pontus/pontus-front
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

adds user accounts, service requests, dashboard, admin panel, better layout, db+altcha+auth support

Browse source
This commit is contained in:
Aidan 2025-07-07 20:01:59 -04:00
parent dfbc3cade9
commit 0043a5bf3c
40 changed files with 3981 additions and 188 deletions
Download patch file Download diff file Expand all files Collapse all files

103
app/api/admin/activity/route.ts Normal file
View file

@ -0,0 +1,103 @@
import { db } from "@/db";
import { serviceRequests, user, userServices, services } from "@/db/schema";
import { auth } from "@/util/auth";
import { eq, gte, desc, sql } from "drizzle-orm";
import { NextRequest } from "next/server";
export async function GET(request: NextRequest) {
try {
const session = await auth.api.getSession({
headers: request.headers
});
if (!session || session.user.role !== 'admin') {
return Response.json({ error: "Unauthorized" }, { status: 401 });
}
const url = new URL(request.url);
const period = url.searchParams.get('period') || '7';
const daysAgo = parseInt(period);
const startDate = new Date();
startDate.setDate(startDate.getDate() - daysAgo);
const requestActivity = await db.select({
date: sql<string>`DATE(${serviceRequests.createdAt})`,
count: sql<number>`COUNT(*)`,
status: serviceRequests.status
})
.from(serviceRequests)
.where(gte(serviceRequests.createdAt, startDate))
.groupBy(sql`DATE(${serviceRequests.createdAt})`, serviceRequests.status)
.orderBy(sql`DATE(${serviceRequests.createdAt})`);
const userActivity = await db.select({
date: sql<string>`DATE(${user.createdAt})`,
count: sql<number>`COUNT(*)`
})
.from(user)
.where(gte(user.createdAt, startDate))
.groupBy(sql`DATE(${user.createdAt})`)
.orderBy(sql`DATE(${user.createdAt})`);
const accessActivity = await db.select({
date: sql<string>`DATE(${userServices.grantedAt})`,
count: sql<number>`COUNT(*)`
})
.from(userServices)
.where(gte(userServices.grantedAt, startDate))
.groupBy(sql`DATE(${userServices.grantedAt})`)
.orderBy(sql`DATE(${userServices.grantedAt})`);
const recentActivity = await db.select({
id: serviceRequests.id,
type: sql<string>`'request'`,
description: sql<string>`CONCAT(${user.name}, ' requested access to ', ${services.name})`,
status: serviceRequests.status,
createdAt: serviceRequests.createdAt,
userName: user.name,
serviceName: services.name
})
.from(serviceRequests)
.innerJoin(user, eq(serviceRequests.userId, user.id))
.innerJoin(services, eq(serviceRequests.serviceId, services.id))
.where(gte(serviceRequests.createdAt, startDate))
.orderBy(desc(serviceRequests.createdAt))
.limit(20);
const servicePopularity = await db.select({
serviceName: services.name,
requestCount: sql<number>`COUNT(${serviceRequests.id})`,
approvedCount: sql<number>`COUNT(CASE WHEN ${serviceRequests.status} = 'approved' THEN 1 END)`
})
.from(services)
.leftJoin(serviceRequests, eq(services.id, serviceRequests.serviceId))
.where(gte(serviceRequests.createdAt, startDate))
.groupBy(services.id, services.name)
.orderBy(sql`COUNT(${serviceRequests.id}) DESC`)
.limit(10);
const totals = await db.select({
totalRequests: sql<number>`COUNT(DISTINCT ${serviceRequests.id})`,
totalUsers: sql<number>`COUNT(DISTINCT ${user.id})`,
totalAccess: sql<number>`COUNT(DISTINCT ${userServices.id})`
})
.from(serviceRequests)
.fullJoin(user, gte(user.createdAt, startDate))
.fullJoin(userServices, gte(userServices.grantedAt, startDate))
.where(gte(serviceRequests.createdAt, startDate));
return Response.json({
requestActivity,
userActivity,
accessActivity,
recentActivity,
servicePopularity,
totals: totals[0] || { totalRequests: 0, totalUsers: 0, totalAccess: 0 },
period: daysAgo
});
} catch (error) {
console.error("Error fetching activity data:", error);
return Response.json({ error: "Internal server error" }, { status: 500 });
}
}

121
app/api/admin/requests/route.ts Normal file
View file

@ -0,0 +1,121 @@
import { db } from "@/db";
import { serviceRequests, services, user, userServices } from "@/db/schema";
import { auth } from "@/util/auth";
import { eq, and } from "drizzle-orm";
import { NextRequest } from "next/server";
import { nanoid } from "nanoid";
export async function GET(request: NextRequest) {
try {
const session = await auth.api.getSession({
headers: request.headers
});
if (!session || session.user.role !== 'admin') {
return Response.json({ error: "Unauthorized" }, { status: 401 });
}
const allRequests = await db.select({
id: serviceRequests.id,
reason: serviceRequests.reason,
status: serviceRequests.status,
adminNotes: serviceRequests.adminNotes,
reviewedAt: serviceRequests.reviewedAt,
createdAt: serviceRequests.createdAt,
updatedAt: serviceRequests.updatedAt,
userId: serviceRequests.userId,
userName: user.name,
userEmail: user.email,
serviceName: services.name,
serviceDescription: services.description
})
.from(serviceRequests)
.innerJoin(services, eq(serviceRequests.serviceId, services.id))
.innerJoin(user, eq(serviceRequests.userId, user.id))
.orderBy(serviceRequests.createdAt);
return Response.json({ requests: allRequests });
} catch (error) {
console.error("Error fetching admin requests:", error);
return Response.json({ error: "Internal server error" }, { status: 500 });
}
}
export async function PUT(request: NextRequest) {
try {
const session = await auth.api.getSession({
headers: request.headers
});
if (!session || session.user.role !== 'admin') {
return Response.json({ error: "Unauthorized" }, { status: 401 });
}
const { requestId, status, adminNotes } = await request.json();
if (!requestId || !status) {
return Response.json({ error: "Request ID and status are required" }, { status: 400 });
}
if (!['pending', 'approved', 'denied'].includes(status)) {
return Response.json({ error: "Invalid status" }, { status: 400 });
}
const serviceRequest = await db.select({
userId: serviceRequests.userId,
serviceId: serviceRequests.serviceId,
currentStatus: serviceRequests.status
})
.from(serviceRequests)
.where(eq(serviceRequests.id, requestId))
.limit(1);
if (serviceRequest.length === 0) {
return Response.json({ error: "Request not found" }, { status: 404 });
}
await db.update(serviceRequests)
.set({
status,
adminNotes,
reviewedBy: session.user.id,
reviewedAt: new Date(),
updatedAt: new Date()
})
.where(eq(serviceRequests.id, requestId));
if (status === 'approved' && serviceRequest[0].currentStatus !== 'approved') {
const existingAccess = await db.select()
.from(userServices)
.where(and(
eq(userServices.userId, serviceRequest[0].userId),
eq(userServices.serviceId, serviceRequest[0].serviceId)
))
.limit(1);
if (existingAccess.length === 0) {
await db.insert(userServices).values({
id: nanoid(),
userId: serviceRequest[0].userId,
serviceId: serviceRequest[0].serviceId,
grantedBy: session.user.id,
grantedAt: new Date(),
createdAt: new Date()
});
}
}
if (status === 'denied' && serviceRequest[0].currentStatus === 'approved') {
await db.delete(userServices)
.where(and(
eq(userServices.userId, serviceRequest[0].userId),
eq(userServices.serviceId, serviceRequest[0].serviceId)
));
}
return Response.json({ success: true });
} catch (error) {
console.error("Error updating request:", error);
return Response.json({ error: "Internal server error" }, { status: 500 });
}
}

165
app/api/admin/services/route.ts Normal file
View file

@ -0,0 +1,165 @@
import { db } from "@/db";
import { services, userServices, user } from "@/db/schema";
import { auth } from "@/util/auth";
import { eq, and } from "drizzle-orm";
import { NextRequest } from "next/server";
import { nanoid } from "nanoid";
export async function GET(request: NextRequest) {
try {
const session = await auth.api.getSession({
headers: request.headers
});
if (!session || session.user.role !== 'admin') {
return Response.json({ error: "Unauthorized" }, { status: 401 });
}
const allServices = await db.select({
id: services.id,
name: services.name,
description: services.description,
priceStatus: services.priceStatus,
joinLink: services.joinLink,
enabled: services.enabled,
createdAt: services.createdAt,
updatedAt: services.updatedAt
})
.from(services)
.orderBy(services.name);
const serviceAssignments = await db.select({
serviceId: userServices.serviceId,
userId: userServices.userId,
userName: user.name,
userEmail: user.email,
grantedAt: userServices.grantedAt
})
.from(userServices)
.innerJoin(user, eq(userServices.userId, user.id))
.orderBy(user.name);
const servicesWithUsers = allServices.map(service => ({
...service,
users: serviceAssignments.filter(assignment => assignment.serviceId === service.id)
}));
return Response.json({ services: servicesWithUsers });
} catch (error) {
console.error("Error fetching services:", error);
return Response.json({ error: "Internal server error" }, { status: 500 });
}
}
export async function POST(request: NextRequest) {
try {
const session = await auth.api.getSession({
headers: request.headers
});
if (!session || session.user.role !== 'admin') {
return Response.json({ error: "Unauthorized" }, { status: 401 });
}
const { action, userId, serviceId } = await request.json();
if (!action || !userId || !serviceId) {
return Response.json({ error: "Action, user ID, and service ID are required" }, { status: 400 });
}
if (action === 'grant') {
const existingAccess = await db.select()
.from(userServices)
.where(and(
eq(userServices.userId, userId),
eq(userServices.serviceId, serviceId)
))
.limit(1);
if (existingAccess.length > 0) {
return Response.json({ error: "User already has access to this service" }, { status: 400 });
}
await db.insert(userServices).values({
id: nanoid(),
userId,
serviceId,
grantedBy: session.user.id,
grantedAt: new Date(),
createdAt: new Date()
});
return Response.json({ success: true, message: "Access granted" });
} else if (action === 'revoke') {
await db.delete(userServices)
.where(and(
eq(userServices.userId, userId),
eq(userServices.serviceId, serviceId)
));
return Response.json({ success: true, message: "Access revoked" });
} else {
return Response.json({ error: "Invalid action. Use 'grant' or 'revoke'" }, { status: 400 });
}
} catch (error) {
console.error("Error managing service access:", error);
return Response.json({ error: "Internal server error" }, { status: 500 });
}
}
export async function PUT(request: NextRequest) {
try {
const session = await auth.api.getSession({
headers: request.headers
});
if (!session || session.user.role !== 'admin') {
return Response.json({ error: "Unauthorized" }, { status: 401 });
}
const { serviceId, enabled, priceStatus, description, joinLink } = await request.json();
if (!serviceId) {
return Response.json({ error: "Service ID is required" }, { status: 400 });
}
const updates: {
updatedAt: Date;
enabled?: boolean;
priceStatus?: string;
description?: string;
joinLink?: string | null;
} = {
updatedAt: new Date()
};
if (typeof enabled === 'boolean') {
updates.enabled = enabled;
}
if (priceStatus && ['open', 'invite-only', 'by-request'].includes(priceStatus)) {
updates.priceStatus = priceStatus;
}
if (description !== undefined) {
updates.description = description;
}
if (joinLink !== undefined) {
updates.joinLink = joinLink || null;
}
await db.update(services)
.set(updates)
.where(eq(services.id, serviceId));
return Response.json({ success: true, message: "Service updated successfully" });
} catch (error) {
console.error("Error updating service:", error);
return Response.json({ error: "Internal server error" }, { status: 500 });
}
}

68
app/api/admin/users/route.ts Normal file
View file

@ -0,0 +1,68 @@
import { db } from "@/db";
import { user } from "@/db/schema";
import { auth } from "@/util/auth";
import { eq } from "drizzle-orm";
import { NextRequest } from "next/server";
export async function GET(request: NextRequest) {
try {
const session = await auth.api.getSession({
headers: request.headers
});
if (!session || session.user.role !== 'admin') {
return Response.json({ error: "Unauthorized" }, { status: 401 });
}
const allUsers = await db.select({
id: user.id,
name: user.name,
email: user.email,
emailVerified: user.emailVerified,
role: user.role,
createdAt: user.createdAt,
updatedAt: user.updatedAt
})
.from(user)
.orderBy(user.createdAt);
return Response.json({ users: allUsers });
} catch (error) {
console.error("Error fetching users:", error);
return Response.json({ error: "Internal server error" }, { status: 500 });
}
}
export async function PUT(request: NextRequest) {
try {
const session = await auth.api.getSession({
headers: request.headers
});
if (!session || session.user.role !== 'admin') {
return Response.json({ error: "Unauthorized" }, { status: 401 });
}
const { userId, role } = await request.json();
if (!userId || !role) {
return Response.json({ error: "User ID and role are required" }, { status: 400 });
}
if (!['user', 'admin'].includes(role)) {
return Response.json({ error: "Invalid role" }, { status: 400 });
}
await db.update(user)
.set({
role,
updatedAt: new Date()
})
.where(eq(user.id, userId));
return Response.json({ success: true });
} catch (error) {
console.error("Error updating user:", error);
return Response.json({ error: "Internal server error" }, { status: 500 });
}
}