feat(render+admin): exports management (all users' rendered videos)

- render-svc: admin-scoped store (ListAllExports / GetExportByIDAny /
  SoftDeleteExportAny) + GET/DELETE/download-url under /v1/admin-exports
  (admin-gated; separate prefix so it routes to render, not identity's /admin)
- gateway: /v1/admin-exports/* → render
- admin /admin/exports: paginated table of every rendered export with thumbnail,
  type/quality, size, duration, dimensions, produce + expiry dates; download
  (presigned URL) and delete

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

services/render/cmd/server/main.go

@@ -145,6 +145,14 @@ func main() {
 		nodeFonts.DELETE("/:id", fontH.Delete)
 	}
 
+	// ── Exports management (admin: all users' rendered videos) ────────────────
+	adminExports := v1.Group("/admin-exports", auth, admin)
+	{
+		adminExports.GET("", exportH.AdminList)
+		adminExports.DELETE("/:export_id", exportH.AdminDelete)
+		adminExports.GET("/:export_id/download-url", exportH.AdminDownloadURL)
+	}
+
 	// ── Internal (node agents only — HMAC auth) ───────────────────────────────
 	internal := v1.Group("/internal", nodeAuth)
 	{

services/render/internal/db/exports_admin.go

@@ -0,0 +1,63 @@
+package db
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/flatrender/render-svc/internal/models"
+	"github.com/google/uuid"
+)
+
+const exportCols = `id, tenant_id, user_id, saved_project_id, project_id, render_job_id,
+	image, path, file_extension, file_type::text, render_quality::text,
+	create_type::text, size_bytes, duration_sec, width, height,
+	produce_date, auto_delete_date, delete_notified, created_at, deleted_at`
+
+// ListAllExports returns every export across users (admin view), paginated.
+func (s *Store) ListAllExports(ctx context.Context, page, pageSize int) ([]*models.Export, int64, error) {
+	var total int64
+	_ = s.pool.QueryRow(ctx, `SELECT COUNT(*) FROM render.exports WHERE deleted_at IS NULL`).Scan(&total)
+
+	rows, err := s.pool.Query(ctx,
+		`SELECT `+exportCols+`
+		 FROM render.exports WHERE deleted_at IS NULL
+		 ORDER BY produce_date DESC LIMIT $1 OFFSET $2`,
+		pageSize, (page-1)*pageSize)
+	if err != nil {
+		return nil, 0, err
+	}
+	defer rows.Close()
+	exports, err := scanExports(rows)
+	return exports, total, err
+}
+
+// GetExportByIDAny fetches an export regardless of owner (admin).
+func (s *Store) GetExportByIDAny(ctx context.Context, id uuid.UUID) (*models.Export, error) {
+	rows, err := s.pool.Query(ctx,
+		`SELECT `+exportCols+` FROM render.exports WHERE id = $1 AND deleted_at IS NULL`, id)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	exports, err := scanExports(rows)
+	if err != nil {
+		return nil, err
+	}
+	if len(exports) == 0 {
+		return nil, fmt.Errorf("export not found")
+	}
+	return exports[0], nil
+}
+
+// SoftDeleteExportAny deletes an export regardless of owner (admin).
+func (s *Store) SoftDeleteExportAny(ctx context.Context, id uuid.UUID) error {
+	tag, err := s.pool.Exec(ctx,
+		`UPDATE render.exports SET deleted_at = NOW() WHERE id = $1 AND deleted_at IS NULL`, id)
+	if err != nil {
+		return err
+	}
+	if tag.RowsAffected() == 0 {
+		return fmt.Errorf("export not found")
+	}
+	return nil
+}

services/render/internal/handlers/exports_admin.go

@@ -0,0 +1,71 @@
+package handlers
+
+import (
+	"context"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/flatrender/render-svc/internal/models"
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+)
+
+// GET /v1/admin-exports — all exports across users (admin)
+func (h *ExportHandler) AdminList(c *gin.Context) {
+	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
+	if page < 1 {
+		page = 1
+	}
+	pageSize, _ := strconv.Atoi(c.DefaultQuery("pageSize", "30"))
+	if pageSize < 1 || pageSize > 100 {
+		pageSize = 30
+	}
+	exports, total, err := h.store.ListAllExports(c.Request.Context(), page, pageSize)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, models.APIError{Code: "internal_error", Message: err.Error()})
+		return
+	}
+	if exports == nil {
+		exports = []*models.Export{}
+	}
+	c.JSON(http.StatusOK, models.PagedResponse[*models.Export]{
+		Data: exports,
+		Meta: models.PaginationMeta{Page: page, PageSize: pageSize, Total: total},
+	})
+}
+
+// DELETE /v1/admin-exports/:export_id (admin)
+func (h *ExportHandler) AdminDelete(c *gin.Context) {
+	exportID, err := uuid.Parse(c.Param("export_id"))
+	if err != nil {
+		c.JSON(http.StatusBadRequest, models.APIError{Code: "bad_request", Message: "invalid export_id"})
+		return
+	}
+	if err := h.store.SoftDeleteExportAny(c.Request.Context(), exportID); err != nil {
+		c.JSON(http.StatusNotFound, models.APIError{Code: "not_found", Message: err.Error()})
+		return
+	}
+	c.Status(http.StatusNoContent)
+}
+
+// GET /v1/admin-exports/:export_id/download-url (admin)
+func (h *ExportHandler) AdminDownloadURL(c *gin.Context) {
+	exportID, err := uuid.Parse(c.Param("export_id"))
+	if err != nil {
+		c.JSON(http.StatusBadRequest, models.APIError{Code: "bad_request", Message: "invalid export_id"})
+		return
+	}
+	exp, err := h.store.GetExportByIDAny(c.Request.Context(), exportID)
+	if err != nil {
+		c.JSON(http.StatusNotFound, models.APIError{Code: "not_found", Message: err.Error()})
+		return
+	}
+	expiry := 15 * time.Minute
+	url, err := h.minio.PresignedGetObject(context.Background(), h.bucket, exp.Path, expiry, nil)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, models.APIError{Code: "internal_error", Message: "could not generate download URL"})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{"url": url.String(), "expires_at": time.Now().Add(expiry)})
+}