feat: adding background jobs ui page and apis - requires user is_admin to be set to true

internal/api/httpmiddleware/platform_admin.go

@@ -0,0 +1,45 @@
+package httpmiddleware
+
+import (
+	"net/http"
+
+	"github.com/glueops/autoglue/internal/utils"
+)
+
+// RequireAuthenticatedUser ensures a user principal is present (i.e. not an org/machine key).
+func RequireAuthenticatedUser() func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if user, ok := UserFrom(r.Context()); !ok || user == nil {
+				// No user in context -> probably org/machine principal, or unauthenticated
+				utils.WriteError(w, http.StatusUnauthorized, "unauthorized", "user principal required")
+				return
+			}
+			next.ServeHTTP(w, r)
+		})
+	}
+}
+
+// RequirePlatformAdmin requires a user principal with IsAdmin=true.
+// This is platform-wide (non-org) admin and does NOT depend on org roles.
+func RequirePlatformAdmin() func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			user, ok := UserFrom(r.Context())
+			if !ok || user == nil {
+				utils.WriteError(w, http.StatusUnauthorized, "unauthorized", "user principal required")
+				return
+			}
+			if !user.IsAdmin {
+				utils.WriteError(w, http.StatusForbidden, "forbidden", "platform admin required")
+				return
+			}
+			next.ServeHTTP(w, r)
+		})
+	}
+}
+
+// RequireUserAdmin is an alias for RequirePlatformAdmin for readability at call sites.
+func RequireUserAdmin() func(http.Handler) http.Handler {
+	return RequirePlatformAdmin()
+}

internal/api/routes.go

@@ -9,6 +9,7 @@ import (
 
 	"github.com/glueops/autoglue/docs"
 	"github.com/glueops/autoglue/internal/api/httpmiddleware"
+	"github.com/glueops/autoglue/internal/bg"
 	"github.com/glueops/autoglue/internal/config"
 	"github.com/glueops/autoglue/internal/handlers"
 	"github.com/glueops/autoglue/internal/web"
@@ -26,7 +27,7 @@ import (
 	httpSwagger "github.com/swaggo/http-swagger/v2"
 )
 
-func NewRouter(db *gorm.DB) http.Handler {
+func NewRouter(db *gorm.DB, jobs *bg.Jobs) http.Handler {
 	zerolog.TimeFieldFormat = time.RFC3339
 
 	l := log.Output(zerolog.ConsoleWriter{Out: os.Stdout, TimeFormat: "15:04:05"})
@@ -78,6 +79,17 @@ func NewRouter(db *gorm.DB) http.Handler {
 				a.Post("/logout", handlers.Logout(db))
 			})
 
+			v1.Route("/admin/archer", func(a chi.Router) {
+				a.Use(authUser)
+				a.Use(httpmiddleware.RequirePlatformAdmin())
+
+				a.Get("/jobs", handlers.AdminListArcherJobs(db))
+				a.Post("/jobs", handlers.AdminEnqueueArcherJob(db, jobs))
+				a.Post("/jobs/{id}/retry", handlers.AdminRetryArcherJob(db))
+				a.Post("/jobs/{id}/cancel", handlers.AdminCancelArcherJob(db))
+				a.Get("/queues", handlers.AdminListArcherQueues(db))
+			})
+
 			v1.Route("/me", func(me chi.Router) {
 				me.Use(authUser)
 
@@ -139,13 +151,22 @@ func NewRouter(db *gorm.DB) http.Handler {
 				s.Delete("/{id}", handlers.DeleteTaint(db))
 			})
 
-			v1.Route("/labels", func(s chi.Router) {
-				s.Use(authOrg)
-				s.Get("/", handlers.ListLabels(db))
-				s.Post("/", handlers.CreateLabel(db))
-				s.Get("/{id}", handlers.GetLabel(db))
-				s.Patch("/{id}", handlers.UpdateLabel(db))
-				s.Delete("/{id}", handlers.DeleteLabel(db))
+			v1.Route("/labels", func(l chi.Router) {
+				l.Use(authOrg)
+				l.Get("/", handlers.ListLabels(db))
+				l.Post("/", handlers.CreateLabel(db))
+				l.Get("/{id}", handlers.GetLabel(db))
+				l.Patch("/{id}", handlers.UpdateLabel(db))
+				l.Delete("/{id}", handlers.DeleteLabel(db))
+			})
+
+			v1.Route("/annotations", func(a chi.Router) {
+				a.Use(authOrg)
+				a.Get("/", handlers.ListAnnotations(db))
+				a.Post("/", handlers.CreateAnnotation(db))
+				a.Get("/{id}", handlers.GetAnnotation(db))
+				a.Patch("/{id}", handlers.UpdateAnnotation(db))
+				a.Delete("/{id}", handlers.DeleteAnnotation(db))
 			})
 		})
 	})