# backend

## Overview
Backend for the video upload prototype providing:

- JWT-based authentication
- Presigned MinIO uploads/downloads
- An authenticated video administration surface at `/admin`

## Requirements
- [Bun](https://bun.sh) (tooling used for running scripts & dependency management)
- Postgres reachable via `DATABASE_URL`
- MinIO-compatible storage reachable via `MINIO_*` env vars
- `.env` file populated with secrets and credentials

## Install
```bash
bun install
```

## Configuration
Copy the example environment file and adjust the values:

```bash
cp .env.example .env
```

Required env vars:

| Name | Purpose |
| --- | --- |
| `DATABASE_URL` | Postgres connection string |
| `JWT_SECRET` | Secret used to sign access tokens |
| `JWT_EXPIRES_IN` | Token expiry (e.g., `7d`) |
| `PORT` | HTTP port (default `3000`) |
| `MINIO_*` | Connection settings for the MinIO/S3 endpoint |
| `ADMIN_USERNAME` / `ADMIN_PASSWORD` | Basic auth for `/admin` dashboard |

## Running
- Start the server in development:

```bash
bun run dev
```

- Server boots after ensuring the configured MinIO bucket exists.

## Database (Drizzle ORM)
- Generate a migration:
  ```bash
  bun run db:generate
  ```
- Apply migrations:
  ```bash
  bun run db:migrate
  ```
- Open Drizzle Studio:
  ```bash
  bun run db:studio
  ```

## API
All `/videos` and `/admin` routes require a valid JWT Bearer token except for the admin dashboard access, which uses HTTP Basic auth with `ADMIN_USERNAME`/`ADMIN_PASSWORD`.

### Authentication
| Endpoint | Description |
| --- | --- |
| `POST /auth/register` | Create a user (`email`, `password`, `name`) |
| `POST /auth/login` | Receive a token using `email`/`password` |
| `GET /auth/me` | Get the current user ([Authorization](#authorization)) |

### Authorization
All authenticated endpoints expect an `Authorization: Bearer <token>` header containing the JWT issued at login.

### Video Management
| Endpoint | Purpose |
| --- | --- |
| `POST /videos/upload-url` | Request a presigned PUT URL for a new video |
| `GET /videos/download-url` | Generate a signed GET URL to download a video |
| `GET /videos` | List objects in the configured bucket |
| `DELETE /videos` | Delete an object by `objectKey` |

### Admin Dashboard
Access `/admin` with Basic auth to:

- Request presigned upload URLs
- Upload files directly via the generated URL
- List and delete objects within the MinIO bucket

The dashboard UI submits to `/admin/upload-url`, `/admin/objects`, and `/admin/object`.

## Schema
- `users` – email/username/password and timestamps
- `events` – user-created events with a unique `videoUrl`
- `videos` – upload metadata including `objectKey`, bucket, URLs, status, and timestamps

## Notes
- MinIO bucket creation happens during startup, so the service must be able to reach the endpoint.
- Keep JWT and MinIO secrets out of source control.