scaffold: Backend core — Cargo.toml, main.rs, config, models, panel adapter

Axum server entry point, AppConfig, AppState, ApiError, all model
structs (auth, license, server, wipe), and the PanelAdapter trait
that abstracts AMP/Pterodactyl/companion connections.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend/src/models/auth.rs

@@ -0,0 +1,74 @@
+use chrono::{DateTime, Utc};
+use serde::{Deserialize, Serialize};
+use uuid::Uuid;
+
+/// User record from the database
+#[derive(Debug, Clone, sqlx::FromRow, Serialize)]
+pub struct User {
+    pub id: Uuid,
+    pub email: String,
+    pub username: String,
+    #[serde(skip_serializing)]
+    pub password_hash: String,
+    #[serde(skip_serializing)]
+    pub totp_secret: Option<String>,
+    pub totp_enabled: bool,
+    #[serde(skip_serializing)]
+    pub backup_codes: Option<Vec<String>>,
+    pub email_verified: bool,
+    pub created_at: DateTime<Utc>,
+    pub last_login_at: Option<DateTime<Utc>>,
+}
+
+/// JWT claims
+#[derive(Debug, Serialize, Deserialize)]
+pub struct Claims {
+    pub sub: Uuid,          // user_id
+    pub email: String,
+    pub license_id: Option<Uuid>,
+    pub role: Option<String>,
+    pub exp: i64,
+    pub iat: i64,
+    pub token_type: String, // "access" or "refresh"
+}
+
+/// Login request
+#[derive(Debug, Deserialize)]
+pub struct LoginRequest {
+    pub email: String,
+    pub password: String,
+}
+
+/// Login response
+#[derive(Debug, Serialize)]
+pub struct AuthResponse {
+    pub access_token: String,
+    pub refresh_token: String,
+    pub requires_totp: bool,
+    pub user: UserPublic,
+}
+
+/// Public user info (no sensitive fields)
+#[derive(Debug, Serialize)]
+pub struct UserPublic {
+    pub id: Uuid,
+    pub email: String,
+    pub username: String,
+    pub totp_enabled: bool,
+    pub email_verified: bool,
+}
+
+/// Registration request
+#[derive(Debug, Deserialize)]
+pub struct RegisterRequest {
+    pub email: String,
+    pub username: String,
+    pub password: String,
+    pub license_key: String,
+}
+
+/// TOTP verification request
+#[derive(Debug, Deserialize)]
+pub struct TotpRequest {
+    pub code: String,
+}

backend/src/models/error.rs

@@ -0,0 +1,111 @@
+use axum::http::StatusCode;
+use axum::response::{IntoResponse, Response};
+use serde::Serialize;
+
+/// Unified API error type
+#[derive(Debug, thiserror::Error)]
+pub enum ApiError {
+    #[error("Not found: {0}")]
+    NotFound(String),
+
+    #[error("Bad request: {0}")]
+    BadRequest(String),
+
+    #[error("Unauthorized")]
+    Unauthorized,
+
+    #[error("Forbidden")]
+    Forbidden,
+
+    #[error("Conflict: {0}")]
+    Conflict(String),
+
+    #[error("License invalid or expired")]
+    LicenseInvalid,
+
+    #[error("Module not enabled: {0}")]
+    ModuleNotEnabled(String),
+
+    #[error("Rate limited")]
+    RateLimited,
+
+    #[error("Internal error: {0}")]
+    Internal(String),
+
+    #[error(transparent)]
+    Database(#[from] sqlx::Error),
+
+    #[error(transparent)]
+    Anyhow(#[from] anyhow::Error),
+}
+
+#[derive(Serialize)]
+struct ErrorResponse {
+    error: String,
+    message: String,
+}
+
+impl IntoResponse for ApiError {
+    fn into_response(self) -> Response {
+        let (status, error_type, message) = match &self {
+            ApiError::NotFound(msg) => (StatusCode::NOT_FOUND, "not_found", msg.clone()),
+            ApiError::BadRequest(msg) => (StatusCode::BAD_REQUEST, "bad_request", msg.clone()),
+            ApiError::Unauthorized => {
+                (StatusCode::UNAUTHORIZED, "unauthorized", "Unauthorized".to_string())
+            }
+            ApiError::Forbidden => {
+                (StatusCode::FORBIDDEN, "forbidden", "Forbidden".to_string())
+            }
+            ApiError::Conflict(msg) => (StatusCode::CONFLICT, "conflict", msg.clone()),
+            ApiError::LicenseInvalid => (
+                StatusCode::PAYMENT_REQUIRED,
+                "license_invalid",
+                "License invalid or expired".to_string(),
+            ),
+            ApiError::ModuleNotEnabled(module) => (
+                StatusCode::PAYMENT_REQUIRED,
+                "module_not_enabled",
+                format!("Module not enabled: {module}"),
+            ),
+            ApiError::RateLimited => (
+                StatusCode::TOO_MANY_REQUESTS,
+                "rate_limited",
+                "Too many requests".to_string(),
+            ),
+            ApiError::Internal(msg) => {
+                tracing::error!("Internal error: {msg}");
+                (
+                    StatusCode::INTERNAL_SERVER_ERROR,
+                    "internal_error",
+                    "Internal server error".to_string(),
+                )
+            }
+            ApiError::Database(e) => {
+                tracing::error!("Database error: {e}");
+                (
+                    StatusCode::INTERNAL_SERVER_ERROR,
+                    "internal_error",
+                    "Internal server error".to_string(),
+                )
+            }
+            ApiError::Anyhow(e) => {
+                tracing::error!("Unexpected error: {e}");
+                (
+                    StatusCode::INTERNAL_SERVER_ERROR,
+                    "internal_error",
+                    "Internal server error".to_string(),
+                )
+            }
+        };
+
+        let body = ErrorResponse {
+            error: error_type.to_string(),
+            message,
+        };
+
+        (status, axum::Json(body)).into_response()
+    }
+}
+
+/// Result alias for API handlers
+pub type ApiResult<T> = Result<T, ApiError>;

backend/src/models/license.rs

@@ -0,0 +1,68 @@
+use chrono::{DateTime, Utc};
+use serde::{Deserialize, Serialize};
+use uuid::Uuid;
+
+/// License record
+#[derive(Debug, Clone, sqlx::FromRow, Serialize)]
+pub struct License {
+    pub id: Uuid,
+    pub license_key: String,
+    pub status: String,
+    pub owner_user_id: Uuid,
+    pub server_name: Option<String>,
+    pub subdomain: Option<String>,
+    pub custom_domain: Option<String>,
+    pub modules_enabled: Option<Vec<String>>,
+    pub webstore_active: bool,
+    pub webstore_subscription_id: Option<String>,
+    pub created_at: DateTime<Utc>,
+    pub expires_at: Option<DateTime<Utc>>,
+}
+
+/// Team member with role info
+#[derive(Debug, Clone, sqlx::FromRow, Serialize)]
+pub struct TeamMember {
+    pub id: Uuid,
+    pub license_id: Uuid,
+    pub user_id: Uuid,
+    pub role_id: Uuid,
+    pub invited_by: Uuid,
+    pub accepted_at: Option<DateTime<Utc>>,
+    pub created_at: DateTime<Utc>,
+}
+
+/// Role with permissions
+#[derive(Debug, Clone, sqlx::FromRow, Serialize)]
+pub struct Role {
+    pub id: Uuid,
+    pub license_id: Option<Uuid>,
+    pub role_name: String,
+    pub is_system_default: bool,
+    pub is_cloned_from: Option<Uuid>,
+    pub permissions: serde_json::Value,
+    pub created_at: DateTime<Utc>,
+}
+
+/// License activation request
+#[derive(Debug, Deserialize)]
+pub struct ActivateLicenseRequest {
+    pub license_key: String,
+    pub server_name: String,
+    pub subdomain: String,
+}
+
+/// License check-in from plugin
+#[derive(Debug, Deserialize)]
+pub struct LicenseCheckIn {
+    pub license_key: String,
+    pub plugin_version: String,
+}
+
+/// License check-in response
+#[derive(Debug, Serialize)]
+pub struct LicenseCheckInResponse {
+    pub valid: bool,
+    pub status: String,
+    pub modules_enabled: Vec<String>,
+    pub nats_token: String,
+}

backend/src/models/mod.rs

@@ -0,0 +1,5 @@
+pub mod auth;
+pub mod error;
+pub mod license;
+pub mod server;
+pub mod wipe;

backend/src/models/server.rs

@@ -0,0 +1,99 @@
+use chrono::{DateTime, Utc};
+use serde::{Deserialize, Serialize};
+use uuid::Uuid;
+
+/// Server connection details
+#[derive(Debug, Clone, sqlx::FromRow, Serialize)]
+pub struct ServerConnection {
+    pub id: Uuid,
+    pub license_id: Uuid,
+    pub connection_type: String,
+    pub panel_api_endpoint: Option<String>,
+    #[serde(skip_serializing)]
+    pub panel_api_key_encrypted: Option<String>,
+    pub panel_server_identifier: Option<String>,
+    #[serde(skip_serializing)]
+    pub companion_agent_token: Option<String>,
+    pub companion_last_seen: Option<DateTime<Utc>>,
+    pub plugin_last_seen: Option<DateTime<Utc>>,
+    pub server_ip: Option<String>,
+    pub server_port: Option<i32>,
+    pub game_port: Option<i32>,
+    pub connection_status: String,
+    pub created_at: DateTime<Utc>,
+    pub updated_at: DateTime<Utc>,
+}
+
+/// Server configuration
+#[derive(Debug, Clone, sqlx::FromRow, Serialize)]
+pub struct ServerConfig {
+    pub id: Uuid,
+    pub license_id: Uuid,
+    pub server_name: String,
+    pub max_players: Option<i32>,
+    pub world_size: Option<i32>,
+    pub current_seed: Option<i32>,
+    pub current_map_id: Option<Uuid>,
+    pub server_description: Option<String>,
+    pub server_url: Option<String>,
+    pub server_header_image: Option<String>,
+    pub tags: Option<Vec<String>>,
+    pub auto_restart_enabled: bool,
+    pub auto_restart_cron: Option<String>,
+    pub auto_restart_timezone: Option<String>,
+    pub crash_recovery_enabled: bool,
+    pub crash_recovery_max_attempts: i32,
+    pub crash_recovery_cooldown_minutes: i32,
+    pub force_wipe_eligible: bool,
+    pub auto_update_on_force_wipe: bool,
+    pub config_overrides: Option<serde_json::Value>,
+    pub created_at: DateTime<Utc>,
+    pub updated_at: DateTime<Utc>,
+}
+
+/// Real-time server stats from plugin
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct ServerStats {
+    pub license_id: Uuid,
+    pub player_count: i32,
+    pub max_players: i32,
+    pub fps: f64,
+    pub entity_count: i32,
+    pub uptime_seconds: i32,
+    pub memory_usage_mb: i32,
+    pub recorded_at: DateTime<Utc>,
+}
+
+/// Plugin registry entry
+#[derive(Debug, Clone, sqlx::FromRow, Serialize)]
+pub struct PluginEntry {
+    pub id: Uuid,
+    pub license_id: Uuid,
+    pub plugin_name: String,
+    pub plugin_version: Option<String>,
+    pub source: String,
+    pub umod_slug: Option<String>,
+    pub is_installed: bool,
+    pub is_loaded: bool,
+    pub config_json: Option<serde_json::Value>,
+    pub data_path: Option<String>,
+    pub wipe_on_map: bool,
+    pub wipe_on_bp: bool,
+    pub wipe_on_full: bool,
+    pub never_wipe: bool,
+    pub installed_at: DateTime<Utc>,
+    pub updated_at: DateTime<Utc>,
+}
+
+/// Game admin (in-game SteamID-based admin)
+#[derive(Debug, Clone, sqlx::FromRow, Serialize)]
+pub struct GameAdmin {
+    pub id: Uuid,
+    pub license_id: Uuid,
+    pub steam_id: String,
+    pub display_name: String,
+    pub admin_level: String,
+    pub permissions: Option<serde_json::Value>,
+    pub added_by: Uuid,
+    pub created_at: DateTime<Utc>,
+}

backend/src/models/wipe.rs

@@ -0,0 +1,102 @@
+use chrono::{DateTime, Utc};
+use serde::{Deserialize, Serialize};
+use uuid::Uuid;
+
+/// Wipe profile with pre/post configuration
+#[derive(Debug, Clone, sqlx::FromRow, Serialize)]
+pub struct WipeProfile {
+    pub id: Uuid,
+    pub license_id: Uuid,
+    pub profile_name: String,
+    pub description: Option<String>,
+    pub pre_wipe_config: serde_json::Value,
+    pub post_wipe_config: serde_json::Value,
+    pub created_at: DateTime<Utc>,
+    pub updated_at: DateTime<Utc>,
+}
+
+/// Wipe schedule
+#[derive(Debug, Clone, sqlx::FromRow, Serialize)]
+pub struct WipeSchedule {
+    pub id: Uuid,
+    pub license_id: Uuid,
+    pub wipe_profile_id: Uuid,
+    pub schedule_name: String,
+    pub wipe_type: String,
+    pub cron_expression: String,
+    pub timezone: String,
+    pub wipe_blueprints: bool,
+    pub is_active: bool,
+    pub next_scheduled_run: Option<DateTime<Utc>>,
+    pub created_at: DateTime<Utc>,
+}
+
+/// Wipe execution history
+#[derive(Debug, Clone, sqlx::FromRow, Serialize)]
+pub struct WipeHistory {
+    pub id: Uuid,
+    pub license_id: Uuid,
+    pub wipe_schedule_id: Option<Uuid>,
+    pub wipe_profile_id: Uuid,
+    pub wipe_type: String,
+    pub trigger_type: String,
+    pub status: String,
+    pub started_at: Option<DateTime<Utc>>,
+    pub completed_at: Option<DateTime<Utc>>,
+    pub map_used: Option<String>,
+    pub plugins_wiped: Option<Vec<String>>,
+    pub plugins_preserved: Option<Vec<String>>,
+    pub backup_reference: Option<String>,
+    pub error_message: Option<String>,
+    pub execution_log: Option<serde_json::Value>,
+    pub created_at: DateTime<Utc>,
+}
+
+/// Map in the library
+#[derive(Debug, Clone, sqlx::FromRow, Serialize)]
+pub struct MapEntry {
+    pub id: Uuid,
+    pub license_id: Uuid,
+    pub filename: String,
+    pub display_name: String,
+    pub storage_path: String,
+    pub file_size_bytes: i64,
+    pub map_type: String,
+    pub seed: Option<i32>,
+    pub world_size: Option<i32>,
+    pub thumbnail_path: Option<String>,
+    pub checksum: String,
+    pub uploaded_at: DateTime<Utc>,
+}
+
+/// Pre-wipe config structure (typed version of JSONB)
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct PreWipeConfig {
+    pub enabled: bool,
+    pub backup_before_wipe: bool,
+    pub countdown_warnings: Vec<i32>,
+    pub countdown_unit: String,
+    pub countdown_messages: Option<std::collections::HashMap<String, String>>,
+    pub kick_players_before_wipe: bool,
+    pub kick_message: String,
+    pub run_final_save: bool,
+    pub discord_pre_announce: bool,
+    pub pushbullet_notify: bool,
+    pub custom_commands_before: Vec<String>,
+}
+
+/// Post-wipe config structure (typed version of JSONB)
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct PostWipeConfig {
+    pub enabled: bool,
+    pub verify_server_started: bool,
+    pub verify_correct_map: bool,
+    pub verify_plugins_loaded: bool,
+    pub verify_player_slots_open: bool,
+    pub max_restart_attempts: i32,
+    pub health_check_timeout_seconds: i32,
+    pub discord_post_announce: bool,
+    pub pushbullet_notify: bool,
+    pub rollback_on_failure: bool,
+    pub post_wipe_commands: Vec<String>,
+}