88b50a30b4
Full super-admin dashboard for SaaS platform management: Backend (10 files): - Migration 003: Add is_super_admin column to users table - JWT Claims: Carry is_super_admin through access tokens - SuperAdmin extractor: Axum FromRequestParts that rejects non-admins (403) - Admin API module: 10 endpoints behind /api/admin/* - GET /stats (KPIs: licenses, users, MRR, servers, signups) - GET/POST /licenses (paginated, filterable, manual generation) - GET/PATCH /licenses/:id (detail view, revoke/activate) - GET /subscriptions (module sub list with MRR breakdown) - GET/PATCH /users (paginated, toggle admin, disable accounts) - GET /servers (fleet overview across all licenses) - GET /health (DB pool, NATS status, table row counts) - Bootstrap updated: first user gets is_super_admin = true Frontend (8 files): - 5 admin views in src/views/platform-admin/ - DashboardLayout: "Platform" nav section (gated on isSuperAdmin) - Router: /admin/* routes with superAdmin meta guard - Auth store: isSuperAdmin computed property - Types: is_super_admin on User interface Build: 80 chunks, zero TS errors, clean production build. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
77 lines
1.8 KiB
Rust
77 lines
1.8 KiB
Rust
use chrono::{DateTime, Utc};
|
|
use serde::{Deserialize, Serialize};
|
|
use uuid::Uuid;
|
|
|
|
/// User record from the database
|
|
#[derive(Debug, Clone, sqlx::FromRow, Serialize)]
|
|
pub struct User {
|
|
pub id: Uuid,
|
|
pub email: String,
|
|
pub username: String,
|
|
#[serde(skip_serializing)]
|
|
pub password_hash: String,
|
|
#[serde(skip_serializing)]
|
|
pub totp_secret: Option<String>,
|
|
pub totp_enabled: bool,
|
|
#[serde(skip_serializing)]
|
|
pub backup_codes: Option<Vec<String>>,
|
|
pub email_verified: bool,
|
|
pub created_at: DateTime<Utc>,
|
|
pub last_login_at: Option<DateTime<Utc>>,
|
|
}
|
|
|
|
/// JWT claims
|
|
#[derive(Debug, Serialize, Deserialize)]
|
|
pub struct Claims {
|
|
pub sub: Uuid, // user_id
|
|
pub email: String,
|
|
pub license_id: Option<Uuid>,
|
|
pub role: Option<String>,
|
|
pub is_super_admin: bool,
|
|
pub exp: i64,
|
|
pub iat: i64,
|
|
pub token_type: String, // "access" or "refresh"
|
|
}
|
|
|
|
/// Login request
|
|
#[derive(Debug, Deserialize)]
|
|
pub struct LoginRequest {
|
|
pub email: String,
|
|
pub password: String,
|
|
}
|
|
|
|
/// Login response
|
|
#[derive(Debug, Serialize)]
|
|
pub struct AuthResponse {
|
|
pub access_token: String,
|
|
pub refresh_token: String,
|
|
pub requires_totp: bool,
|
|
pub user: UserPublic,
|
|
}
|
|
|
|
/// Public user info (no sensitive fields)
|
|
#[derive(Debug, Serialize)]
|
|
pub struct UserPublic {
|
|
pub id: Uuid,
|
|
pub email: String,
|
|
pub username: String,
|
|
pub totp_enabled: bool,
|
|
pub email_verified: bool,
|
|
pub is_super_admin: bool,
|
|
}
|
|
|
|
/// Registration request
|
|
#[derive(Debug, Deserialize)]
|
|
pub struct RegisterRequest {
|
|
pub email: String,
|
|
pub username: String,
|
|
pub password: String,
|
|
pub license_key: String,
|
|
}
|
|
|
|
/// TOTP verification request
|
|
#[derive(Debug, Deserialize)]
|
|
pub struct TotpRequest {
|
|
pub code: String,
|
|
}
|