feat: add loading and saving state and basic profile

Author: ericrallen

.gitignore

@@ -25,6 +25,7 @@
 
 # wrangler
 .dev.vars
+.wrangler
 
 npm-debug.log*
 yarn-debug.log*

.wrangler/state/v3/d1/miniflare-D1DatabaseObject/bed984b5526291744cc98b3ea8a452d1e4f8a81ef1f9ee5b6bae90ed257e8136.sqlite

@@ -0,0 +1,105 @@
+// Admin API: Get review history (approved/rejected engines)
+// GET /api/admin/history
+
+import type { Env } from '../../types';
+import { getAuthUser, isAdminEmail, json, errorResponse } from '../../utils';
+
+interface EngineRow {
+  id: string;
+  owner_id: string;
+  definition: string;
+  visibility: string;
+  submitted_for_review_at: string;
+  reviewed_at: string;
+  reviewed_by: string;
+  rejection_reason: string | null;
+  use_count: number;
+  created_at: string;
+  updated_at: string;
+  user_email: string;
+  user_display_name: string | null;
+  reviewer_email: string | null;
+  reviewer_display_name: string | null;
+}
+
+export const onRequestGet: PagesFunction<Env> = async (context) => {
+  const { request, env } = context;
+
+  try {
+    // Verify admin authentication
+    const session = await getAuthUser(request, env);
+    if (!session) {
+      return errorResponse('Unauthorized', 401);
+    }
+
+    if (!isAdminEmail(session.email, env)) {
+      return errorResponse('Forbidden - Admin access required', 403);
+    }
+
+    // Get query params for filtering
+    const url = new URL(request.url);
+    const filter = url.searchParams.get('filter') || 'all'; // 'all', 'approved', 'rejected'
+    const limit = Math.min(parseInt(url.searchParams.get('limit') || '50'), 100);
+
+    // Build visibility filter
+    let visibilityFilter = "e.visibility IN ('public', 'private')";
+    if (filter === 'approved') {
+      visibilityFilter = "e.visibility = 'public'";
+    } else if (filter === 'rejected') {
+      visibilityFilter = "e.visibility = 'private'";
+    }
+
+    // Get reviewed engines with user and reviewer info
+    const result = await env.DB.prepare(`
+      SELECT 
+        e.id,
+        e.owner_id,
+        e.definition,
+        e.visibility,
+        e.submitted_for_review_at,
+        e.reviewed_at,
+        e.reviewed_by,
+        e.rejection_reason,
+        e.use_count,
+        e.created_at,
+        e.updated_at,
+        p.email as user_email,
+        p.display_name as user_display_name,
+        r.email as reviewer_email,
+        r.display_name as reviewer_display_name
+      FROM engines e
+      JOIN profiles p ON e.owner_id = p.id
+      LEFT JOIN profiles r ON e.reviewed_by = r.id
+      WHERE e.reviewed_at IS NOT NULL
+        AND ${visibilityFilter}
+      ORDER BY e.reviewed_at DESC
+      LIMIT ?
+    `).bind(limit).all();
+
+    const engines = (result.results as unknown as EngineRow[]).map((row) => ({
+      id: row.id,
+      ownerId: row.owner_id,
+      definition: JSON.parse(row.definition),
+      visibility: row.visibility,
+      submittedAt: row.submitted_for_review_at,
+      reviewedAt: row.reviewed_at,
+      rejectionReason: row.rejection_reason,
+      useCount: row.use_count,
+      createdAt: row.created_at,
+      updatedAt: row.updated_at,
+      user: {
+        email: row.user_email,
+        displayName: row.user_display_name,
+      },
+      reviewer: row.reviewer_email ? {
+        email: row.reviewer_email,
+        displayName: row.reviewer_display_name,
+      } : null,
+    }));
+
+    return json({ engines });
+  } catch (error) {
+    console.error('Admin history error:', error);
+    return errorResponse('Failed to fetch review history', 500);
+  }
+};

.wrangler/state/v3/d1/miniflare-D1DatabaseObject/bed984b5526291744cc98b3ea8a452d1e4f8a81ef1f9ee5b6bae90ed257e8136.sqlite-shm

@@ -0,0 +1,73 @@
+// Admin API: Get pending engines for review
+// GET /api/admin/pending
+
+import type { Env } from '../../types';
+import { getAuthUser, isAdminEmail, json, errorResponse } from '../../utils';
+
+interface EngineRow {
+  id: string;
+  owner_id: string;
+  definition: string;
+  visibility: string;
+  submitted_at: string;
+  use_count: number;
+  created_at: string;
+  updated_at: string;
+  user_email: string;
+  user_display_name: string | null;
+}
+
+export const onRequestGet: PagesFunction<Env> = async (context) => {
+  const { request, env } = context;
+
+  try {
+    // Verify admin authentication
+    const session = await getAuthUser(request, env);
+    if (!session) {
+      return errorResponse('Unauthorized', 401);
+    }
+
+    if (!isAdminEmail(session.email, env)) {
+      return errorResponse('Forbidden - Admin access required', 403);
+    }
+
+    // Get all pending engines with user info
+    const result = await env.DB.prepare(`
+      SELECT 
+        e.id,
+        e.owner_id,
+        e.definition,
+        e.visibility,
+        e.submitted_for_review_at as submitted_at,
+        e.use_count,
+        e.created_at,
+        e.updated_at,
+        p.email as user_email,
+        p.display_name as user_display_name
+      FROM engines e
+      JOIN profiles p ON e.owner_id = p.id
+      WHERE e.visibility = 'pending_review'
+      ORDER BY e.submitted_for_review_at ASC
+    `).all();
+
+    const engines = (result.results as unknown as EngineRow[]).map((row) => ({
+      id: row.id,
+      ownerId: row.owner_id,
+      definition: JSON.parse(row.definition),
+      visibility: row.visibility,
+      submittedAt: row.submitted_at,
+      useCount: row.use_count,
+      createdAt: row.created_at,
+      updatedAt: row.updated_at,
+      user: {
+        email: row.user_email,
+        displayName: row.user_display_name,
+      },
+    }));
+
+    return json({ engines });
+  } catch (error) {
+    console.error('Admin pending error:', error);
+    return errorResponse('Failed to fetch pending engines', 500);
+  }
+};

.wrangler/state/v3/d1/miniflare-D1DatabaseObject/bed984b5526291744cc98b3ea8a452d1e4f8a81ef1f9ee5b6bae90ed257e8136.sqlite-wal

@@ -0,0 +1,89 @@
+// Admin API: Review (approve/reject) an engine
+// POST /api/admin/review
+
+import type { Env } from '../../types';
+import { getAuthUser, isAdminEmail, json, errorResponse } from '../../utils';
+
+interface ReviewRequest {
+  engineId: string;
+  action: 'approve' | 'reject';
+  reason?: string;
+}
+
+export const onRequestPost: PagesFunction<Env> = async (context) => {
+  const { request, env } = context;
+
+  try {
+    // Verify admin authentication
+    const session = await getAuthUser(request, env);
+    if (!session) {
+      return errorResponse('Unauthorized', 401);
+    }
+
+    if (!isAdminEmail(session.email, env)) {
+      return errorResponse('Forbidden - Admin access required', 403);
+    }
+
+    const body = await request.json() as ReviewRequest;
+    const { engineId, action, reason } = body;
+
+    if (!engineId || !action) {
+      return errorResponse('engineId and action are required', 400);
+    }
+
+    if (action !== 'approve' && action !== 'reject') {
+      return errorResponse('action must be "approve" or "reject"', 400);
+    }
+
+    // Get engine to verify it's pending
+    const engine = await env.DB.prepare(`
+      SELECT id, owner_id, visibility FROM engines WHERE id = ?
+    `).bind(engineId).first() as { id: string; owner_id: string; visibility: string } | null;
+
+    if (!engine) {
+      return errorResponse('Engine not found', 404);
+    }
+
+    if (engine.visibility !== 'pending_review') {
+      return errorResponse('Engine is not pending review', 400);
+    }
+
+    if (action === 'approve') {
+      // Approve: set visibility to public
+      await env.DB.prepare(`
+        UPDATE engines 
+        SET visibility = 'public', 
+            reviewed_at = datetime('now'),
+            reviewed_by = ?,
+            updated_at = datetime('now')
+        WHERE id = ?
+      `).bind(session.userId, engineId).run();
+
+      return json({ 
+        success: true, 
+        message: 'Engine approved and published to The Garden',
+        visibility: 'public'
+      });
+    } else {
+      // Reject: set visibility back to private
+      await env.DB.prepare(`
+        UPDATE engines 
+        SET visibility = 'private', 
+            reviewed_at = datetime('now'),
+            reviewed_by = ?,
+            rejection_reason = ?,
+            updated_at = datetime('now')
+        WHERE id = ?
+      `).bind(session.userId, reason || null, engineId).run();
+
+      return json({ 
+        success: true, 
+        message: 'Engine rejected and returned to private',
+        visibility: 'private'
+      });
+    }
+  } catch (error) {
+    console.error('Admin review error:', error);
+    return errorResponse('Failed to review engine', 500);
+  }
+};

functions/api/admin/history.ts

@@ -14,7 +14,7 @@ export const onRequestGet: PagesFunction<Env> = async (context) => {
 
   // Get user profile
   const user = await env.DB.prepare(`
-    SELECT id, email, display_name, avatar_url, is_admin, created_at, updated_at
+    SELECT id, email, display_name, avatar_url, is_admin, default_engine_id, created_at, updated_at
     FROM profiles
     WHERE id = ?
   `).bind(session.userId).first();
@@ -29,5 +29,6 @@ export const onRequestGet: PagesFunction<Env> = async (context) => {
     displayName: user.display_name,
     avatarUrl: user.avatar_url,
     isAdmin: user.is_admin === 1,
+    defaultEngineId: user.default_engine_id,
   });
 };