Additional security and hardening.

handlers/admin/draws.go

@@ -3,9 +3,11 @@ package handlers
 import (
 	"database/sql"
 	"html/template"
+	"log"
 	"net/http"
 
 	helpers "synlotto-website/helpers"
+	"synlotto-website/models"
 )
 
 func NewDrawHandler(db *sql.DB) http.HandlerFunc {
@@ -70,3 +72,41 @@ func DeleteDrawHandler(db *sql.DB) http.HandlerFunc {
 		}
 	})
 }
+
+func ListDrawsHandler(db *sql.DB) http.HandlerFunc {
+	return helpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
+		context := helpers.TemplateContext(w, r)
+		draws := []models.DrawSummary{}
+
+		rows, err := db.Query(`
+			SELECT r.id, r.game_type, r.draw_date, r.ball_set, r.machine,
+			       (SELECT COUNT(1) FROM prizes_thunderball p WHERE p.draw_date = r.draw_date) as prize_exists
+			FROM results_thunderball r
+			ORDER BY r.draw_date DESC
+		`)
+		if err != nil {
+			http.Error(w, "Failed to query draws", http.StatusInternalServerError)
+			return
+		}
+		defer rows.Close()
+
+		for rows.Next() {
+			var d models.DrawSummary
+			var prizeFlag int
+			if err := rows.Scan(&d.Id, &d.GameType, &d.DrawDate, &d.BallSet, &d.Machine, &prizeFlag); err != nil {
+				log.Println("⚠️ Draw scan failed:", err)
+				continue
+			}
+			d.PrizeSet = prizeFlag > 0
+			draws = append(draws, d)
+		}
+
+		context["Draws"] = draws
+
+		tmpl := template.Must(template.New("draw_list").Funcs(helpers.TemplateFuncs()).ParseFiles(
+			"templates/layout.html",
+			"templates/admin/draws/list.html",
+		))
+		tmpl.ExecuteTemplate(w, "layout", context)
+	})
+}