npm - @intranefr/superbackend - Versions diffs - 1.4.3 - Mend

@intranefr/superbackend 1.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (188) hide show

package/.commiat +4 -0
package/.env.example +47 -0
package/README.md +110 -0
package/index.js +94 -0
package/package.json +67 -0
package/public/css/styles.css +139 -0
package/public/js/animations.js +41 -0
package/sdk/error-tracking/browser/package.json +16 -0
package/sdk/error-tracking/browser/src/core.js +270 -0
package/sdk/error-tracking/browser/src/embed.js +18 -0
package/sdk/error-tracking/browser/src/index.js +1 -0
package/server.js +5 -0
package/src/admin/endpointRegistry.js +300 -0
package/src/controllers/admin.controller.js +321 -0
package/src/controllers/adminAssets.controller.js +530 -0
package/src/controllers/adminAssetsStorage.controller.js +260 -0
package/src/controllers/adminEjsVirtual.controller.js +354 -0
package/src/controllers/adminFeatureFlags.controller.js +155 -0
package/src/controllers/adminHeadless.controller.js +1071 -0
package/src/controllers/adminI18n.controller.js +604 -0
package/src/controllers/adminJsonConfigs.controller.js +97 -0
package/src/controllers/adminLlm.controller.js +273 -0
package/src/controllers/adminMigration.controller.js +257 -0
package/src/controllers/adminSeoConfig.controller.js +515 -0
package/src/controllers/adminStats.controller.js +121 -0
package/src/controllers/adminUploadNamespaces.controller.js +208 -0
package/src/controllers/assets.controller.js +248 -0
package/src/controllers/auth.controller.js +93 -0
package/src/controllers/billing.controller.js +223 -0
package/src/controllers/featureFlags.controller.js +35 -0
package/src/controllers/forms.controller.js +217 -0
package/src/controllers/globalSettings.controller.js +252 -0
package/src/controllers/headlessCrud.controller.js +126 -0
package/src/controllers/i18n.controller.js +12 -0
package/src/controllers/invite.controller.js +249 -0
package/src/controllers/jsonConfigs.controller.js +19 -0
package/src/controllers/metrics.controller.js +149 -0
package/src/controllers/notificationAdmin.controller.js +264 -0
package/src/controllers/notifications.controller.js +131 -0
package/src/controllers/org.controller.js +357 -0
package/src/controllers/orgAdmin.controller.js +491 -0
package/src/controllers/stripeAdmin.controller.js +410 -0
package/src/controllers/user.controller.js +361 -0
package/src/controllers/userAdmin.controller.js +277 -0
package/src/controllers/waitingList.controller.js +167 -0
package/src/controllers/webhook.controller.js +200 -0
package/src/middleware/auth.js +66 -0
package/src/middleware/errorCapture.js +170 -0
package/src/middleware/headlessApiTokenAuth.js +57 -0
package/src/middleware/org.js +108 -0
package/src/middleware.js +901 -0
package/src/models/ActionEvent.js +31 -0
package/src/models/ActivityLog.js +41 -0
package/src/models/Asset.js +84 -0
package/src/models/AuditEvent.js +93 -0
package/src/models/EmailLog.js +28 -0
package/src/models/ErrorAggregate.js +72 -0
package/src/models/FormSubmission.js +41 -0
package/src/models/GlobalSetting.js +38 -0
package/src/models/HeadlessApiToken.js +24 -0
package/src/models/HeadlessModelDefinition.js +41 -0
package/src/models/I18nEntry.js +77 -0
package/src/models/I18nLocale.js +33 -0
package/src/models/Invite.js +70 -0
package/src/models/JsonConfig.js +46 -0
package/src/models/Notification.js +60 -0
package/src/models/Organization.js +57 -0
package/src/models/OrganizationMember.js +43 -0
package/src/models/StripeCatalogItem.js +77 -0
package/src/models/StripeWebhookEvent.js +57 -0
package/src/models/User.js +89 -0
package/src/models/VirtualEjsFile.js +60 -0
package/src/models/VirtualEjsFileVersion.js +43 -0
package/src/models/VirtualEjsGroupChange.js +32 -0
package/src/models/WaitingList.js +41 -0
package/src/models/Webhook.js +63 -0
package/src/models/Workflow.js +29 -0
package/src/models/WorkflowExecution.js +12 -0
package/src/routes/admin.routes.js +26 -0
package/src/routes/adminAssets.routes.js +28 -0
package/src/routes/adminAssetsStorage.routes.js +13 -0
package/src/routes/adminAudit.routes.js +196 -0
package/src/routes/adminEjsVirtual.routes.js +17 -0
package/src/routes/adminErrors.routes.js +164 -0
package/src/routes/adminFeatureFlags.routes.js +12 -0
package/src/routes/adminHeadless.routes.js +38 -0
package/src/routes/adminI18n.routes.js +22 -0
package/src/routes/adminJsonConfigs.routes.js +15 -0
package/src/routes/adminLlm.routes.js +12 -0
package/src/routes/adminMigration.routes.js +81 -0
package/src/routes/adminSeoConfig.routes.js +20 -0
package/src/routes/adminUploadNamespaces.routes.js +13 -0
package/src/routes/assets.routes.js +21 -0
package/src/routes/auth.routes.js +12 -0
package/src/routes/billing.routes.js +11 -0
package/src/routes/errorTracking.routes.js +31 -0
package/src/routes/featureFlags.routes.js +9 -0
package/src/routes/forms.routes.js +9 -0
package/src/routes/formsAdmin.routes.js +13 -0
package/src/routes/globalSettings.routes.js +18 -0
package/src/routes/headless.routes.js +15 -0
package/src/routes/i18n.routes.js +8 -0
package/src/routes/invite.routes.js +9 -0
package/src/routes/jsonConfigs.routes.js +8 -0
package/src/routes/log.routes.js +111 -0
package/src/routes/metrics.routes.js +9 -0
package/src/routes/notificationAdmin.routes.js +15 -0
package/src/routes/notifications.routes.js +12 -0
package/src/routes/org.routes.js +31 -0
package/src/routes/orgAdmin.routes.js +20 -0
package/src/routes/publicAssets.routes.js +7 -0
package/src/routes/stripeAdmin.routes.js +20 -0
package/src/routes/user.routes.js +22 -0
package/src/routes/userAdmin.routes.js +15 -0
package/src/routes/waitingList.routes.js +13 -0
package/src/routes/waitingListAdmin.routes.js +9 -0
package/src/routes/webhook.routes.js +32 -0
package/src/routes/workflowWebhook.routes.js +54 -0
package/src/routes/workflows.routes.js +110 -0
package/src/services/assets.service.js +110 -0
package/src/services/audit.service.js +62 -0
package/src/services/auditLogger.js +165 -0
package/src/services/ejsVirtual.service.js +614 -0
package/src/services/email.service.js +351 -0
package/src/services/errorLogger.js +221 -0
package/src/services/featureFlags.service.js +202 -0
package/src/services/forms.service.js +214 -0
package/src/services/globalSettings.service.js +49 -0
package/src/services/headlessApiTokens.service.js +158 -0
package/src/services/headlessCrypto.service.js +31 -0
package/src/services/headlessModels.service.js +356 -0
package/src/services/i18n.service.js +314 -0
package/src/services/i18nInferredKeys.service.js +337 -0
package/src/services/jsonConfigs.service.js +392 -0
package/src/services/llm.service.js +749 -0
package/src/services/migration.service.js +581 -0
package/src/services/migrationAssets/fsLocal.js +58 -0
package/src/services/migrationAssets/index.js +134 -0
package/src/services/migrationAssets/s3.js +75 -0
package/src/services/migrationAssets/sftp.js +92 -0
package/src/services/notification.service.js +212 -0
package/src/services/objectStorage.service.js +514 -0
package/src/services/seoConfig.service.js +402 -0
package/src/services/storage.js +150 -0
package/src/services/stripe.service.js +185 -0
package/src/services/stripeHelper.service.js +264 -0
package/src/services/uploadNamespaces.service.js +326 -0
package/src/services/webhook.service.js +157 -0
package/src/services/workflow.service.js +271 -0
package/src/utils/asyncHandler.js +5 -0
package/src/utils/encryption.js +80 -0
package/src/utils/jwt.js +40 -0
package/src/utils/orgRoles.js +156 -0
package/src/utils/validation.js +26 -0
package/src/utils/webhookRetry.js +93 -0
package/views/admin-assets.ejs +444 -0
package/views/admin-audit.ejs +283 -0
package/views/admin-coolify-deploy.ejs +207 -0
package/views/admin-dashboard-home.ejs +291 -0
package/views/admin-dashboard.ejs +397 -0
package/views/admin-ejs-virtual.ejs +280 -0
package/views/admin-errors.ejs +368 -0
package/views/admin-feature-flags.ejs +390 -0
package/views/admin-forms.ejs +526 -0
package/views/admin-global-settings.ejs +436 -0
package/views/admin-headless.ejs +2020 -0
package/views/admin-i18n-locales.ejs +221 -0
package/views/admin-i18n.ejs +728 -0
package/views/admin-json-configs.ejs +410 -0
package/views/admin-llm.ejs +884 -0
package/views/admin-metrics.ejs +274 -0
package/views/admin-migration.ejs +814 -0
package/views/admin-notifications.ejs +430 -0
package/views/admin-organizations.ejs +984 -0
package/views/admin-seo-config.ejs +673 -0
package/views/admin-stripe-pricing.ejs +558 -0
package/views/admin-test.ejs +342 -0
package/views/admin-users.ejs +452 -0
package/views/admin-waiting-list.ejs +547 -0
package/views/admin-webhooks.ejs +329 -0
package/views/admin-workflows.ejs +310 -0
package/views/partials/admin-assets-script.ejs +2022 -0
package/views/partials/admin-test-sidebar.ejs +14 -0
package/views/partials/dashboard/nav-items.ejs +66 -0
package/views/partials/dashboard/palette.ejs +63 -0
package/views/partials/dashboard/sidebar.ejs +21 -0
package/views/partials/dashboard/tab-bar.ejs +26 -0
package/views/partials/footer.ejs +3 -0

package/src/controllers/metrics.controller.js ADDED Viewed

@@ -0,0 +1,149 @@
+const crypto = require('crypto');
+const ActionEvent = require('../models/ActionEvent');
+const GlobalSetting = require('../models/GlobalSetting');
+const { verifyAccessToken } = require('../utils/jwt');
+const User = require('../models/User');
+function parseCookieHeader(cookieHeader) {
+  const out = {};
+  if (!cookieHeader) return out;
+  const parts = cookieHeader.split(';');
+  for (const p of parts) {
+    const idx = p.indexOf('=');
+    if (idx === -1) continue;
+    const k = p.slice(0, idx).trim();
+    const v = p.slice(idx + 1).trim();
+    if (!k) continue;
+    out[k] = decodeURIComponent(v);
+  }
+  return out;
+}
+function getMonthRange(date = new Date()) {
+  const start = new Date(Date.UTC(date.getUTCFullYear(), date.getUTCMonth(), 1, 0, 0, 0, 0));
+  const end = new Date(Date.UTC(date.getUTCFullYear(), date.getUTCMonth() + 1, 1, 0, 0, 0, 0));
+  return { start, end };
+}
+function getAnonId(req) {
+  const headerAnon = req.get('x-anon-id');
+  if (headerAnon) return String(headerAnon).trim();
+  const cookies = parseCookieHeader(req.headers.cookie);
+  if (cookies.enbauges_anon_id) return String(cookies.enbauges_anon_id).trim();
+  const bodyAnon = req.body?.anonId;
+  if (bodyAnon) return String(bodyAnon).trim();
+  return null;
+}
+async function tryAttachUser(req) {
+  if (req.user?._id) return;
+  const authHeader = req.headers.authorization;
+  if (!authHeader || !authHeader.startsWith('Bearer ')) return;
+  try {
+    const token = authHeader.substring(7);
+    const decoded = verifyAccessToken(token);
+    const user = await User.findById(decoded.userId);
+    if (user) req.user = user;
+  } catch (e) {
+    // optional auth: ignore errors
+  }
+}
+exports.track = async (req, res) => {
+  try {
+    await tryAttachUser(req);
+    const action = String(req.body?.action || '').trim();
+    const meta = req.body?.meta ?? null;
+    if (!action) {
+      return res.status(400).json({ error: 'action is required' });
+    }
+    let actorType = 'anonymous';
+    let actorId = getAnonId(req);
+    if (req.user?._id) {
+      actorType = 'user';
+      actorId = String(req.user._id);
+    }
+    if (!actorId) {
+      actorId = crypto.randomUUID();
+      res.cookie('enbauges_anon_id', actorId, {
+        httpOnly: false,
+        sameSite: 'lax',
+        maxAge: 1000 * 60 * 60 * 24 * 365,
+        path: '/',
+      });
+    }
+    await ActionEvent.create({
+      action,
+      actorType,
+      actorId,
+      meta,
+    });
+    return res.json({ ok: true, actorType, anonId: actorType === 'anonymous' ? actorId : null });
+  } catch (error) {
+    console.error('Metrics track error:', error);
+    return res.status(500).json({ error: 'Failed to track' });
+  }
+};
+exports.getImpact = async (req, res) => {
+  try {
+    const { start, end } = getMonthRange(new Date());
+    const activeActorsAgg = await ActionEvent.aggregate([
+      {
+        $match: {
+          createdAt: { $gte: start, $lt: end },
+          actorType: { $in: ['user', 'anonymous'] },
+        },
+      },
+      {
+        $group: {
+          _id: {
+            actorType: '$actorType',
+            actorId: '$actorId',
+          },
+        },
+      },
+      { $count: 'count' },
+    ]);
+    const activeUsers = activeActorsAgg?.[0]?.count || 0;
+    const servicesConsulted = await ActionEvent.countDocuments({
+      action: 'service_view',
+      createdAt: { $gte: start, $lt: end },
+    });
+    const newsletterSetting = await GlobalSetting.findOne({ key: 'newsletter_list' }).lean();
+    let newsletterSubscribers = 0;
+    if (newsletterSetting?.value) {
+      try {
+        const parsed = JSON.parse(newsletterSetting.value);
+        if (Array.isArray(parsed)) newsletterSubscribers = parsed.length;
+      } catch (e) {
+        newsletterSubscribers = 0;
+      }
+    }
+    return res.json({
+      range: { start: start.toISOString(), end: end.toISOString() },
+      activeUsers,
+      servicesConsulted,
+      newsletterSubscribers,
+    });
+  } catch (error) {
+    console.error('Metrics impact error:', error);
+    return res.status(500).json({ error: 'Failed to compute impact' });
+  }
+};

package/src/controllers/notificationAdmin.controller.js ADDED Viewed

@@ -0,0 +1,264 @@
+const mongoose = require('mongoose');
+const Notification = require('../models/Notification');
+const User = require('../models/User');
+const notificationService = require('../services/notification.service');
+const { createAuditEvent, getBasicAuthActor } = require('../services/audit.service');
+const DEFAULT_LIMIT = 50;
+const MAX_LIMIT = 500;
+function parseLimit(value) {
+  const parsed = parseInt(value, 10);
+  if (!Number.isFinite(parsed)) return DEFAULT_LIMIT;
+  return Math.min(MAX_LIMIT, Math.max(1, parsed));
+}
+function parseOffset(value) {
+  const parsed = parseInt(value, 10);
+  if (!Number.isFinite(parsed)) return 0;
+  return Math.max(0, parsed);
+}
+exports.listNotifications = async (req, res) => {
+  try {
+    const { userId, type, channel, emailStatus, broadcastId, limit, offset } = req.query;
+    const parsedLimit = parseLimit(limit);
+    const parsedOffset = parseOffset(offset);
+    const query = {};
+    if (userId && mongoose.Types.ObjectId.isValid(String(userId))) {
+      query.userId = new mongoose.Types.ObjectId(String(userId));
+    }
+    if (type) {
+      query.type = String(type);
+    }
+    if (channel) {
+      query.channel = String(channel);
+    }
+    if (emailStatus) {
+      query.emailStatus = String(emailStatus);
+    }
+    if (broadcastId) {
+      query.broadcastId = String(broadcastId);
+    }
+    const notifications = await Notification.find(query)
+      .populate('userId', 'email name')
+      .sort({ createdAt: -1 })
+      .limit(parsedLimit)
+      .skip(parsedOffset)
+      .lean();
+    const total = await Notification.countDocuments(query);
+    return res.json({
+      notifications,
+      pagination: {
+        total,
+        limit: parsedLimit,
+        offset: parsedOffset,
+      },
+    });
+  } catch (error) {
+    console.error('Admin notification list error:', error);
+    return res.status(500).json({ error: 'Failed to list notifications' });
+  }
+};
+exports.getNotificationStats = async (req, res) => {
+  try {
+    const stats = await notificationService.getNotificationStats();
+    return res.json(stats);
+  } catch (error) {
+    console.error('Admin notification stats error:', error);
+    return res.status(500).json({ error: 'Failed to get notification stats' });
+  }
+};
+exports.sendNotification = async (req, res) => {
+  try {
+    const { userIds, type, title, message, channel = 'in_app', metadata = {} } = req.body;
+    if (!type || !title || !message) {
+      return res.status(400).json({ error: 'type, title, and message are required' });
+    }
+    if (!['info', 'success', 'warning', 'error'].includes(String(type))) {
+      return res.status(400).json({ error: 'Invalid type. Must be info, success, warning, or error.' });
+    }
+    if (!['in_app', 'email', 'both'].includes(String(channel))) {
+      return res.status(400).json({ error: 'Invalid channel. Must be in_app, email, or both.' });
+    }
+    if (!Array.isArray(userIds) || userIds.length === 0) {
+      return res.status(400).json({ error: 'userIds must be a non-empty array' });
+    }
+    const validUserIds = userIds.filter((id) => mongoose.Types.ObjectId.isValid(String(id)));
+    if (validUserIds.length === 0) {
+      return res.status(400).json({ error: 'No valid user IDs provided' });
+    }
+    const actor = getBasicAuthActor(req);
+    const result = await notificationService.sendToUsers({
+      userIds: validUserIds,
+      type: String(type),
+      title: String(title),
+      message: String(message),
+      channel: String(channel),
+      metadata,
+      sentByAdminId: actor.actorId,
+    });
+    await createAuditEvent({
+      ...actor,
+      action: 'admin.notification.send',
+      entityType: 'Notification',
+      entityId: result.broadcastId,
+      before: null,
+      after: { userCount: validUserIds.length, type, title, channel },
+      meta: { broadcastId: result.broadcastId },
+    });
+    return res.status(201).json({
+      message: 'Notifications sent',
+      broadcastId: result.broadcastId,
+      results: result.results,
+    });
+  } catch (error) {
+    console.error('Admin send notification error:', error);
+    return res.status(500).json({ error: 'Failed to send notifications' });
+  }
+};
+exports.broadcastNotification = async (req, res) => {
+  try {
+    const { type, title, message, channel = 'in_app', metadata = {} } = req.body;
+    if (!type || !title || !message) {
+      return res.status(400).json({ error: 'type, title, and message are required' });
+    }
+    if (!['info', 'success', 'warning', 'error'].includes(String(type))) {
+      return res.status(400).json({ error: 'Invalid type. Must be info, success, warning, or error.' });
+    }
+    if (!['in_app', 'email', 'both'].includes(String(channel))) {
+      return res.status(400).json({ error: 'Invalid channel. Must be in_app, email, or both.' });
+    }
+    const actor = getBasicAuthActor(req);
+    const result = await notificationService.broadcast({
+      type: String(type),
+      title: String(title),
+      message: String(message),
+      channel: String(channel),
+      metadata,
+      sentByAdminId: actor.actorId,
+      userFilter: { disabled: { $ne: true } },
+    });
+    await createAuditEvent({
+      ...actor,
+      action: 'admin.notification.broadcast',
+      entityType: 'Notification',
+      entityId: result.broadcastId,
+      before: null,
+      after: { userCount: result.results.length, type, title, channel },
+      meta: { broadcastId: result.broadcastId },
+    });
+    return res.status(201).json({
+      message: 'Broadcast sent',
+      broadcastId: result.broadcastId,
+      recipientCount: result.results.length,
+      successCount: result.results.filter((r) => r.success).length,
+      failCount: result.results.filter((r) => !r.success).length,
+    });
+  } catch (error) {
+    console.error('Admin broadcast notification error:', error);
+    return res.status(500).json({ error: 'Failed to broadcast notification' });
+  }
+};
+exports.deleteNotification = async (req, res) => {
+  try {
+    const { id } = req.params;
+    if (!id || !mongoose.Types.ObjectId.isValid(String(id))) {
+      return res.status(400).json({ error: 'Invalid notification ID' });
+    }
+    const notification = await Notification.findById(id);
+    if (!notification) {
+      return res.status(404).json({ error: 'Notification not found' });
+    }
+    const before = notification.toObject();
+    const actor = getBasicAuthActor(req);
+    await Notification.deleteOne({ _id: id });
+    await createAuditEvent({
+      ...actor,
+      action: 'admin.notification.delete',
+      entityType: 'Notification',
+      entityId: String(id),
+      before,
+      after: null,
+      meta: null,
+    });
+    return res.json({ message: 'Notification deleted' });
+  } catch (error) {
+    console.error('Admin notification delete error:', error);
+    return res.status(500).json({ error: 'Failed to delete notification' });
+  }
+};
+exports.retryEmailNotification = async (req, res) => {
+  try {
+    const { id } = req.params;
+    if (!id || !mongoose.Types.ObjectId.isValid(String(id))) {
+      return res.status(400).json({ error: 'Invalid notification ID' });
+    }
+    const notification = await Notification.findById(id).populate('userId', 'email');
+    if (!notification) {
+      return res.status(404).json({ error: 'Notification not found' });
+    }
+    if (notification.channel === 'in_app') {
+      return res.status(400).json({ error: 'This notification is in-app only' });
+    }
+    if (notification.emailStatus === 'sent') {
+      return res.status(400).json({ error: 'Email already sent' });
+    }
+    const userEmail = notification.userId?.email;
+    if (!userEmail) {
+      return res.status(400).json({ error: 'User email not found' });
+    }
+    await notificationService.sendEmailForNotification(notification, userEmail);
+    return res.json({
+      message: 'Email retry attempted',
+      emailStatus: notification.emailStatus,
+    });
+  } catch (error) {
+    console.error('Admin notification retry error:', error);
+    return res.status(500).json({ error: 'Failed to retry email notification' });
+  }
+};

package/src/controllers/notifications.controller.js ADDED Viewed

@@ -0,0 +1,131 @@
+const Notification = require('../models/Notification');
+const ActivityLog = require('../models/ActivityLog');
+exports.getNotifications = async (req, res) => {
+  try {
+    const { limit = 50, offset = 0, unreadOnly = false } = req.query;
+    const query = { userId: req.user._id };
+    if (unreadOnly === 'true') {
+      query.read = false;
+    }
+    const notifications = await Notification.find(query)
+      .sort({ createdAt: -1 })
+      .limit(parseInt(limit))
+      .skip(parseInt(offset))
+      .lean();
+    const total = await Notification.countDocuments(query);
+    const unreadCount = await Notification.countDocuments({
+      userId: req.user._id,
+      read: false
+    });
+    res.json({
+      notifications,
+      pagination: {
+        total,
+        limit: parseInt(limit),
+        offset: parseInt(offset),
+        hasMore: total > parseInt(offset) + parseInt(limit)
+      },
+      unreadCount
+    });
+  } catch (error) {
+    console.error('Error fetching notifications:', error);
+    res.status(500).json({ error: 'Failed to fetch notifications' });
+  }
+};
+exports.markNotificationAsRead = async (req, res) => {
+  try {
+    const { id } = req.params;
+    const notification = await Notification.findOneAndUpdate(
+      { _id: id, userId: req.user._id },
+      { read: true },
+      { new: true }
+    );
+    if (!notification) {
+      return res.status(404).json({ error: 'Notification not found' });
+    }
+    res.json({
+      message: 'Notification marked as read',
+      notification
+    });
+  } catch (error) {
+    console.error('Error marking notification as read:', error);
+    res.status(500).json({ error: 'Failed to mark notification as read' });
+  }
+};
+exports.getActivityLog = async (req, res) => {
+  try {
+    const { limit = 50, offset = 0, category, action } = req.query;
+    const query = { userId: req.user._id };
+    if (category) query.category = category;
+    if (action) query.action = action;
+    const activities = await ActivityLog.find(query)
+      .sort({ createdAt: -1 })
+      .limit(parseInt(limit))
+      .skip(parseInt(offset))
+      .lean();
+    const total = await ActivityLog.countDocuments(query);
+    res.json({
+      activities,
+      pagination: {
+        total,
+        limit: parseInt(limit),
+        offset: parseInt(offset),
+        hasMore: total > parseInt(offset) + parseInt(limit)
+      }
+    });
+  } catch (error) {
+    console.error('Error fetching activity log:', error);
+    res.status(500).json({ error: 'Failed to fetch activity log' });
+  }
+};
+exports.createActivityLog = async (req, res) => {
+  try {
+    const { action, category, description, metadata } = req.body;
+    if (!action || !category || !description) {
+      return res.status(400).json({
+        error: 'action, category, and description are required'
+      });
+    }
+    const validCategories = ['auth', 'billing', 'content', 'settings', 'admin', 'other'];
+    if (!validCategories.includes(category)) {
+      return res.status(400).json({
+        error: `Invalid category. Must be one of: ${validCategories.join(', ')}`
+      });
+    }
+    const activity = await ActivityLog.create({
+      userId: req.user._id,
+      action,
+      category,
+      description,
+      ipAddress: req.ip || req.connection.remoteAddress,
+      userAgent: req.get('user-agent'),
+      metadata: metadata || {}
+    });
+    res.status(201).json({
+      message: 'Activity log created',
+      activity
+    });
+  } catch (error) {
+    console.error('Error creating activity log:', error);
+    res.status(500).json({ error: 'Failed to create activity log' });
+  }
+};