107 lines
3.8 KiB
PHP
107 lines
3.8 KiB
PHP
<?php
|
|
// ============================================================
|
|
// api/moderators.php
|
|
//
|
|
// GET /api/moderators — list moderators (admin)
|
|
// GET /api/moderators?users=1 — list all OAuth users (admin)
|
|
// POST /api/moderators — add mod by username (admin)
|
|
// DELETE /api/moderators?id=N — revoke mod (admin)
|
|
// POST /api/moderators?ban=1 — ban user (admin)
|
|
// DELETE /api/moderators?unban=N — unban user (admin)
|
|
// ============================================================
|
|
|
|
require_once __DIR__ . '/db.php';
|
|
|
|
cors();
|
|
require_admin();
|
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
|
|
// ------------------------------------------------------------------
|
|
// GET
|
|
// ------------------------------------------------------------------
|
|
if ($method === 'GET') {
|
|
|
|
if (isset($_GET['users'])) {
|
|
// All OAuth users with their role
|
|
$rows = db()->query("
|
|
SELECT u.id, u.provider, u.login, u.display_name, u.avatar,
|
|
u.created_at, u.last_seen, u.banned,
|
|
CASE WHEN m.id IS NOT NULL THEN true ELSE false END AS is_mod
|
|
FROM users u
|
|
LEFT JOIN moderators m ON m.user_id = u.id
|
|
ORDER BY u.last_seen DESC
|
|
LIMIT 200
|
|
")->fetchAll();
|
|
json_out($rows);
|
|
}
|
|
|
|
// Moderators list
|
|
$rows = db()->query("
|
|
SELECT m.id AS mod_id, m.created_at, m.granted_by,
|
|
u.id, u.provider, u.login, u.display_name, u.avatar
|
|
FROM moderators m
|
|
JOIN users u ON u.id = m.user_id
|
|
ORDER BY m.created_at DESC
|
|
")->fetchAll();
|
|
json_out($rows);
|
|
}
|
|
|
|
// ------------------------------------------------------------------
|
|
// POST — add mod or ban
|
|
// ------------------------------------------------------------------
|
|
if ($method === 'POST') {
|
|
|
|
// Ban user
|
|
if (isset($_GET['ban'])) {
|
|
$body = body();
|
|
$user_id = (int)($body['user_id'] ?? 0);
|
|
if (!$user_id) json_error('Missing user_id');
|
|
db()->prepare("UPDATE users SET banned=true WHERE id=:id")->execute([':id' => $user_id]);
|
|
// Also remove mod if banned
|
|
db()->prepare("DELETE FROM moderators WHERE user_id=:id")->execute([':id' => $user_id]);
|
|
json_out(['ok' => true]);
|
|
}
|
|
|
|
// Add moderator by username
|
|
$body = body();
|
|
$login = strtolower(trim($body['login'] ?? ''));
|
|
$provider = in_array($body['provider'] ?? '', ['twitch','kick']) ? $body['provider'] : 'twitch';
|
|
|
|
if (empty($login)) json_error('Missing login');
|
|
|
|
$stmt = db()->prepare("SELECT id, display_name FROM users WHERE LOWER(login)=:l AND provider=:p AND (banned IS NULL OR banned=false)");
|
|
$stmt->execute([':l' => $login, ':p' => $provider]);
|
|
$user = $stmt->fetch();
|
|
|
|
if (!$user) {
|
|
json_error("Uživatel '$login' na $provider se zatím nepřihlásil nebo je zabanován.", 404);
|
|
}
|
|
|
|
db()->prepare("INSERT INTO moderators (user_id, granted_by) VALUES (:uid,'admin') ON CONFLICT (user_id) DO NOTHING")
|
|
->execute([':uid' => $user['id']]);
|
|
json_out(['ok' => true, 'display_name' => $user['display_name']]);
|
|
}
|
|
|
|
// ------------------------------------------------------------------
|
|
// DELETE — revoke mod or unban
|
|
// ------------------------------------------------------------------
|
|
if ($method === 'DELETE') {
|
|
|
|
// Unban
|
|
if (isset($_GET['unban'])) {
|
|
$user_id = (int)($_GET['unban'] ?? 0);
|
|
if (!$user_id) json_error('Missing user_id');
|
|
db()->prepare("UPDATE users SET banned=false WHERE id=:id")->execute([':id' => $user_id]);
|
|
json_out(['ok' => true]);
|
|
}
|
|
|
|
// Remove mod
|
|
$id = (int)($_GET['id'] ?? 0);
|
|
if (!$id) json_error('Missing id');
|
|
db()->prepare("DELETE FROM moderators WHERE id=:id")->execute([':id' => $id]);
|
|
json_out(['ok' => true]);
|
|
}
|
|
|
|
json_error('Method not allowed', 405);
|