feat(admin): live redis kill-switch on tunnel actions, sortable columns + CSV export + bulk actions, Node 24 LTS

WS1: pin all Docker stages to node:24.16.0-alpine; add engines node>=20. WS2: lib/redis.ts gains TTL-backed redisSet, redisDel, setTunnelActive (writes tunnel:active:<sub>=1/0 EX 30, TUNNEL_ACTIVE_TTL override, no-op without REDIS_URL); wired into tunnel active/delete/reassign routes. WS3: sortable columns, CSV export routes (token excluded), and bulk actions (self-account guard) across users/tunnels/audit admin tables.
2026-05-31 14:46:22 +02:00
parent 1adb6e7b3f
commit d317e8c758
22 changed files with 1296 additions and 173 deletions
@@ -1,5 +1,15 @@
 import type { User } from '@supabase/supabase-js';
 import { getSupabaseAdmin } from '@/lib/supabase/admin';
+import {
+  parseOrder,
+  parseSort,
+  USER_SORTS,
+  TUNNEL_SORTS,
+  AUDIT_SORTS,
+  type SortOrder,
+  type UserSort,
+  type TunnelSort,
+} from '@/lib/admin/sort';

 /**
 * Shared admin list-query logic, used by BOTH the JSON route handlers and the
@@ -66,23 +76,56 @@ type TunnelRow = TunnelJoinRow & {
 const USER_SCAN_MAX_PAGES = 50;
 const USER_SCAN_PER_PAGE = 1000;

+function userSortValue(u: User, sort: UserSort): string | number {
+  switch (sort) {
+    case 'email':
+      return (u.email ?? '').toLowerCase();
+    case 'role':
+      return ((u.app_metadata?.role as string | undefined) ?? 'user').toLowerCase();
+    case 'last_sign_in_at':
+      return u.last_sign_in_at ? Date.parse(u.last_sign_in_at) : 0;
+    case 'created_at':
+    default:
+      return u.created_at ? Date.parse(u.created_at) : 0;
+  }
+}
+
+function sortUsers(arr: User[], sort: UserSort, order: SortOrder): void {
+  const dir = order === 'asc' ? 1 : -1;
+  arr.sort((a, b) => {
+    const av = userSortValue(a, sort);
+    const bv = userSortValue(b, sort);
+    if (av < bv) return -1 * dir;
+    if (av > bv) return 1 * dir;
+    return 0;
+  });
+}
+
 export async function getUsersList(opts: {
  page: number;
  perPage: number;
  search: string;
+  sort?: string | null;
+  order?: string | null;
 }): Promise<{ users: AdminUserItem[]; total: number }> {
  const { page, perPage } = opts;
  const search = opts.search.trim().toLowerCase();
+  const sort = parseSort(opts.sort, USER_SORTS, 'created_at');
+  const order = parseOrder(opts.order, 'desc');
  const admin = getSupabaseAdmin();

  let pageUsers: User[];
  let total: number;

-  if (search) {
-    // Search must match across ALL users, not just the current listUsers page.
+  // A non-default sort must order across ALL users (not just one listUsers
+  // page), so it shares the search path's full directory scan.
+  const isDefaultSort = sort === 'created_at' && order === 'desc';
+  const needScan = !!search || !isDefaultSort;
+
+  if (needScan) {
    // Page through the user directory (bounded by USER_SCAN_MAX_PAGES),
-    // accumulate case-insensitive email substring matches, then paginate the
-    // filtered set.
+    // accumulate case-insensitive email substring matches, sort, then
+    // paginate the filtered+sorted set.
    const matched: User[] = [];
    for (let p = 1; p <= USER_SCAN_MAX_PAGES; p++) {
      const { data, error } = await admin.auth.admin.listUsers({
@@ -93,15 +136,18 @@ export async function getUsersList(opts: {
      const us = data.users;
      if (us.length === 0) break;
      for (const u of us) {
-        if ((u.email ?? '').toLowerCase().includes(search)) matched.push(u);
+        if (!search || (u.email ?? '').toLowerCase().includes(search)) {
+          matched.push(u);
+        }
      }
      if (us.length < USER_SCAN_PER_PAGE) break;
    }
+    sortUsers(matched, sort, order);
    total = matched.length;
    const from = (page - 1) * perPage;
    pageUsers = matched.slice(from, from + perPage);
  } else {
-    // Common no-search path: cheap single-page lookup (unchanged behavior).
+    // Common no-search, default-sort path: cheap single-page lookup.
    const { data, error } = await admin.auth.admin.listUsers({ page, perPage });
    if (error) throw new Error(error.message);
    pageUsers = data.users;
@@ -146,14 +192,54 @@ export async function getUsersList(opts: {
  return { users, total };
 }

+function tunnelSortValue(t: TunnelRow, sort: TunnelSort): string | number {
+  switch (sort) {
+    case 'subdomain':
+      return t.subdomain.toLowerCase();
+    case 'bytes_used':
+      return t.bytes_used;
+    case 'quota_bytes':
+      return t.quota_bytes;
+    case 'is_active':
+      return t.is_active ? 1 : 0;
+    case 'last_seen_at':
+      return t.last_seen_at ? Date.parse(t.last_seen_at) : 0;
+    case 'usage_pct':
+      return t.quota_bytes > 0 ? t.bytes_used / t.quota_bytes : 0;
+    case 'created_at':
+    default:
+      return t.created_at ? Date.parse(t.created_at) : 0;
+  }
+}
+
+function sortTunnelRows(
+  arr: TunnelRow[],
+  sort: TunnelSort,
+  ascending: boolean,
+): void {
+  const dir = ascending ? 1 : -1;
+  arr.sort((a, b) => {
+    const av = tunnelSortValue(a, sort);
+    const bv = tunnelSortValue(b, sort);
+    if (av < bv) return -1 * dir;
+    if (av > bv) return 1 * dir;
+    return 0;
+  });
+}
+
 export async function getTunnelsList(opts: {
  page: number;
  perPage: number;
  search: string;
  status: string | null;
+  sort?: string | null;
+  order?: string | null;
 }): Promise<{ tunnels: TunnelItem[]; total: number }> {
  const { page, perPage, status } = opts;
  const search = opts.search.trim().toLowerCase();
+  const sort = parseSort(opts.sort, TUNNEL_SORTS, 'created_at');
+  const order = parseOrder(opts.order, 'desc');
+  const ascending = order === 'asc';
  const admin = getSupabaseAdmin();

  // The tunnels table's primary key is user_id (one tunnel per user); there is
@@ -171,11 +257,12 @@ export async function getTunnelsList(opts: {
    // so fetch matching rows and paginate in memory.
    let q = admin.from('tunnels').select(cols);
    if (search) q = q.ilike('subdomain', `%${search}%`);
-    const { data, error } = await q.order('created_at', { ascending: false });
+    const { data, error } = await q;
    if (error) throw new Error(error.message);
    const all = ((data ?? []) as TunnelRow[]).filter(
      (t) => t.quota_bytes > 0 && t.bytes_used >= t.quota_bytes,
    );
+    sortTunnelRows(all, sort, ascending);
    total = all.length;
    rows = all.slice(from, from + perPage);
  } else {
@@ -183,7 +270,9 @@ export async function getTunnelsList(opts: {
    if (search) query = query.ilike('subdomain', `%${search}%`);
    if (status === 'active') query = query.eq('is_active', true);
    else if (status === 'inactive') query = query.eq('is_active', false);
-    query = query.order('created_at', { ascending: false }).range(from, to);
+    // usage_pct is computed; order by bytes_used as its closest DB proxy.
+    const dbCol = sort === 'usage_pct' ? 'bytes_used' : sort;
+    query = query.order(dbCol, { ascending }).range(from, to);

    const { data, error, count } = await query;
    if (error) throw new Error(error.message);
@@ -226,10 +315,14 @@ export async function getAuditList(opts: {
  perPage: number;
  action: string;
  targetType: string;
+  sort?: string | null;
+  order?: string | null;
 }): Promise<{ entries: AuditItem[]; total: number }> {
  const { page, perPage } = opts;
  const action = opts.action.trim();
  const targetType = opts.targetType.trim();
+  const sort = parseSort(opts.sort, AUDIT_SORTS, 'created_at');
+  const ascending = parseOrder(opts.order, 'desc') === 'asc';
  const admin = getSupabaseAdmin();

  let query = admin
@@ -243,7 +336,7 @@ export async function getAuditList(opts: {

  const from = (page - 1) * perPage;
  const to = from + perPage - 1;
-  query = query.order('created_at', { ascending: false }).range(from, to);
+  query = query.order(sort, { ascending }).range(from, to);

  const { data, error, count } = await query;
  if (error) throw new Error(error.message);