claudmax 2.0.0 → 2.0.1

package/src/app/admin/dashboard/page.tsx

@@ -1,13 +0,0 @@
-import type { Metadata } from 'next';
-import AdminDashboardClient from './AdminDashboardClient';
-
-export const metadata: Metadata = {
-  title: 'Dashboard | ClaudMax Admin',
-  description: 'ClaudMax admin dashboard. Manage API keys, monitor usage, view stats, and control reseller access.',
-  openGraph: { title: 'Dashboard | ClaudMax Admin', type: 'website' },
-  robots: { index: false, follow: false },
-};
-
-export default function AdminDashboardPage() {
-  return <AdminDashboardClient />;
-}

package/src/app/admin/page.tsx

@@ -1,132 +0,0 @@
-'use client';
-
-import { useState } from 'react';
-import Link from 'next/link';
-import { useRouter } from 'next/navigation';
-import Header from '@/components/Header';
-import Footer from '@/components/Footer';
-
-export default function AdminLogin() {
-  const [username, setUsername] = useState('');
-  const [password, setPassword] = useState('');
-  const [error, setError] = useState('');
-  const [loading, setLoading] = useState(false);
-  const [showPassword, setShowPassword] = useState(false);
-  const router = useRouter();
-
-  const login = async (e: React.FormEvent) => {
-    e.preventDefault();
-    if (!username.trim() || !password) return;
-    setLoading(true);
-    setError('');
-
-    try {
-      const res = await fetch('/api/admin/login', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ username: username.trim(), password }),
-      });
-
-      if (res.ok) {
-        router.push('/admin/dashboard');
-      } else {
-        const data = await res.json();
-        setError(data.error ?? 'Invalid credentials');
-      }
-    } catch {
-      setError('Connection error. Please try again.');
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  return (
-    <div className="min-h-screen bg-[#F9FAFB] flex flex-col">
-      <Header />
-
-      <div className="flex-1 flex items-center justify-center p-4">
-      <div className="w-full max-w-sm">
-        {/* Logo */}
-        <div className="text-center mb-8">
-          <div className="w-14 h-14 rounded-2xl bg-gradient-to-br from-purple-600 to-purple-500 flex items-center justify-center mx-auto mb-4 shadow-md">
-            <svg width="24" height="24" viewBox="0 0 24 24" fill="none" className="text-white">
-              <path d="M13 2L3 14h9l-1 8 10-12h-9l1-8z" fill="currentColor"/>
-            </svg>
-          </div>
-          <h1 className="text-2xl font-black text-[#111827]">ClaudMax Admin</h1>
-          <p className="text-[#9CA3AF] text-sm mt-1">Sign in to manage keys, users, and usage.</p>
-        </div>
-
-        {/* Login form */}
-        <div className="bg-white rounded-2xl border border-gray-200 p-6 card-shadow">
-          <form onSubmit={login} className="space-y-4">
-            <div>
-              <label className="text-[#6B7280] text-sm font-medium block mb-1.5">Username</label>
-              <input
-                type="text"
-                value={username}
-                onChange={(e) => setUsername(e.target.value)}
-                placeholder="Enter your username"
-                autoComplete="username"
-                className="w-full h-11 px-4 bg-[#F9FAFB] border border-gray-200 rounded-xl text-sm text-[#111827] placeholder:text-[#D1D5DB] focus:outline-none focus:border-purple-400 focus:ring-2 focus:ring-purple-100 transition-all"
-                autoFocus
-              />
-            </div>
-
-            <div>
-              <label className="text-[#6B7280] text-sm font-medium block mb-1.5">Password</label>
-              <div className="relative">
-                <input
-                  type={showPassword ? 'text' : 'password'}
-                  value={password}
-                  onChange={(e) => setPassword(e.target.value)}
-                  placeholder="••••••••"
-                  autoComplete="current-password"
-                  className="w-full h-11 px-4 pr-10 bg-[#F9FAFB] border border-gray-200 rounded-xl text-sm text-[#111827] placeholder:text-[#D1D5DB] focus:outline-none focus:border-purple-400 focus:ring-2 focus:ring-purple-100 transition-all"
-                />
-                <button
-                  type="button"
-                  onClick={() => setShowPassword(!showPassword)}
-                  className="absolute right-3 top-1/2 -translate-y-1/2 text-[#9CA3AF] hover:text-[#6B7280] transition-colors"
-                >
-                  {showPassword ? (
-                    <svg className="w-4 h-4" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2"><path d="M17.94 17.94A10.07 10.07 0 0 1 12 20c-7 0-11-8-11-8a18.45 18.45 0 0 1 5.06-5.94M9.9 4.24A9.12 9.12 0 0 1 12 4c7 0 11 8 11 8a18.5 18.5 0 0 1-2.16 3.19m-6.72-1.07a3 3 0 1 1-4.24-4.24"/><line x1="1" y1="1" x2="23" y2="23"/></svg>
-                  ) : (
-                    <svg className="w-4 h-4" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2"><path d="M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z"/><circle cx="12" cy="12" r="3"/></svg>
-                  )}
-                </button>
-              </div>
-            </div>
-
-            {error && (
-              <div className="p-3 rounded-xl bg-red-50 border border-red-200 text-red-600 text-sm font-medium flex items-center gap-2">
-                <svg className="w-4 h-4 shrink-0" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2"><circle cx="12" cy="12" r="10"/><line x1="12" y1="8" x2="12" y2="12"/><line x1="12" y1="16" x2="12.01" y2="16"/></svg>
-                {error}
-              </div>
-            )}
-
-            <button
-              type="submit"
-              disabled={loading || !username.trim() || !password}
-              className="w-full h-11 bg-[#5244F3] hover:bg-[#4338CA] disabled:bg-gray-300 text-white font-semibold rounded-xl text-sm transition-colors shadow-sm flex items-center justify-center gap-2"
-            >
-              {loading ? (
-                <>
-                  <svg className="w-4 h-4 animate-spin" viewBox="0 0 24 24" fill="none"><circle className="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" strokeWidth="4"/><path className="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4z"/></svg>
-                  Signing in...
-                </>
-              ) : 'Sign In'}
-            </button>
-          </form>
-        </div>
-
-        <p className="text-center text-[#D1D5DB] text-xs mt-6">
-          <Link href="/" className="hover:text-[#9CA3AF] transition-colors">← Back to ClaudMax</Link>
-        </p>
-      </div>
-      </div>
-
-      <Footer />
-    </div>
-  );
-}

package/src/app/api/admin/auth/me/route.ts

@@ -1,34 +0,0 @@
-import { NextResponse } from 'next/server';
-import { getAuthUser } from '@/lib/auth';
-import { prisma } from '@/lib/prisma';
-
-export async function GET() {
-  const user = await getAuthUser();
-  if (!user) {
-    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-  }
-  // Fetch fresh from DB to get latest permissions
-  const admin = await prisma.admin.findUnique({
-    where: { id: user.id },
-    select: {
-      id: true, username: true, name: true, role: true, isActive: true,
-      canCreateKey: true, canDeleteKey: true, canBlockKey: true,
-      canManageTokens: true, canCreateReseller: true, canManageResellers: true, canManageUsers: true,
-      keysGenLimit: true, keysGenToday: true, keysGenResetAt: true,
-    },
-  });
-  if (!admin) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-
-  // Check and reset key-gen window if needed
-  if (admin.role === 'reseller' && admin.keysGenResetAt) {
-    if (Date.now() >= admin.keysGenResetAt.getTime()) {
-      await prisma.admin.update({
-        where: { id: user.id },
-        data: { keysGenToday: 0, keysGenResetAt: new Date(Date.now() + 24 * 60 * 60 * 1000) },
-      });
-      return NextResponse.json({ ...admin, keysGenToday: 0, keysGenResetAt: new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString() });
-    }
-  }
-
-  return NextResponse.json(admin);
-}

package/src/app/api/admin/health/route.ts

@@ -1,110 +0,0 @@
-import { NextResponse } from 'next/server';
-import { prisma } from '@/lib/prisma';
-import { getAuthUser } from '@/lib/auth';
-
-export async function GET() {
-  const me = await getAuthUser();
-  if (!me) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-  if (me.role !== 'super_admin') return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-
-  // Check OpenRouter API health
-  const apiStart = Date.now();
-  let apiStatus = 'ok';
-  let apiLatency = 0;
-  let apiError = '';
-  try {
-    const r = await fetch('https://openrouter.ai/api/v1/models', {
-      headers: { Authorization: `Bearer ${process.env.OPENROUTER_API_KEY}` },
-    });
-    apiLatency = Date.now() - apiStart;
-    if (!r.ok) {
-      apiStatus = 'error';
-      apiError = `HTTP ${r.status}`;
-    } else {
-      const data = await r.json();
-      const models: string[] = Array.isArray(data) ? data.map((m: any) => m.id) : (data.data?.map((m: any) => m.id) ?? []);
-      apiStatus = 'ok';
-    }
-  } catch (err: any) {
-    apiStatus = 'error';
-    apiLatency = Date.now() - apiStart;
-    apiError = err?.message ?? 'Connection failed';
-  }
-
-  // Stats
-  const [
-    totalKeys, activeKeys, totalTokens,
-    totalUsers, totalAdmins, totalResellers,
-  ] = await Promise.all([
-    prisma.apiKey.count(),
-    prisma.apiKey.count({ where: { isActive: true } }),
-    prisma.apiKey.aggregate({ _sum: { totalTokensUsed: true } }),
-    prisma.admin.count(),
-    prisma.admin.count({ where: { role: { in: ['admin', 'super_admin'] } } }),
-    prisma.admin.count({ where: { role: 'reseller' } }),
-  ]);
-
-  // Top keys by usage
-  const topKeys = await prisma.apiKey.findMany({
-    orderBy: { totalTokensUsed: 'desc' },
-    take: 10,
-    select: {
-      id: true, name: true, prefix: true, tier: true, isActive: true,
-      windowTokensUsed: true, windowRequestsUsed: true, totalTokensUsed: true,
-      windowStartAt: true, lastUsedAt: true,
-      reseller: { select: { name: true } },
-    },
-  });
-
-  // Keys near or over limit (window-based)
-  const WINDOW_MS = 5 * 60 * 60 * 1000;
-  const TIER_LIMITS: Record<string, number> = {
-    free: 500_000,
-    '5x': 5_000_000,
-    '20x': 20_000_000,
-    unlimited: 999_999_999_999,
-  };
-
-  const overLimitKeys = topKeys.filter(k => {
-    const limit = TIER_LIMITS[k.tier] ?? 500_000;
-    return Number(k.windowTokensUsed) >= limit;
-  });
-
-  // Recent usage (last 5 minutes from now)
-  const recent = topKeys.filter(k => {
-    if (!k.windowStartAt) return false;
-    return Date.now() - k.windowStartAt.getTime() < 5 * 60 * 1000;
-  });
-
-  return NextResponse.json({
-    api: {
-      status: apiStatus,
-      latency: apiLatency,
-      error: apiError || undefined,
-    },
-    stats: {
-      totalKeys,
-      activeKeys,
-      totalTokens: totalTokens._sum.totalTokensUsed ?? 0,
-      totalUsers,
-      totalAdmins,
-      totalResellers,
-    },
-    topKeys: topKeys.map(k => ({
-      id: k.id,
-      name: k.name,
-      prefix: k.prefix,
-      tier: k.tier,
-      isActive: k.isActive,
-      windowTokensUsed: k.windowTokensUsed,
-      windowRequestsUsed: k.windowRequestsUsed,
-      totalTokensUsed: k.totalTokensUsed,
-      windowResetAt: k.windowStartAt ? new Date(k.windowStartAt.getTime() + WINDOW_MS).toISOString() : null,
-      lastUsedAt: k.lastUsedAt?.toISOString() ?? null,
-      resellerName: k.reseller?.name ?? null,
-      isOverLimit: Number(k.windowTokensUsed) >= (TIER_LIMITS[k.tier] ?? 500_000),
-    })),
-    overLimitCount: overLimitKeys.length,
-    activeCount: recent.length,
-  });
-}

package/src/app/api/admin/keys/[id]/route.ts

@@ -1,116 +0,0 @@
-import { NextResponse } from 'next/server';
-import { prisma } from '@/lib/prisma';
-import { getAuthUser } from '@/lib/auth';
-
-type Params = { params: Promise<{ id: string }> };
-
-async function canAccessKey(me: any, keyId: string): Promise<boolean> {
-  const key = await prisma.apiKey.findUnique({ where: { id: keyId }, select: { resellerId: true } });
-  if (!key) return false;
-  if (me.role === 'reseller') return key.resellerId === me.id;
-  return true;
-}
-
-export async function GET(req: Request, { params }: Params) {
-  const me = await getAuthUser();
-  if (!me) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-  const { id } = await params;
-
-  if (!await canAccessKey(me, id)) {
-    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-  }
-
-  const key = await prisma.apiKey.findUnique({ where: { id } });
-  if (!key) return NextResponse.json({ error: 'Not found' }, { status: 404 });
-  return NextResponse.json({
-    ...key,
-    windowTokensUsed: key.windowTokensUsed,
-    totalTokensUsed: key.totalTokensUsed,
-  });
-}
-
-export async function PATCH(req: Request, { params }: Params) {
-  const me = await getAuthUser();
-  if (!me) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-  const { id } = await params;
-  const body = await req.json();
-  const { action, tier, name, displayMultiplier, tokenLimitOverride, expiresAt, duration, days } = body;
-
-  if (!await canAccessKey(me, id)) {
-    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-  }
-
-  if (action === 'block') {
-    const key = await prisma.apiKey.update({ where: { id }, data: { isActive: false, blockedUntil: null } });
-    return NextResponse.json({ ...key, windowTokensUsed: Number(key.windowTokensUsed), totalTokensUsed: Number(key.totalTokensUsed) });
-  }
-  if (action === 'unblock') {
-    const key = await prisma.apiKey.update({ where: { id }, data: { isActive: true, blockedUntil: null } });
-    return NextResponse.json({ ...key, windowTokensUsed: Number(key.windowTokensUsed), totalTokensUsed: Number(key.totalTokensUsed) });
-  }
-  if (action === 'tempBlock') {
-    if (!duration || typeof duration !== 'number' || duration <= 0) {
-      return NextResponse.json({ error: 'Invalid duration' }, { status: 400 });
-    }
-    const blockedUntil = new Date(Date.now() + duration);
-    const key = await prisma.apiKey.update({ where: { id }, data: { blockedUntil } });
-    return NextResponse.json({ ...key, windowTokensUsed: Number(key.windowTokensUsed), totalTokensUsed: Number(key.totalTokensUsed), blockedUntil: blockedUntil.toISOString() });
-  }
-  if (action === 'extendDays') {
-    // Resellers can extend/reduce their own key plan by days
-    if (typeof days !== 'number') {
-      return NextResponse.json({ error: 'days (number) required' }, { status: 400 });
-    }
-    const key = await prisma.apiKey.findUnique({ where: { id } });
-    if (!key) return NextResponse.json({ error: 'Not found' }, { status: 404 });
-    if (me.role === 'reseller' && key.resellerId !== me.id) {
-      return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-    }
-    const DAY_MS = 24 * 60 * 60 * 1000;
-    const currentStart = key.windowStartAt ? key.windowStartAt.getTime() : Date.now();
-    const newStart = currentStart + (days * DAY_MS);
-    await prisma.apiKey.update({
-      where: { id },
-      data: { windowStartAt: new Date(newStart) },
-    });
-    return NextResponse.json({ success: true, windowStartAt: new Date(newStart).toISOString() });
-  }
-  if (action === 'update') {
-    // Only super_admin and admin can update token limit, expiresAt, and tier
-    const isAdmin = me.role === 'super_admin' || me.role === 'admin';
-    const data: any = {};
-    if (name !== undefined) data.name = name;
-    if (displayMultiplier !== undefined) data.displayMultiplier = displayMultiplier;
-    if (isAdmin) {
-      if (tier !== undefined) data.tier = tier;
-      if (tokenLimitOverride !== undefined) {
-        data.tokenLimitOverride = tokenLimitOverride === null ? null : Number(tokenLimitOverride);
-      }
-      if (expiresAt !== undefined) {
-        data.expiresAt = expiresAt === null ? null : new Date(expiresAt);
-      }
-    }
-    const key = await prisma.apiKey.update({ where: { id }, data });
-    return NextResponse.json({
-      ...key,
-      windowTokensUsed: Number(key.windowTokensUsed),
-      totalTokensUsed: Number(key.totalTokensUsed),
-      tokenLimitOverride: key.tokenLimitOverride,
-    });
-  }
-
-  return NextResponse.json({ error: 'Unknown action' }, { status: 400 });
-}
-
-export async function DELETE(req: Request, { params }: Params) {
-  const me = await getAuthUser();
-  if (!me) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-  const { id } = await params;
-
-  if (!await canAccessKey(me, id)) {
-    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-  }
-
-  await prisma.apiKey.delete({ where: { id } });
-  return NextResponse.json({ success: true });
-}

package/src/app/api/admin/keys/route.ts

@@ -1,192 +0,0 @@
-import { NextResponse } from 'next/server';
-import { prisma } from '@/lib/prisma';
-import { getAuthUser } from '@/lib/auth';
-import { generateApiKey } from '@/lib/utils';
-
-const WINDOW_MS = 5 * 60 * 60 * 1000;
-
-export async function GET(req: Request) {
-  const me = await getAuthUser();
-  if (!me) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-
-  const { searchParams } = new URL(req.url);
-  const apiKey = searchParams.get('apiKey');
-  if (!apiKey) return NextResponse.json({ error: 'API key required' }, { status: 400 });
-
-  const key = await prisma.apiKey.findUnique({ where: { key: apiKey } });
-  if (!key) return NextResponse.json({ error: 'Invalid API key' }, { status: 401 });
-
-  if (me.role === 'reseller' && key.resellerId !== me.id) {
-    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-  }
-
-  // Get plan details
-  let tokensPerWindow = 500_000;
-  let requestsPerWindow = 100;
-  let multiplier = key.displayMultiplier ?? 3.0;
-
-  if (key.planId) {
-    const plan = await prisma.plan.findUnique({ where: { id: key.planId } });
-    if (plan) {
-      tokensPerWindow = Number(plan.tokensPerWindow);
-      requestsPerWindow = plan.requestsPerWindow;
-      multiplier = plan.displayMultiplier;
-    }
-  }
-
-  const effectiveLimit = Math.floor(tokensPerWindow * multiplier);
-  const windowStart = key.windowStartAt?.getTime() ?? Date.now();
-  const windowResetAt = windowStart + WINDOW_MS;
-
-  return NextResponse.json({
-    key: key.id,
-    name: key.name,
-    prefix: key.prefix,
-    tier: key.tier,
-    isActive: key.isActive,
-    displayMultiplier: multiplier,
-    requestsUsed: key.windowRequestsUsed,
-    requestsLimit: requestsPerWindow,
-    tokensUsed: Math.floor(Number(key.windowTokensUsed) * multiplier),
-    tokensLimit: effectiveLimit,
-    tokensUsedActual: Number(key.windowTokensUsed),
-    windowResetAt: new Date(windowResetAt).toISOString(),
-    expiresAt: key.expiresAt?.toISOString() ?? null,
-    planId: key.planId,
-    createdAt: key.createdAt.toISOString(),
-    lastUsedAt: key.lastUsedAt?.toISOString() ?? null,
-  });
-}
-
-export async function POST(req: Request) {
-  const me = await getAuthUser();
-  if (!me) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-
-  const { name, planId, resellerId, days, tokenLimitOverride } = await req.json();
-
-  // Fetch the plan
-  const plan = planId
-    ? await prisma.plan.findUnique({ where: { id: planId } })
-    : null;
-
-  // If planId not provided, use default plan for this user
-  let effectivePlanId = planId;
-  if (!effectivePlanId) {
-    if (me.role === 'reseller') {
-      const admin = await prisma.admin.findUnique({ where: { id: me.id } });
-      effectivePlanId = admin?.defaultPlanId ?? null;
-      if (!effectivePlanId) {
-        // Fall back to first allowed plan
-        const allowed = admin?.allowedPlanIds ? JSON.parse(admin.allowedPlanIds) : [];
-        effectivePlanId = allowed[0] ?? null;
-      }
-    }
-  }
-
-  // Permission check: can this user create keys with this plan?
-  if (me.role === 'reseller' && effectivePlanId) {
-    const admin = await prisma.admin.findUnique({ where: { id: me.id } });
-    const allowed: string[] = admin?.allowedPlanIds ? JSON.parse(admin.allowedPlanIds) : [];
-    if (!allowed.includes(effectivePlanId)) {
-      return NextResponse.json({ error: 'Plan not allowed for your account' }, { status: 403 });
-    }
-  }
-
-  // Reseller assignment
-  if (resellerId) {
-    if (me.role === 'reseller') {
-      return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-    }
-    if (me.role === 'admin') {
-      const reseller = await prisma.admin.findUnique({ where: { id: resellerId } });
-      if (!reseller || reseller.role !== 'reseller') {
-        return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-      }
-    }
-  }
-
-  // Key generation limit check for resellers
-  if (me.role === 'reseller') {
-    const admin = await prisma.admin.findUnique({ where: { id: me.id } });
-    if (admin) {
-      const now = Date.now();
-      const resetAt = admin.keysGenResetAt ? admin.keysGenResetAt.getTime() : 0;
-      if (resetAt === 0 || now >= resetAt) {
-        await prisma.admin.update({
-          where: { id: me.id },
-          data: { keysGenToday: 0, keysGenResetAt: new Date(now + 24 * 60 * 60 * 1000) },
-        });
-      } else if (admin.keysGenToday >= admin.keysGenLimit) {
-        const resetAtTime = admin.keysGenResetAt ? new Date(admin.keysGenResetAt).toLocaleTimeString() : 'midnight';
-        return NextResponse.json({
-          error: `Daily key limit reached (${admin.keysGenLimit}/${admin.keysGenLimit}). Resets at ${resetAtTime}.`
-        }, { status: 429 });
-      }
-    }
-  }
-
-  const { key: rawKey, prefix } = generateApiKey();
-  const effectiveTier = plan?.tier ?? 'free';
-  const multiplier = plan?.displayMultiplier ?? 3.0;
-  const effectiveLimit = Math.floor(Number(plan?.tokensPerWindow ?? 500_000) * multiplier);
-  const now = Date.now();
-
-  // Calculate expiration
-  let expiresAt: Date | null = null;
-  if (plan && plan.durationDays > 0) {
-    let durationDays = days !== undefined ? days : plan.durationDays;
-    // Superadmin/admin can override duration up to 365 days
-    const maxAllowed = me.role === 'super_admin' || me.role === 'admin' ? 365 : (plan.maxDurationDays === -1 ? durationDays : plan.maxDurationDays);
-    durationDays = Math.min(durationDays, maxAllowed);
-    const minDays = plan.minDurationDays;
-    durationDays = Math.max(minDays, durationDays);
-    expiresAt = new Date(now + durationDays * 24 * 60 * 60 * 1000);
-  }
-
-  // Superadmin/admin can set custom token limit override
-  const effectiveTokenLimit = tokenLimitOverride && (me.role === 'super_admin' || me.role === 'admin')
-    ? Number(tokenLimitOverride)
-    : undefined;
-
-  const apiKey = await prisma.apiKey.create({
-    data: {
-      key: rawKey,
-      prefix,
-      name: name ?? 'ClaudMax Key',
-      tier: effectiveTier,
-      resellerId: me.role === 'reseller' ? me.id : (resellerId ?? null),
-      displayMultiplier: multiplier,
-      windowStartAt: new Date(now),
-      planId: effectivePlanId ?? null,
-      expiresAt,
-      tokenLimitOverride: effectiveTokenLimit ?? null,
-    },
-  });
-
-  // Increment reseller's key count
-  if (me.role === 'reseller') {
-    await prisma.admin.update({
-      where: { id: me.id },
-      data: { keysGenToday: { increment: 1 } },
-    });
-  }
-
-  return NextResponse.json({
-    key: apiKey.key,
-    id: apiKey.id,
-    name: apiKey.name,
-    prefix: apiKey.prefix,
-    tier: apiKey.tier,
-    isActive: apiKey.isActive,
-    displayMultiplier: apiKey.displayMultiplier,
-    planId: apiKey.planId,
-    expiresAt: expiresAt?.toISOString() ?? null,
-    requestsUsed: 0,
-    requestsLimit: plan?.requestsPerWindow ?? 100,
-    tokensUsed: 0,
-    tokensLimit: effectiveLimit,
-    windowResetAt: new Date(now + WINDOW_MS).toISOString(),
-    createdAt: apiKey.createdAt.toISOString(),
-    lastUsedAt: null,
-  }, { status: 201 });
-}

package/src/app/api/admin/keys-list/route.ts

@@ -1,81 +0,0 @@
-import { NextResponse } from 'next/server';
-import { prisma } from '@/lib/prisma';
-import { getAuthUser } from '@/lib/auth';
-
-export async function GET(req: Request) {
-  const me = await getAuthUser();
-  if (!me) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-
-  const { searchParams } = new URL(req.url);
-  const page = parseInt(searchParams.get('page') ?? '1');
-  const limit = parseInt(searchParams.get('limit') ?? '15');
-  const search = searchParams.get('search') ?? '';
-  const tier = searchParams.get('tier') ?? '';
-  const status = searchParams.get('status') ?? '';
-  const skip = (page - 1) * limit;
-
-  // Role-based key filter
-  const where: any = {};
-  if (me.role === 'reseller') {
-    where.resellerId = me.id;
-  } else if (me.role === 'admin') {
-    where.resellerId = { not: null };
-  }
-
-  if (search) {
-    where.OR = [
-      { name: { contains: search } },
-      { key: { contains: search } },
-      { prefix: { contains: search } },
-    ];
-  }
-  if (tier) where.tier = tier;
-  if (status === 'active') where.isActive = true;
-  if (status === 'inactive') where.isActive = false;
-
-  const [keys, total] = await Promise.all([
-    prisma.apiKey.findMany({
-      where,
-      orderBy: { createdAt: 'desc' },
-      skip,
-      take: limit,
-      select: {
-        id: true, key: true, name: true, prefix: true, tier: true,
-        isActive: true, displayMultiplier: true, blockedUntil: true,
-        windowTokensUsed: true, windowRequestsUsed: true, totalTokensUsed: true,
-        windowStartAt: true, lastUsedAt: true, resellerId: true, createdAt: true,
-        tokenLimitOverride: true, planId: true, expiresAt: true,
-        plan: { select: { id: true, name: true, tier: true, durationDays: true } },
-      },
-    }),
-    prisma.apiKey.count({ where }),
-  ]);
-
-  // If reseller, show their own keys with their name as reseller
-  const resellerIds = [...new Set(keys.map(k => k.resellerId).filter(Boolean))] as string[];
-  const resellerMap: Record<string, { id: string; name: string; username: string }> = {};
-  if (resellerIds.length > 0) {
-    const resellers = await prisma.admin.findMany({
-      where: { id: { in: resellerIds } },
-      select: { id: true, name: true, username: true },
-    });
-    for (const r of resellers) resellerMap[r.id] = r;
-  }
-
-  return NextResponse.json({
-    keys: keys.map(k => ({
-      ...k,
-      windowTokensUsed: k.windowTokensUsed,
-      totalTokensUsed: k.totalTokensUsed,
-      displayMultiplier: k.displayMultiplier ?? 3.0,
-      tokenLimitOverride: k.tokenLimitOverride,
-      blockedUntil: k.blockedUntil?.toISOString() ?? null,
-      reseller: resellerMap[k.resellerId ?? ''] ?? null,
-      expiresAt: k.expiresAt?.toISOString() ?? null,
-      plan: k.plan ?? null,
-    })),
-    total,
-    pages: Math.ceil(total / limit),
-    page,
-  });
-}