fix(admin): key tunnels by user_id, server-side initial list load, full-scan user search

app/api/admin/tunnels/[id]/active/route.ts

@@ -38,7 +38,7 @@ export async function POST(
   const { data, error } = await admin
     .from('tunnels')
     .update({ is_active: isActive })
-    .eq('id', id)
+    .eq('user_id', id)
     .select('subdomain')
     .maybeSingle<{ subdomain: string }>();
   if (error) {

app/api/admin/tunnels/[id]/quota/route.ts

@@ -40,7 +40,7 @@ export async function POST(
   const { data, error } = await admin
     .from('tunnels')
     .update({ quota_bytes: parsed.value })
-    .eq('id', id)
+    .eq('user_id', id)
     .select('subdomain')
     .maybeSingle<{ subdomain: string }>();
   if (error) {

app/api/admin/tunnels/[id]/reassign/route.ts

@@ -45,20 +45,20 @@ export async function POST(
 
   const admin = getSupabaseAdmin();
 
-  // Reject if taken by a different tunnel.
+  // Reject if taken by a different tunnel (keyed by owner user_id).
   const { data: existing } = await admin
     .from('tunnels')
-    .select('id')
+    .select('user_id')
     .eq('subdomain', subdomain)
-    .maybeSingle<{ id: string }>();
-  if (existing && existing.id !== id) {
+    .maybeSingle<{ user_id: string }>();
+  if (existing && existing.user_id !== id) {
     return NextResponse.json({ error: 'subdomain taken' }, { status: 409 });
   }
 
   const { data, error } = await admin
     .from('tunnels')
     .update({ subdomain })
-    .eq('id', id)
+    .eq('user_id', id)
     .select('subdomain')
     .maybeSingle<{ subdomain: string }>();
   if (error) {

app/api/admin/tunnels/[id]/regenerate-token/route.ts

@@ -26,7 +26,7 @@ export async function POST(
   const { data, error } = await admin
     .from('tunnels')
     .update({ token })
-    .eq('id', id)
+    .eq('user_id', id)
     .select('subdomain, token')
     .maybeSingle<{ subdomain: string; token: string }>();
   if (error) {

app/api/admin/tunnels/[id]/reset-usage/route.ts

@@ -23,7 +23,7 @@ export async function POST(
   const { data, error } = await admin
     .from('tunnels')
     .update({ bytes_used: 0 })
-    .eq('id', id)
+    .eq('user_id', id)
     .select('subdomain')
     .maybeSingle<{ subdomain: string }>();
   if (error) {

app/api/admin/tunnels/[id]/route.ts

@@ -24,7 +24,7 @@ export async function DELETE(
   const { data, error } = await admin
     .from('tunnels')
     .delete()
-    .eq('id', id)
+    .eq('user_id', id)
     .select('subdomain')
     .maybeSingle<{ subdomain: string }>();
   if (error) {