chore: initial project scaffold with admin web, backend, desktop client, and deployment setup

Add monorepo structure for NexaVPN WireGuard control plane including: - .gitignore for node_modules, build artifacts, and environment files - README with project overview, monorepo layout, and quick start guide - Admin web UI with React, Vite, TypeScript, and nginx reverse proxy - API client with type definitions for users, devices, policies, gateways, and audit logs - Admin pages for dashboard, users, devices, policies, g
2026-03-15 16:32:34 +01:00
commit 830491cb0d
91 changed files with 5279 additions and 0 deletions
--- a/backend/internal/user/handler.go
+++ b/backend/internal/user/handler.go
@@ -0,0 +1,110 @@
+package user
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/google/uuid"
+
+	"github.com/nexavpn/nexavpn/backend/internal/apiutil"
+	"github.com/nexavpn/nexavpn/backend/internal/audit"
+	"github.com/nexavpn/nexavpn/backend/internal/httpserver"
+)
+
+type Handler struct {
+	service *Service
+	audit   *audit.Service
+}
+
+func NewHandler(service *Service, auditService *audit.Service) *Handler {
+	return &Handler{service: service, audit: auditService}
+}
+
+func (h *Handler) List(w http.ResponseWriter, r *http.Request) {
+	users, err := h.service.List(r.Context())
+	if err != nil {
+		apiutil.Error(w, http.StatusInternalServerError, "users_list_failed", "unable to list users")
+		return
+	}
+
+	apiutil.JSON(w, http.StatusOK, users)
+}
+
+func (h *Handler) Create(w http.ResponseWriter, r *http.Request) {
+	var input CreateRequest
+	if err := json.NewDecoder(r.Body).Decode(&input); err != nil {
+		apiutil.Error(w, http.StatusBadRequest, "invalid_json", "invalid request body")
+		return
+	}
+	if input.Role == "" {
+		input.Role = "user"
+	}
+
+	created, err := h.service.Create(r.Context(), input)
+	if err != nil {
+		apiutil.Error(w, http.StatusInternalServerError, "user_create_failed", "unable to create user")
+		return
+	}
+
+	if claims, ok := httpserver.ClaimsFromContext(r.Context()); ok {
+		_ = h.audit.Record(r.Context(), audit.Entry{
+			ActorUserID: &claims.UserID,
+			EntityType:  "user",
+			EntityID:    &created.ID,
+			EventType:   "admin.user.created",
+			Status:      "success",
+			Message:     "admin created user",
+			Metadata: map[string]any{
+				"username": created.Username,
+			},
+		})
+	}
+	apiutil.JSON(w, http.StatusCreated, created)
+}
+
+func (h *Handler) Disable(w http.ResponseWriter, r *http.Request) {
+	targetID, err := uuid.Parse(chi.URLParam(r, "id"))
+	if err != nil {
+		apiutil.Error(w, http.StatusBadRequest, "invalid_user_id", "invalid user id")
+		return
+	}
+	if err := h.service.SetActive(r.Context(), targetID.String(), false); err != nil {
+		apiutil.Error(w, http.StatusBadRequest, "user_disable_failed", "unable to disable user")
+		return
+	}
+	if claims, ok := httpserver.ClaimsFromContext(r.Context()); ok {
+		_ = h.audit.Record(r.Context(), audit.Entry{
+			ActorUserID: &claims.UserID,
+			EntityType:  "user",
+			EntityID:    &targetID,
+			EventType:   "admin.user.disabled",
+			Status:      "success",
+			Message:     "admin disabled user",
+		})
+	}
+	apiutil.JSON(w, http.StatusOK, map[string]any{"ok": true})
+}
+
+func (h *Handler) Enable(w http.ResponseWriter, r *http.Request) {
+	targetID, err := uuid.Parse(chi.URLParam(r, "id"))
+	if err != nil {
+		apiutil.Error(w, http.StatusBadRequest, "invalid_user_id", "invalid user id")
+		return
+	}
+	if err := h.service.SetActive(r.Context(), targetID.String(), true); err != nil {
+		apiutil.Error(w, http.StatusBadRequest, "user_enable_failed", "unable to enable user")
+		return
+	}
+	if claims, ok := httpserver.ClaimsFromContext(r.Context()); ok {
+		_ = h.audit.Record(r.Context(), audit.Entry{
+			ActorUserID: &claims.UserID,
+			EntityType:  "user",
+			EntityID:    &targetID,
+			EventType:   "admin.user.enabled",
+			Status:      "success",
+			Message:     "admin enabled user",
+		})
+	}
+	apiutil.JSON(w, http.StatusOK, map[string]any{"ok": true})
+}
--- a/backend/internal/user/repository.go
+++ b/backend/internal/user/repository.go
@@ -0,0 +1,64 @@
+package user
+
+import (
+	"context"
+
+	"github.com/google/uuid"
+	"github.com/jackc/pgx/v5/pgxpool"
+)
+
+type Repository interface {
+	List(ctx context.Context) ([]User, error)
+	Create(ctx context.Context, input CreateRequest, passwordHash string) (User, error)
+	SetActive(ctx context.Context, userID uuid.UUID, active bool) error
+}
+
+type PGRepository struct {
+	db *pgxpool.Pool
+}
+
+func NewPGRepository(db *pgxpool.Pool) *PGRepository {
+	return &PGRepository{db: db}
+}
+
+func (r *PGRepository) List(ctx context.Context) ([]User, error) {
+	rows, err := r.db.Query(ctx, `
+		select u.id, r.id, r.name, u.username, u.display_name, coalesce(u.email, ''), u.is_active
+		from users u
+		join roles r on r.id = u.role_id
+		where u.deleted_at is null
+		order by u.created_at desc
+	`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var users []User
+	for rows.Next() {
+		var item User
+		if err := rows.Scan(&item.ID, &item.RoleID, &item.RoleName, &item.Username, &item.DisplayName, &item.Email, &item.IsActive); err != nil {
+			return nil, err
+		}
+		users = append(users, item)
+	}
+	return users, rows.Err()
+}
+
+func (r *PGRepository) Create(ctx context.Context, input CreateRequest, passwordHash string) (User, error) {
+	const query = `
+		insert into users (id, role_id, username, display_name, email, password_hash)
+		values ($1, (select id from roles where name = $2), $3, $4, nullif($5, ''), $6)
+		returning id, username, display_name, coalesce(email, ''), is_active
+	`
+
+	item := User{RoleName: input.Role}
+	err := r.db.QueryRow(ctx, query, uuid.New(), input.Role, input.Username, input.DisplayName, input.Email, passwordHash).
+		Scan(&item.ID, &item.Username, &item.DisplayName, &item.Email, &item.IsActive)
+	return item, err
+}
+
+func (r *PGRepository) SetActive(ctx context.Context, userID uuid.UUID, active bool) error {
+	_, err := r.db.Exec(ctx, `update users set is_active = $2, updated_at = now() where id = $1`, userID, active)
+	return err
+}
--- a/backend/internal/user/service.go
+++ b/backend/internal/user/service.go
@@ -0,0 +1,37 @@
+package user
+
+import (
+	"context"
+
+	"github.com/google/uuid"
+
+	"github.com/nexavpn/nexavpn/backend/internal/auth"
+)
+
+type Service struct {
+	repo Repository
+}
+
+func NewService(repo Repository) *Service {
+	return &Service{repo: repo}
+}
+
+func (s *Service) List(ctx context.Context) ([]User, error) {
+	return s.repo.List(ctx)
+}
+
+func (s *Service) Create(ctx context.Context, input CreateRequest) (User, error) {
+	passwordHash, err := auth.HashPassword(input.Password)
+	if err != nil {
+		return User{}, err
+	}
+	return s.repo.Create(ctx, input, passwordHash)
+}
+
+func (s *Service) SetActive(ctx context.Context, userID string, active bool) error {
+	id, err := uuid.Parse(userID)
+	if err != nil {
+		return err
+	}
+	return s.repo.SetActive(ctx, id, active)
+}
--- a/backend/internal/user/types.go
+++ b/backend/internal/user/types.go
@@ -0,0 +1,27 @@
+package user
+
+import "github.com/google/uuid"
+
+type User struct {
+	ID          uuid.UUID `json:"id"`
+	RoleID      uuid.UUID `json:"role_id,omitempty"`
+	RoleName    string    `json:"role"`
+	Username    string    `json:"username"`
+	DisplayName string    `json:"display_name"`
+	Email       string    `json:"email,omitempty"`
+	IsActive    bool      `json:"is_active"`
+}
+
+type CreateRequest struct {
+	Username    string `json:"username"`
+	DisplayName string `json:"display_name"`
+	Email       string `json:"email"`
+	Password    string `json:"password"`
+	Role        string `json:"role"`
+}
+
+type UpdateRequest struct {
+	DisplayName *string `json:"display_name"`
+	Email       *string `json:"email"`
+	IsActive    *bool   `json:"is_active"`
+}