vantzs/corrosion-admin-panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 18 Wiki Activity

feat: Phase 1c — Platform Admin Dashboard

Browse Source 
Full super-admin dashboard for SaaS platform management:

Backend (10 files):
- Migration 003: Add is_super_admin column to users table
- JWT Claims: Carry is_super_admin through access tokens
- SuperAdmin extractor: Axum FromRequestParts that rejects non-admins (403)
- Admin API module: 10 endpoints behind /api/admin/*
  - GET /stats (KPIs: licenses, users, MRR, servers, signups)
  - GET/POST /licenses (paginated, filterable, manual generation)
  - GET/PATCH /licenses/:id (detail view, revoke/activate)
  - GET /subscriptions (module sub list with MRR breakdown)
  - GET/PATCH /users (paginated, toggle admin, disable accounts)
  - GET /servers (fleet overview across all licenses)
  - GET /health (DB pool, NATS status, table row counts)
- Bootstrap updated: first user gets is_super_admin = true

Frontend (8 files):
- 5 admin views in src/views/platform-admin/
- DashboardLayout: "Platform" nav section (gated on isSuperAdmin)
- Router: /admin/* routes with superAdmin meta guard
- Auth store: isSuperAdmin computed property
- Types: is_super_admin on User interface

Build: 80 chunks, zero TS errors, clean production build.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Vantz Stockwell
2026-02-15 02:07:38 -05:00
parent 0ac1738c85
commit 88b50a30b4
16 changed files with 711 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
backend/src/middleware/auth.rs
View File

@@ -15,6 +15,7 @@ pub struct AuthUser {
pub email: String,
pub license_id: Option<Uuid>,
pub role: Option<String>,
pub is_super_admin: bool,
}
impl FromRequestParts<Arc<AppState>> for AuthUser {
@@ -49,6 +50,35 @@ impl FromRequestParts<Arc<AppState>> for AuthUser {
email: claims.email,
license_id: claims.license_id,
role: claims.role,
is_super_admin: claims.is_super_admin,
})
}
}
/// Extractor that requires super-admin privileges.
/// Use this on all /api/admin/* handlers.
#[derive(Debug, Clone)]
pub struct SuperAdmin {
pub user_id: Uuid,
pub email: String,
}
impl FromRequestParts<Arc<AppState>> for SuperAdmin {
type Rejection = http::StatusCode;
async fn from_request_parts(
parts: &mut Parts,
state: &Arc<AppState>,
) -> Result<Self, Self::Rejection> {
let auth = AuthUser::from_request_parts(parts, state).await?;
if !auth.is_super_admin {
return Err(http::StatusCode::FORBIDDEN);
}
Ok(SuperAdmin {
user_id: auth.user_id,
email: auth.email,
})
}
}