Initial commit: Minecraft dashboard

Next.js 16 + Tailwind v4 + shadcn v4 dashboard for managing a modded
Forge 1.20.1 server. Includes server controls, player management, mod
manager with Modrinth search and dependency resolution, world backups,
snapshots, analytics, logs, and chat bridge.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

app/api/backups/download/route.ts

@@ -0,0 +1,38 @@
+import { NextRequest, NextResponse } from "next/server";
+import { existsSync, createReadStream, statSync } from "fs";
+import { join } from "path";
+import { auth } from "@/lib/auth";
+import { Readable } from "stream";
+
+export const dynamic = "force-dynamic";
+
+const BACKUP_DIR = "/home/minecraft/server/backups";
+
+export async function GET(req: NextRequest) {
+  const session = await auth();
+  if (!session) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 403 });
+  }
+
+  const name = req.nextUrl.searchParams.get("name");
+  if (!name || !name.endsWith(".tar.gz") || name.includes("/") || name.includes("..")) {
+    return NextResponse.json({ error: "Invalid name" }, { status: 400 });
+  }
+
+  const filePath = join(BACKUP_DIR, name);
+  if (!existsSync(filePath)) {
+    return NextResponse.json({ error: "Backup not found" }, { status: 404 });
+  }
+
+  const stat = statSync(filePath);
+  const stream = createReadStream(filePath);
+  const webStream = Readable.toWeb(stream) as ReadableStream;
+
+  return new Response(webStream, {
+    headers: {
+      "Content-Type": "application/gzip",
+      "Content-Disposition": `attachment; filename="${name}"`,
+      "Content-Length": stat.size.toString(),
+    },
+  });
+}

app/api/backups/restore/route.ts

@@ -0,0 +1,66 @@
+import { NextRequest, NextResponse } from "next/server";
+import { existsSync } from "fs";
+import { join } from "path";
+import { execSync, exec } from "child_process";
+import { auth } from "@/lib/auth";
+import { waitForServer } from "@/lib/mods";
+
+export const dynamic = "force-dynamic";
+
+const BACKUP_DIR = "/home/minecraft/server/backups";
+const WORLD_DIR = "/home/minecraft/server/world";
+const SERVER_DIR = "/home/minecraft/server";
+
+export async function POST(req: NextRequest) {
+  const session = await auth();
+  if (!session) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 403 });
+  }
+
+  const { name } = await req.json();
+  if (!name || !name.endsWith(".tar.gz") || name.includes("/") || name.includes("..")) {
+    return NextResponse.json({ error: "Invalid name" }, { status: 400 });
+  }
+
+  const filePath = join(BACKUP_DIR, name);
+  if (!existsSync(filePath)) {
+    return NextResponse.json({ error: "Backup not found" }, { status: 404 });
+  }
+
+  try {
+    // Stop server
+    execSync("sudo systemctl stop minecraft.service", { timeout: 30000 });
+
+    // Wait for it to stop
+    await new Promise((r) => setTimeout(r, 5000));
+
+    // Remove current world
+    execSync(`rm -rf ${WORLD_DIR}`);
+
+    // Extract backup
+    execSync(`tar xzf ${filePath} -C ${SERVER_DIR}`);
+
+    // Start server
+    await new Promise<void>((resolve, reject) => {
+      exec("sudo systemctl start minecraft.service", (err) => {
+        if (err) reject(err);
+        else resolve();
+      });
+    });
+
+    const online = await waitForServer(90000);
+
+    return NextResponse.json({
+      success: true,
+      online,
+      message: online
+        ? `World restored from "${name}". Server is online.`
+        : `World restored from "${name}". Server is starting...`,
+    });
+  } catch (e) {
+    return NextResponse.json(
+      { success: false, message: (e as Error).message },
+      { status: 500 }
+    );
+  }
+}

app/api/backups/route.ts

@@ -0,0 +1,75 @@
+import { NextRequest, NextResponse } from "next/server";
+import { readdirSync, statSync, unlinkSync, existsSync } from "fs";
+import { join } from "path";
+import { execSync, exec } from "child_process";
+import { auth } from "@/lib/auth";
+
+export const dynamic = "force-dynamic";
+
+const BACKUP_DIR = "/home/minecraft/server/backups";
+const BACKUP_SCRIPT = "/home/minecraft/dashboard/scripts/backup-world.sh";
+
+export async function GET() {
+  const session = await auth();
+  if (!session) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 403 });
+  }
+
+  if (!existsSync(BACKUP_DIR)) {
+    return NextResponse.json([]);
+  }
+
+  const files = readdirSync(BACKUP_DIR)
+    .filter((f) => f.endsWith(".tar.gz"))
+    .map((f) => {
+      const stat = statSync(join(BACKUP_DIR, f));
+      return {
+        name: f,
+        size: (stat.size / 1024 / 1024).toFixed(1) + " MB",
+        sizeBytes: stat.size,
+        createdAt: stat.mtime.toISOString(),
+      };
+    })
+    .sort((a, b) => new Date(b.createdAt).getTime() - new Date(a.createdAt).getTime());
+
+  return NextResponse.json(files);
+}
+
+// Create backup now
+export async function POST() {
+  const session = await auth();
+  if (!session) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 403 });
+  }
+
+  try {
+    execSync(`bash ${BACKUP_SCRIPT}`, { encoding: "utf8", timeout: 60000 });
+    return NextResponse.json({ ok: true, message: "Backup created" });
+  } catch (e) {
+    return NextResponse.json(
+      { error: (e as Error).message },
+      { status: 500 }
+    );
+  }
+}
+
+// Delete backup
+export async function DELETE(req: NextRequest) {
+  const session = await auth();
+  if (!session) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 403 });
+  }
+
+  const { name } = await req.json();
+  if (!name || !name.endsWith(".tar.gz") || name.includes("/") || name.includes("..")) {
+    return NextResponse.json({ error: "Invalid name" }, { status: 400 });
+  }
+
+  const filePath = join(BACKUP_DIR, name);
+  if (!existsSync(filePath)) {
+    return NextResponse.json({ error: "Backup not found" }, { status: 404 });
+  }
+
+  unlinkSync(filePath);
+  return NextResponse.json({ ok: true });
+}