first commit

api/moderators.php

@@ -0,0 +1,106 @@
+<?php
+// ============================================================
+//  api/moderators.php
+//
+//  GET    /api/moderators           — list moderators (admin)
+//  GET    /api/moderators?users=1   — list all OAuth users (admin)
+//  POST   /api/moderators           — add mod by username (admin)
+//  DELETE /api/moderators?id=N      — revoke mod (admin)
+//  POST   /api/moderators?ban=1     — ban user (admin)
+//  DELETE /api/moderators?unban=N   — unban user (admin)
+// ============================================================
+
+require_once __DIR__ . '/db.php';
+
+cors();
+require_admin();
+
+$method = $_SERVER['REQUEST_METHOD'];
+
+// ------------------------------------------------------------------
+// GET
+// ------------------------------------------------------------------
+if ($method === 'GET') {
+
+    if (isset($_GET['users'])) {
+        // All OAuth users with their role
+        $rows = db()->query("
+            SELECT u.id, u.provider, u.login, u.display_name, u.avatar,
+                   u.created_at, u.last_seen, u.banned,
+                   CASE WHEN m.id IS NOT NULL THEN true ELSE false END AS is_mod
+            FROM users u
+            LEFT JOIN moderators m ON m.user_id = u.id
+            ORDER BY u.last_seen DESC
+            LIMIT 200
+        ")->fetchAll();
+        json_out($rows);
+    }
+
+    // Moderators list
+    $rows = db()->query("
+        SELECT m.id AS mod_id, m.created_at, m.granted_by,
+               u.id, u.provider, u.login, u.display_name, u.avatar
+        FROM moderators m
+        JOIN users u ON u.id = m.user_id
+        ORDER BY m.created_at DESC
+    ")->fetchAll();
+    json_out($rows);
+}
+
+// ------------------------------------------------------------------
+// POST — add mod or ban
+// ------------------------------------------------------------------
+if ($method === 'POST') {
+
+    // Ban user
+    if (isset($_GET['ban'])) {
+        $body    = body();
+        $user_id = (int)($body['user_id'] ?? 0);
+        if (!$user_id) json_error('Missing user_id');
+        db()->prepare("UPDATE users SET banned=true WHERE id=:id")->execute([':id' => $user_id]);
+        // Also remove mod if banned
+        db()->prepare("DELETE FROM moderators WHERE user_id=:id")->execute([':id' => $user_id]);
+        json_out(['ok' => true]);
+    }
+
+    // Add moderator by username
+    $body     = body();
+    $login    = strtolower(trim($body['login']    ?? ''));
+    $provider = in_array($body['provider'] ?? '', ['twitch','kick']) ? $body['provider'] : 'twitch';
+
+    if (empty($login)) json_error('Missing login');
+
+    $stmt = db()->prepare("SELECT id, display_name FROM users WHERE LOWER(login)=:l AND provider=:p AND (banned IS NULL OR banned=false)");
+    $stmt->execute([':l' => $login, ':p' => $provider]);
+    $user = $stmt->fetch();
+
+    if (!$user) {
+        json_error("Uživatel '$login' na $provider se zatím nepřihlásil nebo je zabanován.", 404);
+    }
+
+    db()->prepare("INSERT INTO moderators (user_id, granted_by) VALUES (:uid,'admin') ON CONFLICT (user_id) DO NOTHING")
+        ->execute([':uid' => $user['id']]);
+    json_out(['ok' => true, 'display_name' => $user['display_name']]);
+}
+
+// ------------------------------------------------------------------
+// DELETE — revoke mod or unban
+// ------------------------------------------------------------------
+if ($method === 'DELETE') {
+
+    // Unban
+    if (isset($_GET['unban'])) {
+        $user_id = (int)($_GET['unban'] ?? 0);
+        if (!$user_id) json_error('Missing user_id');
+        db()->prepare("UPDATE users SET banned=false WHERE id=:id")->execute([':id' => $user_id]);
+        json_out(['ok' => true]);
+    }
+
+    // Remove mod
+    $id = (int)($_GET['id'] ?? 0);
+    if (!$id) json_error('Missing id');
+    db()->prepare("DELETE FROM moderators WHERE id=:id")->execute([':id' => $id]);
+    json_out(['ok' => true]);
+}
+
+json_error('Method not allowed', 405);