@goscribe/server 1.3.0 → 1.3.1

package/dist/routers/admin.js

@@ -0,0 +1,633 @@
+import { z } from 'zod';
+import { router, adminProcedure } from '../trpc.js';
+import { logger } from '../lib/logger.js';
+import { stripe } from '../lib/stripe.js';
+import { ActivityLogCategory, ActivityLogStatus, ArtifactType, InvoiceType } from '@prisma/client';
+import { buildActivityLogWhere, deleteActivityLogsOlderThan, getActivityRetentionDays, } from '../lib/activity_log_service.js';
+import { getActivityHumanDescription } from '../lib/activity_human_description.js';
+function csvEscapeCell(value) {
+    if (value === null || value === undefined)
+        return '';
+    const s = String(value);
+    if (/[",\n\r]/.test(s))
+        return `"${s.replace(/"/g, '""')}"`;
+    return s;
+}
+const activityLogFiltersInput = z.object({
+    from: z.coerce.date().optional(),
+    to: z.coerce.date().optional(),
+    actorUserId: z.string().optional(),
+    workspaceId: z.string().optional(),
+    category: z.nativeEnum(ActivityLogCategory).optional(),
+    status: z.nativeEnum(ActivityLogStatus).optional(),
+    search: z.string().max(200).optional(),
+});
+const activityListInput = activityLogFiltersInput.extend({
+    page: z.number().int().min(1).default(1),
+    limit: z.number().min(1).max(100).default(20),
+});
+const listUsersInput = z.object({
+    page: z.number().int().min(1).default(1),
+    pageSize: z.number().int().min(1).max(100).default(10),
+    /** Trims; matches name, email, or id (substring). */
+    search: z.string().max(200).optional(),
+    emailVerified: z.enum(['all', 'yes', 'no']).default('all'),
+    /** Filter by account creation time (joined date). */
+    joinedFrom: z.coerce.date().optional(),
+    joinedTo: z.coerce.date().optional(),
+});
+const listInvoicesInput = z.object({
+    page: z.number().int().min(1).default(1),
+    pageSize: z.number().int().min(1).max(100).default(10),
+    search: z.string().max(200).optional(),
+    status: z.string().max(32).optional(),
+    type: z.nativeEnum(InvoiceType).optional(),
+    userId: z.string().optional(),
+    from: z.coerce.date().optional(),
+    to: z.coerce.date().optional(),
+});
+export const admin = router({
+    getSystemStats: adminProcedure
+        .query(async ({ ctx }) => {
+        const totalUsers = await ctx.db.user.count();
+        const totalWorkspaces = await ctx.db.workspace.count();
+        const totalSubscriptions = await ctx.db.subscription.count({
+            where: { status: 'active' }
+        });
+        // Calculate revenue breakdown
+        const subRevenueResult = await ctx.db.invoice.aggregate({
+            where: { status: 'paid', type: 'SUBSCRIPTION' },
+            _sum: { amountPaid: true }
+        });
+        const topupRevenueResult = await ctx.db.invoice.aggregate({
+            where: { status: 'paid', type: 'TOPUP' },
+            _sum: { amountPaid: true }
+        });
+        const subRevenue = Number(subRevenueResult._sum.amountPaid || 0) / 100;
+        const topupRevenue = Number(topupRevenueResult._sum.amountPaid || 0) / 100;
+        return {
+            totalUsers,
+            totalWorkspaces,
+            totalSubscriptions,
+            revenue: subRevenue + topupRevenue,
+            subscriptionRevenue: subRevenue,
+            topupRevenue: topupRevenue,
+        };
+    }),
+    listUsers: adminProcedure
+        .input(listUsersInput)
+        .query(async ({ ctx, input }) => {
+        const search = input.search?.trim();
+        const baseRoleWhere = {
+            role: {
+                name: { not: 'System Admin' },
+            },
+        };
+        const searchWhere = search && search.length > 0
+            ? {
+                OR: [
+                    { email: { contains: search, mode: 'insensitive' } },
+                    { name: { contains: search, mode: 'insensitive' } },
+                    { id: { contains: search } },
+                ],
+            }
+            : undefined;
+        const verifiedWhere = input.emailVerified === 'yes'
+            ? { emailVerified: { not: null } }
+            : input.emailVerified === 'no'
+                ? { emailVerified: null }
+                : undefined;
+        const joinedWhere = input.joinedFrom || input.joinedTo
+            ? {
+                createdAt: {
+                    ...(input.joinedFrom ? { gte: input.joinedFrom } : {}),
+                    ...(input.joinedTo ? { lte: input.joinedTo } : {}),
+                },
+            }
+            : undefined;
+        const where = {
+            AND: [
+                baseRoleWhere,
+                ...(searchWhere ? [searchWhere] : []),
+                ...(verifiedWhere ? [verifiedWhere] : []),
+                ...(joinedWhere ? [joinedWhere] : []),
+            ],
+        };
+        const totalCount = await ctx.db.user.count({ where });
+        const pageSize = input.pageSize;
+        const totalPages = Math.max(1, Math.ceil(totalCount / pageSize));
+        const page = Math.min(Math.max(1, input.page), totalPages);
+        const skip = (page - 1) * pageSize;
+        const users = await ctx.db.user.findMany({
+            where,
+            skip,
+            take: pageSize,
+            orderBy: { createdAt: 'desc' },
+            include: {
+                role: true,
+                profilePicture: true,
+                subscriptions: {
+                    orderBy: { createdAt: 'desc' },
+                    take: 1,
+                    include: {
+                        plan: true,
+                    },
+                },
+            },
+        });
+        return {
+            users: users.map((user) => ({
+                ...user,
+                profilePicture: user.profilePicture?.objectKey
+                    ? `/profile-picture/${user.profilePicture.objectKey}?t=${new Date(user.updatedAt).getTime()}`
+                    : null,
+            })),
+            page,
+            pageSize,
+            totalCount,
+            totalPages,
+        };
+    }),
+    /**
+     * Paginated global invoice list for admin Invoices page (search + filters).
+     */
+    listInvoices: adminProcedure
+        .input(listInvoicesInput)
+        .query(async ({ ctx, input }) => {
+        const search = input.search?.trim();
+        const searchWhere = search && search.length > 0
+            ? {
+                OR: [
+                    { id: { contains: search } },
+                    { stripeInvoiceId: { contains: search, mode: 'insensitive' } },
+                    {
+                        user: {
+                            email: { contains: search, mode: 'insensitive' },
+                        },
+                    },
+                    {
+                        user: {
+                            name: { contains: search, mode: 'insensitive' },
+                        },
+                    },
+                ],
+            }
+            : undefined;
+        const userIdWhere = input.userId?.trim()
+            ? { userId: input.userId.trim() }
+            : undefined;
+        const statusWhere = input.status?.trim()
+            ? { status: input.status.trim() }
+            : undefined;
+        const typeWhere = input.type ? { type: input.type } : undefined;
+        const dateWhere = input.from || input.to
+            ? {
+                createdAt: {
+                    ...(input.from ? { gte: input.from } : {}),
+                    ...(input.to ? { lte: input.to } : {}),
+                },
+            }
+            : undefined;
+        const andParts = [
+            ...(searchWhere ? [searchWhere] : []),
+            ...(userIdWhere ? [userIdWhere] : []),
+            ...(statusWhere ? [statusWhere] : []),
+            ...(typeWhere ? [typeWhere] : []),
+            ...(dateWhere ? [dateWhere] : []),
+        ];
+        const where = andParts.length > 0 ? { AND: andParts } : {};
+        const totalCount = await ctx.db.invoice.count({ where });
+        const pageSize = input.pageSize;
+        const totalPages = Math.max(1, Math.ceil(totalCount / pageSize));
+        const page = Math.min(Math.max(1, input.page), totalPages);
+        const skip = (page - 1) * pageSize;
+        const invoices = await ctx.db.invoice.findMany({
+            where,
+            skip,
+            take: pageSize,
+            orderBy: { createdAt: 'desc' },
+            include: {
+                user: {
+                    include: {
+                        profilePicture: true,
+                    },
+                },
+                subscription: {
+                    include: { plan: true },
+                },
+            },
+        });
+        const items = invoices.map((invoice) => ({
+            ...invoice,
+            user: invoice.user
+                ? {
+                    ...invoice.user,
+                    profilePicture: invoice.user.profilePicture?.objectKey
+                        ? `/profile-picture/${invoice.user.profilePicture.objectKey}?t=${new Date(invoice.user.updatedAt).getTime()}`
+                        : null,
+                }
+                : invoice.user,
+        }));
+        return {
+            items,
+            page,
+            pageSize,
+            totalCount,
+            totalPages,
+        };
+    }),
+    listWorkspaces: adminProcedure
+        .input(z.object({
+        limit: z.number().min(1).max(100).default(50),
+        cursor: z.string().nullish(),
+    }))
+        .query(async ({ ctx, input }) => {
+        const workspaces = await ctx.db.workspace.findMany({
+            take: input.limit + 1,
+            cursor: input.cursor ? { id: input.cursor } : undefined,
+            orderBy: { createdAt: 'desc' },
+            include: {
+                owner: {
+                    select: {
+                        name: true,
+                        email: true,
+                    }
+                }
+            }
+        });
+        let nextCursor = undefined;
+        if (workspaces.length > input.limit) {
+            const nextItem = workspaces.pop();
+            nextCursor = nextItem.id;
+        }
+        return {
+            workspaces,
+            nextCursor,
+        };
+    }),
+    updateUserRole: adminProcedure
+        .input(z.object({
+        userId: z.string(),
+        roleName: z.string(),
+    }))
+        .mutation(async ({ ctx, input }) => {
+        const role = await ctx.db.role.findUnique({
+            where: { name: input.roleName }
+        });
+        if (!role) {
+            throw new Error(`Role ${input.roleName} not found`);
+        }
+        const updatedUser = await ctx.db.user.update({
+            where: { id: input.userId },
+            data: { roleId: role.id },
+        });
+        logger.info(`User ${input.userId} role updated to ${input.roleName} by admin ${ctx.userId}`, 'ADMIN');
+        return updatedUser;
+    }),
+    listPlans: adminProcedure
+        .query(async ({ ctx }) => {
+        return ctx.db.plan.findMany({
+            include: {
+                limit: true
+            },
+            orderBy: { price: 'asc' }
+        });
+    }),
+    upsertPlan: adminProcedure
+        .input(z.object({
+        id: z.string().optional(),
+        name: z.string(),
+        description: z.string().optional(),
+        type: z.string(), // subscription or credits
+        price: z.number(),
+        stripePriceId: z.string().optional(),
+        interval: z.string().nullable(),
+        active: z.boolean().default(true),
+        limits: z.object({
+            maxStorageBytes: z.number(),
+            maxWorksheets: z.number(),
+            maxFlashcards: z.number(),
+            maxPodcasts: z.number().default(0),
+            maxStudyGuides: z.number().default(0),
+        })
+    }))
+        .mutation(async ({ ctx, input }) => {
+        let { limits, id, stripePriceId, ...planData } = input;
+        // Automation: Create Stripe Product and Price if stripePriceId is missing (new plan)
+        if (!stripePriceId && !id) {
+            if (!stripe) {
+                throw new Error("Stripe is not configured on the server");
+            }
+            try {
+                // 1. Create Product
+                const product = await stripe.products.create({
+                    name: planData.name,
+                    description: planData.description,
+                });
+                // 2. Create Price
+                const price = await stripe.prices.create({
+                    product: product.id,
+                    unit_amount: Math.round(planData.price * 100), // convert to cents
+                    currency: 'usd',
+                    recurring: planData.type === 'subscription'
+                        ? { interval: planData.interval || 'month' }
+                        : undefined,
+                });
+                stripePriceId = price.id;
+                logger.info(`Automatically created Stripe Product (${product.id}) and Price (${price.id}) for plan: ${planData.name}`, 'STRIPE');
+            }
+            catch (err) {
+                logger.error(`Failed to automate Stripe creation: ${err.message}`, 'STRIPE');
+                throw new Error(`Stripe error: ${err.message}`);
+            }
+        }
+        if (id) {
+            // Update
+            const updatedPlan = await ctx.db.plan.update({
+                where: { id },
+                data: {
+                    ...planData,
+                    stripePriceId,
+                    limit: {
+                        update: {
+                            maxStorageBytes: BigInt(limits.maxStorageBytes),
+                            maxWorksheets: limits.maxWorksheets,
+                            maxFlashcards: limits.maxFlashcards,
+                            maxPodcasts: limits.maxPodcasts,
+                            maxStudyGuides: limits.maxStudyGuides,
+                        }
+                    }
+                }
+            });
+            logger.info(`Plan ${id} updated by admin ${ctx.userId}`, 'ADMIN');
+            return updatedPlan;
+        }
+        else {
+            // Create
+            const newPlan = await ctx.db.plan.create({
+                data: {
+                    ...planData,
+                    stripePriceId: stripePriceId || "", // Should be set by automation above
+                    limit: {
+                        create: {
+                            maxStorageBytes: BigInt(limits.maxStorageBytes),
+                            maxWorksheets: limits.maxWorksheets,
+                            maxFlashcards: limits.maxFlashcards,
+                            maxPodcasts: limits.maxPodcasts,
+                            maxStudyGuides: limits.maxStudyGuides,
+                        }
+                    }
+                }
+            });
+            logger.info(`New plan ${newPlan.id} created by admin ${ctx.userId}`, 'ADMIN');
+            return newPlan;
+        }
+    }),
+    deletePlan: adminProcedure
+        .input(z.object({ id: z.string() }))
+        .mutation(async ({ ctx, input }) => {
+        // Check if plan has active subscriptions
+        const activeSubs = await ctx.db.subscription.count({
+            where: { planId: input.id, status: 'active' }
+        });
+        if (activeSubs > 0) {
+            // If it has active subs, we should just deactivate it instead of deleting
+            await ctx.db.plan.update({
+                where: { id: input.id },
+                data: { active: false }
+            });
+            return { success: true, message: "Plan deactivated because it has active subscribers." };
+        }
+        await ctx.db.plan.delete({ where: { id: input.id } });
+        logger.info(`Plan ${input.id} deleted by admin ${ctx.userId}`, 'ADMIN');
+        return { success: true, message: "Plan deleted." };
+    }),
+    getUserInvoices: adminProcedure
+        .input(z.object({
+        userId: z.string(),
+        /** When set, return at most this many newest invoices (e.g. 5 for user detail sheet). Omit for full history. */
+        limit: z.number().int().min(1).max(500).optional(),
+    }))
+        .query(async ({ ctx, input }) => {
+        return ctx.db.invoice.findMany({
+            where: { userId: input.userId },
+            orderBy: { createdAt: 'desc' },
+            take: input.limit,
+            include: {
+                subscription: {
+                    include: { plan: true }
+                }
+            }
+        });
+    }),
+    getUserDetailedInfo: adminProcedure
+        .input(z.object({ userId: z.string() }))
+        .query(async ({ ctx, input }) => {
+        const user = await ctx.db.user.findUnique({
+            where: { id: input.userId },
+            include: {
+                role: true,
+                profilePicture: true,
+                subscriptions: {
+                    orderBy: { createdAt: 'desc' },
+                    take: 1,
+                    include: { plan: true }
+                },
+                _count: {
+                    select: {
+                        workspaces: true,
+                        artifacts: true,
+                    }
+                }
+            }
+        });
+        if (!user)
+            throw new Error("User not found");
+        // Calculate total spent by this user
+        const totalSpentResult = await ctx.db.invoice.aggregate({
+            where: { userId: input.userId, status: 'paid' },
+            _sum: { amountPaid: true }
+        });
+        const totalSpent = Number(totalSpentResult._sum.amountPaid || 0) / 100;
+        // Get purchased credits summary
+        const purchasedCredits = await ctx.db.userCredit.groupBy({
+            by: ['resourceType'],
+            where: { userId: input.userId },
+            _sum: { amount: true }
+        });
+        const profilePictureUrl = user.profilePicture?.objectKey
+            ? `/profile-picture/${user.profilePicture.objectKey}?t=${new Date(user.updatedAt).getTime()}`
+            : null;
+        return {
+            ...user,
+            totalSpent,
+            purchasedCredits: purchasedCredits.map(c => ({
+                type: c.resourceType,
+                amount: c._sum.amount || 0
+            })),
+            profilePicture: profilePictureUrl,
+        };
+    }),
+    debugInvoices: adminProcedure
+        .query(async ({ ctx }) => {
+        const count = await ctx.db.invoice.count();
+        const all = await ctx.db.invoice.findMany({ take: 10 });
+        return { count, all };
+    }),
+    listResourcePrices: adminProcedure
+        .query(async ({ ctx }) => {
+        return ctx.db.resourcePrice.findMany({
+            orderBy: { resourceType: 'asc' }
+        });
+    }),
+    upsertResourcePrice: adminProcedure
+        .input(z.object({
+        resourceType: z.nativeEnum(ArtifactType),
+        priceCents: z.number().min(0),
+    }))
+        .mutation(async ({ ctx, input }) => {
+        const price = await ctx.db.resourcePrice.upsert({
+            where: { resourceType: input.resourceType },
+            update: { priceCents: input.priceCents },
+            create: {
+                resourceType: input.resourceType,
+                priceCents: input.priceCents,
+            },
+        });
+        logger.info(`Resource price for ${input.resourceType} updated to ${input.priceCents} by admin ${ctx.userId}`, 'ADMIN');
+        return price;
+    }),
+    listRecentInvoices: adminProcedure
+        .input(z.object({ limit: z.number().default(10) }))
+        .query(async ({ ctx, input }) => {
+        const invoices = await ctx.db.invoice.findMany({
+            take: input.limit,
+            orderBy: { createdAt: 'desc' },
+            include: {
+                user: {
+                    include: {
+                        profilePicture: true,
+                    }
+                }
+            }
+        });
+        return invoices.map((invoice) => ({
+            ...invoice,
+            user: {
+                ...invoice.user,
+                profilePicture: invoice.user.profilePicture?.objectKey
+                    ? `/profile-picture/${invoice.user.profilePicture.objectKey}?t=${new Date(invoice.user.updatedAt).getTime()}`
+                    : null,
+            }
+        }));
+    }),
+    activityList: adminProcedure
+        .input(activityListInput)
+        .query(async ({ ctx, input }) => {
+        const where = buildActivityLogWhere({
+            from: input.from,
+            to: input.to,
+            actorUserId: input.actorUserId,
+            workspaceId: input.workspaceId,
+            category: input.category,
+            status: input.status,
+            search: input.search,
+        });
+        const totalCount = await ctx.db.activityLog.count({ where });
+        const totalPages = Math.max(1, Math.ceil(totalCount / input.limit));
+        const page = Math.min(Math.max(1, input.page), totalPages);
+        const skip = (page - 1) * input.limit;
+        const rows = await ctx.db.activityLog.findMany({
+            where,
+            skip,
+            take: input.limit,
+            orderBy: { createdAt: 'desc' },
+            include: {
+                actor: { select: { id: true, email: true, name: true } },
+                workspace: { select: { id: true, title: true } },
+            },
+        });
+        return {
+            items: rows.map((r) => ({
+                id: r.id,
+                createdAt: r.createdAt,
+                action: r.action,
+                description: getActivityHumanDescription(r.trpcPath, r.action),
+                category: r.category,
+                trpcPath: r.trpcPath,
+                status: r.status,
+                durationMs: r.durationMs,
+                errorCode: r.errorCode,
+                ipAddress: r.ipAddress,
+                actor: r.actor,
+                workspace: r.workspace,
+                metadata: r.metadata,
+            })),
+            page,
+            pageSize: input.limit,
+            totalCount,
+            totalPages,
+        };
+    }),
+    activityExportCsv: adminProcedure
+        .input(activityLogFiltersInput.extend({
+        maxRows: z.number().min(1).max(5000).default(2000),
+    }))
+        .query(async ({ ctx, input }) => {
+        const where = buildActivityLogWhere({
+            from: input.from,
+            to: input.to,
+            actorUserId: input.actorUserId,
+            workspaceId: input.workspaceId,
+            category: input.category,
+            status: input.status,
+            search: input.search,
+        });
+        const rows = await ctx.db.activityLog.findMany({
+            where,
+            orderBy: { createdAt: 'desc' },
+            take: input.maxRows,
+            include: {
+                actor: { select: { email: true, name: true } },
+                workspace: { select: { title: true } },
+            },
+        });
+        const header = [
+            'createdAt',
+            'actorEmail',
+            'actorName',
+            'description',
+            'trpcPath',
+            'category',
+            'status',
+            'durationMs',
+            'workspaceTitle',
+            'errorCode',
+        ].join(',');
+        const lines = rows.map((r) => [
+            csvEscapeCell(r.createdAt.toISOString()),
+            csvEscapeCell(r.actor?.email),
+            csvEscapeCell(r.actor?.name),
+            csvEscapeCell(getActivityHumanDescription(r.trpcPath, r.action)),
+            csvEscapeCell(r.trpcPath),
+            csvEscapeCell(r.category),
+            csvEscapeCell(r.status),
+            csvEscapeCell(r.durationMs),
+            csvEscapeCell(r.workspace?.title),
+            csvEscapeCell(r.errorCode),
+        ].join(','));
+        return {
+            csv: [header, ...lines].join('\n'),
+            count: rows.length,
+        };
+    }),
+    /** Deletes rows older than ACTIVITY_LOG_RETENTION_DAYS (default 365). Run manually or via cron. */
+    activityPurgeRetention: adminProcedure.mutation(async ({ ctx }) => {
+        const days = getActivityRetentionDays();
+        const cutoff = new Date();
+        cutoff.setDate(cutoff.getDate() - days);
+        const { deleted } = await deleteActivityLogsOlderThan(ctx.db, cutoff);
+        logger.info(`ActivityLog retention purge: deleted ${deleted} rows older than ${days} days (cutoff ${cutoff.toISOString()})`, 'ADMIN');
+        return { deleted, retentionDays: days, cutoff };
+    }),
+});