Files
minstrel/internal/api/admin_requests.go
T
bvandeusen 3ffa5608d8 feat(#392): publish track-like + request-status events to SSE bus
Slice 2 of #392 — wires the first producers onto the bus that slice 1
built. After this commit, an SSE subscriber sees real events fire:

- track.liked / track.unliked when the user toggles the heart on a track
  (handleLikeTrack / handleUnlikeTrack). Album + artist like events
  intentionally deferred — they're symmetric trivial follow-ups but the
  operator's primary like surface is tracks.
- request.status_changed when a Lidarr request is created, cancelled,
  approved, or rejected. Auto-approve will fire twice (pending then
  approved) in rapid succession, which is semantically correct; client
  invalidation handles that fine.

Events are user-scoped via row.UserID so admin approve/reject route to
the requester, not the admin acting. Helpers live in events_publish.go
so the wire shape (kind names, payload keys) stays in one place — future
producers in slice 3 reuse the same pattern.

events_publish.go is no-op when h.eventbus is nil so tests that
construct handlers without a bus continue to pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-12 20:55:33 -04:00

171 lines
5.4 KiB
Go

package api
import (
"encoding/json"
"errors"
"net/http"
"strconv"
"github.com/go-chi/chi/v5"
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
"git.fabledsword.com/bvandeusen/minstrel/internal/lidarr"
"git.fabledsword.com/bvandeusen/minstrel/internal/lidarrrequests"
)
// validRequestStatuses is the set of allowed values for the ?status= param.
var validRequestStatuses = map[string]bool{
"pending": true,
"approved": true,
"rejected": true,
"completed": true,
"failed": true,
}
// handleListAdminRequests implements GET /api/admin/requests.
// ?status= defaults to "pending"; ?limit= defaults to 50, max 200.
func (h *handlers) handleListAdminRequests(w http.ResponseWriter, r *http.Request) {
status := r.URL.Query().Get("status")
if status == "" {
status = "pending"
}
if !validRequestStatuses[status] {
writeAdminJSONErr(w, http.StatusBadRequest, "invalid_status")
return
}
limitStr := r.URL.Query().Get("limit")
limit := 50
if limitStr != "" {
v, err := strconv.Atoi(limitStr)
if err != nil || v <= 0 {
writeAdminJSONErr(w, http.StatusBadRequest, "invalid_limit")
return
}
if v > 200 {
v = 200
}
limit = v
}
rows, err := h.lidarrRequests.ListByStatus(r.Context(), status, int32(limit))
if err != nil {
h.logger.Error("admin: list requests", "err", err)
writeAdminJSONErr(w, http.StatusInternalServerError, "server_error")
return
}
q := dbq.New(h.pool)
out := make([]requestView, 0, len(rows))
for _, row := range rows {
v := requestViewFrom(row)
fillProgress(r.Context(), q, row, &v)
out = append(out, v)
}
writeJSON(w, http.StatusOK, out)
}
// approveRequestBody is the optional JSON body for POST /api/admin/requests/:id/approve.
type approveRequestBody struct {
QualityProfileID int `json:"quality_profile_id"`
RootFolderPath string `json:"root_folder_path"`
}
// handleApproveRequest implements POST /api/admin/requests/:id/approve.
func (h *handlers) handleApproveRequest(w http.ResponseWriter, r *http.Request) {
admin, ok := auth.UserFromContext(r.Context())
if !ok {
writeAdminJSONErr(w, http.StatusUnauthorized, "unauthorized")
return
}
id, ok := parseUUID(chi.URLParam(r, "id"))
if !ok {
writeAdminJSONErr(w, http.StatusBadRequest, "invalid_id")
return
}
var body approveRequestBody
// Body is entirely optional; ignore decode errors.
_ = json.NewDecoder(r.Body).Decode(&body)
row, err := h.lidarrRequests.Approve(r.Context(), id, admin.ID, lidarrrequests.ApproveOverrides{
QualityProfileID: body.QualityProfileID,
RootFolderPath: body.RootFolderPath,
})
if err != nil {
switch {
case errors.Is(err, lidarrrequests.ErrLidarrDisabled):
writeAdminJSONErr(w, http.StatusServiceUnavailable, "lidarr_disabled")
case errors.Is(err, lidarrrequests.ErrDefaultsIncomplete):
writeAdminJSONErr(w, http.StatusBadRequest, "lidarr_defaults_incomplete")
case errors.Is(err, lidarrrequests.ErrNotFound):
writeAdminJSONErr(w, http.StatusNotFound, "request_not_found")
case errors.Is(err, lidarrrequests.ErrNotPending):
writeAdminJSONErr(w, http.StatusConflict, "request_not_pending")
case errors.Is(err, lidarr.ErrUnreachable):
writeAdminJSONErr(w, http.StatusServiceUnavailable, "lidarr_unreachable")
case errors.Is(err, lidarr.ErrAuthFailed):
writeAdminJSONErr(w, http.StatusServiceUnavailable, "lidarr_auth_failed")
case errors.Is(err, lidarr.ErrServerError):
// Lidarr itself 5xx'd — its response body is in err's wrapped
// message (see lidarr.readBodySnippet). Logged below for ops.
h.logger.Error("admin: approve request: lidarr 5xx", "err", err)
writeAdminJSONErr(w, http.StatusBadGateway, "lidarr_server_error")
case errors.Is(err, lidarr.ErrLookupFailed):
// Lidarr returned 4xx — usually "artist already exists" or
// "no metadata found." Log so ops can see the actual reason.
h.logger.Warn("admin: approve request: lidarr 4xx", "err", err)
writeAdminJSONErr(w, http.StatusBadGateway, "lidarr_rejected")
default:
h.logger.Error("admin: approve request", "err", err)
writeAdminJSONErr(w, http.StatusInternalServerError, "server_error")
}
return
}
h.publishRequestStatusChanged(row)
writeJSON(w, http.StatusOK, requestViewFrom(row))
}
// rejectRequestBody is the optional JSON body for POST /api/admin/requests/:id/reject.
type rejectRequestBody struct {
Notes string `json:"notes"`
}
// handleRejectRequest implements POST /api/admin/requests/:id/reject.
func (h *handlers) handleRejectRequest(w http.ResponseWriter, r *http.Request) {
admin, ok := auth.UserFromContext(r.Context())
if !ok {
writeAdminJSONErr(w, http.StatusUnauthorized, "unauthorized")
return
}
id, ok := parseUUID(chi.URLParam(r, "id"))
if !ok {
writeAdminJSONErr(w, http.StatusBadRequest, "invalid_id")
return
}
var body rejectRequestBody
_ = json.NewDecoder(r.Body).Decode(&body)
row, err := h.lidarrRequests.Reject(r.Context(), id, admin.ID, body.Notes)
if err != nil {
switch {
case errors.Is(err, lidarrrequests.ErrNotFound):
writeAdminJSONErr(w, http.StatusNotFound, "request_not_found")
case errors.Is(err, lidarrrequests.ErrNotPending):
writeAdminJSONErr(w, http.StatusConflict, "request_not_pending")
default:
h.logger.Error("admin: reject request", "err", err)
writeAdminJSONErr(w, http.StatusInternalServerError, "server_error")
}
return
}
h.publishRequestStatusChanged(row)
writeJSON(w, http.StatusOK, requestViewFrom(row))
}