_empty() {
366	+	let processed = process_image(&bytes)?;
367	+	image = Some(processed);
368	+	image_mime = Some("image/jpeg".to_string());
369	+	}
370	+	}
371	+	"name" => name = field.text().await.unwrap_or_default(),
372	+	"origin" => origin = field.text().await.unwrap_or_default(),
373	+	"grape" => grape = field.text().await.unwrap_or_default(),
374	+	"notes" => notes = field.text().await.unwrap_or_default(),
375	+	"background" => background = field.text().await.unwrap_or_default(),
376	+	"sweetness" => sweetness = field.text().await.unwrap_or_default().parse().unwrap_or(3),
377	+	"acidity" => acidity = field.text().await.unwrap_or_default().parse().unwrap_or(3),
378	+	"tannin" => tannin = field.text().await.unwrap_or_default().parse().unwrap_or(3),
379	+	"alcohol" => alcohol = field.text().await.unwrap_or_default().parse().unwrap_or(3),
380	+	"body" => body = field.text().await.unwrap_or_default().parse().unwrap_or(3),
381	+	"clarity" => clarity = field.text().await.unwrap_or_default().parse().unwrap_or(3),
382	+	"color_intensity" => color_intensity = field.text().await.unwrap_or_default().parse().unwrap_or(3),
383	+	"aroma_intensity" => aroma_intensity = field.text().await.unwrap_or_default().parse().unwrap_or(3),
384	+	"nose_complexity" => nose_complexity = field.text().await.unwrap_or_default().parse().unwrap_or(3),
385	+	_ => {}
386	+	}
387	+	}
388	+
389	+	if name.trim().is_empty() {
390	+	return Err("Name is required".to_string());
391	+	}
392	+
393	+	let clamp = \|v: i32\| v.max(1).min(5);
394	+	Ok(WineFormData {
395	+	name: name.trim().to_string(),
396	+	origin: origin.trim().to_string(),
397	+	grape: grape.trim().to_string(),
398	+	notes: notes.trim().to_string(),
399	+	background: background.trim().to_string(),
400	+	image,
401	+	image_mime,
402	+	sweetness: clamp(sweetness),
403	+	acidity: clamp(acidity),
404	+	tannin: clamp(tannin),
405	+	alcohol: clamp(alcohol),
406	+	body: clamp(body),
407	+	clarity: clamp(clarity),
408	+	color_intensity: clamp(color_intensity),
409	+	aroma_intensity: clamp(aroma_intensity),
410	+	nose_complexity: clamp(nose_complexity),
411	+	})
412	+	}
413	+
414	+	struct WishlistFormData {
415	+	name: String,
416	+	origin: String,
417	+	grape: String,
418	+	notes: String,
419	+	background: String,
420	+	image: Option<Vec<u8>>,
421	+	image_mime: Option<String>,
422	+	}
423	+
424	+	async fn parse_wishlist_multipart(mut multipart: Multipart) -> Result<WishlistFormData, String> {
425	+	let mut name = String::new();
426	+	let mut origin = String::new();
427	+	let mut grape = String::new();
428	+	let mut notes = String::new();
429	+	let mut background = String::new();
430	+	let mut image: Option<Vec<u8>> = None;
431	+	let mut image_mime: Option<String> = None;
432	+
433	+	while let Ok(Some(field)) = multipart.next_field().await {
434	+	let field_name = field.name().unwrap_or("").to_string();
435	+	match field_name.as_str() {
436	+	"image" => {
437	+	let bytes = field.bytes().await.map_err(\|e\| format!("Failed to read image: {}", e))?;
438	+	if !bytes.is_empty() {
439	+	let processed = process_image(&bytes)?;
440	+	image = Some(processed);
441	+	image_mime = Some("image/jpeg".to_string());
442	+	}
443	+	}
444	+	"name" => name = field.text().await.unwrap_or_default(),
445	+	"origin" => origin = field.text().await.unwrap_or_default(),
446	+	"grape" => grape = field.text().await.unwrap_or_default(),
447	+	"notes" => notes = field.text().await.unwrap_or_default(),
448	+	"background" => background = field.text().await.unwrap_or_default(),
449	+	_ => {}
450	+	}
451	+	}
452	+
453	+	if name.trim().is_empty() {
454	+	return Err("Name is required".to_string());
455	+	}
456	+
457	+	Ok(WishlistFormData {
458	+	name: name.trim().to_string(),
459	+	origin: origin.trim().to_string(),
460	+	grape: grape.trim().to_string(),
461	+	notes: notes.trim().to_string(),
462	+	background: background.trim().to_string(),
463	+	image,
464	+	image_mime,
465	+	})
466	+	}
467	+
468	+	// --- Router ---
469	+
470	+	pub async fn run(host: String, port: u16) {
471	+	use handlers::{admin, public};
472	+
473	+	dotenvy::dotenv().ok();
474	+
475	+	let db = db::init_db();
476	+
477	+	if let Err(e) = db::prune_expired_sessions(&db) {
478	+	tracing::warn!("Failed to prune sessions: {}", e);
479	+	}
480	+
481	+	let app_password = std::env::var("CELLAR_PASSWORD").unwrap_or_else(\|_\| {
482	+	tracing::warn!("CELLAR_PASSWORD not set, using default 'changeme'");
483	+	"changeme".to_string()
484	+	});
485	+
486	+	let cookie_secure = std::env::var("COOKIE_SECURE")
487	+	.map(\|v\| v == "true")
488	+	.unwrap_or(false);
489	+
490	+	let anthropic_api_key = std::env::var("ANTHROPIC_API_KEY").ok().filter(\|k\| !k.is_empty());
491	+
492	+	let state = Arc::new(AppState {
493	+	db,
494	+	app_password,
495	+	cookie_secure,
496	+	anthropic_api_key,
497	+	});
498	+
499	+	let app = Router::new()
500	+	// Public routes
501	+	.route("/", get(public::get_index))
502	+	.route("/wines/{short_id}", get(public::get_wine_detail))
503	+	.route("/wines/{short_id}/image", get(public::get_wine_image))
504	+	// Admin auth routes
505	+	.route("/admin/login", get(admin::get_login).post(admin::post_login))
506	+	.route("/admin/logout", get(admin::get_logout))
507	+	// Admin protected routes
508	+	.route("/admin", get(admin::get_admin))
509	+	.route("/admin/new", get(admin::get_new_wine).post(admin::post_new_wine))
510	+	.route(
511	+	"/admin/edit/{short_id}",
512	+	get(admin::get_edit_wine).post(admin::post_edit_wine),
513	+	)
514	+	.route("/admin/delete/{short_id}", post(admin::post_delete_wine))
515	+	// Wishlist
516	+	.route("/wishlist", get(public::get_wishlist))
517	+	.route(
518	+	"/admin/wishlist/new",
519	+	get(admin::get_new_wishlist_wine).post(admin::post_new_wishlist_wine),
520	+	)
521	+	.route(
522	+	"/admin/wishlist/edit/{short_id}",
523	+	get(admin::get_edit_wishlist_wine).post(admin::post_edit_wishlist_wine),
524	+	)
525	+	.route(
526	+	"/admin/wishlist/delete/{short_id}",
527	+	post(admin::post_delete_wishlist_wine),
528	+	)
529	+	.route(
530	+	"/admin/wishlist/promote/{short_id}",
531	+	post(admin::post_promote_wine),
532	+	)
533	+	// Claude vision
534	+	.route("/admin/analyze-image", post(admin::post_analyze_image))
535	+	// Static assets
536	+	.route("/static/{*path}", get(public::serve_static))
537	+	.layer(DefaultBodyLimit::max(10 * 1024 * 1024))
538	+	.with_state(state);
539	+
540	+	let addr = format!("{}:{}", host, port);
541	+	tracing::info!("Listening on http://{}", addr);
542	+
543	+	let listener = tokio::net::TcpListener::bind(&addr).await.unwrap();
544	+	axum::serve(listener, app).await.unwrap();
545	+	}

apps/jotts/src/auth.rs +1 −37


fn is_valid_session(state: &AppState, token: &str) -> bool {
    match db::get_session_expiry(&state.db, token) {
        Ok(Some(expires_at)) => {
            let now = chrono_now();
            expires_at > now
        }
        Ok(Some(expires_at)) => expires_at > andromeda_auth::datetime::now_datetime_string(),
        _ => false,
    }
}

fn chrono_now() -> String {
    use std::time::{SystemTime, UNIX_EPOCH};
    let secs = SystemTime::now()
        .duration_since(UNIX_EPOCH)
        .unwrap()
        .as_secs();
    let days_since_epoch = secs / 86400;
    let time_of_day = secs % 86400;
    let hours = time_of_day / 3600;
    let minutes = (time_of_day % 3600) / 60;
    let seconds = time_of_day % 60;

    let (year, month, day) = days_to_ymd(days_since_epoch as i64);
    format!(
        "{:04}-{:02}-{:02} {:02}:{:02}:{:02}",
        year, month, day, hours, minutes, seconds
    )
}

fn days_to_ymd(mut days: i64) -> (i64, i64, i64) {
    days += 719468;
    let era = if days >= 0 { days } else { days - 146096 } / 146097;
    let doe = (days - era * 146097) as u32;
    let yoe = (doe - doe / 1460 + doe / 36524 - doe / 146096) / 365;
    let y = yoe as i64 + era * 400;
    let doy = doe - (365 * yoe + yoe / 4 - yoe / 100);
    let mp = (5 * doy + 2) / 153;
    let d = doy - (153 * mp + 2) / 5 + 1;
    let m = if mp < 10 { mp + 3 } else { mp - 9 };
    let y = if m <= 2 { y + 1 } else { y };
    (y, m as i64, d as i64)
}

apps/jotts/src/server.rs +1 −36


    // Session expires in 7 days
    // We need to compute a datetime 7 days from now
    let expires_at = {
        use std::time::{SystemTime, UNIX_EPOCH};
        let secs = SystemTime::now()
            .duration_since(UNIX_EPOCH)
            .unwrap()
            .as_secs()
            + 7 * 24 * 3600;
        let days = secs / 86400;
        let tod = secs % 86400;
        let (y, m, d) = days_to_ymd(days as i64);
        format!(
            "{:04}-{:02}-{:02} {:02}:{:02}:{:02}",
            y,
            m,
            d,
            tod / 3600,
            (tod % 3600) / 60,
            tod % 60
        )
    };
    let expires_at = andromeda_auth::datetime::expiry_datetime_string(7 * 24 * 3600);

    if let Err(e) = db::insert_session(&state.db, &token, &expires_at) {
        tracing::error!("Failed to create session: {}", e);

            Redirect::to("/").into_response()
        }
    }
}

// --- Date helper (same algorithm as auth.rs) ---

fn days_to_ymd(mut days: i64) -> (i64, i64, i64) {
    days += 719468;
    let era = if days >= 0 { days } else { days - 146096 } / 146097;
    let doe = (days - era * 146097) as u32;
    let yoe = (doe - doe / 1460 + doe / 36524 - doe / 146096) / 365;
    let y = yoe as i64 + era * 400;
    let doy = doe - (365 * yoe + yoe / 4 - yoe / 100);
    let mp = (5 * doy + 2) / 153;
    let d = doy - (153 * mp + 2) / 5 + 1;
    let m = if mp < 10 { mp + 3 } else { mp - 9 };
    let y = if m <= 2 { y + 1 } else { y };
    (y, m as i64, d as i64)
}

// --- Router ---

apps/parcels/src/auth.rs +2 −108

    verify_password,
};

// ── Session Token ──────────────────────────────────────────────────────────

/// Return an ISO datetime string 7 days from now.
pub fn session_expiry_at() -> String {
    use std::time::{SystemTime, UNIX_EPOCH};
    let secs = SystemTime::now()
        .duration_since(UNIX_EPOCH)
        .unwrap()
        .as_secs()
        + 7 * 24 * 3600;
    let dt = secs;
    let s = dt % 60;
    let m = (dt / 60) % 60;
    let h = (dt / 3600) % 24;
    let days_since_epoch = dt / 86400;
    format_unix_to_datetime(days_since_epoch, h, m, s)
}

fn format_unix_to_datetime(days: u64, h: u64, m: u64, s: u64) -> String {
    // https://howardhinnant.github.io/date_algorithms.html
    let z = days as i64 + 719468;
    let era = if z >= 0 { z } else { z - 146096 } / 146097;
    let doe = (z - era * 146097) as u64;
    let yoe = (doe - doe / 1460 + doe / 36524 - doe / 146096) / 365;
    let y = yoe as i64 + era * 400;
    let doy = doe - (365 * yoe + yoe / 4 - yoe / 100);
    let mp = (5 * doy + 2) / 153;
    let d = doy - (153 * mp + 2) / 5 + 1;
    let mo = if mp < 10 { mp + 3 } else { mp - 9 };
    let y = if mo <= 2 { y + 1 } else { y };
    format!("{:04}-{:02}-{:02} {:02}:{:02}:{:02}", y, mo, d, h, m, s)
}

pub fn format_unix_to_datetime_pub(days: u64, h: u64, m: u64, s: u64) -> String {
    format_unix_to_datetime(days, h, m, s)
    andromeda_auth::datetime::expiry_datetime_string(7 * 24 * 3600)
}

pub fn extract_session_token(headers: &axum::http::HeaderMap) -> Option<String> {
    extract_session_cookie(headers)
}

// ── Axum Extractor ─────────────────────────────────────────────────────────

/// Authenticated session guard. Extract from request; redirects to /login if not valid.
pub struct AuthSession;


async fn is_valid_session(state: &AppState, token: &str) -> bool {
    match crate::db::get_session_expiry(&state.db, token) {
        Ok(Some(expires_at)) => {
            use std::time::{SystemTime, UNIX_EPOCH};
            let now_secs = SystemTime::now()
                .duration_since(UNIX_EPOCH)
                .unwrap()
                .as_secs();
            let now_str = {
                let days = now_secs / 86400;
                let h = (now_secs / 3600) % 24;
                let m = (now_secs / 60) % 60;
                let s = now_secs % 60;
                format_unix_to_datetime(days, h, m, s)
            };
            expires_at > now_str
        }
        Ok(Some(expires_at)) => expires_at > andromeda_auth::datetime::now_datetime_string(),
        _ => false,
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn format_unix_epoch() {
        assert_eq!(format_unix_to_datetime(0, 0, 0, 0), "1970-01-01 00:00:00");
    }

    #[test]
    fn format_unix_known_date() {
        // 2024-01-15 = day 19737 since epoch
        assert_eq!(
            format_unix_to_datetime(19737, 12, 30, 45),
            "2024-01-15 12:30:45"
        );
    }

    #[test]
    fn format_unix_y2k() {
        // 2000-01-01 = day 10957
        assert_eq!(
            format_unix_to_datetime(10957, 0, 0, 0),
            "2000-01-01 00:00:00"
        );
    }

    #[test]
    fn format_unix_leap_day() {
        // 2024-02-29 = day 19782
        assert_eq!(
            format_unix_to_datetime(19782, 23, 59, 59),
            "2024-02-29 23:59:59"
        );
    }

    #[test]
    fn format_unix_end_of_year() {
        // 2023-12-31 = day 19722
        assert_eq!(
            format_unix_to_datetime(19722, 23, 59, 59),
            "2023-12-31 23:59:59"
        );
    }

    #[test]
    fn session_expiry_at_is_valid_format() {
        let expiry = session_expiry_at();
        // Should match YYYY-MM-DD HH:MM:SS
        assert_eq!(expiry.len(), 19);
        assert_eq!(&expiry[4..5], "-");
        assert_eq!(&expiry[7..8], "-");
        assert_eq!(&expiry[10..11], " ");
        assert_eq!(&expiry[13..14], ":");
        assert_eq!(&expiry[16..17], ":");
    }
}

apps/parcels/src/main.rs +1 −9


    let detail = usps::fetch_tracking(&state.http_client, &token, &package.tracking_number).await?;

    use std::time::{SystemTime, UNIX_EPOCH};
    let now = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs();
    let refreshed_at = {
        let days = now / 86400;
        let h = (now / 3600) % 24;
        let m = (now / 60) % 60;
        let s = now % 60;
        auth::format_unix_to_datetime_pub(days, h, m, s)
    };
    let refreshed_at = andromeda_auth::datetime::now_datetime_string();

    let expected_delivery = detail
        .delivery_date_expectation

apps/posts/src/auth.rs +1 −37


fn is_valid_session(state: &AppState, token: &str) -> bool {
    match db::get_session_expiry(&state.db, token) {
        Ok(Some(expires_at)) => {
            let now = chrono_now();
            expires_at > now
        }
        Ok(Some(expires_at)) => expires_at > andromeda_auth::datetime::now_datetime_string(),
        _ => false,
    }
}

fn chrono_now() -> String {
    use std::time::{SystemTime, UNIX_EPOCH};
    let secs = SystemTime::now()
        .duration_since(UNIX_EPOCH)
        .unwrap()
        .as_secs();
    let days_since_epoch = secs / 86400;
    let time_of_day = secs % 86400;
    let hours = time_of_day / 3600;
    let minutes = (time_of_day % 3600) / 60;
    let seconds = time_of_day % 60;

    let (year, month, day) = days_to_ymd(days_since_epoch as i64);
    format!(
        "{:04}-{:02}-{:02} {:02}:{:02}:{:02}",
        year, month, day, hours, minutes, seconds
    )
}

fn days_to_ymd(mut days: i64) -> (i64, i64, i64) {
    days += 719468;
    let era = if days >= 0 { days } else { days - 146096 } / 146097;
    let doe = (days - era * 146097) as u32;
    let yoe = (doe - doe / 1460 + doe / 36524 - doe / 146096) / 365;
    let y = yoe as i64 + era * 400;
    let doy = doe - (365 * yoe + yoe / 4 - yoe / 100);
    let mp = (5 * doy + 2) / 153;
    let d = doy - (153 * mp + 2) / 5 + 1;
    let m = if mp < 10 { mp + 3 } else { mp - 9 };
    let y = if m <= 2 { y + 1 } else { y };
    (y, m as i64, d as i64)
}

apps/posts/src/server.rs (deleted) +0 −1497

use askama::Template;
use askama_web::WebTemplate;
use axum::{
    extract::{DefaultBodyLimit, Form, Multipart, Path, Query, State},
    http::{HeaderValue, StatusCode, Uri},
    response::{Html, IntoResponse, Redirect, Response},
    routing::{get, post},
    Router,
};
use pulldown_cmark::{Options, Parser, html};
use rust_embed::Embed;
use std::sync::Arc;

use crate::auth;
use crate::db::{self, Db, Page, Post, UploadedFile};

#[derive(Debug, Clone)]
pub struct NavLink {
    pub label: String,
    pub url: String,
}

#[derive(Clone)]
pub struct AppState {
    pub db: Db,
    pub app_password: String,
    pub cookie_secure: bool,
    pub uploads_dir: String,
    pub site_url: String,
}

#[derive(Embed)]
#[folder = "static/"]
struct Static;

// --- Templates ---

#[derive(Template)]
#[template(path = "base.html")]
struct BaseTemplate {
    blog_title: String,
    nav_links: Vec<NavLink>,
    favicon_url: String,
    og_image_url: String,
    header_html: String,
    footer_html: String,
}

#[derive(Template)]
#[template(path = "admin_base.html")]
struct AdminBaseTemplate;

#[derive(Template)]
#[template(path = "login.html")]
struct LoginTemplate {
    error: Option<String>,
}

#[derive(Template)]
#[template(path = "index.html")]
struct IndexTemplate {
    blog_title: String,
    blog_description: String,
    intro_html: String,
    posts: Vec<Post>,
    nav_links: Vec<NavLink>,
    favicon_url: String,
    og_image_url: String,
    site_url: String,
    header_html: String,
    footer_html: String,
}

#[derive(Template)]
#[template(path = "post.html")]
struct PostTemplate {
    blog_title: String,
    nav_links: Vec<NavLink>,
    post: Post,
    rendered_content: String,
    favicon_url: String,
    og_image_url: String,
    site_url: String,
    header_html: String,
    footer_html: String,
}

#[derive(Template)]
#[template(path = "page.html")]
struct PageTemplate {
    blog_title: String,
    nav_links: Vec<NavLink>,
    page: Page,
    rendered_content: String,
    favicon_url: String,
    og_image_url: String,
    site_url: String,
    header_html: String,
    footer_html: String,
}

#[derive(Template)]
#[template(path = "admin_index.html")]
struct AdminIndexTemplate {
    posts: Vec<Post>,
}

#[derive(Template)]
#[template(path = "admin_post_form.html")]
struct AdminPostFormTemplate {
    post: Option<Post>,
    error: Option<String>,
}

#[derive(Template)]
#[template(path = "admin_pages.html")]
struct AdminPagesTemplate {
    pages: Vec<Page>,
}

#[derive(Template)]
#[template(path = "admin_page_form.html")]
struct AdminPageFormTemplate {
    page: Option<Page>,
    error: Option<String>,
}

#[derive(Template)]
#[template(path = "admin_settings.html")]
struct AdminSettingsTemplate {
    blog_title: String,
    blog_description: String,
    intro_content: String,
    nav_links: String,
    custom_css: String,
    default_css: String,
    favicon_url: String,
    og_image_url: String,
    custom_header: String,
    custom_footer: String,
    success: bool,
}

#[derive(Template)]
#[template(path = "posts.html")]
struct PostsListTemplate {
    blog_title: String,
    nav_links: Vec<NavLink>,
    posts: Vec<Post>,
    favicon_url: String,
    og_image_url: String,
    site_url: String,
    header_html: String,
    footer_html: String,
}

#[derive(Template)]
#[template(path = "admin_files.html")]
struct AdminFilesTemplate {
    files: Vec<UploadedFile>,
    site_url: String,
    error: Option<String>,
    success: bool,
}

// --- Query/Form structs ---

#[derive(serde::Deserialize, Default)]
pub struct FlashQuery {
    pub error: Option<String>,
    #[serde(default)]
    pub success: bool,
}

#[derive(serde::Deserialize)]
struct LoginForm {
    password: String,
}

#[derive(serde::Deserialize)]
struct PostForm {
    attributes: String,
    content: String,
    #[serde(default)]
    action: String,
}

struct ParsedAttributes {
    title: String,
    slug: String,
    alias: String,
    published_date: String,
    meta_description: String,
    meta_image: String,
    lang: String,
    tags: String,
}

fn parse_attributes(text: &str) -> ParsedAttributes {
    let mut attrs = ParsedAttributes {
        title: String::new(),
        slug: String::new(),
        alias: String::new(),
        published_date: String::new(),
        meta_description: String::new(),
        meta_image: String::new(),
        lang: String::new(),
        tags: String::new(),
    };
    for line in text.lines() {
        if let Some((key, value)) = line.split_once(':') {
            let key = key.trim().to_lowercase();
            let value = value.trim().to_string();
            match key.as_str() {
                "title" => attrs.title = value,
                "slug" => attrs.slug = value,
                "alias" => attrs.alias = value,
                "published_date" => attrs.published_date = value,
                "description" | "meta_description" => attrs.meta_description = value,
                "meta_image" => attrs.meta_image = value,
                "lang" => attrs.lang = value,
                "tags" => attrs.tags = value,
                _ => {} // ignore unknown keys (including canonical_url)
            }
        }
    }
    attrs
}

#[derive(serde::Deserialize)]
struct PageForm {
    attributes: String,
    content: String,
}

struct ParsedPageAttributes {
    title: String,
    slug: String,
    is_published: bool,
}

fn parse_page_attributes(text: &str) -> ParsedPageAttributes {
    let mut attrs = ParsedPageAttributes {
        title: String::new(),
        slug: String::new(),
        is_published: false,
    };
    for line in text.lines() {
        if let Some((key, value)) = line.split_once(':') {
            let key = key.trim().to_lowercase();
            let value = value.trim().to_string();
            match key.as_str() {
                "title" => attrs.title = value,
                "slug" => attrs.slug = value,
                "published" => attrs.is_published = value == "true",
                _ => {}
            }
        }
    }
    attrs
}

#[derive(serde::Deserialize)]
struct SettingsForm {
    blog_title: String,
    blog_description: String,
    intro_content: String,
    nav_links: String,
    custom_css: String,
    favicon_url: String,
    og_image_url: String,
    custom_header: String,
    custom_footer: String,
}

// --- Helpers ---

fn mime_from_path(path: &str) -> &'static str {
    match path.rsplit('.').next().unwrap_or("") {
        "css" => "text/css",
        "js" => "application/javascript",
        "html" => "text/html",
        "png" => "image/png",
        "jpg" | "jpeg" => "image/jpeg",
        "gif" => "image/gif",
        "webp" => "image/webp",
        "ico" => "image/x-icon",
        "svg" => "image/svg+xml",
        "woff" | "woff2" => "font/woff2",
        "ttf" => "font/ttf",
        "otf" => "font/otf",
        "json" | "webmanifest" => "application/json",
        "pdf" => "application/pdf",
        "mp4" => "video/mp4",
        "webm" => "video/webm",
        _ => "application/octet-stream",
    }
}

fn get_header_footer_html(db: &db::Db) -> (String, String) {
    let custom_header = db::get_setting(db, "custom_header")
        .ok()
        .flatten()
        .unwrap_or_default();
    let custom_footer = db::get_setting(db, "custom_footer")
        .ok()
        .flatten()
        .unwrap_or_default();
    let header_html = render_markdown(&custom_header);
    let footer_html = render_markdown(&custom_footer);
    (header_html, footer_html)
}

fn render_markdown(content: &str) -> String {
    let mut options = Options::empty();
    options.insert(Options::ENABLE_STRIKETHROUGH);
    options.insert(Options::ENABLE_TABLES);
    options.insert(Options::ENABLE_TASKLISTS);
    options.insert(Options::ENABLE_FOOTNOTES);
    let parser = Parser::new_ext(content, options);
    let mut html_output = String::new();
    html::push_html(&mut html_output, parser);
    html_output
}

fn now_datetime() -> String {
    use std::time::{SystemTime, UNIX_EPOCH};
    let secs = SystemTime::now()
        .duration_since(UNIX_EPOCH)
        .unwrap()
        .as_secs();
    let days = secs / 86400;
    let tod = secs % 86400;
    let (y, m, d) = days_to_ymd(days as i64);
    format!(
        "{:04}-{:02}-{:02} {:02}:{:02}:{:02}",
        y, m, d, tod / 3600, (tod % 3600) / 60, tod % 60
    )
}

fn slugify(s: &str) -> String {
    s.to_lowercase()
        .chars()
        .map(|c| if c.is_ascii_alphanumeric() { c } else { '-' })
        .collect::<String>()
        .split('-')
        .filter(|s| !s.is_empty())
        .collect::<Vec<_>>()
        .join("-")
}

fn opt_str(s: &str) -> Option<&str> {
    let trimmed = s.trim();
    if trimmed.is_empty() { None } else { Some(trimmed) }
}

fn get_blog_title(db: &Db) -> String {
    db::get_setting(db, "blog_title")
        .ok()
        .flatten()
        .unwrap_or_else(|| "My Blog".to_string())
}

fn parse_nav_links(input: &str) -> Vec<NavLink> {
    let mut links = Vec::new();
    let mut chars = input.chars().peekable();
    while let Some(c) = chars.next() {
        if c == '[' {
            let label: String = chars.by_ref().take_while(|&ch| ch != ']').collect();
            if chars.peek() == Some(&'(') {
                chars.next();
                let url: String = chars.by_ref().take_while(|&ch| ch != ')').collect();
                if !label.is_empty() && !url.is_empty() {
                    links.push(NavLink { label, url });
                }
            }
        }
    }
    links
}

fn get_nav_links(db: &Db) -> Vec<NavLink> {
    let raw = db::get_setting(db, "nav_links")
        .ok()
        .flatten()
        .unwrap_or_default();
    parse_nav_links(&raw)
}

fn get_favicon_url(db: &Db) -> String {
    db::get_setting(db, "favicon_url")
        .ok()
        .flatten()
        .unwrap_or_default()
}

fn get_og_image_url(db: &Db) -> String {
    db::get_setting(db, "og_image_url")
        .ok()
        .flatten()
        .unwrap_or_default()
}

fn render_latest_posts_embed(posts: &[&Post]) -> String {
    let mut html = String::from("<div class=\"post-list\">");
    for post in posts {
        html.push_str(&format!(
            r#"<a href="/posts/{slug}" class="post-item"><div class="post-item-info"><span class="post-title">{title}</span>"#,
            slug = post.slug,
            title = post.title,
        ));
        if let Some(ref tags) = post.tags {
            if !tags.is_empty() {
                html.push_str(r#"<span class="post-tags">"#);
                for tag in tags.split(',') {
                    let tag = tag.trim();
                    if !tag.is_empty() {
                        html.push_str(&format!(r#"<span class="tag">{}</span>"#, tag));
                    }
                }
                html.push_str("</span>");
            }
        }
        html.push_str("</div>");
        if let Some(ref date) = post.published_date {
            html.push_str(&format!(r#"<time class="post-date">{}</time>"#, date));
        }
        html.push_str("</a>");
    }
    html.push_str("</div>");
    html
}

// --- Static file handler ---

async fn serve_static(Path(path): Path<String>) -> Response {
    match Static::get(&path) {
        Some(file) => {
            let mime = mime_from_path(&path);
            (
                StatusCode::OK,
                [(axum::http::header::CONTENT_TYPE, HeaderValue::from_static(mime))],
                file.data.to_vec(),
            )
                .into_response()
        }
        None => StatusCode::NOT_FOUND.into_response(),
    }
}

// --- Auth handlers ---

async fn get_login(Query(q): Query<FlashQuery>) -> Response {
    WebTemplate(LoginTemplate { error: q.error }).into_response()
}

async fn post_login(
    State(state): State<Arc<AppState>>,
    Form(form): Form<LoginForm>,
) -> Response {
    if !auth::verify_password(&form.password, &state.app_password) {
        return Redirect::to("/admin/login?error=Invalid+password").into_response();
    }

    let token = auth::generate_session_token();

    let expires_at = {
        use std::time::{SystemTime, UNIX_EPOCH};
        let secs = SystemTime::now()
            .duration_since(UNIX_EPOCH)
            .unwrap()
            .as_secs()
            + 7 * 24 * 3600;
        let days = secs / 86400;
        let tod = secs % 86400;
        let (y, m, d) = days_to_ymd(days as i64);
        format!(
            "{:04}-{:02}-{:02} {:02}:{:02}:{:02}",
            y, m, d, tod / 3600, (tod % 3600) / 60, tod % 60
        )
    };

    if let Err(e) = db::insert_session(&state.db, &token, &expires_at) {
        tracing::error!("Failed to create session: {}", e);
        return Redirect::to("/admin/login?error=Server+error").into_response();
    }

    let cookie = auth::build_session_cookie(&token, state.cookie_secure);
    let mut resp = Redirect::to("/admin").into_response();
    resp.headers_mut().insert(
        axum::http::header::SET_COOKIE,
        HeaderValue::from_str(&cookie).unwrap(),
    );
    resp
}

async fn get_logout(State(state): State<Arc<AppState>>, headers: axum::http::HeaderMap) -> Response {
    if let Some(cookie_header) = headers.get("cookie").and_then(|v| v.to_str().ok()) {
        for part in cookie_header.split(';') {
            let part = part.trim();
            if let Some(val) = part.strip_prefix("session=") {
                let val = val.trim();
                if !val.is_empty() {
                    let _ = db::delete_session(&state.db, val);
                }
            }
        }
    }

    let cookie = auth::clear_session_cookie();
    let mut resp = Redirect::to("/admin/login").into_response();
    resp.headers_mut().insert(
        axum::http::header::SET_COOKIE,
        HeaderValue::from_str(&cookie).unwrap(),
    );
    resp
}

// --- Public handlers ---

async fn public_index(State(state): State<Arc<AppState>>) -> Response {
    let blog_title = get_blog_title(&state.db);
    let blog_description = db::get_setting(&state.db, "blog_description")
        .ok()
        .flatten()
        .unwrap_or_default();
    let intro_content = db::get_setting(&state.db, "intro_content")
        .ok()
        .flatten()
        .unwrap_or_default();
    let nav_links = get_nav_links(&state.db);

    match db::get_published_posts(&state.db) {
        Ok(posts) => {
            let mut intro_html = render_markdown(&intro_content);

            if intro_content.contains("{{latest_posts}}") {
                let latest: Vec<&Post> = posts.iter().take(5).collect();
                let embed_html = render_latest_posts_embed(&latest);
                intro_html = intro_html.replace("<p>{{latest_posts}}</p>", &embed_html);
                intro_html = intro_html.replace("{{latest_posts}}", &embed_html);
            }

            let favicon_url = get_favicon_url(&state.db);
            let og_image_url = get_og_image_url(&state.db);
            let (header_html, footer_html) = get_header_footer_html(&state.db);
            WebTemplate(IndexTemplate {
                blog_title,
                blog_description,
                intro_html,
                posts,
                nav_links,
                favicon_url,
                og_image_url,
                site_url: state.site_url.clone(),
                header_html,
                footer_html,
            })
            .into_response()
        }
        Err(e) => {
            tracing::error!("Failed to list posts: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
        }
    }
}

async fn public_post(
    State(state): State<Arc<AppState>>,
    Path(slug): Path<String>,
) -> Response {
    match db::get_post_by_slug(&state.db, &slug) {
        Ok(Some(post)) if post.status == "published" => {
            let rendered_content = render_markdown(&post.content);
            let blog_title = get_blog_title(&state.db);
            let nav_links = get_nav_links(&state.db);
            let favicon_url = get_favicon_url(&state.db);
            let og_image_url = get_og_image_url(&state.db);
            let (header_html, footer_html) = get_header_footer_html(&state.db);
            WebTemplate(PostTemplate {
                blog_title,
                nav_links,
                post,
                rendered_content,
                favicon_url,
                og_image_url,
                site_url: state.site_url.clone(),
                header_html,
                footer_html,
            })
            .into_response()
        }
        Ok(_) => (StatusCode::NOT_FOUND, Html("Not found".to_string())).into_response(),
        Err(e) => {
            tracing::error!("Failed to get post: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
        }
    }
}

async fn public_page(
    State(state): State<Arc<AppState>>,
    Path(slug): Path<String>,
) -> Response {
    match db::get_page_by_slug(&state.db, &slug) {
        Ok(Some(page)) if page.is_published => {
            let rendered_content = render_markdown(&page.content);
            let blog_title = get_blog_title(&state.db);
            let nav_links = get_nav_links(&state.db);
            let favicon_url = get_favicon_url(&state.db);
            let og_image_url = get_og_image_url(&state.db);
            let (header_html, footer_html) = get_header_footer_html(&state.db);
            WebTemplate(PageTemplate {
                blog_title,
                nav_links,
                page,
                rendered_content,
                favicon_url,
                og_image_url,
                site_url: state.site_url.clone(),
                header_html,
                footer_html,
            })
            .into_response()
        }
        Ok(_) => (StatusCode::NOT_FOUND, Html("Not found".to_string())).into_response(),
        Err(e) => {
            tracing::error!("Failed to get page: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
        }
    }
}

async fn public_posts_list(State(state): State<Arc<AppState>>) -> Response {
    let blog_title = get_blog_title(&state.db);
    let nav_links = get_nav_links(&state.db);
    let favicon_url = get_favicon_url(&state.db);
    let og_image_url = get_og_image_url(&state.db);

    let (header_html, footer_html) = get_header_footer_html(&state.db);

    match db::get_published_posts(&state.db) {
        Ok(posts) => WebTemplate(PostsListTemplate {
            blog_title,
            nav_links,
            posts,
            favicon_url,
            og_image_url,
            site_url: state.site_url.clone(),
            header_html,
            footer_html,
        })
        .into_response(),
        Err(e) => {
            tracing::error!("Failed to list posts: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
        }
    }
}

async fn serve_custom_css(State(state): State<Arc<AppState>>) -> Response {
    let css = db::get_setting(&state.db, "custom_css")
        .ok()
        .flatten()
        .unwrap_or_default();
    (
        StatusCode::OK,
        [(axum::http::header::CONTENT_TYPE, HeaderValue::from_static("text/css"))],
        css,
    )
        .into_response()
}

async fn fallback_handler(
    State(state): State<Arc<AppState>>,
    uri: Uri,
) -> Response {
    let path = uri.path().trim_start_matches('/');
    if let Ok(Some(redirect_to)) = db::find_alias_redirect(&state.db, path) {
        return Redirect::permanent(&redirect_to).into_response();
    }
    (StatusCode::NOT_FOUND, Html("Not found".to_string())).into_response()
}

// --- Admin post handlers ---

async fn admin_index(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
) -> Response {
    match db::get_all_posts(&state.db) {
        Ok(posts) => WebTemplate(AdminIndexTemplate { posts }).into_response(),
        Err(e) => {
            tracing::error!("Failed to list posts: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
        }
    }
}

async fn admin_new_post(
    _session: auth::AuthSession,
    Query(q): Query<FlashQuery>,
) -> Response {
    WebTemplate(AdminPostFormTemplate {
        post: None,
        error: q.error,
    })
    .into_response()
}

async fn admin_create_post(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Form(form): Form<PostForm>,
) -> Response {
    let attrs = parse_attributes(&form.attributes);
    let title = attrs.title.trim();
    if title.is_empty() {
        return Redirect::to("/admin/posts/new?error=Title+is+required").into_response();
    }
    let slug = if attrs.slug.trim().is_empty() {
        slugify(title)
    } else {
        attrs.slug.trim().to_string()
    };

    let status = if form.action == "publish" { "published" } else { "draft" };
    let lang = if attrs.lang.trim().is_empty() { "en" } else { attrs.lang.trim() };
    let published_date = if attrs.published_date.trim().is_empty() {
        now_datetime()
    } else {
        attrs.published_date.trim().to_string()
    };

    match db::create_post(
        &state.db,
        title,
        &slug,
        &form.content,
        status,
        opt_str(&attrs.alias),
        None,
        Some(&published_date),
        opt_str(&attrs.meta_description),
        opt_str(&attrs.meta_image),
        lang,
        opt_str(&attrs.tags),
    ) {
        Ok(_) => Redirect::to("/admin").into_response(),
        Err(e) => {
            tracing::error!("Failed to create post: {}", e);
            Redirect::to("/admin/posts/new?error=Failed+to+create+post").into_response()
        }
    }
}

async fn admin_edit_post(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
    Query(q): Query<FlashQuery>,
) -> Response {
    match db::get_post_by_short_id(&state.db, &short_id) {
        Ok(Some(post)) => WebTemplate(AdminPostFormTemplate {
            post: Some(post),
            error: q.error,
        })
        .into_response(),
        Ok(None) => (StatusCode::NOT_FOUND, Html("Post not found".to_string())).into_response(),
        Err(e) => {
            tracing::error!("Failed to get post: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
        }
    }
}

async fn admin_update_post(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
    Form(form): Form<PostForm>,
) -> Response {
    let attrs = parse_attributes(&form.attributes);
    let title = attrs.title.trim();
    if title.is_empty() {
        return Redirect::to(&format!("/admin/posts/{}/edit?error=Title+is+required", short_id))
            .into_response();
    }
    let slug = if attrs.slug.trim().is_empty() {
        slugify(title)
    } else {
        attrs.slug.trim().to_string()
    };

    let status = if form.action == "publish" { "published" } else { "draft" };
    let lang = if attrs.lang.trim().is_empty() { "en" } else { attrs.lang.trim() };
    let published_date = if attrs.published_date.trim().is_empty() {
        None
    } else {
        Some(attrs.published_date.trim().to_string())
    };

    match db::update_post(
        &state.db,
        &short_id,
        title,
        &slug,
        &form.content,
        status,
        opt_str(&attrs.alias),
        None,
        published_date.as_deref(),
        opt_str(&attrs.meta_description),
        opt_str(&attrs.meta_image),
        lang,
        opt_str(&attrs.tags),
    ) {
        Ok(Some(_)) => Redirect::to("/admin").into_response(),
        Ok(None) => (StatusCode::NOT_FOUND, Html("Post not found".to_string())).into_response(),
        Err(e) => {
            tracing::error!("Failed to update post: {}", e);
            Redirect::to(&format!("/admin/posts/{}/edit?error=Failed+to+update", short_id))
                .into_response()
        }
    }
}

async fn admin_delete_post(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
) -> Response {
    match db::delete_post(&state.db, &short_id) {
        Ok(_) => Redirect::to("/admin").into_response(),
        Err(e) => {
            tracing::error!("Failed to delete post: {}", e);
            Redirect::to("/admin").into_response()
        }
    }
}

async fn admin_toggle_publish(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
) -> Response {
    match db::toggle_post_status(&state.db, &short_id) {
        Ok(_) => Redirect::to("/admin").into_response(),
        Err(e) => {
            tracing::error!("Failed to toggle post status: {}", e);
            Redirect::to("/admin").into_response()
        }
    }
}

// --- Admin page handlers ---

async fn admin_pages(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
) -> Response {
    match db::get_all_pages(&state.db) {
        Ok(pages) => WebTemplate(AdminPagesTemplate { pages }).into_response(),
        Err(e) => {
            tracing::error!("Failed to list pages: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
        }
    }
}

async fn admin_new_page(
    _session: auth::AuthSession,
    Query(q): Query<FlashQuery>,
) -> Response {
    WebTemplate(AdminPageFormTemplate {
        page: None,
        error: q.error,
    })
    .into_response()
}

const RESERVED_PAGE_SLUGS: &[&str] = &[
    "posts", "admin", "feed.xml", "custom-styles.css", "static", "files",
];

fn is_reserved_page_slug(slug: &str) -> bool {
    RESERVED_PAGE_SLUGS.contains(&slug)
}

async fn admin_create_page(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Form(form): Form<PageForm>,
) -> Response {
    let attrs = parse_page_attributes(&form.attributes);
    let title = attrs.title.trim().to_string();
    let slug = attrs.slug.trim().to_string();
    if title.is_empty() || slug.is_empty() {
        return Redirect::to("/admin/pages/new?error=Title+and+slug+are+required").into_response();
    }
    if is_reserved_page_slug(&slug) {
        return Redirect::to("/admin/pages/new?error=That+slug+is+reserved").into_response();
    }

    match db::create_page(&state.db, &title, &slug, &form.content, attrs.is_published, 0) {
        Ok(_) => Redirect::to("/admin/pages").into_response(),
        Err(e) => {
            tracing::error!("Failed to create page: {}", e);
            Redirect::to("/admin/pages/new?error=Failed+to+create+page").into_response()
        }
    }
}

async fn admin_edit_page(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
    Query(q): Query<FlashQuery>,
) -> Response {
    match db::get_page_by_short_id(&state.db, &short_id) {
        Ok(Some(page)) => WebTemplate(AdminPageFormTemplate {
            page: Some(page),
            error: q.error,
        })
        .into_response(),
        Ok(None) => (StatusCode::NOT_FOUND, Html("Page not found".to_string())).into_response(),
        Err(e) => {
            tracing::error!("Failed to get page: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
        }
    }
}

async fn admin_update_page(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
    Form(form): Form<PageForm>,
) -> Response {
    let attrs = parse_page_attributes(&form.attributes);
    let title = attrs.title.trim().to_string();
    let slug = attrs.slug.trim().to_string();
    if title.is_empty() || slug.is_empty() {
        return Redirect::to(&format!("/admin/pages/{}/edit?error=Title+and+slug+are+required", short_id))
            .into_response();
    }
    if is_reserved_page_slug(&slug) {
        return Redirect::to(&format!("/admin/pages/{}/edit?error=That+slug+is+reserved", short_id))
            .into_response();
    }

    match db::update_page(&state.db, &short_id, &title, &slug, &form.content, attrs.is_published, 0) {
        Ok(Some(_)) => Redirect::to("/admin/pages").into_response(),
        Ok(None) => (StatusCode::NOT_FOUND, Html("Page not found".to_string())).into_response(),
        Err(e) => {
            tracing::error!("Failed to update page: {}", e);
            Redirect::to(&format!("/admin/pages/{}/edit?error=Failed+to+update", short_id))
                .into_response()
        }
    }
}

async fn admin_delete_page(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
) -> Response {
    match db::delete_page(&state.db, &short_id) {
        Ok(_) => Redirect::to("/admin/pages").into_response(),
        Err(e) => {
            tracing::error!("Failed to delete page: {}", e);
            Redirect::to("/admin/pages").into_response()
        }
    }
}

// --- Admin settings handlers ---

async fn admin_get_settings(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Query(q): Query<FlashQuery>,
) -> Response {
    let blog_title = db::get_setting(&state.db, "blog_title").ok().flatten().unwrap_or_default();
    let blog_description = db::get_setting(&state.db, "blog_description").ok().flatten().unwrap_or_default();
    let intro_content = db::get_setting(&state.db, "intro_content").ok().flatten().unwrap_or_default();
    let nav_links = db::get_setting(&state.db, "nav_links").ok().flatten().unwrap_or_default();
    let custom_css = db::get_setting(&state.db, "custom_css").ok().flatten().unwrap_or_default();
    let favicon_url = db::get_setting(&state.db, "favicon_url").ok().flatten().unwrap_or_default();
    let og_image_url = db::get_setting(&state.db, "og_image_url").ok().flatten().unwrap_or_default();
    let custom_header = db::get_setting(&state.db, "custom_header").ok().flatten().unwrap_or_default();
    let custom_footer = db::get_setting(&state.db, "custom_footer").ok().flatten().unwrap_or_default();
    let default_css = Static::get("styles.css")
        .map(|f| String::from_utf8_lossy(&f.data).into_owned())
        .unwrap_or_default();

    WebTemplate(AdminSettingsTemplate {
        blog_title,
        blog_description,
        intro_content,
        nav_links,
        custom_css,
        default_css,
        favicon_url,
        og_image_url,
        custom_header,
        custom_footer,
        success: q.success,
    })
    .into_response()
}

async fn admin_post_settings(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Form(form): Form<SettingsForm>,
) -> Response {
    let _ = db::set_setting(&state.db, "blog_title", form.blog_title.trim());
    let _ = db::set_setting(&state.db, "blog_description", form.blog_description.trim());
    let _ = db::set_setting(&state.db, "intro_content", &form.intro_content);
    let _ = db::set_setting(&state.db, "nav_links", &form.nav_links);
    let _ = db::set_setting(&state.db, "custom_css", &form.custom_css);
    let _ = db::set_setting(&state.db, "favicon_url", form.favicon_url.trim());
    let _ = db::set_setting(&state.db, "og_image_url", form.og_image_url.trim());
    let _ = db::set_setting(&state.db, "custom_header", &form.custom_header);
    let _ = db::set_setting(&state.db, "custom_footer", &form.custom_footer);
    Redirect::to("/admin/settings?success=true").into_response()
}

// --- Admin file handlers ---

async fn admin_files(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Query(q): Query<FlashQuery>,
) -> Response {
    match db::get_all_files(&state.db) {
        Ok(files) => WebTemplate(AdminFilesTemplate {
            files,
            site_url: state.site_url.clone(),
            error: q.error,
            success: q.success,
        })
        .into_response(),
        Err(e) => {
            tracing::error!("Failed to list files: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
        }
    }
}

async fn admin_upload_file(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    mut multipart: Multipart,
) -> Response {
    let mut file_data: Option<(String, String, Vec<u8>)> = None;

    while let Ok(Some(field)) = multipart.next_field().await {
        if field.name() == Some("file") {
            let original_name = field
                .file_name()
                .unwrap_or("upload")
                .to_string();
            let content_type = field
                .content_type()
                .unwrap_or("application/octet-stream")
                .to_string();
            match field.bytes().await {
                Ok(bytes) => {
                    file_data = Some((original_name, content_type, bytes.to_vec()));
                }
                Err(e) => {
                    tracing::error!("Failed to read upload: {}", e);
                    return Redirect::to("/admin/files?error=Failed+to+read+upload").into_response();
                }
            }
        }
    }

    let (original_name, content_type, bytes) = match file_data {
        Some(d) => d,
        None => return Redirect::to("/admin/files?error=No+file+provided").into_response(),
    };

    let max_size: usize = 10 * 1024 * 1024;
    if bytes.len() > max_size {
        return Redirect::to("/admin/files?error=File+exceeds+10MB+limit").into_response();
    }

    let ext = original_name
        .rsplit('.')
        .next()
        .filter(|e| !e.is_empty() && *e != original_name)
        .unwrap_or("");
    let id = nanoid::nanoid!(10);
    let stored_name = if ext.is_empty() {
        id
    } else {
        format!("{}.{}", id, ext)
    };

    let path = std::path::PathBuf::from(&state.uploads_dir).join(&stored_name);
    if let Err(e) = tokio::fs::write(&path, &bytes).await {
        tracing::error!("Failed to write file: {}", e);
        return Redirect::to("/admin/files?error=Failed+to+save+file").into_response();
    }

    match db::create_file(&state.db, &stored_name, &original_name, &content_type, bytes.len() as i64) {
        Ok(_) => Redirect::to("/admin/files?success=true").into_response(),
        Err(e) => {
            tracing::error!("Failed to record file: {}", e);
            let _ = tokio::fs::remove_file(&path).await;
            Redirect::to("/admin/files?error=Failed+to+record+file").into_response()
        }
    }
}

async fn admin_delete_file(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
    Path(short_id): Path<String>,
) -> Response {
    match db::delete_file(&state.db, &short_id) {
        Ok(Some(file)) => {
            let path = std::path::PathBuf::from(&state.uploads_dir).join(&file.filename);
            if let Err(e) = tokio::fs::remove_file(&path).await {
                tracing::warn!("Failed to delete file from disk: {}", e);
            }
            Redirect::to("/admin/files").into_response()
        }
        Ok(None) => Redirect::to("/admin/files").into_response(),
        Err(e) => {
            tracing::error!("Failed to delete file: {}", e);
            Redirect::to("/admin/files").into_response()
        }
    }
}

async fn serve_uploaded_file(
    State(state): State<Arc<AppState>>,
    Path(filename): Path<String>,
) -> Response {
    if filename.contains("..") || filename.contains('/') || filename.contains('\\') {
        return StatusCode::NOT_FOUND.into_response();
    }

    let path = std::path::PathBuf::from(&state.uploads_dir).join(&filename);
    match tokio::fs::read(&path).await {
        Ok(bytes) => {
            let mime = mime_from_path(&filename);
            (
                StatusCode::OK,
                [(axum::http::header::CONTENT_TYPE, HeaderValue::from_static(mime))],
                bytes,
            )
                .into_response()
        }
        Err(_) => StatusCode::NOT_FOUND.into_response(),
    }
}

// --- RSS feed handler ---

fn xml_escape(s: &str) -> String {
    s.replace('&', "&amp;")
        .replace('<', "&lt;")
        .replace('>', "&gt;")
        .replace('"', "&quot;")
        .replace('\'', "&apos;")
}

async fn rss_feed(State(state): State<Arc<AppState>>) -> Response {
    let blog_title = get_blog_title(&state.db);
    let blog_description = db::get_setting(&state.db, "blog_description")
        .ok()
        .flatten()
        .unwrap_or_default();
    let site_url = &state.site_url;

    let posts = match db::get_published_posts(&state.db) {
        Ok(posts) => posts,
        Err(e) => {
            tracing::error!("Failed to get posts for RSS: {}", e);
            return (StatusCode::INTERNAL_SERVER_ERROR, "Server error").into_response();
        }
    };

    let mut items = String::new();
    for post in &posts {
        let link = format!("{}/posts/{}", site_url, xml_escape(&post.slug));
        let title = xml_escape(&post.title);
        let description = match &post.meta_description {
            Some(d) if !d.is_empty() => xml_escape(d),
            _ => {
                let plain: String = post.content.chars().take(200).collect();
                xml_escape(&plain)
            }
        };
        let pub_date = post.published_date.as_deref().unwrap_or(&post.created_at);
        let guid = format!("{}/posts/{}", site_url, xml_escape(&post.slug));

        items.push_str(&format!(
            "    <item>\n      <title>{title}</title>\n      <link>{link}</link>\n      <guid>{guid}</guid>\n      <description>{description}</description>\n      <pubDate>{pub_date}</pubDate>\n    </item>\n"
        ));
    }

    let last_build = posts
        .first()
        .and_then(|p| p.published_date.as_deref())
        .unwrap_or("");

    let xml = format!(
        r#"<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>{title}</title>
    <link>{site_url}</link>
    <description>{desc}</description>
    <lastBuildDate>{last_build}</lastBuildDate>
    <atom:link href="{site_url}/feed.xml" rel="self" type="application/rss+xml"/>
{items}  </channel>
</rss>"#,
        title = xml_escape(&blog_title),
        site_url = site_url,
        desc = xml_escape(&blog_description),
        last_build = last_build,
        items = items,
    );

    (
        StatusCode::OK,
        [(
            axum::http::header::CONTENT_TYPE,
            HeaderValue::from_static("application/rss+xml; charset=utf-8"),
        )],
        xml,
    )
        .into_response()
}

// --- Download/export handlers ---

async fn admin_download_posts(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
) -> Response {
    let posts = match db::get_all_posts(&state.db) {
        Ok(posts) => posts,
        Err(e) => {
            tracing::error!("Failed to get posts for export: {}", e);
            return (StatusCode::INTERNAL_SERVER_ERROR, "Server error").into_response();
        }
    };

    let result = tokio::task::spawn_blocking(move || {
        let mut buf = std::io::Cursor::new(Vec::new());
        {
            let mut zip = zip::ZipWriter::new(&mut buf);
            let options = zip::write::SimpleFileOptions::default()
                .compression_method(zip::CompressionMethod::Deflated);
            for post in &posts {
                let filename = format!("{}.md", post.slug);
                let mut frontmatter = format!(
                    "---\ntitle: {}\nslug: {}\nstatus: {}",
                    post.title, post.slug, post.status
                );
                if let Some(ref pd) = post.published_date {
                    frontmatter.push_str(&format!("\npublished_date: {}", pd));
                }
                if let Some(ref tags) = post.tags {
                    frontmatter.push_str(&format!("\ntags: {}", tags));
                }
                frontmatter.push_str(&format!("\nlang: {}", post.lang));
                if let Some(ref alias) = post.alias {
                    frontmatter.push_str(&format!("\nalias: {}", alias));
                }
                if let Some(ref meta_image) = post.meta_image {
                    frontmatter.push_str(&format!("\nmeta_image: {}", meta_image));
                }
                if let Some(ref meta_desc) = post.meta_description {
                    frontmatter.push_str(&format!("\ndescription: {}", meta_desc));
                }
                frontmatter.push_str("\n---\n\n");
                let content = format!("{}{}", frontmatter, post.content);
                if let Err(e) = zip.start_file(&filename, options) {
                    tracing::warn!("Failed to add {} to zip: {}", filename, e);
                    continue;
                }
                if let Err(e) = std::io::Write::write_all(&mut zip, content.as_bytes()) {
                    tracing::warn!("Failed to write {} to zip: {}", filename, e);
                }
            }
            let _ = zip.finish();
        }
        buf.into_inner()
    })
    .await;

    match result {
        Ok(bytes) => (
            StatusCode::OK,
            [
                (axum::http::header::CONTENT_TYPE, "application/zip"),
                (
                    axum::http::header::CONTENT_DISPOSITION,
                    "attachment; filename=\"posts.zip\"",
                ),
            ],
            bytes,
        )
            .into_response(),
        Err(e) => {
            tracing::error!("Failed to create posts zip: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, "Export failed").into_response()
        }
    }
}

async fn admin_download_uploads(
    _session: auth::AuthSession,
    State(state): State<Arc<AppState>>,
) -> Response {
    let files = match db::get_all_files(&state.db) {
        Ok(files) => files,
        Err(e) => {
            tracing::error!("Failed to get files for export: {}", e);
            return (StatusCode::INTERNAL_SERVER_ERROR, "Server error").into_response();
        }
    };

    let uploads_dir = state.uploads_dir.clone();
    let mut file_data: Vec<(String, Vec<u8>)> = Vec::new();
    let mut seen_names = std::collections::HashSet::new();
    for file in &files {
        let path = std::path::PathBuf::from(&uploads_dir).join(&file.filename);
        match tokio::fs::read(&path).await {
            Ok(bytes) => {
                let name = if seen_names.contains(&file.original_name) {
                    format!("{}_{}", file.short_id, file.original_name)
                } else {
                    file.original_name.clone()
                };
                seen_names.insert(file.original_name.clone());
                file_data.push((name, bytes));
            }
            Err(e) => {
                tracing::warn!("Skipping file {} ({}): {}", file.original_name, file.filename, e);
            }
        }
    }

    let result = tokio::task::spawn_blocking(move || {
        let mut buf = std::io::Cursor::new(Vec::new());
        {
            let mut zip = zip::ZipWriter::new(&mut buf);
            let options = zip::write::SimpleFileOptions::default()
                .compression_method(zip::CompressionMethod::Stored);
            for (name, bytes) in &file_data {
                if let Err(e) = zip.start_file(name, options) {
                    tracing::warn!("Failed to add {} to zip: {}", name, e);
                    continue;
                }
                if let Err(e) = std::io::Write::write_all(&mut zip, bytes) {
                    tracing::warn!("Failed to write {} to zip: {}", name, e);
                }
            }
            let _ = zip.finish();
        }
        buf.into_inner()
    })
    .await;

    match result {
        Ok(bytes) => (
            StatusCode::OK,
            [
                (axum::http::header::CONTENT_TYPE, "application/zip"),
                (
                    axum::http::header::CONTENT_DISPOSITION,
                    "attachment; filename=\"uploads.zip\"",
                ),
            ],
            bytes,
        )
            .into_response(),
        Err(e) => {
            tracing::error!("Failed to create uploads zip: {}", e);
            (StatusCode::INTERNAL_SERVER_ERROR, "Export failed").into_response()
        }
    }
}

// --- Date helper ---

fn days_to_ymd(mut days: i64) -> (i64, i64, i64) {
    days += 719468;
    let era = if days >= 0 { days } else { days - 146096 } / 146097;
    let doe = (days - era * 146097) as u32;
    let yoe = (doe - doe / 1460 + doe / 36524 - doe / 146096) / 365;
    let y = yoe as i64 + era * 400;
    let doy = doe - (365 * yoe + yoe / 4 - yoe / 100);
    let mp = (5 * doy + 2) / 153;
    let d = doy - (153 * mp + 2) / 5 + 1;
    let m = if mp < 10 { mp + 3 } else { mp - 9 };
    let y = if m <= 2 { y + 1 } else { y };
    (y, m as i64, d as i64)
}

// --- Router ---

pub async fn run(host: String, port: u16) {
    dotenvy::dotenv().ok();

    let db = db::init_db();

    if let Err(e) = db::prune_expired_sessions(&db) {
        tracing::warn!("Failed to prune sessions: {}", e);
    }

    let app_password = std::env::var("POSTS_PASSWORD").unwrap_or_else(|_| {
        tracing::warn!("POSTS_PASSWORD not set, using default 'changeme'");
        "changeme".to_string()
    });

    let cookie_secure = std::env::var("COOKIE_SECURE")
        .map(|v| v == "true")
        .unwrap_or(false);

    let uploads_dir = std::env::var("UPLOADS_DIR").unwrap_or_else(|_| "uploads".to_string());
    tokio::fs::create_dir_all(&uploads_dir)
        .await
        .expect("Failed to create uploads directory");

    let site_url = std::env::var("SITE_URL")
        .unwrap_or_else(|_| "http://localhost:3000".to_string())
        .trim_end_matches('/')
        .to_string();

    let state = Arc::new(AppState {
        db,
        app_password,
        cookie_secure,
        uploads_dir,
        site_url,
    });

    let app = Router::new()
        // Public routes
        .route("/", get(public_index))
        .route("/posts", get(public_posts_list))
        .route("/posts/{slug}", get(public_post))
        .route("/custom-styles.css", get(serve_custom_css))
        .route("/{slug}", get(public_page))
        .route("/feed.xml", get(rss_feed))
        // Admin auth
        .route("/admin/login", get(get_login).post(post_login))
        .route("/admin/logout", get(get_logout))
        // Admin posts
        .route("/admin", get(admin_index))
        .route("/admin/posts/new", get(admin_new_post))
        .route("/admin/posts", post(admin_create_post))
        .route("/admin/posts/{id}/edit", get(admin_edit_post))
        .route("/admin/posts/{id}", post(admin_update_post))
        .route("/admin/posts/{id}/delete", post(admin_delete_post))
        .route("/admin/posts/{id}/publish", post(admin_toggle_publish))
        // Admin pages
        .route("/admin/pages", get(admin_pages))
        .route("/admin/pages/new", get(admin_new_page))
        .route("/admin/pages/create", post(admin_create_page))
        .route("/admin/pages/{id}/edit", get(admin_edit_page))
        .route("/admin/pages/{id}", post(admin_update_page))
        .route("/admin/pages/{id}/delete", post(admin_delete_page))
        // Admin settings
        .route("/admin/settings", get(admin_get_settings).post(admin_post_settings))
        // Admin downloads
        .route("/admin/downloads/posts", get(admin_download_posts))
        .route("/admin/downloads/uploads", get(admin_download_uploads))
        // Admin files
        .route("/admin/files", get(admin_files))
        .route("/admin/files/upload", post(admin_upload_file))
        .route("/admin/files/{id}/delete", post(admin_delete_file))
        // Public files
        .route("/files/{filename}", get(serve_uploaded_file))
        // Static assets
        .route("/static/{*path}", get(serve_static))
        // Fallback
        .fallback(get(fallback_handler))
        .with_state(state)
        .layer(DefaultBodyLimit::max(11 * 1024 * 1024));

    let addr = format!("{}:{}", host, port);
    tracing::info!("Listening on http://{}", addr);

    let listener = tokio::net::TcpListener::bind(&addr).await.unwrap();
    axum::serve(listener, app).await.unwrap();
}

apps/posts/src/server/handlers/admin.rs (added) +680 −0

1	+	use askama_web::WebTemplate;
2	+	use axum::{
3	+	extract::{Form, Multipart, Path, Query, State},
4	+	http::{HeaderValue, StatusCode},
5	+	response::{Html, IntoResponse, Redirect, Response},
6	+	};
7	+	use std::sync::Arc;
8	+
9	+	use super::super::*;
10	+	use crate::{auth, db};
11	+
12	+	// --- Auth handlers ---
13	+
14	+	pub async fn get_login(Query(q): Query<FlashQuery>) -> Response {
15	+	WebTemplate(LoginTemplate { error: q.error }).into_response()
16	+	}
17	+
18	+	pub async fn post_login(
19	+	State(state): State<Arc<AppState>>,
20	+	Form(form): Form<LoginForm>,
21	+	) -> Response {
22	+	if !auth::verify_password(&form.password, &state.app_password) {
23	+	return Redirect::to("/admin/login?error=Invalid+password").into_response();
24	+	}
25	+
26	+	let token = auth::generate_session_token();
27	+
28	+	let expires_at = andromeda_auth::datetime::expiry_datetime_string(7 * 24 * 3600);
29	+
30	+	if let Err(e) = db::insert_session(&state.db, &token, &expires_at) {
31	+	tracing::error!("Failed to create session: {}", e);
32	+	return Redirect::to("/admin/login?error=Server+error").into_response();
33	+	}
34	+
35	+	let cookie = auth::build_session_cookie(&token, state.cookie_secure);
36	+	let mut resp = Redirect::to("/admin").into_response();
37	+	resp.headers_mut().insert(
38	+	axum::http::header::SET_COOKIE,
39	+	HeaderValue::from_str(&cookie).unwrap(),
40	+	);
41	+	resp
42	+	}
43	+
44	+	pub async fn get_logout(
45	+	State(state): State<Arc<AppState>>,
46	+	headers: axum::http::HeaderMap,
47	+	) -> Response {
48	+	if let Some(cookie_header) = headers.get("cookie").and_then(\|v\| v.to_str().ok()) {
49	+	for part in cookie_header.split(';') {
50	+	let part = part.trim();
51	+	if let Some(val) = part.strip_prefix("session=") {
52	+	let val = val.trim();
53	+	if !val.is_empty() {
54	+	let _ = db::delete_session(&state.db, val);
55	+	}
56	+	}
57	+	}
58	+	}
59	+
60	+	let cookie = auth::clear_session_cookie();
61	+	let mut resp = Redirect::to("/admin/login").into_response();
62	+	resp.headers_mut().insert(
63	+	axum::http::header::SET_COOKIE,
64	+	HeaderValue::from_str(&cookie).unwrap(),
65	+	);
66	+	resp
67	+	}
68	+
69	+	// --- Admin post handlers ---
70	+
71	+	pub async fn admin_index(
72	+	_session: auth::AuthSession,
73	+	State(state): State<Arc<AppState>>,
74	+	) -> Response {
75	+	match db::get_all_posts(&state.db) {
76	+	Ok(posts) => WebTemplate(AdminIndexTemplate { posts }).into_response(),
77	+	Err(e) => {
78	+	tracing::error!("Failed to list posts: {}", e);
79	+	(StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
80	+	}
81	+	}
82	+	}
83	+
84	+	pub async fn admin_new_post(
85	+	_session: auth::AuthSession,
86	+	Query(q): Query<FlashQuery>,
87	+	) -> Response {
88	+	WebTemplate(AdminPostFormTemplate {
89	+	post: None,
90	+	error: q.error,
91	+	})
92	+	.into_response()
93	+	}
94	+
95	+	pub async fn admin_create_post(
96	+	_session: auth::AuthSession,
97	+	State(state): State<Arc<AppState>>,
98	+	Form(form): Form<PostForm>,
99	+	) -> Response {
100	+	let attrs = parse_attributes(&form.attributes);
101	+	let title = attrs.title.trim();
102	+	if title.is_empty() {
103	+	return Redirect::to("/admin/posts/new?error=Title+is+required").into_response();
104	+	}
105	+	let slug = if attrs.slug.trim().is_empty() {
106	+	slugify(title)
107	+	} else {
108	+	attrs.slug.trim().to_string()
109	+	};
110	+
111	+	let status = if form.action == "publish" { "published" } else { "draft" };
112	+	let lang = if attrs.lang.trim().is_empty() { "en" } else { attrs.lang.trim() };
113	+	let published_date = if attrs.published_date.trim().is_empty() {
114	+	now_datetime()
115	+	} else {
116	+	attrs.published_date.trim().to_string()
117	+	};
118	+
119	+	match db::create_post(
120	+	&state.db,
121	+	title,
122	+	&slug,
123	+	&form.content,
124	+	status,
125	+	opt_str(&attrs.alias),
126	+	None,
127	+	Some(&published_date),
128	+	opt_str(&attrs.meta_description),
129	+	opt_str(&attrs.meta_image),
130	+	lang,
131	+	opt_str(&attrs.tags),
132	+	) {
133	+	Ok(_) => Redirect::to("/admin").into_response(),
134	+	Err(e) => {
135	+	tracing::error!("Failed to create post: {}", e);
136	+	Redirect::to("/admin/posts/new?error=Failed+to+create+post").into_response()
137	+	}
138	+	}
139	+	}
140	+
141	+	pub async fn admin_edit_post(
142	+	_session: auth::AuthSession,
143	+	State(state): State<Arc<AppState>>,
144	+	Path(short_id): Path<String>,
145	+	Query(q): Query<FlashQuery>,
146	+	) -> Response {
147	+	match db::get_post_by_short_id(&state.db, &short_id) {
148	+	Ok(Some(post)) => WebTemplate(AdminPostFormTemplate {
149	+	post: Some(post),
150	+	error: q.error,
151	+	})
152	+	.into_response(),
153	+	Ok(None) => (StatusCode::NOT_FOUND, Html("Post not found".to_string())).into_response(),
154	+	Err(e) => {
155	+	tracing::error!("Failed to get post: {}", e);
156	+	(StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
157	+	}
158	+	}
159	+	}
160	+
161	+	pub async fn admin_update_post(
162	+	_session: auth::AuthSession,
163	+	State(state): State<Arc<AppState>>,
164	+	Path(short_id): Path<String>,
165	+	Form(form): Form<PostForm>,
166	+	) -> Response {
167	+	let attrs = parse_attributes(&form.attributes);
168	+	let title = attrs.title.trim();
169	+	if title.is_empty() {
170	+	return Redirect::to(&format!("/admin/posts/{}/edit?error=Title+is+required", short_id))
171	+	.into_response();
172	+	}
173	+	let slug = if attrs.slug.trim().is_empty() {
174	+	slugify(title)
175	+	} else {
176	+	attrs.slug.trim().to_string()
177	+	};
178	+
179	+	let status = if form.action == "publish" { "published" } else { "draft" };
180	+	let lang = if attrs.lang.trim().is_empty() { "en" } else { attrs.lang.trim() };
181	+	let published_date = if attrs.published_date.trim().is_empty() {
182	+	None
183	+	} else {
184	+	Some(attrs.published_date.trim().to_string())
185	+	};
186	+
187	+	match db::update_post(
188	+	&state.db,
189	+	&short_id,
190	+	title,
191	+	&slug,
192	+	&form.content,
193	+	status,
194	+	opt_str(&attrs.alias),
195	+	None,
196	+	published_date.as_deref(),
197	+	opt_str(&attrs.meta_description),
198	+	opt_str(&attrs.meta_image),
199	+	lang,
200	+	opt_str(&attrs.tags),
201	+	) {
202	+	Ok(Some(_)) => Redirect::to("/admin").into_response(),
203	+	Ok(None) => (StatusCode::NOT_FOUND, Html("Post not found".to_string())).into_response(),
204	+	Err(e) => {
205	+	tracing::error!("Failed to update post: {}", e);
206	+	Redirect::to(&format!("/admin/posts/{}/edit?error=Failed+to+update", short_id))
207	+	.into_response()
208	+	}
209	+	}
210	+	}
211	+
212	+	pub async fn admin_delete_post(
213	+	_session: auth::AuthSession,
214	+	State(state): State<Arc<AppState>>,
215	+	Path(short_id): Path<String>,
216	+	) -> Response {
217	+	match db::delete_post(&state.db, &short_id) {
218	+	Ok(_) => Redirect::to("/admin").into_response(),
219	+	Err(e) => {
220	+	tracing::error!("Failed to delete post: {}", e);
221	+	Redirect::to("/admin").into_response()
222	+	}
223	+	}
224	+	}
225	+
226	+	pub async fn admin_toggle_publish(
227	+	_session: auth::AuthSession,
228	+	State(state): State<Arc<AppState>>,
229	+	Path(short_id): Path<String>,
230	+	) -> Response {
231	+	match db::toggle_post_status(&state.db, &short_id) {
232	+	Ok(_) => Redirect::to("/admin").into_response(),
233	+	Err(e) => {
234	+	tracing::error!("Failed to toggle post status: {}", e);
235	+	Redirect::to("/admin").into_response()
236	+	}
237	+	}
238	+	}
239	+
240	+	// --- Admin page handlers ---
241	+
242	+	pub async fn admin_pages(
243	+	_session: auth::AuthSession,
244	+	State(state): State<Arc<AppState>>,
245	+	) -> Response {
246	+	match db::get_all_pages(&state.db) {
247	+	Ok(pages) => WebTemplate(AdminPagesTemplate { pages }).into_response(),
248	+	Err(e) => {
249	+	tracing::error!("Failed to list pages: {}", e);
250	+	(StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
251	+	}
252	+	}
253	+	}
254	+
255	+	pub async fn admin_new_page(
256	+	_session: auth::AuthSession,
257	+	Query(q): Query<FlashQuery>,
258	+	) -> Response {
259	+	WebTemplate(AdminPageFormTemplate {
260	+	page: None,
261	+	error: q.error,
262	+	})
263	+	.into_response()
264	+	}
265	+
266	+	const RESERVED_PAGE_SLUGS: &[&str] = &[
267	+	"posts", "admin", "feed.xml", "custom-styles.css", "static", "files",
268	+	];
269	+
270	+	fn is_reserved_page_slug(slug: &str) -> bool {
271	+	RESERVED_PAGE_SLUGS.contains(&slug)
272	+	}
273	+
274	+	pub async fn admin_create_page(
275	+	_session: auth::AuthSession,
276	+	State(state): State<Arc<AppState>>,
277	+	Form(form): Form<PageForm>,
278	+	) -> Response {
279	+	let attrs = parse_page_attributes(&form.attributes);
280	+	let title = attrs.title.trim().to_string();
281	+	let slug = attrs.slug.trim().to_string();
282	+	if title.is_empty() \|\| slug.is_empty() {
283	+	return Redirect::to("/admin/pages/new?error=Title+and+slug+are+required").into_response();
284	+	}
285	+	if is_reserved_page_slug(&slug) {
286	+	return Redirect::to("/admin/pages/new?error=That+slug+is+reserved").into_response();
287	+	}
288	+
289	+	match db::create_page(&state.db, &title, &slug, &form.content, attrs.is_published, 0) {
290	+	Ok(_) => Redirect::to("/admin/pages").into_response(),
291	+	Err(e) => {
292	+	tracing::error!("Failed to create page: {}", e);
293	+	Redirect::to("/admin/pages/new?error=Failed+to+create+page").into_response()
294	+	}
295	+	}
296	+	}
297	+
298	+	pub async fn admin_edit_page(
299	+	_session: auth::AuthSession,
300	+	State(state): State<Arc<AppState>>,
301	+	Path(short_id): Path<String>,
302	+	Query(q): Query<FlashQuery>,
303	+	) -> Response {
304	+	match db::get_page_by_short_id(&state.db, &short_id) {
305	+	Ok(Some(page)) => WebTemplate(AdminPageFormTemplate {
306	+	page: Some(page),
307	+	error: q.error,
308	+	})
309	+	.into_response(),
310	+	Ok(None) => (StatusCode::NOT_FOUND, Html("Page not found".to_string())).into_response(),
311	+	Err(e) => {
312	+	tracing::error!("Failed to get page: {}", e);
313	+	(StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
314	+	}
315	+	}
316	+	}
317	+
318	+	pub async fn admin_update_page(
319	+	_session: auth::AuthSession,
320	+	State(state): State<Arc<AppState>>,
321	+	Path(short_id): Path<String>,
322	+	Form(form): Form<PageForm>,
323	+	) -> Response {
324	+	let attrs = parse_page_attributes(&form.attributes);
325	+	let title = attrs.title.trim().to_string();
326	+	let slug = attrs.slug.trim().to_string();
327	+	if title.is_empty() \|\| slug.is_empty() {
328	+	return Redirect::to(&format!(
329	+	"/admin/pages/{}/edit?error=Title+and+slug+are+required",
330	+	short_id
331	+	))
332	+	.into_response();
333	+	}
334	+	if is_reserved_page_slug(&slug) {
335	+	return Redirect::to(&format!(
336	+	"/admin/pages/{}/edit?error=That+slug+is+reserved",
337	+	short_id
338	+	))
339	+	.into_response();
340	+	}
341	+
342	+	match db::update_page(&state.db, &short_id, &title, &slug, &form.content, attrs.is_published, 0) {
343	+	Ok(Some(_)) => Redirect::to("/admin/pages").into_response(),
344	+	Ok(None) => (StatusCode::NOT_FOUND, Html("Page not found".to_string())).into_response(),
345	+	Err(e) => {
346	+	tracing::error!("Failed to update page: {}", e);
347	+	Redirect::to(&format!("/admin/pages/{}/edit?error=Failed+to+update", short_id))
348	+	.into_response()
349	+	}
350	+	}
351	+	}
352	+
353	+	pub async fn admin_delete_page(
354	+	_session: auth::AuthSession,
355	+	State(state): State<Arc<AppState>>,
356	+	Path(short_id): Path<String>,
357	+	) -> Response {
358	+	match db::delete_page(&state.db, &short_id) {
359	+	Ok(_) => Redirect::to("/admin/pages").into_response(),
360	+	Err(e) => {
361	+	tracing::error!("Failed to delete page: {}", e);
362	+	Redirect::to("/admin/pages").into_response()
363	+	}
364	+	}
365	+	}
366	+
367	+	// --- Admin settings handlers ---
368	+
369	+	pub async fn admin_get_settings(
370	+	_session: auth::AuthSession,
371	+	State(state): State<Arc<AppState>>,
372	+	Query(q): Query<FlashQuery>,
373	+	) -> Response {
374	+	let blog_title = db::get_setting(&state.db, "blog_title").ok().flatten().unwrap_or_default();
375	+	let blog_description = db::get_setting(&state.db, "blog_description").ok().flatten().unwrap_or_default();
376	+	let intro_content = db::get_setting(&state.db, "intro_content").ok().flatten().unwrap_or_default();
377	+	let nav_links = db::get_setting(&state.db, "nav_links").ok().flatten().unwrap_or_default();
378	+	let custom_css = db::get_setting(&state.db, "custom_css").ok().flatten().unwrap_or_default();
379	+	let favicon_url = db::get_setting(&state.db, "favicon_url").ok().flatten().unwrap_or_default();
380	+	let og_image_url = db::get_setting(&state.db, "og_image_url").ok().flatten().unwrap_or_default();
381	+	let custom_header = db::get_setting(&state.db, "custom_header").ok().flatten().unwrap_or_default();
382	+	let custom_footer = db::get_setting(&state.db, "custom_footer").ok().flatten().unwrap_or_default();
383	+	let default_css = Static::get("styles.css")
384	+	.map(\|f\| String::from_utf8_lossy(&f.data).into_owned())
385	+	.unwrap_or_default();
386	+
387	+	WebTemplate(AdminSettingsTemplate {
388	+	blog_title,
389	+	blog_description,
390	+	intro_content,
391	+	nav_links,
392	+	custom_css,
393	+	default_css,
394	+	favicon_url,
395	+	og_image_url,
396	+	custom_header,
397	+	custom_footer,
398	+	success: q.success,
399	+	})
400	+	.into_response()
401	+	}
402	+
403	+	pub async fn admin_post_settings(
404	+	_session: auth::AuthSession,
405	+	State(state): State<Arc<AppState>>,
406	+	Form(form): Form<SettingsForm>,
407	+	) -> Response {
408	+	let _ = db::set_setting(&state.db, "blog_title", form.blog_title.trim());
409	+	let _ = db::set_setting(&state.db, "blog_description", form.blog_description.trim());
410	+	let _ = db::set_setting(&state.db, "intro_content", &form.intro_content);
411	+	let _ = db::set_setting(&state.db, "nav_links", &form.nav_links);
412	+	let _ = db::set_setting(&state.db, "custom_css", &form.custom_css);
413	+	let _ = db::set_setting(&state.db, "favicon_url", form.favicon_url.trim());
414	+	let _ = db::set_setting(&state.db, "og_image_url", form.og_image_url.trim());
415	+	let _ = db::set_setting(&state.db, "custom_header", &form.custom_header);
416	+	let _ = db::set_setting(&state.db, "custom_footer", &form.custom_footer);
417	+	Redirect::to("/admin/settings?success=true").into_response()
418	+	}
419	+
420	+	// --- Admin file handlers ---
421	+
422	+	pub async fn admin_files(
423	+	_session: auth::AuthSession,
424	+	State(state): State<Arc<AppState>>,
425	+	Query(q): Query<FlashQuery>,
426	+	) -> Response {
427	+	match db::get_all_files(&state.db) {
428	+	Ok(files) => WebTemplate(AdminFilesTemplate {
429	+	files,
430	+	site_url: state.site_url.clone(),
431	+	error: q.error,
432	+	success: q.success,
433	+	})
434	+	.into_response(),
435	+	Err(e) => {
436	+	tracing::error!("Failed to list files: {}", e);
437	+	(StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
438	+	}
439	+	}
440	+	}
441	+
442	+	pub async fn admin_upload_file(
443	+	_session: auth::AuthSession,
444	+	State(state): State<Arc<AppState>>,
445	+	mut multipart: Multipart,
446	+	) -> Response {
447	+	let mut file_data: Option<(String, String, Vec<u8>)> = None;
448	+
449	+	while let Ok(Some(field)) = multipart.next_field().await {
450	+	if field.name() == Some("file") {
451	+	let original_name = field
452	+	.file_name()
453	+	.unwrap_or("upload")
454	+	.to_string();
455	+	let content_type = field
456	+	.content_type()
457	+	.unwrap_or("application/octet-stream")
458	+	.to_string();
459	+	match field.bytes().await {
460	+	Ok(bytes) => {
461	+	file_data = Some((original_name, content_type, bytes.to_vec()));
462	+	}
463	+	Err(e) => {
464	+	tracing::error!("Failed to read upload: {}", e);
465	+	return Redirect::to("/admin/files?error=Failed+to+read+upload").into_response();
466	+	}
467	+	}
468	+	}
469	+	}
470	+
471	+	let (original_name, content_type, bytes) = match file_data {
472	+	Some(d) => d,
473	+	None => return Redirect::to("/admin/files?error=No+file+provided").into_response(),
474	+	};
475	+
476	+	let max_size: usize = 10 * 1024 * 1024;
477	+	if bytes.len() > max_size {
478	+	return Redirect::to("/admin/files?error=File+exceeds+10MB+limit").into_response();
479	+	}
480	+
481	+	let ext = original_name
482	+	.rsplit('.')
483	+	.next()
484	+	.filter(\|e\| !e.is_empty() && *e != original_name)
485	+	.unwrap_or("");
486	+	let id = nanoid::nanoid!(10);
487	+	let stored_name = if ext.is_empty() {
488	+	id
489	+	} else {
490	+	format!("{}.{}", id, ext)
491	+	};
492	+
493	+	let path = std::path::PathBuf::from(&state.uploads_dir).join(&stored_name);
494	+	if let Err(e) = tokio::fs::write(&path, &bytes).await {
495	+	tracing::error!("Failed to write file: {}", e);
496	+	return Redirect::to("/admin/files?error=Failed+to+save+file").into_response();
497	+	}
498	+
499	+	match db::create_file(&state.db, &stored_name, &original_name, &content_type, bytes.len() as i64) {
500	+	Ok(_) => Redirect::to("/admin/files?success=true").into_response(),
501	+	Err(e) => {
502	+	tracing::error!("Failed to record file: {}", e);
503	+	let _ = tokio::fs::remove_file(&path).await;
504	+	Redirect::to("/admin/files?error=Failed+to+record+file").into_response()
505	+	}
506	+	}
507	+	}
508	+
509	+	pub async fn admin_delete_file(
510	+	_session: auth::AuthSession,
511	+	State(state): State<Arc<AppState>>,
512	+	Path(short_id): Path<String>,
513	+	) -> Response {
514	+	match db::delete_file(&state.db, &short_id) {
515	+	Ok(Some(file)) => {
516	+	let path = std::path::PathBuf::from(&state.uploads_dir).join(&file.filename);
517	+	if let Err(e) = tokio::fs::remove_file(&path).await {
518	+	tracing::warn!("Failed to delete file from disk: {}", e);
519	+	}
520	+	Redirect::to("/admin/files").into_response()
521	+	}
522	+	Ok(None) => Redirect::to("/admin/files").into_response(),
523	+	Err(e) => {
524	+	tracing::error!("Failed to delete file: {}", e);
525	+	Redirect::to("/admin/files").into_response()
526	+	}
527	+	}
528	+	}
529	+
530	+	// --- Download/export handlers ---
531	+
532	+	pub async fn admin_download_posts(
533	+	_session: auth::AuthSession,
534	+	State(state): State<Arc<AppState>>,
535	+	) -> Response {
536	+	let posts = match db::get_all_posts(&state.db) {
537	+	Ok(posts) => posts,
538	+	Err(e) => {
539	+	tracing::error!("Failed to get posts for export: {}", e);
540	+	return (StatusCode::INTERNAL_SERVER_ERROR, "Server error").into_response();
541	+	}
542	+	};
543	+
544	+	let result = tokio::task::spawn_blocking(move \|\| {
545	+	let mut buf = std::io::Cursor::new(Vec::new());
546	+	{
547	+	let mut zip = zip::ZipWriter::new(&mut buf);
548	+	let options = zip::write::SimpleFileOptions::default()
549	+	.compression_method(zip::CompressionMethod::Deflated);
550	+	for post in &posts {
551	+	let filename = format!("{}.md", post.slug);
552	+	let mut frontmatter = format!(
553	+	"---\ntitle: {}\nslug: {}\nstatus: {}",
554	+	post.title, post.slug, post.status
555	+	);
556	+	if let Some(ref pd) = post.published_date {
557	+	frontmatter.push_str(&format!("\npublished_date: {}", pd));
558	+	}
559	+	if let Some(ref tags) = post.tags {
560	+	frontmatter.push_str(&format!("\ntags: {}", tags));
561	+	}
562	+	frontmatter.push_str(&format!("\nlang: {}", post.lang));
563	+	if let Some(ref alias) = post.alias {
564	+	frontmatter.push_str(&format!("\nalias: {}", alias));
565	+	}
566	+	if let Some(ref meta_image) = post.meta_image {
567	+	frontmatter.push_str(&format!("\nmeta_image: {}", meta_image));
568	+	}
569	+	if let Some(ref meta_desc) = post.meta_description {
570	+	frontmatter.push_str(&format!("\ndescription: {}", meta_desc));
571	+	}
572	+	frontmatter.push_str("\n---\n\n");
573	+	let content = format!("{}{}", frontmatter, post.content);
574	+	if let Err(e) = zip.start_file(&filename, options) {
575	+	tracing::warn!("Failed to add {} to zip: {}", filename, e);
576	+	continue;
577	+	}
578	+	if let Err(e) = std::io::Write::write_all(&mut zip, content.as_bytes()) {
579	+	tracing::warn!("Failed to write {} to zip: {}", filename, e);
580	+	}
581	+	}
582	+	let _ = zip.finish();
583	+	}
584	+	buf.into_inner()
585	+	})
586	+	.await;
587	+
588	+	match result {
589	+	Ok(bytes) => (
590	+	StatusCode::OK,
591	+	[
592	+	(axum::http::header::CONTENT_TYPE, "application/zip"),
593	+	(
594	+	axum::http::header::CONTENT_DISPOSITION,
595	+	"attachment; filename=\"posts.zip\"",
596	+	),
597	+	],
598	+	bytes,
599	+	)
600	+	.into_response(),
601	+	Err(e) => {
602	+	tracing::error!("Failed to create posts zip: {}", e);
603	+	(StatusCode::INTERNAL_SERVER_ERROR, "Export failed").into_response()
604	+	}
605	+	}
606	+	}
607	+
608	+	pub async fn admin_download_uploads(
609	+	_session: auth::AuthSession,
610	+	State(state): State<Arc<AppState>>,
611	+	) -> Response {
612	+	let files = match db::get_all_files(&state.db) {
613	+	Ok(files) => files,
614	+	Err(e) => {
615	+	tracing::error!("Failed to get files for export: {}", e);
616	+	return (StatusCode::INTERNAL_SERVER_ERROR, "Server error").into_response();
617	+	}
618	+	};
619	+
620	+	let uploads_dir = state.uploads_dir.clone();
621	+	let mut file_data: Vec<(String, Vec<u8>)> = Vec::new();
622	+	let mut seen_names = std::collections::HashSet::new();
623	+	for file in &files {
624	+	let path = std::path::PathBuf::from(&uploads_dir).join(&file.filename);
625	+	match tokio::fs::read(&path).await {
626	+	Ok(bytes) => {
627	+	let name = if seen_names.contains(&file.original_name) {
628	+	format!("{}_{}", file.short_id, file.original_name)
629	+	} else {
630	+	file.original_name.clone()
631	+	};
632	+	seen_names.insert(file.original_name.clone());
633	+	file_data.push((name, bytes));
634	+	}
635	+	Err(e) => {
636	+	tracing::warn!("Skipping file {} ({}): {}", file.original_name, file.filename, e);
637	+	}
638	+	}
639	+	}
640	+
641	+	let result = tokio::task::spawn_blocking(move \|\| {
642	+	let mut buf = std::io::Cursor::new(Vec::new());
643	+	{
644	+	let mut zip = zip::ZipWriter::new(&mut buf);
645	+	let options = zip::write::SimpleFileOptions::default()
646	+	.compression_method(zip::CompressionMethod::Stored);
647	+	for (name, bytes) in &file_data {
648	+	if let Err(e) = zip.start_file(name, options) {
649	+	tracing::warn!("Failed to add {} to zip: {}", name, e);
650	+	continue;
651	+	}
652	+	if let Err(e) = std::io::Write::write_all(&mut zip, bytes) {
653	+	tracing::warn!("Failed to write {} to zip: {}", name, e);
654	+	}
655	+	}
656	+	let _ = zip.finish();
657	+	}
658	+	buf.into_inner()
659	+	})
660	+	.await;
661	+
662	+	match result {
663	+	Ok(bytes) => (
664	+	StatusCode::OK,
665	+	[
666	+	(axum::http::header::CONTENT_TYPE, "application/zip"),
667	+	(
668	+	axum::http::header::CONTENT_DISPOSITION,
669	+	"attachment; filename=\"uploads.zip\"",
670	+	),
671	+	],
672	+	bytes,
673	+	)
674	+	.into_response(),
675	+	Err(e) => {
676	+	tracing::error!("Failed to create uploads zip: {}", e);
677	+	(StatusCode::INTERNAL_SERVER_ERROR, "Export failed").into_response()
678	+	}
679	+	}
680	+	}

apps/posts/src/server/handlers/mod.rs (added) +2 −0

	1	+	pub mod admin;
	2	+	pub mod public;

apps/posts/src/server/handlers/public.rs (added) +289 −0

1	+	use askama_web::WebTemplate;
2	+	use axum::{
3	+	extract::{Path, State},
4	+	http::{HeaderValue, StatusCode, Uri},
5	+	response::{Html, IntoResponse, Redirect, Response},
6	+	};
7	+	use std::sync::Arc;
8	+
9	+	use super::super::*;
10	+	use crate::db;
11	+
12	+	pub async fn serve_static(Path(path): Path<String>) -> Response {
13	+	match Static::get(&path) {
14	+	Some(file) => {
15	+	let mime = mime_from_path(&path);
16	+	(
17	+	StatusCode::OK,
18	+	[(axum::http::header::CONTENT_TYPE, HeaderValue::from_static(mime))],
19	+	file.data.to_vec(),
20	+	)
21	+	.into_response()
22	+	}
23	+	None => StatusCode::NOT_FOUND.into_response(),
24	+	}
25	+	}
26	+
27	+	pub async fn public_index(State(state): State<Arc<AppState>>) -> Response {
28	+	let blog_title = get_blog_title(&state.db);
29	+	let blog_description = db::get_setting(&state.db, "blog_description")
30	+	.ok()
31	+	.flatten()
32	+	.unwrap_or_default();
33	+	let intro_content = db::get_setting(&state.db, "intro_content")
34	+	.ok()
35	+	.flatten()
36	+	.unwrap_or_default();
37	+	let nav_links = get_nav_links(&state.db);
38	+
39	+	match db::get_published_posts(&state.db) {
40	+	Ok(posts) => {
41	+	let mut intro_html = render_markdown(&intro_content);
42	+
43	+	if intro_content.contains("{{latest_posts}}") {
44	+	let latest: Vec<&Post> = posts.iter().take(5).collect();
45	+	let embed_html = render_latest_posts_embed(&latest);
46	+	intro_html = intro_html.replace("<p>{{latest_posts}}</p>", &embed_html);
47	+	intro_html = intro_html.replace("{{latest_posts}}", &embed_html);
48	+	}
49	+
50	+	let favicon_url = get_favicon_url(&state.db);
51	+	let og_image_url = get_og_image_url(&state.db);
52	+	let (header_html, footer_html) = get_header_footer_html(&state.db);
53	+	WebTemplate(IndexTemplate {
54	+	blog_title,
55	+	blog_description,
56	+	intro_html,
57	+	posts,
58	+	nav_links,
59	+	favicon_url,
60	+	og_image_url,
61	+	site_url: state.site_url.clone(),
62	+	header_html,
63	+	footer_html,
64	+	})
65	+	.into_response()
66	+	}
67	+	Err(e) => {
68	+	tracing::error!("Failed to list posts: {}", e);
69	+	(StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
70	+	}
71	+	}
72	+	}
73	+
74	+	pub async fn public_post(
75	+	State(state): State<Arc<AppState>>,
76	+	Path(slug): Path<String>,
77	+	) -> Response {
78	+	match db::get_post_by_slug(&state.db, &slug) {
79	+	Ok(Some(post)) if post.status == "published" => {
80	+	let rendered_content = render_markdown(&post.content);
81	+	let blog_title = get_blog_title(&state.db);
82	+	let nav_links = get_nav_links(&state.db);
83	+	let favicon_url = get_favicon_url(&state.db);
84	+	let og_image_url = get_og_image_url(&state.db);
85	+	let (header_html, footer_html) = get_header_footer_html(&state.db);
86	+	WebTemplate(PostTemplate {
87	+	blog_title,
88	+	nav_links,
89	+	post,
90	+	rendered_content,
91	+	favicon_url,
92	+	og_image_url,
93	+	site_url: state.site_url.clone(),
94	+	header_html,
95	+	footer_html,
96	+	})
97	+	.into_response()
98	+	}
99	+	Ok(_) => (StatusCode::NOT_FOUND, Html("Not found".to_string())).into_response(),
100	+	Err(e) => {
101	+	tracing::error!("Failed to get post: {}", e);
102	+	(StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
103	+	}
104	+	}
105	+	}
106	+
107	+	pub async fn public_page(
108	+	State(state): State<Arc<AppState>>,
109	+	Path(slug): Path<String>,
110	+	) -> Response {
111	+	match db::get_page_by_slug(&state.db, &slug) {
112	+	Ok(Some(page)) if page.is_published => {
113	+	let rendered_content = render_markdown(&page.content);
114	+	let blog_title = get_blog_title(&state.db);
115	+	let nav_links = get_nav_links(&state.db);
116	+	let favicon_url = get_favicon_url(&state.db);
117	+	let og_image_url = get_og_image_url(&state.db);
118	+	let (header_html, footer_html) = get_header_footer_html(&state.db);
119	+	WebTemplate(PageTemplate {
120	+	blog_title,
121	+	nav_links,
122	+	page,
123	+	rendered_content,
124	+	favicon_url,
125	+	og_image_url,
126	+	site_url: state.site_url.clone(),
127	+	header_html,
128	+	footer_html,
129	+	})
130	+	.into_response()
131	+	}
132	+	Ok(_) => (StatusCode::NOT_FOUND, Html("Not found".to_string())).into_response(),
133	+	Err(e) => {
134	+	tracing::error!("Failed to get page: {}", e);
135	+	(StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
136	+	}
137	+	}
138	+	}
139	+
140	+	pub async fn public_posts_list(State(state): State<Arc<AppState>>) -> Response {
141	+	let blog_title = get_blog_title(&state.db);
142	+	let nav_links = get_nav_links(&state.db);
143	+	let favicon_url = get_favicon_url(&state.db);
144	+	let og_image_url = get_og_image_url(&state.db);
145	+
146	+	let (header_html, footer_html) = get_header_footer_html(&state.db);
147	+
148	+	match db::get_published_posts(&state.db) {
149	+	Ok(posts) => WebTemplate(PostsListTemplate {
150	+	blog_title,
151	+	nav_links,
152	+	posts,
153	+	favicon_url,
154	+	og_image_url,
155	+	site_url: state.site_url.clone(),
156	+	header_html,
157	+	footer_html,
158	+	})
159	+	.into_response(),
160	+	Err(e) => {
161	+	tracing::error!("Failed to list posts: {}", e);
162	+	(StatusCode::INTERNAL_SERVER_ERROR, Html("Server error".to_string())).into_response()
163	+	}
164	+	}
165	+	}
166	+
167	+	pub async fn serve_custom_css(State(state): State<Arc<AppState>>) -> Response {
168	+	let css = db::get_setting(&state.db, "custom_css")
169	+	.ok()
170	+	.flatten()
171	+	.unwrap_or_default();
172	+	(
173	+	StatusCode::OK,
174	+	[(axum::http::header::CONTENT_TYPE, HeaderValue::from_static("text/css"))],
175	+	css,
176	+	)
177	+	.into_response()
178	+	}
179	+
180	+	pub async fn fallback_handler(
181	+	State(state): State<Arc<AppState>>,
182	+	uri: Uri,
183	+	) -> Response {
184	+	let path = uri.path().trim_start_matches('/');
185	+	if let Ok(Some(redirect_to)) = db::find_alias_redirect(&state.db, path) {
186	+	return Redirect::permanent(&redirect_to).into_response();
187	+	}
188	+	(StatusCode::NOT_FOUND, Html("Not found".to_string())).into_response()
189	+	}
190	+
191	+	pub async fn serve_uploaded_file(
192	+	State(state): State<Arc<AppState>>,
193	+	Path(filename): Path<String>,
194	+	) -> Response {
195	+	if filename.contains("..") \|\| filename.contains('/') \|\| filename.contains('\\') {
196	+	return StatusCode::NOT_FOUND.into_response();
197	+	}
198	+
199	+	let path = std::path::PathBuf::from(&state.uploads_dir).join(&filename);
200	+	match tokio::fs::read(&path).await {
201	+	Ok(bytes) => {
202	+	let mime = mime_from_path(&filename);
203	+	(
204	+	StatusCode::OK,
205	+	[(axum::http::header::CONTENT_TYPE, HeaderValue::from_static(mime))],
206	+	bytes,
207	+	)
208	+	.into_response()
209	+	}
210	+	Err(_) => StatusCode::NOT_FOUND.into_response(),
211	+	}
212	+	}
213	+
214	+	fn xml_escape(s: &str) -> String {
215	+	s.replace('&', "&")
216	+	.replace('<', "<")
217	+	.replace('>', ">")
218	+	.replace('"', """)
219	+	.replace('\'', "'")
220	+	}
221	+
222	+	pub async fn rss_feed(State(state): State<Arc<AppState>>) -> Response {
223	+	let blog_title = get_blog_title(&state.db);
224	+	let blog_description = db::get_setting(&state.db, "blog_description")
225	+	.ok()
226	+	.flatten()
227	+	.unwrap_or_default();
228	+	let site_url = &state.site_url;
229	+
230	+	let posts = match db::get_published_posts(&state.db) {
231	+	Ok(posts) => posts,
232	+	Err(e) => {
233	+	tracing::error!("Failed to get posts for RSS: {}", e);
234	+	return (StatusCode::INTERNAL_SERVER_ERROR, "Server error").into_response();
235	+	}
236	+	};
237	+
238	+	let mut items = String::new();
239	+	for post in &posts {
240	+	let link = format!("{}/posts/{}", site_url, xml_escape(&post.slug));
241	+	let title = xml_escape(&post.title);
242	+	let description = match &post.meta_description {
243	+	Some(d) if !d.is_empty() => xml_escape(d),
244	+	_ => {
245	+	let plain: String = post.content.chars().take(200).collect();
246	+	xml_escape(&plain)
247	+	}
248	+	};
249	+	let pub_date = post.published_date.as_deref().unwrap_or(&post.created_at);
250	+	let guid = format!("{}/posts/{}", site_url, xml_escape(&post.slug));
251	+
252	+	items.push_str(&format!(
253	+	" <item>\n <title>{title}</title>\n <link>{link}</link>\n <guid>{guid}</guid>\n <description>{description}</description>\n <pubDate>{pub_date}</pubDate>\n </item>\n"
254	+	));
255	+	}
256	+
257	+	let last_build = posts
258	+	.first()
259	+	.and_then(\|p\| p.published_date.as_deref())
260	+	.unwrap_or("");
261	+
262	+	let xml = format!(
263	+	r#"<?xml version="1.0" encoding="UTF-8"?>
264	+	<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
265	+	<channel>
266	+	<title>{title}</title>
267	+	<link>{site_url}</link>
268	+	<description>{desc}</description>
269	+	<lastBuildDate>{last_build}</lastBuildDate>
270	+	<atom:link href="{site_url}/feed.xml" rel="self" type="application/rss+xml"/>
271	+	{items} </channel>
272	+	</rss>"#,
273	+	title = xml_escape(&blog_title),
274	+	site_url = site_url,
275	+	desc = xml_escape(&blog_description),
276	+	last_build = last_build,
277	+	items = items,
278	+	);
279	+
280	+	(
281	+	StatusCode::OK,
282	+	[(
283	+	axum::http::header::CONTENT_TYPE,
284	+	HeaderValue::from_static("application/rss+xml; charset=utf-8"),
285	+	)],
286	+	xml,
287	+	)
288	+	.into_response()
289	+	}

apps/posts/src/server/mod.rs (added) +513 −0

1	+	use askama::Template;
2	+	use axum::{
3	+	extract::DefaultBodyLimit,
4	+	routing::{get, post},
5	+	Router,
6	+	};
7	+	use pulldown_cmark::{Options, Parser, html};
8	+	use rust_embed::Embed;
9	+	use std::sync::Arc;
10	+
11	+	use crate::db::{self, Db, Page, Post, UploadedFile};
12	+
13	+	mod handlers;
14	+
15	+	#[derive(Debug, Clone)]
16	+	pub struct NavLink {
17	+	pub label: String,
18	+	pub url: String,
19	+	}
20	+
21	+	#[derive(Clone)]
22	+	pub struct AppState {
23	+	pub db: Db,
24	+	pub app_password: String,
25	+	pub cookie_secure: bool,
26	+	pub uploads_dir: String,
27	+	pub site_url: String,
28	+	}
29	+
30	+	#[derive(Embed)]
31	+	#[folder = "static/"]
32	+	struct Static;
33	+
34	+	// --- Templates ---
35	+
36	+	#[derive(Template)]
37	+	#[template(path = "base.html")]
38	+	struct BaseTemplate {
39	+	blog_title: String,
40	+	nav_links: Vec<NavLink>,
41	+	favicon_url: String,
42	+	og_image_url: String,
43	+	header_html: String,
44	+	footer_html: String,
45	+	}
46	+
47	+	#[derive(Template)]
48	+	#[template(path = "admin_base.html")]
49	+	struct AdminBaseTemplate;
50	+
51	+	#[derive(Template)]
52	+	#[template(path = "login.html")]
53	+	struct LoginTemplate {
54	+	error: Option<String>,
55	+	}
56	+
57	+	#[derive(Template)]
58	+	#[template(path = "index.html")]
59	+	struct IndexTemplate {
60	+	blog_title: String,
61	+	blog_description: String,
62	+	intro_html: String,
63	+	posts: Vec<Post>,
64	+	nav_links: Vec<NavLink>,
65	+	favicon_url: String,
66	+	og_image_url: String,
67	+	site_url: String,
68	+	header_html: String,
69	+	footer_html: String,
70	+	}
71	+
72	+	#[derive(Template)]
73	+	#[template(path = "post.html")]
74	+	struct PostTemplate {
75	+	blog_title: String,
76	+	nav_links: Vec<NavLink>,
77	+	post: Post,
78	+	rendered_content: String,
79	+	favicon_url: String,
80	+	og_image_url: String,
81	+	site_url: String,
82	+	header_html: String,
83	+	footer_html: String,
84	+	}
85	+
86	+	#[derive(Template)]
87	+	#[template(path = "page.html")]
88	+	struct PageTemplate {
89	+	blog_title: String,
90	+	nav_links: Vec<NavLink>,
91	+	page: Page,
92	+	rendered_content: String,
93	+	favicon_url: String,
94	+	og_image_url: String,
95	+	site_url: String,
96	+	header_html: String,
97	+	footer_html: String,
98	+	}
99	+
100	+	#[derive(Template)]
101	+	#[template(path = "admin_index.html")]
102	+	struct AdminIndexTemplate {
103	+	posts: Vec<Post>,
104	+	}
105	+
106	+	#[derive(Template)]
107	+	#[template(path = "admin_post_form.html")]
108	+	struct AdminPostFormTemplate {
109	+	post: Option<Post>,
110	+	error: Option<String>,
111	+	}
112	+
113	+	#[derive(Template)]
114	+	#[template(path = "admin_pages.html")]
115	+	struct AdminPagesTemplate {
116	+	pages: Vec<Page>,
117	+	}
118	+
119	+	#[derive(Template)]
120	+	#[template(path = "admin_page_form.html")]
121	+	struct AdminPageFormTemplate {
122	+	page: Option<Page>,
123	+	error: Option<String>,
124	+	}
125	+
126	+	#[derive(Template)]
127	+	#[template(path = "admin_settings.html")]
128	+	struct AdminSettingsTemplate {
129	+	blog_title: String,
130	+	blog_description: String,
131	+	intro_content: String,
132	+	nav_links: String,
133	+	custom_css: String,
134	+	default_css: String,
135	+	favicon_url: String,
136	+	og_image_url: String,
137	+	custom_header: String,
138	+	custom_footer: String,
139	+	success: bool,
140	+	}
141	+
142	+	#[derive(Template)]
143	+	#[template(path = "posts.html")]
144	+	struct PostsListTemplate {
145	+	blog_title: String,
146	+	nav_links: Vec<NavLink>,
147	+	posts: Vec<Post>,
148	+	favicon_url: String,
149	+	og_image_url: String,
150	+	site_url: String,
151	+	header_html: String,
152	+	footer_html: String,
153	+	}
154	+
155	+	#[derive(Template)]
156	+	#[template(path = "admin_files.html")]
157	+	struct AdminFilesTemplate {
158	+	files: Vec<UploadedFile>,
159	+	site_url: String,
160	+	error: Option<String>,
161	+	success: bool,
162	+	}
163	+
164	+	// --- Query/Form structs ---
165	+
166	+	#[derive(serde::Deserialize, Default)]
167	+	pub struct FlashQuery {
168	+	pub error: Option<String>,
169	+	#[serde(default)]
170	+	pub success: bool,
171	+	}
172	+
173	+	#[derive(serde::Deserialize)]
174	+	struct LoginForm {
175	+	password: String,
176	+	}
177	+
178	+	#[derive(serde::Deserialize)]
179	+	struct PostForm {
180	+	attributes: String,
181	+	content: String,
182	+	#[serde(default)]
183	+	action: String,
184	+	}
185	+
186	+	struct ParsedAttributes {
187	+	title: String,
188	+	slug: String,
189	+	alias: String,
190	+	published_date: String,
191	+	meta_description: String,
192	+	meta_image: String,
193	+	lang: String,
194	+	tags: String,
195	+	}
196	+
197	+	fn parse_attributes(text: &str) -> ParsedAttributes {
198	+	let mut attrs = ParsedAttributes {
199	+	title: String::new(),
200	+	slug: String::new(),
201	+	alias: String::new(),
202	+	published_date: String::new(),
203	+	meta_description: String::new(),
204	+	meta_image: String::new(),
205	+	lang: String::new(),
206	+	tags: String::new(),
207	+	};
208	+	for line in text.lines() {
209	+	if let Some((key, value)) = line.split_once(':') {
210	+	let key = key.trim().to_lowercase();
211	+	let value = value.trim().to_string();
212	+	match key.as_str() {
213	+	"title" => attrs.title = value,
214	+	"slug" => attrs.slug = value,
215	+	"alias" => attrs.alias = value,
216	+	"published_date" => attrs.published_date = value,
217	+	"description" \| "meta_description" => attrs.meta_description = value,
218	+	"meta_image" => attrs.meta_image = value,
219	+	"lang" => attrs.lang = value,
220	+	"tags" => attrs.tags = value,
221	+	_ => {}
222	+	}
223	+	}
224	+	}
225	+	attrs
226	+	}
227	+
228	+	#[derive(serde::Deserialize)]
229	+	struct PageForm {
230	+	attributes: String,
231	+	content: String,
232	+	}
233	+
234	+	struct ParsedPageAttributes {
235	+	title: String,
236	+	slug: String,
237	+	is_published: bool,
238	+	}
239	+
240	+	fn parse_page_attributes(text: &str) -> ParsedPageAttributes {
241	+	let mut attrs = ParsedPageAttributes {
242	+	title: String::new(),
243	+	slug: String::new(),
244	+	is_published: false,
245	+	};
246	+	for line in text.lines() {
247	+	if let Some((key, value)) = line.split_once(':') {
248	+	let key = key.trim().to_lowercase();
249	+	let value = value.trim().to_string();
250	+	match key.as_str() {
251	+	"title" => attrs.title = value,
252	+	"slug" => attrs.slug = value,
253	+	"published" => attrs.is_published = value == "true",
254	+	_ => {}
255	+	}
256	+	}
257	+	}
258	+	attrs
259	+	}
260	+
261	+	#[derive(serde::Deserialize)]
262	+	struct SettingsForm {
263	+	blog_title: String,
264	+	blog_description: String,
265	+	intro_content: String,
266	+	nav_links: String,
267	+	custom_css: String,
268	+	favicon_url: String,
269	+	og_image_url: String,
270	+	custom_header: String,
271	+	custom_footer: String,
272	+	}
273	+
274	+	// --- Helpers ---
275	+
276	+	fn mime_from_path(path: &str) -> &'static str {
277	+	match path.rsplit('.').next().unwrap_or("") {
278	+	"css" => "text/css",
279	+	"js" => "application/javascript",
280	+	"html" => "text/html",
281	+	"png" => "image/png",
282	+	"jpg" \| "jpeg" => "image/jpeg",
283	+	"gif" => "image/gif",
284	+	"webp" => "image/webp",
285	+	"ico" => "image/x-icon",
286	+	"svg" => "image/svg+xml",
287	+	"woff" \| "woff2" => "font/woff2",
288	+	"ttf" => "font/ttf",
289	+	"otf" => "font/otf",
290	+	"json" \| "webmanifest" => "application/json",
291	+	"pdf" => "application/pdf",
292	+	"mp4" => "video/mp4",
293	+	"webm" => "video/webm",
294	+	_ => "application/octet-stream",
295	+	}
296	+	}
297	+
298	+	fn get_header_footer_html(db: &db::Db) -> (String, String) {
299	+	let custom_header = db::get_setting(db, "custom_header")
300	+	.ok()
301	+	.flatten()
302	+	.unwrap_or_default();
303	+	let custom_footer = db::get_setting(db, "custom_footer")
304	+	.ok()
305	+	.flatten()
306	+	.unwrap_or_default();
307	+	let header_html = render_markdown(&custom_header);
308	+	let footer_html = render_markdown(&custom_footer);
309	+	(header_html, footer_html)
310	+	}
311	+
312	+	fn render_markdown(content: &str) -> String {
313	+	let mut options = Options::empty();
314	+	options.insert(Options::ENABLE_STRIKETHROUGH);
315	+	options.insert(Options::ENABLE_TABLES);
316	+	options.insert(Options::ENABLE_TASKLISTS);
317	+	options.insert(Options::ENABLE_FOOTNOTES);
318	+	let parser = Parser::new_ext(content, options);
319	+	let mut html_output = String::new();
320	+	html::push_html(&mut html_output, parser);
321	+	html_output
322	+	}
323	+
324	+	fn now_datetime() -> String {
325	+	andromeda_auth::datetime::now_datetime_string()
326	+	}
327	+
328	+	fn slugify(s: &str) -> String {
329	+	s.to_lowercase()
330	+	.chars()
331	+	.map(\|c\| if c.is_ascii_alphanumeric() { c } else { '-' })
332	+	.collect::<String>()
333	+	.split('-')
334	+	.filter(\|s\| !s.is_empty())
335	+	.collect::<Vec<_>>()
336	+	.join("-")
337	+	}
338	+
339	+	fn opt_str(s: &str) -> Option<&str> {
340	+	let trimmed = s.trim();
341	+	if trimmed.is_empty() { None } else { Some(trimmed) }
342	+	}
343	+
344	+	fn get_blog_title(db: &Db) -> String {
345	+	db::get_setting(db, "blog_title")
346	+	.ok()
347	+	.flatten()
348	+	.unwrap_or_else(\|\| "My Blog".to_string())
349	+	}
350	+
351	+	fn parse_nav_links(input: &str) -> Vec<NavLink> {
352	+	let mut links = Vec::new();
353	+	let mut chars = input.chars().peekable();
354	+	while let Some(c) = chars.next() {
355	+	if c == '[' {
356	+	let label: String = chars.by_ref().take_while(\|&ch\| ch != ']').collect();
357	+	if chars.peek() == Some(&'(') {
358	+	chars.next();
359	+	let url: String = chars.by_ref().take_while(\|&ch\| ch != ')').collect();
360	+	if !label.is_empty() && !url.is_empty() {
361	+	links.push(NavLink { label, url });
362	+	}
363	+	}
364	+	}
365	+	}
366	+	links
367	+	}
368	+
369	+	fn get_nav_links(db: &Db) -> Vec<NavLink> {
370	+	let raw = db::get_setting(db, "nav_links")
371	+	.ok()
372	+	.flatten()
373	+	.unwrap_or_default();
374	+	parse_nav_links(&raw)
375	+	}
376	+
377	+	fn get_favicon_url(db: &Db) -> String {
378	+	db::get_setting(db, "favicon_url")
379	+	.ok()
380	+	.flatten()
381	+	.unwrap_or_default()
382	+	}
383	+
384	+	fn get_og_image_url(db: &Db) -> String {
385	+	db::get_setting(db, "og_image_url")
386	+	.ok()
387	+	.flatten()
388	+	.unwrap_or_default()
389	+	}
390	+
391	+	fn render_latest_posts_embed(posts: &[&Post]) -> String {
392	+	let mut html = String::from("<div class=\"post-list\">");
393	+	for post in posts {
394	+	html.push_str(&format!(
395	+	r#"<a href="/posts/{slug}" class="post-item"><div class="post-item-info"><span class="post-title">{title}</span>"#,
396	+	slug = post.slug,
397	+	title = post.title,
398	+	));
399	+	if let Some(ref tags) = post.tags {
400	+	if !tags.is_empty() {
401	+	html.push_str(r#"<span class="post-tags">"#);
402	+	for tag in tags.split(',') {
403	+	let tag = tag.trim();
404	+	if !tag.is_empty() {
405	+	html.push_str(&format!(r#"<span class="tag">{}</span>"#, tag));
406	+	}
407	+	}
408	+	html.push_str("</span>");
409	+	}
410	+	}
411	+	html.push_str("</div>");
412	+	if let Some(ref date) = post.published_date {
413	+	html.push_str(&format!(r#"<time class="post-date">{}</time>"#, date));
414	+	}
415	+	html.push_str("</a>");
416	+	}
417	+	html.push_str("</div>");
418	+	html
419	+	}
420	+
421	+	// --- Router ---
422	+
423	+	pub async fn run(host: String, port: u16) {
424	+	use handlers::{admin, public};
425	+
426	+	dotenvy::dotenv().ok();
427	+
428	+	let db = db::init_db();
429	+
430	+	if let Err(e) = db::prune_expired_sessions(&db) {
431	+	tracing::warn!("Failed to prune sessions: {}", e);
432	+	}
433	+
434	+	let app_password = std::env::var("POSTS_PASSWORD").unwrap_or_else(\|_\| {
435	+	tracing::warn!("POSTS_PASSWORD not set, using default 'changeme'");
436	+	"changeme".to_string()
437	+	});
438	+
439	+	let cookie_secure = std::env::var("COOKIE_SECURE")
440	+	.map(\|v\| v == "true")
441	+	.unwrap_or(false);
442	+
443	+	let uploads_dir = std::env::var("UPLOADS_DIR").unwrap_or_else(\|_\| "uploads".to_string());
444	+	tokio::fs::create_dir_all(&uploads_dir)
445	+	.await
446	+	.expect("Failed to create uploads directory");
447	+
448	+	let site_url = std::env::var("SITE_URL")
449	+	.unwrap_or_else(\|_\| "http://localhost:3000".to_string())
450	+	.trim_end_matches('/')
451	+	.to_string();
452	+
453	+	let state = Arc::new(AppState {
454	+	db,
455	+	app_password,
456	+	cookie_secure,
457	+	uploads_dir,
458	+	site_url,
459	+	});
460	+
461	+	let app = Router::new()
462	+	// Public routes
463	+	.route("/", get(public::public_index))
464	+	.route("/posts", get(public::public_posts_list))
465	+	.route("/posts/{slug}", get(public::public_post))
466	+	.route("/custom-styles.css", get(public::serve_custom_css))
467	+	.route("/{slug}", get(public::public_page))
468	+	.route("/feed.xml", get(public::rss_feed))
469	+	// Admin auth
470	+	.route("/admin/login", get(admin::get_login).post(admin::post_login))
471	+	.route("/admin/logout", get(admin::get_logout))
472	+	// Admin posts
473	+	.route("/admin", get(admin::admin_index))
474	+	.route("/admin/posts/new", get(admin::admin_new_post))
475	+	.route("/admin/posts", post(admin::admin_create_post))
476	+	.route("/admin/posts/{id}/edit", get(admin::admin_edit_post))
477	+	.route("/admin/posts/{id}", post(admin::admin_update_post))
478	+	.route("/admin/posts/{id}/delete", post(admin::admin_delete_post))
479	+	.route("/admin/posts/{id}/publish", post(admin::admin_toggle_publish))
480	+	// Admin pages
481	+	.route("/admin/pages", get(admin::admin_pages))
482	+	.route("/admin/pages/new", get(admin::admin_new_page))
483	+	.route("/admin/pages/create", post(admin::admin_create_page))
484	+	.route("/admin/pages/{id}/edit", get(admin::admin_edit_page))
485	+	.route("/admin/pages/{id}", post(admin::admin_update_page))
486	+	.route("/admin/pages/{id}/delete", post(admin::admin_delete_page))
487	+	// Admin settings
488	+	.route(
489	+	"/admin/settings",
490	+	get(admin::admin_get_settings).post(admin::admin_post_settings),
491	+	)
492	+	// Admin downloads
493	+	.route("/admin/downloads/posts", get(admin::admin_download_posts))
494	+	.route("/admin/downloads/uploads", get(admin::admin_download_uploads))
495	+	// Admin files
496	+	.route("/admin/files", get(admin::admin_files))
497	+	.route("/admin/files/upload", post(admin::admin_upload_file))
498	+	.route("/admin/files/{id}/delete", post(admin::admin_delete_file))
499	+	// Public files
500	+	.route("/files/{filename}", get(public::serve_uploaded_file))
501	+	// Static assets
502	+	.route("/static/{*path}", get(public::serve_static))
503	+	// Fallback
504	+	.fallback(get(public::fallback_handler))
505	+	.with_state(state)
506	+	.layer(DefaultBodyLimit::max(11 * 1024 * 1024));
507	+
508	+	let addr = format!("{}:{}", host, port);
509	+	tracing::info!("Listening on http://{}", addr);
510	+
511	+	let listener = tokio::net::TcpListener::bind(&addr).await.unwrap();
512	+	axum::serve(listener, app).await.unwrap();
513	+	}

crates/auth/src/datetime.rs (added) +119 −0

1	+	//! Zero-dep datetime helpers for formatting Unix timestamps as
2	+	//! `YYYY-MM-DD HH:MM:SS` strings suitable for SQLite TEXT columns
3	+	//! and string-sortable comparisons.
4	+
5	+	use std::time::{SystemTime, UNIX_EPOCH};
6	+
7	+	/// Current time as `YYYY-MM-DD HH:MM:SS`.
8	+	pub fn now_datetime_string() -> String {
9	+	from_unix_secs(now_secs())
10	+	}
11	+
12	+	/// Time `secs_from_now` seconds in the future as `YYYY-MM-DD HH:MM:SS`.
13	+	pub fn expiry_datetime_string(secs_from_now: u64) -> String {
14	+	from_unix_secs(now_secs() + secs_from_now)
15	+	}
16	+
17	+	/// Format an absolute Unix timestamp as `YYYY-MM-DD HH:MM:SS`.
18	+	pub fn from_unix_secs(secs: u64) -> String {
19	+	let days = secs / 86400;
20	+	let h = (secs / 3600) % 24;
21	+	let m = (secs / 60) % 60;
22	+	let s = secs % 60;
23	+	format_unix_to_datetime(days, h, m, s)
24	+	}
25	+
26	+	/// Format an already-split unix time into `YYYY-MM-DD HH:MM:SS`.
27	+	pub fn format_unix_to_datetime(days: u64, h: u64, m: u64, s: u64) -> String {
28	+	let (y, mo, d) = days_to_ymd(days as i64);
29	+	format!("{:04}-{:02}-{:02} {:02}:{:02}:{:02}", y, mo, d, h, m, s)
30	+	}
31	+
32	+	/// Convert days-since-Unix-epoch into `(year, month, day)`.
33	+	/// https://howardhinnant.github.io/date_algorithms.html
34	+	pub fn days_to_ymd(mut days: i64) -> (i64, i64, i64) {
35	+	days += 719468;
36	+	let era = if days >= 0 { days } else { days - 146096 } / 146097;
37	+	let doe = (days - era * 146097) as u32;
38	+	let yoe = (doe - doe / 1460 + doe / 36524 - doe / 146096) / 365;
39	+	let y = yoe as i64 + era * 400;
40	+	let doy = doe - (365 * yoe + yoe / 4 - yoe / 100);
41	+	let mp = (5 * doy + 2) / 153;
42	+	let d = doy - (153 * mp + 2) / 5 + 1;
43	+	let m = if mp < 10 { mp + 3 } else { mp - 9 };
44	+	let y = if m <= 2 { y + 1 } else { y };
45	+	(y, m as i64, d as i64)
46	+	}
47	+
48	+	fn now_secs() -> u64 {
49	+	SystemTime::now()
50	+	.duration_since(UNIX_EPOCH)
51	+	.unwrap()
52	+	.as_secs()
53	+	}
54	+
55	+	#[cfg(test)]
56	+	mod tests {
57	+	use super::*;
58	+
59	+	#[test]
60	+	fn format_unix_epoch() {
61	+	assert_eq!(format_unix_to_datetime(0, 0, 0, 0), "1970-01-01 00:00:00");
62	+	}
63	+
64	+	#[test]
65	+	fn format_unix_known_date() {
66	+	assert_eq!(
67	+	format_unix_to_datetime(19737, 12, 30, 45),
68	+	"2024-01-15 12:30:45"
69	+	);
70	+	}
71	+
72	+	#[test]
73	+	fn format_unix_y2k() {
74	+	assert_eq!(
75	+	format_unix_to_datetime(10957, 0, 0, 0),
76	+	"2000-01-01 00:00:00"
77	+	);
78	+	}
79	+
80	+	#[test]
81	+	fn format_unix_leap_day() {
82	+	assert_eq!(
83	+	format_unix_to_datetime(19782, 23, 59, 59),
84	+	"2024-02-29 23:59:59"
85	+	);
86	+	}
87	+
88	+	#[test]
89	+	fn format_unix_end_of_year() {
90	+	assert_eq!(
91	+	format_unix_to_datetime(19722, 23, 59, 59),
92	+	"2023-12-31 23:59:59"
93	+	);
94	+	}
95	+
96	+	#[test]
97	+	fn now_string_valid_format() {
98	+	let s = now_datetime_string();
99	+	assert_eq!(s.len(), 19);
100	+	assert_eq!(&s[4..5], "-");
101	+	assert_eq!(&s[7..8], "-");
102	+	assert_eq!(&s[10..11], " ");
103	+	assert_eq!(&s[13..14], ":");
104	+	assert_eq!(&s[16..17], ":");
105	+	}
106	+
107	+	#[test]
108	+	fn expiry_string_in_future() {
109	+	let now = now_datetime_string();
110	+	let exp = expiry_datetime_string(7 * 24 * 3600);
111	+	assert!(exp > now);
112	+	}
113	+
114	+	#[test]
115	+	fn from_unix_secs_known() {
116	+	// 2024-01-15 12:30:45 UTC = 1705321845
117	+	assert_eq!(from_unix_secs(1705321845), "2024-01-15 12:30:45");
118	+	}
119	+	}

crates/auth/src/lib.rs +2 −0

use rand::RngCore;
use subtle::ConstantTimeEq;

pub mod datetime;

/// Constant-time password comparison to prevent timing attacks.
/// Pads/truncates both sides to a fixed 256-byte buffer so length
/// differences don't leak via timing.

2191	2191
2192	2192		[[package]]
2193	2193		name = "jotts"
2194		-	version = "0.1.2"
	2194	+	version = "0.2.0"
2195	2195		dependencies = [
2196	2196		"andromeda-auth",
2197	2197		"arboard",

27	27		return Ok(AuthSession);
28	28		}
29	29		}
30		-	let path = parts.uri.path_and_query()
	30	+	let path = parts
	31	+	.uri
	32	+	.path_and_query()
31	33		.map(\|pq\| pq.as_str())
32	34		.unwrap_or(parts.uri.path());
33	35		let login_url = format!("/admin/login?next={}", urlencoding(path));

44	46
45	47		fn is_valid_session(state: &AppState, token: &str) -> bool {
46	48		match db::get_session_expiry(&state.db, token) {
47		-	Ok(Some(expires_at)) => {
48		-	let now = chrono_now();
49		-	expires_at > now
50		-	}
	49	+	Ok(Some(expires_at)) => expires_at > andromeda_auth::datetime::now_datetime_string(),
51	50		_ => false,
52	51		}
53	52		}
54	53
55		-	pub fn chrono_now() -> String {
56		-	use std::time::{SystemTime, UNIX_EPOCH};
57		-	let secs = SystemTime::now()
58		-	.duration_since(UNIX_EPOCH)
59		-	.unwrap()
60		-	.as_secs();
61		-	let days_since_epoch = secs / 86400;
62		-	let time_of_day = secs % 86400;
63		-	let hours = time_of_day / 3600;
64		-	let minutes = (time_of_day % 3600) / 60;
65		-	let seconds = time_of_day % 60;
66		-
67		-	let (year, month, day) = days_to_ymd(days_since_epoch as i64);
68		-	format!(
69		-	"{:04}-{:02}-{:02} {:02}:{:02}:{:02}",
70		-	year, month, day, hours, minutes, seconds
71		-	)
72		-	}
73		-
74	54		fn urlencoding(s: &str) -> String {
75	55		let mut out = String::with_capacity(s.len());
76	56		for b in s.bytes() {

85	65		}
86	66		out
87	67		}
88		-
89		-	fn days_to_ymd(mut days: i64) -> (i64, i64, i64) {
90		-	days += 719468;
91		-	let era = if days >= 0 { days } else { days - 146096 } / 146097;
92		-	let doe = (days - era * 146097) as u32;
93		-	let yoe = (doe - doe / 1460 + doe / 36524 - doe / 146096) / 365;
94		-	let y = yoe as i64 + era * 400;
95		-	let doy = doe - (365 * yoe + yoe / 4 - yoe / 100);
96		-	let mp = (5 * doy + 2) / 153;
97		-	let d = doy - (153 * mp + 2) / 5 + 1;
98		-	let m = if mp < 10 { mp + 3 } else { mp - 9 };
99		-	let y = if m <= 2 { y + 1 } else { y };
100		-	(y, m as i64, d as i64)
101		-	}

242	242
243	243		// Session expires in 7 days
244	244		// We need to compute a datetime 7 days from now
245		-	let expires_at = {
246		-	use std::time::{SystemTime, UNIX_EPOCH};
247		-	let secs = SystemTime::now()
248		-	.duration_since(UNIX_EPOCH)
249		-	.unwrap()
250		-	.as_secs()
251		-	+ 7 * 24 * 3600;
252		-	let days = secs / 86400;
253		-	let tod = secs % 86400;
254		-	let (y, m, d) = days_to_ymd(days as i64);
255		-	format!(
256		-	"{:04}-{:02}-{:02} {:02}:{:02}:{:02}",
257		-	y,
258		-	m,
259		-	d,
260		-	tod / 3600,
261		-	(tod % 3600) / 60,
262		-	tod % 60
263		-	)
264		-	};
	245	+	let expires_at = andromeda_auth::datetime::expiry_datetime_string(7 * 24 * 3600);
265	246
266	247		if let Err(e) = db::insert_session(&state.db, &token, &expires_at) {
267	248		tracing::error!("Failed to create session: {}", e);

431	412		Redirect::to("/").into_response()
432	413		}
433	414		}
434		-	}
435		-
436		-	// --- Date helper (same algorithm as auth.rs) ---
437		-
438		-	fn days_to_ymd(mut days: i64) -> (i64, i64, i64) {
439		-	days += 719468;
440		-	let era = if days >= 0 { days } else { days - 146096 } / 146097;
441		-	let doe = (days - era * 146097) as u32;
442		-	let yoe = (doe - doe / 1460 + doe / 36524 - doe / 146096) / 365;
443		-	let y = yoe as i64 + era * 400;
444		-	let doy = doe - (365 * yoe + yoe / 4 - yoe / 100);
445		-	let mp = (5 * doy + 2) / 153;
446		-	let d = doy - (153 * mp + 2) / 5 + 1;
447		-	let m = if mp < 10 { mp + 3 } else { mp - 9 };
448		-	let y = if m <= 2 { y + 1 } else { y };
449		-	(y, m as i64, d as i64)
450	415		}
451	416
452	417		// --- Router ---

12	12		verify_password,
13	13		};
14	14
15		-	// ── Session Token ──────────────────────────────────────────────────────────
16		-
17	15		/// Return an ISO datetime string 7 days from now.
18	16		pub fn session_expiry_at() -> String {
19		-	use std::time::{SystemTime, UNIX_EPOCH};
20		-	let secs = SystemTime::now()
21		-	.duration_since(UNIX_EPOCH)
22		-	.unwrap()
23		-	.as_secs()
24		-	+ 7 * 24 * 3600;
25		-	let dt = secs;
26		-	let s = dt % 60;
27		-	let m = (dt / 60) % 60;
28		-	let h = (dt / 3600) % 24;
29		-	let days_since_epoch = dt / 86400;
30		-	format_unix_to_datetime(days_since_epoch, h, m, s)
31		-	}
32		-
33		-	fn format_unix_to_datetime(days: u64, h: u64, m: u64, s: u64) -> String {
34		-	// https://howardhinnant.github.io/date_algorithms.html
35		-	let z = days as i64 + 719468;
36		-	let era = if z >= 0 { z } else { z - 146096 } / 146097;
37		-	let doe = (z - era * 146097) as u64;
38		-	let yoe = (doe - doe / 1460 + doe / 36524 - doe / 146096) / 365;
39		-	let y = yoe as i64 + era * 400;
40		-	let doy = doe - (365 * yoe + yoe / 4 - yoe / 100);
41		-	let mp = (5 * doy + 2) / 153;
42		-	let d = doy - (153 * mp + 2) / 5 + 1;
43		-	let mo = if mp < 10 { mp + 3 } else { mp - 9 };
44		-	let y = if mo <= 2 { y + 1 } else { y };
45		-	format!("{:04}-{:02}-{:02} {:02}:{:02}:{:02}", y, mo, d, h, m, s)
46		-	}
47		-
48		-	pub fn format_unix_to_datetime_pub(days: u64, h: u64, m: u64, s: u64) -> String {
49		-	format_unix_to_datetime(days, h, m, s)
	17	+	andromeda_auth::datetime::expiry_datetime_string(7 * 24 * 3600)
50	18		}
51	19
52	20		pub fn extract_session_token(headers: &axum::http::HeaderMap) -> Option<String> {
53	21		extract_session_cookie(headers)
54	22		}
55		-
56		-	// ── Axum Extractor ─────────────────────────────────────────────────────────
57	23
58	24		/// Authenticated session guard. Extract from request; redirects to /login if not valid.
59	25		pub struct AuthSession;

81	47
82	48		async fn is_valid_session(state: &AppState, token: &str) -> bool {
83	49		match crate::db::get_session_expiry(&state.db, token) {
84		-	Ok(Some(expires_at)) => {
85		-	use std::time::{SystemTime, UNIX_EPOCH};
86		-	let now_secs = SystemTime::now()
87		-	.duration_since(UNIX_EPOCH)
88		-	.unwrap()
89		-	.as_secs();
90		-	let now_str = {
91		-	let days = now_secs / 86400;
92		-	let h = (now_secs / 3600) % 24;
93		-	let m = (now_secs / 60) % 60;
94		-	let s = now_secs % 60;
95		-	format_unix_to_datetime(days, h, m, s)
96		-	};
97		-	expires_at > now_str
98		-	}
	50	+	Ok(Some(expires_at)) => expires_at > andromeda_auth::datetime::now_datetime_string(),
99	51		_ => false,
100	52		}
101	53		}
102		-
103		-	#[cfg(test)]
104		-	mod tests {
105		-	use super::*;
106		-
107		-	#[test]
108		-	fn format_unix_epoch() {
109		-	assert_eq!(format_unix_to_datetime(0, 0, 0, 0), "1970-01-01 00:00:00");
110		-	}
111		-
112		-	#[test]
113		-	fn format_unix_known_date() {
114		-	// 2024-01-15 = day 19737 since epoch
115		-	assert_eq!(
116		-	format_unix_to_datetime(19737, 12, 30, 45),
117		-	"2024-01-15 12:30:45"
118		-	);
119		-	}
120		-
121		-	#[test]
122		-	fn format_unix_y2k() {
123		-	// 2000-01-01 = day 10957
124		-	assert_eq!(
125		-	format_unix_to_datetime(10957, 0, 0, 0),
126		-	"2000-01-01 00:00:00"
127		-	);
128		-	}
129		-
130		-	#[test]
131		-	fn format_unix_leap_day() {
132		-	// 2024-02-29 = day 19782
133		-	assert_eq!(
134		-	format_unix_to_datetime(19782, 23, 59, 59),
135		-	"2024-02-29 23:59:59"
136		-	);
137		-	}
138		-
139		-	#[test]
140		-	fn format_unix_end_of_year() {
141		-	// 2023-12-31 = day 19722
142		-	assert_eq!(
143		-	format_unix_to_datetime(19722, 23, 59, 59),
144		-	"2023-12-31 23:59:59"
145		-	);
146		-	}
147		-
148		-	#[test]
149		-	fn session_expiry_at_is_valid_format() {
150		-	let expiry = session_expiry_at();
151		-	// Should match YYYY-MM-DD HH:MM:SS
152		-	assert_eq!(expiry.len(), 19);
153		-	assert_eq!(&expiry[4..5], "-");
154		-	assert_eq!(&expiry[7..8], "-");
155		-	assert_eq!(&expiry[10..11], " ");
156		-	assert_eq!(&expiry[13..14], ":");
157		-	assert_eq!(&expiry[16..17], ":");
158		-	}
159		-	}

139	139
140	140		let detail = usps::fetch_tracking(&state.http_client, &token, &package.tracking_number).await?;
141	141
142		-	use std::time::{SystemTime, UNIX_EPOCH};
143		-	let now = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs();
144		-	let refreshed_at = {
145		-	let days = now / 86400;
146		-	let h = (now / 3600) % 24;
147		-	let m = (now / 60) % 60;
148		-	let s = now % 60;
149		-	auth::format_unix_to_datetime_pub(days, h, m, s)
150		-	};
	142	+	let refreshed_at = andromeda_auth::datetime::now_datetime_string();
151	143
152	144		let expected_delivery = detail
153	145		.delivery_date_expectation

1	1		use rand::RngCore;
2	2		use subtle::ConstantTimeEq;
3	3
	4	+	pub mod datetime;
	5	+
4	6		/// Constant-time password comparison to prevent timing attacks.
5	7		/// Pads/truncates both sides to a fixed 256-byte buffer so length
6	8		/// differences don't leak via timing.