npm - @logboard/cli - Versions diffs - 1.0.0 - Mend

@logboard/cli 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (114) hide show

package/.env.example +37 -0
package/README.md +200 -0
package/bin/logboard +536 -0
package/client/logger.js +309 -0
package/config/index.js +142 -0
package/config.js +2 -0
package/controllers/AnalyticsController.js +46 -0
package/controllers/ApiAnalyticsController.js +129 -0
package/controllers/ApiKeyController.js +58 -0
package/controllers/AuthController.js +131 -0
package/controllers/HealthController.js +56 -0
package/controllers/LogController.js +197 -0
package/controllers/OrgController.js +152 -0
package/controllers/RoleConfigController.js +20 -0
package/controllers/SettingsController.js +39 -0
package/controllers/StreamController.js +55 -0
package/controllers/UiController.js +789 -0
package/controllers/UserController.js +79 -0
package/lib/batchWriter.js +57 -0
package/lib/cleanup.js +67 -0
package/lib/ejs.js +103 -0
package/lib/emitter.js +5 -0
package/lib/healthMonitor.js +245 -0
package/lib/logger.js +21 -0
package/lib/streams.js +32 -0
package/lib/theme.js +77 -0
package/lib/userStore.js +13 -0
package/lib/utils.js +44 -0
package/middleware/apiKey.js +82 -0
package/middleware/auth.js +55 -0
package/middleware/ipWhitelist.js +59 -0
package/middleware/org.js +85 -0
package/middleware/pageAccess.js +20 -0
package/middleware/rateLimit.js +29 -0
package/middleware/roles.js +11 -0
package/package.json +77 -0
package/routes/alerts.js +18 -0
package/routes/analytics.js +26 -0
package/routes/api-analytics.js +30 -0
package/routes/api-keys.js +12 -0
package/routes/archive.js +91 -0
package/routes/audit.js +50 -0
package/routes/auth.js +22 -0
package/routes/bookmarks.js +13 -0
package/routes/health.js +11 -0
package/routes/logs.js +88 -0
package/routes/metrics.js +66 -0
package/routes/notifications.js +14 -0
package/routes/orgs.js +98 -0
package/routes/registration.js +202 -0
package/routes/role-config.js +97 -0
package/routes/saved-searches.js +12 -0
package/routes/server.js +151 -0
package/routes/settings.js +28 -0
package/routes/status.js +21 -0
package/routes/stream.js +11 -0
package/routes/super.js +129 -0
package/routes/ui.js +120 -0
package/routes/users.js +13 -0
package/server.js +172 -0
package/services/AlertRulesService.js +323 -0
package/services/AnalyticsService.js +665 -0
package/services/ApiAnalyticsService.js +471 -0
package/services/ApiKeyService.js +166 -0
package/services/AuditService.js +249 -0
package/services/AuthService.js +234 -0
package/services/BookmarkService.js +49 -0
package/services/GlobalSettingsService.js +44 -0
package/services/LogService.js +1066 -0
package/services/MetricsService.js +116 -0
package/services/NotificationService.js +70 -0
package/services/OrgService.js +217 -0
package/services/ReportService.js +247 -0
package/services/RoleConfigService.js +201 -0
package/services/SavedSearchService.js +63 -0
package/services/SettingsService.js +220 -0
package/services/UserService.js +121 -0
package/setup.js +132 -0
package/views/404.ejs +8 -0
package/views/alerts.ejs +190 -0
package/views/analytics.ejs +209 -0
package/views/api-analytics.ejs +660 -0
package/views/api-keys.ejs +150 -0
package/views/archive.ejs +123 -0
package/views/audit.ejs +314 -0
package/views/bookmarks.ejs +54 -0
package/views/custom-dashboard.ejs +162 -0
package/views/dashboard.ejs +186 -0
package/views/diff.ejs +98 -0
package/views/health.ejs +269 -0
package/views/heatmap.ejs +126 -0
package/views/insights.ejs +334 -0
package/views/invite.ejs +74 -0
package/views/live.ejs +299 -0
package/views/login.ejs +64 -0
package/views/logo.png +0 -0
package/views/logs.ejs +754 -0
package/views/notifications.ejs +58 -0
package/views/partials/head.ejs +282 -0
package/views/partials/sidebar.ejs +168 -0
package/views/register.ejs +100 -0
package/views/roles.ejs +279 -0
package/views/saved-searches.ejs +51 -0
package/views/service-map.ejs +142 -0
package/views/settings.ejs +1159 -0
package/views/sidebar.ejs +129 -0
package/views/status.ejs +100 -0
package/views/super-admin-admins.ejs +58 -0
package/views/super-admin-analytics.ejs +49 -0
package/views/super-admin-orgs.ejs +310 -0
package/views/super-admin-profile.ejs +77 -0
package/views/super-admin-settings.ejs +108 -0
package/views/super-admin-system.ejs +46 -0
package/views/users.ejs +153 -0

package/services/RoleConfigService.js ADDED Viewed

@@ -0,0 +1,201 @@
+'use strict';
+const fsP = require('fs').promises;
+const ALL_PAGES = [
+	{ id: 'dashboard', label: 'Dashboard' },
+	{ id: 'logs', label: 'Logs' },
+	{ id: 'live', label: 'Live Stream' },
+	{ id: 'insights', label: 'Insights' },
+	{ id: 'health', label: 'Health' },
+	{ id: 'users', label: 'User Management', adminOnly: true },
+	{ id: 'api-keys', label: 'API Keys', adminOnly: true },
+	{ id: 'settings', label: 'Settings', adminOnly: true },
+	{ id: 'roles', label: 'Role Config', adminOnly: true },
+	{ id: 'alerts', label: 'Alert Rules', adminOnly: true },
+	{ id: 'audit', label: 'Audit Log', adminOnly: true },
+	{ id: 'archive', label: 'Log Archive', adminOnly: true },
+	{ id: 'status', label: 'Public Status', alwaysOn: true },
+];
+const ALL_CARDS = [
+	{ id: 'stat-logs', label: 'Logs Today', section: 'Dashboard Stats' },
+	{ id: 'stat-errors', label: 'Errors Today', section: 'Dashboard Stats' },
+	{ id: 'stat-services', label: 'Services Count', section: 'Dashboard Stats' },
+	{ id: 'stat-errorrate', label: 'Error Rate', section: 'Dashboard Stats' },
+	{ id: 'chart-hourly', label: 'Hourly Volume', section: 'Dashboard Charts' },
+	{ id: 'chart-services', label: 'Top Services', section: 'Dashboard Charts' },
+	{ id: 'recent-errors', label: 'Recent Errors', section: 'Dashboard Tables' },
+	{ id: 'ins-stats', label: 'Log Level Stats', section: 'Insights - Logs' },
+	{ id: 'ins-hourly', label: 'Log Hourly Chart', section: 'Insights - Logs' },
+	{ id: 'ins-donut', label: 'Level Distribution', section: 'Insights - Logs' },
+	{ id: 'ins-trend', label: '7-Day Trend', section: 'Insights - Logs' },
+	{
+		id: 'ins-services',
+		label: 'Top Services Table',
+		section: 'Insights - Logs',
+	},
+	{ id: 'api-stats', label: 'API Stat Cards', section: 'Insights - API' },
+	{ id: 'api-hourly', label: 'API Hourly Chart', section: 'Insights - API' },
+	{ id: 'api-status', label: 'Status Distribution', section: 'Insights - API' },
+	{ id: 'api-slowest', label: 'Slowest Endpoints', section: 'Insights - API' },
+	{ id: 'api-endpoints', label: 'Endpoints Table', section: 'Insights - API' },
+	{ id: 'api-errors', label: 'Error Hot-spots', section: 'Insights - API' },
+	{ id: 'api-trend', label: 'Trend Analysis', section: 'Insights - API' },
+];
+const BUILT_IN = {
+	admin: {
+		label: 'Administrator',
+		color: '#6366f1',
+		isBuiltIn: true,
+		pages: ALL_PAGES.map((p) => p.id),
+		cards: ALL_CARDS.map((c) => c.id),
+	},
+	viewer: {
+		label: 'Viewer',
+		color: '#22c55e',
+		isBuiltIn: true,
+		pages: ['dashboard', 'logs', 'live', 'insights'],
+		cards: [
+			'stat-logs',
+			'stat-errors',
+			'chart-hourly',
+			'recent-errors',
+			'ins-stats',
+			'ins-hourly',
+			'ins-donut',
+			'ins-trend',
+		],
+	},
+};
+class RoleConfigService {
+	constructor (org) {
+		this._org = org || null;
+		this._rolesFile
+      = org && org.rolesFile ? org.rolesFile : require('../config').ROLES_FILE;
+	}
+	static ALL_PAGES = ALL_PAGES;
+	static ALL_CARDS = ALL_CARDS;
+	async getRoles () {
+		try {
+			const file = JSON.parse(await fsP.readFile(this._rolesFile, 'utf8'));
+			// Merge built-ins with file (file can override built-in pages/cards)
+			const merged = { ...BUILT_IN };
+			for (const [name, def] of Object.entries(file)) {
+				merged[name] = { ...BUILT_IN[name], ...def };
+			}
+			return merged;
+		} catch (e) {
+			if (e.code === 'ENOENT') {
+				return { ...BUILT_IN };
+			}
+			throw e;
+		}
+	}
+	async getRoleConfig (role) {
+		const roles = await this.getRoles();
+		return roles[role] || roles.viewer;
+	}
+	async canAccessPage (role, pageId) {
+		const cfg = await this.getRoleConfig(role);
+		return Array.isArray(cfg.pages) && cfg.pages.includes(pageId);
+	}
+	async getAllowedPages (role) {
+		const cfg = await this.getRoleConfig(role);
+		return Array.isArray(cfg.pages) ? cfg.pages : [];
+	}
+	async getAllowedCards (role) {
+		const cfg = await this.getRoleConfig(role);
+		return Array.isArray(cfg.cards) ? cfg.cards : [];
+	}
+	async saveRoles (roles) {
+		await fsP.writeFile(
+			this._rolesFile,
+			JSON.stringify(roles, null, 2),
+			'utf8',
+		);
+		return roles;
+	}
+	async upsertRole (name, def) {
+		if (!name || !/^[a-zA-Z0-9_-]{2,32}$/.test(name)) {
+			throw Object.assign(new Error('Role name 2-32 chars alphanumeric/_-'), {
+				status: 400,
+			});
+		}
+		const roles = await this.getRoles();
+		const existing = roles[name] || {};
+		roles[name] = {
+			...existing,
+			label: def.label || existing.label || name,
+			color: def.color || existing.color || '#6b7280',
+			isBuiltIn: existing.isBuiltIn || false,
+			pages: Array.isArray(def.pages) ? def.pages : existing.pages || [],
+			cards: Array.isArray(def.cards) ? def.cards : existing.cards || [],
+			allowedApps: Array.isArray(def.allowedApps)
+				? def.allowedApps
+				: existing.allowedApps || [],
+		};
+		await this.saveRoles(roles);
+		return roles[name];
+	}
+	async deleteRole (name) {
+		if (name === 'admin' || name === 'viewer') {
+			throw Object.assign(new Error('Cannot delete built-in roles'), {
+				status: 400,
+			});
+		}
+		const roles = await this.getRoles();
+		if (!roles[name]) {
+			throw Object.assign(new Error('Role not found'), { status: 404 });
+		}
+		delete roles[name];
+		await this.saveRoles(roles);
+	}
+	/**
+   * Returns the list of appNames a role can access in Logs.
+   * Empty array = can see ALL apps (default for admin/viewer).
+   */
+	async getAllowedApps (role) {
+		const roles = await this.getRoles();
+		const r = roles[role];
+		if (!r) {
+			return [];
+		} // unknown role → no access
+		if (role === 'admin' || role === 'super-admin') {
+			return [];
+		} // admins see all
+		return Array.isArray(r.allowedApps) ? r.allowedApps : [];
+	}
+	/**
+   * Set the allowed apps for a role (empty = all).
+   */
+	async setAllowedApps (roleName, appNames) {
+		const roles = await this.getRoles();
+		if (!roles[roleName]) {
+			throw Object.assign(new Error('Role not found'), { status: 404 });
+		}
+		roles[roleName].allowedApps = Array.isArray(appNames)
+			? appNames.filter((a) => typeof a === 'string')
+			: [];
+		await require('fs').promises.writeFile(
+			require('../config').ROLES_FILE,
+			JSON.stringify(roles, null, 2),
+			'utf8',
+		);
+		return roles[roleName];
+	}
+}
+module.exports = { RoleConfigService, ALL_PAGES, ALL_CARDS };

package/services/SavedSearchService.js ADDED Viewed

@@ -0,0 +1,63 @@
+'use strict';
+const fsP = require('fs').promises;
+const path = require('path');
+const crypto = require('crypto');
+const config = require('../config');
+const FILE = path.join(config.DATA_DIR, 'saved-searches.json');
+class SavedSearchService {
+	async _load () {
+		try {
+			return JSON.parse(await fsP.readFile(FILE, 'utf8'));
+		} catch {
+			return {};
+		}
+	}
+	async _save (obj) {
+		await fsP.writeFile(FILE, JSON.stringify(obj, null, 2), 'utf8');
+	}
+	async getAll (username) {
+		const db = await this._load();
+		return (db[username] || []).sort(
+			(a, b) => new Date(b.createdAt) - new Date(a.createdAt),
+		);
+	}
+	async create (username, { name, service, date, level, q, fromTime, toTime }) {
+		if (!name) {
+			throw Object.assign(new Error('name required'), { status: 400 });
+		}
+		const db = await this._load();
+		if (!db[username]) {
+			db[username] = [];
+		}
+		const entry = {
+			id: crypto.randomUUID(),
+			name,
+			service: service || '',
+			date: date || '',
+			level: level || '',
+			q: q || '',
+			fromTime: fromTime || '',
+			toTime: toTime || '',
+			createdAt: new Date().toISOString(),
+		};
+		db[username].unshift(entry);
+		if (db[username].length > 50) {
+			db[username] = db[username].slice(0, 50);
+		}
+		await this._save(db);
+		return entry;
+	}
+	async delete (username, id) {
+		const db = await this._load();
+		db[username] = (db[username] || []).filter((s) => s.id !== id);
+		await this._save(db);
+	}
+}
+module.exports = new SavedSearchService();

package/services/SettingsService.js ADDED Viewed

@@ -0,0 +1,220 @@
+'use strict';
+const fs = require('fs').promises;
+const config = require('../config');
+const logger = require('../lib/logger');
+const DEFAULTS = {
+	retentionDays: 7,
+	webhookUrl: '',
+	enableStream: true,
+	ipWhitelist: [],
+	// Branding
+	appName: 'LogBoard',
+	appLogoUrl: '/public/logo.png',
+	faviconUrl: '',
+	// Theme
+	themeId: 'dark-indigo',
+	themeMode: 'dark',
+	accentR: 99,
+	accentG: 102,
+	accentB: 241,
+	// Health alert thresholds
+	alertRamPct: 85,
+	alertCpuPct: 90,
+	alertDiskPct: 90,
+	alertsEnabled: true,
+	// Custom Slack message template
+	alertSlackTemplate:
+    '🚨 *{appName}* — {metric} at *{value}%* (threshold {threshold}%) on `{host}`\n> {time}',
+	// Email / SMTP
+	smtpHost: '',
+	smtpPort: 587,
+	smtpUser: '',
+	smtpPass: '',
+	smtpFrom: 'logboard@example.com',
+	emailEnabled: false,
+	reportEmail: '',
+	reportSchedule: 'daily',
+	reportEnabled: false,
+	lastReportAt: null,
+	// Integrations
+	discordUrl: '',
+	pagerdutyKey: '',
+	pagerdutyEnabled: false,
+	// OAuth (future)
+	githubClientId: '',
+	githubClientSecret: '',
+	googleClientId: '',
+	googleClientSecret: '',
+	oauthEnabled: false,
+};
+class SettingsService {
+	constructor (org) {
+		this._org = org || null;
+	}
+	_file (cfgRef, orgAttr) {
+		return this._org && this._org[orgAttr] ? this._org[orgAttr] : cfgRef;
+	}
+	async get () {
+		let s = {};
+		try {
+			s = JSON.parse(
+				await fs.readFile(
+					this._file(config.SETTINGS_FILE, 'settingsFile'),
+					'utf8',
+				),
+			);
+		} catch (e) {
+			if (e.code !== 'ENOENT') {
+				throw e;
+			}
+		}
+		return { ...DEFAULTS, ...s };
+	}
+	async save (upd = {}) {
+		const current = await this.get();
+		const next = { ...current };
+		// ── Helpers ────────────────────────────────────────────────────────────
+		const str = (k, max = 512) =>
+			upd[k] !== undefined ? String(upd[k]).slice(0, max) : undefined;
+		const bool = (k) =>
+			upd[k] !== undefined
+				? upd[k] === true || upd[k] === 'true' || upd[k] === 1
+				: undefined;
+		const num = (k, lo, hi) => {
+			if (upd[k] === undefined) {
+				return undefined;
+			}
+			const v = parseInt(upd[k], 10);
+			return !isNaN(v) && v >= lo && v <= hi ? v : undefined;
+		};
+		const set = (k, v) => {
+			if (v !== undefined) {
+				next[k] = v;
+			}
+		};
+		// ── General ────────────────────────────────────────────────────────────
+		set('retentionDays', num('retentionDays', 1, 365));
+		set('enableStream', bool('enableStream'));
+		if (upd.webhookUrl !== undefined) {
+			const u = String(upd.webhookUrl).trim();
+			if (u && !/^https?:\/\/.+/.test(u)) {
+				throw Object.assign(new Error('Invalid webhook URL'), { status: 400 });
+			}
+			next.webhookUrl = u;
+		}
+		if (upd.ipWhitelist !== undefined) {
+			if (!Array.isArray(upd.ipWhitelist)) {
+				throw Object.assign(new Error('ipWhitelist must be array'), {
+					status: 400,
+				});
+			}
+			next.ipWhitelist = upd.ipWhitelist.filter(
+				(s) => typeof s === 'string' && s.trim(),
+			);
+		}
+		// ── Branding ───────────────────────────────────────────────────────────
+		set('appName', str('appName', 64) || undefined);
+		set('appLogoUrl', str('appLogoUrl') || undefined);
+		set('faviconUrl', str('faviconUrl', 1024));
+		if (upd.appName === '') {
+			next.appName = 'LogBoard';
+		}
+		if (upd.appLogoUrl === '') {
+			next.appLogoUrl = '/public/logo.png';
+		}
+		// ── Theme ──────────────────────────────────────────────────────────────
+		set('themeId', str('themeId', 32));
+		set(
+			'themeMode',
+			upd.themeMode === 'light'
+				? 'light'
+				: upd.themeMode === 'dark'
+					? 'dark'
+					: undefined,
+		);
+		set('accentR', num('accentR', 0, 255));
+		set('accentG', num('accentG', 0, 255));
+		set('accentB', num('accentB', 0, 255));
+		// ── Health alerts ──────────────────────────────────────────────────────
+		set('alertRamPct', num('alertRamPct', 1, 99));
+		set('alertCpuPct', num('alertCpuPct', 1, 99));
+		set('alertDiskPct', num('alertDiskPct', 1, 99));
+		set('alertsEnabled', bool('alertsEnabled'));
+		set('alertSlackTemplate', str('alertSlackTemplate', 500));
+		// ── Email / SMTP ───────────────────────────────────────────────────────
+		set('smtpHost', str('smtpHost'));
+		set('smtpPort', num('smtpPort', 1, 65535));
+		set('smtpUser', str('smtpUser'));
+		set('smtpFrom', str('smtpFrom'));
+		set('emailEnabled', bool('emailEnabled'));
+		set('reportEmail', str('reportEmail'));
+		set('reportSchedule', str('reportSchedule', 16));
+		set('reportEnabled', bool('reportEnabled'));
+		set('lastReportAt', str('lastReportAt'));
+		if (upd.smtpPass !== undefined && upd.smtpPass !== '') {
+			next.smtpPass = String(upd.smtpPass);
+		}
+		// ── Integrations ───────────────────────────────────────────────────────
+		set('discordUrl', str('discordUrl'));
+		set('pagerdutyKey', str('pagerdutyKey'));
+		set('pagerdutyEnabled', bool('pagerdutyEnabled'));
+		// ── OAuth ──────────────────────────────────────────────────────────────
+		set('githubClientId', str('githubClientId'));
+		set('githubClientSecret', str('githubClientSecret'));
+		set('googleClientId', str('googleClientId'));
+		set('googleClientSecret', str('googleClientSecret'));
+		set('oauthEnabled', bool('oauthEnabled'));
+		await fs.writeFile(
+			this._file(config.SETTINGS_FILE, 'settingsFile'),
+			JSON.stringify(next, null, 2),
+			'utf8',
+		);
+		logger.info(
+			`[Settings] Saved: ${Object.keys(upd)
+				.filter((k) => k !== 'smtpPass')
+				.join(', ')}`,
+		);
+		// Push updates into live config
+		if (upd.retentionDays !== undefined) {
+			config.RETENTION_DAYS = next.retentionDays;
+		}
+		if (upd.webhookUrl !== undefined) {
+			config.WEBHOOK_URL = next.webhookUrl;
+		}
+		if (upd.enableStream !== undefined) {
+			config.ENABLE_STREAM = next.enableStream;
+		}
+		try {
+			require('../middleware/ipWhitelist').bustCache();
+		} catch {}
+		return next;
+	}
+	async reset () {
+		await fs.writeFile(
+			this._file(config.SETTINGS_FILE, 'settingsFile'),
+			JSON.stringify(DEFAULTS, null, 2),
+			'utf8',
+		);
+		return DEFAULTS;
+	}
+}
+module.exports = SettingsService;

package/services/UserService.js ADDED Viewed

@@ -0,0 +1,121 @@
+'use strict';
+const bcrypt = require('bcryptjs');
+const { getUsers, saveUsers } = require('../lib/userStore');
+const logger = require('../lib/logger');
+const SAFE_USER = /^[a-zA-Z0-9_.-]{2,32}$/;
+class UserService {
+	async getAll () {
+		const users = await getUsers();
+		return Object.entries(users)
+			.map(([username, u]) => ({
+				username,
+				role: u.role || 'viewer',
+				totpEnabled: !!u.totpSecret,
+				createdAt: u.createdAt || null,
+			}))
+			.sort((a, b) => a.username.localeCompare(b.username));
+	}
+	async add (username, password, role = 'viewer', actorUsername) {
+		if (!SAFE_USER.test(username || '')) {
+			throw Object.assign(
+				new Error('Username must be 2-32 chars: letters, digits, _ . -'),
+				{ status: 400 },
+			);
+		}
+		if (!password || password.length < 8) {
+			throw Object.assign(new Error('Password must be 8+ characters'), {
+				status: 400,
+			});
+		}
+		const users = await getUsers();
+		if (users[username]) {
+			throw Object.assign(new Error(`User "${username}" already exists`), {
+				status: 409,
+			});
+		}
+		users[username] = {
+			password: await bcrypt.hash(password, 12),
+			role,
+			createdAt: new Date().toISOString(),
+		};
+		await saveUsers(users);
+		logger.info(
+			`[Users] "${actorUsername}" created user "${username}" (role: ${role})`,
+		);
+		return { username, role, createdAt: users[username].createdAt };
+	}
+	async updateRole (username, newRole, actorUsername) {
+		const users = await getUsers();
+		if (!users[username]) {
+			throw Object.assign(new Error('User not found'), { status: 404 });
+		}
+		if (username === actorUsername) {
+			throw Object.assign(new Error('Cannot change your own role'), {
+				status: 400,
+			});
+		}
+		users[username].role = newRole;
+		await saveUsers(users);
+		logger.info(
+			`[Users] "${actorUsername}" changed "${username}" role to ${newRole}`,
+		);
+	}
+	async resetPassword (username, newPassword, actorUsername) {
+		if (!newPassword || newPassword.length < 8) {
+			throw Object.assign(new Error('Password must be 8+ characters'), {
+				status: 400,
+			});
+		}
+		const users = await getUsers();
+		if (!users[username]) {
+			throw Object.assign(new Error('User not found'), { status: 404 });
+		}
+		users[username].password = await bcrypt.hash(newPassword, 12);
+		await saveUsers(users);
+		logger.info(`[Users] "${actorUsername}" reset password for "${username}"`);
+	}
+	async remove (username, actorUsername) {
+		if (username === actorUsername) {
+			throw Object.assign(new Error('Cannot delete your own account'), {
+				status: 400,
+			});
+		}
+		const users = await getUsers();
+		if (!users[username]) {
+			throw Object.assign(new Error('User not found'), { status: 404 });
+		}
+		// Guard last admin
+		if (users[username].role === 'admin') {
+			const admins = Object.values(users).filter(
+				(u) => u.role === 'admin',
+			).length;
+			if (admins <= 1) {
+				throw Object.assign(new Error('Cannot delete the last admin account'), {
+					status: 400,
+				});
+			}
+		}
+		delete users[username];
+		await saveUsers(users);
+		logger.info(`[Users] "${actorUsername}" deleted user "${username}"`);
+	}
+	async revoke2fa (username, actorUsername) {
+		const users = await getUsers();
+		if (!users[username]) {
+			throw Object.assign(new Error('User not found'), { status: 404 });
+		}
+		delete users[username].totpSecret;
+		await saveUsers(users);
+		logger.info(`[Users] "${actorUsername}" revoked 2FA for "${username}"`);
+	}
+}
+module.exports = UserService;