feat(admin): comprehensive admin interface (users, tunnels, metrics, audit, reserved subdomains)
Adds an authenticated admin surface gated by auth.users.app_metadata.role==='admin'. - lib/auth/admin-guard.ts: requireAdmin() (pages) + requireAdminApi() (routes) - middleware.ts: defense-in-depth /admin and /api/admin guarding - API: users (list/detail/role/ban/delete), tunnels (list + active/quota/reset/reassign/regenerate-token/delete), metrics, audit log, reserved subdomains - Self-lockout prevention (no self demote/ban/delete) - Best-effort Redis kill-switch via dependency-free net-socket client (REDIS_URL) - admin_audit_log + reserved_subdomains migration (RLS on, service-role only) - Admin UI (overview, users, tunnels, reserved, audit) + conditional nav link
This commit is contained in:
Gerhard Scheikl
+200
@@ -165,3 +165,203 @@ button.secondary,
|
||||
gap: 0.5rem;
|
||||
align-items: center;
|
||||
}
|
||||
|
||||
/* ----------------------------------------------------------------------- */
|
||||
/* Admin interface */
|
||||
/* ----------------------------------------------------------------------- */
|
||||
|
||||
.admin-shell {
|
||||
display: flex;
|
||||
min-height: calc(100vh - 65px);
|
||||
align-items: stretch;
|
||||
}
|
||||
|
||||
.admin-sidebar {
|
||||
width: 220px;
|
||||
flex: 0 0 220px;
|
||||
border-right: 1px solid var(--border);
|
||||
padding: 1.5rem 1rem;
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
gap: 1rem;
|
||||
}
|
||||
|
||||
.admin-brand {
|
||||
font-weight: 700;
|
||||
font-size: 1.1rem;
|
||||
letter-spacing: 0.02em;
|
||||
}
|
||||
|
||||
.admin-nav {
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
gap: 0.25rem;
|
||||
}
|
||||
|
||||
.admin-nav-link {
|
||||
display: block;
|
||||
padding: 0.5rem 0.75rem;
|
||||
border-radius: 6px;
|
||||
color: var(--fg);
|
||||
}
|
||||
.admin-nav-link:hover {
|
||||
background: var(--card);
|
||||
text-decoration: none;
|
||||
}
|
||||
.admin-nav-link.active {
|
||||
background: var(--accent);
|
||||
color: var(--accent-fg);
|
||||
}
|
||||
|
||||
.admin-sidebar-footer {
|
||||
margin-top: auto;
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
gap: 0.5rem;
|
||||
border-top: 1px solid var(--border);
|
||||
padding-top: 1rem;
|
||||
}
|
||||
.admin-back {
|
||||
font-size: 0.875rem;
|
||||
}
|
||||
|
||||
.admin-content {
|
||||
flex: 1 1 auto;
|
||||
padding: 2rem;
|
||||
min-width: 0;
|
||||
}
|
||||
|
||||
.admin-cols {
|
||||
display: grid;
|
||||
grid-template-columns: 1fr 1fr;
|
||||
gap: 1rem;
|
||||
}
|
||||
@media (max-width: 800px) {
|
||||
.admin-shell {
|
||||
flex-direction: column;
|
||||
}
|
||||
.admin-sidebar {
|
||||
width: auto;
|
||||
flex: none;
|
||||
border-right: none;
|
||||
border-bottom: 1px solid var(--border);
|
||||
}
|
||||
.admin-sidebar-footer {
|
||||
margin-top: 0;
|
||||
}
|
||||
.admin-cols {
|
||||
grid-template-columns: 1fr;
|
||||
}
|
||||
.admin-content {
|
||||
padding: 1.25rem;
|
||||
}
|
||||
}
|
||||
|
||||
/* KPI cards */
|
||||
.kpi-grid {
|
||||
display: grid;
|
||||
grid-template-columns: repeat(auto-fill, minmax(150px, 1fr));
|
||||
gap: 0.75rem;
|
||||
margin: 1rem 0 1.5rem;
|
||||
}
|
||||
.kpi-card {
|
||||
background: var(--card);
|
||||
border: 1px solid var(--border);
|
||||
border-radius: 8px;
|
||||
padding: 1rem;
|
||||
}
|
||||
.kpi-value {
|
||||
font-size: 1.5rem;
|
||||
font-weight: 700;
|
||||
}
|
||||
.kpi-label {
|
||||
color: var(--muted);
|
||||
font-size: 0.8rem;
|
||||
margin-top: 0.25rem;
|
||||
}
|
||||
|
||||
/* Tables */
|
||||
.admin-table-wrap {
|
||||
overflow-x: auto;
|
||||
border: 1px solid var(--border);
|
||||
border-radius: 8px;
|
||||
}
|
||||
.admin-table {
|
||||
width: 100%;
|
||||
border-collapse: collapse;
|
||||
font-size: 0.875rem;
|
||||
}
|
||||
.admin-table th,
|
||||
.admin-table td {
|
||||
text-align: left;
|
||||
padding: 0.6rem 0.75rem;
|
||||
border-bottom: 1px solid var(--border);
|
||||
vertical-align: top;
|
||||
}
|
||||
.admin-table th {
|
||||
color: var(--muted);
|
||||
font-weight: 600;
|
||||
background: var(--card);
|
||||
white-space: nowrap;
|
||||
}
|
||||
.admin-table tr:last-child td {
|
||||
border-bottom: none;
|
||||
}
|
||||
.admin-table tbody tr:hover {
|
||||
background: rgba(255, 255, 255, 0.02);
|
||||
}
|
||||
.admin-table code {
|
||||
font-family: ui-monospace, SFMono-Regular, Menlo, monospace;
|
||||
font-size: 0.8rem;
|
||||
word-break: break-all;
|
||||
}
|
||||
|
||||
/* Badges */
|
||||
.badge {
|
||||
display: inline-block;
|
||||
padding: 0.15rem 0.5rem;
|
||||
border-radius: 999px;
|
||||
font-size: 0.75rem;
|
||||
border: 1px solid var(--border);
|
||||
background: var(--bg);
|
||||
color: var(--muted);
|
||||
white-space: nowrap;
|
||||
}
|
||||
.badge-admin {
|
||||
background: rgba(59, 130, 246, 0.15);
|
||||
border-color: var(--accent);
|
||||
color: #93c5fd;
|
||||
}
|
||||
.badge-banned {
|
||||
background: rgba(239, 68, 68, 0.15);
|
||||
border-color: var(--danger);
|
||||
color: #fca5a5;
|
||||
}
|
||||
.badge-ok {
|
||||
background: rgba(34, 197, 94, 0.15);
|
||||
border-color: var(--success);
|
||||
color: #86efac;
|
||||
}
|
||||
|
||||
/* Button variants */
|
||||
.btn-sm {
|
||||
padding: 0.35rem 0.6rem;
|
||||
font-size: 0.8rem;
|
||||
}
|
||||
.btn-danger {
|
||||
background: var(--danger);
|
||||
border-color: var(--danger);
|
||||
color: #fff;
|
||||
}
|
||||
.btn-danger:hover {
|
||||
opacity: 0.9;
|
||||
}
|
||||
button:disabled,
|
||||
.btn:disabled {
|
||||
opacity: 0.5;
|
||||
cursor: not-allowed;
|
||||
}
|
||||
|
||||
select {
|
||||
font-size: 1rem;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user