npm - @intranefr/superbackend - Versions diffs - 1.4.3 - Mend

@intranefr/superbackend 1.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (188) hide show

package/.commiat +4 -0
package/.env.example +47 -0
package/README.md +110 -0
package/index.js +94 -0
package/package.json +67 -0
package/public/css/styles.css +139 -0
package/public/js/animations.js +41 -0
package/sdk/error-tracking/browser/package.json +16 -0
package/sdk/error-tracking/browser/src/core.js +270 -0
package/sdk/error-tracking/browser/src/embed.js +18 -0
package/sdk/error-tracking/browser/src/index.js +1 -0
package/server.js +5 -0
package/src/admin/endpointRegistry.js +300 -0
package/src/controllers/admin.controller.js +321 -0
package/src/controllers/adminAssets.controller.js +530 -0
package/src/controllers/adminAssetsStorage.controller.js +260 -0
package/src/controllers/adminEjsVirtual.controller.js +354 -0
package/src/controllers/adminFeatureFlags.controller.js +155 -0
package/src/controllers/adminHeadless.controller.js +1071 -0
package/src/controllers/adminI18n.controller.js +604 -0
package/src/controllers/adminJsonConfigs.controller.js +97 -0
package/src/controllers/adminLlm.controller.js +273 -0
package/src/controllers/adminMigration.controller.js +257 -0
package/src/controllers/adminSeoConfig.controller.js +515 -0
package/src/controllers/adminStats.controller.js +121 -0
package/src/controllers/adminUploadNamespaces.controller.js +208 -0
package/src/controllers/assets.controller.js +248 -0
package/src/controllers/auth.controller.js +93 -0
package/src/controllers/billing.controller.js +223 -0
package/src/controllers/featureFlags.controller.js +35 -0
package/src/controllers/forms.controller.js +217 -0
package/src/controllers/globalSettings.controller.js +252 -0
package/src/controllers/headlessCrud.controller.js +126 -0
package/src/controllers/i18n.controller.js +12 -0
package/src/controllers/invite.controller.js +249 -0
package/src/controllers/jsonConfigs.controller.js +19 -0
package/src/controllers/metrics.controller.js +149 -0
package/src/controllers/notificationAdmin.controller.js +264 -0
package/src/controllers/notifications.controller.js +131 -0
package/src/controllers/org.controller.js +357 -0
package/src/controllers/orgAdmin.controller.js +491 -0
package/src/controllers/stripeAdmin.controller.js +410 -0
package/src/controllers/user.controller.js +361 -0
package/src/controllers/userAdmin.controller.js +277 -0
package/src/controllers/waitingList.controller.js +167 -0
package/src/controllers/webhook.controller.js +200 -0
package/src/middleware/auth.js +66 -0
package/src/middleware/errorCapture.js +170 -0
package/src/middleware/headlessApiTokenAuth.js +57 -0
package/src/middleware/org.js +108 -0
package/src/middleware.js +901 -0
package/src/models/ActionEvent.js +31 -0
package/src/models/ActivityLog.js +41 -0
package/src/models/Asset.js +84 -0
package/src/models/AuditEvent.js +93 -0
package/src/models/EmailLog.js +28 -0
package/src/models/ErrorAggregate.js +72 -0
package/src/models/FormSubmission.js +41 -0
package/src/models/GlobalSetting.js +38 -0
package/src/models/HeadlessApiToken.js +24 -0
package/src/models/HeadlessModelDefinition.js +41 -0
package/src/models/I18nEntry.js +77 -0
package/src/models/I18nLocale.js +33 -0
package/src/models/Invite.js +70 -0
package/src/models/JsonConfig.js +46 -0
package/src/models/Notification.js +60 -0
package/src/models/Organization.js +57 -0
package/src/models/OrganizationMember.js +43 -0
package/src/models/StripeCatalogItem.js +77 -0
package/src/models/StripeWebhookEvent.js +57 -0
package/src/models/User.js +89 -0
package/src/models/VirtualEjsFile.js +60 -0
package/src/models/VirtualEjsFileVersion.js +43 -0
package/src/models/VirtualEjsGroupChange.js +32 -0
package/src/models/WaitingList.js +41 -0
package/src/models/Webhook.js +63 -0
package/src/models/Workflow.js +29 -0
package/src/models/WorkflowExecution.js +12 -0
package/src/routes/admin.routes.js +26 -0
package/src/routes/adminAssets.routes.js +28 -0
package/src/routes/adminAssetsStorage.routes.js +13 -0
package/src/routes/adminAudit.routes.js +196 -0
package/src/routes/adminEjsVirtual.routes.js +17 -0
package/src/routes/adminErrors.routes.js +164 -0
package/src/routes/adminFeatureFlags.routes.js +12 -0
package/src/routes/adminHeadless.routes.js +38 -0
package/src/routes/adminI18n.routes.js +22 -0
package/src/routes/adminJsonConfigs.routes.js +15 -0
package/src/routes/adminLlm.routes.js +12 -0
package/src/routes/adminMigration.routes.js +81 -0
package/src/routes/adminSeoConfig.routes.js +20 -0
package/src/routes/adminUploadNamespaces.routes.js +13 -0
package/src/routes/assets.routes.js +21 -0
package/src/routes/auth.routes.js +12 -0
package/src/routes/billing.routes.js +11 -0
package/src/routes/errorTracking.routes.js +31 -0
package/src/routes/featureFlags.routes.js +9 -0
package/src/routes/forms.routes.js +9 -0
package/src/routes/formsAdmin.routes.js +13 -0
package/src/routes/globalSettings.routes.js +18 -0
package/src/routes/headless.routes.js +15 -0
package/src/routes/i18n.routes.js +8 -0
package/src/routes/invite.routes.js +9 -0
package/src/routes/jsonConfigs.routes.js +8 -0
package/src/routes/log.routes.js +111 -0
package/src/routes/metrics.routes.js +9 -0
package/src/routes/notificationAdmin.routes.js +15 -0
package/src/routes/notifications.routes.js +12 -0
package/src/routes/org.routes.js +31 -0
package/src/routes/orgAdmin.routes.js +20 -0
package/src/routes/publicAssets.routes.js +7 -0
package/src/routes/stripeAdmin.routes.js +20 -0
package/src/routes/user.routes.js +22 -0
package/src/routes/userAdmin.routes.js +15 -0
package/src/routes/waitingList.routes.js +13 -0
package/src/routes/waitingListAdmin.routes.js +9 -0
package/src/routes/webhook.routes.js +32 -0
package/src/routes/workflowWebhook.routes.js +54 -0
package/src/routes/workflows.routes.js +110 -0
package/src/services/assets.service.js +110 -0
package/src/services/audit.service.js +62 -0
package/src/services/auditLogger.js +165 -0
package/src/services/ejsVirtual.service.js +614 -0
package/src/services/email.service.js +351 -0
package/src/services/errorLogger.js +221 -0
package/src/services/featureFlags.service.js +202 -0
package/src/services/forms.service.js +214 -0
package/src/services/globalSettings.service.js +49 -0
package/src/services/headlessApiTokens.service.js +158 -0
package/src/services/headlessCrypto.service.js +31 -0
package/src/services/headlessModels.service.js +356 -0
package/src/services/i18n.service.js +314 -0
package/src/services/i18nInferredKeys.service.js +337 -0
package/src/services/jsonConfigs.service.js +392 -0
package/src/services/llm.service.js +749 -0
package/src/services/migration.service.js +581 -0
package/src/services/migrationAssets/fsLocal.js +58 -0
package/src/services/migrationAssets/index.js +134 -0
package/src/services/migrationAssets/s3.js +75 -0
package/src/services/migrationAssets/sftp.js +92 -0
package/src/services/notification.service.js +212 -0
package/src/services/objectStorage.service.js +514 -0
package/src/services/seoConfig.service.js +402 -0
package/src/services/storage.js +150 -0
package/src/services/stripe.service.js +185 -0
package/src/services/stripeHelper.service.js +264 -0
package/src/services/uploadNamespaces.service.js +326 -0
package/src/services/webhook.service.js +157 -0
package/src/services/workflow.service.js +271 -0
package/src/utils/asyncHandler.js +5 -0
package/src/utils/encryption.js +80 -0
package/src/utils/jwt.js +40 -0
package/src/utils/orgRoles.js +156 -0
package/src/utils/validation.js +26 -0
package/src/utils/webhookRetry.js +93 -0
package/views/admin-assets.ejs +444 -0
package/views/admin-audit.ejs +283 -0
package/views/admin-coolify-deploy.ejs +207 -0
package/views/admin-dashboard-home.ejs +291 -0
package/views/admin-dashboard.ejs +397 -0
package/views/admin-ejs-virtual.ejs +280 -0
package/views/admin-errors.ejs +368 -0
package/views/admin-feature-flags.ejs +390 -0
package/views/admin-forms.ejs +526 -0
package/views/admin-global-settings.ejs +436 -0
package/views/admin-headless.ejs +2020 -0
package/views/admin-i18n-locales.ejs +221 -0
package/views/admin-i18n.ejs +728 -0
package/views/admin-json-configs.ejs +410 -0
package/views/admin-llm.ejs +884 -0
package/views/admin-metrics.ejs +274 -0
package/views/admin-migration.ejs +814 -0
package/views/admin-notifications.ejs +430 -0
package/views/admin-organizations.ejs +984 -0
package/views/admin-seo-config.ejs +673 -0
package/views/admin-stripe-pricing.ejs +558 -0
package/views/admin-test.ejs +342 -0
package/views/admin-users.ejs +452 -0
package/views/admin-waiting-list.ejs +547 -0
package/views/admin-webhooks.ejs +329 -0
package/views/admin-workflows.ejs +310 -0
package/views/partials/admin-assets-script.ejs +2022 -0
package/views/partials/admin-test-sidebar.ejs +14 -0
package/views/partials/dashboard/nav-items.ejs +66 -0
package/views/partials/dashboard/palette.ejs +63 -0
package/views/partials/dashboard/sidebar.ejs +21 -0
package/views/partials/dashboard/tab-bar.ejs +26 -0
package/views/partials/footer.ejs +3 -0

package/views/admin-users.ejs ADDED Viewed

@@ -0,0 +1,452 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Users Admin</title>
+  <script src="https://cdn.tailwindcss.com"></script>
+  <style>
+    .toast { animation: slideIn 0.3s ease-out; }
+    @keyframes slideIn { from { transform: translateX(100%); opacity: 0; } to { transform: translateX(0); opacity: 1; } }
+    .fade-out { animation: fadeOut 0.3s ease-out forwards; }
+    @keyframes fadeOut { from { opacity: 1; } to { opacity: 0; } }
+  </style>
+</head>
+<body class="bg-gray-100">
+  <div class="min-h-screen">
+    <div class="bg-white shadow">
+      <div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-4">
+        <div class="flex justify-between items-center">
+          <div>
+            <h1 class="text-2xl font-bold text-gray-900">Users</h1>
+            <p class="text-sm text-gray-600 mt-1">Manage system users</p>
+          </div>
+          <div class="flex items-center gap-4">
+          </div>
+        </div>
+      </div>
+    </div>
+    <div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-8">
+      <div class="grid grid-cols-1 md:grid-cols-4 gap-4 mb-6">
+        <div class="bg-white rounded-lg shadow p-4">
+          <p class="text-sm text-gray-500">Total Users</p>
+          <p id="stat-total" class="text-2xl font-bold text-gray-900">-</p>
+        </div>
+        <div class="bg-white rounded-lg shadow p-4">
+          <p class="text-sm text-gray-500">Admins</p>
+          <p id="stat-admins" class="text-2xl font-bold text-gray-900">-</p>
+        </div>
+        <div class="bg-white rounded-lg shadow p-4">
+          <p class="text-sm text-gray-500">Active Subscriptions</p>
+          <p id="stat-subscriptions" class="text-2xl font-bold text-gray-900">-</p>
+        </div>
+        <div class="bg-white rounded-lg shadow p-4">
+          <p class="text-sm text-gray-500">Disabled</p>
+          <p id="stat-disabled" class="text-2xl font-bold text-gray-900">-</p>
+        </div>
+      </div>
+      <div class="bg-white rounded-lg shadow p-6">
+        <div class="flex items-center justify-between mb-4">
+          <div>
+            <h2 class="text-lg font-semibold text-gray-900">User List</h2>
+            <p id="users-subtitle" class="text-sm text-gray-600">-</p>
+          </div>
+          <button id="btn-refresh" class="bg-gray-100 text-gray-800 px-3 py-2 rounded hover:bg-gray-200">Refresh</button>
+        </div>
+        <div class="grid grid-cols-1 md:grid-cols-5 gap-3 mb-4">
+          <div>
+            <label class="block text-sm font-medium text-gray-700 mb-1">Search</label>
+            <input id="filter-q" type="text" class="w-full border rounded px-3 py-2" placeholder="email or name">
+          </div>
+          <div>
+            <label class="block text-sm font-medium text-gray-700 mb-1">Role</label>
+            <select id="filter-role" class="w-full border rounded px-3 py-2">
+              <option value="">All</option>
+              <option value="user">user</option>
+              <option value="admin">admin</option>
+            </select>
+          </div>
+          <div>
+            <label class="block text-sm font-medium text-gray-700 mb-1">Subscription</label>
+            <select id="filter-subscription" class="w-full border rounded px-3 py-2">
+              <option value="">All</option>
+              <option value="none">none</option>
+              <option value="active">active</option>
+              <option value="cancelled">cancelled</option>
+              <option value="past_due">past_due</option>
+              <option value="trialing">trialing</option>
+            </select>
+          </div>
+          <div>
+            <label class="block text-sm font-medium text-gray-700 mb-1">Plan</label>
+            <select id="filter-plan" class="w-full border rounded px-3 py-2">
+              <option value="">All</option>
+              <option value="free">free</option>
+              <option value="creator">creator</option>
+              <option value="pro">pro</option>
+            </select>
+          </div>
+          <div>
+            <label class="block text-sm font-medium text-gray-700 mb-1">Limit</label>
+            <input id="filter-limit" type="number" min="1" max="500" class="w-full border rounded px-3 py-2" value="50">
+          </div>
+        </div>
+        <div class="flex gap-2 mb-4">
+          <button id="btn-apply" class="bg-blue-500 text-white px-4 py-2 rounded hover:bg-blue-600">Apply</button>
+          <button id="btn-reset" class="bg-gray-100 text-gray-800 px-4 py-2 rounded hover:bg-gray-200">Reset</button>
+          <div class="flex-1"></div>
+          <button id="btn-prev" class="bg-gray-100 text-gray-800 px-4 py-2 rounded hover:bg-gray-200" disabled>Prev</button>
+          <button id="btn-next" class="bg-gray-100 text-gray-800 px-4 py-2 rounded hover:bg-gray-200" disabled>Next</button>
+        </div>
+        <div class="overflow-x-auto">
+          <table class="min-w-full divide-y divide-gray-200">
+            <thead class="bg-gray-50">
+              <tr>
+                <th class="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">User</th>
+                <th class="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Role</th>
+                <th class="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Plan</th>
+                <th class="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Subscription</th>
+                <th class="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Created</th>
+                <th class="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Actions</th>
+              </tr>
+            </thead>
+            <tbody id="users-tbody" class="bg-white divide-y divide-gray-200"></tbody>
+          </table>
+        </div>
+      </div>
+    </div>
+  </div>
+  <div id="modal-edit" class="fixed inset-0 bg-black bg-opacity-50 hidden z-50 flex items-center justify-center">
+    <div class="bg-white rounded-lg shadow-xl p-6 w-full max-w-md mx-4">
+      <h3 class="text-lg font-semibold text-gray-900 mb-4">Edit User</h3>
+      <input type="hidden" id="edit-user-id">
+      <div class="space-y-4">
+        <div>
+          <label class="block text-sm font-medium text-gray-700 mb-1">Name</label>
+          <input id="edit-name" type="text" class="w-full border rounded px-3 py-2">
+        </div>
+        <div>
+          <label class="block text-sm font-medium text-gray-700 mb-1">Role</label>
+          <select id="edit-role" class="w-full border rounded px-3 py-2">
+            <option value="user">user</option>
+            <option value="admin">admin</option>
+          </select>
+        </div>
+        <div>
+          <label class="block text-sm font-medium text-gray-700 mb-1">Plan</label>
+          <input id="edit-plan" type="text" class="w-full border rounded px-3 py-2" placeholder="e.g. free, pro, starter">
+        </div>
+        <div>
+          <label class="block text-sm font-medium text-gray-700 mb-1">Subscription Status</label>
+          <select id="edit-subscription" class="w-full border rounded px-3 py-2">
+            <option value="none">none</option>
+            <option value="active">active</option>
+            <option value="cancelled">cancelled</option>
+            <option value="past_due">past_due</option>
+            <option value="trialing">trialing</option>
+          </select>
+        </div>
+      </div>
+      <div class="flex justify-end gap-2 mt-6">
+        <button id="btn-modal-cancel" class="bg-gray-100 text-gray-800 px-4 py-2 rounded hover:bg-gray-200">Cancel</button>
+        <button id="btn-modal-save" class="bg-blue-500 text-white px-4 py-2 rounded hover:bg-blue-600">Save</button>
+      </div>
+    </div>
+  </div>
+  <div id="modal-notify" class="fixed inset-0 bg-black bg-opacity-50 hidden z-50 flex items-center justify-center">
+    <div class="bg-white rounded-lg shadow-xl p-6 w-full max-w-md mx-4">
+      <h3 class="text-lg font-semibold text-gray-900 mb-4">Send Notification</h3>
+      <input type="hidden" id="notify-user-id">
+      <p id="notify-user-email" class="text-sm text-gray-600 mb-4"></p>
+      <div class="space-y-4">
+        <div>
+          <label class="block text-sm font-medium text-gray-700 mb-1">Type</label>
+          <select id="notify-type" class="w-full border rounded px-3 py-2">
+            <option value="info">info</option>
+            <option value="success">success</option>
+            <option value="warning">warning</option>
+            <option value="error">error</option>
+          </select>
+        </div>
+        <div>
+          <label class="block text-sm font-medium text-gray-700 mb-1">Channel</label>
+          <select id="notify-channel" class="w-full border rounded px-3 py-2">
+            <option value="in_app">In-App Only</option>
+            <option value="email">Email Only</option>
+            <option value="both">Both</option>
+          </select>
+        </div>
+        <div>
+          <label class="block text-sm font-medium text-gray-700 mb-1">Title *</label>
+          <input id="notify-title" type="text" class="w-full border rounded px-3 py-2" placeholder="Notification title">
+        </div>
+        <div>
+          <label class="block text-sm font-medium text-gray-700 mb-1">Message *</label>
+          <textarea id="notify-message" class="w-full border rounded px-3 py-2" rows="3" placeholder="Notification message"></textarea>
+        </div>
+      </div>
+      <div class="flex justify-end gap-2 mt-6">
+        <button id="btn-notify-cancel" class="bg-gray-100 text-gray-800 px-4 py-2 rounded hover:bg-gray-200">Cancel</button>
+        <button id="btn-notify-send" class="bg-green-500 text-white px-4 py-2 rounded hover:bg-green-600">Send</button>
+      </div>
+    </div>
+  </div>
+  <div id="toast-container" class="fixed top-4 right-4 space-y-2 z-50"></div>
+  <script>
+    const API_BASE = window.location.origin + "<%= baseUrl %>" || window.location.origin;
+    function showToast(message, type = 'success') {
+      const container = document.getElementById('toast-container');
+      const toast = document.createElement('div');
+      toast.className = `toast px-6 py-4 rounded-lg shadow-lg text-white ${type === 'success' ? 'bg-green-500' : 'bg-red-500'}`;
+      toast.textContent = message;
+      container.appendChild(toast);
+      setTimeout(() => { toast.classList.add('fade-out'); setTimeout(() => toast.remove(), 300); }, 3000);
+    }
+    function escapeHtml(str) {
+      return String(str || '').replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#39;');
+    }
+    function formatDate(iso) {
+      try { return new Date(iso).toLocaleDateString(); } catch { return String(iso || ''); }
+    }
+    function qs(obj) {
+      const params = new URLSearchParams();
+      Object.entries(obj).forEach(([k, v]) => { if (v !== undefined && v !== null && String(v).trim()) params.set(k, String(v).trim()); });
+      const out = params.toString();
+      return out ? `?${out}` : '';
+    }
+    const state = { offset: 0, limit: 50, total: 0 };
+    async function loadStats() {
+      try {
+        const res = await fetch(`${API_BASE}/api/admin/users/stats`);
+        const data = await res.json();
+        if (res.ok) {
+          document.getElementById('stat-total').textContent = data.total ?? '-';
+          document.getElementById('stat-admins').textContent = data.admins ?? '-';
+          document.getElementById('stat-subscriptions').textContent = data.activeSubscriptions ?? '-';
+          document.getElementById('stat-disabled').textContent = data.disabled ?? '-';
+        }
+      } catch (e) { console.error('Failed to load stats:', e); }
+    }
+    async function loadUsers() {
+      const q = document.getElementById('filter-q')?.value?.trim();
+      const role = document.getElementById('filter-role')?.value;
+      const subscriptionStatus = document.getElementById('filter-subscription')?.value;
+      const currentPlan = document.getElementById('filter-plan')?.value;
+      const limit = parseInt(document.getElementById('filter-limit')?.value || '50', 10);
+      state.limit = Math.min(500, Math.max(1, limit));
+      const subtitle = document.getElementById('users-subtitle');
+      const tbody = document.getElementById('users-tbody');
+      if (subtitle) subtitle.textContent = 'Loading...';
+      if (tbody) tbody.innerHTML = '';
+      try {
+        const url = `${API_BASE}/api/admin/users${qs({ q, role, subscriptionStatus, currentPlan, limit: state.limit, offset: state.offset })}`;
+        const res = await fetch(url);
+        const data = await res.json();
+        if (!res.ok) { showToast(data?.error || 'Failed to load users', 'error'); return; }
+        const users = Array.isArray(data?.users) ? data.users : [];
+        const pagination = data?.pagination || {};
+        state.total = pagination.total ?? 0;
+        state.limit = pagination.limit ?? state.limit;
+        state.offset = pagination.offset ?? state.offset;
+        if (subtitle) {
+          const from = state.total === 0 ? 0 : state.offset + 1;
+          const to = Math.min(state.offset + users.length, state.total);
+          subtitle.textContent = `${from}-${to} of ${state.total}`;
+        }
+        document.getElementById('btn-prev').disabled = state.offset <= 0;
+        document.getElementById('btn-next').disabled = state.offset + state.limit >= state.total;
+        if (tbody) {
+          if (users.length === 0) {
+            tbody.innerHTML = '<tr><td class="px-4 py-6 text-sm text-gray-600" colspan="6">No users found.</td></tr>';
+            return;
+          }
+          tbody.innerHTML = users.map(u => {
+            const disabled = u.disabled ? '<span class="text-xs text-red-500 ml-1">(disabled)</span>' : '';
+            return `
+              <tr>
+                <td class="px-4 py-3 text-sm text-gray-900">
+                  <div class="font-medium">${escapeHtml(u.email)}${disabled}</div>
+                  <div class="text-xs text-gray-500">${escapeHtml(u.name || '')}</div>
+                  <div class="text-xs text-gray-400">${escapeHtml(u._id)}</div>
+                </td>
+                <td class="px-4 py-3 text-sm text-gray-700">${escapeHtml(u.role)}</td>
+                <td class="px-4 py-3 text-sm text-gray-700">${escapeHtml(u.currentPlan)}</td>
+                <td class="px-4 py-3 text-sm text-gray-700">${escapeHtml(u.subscriptionStatus)}</td>
+                <td class="px-4 py-3 text-sm text-gray-700">${formatDate(u.createdAt)}</td>
+                <td class="px-4 py-3 text-sm text-gray-700 whitespace-nowrap">
+                  <button class="text-blue-600 hover:text-blue-800 mr-2" data-edit="${escapeHtml(u._id)}" data-name="${escapeHtml(u.name || '')}" data-role="${escapeHtml(u.role)}" data-plan="${escapeHtml(u.currentPlan)}" data-subscription="${escapeHtml(u.subscriptionStatus)}">Edit</button>
+                  <button class="text-green-600 hover:text-green-800 mr-2" data-notify="${escapeHtml(u._id)}" data-email="${escapeHtml(u.email)}">Notify</button>
+                  ${u.disabled
+                    ? `<button class="text-green-600 hover:text-green-800" data-enable="${escapeHtml(u._id)}">Enable</button>`
+                    : `<button class="text-red-600 hover:text-red-800" data-disable="${escapeHtml(u._id)}">Disable</button>`
+                  }
+                </td>
+              </tr>
+            `;
+          }).join('');
+          tbody.querySelectorAll('[data-edit]').forEach(btn => {
+            btn.addEventListener('click', () => openEditModal(btn.dataset.edit, btn.dataset.name, btn.dataset.role, btn.dataset.plan, btn.dataset.subscription));
+          });
+          tbody.querySelectorAll('[data-notify]').forEach(btn => {
+            btn.addEventListener('click', () => openNotifyModal(btn.dataset.notify, btn.dataset.email));
+          });
+          tbody.querySelectorAll('[data-disable]').forEach(btn => {
+            btn.addEventListener('click', async () => {
+              if (!confirm('Disable this user?')) return;
+              await toggleUser(btn.dataset.disable, 'disable');
+            });
+          });
+          tbody.querySelectorAll('[data-enable]').forEach(btn => {
+            btn.addEventListener('click', async () => {
+              if (!confirm('Enable this user?')) return;
+              await toggleUser(btn.dataset.enable, 'enable');
+            });
+          });
+        }
+      } catch (e) {
+        showToast(e.message || 'Failed to load users', 'error');
+      }
+    }
+    async function toggleUser(userId, action) {
+      try {
+        const res = await fetch(`${API_BASE}/api/admin/users/${encodeURIComponent(userId)}/${action}`, { method: 'POST' });
+        const data = await res.json();
+        if (!res.ok) { showToast(data?.error || `Failed to ${action} user`, 'error'); return; }
+        showToast(`User ${action}d`, 'success');
+        await Promise.all([loadUsers(), loadStats()]);
+      } catch (e) { showToast(e.message, 'error'); }
+    }
+    function openEditModal(userId, name, role, plan, subscription) {
+      document.getElementById('edit-user-id').value = userId;
+      document.getElementById('edit-name').value = name || '';
+      document.getElementById('edit-role').value = role || 'user';
+      document.getElementById('edit-plan').value = plan || 'free';
+      document.getElementById('edit-subscription').value = subscription || 'none';
+      document.getElementById('modal-edit').classList.remove('hidden');
+    }
+    function closeEditModal() {
+      document.getElementById('modal-edit').classList.add('hidden');
+    }
+    async function saveUser() {
+      const userId = document.getElementById('edit-user-id').value;
+      const name = document.getElementById('edit-name').value.trim();
+      const role = document.getElementById('edit-role').value;
+      const currentPlan = document.getElementById('edit-plan').value;
+      const subscriptionStatus = document.getElementById('edit-subscription').value;
+      try {
+        const res = await fetch(`${API_BASE}/api/admin/users/${encodeURIComponent(userId)}`, {
+          method: 'PATCH',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ name, role, currentPlan, subscriptionStatus }),
+        });
+        const data = await res.json();
+        if (!res.ok) { showToast(data?.error || 'Failed to update user', 'error'); return; }
+        showToast('User updated', 'success');
+        closeEditModal();
+        await Promise.all([loadUsers(), loadStats()]);
+      } catch (e) { showToast(e.message, 'error'); }
+    }
+    function openNotifyModal(userId, email) {
+      document.getElementById('notify-user-id').value = userId;
+      document.getElementById('notify-user-email').textContent = `To: ${email}`;
+      document.getElementById('notify-type').value = 'info';
+      document.getElementById('notify-channel').value = 'in_app';
+      document.getElementById('notify-title').value = '';
+      document.getElementById('notify-message').value = '';
+      document.getElementById('modal-notify').classList.remove('hidden');
+    }
+    function closeNotifyModal() {
+      document.getElementById('modal-notify').classList.add('hidden');
+    }
+    async function sendNotification() {
+      const userId = document.getElementById('notify-user-id').value;
+      const type = document.getElementById('notify-type').value;
+      const channel = document.getElementById('notify-channel').value;
+      const title = document.getElementById('notify-title').value.trim();
+      const message = document.getElementById('notify-message').value.trim();
+      if (!title || !message) { showToast('Title and message are required', 'error'); return; }
+      try {
+        const res = await fetch(`${API_BASE}/api/admin/notifications/send`, {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ userIds: [userId], type, channel, title, message }),
+        });
+        const data = await res.json();
+        if (!res.ok) { showToast(data?.error || 'Failed to send notification', 'error'); return; }
+        showToast('Notification sent', 'success');
+        closeNotifyModal();
+      } catch (e) { showToast(e.message, 'error'); }
+    }
+    function bindEvents() {
+      document.getElementById('btn-refresh').onclick = () => Promise.all([loadUsers(), loadStats()]);
+      document.getElementById('btn-apply').onclick = () => { state.offset = 0; loadUsers(); };
+      document.getElementById('btn-reset').onclick = () => {
+        document.getElementById('filter-q').value = '';
+        document.getElementById('filter-role').value = '';
+        document.getElementById('filter-subscription').value = '';
+        document.getElementById('filter-plan').value = '';
+        document.getElementById('filter-limit').value = '50';
+        state.offset = 0;
+        loadUsers();
+      };
+      document.getElementById('btn-prev').onclick = () => { state.offset = Math.max(0, state.offset - state.limit); loadUsers(); };
+      document.getElementById('btn-next').onclick = () => { state.offset += state.limit; loadUsers(); };
+      document.getElementById('btn-modal-cancel').onclick = closeEditModal;
+      document.getElementById('btn-modal-save').onclick = saveUser;
+      document.getElementById('btn-notify-cancel').onclick = closeNotifyModal;
+      document.getElementById('btn-notify-send').onclick = sendNotification;
+    }
+    bindEvents();
+    Promise.all([loadUsers(), loadStats()]);
+  </script>
+<script>
+  window.addEventListener("keydown", (e) => {
+    if ((e.ctrlKey || e.metaKey) && e.key === "k") {
+      e.preventDefault();
+      window.parent.postMessage({ type: "keydown", ctrlK: true }, "*");
+    }
+  });
+</script>
+</body>
+</html>