npm - @intranefr/superbackend - Versions diffs - 1.4.4 → 1.5.1 - Mend

@intranefr/superbackend 1.4.4 → 1.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (195) hide show

package/.env.example +5 -0
package/README.md +11 -0
package/index.js +39 -1
package/package.json +11 -3
package/public/sdk/ui-components.iife.js +191 -0
package/sdk/ui-components/browser/src/index.js +228 -0
package/src/admin/endpointRegistry.js +120 -0
package/src/controllers/admin.controller.js +111 -5
package/src/controllers/adminBlockDefinitions.controller.js +127 -0
package/src/controllers/adminBlockDefinitionsAi.controller.js +54 -0
package/src/controllers/adminCache.controller.js +342 -0
package/src/controllers/adminContextBlockDefinitions.controller.js +141 -0
package/src/controllers/adminCrons.controller.js +388 -0
package/src/controllers/adminDbBrowser.controller.js +124 -0
package/src/controllers/adminEjsVirtual.controller.js +13 -3
package/src/controllers/adminHeadless.controller.js +91 -2
package/src/controllers/adminHealthChecks.controller.js +570 -0
package/src/controllers/adminI18n.controller.js +51 -29
package/src/controllers/adminLlm.controller.js +126 -2
package/src/controllers/adminPages.controller.js +720 -0
package/src/controllers/adminPagesContextBlocksAi.controller.js +54 -0
package/src/controllers/adminProxy.controller.js +113 -0
package/src/controllers/adminRateLimits.controller.js +138 -0
package/src/controllers/adminRbac.controller.js +803 -0
package/src/controllers/adminScripts.controller.js +320 -0
package/src/controllers/adminSeoConfig.controller.js +71 -48
package/src/controllers/adminTerminals.controller.js +39 -0
package/src/controllers/adminUiComponents.controller.js +315 -0
package/src/controllers/adminUiComponentsAi.controller.js +34 -0
package/src/controllers/blogAdmin.controller.js +279 -0
package/src/controllers/blogAiAdmin.controller.js +224 -0
package/src/controllers/blogAutomationAdmin.controller.js +141 -0
package/src/controllers/blogInternal.controller.js +26 -0
package/src/controllers/blogPublic.controller.js +89 -0
package/src/controllers/fileManager.controller.js +190 -0
package/src/controllers/fileManagerStoragePolicy.controller.js +23 -0
package/src/controllers/healthChecksPublic.controller.js +196 -0
package/src/controllers/metrics.controller.js +64 -4
package/src/controllers/orgAdmin.controller.js +366 -0
package/src/controllers/uiComponentsPublic.controller.js +118 -0
package/src/middleware/auth.js +7 -0
package/src/middleware/internalCronAuth.js +29 -0
package/src/middleware/rbac.js +62 -0
package/src/middleware.js +879 -56
package/src/models/BlockDefinition.js +27 -0
package/src/models/BlogAutomationLock.js +14 -0
package/src/models/BlogAutomationRun.js +39 -0
package/src/models/BlogPost.js +42 -0
package/src/models/CacheEntry.js +26 -0
package/src/models/ConsoleEntry.js +32 -0
package/src/models/ConsoleLog.js +23 -0
package/src/models/ContextBlockDefinition.js +33 -0
package/src/models/CronExecution.js +47 -0
package/src/models/CronJob.js +70 -0
package/src/models/ExternalDbConnection.js +49 -0
package/src/models/FileEntry.js +22 -0
package/src/models/HeadlessModelDefinition.js +10 -0
package/src/models/HealthAutoHealAttempt.js +57 -0
package/src/models/HealthCheck.js +132 -0
package/src/models/HealthCheckRun.js +51 -0
package/src/models/HealthIncident.js +49 -0
package/src/models/Page.js +95 -0
package/src/models/PageCollection.js +42 -0
package/src/models/ProxyEntry.js +66 -0
package/src/models/RateLimitCounter.js +19 -0
package/src/models/RateLimitMetricBucket.js +20 -0
package/src/models/RbacGrant.js +25 -0
package/src/models/RbacGroup.js +16 -0
package/src/models/RbacGroupMember.js +13 -0
package/src/models/RbacGroupRole.js +13 -0
package/src/models/RbacRole.js +25 -0
package/src/models/RbacUserRole.js +13 -0
package/src/models/ScriptDefinition.js +42 -0
package/src/models/ScriptRun.js +22 -0
package/src/models/UiComponent.js +29 -0
package/src/models/UiComponentProject.js +26 -0
package/src/models/UiComponentProjectComponent.js +18 -0
package/src/routes/admin.routes.js +1 -0
package/src/routes/adminBlog.routes.js +21 -0
package/src/routes/adminBlogAi.routes.js +16 -0
package/src/routes/adminBlogAutomation.routes.js +27 -0
package/src/routes/adminCache.routes.js +20 -0
package/src/routes/adminConsoleManager.routes.js +302 -0
package/src/routes/adminCrons.routes.js +25 -0
package/src/routes/adminDbBrowser.routes.js +65 -0
package/src/routes/adminEjsVirtual.routes.js +2 -1
package/src/routes/adminHeadless.routes.js +8 -1
package/src/routes/adminHealthChecks.routes.js +28 -0
package/src/routes/adminI18n.routes.js +4 -3
package/src/routes/adminLlm.routes.js +4 -2
package/src/routes/adminPages.routes.js +55 -0
package/src/routes/adminProxy.routes.js +15 -0
package/src/routes/adminRateLimits.routes.js +17 -0
package/src/routes/adminRbac.routes.js +38 -0
package/src/routes/adminScripts.routes.js +21 -0
package/src/routes/adminSeoConfig.routes.js +5 -4
package/src/routes/adminTerminals.routes.js +13 -0
package/src/routes/adminUiComponents.routes.js +30 -0
package/src/routes/blogInternal.routes.js +14 -0
package/src/routes/blogPublic.routes.js +9 -0
package/src/routes/fileManager.routes.js +62 -0
package/src/routes/fileManagerStoragePolicy.routes.js +9 -0
package/src/routes/healthChecksPublic.routes.js +9 -0
package/src/routes/log.routes.js +43 -60
package/src/routes/metrics.routes.js +4 -2
package/src/routes/orgAdmin.routes.js +6 -0
package/src/routes/pages.routes.js +123 -0
package/src/routes/proxy.routes.js +46 -0
package/src/routes/rbac.routes.js +47 -0
package/src/routes/uiComponentsPublic.routes.js +9 -0
package/src/routes/webhook.routes.js +2 -1
package/src/routes/workflows.routes.js +4 -0
package/src/services/blockDefinitionsAi.service.js +247 -0
package/src/services/blog.service.js +99 -0
package/src/services/blogAutomation.service.js +978 -0
package/src/services/blogCronsBootstrap.service.js +184 -0
package/src/services/blogPublishing.service.js +58 -0
package/src/services/cacheLayer.service.js +696 -0
package/src/services/consoleManager.service.js +700 -0
package/src/services/consoleOverride.service.js +6 -1
package/src/services/cronScheduler.service.js +350 -0
package/src/services/dbBrowser.service.js +536 -0
package/src/services/ejsVirtual.service.js +102 -32
package/src/services/fileManager.service.js +475 -0
package/src/services/fileManagerStoragePolicy.service.js +285 -0
package/src/services/headlessExternalModels.service.js +292 -0
package/src/services/headlessModels.service.js +26 -6
package/src/services/healthChecks.service.js +650 -0
package/src/services/healthChecksBootstrap.service.js +109 -0
package/src/services/healthChecksScheduler.service.js +106 -0
package/src/services/llmDefaults.service.js +190 -0
package/src/services/migrationAssets/s3.js +2 -2
package/src/services/pages.service.js +602 -0
package/src/services/pagesContext.service.js +331 -0
package/src/services/pagesContextBlocksAi.service.js +349 -0
package/src/services/proxy.service.js +535 -0
package/src/services/rateLimiter.service.js +623 -0
package/src/services/rbac.service.js +212 -0
package/src/services/scriptsRunner.service.js +259 -0
package/src/services/terminals.service.js +152 -0
package/src/services/terminalsWs.service.js +100 -0
package/src/services/uiComponentsAi.service.js +299 -0
package/src/services/uiComponentsCrypto.service.js +39 -0
package/src/services/workflow.service.js +23 -8
package/src/utils/orgRoles.js +14 -0
package/src/utils/rbac/engine.js +60 -0
package/src/utils/rbac/rightsRegistry.js +29 -0
package/views/admin-blog-automation.ejs +877 -0
package/views/admin-blog-edit.ejs +542 -0
package/views/admin-blog.ejs +399 -0
package/views/admin-cache.ejs +681 -0
package/views/admin-console-manager.ejs +680 -0
package/views/admin-crons.ejs +645 -0
package/views/admin-db-browser.ejs +445 -0
package/views/admin-ejs-virtual.ejs +16 -10
package/views/admin-file-manager.ejs +942 -0
package/views/admin-headless.ejs +294 -24
package/views/admin-health-checks.ejs +725 -0
package/views/admin-i18n.ejs +59 -5
package/views/admin-llm.ejs +99 -1
package/views/admin-organizations.ejs +528 -10
package/views/admin-pages.ejs +2424 -0
package/views/admin-proxy.ejs +491 -0
package/views/admin-rate-limiter.ejs +625 -0
package/views/admin-rbac.ejs +1331 -0
package/views/admin-scripts.ejs +497 -0
package/views/admin-seo-config.ejs +61 -7
package/views/admin-terminals.ejs +328 -0
package/views/admin-ui-components.ejs +741 -0
package/views/admin-users.ejs +261 -4
package/views/admin-workflows.ejs +7 -7
package/views/file-manager.ejs +866 -0
package/views/pages/blocks/contact.ejs +27 -0
package/views/pages/blocks/cta.ejs +18 -0
package/views/pages/blocks/faq.ejs +20 -0
package/views/pages/blocks/features.ejs +19 -0
package/views/pages/blocks/hero.ejs +13 -0
package/views/pages/blocks/html.ejs +5 -0
package/views/pages/blocks/image.ejs +14 -0
package/views/pages/blocks/testimonials.ejs +26 -0
package/views/pages/blocks/text.ejs +10 -0
package/views/pages/layouts/default.ejs +51 -0
package/views/pages/layouts/minimal.ejs +42 -0
package/views/pages/layouts/sidebar.ejs +54 -0
package/views/pages/partials/footer.ejs +13 -0
package/views/pages/partials/header.ejs +12 -0
package/views/pages/partials/sidebar.ejs +8 -0
package/views/pages/runtime/page.ejs +10 -0
package/views/pages/templates/article.ejs +20 -0
package/views/pages/templates/default.ejs +12 -0
package/views/pages/templates/landing.ejs +14 -0
package/views/pages/templates/listing.ejs +15 -0
package/views/partials/admin-image-upload-modal.ejs +221 -0
package/views/partials/dashboard/nav-items.ejs +14 -0
package/views/partials/llm-provider-model-picker.ejs +183 -0

package/src/controllers/healthChecksPublic.controller.js ADDED Viewed

@@ -0,0 +1,196 @@
+const HealthCheck = require('../models/HealthCheck');
+const HealthIncident = require('../models/HealthIncident');
+const globalSettingsService = require('../services/globalSettings.service');
+const PUBLIC_STATUS_SETTING_KEY = 'healthChecks.publicStatusEnabled';
+function escapeHtml(unsafe) {
+  return String(unsafe || '')
+    .replace(/&/g, '&amp;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;')
+    .replace(/'/g, '&#39;');
+}
+function renderHtml(payload) {
+  const status = payload.status || 'unknown';
+  const badgeClass = status === 'ok' ? 'badge-success' : status === 'degraded' ? 'badge-warning' : 'badge-error';
+  const checks = Array.isArray(payload.checks) ? payload.checks : [];
+  const bodyRows = checks.length > 0
+    ? checks
+        .map((c) => {
+          const cStatus = String(c.status || 'unknown');
+          const cBadgeClass = cStatus === 'healthy' ? 'badge-success' : cStatus === 'unhealthy' ? 'badge-error' : 'badge-ghost';
+          const incident = c.incident;
+          const incidentLabel = incident ? `${incident.status} (${incident.severity})` : '-';
+          return `
+        <tr>
+          <td class="font-medium">${escapeHtml(c.name)}</td>
+          <td><span class="badge ${cBadgeClass}">${escapeHtml(cStatus)}</span></td>
+          <td class="text-slate-500">${c.lastRunAt ? new Date(c.lastRunAt).toLocaleString() : '-'}</td>
+          <td class="text-slate-500">${c.lastLatencyMs != null ? escapeHtml(String(c.lastLatencyMs)) + ' ms' : '-'}</td>
+          <td class="text-xs">${escapeHtml(incidentLabel)}</td>
+        </tr>`;
+        })
+        .join('')
+    : '<tr><td colspan="5" class="text-slate-500 text-center">No checks found</td></tr>';
+  return `<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Health Checks Status</title>
+    <script src="https://cdn.tailwindcss.com"></script>
+    <link href="https://cdn.jsdelivr.net/npm/daisyui@4.12.10/dist/full.min.css" rel="stylesheet" type="text/css" />
+  </head>
+  <body class="bg-slate-50">
+    <div class="max-w-5xl mx-auto px-6 py-8">
+      <div class="flex items-start justify-between gap-4">
+        <div>
+          <h1 class="text-2xl font-semibold text-slate-900">Health Checks</h1>
+          <div class="text-sm text-slate-500">Public status summary</div>
+        </div>
+        <div class="text-right">
+          <div class="text-sm text-slate-500">Overall</div>
+          <div class="badge ${badgeClass} badge-lg">${escapeHtml(status)}</div>
+          <div class="text-xs text-slate-500 mt-1">Updated: ${escapeHtml(payload.updatedAt || '')}</div>
+        </div>
+      </div>
+      <div class="mt-6 grid grid-cols-2 gap-3">
+        <div class="card bg-white border border-slate-200">
+          <div class="card-body py-4">
+            <div class="text-sm text-slate-500">Total checks</div>
+            <div class="text-xl font-semibold">${payload.totalChecks || 0}</div>
+          </div>
+        </div>
+        <div class="card bg-white border border-slate-200">
+          <div class="card-body py-4">
+            <div class="text-sm text-slate-500">Unhealthy</div>
+            <div class="text-xl font-semibold">${payload.unhealthyCount || 0}</div>
+          </div>
+        </div>
+      </div>
+      <div class="mt-6 card bg-white border border-slate-200">
+        <div class="card-body p-0">
+          <div class="overflow-x-auto">
+            <table class="table table-zebra w-full">
+              <thead>
+                <tr>
+                  <th>Name</th>
+                  <th>Status</th>
+                  <th>Last run</th>
+                  <th>Latency</th>
+                  <th>Incident</th>
+                </tr>
+              </thead>
+              <tbody>
+                ${bodyRows}
+              </tbody>
+            </table>
+          </div>
+        </div>
+      </div>
+      <div class="mt-4 text-xs text-slate-500">
+        Tip: add <code class="px-1 py-0.5 bg-slate-100 rounded">/json</code> to the URL for JSON format.
+      </div>
+    </div>
+  </body>
+</html>`;
+}
+async function computeStatusPayload() {
+  const checks = await HealthCheck.find({ enabled: true }).sort({ name: 1 }).lean();
+  const checkIds = checks.map((c) => String(c._id));
+  const incidents = await HealthIncident.find({
+    healthCheckId: { $in: checkIds },
+    status: { $in: ['open', 'acknowledged'] },
+  }).lean();
+  const incidentMap = {};
+  for (const incident of incidents) {
+    if (!incidentMap[incident.healthCheckId]) {
+      incidentMap[incident.healthCheckId] = incident;
+    }
+  }
+  const summaries = checks.map((check) => {
+    const incident = incidentMap[String(check._id)];
+    return {
+      id: String(check._id),
+      name: check.name,
+      status: incident ? incident.status : (check.lastStatus || 'unknown'),
+      lastRunAt: check.lastRunAt || null,
+      lastLatencyMs: check.lastLatencyMs || null,
+      incident: incident
+        ? {
+            id: String(incident._id),
+            status: incident.status,
+            severity: incident.severity,
+            openedAt: incident.openedAt,
+            lastSeenAt: incident.lastSeenAt,
+          }
+        : null,
+    };
+  });
+  const unhealthyCount = summaries.filter((s) => s.status === 'unhealthy' || s.incident).length;
+  const overallStatus = unhealthyCount > 0 ? 'degraded' : 'ok';
+  return {
+    ok: overallStatus === 'ok',
+    status: overallStatus,
+    updatedAt: new Date().toISOString(),
+    totalChecks: summaries.length,
+    unhealthyCount,
+    checks: summaries,
+  };
+}
+exports.getStatus = async (req, res) => {
+  try {
+    const raw = await globalSettingsService.getSettingValue(PUBLIC_STATUS_SETTING_KEY, 'false');
+    const enabled = String(raw) === 'true';
+    if (!enabled) {
+      return res.status(404).json({ error: 'Not found' });
+    }
+    const payload = await computeStatusPayload();
+    const html = renderHtml(payload);
+    res.setHeader('Content-Type', 'text/html; charset=utf-8');
+    return res.status(200).send(html);
+  } catch (error) {
+    console.error('Failed to compute health checks status:', error);
+    return res.status(500).json({ error: 'Failed to compute status' });
+  }
+};
+exports.getStatusJson = async (req, res) => {
+  try {
+    const raw = await globalSettingsService.getSettingValue(PUBLIC_STATUS_SETTING_KEY, 'false');
+    const enabled = String(raw) === 'true';
+    if (!enabled) {
+      return res.status(404).json({ error: 'Not found' });
+    }
+    const payload = await computeStatusPayload();
+    return res.json(payload);
+  } catch (error) {
+    console.error('Failed to compute health checks status json:', error);
+    return res.status(500).json({ error: 'Failed to compute status' });
+  }
+};

package/src/controllers/metrics.controller.js CHANGED Viewed

@@ -55,14 +55,35 @@ async function tryAttachUser(req) {
 exports.track = async (req, res) => {
   try {
+    // Validate request size to prevent abuse
+    const contentLength = req.headers['content-length'];
+    if (contentLength && parseInt(contentLength) > 1024 * 10) { // 10KB limit
+      return res.status(413).json({ error: 'Request too large' });
+    }
     await tryAttachUser(req);
     const action = String(req.body?.action || '').trim();
     const meta = req.body?.meta ?? null;
+    // Validate action field
     if (!action) {
       return res.status(400).json({ error: 'action is required' });
     }
+    if (action.length > 100) {
+      return res.status(400).json({ error: 'action too long (max 100 characters)' });
+    }
+    // Validate action format (allow only alphanumeric, underscores, hyphens, dots)
+    if (!/^[a-zA-Z0-9._-]+$/.test(action)) {
+      return res.status(400).json({ error: 'invalid action format' });
+    }
+    // Validate meta size
+    if (meta && JSON.stringify(meta).length > 1024 * 5) { // 5KB limit
+      return res.status(400).json({ error: 'meta data too large' });
+    }
     let actorType = 'anonymous';
     let actorId = getAnonId(req);
@@ -98,12 +119,48 @@ exports.track = async (req, res) => {
 exports.getImpact = async (req, res) => {
   try {
-    const { start, end } = getMonthRange(new Date());
+    // Validate query parameters
+    const { start, end } = req.query;
+    // Allow custom time ranges but restrict to reasonable limits
+    let startTime, endTime;
+    if (start || end) {
+      // Parse custom range if provided
+      startTime = start ? new Date(start) : null;
+      endTime = end ? new Date(end) : null;
+      // Validate dates
+      if ((start && isNaN(startTime.getTime())) || (end && isNaN(endTime.getTime()))) {
+        return res.status(400).json({ error: 'Invalid date format' });
+      }
+      // Restrict range to maximum 1 year
+      if (startTime && endTime) {
+        const rangeMs = endTime.getTime() - startTime.getTime();
+        const maxRangeMs = 365 * 24 * 60 * 60 * 1000; // 1 year
+        if (rangeMs > maxRangeMs) {
+          return res.status(400).json({ error: 'Time range too large (max 1 year)' });
+        }
+      }
+      // Default to current month if range is incomplete
+      if (!startTime || !endTime) {
+        const currentMonth = getMonthRange(new Date());
+        startTime = startTime || currentMonth.start;
+        endTime = endTime || currentMonth.end;
+      }
+    } else {
+      // Default to current month
+      const currentMonth = getMonthRange(new Date());
+      startTime = currentMonth.start;
+      endTime = currentMonth.end;
+    }
     const activeActorsAgg = await ActionEvent.aggregate([
       {
         $match: {
-          createdAt: { $gte: start, $lt: end },
+          createdAt: { $gte: startTime, $lt: endTime },
           actorType: { $in: ['user', 'anonymous'] },
         },
       },
@@ -122,7 +179,7 @@ exports.getImpact = async (req, res) => {
     const servicesConsulted = await ActionEvent.countDocuments({
       action: 'service_view',
-      createdAt: { $gte: start, $lt: end },
+      createdAt: { $gte: startTime, $lt: endTime },
     });
     const newsletterSetting = await GlobalSetting.findOne({ key: 'newsletter_list' }).lean();
@@ -136,8 +193,11 @@ exports.getImpact = async (req, res) => {
       }
     }
+    // Add cache headers for better performance
+    res.set('Cache-Control', 'public, max-age=300'); // 5 minutes cache
     return res.json({
-      range: { start: start.toISOString(), end: end.toISOString() },
+      range: { start: startTime.toISOString(), end: endTime.toISOString() },
       activeUsers,
       servicesConsulted,
       newsletterSubscribers,

package/src/controllers/orgAdmin.controller.js CHANGED Viewed

@@ -3,6 +3,9 @@ const mongoose = require('mongoose');
 const Organization = require('../models/Organization');
 const OrganizationMember = require('../models/OrganizationMember');
 const Invite = require('../models/Invite');
+const User = require('../models/User');
+const Asset = require('../models/Asset');
+const Notification = require('../models/Notification');
 const emailService = require('../services/email.service');
 const { isValidOrgRole, getAllowedOrgRoles, getDefaultOrgRole } = require('../utils/orgRoles');
@@ -267,6 +270,86 @@ exports.removeMember = async (req, res) => {
   }
 };
+exports.addMember = async (req, res) => {
+  try {
+    const { orgId } = req.params;
+    const { userId, role } = req.body;
+    if (!orgId || !mongoose.Types.ObjectId.isValid(String(orgId))) {
+      return res.status(400).json({ error: 'Invalid organization ID' });
+    }
+    if (!userId || !mongoose.Types.ObjectId.isValid(String(userId))) {
+      return res.status(400).json({ error: 'Invalid user ID' });
+    }
+    // Validate role
+    const defaultRole = await getDefaultOrgRole();
+    const memberRole = role || defaultRole;
+    if (!(await isValidOrgRole(memberRole))) {
+      const allowed = await getAllowedOrgRoles();
+      return res.status(400).json({ error: 'Invalid role', allowedRoles: allowed });
+    }
+    // Check if organization exists
+    const org = await Organization.findById(orgId);
+    if (!org) {
+      return res.status(404).json({ error: 'Organization not found' });
+    }
+    // Check if user exists
+    const user = await User.findById(userId);
+    if (!user) {
+      return res.status(404).json({ error: 'User not found' });
+    }
+    // Check if user is already a member
+    const existingMember = await OrganizationMember.findOne({
+      orgId,
+      userId,
+      status: { $in: ['active', 'removed'] }
+    });
+    if (existingMember) {
+      if (existingMember.status === 'active') {
+        return res.status(409).json({ error: 'User is already a member of this organization' });
+      } else {
+        // Reactivate removed member
+        existingMember.status = 'active';
+        existingMember.role = memberRole;
+        existingMember.addedByUserId = req.user?.id || org.ownerUserId;
+        await existingMember.save();
+        return res.json({
+          message: 'Member reactivated successfully',
+          member: existingMember.toObject()
+        });
+      }
+    }
+    // Create new member
+    const member = await OrganizationMember.create({
+      orgId,
+      userId,
+      role: memberRole,
+      status: 'active',
+      addedByUserId: req.user?.id || org.ownerUserId,
+    });
+    // Populate user data for response
+    const populatedMember = await OrganizationMember.findById(member._id)
+      .populate('userId', 'email name')
+      .lean();
+    return res.status(201).json({
+      message: 'Member added successfully',
+      member: populatedMember
+    });
+  } catch (error) {
+    console.error('Admin org member add error:', error);
+    return res.status(500).json({ error: 'Failed to add member' });
+  }
+};
 exports.listInvites = async (req, res) => {
   try {
     const { orgId } = req.params;
@@ -489,3 +572,286 @@ exports.resendInvite = async (req, res) => {
     return res.status(500).json({ error: 'Failed to resend invite' });
   }
 };
+// Create organization (admin only)
+exports.createOrganization = async (req, res) => {
+  try {
+    const { name, description, ownerUserId } = req.body;
+    // Validation
+    if (!name || typeof name !== 'string' || name.trim().length < 2) {
+      return res.status(400).json({ error: 'Name must be at least 2 characters long' });
+    }
+    if (name.trim().length > 100) {
+      return res.status(400).json({ error: 'Name must be less than 100 characters' });
+    }
+    if (description && description.trim().length > 500) {
+      return res.status(400).json({ error: 'Description must be less than 500 characters' });
+    }
+    // Validate owner if specified
+    let ownerId = null;
+    if (ownerUserId) {
+      if (!mongoose.Types.ObjectId.isValid(String(ownerUserId))) {
+        return res.status(400).json({ error: 'Invalid owner user ID' });
+      }
+      const owner = await User.findById(ownerUserId);
+      if (!owner) {
+        return res.status(400).json({ error: 'Owner user not found' });
+      }
+      ownerId = owner._id;
+    } else {
+      // Default to first admin user if no owner specified
+      const defaultOwner = await User.findOne({ role: 'admin' });
+      if (!defaultOwner) {
+        return res.status(400).json({ error: 'No admin user available to assign as owner' });
+      }
+      ownerId = defaultOwner._id;
+    }
+    // Generate unique slug
+    let baseSlug = name.trim()
+      .toLowerCase()
+      .replace(/[^a-z0-9\s-]/g, '')
+      .replace(/\s+/g, '-')
+      .replace(/-+/g, '-')
+      .replace(/^-|-$/g, '');
+    if (!baseSlug || baseSlug.length < 2) {
+      return res.status(400).json({ error: 'Name must contain valid characters for slug generation' });
+    }
+    let slug = baseSlug;
+    let counter = 1;
+    while (await Organization.findOne({ slug })) {
+      slug = `${baseSlug}-${counter}`;
+      counter++;
+      if (counter > 1000) {
+        return res.status(500).json({ error: 'Unable to generate unique slug' });
+      }
+    }
+    // Create organization
+    const org = await Organization.create({
+      name: name.trim(),
+      slug,
+      description: description ? description.trim() : '',
+      ownerUserId: ownerId,
+      status: 'active',
+      settings: {}
+    });
+    console.log(`Admin created organization: ${org.name} (${org._id}) with owner: ${ownerId}`);
+    res.status(201).json({
+      message: 'Organization created successfully',
+      org: org.toObject()
+    });
+  } catch (error) {
+    console.error('Create organization error:', error);
+    if (error.code === 11000) {
+      // Duplicate key error
+      return res.status(400).json({ error: 'Organization with this name or slug already exists' });
+    }
+    return res.status(500).json({ error: 'Failed to create organization' });
+  }
+};
+// Update organization (admin only)
+exports.updateOrganization = async (req, res) => {
+  try {
+    const { orgId } = req.params;
+    const { name, description, ownerUserId, status } = req.body;
+    if (!orgId || !mongoose.Types.ObjectId.isValid(String(orgId))) {
+      return res.status(400).json({ error: 'Invalid organization ID' });
+    }
+    const org = await Organization.findById(orgId);
+    if (!org) {
+      return res.status(404).json({ error: 'Organization not found' });
+    }
+    // Update name (but not slug - per requirements)
+    if (name !== undefined) {
+      if (!name || typeof name !== 'string' || name.trim().length < 2) {
+        return res.status(400).json({ error: 'Name must be at least 2 characters long' });
+      }
+      if (name.trim().length > 100) {
+        return res.status(400).json({ error: 'Name must be less than 100 characters' });
+      }
+      org.name = name.trim();
+    }
+    // Update description
+    if (description !== undefined) {
+      if (description && description.trim().length > 500) {
+        return res.status(400).json({ error: 'Description must be less than 500 characters' });
+      }
+      org.description = description ? description.trim() : '';
+    }
+    // Update owner
+    if (ownerUserId !== undefined) {
+      if (ownerUserId) {
+        if (!mongoose.Types.ObjectId.isValid(String(ownerUserId))) {
+          return res.status(400).json({ error: 'Invalid owner user ID' });
+        }
+        const owner = await User.findById(ownerUserId);
+        if (!owner) {
+          return res.status(400).json({ error: 'Owner user not found' });
+        }
+        org.ownerUserId = owner._id;
+      } else {
+        return res.status(400).json({ error: 'Owner cannot be empty' });
+      }
+    }
+    // Update status
+    if (status !== undefined) {
+      if (!['active', 'disabled'].includes(status)) {
+        return res.status(400).json({ error: 'Status must be either "active" or "disabled"' });
+      }
+      org.status = status;
+    }
+    await org.save();
+    console.log(`Admin updated organization: ${org.name} (${org._id})`);
+    res.json({
+      message: 'Organization updated successfully',
+      org: org.toObject()
+    });
+  } catch (error) {
+    console.error('Update organization error:', error);
+    return res.status(500).json({ error: 'Failed to update organization' });
+  }
+};
+// Disable organization (admin only)
+exports.disableOrganization = async (req, res) => {
+  try {
+    const { orgId } = req.params;
+    if (!orgId || !mongoose.Types.ObjectId.isValid(String(orgId))) {
+      return res.status(400).json({ error: 'Invalid organization ID' });
+    }
+    const org = await Organization.findById(orgId);
+    if (!org) {
+      return res.status(404).json({ error: 'Organization not found' });
+    }
+    if (org.status === 'disabled') {
+      return res.status(400).json({ error: 'Organization is already disabled' });
+    }
+    org.status = 'disabled';
+    await org.save();
+    console.log(`Admin disabled organization: ${org.name} (${org._id})`);
+    res.json({
+      message: 'Organization disabled successfully',
+      org: org.toObject()
+    });
+  } catch (error) {
+    console.error('Disable organization error:', error);
+    return res.status(500).json({ error: 'Failed to disable organization' });
+  }
+};
+// Enable organization (admin only)
+exports.enableOrganization = async (req, res) => {
+  try {
+    const { orgId } = req.params;
+    if (!orgId || !mongoose.Types.ObjectId.isValid(String(orgId))) {
+      return res.status(400).json({ error: 'Invalid organization ID' });
+    }
+    const org = await Organization.findById(orgId);
+    if (!org) {
+      return res.status(404).json({ error: 'Organization not found' });
+    }
+    if (org.status === 'active') {
+      return res.status(400).json({ error: 'Organization is already active' });
+    }
+    org.status = 'active';
+    await org.save();
+    console.log(`Admin enabled organization: ${org.name} (${org._id})`);
+    res.json({
+      message: 'Organization enabled successfully',
+      org: org.toObject()
+    });
+  } catch (error) {
+    console.error('Enable organization error:', error);
+    return res.status(500).json({ error: 'Failed to enable organization' });
+  }
+};
+// Delete organization (admin only)
+exports.deleteOrganization = async (req, res) => {
+  try {
+    const { orgId } = req.params;
+    if (!orgId || !mongoose.Types.ObjectId.isValid(String(orgId))) {
+      return res.status(400).json({ error: 'Invalid organization ID' });
+    }
+    const org = await Organization.findById(orgId);
+    if (!org) {
+      return res.status(404).json({ error: 'Organization not found' });
+    }
+    // Cascade cleanup
+    await cleanupOrganizationData(orgId);
+    // Delete organization
+    await Organization.findByIdAndDelete(orgId);
+    console.log(`Admin deleted organization: ${org.name} (${org._id})`);
+    res.json({ message: 'Organization deleted successfully' });
+  } catch (error) {
+    console.error('Delete organization error:', error);
+    return res.status(500).json({ error: 'Failed to delete organization' });
+  }
+};
+// Helper function to clean up organization data
+async function cleanupOrganizationData(orgId) {
+  try {
+    // Delete organization members
+    await OrganizationMember.deleteMany({ orgId });
+    // Delete organization invites
+    await Invite.deleteMany({ orgId });
+    // Delete organization assets
+    await Asset.deleteMany({ ownerUserId: { $in: await getOrganizationUserIds(orgId) } });
+    // Delete organization notifications
+    await Notification.deleteMany({ userId: { $in: await getOrganizationUserIds(orgId) } });
+    console.log(`Completed cleanup for organization ${orgId}`);
+  } catch (error) {
+    console.error('Error during organization cleanup:', error);
+    throw error;
+  }
+}
+// Helper function to get all user IDs in an organization
+async function getOrganizationUserIds(orgId) {
+  const members = await OrganizationMember.find({ orgId }).distinct('userId');
+  return members;
+}