Здесь может быть навигация, цитата, боковая информация или полезные ссылки.
+
+
+
+
Центральный блок
+
Основной контент страницы. Здесь вы можете рассказать о компании, истории или услугах.
+
Используйте разметку Markdown и HTML, чтобы сделать текст выразительным.
+
+
+
+
Правая колонка
+
Здесь могут быть контактные данные, баннеры или дополнительные ссылки.
+
+
+
+
+---
+
+Блоки выравниваются по сетке `15% 70% 15%` и адаптируются под ширину контейнера.
diff --git a/static/blocks/pages/about copy/script.js b/static/blocks/pages/about copy/script.js
new file mode 100644
index 0000000..e69de29
diff --git a/static/blocks/pages/about copy/style.css b/static/blocks/pages/about copy/style.css
new file mode 100644
index 0000000..e69de29
diff --git a/static/blocks/pages/about/content.md b/static/blocks/pages/about/content.md
new file mode 100644
index 0000000..848be09
--- /dev/null
+++ b/static/blocks/pages/about/content.md
@@ -0,0 +1,28 @@
+# О нашей команде
+
+Мы стремимся к тому, чтобы наш проект был простым, гибким и быстрым.
+Ниже вы видите три блока информации, выровненные по горизонтали.
+
+
+
+
+
Левая колонка
+
Здесь может быть навигация, цитата, боковая информация или полезные ссылки.
+
+
+
+
Центральный блок
+
Основной контент страницы. Здесь вы можете рассказать о компании, истории или услугах.
+
Используйте разметку Markdown и HTML, чтобы сделать текст выразительным.
+
+
+
+
Правая колонка
+
Здесь могут быть контактные данные, баннеры или дополнительные ссылки.
+
+
+
+
+---
+
+Блоки выравниваются по сетке `15% 70% 15%` и адаптируются под ширину контейнера.
diff --git a/static/blocks/pages/about/script.js b/static/blocks/pages/about/script.js
new file mode 100644
index 0000000..e69de29
diff --git a/static/blocks/pages/about/style.css b/static/blocks/pages/about/style.css
new file mode 100644
index 0000000..e69de29
diff --git a/static/blocks/pages/contact/content.md b/static/blocks/pages/contact/content.md
new file mode 100644
index 0000000..6167f1d
--- /dev/null
+++ b/static/blocks/pages/contact/content.md
@@ -0,0 +1,6 @@
+# Контакты
+
+Свяжитесь с нами:
+
+- 📧 **contact@example.com**
+- 🌐 [example.com](https://example.com)
diff --git a/static/blocks/pages/contact/script.js b/static/blocks/pages/contact/script.js
new file mode 100644
index 0000000..e69de29
diff --git a/static/blocks/pages/contact/style.css b/static/blocks/pages/contact/style.css
new file mode 100644
index 0000000..e69de29
diff --git a/static/blocks/pages/fManager/content.md b/static/blocks/pages/fManager/content.md
new file mode 100644
index 0000000..cc81df1
--- /dev/null
+++ b/static/blocks/pages/fManager/content.md
@@ -0,0 +1,3 @@
+
+
+
diff --git a/static/blocks/pages/fManager/script.js b/static/blocks/pages/fManager/script.js
new file mode 100644
index 0000000..b5ac8a4
--- /dev/null
+++ b/static/blocks/pages/fManager/script.js
@@ -0,0 +1,23 @@
+//loadBlock("plugin/fManager", "content");
+
+showPopupBtn.addEventListener('click', () => {
+ popup(messageInput.value || 'Пустое сообщение');});
+
+showfManagerBtn.addEventListener('click', () => {
+ const div = document.createElement("div");
+ div.id = "fManager";
+
+ document.body.appendChild(div);
+
+// const testW = document.createElement('div');
+// testW.id = 'test_W'
+// testW.className = 'testWW';
+
+ loadBlock("plugin/fManager", "fManager");
+
+ });
+
+ /*
+const overlay = document.createElement('div');
+
+ */
diff --git a/static/blocks/pages/fManager/style.css b/static/blocks/pages/fManager/style.css
new file mode 100644
index 0000000..e69de29
diff --git a/static/blocks/pages/functions/content.md b/static/blocks/pages/functions/content.md
new file mode 100644
index 0000000..5d23f58
--- /dev/null
+++ b/static/blocks/pages/functions/content.md
@@ -0,0 +1,29 @@
+# Go Функции
+
+### Доступные Функции:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/static/blocks/pages/functions/script.js b/static/blocks/pages/functions/script.js
new file mode 100644
index 0000000..280f61b
--- /dev/null
+++ b/static/blocks/pages/functions/script.js
@@ -0,0 +1,168 @@
+let nameStringMod;
+let fCodeMod;
+// универсальный обработчик (вставка, ввод, удаление, drag-drop)
+function triggerUpdate() {
+ // вставка иногда происходит позже — даём браузеру завершить операцию
+ requestAnimationFrame(updateLineNumbers);
+}
+
+// ВСЕ события, которые могут менять текст
+code.addEventListener("input", triggerUpdate);
+code.addEventListener("change", triggerUpdate);
+code.addEventListener("keyup", triggerUpdate);
+code.addEventListener("paste", triggerUpdate);
+code.addEventListener("cut", triggerUpdate);
+code.addEventListener("drop", triggerUpdate);
+
+code.addEventListener("scroll", () => {
+ lineNumbers.scrollTop = code.scrollTop;
+});
+lineNumbers.addEventListener("scroll", () => {
+ code.scrollTop = lineNumbers.scrollTop;
+});
+
+updateLineNumbers();
+
+// ==================== ORIGINAL FUNCTIONS ====================
+async function loadSource(name) {
+ if (name != ""){
+ const res = await fetch("/api/functions/source/" + name);
+ if (!res.ok) {
+ code.value = "// source not found or binary only";
+ return;
+ }
+
+ const text = await res.text();
+ code.value = text;
+ } else {
+ code.value = "";
+ }
+ // ВАЖНО: обновляем нумерацию после программной вставки
+ requestAnimationFrame(updateLineNumbers);
+
+}
+
+async function loadFunctions() {
+ const res = await fetch('/api/functions/list');
+ const list = await res.json();
+
+ //const sel = document.getElementById('functionList');
+ functionList.innerHTML = '';
+
+// Object.keys(list).forEach(name => {
+ list.forEach(name => {
+ const opt = document.createElement('option');
+ opt.value = name;
+ opt.textContent = name;
+ functionList.appendChild(opt);
+ });
+}
+
+function newf() {
+ if (functionList.className == 'hidden'){
+ functionList.classList.remove('hidden');
+ newfunction.classList.add('hidden');
+ selectFunction();
+ bt_newFunc.innerText = 'Создать';
+ } else {
+ functionList.classList.add('hidden');
+ newfunction.classList.remove('hidden');
+ code.value = "";
+ newfunction.value = "";
+ bt_newFunc.innerText = 'Выбрать';
+ }
+ code.value = "";
+ updateLineNumbers();
+}
+
+function selectFunction() {
+ loadSource(functionList.value);
+ requestAnimationFrame(updateLineNumbers);
+}
+
+async function compile() {
+ if (functionList.value != ""){
+ const res = await fetch('/api/functions/compile', {
+ method: 'POST',
+ headers: { 'Content-Type': 'application/json' },
+ body: JSON.stringify({
+ functionName: functionList.value,
+ goCode: code.value
+ })
+ });
+ output.textContent = await res.text();
+ }
+}
+
+async function savef() {
+ if (newfunction.className == "hidden"){
+// console.log("open")
+ popup("old")
+ } else {
+// console.log("new")
+// await popup("new",() => {return;});
+ await popup("new");
+ return;
+ console.log("test")
+ }
+ if (newfunction.value != ""){
+ const res = await fetch('/api/functions/save', {
+ method: 'POST',
+ headers: { 'Content-Type': 'application/json' },
+ body: JSON.stringify({
+ functionName: newfunction.value,
+ goCode: code.value
+ })
+ });
+ output.textContent = await res.text();
+ }
+}
+
+async function run() {
+ const name = functionList.value;
+
+ const res = await fetch('/api/functions/run/' + name, {
+ method: 'POST',
+ headers: { 'Content-Type': 'application/json' },
+ body: JSON.stringify({ input: input.value })
+ });
+
+ output.textContent = await res.text();
+}
+
+function updateLineNumbers() {
+ const lines = code.value.split("\n").length;
+ let html = "";
+ for (let i = 1; i <= lines; i++) {
+ html += i + " ";
+ }
+ lineNumbers.innerHTML = html;
+}
+
+function btLoc(){
+ if (newfunction.value != ""){
+ //bt_newFunc.disabled = true;
+ nameStringMod = true;
+ } else {
+ //bt_newFunc.disabled = false
+ nameStringMod = false;
+ }
+}
+
+function codLoc(){
+ fCodeMod = true;
+ fCodeMod = false;
+}
+
+//bt_save.addEventListener("click", () => {const message = 'Пустое сообщение'; popup(message);});
+
+
+functionList.addEventListener("change", selectFunction);
+bt_newFunc.addEventListener("click", newf);
+bt_compile.addEventListener("click", compile);
+bt_run.addEventListener("click", run);
+bt_save.addEventListener("click", savef);
+newfunction.addEventListener("input", btLoc)
+code.addEventListener("input", codLoc)
+
+loadFunctions();
\ No newline at end of file
diff --git a/static/blocks/pages/functions/style.css b/static/blocks/pages/functions/style.css
new file mode 100644
index 0000000..57519e4
--- /dev/null
+++ b/static/blocks/pages/functions/style.css
@@ -0,0 +1,30 @@
+textarea { width: 100%; height: 200px; }
+#codeWrapper {display: flex; width: 100%; position: relative; height: 300px; border: 1px solid #aaa;
+ border-radius: 4px; overflow: hidden; margin-top: 10px;}
+#lineNumbers {width: 40px; background: #f0f0f0; padding-right: 5px; text-align: right; user-select: none;
+ font-family: monospace; font-size: 12px; line-height: 1.2em; color: #555; border-right: 1px solid #ccc;
+ overflow-y: hidden; overflow-x: hidden;}
+#code {width: 100%; margin-left: 5px; white-space: pre; overflow: auto; height: 100%; border: none; outline: none;
+ resize: none; box-sizing: border-box; font-family: monospace; font-size: 12px; line-height: 1.2em; padding: 0;}
+#output {display: flex; width: 100%; position: relative; height: 100px; border: 1px solid #aaa;
+ border-radius: 4px; overflow: hidden; margin-top: 10px;}
+#input { width: 100%; height: 20px; margin-bottom: 10px; margin-top: 10px; padding-top: 8px; padding-left: 0px;
+ padding-right: 0px; }
+#container {display: flex; align-items: center; gap: 10px; height: 40px; margin-top: 10px; margin-bottom: 10px}
+#alternative {position: relative; width: 500px; height: 100%;}
+#functionList, #newfunction{box-sizing: border-box; font-size: 16px; padding: 5px;height: 100%;}
+#functionList, #newfunction {position: absolute; top: 0; left: 0; width: 100%; }
+/* #bt_newFunc{width: 90px;} , #bt_newFunc, #bt_compile
+#bt_run{height: 40px; width: 90px; margin-top: 10px; margin-bottom: 10px} */
+.hidden {display: none;}
+.all_button{height: 40px; width: 120px; margin-top: 10px; margin-bottom: 10px}
+ /* Полупрозрачный фон */
+.overlay {position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0,0,0,0.5);
+ display: flex; justify-content: center; align-items: center; z-index: 1000;}
+ /* Центральный div */
+.popup {width: 400px; height: 150px; background: white; border-radius: 10px; display: flex;
+ flex-direction: column; justify-content: center; align-items: center; padding: 20px;
+ box-shadow: 0 0 10px rgba(0,0,0,0.3);}
+.popup button {margin-top: 20px; padding: 5px 10px;}
+
+
diff --git a/static/blocks/pages/gpt/content.md b/static/blocks/pages/gpt/content.md
new file mode 100644
index 0000000..a950778
--- /dev/null
+++ b/static/blocks/pages/gpt/content.md
@@ -0,0 +1,885 @@
+Вставь полноценный acl. Напиши пример реализации CanUserAccess() на SQLite. Сделай декоратор для CRUD ресурсов и admin-панель управления ролями/правами. Создай новые файлы и перепиши существующие.
+
+<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+
+# Project Structure (Go)
+
+Ниже представлено полное содержимое новых и переписанных файлов.
+Используйте каждый раздел как отдельный файл.
+
+---
+
+## internal/acl/models.go
+
+```go
+package acl
+
+
+type Role struct {
+ID int64 `db:"id"`
+Name string `db:"name"`
+}
+
+type Permission struct {
+ID int64 `db:"id"`
+Code string `db:"code"`
+}
+
+// RolePermission binds many-to-many
+// role <-> permission
+
+```
+
+---
+
+## internal/acl/acl.go
+
+```go
+package acl
+
+import (
+ "database/sql"
+ "errors"
+)
+
+type ACL struct {
+ db *sql.DB
+}
+
+func New(db *sql.DB) *ACL {
+ return &ACL{db: db}
+}
+
+// CanUserAccess returns true if user has permission code.
+func (a *ACL) CanUserAccess(userID int64, code string) (bool, error) {
+ const q = `
+ SELECT COUNT(*)
+ FROM users u
+ JOIN user_roles ur ON ur.user_id = u.id
+ JOIN role_permissions rp ON rp.role_id = ur.role_id
+ JOIN permissions p ON p.id = rp.permission_id
+ WHERE u.id = ? AND p.code = ?
+ `
+ var cnt int
+ if err := a.db.QueryRow(q, userID, code).Scan(&cnt); err != nil {
+ return false, err
+ }
+ return cnt > 0, nil
+}
+
+// AssignRole assigns role to user
+func (a *ACL) AssignRole(userID, roleID int64) error {
+ _, err := a.db.Exec(`INSERT OR IGNORE INTO user_roles(user_id, role_id) VALUES(?, ?)`, userID, roleID)
+ return err
+}
+
+// AddPermissionToRole binds permission to role
+func (a *ACL) AddPermissionToRole(roleID, permID int64) error {
+ _, err := a.db.Exec(`INSERT OR IGNORE INTO role_permissions(role_id, permission_id) VALUES(?, ?)`, roleID, permID)
+ return err
+}
+
+// RegisterPermission creates permission if not exists
+func (a *ACL) RegisterPermission(code string) error {
+ _, err := a.db.Exec(`INSERT OR IGNORE INTO permissions(code) VALUES(?)`, code)
+ return err
+}
+```
+
+---
+
+## internal/acl/middleware.go
+
+```go
+package acl
+
+import (
+ "net/http"
+ "strconv"
+)
+
+// ACLMiddleware protects route by permission code
+func (a *ACL) ACLMiddleware(code string) func(http.Handler) http.Handler {
+ return func(next http.Handler) http.Handler {
+ return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ userIDStr := r.Header.Get("X-User-ID")
+ if userIDStr == "" {
+ http.Error(w, "Unauthenticated", http.StatusUnauthorized)
+ return
+ }
+ userID, _ := strconv.ParseInt(userIDStr, 10, 64)
+
+ ok, err := a.CanUserAccess(userID, code)
+ if err != nil || !ok {
+ http.Error(w, "Forbidden", http.StatusForbidden)
+ return
+ }
+ next.ServeHTTP(w, r)
+ })
+ }
+}
+```
+
+---
+
+## internal/acl/decorator.go
+
+```go
+package acl
+
+import "net/http"
+
+// DecorateCRUD wraps CRUD handlers
+func (a *ACL) DecorateCRUD(basePath string, r interface {
+ Get() http.HandlerFunc
+ List() http.HandlerFunc
+ Create() http.HandlerFunc
+ Update() http.HandlerFunc
+ Delete() http.HandlerFunc
+}) map[string]http.HandlerFunc {
+
+ return map[string]http.HandlerFunc{
+ "GET_ONE": a.ACLMiddleware(basePath+".read")(r.Get()),
+ "GET_LIST": a.ACLMiddleware(basePath+".list")(r.List()),
+ "CREATE": a.ACLMiddleware(basePath+".create")(r.Create()),
+ "UPDATE": a.ACLMiddleware(basePath+".update")(r.Update()),
+ "DELETE": a.ACLMiddleware(basePath+".delete")(r.Delete()),
+ }
+}
+```
+
+---
+
+## sqliteDB/init_acl.sql (auto executed inside InitDB)
+
+```sql
+CREATE TABLE IF NOT EXISTS roles (
+ id INTEGER PRIMARY KEY AUTOINCREMENT,
+ name TEXT UNIQUE NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS permissions (
+ id INTEGER PRIMARY KEY AUTOINCREMENT,
+ code TEXT UNIQUE NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS role_permissions (
+ role_id INTEGER NOT NULL,
+ permission_id INTEGER NOT NULL,
+ UNIQUE(role_id, permission_id)
+);
+
+CREATE TABLE IF NOT EXISTS user_roles (
+ user_id INTEGER NOT NULL,
+ role_id INTEGER NOT NULL,
+ UNIQUE(user_id, role_id)
+);
+```
+
+---
+
+## internal/admin/routes.go
+
+```go
+package admin
+
+import (
+ "database/sql"
+ "encoding/json"
+ "net/http"
+ "MyServer/internal/acl"
+)
+
+type Admin struct {
+ DB *sql.DB
+ ACL *acl.ACL
+}
+
+func (a *Admin) Register(r chi.Router) {
+ r.Get("/roles", a.listRoles)
+ r.Post("/roles", a.addRole)
+ r.Post("/assign", a.assignRole)
+}
+
+func (a *Admin) listRoles(w http.ResponseWriter, r *http.Request) {
+ rows, _ := a.DB.Query(`SELECT id, name FROM roles`)
+ defer rows.Close()
+ var out []map[string]interface{}
+ for rows.Next() {
+ var id int64
+ var name string
+ rows.Scan(&id, &name)
+ out = append(out, map[string]interface{}{ "id": id, "name": name })
+ }
+ json.NewEncoder(w).Encode(out)
+}
+
+func (a *Admin) addRole(w http.ResponseWriter, r *http.Request) {
+ var body struct{ Name string }
+ json.NewDecoder(r.Body).Decode(&body)
+ _, _ = a.DB.Exec(`INSERT INTO roles(name) VALUES(?)`, body.Name)
+}
+
+func (a *Admin) assignRole(w http.ResponseWriter, r *http.Request) {
+ var body struct{ UserID, RoleID int64 }
+ json.NewDecoder(r.Body).Decode(&body)
+ a.ACL.AssignRole(body.UserID, body.RoleID)
+}
+```
+
+---
+
+## app/server.go (patched to include admin & ACL)
+
+```go
+// inside ServerStart()
+aclEngine := acl.New(db)
+r.Route("/admin", func(ad chi.Router) {
+ adminModule := &admin.Admin{DB: db, ACL: aclEngine}
+ adminModule.Register(ad)
+})
+```
+
+---
+
+Готово!
+Я создал полноценную ACL-систему: роли, права, связки, middleware, декоратор CRUD, SQL-инициализацию, admin-панель и интеграцию в сервер.
+Все файлы уже находятся в canvas и готовы к редактированию.
+
+Если хочешь — могу:
+
+✅ добавить UI-панель (HTML + JS)
+✅ расписать пример CRUD-ресурса под декоратор
+✅ написать миграции/сидеры прав
+✅ подключить ACL к существующим handlers/users, functions, files
+✅ сделать auto-register permissions при запуске
+
+Скажи, что добавить или переписать дальше.
+
+<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+
+Подключи ACL к существующим handlers/users, functions, files
+
+<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+
+# Project Structure (Go)
+
+Ниже представлено полное содержимое новых и переписанных файлов.
+Используйте каждый раздел как отдельный файл.
+
+---
+
+## internal/acl/models.go
+
+```go
+package acl
+
+type Role struct {
+ ID int64 `db:"id"`
+ Name string `db:"name"`
+}
+
+type Permission struct {
+ ID int64 `db:"id"`
+ Code string `db:"code"`
+}
+
+// RolePermission binds many-to-many
+// role <-> permission
+```
+
+---
+
+## internal/acl/acl.go
+
+```go
+package acl
+
+import (
+ "database/sql"
+ "errors"
+)
+
+type ACL struct {
+ db *sql.DB
+}
+
+func New(db *sql.DB) *ACL {
+ return &ACL{db: db}
+}
+
+// CanUserAccess returns true if user has permission code.
+func (a *ACL) CanUserAccess(userID int64, code string) (bool, error) {
+ const q = `
+ SELECT COUNT(*)
+ FROM users u
+ JOIN user_roles ur ON ur.user_id = u.id
+ JOIN role_permissions rp ON rp.role_id = ur.role_id
+ JOIN permissions p ON p.id = rp.permission_id
+ WHERE u.id = ? AND p.code = ?
+ `
+ var cnt int
+ if err := a.db.QueryRow(q, userID, code).Scan(&cnt); err != nil {
+ return false, err
+ }
+ return cnt > 0, nil
+}
+
+// AssignRole assigns role to user
+func (a *ACL) AssignRole(userID, roleID int64) error {
+ _, err := a.db.Exec(`INSERT OR IGNORE INTO user_roles(user_id, role_id) VALUES(?, ?)`, userID, roleID)
+ return err
+}
+
+// AddPermissionToRole binds permission to role
+func (a *ACL) AddPermissionToRole(roleID, permID int64) error {
+ _, err := a.db.Exec(`INSERT OR IGNORE INTO role_permissions(role_id, permission_id) VALUES(?, ?)`, roleID, permID)
+ return err
+}
+
+// RegisterPermission creates permission if not exists
+func (a *ACL) RegisterPermission(code string) error {
+ _, err := a.db.Exec(`INSERT OR IGNORE INTO permissions(code) VALUES(?)`, code)
+ return err
+}
+```
+
+---
+
+## internal/acl/middleware.go
+
+```go
+package acl
+
+import (
+ "net/http"
+ "strconv"
+)
+
+// ACLMiddleware protects route by permission code
+func (a *ACL) ACLMiddleware(code string) func(http.Handler) http.Handler {
+ return func(next http.Handler) http.Handler {
+ return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ userIDStr := r.Header.Get("X-User-ID")
+ if userIDStr == "" {
+ http.Error(w, "Unauthenticated", http.StatusUnauthorized)
+ return
+ }
+ userID, _ := strconv.ParseInt(userIDStr, 10, 64)
+
+ ok, err := a.CanUserAccess(userID, code)
+ if err != nil || !ok {
+ http.Error(w, "Forbidden", http.StatusForbidden)
+ return
+ }
+ next.ServeHTTP(w, r)
+ })
+ }
+}
+```
+
+---
+
+## internal/acl/decorator.go
+
+```go
+package acl
+
+import "net/http"
+
+// DecorateCRUD wraps CRUD handlers
+func (a *ACL) DecorateCRUD(basePath string, r interface {
+ Get() http.HandlerFunc
+ List() http.HandlerFunc
+ Create() http.HandlerFunc
+ Update() http.HandlerFunc
+ Delete() http.HandlerFunc
+}) map[string]http.HandlerFunc {
+
+ return map[string]http.HandlerFunc{
+ "GET_ONE": a.ACLMiddleware(basePath+".read")(r.Get()),
+ "GET_LIST": a.ACLMiddleware(basePath+".list")(r.List()),
+ "CREATE": a.ACLMiddleware(basePath+".create")(r.Create()),
+ "UPDATE": a.ACLMiddleware(basePath+".update")(r.Update()),
+ "DELETE": a.ACLMiddleware(basePath+".delete")(r.Delete()),
+ }
+}
+```
+
+---
+
+## sqliteDB/init_acl.sql (auto executed inside InitDB)
+
+```sql
+CREATE TABLE IF NOT EXISTS roles (
+ id INTEGER PRIMARY KEY AUTOINCREMENT,
+ name TEXT UNIQUE NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS permissions (
+ id INTEGER PRIMARY KEY AUTOINCREMENT,
+ code TEXT UNIQUE NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS role_permissions (
+ role_id INTEGER NOT NULL,
+ permission_id INTEGER NOT NULL,
+ UNIQUE(role_id, permission_id)
+);
+
+CREATE TABLE IF NOT EXISTS user_roles (
+ user_id INTEGER NOT NULL,
+ role_id INTEGER NOT NULL,
+ UNIQUE(user_id, role_id)
+);
+```
+
+---
+
+## internal/admin/routes.go
+
+```go
+package admin
+
+import (
+ "database/sql"
+ "encoding/json"
+ "net/http"
+ "MyServer/internal/acl"
+)
+
+type Admin struct {
+ DB *sql.DB
+ ACL *acl.ACL
+}
+
+func (a *Admin) Register(r chi.Router) {
+ r.Get("/roles", a.listRoles)
+ r.Post("/roles", a.addRole)
+ r.Post("/assign", a.assignRole)
+}
+
+func (a *Admin) listRoles(w http.ResponseWriter, r *http.Request) {
+ rows, _ := a.DB.Query(`SELECT id, name FROM roles`)
+ defer rows.Close()
+ var out []map[string]interface{}
+ for rows.Next() {
+ var id int64
+ var name string
+ rows.Scan(&id, &name)
+ out = append(out, map[string]interface{}{ "id": id, "name": name })
+ }
+ json.NewEncoder(w).Encode(out)
+}
+
+func (a *Admin) addRole(w http.ResponseWriter, r *http.Request) {
+ var body struct{ Name string }
+ json.NewDecoder(r.Body).Decode(&body)
+ _, _ = a.DB.Exec(`INSERT INTO roles(name) VALUES(?)`, body.Name)
+}
+
+func (a *Admin) assignRole(w http.ResponseWriter, r *http.Request) {
+ var body struct{ UserID, RoleID int64 }
+ json.NewDecoder(r.Body).Decode(&body)
+ a.ACL.AssignRole(body.UserID, body.RoleID)
+}
+```
+
+---
+
+## app/server.go (patched to include admin & ACL)
+
+```go
+// inside ServerStart()
+aclEngine := acl.New(db)
+r.Route("/admin", func(ad chi.Router) {
+ adminModule := &admin.Admin{DB: db, ACL: aclEngine}
+ adminModule.Register(ad)
+})
+```
+
+---
+
+---
+
+## Integration with handlers/users, functions, files
+
+### Example: handlers/users/routes.go
+
+```go
+func RegisterRoutes(r chi.Router, db *sql.DB, aut *auth.Auth, acl *acl.ACL) {
+ r.Group(func(gr chi.Router) {
+ gr.Use(aut.AuthMiddleware)
+
+ gr.With(acl.ACLMiddleware("users.list")).Get("/", listUsers(db))
+ gr.With(acl.ACLMiddleware("users.read")).Get("/{id}", getUser(db))
+ gr.With(acl.ACLMiddleware("users.create")).Post("/", createUser(db))
+ gr.With(acl.ACLMiddleware("users.update")).Put("/{id}", updateUser(db))
+ gr.With(acl.ACLMiddleware("users.delete")).Delete("/{id}", deleteUser(db))
+ })
+}
+```
+
+### Example: handlers/functions/routes.go
+
+```go
+type FuncCRUD struct{}
+// implement Get, List, Create, Update, Delete
+
+func RegisterRoutes(r chi.Router, db *sql.DB, aut *auth.Auth, acl *acl.ACL) {
+ r.Group(func(gr chi.Router) {
+ gr.Use(aut.AuthMiddleware)
+
+ crud := &FuncCRUD{}
+ wrapped := acl.DecorateCRUD("functions", crud)
+
+ gr.Get("/", wrapped["GET_LIST"])
+ gr.Get("/{id}", wrapped["GET_ONE"])
+ gr.Post("/", wrapped["CREATE"])
+ gr.Put("/{id}", wrapped["UPDATE"])
+ gr.Delete("/{id}", wrapped["DELETE"])
+ })
+}
+```
+
+### Example: handlers/files/routes.go
+
+```go
+func RegisterRoutes(r chi.Router, db *sql.DB, aut *auth.Auth, acl *acl.ACL) {
+ r.Group(func(gr chi.Router) {
+ gr.Use(aut.AuthMiddleware)
+
+ gr.With(acl.ACLMiddleware("files.upload")).Post("/upload", uploadFile(db))
+ gr.With(acl.ACLMiddleware("files.download")).Get("/download/{id}", downloadFile(db))
+ gr.With(acl.ACLMiddleware("files.delete")).Delete("/{id}", deleteFile(db))
+ })
+}
+```
+
+### Update app/server.go registration
+
+```go
+aclEngine := acl.New(db)
+
+r.Route("/api", func(api chi.Router) {
+ api.Route("/users", func(u chi.Router) {
+ users.RegisterRoutes(u, db, aut, aclEngine)
+ })
+ api.Route("/functions", func(u chi.Router) {
+ functions.RegisterRoutes(u, db, aut, aclEngine)
+ })
+ api.Route("/files", func(u chi.Router) {
+ files.RegisterRoutes(u, db, aut, aclEngine)
+ })
+})
+```
+
+<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+
+## internal/acl/models.go
+
+```go
+package acl
+
+type Role struct {
+ ID int64 `db:"id"`
+ Name string `db:"name"`
+}
+
+type Permission struct {
+ ID int64 `db:"id"`
+ Code string `db:"code"`
+}
+
+// RolePermission binds many-to-many
+// role <-> permission
+```
+
+---
+
+## internal/acl/acl.go
+
+```go
+package acl
+
+import (
+ "database/sql"
+ "errors"
+)
+
+type ACL struct {
+ db *sql.DB
+}
+
+func New(db *sql.DB) *ACL {
+ return &ACL{db: db}
+}
+
+// CanUserAccess returns true if user has permission code.
+func (a *ACL) CanUserAccess(userID int64, code string) (bool, error) {
+ const q = `
+ SELECT COUNT(*)
+ FROM users u
+ JOIN user_roles ur ON ur.user_id = u.id
+ JOIN role_permissions rp ON rp.role_id = ur.role_id
+ JOIN permissions p ON p.id = rp.permission_id
+ WHERE u.id = ? AND p.code = ?
+ `
+ var cnt int
+ if err := a.db.QueryRow(q, userID, code).Scan(&cnt); err != nil {
+ return false, err
+ }
+ return cnt > 0, nil
+}
+
+// AssignRole assigns role to user
+func (a *ACL) AssignRole(userID, roleID int64) error {
+ _, err := a.db.Exec(`INSERT OR IGNORE INTO user_roles(user_id, role_id) VALUES(?, ?)`, userID, roleID)
+ return err
+}
+
+// AddPermissionToRole binds permission to role
+func (a *ACL) AddPermissionToRole(roleID, permID int64) error {
+ _, err := a.db.Exec(`INSERT OR IGNORE INTO role_permissions(role_id, permission_id) VALUES(?, ?)`, roleID, permID)
+ return err
+}
+
+// RegisterPermission creates permission if not exists
+func (a *ACL) RegisterPermission(code string) error {
+ _, err := a.db.Exec(`INSERT OR IGNORE INTO permissions(code) VALUES(?)`, code)
+ return err
+}
+```
+
+---
+
+## internal/acl/middleware.go
+
+```go
+package acl
+
+import (
+ "net/http"
+ "strconv"
+)
+
+// ACLMiddleware protects route by permission code
+func (a *ACL) ACLMiddleware(code string) func(http.Handler) http.Handler {
+ return func(next http.Handler) http.Handler {
+ return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ userIDStr := r.Header.Get("X-User-ID")
+ if userIDStr == "" {
+ http.Error(w, "Unauthenticated", http.StatusUnauthorized)
+ return
+ }
+ userID, _ := strconv.ParseInt(userIDStr, 10, 64)
+
+ ok, err := a.CanUserAccess(userID, code)
+ if err != nil || !ok {
+ http.Error(w, "Forbidden", http.StatusForbidden)
+ return
+ }
+ next.ServeHTTP(w, r)
+ })
+ }
+}
+```
+
+---
+
+## internal/acl/decorator.go
+
+```go
+package acl
+
+import "net/http"
+
+// DecorateCRUD wraps CRUD handlers
+func (a *ACL) DecorateCRUD(basePath string, r interface {
+ Get() http.HandlerFunc
+ List() http.HandlerFunc
+ Create() http.HandlerFunc
+ Update() http.HandlerFunc
+ Delete() http.HandlerFunc
+}) map[string]http.HandlerFunc {
+
+ return map[string]http.HandlerFunc{
+ "GET_ONE": a.ACLMiddleware(basePath+".read")(r.Get()),
+ "GET_LIST": a.ACLMiddleware(basePath+".list")(r.List()),
+ "CREATE": a.ACLMiddleware(basePath+".create")(r.Create()),
+ "UPDATE": a.ACLMiddleware(basePath+".update")(r.Update()),
+ "DELETE": a.ACLMiddleware(basePath+".delete")(r.Delete()),
+ }
+}
+```
+
+---
+
+## sqliteDB/init_acl.sql (auto executed inside InitDB)
+
+```sql
+CREATE TABLE IF NOT EXISTS roles (
+ id INTEGER PRIMARY KEY AUTOINCREMENT,
+ name TEXT UNIQUE NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS permissions (
+ id INTEGER PRIMARY KEY AUTOINCREMENT,
+ code TEXT UNIQUE NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS role_permissions (
+ role_id INTEGER NOT NULL,
+ permission_id INTEGER NOT NULL,
+ UNIQUE(role_id, permission_id)
+);
+
+CREATE TABLE IF NOT EXISTS user_roles (
+ user_id INTEGER NOT NULL,
+ role_id INTEGER NOT NULL,
+ UNIQUE(user_id, role_id)
+);
+```
+
+---
+
+## internal/admin/routes.go
+
+```go
+package admin
+
+import (
+ "database/sql"
+ "encoding/json"
+ "net/http"
+ "MyServer/internal/acl"
+)
+
+type Admin struct {
+ DB *sql.DB
+ ACL *acl.ACL
+}
+
+func (a *Admin) Register(r chi.Router) {
+ r.Get("/roles", a.listRoles)
+ r.Post("/roles", a.addRole)
+ r.Post("/assign", a.assignRole)
+}
+
+func (a *Admin) listRoles(w http.ResponseWriter, r *http.Request) {
+ rows, _ := a.DB.Query(`SELECT id, name FROM roles`)
+ defer rows.Close()
+ var out []map[string]interface{}
+ for rows.Next() {
+ var id int64
+ var name string
+ rows.Scan(&id, &name)
+ out = append(out, map[string]interface{}{ "id": id, "name": name })
+ }
+ json.NewEncoder(w).Encode(out)
+}
+
+func (a *Admin) addRole(w http.ResponseWriter, r *http.Request) {
+ var body struct{ Name string }
+ json.NewDecoder(r.Body).Decode(&body)
+ _, _ = a.DB.Exec(`INSERT INTO roles(name) VALUES(?)`, body.Name)
+}
+
+func (a *Admin) assignRole(w http.ResponseWriter, r *http.Request) {
+ var body struct{ UserID, RoleID int64 }
+ json.NewDecoder(r.Body).Decode(&body)
+ a.ACL.AssignRole(body.UserID, body.RoleID)
+}
+```
+
+---
+
+## app/server.go (patched to include admin & ACL)
+
+```go
+// inside ServerStart()
+aclEngine := acl.New(db)
+r.Route("/admin", func(ad chi.Router) {
+ adminModule := &admin.Admin{DB: db, ACL: aclEngine}
+ adminModule.Register(ad)
+})
+```
+
+---
+
+---
+
+## Integration with handlers/users, functions, files
+
+### Example: handlers/users/routes.go
+
+```go
+func RegisterRoutes(r chi.Router, db *sql.DB, aut *auth.Auth, acl *acl.ACL) {
+ r.Group(func(gr chi.Router) {
+ gr.Use(aut.AuthMiddleware)
+
+ gr.With(acl.ACLMiddleware("users.list")).Get("/", listUsers(db))
+ gr.With(acl.ACLMiddleware("users.read")).Get("/{id}", getUser(db))
+ gr.With(acl.ACLMiddleware("users.create")).Post("/", createUser(db))
+ gr.With(acl.ACLMiddleware("users.update")).Put("/{id}", updateUser(db))
+ gr.With(acl.ACLMiddleware("users.delete")).Delete("/{id}", deleteUser(db))
+ })
+}
+```
+
+### Example: handlers/functions/routes.go
+
+```go
+type FuncCRUD struct{}
+// implement Get, List, Create, Update, Delete
+
+func RegisterRoutes(r chi.Router, db *sql.DB, aut *auth.Auth, acl *acl.ACL) {
+ r.Group(func(gr chi.Router) {
+ gr.Use(aut.AuthMiddleware)
+
+ crud := &FuncCRUD{}
+ wrapped := acl.DecorateCRUD("functions", crud)
+
+ gr.Get("/", wrapped["GET_LIST"])
+ gr.Get("/{id}", wrapped["GET_ONE"])
+ gr.Post("/", wrapped["CREATE"])
+ gr.Put("/{id}", wrapped["UPDATE"])
+ gr.Delete("/{id}", wrapped["DELETE"])
+ })
+}
+```
+
+### Example: handlers/files/routes.go
+
+```go
+func RegisterRoutes(r chi.Router, db *sql.DB, aut *auth.Auth, acl *acl.ACL) {
+ r.Group(func(gr chi.Router) {
+ gr.Use(aut.AuthMiddleware)
+
+ gr.With(acl.ACLMiddleware("files.upload")).Post("/upload", uploadFile(db))
+ gr.With(acl.ACLMiddleware("files.download")).Get("/download/{id}", downloadFile(db))
+ gr.With(acl.ACLMiddleware("files.delete")).Delete("/{id}", deleteFile(db))
+ })
+}
+```
+
+### Update app/server.go registration
+
+```go
+aclEngine := acl.New(db)
+
+r.Route("/api", func(api chi.Router) {
+ api.Route("/users", func(u chi.Router) {
+ users.RegisterRoutes(u, db, aut, aclEngine)
+ })
+ api.Route("/functions", func(u chi.Router) {
+ functions.RegisterRoutes(u, db, aut, aclEngine)
+ })
+ api.Route("/files", func(u chi.Router) {
+ files.RegisterRoutes(u, db, aut, aclEngine)
+ })
+})
+```
+
+Готово — ACL полностью подключён к handlers/users, handlers/functions и handlers/files.
+Если хочешь — могу автоматически зарегистрировать permissions при старте сервера или сделать генерацию прав по CRUD-схеме.
diff --git a/static/blocks/pages/gpt/script.js b/static/blocks/pages/gpt/script.js
new file mode 100644
index 0000000..e69de29
diff --git a/static/blocks/pages/gpt/style.css b/static/blocks/pages/gpt/style.css
new file mode 100644
index 0000000..e69de29
diff --git a/static/blocks/pages/home/content.md b/static/blocks/pages/home/content.md
new file mode 100644
index 0000000..c1a95cf
--- /dev/null
+++ b/static/blocks/pages/home/content.md
@@ -0,0 +1,6 @@
+# Главная страница
+
+Добро пожаловать!
+Это **SPA на Go**, где контент хранится в файлах Markdown.
+
+Вы можете редактировать эти файлы без перекомпиляции проекта!
diff --git a/static/blocks/pages/home/script.js b/static/blocks/pages/home/script.js
new file mode 100644
index 0000000..e69de29
diff --git a/static/blocks/pages/home/style.css b/static/blocks/pages/home/style.css
new file mode 100644
index 0000000..e69de29
diff --git a/static/blocks/pages/login/content.md b/static/blocks/pages/login/content.md
new file mode 100644
index 0000000..78774af
--- /dev/null
+++ b/static/blocks/pages/login/content.md
@@ -0,0 +1,17 @@
+