feat: add authentication and user management features

- Implemented AuthButton component for Discord sign-in and sign-out functionality.
- Created CopyButton component for copying server IP addresses.
- Developed EventCard and GradeCard components for displaying events and grades.
- Added Footer and Navbar components for site navigation and information.
- Introduced PurchaseButton for handling grade purchases with Stripe integration.
- Created SectionHeader component for consistent section titles.
- Implemented session management with SessionProvider for NextAuth.
- Set up PostgreSQL database with Docker and Prisma for data management.
- Added admin guard functionality to restrict access to certain routes.
- Configured NextAuth with Discord provider for user authentication.
- Defined Prisma schema for user, admin, grade, event, and purchase models.
- Seeded database with initial grades and events data.
- Added SVG hero image for the landing page.
- Extended NextAuth types to include additional user properties.

app/api/admin/admins/[id]/route.ts

@@ -0,0 +1,17 @@
+import type { NextRequest } from "next/server";
+import { db } from "@/lib/db";
+import { requireAdmin } from "@/lib/admin";
+
+export const dynamic = "force-dynamic";
+
+export async function DELETE(
+  _request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  const guard = await requireAdmin();
+  if (!guard.ok) return guard.response;
+
+  const { id } = await params;
+  await db.admin.delete({ where: { id } });
+  return Response.json({ ok: true });
+}

app/api/admin/admins/route.ts

@@ -0,0 +1,73 @@
+import { db } from "@/lib/db";
+import { requireAdmin } from "@/lib/admin";
+
+export const dynamic = "force-dynamic";
+
+type AdminWithUser = {
+  id: string;
+  discordId: string;
+  user: {
+    name?: string | null;
+    email?: string | null;
+    discordUsername?: string | null;
+  } | null;
+};
+
+export async function GET() {
+  const guard = await requireAdmin();
+  if (!guard.ok) return guard.response;
+
+  const admins = await db.admin.findMany({
+    orderBy: { createdAt: "desc" },
+    include: { user: true },
+  });
+
+  const adminUsers = admins as AdminWithUser[];
+
+  return Response.json(
+    adminUsers.map((admin) => ({
+      id: admin.id,
+      discordId: admin.discordId,
+      user: admin.user
+        ? {
+            name: admin.user.name,
+            email: admin.user.email,
+            discordUsername: admin.user.discordUsername,
+          }
+        : null,
+    }))
+  );
+}
+
+export async function POST(request: Request) {
+  const guard = await requireAdmin();
+  if (!guard.ok) return guard.response;
+
+  const body = await request.json();
+  const discordId = body?.discordId?.toString().trim();
+
+  if (!discordId) {
+    return Response.json({ error: "Discord ID required" }, { status: 400 });
+  }
+
+  const user = await db.user.findUnique({ where: { discordId } });
+  if (!user) {
+    return Response.json({ error: "User not found" }, { status: 404 });
+  }
+
+  const admin = await db.admin.upsert({
+    where: { discordId },
+    update: {},
+    create: { discordId, userId: user.id },
+  });
+
+  return Response.json({
+    id: admin.id,
+    discordId: admin.discordId,
+    user: {
+      name: user.name,
+      email: user.email,
+      discordUsername: user.discordUsername,
+    },
+  });
+}

app/api/admin/events/[id]/route.ts

@@ -0,0 +1,49 @@
+import type { NextRequest } from "next/server";
+import { db } from "@/lib/db";
+import { requireAdmin } from "@/lib/admin";
+
+export const dynamic = "force-dynamic";
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  const guard = await requireAdmin();
+  if (!guard.ok) return guard.response;
+
+  const { id } = await params;
+
+  const body = await request.json();
+  const title = body?.title?.toString().trim();
+  const description = body?.description?.toString().trim();
+  const eventDateValue = body?.eventDate?.toString();
+  const eventDate = eventDateValue ? new Date(eventDateValue) : null;
+
+  if (!title || !description || !eventDate || Number.isNaN(eventDate.getTime())) {
+    return Response.json({ error: "Invalid payload" }, { status: 400 });
+  }
+
+  const event = await db.event.update({
+    where: { id },
+    data: { title, description, eventDate },
+  });
+
+  return Response.json({
+    id: event.id,
+    title: event.title,
+    description: event.description,
+    eventDate: event.eventDate.toISOString(),
+  });
+}
+
+export async function DELETE(
+  _request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  const guard = await requireAdmin();
+  if (!guard.ok) return guard.response;
+
+  const { id } = await params;
+  await db.event.delete({ where: { id } });
+  return Response.json({ ok: true });
+}

app/api/admin/events/route.ts

@@ -0,0 +1,38 @@
+import { db } from "@/lib/db";
+import { requireAdmin } from "@/lib/admin";
+
+export const dynamic = "force-dynamic";
+
+export async function GET() {
+  const guard = await requireAdmin();
+  if (!guard.ok) return guard.response;
+
+  const events = await db.event.findMany({ orderBy: { eventDate: "asc" } });
+  return Response.json(events);
+}
+
+export async function POST(request: Request) {
+  const guard = await requireAdmin();
+  if (!guard.ok) return guard.response;
+
+  const body = await request.json();
+  const title = body?.title?.toString().trim();
+  const description = body?.description?.toString().trim();
+  const eventDateValue = body?.eventDate?.toString();
+  const eventDate = eventDateValue ? new Date(eventDateValue) : null;
+
+  if (!title || !description || !eventDate || Number.isNaN(eventDate.getTime())) {
+    return Response.json({ error: "Invalid payload" }, { status: 400 });
+  }
+
+  const event = await db.event.create({
+    data: { title, description, eventDate },
+  });
+
+  return Response.json({
+    id: event.id,
+    title: event.title,
+    description: event.description,
+    eventDate: event.eventDate.toISOString(),
+  });
+}

app/api/admin/grades/[id]/route.ts

@@ -0,0 +1,43 @@
+import type { NextRequest } from "next/server";
+import { db } from "@/lib/db";
+import { requireAdmin } from "@/lib/admin";
+
+export const dynamic = "force-dynamic";
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  const guard = await requireAdmin();
+  if (!guard.ok) return guard.response;
+
+  const { id } = await params;
+
+  const body = await request.json();
+  const name = body?.name?.toString().trim();
+  const price = Number(body?.price);
+  const description = body?.description?.toString().trim();
+
+  if (!name || Number.isNaN(price) || !description) {
+    return Response.json({ error: "Invalid payload" }, { status: 400 });
+  }
+
+  const grade = await db.grade.update({
+    where: { id },
+    data: { name, price, description },
+  });
+
+  return Response.json(grade);
+}
+
+export async function DELETE(
+  _request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  const guard = await requireAdmin();
+  if (!guard.ok) return guard.response;
+
+  const { id } = await params;
+  await db.grade.delete({ where: { id } });
+  return Response.json({ ok: true });
+}

app/api/admin/grades/route.ts

@@ -0,0 +1,32 @@
+import { db } from "@/lib/db";
+import { requireAdmin } from "@/lib/admin";
+
+export const dynamic = "force-dynamic";
+
+export async function GET() {
+  const guard = await requireAdmin();
+  if (!guard.ok) return guard.response;
+
+  const grades = await db.grade.findMany({ orderBy: { price: "asc" } });
+  return Response.json(grades);
+}
+
+export async function POST(request: Request) {
+  const guard = await requireAdmin();
+  if (!guard.ok) return guard.response;
+
+  const body = await request.json();
+  const name = body?.name?.toString().trim();
+  const price = Number(body?.price);
+  const description = body?.description?.toString().trim();
+
+  if (!name || Number.isNaN(price) || !description) {
+    return Response.json({ error: "Invalid payload" }, { status: 400 });
+  }
+
+  const grade = await db.grade.create({
+    data: { name, price, description },
+  });
+
+  return Response.json(grade);
+}

app/api/auth/[...nextauth]/route.ts

@@ -0,0 +1,6 @@
+import NextAuth from "next-auth";
+import { authOptions } from "@/lib/auth";
+
+const handler = NextAuth(authOptions);
+
+export { handler as GET, handler as POST };

app/api/checkout/route.ts

@@ -0,0 +1,97 @@
+import Stripe from "stripe";
+import { db } from "@/lib/db";
+import { fallbackGrades } from "@/lib/site";
+
+export const dynamic = "force-dynamic";
+
+const stripeSecretKey = process.env.STRIPE_SECRET_KEY;
+const stripe = stripeSecretKey
+  ? new Stripe(stripeSecretKey, {
+      apiVersion: "2023-10-16",
+    })
+  : null;
+
+const minecraftNameRegex = /^[A-Za-z0-9_]{3,16}$/;
+
+type GradeInfo = {
+  id: string;
+  name: string;
+  price: number;
+  description: string;
+};
+
+const getGradeById = async (gradeId: string): Promise<GradeInfo | null> => {
+  try {
+    const grade = await db.grade.findUnique({ where: { id: gradeId } });
+    if (grade) {
+      return {
+        id: grade.id,
+        name: grade.name,
+        price: grade.price,
+        description: grade.description,
+      };
+    }
+  } catch {
+    // ignore db errors and fall back to static data
+  }
+
+  return fallbackGrades.find((grade) => grade.id === gradeId) ?? null;
+};
+
+export async function POST(request: Request) {
+  const body = await request.json().catch(() => ({}));
+  const gradeId = body?.gradeId?.toString();
+  const minecraftUsername = body?.minecraftUsername?.toString().trim();
+
+  if (!gradeId || !minecraftUsername) {
+    return Response.json({ error: "Missing checkout details." }, { status: 400 });
+  }
+
+  if (!minecraftNameRegex.test(minecraftUsername)) {
+    return Response.json(
+      { error: "Invalid Minecraft username." },
+      { status: 400 }
+    );
+  }
+
+  const grade = await getGradeById(gradeId);
+  if (!grade) {
+    return Response.json({ error: "Grade not found." }, { status: 404 });
+  }
+
+  if (!stripe) {
+    return Response.json({ error: "Stripe not configured." }, { status: 500 });
+  }
+
+  const baseUrl = process.env.NEXTAUTH_URL ?? "http://localhost:3000";
+  const session = await stripe.checkout.sessions.create({
+    mode: "payment",
+    payment_method_types: ["card"],
+    success_url: `${baseUrl}/?checkout=success`,
+    cancel_url: `${baseUrl}/?checkout=cancel`,
+    line_items: [
+      {
+        price_data: {
+          currency: "eur",
+          unit_amount: Math.round(grade.price * 100),
+          product_data: {
+            name: grade.name,
+            description: grade.description,
+          },
+        },
+        quantity: 1,
+      },
+    ],
+    metadata: {
+      gradeId: grade.id,
+      minecraftUsername,
+    },
+    client_reference_id: minecraftUsername,
+  });
+
+  if (!session.url) {
+    return Response.json({ error: "Stripe session failed." }, { status: 500 });
+  }
+
+  return Response.json({ url: session.url });
+}

app/api/events/route.ts

@@ -0,0 +1,8 @@
+import { db } from "@/lib/db";
+
+export const dynamic = "force-dynamic";
+
+export async function GET() {
+  const events = await db.event.findMany({ orderBy: { eventDate: "asc" } });
+  return Response.json(events);
+}

app/api/grades/route.ts

@@ -0,0 +1,8 @@
+import { db } from "@/lib/db";
+
+export const dynamic = "force-dynamic";
+
+export async function GET() {
+  const grades = await db.grade.findMany({ orderBy: { price: "asc" } });
+  return Response.json(grades);
+}

app/api/purchases/route.ts

@@ -0,0 +1,38 @@
+import { getServerSession } from "next-auth";
+import { authOptions } from "@/lib/auth";
+import { db } from "@/lib/db";
+
+export const dynamic = "force-dynamic";
+
+export async function POST(request: Request) {
+  const session = await getServerSession(authOptions);
+  if (!session?.user?.id) {
+    return Response.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  const body = await request.json();
+  const gradeId = body?.gradeId as string | undefined;
+  if (!gradeId) {
+    return Response.json({ error: "Grade id required" }, { status: 400 });
+  }
+
+  const grade = await db.grade.findUnique({ where: { id: gradeId } });
+  if (!grade) {
+    return Response.json({ error: "Grade not found" }, { status: 404 });
+  }
+
+  const purchase = await db.purchase.create({
+    data: {
+      userId: session.user.id,
+      gradeId: grade.id,
+      amount: grade.price,
+      status: "PENDING",
+    },
+  });
+
+  return Response.json({
+    id: purchase.id,
+    status: purchase.status,
+    message: "Mock purchase queued",
+  });
+}