@jhits/plugin-users 0.0.11 → 0.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/package.json +3 -2
  2. package/src/api/auth.ts +83 -0
  3. package/src/api/index.ts +11 -0
  4. package/src/api/router.ts +100 -0
  5. package/src/api/users.ts +208 -0
  6. package/src/api-server.ts +11 -0
  7. package/src/index.server.ts +14 -0
  8. package/src/index.tsx +21 -0
  9. package/src/locales/en.json +25 -0
  10. package/src/locales/nl.json +25 -0
  11. package/src/locales/sv.json +25 -0
  12. package/src/views/UserManagement.tsx +332 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@jhits/plugin-users",
3
- "version": "0.0.11",
3
+ "version": "0.0.13",
4
4
  "description": "User management and authentication plugin for the JHITS ecosystem",
5
5
  "publishConfig": {
6
6
  "access": "public"
@@ -36,7 +36,7 @@
36
36
  "@types/node": "^25.2.3",
37
37
  "@types/react": "^19.2.14",
38
38
  "@types/react-dom": "^19.2.3",
39
- "@jhits/plugin-core": "0.0.8"
39
+ "@jhits/plugin-core": "0.0.10"
40
40
  },
41
41
  "peerDependencies": {
42
42
  "next": ">=15.0.0",
@@ -54,6 +54,7 @@
54
54
  "typescript": "^5.9.3"
55
55
  },
56
56
  "files": [
57
+ "src",
57
58
  "dist",
58
59
  "package.json"
59
60
  ],
package/src/api/auth.ts ADDED
@@ -0,0 +1,83 @@
1
+ /**
2
+ * Plugin Users - Auth API Handler
3
+ * NextAuth API route handler for App Router
4
+ *
5
+ * This is a core plugin that provides authentication functionality.
6
+ * authOptions should be passed from the client app (typically from @jhits/dashboard/lib/auth)
7
+ */
8
+
9
+ import NextAuth from 'next-auth';
10
+ import type { NextAuthOptions } from 'next-auth';
11
+
12
+ // Store authOptions - will be initialized by the client app
13
+ let authOptionsInstance: NextAuthOptions | null = null;
14
+
15
+ /**
16
+ * Initialize the auth handler with authOptions
17
+ * This should be called by the client app before handling auth requests
18
+ */
19
+ export function initAuthHandler(authOptions: NextAuthOptions) {
20
+ authOptionsInstance = authOptions;
21
+ }
22
+
23
+ /**
24
+ * Get the NextAuth handler
25
+ * Throws an error if authOptions haven't been initialized
26
+ */
27
+ function getHandler() {
28
+ if (!authOptionsInstance) {
29
+ throw new Error(
30
+ 'Auth handler not initialized. Call initAuthHandler() with authOptions from @jhits/dashboard/lib/auth'
31
+ );
32
+ }
33
+ return NextAuth(authOptionsInstance);
34
+ }
35
+
36
+ // Export handlers - NextAuth handler works for both GET and POST
37
+ // NextAuth expects the route to be /api/auth/[...nextauth] with path segments in context.params.nextauth
38
+ export async function GET(req: any, context?: { params?: Promise<{ nextauth?: string[] }> }) {
39
+ const handler = getHandler();
40
+
41
+ // Use context if provided, otherwise extract from URL
42
+ let nextauthPath: string[] = [];
43
+ if (context?.params) {
44
+ const resolvedParams = await context.params;
45
+ nextauthPath = resolvedParams.nextauth || [];
46
+ } else {
47
+ // Fallback: extract from URL
48
+ const url = new URL(req.url);
49
+ const pathSegments = url.pathname.split('/').filter(Boolean);
50
+ // Path: /api/auth/session -> segments: ['api', 'auth', 'session'] -> nextauth: ['session']
51
+ nextauthPath = pathSegments.length > 2 ? pathSegments.slice(2) : [];
52
+ }
53
+
54
+ // Create context with nextauth parameter (NextAuth expects this)
55
+ const nextauthContext = {
56
+ params: Promise.resolve({ nextauth: nextauthPath })
57
+ };
58
+
59
+ return handler(req, nextauthContext);
60
+ }
61
+
62
+ export async function POST(req: any, context?: { params?: Promise<{ nextauth?: string[] }> }) {
63
+ const handler = getHandler();
64
+
65
+ // Use context if provided, otherwise extract from URL
66
+ let nextauthPath: string[] = [];
67
+ if (context?.params) {
68
+ const resolvedParams = await context.params;
69
+ nextauthPath = resolvedParams.nextauth || [];
70
+ } else {
71
+ // Fallback: extract from URL
72
+ const url = new URL(req.url);
73
+ const pathSegments = url.pathname.split('/').filter(Boolean);
74
+ nextauthPath = pathSegments.length > 2 ? pathSegments.slice(2) : [];
75
+ }
76
+
77
+ const nextauthContext = {
78
+ params: Promise.resolve({ nextauth: nextauthPath })
79
+ };
80
+
81
+ return handler(req, nextauthContext);
82
+ }
83
+
package/src/api/index.ts ADDED
@@ -0,0 +1,11 @@
1
+ /**
2
+ * Plugin Users API Exports
3
+ */
4
+
5
+ // Auth exports
6
+ export { GET, POST, initAuthHandler } from './auth';
7
+
8
+ // Users API exports
9
+ export { handleUsersApi } from './router';
10
+ export type { UsersApiConfig } from './users';
11
+
package/src/api/router.ts ADDED
@@ -0,0 +1,100 @@
1
+ 'use server';
2
+
3
+ /**
4
+ * Plugin Users API Router
5
+ * Centralized API handler for all users plugin routes
6
+ *
7
+ * This router handles requests to:
8
+ * - /api/auth/[...nextauth] (NextAuth routes)
9
+ * - /api/users (user management routes)
10
+ * - /api/plugin-users/* (plugin-specific routes)
11
+ */
12
+
13
+ import { NextRequest, NextResponse } from 'next/server';
14
+ import { UsersApiConfig } from './users';
15
+ import { GET_USERS, POST_USERS, PATCH_USER, DELETE_USER } from './users';
16
+ import { GET as AuthGET, POST as AuthPOST, initAuthHandler } from './auth';
17
+
18
+ /**
19
+ * Handle users API requests
20
+ * Routes requests to appropriate handlers based on path
21
+ * Handles both NextAuth routes (/api/auth) and user management routes (/api/users)
22
+ */
23
+ export async function handleUsersApi(
24
+ req: NextRequest,
25
+ path: string[],
26
+ config: UsersApiConfig
27
+ ): Promise<NextResponse> {
28
+ const method = req.method;
29
+ const route = path && path.length > 0 ? path[0] : '';
30
+
31
+ try {
32
+ // Initialize auth handler if authOptions are provided
33
+ if (config.authOptions) {
34
+ initAuthHandler(config.authOptions);
35
+ }
36
+
37
+ // Route: /api/auth/[...nextauth] - NextAuth routes
38
+ // When routed from /api/auth, the path contains the nextauth segments
39
+ // Path structure: /api/auth/session -> path: ['session']
40
+ // Path structure: /api/auth/signin -> path: ['signin']
41
+ // Path structure: /api/auth -> path: [] (empty)
42
+ // We handle this by checking if route is empty (root /api/auth) or if it's a known NextAuth route
43
+ const isNextAuthRoute = route === '' ||
44
+ ['session', 'signin', 'signout', 'callback', 'csrf', 'providers', 'error'].includes(route);
45
+
46
+ if (isNextAuthRoute) {
47
+ // This is a NextAuth route - use the path as nextauth segments
48
+ // For /api/auth, path is [] -> nextauthPath is []
49
+ // For /api/auth/session, path is ['session'] -> nextauthPath is ['session']
50
+ const nextauthPath = path;
51
+
52
+ // Create NextAuth context
53
+ const nextauthContext = {
54
+ params: Promise.resolve({ nextauth: nextauthPath })
55
+ };
56
+
57
+ if (method === 'GET') {
58
+ return await AuthGET(req, nextauthContext);
59
+ }
60
+ if (method === 'POST') {
61
+ return await AuthPOST(req, nextauthContext);
62
+ }
63
+ }
64
+
65
+ // Route: /api/users or /api/plugin-users/users (user management)
66
+ if (route === 'users') {
67
+ if (path.length === 1) {
68
+ // /api/users or /api/plugin-users/users
69
+ if (method === 'GET') {
70
+ return await GET_USERS(req, config);
71
+ }
72
+ if (method === 'POST') {
73
+ return await POST_USERS(req, config);
74
+ }
75
+ } else if (path.length === 2) {
76
+ // /api/users/[id] or /api/plugin-users/users/[id]
77
+ const userId = path[1];
78
+ if (method === 'PATCH') {
79
+ return await PATCH_USER(req, userId, config);
80
+ }
81
+ if (method === 'DELETE') {
82
+ return await DELETE_USER(req, userId, config);
83
+ }
84
+ }
85
+ }
86
+
87
+ // Method not allowed
88
+ return NextResponse.json(
89
+ { error: `Method ${method} not allowed for route: ${route || '/'}` },
90
+ { status: 405 }
91
+ );
92
+ } catch (error: any) {
93
+ console.error('[UsersApiRouter] Error:', error);
94
+ return NextResponse.json(
95
+ { error: error.message || 'Internal server error' },
96
+ { status: 500 }
97
+ );
98
+ }
99
+ }
100
+
package/src/api/users.ts ADDED
@@ -0,0 +1,208 @@
1
+ /**
2
+ * Plugin Users - Users API Handler
3
+ * Handles user management API routes
4
+ */
5
+
6
+ import { NextRequest, NextResponse } from 'next/server';
7
+ import { ObjectId } from 'mongodb';
8
+ import bcrypt from 'bcryptjs';
9
+
10
+ export interface UsersApiConfig {
11
+ /** MongoDB client promise */
12
+ getDb: () => Promise<{ db: () => any }>;
13
+ /** Collection name (default: 'users') */
14
+ collectionName?: string;
15
+ /** NextAuth options for authentication routes */
16
+ authOptions?: any;
17
+ }
18
+
19
+ /**
20
+ * GET /api/plugin-users/users - List all users
21
+ */
22
+ export async function GET_USERS(req: NextRequest, config: UsersApiConfig): Promise<NextResponse> {
23
+ try {
24
+ const dbConnection = await config.getDb();
25
+ const db = dbConnection.db();
26
+ const users = db.collection(config.collectionName || 'users');
27
+
28
+ // Exclude passwords for security
29
+ const userList = await users
30
+ .find({}, { projection: { password: 0 } })
31
+ .toArray();
32
+
33
+ return NextResponse.json(userList);
34
+ } catch (err: any) {
35
+ console.error('[UsersAPI] GET error:', err);
36
+ return NextResponse.json(
37
+ { error: 'Failed to fetch users', detail: err.message },
38
+ { status: 500 }
39
+ );
40
+ }
41
+ }
42
+
43
+ /**
44
+ * POST /api/plugin-users/users - Create new user
45
+ */
46
+ export async function POST_USERS(req: NextRequest, config: UsersApiConfig): Promise<NextResponse> {
47
+ try {
48
+ const { email, name, role, password } = await req.json();
49
+ const dbConnection = await config.getDb();
50
+ const db = dbConnection.db();
51
+ const users = db.collection(config.collectionName || 'users');
52
+
53
+ // Validation
54
+ if (!password || password.length < 6) {
55
+ return NextResponse.json(
56
+ { error: 'Password too short (minimum 6 characters)' },
57
+ { status: 400 }
58
+ );
59
+ }
60
+
61
+ const exists = await users.findOne({ email });
62
+ if (exists) {
63
+ return NextResponse.json(
64
+ { error: 'User already exists' },
65
+ { status: 400 }
66
+ );
67
+ }
68
+
69
+ // Hash the password
70
+ const hashedPassword = await bcrypt.hash(password, 12);
71
+
72
+ // Save to DB
73
+ const result = await users.insertOne({
74
+ email,
75
+ name,
76
+ role: role || 'editor',
77
+ password: hashedPassword,
78
+ createdAt: new Date(),
79
+ });
80
+
81
+ return NextResponse.json({
82
+ _id: result.insertedId,
83
+ email,
84
+ name,
85
+ role: role || 'editor',
86
+ createdAt: new Date()
87
+ }, { status: 201 });
88
+ } catch (err: any) {
89
+ console.error('[UsersAPI] POST error:', err);
90
+ return NextResponse.json(
91
+ { error: 'Failed to create user', detail: err.message },
92
+ { status: 500 }
93
+ );
94
+ }
95
+ }
96
+
97
+ /**
98
+ * PATCH /api/plugin-users/users/[id] - Update user
99
+ */
100
+ export async function PATCH_USER(
101
+ req: NextRequest,
102
+ userId: string,
103
+ config: UsersApiConfig
104
+ ): Promise<NextResponse> {
105
+ try {
106
+ const { role, name, password, currentPassword } = await req.json();
107
+ const dbConnection = await config.getDb();
108
+ const db = dbConnection.db();
109
+ const users = db.collection(config.collectionName || 'users');
110
+
111
+ // Prepare the update object
112
+ const updateData: any = { updatedAt: new Date() };
113
+ if (role) updateData.role = role;
114
+ if (name) updateData.name = name;
115
+
116
+ // Handle Password Update Logic
117
+ if (password) {
118
+ // Find the user first to verify identity
119
+ const user = await users.findOne({ _id: new ObjectId(userId) });
120
+
121
+ if (!user) {
122
+ return NextResponse.json({ error: 'User not found' }, { status: 404 });
123
+ }
124
+
125
+ // Safety Check: Verify current password before allowing change
126
+ if (!currentPassword) {
127
+ return NextResponse.json(
128
+ { error: 'Current password is required' },
129
+ { status: 400 }
130
+ );
131
+ }
132
+
133
+ const isCorrect = await bcrypt.compare(currentPassword, user.password);
134
+ if (!isCorrect) {
135
+ return NextResponse.json(
136
+ { error: 'Current password is incorrect' },
137
+ { status: 401 }
138
+ );
139
+ }
140
+
141
+ // Hash the NEW password
142
+ if (password.length < 6) {
143
+ return NextResponse.json(
144
+ { error: 'New password too short (minimum 6 characters)' },
145
+ { status: 400 }
146
+ );
147
+ }
148
+ updateData.password = await bcrypt.hash(password, 12);
149
+ }
150
+
151
+ // Execute the Update
152
+ const result = await users.updateOne(
153
+ { _id: new ObjectId(userId) },
154
+ { $set: updateData }
155
+ );
156
+
157
+ if (result.matchedCount === 0) {
158
+ return NextResponse.json({ error: 'User not found' }, { status: 404 });
159
+ }
160
+
161
+ return NextResponse.json({ message: 'Update successful' });
162
+ } catch (err: any) {
163
+ console.error('[UsersAPI] PATCH error:', err);
164
+ return NextResponse.json(
165
+ { error: 'Update failed', detail: err.message },
166
+ { status: 500 }
167
+ );
168
+ }
169
+ }
170
+
171
+ /**
172
+ * DELETE /api/plugin-users/users/[id] - Delete user
173
+ */
174
+ export async function DELETE_USER(
175
+ req: NextRequest,
176
+ userId: string,
177
+ config: UsersApiConfig
178
+ ): Promise<NextResponse> {
179
+ try {
180
+ const dbConnection = await config.getDb();
181
+ const db = dbConnection.db();
182
+ const users = db.collection(config.collectionName || 'users');
183
+
184
+ // Safety check: Prevent deleting developer account
185
+ const user = await users.findOne({ _id: new ObjectId(userId) });
186
+ if (user?.role === 'dev') {
187
+ return NextResponse.json(
188
+ { error: 'Cannot delete developer account' },
189
+ { status: 403 }
190
+ );
191
+ }
192
+
193
+ const result = await users.deleteOne({ _id: new ObjectId(userId) });
194
+
195
+ if (result.deletedCount === 0) {
196
+ return NextResponse.json({ error: 'User not found' }, { status: 404 });
197
+ }
198
+
199
+ return NextResponse.json({ message: 'User deleted' });
200
+ } catch (err: any) {
201
+ console.error('[UsersAPI] DELETE error:', err);
202
+ return NextResponse.json(
203
+ { error: 'Delete failed', detail: err.message },
204
+ { status: 500 }
205
+ );
206
+ }
207
+ }
208
+
package/src/api-server.ts ADDED
@@ -0,0 +1,11 @@
1
+ /**
2
+ * Plugin Users - Server-Only API Exports
3
+ * This file is only imported in server-side code (API routes)
4
+ *
5
+ * IMPORTANT: This file uses Node.js modules and should NEVER
6
+ * be imported in client-side code. Only use in server-side API routes.
7
+ */
8
+
9
+ // Re-export everything from the API index
10
+ export * from './api';
11
+
package/src/index.server.ts ADDED
@@ -0,0 +1,14 @@
1
+ import 'server-only';
2
+
3
+ /**
4
+ * Plugin Users - Server-Only Entry Point
5
+ * This file exports only server-side API handlers
6
+ * Used by the dynamic plugin router via @jhits/plugin-users/server
7
+ *
8
+ * Note: This file is server-only (no 'use server' needed - that's only for Server Actions)
9
+ */
10
+
11
+ export { handleUsersApi as handleApi } from './api/router';
12
+ export { handleUsersApi } from './api/router'; // Keep original export for backward compatibility
13
+ export type { UsersApiConfig } from './api/users';
14
+
package/src/index.tsx ADDED
@@ -0,0 +1,21 @@
1
+ "use client";
2
+
3
+ import React from 'react';
4
+ import UserManagement from './views/UserManagement';
5
+
6
+ // User Management Plugin - Always enabled by default
7
+ export const Index: React.FC<any> = ({ subPath = [], siteId, locale: dashboardLocale = 'en' }) => {
8
+ return (
9
+ <div className="w-full h-full flex flex-col overflow-hidden">
10
+ <div className="flex-1 overflow-y-auto">
11
+ <UserManagement locale={dashboardLocale} />
12
+ </div>
13
+ </div>
14
+ );
15
+ };
16
+
17
+ export default Index;
18
+
19
+ // Note: API handlers are server-only and exported from ./index.ts (server entry point)
20
+ // They are NOT exported here to prevent client/server context mixing
21
+
package/src/locales/en.json ADDED
@@ -0,0 +1,25 @@
1
+ {
2
+ "title": "User Management",
3
+ "description": "Manage who has access to the dashboard.",
4
+ "newUser": "New User",
5
+ "searchUsers": "Search users...",
6
+ "user": "User",
7
+ "role": "Role",
8
+ "since": "Since",
9
+ "actions": "Actions",
10
+ "noUsersFound": "No users found matching your search.",
11
+ "addUser": "Add User",
12
+ "name": "Name",
13
+ "email": "Email Address",
14
+ "temporaryPassword": "Temporary Password",
15
+ "generateNewPassword": "Generate new password",
16
+ "editor": "Editor (Content only)",
17
+ "dev": "Developer",
18
+ "admin": "Admin (All settings)",
19
+ "cannotDeleteDev": "Cannot delete developer account.",
20
+ "confirmDelete": "Are you sure you want to delete this user?",
21
+ "errorDeleting": "Error deleting user.",
22
+ "failedToCreate": "Failed to create user",
23
+ "networkError": "Network error while creating user"
24
+ }
25
+
package/src/locales/nl.json ADDED
@@ -0,0 +1,25 @@
1
+ {
2
+ "title": "Gebruikersbeheer",
3
+ "description": "Beheer wie toegang heeft tot het dashboard.",
4
+ "newUser": "Nieuwe Gebruiker",
5
+ "searchUsers": "Zoek gebruikers...",
6
+ "user": "Gebruiker",
7
+ "role": "Rol",
8
+ "since": "Sinds",
9
+ "actions": "Acties",
10
+ "noUsersFound": "Geen gebruikers gevonden die voldoen aan je zoekopdracht.",
11
+ "addUser": "Gebruiker Toevoegen",
12
+ "name": "Naam",
13
+ "email": "E-mailadres",
14
+ "temporaryPassword": "Tijdelijk Wachtwoord",
15
+ "generateNewPassword": "Genereer nieuw wachtwoord",
16
+ "editor": "Editor (Alleen content)",
17
+ "dev": "Developer",
18
+ "admin": "Admin (Alle instellingen)",
19
+ "cannotDeleteDev": "Developer kan niet verwijderd worden.",
20
+ "confirmDelete": "Weet je zeker dat je deze gebruiker wilt verwijderen?",
21
+ "errorDeleting": "Fout bij verwijderen.",
22
+ "failedToCreate": "Aanmaken mislukt",
23
+ "networkError": "Netwerkfout bij aanmaken gebruiker"
24
+ }
25
+
package/src/locales/sv.json ADDED
@@ -0,0 +1,25 @@
1
+ {
2
+ "title": "Användarhantering",
3
+ "description": "Hantera vem som har tillgång till instrumentpanelen.",
4
+ "newUser": "Ny Användare",
5
+ "searchUsers": "Sök användare...",
6
+ "user": "Användare",
7
+ "role": "Roll",
8
+ "since": "Sedan",
9
+ "actions": "Åtgärder",
10
+ "noUsersFound": "Inga användare hittades som matchar din sökning.",
11
+ "addUser": "Lägg till Användare",
12
+ "name": "Namn",
13
+ "email": "E-postadress",
14
+ "temporaryPassword": "Tillfälligt Lösenord",
15
+ "generateNewPassword": "Generera nytt lösenord",
16
+ "editor": "Redaktör (Endast innehåll)",
17
+ "dev": "Utvecklare",
18
+ "admin": "Administratör (Alla inställningar)",
19
+ "cannotDeleteDev": "Kan inte ta bort utvecklarkonto.",
20
+ "confirmDelete": "Är du säker på att du vill ta bort denna användare?",
21
+ "errorDeleting": "Fel vid borttagning av användare.",
22
+ "failedToCreate": "Misslyckades med att skapa användare",
23
+ "networkError": "Nätverksfel vid skapande av användare"
24
+ }
25
+
package/src/views/UserManagement.tsx ADDED
@@ -0,0 +1,332 @@
1
+ 'use client';
2
+
3
+ import { useState, useEffect } from "react";
4
+ import {
5
+ Users, UserPlus, Shield,
6
+ Trash2, Key, Search, Loader2, X, Eye, EyeOff, Copy, Check, Calendar
7
+ } from "lucide-react";
8
+
9
+ interface User {
10
+ _id: string;
11
+ name: string;
12
+ email: string;
13
+ role: 'dev' | 'admin' | 'editor';
14
+ createdAt: string;
15
+ }
16
+
17
+ export default function UserManagement({ locale = 'en' }: { locale?: string }) {
18
+ const [users, setUsers] = useState<User[]>([]);
19
+ const [loading, setLoading] = useState(true);
20
+ const [searchTerm, setSearchTerm] = useState("");
21
+
22
+ // Modal State
23
+ const [isModalOpen, setIsModalOpen] = useState(false);
24
+ const [isCreating, setIsCreating] = useState(false);
25
+ const [showPassword, setShowPassword] = useState(false);
26
+ const [copied, setCopied] = useState(false);
27
+
28
+ // Form State
29
+ const [formData, setFormData] = useState({
30
+ name: "",
31
+ email: "",
32
+ password: "",
33
+ role: "editor" as const
34
+ });
35
+
36
+ const fetchUsers = async () => {
37
+ try {
38
+ setLoading(true);
39
+ const res = await fetch('/api/users');
40
+ const data = await res.json();
41
+ if (Array.isArray(data)) setUsers(data);
42
+ } catch (err) {
43
+ console.error("Failed to load users", err);
44
+ } finally {
45
+ setLoading(false);
46
+ }
47
+ };
48
+
49
+ useEffect(() => { fetchUsers(); }, []);
50
+
51
+ const generateTempPassword = () => {
52
+ const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%";
53
+ let retVal = "";
54
+ for (let i = 0, n = charset.length; i < 10; ++i) {
55
+ retVal += charset.charAt(Math.floor(Math.random() * n));
56
+ }
57
+ setFormData({ ...formData, password: retVal });
58
+ };
59
+
60
+ const handleCreateUser = async (e: React.FormEvent) => {
61
+ e.preventDefault();
62
+ setIsCreating(true);
63
+ try {
64
+ const res = await fetch('/api/users', {
65
+ method: 'POST',
66
+ headers: { 'Content-Type': 'application/json' },
67
+ body: JSON.stringify(formData)
68
+ });
69
+
70
+ if (res.ok) {
71
+ const newUser = await res.json();
72
+ setUsers([...users, newUser]);
73
+ setIsModalOpen(false);
74
+ setFormData({ name: "", email: "", password: "", role: "editor" });
75
+ } else {
76
+ const err = await res.json();
77
+ alert(err.error || "Failed to create user");
78
+ }
79
+ } catch (err) {
80
+ alert("Network error while creating user");
81
+ } finally {
82
+ setIsCreating(false);
83
+ }
84
+ };
85
+
86
+ const copyToClipboard = () => {
87
+ navigator.clipboard.writeText(formData.password);
88
+ setCopied(true);
89
+ setTimeout(() => setCopied(false), 2000);
90
+ };
91
+
92
+ const handleDelete = async (userId: string, userRole: string) => {
93
+ if (userRole === 'dev') return alert("Cannot delete developer account.");
94
+ if (!confirm("Are you sure you want to delete this user?")) return;
95
+
96
+ try {
97
+ const res = await fetch(`/api/users/${userId}`, { method: 'DELETE' });
98
+ if (res.ok) setUsers(users.filter(u => u._id !== userId));
99
+ } catch (err) { alert("Error deleting user."); }
100
+ };
101
+
102
+ const filteredUsers = users.filter(user =>
103
+ user.name?.toLowerCase().includes(searchTerm.toLowerCase()) ||
104
+ user.email?.toLowerCase().includes(searchTerm.toLowerCase())
105
+ );
106
+
107
+ return (
108
+ <div className="h-full w-full rounded-[2.5rem] bg-dashboard-card dark:bg-neutral-900 p-8 overflow-y-auto">
109
+ {/* Header Section */}
110
+ <div className="flex flex-col md:flex-row md:items-center justify-between gap-6 mb-8">
111
+ <div>
112
+ <h1 className="text-3xl font-black text-dashboard-text uppercase tracking-tighter mb-2">
113
+ User Management
114
+ </h1>
115
+ <p className="text-sm text-dashboard-text-secondary">
116
+ Manage who has access to the dashboard.
117
+ </p>
118
+ </div>
119
+
120
+ <button
121
+ onClick={() => { setIsModalOpen(true); generateTempPassword(); }}
122
+ className="inline-flex items-center gap-2 px-6 py-3 bg-primary text-white rounded-full text-[10px] font-black uppercase tracking-widest hover:bg-primary/90 transition-all shadow-lg shadow-primary/20"
123
+ >
124
+ <UserPlus size={16} />
125
+ New User
126
+ </button>
127
+ </div>
128
+
129
+ {/* Toolbar */}
130
+ <div className="bg-dashboard-bg dark:bg-neutral-800/50 rounded-2xl sm:rounded-[2rem] border border-dashboard-border overflow-hidden">
131
+ <div className="p-4 sm:p-6 border-b border-dashboard-border flex items-center justify-between">
132
+ <div className="relative w-full sm:w-72">
133
+ <Search className="absolute left-3 top-1/2 -translate-y-1/2 text-dashboard-text-secondary" size={16} />
134
+ <input
135
+ type="text"
136
+ placeholder="Search users..."
137
+ value={searchTerm}
138
+ onChange={(e) => setSearchTerm(e.target.value)}
139
+ className="w-full pl-10 pr-4 py-2.5 bg-dashboard-card border border-dashboard-border rounded-lg text-sm outline-none focus:ring-2 focus:ring-primary/20 transition-all text-dashboard-text placeholder:text-dashboard-text-secondary"
140
+ />
141
+ </div>
142
+ {loading && <Loader2 className="animate-spin text-primary ml-4" size={20} />}
143
+ </div>
144
+
145
+ {/* Desktop Table */}
146
+ <div className="hidden md:block overflow-x-auto">
147
+ <table className="w-full text-left border-collapse">
148
+ <thead>
149
+ <tr className="text-[11px] font-bold text-dashboard-text-secondary uppercase tracking-widest border-b border-dashboard-border">
150
+ <th className="px-8 py-4">User</th>
151
+ <th className="px-8 py-4">Role</th>
152
+ <th className="px-8 py-4">Since</th>
153
+ <th className="px-8 py-4 text-right">Actions</th>
154
+ </tr>
155
+ </thead>
156
+ <tbody className="divide-y divide-dashboard-border">
157
+ {filteredUsers.map((user) => (
158
+ <tr key={user._id} className="group hover:bg-dashboard-card transition-colors">
159
+ <td className="px-8 py-5">
160
+ <div className="flex items-center gap-3">
161
+ <div className="w-10 h-10 rounded-full bg-primary/10 text-primary flex items-center justify-center font-bold border border-primary/20">
162
+ {user.name?.[0] || 'U'}
163
+ </div>
164
+ <div>
165
+ <p className="font-bold text-dashboard-text text-sm">{user.name}</p>
166
+ <p className="text-xs text-dashboard-text-secondary">{user.email}</p>
167
+ </div>
168
+ </div>
169
+ </td>
170
+ <td className="px-8 py-5">
171
+ <span className={`inline-flex items-center gap-1.5 px-3 py-1 rounded-full text-[10px] font-bold uppercase tracking-wider ${user.role === 'dev' ? 'bg-primary text-white' : 'bg-dashboard-bg text-dashboard-text'
172
+ }`}>
173
+ <Shield size={10} /> {user.role}
174
+ </span>
175
+ </td>
176
+ <td className="px-8 py-5 text-sm text-dashboard-text-secondary">
177
+ {user.createdAt ? new Date(user.createdAt).toLocaleDateString() : '-'}
178
+ </td>
179
+ <td className="px-8 py-5 text-right">
180
+ <button
181
+ onClick={() => handleDelete(user._id, user.role)}
182
+ className="p-2 text-dashboard-text-secondary hover:text-red-500 transition-colors disabled:opacity-0"
183
+ disabled={user.role === 'dev'}
184
+ >
185
+ <Trash2 size={16} />
186
+ </button>
187
+ </td>
188
+ </tr>
189
+ ))}
190
+ </tbody>
191
+ </table>
192
+ </div>
193
+
194
+ {/* Mobile Card List */}
195
+ <div className="md:hidden divide-y divide-dashboard-border">
196
+ {filteredUsers.map((user) => (
197
+ <div key={user._id} className="p-5 space-y-4">
198
+ <div className="flex justify-between items-start">
199
+ <div className="flex items-center gap-3">
200
+ <div className="w-10 h-10 rounded-full bg-primary/10 text-primary flex items-center justify-center font-bold border border-primary/20">
201
+ {user.name?.[0] || 'U'}
202
+ </div>
203
+ <div className="min-w-0">
204
+ <p className="font-bold text-dashboard-text text-sm truncate">{user.name}</p>
205
+ <p className="text-[11px] text-dashboard-text-secondary truncate">{user.email}</p>
206
+ </div>
207
+ </div>
208
+ <button
209
+ onClick={() => handleDelete(user._id, user.role)}
210
+ className={`p-2 rounded-lg bg-red-50 dark:bg-red-950/20 text-red-400 ${user.role === 'dev' ? 'hidden' : 'block'}`}
211
+ >
212
+ <Trash2 size={16} />
213
+ </button>
214
+ </div>
215
+
216
+ <div className="flex items-center justify-between pt-2 border-t border-dashboard-border">
217
+ <span className={`inline-flex items-center gap-1.5 px-3 py-1 rounded-full text-[9px] font-black uppercase tracking-wider ${user.role === 'dev' ? 'bg-primary text-white' : 'bg-dashboard-bg text-dashboard-text'
218
+ }`}>
219
+ <Shield size={10} /> {user.role}
220
+ </span>
221
+ <div className="flex items-center gap-1.5 text-[10px] text-dashboard-text-secondary font-medium">
222
+ <Calendar size={12} />
223
+ {user.createdAt ? new Date(user.createdAt).toLocaleDateString() : '-'}
224
+ </div>
225
+ </div>
226
+ </div>
227
+ ))}
228
+ </div>
229
+
230
+ {filteredUsers.length === 0 && !loading && (
231
+ <div className="p-12 text-center text-dashboard-text-secondary text-sm">
232
+ No users found matching your search.
233
+ </div>
234
+ )}
235
+ </div>
236
+
237
+ {/* Create User Modal */}
238
+ {isModalOpen && (
239
+ <div className="fixed inset-0 z-50 flex items-end sm:items-center justify-center p-0 sm:p-4 bg-black/40 backdrop-blur-sm animate-in fade-in duration-200">
240
+ <div className="bg-dashboard-card w-full max-w-md rounded-t-[2.5rem] sm:rounded-[2.5rem] shadow-2xl overflow-hidden animate-in slide-in-from-bottom sm:zoom-in-95 duration-300 max-h-[90vh] overflow-y-auto border border-dashboard-border">
241
+ <div className="p-6 sm:p-8 bg-primary text-white flex justify-between items-center sticky top-0 z-10">
242
+ <h2 className="text-xl sm:text-2xl font-black uppercase tracking-tighter">New User</h2>
243
+ <button onClick={() => setIsModalOpen(false)} className="hover:rotate-90 transition-transform p-2">
244
+ <X size={24} />
245
+ </button>
246
+ </div>
247
+
248
+ <form onSubmit={handleCreateUser} className="p-6 sm:p-8 space-y-5">
249
+ <div className="space-y-2">
250
+ <label className="text-xs font-bold text-dashboard-text-secondary uppercase tracking-widest ml-1">Name</label>
251
+ <input
252
+ required
253
+ className="w-full px-5 py-3 bg-dashboard-bg border border-dashboard-border rounded-2xl focus:ring-2 focus:ring-primary outline-none text-sm transition-all text-dashboard-text"
254
+ value={formData.name}
255
+ onChange={e => setFormData({ ...formData, name: e.target.value })}
256
+ placeholder="e.g. John Doe"
257
+ />
258
+ </div>
259
+
260
+ <div className="space-y-2">
261
+ <label className="text-xs font-bold text-dashboard-text-secondary uppercase tracking-widest ml-1">Email Address</label>
262
+ <input
263
+ required
264
+ type="email"
265
+ className="w-full px-5 py-3 bg-dashboard-bg border border-dashboard-border rounded-2xl focus:ring-2 focus:ring-primary outline-none text-sm transition-all text-dashboard-text"
266
+ value={formData.email}
267
+ onChange={e => setFormData({ ...formData, email: e.target.value })}
268
+ placeholder="email@example.com"
269
+ />
270
+ </div>
271
+
272
+ <div className="space-y-2">
273
+ <label className="text-xs font-bold text-dashboard-text-secondary uppercase tracking-widest ml-1">Temporary Password</label>
274
+ <div className="relative">
275
+ <input
276
+ required
277
+ type={showPassword ? "text" : "password"}
278
+ className="w-full px-5 py-3 bg-dashboard-bg border border-dashboard-border rounded-2xl focus:ring-2 focus:ring-primary outline-none text-sm transition-all font-mono text-dashboard-text"
279
+ value={formData.password}
280
+ onChange={e => setFormData({ ...formData, password: e.target.value })}
281
+ />
282
+ <div className="absolute right-3 top-1/2 -translate-y-1/2 flex items-center gap-1">
283
+ <button type="button" onClick={() => setShowPassword(!showPassword)} className="p-1.5 text-dashboard-text-secondary hover:text-primary">
284
+ {showPassword ? <EyeOff size={16} /> : <Eye size={16} />}
285
+ </button>
286
+ <button type="button" onClick={copyToClipboard} className="p-1.5 text-dashboard-text-secondary hover:text-primary">
287
+ {copied ? <Check size={16} className="text-emerald-500" /> : <Copy size={16} />}
288
+ </button>
289
+ </div>
290
+ </div>
291
+ <button
292
+ type="button"
293
+ onClick={generateTempPassword}
294
+ className="text-[10px] text-primary font-bold uppercase tracking-wider hover:underline ml-1"
295
+ >
296
+ Generate new password
297
+ </button>
298
+ </div>
299
+
300
+ <div className="space-y-2">
301
+ <label className="text-xs font-bold text-dashboard-text-secondary uppercase tracking-widest ml-1">Role</label>
302
+ <div className="relative">
303
+ <select
304
+ className="w-full px-5 py-3 bg-dashboard-bg border border-dashboard-border rounded-2xl focus:ring-2 focus:ring-primary outline-none text-sm appearance-none cursor-pointer text-dashboard-text"
305
+ value={formData.role}
306
+ onChange={e => setFormData({ ...formData, role: e.target.value as any })}
307
+ >
308
+ <option value="editor">Editor (Content only)</option>
309
+ <option value="dev">Developer</option>
310
+ <option value="admin">Admin (All settings)</option>
311
+ </select>
312
+ <div className="absolute right-4 top-1/2 -translate-y-1/2 pointer-events-none text-dashboard-text-secondary">
313
+ <Shield size={16} />
314
+ </div>
315
+ </div>
316
+ </div>
317
+
318
+ <button
319
+ type="submit"
320
+ disabled={isCreating}
321
+ className="w-full py-4 bg-primary text-white rounded-full text-[10px] font-black uppercase tracking-widest shadow-lg shadow-primary/20 hover:bg-primary/90 transition-all mt-4 flex items-center justify-center gap-2"
322
+ >
323
+ {isCreating ? <Loader2 className="animate-spin" size={20} /> : "Add User"}
324
+ </button>
325
+ </form>
326
+ </div>
327
+ </div>
328
+ )}
329
+ </div>
330
+ );
331
+ }
332
+