@jhits/plugin-users 0.0.14 → 0.0.15

package/dist/api/router.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../src/api/router.ts"],"names":[],"mappings":"AAEA;;;;;;;;GAQG;AAEH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAIzC;;;;GAIG;AACH,wBAAsB,cAAc,CAChC,GAAG,EAAE,WAAW,EAChB,IAAI,EAAE,MAAM,EAAE,EACd,MAAM,EAAE,cAAc,GACvB,OAAO,CAAC,YAAY,CAAC,CA2DvB"}
+{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../src/api/router.ts"],"names":[],"mappings":"AAEA;;;;;;;;GAQG;AAEH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAIzC;;;;GAIG;AACH,wBAAsB,cAAc,CAChC,GAAG,EAAE,WAAW,EAChB,IAAI,EAAE,MAAM,EAAE,EACd,MAAM,EAAE,cAAc,GACvB,OAAO,CAAC,YAAY,CAAC,CA6EvB"}

package/dist/api/router.js

@@ -26,7 +26,7 @@ export async function handleUsersApi(req, path, config) {
         }
         // Route: /api/auth/[...nextauth] - NextAuth routes
         const isNextAuthRoute = route === '' ||
-            ['session', 'signin', 'signout', 'callback', 'csrf', 'providers', 'error'].includes(route);
+            ['session', 'signin', 'signout', 'callback', 'csrf', 'providers', 'error', '_log'].includes(route);
         if (isNextAuthRoute) {
             const nextauthPath = path;
             const nextauthContext = {
@@ -64,6 +64,21 @@ export async function handleUsersApi(req, path, config) {
                     return await DELETE_USER(req, userId, config);
             }
         }
+        // Route: /api/plugin-users/bootstrap (Initial Setup)
+        if (route === 'bootstrap' && method === 'POST') {
+            const { BOOTSTRAP_USER } = await import('./users');
+            return await BOOTSTRAP_USER(req, config);
+        }
+        // Route: /api/plugin-users/setup-status (Check if setup is needed)
+        if (route === 'setup-status') {
+            const { CHECK_SETUP_STATUS } = await import('./users');
+            return await CHECK_SETUP_STATUS(req, config);
+        }
+        // Route: /api/plugin-users/setup-request (Generate temporary key)
+        if (route === 'setup-request') {
+            const { REQUEST_SETUP_KEY } = await import('./users');
+            return await REQUEST_SETUP_KEY(req, config);
+        }
         return NextResponse.json({ error: `Method ${method} not allowed for route: ${route || '/'}` }, { status: 405 });
     }
     catch (error) {

package/dist/api/users.d.ts

@@ -29,4 +29,16 @@ export declare function PATCH_USER(req: NextRequest, userId: string, config: Use
  * DELETE /api/plugin-users/users/[id] - Delete user
  */
 export declare function DELETE_USER(req: NextRequest, userId: string, config: UsersApiConfig): Promise<NextResponse>;
+/**
+ * POST /api/plugin-users/setup-request - Generate a temporary setup key
+ */
+export declare function REQUEST_SETUP_KEY(req: NextRequest, config: UsersApiConfig): Promise<NextResponse>;
+/**
+ * GET /api/plugin-users/setup-status - Check if any users exist
+ */
+export declare function CHECK_SETUP_STATUS(req: NextRequest, config: UsersApiConfig): Promise<NextResponse>;
+/**
+ * POST /api/plugin-users/bootstrap - Create first admin via secret key
+ */
+export declare function BOOTSTRAP_USER(req: NextRequest, config: UsersApiConfig): Promise<NextResponse>;
 //# sourceMappingURL=users.d.ts.map

package/dist/api/users.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"users.d.ts","sourceRoot":"","sources":["../../src/api/users.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAIxD,MAAM,WAAW,cAAc;IAC3B,6BAA6B;IAC7B,KAAK,EAAE,MAAM,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,GAAG,CAAA;KAAE,CAAC,CAAC;IACxC,yCAAyC;IACzC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,iDAAiD;IACjD,WAAW,CAAC,EAAE,GAAG,CAAC;CACrB;AAED;;GAEG;AACH,wBAAsB,SAAS,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CAmB/F;AAED;;GAEG;AACH,wBAAsB,UAAU,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CAiDhG;AAED;;GAEG;AACH,wBAAsB,UAAU,CAC5B,GAAG,EAAE,WAAW,EAChB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,cAAc,GACvB,OAAO,CAAC,YAAY,CAAC,CAiEvB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC7B,GAAG,EAAE,WAAW,EAChB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,cAAc,GACvB,OAAO,CAAC,YAAY,CAAC,CA6BvB"}
+{"version":3,"file":"users.d.ts","sourceRoot":"","sources":["../../src/api/users.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAIxD,MAAM,WAAW,cAAc;IAC3B,6BAA6B;IAC7B,KAAK,EAAE,MAAM,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,GAAG,CAAA;KAAE,CAAC,CAAC;IACxC,yCAAyC;IACzC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,iDAAiD;IACjD,WAAW,CAAC,EAAE,GAAG,CAAC;CACrB;AAED;;GAEG;AACH,wBAAsB,SAAS,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CAmB/F;AAED;;GAEG;AACH,wBAAsB,UAAU,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CAiDhG;AAED;;GAEG;AACH,wBAAsB,UAAU,CAC5B,GAAG,EAAE,WAAW,EAChB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,cAAc,GACvB,OAAO,CAAC,YAAY,CAAC,CAiEvB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC7B,GAAG,EAAE,WAAW,EAChB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,cAAc,GACvB,OAAO,CAAC,YAAY,CAAC,CA6BvB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CAuBvG;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CAcxG;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CAsDpG"}

package/dist/api/users.js

@@ -136,3 +136,97 @@ export async function DELETE_USER(req, userId, config) {
         return NextResponse.json({ error: 'Delete failed', detail: err.message }, { status: 500 });
     }
 }
+/**
+ * POST /api/plugin-users/setup-request - Generate a temporary setup key
+ */
+export async function REQUEST_SETUP_KEY(req, config) {
+    if (process.env.NODE_ENV !== 'development') {
+        return NextResponse.json({ error: 'Not available' }, { status: 403 });
+    }
+    const key = Math.random().toString(36).substring(2, 8).toUpperCase();
+    const expiry = Date.now() + 60000; // 1 minute
+    // Store in global shared store to persist across federated module re-evaluations
+    const g = globalThis;
+    if (g.__JHITS_SETUP_STORE__) {
+        g.__JHITS_SETUP_STORE__.key = key;
+        g.__JHITS_SETUP_STORE__.expiry = expiry;
+    }
+    else {
+        // Fallback if provider didn't run yet
+        g.__JHITS_SETUP_STORE__ = { key, expiry };
+    }
+    console.log('\n\x1b[41m\x1b[37m [SECURITY] BOOTSTRAP ACCESS REQUESTED \x1b[0m');
+    console.log(`\x1b[31m Temporary Setup Key: \x1b[1m${key}\x1b[0m`);
+    console.log('\x1b[31m This key will expire in 60 seconds.\x1b[0m\n');
+    return NextResponse.json({ message: 'Key generated and logged to console' });
+}
+/**
+ * GET /api/plugin-users/setup-status - Check if any users exist
+ */
+export async function CHECK_SETUP_STATUS(req, config) {
+    try {
+        const dbConnection = await config.getDb();
+        const db = dbConnection.db();
+        const users = db.collection(config.collectionName || 'users');
+        const count = await users.countDocuments();
+        return NextResponse.json({
+            needsSetup: count === 0,
+            isDev: process.env.NODE_ENV === 'development'
+        });
+    }
+    catch (err) {
+        return NextResponse.json({ needsSetup: false, error: 'DB connection failed' });
+    }
+}
+/**
+ * POST /api/plugin-users/bootstrap - Create first admin via secret key
+ */
+export async function BOOTSTRAP_USER(req, config) {
+    try {
+        const { email, name, password, setupKey } = await req.json();
+        // Security check: validate dynamic key from shared store
+        const g = globalThis;
+        const store = g.__JHITS_SETUP_STORE__ || {};
+        const systemSetupKey = store.key;
+        const systemExpiry = store.expiry;
+        if (!systemSetupKey || !setupKey || setupKey !== systemSetupKey) {
+            return NextResponse.json({ error: 'Invalid or missing setup key' }, { status: 403 });
+        }
+        if (Date.now() > systemExpiry) {
+            if (g.__JHITS_SETUP_STORE__)
+                g.__JHITS_SETUP_STORE__.key = null;
+            return NextResponse.json({ error: 'Setup key has expired' }, { status: 403 });
+        }
+        // Invalidate key immediately after use
+        if (g.__JHITS_SETUP_STORE__)
+            g.__JHITS_SETUP_STORE__.key = null;
+        const dbConnection = await config.getDb();
+        const db = dbConnection.db();
+        const users = db.collection(config.collectionName || 'users');
+        // Check if any admin already exists (double check)
+        const adminExists = await users.findOne({ role: 'admin' });
+        if (adminExists && process.env.NODE_ENV !== 'development') {
+            return NextResponse.json({ error: 'System already has an administrator' }, { status: 400 });
+        }
+        // Hash the password
+        const hashedPassword = await bcrypt.hash(password, 12);
+        // Save to DB
+        const result = await users.insertOne({
+            email,
+            name,
+            role: 'admin',
+            password: hashedPassword,
+            createdAt: new Date(),
+        });
+        return NextResponse.json({
+            message: 'Bootstrap successful',
+            _id: result.insertedId,
+            email,
+            role: 'admin'
+        }, { status: 201 });
+    }
+    catch (err) {
+        console.error('[UsersAPI] Bootstrap error:', err);
+        return NextResponse.json({ error: 'Bootstrap failed', detail: err.message }, { status: 500 });
+    }
+}

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,MAAM,OAAO,CAAC;AAI1B,eAAO,MAAM,KAAK,EAAE,KAAK,CAAC,EAAE,CAAC,GAAG,CAQ/B,CAAC;AAEF,eAAe,KAAK,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,MAAM,OAAO,CAAC;AAI1B,eAAO,MAAM,KAAK,EAAE,KAAK,CAAC,EAAE,CAAC,GAAG,CAE/B,CAAC;AAEF,eAAe,KAAK,CAAC"}

package/dist/index.js

@@ -3,6 +3,6 @@ import { jsx as _jsx } from "react/jsx-runtime";
 import UserManagement from './views/UserManagement';
 // User Management Plugin - Always enabled by default
 export const Index = ({ subPath = [], siteId, locale: dashboardLocale = 'en' }) => {
-    return (_jsx("div", { className: "w-full h-full flex flex-col overflow-hidden", children: _jsx("div", { className: "flex-1 overflow-y-auto", children: _jsx(UserManagement, { locale: dashboardLocale }) }) }));
+    return _jsx(UserManagement, { locale: dashboardLocale });
 };
 export default Index;

package/dist/views/UserManagement.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"UserManagement.d.ts","sourceRoot":"","sources":["../../src/views/UserManagement.tsx"],"names":[],"mappings":"AAgBA,MAAM,CAAC,OAAO,UAAU,cAAc,CAAC,EAAE,MAAa,EAAE,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,2CA0T5E"}
+{"version":3,"file":"UserManagement.d.ts","sourceRoot":"","sources":["../../src/views/UserManagement.tsx"],"names":[],"mappings":"AAqBA,MAAM,CAAC,OAAO,UAAU,cAAc,CAAC,EAAE,MAAa,EAAE,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,2CAuf5E"}

package/dist/views/UserManagement.js

@@ -1,14 +1,23 @@
 'use client';
-import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import { jsx as _jsx, jsxs as _jsxs, Fragment as _Fragment } from "react/jsx-runtime";
 import { useState, useEffect } from "react";
-import { UserPlus, Shield, Trash2, Search, Loader2, X, Eye, EyeOff, Copy, Check, Calendar } from "lucide-react";
+import { Users, UserPlus, Shield, Trash2, Key, Search, Loader2, X, Eye, EyeOff, Copy, Check, Calendar, UserCircle, Mail, Edit2, ShieldCheck, Activity, ChevronRight } from "lucide-react";
+import { motion, AnimatePresence } from "framer-motion";
+import { useSession } from "next-auth/react";
 export default function UserManagement({ locale = 'en' }) {
+    const { data: session } = useSession();
     const [users, setUsers] = useState([]);
     const [loading, setLoading] = useState(true);
     const [searchTerm, setSearchTerm] = useState("");
+    // Current User Info
+    const currentUserEmail = session?.user?.email;
+    const currentUserRole = session?.user?.role || 'editor';
     // Modal State
     const [isModalOpen, setIsModalOpen] = useState(false);
-    const [isCreating, setIsCreating] = useState(false);
+    const [modalMode, setModalMode] = useState('create');
+    const [selectedUser, setSelectedUser] = useState(null);
+    const [activeUserIdx, setActiveUserIdx] = useState(0);
+    const [isProcessing, setIsProcessing] = useState(false);
     const [showPassword, setShowPassword] = useState(false);
     const [copied, setCopied] = useState(false);
     // Form State
@@ -34,39 +43,83 @@ export default function UserManagement({ locale = 'en' }) {
         }
     };
     useEffect(() => { fetchUsers(); }, []);
+    // Permission Logic
+    const canManageEcosystem = currentUserRole === 'dev' || currentUserRole === 'admin';
+    const canActionUser = (targetUser) => {
+        if (!canManageEcosystem)
+            return false;
+        if (targetUser.email === currentUserEmail)
+            return false; // Can't delete/edit role of self in this view
+        // Dev can manage everyone
+        if (currentUserRole === 'dev')
+            return true;
+        // Admin can only manage editors (cannot touch devs or other admins)
+        if (currentUserRole === 'admin') {
+            return targetUser.role === 'editor';
+        }
+        return false;
+    };
     const generateTempPassword = () => {
         const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%";
         let retVal = "";
         for (let i = 0, n = charset.length; i < 10; ++i) {
             retVal += charset.charAt(Math.floor(Math.random() * n));
         }
-        setFormData({ ...formData, password: retVal });
+        setFormData(prev => ({ ...prev, password: retVal }));
+    };
+    const handleOpenCreate = () => {
+        setModalMode('create');
+        setFormData({ name: "", email: "", password: "", role: "editor" });
+        generateTempPassword();
+        setIsModalOpen(true);
     };
-    const handleCreateUser = async (e) => {
+    const handleOpenEdit = (user) => {
+        setModalMode('edit');
+        setSelectedUser(user);
+        setFormData({
+            name: user.name,
+            email: user.email,
+            password: "", // Don't show existing password
+            role: user.role
+        });
+        setIsModalOpen(true);
+    };
+    const handleSubmit = async (e) => {
         e.preventDefault();
-        setIsCreating(true);
+        setIsProcessing(true);
         try {
-            const res = await fetch('/api/users', {
-                method: 'POST',
+            const url = modalMode === 'create' ? '/api/users' : `/api/users/${selectedUser?._id}`;
+            const method = modalMode === 'create' ? 'POST' : 'PATCH';
+            // For editing, only send password if provided
+            const payload = { ...formData };
+            if (modalMode === 'edit' && !payload.password) {
+                delete payload.password;
+            }
+            const res = await fetch(url, {
+                method,
                 headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify(formData)
+                body: JSON.stringify(payload)
             });
             if (res.ok) {
-                const newUser = await res.json();
-                setUsers([...users, newUser]);
+                const updatedUser = await res.json();
+                if (modalMode === 'create') {
+                    setUsers([...users, updatedUser]);
+                }
+                else {
+                    setUsers(users.map(u => u._id === updatedUser._id ? updatedUser : u));
+                }
                 setIsModalOpen(false);
-                setFormData({ name: "", email: "", password: "", role: "editor" });
             }
             else {
                 const err = await res.json();
-                alert(err.error || "Failed to create user");
+                alert(err.error || `Failed to ${modalMode} user`);
             }
         }
         catch (err) {
-            alert("Network error while creating user");
+            alert("Network error occurred");
         }
         finally {
-            setIsCreating(false);
+            setIsProcessing(false);
         }
     };
     const copyToClipboard = () => {
@@ -74,15 +127,15 @@ export default function UserManagement({ locale = 'en' }) {
         setCopied(true);
         setTimeout(() => setCopied(false), 2000);
     };
-    const handleDelete = async (userId, userRole) => {
-        if (userRole === 'dev')
-            return alert("Cannot delete developer account.");
-        if (!confirm("Are you sure you want to delete this user?"))
+    const handleDelete = async (user) => {
+        if (!canActionUser(user))
+            return;
+        if (!confirm(`Are you certain you want to remove ${user.name}? This action is final.`))
             return;
         try {
-            const res = await fetch(`/api/users/${userId}`, { method: 'DELETE' });
+            const res = await fetch(`/api/users/${user._id}`, { method: 'DELETE' });
             if (res.ok)
-                setUsers(users.filter(u => u._id !== userId));
+                setUsers(users.filter(u => u._id !== user._id));
         }
         catch (err) {
             alert("Error deleting user.");
@@ -90,5 +143,24 @@ export default function UserManagement({ locale = 'en' }) {
     };
     const filteredUsers = users.filter(user => user.name?.toLowerCase().includes(searchTerm.toLowerCase()) ||
         user.email?.toLowerCase().includes(searchTerm.toLowerCase()));
-    return (_jsxs("div", { className: "h-full w-full rounded-[2.5rem] bg-dashboard-card dark:bg-neutral-900 p-8 overflow-y-auto", children: [_jsxs("div", { className: "flex flex-col md:flex-row md:items-center justify-between gap-6 mb-8", children: [_jsxs("div", { children: [_jsx("h1", { className: "text-3xl font-black text-dashboard-text uppercase tracking-tighter mb-2", children: "User Management" }), _jsx("p", { className: "text-sm text-dashboard-text-secondary", children: "Manage who has access to the dashboard." })] }), _jsxs("button", { onClick: () => { setIsModalOpen(true); generateTempPassword(); }, className: "inline-flex items-center gap-2 px-6 py-3 bg-primary text-white rounded-full text-[10px] font-black uppercase tracking-widest hover:bg-primary/90 transition-all shadow-lg shadow-primary/20", children: [_jsx(UserPlus, { size: 16 }), "New User"] })] }), _jsxs("div", { className: "bg-dashboard-bg dark:bg-neutral-800/50 rounded-2xl sm:rounded-[2rem] border border-dashboard-border overflow-hidden", children: [_jsxs("div", { className: "p-4 sm:p-6 border-b border-dashboard-border flex items-center justify-between", children: [_jsxs("div", { className: "relative w-full sm:w-72", children: [_jsx(Search, { className: "absolute left-3 top-1/2 -translate-y-1/2 text-dashboard-text-secondary", size: 16 }), _jsx("input", { type: "text", placeholder: "Search users...", value: searchTerm, onChange: (e) => setSearchTerm(e.target.value), className: "w-full pl-10 pr-4 py-2.5 bg-dashboard-card border border-dashboard-border rounded-lg text-sm outline-none focus:ring-2 focus:ring-primary/20 transition-all text-dashboard-text placeholder:text-dashboard-text-secondary" })] }), loading && _jsx(Loader2, { className: "animate-spin text-primary ml-4", size: 20 })] }), _jsx("div", { className: "hidden md:block overflow-x-auto", children: _jsxs("table", { className: "w-full text-left border-collapse", children: [_jsx("thead", { children: _jsxs("tr", { className: "text-[11px] font-bold text-dashboard-text-secondary uppercase tracking-widest border-b border-dashboard-border", children: [_jsx("th", { className: "px-8 py-4", children: "User" }), _jsx("th", { className: "px-8 py-4", children: "Role" }), _jsx("th", { className: "px-8 py-4", children: "Since" }), _jsx("th", { className: "px-8 py-4 text-right", children: "Actions" })] }) }), _jsx("tbody", { className: "divide-y divide-dashboard-border", children: filteredUsers.map((user) => (_jsxs("tr", { className: "group hover:bg-dashboard-card transition-colors", children: [_jsx("td", { className: "px-8 py-5", children: _jsxs("div", { className: "flex items-center gap-3", children: [_jsx("div", { className: "w-10 h-10 rounded-full bg-primary/10 text-primary flex items-center justify-center font-bold border border-primary/20", children: user.name?.[0] || 'U' }), _jsxs("div", { children: [_jsx("p", { className: "font-bold text-dashboard-text text-sm", children: user.name }), _jsx("p", { className: "text-xs text-dashboard-text-secondary", children: user.email })] })] }) }), _jsx("td", { className: "px-8 py-5", children: _jsxs("span", { className: `inline-flex items-center gap-1.5 px-3 py-1 rounded-full text-[10px] font-bold uppercase tracking-wider ${user.role === 'dev' ? 'bg-primary text-white' : 'bg-dashboard-bg text-dashboard-text'}`, children: [_jsx(Shield, { size: 10 }), " ", user.role] }) }), _jsx("td", { className: "px-8 py-5 text-sm text-dashboard-text-secondary", children: user.createdAt ? new Date(user.createdAt).toLocaleDateString() : '-' }), _jsx("td", { className: "px-8 py-5 text-right", children: _jsx("button", { onClick: () => handleDelete(user._id, user.role), className: "p-2 text-dashboard-text-secondary hover:text-red-500 transition-colors disabled:opacity-0", disabled: user.role === 'dev', children: _jsx(Trash2, { size: 16 }) }) })] }, user._id))) })] }) }), _jsx("div", { className: "md:hidden divide-y divide-dashboard-border", children: filteredUsers.map((user) => (_jsxs("div", { className: "p-5 space-y-4", children: [_jsxs("div", { className: "flex justify-between items-start", children: [_jsxs("div", { className: "flex items-center gap-3", children: [_jsx("div", { className: "w-10 h-10 rounded-full bg-primary/10 text-primary flex items-center justify-center font-bold border border-primary/20", children: user.name?.[0] || 'U' }), _jsxs("div", { className: "min-w-0", children: [_jsx("p", { className: "font-bold text-dashboard-text text-sm truncate", children: user.name }), _jsx("p", { className: "text-[11px] text-dashboard-text-secondary truncate", children: user.email })] })] }), _jsx("button", { onClick: () => handleDelete(user._id, user.role), className: `p-2 rounded-lg bg-red-50 dark:bg-red-950/20 text-red-400 ${user.role === 'dev' ? 'hidden' : 'block'}`, children: _jsx(Trash2, { size: 16 }) })] }), _jsxs("div", { className: "flex items-center justify-between pt-2 border-t border-dashboard-border", children: [_jsxs("span", { className: `inline-flex items-center gap-1.5 px-3 py-1 rounded-full text-[9px] font-black uppercase tracking-wider ${user.role === 'dev' ? 'bg-primary text-white' : 'bg-dashboard-bg text-dashboard-text'}`, children: [_jsx(Shield, { size: 10 }), " ", user.role] }), _jsxs("div", { className: "flex items-center gap-1.5 text-[10px] text-dashboard-text-secondary font-medium", children: [_jsx(Calendar, { size: 12 }), user.createdAt ? new Date(user.createdAt).toLocaleDateString() : '-'] })] })] }, user._id))) }), filteredUsers.length === 0 && !loading && (_jsx("div", { className: "p-12 text-center text-dashboard-text-secondary text-sm", children: "No users found matching your search." }))] }), isModalOpen && (_jsx("div", { className: "fixed inset-0 z-50 flex items-end sm:items-center justify-center p-0 sm:p-4 bg-black/40 backdrop-blur-sm animate-in fade-in duration-200", children: _jsxs("div", { className: "bg-dashboard-card w-full max-w-md rounded-t-[2.5rem] sm:rounded-[2.5rem] shadow-2xl overflow-hidden animate-in slide-in-from-bottom sm:zoom-in-95 duration-300 max-h-[90vh] overflow-y-auto border border-dashboard-border", children: [_jsxs("div", { className: "p-6 sm:p-8 bg-primary text-white flex justify-between items-center sticky top-0 z-10", children: [_jsx("h2", { className: "text-xl sm:text-2xl font-black uppercase tracking-tighter", children: "New User" }), _jsx("button", { onClick: () => setIsModalOpen(false), className: "hover:rotate-90 transition-transform p-2", children: _jsx(X, { size: 24 }) })] }), _jsxs("form", { onSubmit: handleCreateUser, className: "p-6 sm:p-8 space-y-5", children: [_jsxs("div", { className: "space-y-2", children: [_jsx("label", { className: "text-xs font-bold text-dashboard-text-secondary uppercase tracking-widest ml-1", children: "Name" }), _jsx("input", { required: true, className: "w-full px-5 py-3 bg-dashboard-bg border border-dashboard-border rounded-2xl focus:ring-2 focus:ring-primary outline-none text-sm transition-all text-dashboard-text", value: formData.name, onChange: e => setFormData({ ...formData, name: e.target.value }), placeholder: "e.g. John Doe" })] }), _jsxs("div", { className: "space-y-2", children: [_jsx("label", { className: "text-xs font-bold text-dashboard-text-secondary uppercase tracking-widest ml-1", children: "Email Address" }), _jsx("input", { required: true, type: "email", className: "w-full px-5 py-3 bg-dashboard-bg border border-dashboard-border rounded-2xl focus:ring-2 focus:ring-primary outline-none text-sm transition-all text-dashboard-text", value: formData.email, onChange: e => setFormData({ ...formData, email: e.target.value }), placeholder: "email@example.com" })] }), _jsxs("div", { className: "space-y-2", children: [_jsx("label", { className: "text-xs font-bold text-dashboard-text-secondary uppercase tracking-widest ml-1", children: "Temporary Password" }), _jsxs("div", { className: "relative", children: [_jsx("input", { required: true, type: showPassword ? "text" : "password", className: "w-full px-5 py-3 bg-dashboard-bg border border-dashboard-border rounded-2xl focus:ring-2 focus:ring-primary outline-none text-sm transition-all font-mono text-dashboard-text", value: formData.password, onChange: e => setFormData({ ...formData, password: e.target.value }) }), _jsxs("div", { className: "absolute right-3 top-1/2 -translate-y-1/2 flex items-center gap-1", children: [_jsx("button", { type: "button", onClick: () => setShowPassword(!showPassword), className: "p-1.5 text-dashboard-text-secondary hover:text-primary", children: showPassword ? _jsx(EyeOff, { size: 16 }) : _jsx(Eye, { size: 16 }) }), _jsx("button", { type: "button", onClick: copyToClipboard, className: "p-1.5 text-dashboard-text-secondary hover:text-primary", children: copied ? _jsx(Check, { size: 16, className: "text-emerald-500" }) : _jsx(Copy, { size: 16 }) })] })] }), _jsx("button", { type: "button", onClick: generateTempPassword, className: "text-[10px] text-primary font-bold uppercase tracking-wider hover:underline ml-1", children: "Generate new password" })] }), _jsxs("div", { className: "space-y-2", children: [_jsx("label", { className: "text-xs font-bold text-dashboard-text-secondary uppercase tracking-widest ml-1", children: "Role" }), _jsxs("div", { className: "relative", children: [_jsxs("select", { className: "w-full px-5 py-3 bg-dashboard-bg border border-dashboard-border rounded-2xl focus:ring-2 focus:ring-primary outline-none text-sm appearance-none cursor-pointer text-dashboard-text", value: formData.role, onChange: e => setFormData({ ...formData, role: e.target.value }), children: [_jsx("option", { value: "editor", children: "Editor (Content only)" }), _jsx("option", { value: "dev", children: "Developer" }), _jsx("option", { value: "admin", children: "Admin (All settings)" })] }), _jsx("div", { className: "absolute right-4 top-1/2 -translate-y-1/2 pointer-events-none text-dashboard-text-secondary", children: _jsx(Shield, { size: 16 }) })] })] }), _jsx("button", { type: "submit", disabled: isCreating, className: "w-full py-4 bg-primary text-white rounded-full text-[10px] font-black uppercase tracking-widest shadow-lg shadow-primary/20 hover:bg-primary/90 transition-all mt-4 flex items-center justify-center gap-2", children: isCreating ? _jsx(Loader2, { className: "animate-spin", size: 20 }) : "Add User" })] })] }) }))] }));
+    const getRoleStyles = (role) => {
+        switch (role) {
+            case 'dev': return 'bg-primary/20 text-primary border-primary/30 shadow-[0_0_20px_rgba(var(--color-primary),0.2)]';
+            case 'admin': return 'bg-emerald-500/20 text-emerald-500 border-emerald-500/30 shadow-[0_0_20px_rgba(16,185,129,0.1)]';
+            default: return 'bg-amber-500/20 text-amber-500 border-amber-500/30';
+        }
+    };
+    const permissions = {
+        dev: ['Full System Access', 'Kernel Management', 'Database Write', 'Ecosystem Logic', 'Security Protocol'],
+        admin: ['User Management', 'Content Orchestration', 'Settings Access', 'Analytical Review', 'Standard Security'],
+        editor: ['Content Creation', 'Media Management', 'Basic Settings', 'Public Preview']
+    };
+    const activeUser = filteredUsers[activeUserIdx] || filteredUsers[0];
+    return (_jsxs("div", { className: "h-full flex flex-col overflow-hidden bg-transparent", children: [_jsxs("div", { className: "shrink-0 p-8 lg:p-10 pb-6 border-b border-dashboard-border/30 bg-dashboard-card/20 backdrop-blur-md relative overflow-hidden", children: [_jsx("div", { className: "absolute top-0 right-0 w-1/3 h-full bg-gradient-to-l from-primary/10 to-transparent pointer-events-none" }), _jsxs("div", { className: "flex flex-col lg:flex-row lg:items-center justify-between gap-8 relative z-10", children: [_jsxs("div", { className: "space-y-4", children: [_jsxs("div", { className: "inline-flex items-center gap-2 px-4 py-1.5 rounded-full bg-primary/15 border border-primary/30 text-primary text-[10px] font-bold uppercase tracking-[0.2em] shadow-lg shadow-primary/5", children: [_jsx(Activity, { size: 14, className: "animate-pulse" }), _jsx("span", { children: "System Access Control" })] }), _jsxs("h1", { className: "text-5xl font-bold text-dashboard-text tracking-tight leading-none", children: ["User ", _jsx("span", { className: "text-primary italic", children: "Management" })] })] }), _jsxs("div", { className: "flex items-center gap-6", children: [_jsxs("div", { className: "flex flex-col items-end px-6 border-r border-dashboard-border/40", children: [_jsx("span", { className: "text-[10px] font-bold text-dashboard-text-secondary uppercase tracking-[0.3em] opacity-50 mb-1", children: "Team Members" }), _jsxs("div", { className: "flex items-center gap-3", children: [_jsxs("div", { className: "flex -space-x-3", children: [users.slice(0, 3).map((u, i) => (_jsx("div", { className: "size-8 rounded-full border-2 border-dashboard-card bg-primary flex items-center justify-center text-[10px] font-bold text-white shadow-xl overflow-hidden", children: u.image ? _jsx("img", { src: u.image, className: "size-full object-cover" }) : u.name[0] }, i))), users.length > 3 && (_jsxs("div", { className: "size-8 rounded-full border-2 border-dashboard-card bg-dashboard-card flex items-center justify-center text-[10px] font-bold text-dashboard-text-secondary", children: ["+", users.length - 3] }))] }), _jsx("span", { className: "text-2xl font-bold text-dashboard-text", children: users.length })] })] }), canManageEcosystem && (_jsxs("button", { onClick: handleOpenCreate, className: "group flex items-center gap-4 px-8 py-4 bg-primary text-white rounded-2xl text-xs font-bold uppercase tracking-widest shadow-2xl shadow-primary/30 hover:shadow-primary/50 hover:scale-105 active:scale-95 transition-all", children: [_jsx(UserPlus, { size: 20 }), _jsx("span", { children: "Add New User" })] }))] })] })] }), _jsxs("div", { className: "flex-1 flex overflow-hidden p-6 lg:p-8 gap-8", children: [_jsxs("aside", { className: "w-96 flex flex-col gap-6 shrink-0 h-full", children: [_jsxs("div", { className: "relative group", children: [_jsx(Search, { className: "absolute left-4 top-1/2 -translate-y-1/2 text-primary/40 group-focus-within:text-primary transition-colors", size: 18 }), _jsx("input", { type: "text", placeholder: "Search users...", value: searchTerm, onChange: (e) => setSearchTerm(e.target.value), className: "w-full pl-12 pr-6 py-3.5 bg-dashboard-card/40 border border-dashboard-border/40 rounded-2xl text-sm font-semibold outline-none focus:ring-2 focus:ring-primary/20 transition-all text-dashboard-text placeholder:text-dashboard-text-secondary/30" })] }), _jsx("div", { className: "flex-1 overflow-y-auto custom-scrollbar pr-2 space-y-3", children: _jsx(AnimatePresence, { mode: "popLayout", children: filteredUsers.map((user, index) => {
+                                        const isActive = activeUser?._id === user._id;
+                                        const isSelf = user.email === currentUserEmail;
+                                        return (_jsxs(motion.button, { onClick: () => setActiveUserIdx(index), initial: { opacity: 0, x: -20 }, animate: { opacity: 1, x: 0 }, className: `w-full text-left p-4 rounded-2xl border transition-all flex items-center gap-4 group ${isActive
+                                                ? 'bg-primary text-white border-primary shadow-xl shadow-primary/20'
+                                                : 'bg-dashboard-card/30 border-dashboard-border/40 hover:border-primary/40 text-dashboard-text'}`, children: [_jsx("div", { className: `size-12 rounded-xl flex items-center justify-center font-bold text-white shrink-0 shadow-lg ${isActive ? 'bg-white/20' : 'bg-primary'}`, children: user.image ? _jsx("img", { src: user.image, className: "size-full object-cover rounded-xl" }) : user.name[0].toUpperCase() }), _jsxs("div", { className: "flex-1 min-w-0", children: [_jsxs("div", { className: "flex items-center gap-2", children: [_jsx("span", { className: `block text-sm font-bold truncate ${isActive ? 'text-white' : 'text-dashboard-text'}`, children: user.name }), isSelf && _jsx("span", { className: "size-1.5 rounded-full bg-emerald-400 animate-pulse" })] }), _jsx("span", { className: `block text-[10px] font-medium uppercase tracking-wider opacity-60 truncate ${isActive ? 'text-white' : 'text-dashboard-text-secondary'}`, children: user.role })] }), _jsx(ChevronRight, { size: 16, className: `transition-transform ${isActive ? 'translate-x-1 opacity-100' : 'opacity-0 group-hover:opacity-40'}` })] }, user._id));
+                                    }) }) })] }), _jsx("main", { className: "flex-1 min-w-0 h-full", children: _jsx(AnimatePresence, { mode: "wait", children: activeUser ? (_jsxs(motion.div, { initial: { opacity: 0, scale: 0.98 }, animate: { opacity: 1, scale: 1 }, className: "h-full bg-dashboard-card/40 backdrop-blur-2xl rounded-[2.5rem] border border-dashboard-border/40 overflow-hidden flex flex-col relative", children: [_jsx("div", { className: "absolute top-0 right-0 w-full h-64 bg-gradient-to-b from-primary/10 to-transparent pointer-events-none" }), _jsxs("div", { className: "flex-1 overflow-y-auto custom-scrollbar p-10 space-y-12 relative z-10", children: [_jsxs("div", { className: "flex items-center gap-10", children: [_jsxs("div", { className: "relative", children: [_jsx("div", { className: "size-32 rounded-[2.5rem] bg-primary flex items-center justify-center text-4xl font-bold text-white shadow-2xl shadow-primary/30 overflow-hidden", children: activeUser.image ? _jsx("img", { src: activeUser.image, className: "size-full object-cover" }) : activeUser.name[0].toUpperCase() }), _jsx("div", { className: "absolute -bottom-2 -right-2 p-3 bg-dashboard-card border border-dashboard-border rounded-2xl shadow-xl", children: activeUser.role === 'dev' ? _jsx(ShieldCheck, { className: "text-primary", size: 24 }) : _jsx(Shield, { className: "text-emerald-500", size: 24 }) })] }), _jsxs("div", { className: "space-y-3", children: [_jsxs("div", { className: "flex items-center gap-4", children: [_jsx("h2", { className: "text-4xl font-bold text-dashboard-text tracking-tight uppercase italic", children: activeUser.name }), activeUser.email === currentUserEmail && (_jsx("span", { className: "px-3 py-1 bg-emerald-500/10 text-emerald-500 text-[10px] font-bold uppercase tracking-widest rounded-lg border border-emerald-500/20", children: "Active Session" }))] }), _jsxs("div", { className: "flex items-center gap-6 text-sm text-dashboard-text-secondary/70", children: [_jsxs("div", { className: "flex items-center gap-2", children: [_jsx(Mail, { size: 16, className: "text-primary/60" }), activeUser.email] }), _jsxs("div", { className: "flex items-center gap-2", children: [_jsx(Calendar, { size: 16, className: "text-primary/60" }), "Joined ", new Date(activeUser.createdAt).toLocaleDateString()] })] }), _jsxs("div", { className: `inline-flex items-center px-4 py-1.5 rounded-full border text-[10px] font-bold uppercase tracking-[0.2em] ${getRoleStyles(activeUser.role)}`, children: [activeUser.role, " Account"] })] })] }), _jsxs("div", { className: "grid grid-cols-1 lg:grid-cols-2 gap-8", children: [_jsxs("div", { className: "space-y-6", children: [_jsx("h4", { className: "text-[10px] font-bold text-primary uppercase tracking-[0.3em] ml-1", children: "Account Permissions" }), _jsx("div", { className: "space-y-3", children: permissions[activeUser.role].map((perm, i) => (_jsxs("div", { className: "flex items-center gap-4 p-4 bg-dashboard-bg/40 border border-dashboard-border/30 rounded-2xl group hover:border-primary/40 transition-all", children: [_jsx("div", { className: "size-2 rounded-full bg-primary/40 group-hover:bg-primary shadow-[0_0_8px_rgba(var(--color-primary),0.5)] transition-all" }), _jsx("span", { className: "text-sm font-semibold text-dashboard-text/90", children: perm }), _jsx(Check, { size: 14, className: "ml-auto text-emerald-500" })] }, i))) })] }), _jsxs("div", { className: "space-y-6", children: [_jsx("h4", { className: "text-[10px] font-bold text-primary uppercase tracking-[0.3em] ml-1", children: "Account Actions" }), _jsxs("div", { className: "bg-dashboard-bg/40 border border-dashboard-border/30 rounded-3xl p-8 space-y-8 h-fit", children: [_jsx("p", { className: "text-xs text-dashboard-text-secondary leading-relaxed font-medium", children: "Manage this user's details, password, and access level within your dashboard." }), _jsx("div", { className: "flex flex-col gap-3", children: canActionUser(activeUser) ? (_jsxs(_Fragment, { children: [_jsxs("button", { onClick: () => handleOpenEdit(activeUser), className: "w-full flex items-center justify-center gap-3 py-4 bg-dashboard-card border border-dashboard-border/60 rounded-2xl text-xs font-bold uppercase tracking-widest text-dashboard-text hover:bg-primary hover:text-white hover:border-primary transition-all active:scale-[0.98]", children: [_jsx(Edit2, { size: 16 }), "Edit User Details"] }), _jsxs("button", { onClick: () => handleDelete(activeUser), className: "w-full flex items-center justify-center gap-3 py-4 bg-red-500/10 border border-red-500/20 rounded-2xl text-xs font-bold uppercase tracking-widest text-red-500 hover:bg-red-500 hover:text-white transition-all active:scale-[0.98]", children: [_jsx(Trash2, { size: 16 }), "Remove User"] })] })) : (_jsxs("div", { className: "p-6 rounded-2xl bg-neutral-500/5 border border-dashed border-neutral-500/20 text-center", children: [_jsx(Shield, { size: 24, className: "mx-auto mb-3 text-neutral-500/40" }), _jsx("span", { className: "text-[10px] font-bold text-neutral-500 uppercase tracking-widest", children: "Protected Account" })] })) })] })] })] })] })] }, activeUser._id)) : (_jsx("div", { className: "h-full flex items-center justify-center bg-dashboard-card/20 rounded-[2.5rem] border border-dashed border-dashboard-border/40", children: _jsxs("div", { className: "text-center space-y-4", children: [_jsx("div", { className: "size-20 bg-primary/10 rounded-3xl flex items-center justify-center mx-auto text-primary/40", children: _jsx(Users, { size: 40 }) }), _jsx("p", { className: "text-sm font-bold text-dashboard-text-secondary uppercase tracking-widest", children: "Select a node to inspect" })] }) })) }) })] }), _jsx(AnimatePresence, { children: isModalOpen && (_jsx("div", { className: "fixed inset-0 z-50 flex items-center justify-center p-4 sm:p-6 bg-black/40 backdrop-blur-md", children: _jsxs(motion.div, { initial: { opacity: 0, scale: 0.95, y: 10 }, animate: { opacity: 1, scale: 1, y: 0 }, exit: { opacity: 0, scale: 0.95, y: 10 }, className: "bg-dashboard-card/90 backdrop-blur-2xl w-full max-w-md rounded-[2rem] shadow-2xl overflow-hidden flex flex-col max-h-[90vh] border border-dashboard-border/40", children: [_jsxs("div", { className: "p-8 pb-4 flex justify-between items-center shrink-0", children: [_jsxs("div", { children: [_jsx("h2", { className: "text-2xl font-bold text-dashboard-text tracking-tight leading-none mb-2", children: modalMode === 'create' ? 'New Account' : 'Update Account' }), _jsx("p", { className: "text-[10px] font-bold text-primary uppercase tracking-widest opacity-80", children: modalMode === 'create' ? 'Define identity and permissions' : `Modifying ${selectedUser?.name}` })] }), _jsx("button", { onClick: () => setIsModalOpen(false), className: "hover:text-red-500 transition-all p-2 bg-dashboard-bg/50 rounded-xl border border-dashboard-border/40 active:scale-90", children: _jsx(X, { size: 20 }) })] }), _jsxs("form", { onSubmit: handleSubmit, className: "flex-1 overflow-y-auto px-8 pb-8 space-y-6 custom-scrollbar", children: [_jsxs("div", { className: "space-y-2", children: [_jsx("label", { className: "text-[10px] font-bold text-dashboard-text-secondary uppercase tracking-widest ml-1 opacity-60", children: "Account Identity" }), _jsxs("div", { className: "relative group", children: [_jsx(UserCircle, { className: "absolute left-4 top-1/2 -translate-y-1/2 text-dashboard-text-secondary/40 group-focus-within:text-primary transition-colors", size: 18 }), _jsx("input", { required: true, className: "w-full pl-12 pr-6 py-3 bg-dashboard-bg/50 border border-dashboard-border/40 rounded-xl focus:ring-2 focus:ring-primary/20 focus:border-primary/30 outline-none text-sm font-semibold transition-all text-dashboard-text", value: formData.name, onChange: e => setFormData({ ...formData, name: e.target.value }), placeholder: "e.g. Sarah Jenkins" })] })] }), _jsxs("div", { className: "space-y-2", children: [_jsx("label", { className: "text-[10px] font-bold text-dashboard-text-secondary uppercase tracking-widest ml-1 opacity-60", children: "Email Endpoint" }), _jsxs("div", { className: "relative group", children: [_jsx(Mail, { className: "absolute left-4 top-1/2 -translate-y-1/2 text-dashboard-text-secondary/40 group-focus-within:text-primary transition-colors", size: 18 }), _jsx("input", { required: true, type: "email", className: "w-full pl-12 pr-6 py-3 bg-dashboard-bg/50 border border-dashboard-border/40 rounded-xl focus:ring-2 focus:ring-primary/20 focus:border-primary/30 outline-none text-sm font-semibold transition-all text-dashboard-text", value: formData.email, onChange: e => setFormData({ ...formData, email: e.target.value }), placeholder: "sarah@yourteam.com" })] })] }), _jsxs("div", { className: "space-y-2", children: [_jsx("label", { className: "text-[10px] font-bold text-dashboard-text-secondary uppercase tracking-widest ml-1 opacity-60", children: modalMode === 'create' ? 'Security Credentials' : 'New Password (Optional)' }), _jsxs("div", { className: "relative group", children: [_jsx(Key, { className: "absolute left-4 top-1/2 -translate-y-1/2 text-dashboard-text-secondary/40 group-focus-within:text-primary transition-colors", size: 18 }), _jsx("input", { required: modalMode === 'create', type: showPassword ? "text" : "password", className: "w-full pl-12 pr-28 py-3 bg-dashboard-bg/50 border border-dashboard-border/40 rounded-xl focus:ring-2 focus:ring-primary/20 focus:border-primary/30 outline-none text-sm font-mono font-bold transition-all text-dashboard-text", value: formData.password, onChange: e => setFormData({ ...formData, password: e.target.value }), placeholder: modalMode === 'edit' ? "Keep current" : "" }), _jsxs("div", { className: "absolute right-3 top-1/2 -translate-y-1/2 flex items-center gap-1.5", children: [_jsx("button", { type: "button", onClick: () => setShowPassword(!showPassword), className: "p-1.5 text-dashboard-text-secondary/60 hover:text-primary transition-colors bg-dashboard-card/50 rounded-lg border border-dashboard-border/40", children: showPassword ? _jsx(EyeOff, { size: 14 }) : _jsx(Eye, { size: 14 }) }), _jsx("button", { type: "button", onClick: copyToClipboard, className: "p-1.5 text-dashboard-text-secondary/60 hover:text-primary transition-colors bg-dashboard-card/50 rounded-lg border border-dashboard-border/40", children: copied ? _jsx(Check, { size: 14, className: "text-emerald-500" }) : _jsx(Copy, { size: 14 }) })] })] }), _jsxs("button", { type: "button", onClick: generateTempPassword, className: "text-[9px] text-primary/80 font-bold uppercase tracking-widest hover:text-primary transition-colors ml-1 flex items-center gap-2", children: [_jsx(Key, { size: 10 }), " Auto-generate secure protocol"] })] }), _jsxs("div", { className: "space-y-2", children: [_jsx("label", { className: "text-[10px] font-bold text-dashboard-text-secondary uppercase tracking-widest ml-1 opacity-60", children: "Access Configuration" }), _jsxs("div", { className: "relative", children: [_jsxs("select", { className: "w-full px-5 py-3 bg-dashboard-bg/50 border border-dashboard-border/40 rounded-xl focus:ring-2 focus:ring-primary/20 focus:border-primary/30 outline-none text-xs font-bold uppercase tracking-wider appearance-none cursor-pointer text-dashboard-text", value: formData.role, onChange: e => setFormData({ ...formData, role: e.target.value }), children: [_jsx("option", { value: "editor", children: "Content Editor" }), _jsx("option", { value: "admin", children: "System Administrator" }), currentUserRole === 'dev' && _jsx("option", { value: "dev", children: "Technical Developer" })] }), _jsx("div", { className: "absolute right-5 top-1/2 -translate-y-1/2 pointer-events-none text-primary/60", children: _jsx(Shield, { size: 16 }) })] })] }), _jsx("button", { type: "submit", disabled: isProcessing, className: "group relative w-full py-4 bg-primary text-white rounded-xl text-xs font-bold uppercase tracking-widest overflow-hidden transition-all shadow-lg shadow-primary/20 hover:scale-[1.01] active:scale-95 flex items-center justify-center gap-3 mt-4", children: isProcessing ? _jsx(Loader2, { className: "animate-spin relative z-10", size: 18 }) : (_jsxs(_Fragment, { children: [modalMode === 'create' ? _jsx(UserPlus, { size: 18, className: "relative z-10" }) : _jsx(Edit2, { size: 18, className: "relative z-10" }), _jsx("span", { className: "relative z-10", children: modalMode === 'create' ? 'Initialize Account' : 'Commit Updates' })] })) })] })] }) })) })] }));
 }

package/package.json

@@ -1,17 +1,17 @@
 {
   "name": "@jhits/plugin-users",
-  "version": "0.0.14",
+  "version": "0.0.15",
   "description": "User management and authentication plugin for the JHITS ecosystem",
   "publishConfig": {
     "access": "public"
   },
-  "main": "./src/index.ts",
-  "types": "./src/index.ts",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
   "exports": {
     ".": {
-      "types": "./src/index.tsx",
-      "import": "./src/index.tsx",
-      "default": "./src/index.tsx"
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "default": "./dist/index.js"
     },
     "./src": {
       "types": "./src/index.tsx",
@@ -19,9 +19,9 @@
       "default": "./src/index.tsx"
     },
     "./server": {
-      "types": "./src/index.server.ts",
-      "import": "./src/index.server.ts",
-      "default": "./src/index.server.ts"
+      "types": "./dist/index.server.d.ts",
+      "import": "./dist/index.server.js",
+      "default": "./dist/index.server.js"
     }
   },
   "dependencies": {

package/src/api/router.ts

@@ -36,7 +36,7 @@ export async function handleUsersApi(
 
         // Route: /api/auth/[...nextauth] - NextAuth routes
         const isNextAuthRoute = route === '' || 
-            ['session', 'signin', 'signout', 'callback', 'csrf', 'providers', 'error'].includes(route);
+            ['session', 'signin', 'signout', 'callback', 'csrf', 'providers', 'error', '_log'].includes(route);
         
         if (isNextAuthRoute) {
             const nextauthPath = path;
@@ -72,6 +72,24 @@ export async function handleUsersApi(
             }
         }
 
+        // Route: /api/plugin-users/bootstrap (Initial Setup)
+        if (route === 'bootstrap' && method === 'POST') {
+            const { BOOTSTRAP_USER } = await import('./users');
+            return await BOOTSTRAP_USER(req, config);
+        }
+
+        // Route: /api/plugin-users/setup-status (Check if setup is needed)
+        if (route === 'setup-status') {
+            const { CHECK_SETUP_STATUS } = await import('./users');
+            return await CHECK_SETUP_STATUS(req, config);
+        }
+
+        // Route: /api/plugin-users/setup-request (Generate temporary key)
+        if (route === 'setup-request') {
+            const { REQUEST_SETUP_KEY } = await import('./users');
+            return await REQUEST_SETUP_KEY(req, config);
+        }
+
         return NextResponse.json(
             { error: `Method ${method} not allowed for route: ${route || '/'}` },
             { status: 405 }

package/src/api/users.ts

@@ -206,3 +206,109 @@ export async function DELETE_USER(
     }
 }
 
+/**
+ * POST /api/plugin-users/setup-request - Generate a temporary setup key
+ */
+export async function REQUEST_SETUP_KEY(req: NextRequest, config: UsersApiConfig): Promise<NextResponse> {
+    if (process.env.NODE_ENV !== 'development') {
+        return NextResponse.json({ error: 'Not available' }, { status: 403 });
+    }
+
+    const key = Math.random().toString(36).substring(2, 8).toUpperCase();
+    const expiry = Date.now() + 60000; // 1 minute
+
+    // Store in global shared store to persist across federated module re-evaluations
+    const g = globalThis as any;
+    if (g.__JHITS_SETUP_STORE__) {
+        g.__JHITS_SETUP_STORE__.key = key;
+        g.__JHITS_SETUP_STORE__.expiry = expiry;
+    } else {
+        // Fallback if provider didn't run yet
+        g.__JHITS_SETUP_STORE__ = { key, expiry };
+    }
+
+    console.log('\n\x1b[41m\x1b[37m [SECURITY] BOOTSTRAP ACCESS REQUESTED \x1b[0m');
+    console.log(`\x1b[31m Temporary Setup Key: \x1b[1m${key}\x1b[0m`);
+    console.log('\x1b[31m This key will expire in 60 seconds.\x1b[0m\n');
+
+    return NextResponse.json({ message: 'Key generated and logged to console' });
+}
+
+/**
+ * GET /api/plugin-users/setup-status - Check if any users exist
+ */
+export async function CHECK_SETUP_STATUS(req: NextRequest, config: UsersApiConfig): Promise<NextResponse> {
+    try {
+        const dbConnection = await config.getDb();
+        const db = dbConnection.db();
+        const users = db.collection(config.collectionName || 'users');
+        const count = await users.countDocuments();
+        
+        return NextResponse.json({ 
+            needsSetup: count === 0,
+            isDev: process.env.NODE_ENV === 'development'
+        });
+    } catch (err) {
+        return NextResponse.json({ needsSetup: false, error: 'DB connection failed' });
+    }
+}
+
+/**
+ * POST /api/plugin-users/bootstrap - Create first admin via secret key
+ */
+export async function BOOTSTRAP_USER(req: NextRequest, config: UsersApiConfig): Promise<NextResponse> {
+    try {
+        const { email, name, password, setupKey } = await req.json();
+        
+        // Security check: validate dynamic key from shared store
+        const g = globalThis as any;
+        const store = g.__JHITS_SETUP_STORE__ || {};
+        const systemSetupKey = store.key;
+        const systemExpiry = store.expiry;
+
+        if (!systemSetupKey || !setupKey || setupKey !== systemSetupKey) {
+            return NextResponse.json({ error: 'Invalid or missing setup key' }, { status: 403 });
+        }
+
+        if (Date.now() > systemExpiry) {
+            if (g.__JHITS_SETUP_STORE__) g.__JHITS_SETUP_STORE__.key = null; 
+            return NextResponse.json({ error: 'Setup key has expired' }, { status: 403 });
+        }
+
+        // Invalidate key immediately after use
+        if (g.__JHITS_SETUP_STORE__) g.__JHITS_SETUP_STORE__.key = null;
+
+        const dbConnection = await config.getDb();
+        const db = dbConnection.db();
+        const users = db.collection(config.collectionName || 'users');
+
+        // Check if any admin already exists (double check)
+        const adminExists = await users.findOne({ role: 'admin' });
+        if (adminExists && process.env.NODE_ENV !== 'development') {
+            return NextResponse.json({ error: 'System already has an administrator' }, { status: 400 });
+        }
+
+        // Hash the password
+        const hashedPassword = await bcrypt.hash(password, 12);
+
+        // Save to DB
+        const result = await users.insertOne({
+            email,
+            name,
+            role: 'admin',
+            password: hashedPassword,
+            createdAt: new Date(),
+        });
+
+        return NextResponse.json({
+            message: 'Bootstrap successful',
+            _id: result.insertedId,
+            email,
+            role: 'admin'
+        }, { status: 201 });
+    } catch (err: any) {
+        console.error('[UsersAPI] Bootstrap error:', err);
+        return NextResponse.json({ error: 'Bootstrap failed', detail: err.message }, { status: 500 });
+    }
+}
+

package/src/index.tsx

@@ -5,13 +5,7 @@ import UserManagement from './views/UserManagement';
 
 // User Management Plugin - Always enabled by default
 export const Index: React.FC<any> = ({ subPath = [], siteId, locale: dashboardLocale = 'en' }) => {
-    return (
-        <div className="w-full h-full flex flex-col overflow-hidden">
-            <div className="flex-1 overflow-y-auto">
-                <UserManagement locale={dashboardLocale} />
-            </div>
-        </div>
-    );
+    return <UserManagement locale={dashboardLocale} />;
 };
 
 export default Index;