feat(admin): add a snowflake reservation system (#34)

fluxer_api/src/admin/AdminService.ts

@@ -34,6 +34,7 @@ import type {PendingJoinInviteStore} from '~/infrastructure/PendingJoinInviteSto
 import type {RedisBulkMessageDeletionQueueService} from '~/infrastructure/RedisBulkMessageDeletionQueueService';
 import type {SnowflakeService} from '~/infrastructure/SnowflakeService';
 import type {UserCacheService} from '~/infrastructure/UserCacheService';
+import {SnowflakeReservationRepository} from '~/instance/SnowflakeReservationRepository';
 import type {InviteRepository} from '~/invite/InviteRepository';
 import type {InviteService} from '~/invite/InviteService';
 import type {RequestCache} from '~/middleware/RequestCacheMiddleware';
@@ -107,6 +108,7 @@ import {AdminMessageService} from './services/AdminMessageService';
 import {AdminMessageShredService} from './services/AdminMessageShredService';
 import {AdminReportService} from './services/AdminReportService';
 import {AdminSearchService} from './services/AdminSearchService';
+import {AdminSnowflakeReservationService} from './services/AdminSnowflakeReservationService';
 import {AdminUserService} from './services/AdminUserService';
 import {AdminVoiceService} from './services/AdminVoiceService';
 
@@ -133,6 +135,7 @@ export class AdminService {
 	private readonly searchService: AdminSearchService;
 	private readonly codeGenerationService: AdminCodeGenerationService;
 	private readonly assetPurgeService: AdminAssetPurgeService;
+	private readonly snowflakeReservationService: AdminSnowflakeReservationService;
 
 	constructor(
 		private readonly userRepository: IUserRepository,
@@ -235,6 +238,12 @@ export class AdminService {
 			snowflakeService: this.snowflakeService,
 			auditService: this.auditService,
 		});
+
+		this.snowflakeReservationService = new AdminSnowflakeReservationService({
+			repository: new SnowflakeReservationRepository(),
+			cacheService: this.cacheService,
+			auditService: this.auditService,
+		});
 		this.codeGenerationService = new AdminCodeGenerationService(this.userRepository);
 	}
 
@@ -242,6 +251,22 @@ export class AdminService {
 		return this.userService.lookupUser(data);
 	}
 
+	async listSnowflakeReservations() {
+		return this.snowflakeReservationService.listReservations();
+	}
+
+	async setSnowflakeReservation(
+		data: {email: string; snowflake: string},
+		adminUserId: UserID,
+		auditLogReason: string | null,
+	) {
+		return this.snowflakeReservationService.setReservation(data, adminUserId, auditLogReason);
+	}
+
+	async deleteSnowflakeReservation(data: {email: string}, adminUserId: UserID, auditLogReason: string | null) {
+		return this.snowflakeReservationService.deleteReservation(data, adminUserId, auditLogReason);
+	}
+
 	async updateUserFlags(args: {
 		userId: UserID;
 		data: {addFlags: Array<bigint>; removeFlags: Array<bigint>};

fluxer_api/src/admin/controllers/SnowflakeReservationAdminController.ts

@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2026 Fluxer Contributors
+ *
+ * This file is part of Fluxer.
+ *
+ * Fluxer is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Fluxer is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import type {HonoApp} from '~/App';
+import type {
+	AddSnowflakeReservationRequest,
+	DeleteSnowflakeReservationRequest,
+	ListSnowflakeReservationsResponse,
+} from '~/admin/models/SnowflakeReservationTypes';
+import {AdminACLs} from '~/Constants';
+import {requireAdminACL} from '~/middleware/AdminMiddleware';
+import {RateLimitMiddleware} from '~/middleware/RateLimitMiddleware';
+import {RateLimitConfigs} from '~/RateLimitConfig';
+import {EmailType, Int64Type, z} from '~/Schema';
+import {Validator} from '~/Validator';
+
+export const SnowflakeReservationAdminController = (app: HonoApp) => {
+	app.post(
+		'/admin/snowflake-reservations/list',
+		RateLimitMiddleware(RateLimitConfigs.ADMIN_LOOKUP),
+		requireAdminACL(AdminACLs.INSTANCE_SNOWFLAKE_RESERVATION_VIEW),
+		async (ctx) => {
+			const adminService = ctx.get('adminService');
+			const reservations = await adminService.listSnowflakeReservations();
+
+			return ctx.json<ListSnowflakeReservationsResponse>({
+				reservations,
+			});
+		},
+	);
+
+	app.post(
+		'/admin/snowflake-reservations/add',
+		RateLimitMiddleware(RateLimitConfigs.ADMIN_USER_MODIFY),
+		requireAdminACL(AdminACLs.INSTANCE_SNOWFLAKE_RESERVATION_MANAGE),
+		Validator(
+			'json',
+			z.object({
+				email: EmailType,
+				snowflake: Int64Type.transform((val) => val.toString()),
+			}),
+		),
+		async (ctx) => {
+			const adminService = ctx.get('adminService');
+			const adminUserId = ctx.get('adminUserId');
+			const auditLogReason = ctx.get('auditLogReason');
+			const data = ctx.req.valid('json') as AddSnowflakeReservationRequest;
+
+			await adminService.setSnowflakeReservation(data, adminUserId, auditLogReason);
+			return ctx.json({success: true});
+		},
+	);
+
+	app.post(
+		'/admin/snowflake-reservations/delete',
+		RateLimitMiddleware(RateLimitConfigs.ADMIN_USER_MODIFY),
+		requireAdminACL(AdminACLs.INSTANCE_SNOWFLAKE_RESERVATION_MANAGE),
+		Validator('json', z.object({email: EmailType})),
+		async (ctx) => {
+			const adminService = ctx.get('adminService');
+			const adminUserId = ctx.get('adminUserId');
+			const auditLogReason = ctx.get('auditLogReason');
+			const data = ctx.req.valid('json') as DeleteSnowflakeReservationRequest;
+
+			await adminService.deleteSnowflakeReservation(data, adminUserId, auditLogReason);
+			return ctx.json({success: true});
+		},
+	);
+};

fluxer_api/src/admin/controllers/index.ts

@@ -31,6 +31,7 @@ import {InstanceConfigAdminController} from './InstanceConfigAdminController';
 import {MessageAdminController} from './MessageAdminController';
 import {ReportAdminController} from './ReportAdminController';
 import {SearchAdminController} from './SearchAdminController';
+import {SnowflakeReservationAdminController} from './SnowflakeReservationAdminController';
 import {UserAdminController} from './UserAdminController';
 import {VerificationAdminController} from './VerificationAdminController';
 import {VoiceAdminController} from './VoiceAdminController';
@@ -42,6 +43,7 @@ export const registerAdminControllers = (app: HonoApp) => {
 	AssetAdminController(app);
 	BanAdminController(app);
 	InstanceConfigAdminController(app);
+	SnowflakeReservationAdminController(app);
 	MessageAdminController(app);
 	BulkAdminController(app);
 	AuditLogAdminController(app);

fluxer_api/src/admin/models/SnowflakeReservationTypes.ts

@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2026 Fluxer Contributors
+ *
+ * This file is part of Fluxer.
+ *
+ * Fluxer is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Fluxer is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+export interface SnowflakeReservationEntry {
+	email: string;
+	snowflake: string;
+	updated_at: string | null;
+}
+
+export interface ListSnowflakeReservationsResponse {
+	reservations: Array<SnowflakeReservationEntry>;
+}
+
+export interface AddSnowflakeReservationRequest {
+	email: string;
+	snowflake: string;
+}
+
+export interface DeleteSnowflakeReservationRequest {
+	email: string;
+}

fluxer_api/src/admin/models/index.ts

@@ -25,6 +25,7 @@ export * from './CodeRequestTypes';
 export * from './GuildRequestTypes';
 export * from './GuildTypes';
 export * from './MessageTypes';
+export * from './SnowflakeReservationTypes';
 export * from './UserRequestTypes';
 export * from './UserTypes';
 export * from './VoiceTypes';

fluxer_api/src/admin/services/AdminSnowflakeReservationService.ts

@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2026 Fluxer Contributors
+ *
+ * This file is part of Fluxer.
+ *
+ * Fluxer is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Fluxer is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import type {UserID} from '~/BrandedTypes';
+import {SNOWFLAKE_RESERVATION_REFRESH_CHANNEL} from '~/constants/InstanceConfig';
+import {InputValidationError} from '~/Errors';
+import type {ICacheService} from '~/infrastructure/ICacheService';
+import type {SnowflakeReservationRepository} from '~/instance/SnowflakeReservationRepository';
+import type {AdminAuditService} from './AdminAuditService';
+
+interface AdminSnowflakeReservationServiceDeps {
+	repository: SnowflakeReservationRepository;
+	cacheService: ICacheService;
+	auditService: AdminAuditService;
+}
+
+export class AdminSnowflakeReservationService {
+	constructor(private readonly deps: AdminSnowflakeReservationServiceDeps) {}
+
+	async listReservations() {
+		const {repository} = this.deps;
+		const entries = await repository.listReservations();
+		return entries.map((entry) => ({
+			email: entry.emailKey,
+			snowflake: entry.snowflake.toString(),
+			updated_at: entry.updatedAt ? entry.updatedAt.toISOString() : null,
+		}));
+	}
+
+	async setReservation(data: {email: string; snowflake: string}, adminUserId: UserID, auditLogReason: string | null) {
+		const {repository, cacheService, auditService} = this.deps;
+		const emailLower = data.email.toLowerCase();
+
+		if (!emailLower) {
+			throw InputValidationError.create('email', 'Invalid email address');
+		}
+
+		let snowflakeValue: bigint;
+		try {
+			snowflakeValue = BigInt(data.snowflake);
+		} catch {
+			throw InputValidationError.create('snowflake', 'Invalid snowflake');
+		}
+
+		await repository.setReservation(emailLower, snowflakeValue);
+		await cacheService.publish(SNOWFLAKE_RESERVATION_REFRESH_CHANNEL, 'refresh');
+
+		await auditService.createAuditLog({
+			adminUserId,
+			targetType: 'snowflake_reservation',
+			targetId: BigInt(0),
+			action: 'set_snowflake_reservation',
+			auditLogReason,
+			metadata: new Map([
+				['email', emailLower],
+				['snowflake', snowflakeValue.toString()],
+			]),
+		});
+	}
+
+	async deleteReservation(data: {email: string}, adminUserId: UserID, auditLogReason: string | null) {
+		const {repository, cacheService, auditService} = this.deps;
+		const emailLower = data.email.toLowerCase();
+
+		if (!emailLower) {
+			throw InputValidationError.create('email', 'Invalid email address');
+		}
+
+		await repository.deleteReservation(emailLower);
+		await cacheService.publish(SNOWFLAKE_RESERVATION_REFRESH_CHANNEL, 'refresh');
+
+		await auditService.createAuditLog({
+			adminUserId,
+			targetType: 'snowflake_reservation',
+			targetId: BigInt(0),
+			action: 'delete_snowflake_reservation',
+			auditLogReason,
+			metadata: new Map([['email', emailLower]]),
+		});
+	}
+}