davidovic/infohliadka
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

migrate from SQLite to PostgreSQL with Drizzle ORM

Browse Source 
- Updated all packages to latest versions (React 19, Next.js 14.2.32)
- Replaced sqlite3 with pg and drizzle-orm dependencies
- Created complete PostgreSQL schema with relationships and indexes
- Migrated all API endpoints from SQLite to Drizzle queries
- Added database seeding with sample data
- Updated authentication to use bcrypt instead of pbkdf2
- Configured connection pooling for PostgreSQL
- Updated app version to 1.0.0
- All endpoints tested and working correctly
This commit is contained in:
Lukas Davidovic
2025-09-06 12:56:33 +02:00
parent 52bde64e7f
commit 860070a302
26 changed files with 2526 additions and 2403 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
pages/api/admin/api-keys.ts
View File

@@ -1,24 +1,23 @@
import type { NextApiRequest, NextApiResponse } from "next"
import sqlite3 from "sqlite3"
import path from "path"
import { db, schema } from '../../../lib/db/connection'
import { desc, eq } from 'drizzle-orm'
import { generateApiKey, hashApiKey } from "../../../lib/api-auth"
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
const dbPath = path.join(process.cwd(), "database", "antihoax.db")
const db = new sqlite3.Database(dbPath)
try {
if (req.method === "GET") {
const keys = await new Promise<any[]>((resolve, reject) => {
db.all(
`SELECT id, name, permissions, rate_limit, is_active, last_used, created_at
FROM api_keys ORDER BY created_at DESC`,
(err, rows) => {
if (err) reject(err)
else resolve(rows)
}
)
})
const keys = await db
.select({
id: schema.apiKeys.id,
name: schema.apiKeys.name,
permissions: schema.apiKeys.permissions,
rateLimit: schema.apiKeys.rateLimit,
isActive: schema.apiKeys.isActive,
lastUsed: schema.apiKeys.lastUsed,
createdAt: schema.apiKeys.createdAt
})
.from(schema.apiKeys)
.orderBy(desc(schema.apiKeys.createdAt))
res.json({
keys: keys.map(key => ({
@@ -38,17 +37,16 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
const apiKey = generateApiKey()
const keyHash = hashApiKey(apiKey)
const result = await new Promise<any>((resolve, reject) => {
db.run(
`INSERT INTO api_keys (key_hash, name, permissions, rate_limit, is_active, created_at)
VALUES (?, ?, ?, ?, 1, datetime('now'))`,
[keyHash, name, JSON.stringify(permissions), rate_limit],
function(err) {
if (err) reject(err)
else resolve({ id: this.lastID })
}
)
})
const [result] = await db
.insert(schema.apiKeys)
.values({
keyHash: keyHash,
name: name,
permissions: JSON.stringify(permissions),
rateLimit: rate_limit,
isActive: true
})
.returning({ id: schema.apiKeys.id })
res.json({
success: true,
@@ -62,16 +60,10 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
} else if (req.method === "DELETE") {
const { id } = req.query
await new Promise<void>((resolve, reject) => {
db.run(
'UPDATE api_keys SET is_active = 0 WHERE id = ?',
[id],
(err) => {
if (err) reject(err)
else resolve()
}
)
})
await db
.update(schema.apiKeys)
.set({ isActive: false })
.where(eq(schema.apiKeys.id, parseInt(id as string)))
res.json({ success: true })
@@ -82,7 +74,5 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
} catch (error) {
console.error('API keys error:', error)
res.status(500).json({ error: "Operation failed" })
} finally {
db.close()
}
}

84
pages/api/admin/audit-logs.ts
View File

@@ -1,76 +1,74 @@
import type { NextApiRequest, NextApiResponse } from "next"
import sqlite3 from "sqlite3"
import path from "path"
import { db, schema } from '../../../lib/db/connection'
import { eq, and, desc, count } from 'drizzle-orm'
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
if (req.method !== "GET") return res.status(405).json({ error: "Method not allowed" })
const { page = '1', limit = '50', action, resource_type, user_id } = req.query
const dbPath = path.join(process.cwd(), "database", "antihoax.db")
const db = new sqlite3.Database(dbPath)
try {
let whereConditions: string[] = []
let params: any[] = []
let whereConditions = []
if (action) {
whereConditions.push("a.action = ?")
params.push(action)
whereConditions.push(eq(schema.auditLogs.action, action as string))
}
if (resource_type) {
whereConditions.push("a.resource_type = ?")
params.push(resource_type)
whereConditions.push(eq(schema.auditLogs.resourceType, resource_type as string))
}
if (user_id) {
whereConditions.push("a.user_id = ?")
params.push(parseInt(user_id as string))
whereConditions.push(eq(schema.auditLogs.userId, parseInt(user_id as string)))
}
const whereClause = whereConditions.length > 0 ? `WHERE ${whereConditions.join(' AND ')}` : ''
const offset = (parseInt(page as string) - 1) * parseInt(limit as string)
const limitInt = parseInt(limit as string)
const query = `
SELECT
a.*,
u.email as user_email,
COUNT(*) OVER() as total_count
FROM audit_logs a
LEFT JOIN users u ON a.user_id = u.id
${whereClause}
ORDER BY a.created_at DESC
LIMIT ? OFFSET ?
`
params.push(parseInt(limit as string), offset)
const logs = await new Promise<any[]>((resolve, reject) => {
db.all(query, params, (err, rows) => {
if (err) reject(err)
else resolve(rows)
// Get logs with user info
const logs = await db
.select({
id: schema.auditLogs.id,
userId: schema.auditLogs.userId,
userEmail: schema.users.email,
action: schema.auditLogs.action,
resourceType: schema.auditLogs.resourceType,
resourceId: schema.auditLogs.resourceId,
details: schema.auditLogs.details,
ipAddress: schema.auditLogs.ipAddress,
createdAt: schema.auditLogs.createdAt
})
})
.from(schema.auditLogs)
.leftJoin(schema.users, eq(schema.auditLogs.userId, schema.users.id))
.where(whereConditions.length > 0 ? and(...whereConditions) : undefined)
.orderBy(desc(schema.auditLogs.createdAt))
.limit(limitInt)
.offset(offset)
const total = logs.length > 0 ? logs[0].total_count : 0
const totalPages = Math.ceil(total / parseInt(limit as string))
// Get total count for pagination
const [totalResult] = await db
.select({ count: count() })
.from(schema.auditLogs)
.where(whereConditions.length > 0 ? and(...whereConditions) : undefined)
const total = totalResult.count
const totalPages = Math.ceil(total / limitInt)
res.json({
logs: logs.map(log => ({
id: log.id,
user_id: log.user_id,
user_email: log.user_email,
user_id: log.userId,
user_email: log.userEmail,
action: log.action,
resource_type: log.resource_type,
resource_id: log.resource_id,
resource_type: log.resourceType,
resource_id: log.resourceId,
details: log.details ? JSON.parse(log.details) : null,
ip_address: log.ip_address,
created_at: log.created_at
ip_address: log.ipAddress,
created_at: log.createdAt
})),
pagination: {
page: parseInt(page as string),
limit: parseInt(limit as string),
limit: limitInt,
total,
totalPages
}
@@ -79,7 +77,5 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
} catch (error) {
console.error('Audit logs error:', error)
res.status(500).json({ error: "Failed to fetch audit logs" })
} finally {
db.close()
}
}

68
pages/api/admin/bulk-import.ts
View File

@@ -1,10 +1,10 @@
import type { NextApiRequest, NextApiResponse } from "next"
import sqlite3 from "sqlite3"
import path from "path"
import { db, schema } from "../../../lib/db/connection"
import { eq } from "drizzle-orm"
interface BulkImportItem {
domain: string
risk_level: number
riskLevel: number
categories: string[]
description?: string
}
@@ -18,63 +18,57 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
return res.status(400).json({ error: "Sources array required" })
}
const dbPath = path.join(process.cwd(), "database", "antihoax.db")
const db = new sqlite3.Database(dbPath)
try {
let imported = 0
let skipped = 0
for (const source of sources) {
if (!source.domain || !source.risk_level) {
if (!source.domain || !source.riskLevel) {
skipped++
continue
}
// Check if domain already exists
const existing = await new Promise<any>((resolve, reject) => {
db.get(
"SELECT id FROM sources WHERE domain = ?",
[source.domain],
(err, row) => {
if (err) reject(err)
else resolve(row)
}
)
})
// Check if source already exists
const existing = await db.select()
.from(schema.sources)
.where(eq(schema.sources.domain, source.domain))
.limit(1)
if (existing) {
if (existing.length > 0) {
skipped++
continue
}
// Insert new source
await new Promise<void>((resolve, reject) => {
db.run(
`INSERT INTO sources (domain, title, risk_level, status, description, created_at)
VALUES (?, ?, ?, 'verified', ?, datetime('now'))`,
[source.domain, source.domain, source.risk_level, source.description || ''],
function(err) {
if (err) reject(err)
else resolve()
}
)
})
imported++
try {
const url = `https://${source.domain}`
await db.insert(schema.sources).values({
url,
domain: source.domain,
title: source.domain,
description: source.description || `Imported source: ${source.domain}`,
type: 'website',
status: 'pending',
riskLevel: source.riskLevel,
language: 'sk',
reportedBy: 'bulk-import'
})
imported++
} catch (error) {
console.error('Failed to import source:', source.domain, error)
skipped++
}
}
res.json({
success: true,
success: true,
imported,
skipped,
total: sources.length
message: `Imported ${imported} sources, skipped ${skipped}`
})
} catch (error) {
} catch (error: any) {
console.error('Bulk import error:', error)
res.status(500).json({ error: "Import failed" })
} finally {
db.close()
}
}

22
pages/api/admin/categories/index.ts
View File

@@ -1,6 +1,6 @@
import type { NextApiRequest, NextApiResponse } from 'next'
import sqlite3 from 'sqlite3'
import path from 'path'
import { db, schema } from '../../../../lib/db/connection'
import { desc, asc } from 'drizzle-orm'
export default async function handler(
req: NextApiRequest,
@@ -10,26 +10,16 @@ export default async function handler(
return res.status(405).json({ error: 'Method not allowed' })
}
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const db = new sqlite3.Database(dbPath)
try {
const categories = await new Promise<any[]>((resolve, reject) => {
db.all(
'SELECT * FROM categories ORDER BY priority DESC, name ASC',
(err, rows) => {
if (err) reject(err)
else resolve(rows)
}
)
})
const categories = await db
.select()
.from(schema.categories)
.orderBy(desc(schema.categories.priority), asc(schema.categories.name))
return res.status(200).json(categories)
} catch (error) {
console.error('Database error:', error)
return res.status(500).json({ error: 'Internal server error' })
} finally {
db.close()
}
}

99
pages/api/admin/dashboard.ts
View File

@@ -1,6 +1,6 @@
import type { NextApiRequest, NextApiResponse } from 'next'
import sqlite3 from 'sqlite3'
import path from 'path'
import { db, schema } from '../../../lib/db/connection'
import { eq, and, gte, count } from 'drizzle-orm'
interface DashboardStats {
total_sources: number
@@ -19,54 +19,65 @@ export default async function handler(
return res.status(405).json({ error: 'Method not allowed' })
}
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const db = new sqlite3.Database(dbPath)
try {
const stats = await new Promise<DashboardStats>((resolve, reject) => {
const queries = [
"SELECT COUNT(*) as total_sources FROM sources WHERE status = 'verified'",
"SELECT COUNT(*) as pending_sources FROM sources WHERE status = 'pending'",
"SELECT COUNT(*) as pending_reports FROM reports WHERE status = 'pending'",
"SELECT COUNT(*) as high_risk_sources FROM sources WHERE status = 'verified' AND risk_level >= 4",
"SELECT COUNT(*) as sources_added_week FROM sources WHERE created_at > datetime('now', '-7 days')",
"SELECT COUNT(*) as reports_today FROM reports WHERE created_at > datetime('now', '-1 day')"
]
const results: any = {}
let completed = 0
queries.forEach((query, index) => {
db.get(query, (err, row: any) => {
if (err) {
reject(err)
return
}
const key = Object.keys(row)[0]
results[key] = row[key]
completed++
if (completed === queries.length) {
resolve({
total_sources: results.total_sources || 0,
pending_sources: results.pending_sources || 0,
pending_reports: results.pending_reports || 0,
high_risk_sources: results.high_risk_sources || 0,
sources_added_week: results.sources_added_week || 0,
reports_today: results.reports_today || 0
})
}
})
})
})
// Get all stats in parallel
const weekAgo = new Date()
weekAgo.setDate(weekAgo.getDate() - 7)
const dayAgo = new Date()
dayAgo.setDate(dayAgo.getDate() - 1)
const [
totalSources,
pendingSources,
pendingReports,
highRiskSources,
sourcesAddedWeek,
reportsToday
] = await Promise.all([
db.select({ count: count() })
.from(schema.sources)
.where(eq(schema.sources.status, 'verified')),
db.select({ count: count() })
.from(schema.sources)
.where(eq(schema.sources.status, 'pending')),
db.select({ count: count() })
.from(schema.reports)
.where(eq(schema.reports.status, 'pending')),
db.select({ count: count() })
.from(schema.sources)
.where(
and(
eq(schema.sources.status, 'verified'),
gte(schema.sources.riskLevel, 4)
)
),
db.select({ count: count() })
.from(schema.sources)
.where(gte(schema.sources.createdAt, weekAgo)),
db.select({ count: count() })
.from(schema.reports)
.where(gte(schema.reports.createdAt, dayAgo))
])
const stats: DashboardStats = {
total_sources: totalSources[0].count,
pending_sources: pendingSources[0].count,
pending_reports: pendingReports[0].count,
high_risk_sources: highRiskSources[0].count,
sources_added_week: sourcesAddedWeek[0].count,
reports_today: reportsToday[0].count
}
return res.status(200).json(stats)
} catch (error) {
console.error('Database error:', error)
return res.status(500).json({ error: 'Internal server error' })
} finally {
db.close()
}
}

55
pages/api/admin/reports/index.ts
View File

@@ -1,6 +1,6 @@
import type { NextApiRequest, NextApiResponse } from 'next'
import sqlite3 from 'sqlite3'
import path from 'path'
import { db, schema } from '../../../../lib/db/connection'
import { eq, desc } from 'drizzle-orm'
export default async function handler(
req: NextApiRequest,
@@ -12,44 +12,29 @@ export default async function handler(
const { status = 'pending', page = '1', limit = '20' } = req.query
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const db = new sqlite3.Database(dbPath)
try {
const reports = await new Promise<any[]>((resolve, reject) => {
const offset = (parseInt(page as string) - 1) * parseInt(limit as string)
db.all(
`SELECT *,
CASE
WHEN category_suggestions IS NOT NULL
THEN json_extract(category_suggestions, '$')
ELSE '[]'
END as category_suggestions
FROM reports
WHERE status = ?
ORDER BY created_at DESC
LIMIT ? OFFSET ?`,
[status, parseInt(limit as string), offset],
(err, rows: any[]) => {
if (err) reject(err)
else {
const processedRows = rows.map(row => ({
...row,
category_suggestions: row.category_suggestions ? JSON.parse(row.category_suggestions) : []
}))
resolve(processedRows)
}
}
)
})
const offset = (parseInt(page as string) - 1) * parseInt(limit as string)
const limitInt = parseInt(limit as string)
const reports = await db
.select()
.from(schema.reports)
.where(eq(schema.reports.status, status as any))
.orderBy(desc(schema.reports.createdAt))
.limit(limitInt)
.offset(offset)
return res.status(200).json(reports)
// Process the reports to parse JSON fields
const processedReports = reports.map(report => ({
...report,
categorySuggestions: report.categorySuggestions ? JSON.parse(report.categorySuggestions) : [],
evidenceUrls: report.evidenceUrls ? JSON.parse(report.evidenceUrls) : []
}))
return res.status(200).json(processedReports)
} catch (error) {
console.error('Database error:', error)
return res.status(500).json({ error: 'Internal server error' })
} finally {
db.close()
}
}

34
pages/api/admin/sources/index.ts
View File

@@ -1,6 +1,6 @@
import type { NextApiRequest, NextApiResponse } from 'next'
import sqlite3 from 'sqlite3'
import path from 'path'
import { db, schema } from '../../../../lib/db/connection'
import { eq, desc } from 'drizzle-orm'
export default async function handler(
req: NextApiRequest,
@@ -12,32 +12,22 @@ export default async function handler(
const { status = 'pending', page = '1', limit = '20' } = req.query
const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
const db = new sqlite3.Database(dbPath)
try {
const sources = await new Promise<any[]>((resolve, reject) => {
const offset = (parseInt(page as string) - 1) * parseInt(limit as string)
db.all(
`SELECT * FROM sources
WHERE status = ?
ORDER BY created_at DESC
LIMIT ? OFFSET ?`,
[status, parseInt(limit as string), offset],
(err, rows) => {
if (err) reject(err)
else resolve(rows)
}
)
})
const offset = (parseInt(page as string) - 1) * parseInt(limit as string)
const limitInt = parseInt(limit as string)
const sources = await db
.select()
.from(schema.sources)
.where(eq(schema.sources.status, status as any))
.orderBy(desc(schema.sources.createdAt))
.limit(limitInt)
.offset(offset)
return res.status(200).json(sources)
} catch (error) {
console.error('Database error:', error)
return res.status(500).json({ error: 'Internal server error' })
} finally {
db.close()
}
}

65
pages/api/admin/users.ts
View File

@@ -1,31 +1,26 @@
import type { NextApiRequest, NextApiResponse } from "next"
import sqlite3 from "sqlite3"
import path from "path"
import crypto from "crypto"
import { db, schema } from "../../../lib/db/connection"
import { eq, count, sql } from "drizzle-orm"
import * as bcrypt from "bcryptjs"
function hashPassword(password: string): { hash: string, salt: string } {
const salt = crypto.randomBytes(32).toString('hex')
const hash = crypto.pbkdf2Sync(password, salt, 10000, 64, 'sha256').toString('hex')
return { hash, salt }
async function hashPassword(password: string): Promise<string> {
return await bcrypt.hash(password, 12)
}
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
const dbPath = path.join(process.cwd(), "database", "antihoax.db")
const db = new sqlite3.Database(dbPath)
try {
if (req.method === "GET") {
const users = await new Promise<any[]>((resolve, reject) => {
db.all(
`SELECT id, email, role, is_active, created_at, last_login,
(SELECT COUNT(*) FROM sources WHERE moderator_id = users.id) as sources_moderated
FROM users ORDER BY created_at DESC`,
(err, rows) => {
if (err) reject(err)
else resolve(rows)
}
)
const users = await db.select({
id: schema.users.id,
email: schema.users.email,
role: schema.users.role,
isActive: schema.users.isActive,
createdAt: schema.users.createdAt,
lastLogin: schema.users.lastLogin,
sourcesModerated: sql<number>`(SELECT COUNT(*) FROM ${schema.sources} WHERE verified_by = ${schema.users.id})`
})
.from(schema.users)
.orderBy(schema.users.createdAt)
res.json({ users })
@@ -40,27 +35,25 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
return res.status(400).json({ error: "Invalid role" })
}
const { hash, salt } = hashPassword(password)
const passwordHash = await hashPassword(password)
const result = await new Promise<any>((resolve, reject) => {
db.run(
`INSERT INTO users (email, password_hash, salt, role, is_active, created_at)
VALUES (?, ?, ?, ?, 1, datetime('now'))`,
[email, hash, salt, role],
function(err) {
if (err) reject(err)
else resolve({ id: this.lastID })
}
)
})
const result = await db.insert(schema.users)
.values({
email,
passwordHash,
name: email.split('@')[0], // Use email username as name
role: role as 'admin' | 'moderator',
isActive: true
})
.returning({ id: schema.users.id })
res.json({
success: true,
user: {
id: result.id,
id: result[0].id,
email,
role,
is_active: true
isActive: true
}
})
@@ -70,12 +63,10 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
} catch (error: any) {
console.error('Users API error:', error)
if (error?.code === 'SQLITE_CONSTRAINT_UNIQUE') {
if (error?.code === '23505') {
res.status(400).json({ error: "User already exists" })
} else {
res.status(500).json({ error: "Operation failed" })
}
} finally {
db.close()
}
}