feat(backend): add report and admin routers

- POST /posts/:slug/report
- GET /admin/reports, DELETE /admin/posts/:slug, POST /admin/reports/:id/dismiss
- 관리자 API는 Bearer 토큰(ADMIN_SECRET) 인증

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: junzero741

apps/backend/src/admin/admin.router.ts

@@ -0,0 +1,61 @@
+import { Router, Request, Response, NextFunction } from 'express';
+import { ROUTE_PATTERNS } from '@private-board/shared';
+import { AppError } from '../lib/errors';
+import { getReports, deletePost, dismissReport } from './admin.service';
+
+const router = Router();
+
+function requireAdminSecret(req: Request, _res: Response, next: NextFunction) {
+  const secret = process.env.ADMIN_SECRET;
+  if (!secret) {
+    return next(new AppError(503, 'Admin not configured', 'ADMIN_NOT_CONFIGURED'));
+  }
+  const auth = req.headers.authorization;
+  if (!auth || auth !== `Bearer ${secret}`) {
+    return next(new AppError(401, 'Unauthorized', 'UNAUTHORIZED'));
+  }
+  next();
+}
+
+router.use(requireAdminSecret);
+
+router.get(ROUTE_PATTERNS.admin.reports, async (
+  _req: Request,
+  res: Response,
+  next: NextFunction
+) => {
+  try {
+    const reports = await getReports();
+    res.json(reports);
+  } catch (err) {
+    next(err);
+  }
+});
+
+router.delete(ROUTE_PATTERNS.admin.deletePost, async (
+  req: Request<{ slug: string }>,
+  res: Response,
+  next: NextFunction
+) => {
+  try {
+    await deletePost(req.params.slug);
+    res.status(204).end();
+  } catch (err) {
+    next(err);
+  }
+});
+
+router.post(ROUTE_PATTERNS.admin.dismissReport, async (
+  req: Request<{ id: string }>,
+  res: Response,
+  next: NextFunction
+) => {
+  try {
+    await dismissReport(req.params.id);
+    res.status(204).end();
+  } catch (err) {
+    next(err);
+  }
+});
+
+export default router;

apps/backend/src/main.ts

@@ -7,6 +7,8 @@ import { AppError } from './lib/errors';
 import { cleanupExpiredPosts } from './lib/cleanup';
 import postsRouter from './posts/posts.router';
 import uploadsRouter from './uploads/uploads.router';
+import reportsRouter from './reports/reports.router';
+import adminRouter from './admin/admin.router';
 
 const host = process.env.HOST ?? '0.0.0.0';
 const port = process.env.PORT ? Number(process.env.PORT) : 4000;
@@ -43,6 +45,8 @@ app.use('/uploads', express.static(uploadsDir));
 
 app.use('/posts', postsRouter);
 app.use('/uploads', uploadsRouter);
+app.use('/posts', reportsRouter);
+app.use('/admin', adminRouter);
 
 app.use((err: unknown, _req: Request, res: Response, _next: NextFunction) => {
   if (err instanceof AppError) {

apps/backend/src/reports/reports.router.ts

@@ -0,0 +1,29 @@
+import { Router, Request, Response, NextFunction } from 'express';
+import { ROUTE_PATTERNS, CreateReportRequest } from '@private-board/shared';
+import { AppError } from '../lib/errors';
+import { createReport } from './reports.service';
+
+const router = Router();
+
+router.post(ROUTE_PATTERNS.posts.report, async (
+  req: Request<{ slug: string }, void, Omit<CreateReportRequest, 'slug'>>,
+  res: Response,
+  next: NextFunction
+) => {
+  try {
+    const { slug } = req.params;
+    const { reason, description } = req.body;
+    const ip = req.ip ?? '0.0.0.0';
+
+    if (!reason) {
+      throw new AppError(400, 'reason is required', 'VALIDATION_ERROR');
+    }
+
+    await createReport(slug, reason, description, ip);
+    res.status(201).end();
+  } catch (err) {
+    next(err);
+  }
+});
+
+export default router;