@goscribe/server 1.2.0 → 1.3.1

package/src/routers/admin.ts

@@ -0,0 +1,710 @@
+import { z } from 'zod';
+import { router, adminProcedure } from '../trpc.js';
+import { logger } from '../lib/logger.js';
+import { stripe } from '../lib/stripe.js';
+import { ActivityLogCategory, ActivityLogStatus, ArtifactType, InvoiceType } from '@prisma/client';
+import {
+    buildActivityLogWhere,
+    deleteActivityLogsOlderThan,
+    getActivityRetentionDays,
+} from '../lib/activity_log_service.js';
+import { getActivityHumanDescription } from '../lib/activity_human_description.js';
+
+function csvEscapeCell(value: string | number | null | undefined): string {
+    if (value === null || value === undefined) return '';
+    const s = String(value);
+    if (/[",\n\r]/.test(s)) return `"${s.replace(/"/g, '""')}"`;
+    return s;
+}
+
+const activityLogFiltersInput = z.object({
+    from: z.coerce.date().optional(),
+    to: z.coerce.date().optional(),
+    actorUserId: z.string().optional(),
+    workspaceId: z.string().optional(),
+    category: z.nativeEnum(ActivityLogCategory).optional(),
+    status: z.nativeEnum(ActivityLogStatus).optional(),
+    search: z.string().max(200).optional(),
+});
+
+const activityListInput = activityLogFiltersInput.extend({
+    page: z.number().int().min(1).default(1),
+    limit: z.number().min(1).max(100).default(20),
+});
+
+const listUsersInput = z.object({
+    page: z.number().int().min(1).default(1),
+    pageSize: z.number().int().min(1).max(100).default(10),
+    /** Trims; matches name, email, or id (substring). */
+    search: z.string().max(200).optional(),
+    emailVerified: z.enum(['all', 'yes', 'no']).default('all'),
+    /** Filter by account creation time (joined date). */
+    joinedFrom: z.coerce.date().optional(),
+    joinedTo: z.coerce.date().optional(),
+});
+
+const listInvoicesInput = z.object({
+    page: z.number().int().min(1).default(1),
+    pageSize: z.number().int().min(1).max(100).default(10),
+    search: z.string().max(200).optional(),
+    status: z.string().max(32).optional(),
+    type: z.nativeEnum(InvoiceType).optional(),
+    userId: z.string().optional(),
+    from: z.coerce.date().optional(),
+    to: z.coerce.date().optional(),
+});
+
+export const admin = router({
+    getSystemStats: adminProcedure
+        .query(async ({ ctx }) => {
+            const totalUsers = await ctx.db.user.count();
+            const totalWorkspaces = await ctx.db.workspace.count();
+            const totalSubscriptions = await ctx.db.subscription.count({
+                where: { status: 'active' }
+            });
+
+            // Calculate revenue breakdown
+            const subRevenueResult = await (ctx.db as any).invoice.aggregate({
+                where: { status: 'paid', type: 'SUBSCRIPTION' },
+                _sum: { amountPaid: true }
+            });
+            const topupRevenueResult = await (ctx.db as any).invoice.aggregate({
+                where: { status: 'paid', type: 'TOPUP' },
+                _sum: { amountPaid: true }
+            });
+
+            const subRevenue = Number(subRevenueResult._sum.amountPaid || 0) / 100;
+            const topupRevenue = Number(topupRevenueResult._sum.amountPaid || 0) / 100;
+
+            return {
+                totalUsers,
+                totalWorkspaces,
+                totalSubscriptions,
+                revenue: subRevenue + topupRevenue,
+                subscriptionRevenue: subRevenue,
+                topupRevenue: topupRevenue,
+            };
+        }),
+
+    listUsers: adminProcedure
+        .input(listUsersInput)
+        .query(async ({ ctx, input }) => {
+            const search = input.search?.trim();
+            const baseRoleWhere = {
+                role: {
+                    name: { not: 'System Admin' },
+                },
+            } as const;
+
+            const searchWhere =
+                search && search.length > 0
+                    ? {
+                          OR: [
+                              { email: { contains: search, mode: 'insensitive' as const } },
+                              { name: { contains: search, mode: 'insensitive' as const } },
+                              { id: { contains: search } },
+                          ],
+                      }
+                    : undefined;
+
+            const verifiedWhere =
+                input.emailVerified === 'yes'
+                    ? { emailVerified: { not: null } }
+                    : input.emailVerified === 'no'
+                      ? { emailVerified: null }
+                      : undefined;
+
+            const joinedWhere =
+                input.joinedFrom || input.joinedTo
+                    ? {
+                          createdAt: {
+                              ...(input.joinedFrom ? { gte: input.joinedFrom } : {}),
+                              ...(input.joinedTo ? { lte: input.joinedTo } : {}),
+                          },
+                      }
+                    : undefined;
+
+            const where = {
+                AND: [
+                    baseRoleWhere,
+                    ...(searchWhere ? [searchWhere] : []),
+                    ...(verifiedWhere ? [verifiedWhere] : []),
+                    ...(joinedWhere ? [joinedWhere] : []),
+                ],
+            };
+
+            const totalCount = await ctx.db.user.count({ where });
+            const pageSize = input.pageSize;
+            const totalPages = Math.max(1, Math.ceil(totalCount / pageSize));
+            const page = Math.min(Math.max(1, input.page), totalPages);
+            const skip = (page - 1) * pageSize;
+
+            const users = await ctx.db.user.findMany({
+                where,
+                skip,
+                take: pageSize,
+                orderBy: { createdAt: 'desc' },
+                include: {
+                    role: true,
+                    profilePicture: true,
+                    subscriptions: {
+                        orderBy: { createdAt: 'desc' },
+                        take: 1,
+                        include: {
+                            plan: true,
+                        },
+                    },
+                },
+            });
+
+            return {
+                users: users.map((user: any) => ({
+                    ...user,
+                    profilePicture: user.profilePicture?.objectKey
+                        ? `/profile-picture/${user.profilePicture.objectKey}?t=${new Date(user.updatedAt).getTime()}`
+                        : null,
+                })),
+                page,
+                pageSize,
+                totalCount,
+                totalPages,
+            };
+        }),
+
+    /**
+     * Paginated global invoice list for admin Invoices page (search + filters).
+     */
+    listInvoices: adminProcedure
+        .input(listInvoicesInput)
+        .query(async ({ ctx, input }) => {
+            const search = input.search?.trim();
+
+            const searchWhere =
+                search && search.length > 0
+                    ? {
+                          OR: [
+                              { id: { contains: search } },
+                              { stripeInvoiceId: { contains: search, mode: 'insensitive' as const } },
+                              {
+                                  user: {
+                                      email: { contains: search, mode: 'insensitive' as const },
+                                  },
+                              },
+                              {
+                                  user: {
+                                      name: { contains: search, mode: 'insensitive' as const },
+                                  },
+                              },
+                          ],
+                      }
+                    : undefined;
+
+            const userIdWhere = input.userId?.trim()
+                ? { userId: input.userId.trim() }
+                : undefined;
+
+            const statusWhere = input.status?.trim()
+                ? { status: input.status.trim() }
+                : undefined;
+
+            const typeWhere = input.type ? { type: input.type } : undefined;
+
+            const dateWhere =
+                input.from || input.to
+                    ? {
+                          createdAt: {
+                              ...(input.from ? { gte: input.from } : {}),
+                              ...(input.to ? { lte: input.to } : {}),
+                          },
+                      }
+                    : undefined;
+
+            const andParts = [
+                ...(searchWhere ? [searchWhere] : []),
+                ...(userIdWhere ? [userIdWhere] : []),
+                ...(statusWhere ? [statusWhere] : []),
+                ...(typeWhere ? [typeWhere] : []),
+                ...(dateWhere ? [dateWhere] : []),
+            ];
+            const where = andParts.length > 0 ? { AND: andParts } : {};
+
+            const totalCount = await (ctx.db as any).invoice.count({ where });
+            const pageSize = input.pageSize;
+            const totalPages = Math.max(1, Math.ceil(totalCount / pageSize));
+            const page = Math.min(Math.max(1, input.page), totalPages);
+            const skip = (page - 1) * pageSize;
+
+            const invoices = await (ctx.db as any).invoice.findMany({
+                where,
+                skip,
+                take: pageSize,
+                orderBy: { createdAt: 'desc' },
+                include: {
+                    user: {
+                        include: {
+                            profilePicture: true,
+                        },
+                    },
+                    subscription: {
+                        include: { plan: true },
+                    },
+                },
+            });
+
+            const items = invoices.map((invoice: any) => ({
+                ...invoice,
+                user: invoice.user
+                    ? {
+                          ...invoice.user,
+                          profilePicture: invoice.user.profilePicture?.objectKey
+                              ? `/profile-picture/${invoice.user.profilePicture.objectKey}?t=${new Date(invoice.user.updatedAt).getTime()}`
+                              : null,
+                      }
+                    : invoice.user,
+            }));
+
+            return {
+                items,
+                page,
+                pageSize,
+                totalCount,
+                totalPages,
+            };
+        }),
+
+    listWorkspaces: adminProcedure
+        .input(z.object({
+            limit: z.number().min(1).max(100).default(50),
+            cursor: z.string().nullish(),
+        }))
+        .query(async ({ ctx, input }) => {
+            const workspaces = await ctx.db.workspace.findMany({
+                take: input.limit + 1,
+                cursor: input.cursor ? { id: input.cursor } : undefined,
+                orderBy: { createdAt: 'desc' },
+                include: {
+                    owner: {
+                        select: {
+                            name: true,
+                            email: true,
+                        }
+                    }
+                }
+            });
+
+            let nextCursor: typeof input.cursor | undefined = undefined;
+            if (workspaces.length > input.limit) {
+                const nextItem = workspaces.pop();
+                nextCursor = nextItem!.id;
+            }
+
+            return {
+                workspaces,
+                nextCursor,
+            };
+        }),
+
+    updateUserRole: adminProcedure
+        .input(z.object({
+            userId: z.string(),
+            roleName: z.string(),
+        }))
+        .mutation(async ({ ctx, input }) => {
+            const role = await ctx.db.role.findUnique({
+                where: { name: input.roleName }
+            });
+
+            if (!role) {
+                throw new Error(`Role ${input.roleName} not found`);
+            }
+
+            const updatedUser = await ctx.db.user.update({
+                where: { id: input.userId },
+                data: { roleId: role.id },
+            });
+
+            logger.info(`User ${input.userId} role updated to ${input.roleName} by admin ${ctx.userId}`, 'ADMIN');
+            return updatedUser;
+        }),
+
+    listPlans: adminProcedure
+        .query(async ({ ctx }) => {
+            return ctx.db.plan.findMany({
+                include: {
+                    limit: true
+                },
+                orderBy: { price: 'asc' }
+            });
+        }),
+
+    upsertPlan: adminProcedure
+        .input(z.object({
+            id: z.string().optional(),
+            name: z.string(),
+            description: z.string().optional(),
+            type: z.string(), // subscription or credits
+            price: z.number(),
+            stripePriceId: z.string().optional(),
+            interval: z.string().nullable(),
+            active: z.boolean().default(true),
+            limits: z.object({
+                maxStorageBytes: z.number(),
+                maxWorksheets: z.number(),
+                maxFlashcards: z.number(),
+                maxPodcasts: z.number().default(0),
+                maxStudyGuides: z.number().default(0),
+            })
+        }))
+        .mutation(async ({ ctx, input }) => {
+            let { limits, id, stripePriceId, ...planData } = input;
+
+            // Automation: Create Stripe Product and Price if stripePriceId is missing (new plan)
+            if (!stripePriceId && !id) {
+                if (!stripe) {
+                    throw new Error("Stripe is not configured on the server");
+                }
+
+                try {
+                    // 1. Create Product
+                    const product = await stripe.products.create({
+                        name: planData.name,
+                        description: planData.description,
+                    });
+
+                    // 2. Create Price
+                    const price = await stripe.prices.create({
+                        product: product.id,
+                        unit_amount: Math.round(planData.price * 100), // convert to cents
+                        currency: 'usd',
+                        recurring: planData.type === 'subscription'
+                            ? { interval: (planData.interval as any) || 'month' }
+                            : undefined,
+                    });
+
+                    stripePriceId = price.id;
+                    logger.info(`Automatically created Stripe Product (${product.id}) and Price (${price.id}) for plan: ${planData.name}`, 'STRIPE');
+                } catch (err: any) {
+                    logger.error(`Failed to automate Stripe creation: ${err.message}`, 'STRIPE');
+                    throw new Error(`Stripe error: ${err.message}`);
+                }
+            }
+
+            if (id) {
+                // Update
+                const updatedPlan = await ctx.db.plan.update({
+                    where: { id },
+                    data: {
+                        ...planData,
+                        stripePriceId,
+                        limit: {
+                            update: {
+                                maxStorageBytes: BigInt(limits.maxStorageBytes),
+                                maxWorksheets: limits.maxWorksheets,
+                                maxFlashcards: limits.maxFlashcards,
+                                maxPodcasts: limits.maxPodcasts,
+                                maxStudyGuides: limits.maxStudyGuides,
+                            }
+                        }
+                    }
+                });
+                logger.info(`Plan ${id} updated by admin ${ctx.userId}`, 'ADMIN');
+                return updatedPlan;
+            } else {
+                // Create
+                const newPlan = await ctx.db.plan.create({
+                    data: {
+                        ...planData,
+                        stripePriceId: stripePriceId || "", // Should be set by automation above
+                        limit: {
+                            create: {
+                                maxStorageBytes: BigInt(limits.maxStorageBytes),
+                                maxWorksheets: limits.maxWorksheets,
+                                maxFlashcards: limits.maxFlashcards,
+                                maxPodcasts: limits.maxPodcasts,
+                                maxStudyGuides: limits.maxStudyGuides,
+                            }
+                        }
+                    }
+                });
+                logger.info(`New plan ${newPlan.id} created by admin ${ctx.userId}`, 'ADMIN');
+                return newPlan;
+            }
+        }),
+
+    deletePlan: adminProcedure
+        .input(z.object({ id: z.string() }))
+        .mutation(async ({ ctx, input }) => {
+            // Check if plan has active subscriptions
+            const activeSubs = await ctx.db.subscription.count({
+                where: { planId: input.id, status: 'active' }
+            });
+
+            if (activeSubs > 0) {
+                // If it has active subs, we should just deactivate it instead of deleting
+                await ctx.db.plan.update({
+                    where: { id: input.id },
+                    data: { active: false }
+                });
+                return { success: true, message: "Plan deactivated because it has active subscribers." };
+            }
+
+            await ctx.db.plan.delete({ where: { id: input.id } });
+            logger.info(`Plan ${input.id} deleted by admin ${ctx.userId}`, 'ADMIN');
+            return { success: true, message: "Plan deleted." };
+        }),
+
+    getUserInvoices: adminProcedure
+        .input(
+            z.object({
+                userId: z.string(),
+                /** When set, return at most this many newest invoices (e.g. 5 for user detail sheet). Omit for full history. */
+                limit: z.number().int().min(1).max(500).optional(),
+            })
+        )
+        .query(async ({ ctx, input }) => {
+            return (ctx.db as any).invoice.findMany({
+                where: { userId: input.userId },
+                orderBy: { createdAt: 'desc' },
+                take: input.limit,
+                include: {
+                    subscription: {
+                        include: { plan: true }
+                    }
+                }
+            });
+        }),
+
+    getUserDetailedInfo: adminProcedure
+        .input(z.object({ userId: z.string() }))
+        .query(async ({ ctx, input }) => {
+            const user = await ctx.db.user.findUnique({
+                where: { id: input.userId },
+                include: {
+                    role: true,
+                    profilePicture: true,
+                    subscriptions: {
+                        orderBy: { createdAt: 'desc' },
+                        take: 1,
+                        include: { plan: true }
+                    },
+                    _count: {
+                        select: {
+                            workspaces: true,
+                            artifacts: true,
+                        }
+                    }
+                }
+            });
+
+            if (!user) throw new Error("User not found");
+
+            // Calculate total spent by this user
+            const totalSpentResult = await (ctx.db as any).invoice.aggregate({
+                where: { userId: input.userId, status: 'paid' },
+                _sum: { amountPaid: true }
+            });
+            const totalSpent = Number(totalSpentResult._sum.amountPaid || 0) / 100;
+
+            // Get purchased credits summary
+            const purchasedCredits = await ctx.db.userCredit.groupBy({
+                by: ['resourceType'],
+                where: { userId: input.userId },
+                _sum: { amount: true }
+            });
+
+            const profilePictureUrl = (user as any).profilePicture?.objectKey
+                ? `/profile-picture/${(user as any).profilePicture.objectKey}?t=${new Date(user.updatedAt).getTime()}`
+                : null;
+
+            return {
+                ...user,
+                totalSpent,
+                purchasedCredits: purchasedCredits.map(c => ({
+                    type: c.resourceType,
+                    amount: c._sum.amount || 0
+                })),
+                profilePicture: profilePictureUrl,
+            };
+        }),
+
+    debugInvoices: adminProcedure
+        .query(async ({ ctx }) => {
+            const count = await (ctx.db as any).invoice.count();
+            const all = await (ctx.db as any).invoice.findMany({ take: 10 });
+            return { count, all };
+        }),
+
+    listResourcePrices: adminProcedure
+        .query(async ({ ctx }) => {
+            return ctx.db.resourcePrice.findMany({
+                orderBy: { resourceType: 'asc' }
+            });
+        }),
+
+    upsertResourcePrice: adminProcedure
+        .input(z.object({
+            resourceType: z.nativeEnum(ArtifactType),
+            priceCents: z.number().min(0),
+        }))
+        .mutation(async ({ ctx, input }) => {
+            const price = await ctx.db.resourcePrice.upsert({
+                where: { resourceType: input.resourceType },
+                update: { priceCents: input.priceCents },
+                create: {
+                    resourceType: input.resourceType,
+                    priceCents: input.priceCents,
+                },
+            });
+            logger.info(`Resource price for ${input.resourceType} updated to ${input.priceCents} by admin ${ctx.userId}`, 'ADMIN');
+            return price;
+        }),
+
+    listRecentInvoices: adminProcedure
+        .input(z.object({ limit: z.number().default(10) }))
+        .query(async ({ ctx, input }) => {
+            const invoices = await (ctx.db as any).invoice.findMany({
+                take: input.limit,
+                orderBy: { createdAt: 'desc' },
+                include: {
+                    user: {
+                        include: {
+                            profilePicture: true,
+                        }
+                    }
+                }
+            });
+
+            return invoices.map((invoice: any) => ({
+                ...invoice,
+                user: {
+                    ...invoice.user,
+                    profilePicture: invoice.user.profilePicture?.objectKey
+                        ? `/profile-picture/${invoice.user.profilePicture.objectKey}?t=${new Date(invoice.user.updatedAt).getTime()}`
+                        : null,
+                }
+            }));
+        }),
+
+    activityList: adminProcedure
+        .input(activityListInput)
+        .query(async ({ ctx, input }) => {
+            const where = buildActivityLogWhere({
+                from: input.from,
+                to: input.to,
+                actorUserId: input.actorUserId,
+                workspaceId: input.workspaceId,
+                category: input.category,
+                status: input.status,
+                search: input.search,
+            });
+
+            const totalCount = await ctx.db.activityLog.count({ where });
+            const totalPages = Math.max(1, Math.ceil(totalCount / input.limit));
+            const page = Math.min(Math.max(1, input.page), totalPages);
+            const skip = (page - 1) * input.limit;
+
+            const rows = await ctx.db.activityLog.findMany({
+                where,
+                skip,
+                take: input.limit,
+                orderBy: { createdAt: 'desc' },
+                include: {
+                    actor: { select: { id: true, email: true, name: true } },
+                    workspace: { select: { id: true, title: true } },
+                },
+            });
+
+            return {
+                items: rows.map((r) => ({
+                    id: r.id,
+                    createdAt: r.createdAt,
+                    action: r.action,
+                    description: getActivityHumanDescription(r.trpcPath, r.action),
+                    category: r.category,
+                    trpcPath: r.trpcPath,
+                    status: r.status,
+                    durationMs: r.durationMs,
+                    errorCode: r.errorCode,
+                    ipAddress: r.ipAddress,
+                    actor: r.actor,
+                    workspace: r.workspace,
+                    metadata: r.metadata,
+                })),
+                page,
+                pageSize: input.limit,
+                totalCount,
+                totalPages,
+            };
+        }),
+
+    activityExportCsv: adminProcedure
+        .input(
+            activityLogFiltersInput.extend({
+                maxRows: z.number().min(1).max(5000).default(2000),
+            })
+        )
+        .query(async ({ ctx, input }) => {
+            const where = buildActivityLogWhere({
+                from: input.from,
+                to: input.to,
+                actorUserId: input.actorUserId,
+                workspaceId: input.workspaceId,
+                category: input.category,
+                status: input.status,
+                search: input.search,
+            });
+
+            const rows = await ctx.db.activityLog.findMany({
+                where,
+                orderBy: { createdAt: 'desc' },
+                take: input.maxRows,
+                include: {
+                    actor: { select: { email: true, name: true } },
+                    workspace: { select: { title: true } },
+                },
+            });
+
+            const header = [
+                'createdAt',
+                'actorEmail',
+                'actorName',
+                'description',
+                'trpcPath',
+                'category',
+                'status',
+                'durationMs',
+                'workspaceTitle',
+                'errorCode',
+            ].join(',');
+
+            const lines = rows.map((r) =>
+                [
+                    csvEscapeCell(r.createdAt.toISOString()),
+                    csvEscapeCell(r.actor?.email),
+                    csvEscapeCell(r.actor?.name),
+                    csvEscapeCell(getActivityHumanDescription(r.trpcPath, r.action)),
+                    csvEscapeCell(r.trpcPath),
+                    csvEscapeCell(r.category),
+                    csvEscapeCell(r.status),
+                    csvEscapeCell(r.durationMs),
+                    csvEscapeCell(r.workspace?.title),
+                    csvEscapeCell(r.errorCode),
+                ].join(',')
+            );
+
+            return {
+                csv: [header, ...lines].join('\n'),
+                count: rows.length,
+            };
+        }),
+
+    /** Deletes rows older than ACTIVITY_LOG_RETENTION_DAYS (default 365). Run manually or via cron. */
+    activityPurgeRetention: adminProcedure.mutation(async ({ ctx }) => {
+        const days = getActivityRetentionDays();
+        const cutoff = new Date();
+        cutoff.setDate(cutoff.getDate() - days);
+        const { deleted } = await deleteActivityLogsOlderThan(ctx.db, cutoff);
+        logger.info(`ActivityLog retention purge: deleted ${deleted} rows older than ${days} days (cutoff ${cutoff.toISOString()})`, 'ADMIN');
+        return { deleted, retentionDays: days, cutoff };
+    }),
+});