davidovic/infohliadka
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

migrate from SQLite to PostgreSQL with Drizzle ORM

Browse Source 
- Updated all packages to latest versions (React 19, Next.js 14.2.32)
- Replaced sqlite3 with pg and drizzle-orm dependencies
- Created complete PostgreSQL schema with relationships and indexes
- Migrated all API endpoints from SQLite to Drizzle queries
- Added database seeding with sample data
- Updated authentication to use bcrypt instead of pbkdf2
- Configured connection pooling for PostgreSQL
- Updated app version to 1.0.0
- All endpoints tested and working correctly
This commit is contained in:
Lukas Davidovic
2025-09-06 12:56:33 +02:00
parent 52bde64e7f
commit 860070a302
26 changed files with 2526 additions and 2403 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
drizzle.config.ts Normal file
View File

@@ -0,0 +1,13 @@
import { defineConfig } from 'drizzle-kit';
import * as dotenv from 'dotenv';
dotenv.config({ path: '.env.local' });
export default defineConfig({
schema: './lib/db/schema.ts',
out: './drizzle',
dialect: 'postgresql',
dbCredentials: {
url: process.env.DATABASE_URL!,
},
});

74
lib/api-auth.ts
View File

@@ -1,16 +1,16 @@
import sqlite3 from 'sqlite3'
import path from 'path'
import crypto from 'crypto'
import { db, schema } from './db/connection'
import { eq, and } from 'drizzle-orm'
export interface ApiKey {
id: number
key_hash: string
keyHash: string
name: string
permissions: string[]
rate_limit: number
is_active: boolean
last_used?: string
created_at: string
rateLimit: number
isActive: boolean
lastUsed?: Date
createdAt: Date
}
export function generateApiKey(): string {
@@ -25,48 +25,38 @@ export async function validateApiKey(key: string): Promise<ApiKey | null> {
if (!key || !key.startsWith('ak_')) return null
const keyHash = hashApiKey(key)
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const db = new sqlite3.Database(dbPath)
try {
const apiKey = await new Promise<ApiKey | null>((resolve, reject) => {
db.get(
'SELECT * FROM api_keys WHERE key_hash = ? AND is_active = 1',
[keyHash],
(err, row: any) => {
if (err) reject(err)
else if (row) {
resolve({
...row,
permissions: row.permissions ? JSON.parse(row.permissions) : []
})
} else {
resolve(null)
}
}
)
})
const apiKeys = await db.select()
.from(schema.apiKeys)
.where(and(
eq(schema.apiKeys.keyHash, keyHash),
eq(schema.apiKeys.isActive, true)
))
.limit(1)
if (apiKey) {
// Update last_used timestamp
await new Promise<void>((resolve, reject) => {
db.run(
'UPDATE api_keys SET last_used = datetime("now") WHERE id = ?',
[apiKey.id],
(err) => {
if (err) reject(err)
else resolve()
}
)
})
if (apiKeys.length === 0) return null
const apiKey = apiKeys[0]
// Update last_used timestamp
await db.update(schema.apiKeys)
.set({ lastUsed: new Date() })
.where(eq(schema.apiKeys.id, apiKey.id))
return {
id: apiKey.id,
keyHash: apiKey.keyHash,
name: apiKey.name,
permissions: apiKey.permissions ? JSON.parse(apiKey.permissions) : [],
rateLimit: apiKey.rateLimit,
isActive: apiKey.isActive,
lastUsed: apiKey.lastUsed,
createdAt: apiKey.createdAt
}
return apiKey
} catch (error) {
console.error('API key validation error:', error)
return null
} finally {
db.close()
}
}

32
lib/audit-logger.ts
View File

@@ -1,5 +1,4 @@
import sqlite3 from 'sqlite3'
import path from 'path'
import { db, schema } from './db/connection'
export interface AuditLogEntry {
user_id?: number
@@ -11,32 +10,17 @@ export interface AuditLogEntry {
}
export async function logAuditEvent(entry: AuditLogEntry): Promise<void> {
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const db = new sqlite3.Database(dbPath)
try {
await new Promise<void>((resolve, reject) => {
db.run(
`INSERT INTO audit_logs (user_id, action, resource_type, resource_id, details, ip_address, created_at)
VALUES (?, ?, ?, ?, ?, ?, datetime('now'))`,
[
entry.user_id || null,
entry.action,
entry.resource_type,
entry.resource_id || null,
entry.details ? JSON.stringify(entry.details) : null,
entry.ip_address || null
],
(err) => {
if (err) reject(err)
else resolve()
}
)
await db.insert(schema.auditLogs).values({
userId: entry.user_id || null,
action: entry.action,
resourceType: entry.resource_type,
resourceId: entry.resource_id || null,
details: entry.details ? JSON.stringify(entry.details) : null,
ipAddress: entry.ip_address || null
})
} catch (error) {
console.error('Audit logging failed:', error)
} finally {
db.close()
}
}

70
lib/backup-utils.ts
View File

@@ -1,19 +1,38 @@
import { exec } from 'child_process'
import path from 'path'
import { promisify } from 'util'
import fs from 'fs/promises'
const execAsync = promisify(exec)
export async function createDatabaseBackup(): Promise<string> {
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const backupPath = path.join(process.cwd(), 'backups', `backup_${Date.now()}.db`)
if (!process.env.DATABASE_URL) {
throw new Error('DATABASE_URL environment variable is required')
}
const timestamp = Date.now()
const backupPath = path.join(process.cwd(), 'backups', `backup_${timestamp}.sql`)
try {
// Ensure backup directory exists
await execAsync('mkdir -p backups')
// Create SQLite backup using .backup command
await execAsync(`sqlite3 "${dbPath}" ".backup '${backupPath}'"`)
// Create PostgreSQL backup using pg_dump
// Extract database name from connection string
const url = new URL(process.env.DATABASE_URL)
const dbName = url.pathname.substring(1) // Remove leading slash
const host = url.hostname
const port = url.port || '5432'
const username = url.username
const password = url.password
// Set PGPASSWORD environment variable for pg_dump
const env = { ...process.env, PGPASSWORD: password }
await execAsync(
`pg_dump -h ${host} -p ${port} -U ${username} -d ${dbName} --no-password > "${backupPath}"`,
{ env }
)
return backupPath
} catch (error) {
@@ -23,14 +42,30 @@ export async function createDatabaseBackup(): Promise<string> {
}
export async function restoreDatabase(backupPath: string): Promise<void> {
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
if (!process.env.DATABASE_URL) {
throw new Error('DATABASE_URL environment variable is required')
}
try {
// Create backup of current DB first
await createDatabaseBackup()
// Copy backup to main location
await execAsync(`cp "${backupPath}" "${dbPath}"`)
// Extract database connection details
const url = new URL(process.env.DATABASE_URL)
const dbName = url.pathname.substring(1)
const host = url.hostname
const port = url.port || '5432'
const username = url.username
const password = url.password
// Set PGPASSWORD environment variable for psql
const env = { ...process.env, PGPASSWORD: password }
// Restore from SQL backup
await execAsync(
`psql -h ${host} -p ${port} -U ${username} -d ${dbName} --no-password < "${backupPath}"`,
{ env }
)
console.log('Database restored successfully')
} catch (error) {
@@ -41,8 +76,25 @@ export async function restoreDatabase(backupPath: string): Promise<void> {
export async function listBackups(): Promise<string[]> {
try {
const { stdout } = await execAsync('ls -la backups/*.db 2>/dev/null || true')
return stdout.trim() ? stdout.trim().split('\n') : []
const backupDir = path.join(process.cwd(), 'backups')
try {
const files = await fs.readdir(backupDir)
const sqlFiles = files.filter(file => file.endsWith('.sql'))
// Get file stats for each backup
const backupInfo = await Promise.all(
sqlFiles.map(async (file) => {
const filePath = path.join(backupDir, file)
const stats = await fs.stat(filePath)
return `${stats.mtime.toISOString()} ${file} (${Math.round(stats.size / 1024)}KB)`
})
)
return backupInfo.sort().reverse() // Most recent first
} catch (dirError) {
return []
}
} catch {
return []
}

103
lib/db-optimizations.ts
View File

@@ -1,99 +1,60 @@
import sqlite3 from 'sqlite3'
import path from 'path'
import { db, schema } from './db/connection'
import { sql, count } from 'drizzle-orm'
export async function optimizeDatabase(): Promise<void> {
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const db = new sqlite3.Database(dbPath)
try {
// Create performance indexes
const indexes = [
'CREATE INDEX IF NOT EXISTS idx_sources_domain ON sources(domain)',
'CREATE INDEX IF NOT EXISTS idx_sources_status_risk ON sources(status, risk_level)',
'CREATE INDEX IF NOT EXISTS idx_sources_created ON sources(created_at)',
'CREATE INDEX IF NOT EXISTS idx_reports_status ON reports(status)',
'CREATE INDEX IF NOT EXISTS idx_reports_created ON reports(created_at)',
'CREATE INDEX IF NOT EXISTS idx_api_keys_hash ON api_keys(key_hash)',
'CREATE INDEX IF NOT EXISTS idx_audit_logs_created ON audit_logs(created_at)',
'CREATE INDEX IF NOT EXISTS idx_source_categories ON source_categories(source_id, category_id)'
// PostgreSQL automatically creates indexes defined in schema.ts
// Run ANALYZE to update statistics for query optimization
const tables = [
'sources',
'reports',
'api_keys',
'source_categories',
'categories',
'users'
]
for (const indexQuery of indexes) {
await new Promise<void>((resolve, reject) => {
db.run(indexQuery, (err) => {
if (err) reject(err)
else resolve()
})
})
for (const tableName of tables) {
await db.execute(sql`ANALYZE ${sql.raw(tableName)}`)
}
// Analyze tables for query optimization
const analyzeTables = [
'ANALYZE sources',
'ANALYZE reports',
'ANALYZE api_keys',
'ANALYZE audit_logs',
'ANALYZE source_categories'
]
for (const analyzeQuery of analyzeTables) {
await new Promise<void>((resolve, reject) => {
db.run(analyzeQuery, (err) => {
if (err) reject(err)
else resolve()
})
})
}
// Vacuum database to optimize storage
await new Promise<void>((resolve, reject) => {
db.run('VACUUM', (err) => {
if (err) reject(err)
else resolve()
})
})
// PostgreSQL equivalent of VACUUM - VACUUM ANALYZE updates statistics and cleans up
await db.execute(sql`VACUUM ANALYZE`)
console.log('Database optimization completed successfully')
} catch (error) {
console.error('Database optimization failed:', error)
throw error
} finally {
db.close()
}
}
export async function getDatabaseStats(): Promise<any> {
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const db = new sqlite3.Database(dbPath)
try {
const stats = await new Promise<any>((resolve, reject) => {
db.all(`
SELECT
name as table_name,
COUNT(*) as row_count
FROM (
SELECT 'sources' as name UNION
SELECT 'reports' as name UNION
SELECT 'api_keys' as name UNION
SELECT 'audit_logs' as name
) tables
`, (err, rows) => {
if (err) reject(err)
else resolve(rows)
})
})
// Get row counts for each table
const [sourcesCount] = await db.select({ count: count() }).from(schema.sources)
const [reportsCount] = await db.select({ count: count() }).from(schema.reports)
const [apiKeysCount] = await db.select({ count: count() }).from(schema.apiKeys)
const [categoriesCount] = await db.select({ count: count() }).from(schema.categories)
const [usersCount] = await db.select({ count: count() }).from(schema.users)
const [sourceCategoriesCount] = await db.select({ count: count() }).from(schema.sourceCategories)
const tables = [
{ table_name: 'sources', row_count: sourcesCount.count },
{ table_name: 'reports', row_count: reportsCount.count },
{ table_name: 'api_keys', row_count: apiKeysCount.count },
{ table_name: 'categories', row_count: categoriesCount.count },
{ table_name: 'users', row_count: usersCount.count },
{ table_name: 'source_categories', row_count: sourceCategoriesCount.count }
]
return {
tables: stats,
tables,
optimized_at: new Date().toISOString()
}
} catch (error) {
console.error('Failed to get database stats:', error)
throw error
} finally {
db.close()
}
}

27
lib/db/connection.ts Normal file
View File

@@ -0,0 +1,27 @@
import { drizzle } from 'drizzle-orm/node-postgres';
import { Pool } from 'pg';
import * as schema from './schema';
function createConnection() {
if (!process.env.DATABASE_URL) {
throw new Error('DATABASE_URL environment variable is required');
}
const pool = new Pool({
connectionString: process.env.DATABASE_URL,
ssl: false,
max: 10,
idleTimeoutMillis: 30000,
connectionTimeoutMillis: 2000
});
// Test connection
pool.on('error', (err) => {
console.error('Unexpected error on idle client', err);
});
return drizzle(pool, { schema });
}
export const db = createConnection();
export { schema };

228
lib/db/schema.ts Normal file
View File

@@ -0,0 +1,228 @@
import {
pgTable,
serial,
varchar,
text,
boolean,
integer,
timestamp,
decimal,
pgEnum,
uniqueIndex,
index
} from 'drizzle-orm/pg-core';
import { relations } from 'drizzle-orm';
// Enums
export const roleEnum = pgEnum('role', ['admin', 'moderator']);
export const sourceTypeEnum = pgEnum('source_type', [
'website', 'facebook_page', 'facebook_group', 'instagram',
'blog', 'news_site', 'youtube', 'tiktok', 'telegram', 'other'
]);
export const sourceStatusEnum = pgEnum('source_status', [
'pending', 'verified', 'rejected', 'under_review'
]);
export const languageEnum = pgEnum('language', ['sk', 'cs', 'en', 'other']);
export const priorityEnum = pgEnum('priority', ['low', 'medium', 'high', 'urgent']);
export const reportStatusEnum = pgEnum('report_status', [
'pending', 'in_review', 'approved', 'rejected', 'duplicate'
]);
// Users table
export const users = pgTable('users', {
id: serial('id').primaryKey(),
email: varchar('email', { length: 255 }).notNull().unique(),
passwordHash: varchar('password_hash', { length: 255 }).notNull(),
name: varchar('name', { length: 100 }).notNull(),
role: roleEnum('role').default('moderator'),
isActive: boolean('is_active').default(true),
lastLogin: timestamp('last_login'),
createdAt: timestamp('created_at').defaultNow(),
updatedAt: timestamp('updated_at').defaultNow()
});
// Categories table
export const categories = pgTable('categories', {
id: serial('id').primaryKey(),
name: varchar('name', { length: 100 }).notNull().unique(),
slug: varchar('slug', { length: 100 }).notNull().unique(),
description: text('description'),
color: varchar('color', { length: 7 }).default('#6B7280'),
priority: integer('priority').default(1),
icon: varchar('icon', { length: 50 }),
isActive: boolean('is_active').default(true),
createdAt: timestamp('created_at').defaultNow(),
updatedAt: timestamp('updated_at').defaultNow()
}, (table) => {
return {
slugIdx: uniqueIndex('idx_categories_slug').on(table.slug),
priorityIdx: index('idx_categories_priority').on(table.priority)
};
});
// Sources table
export const sources = pgTable('sources', {
id: serial('id').primaryKey(),
url: varchar('url', { length: 1000 }).notNull().unique(),
domain: varchar('domain', { length: 255 }).notNull(),
title: varchar('title', { length: 500 }),
description: text('description'),
type: sourceTypeEnum('type').notNull(),
status: sourceStatusEnum('status').default('pending'),
riskLevel: integer('risk_level').default(1),
language: languageEnum('language').default('sk'),
evidenceUrls: text('evidence_urls'), // JSON
reportedBy: varchar('reported_by', { length: 255 }),
verifiedBy: integer('verified_by').references(() => users.id),
rejectionReason: text('rejection_reason'),
followerCount: integer('follower_count').default(0),
lastChecked: timestamp('last_checked'),
metadata: text('metadata').default('{}'), // JSON
createdAt: timestamp('created_at').defaultNow(),
updatedAt: timestamp('updated_at').defaultNow()
}, (table) => {
return {
domainIdx: index('idx_sources_domain').on(table.domain),
statusIdx: index('idx_sources_status').on(table.status),
riskLevelIdx: index('idx_sources_risk_level').on(table.riskLevel),
typeIdx: index('idx_sources_type').on(table.type),
createdAtIdx: index('idx_sources_created_at').on(table.createdAt),
verifiedByIdx: index('idx_sources_verified_by').on(table.verifiedBy),
statusRiskIdx: index('idx_sources_status_risk').on(table.status, table.riskLevel)
};
});
// Source Categories junction table
export const sourceCategories = pgTable('source_categories', {
id: serial('id').primaryKey(),
sourceId: integer('source_id').notNull().references(() => sources.id, { onDelete: 'cascade' }),
categoryId: integer('category_id').notNull().references(() => categories.id, { onDelete: 'cascade' }),
confidenceScore: decimal('confidence_score', { precision: 3, scale: 2 }).default('1.0'),
addedBy: integer('added_by').references(() => users.id),
createdAt: timestamp('created_at').defaultNow()
}, (table) => {
return {
sourceIdIdx: index('idx_source_categories_source_id').on(table.sourceId),
categoryIdIdx: index('idx_source_categories_category_id').on(table.categoryId),
uniqueSourceCategory: uniqueIndex('unique_source_category').on(table.sourceId, table.categoryId)
};
});
// Reports table
export const reports = pgTable('reports', {
id: serial('id').primaryKey(),
sourceUrl: varchar('source_url', { length: 1000 }).notNull(),
sourceDomain: varchar('source_domain', { length: 255 }).notNull(),
reporterEmail: varchar('reporter_email', { length: 255 }),
reporterName: varchar('reporter_name', { length: 100 }),
categorySuggestions: text('category_suggestions'), // JSON
description: text('description').notNull(),
evidenceUrls: text('evidence_urls'), // JSON
priority: priorityEnum('priority').default('medium'),
status: reportStatusEnum('status').default('pending'),
assignedTo: integer('assigned_to').references(() => users.id),
adminNotes: text('admin_notes'),
processedAt: timestamp('processed_at'),
ipAddress: varchar('ip_address', { length: 45 }),
userAgent: text('user_agent'),
createdAt: timestamp('created_at').defaultNow(),
updatedAt: timestamp('updated_at').defaultNow()
}, (table) => {
return {
statusIdx: index('idx_reports_status').on(table.status),
sourceDomainIdx: index('idx_reports_source_domain').on(table.sourceDomain),
priorityIdx: index('idx_reports_priority').on(table.priority),
createdAtIdx: index('idx_reports_created_at').on(table.createdAt),
assignedToIdx: index('idx_reports_assigned_to').on(table.assignedTo)
};
});
// API Keys table
export const apiKeys = pgTable('api_keys', {
id: serial('id').primaryKey(),
keyHash: varchar('key_hash', { length: 255 }).notNull().unique(),
name: varchar('name', { length: 100 }).notNull(),
description: text('description'),
ownerEmail: varchar('owner_email', { length: 255 }).notNull(),
permissions: text('permissions').default('["read"]'), // JSON
rateLimit: integer('rate_limit').default(1000),
isActive: boolean('is_active').default(true),
usageCount: integer('usage_count').default(0),
lastUsed: timestamp('last_used'),
expiresAt: timestamp('expires_at'),
createdAt: timestamp('created_at').defaultNow(),
updatedAt: timestamp('updated_at').defaultNow()
}, (table) => {
return {
keyHashIdx: uniqueIndex('idx_api_keys_hash').on(table.keyHash),
ownerIdx: index('idx_api_keys_owner').on(table.ownerEmail)
};
});
// Audit Logs table
export const auditLogs = pgTable('audit_logs', {
id: serial('id').primaryKey(),
userId: integer('user_id').references(() => users.id),
action: varchar('action', { length: 50 }).notNull(),
resourceType: varchar('resource_type', { length: 50 }).notNull(),
resourceId: integer('resource_id'),
details: text('details'), // JSON
ipAddress: varchar('ip_address', { length: 45 }),
createdAt: timestamp('created_at').defaultNow()
}, (table) => {
return {
userIdIdx: index('idx_audit_logs_user_id').on(table.userId),
createdAtIdx: index('idx_audit_logs_created_at').on(table.createdAt),
actionIdx: index('idx_audit_logs_action').on(table.action),
resourceTypeIdx: index('idx_audit_logs_resource_type').on(table.resourceType)
};
});
// Relations
export const usersRelations = relations(users, ({ many }) => ({
verifiedSources: many(sources),
sourceCategories: many(sourceCategories),
assignedReports: many(reports),
auditLogs: many(auditLogs)
}));
export const categoriesRelations = relations(categories, ({ many }) => ({
sourceCategories: many(sourceCategories)
}));
export const sourcesRelations = relations(sources, ({ one, many }) => ({
verifiedBy: one(users, {
fields: [sources.verifiedBy],
references: [users.id]
}),
sourceCategories: many(sourceCategories)
}));
export const sourceCategoriesRelations = relations(sourceCategories, ({ one }) => ({
source: one(sources, {
fields: [sourceCategories.sourceId],
references: [sources.id]
}),
category: one(categories, {
fields: [sourceCategories.categoryId],
references: [categories.id]
}),
addedBy: one(users, {
fields: [sourceCategories.addedBy],
references: [users.id]
})
}));
export const reportsRelations = relations(reports, ({ one }) => ({
assignedTo: one(users, {
fields: [reports.assignedTo],
references: [users.id]
})
}));
export const auditLogsRelations = relations(auditLogs, ({ one }) => ({
user: one(users, {
fields: [auditLogs.userId],
references: [users.id]
})
}));

98
lib/db/seed.ts Normal file
View File

@@ -0,0 +1,98 @@
import { db } from './connection';
import { users, categories, sources, apiKeys, sourceCategories } from './schema';
import * as bcrypt from 'bcryptjs';
export async function seedDatabase() {
try {
console.log('🌱 Seeding database...');
// Insert categories one by one
const categoryData = [
{ name: 'Hoax', slug: 'hoax', description: 'Šírenie nepravdivých informácií a hoaxov', color: '#EF4444', priority: 5, icon: 'AlertTriangle' },
{ name: 'Hate Speech', slug: 'hate-speech', description: 'Nenávistné prejavy proti skupinám ľudí', color: '#DC2626', priority: 5, icon: 'MessageSquareX' },
{ name: 'Violence', slug: 'violence', description: 'Povzbudzovanie k násiliu', color: '#B91C1C', priority: 5, icon: 'Sword' },
{ name: 'Conspiracy', slug: 'conspiracy', description: 'Konšpiračné teórie', color: '#F59E0B', priority: 3, icon: 'Eye' },
{ name: 'Propaganda', slug: 'propaganda', description: 'Politická propaganda a manipulácia', color: '#D97706', priority: 2, icon: 'Megaphone' }
];
const insertedCategories = [];
for (const cat of categoryData) {
const result = await db.insert(categories).values(cat).returning();
insertedCategories.push(result[0]);
console.log(`✅ Inserted category: ${cat.name}`);
}
// Insert admin user
const hashedPassword = await bcrypt.hash('admin123', 12);
const insertedUsers = await db.insert(users).values({
email: 'admin@antihoax.sk',
passwordHash: hashedPassword,
name: 'System Admin',
role: 'admin'
}).returning();
console.log(`✅ Inserted user: ${insertedUsers[0].name}`);
// Insert example sources
const sourceData = [
{
url: 'https://example-hoax-site.com',
domain: 'example-hoax-site.com',
title: 'Example Hoax Site',
description: 'Príklad hoax stránky pre testovanie',
type: 'website' as const,
status: 'verified' as const,
riskLevel: 5,
language: 'sk' as const,
reportedBy: 'test@example.com',
verifiedBy: insertedUsers[0].id,
followerCount: 1500,
metadata: JSON.stringify({ tags: ['test', 'example'] })
},
{
url: 'https://example-conspiracy.com',
domain: 'example-conspiracy.com',
title: 'Conspiracy Theory Site',
description: 'Stránka šíriaca konšpiračné teórie',
type: 'blog' as const,
status: 'verified' as const,
riskLevel: 3,
language: 'sk' as const,
reportedBy: 'reporter@example.com',
verifiedBy: insertedUsers[0].id,
followerCount: 850,
metadata: JSON.stringify({ tags: ['conspiracy', 'politics'] })
}
];
const insertedSources = [];
for (const src of sourceData) {
const result = await db.insert(sources).values(src).returning();
insertedSources.push(result[0]);
console.log(`✅ Inserted source: ${src.title}`);
}
// Link sources with categories
await db.insert(sourceCategories).values({
sourceId: insertedSources[0].id,
categoryId: insertedCategories[0].id, // Hoax
confidenceScore: '1.0',
addedBy: insertedUsers[0].id
});
await db.insert(sourceCategories).values({
sourceId: insertedSources[1].id,
categoryId: insertedCategories[3].id, // Conspiracy
confidenceScore: '0.9',
addedBy: insertedUsers[0].id
});
console.log(`✅ Linked sources with categories`);
console.log('🎉 Database seeded successfully!');
console.log('📧 Admin login: admin@antihoax.sk / admin123');
} catch (error) {
console.error('❌ Error seeding database:', error);
throw error;
}
}

3260
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

37
package.json
View File

@@ -1,26 +1,37 @@
{
"name": "infohliadka",
"version": "0.2.0",
"version": "1.0.0",
"private": true,
"scripts": {
"dev": "next dev",
"build": "next build",
"start": "next start",
"lint": "next lint"
"lint": "next lint",
"db:generate": "drizzle-kit generate",
"db:migrate": "drizzle-kit migrate",
"db:push": "drizzle-kit push",
"db:studio": "drizzle-kit studio",
"db:seed": "npx tsx scripts/seed.ts"
},
"dependencies": {
"next": "14.2.15",
"react": "18.3.1",
"react-dom": "18.3.1",
"sqlite3": "^5.1.7"
"@types/bcryptjs": "^2.4.6",
"@types/pg": "^8.15.5",
"bcryptjs": "^3.0.2",
"dotenv": "^17.2.2",
"drizzle-kit": "^0.31.4",
"drizzle-orm": "^0.44.5",
"next": "^14.2.32",
"pg": "^8.16.3",
"react": "^19.1.1",
"react-dom": "^19.1.1"
},
"devDependencies": {
"@types/node": "20.14.15",
"@types/react": "18.3.11",
"@types/react-dom": "18.3.1",
"@types/sqlite3": "^3.1.11",
"eslint": "8.57.1",
"@types/node": "^24.3.1",
"@types/react": "^19.1.12",
"@types/react-dom": "^19.1.9",
"eslint": "^9.35.0",
"eslint-config-next": "14.2.15",
"typescript": "5.6.3"
"tsx": "^4.20.5",
"typescript": "^5.9.2"
}
}
}

66
pages/api/admin/api-keys.ts
View File

@@ -1,24 +1,23 @@
import type { NextApiRequest, NextApiResponse } from "next"
import sqlite3 from "sqlite3"
import path from "path"
import { db, schema } from '../../../lib/db/connection'
import { desc, eq } from 'drizzle-orm'
import { generateApiKey, hashApiKey } from "../../../lib/api-auth"
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
const dbPath = path.join(process.cwd(), "database", "antihoax.db")
const db = new sqlite3.Database(dbPath)
try {
if (req.method === "GET") {
const keys = await new Promise<any[]>((resolve, reject) => {
db.all(
`SELECT id, name, permissions, rate_limit, is_active, last_used, created_at
FROM api_keys ORDER BY created_at DESC`,
(err, rows) => {
if (err) reject(err)
else resolve(rows)
}
)
})
const keys = await db
.select({
id: schema.apiKeys.id,
name: schema.apiKeys.name,
permissions: schema.apiKeys.permissions,
rateLimit: schema.apiKeys.rateLimit,
isActive: schema.apiKeys.isActive,
lastUsed: schema.apiKeys.lastUsed,
createdAt: schema.apiKeys.createdAt
})
.from(schema.apiKeys)
.orderBy(desc(schema.apiKeys.createdAt))
res.json({
keys: keys.map(key => ({
@@ -38,17 +37,16 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
const apiKey = generateApiKey()
const keyHash = hashApiKey(apiKey)
const result = await new Promise<any>((resolve, reject) => {
db.run(
`INSERT INTO api_keys (key_hash, name, permissions, rate_limit, is_active, created_at)
VALUES (?, ?, ?, ?, 1, datetime('now'))`,
[keyHash, name, JSON.stringify(permissions), rate_limit],
function(err) {
if (err) reject(err)
else resolve({ id: this.lastID })
}
)
})
const [result] = await db
.insert(schema.apiKeys)
.values({
keyHash: keyHash,
name: name,
permissions: JSON.stringify(permissions),
rateLimit: rate_limit,
isActive: true
})
.returning({ id: schema.apiKeys.id })
res.json({
success: true,
@@ -62,16 +60,10 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
} else if (req.method === "DELETE") {
const { id } = req.query
await new Promise<void>((resolve, reject) => {
db.run(
'UPDATE api_keys SET is_active = 0 WHERE id = ?',
[id],
(err) => {
if (err) reject(err)
else resolve()
}
)
})
await db
.update(schema.apiKeys)
.set({ isActive: false })
.where(eq(schema.apiKeys.id, parseInt(id as string)))
res.json({ success: true })
@@ -82,7 +74,5 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
} catch (error) {
console.error('API keys error:', error)
res.status(500).json({ error: "Operation failed" })
} finally {
db.close()
}
}

84
pages/api/admin/audit-logs.ts
View File

@@ -1,76 +1,74 @@
import type { NextApiRequest, NextApiResponse } from "next"
import sqlite3 from "sqlite3"
import path from "path"
import { db, schema } from '../../../lib/db/connection'
import { eq, and, desc, count } from 'drizzle-orm'
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
if (req.method !== "GET") return res.status(405).json({ error: "Method not allowed" })
const { page = '1', limit = '50', action, resource_type, user_id } = req.query
const dbPath = path.join(process.cwd(), "database", "antihoax.db")
const db = new sqlite3.Database(dbPath)
try {
let whereConditions: string[] = []
let params: any[] = []
let whereConditions = []
if (action) {
whereConditions.push("a.action = ?")
params.push(action)
whereConditions.push(eq(schema.auditLogs.action, action as string))
}
if (resource_type) {
whereConditions.push("a.resource_type = ?")
params.push(resource_type)
whereConditions.push(eq(schema.auditLogs.resourceType, resource_type as string))
}
if (user_id) {
whereConditions.push("a.user_id = ?")
params.push(parseInt(user_id as string))
whereConditions.push(eq(schema.auditLogs.userId, parseInt(user_id as string)))
}
const whereClause = whereConditions.length > 0 ? `WHERE ${whereConditions.join(' AND ')}` : ''
const offset = (parseInt(page as string) - 1) * parseInt(limit as string)
const limitInt = parseInt(limit as string)
const query = `
SELECT
a.*,
u.email as user_email,
COUNT(*) OVER() as total_count
FROM audit_logs a
LEFT JOIN users u ON a.user_id = u.id
${whereClause}
ORDER BY a.created_at DESC
LIMIT ? OFFSET ?
`
params.push(parseInt(limit as string), offset)
const logs = await new Promise<any[]>((resolve, reject) => {
db.all(query, params, (err, rows) => {
if (err) reject(err)
else resolve(rows)
// Get logs with user info
const logs = await db
.select({
id: schema.auditLogs.id,
userId: schema.auditLogs.userId,
userEmail: schema.users.email,
action: schema.auditLogs.action,
resourceType: schema.auditLogs.resourceType,
resourceId: schema.auditLogs.resourceId,
details: schema.auditLogs.details,
ipAddress: schema.auditLogs.ipAddress,
createdAt: schema.auditLogs.createdAt
})
})
.from(schema.auditLogs)
.leftJoin(schema.users, eq(schema.auditLogs.userId, schema.users.id))
.where(whereConditions.length > 0 ? and(...whereConditions) : undefined)
.orderBy(desc(schema.auditLogs.createdAt))
.limit(limitInt)
.offset(offset)
const total = logs.length > 0 ? logs[0].total_count : 0
const totalPages = Math.ceil(total / parseInt(limit as string))
// Get total count for pagination
const [totalResult] = await db
.select({ count: count() })
.from(schema.auditLogs)
.where(whereConditions.length > 0 ? and(...whereConditions) : undefined)
const total = totalResult.count
const totalPages = Math.ceil(total / limitInt)
res.json({
logs: logs.map(log => ({
id: log.id,
user_id: log.user_id,
user_email: log.user_email,
user_id: log.userId,
user_email: log.userEmail,
action: log.action,
resource_type: log.resource_type,
resource_id: log.resource_id,
resource_type: log.resourceType,
resource_id: log.resourceId,
details: log.details ? JSON.parse(log.details) : null,
ip_address: log.ip_address,
created_at: log.created_at
ip_address: log.ipAddress,
created_at: log.createdAt
})),
pagination: {
page: parseInt(page as string),
limit: parseInt(limit as string),
limit: limitInt,
total,
totalPages
}
@@ -79,7 +77,5 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
} catch (error) {
console.error('Audit logs error:', error)
res.status(500).json({ error: "Failed to fetch audit logs" })
} finally {
db.close()
}
}

68
pages/api/admin/bulk-import.ts
View File

@@ -1,10 +1,10 @@
import type { NextApiRequest, NextApiResponse } from "next"
import sqlite3 from "sqlite3"
import path from "path"
import { db, schema } from "../../../lib/db/connection"
import { eq } from "drizzle-orm"
interface BulkImportItem {
domain: string
risk_level: number
riskLevel: number
categories: string[]
description?: string
}
@@ -18,63 +18,57 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
return res.status(400).json({ error: "Sources array required" })
}
const dbPath = path.join(process.cwd(), "database", "antihoax.db")
const db = new sqlite3.Database(dbPath)
try {
let imported = 0
let skipped = 0
for (const source of sources) {
if (!source.domain || !source.risk_level) {
if (!source.domain || !source.riskLevel) {
skipped++
continue
}
// Check if domain already exists
const existing = await new Promise<any>((resolve, reject) => {
db.get(
"SELECT id FROM sources WHERE domain = ?",
[source.domain],
(err, row) => {
if (err) reject(err)
else resolve(row)
}
)
})
// Check if source already exists
const existing = await db.select()
.from(schema.sources)
.where(eq(schema.sources.domain, source.domain))
.limit(1)
if (existing) {
if (existing.length > 0) {
skipped++
continue
}
// Insert new source
await new Promise<void>((resolve, reject) => {
db.run(
`INSERT INTO sources (domain, title, risk_level, status, description, created_at)
VALUES (?, ?, ?, 'verified', ?, datetime('now'))`,
[source.domain, source.domain, source.risk_level, source.description || ''],
function(err) {
if (err) reject(err)
else resolve()
}
)
})
imported++
try {
const url = `https://${source.domain}`
await db.insert(schema.sources).values({
url,
domain: source.domain,
title: source.domain,
description: source.description || `Imported source: ${source.domain}`,
type: 'website',
status: 'pending',
riskLevel: source.riskLevel,
language: 'sk',
reportedBy: 'bulk-import'
})
imported++
} catch (error) {
console.error('Failed to import source:', source.domain, error)
skipped++
}
}
res.json({
success: true,
success: true,
imported,
skipped,
total: sources.length
message: `Imported ${imported} sources, skipped ${skipped}`
})
} catch (error) {
} catch (error: any) {
console.error('Bulk import error:', error)
res.status(500).json({ error: "Import failed" })
} finally {
db.close()
}
}

22
pages/api/admin/categories/index.ts
View File

@@ -1,6 +1,6 @@
import type { NextApiRequest, NextApiResponse } from 'next'
import sqlite3 from 'sqlite3'
import path from 'path'
import { db, schema } from '../../../../lib/db/connection'
import { desc, asc } from 'drizzle-orm'
export default async function handler(
req: NextApiRequest,
@@ -10,26 +10,16 @@ export default async function handler(
return res.status(405).json({ error: 'Method not allowed' })
}
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const db = new sqlite3.Database(dbPath)
try {
const categories = await new Promise<any[]>((resolve, reject) => {
db.all(
'SELECT * FROM categories ORDER BY priority DESC, name ASC',
(err, rows) => {
if (err) reject(err)
else resolve(rows)
}
)
})
const categories = await db
.select()
.from(schema.categories)
.orderBy(desc(schema.categories.priority), asc(schema.categories.name))
return res.status(200).json(categories)
} catch (error) {
console.error('Database error:', error)
return res.status(500).json({ error: 'Internal server error' })
} finally {
db.close()
}
}

99
pages/api/admin/dashboard.ts
View File

@@ -1,6 +1,6 @@
import type { NextApiRequest, NextApiResponse } from 'next'
import sqlite3 from 'sqlite3'
import path from 'path'
import { db, schema } from '../../../lib/db/connection'
import { eq, and, gte, count } from 'drizzle-orm'
interface DashboardStats {
total_sources: number
@@ -19,54 +19,65 @@ export default async function handler(
return res.status(405).json({ error: 'Method not allowed' })
}
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const db = new sqlite3.Database(dbPath)
try {
const stats = await new Promise<DashboardStats>((resolve, reject) => {
const queries = [
"SELECT COUNT(*) as total_sources FROM sources WHERE status = 'verified'",
"SELECT COUNT(*) as pending_sources FROM sources WHERE status = 'pending'",
"SELECT COUNT(*) as pending_reports FROM reports WHERE status = 'pending'",
"SELECT COUNT(*) as high_risk_sources FROM sources WHERE status = 'verified' AND risk_level >= 4",
"SELECT COUNT(*) as sources_added_week FROM sources WHERE created_at > datetime('now', '-7 days')",
"SELECT COUNT(*) as reports_today FROM reports WHERE created_at > datetime('now', '-1 day')"
]
const results: any = {}
let completed = 0
queries.forEach((query, index) => {
db.get(query, (err, row: any) => {
if (err) {
reject(err)
return
}
const key = Object.keys(row)[0]
results[key] = row[key]
completed++
if (completed === queries.length) {
resolve({
total_sources: results.total_sources || 0,
pending_sources: results.pending_sources || 0,
pending_reports: results.pending_reports || 0,
high_risk_sources: results.high_risk_sources || 0,
sources_added_week: results.sources_added_week || 0,
reports_today: results.reports_today || 0
})
}
})
})
})
// Get all stats in parallel
const weekAgo = new Date()
weekAgo.setDate(weekAgo.getDate() - 7)
const dayAgo = new Date()
dayAgo.setDate(dayAgo.getDate() - 1)
const [
totalSources,
pendingSources,
pendingReports,
highRiskSources,
sourcesAddedWeek,
reportsToday
] = await Promise.all([
db.select({ count: count() })
.from(schema.sources)
.where(eq(schema.sources.status, 'verified')),
db.select({ count: count() })
.from(schema.sources)
.where(eq(schema.sources.status, 'pending')),
db.select({ count: count() })
.from(schema.reports)
.where(eq(schema.reports.status, 'pending')),
db.select({ count: count() })
.from(schema.sources)
.where(
and(
eq(schema.sources.status, 'verified'),
gte(schema.sources.riskLevel, 4)
)
),
db.select({ count: count() })
.from(schema.sources)
.where(gte(schema.sources.createdAt, weekAgo)),
db.select({ count: count() })
.from(schema.reports)
.where(gte(schema.reports.createdAt, dayAgo))
])
const stats: DashboardStats = {
total_sources: totalSources[0].count,
pending_sources: pendingSources[0].count,
pending_reports: pendingReports[0].count,
high_risk_sources: highRiskSources[0].count,
sources_added_week: sourcesAddedWeek[0].count,
reports_today: reportsToday[0].count
}
return res.status(200).json(stats)
} catch (error) {
console.error('Database error:', error)
return res.status(500).json({ error: 'Internal server error' })
} finally {
db.close()
}
}

55
pages/api/admin/reports/index.ts
View File

@@ -1,6 +1,6 @@
import type { NextApiRequest, NextApiResponse } from 'next'
import sqlite3 from 'sqlite3'
import path from 'path'
import { db, schema } from '../../../../lib/db/connection'
import { eq, desc } from 'drizzle-orm'
export default async function handler(
req: NextApiRequest,
@@ -12,44 +12,29 @@ export default async function handler(
const { status = 'pending', page = '1', limit = '20' } = req.query
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const db = new sqlite3.Database(dbPath)
try {
const reports = await new Promise<any[]>((resolve, reject) => {
const offset = (parseInt(page as string) - 1) * parseInt(limit as string)
db.all(
`SELECT *,
CASE
WHEN category_suggestions IS NOT NULL
THEN json_extract(category_suggestions, '$')
ELSE '[]'
END as category_suggestions
FROM reports
WHERE status = ?
ORDER BY created_at DESC
LIMIT ? OFFSET ?`,
[status, parseInt(limit as string), offset],
(err, rows: any[]) => {
if (err) reject(err)
else {
const processedRows = rows.map(row => ({
...row,
category_suggestions: row.category_suggestions ? JSON.parse(row.category_suggestions) : []
}))
resolve(processedRows)
}
}
)
})
const offset = (parseInt(page as string) - 1) * parseInt(limit as string)
const limitInt = parseInt(limit as string)
const reports = await db
.select()
.from(schema.reports)
.where(eq(schema.reports.status, status as any))
.orderBy(desc(schema.reports.createdAt))
.limit(limitInt)
.offset(offset)
return res.status(200).json(reports)
// Process the reports to parse JSON fields
const processedReports = reports.map(report => ({
...report,
categorySuggestions: report.categorySuggestions ? JSON.parse(report.categorySuggestions) : [],
evidenceUrls: report.evidenceUrls ? JSON.parse(report.evidenceUrls) : []
}))
return res.status(200).json(processedReports)
} catch (error) {
console.error('Database error:', error)
return res.status(500).json({ error: 'Internal server error' })
} finally {
db.close()
}
}

34
pages/api/admin/sources/index.ts
View File

@@ -1,6 +1,6 @@
import type { NextApiRequest, NextApiResponse } from 'next'
import sqlite3 from 'sqlite3'
import path from 'path'
import { db, schema } from '../../../../lib/db/connection'
import { eq, desc } from 'drizzle-orm'
export default async function handler(
req: NextApiRequest,
@@ -12,32 +12,22 @@ export default async function handler(
const { status = 'pending', page = '1', limit = '20' } = req.query
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const db = new sqlite3.Database(dbPath)
try {
const sources = await new Promise<any[]>((resolve, reject) => {
const offset = (parseInt(page as string) - 1) * parseInt(limit as string)
db.all(
`SELECT * FROM sources
WHERE status = ?
ORDER BY created_at DESC
LIMIT ? OFFSET ?`,
[status, parseInt(limit as string), offset],
(err, rows) => {
if (err) reject(err)
else resolve(rows)
}
)
})
const offset = (parseInt(page as string) - 1) * parseInt(limit as string)
const limitInt = parseInt(limit as string)
const sources = await db
.select()
.from(schema.sources)
.where(eq(schema.sources.status, status as any))
.orderBy(desc(schema.sources.createdAt))
.limit(limitInt)
.offset(offset)
return res.status(200).json(sources)
} catch (error) {
console.error('Database error:', error)
return res.status(500).json({ error: 'Internal server error' })
} finally {
db.close()
}
}

65
pages/api/admin/users.ts
View File

@@ -1,31 +1,26 @@
import type { NextApiRequest, NextApiResponse } from "next"
import sqlite3 from "sqlite3"
import path from "path"
import crypto from "crypto"
import { db, schema } from "../../../lib/db/connection"
import { eq, count, sql } from "drizzle-orm"
import * as bcrypt from "bcryptjs"
function hashPassword(password: string): { hash: string, salt: string } {
const salt = crypto.randomBytes(32).toString('hex')
const hash = crypto.pbkdf2Sync(password, salt, 10000, 64, 'sha256').toString('hex')
return { hash, salt }
async function hashPassword(password: string): Promise<string> {
return await bcrypt.hash(password, 12)
}
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
const dbPath = path.join(process.cwd(), "database", "antihoax.db")
const db = new sqlite3.Database(dbPath)
try {
if (req.method === "GET") {
const users = await new Promise<any[]>((resolve, reject) => {
db.all(
`SELECT id, email, role, is_active, created_at, last_login,
(SELECT COUNT(*) FROM sources WHERE moderator_id = users.id) as sources_moderated
FROM users ORDER BY created_at DESC`,
(err, rows) => {
if (err) reject(err)
else resolve(rows)
}
)
const users = await db.select({
id: schema.users.id,
email: schema.users.email,
role: schema.users.role,
isActive: schema.users.isActive,
createdAt: schema.users.createdAt,
lastLogin: schema.users.lastLogin,
sourcesModerated: sql<number>`(SELECT COUNT(*) FROM ${schema.sources} WHERE verified_by = ${schema.users.id})`
})
.from(schema.users)
.orderBy(schema.users.createdAt)
res.json({ users })
@@ -40,27 +35,25 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
return res.status(400).json({ error: "Invalid role" })
}
const { hash, salt } = hashPassword(password)
const passwordHash = await hashPassword(password)
const result = await new Promise<any>((resolve, reject) => {
db.run(
`INSERT INTO users (email, password_hash, salt, role, is_active, created_at)
VALUES (?, ?, ?, ?, 1, datetime('now'))`,
[email, hash, salt, role],
function(err) {
if (err) reject(err)
else resolve({ id: this.lastID })
}
)
})
const result = await db.insert(schema.users)
.values({
email,
passwordHash,
name: email.split('@')[0], // Use email username as name
role: role as 'admin' | 'moderator',
isActive: true
})
.returning({ id: schema.users.id })
res.json({
success: true,
user: {
id: result.id,
id: result[0].id,
email,
role,
is_active: true
isActive: true
}
})
@@ -70,12 +63,10 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
} catch (error: any) {
console.error('Users API error:', error)
if (error?.code === 'SQLITE_CONSTRAINT_UNIQUE') {
if (error?.code === '23505') {
res.status(400).json({ error: "User already exists" })
} else {
res.status(500).json({ error: "Operation failed" })
}
} finally {
db.close()
}
}

52
pages/api/auth/login.ts
View File

@@ -1,11 +1,7 @@
import type { NextApiRequest, NextApiResponse } from "next"
import sqlite3 from "sqlite3"
import path from "path"
import crypto from "crypto"
function hashPassword(password: string, salt: string): string {
return crypto.pbkdf2Sync(password, salt, 10000, 64, 'sha256').toString('hex')
}
import { db, schema } from '../../../lib/db/connection'
import { eq } from 'drizzle-orm'
import bcrypt from 'bcryptjs'
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
if (req.method !== "POST") return res.status(405).json({ error: "Method not allowed" })
@@ -16,45 +12,31 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
return res.status(400).json({ error: "Email and password required" })
}
const dbPath = path.join(process.cwd(), "database", "antihoax.db")
const db = new sqlite3.Database(dbPath)
try {
const user = await new Promise<any>((resolve, reject) => {
db.get(
"SELECT id, email, password_hash, salt, role, is_active FROM users WHERE email = ?",
[email],
(err, row) => {
if (err) reject(err)
else resolve(row)
}
)
})
const users = await db.select()
.from(schema.users)
.where(eq(schema.users.email, email))
.limit(1)
if (!user) {
if (users.length === 0) {
return res.status(401).json({ error: "Invalid credentials" })
}
if (!user.is_active) {
const user = users[0]
if (!user.isActive) {
return res.status(401).json({ error: "Account is disabled" })
}
const hashedPassword = hashPassword(password, user.salt)
if (hashedPassword !== user.password_hash) {
const isValidPassword = await bcrypt.compare(password, user.passwordHash)
if (!isValidPassword) {
return res.status(401).json({ error: "Invalid credentials" })
}
// Update last login
await new Promise<void>((resolve, reject) => {
db.run(
"UPDATE users SET last_login = datetime('now') WHERE id = ?",
[user.id],
(err) => {
if (err) reject(err)
else resolve()
}
)
})
await db.update(schema.users)
.set({ lastLogin: new Date() })
.where(eq(schema.users.id, user.id))
res.json({
success: true,
@@ -69,7 +51,5 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
} catch (error) {
console.error('Login error:', error)
res.status(500).json({ error: "Login failed" })
} finally {
db.close()
}
}

65
pages/api/domains/risky.ts
View File

@@ -1,6 +1,6 @@
import type { NextApiRequest, NextApiResponse } from 'next'
import sqlite3 from 'sqlite3'
import path from 'path'
import { db, schema } from '../../../lib/db/connection'
import { eq, gte, desc, count, sql } from 'drizzle-orm'
interface RiskyDomain {
domain: string
@@ -20,49 +20,36 @@ export default async function handler(
const { limit = '20' } = req.query
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const db = new sqlite3.Database(dbPath)
try {
const riskyDomains = await new Promise<RiskyDomain[]>((resolve, reject) => {
db.all(
`SELECT
s.domain,
COUNT(*) as source_count,
AVG(s.risk_level) as avg_risk_level,
MAX(s.risk_level) as max_risk_level,
GROUP_CONCAT(DISTINCT c.name) as categories
FROM sources s
LEFT JOIN source_categories sc ON s.id = sc.source_id
LEFT JOIN categories c ON sc.category_id = c.id
WHERE s.status = 'verified'
GROUP BY s.domain
HAVING AVG(s.risk_level) >= 3
ORDER BY avg_risk_level DESC, source_count DESC
LIMIT ?`,
[parseInt(limit as string)],
(err, rows: any[]) => {
if (err) reject(err)
else {
const domains = rows.map(row => ({
domain: row.domain,
source_count: row.source_count,
avg_risk_level: Math.round(row.avg_risk_level * 10) / 10,
max_risk_level: row.max_risk_level,
categories: row.categories ? row.categories.split(',') : []
}))
resolve(domains)
}
}
)
})
const riskyDomainsResult = await db
.select({
domain: schema.sources.domain,
sourceCount: count(),
avgRiskLevel: sql<number>`AVG(${schema.sources.riskLevel})`,
maxRiskLevel: sql<number>`MAX(${schema.sources.riskLevel})`,
categories: sql<string>`string_agg(DISTINCT ${schema.categories.name}, ',')`
})
.from(schema.sources)
.leftJoin(schema.sourceCategories, eq(schema.sources.id, schema.sourceCategories.sourceId))
.leftJoin(schema.categories, eq(schema.sourceCategories.categoryId, schema.categories.id))
.where(eq(schema.sources.status, 'verified'))
.groupBy(schema.sources.domain)
.having(gte(sql`AVG(${schema.sources.riskLevel})`, 3))
.orderBy(desc(sql`AVG(${schema.sources.riskLevel})`), desc(count()))
.limit(parseInt(limit as string))
const riskyDomains: RiskyDomain[] = riskyDomainsResult.map(row => ({
domain: row.domain,
source_count: row.sourceCount,
avg_risk_level: Math.round(row.avgRiskLevel * 10) / 10,
max_risk_level: row.maxRiskLevel,
categories: row.categories ? row.categories.split(',').filter(Boolean) : []
}))
return res.status(200).json(riskyDomains)
} catch (error) {
console.error('Database error:', error)
return res.status(500).json({ error: 'Internal server error' })
} finally {
db.close()
}
}

38
pages/api/reports.ts
View File

@@ -1,6 +1,5 @@
import type { NextApiRequest, NextApiResponse } from 'next'
import sqlite3 from 'sqlite3'
import path from 'path'
import { db, schema } from '../../lib/db/connection'
function extractDomain(url: string): string {
try {
@@ -30,31 +29,16 @@ export default async function handler(
return res.status(400).json({ error: 'Invalid URL format' })
}
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const db = new sqlite3.Database(dbPath)
try {
await new Promise<void>((resolve, reject) => {
db.run(
`INSERT INTO reports (
source_url, source_domain, reporter_email, reporter_name,
category_suggestions, description, ip_address, user_agent
) VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
[
source_url,
domain,
reporter_email || null,
reporter_name || null,
JSON.stringify(categories || []),
description,
req.headers['x-forwarded-for'] || req.connection.remoteAddress,
req.headers['user-agent']
],
function(err) {
if (err) reject(err)
else resolve()
}
)
await db.insert(schema.reports).values({
sourceUrl: source_url,
sourceDomain: domain,
reporterEmail: reporter_email || null,
reporterName: reporter_name || null,
categorySuggestions: JSON.stringify(categories || []),
description: description,
ipAddress: (req.headers['x-forwarded-for'] as string) || (req.socket?.remoteAddress),
userAgent: req.headers['user-agent'] || null
})
return res.status(200).json({ success: true, message: 'Report submitted successfully' })
@@ -62,7 +46,5 @@ export default async function handler(
} catch (error) {
console.error('Database error:', error)
return res.status(500).json({ error: 'Internal server error' })
} finally {
db.close()
}
}

123
pages/api/search/advanced.ts
View File

@@ -1,6 +1,6 @@
import type { NextApiRequest, NextApiResponse } from "next"
import sqlite3 from "sqlite3"
import path from "path"
import { db, schema } from '../../../lib/db/connection'
import { eq, and, or, like, gte, lte, desc, count, sql } from 'drizzle-orm'
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
if (req.method !== "GET") return res.status(405).json({ error: "Method not allowed" })
@@ -15,80 +15,113 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
limit = '20'
} = req.query
const dbPath = path.join(process.cwd(), "database", "antihoax.db")
const db = new sqlite3.Database(dbPath)
try {
let whereConditions = ["s.status = ?"]
let params: any[] = [status]
let whereConditions = [eq(schema.sources.status, status as string)]
if (q) {
whereConditions.push("(s.domain LIKE ? OR s.title LIKE ? OR s.description LIKE ?)")
params.push(`%${q}%`, `%${q}%`, `%${q}%`)
}
if (category) {
whereConditions.push("EXISTS (SELECT 1 FROM source_categories sc JOIN categories c ON sc.category_id = c.id WHERE sc.source_id = s.id AND c.name = ?)")
params.push(category)
whereConditions.push(
or(
like(schema.sources.domain, `%${q}%`),
like(schema.sources.title, `%${q}%`),
like(schema.sources.description, `%${q}%`)
)
)
}
if (risk_level_min) {
whereConditions.push("s.risk_level >= ?")
params.push(parseInt(risk_level_min as string))
whereConditions.push(gte(schema.sources.riskLevel, parseInt(risk_level_min as string)))
}
if (risk_level_max) {
whereConditions.push("s.risk_level <= ?")
params.push(parseInt(risk_level_max as string))
whereConditions.push(lte(schema.sources.riskLevel, parseInt(risk_level_max as string)))
}
const offset = (parseInt(page as string) - 1) * parseInt(limit as string)
const limitInt = parseInt(limit as string)
const query = `
SELECT s.*, GROUP_CONCAT(c.name) as categories,
COUNT(*) OVER() as total_count
FROM sources s
LEFT JOIN source_categories sc ON s.id = sc.source_id
LEFT JOIN categories c ON sc.category_id = c.id
WHERE ${whereConditions.join(' AND ')}
GROUP BY s.id
ORDER BY s.risk_level DESC, s.created_at DESC
LIMIT ? OFFSET ?
`
params.push(parseInt(limit as string), offset)
const results = await new Promise<any[]>((resolve, reject) => {
db.all(query, params, (err, rows) => {
if (err) reject(err)
else resolve(rows)
// Build the base query
let query = db
.select({
id: schema.sources.id,
domain: schema.sources.domain,
title: schema.sources.title,
riskLevel: schema.sources.riskLevel,
description: schema.sources.description,
createdAt: schema.sources.createdAt,
categories: sql<string>`string_agg(${schema.categories.name}, ',')`
})
})
.from(schema.sources)
.leftJoin(schema.sourceCategories, eq(schema.sources.id, schema.sourceCategories.sourceId))
.leftJoin(schema.categories, eq(schema.sourceCategories.categoryId, schema.categories.id))
.where(and(...whereConditions))
.groupBy(schema.sources.id, schema.sources.domain, schema.sources.title, schema.sources.riskLevel, schema.sources.description, schema.sources.createdAt)
.orderBy(desc(schema.sources.riskLevel), desc(schema.sources.createdAt))
.limit(limitInt)
.offset(offset)
const total = results.length > 0 ? results[0].total_count : 0
const totalPages = Math.ceil(total / parseInt(limit as string))
// Apply category filter if provided
if (category) {
query = db
.select({
id: schema.sources.id,
domain: schema.sources.domain,
title: schema.sources.title,
riskLevel: schema.sources.riskLevel,
description: schema.sources.description,
createdAt: schema.sources.createdAt,
categories: sql<string>`string_agg(${schema.categories.name}, ',')`
})
.from(schema.sources)
.innerJoin(schema.sourceCategories, eq(schema.sources.id, schema.sourceCategories.sourceId))
.innerJoin(schema.categories, eq(schema.sourceCategories.categoryId, schema.categories.id))
.where(and(...whereConditions, eq(schema.categories.name, category as string)))
.groupBy(schema.sources.id, schema.sources.domain, schema.sources.title, schema.sources.riskLevel, schema.sources.description, schema.sources.createdAt)
.orderBy(desc(schema.sources.riskLevel), desc(schema.sources.createdAt))
.limit(limitInt)
.offset(offset)
}
const results = await query
// Get total count for pagination
let countQuery = db
.select({ count: count() })
.from(schema.sources)
.where(and(...whereConditions))
if (category) {
countQuery = db
.select({ count: count() })
.from(schema.sources)
.innerJoin(schema.sourceCategories, eq(schema.sources.id, schema.sourceCategories.sourceId))
.innerJoin(schema.categories, eq(schema.sourceCategories.categoryId, schema.categories.id))
.where(and(...whereConditions, eq(schema.categories.name, category as string)))
}
const [totalResult] = await countQuery
const total = totalResult.count
const totalPages = Math.ceil(total / limitInt)
res.json({
results: results.map(row => ({
id: row.id,
domain: row.domain,
title: row.title,
risk_level: row.risk_level,
categories: row.categories ? row.categories.split(',') : [],
risk_level: row.riskLevel,
categories: row.categories ? row.categories.split(',').filter(Boolean) : [],
description: row.description,
created_at: row.created_at
created_at: row.createdAt
})),
pagination: {
page: parseInt(page as string),
limit: parseInt(limit as string),
limit: limitInt,
total,
totalPages
}
})
} catch (error) {
console.error('Search error:', error)
res.status(500).json({ error: "Search failed" })
} finally {
db.close()
}
}

29
pages/api/search/index.ts
View File

@@ -1,6 +1,6 @@
import type { NextApiRequest, NextApiResponse } from "next"
import sqlite3 from "sqlite3"
import path from "path"
import { db, schema } from '../../../lib/db/connection'
import { or, like } from 'drizzle-orm'
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
if (req.method !== "GET") return res.status(405).json({ error: "Method not allowed" })
@@ -8,24 +8,21 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
const { q } = req.query
if (!q) return res.status(400).json({ error: "Query required" })
const dbPath = path.join(process.cwd(), "database", "antihoax.db")
const db = new sqlite3.Database(dbPath)
try {
const results = await new Promise<any[]>((resolve, reject) => {
db.all(
"SELECT * FROM sources WHERE domain LIKE ? OR title LIKE ? LIMIT 20",
[`%${q}%`, `%${q}%`],
(err, rows) => {
if (err) reject(err)
else resolve(rows)
}
const results = await db
.select()
.from(schema.sources)
.where(
or(
like(schema.sources.domain, `%${q}%`),
like(schema.sources.title, `%${q}%`)
)
)
})
.limit(20)
res.json(results)
} catch (error) {
console.error('Search error:', error)
res.status(500).json({ error: "Database error" })
} finally {
db.close()
}
}

40
pages/api/sources/check.ts
View File

@@ -1,6 +1,6 @@
import type { NextApiRequest, NextApiResponse } from 'next'
import sqlite3 from 'sqlite3'
import path from 'path'
import { db, schema } from '../../../lib/db/connection'
import { eq, and, sql } from 'drizzle-orm'
import { rateLimit, getRateLimitHeaders } from '../../../lib/rate-limiter'
import { cache, getCacheKey } from '../../../lib/cache'
@@ -88,25 +88,23 @@ export default async function handler(
return res.status(200).json(cachedResult)
}
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const db = new sqlite3.Database(dbPath)
try {
const sources = await new Promise<any[]>((resolve, reject) => {
db.all(
`SELECT s.*, GROUP_CONCAT(c.name) as categories
FROM sources s
LEFT JOIN source_categories sc ON s.id = sc.source_id
LEFT JOIN categories c ON sc.category_id = c.id
WHERE s.domain = ? AND s.status = 'verified'
GROUP BY s.id`,
[domain],
(err, rows) => {
if (err) reject(err)
else resolve(rows)
}
const sources = await db
.select({
id: schema.sources.id,
riskLevel: schema.sources.riskLevel,
categories: sql<string>`string_agg(${schema.categories.name}, ',')`
})
.from(schema.sources)
.leftJoin(schema.sourceCategories, eq(schema.sources.id, schema.sourceCategories.sourceId))
.leftJoin(schema.categories, eq(schema.sourceCategories.categoryId, schema.categories.id))
.where(
and(
eq(schema.sources.domain, domain),
eq(schema.sources.status, 'verified')
)
)
})
.groupBy(schema.sources.id, schema.sources.riskLevel)
let result: CheckResponse
@@ -119,7 +117,7 @@ export default async function handler(
source_count: 0
}
} else {
const maxRiskLevel = Math.max(...sources.map(s => s.risk_level))
const maxRiskLevel = Math.max(...sources.map(s => s.riskLevel))
const allCategories = sources
.map(s => s.categories)
.filter(Boolean)
@@ -156,7 +154,5 @@ export default async function handler(
} catch (error) {
console.error('Database error:', error)
return res.status(500).json({ error: 'Internal server error' })
} finally {
db.close()
}
}

128
pages/api/stats.ts
View File

@@ -1,6 +1,6 @@
import type { NextApiRequest, NextApiResponse } from 'next'
import sqlite3 from 'sqlite3'
import path from 'path'
import { db, schema } from '../../lib/db/connection'
import { eq, gte, count, desc, sql } from 'drizzle-orm'
interface PublicStats {
total_sources: number
@@ -18,91 +18,69 @@ export default async function handler(
return res.status(405).json({ error: 'Method not allowed' })
}
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const db = new sqlite3.Database(dbPath)
try {
// Get basic counts
const totalSources = await new Promise<number>((resolve, reject) => {
db.get(
"SELECT COUNT(*) as count FROM sources WHERE status = 'verified'",
(err, row: any) => {
if (err) reject(err)
else resolve(row.count)
}
)
})
const [totalSourcesResult] = await db
.select({ count: count() })
.from(schema.sources)
.where(eq(schema.sources.status, 'verified'))
const highRiskSources = await new Promise<number>((resolve, reject) => {
db.get(
"SELECT COUNT(*) as count FROM sources WHERE status = 'verified' AND risk_level >= 4",
(err, row: any) => {
if (err) reject(err)
else resolve(row.count)
}
const [highRiskSourcesResult] = await db
.select({ count: count() })
.from(schema.sources)
.where(
sql`${schema.sources.status} = 'verified' AND ${schema.sources.riskLevel} >= 4`
)
})
const recentAdditions = await new Promise<number>((resolve, reject) => {
db.get(
"SELECT COUNT(*) as count FROM sources WHERE created_at > datetime('now', '-30 days')",
(err, row: any) => {
if (err) reject(err)
else resolve(row.count)
}
)
})
const thirtyDaysAgo = new Date()
thirtyDaysAgo.setDate(thirtyDaysAgo.getDate() - 30)
const [recentAdditionsResult] = await db
.select({ count: count() })
.from(schema.sources)
.where(gte(schema.sources.createdAt, thirtyDaysAgo))
// Get categories breakdown
const categoriesBreakdown = await new Promise<{ [key: string]: number }>((resolve, reject) => {
db.all(
`SELECT c.name, COUNT(*) as count
FROM categories c
JOIN source_categories sc ON c.id = sc.category_id
JOIN sources s ON sc.source_id = s.id
WHERE s.status = 'verified'
GROUP BY c.id, c.name`,
(err, rows: any[]) => {
if (err) reject(err)
else {
const breakdown: { [key: string]: number } = {}
rows.forEach(row => {
breakdown[row.name] = row.count
})
resolve(breakdown)
}
}
)
const categoriesBreakdownResult = await db
.select({
name: schema.categories.name,
count: count()
})
.from(schema.categories)
.innerJoin(schema.sourceCategories, eq(schema.categories.id, schema.sourceCategories.categoryId))
.innerJoin(schema.sources, eq(schema.sourceCategories.sourceId, schema.sources.id))
.where(eq(schema.sources.status, 'verified'))
.groupBy(schema.categories.id, schema.categories.name)
const categoriesBreakdown: { [key: string]: number } = {}
categoriesBreakdownResult.forEach(row => {
categoriesBreakdown[row.name] = row.count
})
// Get top risky domains
const topDomains = await new Promise<{ domain: string; count: number; risk_level: number }[]>((resolve, reject) => {
db.all(
`SELECT domain, COUNT(*) as count, AVG(risk_level) as avg_risk
FROM sources
WHERE status = 'verified'
GROUP BY domain
ORDER BY avg_risk DESC, count DESC
LIMIT 10`,
(err, rows: any[]) => {
if (err) reject(err)
else {
const domains = rows.map(row => ({
domain: row.domain,
count: row.count,
risk_level: Math.round(row.avg_risk * 10) / 10
}))
resolve(domains)
}
}
)
})
const topDomainsResult = await db
.select({
domain: schema.sources.domain,
count: count(),
avgRisk: sql<number>`AVG(${schema.sources.riskLevel})`
})
.from(schema.sources)
.where(eq(schema.sources.status, 'verified'))
.groupBy(schema.sources.domain)
.orderBy(desc(sql`AVG(${schema.sources.riskLevel})`), desc(count()))
.limit(10)
const topDomains = topDomainsResult.map(row => ({
domain: row.domain,
count: row.count,
risk_level: Math.round(row.avgRisk * 10) / 10
}))
const stats: PublicStats = {
total_sources: totalSources,
high_risk_sources: highRiskSources,
total_sources: totalSourcesResult.count,
high_risk_sources: highRiskSourcesResult.count,
categories_breakdown: categoriesBreakdown,
recent_additions: recentAdditions,
recent_additions: recentAdditionsResult.count,
top_domains: topDomains
}
@@ -111,7 +89,5 @@ export default async function handler(
} catch (error) {
console.error('Database error:', error)
return res.status(500).json({ error: 'Internal server error' })
} finally {
db.close()
}
}

19
scripts/seed.ts Normal file
View File

@@ -0,0 +1,19 @@
import * as dotenv from 'dotenv';
// Load environment variables first
dotenv.config({ path: '.env.local' });
import { seedDatabase } from '../lib/db/seed';
async function main() {
try {
console.log('Using DATABASE_URL:', process.env.DATABASE_URL ? 'configured' : 'missing');
await seedDatabase();
process.exit(0);
} catch (error) {
console.error('Failed to seed database:', error);
process.exit(1);
}
}
main();