LinumIQ/linumiq_net-web_app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(admin): comprehensive admin interface (users, tunnels, metrics, audit, reserved subdomains)

Browse Source 
Adds an authenticated admin surface gated by auth.users.app_metadata.role==='admin'.

- lib/auth/admin-guard.ts: requireAdmin() (pages) + requireAdminApi() (routes)
- middleware.ts: defense-in-depth /admin and /api/admin guarding
- API: users (list/detail/role/ban/delete), tunnels (list + active/quota/reset/reassign/regenerate-token/delete), metrics, audit log, reserved subdomains
- Self-lockout prevention (no self demote/ban/delete)
- Best-effort Redis kill-switch via dependency-free net-socket client (REDIS_URL)
- admin_audit_log + reserved_subdomains migration (RLS on, service-role only)
- Admin UI (overview, users, tunnels, reserved, audit) + conditional nav link
This commit is contained in:
Gerhard Scheikl
2026-05-31 10:58:23 +02:00
parent aad01f1fc5
commit fb4880a1d9
36 changed files with 2936 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/admin/page.tsx
+117
View File
@@ -0,0 +1,117 @@
import Link from 'next/link';
import { computeMetrics } from '@/lib/admin/metrics';
import { getSupabaseAdmin } from '@/lib/supabase/admin';
import { formatBytes, formatDate } from '@/lib/format';
export const dynamic = 'force-dynamic';
type OverQuotaRow = {
id: string;
subdomain: string;
bytes_used: number;
quota_bytes: number;
};
export default async function AdminOverviewPage() {
const metrics = await computeMetrics();
const admin = getSupabaseAdmin();
// Recent signups (latest 5 users).
const { data: recentUsersData } = await admin.auth.admin.listUsers({
page: 1,
perPage: 5,
});
const recentUsers = recentUsersData?.users ?? [];
// Over-quota tunnels (compute in memory).
const { data: tunnelsData } = await admin
.from('tunnels')
.select('id, subdomain, bytes_used, quota_bytes');
const overQuota = ((tunnelsData ?? []) as OverQuotaRow[])
.filter((t) => t.quota_bytes > 0 && t.bytes_used >= t.quota_bytes)
.slice(0, 5);
const kpis: { label: string; value: string }[] = [
{ label: 'Total users', value: String(metrics.totalUsers) },
{ label: 'Total tunnels', value: String(metrics.totalTunnels) },
{ label: 'Active tunnels', value: String(metrics.activeTunnels) },
{ label: 'Inactive tunnels', value: String(metrics.inactiveTunnels) },
{ label: 'Over quota', value: String(metrics.overQuota) },
{ label: 'Active last 24h', value: String(metrics.recentlyActive) },
{ label: 'Signups (7d)', value: String(metrics.signups7d) },
{ label: 'Signups (30d)', value: String(metrics.signups30d) },
{ label: 'Bandwidth used', value: formatBytes(metrics.bytesUsedTotal) },
{ label: 'Total quota', value: formatBytes(metrics.quotaTotal) },
];
return (
<div>
<h1>Overview</h1>
<div className="kpi-grid">
{kpis.map((k) => (
<div className="kpi-card" key={k.label}>
<div className="kpi-value">{k.value}</div>
<div className="kpi-label">{k.label}</div>
</div>
))}
</div>
<div className="admin-cols">
<div className="card">
<h2>Recent signups</h2>
{recentUsers.length === 0 ? (
<p className="muted">No users yet.</p>
) : (
<table className="admin-table">
<thead>
<tr>
<th>Email</th>
<th>Joined</th>
</tr>
</thead>
<tbody>
{recentUsers.map((u) => (
<tr key={u.id}>
<td>
<Link href={`/admin/users/${u.id}`}>
{u.email ?? u.id}
</Link>
</td>
<td>{formatDate(u.created_at)}</td>
</tr>
))}
</tbody>
</table>
)}
</div>
<div className="card">
<h2>Over-quota tunnels</h2>
{overQuota.length === 0 ? (
<p className="muted">None over quota.</p>
) : (
<table className="admin-table">
<thead>
<tr>
<th>Subdomain</th>
<th>Usage</th>
</tr>
</thead>
<tbody>
{overQuota.map((t) => (
<tr key={t.id}>
<td>{t.subdomain}</td>
<td>
{formatBytes(t.bytes_used)} / {formatBytes(t.quota_bytes)}
</td>
</tr>
))}
</tbody>
</table>
)}
</div>
</div>
</div>
);
}