claudmax 2.0.0 → 2.0.1

package/src/app/api/admin/settings/route.ts

@@ -1,44 +0,0 @@
-import { NextResponse } from 'next/server';
-import { getAuthUser } from '@/lib/auth';
-import { prisma } from '@/lib/prisma';
-
-// GET - read settings (public, no auth needed)
-export async function GET() {
-  try {
-    const superadmin = await prisma.admin.findFirst({
-      where: { role: 'super_admin' },
-      select: { supportEnabled: true } as any,
-    });
-    return NextResponse.json({
-      supportEnabled: superadmin?.supportEnabled ?? true,
-    });
-  } catch {
-    // Default to support enabled if DB fails
-    return NextResponse.json({ supportEnabled: true });
-  }
-}
-
-// PATCH - update settings (super_admin only)
-export async function PATCH(req: Request) {
-  const me = await getAuthUser();
-  if (!me || me.role !== 'super_admin') {
-    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-  }
-
-  try {
-    const { supportEnabled } = await req.json();
-    if (typeof supportEnabled !== 'boolean') {
-      return NextResponse.json({ error: 'supportEnabled must be a boolean' }, { status: 400 });
-    }
-
-    await prisma.admin.updateMany({
-      where: { role: 'super_admin' },
-      data: { supportEnabled } as any,
-    });
-
-    return NextResponse.json({ success: true, supportEnabled });
-  } catch (err) {
-    console.error('[ClaudMax] Settings update error:', err);
-    return NextResponse.json({ error: 'Failed to update settings' }, { status: 500 });
-  }
-}

package/src/app/api/admin/stats/route.ts

@@ -1,74 +0,0 @@
-import { NextResponse } from 'next/server';
-import { prisma } from '@/lib/prisma';
-import { getAuthUser } from '@/lib/auth';
-
-export async function GET() {
-  const me = await getAuthUser();
-  if (!me) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-
-  const keyWhere: any = {};
-  if (me.role === 'reseller') {
-    keyWhere.resellerId = me.id;
-  } else if (me.role === 'admin') {
-    keyWhere.resellerId = { not: null };
-  }
-
-  const userWhere: any = {};
-  if (me.role === 'admin') {
-    userWhere.role = 'reseller';
-  } else if (me.role === 'reseller') {
-    userWhere.id = me.id;
-  }
-
-  const [totalKeys, activeKeys, keysByTier, recentKeys, topTokens, totalRequests, totalTokens, totalUsers] = await Promise.all([
-    prisma.apiKey.count({ where: keyWhere }),
-    prisma.apiKey.count({ where: { ...keyWhere, isActive: true } }),
-    prisma.apiKey.groupBy({
-      by: ['tier'],
-      where: keyWhere,
-      _count: { _all: true },
-    }),
-    prisma.apiKey.findMany({
-      where: keyWhere,
-      orderBy: { createdAt: 'desc' },
-      take: 10,
-      select: {
-        id: true, name: true, prefix: true, tier: true, isActive: true,
-        windowRequestsUsed: true, windowTokensUsed: true, displayMultiplier: true,
-        createdAt: true, lastUsedAt: true,
-      },
-    }),
-    prisma.apiKey.findMany({
-      where: keyWhere,
-      orderBy: { totalTokensUsed: 'desc' },
-      take: 5,
-      select: {
-        id: true, name: true, prefix: true, tier: true,
-        totalTokensUsed: true, displayMultiplier: true,
-      },
-    }),
-    prisma.apiKey.aggregate({ where: keyWhere, _sum: { windowRequestsUsed: true } }),
-    prisma.apiKey.aggregate({ where: keyWhere, _sum: { totalTokensUsed: true } }),
-    prisma.admin.count({ where: userWhere }),
-  ]);
-
-  return NextResponse.json({
-    totalKeys,
-    activeKeys,
-    totalRequests: totalRequests._sum.windowRequestsUsed ?? 0,
-    totalTokens: totalTokens._sum.totalTokensUsed ?? 0,
-    totalUsers,
-    keysByTier,
-    recentKeys: recentKeys.map(k => ({
-      ...k,
-      displayMultiplier: k.displayMultiplier ?? 3.0,
-    })),
-    topTokens: topTokens.map(k => ({
-      ...k,
-      totalTokensUsed: k.totalTokensUsed,
-      displayMultiplier: k.displayMultiplier ?? 3.0,
-      displayedTokens: Math.floor(Number(k.totalTokensUsed) * (k.displayMultiplier ?? 3.0)),
-    })),
-    myRole: me.role,
-  });
-}

package/src/app/api/admin/users/[id]/route.ts

@@ -1,166 +0,0 @@
-import { NextResponse } from 'next/server';
-import { prisma } from '@/lib/prisma';
-import bcrypt from 'bcryptjs';
-import { getAuthUser, requireRole } from '@/lib/auth';
-
-const PERMISSION_FIELDS = [
-  'canCreateKey', 'canDeleteKey', 'canBlockKey',
-  'canManageTokens', 'canCreateReseller', 'canManageResellers', 'canManageUsers',
-] as const;
-
-type Params = { params: Promise<{ id: string }> };
-
-export async function GET(req: Request, { params }: Params) {
-  const me = await getAuthUser();
-  if (!me) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-  const { id } = await params;
-
-  if (me.role === 'reseller' && me.id !== id) {
-    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-  }
-
-  const admin = await prisma.admin.findUnique({
-    where: { id },
-    select: {
-      id: true, username: true, name: true, role: true, isActive: true,
-      createdAt: true, updatedAt: true, blockedUntil: true, blockReason: true,
-      canCreateKey: true, canDeleteKey: true, canBlockKey: true,
-      canManageTokens: true, canCreateReseller: true, canManageResellers: true, canManageUsers: true,
-      _count: { select: { apiKeys: true } },
-    },
-  });
-  if (!admin) return NextResponse.json({ error: 'Not found' }, { status: 404 });
-
-  if (me.role === 'admin' && admin.role === 'super_admin') {
-    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-  }
-
-  return NextResponse.json({
-    ...admin,
-    apiKeyCount: admin._count.apiKeys,
-    blockedUntil: admin.blockedUntil?.toISOString() ?? null,
-  });
-}
-
-export async function PATCH(req: Request, { params }: Params) {
-  const me = await getAuthUser();
-  if (!me) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-  const { id } = await params;
-  const body = await req.json();
-  const { action, name, role, password, isActive } = body;
-
-  const target = await prisma.admin.findUnique({ where: { id } });
-  if (!target) return NextResponse.json({ error: 'Not found' }, { status: 404 });
-
-  if (target.role === 'super_admin' && !requireRole(me, 'super_admin')) {
-    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-  }
-
-  if (me.role === 'admin' && (target.role === 'admin' || target.role === 'super_admin') && me.id !== id) {
-    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-  }
-
-  if (action === 'toggle') {
-    if (target.role === 'super_admin' && !requireRole(me, 'super_admin')) {
-      return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-    }
-    const updated = await prisma.admin.update({ where: { id }, data: { isActive: !target.isActive, blockedUntil: null } });
-    return NextResponse.json({ id: updated.id, isActive: updated.isActive });
-  }
-
-  if (action === 'blockTemp') {
-    const { duration } = body; // duration in milliseconds, e.g. 3600000 for 1h
-    if (!duration || typeof duration !== 'number' || duration <= 0) {
-      return NextResponse.json({ error: 'Invalid duration' }, { status: 400 });
-    }
-    if (me.role === 'admin' && target.role === 'super_admin') {
-      return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-    }
-    const blockedUntil = new Date(Date.now() + duration);
-    const updated = await prisma.admin.update({
-      where: { id },
-      data: { blockedUntil, isActive: false },
-    });
-    return NextResponse.json({ id: updated.id, blockedUntil: updated.blockedUntil?.toISOString() ?? null, isActive: updated.isActive });
-  }
-
-  if (action === 'unblockTemp') {
-    const updated = await prisma.admin.update({
-      where: { id },
-      data: { blockedUntil: null, isActive: true },
-    });
-    return NextResponse.json({ id: updated.id, blockedUntil: null, isActive: updated.isActive });
-  }
-
-  if (action === 'updatePermissions') {
-    // Only admins and super_admins can update permissions
-    if (!requireRole(me, 'super_admin', 'admin')) {
-      return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-    }
-    if (me.role === 'admin' && target.role !== 'reseller') {
-      return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-    }
-    const { permissions } = body;
-    if (!permissions || typeof permissions !== 'object') {
-      return NextResponse.json({ error: 'permissions object required' }, { status: 400 });
-    }
-    const data: any = {};
-    for (const field of PERMISSION_FIELDS) {
-      if (field in permissions) {
-        data[field] = Boolean(permissions[field]);
-      }
-    }
-    const updated = await prisma.admin.update({ where: { id }, data });
-    return NextResponse.json({
-      id: updated.id,
-      canCreateKey: updated.canCreateKey,
-      canDeleteKey: updated.canDeleteKey,
-      canBlockKey: updated.canBlockKey,
-      canManageTokens: updated.canManageTokens,
-      canCreateReseller: updated.canCreateReseller,
-      canManageResellers: updated.canManageResellers,
-      canManageUsers: updated.canManageUsers,
-    });
-  }
-
-  if (action === 'update') {
-    const data: any = {};
-    if (name !== undefined) data.name = name;
-    if (role !== undefined) {
-      if (role === 'super_admin' && !requireRole(me, 'super_admin')) {
-        return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-      }
-      data.role = role;
-    }
-    if (isActive !== undefined) data.isActive = isActive;
-    if (password) data.password = await bcrypt.hash(password, 12);
-    const updated = await prisma.admin.update({ where: { id }, data });
-    return NextResponse.json({ id: updated.id, username: updated.username, name: updated.name, role: updated.role, isActive: updated.isActive });
-  }
-
-  return NextResponse.json({ error: 'Unknown action' }, { status: 400 });
-}
-
-export async function DELETE(req: Request, { params }: Params) {
-  const me = await getAuthUser();
-  if (!me) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-  const { id } = await params;
-
-  if (me.id === id) {
-    return NextResponse.json({ error: 'Cannot delete your own account' }, { status: 400 });
-  }
-
-  const target = await prisma.admin.findUnique({ where: { id } });
-  if (!target) return NextResponse.json({ error: 'Not found' }, { status: 404 });
-
-  if (target.role === 'super_admin' && !requireRole(me, 'super_admin')) {
-    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-  }
-
-  if (me.role === 'admin' && (target.role === 'admin' || target.role === 'super_admin')) {
-    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-  }
-
-  await prisma.admin.delete({ where: { id } });
-  return NextResponse.json({ success: true });
-}

package/src/app/api/admin/users/plans/route.ts

@@ -1,45 +0,0 @@
-import { NextResponse } from 'next/server';
-import { prisma } from '@/lib/prisma';
-import { getAuthUser } from '@/lib/auth';
-
-// Assign or update allowed plans for a user
-export async function PUT(req: Request) {
-  const me = await getAuthUser();
-  if (!me) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-  if (!['super_admin', 'admin'].includes(me.role)) {
-    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-  }
-
-  const body = await req.json();
-  const { adminId, allowedPlanIds, defaultPlanId } = body;
-
-  if (!adminId) {
-    return NextResponse.json({ error: 'adminId is required' }, { status: 400 });
-  }
-
-  // Only super_admin can manage admins and super_admin
-  const target = await prisma.admin.findUnique({ where: { id: adminId } });
-  if (!target) return NextResponse.json({ error: 'User not found' }, { status: 404 });
-
-  if (target.role === 'super_admin' && me.role !== 'super_admin') {
-    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-  }
-  if (target.role === 'admin' && me.role !== 'super_admin') {
-    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-  }
-
-  // Admins can only manage resellers
-  if (me.role === 'admin' && target.role !== 'reseller') {
-    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-  }
-
-  const updated = await prisma.admin.update({
-    where: { id: adminId },
-    data: {
-      allowedPlanIds: JSON.stringify(allowedPlanIds ?? []),
-      defaultPlanId: defaultPlanId ?? null,
-    },
-  });
-
-  return NextResponse.json({ success: true, allowedPlanIds, defaultPlanId });
-}

package/src/app/api/admin/users/route.ts

@@ -1,202 +0,0 @@
-import { NextResponse } from 'next/server';
-import { Resend } from 'resend';
-import { prisma } from '@/lib/prisma';
-import bcrypt from 'bcryptjs';
-import { getAuthUser } from '@/lib/auth';
-
-const FROM_EMAIL = 'ClaudMax <onboarding@resend.dev>';
-const TO_EMAIL = 'codewpremium@gmail.com';
-
-function getResendClient() {
-  if (!process.env.RESEND_API_KEY) return null;
-  return new Resend(process.env.RESEND_API_KEY);
-}
-
-async function sendAccountEmail(username: string, password: string, role: string, createdBy: string) {
-  const client = getResendClient();
-  if (!client) return;
-
-  const roleLabel = role === 'super_admin' ? 'Super Admin' : role === 'admin' ? 'Admin' : 'Reseller';
-  const html = `
-<!DOCTYPE html>
-<html>
-<head><meta charset="utf-8"></head>
-<body style="font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;max-width:600px;margin:0 auto;padding:20px;background:#f9fafb;">
-  <div style="background:white;border-radius:12px;overflow:hidden;box-shadow:0 1px 3px rgba(0,0,0,0.1);">
-    <div style="background:linear-gradient(135deg,#5244F3,#7c3aed);padding:24px;text-align:center;">
-      <h1 style="color:white;margin:0;font-size:24px;">New ${roleLabel} Account Created</h1>
-    </div>
-    <div style="padding:24px;">
-      <p style="margin:0 0 16px;font-size:15px;color:#374151;">
-        A new <strong>${roleLabel}</strong> account has been created on ClaudMax.
-      </p>
-      <table style="width:100%;border-collapse:collapse;margin-bottom:20px;">
-        <tr>
-          <td style="padding:10px 12px;border:1px solid #e5e7eb;background:#f9fafb;font-size:13px;color:#6b7280;width:120px;">Role</td>
-          <td style="padding:10px 12px;border:1px solid #e5e7eb;font-size:14px;font-weight:600;color:#111827;">${roleLabel}</td>
-        </tr>
-        <tr>
-          <td style="padding:10px 12px;border:1px solid #e5e7eb;background:#f9fafb;font-size:13px;color:#6b7280;">Username</td>
-          <td style="padding:10px 12px;border:1px solid #e5e7eb;font-size:14px;font-family:monospace;color:#111827;">${username}</td>
-        </tr>
-        <tr>
-          <td style="padding:10px 12px;border:1px solid #e5e7eb;background:#f9fafb;font-size:13px;color:#6b7280;">Password</td>
-          <td style="padding:10px 12px;border:1px solid #e5e7eb;font-size:14px;font-family:monospace;color:#111827;">${password}</td>
-        </tr>
-        <tr>
-          <td style="padding:10px 12px;border:1px solid #e5e7eb;background:#f9fafb;font-size:13px;color:#6b7280;">Created By</td>
-          <td style="padding:10px 12px;border:1px solid #e5e7eb;font-size:14px;color:#111827;">${createdBy}</td>
-        </tr>
-      </table>
-      <p style="margin:0 0 8px;font-size:13px;color:#6b7280;">
-        Please share these credentials securely with the account owner.
-      </p>
-      <p style="margin:0;font-size:13px;color:#6b7280;">
-        Login at: <a href="https://claudmax.pro/admin" style="color:#5244F3;">claudmax.pro/admin</a>
-      </p>
-    </div>
-  </div>
-</body>
-</html>
-  `.trim();
-
-  try {
-    await client.emails.send({
-      from: FROM_EMAIL,
-      to: TO_EMAIL,
-      subject: `[ClaudMax] New ${roleLabel} Account: ${username}`,
-      html,
-    });
-  } catch (err) {
-    console.error('[ClaudMax] Failed to send account creation email:', err);
-  }
-}
-
-const PERMISSION_FIELDS = [
-  'canCreateKey', 'canDeleteKey', 'canBlockKey',
-  'canManageTokens', 'canCreateReseller', 'canManageResellers', 'canManageUsers',
-] as const;
-
-function hasPermission(user: { role: string }, permission: string): boolean {
-  if (user.role === 'super_admin') return true;
-  return false;
-}
-
-export async function GET(req: Request) {
-  const me = await getAuthUser();
-  if (!me) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-
-  const { searchParams } = new URL(req.url);
-  const search = searchParams.get('search') ?? '';
-  const role = searchParams.get('role') ?? '';
-  const status = searchParams.get('status') ?? '';
-
-  // Resellers can only see themselves
-  if (me.role === 'reseller') {
-    const admin = await prisma.admin.findUnique({
-      where: { id: me.id },
-      select: {
-        id: true, username: true, name: true, role: true, isActive: true, createdAt: true,
-        blockedUntil: true,
-        canCreateKey: true, canDeleteKey: true, canBlockKey: true,
-        canManageTokens: true, canCreateReseller: true, canManageResellers: true, canManageUsers: true,
-        _count: { select: { apiKeys: true } },
-      },
-    });
-    return NextResponse.json({
-      users: admin ? [{ ...admin, apiKeyCount: admin._count.apiKeys, blockedUntil: admin.blockedUntil?.toISOString() ?? null }] : [],
-      total: 1, pages: 1, page: 1
-    });
-  }
-
-  if (me.role === 'admin') {
-    if (role === 'super_admin' || role === 'admin') {
-      return NextResponse.json({ users: [], total: 0, pages: 0, page: 1 });
-    }
-  }
-
-  const where: any = {};
-  if (search) {
-    where.OR = [
-      { username: { contains: search } },
-      { name: { contains: search } },
-    ];
-  }
-  if (role) where.role = role;
-  if (status === 'active') where.isActive = true;
-  if (status === 'inactive') where.isActive = false;
-  if (me.role === 'admin') {
-    where.role = { not: 'super_admin' };
-  }
-
-  const [users, total] = await Promise.all([
-    prisma.admin.findMany({
-      where,
-      orderBy: { createdAt: 'desc' },
-      select: {
-        id: true, username: true, name: true, role: true, isActive: true, createdAt: true,
-        blockedUntil: true,
-        canCreateKey: true, canDeleteKey: true, canBlockKey: true,
-        canManageTokens: true, canCreateReseller: true, canManageResellers: true, canManageUsers: true,
-        _count: { select: { apiKeys: true } },
-      },
-    }),
-    prisma.admin.count({ where }),
-  ]);
-
-  return NextResponse.json({
-    users: users.map(u => ({ ...u, apiKeyCount: u._count.apiKeys, blockedUntil: u.blockedUntil?.toISOString() ?? null })),
-    total,
-    pages: 1,
-    page: 1,
-  });
-}
-
-export async function POST(req: Request) {
-  const me = await getAuthUser();
-  if (!me) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-
-  const { username, password, name, role, permissions } = await req.json();
-
-  if (!username || !password || !name) {
-    return NextResponse.json({ error: 'Username, password, and name are required' }, { status: 400 });
-  }
-
-  // Only super_admin can create admins
-  if (role === 'admin' || role === 'super_admin') {
-    if (me.role !== 'super_admin') {
-      return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
-    }
-  }
-
-  const hashed = await bcrypt.hash(password, 12);
-  const effectiveRole = (role && me.role === 'super_admin') ? role : 'reseller';
-
-  const admin = await prisma.admin.create({
-    data: {
-      username,
-      password: hashed,
-      name,
-      role: effectiveRole,
-      canCreateKey: permissions?.canCreateKey ?? true,
-      canDeleteKey: permissions?.canDeleteKey ?? true,
-      canBlockKey: permissions?.canBlockKey ?? true,
-      canManageTokens: permissions?.canManageTokens ?? true,
-      canCreateReseller: permissions?.canCreateReseller ?? false,
-      canManageResellers: permissions?.canManageResellers ?? false,
-      canManageUsers: permissions?.canManageUsers ?? false,
-      keysGenLimit: permissions?.keysGenLimit ?? 10,
-      keysGenResetAt: null,
-      keysGenToday: 0,
-    },
-  });
-
-  // Send email notification asynchronously
-  sendAccountEmail(username, password, effectiveRole, me.username);
-
-  return NextResponse.json({
-    id: admin.id, username: admin.username, name: admin.name, role: admin.role,
-    isActive: admin.isActive, createdAt: admin.createdAt,
-    keysGenLimit: admin.keysGenLimit, keysGenToday: admin.keysGenToday,
-  }, { status: 201 });
-}

package/src/app/api/blog/[slug]/route.ts

@@ -1,22 +0,0 @@
-import { NextResponse } from 'next/server';
-import { prisma } from '@/lib/prisma';
-
-export async function GET(req: Request, { params }: { params: Promise<{ slug: string }> }) {
-  const { slug } = await params;
-
-  const post = await prisma.post.findUnique({
-    where: { slug, published: true },
-    include: {
-      author: { select: { name: true } },
-    },
-  });
-
-  if (!post) {
-    return NextResponse.json({ error: 'Post not found' }, { status: 404 });
-  }
-
-  // Increment views
-  await prisma.post.update({ where: { id: post.id }, data: { views: { increment: 1 } } });
-
-  return NextResponse.json(post);
-}

package/src/app/api/blog/route.ts

@@ -1,40 +0,0 @@
-import { NextResponse } from 'next/server';
-import { prisma } from '@/lib/prisma';
-
-export async function GET(req: Request) {
-  const { searchParams } = new URL(req.url);
-  const page = parseInt(searchParams.get('page') ?? '1');
-  const limit = parseInt(searchParams.get('limit') ?? '9');
-  const tag = searchParams.get('tag') ?? '';
-  const skip = (page - 1) * limit;
-
-  const where: any = { published: true };
-  if (tag) {
-    where.tags = { contains: tag };
-  }
-
-  const [posts, total] = await Promise.all([
-    prisma.post.findMany({
-      where,
-      orderBy: { publishedAt: 'desc' },
-      skip,
-      take: limit,
-      select: {
-        id: true,
-        title: true,
-        slug: true,
-        excerpt: true,
-        coverImage: true,
-        tags: true,
-        publishedAt: true,
-        seoTitle: true,
-        seoDesc: true,
-        views: true,
-        author: { select: { name: true } },
-      },
-    }),
-    prisma.post.count({ where }),
-  ]);
-
-  return NextResponse.json({ posts, total, pages: Math.ceil(total / limit), page });
-}