@blamejs/blamejs-shop 0.1.8 → 0.1.10

package/lib/admin.js

@@ -226,6 +226,11 @@ function mount(router, deps) {
   var reviews       = deps.reviews       || null;   // moderation endpoints disabled when absent
   var returns       = deps.returns       || null;   // RMA moderation endpoints disabled when absent
 
+  // Which optional console sections are wired — gates their nav links so a
+  // signed-in admin is never sent to a route that wasn't mounted. Passed
+  // into every authed render call as `nav_available`.
+  var navAvailable = { returns: !!returns, reviews: !!reviews };
+
   try { _b().audit.registerNamespace(AUDIT_NAMESPACE); } catch (_e) { /* idempotent */ }
 
   var W = function (auditAction, h) {
@@ -277,7 +282,7 @@ function mount(router, deps) {
         if (e instanceof TypeError || e.code === "CATALOG_DUPLICATE" || /slug|exists|duplicate/i.test(e.message || "")) {
           var page = await catalog.products.list({ limit: 100 });
           return _sendHtml(res, 400, renderAdminProducts({
-            shop_name: deps.shop_name, products: page.rows || [],
+            shop_name: deps.shop_name, nav_available: navAvailable, products: page.rows || [],
             notice: (e && e.message) || "Couldn't create that product.",
           }));
         }
@@ -321,7 +326,7 @@ function mount(router, deps) {
       var url = req.url ? new URL(req.url, "http://localhost") : null;
       var created = !!(url && url.searchParams.get("created"));
       var page = await catalog.products.list({ limit: 100 });
-      _sendHtml(res, 200, renderAdminProducts({ shop_name: deps.shop_name, products: page.rows || [], created: created }));
+      _sendHtml(res, 200, renderAdminProducts({ shop_name: deps.shop_name, nav_available: navAvailable, products: page.rows || [], created: created }));
     },
   ));
 
@@ -622,7 +627,7 @@ function mount(router, deps) {
       }
       var list = await order.listRecent({ status: status || undefined, limit: 100 });
       _sendHtml(res, 200, renderAdminOrders({
-        shop_name: deps.shop_name, orders: list.rows || [],
+        shop_name: deps.shop_name, nav_available: navAvailable, orders: list.rows || [],
         status: status, notice: notice,
       }));
     },
@@ -640,11 +645,12 @@ function mount(router, deps) {
       try { o = await order.get(req.params.id); }
       catch (e) { if (!(e instanceof TypeError)) throw e; o = null; }
       if (!o) return _sendHtml(res, 404, renderAdminOrders({
-        shop_name: deps.shop_name, orders: [], notice: "Order not found.",
+        shop_name: deps.shop_name, nav_available: navAvailable, orders: [], notice: "Order not found.",
       }));
       var url = req.url ? new URL(req.url, "http://localhost") : null;
       _sendHtml(res, 200, renderAdminOrder({
         shop_name:   deps.shop_name,
+        nav_available: navAvailable,
         order:       o,
         transitions: order.transitionsFrom(o.status),
         // Refund moves money, so the console only offers it when a payment
@@ -755,15 +761,41 @@ function mount(router, deps) {
   // `pending`. Endpoints are omitted entirely when no reviews primitive
   // is wired.
   if (reviews) {
-    router.get("/admin/reviews", R(async function (req, res) {
-      var url = req.url ? new URL(req.url, "http://localhost") : null;
-      var status = (url && url.searchParams.get("status")) || "pending";
-      var cursor = url && url.searchParams.get("cursor");
-      var limitS = url && url.searchParams.get("limit");
-      var limit  = limitS == null ? undefined : parseInt(limitS, 10);
-      var page = await reviews.listByStatus(status, { cursor: cursor || undefined, limit: limit });
-      _json(res, 200, page);
-    }));
+    router.get("/admin/reviews", _pageOrApi(true,
+      R(async function (req, res) {
+        var url = req.url ? new URL(req.url, "http://localhost") : null;
+        var status = (url && url.searchParams.get("status")) || "pending";
+        var cursor = url && url.searchParams.get("cursor");
+        var limitS = url && url.searchParams.get("limit");
+        var limit  = limitS == null ? undefined : parseInt(limitS, 10);
+        var page = await reviews.listByStatus(status, { cursor: cursor || undefined, limit: limit });
+        _json(res, 200, page);
+      }),
+      async function (req, res) {
+        var url = req.url ? new URL(req.url, "http://localhost") : null;
+        var status = (url && url.searchParams.get("status")) || "pending";
+        var notice = null, rows = [];
+        // A bad ?status= raises a TypeError — fall back to pending.
+        try {
+          rows = (await reviews.listByStatus(status, { limit: 100 })).rows || [];
+        } catch (e) {
+          if (!(e instanceof TypeError)) throw e;
+          status = "pending"; notice = "Unknown status filter — showing pending reviews.";
+          rows = (await reviews.listByStatus("pending", { limit: 100 })).rows || [];
+        }
+        // A failed publish/reject redirects back with ?err=1 — surface it
+        // so a no-op (e.g. unknown id / missing reason) isn't mistaken for
+        // success, the way orders/returns do.
+        if (!notice && url && url.searchParams.get("err")) {
+          notice = "That action couldn't be completed for the review.";
+        }
+        _sendHtml(res, 200, renderAdminReviews({
+          shop_name: deps.shop_name, nav_available: navAvailable,
+          reviews: rows, status: status, notice: notice,
+          moved: url && url.searchParams.get("moved"),
+        }));
+      },
+    ));
 
     router.get("/admin/reviews/:id", R(async function (req, res) {
       var rev = await reviews.get(req.params.id);
@@ -771,30 +803,56 @@ function mount(router, deps) {
       _json(res, 200, rev);
     }));
 
-    router.post("/admin/reviews/:id/publish", W("review.publish", async function (req, res) {
-      var rev;
-      try {
-        rev = await reviews.publish(req.params.id);
-      } catch (e) {
-        if (e && e.code === "REVIEW_NOT_FOUND") return _problem(res, 404, "review-not-found");
-        throw e;
-      }
-      _json(res, 200, rev);
-      return rev;
-    }));
+    // Publish / reject content-negotiate: bearer → JSON (unchanged);
+    // browser form → moderate, then PRG back to the queue (a not-found id
+    // is a no-op notice, never a 500).
+    function _reviewModerate(jsonHandler, auditEvent, opFn) {
+      return _pageOrApi(false, jsonHandler, async function (req, res) {
+        var id = req.params.id;
+        try { await opFn(id, req.body || {}); }
+        catch (e) {
+          if (e instanceof TypeError || (e && e.code === "REVIEW_NOT_FOUND")) {
+            return _redirect(res, "/admin/reviews?err=1");
+          }
+          throw e;
+        }
+        _b().audit.safeEmit({ action: AUDIT_NAMESPACE + "." + auditEvent, outcome: "success", metadata: { id: id } });
+        _redirect(res, "/admin/reviews?moved=1");
+      });
+    }
 
-    router.post("/admin/reviews/:id/reject", W("review.reject", async function (req, res) {
-      var body = req.body || {};
-      var rev;
-      try {
-        rev = await reviews.reject(req.params.id, body.reason);
-      } catch (e) {
-        if (e && e.code === "REVIEW_NOT_FOUND") return _problem(res, 404, "review-not-found");
-        throw e;
-      }
-      _json(res, 200, rev);
-      return rev;
-    }));
+    router.post("/admin/reviews/:id/publish", _reviewModerate(
+      W("review.publish", async function (req, res) {
+        var rev;
+        try {
+          rev = await reviews.publish(req.params.id);
+        } catch (e) {
+          if (e && e.code === "REVIEW_NOT_FOUND") return _problem(res, 404, "review-not-found");
+          throw e;
+        }
+        _json(res, 200, rev);
+        return rev;
+      }),
+      "review.publish",
+      function (id) { return reviews.publish(id); },
+    ));
+
+    router.post("/admin/reviews/:id/reject", _reviewModerate(
+      W("review.reject", async function (req, res) {
+        var body = req.body || {};
+        var rev;
+        try {
+          rev = await reviews.reject(req.params.id, body.reason);
+        } catch (e) {
+          if (e && e.code === "REVIEW_NOT_FOUND") return _problem(res, 404, "review-not-found");
+          throw e;
+        }
+        _json(res, 200, rev);
+        return rev;
+      }),
+      "review.reject",
+      function (id, body) { return reviews.reject(id, body.reason || undefined); },
+    ));
   }
 
   // ---- returns (moderation) -------------------------------------------
@@ -819,94 +877,182 @@ function mount(router, deps) {
       return null;
     }
 
-    router.get("/admin/returns", R(async function (req, res) {
-      var url = req.url ? new URL(req.url, "http://localhost") : null;
-      var status = (url && url.searchParams.get("status")) || "pending";
-      var cursor = url && url.searchParams.get("cursor");
-      var limitS = url && url.searchParams.get("limit");
-      var limit  = limitS == null ? undefined : parseInt(limitS, 10);
-      var page = await returns.listByStatus(status, { cursor: cursor || undefined, limit: limit });
-      _json(res, 200, page);
-    }));
+    router.get("/admin/returns", _pageOrApi(true,
+      R(async function (req, res) {
+        var url = req.url ? new URL(req.url, "http://localhost") : null;
+        var status = (url && url.searchParams.get("status")) || "pending";
+        var cursor = url && url.searchParams.get("cursor");
+        var limitS = url && url.searchParams.get("limit");
+        var limit  = limitS == null ? undefined : parseInt(limitS, 10);
+        var page = await returns.listByStatus(status, { cursor: cursor || undefined, limit: limit });
+        _json(res, 200, page);
+      }),
+      async function (req, res) {
+        var url = req.url ? new URL(req.url, "http://localhost") : null;
+        var status = (url && url.searchParams.get("status")) || "pending";
+        var notice = null, rows = [];
+        // A bad ?status= (not one of the RMA states) raises a TypeError
+        // from listByStatus — fall back to pending with a notice rather
+        // than erroring the page.
+        try {
+          var page = await returns.listByStatus(status, { limit: 100 });
+          rows = page.rows || [];
+        } catch (e) {
+          if (!(e instanceof TypeError)) throw e;
+          status = "pending"; notice = "Unknown status filter — showing pending returns.";
+          rows = (await returns.listByStatus("pending", { limit: 100 })).rows || [];
+        }
+        _sendHtml(res, 200, renderAdminReturns({
+          shop_name: deps.shop_name, nav_available: navAvailable, returns: rows, status: status, notice: notice,
+        }));
+      },
+    ));
 
-    router.get("/admin/returns/:id", R(async function (req, res) {
-      var rma;
-      try {
-        rma = await returns.get(req.params.id);
-      } catch (e) {
-        // A non-UUID :id raises a guardUuid TypeError — surface it as a
-        // 404 (the route is a defensive request-shape reader, never a
-        // 500). Re-raise anything that isn't the bad-id shape so the
-        // wrapper's generic handling applies.
-        if (e instanceof TypeError) return _problem(res, 404, "return-not-found");
-        throw e;
-      }
-      if (!rma) return _problem(res, 404, "return-not-found");
-      _json(res, 200, rma);
-    }));
+    router.get("/admin/returns/:id", _pageOrApi(true,
+      R(async function (req, res) {
+        var rma;
+        try {
+          rma = await returns.get(req.params.id);
+        } catch (e) {
+          // A non-UUID :id raises a guardUuid TypeError — surface it as a
+          // 404 (the route is a defensive request-shape reader, never a
+          // 500). Re-raise anything that isn't the bad-id shape so the
+          // wrapper's generic handling applies.
+          if (e instanceof TypeError) return _problem(res, 404, "return-not-found");
+          throw e;
+        }
+        if (!rma) return _problem(res, 404, "return-not-found");
+        _json(res, 200, rma);
+      }),
+      async function (req, res) {
+        var rma;
+        try { rma = await returns.get(req.params.id); }
+        catch (e) { if (!(e instanceof TypeError)) throw e; rma = null; }
+        if (!rma) return _sendHtml(res, 404, renderAdminReturns({
+          shop_name: deps.shop_name, nav_available: navAvailable, returns: [], status: "pending", notice: "Return not found.",
+        }));
+        var url = req.url ? new URL(req.url, "http://localhost") : null;
+        _sendHtml(res, 200, renderAdminReturn({
+          shop_name:   deps.shop_name,
+          nav_available: navAvailable,
+          rma:         rma,
+          transitions: returns.transitionsFrom(rma.status),
+          moved:       url && url.searchParams.get("moved"),
+          notice:      url && url.searchParams.get("err") ? "That action couldn't be completed for this return." : null,
+        }));
+      },
+    ));
 
-    router.post("/admin/returns/:id/approve", W("return.approve", async function (req, res) {
-      var body = req.body || {};
-      var rma;
-      try {
-        rma = await returns.approve(req.params.id, {
-          refund_amount_minor: body.refund_amount_minor,
-          refund_currency:     body.refund_currency,
-          operator_notes:      body.operator_notes,
+    // The browser side of an RMA action: run `opFn(id, body)`, then PRG
+    // back to the detail. A bad id / shape (TypeError) or an FSM refusal /
+    // not-found (mapped by _returnsClientError) becomes a notice on the
+    // detail, never a 500; anything else propagates.
+    function _returnAction(jsonHandler, auditEvent, opFn) {
+      return _pageOrApi(false, jsonHandler, async function (req, res) {
+        var id = req.params.id;
+        try { await opFn(id, req.body || {}); }
+        catch (e) {
+          if (e instanceof TypeError || _returnsClientError(e)) {
+            return _redirect(res, "/admin/returns/" + encodeURIComponent(id) + "?err=1");
+          }
+          throw e;
+        }
+        _b().audit.safeEmit({ action: AUDIT_NAMESPACE + "." + auditEvent, outcome: "success", metadata: { id: id } });
+        _redirect(res, "/admin/returns/" + encodeURIComponent(id) + "?moved=1");
+      });
+    }
+
+    router.post("/admin/returns/:id/approve", _returnAction(
+      W("return.approve", async function (req, res) {
+        var body = req.body || {};
+        var rma;
+        try {
+          rma = await returns.approve(req.params.id, {
+            refund_amount_minor: body.refund_amount_minor,
+            refund_currency:     body.refund_currency,
+            operator_notes:      body.operator_notes,
+          });
+        } catch (e) {
+          var ce = _returnsClientError(e);
+          if (ce) return _problem(res, ce.status, ce.slug, e.message);
+          throw e;
+        }
+        _json(res, 200, rma);
+        return rma;
+      }),
+      "return.approve",
+      function (id, body) {
+        // Browser form fields arrive as strings. Convert ONLY a clean
+        // non-negative integer to a number; anything else (e.g. "4999usd",
+        // "1e3", "") passes through unchanged so returns.approve's
+        // _nonNegInt rejects it (→ notice via _returnAction) instead of
+        // parseInt silently truncating garbage onto a money field.
+        var raw = body.refund_amount_minor;
+        var amount = (typeof raw === "string" && /^\d+$/.test(raw.trim())) ? Number(raw.trim()) : raw;
+        return returns.approve(id, {
+          refund_amount_minor: amount,
+          refund_currency:     body.refund_currency || undefined,
+          operator_notes:      body.operator_notes || undefined,
         });
-      } catch (e) {
-        var ce = _returnsClientError(e);
-        if (ce) return _problem(res, ce.status, ce.slug, e.message);
-        throw e;
-      }
-      _json(res, 200, rma);
-      return rma;
-    }));
+      },
+    ));
 
-    router.post("/admin/returns/:id/received", W("return.received", async function (req, res) {
-      var body = req.body || {};
-      var rma;
-      try {
-        rma = await returns.markReceived(req.params.id, { operator_notes: body.operator_notes });
-      } catch (e) {
-        var ce = _returnsClientError(e);
-        if (ce) return _problem(res, ce.status, ce.slug, e.message);
-        throw e;
-      }
-      _json(res, 200, rma);
-      return rma;
-    }));
+    router.post("/admin/returns/:id/received", _returnAction(
+      W("return.received", async function (req, res) {
+        var body = req.body || {};
+        var rma;
+        try {
+          rma = await returns.markReceived(req.params.id, { operator_notes: body.operator_notes });
+        } catch (e) {
+          var ce = _returnsClientError(e);
+          if (ce) return _problem(res, ce.status, ce.slug, e.message);
+          throw e;
+        }
+        _json(res, 200, rma);
+        return rma;
+      }),
+      "return.received",
+      function (id, body) { return returns.markReceived(id, { operator_notes: body.operator_notes || undefined }); },
+    ));
 
-    router.post("/admin/returns/:id/refund", W("return.refund", async function (req, res) {
-      var body = req.body || {};
-      var rma;
-      try {
-        rma = await returns.refund(req.params.id, { operator_notes: body.operator_notes });
-      } catch (e) {
-        var ce = _returnsClientError(e);
-        if (ce) return _problem(res, ce.status, ce.slug, e.message);
-        throw e;
-      }
-      _json(res, 200, rma);
-      return rma;
-    }));
+    router.post("/admin/returns/:id/refund", _returnAction(
+      W("return.refund", async function (req, res) {
+        var body = req.body || {};
+        var rma;
+        try {
+          rma = await returns.refund(req.params.id, { operator_notes: body.operator_notes });
+        } catch (e) {
+          var ce = _returnsClientError(e);
+          if (ce) return _problem(res, ce.status, ce.slug, e.message);
+          throw e;
+        }
+        _json(res, 200, rma);
+        return rma;
+      }),
+      "return.refund",
+      function (id, body) { return returns.refund(id, { operator_notes: body.operator_notes || undefined }); },
+    ));
 
-    router.post("/admin/returns/:id/reject", W("return.reject", async function (req, res) {
-      var body = req.body || {};
-      var rma;
-      try {
-        rma = await returns.reject(req.params.id, {
-          rejected_reason: body.rejected_reason,
-          operator_notes:  body.operator_notes,
-        });
-      } catch (e) {
-        var ce = _returnsClientError(e);
-        if (ce) return _problem(res, ce.status, ce.slug, e.message);
-        throw e;
-      }
-      _json(res, 200, rma);
-      return rma;
-    }));
+    router.post("/admin/returns/:id/reject", _returnAction(
+      W("return.reject", async function (req, res) {
+        var body = req.body || {};
+        var rma;
+        try {
+          rma = await returns.reject(req.params.id, {
+            rejected_reason: body.rejected_reason,
+            operator_notes:  body.operator_notes,
+          });
+        } catch (e) {
+          var ce = _returnsClientError(e);
+          if (ce) return _problem(res, ce.status, ce.slug, e.message);
+          throw e;
+        }
+        _json(res, 200, rma);
+        return rma;
+      }),
+      "return.reject",
+      function (id, body) { return returns.reject(id, { rejected_reason: body.rejected_reason, operator_notes: body.operator_notes || undefined }); },
+    ));
   }
 
   // ---- config ---------------------------------------------------------
@@ -1073,6 +1219,7 @@ function mount(router, deps) {
         top_skus:   top,
         recent:     recent,
         shop_name:  (deps.shop_name || "blamejs.shop"),
+        nav_available: navAvailable,
       }));
     });
   }
@@ -1166,6 +1313,7 @@ function mount(router, deps) {
     _sendHtml(res, 200, renderAdminLanding({
       shop_name:      deps.shop_name,
       setup_complete: await _setupComplete(),
+      nav_available:  navAvailable,
     }));
   });
 
@@ -1202,6 +1350,7 @@ function mount(router, deps) {
     _sendHtml(res, 200, renderAdminIntegrations({
       shop_name: deps.shop_name,
       status:    deps.integrations || {},
+      nav_available: navAvailable,
     }));
   });
 
@@ -1217,7 +1366,7 @@ function mount(router, deps) {
         values.currency      = await config.get("shop.currency", "");
         values.support_url   = await config.get("shop.support_url", "");
       } catch (_e) { /* unconfigured — render an empty form */ }
-      _sendHtml(res, 200, renderAdminSetup({ shop_name: deps.shop_name, values: values, saved: saved }));
+      _sendHtml(res, 200, renderAdminSetup({ shop_name: deps.shop_name, values: values, saved: saved, nav_available: navAvailable }));
     });
 
     router.post("/admin/setup", async function (req, res) {
@@ -1244,7 +1393,7 @@ function mount(router, deps) {
         if (!u || (u.protocol !== "https:" && u.protocol !== "http:")) notice = "Support URL must be a valid http(s) URL.";
       }
       if (notice) {
-        return _sendHtml(res, 400, renderAdminSetup({ shop_name: deps.shop_name, values: values, notice: notice }));
+        return _sendHtml(res, 400, renderAdminSetup({ shop_name: deps.shop_name, values: values, notice: notice, nav_available: navAvailable }));
       }
       try {
         await config.put("shop.name", values.shop_name);
@@ -1254,7 +1403,7 @@ function mount(router, deps) {
         await config.put("setup.completed", true);
       } catch (e) {
         return _sendHtml(res, 500, renderAdminSetup({
-          shop_name: deps.shop_name, values: values,
+          shop_name: deps.shop_name, values: values, nav_available: navAvailable,
           notice: "Couldn't save — " + ((e && e.message) || "please try again."),
         }));
       }
@@ -1343,6 +1492,15 @@ var DASHBOARD_LAYOUT =
   "    .order-totals { width:100%; }\n" +
   "    .order-totals td { padding:.3rem 0; }\n" +
   "    .order-actions { display:flex; flex-wrap:wrap; gap:.6rem; }\n" +
+  "    .return-actions { display:grid; grid-template-columns:repeat(auto-fit,minmax(16rem,1fr)); gap:1.25rem; }\n" +
+  "    .return-action { border:1px solid var(--hair); border-radius:8px; padding:1rem; }\n" +
+  "    .return-action h4 { margin:0 0 .6rem; font-size:.9rem; }\n" +
+  "    .review-card { margin-bottom:1rem; }\n" +
+  "    .review-card__head { display:flex; flex-wrap:wrap; align-items:center; gap:.5rem; margin-bottom:.5rem; }\n" +
+  "    .review-card__body { margin:.25rem 0 .75rem; white-space:pre-wrap; }\n" +
+  "    .review-stars { color:#c9821f; letter-spacing:.1em; }\n" +
+  "    .review-reject { display:inline-flex; gap:.4rem; align-items:center; }\n" +
+  "    .review-reject input { padding:.45rem .6rem; border:1px solid var(--hair); border-radius:6px; font-size:.82rem; }\n" +
   "    .nav-cards { display:grid; grid-template-columns:repeat(auto-fit,minmax(14rem,1fr)); gap:1rem; }\n" +
   "    .nav-card { display:block; background:var(--paper); border:1px solid var(--hair); border-radius:8px; padding:1.4rem; text-decoration:none; color:var(--ink); }\n" +
   "    .nav-card:hover { border-color:var(--accent); box-shadow:0 8px 20px -12px rgba(0,0,0,.25); }\n" +
@@ -1501,6 +1659,7 @@ function renderDashboard(opts) {
     "Window: last 30 days (operator-tunable via ?since=&until=)",
     body,
     "dashboard",
+    opts.nav_available,
   );
 }
 
@@ -1514,30 +1673,41 @@ function _statCard(label, value, accent) {
 // Console nav — one entry per HTML console screen. `active` highlights
 // the current page; `null`/`false` (unauthenticated pages like the
 // sign-in form) renders no nav at all.
+// Items carrying `requires` map to an optional `deps.<key>` primitive —
+// their routes only mount when that dep is wired, so the nav link is shown
+// only when `available[key]` is truthy (otherwise it would point at an
+// unregistered route). Items without `requires` are always present.
 var ADMIN_NAV_ITEMS = [
   { key: "home",         href: "/admin",              label: "Home" },
   { key: "dashboard",    href: "/admin/dashboard",    label: "Dashboard" },
   { key: "products",     href: "/admin/products",     label: "Products" },
   { key: "orders",       href: "/admin/orders",       label: "Orders" },
+  { key: "returns",      href: "/admin/returns",      label: "Returns",      requires: "returns" },
+  { key: "reviews",      href: "/admin/reviews",      label: "Reviews",      requires: "reviews" },
   { key: "integrations", href: "/admin/integrations", label: "Integrations" },
   { key: "setup",        href: "/admin/setup",        label: "Setup" },
 ];
-function _adminNav(active) {
+// `available` is a map of optional-section key → truthy when wired. When
+// omitted (a render fn called without it), optional items are shown — the
+// route handlers always pass it, so a real deployment gates correctly.
+function _adminNav(active, available) {
   if (active === null || active === undefined || active === false) return "";
-  var links = ADMIN_NAV_ITEMS.map(function (it) {
+  var links = ADMIN_NAV_ITEMS.filter(function (it) {
+    return !it.requires || !available || available[it.requires];
+  }).map(function (it) {
     return "<a href=\"" + it.href + "\"" + (it.key === active ? " class=\"active\"" : "") + ">" +
       _htmlEscape(it.label) + "</a>";
   }).join("");
   return "<nav class=\"admin-nav\"><div class=\"admin-nav__inner\">" + links + "</div></nav>";
 }
 
-function _renderAdminShell(shopName, subtitle, bodyHtml, active) {
+function _renderAdminShell(shopName, subtitle, bodyHtml, active, available) {
   return _renderTemplate(DASHBOARD_LAYOUT, {
     shop_name:    shopName || "blamejs.shop",
     window_label: subtitle || "",
     nav:          "RAW_NAV",
     body:         "RAW_BODY",
-  }).replace("RAW_NAV", _adminNav(active)).replace("RAW_BODY", bodyHtml);
+  }).replace("RAW_NAV", _adminNav(active, available)).replace("RAW_BODY", bodyHtml);
 }
 
 function renderAdminLogin(opts) {
@@ -1574,7 +1744,7 @@ function renderAdminLanding(opts) {
       "</div>" +
       "<div class=\"actions-row\"><form method=\"post\" action=\"/admin/logout\"><button type=\"submit\" class=\"btn btn--ghost\">Sign out</button></form></div>" +
     "</section>";
-  return _renderAdminShell(opts.shop_name, "", body, "home");
+  return _renderAdminShell(opts.shop_name, "", body, "home", opts.nav_available);
 }
 
 function _setupField(label, name, value, type, hint, extra) {
@@ -1603,7 +1773,7 @@ function renderAdminSetup(opts) {
           "<a class=\"btn btn--ghost\" href=\"/admin\">Back</a></div>" +
       "</form>" +
     "</section>";
-  return _renderAdminShell(opts.shop_name, "Setup", body, "setup");
+  return _renderAdminShell(opts.shop_name, "Setup", body, "setup", opts.nav_available);
 }
 
 // Each integration is off until the operator supplies its credentials.
@@ -1655,7 +1825,7 @@ function renderAdminIntegrations(opts) {
       "<p class=\"meta\" style=\"margin-top:1.25rem;\">Sign in with Apple and PayPal are planned. “Sign in with Shop” / Shop Pay isn't available to a self-hosted store. See the README “Optional integrations” section for full setup steps.</p>" +
       "<div class=\"actions-row\"><a class=\"btn btn--ghost\" href=\"/admin\">Back</a></div>" +
     "</section>";
-  return _renderAdminShell(opts.shop_name, "Integrations", body, "integrations");
+  return _renderAdminShell(opts.shop_name, "Integrations", body, "integrations", opts.nav_available);
 }
 
 function renderAdminProducts(opts) {
@@ -1689,7 +1859,7 @@ function renderAdminProducts(opts) {
         "</form>" +
       "</div>" +
     "</section>";
-  return _renderAdminShell(opts.shop_name, "Products", body, "products");
+  return _renderAdminShell(opts.shop_name, "Products", body, "products", opts.nav_available);
 }
 
 // created_at / updated_at are epoch-ms numbers (order._now()); render a
@@ -1734,7 +1904,7 @@ function renderAdminOrders(opts) {
     : "<p class=\"empty\">No orders" + (active ? " with status “" + _htmlEscape(active) + "”" : " yet") + ".</p>";
 
   var body = "<section><h2>Orders</h2>" + notice + chips + table + "</section>";
-  return _renderAdminShell(opts.shop_name, "Orders", body, "orders");
+  return _renderAdminShell(opts.shop_name, "Orders", body, "orders", opts.nav_available);
 }
 
 function renderAdminOrder(opts) {
@@ -1814,7 +1984,198 @@ function renderAdminOrder(opts) {
         "<div class=\"order-actions\">" + actions + "</div>" +
       "</div>" +
     "</section>";
-  return _renderAdminShell(opts.shop_name, "Order " + o.id.slice(0, 8), body, "orders");
+  return _renderAdminShell(opts.shop_name, "Order " + o.id.slice(0, 8), body, "orders", opts.nav_available);
+}
+
+// The RMA states an operator can filter the returns queue by — drives the
+// filter chips, lifecycle order then terminal.
+var RETURN_STATUS_FILTERS = ["pending", "approved", "received", "refunded", "rejected"];
+
+// status → status-pill CSS class. The pill stylesheet has paid/fulfilling/
+// shipped/delivered (green), refunded, cancelled, pending — map the RMA
+// states onto the closest existing colour without new CSS.
+function _returnPillClass(status) {
+  if (status === "approved" || status === "received") return "shipped";  // in-progress green
+  if (status === "refunded") return "refunded";
+  if (status === "rejected") return "cancelled";
+  return "pending";
+}
+
+function renderAdminReturns(opts) {
+  opts = opts || {};
+  var rmas = opts.returns || [];
+  var notice = opts.notice ? "<div class=\"banner banner--warn\">" + _htmlEscape(opts.notice) + "</div>" : "";
+  var active = opts.status || "pending";
+
+  var chips = "<div class=\"order-filters\">" +
+    RETURN_STATUS_FILTERS.map(function (s) {
+      return "<a class=\"chip" + (active === s ? " chip--on" : "") + "\" href=\"/admin/returns?status=" + encodeURIComponent(s) + "\">" + _htmlEscape(s) + "</a>";
+    }).join("") +
+    "</div>";
+
+  var rows = rmas.map(function (r) {
+    var items = (r.lines || []).reduce(function (n, l) { return n + (l.qty || 0); }, 0);
+    var amount = r.refund_amount_minor != null ? pricing.format(r.refund_amount_minor, r.refund_currency || "USD") : "—";
+    return "<tr>" +
+      "<td><a class=\"order-id\" href=\"/admin/returns/" + _htmlEscape(r.id) + "\">" + _htmlEscape(r.rma_code || r.id.slice(0, 8)) + "</a></td>" +
+      "<td><span class=\"order-id\">" + _htmlEscape(String(r.order_id).slice(0, 8)) + "</span></td>" +
+      "<td>" + _htmlEscape(r.reason) + "</td>" +
+      "<td><span class=\"status-pill " + _returnPillClass(r.status) + "\">" + _htmlEscape(r.status) + "</span></td>" +
+      "<td class=\"num\">" + _htmlEscape(String(items)) + "</td>" +
+      "<td class=\"num\">" + _htmlEscape(amount) + "</td>" +
+      "<td>" + _htmlEscape(_fmtDate(r.created_at)) + "</td>" +
+      "</tr>";
+  }).join("");
+
+  var table = rmas.length
+    ? "<div class=\"panel\"><table><thead><tr><th>RMA</th><th>Order</th><th>Reason</th><th>Status</th><th class=\"num\">Items</th><th class=\"num\">Refund</th><th>Requested</th></tr></thead><tbody>" + rows + "</tbody></table></div>"
+    : "<p class=\"empty\">No “" + _htmlEscape(active) + "” returns.</p>";
+
+  var body = "<section><h2>Returns</h2>" + notice + chips + table + "</section>";
+  return _renderAdminShell(opts.shop_name, "Returns", body, "returns", opts.nav_available);
+}
+
+function renderAdminReturn(opts) {
+  opts = opts || {};
+  var r = opts.rma;
+  var transitions = opts.transitions || [];
+  var moved  = opts.moved  ? "<div class=\"banner banner--ok\">Return updated.</div>" : "";
+  var notice = opts.notice ? "<div class=\"banner banner--err\">" + _htmlEscape(opts.notice) + "</div>" : "";
+  var has = function (on) { return transitions.some(function (t) { return t.on === on; }); };
+
+  var lineRows = (r.lines || []).map(function (l) {
+    return "<tr><td>" + _htmlEscape(l.sku) + "</td><td class=\"num\">" + _htmlEscape(String(l.qty)) + "</td>" +
+      "<td>" + _htmlEscape(l.reason || "—") + "</td></tr>";
+  }).join("");
+  var linesTable = (r.lines && r.lines.length)
+    ? "<table><thead><tr><th>SKU</th><th class=\"num\">Qty</th><th>Reason</th></tr></thead><tbody>" + lineRows + "</tbody></table>"
+    : "<p class=\"empty\">No line items recorded.</p>";
+
+  function _field(label, value) {
+    return "<p><span class=\"meta\">" + _htmlEscape(label) + "</span><br>" + (value ? _htmlEscape(String(value)) : "<span class=\"meta\">—</span>") + "</p>";
+  }
+  var refundShown = r.refund_amount_minor != null ? pricing.format(r.refund_amount_minor, r.refund_currency || "USD") : null;
+
+  // Action forms keyed to the legal transitions. Approve + reject need
+  // input (refund amount / rejection reason); mark-received + refund are
+  // single-click. Each posts to its own endpoint and redirects (PRG).
+  var actionBlocks = [];
+  if (has("approve")) {
+    actionBlocks.push(
+      "<form method=\"post\" action=\"/admin/returns/" + _htmlEscape(r.id) + "/approve\" class=\"return-action\">" +
+        "<h4>Approve</h4>" +
+        _setupField("Refund amount (minor units)", "refund_amount_minor", "", "number", "e.g. 4999 for $49.99.", " min=\"0\" required") +
+        _setupField("Refund currency", "refund_currency", r.refund_currency || "USD", "text", "3-letter ISO 4217.", " maxlength=\"3\" style=\"text-transform:uppercase;max-width:8rem;\"") +
+        _setupField("Operator notes", "operator_notes", "", "text", "", " maxlength=\"500\"") +
+        "<button class=\"btn\" type=\"submit\">Approve return</button>" +
+      "</form>");
+  }
+  if (has("markReceived")) {
+    actionBlocks.push(
+      "<form method=\"post\" action=\"/admin/returns/" + _htmlEscape(r.id) + "/received\" class=\"return-action\">" +
+        "<h4>Mark received</h4><p class=\"meta\">Confirm the returned goods arrived.</p>" +
+        _setupField("Operator notes", "operator_notes", "", "text", "", " maxlength=\"500\"") +
+        "<button class=\"btn\" type=\"submit\">Mark received</button>" +
+      "</form>");
+  }
+  if (has("refund")) {
+    actionBlocks.push(
+      "<form method=\"post\" action=\"/admin/returns/" + _htmlEscape(r.id) + "/refund\" class=\"return-action\">" +
+        "<h4>Refund</h4><p class=\"meta\">Record the refund" + (refundShown ? " of " + _htmlEscape(refundShown) : "") + " for this return.</p>" +
+        _setupField("Operator notes", "operator_notes", "", "text", "", " maxlength=\"500\"") +
+        "<button class=\"btn\" type=\"submit\">Refund</button>" +
+      "</form>");
+  }
+  if (has("reject")) {
+    actionBlocks.push(
+      "<form method=\"post\" action=\"/admin/returns/" + _htmlEscape(r.id) + "/reject\" class=\"return-action\">" +
+        "<h4>Reject</h4>" +
+        _setupField("Reason for rejection", "rejected_reason", "", "text", "Shown to the customer.", " maxlength=\"500\" required") +
+        _setupField("Operator notes", "operator_notes", "", "text", "", " maxlength=\"500\"") +
+        "<button class=\"btn btn--danger\" type=\"submit\">Reject return</button>" +
+      "</form>");
+  }
+  var actions = actionBlocks.length
+    ? "<div class=\"return-actions\">" + actionBlocks.join("") + "</div>"
+    : "<span class=\"meta\">This return is in a final state — no further changes.</span>";
+
+  var body =
+    "<section style=\"max-width:48rem;\">" +
+      "<div class=\"actions-row\"><a class=\"btn btn--ghost\" href=\"/admin/returns\">&larr; Returns</a></div>" +
+      "<h2>Return <code class=\"order-id\">" + _htmlEscape(r.rma_code || r.id.slice(0, 8)) + "</code> " +
+        "<span class=\"status-pill " + _returnPillClass(r.status) + "\">" + _htmlEscape(r.status) + "</span></h2>" +
+      "<p class=\"meta\">Requested " + _htmlEscape(_fmtDate(r.created_at)) +
+        " · order <a class=\"order-id\" href=\"/admin/orders/" + _htmlEscape(r.order_id) + "\">" + _htmlEscape(String(r.order_id).slice(0, 8)) + "</a></p>" +
+      moved + notice +
+      "<div class=\"two-col\">" +
+        "<div class=\"panel\"><h3 style=\"font-size:.95rem; margin-bottom:.75rem;\">Items</h3>" + linesTable + "</div>" +
+        "<div class=\"panel\"><h3 style=\"font-size:.95rem; margin-bottom:.75rem;\">Details</h3>" +
+          _field("Reason", r.reason) +
+          _field("Customer detail", r.reason_detail) +
+          _field("Customer notes", r.customer_notes) +
+          (refundShown ? _field("Refund", refundShown) : "") +
+          (r.operator_notes ? _field("Operator notes", r.operator_notes) : "") +
+          (r.rejected_reason ? _field("Rejection reason", r.rejected_reason) : "") +
+        "</div>" +
+      "</div>" +
+      "<div class=\"panel\" style=\"margin-top:1.5rem;\"><h3 style=\"font-size:.95rem; margin-bottom:.75rem;\">Actions</h3>" +
+        actions +
+      "</div>" +
+    "</section>";
+  return _renderAdminShell(opts.shop_name, "Return " + (r.rma_code || r.id.slice(0, 8)), body, "returns", opts.nav_available);
+}
+
+// The review states an operator can filter the moderation queue by.
+var REVIEW_STATUS_FILTERS = ["pending", "published", "rejected"];
+
+function _stars(n) {
+  var r = Math.max(0, Math.min(5, parseInt(n, 10) || 0));
+  return "★★★★★".slice(0, r) + "☆☆☆☆☆".slice(0, 5 - r);
+}
+
+function renderAdminReviews(opts) {
+  opts = opts || {};
+  var list = opts.reviews || [];
+  var active = opts.status || "pending";
+  var moved  = opts.moved  ? "<div class=\"banner banner--ok\">Review updated.</div>" : "";
+  var notice = opts.notice ? "<div class=\"banner banner--warn\">" + _htmlEscape(opts.notice) + "</div>" : "";
+
+  var chips = "<div class=\"order-filters\">" +
+    REVIEW_STATUS_FILTERS.map(function (s) {
+      return "<a class=\"chip" + (active === s ? " chip--on" : "") + "\" href=\"/admin/reviews?status=" + encodeURIComponent(s) + "\">" + _htmlEscape(s) + "</a>";
+    }).join("") +
+    "</div>";
+
+  // Reviews are short, so the queue moderates inline — each card shows the
+  // rating, title, body, verified-purchase flag, and the actions that make
+  // sense from its current status (a rejected review can be published, a
+  // published one taken down, a pending one either way).
+  var cards = list.map(function (rv) {
+    var pub = "<form method=\"post\" action=\"/admin/reviews/" + _htmlEscape(rv.id) + "/publish\" style=\"display:inline;\">" +
+      "<button class=\"btn\" type=\"submit\">Publish</button></form>";
+    var rej = "<form method=\"post\" action=\"/admin/reviews/" + _htmlEscape(rv.id) + "/reject\" class=\"review-reject\">" +
+      "<input type=\"text\" name=\"reason\" placeholder=\"Reason (shown in the log)\" maxlength=\"300\" required>" +
+      "<button class=\"btn btn--danger\" type=\"submit\">Reject</button></form>";
+    var actions = rv.status === "published" ? rej
+      : rv.status === "rejected" ? pub
+      : pub + " " + rej;  // pending → either
+    return "<div class=\"panel review-card\">" +
+      "<div class=\"review-card__head\">" +
+        "<span class=\"review-stars\" title=\"" + _htmlEscape(String(rv.rating)) + " of 5\">" + _stars(rv.rating) + "</span> " +
+        "<strong>" + _htmlEscape(rv.title || "(no title)") + "</strong> " +
+        (rv.verified_purchase ? "<span class=\"status-pill paid\">Verified</span> " : "") +
+        "<span class=\"status-pill " + (rv.status === "published" ? "paid" : rv.status === "rejected" ? "cancelled" : "pending") + "\">" + _htmlEscape(rv.status) + "</span>" +
+      "</div>" +
+      "<p class=\"review-card__body\">" + _htmlEscape(rv.body || "") + "</p>" +
+      "<p class=\"meta\">Product <code class=\"order-id\">" + _htmlEscape(String(rv.product_id).slice(0, 8)) + "</code> · " + _htmlEscape(_fmtDate(rv.created_at)) +
+        (rv.rejected_reason ? " · rejected: " + _htmlEscape(rv.rejected_reason) : "") + "</p>" +
+      "<div class=\"order-actions\">" + actions + "</div>" +
+    "</div>";
+  }).join("");
+
+  var queue = list.length ? cards : "<p class=\"empty\">No “" + _htmlEscape(active) + "” reviews.</p>";
+  var body = "<section><h2>Reviews</h2>" + moved + notice + chips + queue + "</section>";
+  return _renderAdminShell(opts.shop_name, "Reviews", body, "reviews", opts.nav_available);
 }
 
 module.exports = {
@@ -1828,4 +2189,7 @@ module.exports = {
   renderAdminProducts:     renderAdminProducts,
   renderAdminOrders:       renderAdminOrders,
   renderAdminOrder:        renderAdminOrder,
+  renderAdminReturns:      renderAdminReturns,
+  renderAdminReturn:       renderAdminReturn,
+  renderAdminReviews:      renderAdminReviews,
 };