npm - @intranefr/superbackend - Versions diffs - 1.4.4 → 1.5.1 - Mend

@intranefr/superbackend 1.4.4 → 1.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (195) hide show

package/.env.example +5 -0
package/README.md +11 -0
package/index.js +39 -1
package/package.json +11 -3
package/public/sdk/ui-components.iife.js +191 -0
package/sdk/ui-components/browser/src/index.js +228 -0
package/src/admin/endpointRegistry.js +120 -0
package/src/controllers/admin.controller.js +111 -5
package/src/controllers/adminBlockDefinitions.controller.js +127 -0
package/src/controllers/adminBlockDefinitionsAi.controller.js +54 -0
package/src/controllers/adminCache.controller.js +342 -0
package/src/controllers/adminContextBlockDefinitions.controller.js +141 -0
package/src/controllers/adminCrons.controller.js +388 -0
package/src/controllers/adminDbBrowser.controller.js +124 -0
package/src/controllers/adminEjsVirtual.controller.js +13 -3
package/src/controllers/adminHeadless.controller.js +91 -2
package/src/controllers/adminHealthChecks.controller.js +570 -0
package/src/controllers/adminI18n.controller.js +51 -29
package/src/controllers/adminLlm.controller.js +126 -2
package/src/controllers/adminPages.controller.js +720 -0
package/src/controllers/adminPagesContextBlocksAi.controller.js +54 -0
package/src/controllers/adminProxy.controller.js +113 -0
package/src/controllers/adminRateLimits.controller.js +138 -0
package/src/controllers/adminRbac.controller.js +803 -0
package/src/controllers/adminScripts.controller.js +320 -0
package/src/controllers/adminSeoConfig.controller.js +71 -48
package/src/controllers/adminTerminals.controller.js +39 -0
package/src/controllers/adminUiComponents.controller.js +315 -0
package/src/controllers/adminUiComponentsAi.controller.js +34 -0
package/src/controllers/blogAdmin.controller.js +279 -0
package/src/controllers/blogAiAdmin.controller.js +224 -0
package/src/controllers/blogAutomationAdmin.controller.js +141 -0
package/src/controllers/blogInternal.controller.js +26 -0
package/src/controllers/blogPublic.controller.js +89 -0
package/src/controllers/fileManager.controller.js +190 -0
package/src/controllers/fileManagerStoragePolicy.controller.js +23 -0
package/src/controllers/healthChecksPublic.controller.js +196 -0
package/src/controllers/metrics.controller.js +64 -4
package/src/controllers/orgAdmin.controller.js +366 -0
package/src/controllers/uiComponentsPublic.controller.js +118 -0
package/src/middleware/auth.js +7 -0
package/src/middleware/internalCronAuth.js +29 -0
package/src/middleware/rbac.js +62 -0
package/src/middleware.js +879 -56
package/src/models/BlockDefinition.js +27 -0
package/src/models/BlogAutomationLock.js +14 -0
package/src/models/BlogAutomationRun.js +39 -0
package/src/models/BlogPost.js +42 -0
package/src/models/CacheEntry.js +26 -0
package/src/models/ConsoleEntry.js +32 -0
package/src/models/ConsoleLog.js +23 -0
package/src/models/ContextBlockDefinition.js +33 -0
package/src/models/CronExecution.js +47 -0
package/src/models/CronJob.js +70 -0
package/src/models/ExternalDbConnection.js +49 -0
package/src/models/FileEntry.js +22 -0
package/src/models/HeadlessModelDefinition.js +10 -0
package/src/models/HealthAutoHealAttempt.js +57 -0
package/src/models/HealthCheck.js +132 -0
package/src/models/HealthCheckRun.js +51 -0
package/src/models/HealthIncident.js +49 -0
package/src/models/Page.js +95 -0
package/src/models/PageCollection.js +42 -0
package/src/models/ProxyEntry.js +66 -0
package/src/models/RateLimitCounter.js +19 -0
package/src/models/RateLimitMetricBucket.js +20 -0
package/src/models/RbacGrant.js +25 -0
package/src/models/RbacGroup.js +16 -0
package/src/models/RbacGroupMember.js +13 -0
package/src/models/RbacGroupRole.js +13 -0
package/src/models/RbacRole.js +25 -0
package/src/models/RbacUserRole.js +13 -0
package/src/models/ScriptDefinition.js +42 -0
package/src/models/ScriptRun.js +22 -0
package/src/models/UiComponent.js +29 -0
package/src/models/UiComponentProject.js +26 -0
package/src/models/UiComponentProjectComponent.js +18 -0
package/src/routes/admin.routes.js +1 -0
package/src/routes/adminBlog.routes.js +21 -0
package/src/routes/adminBlogAi.routes.js +16 -0
package/src/routes/adminBlogAutomation.routes.js +27 -0
package/src/routes/adminCache.routes.js +20 -0
package/src/routes/adminConsoleManager.routes.js +302 -0
package/src/routes/adminCrons.routes.js +25 -0
package/src/routes/adminDbBrowser.routes.js +65 -0
package/src/routes/adminEjsVirtual.routes.js +2 -1
package/src/routes/adminHeadless.routes.js +8 -1
package/src/routes/adminHealthChecks.routes.js +28 -0
package/src/routes/adminI18n.routes.js +4 -3
package/src/routes/adminLlm.routes.js +4 -2
package/src/routes/adminPages.routes.js +55 -0
package/src/routes/adminProxy.routes.js +15 -0
package/src/routes/adminRateLimits.routes.js +17 -0
package/src/routes/adminRbac.routes.js +38 -0
package/src/routes/adminScripts.routes.js +21 -0
package/src/routes/adminSeoConfig.routes.js +5 -4
package/src/routes/adminTerminals.routes.js +13 -0
package/src/routes/adminUiComponents.routes.js +30 -0
package/src/routes/blogInternal.routes.js +14 -0
package/src/routes/blogPublic.routes.js +9 -0
package/src/routes/fileManager.routes.js +62 -0
package/src/routes/fileManagerStoragePolicy.routes.js +9 -0
package/src/routes/healthChecksPublic.routes.js +9 -0
package/src/routes/log.routes.js +43 -60
package/src/routes/metrics.routes.js +4 -2
package/src/routes/orgAdmin.routes.js +6 -0
package/src/routes/pages.routes.js +123 -0
package/src/routes/proxy.routes.js +46 -0
package/src/routes/rbac.routes.js +47 -0
package/src/routes/uiComponentsPublic.routes.js +9 -0
package/src/routes/webhook.routes.js +2 -1
package/src/routes/workflows.routes.js +4 -0
package/src/services/blockDefinitionsAi.service.js +247 -0
package/src/services/blog.service.js +99 -0
package/src/services/blogAutomation.service.js +978 -0
package/src/services/blogCronsBootstrap.service.js +184 -0
package/src/services/blogPublishing.service.js +58 -0
package/src/services/cacheLayer.service.js +696 -0
package/src/services/consoleManager.service.js +700 -0
package/src/services/consoleOverride.service.js +6 -1
package/src/services/cronScheduler.service.js +350 -0
package/src/services/dbBrowser.service.js +536 -0
package/src/services/ejsVirtual.service.js +102 -32
package/src/services/fileManager.service.js +475 -0
package/src/services/fileManagerStoragePolicy.service.js +285 -0
package/src/services/headlessExternalModels.service.js +292 -0
package/src/services/headlessModels.service.js +26 -6
package/src/services/healthChecks.service.js +650 -0
package/src/services/healthChecksBootstrap.service.js +109 -0
package/src/services/healthChecksScheduler.service.js +106 -0
package/src/services/llmDefaults.service.js +190 -0
package/src/services/migrationAssets/s3.js +2 -2
package/src/services/pages.service.js +602 -0
package/src/services/pagesContext.service.js +331 -0
package/src/services/pagesContextBlocksAi.service.js +349 -0
package/src/services/proxy.service.js +535 -0
package/src/services/rateLimiter.service.js +623 -0
package/src/services/rbac.service.js +212 -0
package/src/services/scriptsRunner.service.js +259 -0
package/src/services/terminals.service.js +152 -0
package/src/services/terminalsWs.service.js +100 -0
package/src/services/uiComponentsAi.service.js +299 -0
package/src/services/uiComponentsCrypto.service.js +39 -0
package/src/services/workflow.service.js +23 -8
package/src/utils/orgRoles.js +14 -0
package/src/utils/rbac/engine.js +60 -0
package/src/utils/rbac/rightsRegistry.js +29 -0
package/views/admin-blog-automation.ejs +877 -0
package/views/admin-blog-edit.ejs +542 -0
package/views/admin-blog.ejs +399 -0
package/views/admin-cache.ejs +681 -0
package/views/admin-console-manager.ejs +680 -0
package/views/admin-crons.ejs +645 -0
package/views/admin-db-browser.ejs +445 -0
package/views/admin-ejs-virtual.ejs +16 -10
package/views/admin-file-manager.ejs +942 -0
package/views/admin-headless.ejs +294 -24
package/views/admin-health-checks.ejs +725 -0
package/views/admin-i18n.ejs +59 -5
package/views/admin-llm.ejs +99 -1
package/views/admin-organizations.ejs +528 -10
package/views/admin-pages.ejs +2424 -0
package/views/admin-proxy.ejs +491 -0
package/views/admin-rate-limiter.ejs +625 -0
package/views/admin-rbac.ejs +1331 -0
package/views/admin-scripts.ejs +497 -0
package/views/admin-seo-config.ejs +61 -7
package/views/admin-terminals.ejs +328 -0
package/views/admin-ui-components.ejs +741 -0
package/views/admin-users.ejs +261 -4
package/views/admin-workflows.ejs +7 -7
package/views/file-manager.ejs +866 -0
package/views/pages/blocks/contact.ejs +27 -0
package/views/pages/blocks/cta.ejs +18 -0
package/views/pages/blocks/faq.ejs +20 -0
package/views/pages/blocks/features.ejs +19 -0
package/views/pages/blocks/hero.ejs +13 -0
package/views/pages/blocks/html.ejs +5 -0
package/views/pages/blocks/image.ejs +14 -0
package/views/pages/blocks/testimonials.ejs +26 -0
package/views/pages/blocks/text.ejs +10 -0
package/views/pages/layouts/default.ejs +51 -0
package/views/pages/layouts/minimal.ejs +42 -0
package/views/pages/layouts/sidebar.ejs +54 -0
package/views/pages/partials/footer.ejs +13 -0
package/views/pages/partials/header.ejs +12 -0
package/views/pages/partials/sidebar.ejs +8 -0
package/views/pages/runtime/page.ejs +10 -0
package/views/pages/templates/article.ejs +20 -0
package/views/pages/templates/default.ejs +12 -0
package/views/pages/templates/landing.ejs +14 -0
package/views/pages/templates/listing.ejs +15 -0
package/views/partials/admin-image-upload-modal.ejs +221 -0
package/views/partials/dashboard/nav-items.ejs +14 -0
package/views/partials/llm-provider-model-picker.ejs +183 -0

package/views/admin-users.ejs CHANGED Viewed

@@ -153,6 +153,37 @@
             <option value="trialing">trialing</option>
           </select>
         </div>
+        <!-- Password Section -->
+        <div class="border-t pt-4">
+          <div class="flex items-center justify-between mb-3">
+            <label class="text-sm font-medium text-gray-700">Password Management</label>
+            <input type="checkbox" id="edit-reset-password" class="rounded text-blue-600 focus:ring-blue-500">
+            <label for="edit-reset-password" class="text-sm text-gray-600 ml-2">Reset Password</label>
+          </div>
+          <div id="password-fields" class="space-y-3 hidden">
+            <div>
+              <label class="block text-sm font-medium text-gray-700 mb-1">New Password</label>
+              <div class="relative">
+                <input id="edit-password" type="password" class="w-full border rounded px-3 py-2 pr-10" placeholder="Enter new password" minlength="6">
+                <button type="button" id="toggle-edit-password" class="absolute right-2 top-2 text-gray-500 hover:text-gray-700">
+                  <svg id="edit-eye-icon" class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 12a3 3 0 11-6 0 3 3 0 016 0z"></path>
+                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M2.458 12C3.732 7.943 7.523 5 12 5c4.478 0 8.268 2.943 9.542 7-1.274 4.057-5.064 7-9.542 7-4.477 0-8.268-2.943-9.542-7z"></path>
+                  </svg>
+                </button>
+              </div>
+              <div id="password-strength" class="mt-1 text-xs"></div>
+            </div>
+            <div>
+              <label class="block text-sm font-medium text-gray-700 mb-1">Confirm Password</label>
+              <input id="edit-confirm-password" type="password" class="w-full border rounded px-3 py-2" placeholder="Confirm new password">
+              <div id="password-match" class="mt-1 text-xs"></div>
+            </div>
+          </div>
+        </div>
       </div>
       <div class="flex justify-end gap-2 mt-6">
         <button id="btn-modal-cancel" class="bg-gray-100 text-gray-800 px-4 py-2 rounded hover:bg-gray-200">Cancel</button>
@@ -342,10 +373,12 @@
                 <td class="px-4 py-3 text-sm text-gray-700 whitespace-nowrap">
                   <button class="text-blue-600 hover:text-blue-800 mr-2" data-edit="${escapeHtml(u._id)}" data-name="${escapeHtml(u.name || '')}" data-role="${escapeHtml(u.role)}" data-plan="${escapeHtml(u.currentPlan)}" data-subscription="${escapeHtml(u.subscriptionStatus)}">Edit</button>
                   <button class="text-green-600 hover:text-green-800 mr-2" data-notify="${escapeHtml(u._id)}" data-email="${escapeHtml(u.email)}">Notify</button>
+                  <button class="text-purple-600 hover:text-purple-800 mr-2" data-get-jwt="${escapeHtml(u._id)}" data-email="${escapeHtml(u.email)}">Get JWT</button>
                   ${u.disabled
-                    ? `<button class="text-green-600 hover:text-green-800" data-enable="${escapeHtml(u._id)}">Enable</button>`
-                    : `<button class="text-red-600 hover:text-red-800" data-disable="${escapeHtml(u._id)}">Disable</button>`
+                    ? `<button class="text-green-600 hover:text-green-800 mr-2" data-enable="${escapeHtml(u._id)}">Enable</button>`
+                    : `<button class="text-red-600 hover:text-red-800 mr-2" data-disable="${escapeHtml(u._id)}">Disable</button>`
                   }
+                  <button class="text-red-600 hover:text-red-800 font-semibold" data-delete="${escapeHtml(u._id)}" data-email="${escapeHtml(u.email)}">Delete</button>
                 </td>
               </tr>
             `;
@@ -359,6 +392,18 @@
             btn.addEventListener('click', () => openNotifyModal(btn.dataset.notify, btn.dataset.email));
           });
+          tbody.querySelectorAll('[data-get-jwt]').forEach(btn => {
+            btn.addEventListener('click', async () => {
+              await getJwtForUser(btn.dataset.getJwt, btn.dataset.email);
+            });
+          });
+          tbody.querySelectorAll('[data-delete]').forEach(btn => {
+            btn.addEventListener('click', async () => {
+              await deleteUser(btn.dataset.delete, btn.dataset.email);
+            });
+          });
           tbody.querySelectorAll('[data-disable]').forEach(btn => {
             btn.addEventListener('click', async () => {
               if (!confirm('Disable this user?')) return;
@@ -394,6 +439,15 @@
       document.getElementById('edit-role').value = role || 'user';
       document.getElementById('edit-plan').value = plan || 'free';
       document.getElementById('edit-subscription').value = subscription || 'none';
+      // Reset password fields
+      document.getElementById('edit-reset-password').checked = false;
+      document.getElementById('password-fields').classList.add('hidden');
+      document.getElementById('edit-password').value = '';
+      document.getElementById('edit-confirm-password').value = '';
+      document.getElementById('password-strength').textContent = '';
+      document.getElementById('password-match').textContent = '';
       document.getElementById('modal-edit').classList.remove('hidden');
     }
@@ -401,22 +455,135 @@
       document.getElementById('modal-edit').classList.add('hidden');
     }
+    async function getJwtForUser(userId, email) {
+      try {
+        // Show loading state
+        showToast('Generating JWT...', 'success');
+        const res = await fetch(`${API_BASE}/api/admin/generate-token`, {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ userId }),
+        });
+        const data = await res.json();
+        if (!res.ok) {
+          showToast(data?.error || 'Failed to generate JWT', 'error');
+          return;
+        }
+        // Copy JWT to clipboard
+        try {
+          await navigator.clipboard.writeText(data.token);
+          showToast(`JWT for ${email} copied to clipboard!`, 'success');
+        } catch (clipboardError) {
+          // Fallback for browsers that don't support clipboard API
+          const textArea = document.createElement('textarea');
+          textArea.value = data.token;
+          textArea.style.position = 'fixed';
+          textArea.style.opacity = '0';
+          document.body.appendChild(textArea);
+          textArea.select();
+          document.execCommand('copy');
+          document.body.removeChild(textArea);
+          showToast(`JWT for ${email} copied to clipboard!`, 'success');
+        }
+        // Also log the token for debugging (in production, you might want to remove this)
+        console.log(`Generated JWT for ${email}:`, data.token);
+      } catch (e) {
+        showToast(e.message || 'Failed to generate JWT', 'error');
+      }
+    }
+    async function deleteUser(userId, email) {
+      // Double confirmation with clear warnings
+      const confirm1 = confirm(`Are you sure you want to delete user ${email}?`);
+      if (!confirm1) return;
+      const confirm2 = confirm(
+        'WARNING: This will permanently delete the user and ALL their data including:\n' +
+        '• Organizations they own (if no other members)\n' +
+        '• All their assets and files\n' +
+        '• Organization memberships\n' +
+        '• Notifications and invites\n' +
+        '• Email logs and form submissions\n\n' +
+        'Activity logs and audit events will be preserved.\n' +
+        'This action cannot be undone. Continue?'
+      );
+      if (!confirm2) return;
+      try {
+        showToast('Deleting user and cleaning up data...', 'success');
+        const res = await fetch(`${API_BASE}/api/admin/users/${encodeURIComponent(userId)}`, {
+          method: 'DELETE'
+        });
+        const data = await res.json();
+        if (!res.ok) {
+          showToast(data?.error || 'Failed to delete user', 'error');
+          return;
+        }
+        showToast(`User ${email} deleted permanently`, 'success');
+        await Promise.all([loadUsers(), loadStats()]);
+      } catch (e) {
+        showToast(e.message || 'Failed to delete user', 'error');
+      }
+    }
     async function saveUser() {
       const userId = document.getElementById('edit-user-id').value;
       const name = document.getElementById('edit-name').value.trim();
       const role = document.getElementById('edit-role').value;
       const currentPlan = document.getElementById('edit-plan').value;
       const subscriptionStatus = document.getElementById('edit-subscription').value;
+      // Password handling
+      const resetPassword = document.getElementById('edit-reset-password').checked;
+      const password = document.getElementById('edit-password').value;
+      const confirmPassword = document.getElementById('edit-confirm-password').value;
+      // Validate password fields if reset is checked
+      if (resetPassword) {
+        if (!password) {
+          showToast('Password is required when reset is enabled', 'error');
+          return;
+        }
+        if (password.length < 6) {
+          showToast('Password must be at least 6 characters', 'error');
+          return;
+        }
+        if (password !== confirmPassword) {
+          showToast('Passwords do not match', 'error');
+          return;
+        }
+      }
       try {
+        const updateData = { name, role, currentPlan, subscriptionStatus };
+        // Only include password if reset is checked
+        if (resetPassword && password) {
+          updateData.passwordHash = password;
+        }
         const res = await fetch(`${API_BASE}/api/admin/users/${encodeURIComponent(userId)}`, {
           method: 'PATCH',
           headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify({ name, role, currentPlan, subscriptionStatus }),
+          body: JSON.stringify(updateData),
         });
         const data = await res.json();
         if (!res.ok) { showToast(data?.error || 'Failed to update user', 'error'); return; }
-        showToast('User updated', 'success');
+        const message = resetPassword ? 'User and password updated' : 'User updated';
+        showToast(message, 'success');
         closeEditModal();
         await Promise.all([loadUsers(), loadStats()]);
       } catch (e) { showToast(e.message, 'error'); }
@@ -584,6 +751,78 @@
       return window.location.origin + endpoint;
     }
+    // Password validation functions
+    function checkPasswordStrength(password) {
+      if (!password) return '';
+      let strength = 0;
+      const feedback = [];
+      if (password.length >= 6) strength++;
+      else feedback.push('at least 6 characters');
+      if (password.length >= 10) strength++;
+      if (/[a-z]/.test(password) && /[A-Z]/.test(password)) strength++;
+      if (/\d/.test(password)) strength++;
+      if (/[^a-zA-Z\d]/.test(password)) strength++;
+      const strengthText = ['Very Weak', 'Weak', 'Fair', 'Good', 'Strong'][strength] || 'Very Weak';
+      const strengthColor = ['text-red-500', 'text-orange-500', 'text-yellow-500', 'text-blue-500', 'text-green-500'][strength] || 'text-red-500';
+      return { strength, strengthText, strengthColor, feedback };
+    }
+    function updatePasswordStrength() {
+      const password = document.getElementById('edit-password').value;
+      const strengthDiv = document.getElementById('password-strength');
+      if (!password) {
+        strengthDiv.textContent = '';
+        return;
+      }
+      const { strengthText, strengthColor } = checkPasswordStrength(password);
+      strengthDiv.textContent = `Strength: ${strengthText}`;
+      strengthDiv.className = `mt-1 text-xs ${strengthColor}`;
+    }
+    function updatePasswordMatch() {
+      const password = document.getElementById('edit-password').value;
+      const confirmPassword = document.getElementById('edit-confirm-password').value;
+      const matchDiv = document.getElementById('password-match');
+      if (!confirmPassword) {
+        matchDiv.textContent = '';
+        return;
+      }
+      if (password === confirmPassword) {
+        matchDiv.textContent = '✓ Passwords match';
+        matchDiv.className = 'mt-1 text-xs text-green-500';
+      } else {
+        matchDiv.textContent = '✗ Passwords do not match';
+        matchDiv.className = 'mt-1 text-xs text-red-500';
+      }
+    }
+    function toggleEditPasswordVisibility() {
+      const passwordInput = document.getElementById('edit-password');
+      const eyeIcon = document.getElementById('edit-eye-icon');
+      if (passwordInput.type === 'password') {
+        passwordInput.type = 'text';
+        eyeIcon.innerHTML = `
+          <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13.875 18.825A10.05 10.05 0 0112 19c-4.478 0-8.268-2.943-9.543-7a9.97 9.97 0 011.563-3.029m5.858.908a3 3 0 114.243 4.243M9.878 9.878l4.242 4.242M9.88 9.88l-3.29-3.29m7.532 7.532l3.29 3.29M3 3l3.59 3.59m0 0A9.953 9.953 0 0112 5c4.478 0 8.268 2.943 9.543 7a10.025 10.025 0 01-4.132 5.411m0 0L21 21"></path>
+        `;
+      } else {
+        passwordInput.type = 'password';
+        eyeIcon.innerHTML = `
+          <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 12a3 3 0 11-6 0 3 3 0 016 0z"></path>
+          <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M2.458 12C3.732 7.943 7.523 5 12 5c4.478 0 8.268 2.943 9.542 7-1.274 4.057-5.064 7-9.542 7-4.477 0-8.268-2.943-9.542-7z"></path>
+        `;
+      }
+    }
     function bindEvents() {
       document.getElementById('btn-refresh').onclick = () => Promise.all([loadUsers(), loadStats()]);
       document.getElementById('btn-apply').onclick = () => { state.offset = 0; loadUsers(); };
@@ -603,6 +842,24 @@
       document.getElementById('btn-notify-cancel').onclick = closeNotifyModal;
       document.getElementById('btn-notify-send').onclick = sendNotification;
+      // Edit modal password events
+      document.getElementById('edit-reset-password').onchange = function() {
+        const passwordFields = document.getElementById('password-fields');
+        if (this.checked) {
+          passwordFields.classList.remove('hidden');
+        } else {
+          passwordFields.classList.add('hidden');
+          document.getElementById('edit-password').value = '';
+          document.getElementById('edit-confirm-password').value = '';
+          document.getElementById('password-strength').textContent = '';
+          document.getElementById('password-match').textContent = '';
+        }
+      };
+      document.getElementById('toggle-edit-password').onclick = toggleEditPasswordVisibility;
+      document.getElementById('edit-password').oninput = updatePasswordStrength;
+      document.getElementById('edit-confirm-password').oninput = updatePasswordMatch;
       // Registration modal events
       document.getElementById('btn-register-user').onclick = openRegisterModal;
       document.getElementById('btn-register-cancel').onclick = closeRegisterModal;

package/views/admin-workflows.ejs CHANGED Viewed

@@ -220,11 +220,11 @@
             this.loadWorkflows().then(() => {
               if (workflowIdFromUrl !== 'new' && workflowIdFromUrl.length > 5) {
                 const wf = this.workflows.find(w => w._id === workflowIdFromUrl);
-                if (wf) this.editWorkflow(wf); else fetch(`/saas/api/workflows/${workflowIdFromUrl}`).then(res => res.ok && res.json().then(data => this.editWorkflow(data)));
+                if (wf) this.editWorkflow(wf); else fetch(`/saas/api/admin/workflows/${workflowIdFromUrl}`).then(res => res.ok && res.json().then(data => this.editWorkflow(data)));
               } else if (workflowIdFromUrl === 'new') this.createNew();
             });
           },
-          async loadWorkflows() { const res = await fetch('/saas/api/workflows'); this.workflows = await res.json(); },
+          async loadWorkflows() { const res = await fetch('/saas/api/admin/workflows'); this.workflows = await res.json(); },
           createNew() { this.workflow = { name: 'New Workflow', status: 'inactive', entrypoint: { awaitResponse: false, allowedMethods: ['POST', 'GET'], auth: { type: 'none' } }, testDataset: { method: 'POST', body: { message: 'Hello' }, query: {}, headers: {} }, nodes: [] }; this.view = 'editor'; },
           editWorkflow(wf) {
             const currentView = this.view; this.workflow = JSON.parse(JSON.stringify(wf)); this.showRuns = false; this.runs = []; this.inspectedRun = null;
@@ -233,7 +233,7 @@
             this.view = (currentView === 'list') ? 'editor' : currentView;
           },
           toggleMethod(m) { this.workflow.entrypoint.allowedMethods = this.workflow.entrypoint.allowedMethods || []; const idx = this.workflow.entrypoint.allowedMethods.indexOf(m); if (idx > -1) this.workflow.entrypoint.allowedMethods.splice(idx, 1); else this.workflow.entrypoint.allowedMethods.push(m); },
-          async deleteWorkflow(id) { if (confirm('Are you sure?')) { await fetch(`/saas/api/workflows/${id}`, { method: 'DELETE' }); await this.loadWorkflows(); } },
+          async deleteWorkflow(id) { if (confirm('Are you sure?')) { await fetch(`/saas/api/admin/workflows/${id}`, { method: 'DELETE' }); await this.loadWorkflows(); } },
           getWebhookUrl() { return window.location.origin + '/saas/w/' + (this.workflow._id || 'NEW'); },
           copyWebhookUrl() { navigator.clipboard.writeText(this.getWebhookUrl()); this.showToast('Copied!'); },
           addNode(type) { this.workflow.nodes.push({ id: 'node_' + Date.now(), type, name: 'node_' + (this.workflow.nodes.length + 1) }); },
@@ -247,7 +247,7 @@
           getNodeIcon(type) { return { llm: 'ti-brain', if: 'ti-git-branch', http: 'ti-world', exit: 'ti-door-exit', parallel: 'ti-git-merge' }[type] || 'ti-circle'; },
           getNodeColor(type) { return { llm: 'bg-indigo-500', if: 'bg-yellow-500', http: 'bg-blue-500', exit: 'bg-red-500', parallel: 'bg-purple-500' }[type]; },
           async saveWorkflow(silent = false) {
-            const res = await fetch(this.workflow._id ? `/saas/api/workflows/${this.workflow._id}` : '/saas/api/workflows', { method: this.workflow._id ? 'PUT' : 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(this.workflow) });
+            const res = await fetch(this.workflow._id ? `/saas/api/admin/workflows/${this.workflow._id}` : '/saas/api/admin/workflows', { method: this.workflow._id ? 'PUT' : 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(this.workflow) });
             if (res.ok) { const saved = await res.json(); if (!silent) this.showToast('Saved!'); await this.loadWorkflows(); this.editWorkflow(saved); }
           },
           async runFullTest(entrypointOnly = false) {
@@ -255,7 +255,7 @@
             try {
               const payload = { method: this.testConfig.method, body: JSON.parse(this.testConfig.body), query: JSON.parse(this.testConfig.query), headers: JSON.parse(this.testConfig.headers) };
               if (entrypointOnly) { this.workflow.testDataset = payload; await this.saveWorkflow(true); return this.showToast('Dataset set.'); }
-              this.testing = true; const res = await fetch(`/saas/api/workflows/${this.workflow._id}/test`, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(payload) });
+              this.testing = true; const res = await fetch(`/saas/api/admin/workflows/${this.workflow._id}/test`, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(payload) });
               this.testResult = await res.json(); if (this.showRuns) this.loadRuns(); this.showToast('Ran.');
             } catch (e) { this.showToast('Failed', 'error'); } finally { this.testing = false; }
           },
@@ -263,11 +263,11 @@
           async testIsolatedNode(node) {
             const context = { entrypoint: this.workflow.testDataset, payload: this.workflow.testDataset, lastNode: this.workflow.testDataset };
             try {
-              const res = await fetch(`/saas/api/workflows/${this.workflow._id}/nodes/${node.id}/test`, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ context, node }) });
+              const res = await fetch(`/saas/api/admin/workflows/${this.workflow._id}/nodes/${node.id}/test`, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ context, node }) });
               const data = await res.json(); node.testOutput = data.result; node.testResult = data.result; this.showToast('Tested');
             } catch (e) { this.showToast('Failed', 'error'); }
           },
-          async loadRuns() { if (!this.workflow._id) return; const res = await fetch(`/saas/api/workflows/${this.workflow._id}/runs`); this.runs = await res.json(); },
+          async loadRuns() { if (!this.workflow._id) return; const res = await fetch(`/saas/api/admin/workflows/${this.workflow._id}/runs`); this.runs = await res.json(); },
           inspectRun(run) { this.inspectedRun = run; }, testWorkflow() { this.showTestPanel = true; },
           showToast(message, type = 'success') {
             const id = Date.now(); this.toasts.push({ id, message, type, show: true });