AgentKush · AgentKush · Apr 4, 2026 · Apr 4, 2026 · Apr 4, 2026 · Apr 4, 2026
diff --git a/.env b/.env
diff --git a/.env.example b/.env.example
@@ -0,0 +1,6 @@
+# Copy this file to .env and fill in your values
+# cp .env.example .env
+
+GOOGLE_PROJECT_ID=your-firebase-project-id
+STORAGE_BUCKET_NAME=your-storage-bucket-name
+GOOGLE_REGION=us-central1
diff --git a/.gitignore b/.gitignore
@@ -38,8 +38,16 @@
 
 /app/assets/builds/*
 !/app/assets/builds/.keep
+.env
 .env.*
+!.env.example
 
 # Claude Code local settings
 .claude/
+
+# Serena MCP plugin
+.serena/
+
+# Playwright MCP plugin
+.playwright-mcp/
 firebase-debug.log
diff --git a/.ruby-version b/.ruby-version
@@ -1 +1 @@
-3.4.8
+3.4.9
diff --git a/.serena/.gitignore b/.serena/.gitignore
diff --git a/.serena/project.yml b/.serena/project.yml
diff --git a/app/controllers/admin/base_controller.rb b/app/controllers/admin/base_controller.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Admin
+  # Base controller for admin routes.
+  # Uses session-based authentication with ADMIN_PASSWORD env var.
+  # Sessions expire after 30 minutes of inactivity.
+  class BaseController < ApplicationController
+    SESSION_TIMEOUT = 30.minutes
+
+    before_action :authenticate_admin!
+
+    private
+
+    def authenticate_admin!
+      admin_password = ENV.fetch("ADMIN_PASSWORD", nil)
+
+      if admin_password.blank?
+        render plain: "Admin access is not configured. Set the ADMIN_PASSWORD environment variable.",
+               status: :service_unavailable
+        return
+      end
+
+      if session[:admin_authenticated]
+        if session[:admin_last_active].present? &&
+           Time.current - Time.zone.parse(session[:admin_last_active].to_s) < SESSION_TIMEOUT
+          session[:admin_last_active] = Time.current.iso8601
+          return
+        end
+
+        reset_admin_session
+        redirect_to admin_login_path, alert: "Session expired. Please log in again."
+        return
+      end
+
+      redirect_to admin_login_path
+    end
+
+    def reset_admin_session
+      session.delete(:admin_authenticated)
+      session.delete(:admin_last_active)
+    end
+  end
+end
diff --git a/app/controllers/admin/info_controller.rb b/app/controllers/admin/info_controller.rb
@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Admin
+  # Allows admins to edit the info page content stored in Firestore.
+  class InfoController < Admin::BaseController
+    def edit
+      content = SiteContent.find("info_page")
+      @sections = content&.sections || SiteContent.default_info_sections
+    end
+
+    def update
+      sections = build_sections_from_params
+      SiteContent.save!("info_page", sections)
+      redirect_to admin_info_edit_path, notice: "Info page updated successfully."
+    end
+
+    # Add a blank section to the form
+    def add_section
+      content = SiteContent.find("info_page")
+      sections = content&.sections || SiteContent.default_info_sections
+      sections << SiteContent::Section.new(title: "", description: "", link_text: "", link_url: "")
+      SiteContent.save!("info_page", sections)
+      redirect_to admin_info_edit_path, notice: "New section added."
+    end
+
+    # Remove a section by index
+    def remove_section
+      content = SiteContent.find("info_page")
+      sections = content&.sections || SiteContent.default_info_sections
+      index = params[:index].to_i
+      sections.delete_at(index) if index >= 0 && index < sections.size
+      SiteContent.save!("info_page", sections)
+      redirect_to admin_info_edit_path, notice: "Section removed."
+    end
+
+    private
+
+    def build_sections_from_params
+      return [] unless params[:sections].is_a?(ActionController::Parameters)
+
+      sections = params[:sections].values.map do |section_params|
+        SiteContent::Section.new(
+          title: section_params[:title].to_s.strip,
+          description: section_params[:description].to_s.strip,
+          link_text: section_params[:link_text].to_s.strip,
+          link_url: section_params[:link_url].to_s.strip
+        )
+      end
+      sections.reject { |s| s.title.blank? && s.description.blank? }
+    end
+  end
+end
diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Admin
+  class SessionsController < ApplicationController
+    def new
+      # Login form
+      redirect_to admin_info_edit_path if session[:admin_authenticated]
+    end
+
+    def create
+      admin_password = ENV.fetch("ADMIN_PASSWORD", nil)
+
+      if admin_password.blank?
+        render plain: "Admin access is not configured.", status: :service_unavailable
+        return
+      end
+
+      if ActiveSupport::SecurityUtils.secure_compare(params[:password].to_s, admin_password)
+        session[:admin_authenticated] = true
+        session[:admin_last_active] = Time.current.iso8601
+        Rails.logger.info("[Admin] Successful login from #{request.remote_ip}")
+        redirect_to admin_info_edit_path, notice: "Logged in successfully."
+      else
+        Rails.logger.warn("[Admin] Failed login attempt from #{request.remote_ip}")
+        flash.now[:alert] = "Invalid password."
+        render :new, status: :unauthorized
+      end
+    end
+
+    def destroy
+      Rails.logger.info("[Admin] Logout from #{request.remote_ip}")
+      session.delete(:admin_authenticated)
+      session.delete(:admin_last_active)
+      redirect_to root_path, notice: "Logged out."
+    end
+  end
+end
diff --git a/app/controllers/info_controller.rb b/app/controllers/info_controller.rb
@@ -2,5 +2,9 @@
 
 # InfoController
 class InfoController < ApplicationController
-  def index; end
+  def index
+    content = SiteContent.find("info_page")
+    @sections = content&.sections || SiteContent.default_info_sections
+    @last_updated = content&.updated_at
+  end
 end
diff --git a/app/controllers/mods_controller.rb b/app/controllers/mods_controller.rb
@@ -1,33 +1,22 @@
 # frozen_string_literal: true
 
 class ModsController < ApplicationController
+  include PaginationHelper
+
   before_action :authors, only: %i[index show]
   before_action :mods, only: %i[index show]
   before_action :set_session, only: %i[index]
 
   def index
-    @mods = find_mods_by_author(sanitize(params[:author])) if params[:author].present?
-
-    # If we're given a mod ID, try to find it and redirect to the mod's page
-    if @mods.empty? && params[:author].present?
-      @mod = mods.find { |mod| mod.id == params[:author] }
-      return redirect_to mod_detail_path(author: @mod.author_slug, slug: @mod.slug) if @mod.present?
-    end
-
-    # Perform a search if we have a query
-    @mods = find_mods(sanitize(params[:query])) if params[:query].present?
+    @filtered = false
 
-    # Sort the mods if we have a sort key
-    # Disabled for now, as it's redundant with the search
-    # params[:sort].present? && Mod::SORTKEYS.include?(params[:sort]) && @mods.sort_by! { |mod| [mod.send(sanitize(params[:sort])), mod.name] }
+    filter_by_author
+    return if performed?
 
+    filter_by_query
     @total_mods = @mods.size
-
-    if turbo_frame_request?
-      render partial: "mods", locals: { mods: @mods }
-    else
-      render :index
-    end
+    paginate_mods unless @filtered
+    render_index
   end
 
   def show
@@ -46,6 +35,39 @@ def show
 
   private
 
+  def filter_by_author
+    return if params[:author].blank?
+
+    @mods = find_mods_by_author(sanitize(params[:author]))
+    @filtered = true
+
+    # If no mods found by author slug, try to find by mod ID and redirect
+    return unless @mods.empty?
+
+    @mod = mods.find { |mod| mod.id == params[:author] }
+    redirect_to mod_detail_path(author: @mod.author_slug, slug: @mod.slug) if @mod.present?
+  end
+
+  def filter_by_query
+    return if params[:query].blank?
+
+    @mods = find_mods(sanitize(params[:query]))
+    @filtered = true
+  end
+
+  def paginate_mods
+    @pagination = paginate_array(@mods, page: params[:page])
+    @mods = @pagination.items
+  end
+
+  def render_index
+    if turbo_frame_request?
+      render partial: "mods", locals: { mods: @mods }
+    else
+      render :index
+    end
+  end
+
   def find_mods(query)
     # Escape regex special characters to prevent injection
     escaped_query = Regexp.escape(query)

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
@@ -14,15 +14,23 @@ def block_code(code, language)
   def markdown(text)
     return if text.blank?
 
-    coderayified = CodeRayify.new(filter_html: true, hard_wrap: true)
-
-    options = {
-      fenced_code_blocks: true,
-      no_intra_emphasis: true,
-      autolink: true,
-      lax_html_blocks: true
-    }
-    markdown_to_html = Redcarpet::Markdown.new(coderayified, options)
-    sanitize(markdown_to_html.render(text))
+    sanitize(markdown_renderer.render(text))
+  end
+
+  private
+
+  def markdown_renderer
+    @markdown_renderer ||= begin
+      coderayified = CodeRayify.new(filter_html: true, hard_wrap: true)
+
+      options = {
+        fenced_code_blocks: true,
+        no_intra_emphasis: true,
+        autolink: true,
+        lax_html_blocks: true
+      }
+
+      Redcarpet::Markdown.new(coderayified, options)
+    end
   end
 end