hurkicorgi/mc-dashboard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
mc-dashboard/app/api/players/route.ts

111 lines
3.1 KiB
TypeScript
Raw Normal View History

Initial commit: Minecraft dashboard Next.js 16 + Tailwind v4 + shadcn v4 dashboard for managing a modded Forge 1.20.1 server. Includes server controls, player management, mod manager with Modrinth search and dependency resolution, world backups, snapshots, analytics, logs, and chat bridge. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 00:46:58 -06:00
import { NextRequest, NextResponse } from "next/server";
import { readFileSync } from "fs";
Role-based access: admin vs superadmin - Credentials provider now resolves two distinct accounts from env: SUPERADMIN_USERNAME / SUPERADMIN_PASSWORD → role "superadmin" ADMIN_USERNAME / ADMIN_PASSWORD → role "admin" The role is carried through the JWT and Session callbacks so the UI and API can gate on it. Types extended via types/next-auth.d.ts. - lib/auth.ts exports requireRole(minRole) and sessionRole(session). - /api/players POST rejects "op" and "deop" with 403 unless the caller is superadmin. All other player actions (whitelist add/remove, ban, pardon) remain available to both roles. - lib/use-role.ts (client hook) exposes role / isSuperadmin / authed for UI gating without duplicating session typing. - PlayerManager: Add-OP button and per-row Deop action are hidden or disabled for non-superadmin; when a regular admin is viewing the Ops tab, a banner explains the read-only state. - PlayerDrawer: Make Op / Deop button disabled with tooltip for non-superadmin; whitelist, ban, pardon unchanged. - Navbar: subtle role pill next to the user name ("Super" for superadmin amber-tinted, "Admin" for admin). - Migration note: the existing ADMIN_* credentials now log in as the restricted admin role. Set SUPERADMIN_USERNAME + SUPERADMIN_PASSWORD in .env.local to retain operator-management ability. A placeholder superadmin account was generated in .env.local; the password is in the commit terminal output only, not the repo. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 06:52:05 -06:00
import { auth, sessionRole } from "@/lib/auth";
Initial commit: Minecraft dashboard Next.js 16 + Tailwind v4 + shadcn v4 dashboard for managing a modded Forge 1.20.1 server. Includes server controls, player management, mod manager with Modrinth search and dependency resolution, world backups, snapshots, analytics, logs, and chat bridge. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 00:46:58 -06:00
import { sendCommand } from "@/lib/rcon";
Performance: RCON pooling, route caching, parallel status probe Server: - lib/cache.ts: tiny TTL memo for hot paths. - lib/rcon.ts: pooled connection with 30s idle close and one-shot retry; was opening a fresh TCP per RCON call. - /api/status: race protocol-ping + RCON with Promise.any (was sequential with 5s timeouts) and memo 3s; adds Cache-Control. - /api/players: memo 10s, invalidated on mutations. - /api/mods: getModDetails memo 10s (invalidated on install/remove) — eliminates per-request readdirSync/statSync/AdmZip parse. - /api/analytics: reverse-scan JSONL to window cutoff (O(window) vs O(file)) and memo 30s. - /api/logs: memo 2s to throttle journalctl spawns during Live mode. Client: - StatusCard + ServerControls: staleTime 5s, both poll every 10s, dedup via shared query key. - Analytics: staleTime 30s; memoize sparkline SVG paths. - Modrinth search icons + mc-heads avatars: width/height + loading=lazy + decoding=async. - next.config.ts: images.remotePatterns for future next/image migration, explicit compress=true. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 00:59:10 -06:00
import { memo, invalidate } from "@/lib/cache";
Initial commit: Minecraft dashboard Next.js 16 + Tailwind v4 + shadcn v4 dashboard for managing a modded Forge 1.20.1 server. Includes server controls, player management, mod manager with Modrinth search and dependency resolution, world backups, snapshots, analytics, logs, and chat bridge. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 00:46:58 -06:00
export const dynamic = "force-dynamic";
const OPS_FILE = "/home/minecraft/server/ops.json";
const WHITELIST_FILE = "/home/minecraft/server/whitelist.json";
const BANNED_FILE = "/home/minecraft/server/banned-players.json";
type OpsEntry = { uuid: string; name: string; level: number };
type WhitelistEntry = { uuid: string; name: string };
type BannedEntry = { uuid: string; name: string; reason: string; created: string; expires: string };
function readJson<T>(path: string): T[] {
try {
return JSON.parse(readFileSync(path, "utf8"));
} catch {
return [];
}
}
// GET — list ops, whitelist, banned players
export async function GET() {
const session = await auth();
if (!session) {
return NextResponse.json({ error: "Unauthorized" }, { status: 403 });
}
Performance: RCON pooling, route caching, parallel status probe Server: - lib/cache.ts: tiny TTL memo for hot paths. - lib/rcon.ts: pooled connection with 30s idle close and one-shot retry; was opening a fresh TCP per RCON call. - /api/status: race protocol-ping + RCON with Promise.any (was sequential with 5s timeouts) and memo 3s; adds Cache-Control. - /api/players: memo 10s, invalidated on mutations. - /api/mods: getModDetails memo 10s (invalidated on install/remove) — eliminates per-request readdirSync/statSync/AdmZip parse. - /api/analytics: reverse-scan JSONL to window cutoff (O(window) vs O(file)) and memo 30s. - /api/logs: memo 2s to throttle journalctl spawns during Live mode. Client: - StatusCard + ServerControls: staleTime 5s, both poll every 10s, dedup via shared query key. - Analytics: staleTime 30s; memoize sparkline SVG paths. - Modrinth search icons + mc-heads avatars: width/height + loading=lazy + decoding=async. - next.config.ts: images.remotePatterns for future next/image migration, explicit compress=true. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 00:59:10 -06:00
const data = memo("players", 10_000, () => {
const ops = readJson<OpsEntry>(OPS_FILE).map((e) => ({
name: e.name,
uuid: e.uuid,
level: e.level,
}));
const whitelist = readJson<WhitelistEntry>(WHITELIST_FILE).map((e) => ({
name: e.name,
uuid: e.uuid,
}));
const banned = readJson<BannedEntry>(BANNED_FILE).map((e) => ({
name: e.name,
uuid: e.uuid,
reason: e.reason,
}));
return { ops, whitelist, banned };
});
return NextResponse.json(data, {
headers: { "Cache-Control": "private, max-age=5" },
});
Initial commit: Minecraft dashboard Next.js 16 + Tailwind v4 + shadcn v4 dashboard for managing a modded Forge 1.20.1 server. Includes server controls, player management, mod manager with Modrinth search and dependency resolution, world backups, snapshots, analytics, logs, and chat bridge. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 00:46:58 -06:00
}
// POST — execute a player management command
export async function POST(req: NextRequest) {
const session = await auth();
if (!session) {
return NextResponse.json({ error: "Unauthorized" }, { status: 403 });
}
const { action, player, reason } = await req.json();
if (!player || !/^[a-zA-Z0-9_]{1,16}$/.test(player)) {
return NextResponse.json(
{ error: "Invalid player name" },
{ status: 400 }
);
}
const allowedActions = ["op", "deop", "whitelist add", "whitelist remove", "ban", "pardon"];
if (!allowedActions.includes(action)) {
return NextResponse.json(
{ error: "Invalid action" },
{ status: 400 }
);
}
Role-based access: admin vs superadmin - Credentials provider now resolves two distinct accounts from env: SUPERADMIN_USERNAME / SUPERADMIN_PASSWORD → role "superadmin" ADMIN_USERNAME / ADMIN_PASSWORD → role "admin" The role is carried through the JWT and Session callbacks so the UI and API can gate on it. Types extended via types/next-auth.d.ts. - lib/auth.ts exports requireRole(minRole) and sessionRole(session). - /api/players POST rejects "op" and "deop" with 403 unless the caller is superadmin. All other player actions (whitelist add/remove, ban, pardon) remain available to both roles. - lib/use-role.ts (client hook) exposes role / isSuperadmin / authed for UI gating without duplicating session typing. - PlayerManager: Add-OP button and per-row Deop action are hidden or disabled for non-superadmin; when a regular admin is viewing the Ops tab, a banner explains the read-only state. - PlayerDrawer: Make Op / Deop button disabled with tooltip for non-superadmin; whitelist, ban, pardon unchanged. - Navbar: subtle role pill next to the user name ("Super" for superadmin amber-tinted, "Admin" for admin). - Migration note: the existing ADMIN_* credentials now log in as the restricted admin role. Set SUPERADMIN_USERNAME + SUPERADMIN_PASSWORD in .env.local to retain operator-management ability. A placeholder superadmin account was generated in .env.local; the password is in the commit terminal output only, not the repo. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 06:52:05 -06:00
if ((action === "op" || action === "deop") && sessionRole(session) !== "superadmin") {
return NextResponse.json(
{ error: "Only super admins can manage operators" },
{ status: 403 }
);
}
Initial commit: Minecraft dashboard Next.js 16 + Tailwind v4 + shadcn v4 dashboard for managing a modded Forge 1.20.1 server. Includes server controls, player management, mod manager with Modrinth search and dependency resolution, world backups, snapshots, analytics, logs, and chat bridge. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 00:46:58 -06:00
let command = `${action} ${player}`;
if (action === "ban" && reason) {
command += ` ${reason}`;
}
try {
const response = await sendCommand(command);
// Force server to sync JSON files
if (action.startsWith("whitelist")) {
await sendCommand("whitelist reload");
}
// Wait for server to write JSON files to disk
await new Promise((r) => setTimeout(r, 500));
Performance: RCON pooling, route caching, parallel status probe Server: - lib/cache.ts: tiny TTL memo for hot paths. - lib/rcon.ts: pooled connection with 30s idle close and one-shot retry; was opening a fresh TCP per RCON call. - /api/status: race protocol-ping + RCON with Promise.any (was sequential with 5s timeouts) and memo 3s; adds Cache-Control. - /api/players: memo 10s, invalidated on mutations. - /api/mods: getModDetails memo 10s (invalidated on install/remove) — eliminates per-request readdirSync/statSync/AdmZip parse. - /api/analytics: reverse-scan JSONL to window cutoff (O(window) vs O(file)) and memo 30s. - /api/logs: memo 2s to throttle journalctl spawns during Live mode. Client: - StatusCard + ServerControls: staleTime 5s, both poll every 10s, dedup via shared query key. - Analytics: staleTime 30s; memoize sparkline SVG paths. - Modrinth search icons + mc-heads avatars: width/height + loading=lazy + decoding=async. - next.config.ts: images.remotePatterns for future next/image migration, explicit compress=true. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 00:59:10 -06:00
invalidate("players");
Initial commit: Minecraft dashboard Next.js 16 + Tailwind v4 + shadcn v4 dashboard for managing a modded Forge 1.20.1 server. Includes server controls, player management, mod manager with Modrinth search and dependency resolution, world backups, snapshots, analytics, logs, and chat bridge. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 00:46:58 -06:00
return NextResponse.json({ ok: true, response });
} catch (e) {
return NextResponse.json(
{ error: `RCON failed: ${(e as Error).message}. Is the server online?` },
{ status: 500 }
);
}
}
Reference in a new issue Copy permalink