i18n-dashboard 0.1.0

package/pages/users/index.vue

@@ -0,0 +1,345 @@
+<template>
+  <div class="p-6">
+    <div class="flex items-center justify-between mb-6">
+      <div>
+        <h1 class="text-2xl font-bold text-gray-900 dark:text-white">{{ t('users.all_title', 'All users') }}</h1>
+        <p class="text-gray-500 dark:text-gray-400 mt-0.5 text-sm">{{ t('users.subtitle', 'Manage dashboard access') }}</p>
+      </div>
+      <UButton icon="i-heroicons-plus" @click="openAdd">{{ t('users.add', 'Add a user') }}</UButton>
+    </div>
+
+    <!-- Users table -->
+    <UCard>
+      <div v-if="pending" class="space-y-3">
+        <USkeleton v-for="i in 4" :key="i" class="h-12" />
+      </div>
+      <div v-else-if="!users.length" class="text-center py-12">
+        <UIcon name="i-heroicons-users" class="text-4xl text-gray-300 mb-2" />
+        <p class="text-gray-400">{{ t('users.none', 'No users') }}</p>
+      </div>
+      <div v-else class="divide-y divide-gray-100 dark:divide-gray-800">
+        <div
+            v-for="user in users"
+            :key="user.id"
+            class="flex items-center justify-between py-3 gap-4 cursor-pointer hover:bg-gray-50 dark:hover:bg-gray-800/50 rounded-lg px-2 -mx-2 transition-colors"
+            @click="router.push(`/users/${user.id}/profile`)"
+        >
+          <div class="flex items-center gap-3 min-w-0">
+            <div class="w-9 h-9 rounded-full bg-primary-100 dark:bg-primary-900/30 flex items-center justify-center shrink-0">
+              <span class="text-sm font-bold text-primary-600 dark:text-primary-400">
+                {{ user.name.charAt(0).toUpperCase() }}
+              </span>
+            </div>
+            <div class="min-w-0">
+              <div class="flex items-center gap-2">
+                <p class="font-medium text-gray-900 dark:text-white text-sm truncate">{{ user.name }}</p>
+                <UBadge v-if="user.is_super_admin" size="xs" color="error">Super Admin</UBadge>
+                <UBadge v-if="!user.is_active" size="xs" color="neutral" variant="outline">{{ t('users.inactive', 'Inactive') }}</UBadge>
+              </div>
+              <p class="text-xs text-gray-400 truncate">{{ user.email }}</p>
+            </div>
+          </div>
+
+          <!-- Roles summary -->
+          <div class="flex flex-wrap gap-1 flex-1 justify-center">
+            <template v-if="user.roles?.length">
+              <UBadge
+                  v-for="r in user.roles.slice(0, 3)"
+                  :key="`${r.project_id}-${r.role}`"
+                  size="xs"
+                  :color="roleColor(r.role)"
+                  variant="soft"
+              >
+                {{ r.project_id === null ? t('users.global_access', 'Global') : r.project_name }} · {{ roleLabel(r.role) }}
+              </UBadge>
+              <UBadge v-if="user.roles.length > 3" size="xs" color="neutral" variant="soft">
+                +{{ user.roles.length - 3 }}
+              </UBadge>
+            </template>
+            <span v-else class="text-xs text-gray-400 italic">{{ t('users.no_role', 'No role') }}</span>
+          </div>
+
+          <div class="flex items-center gap-2 shrink-0" @click.stop>
+            <span class="text-xs text-gray-400">
+              {{ user.last_login_at ? formatRelative(user.last_login_at) : t('users.never_connected', 'Never logged in') }}
+            </span>
+            <UDropdownMenu :items="userActions(user)">
+              <UButton icon="i-heroicons-ellipsis-vertical" color="neutral" variant="ghost" size="xs" />
+            </UDropdownMenu>
+          </div>
+        </div>
+      </div>
+    </UCard>
+
+    <!-- Add user modal -->
+    <UModal v-model:open="showModal" :title="t('users.add_user_title', 'Add a user')">
+      <template #body>
+        <div class="space-y-4">
+          <div class="grid grid-cols-2 gap-4">
+            <UFormField :label="t('users.full_name', 'Full name')" required>
+              <UInput v-model="form.name" placeholder="Marie Dupont" class="w-full" />
+            </UFormField>
+            <UFormField :label="t('login.email', 'Email')" required>
+              <UInput v-model="form.email" type="email" placeholder="marie@example.com" class="w-full" />
+            </UFormField>
+          </div>
+
+          <UFormField :label="t('users.role_label', 'Role')" required>
+            <USelect v-model="form.role" :items="roleOptions" class="w-full" />
+          </UFormField>
+
+          <UFormField :label="t('users.project_access_label', 'Project access')">
+            <div class="space-y-2">
+              <UCheckbox v-model="form.global_access" :label="t('users.global_access_label', 'Global access (all projects)')" />
+              <div v-if="!form.global_access" class="space-y-1 pl-1">
+                <UCheckbox
+                    v-for="p in projects"
+                    :key="p.id"
+                    :label="p.name"
+                    :model-value="form.project_ids.includes(p.id)"
+                    @update:model-value="toggleProject(p.id, $event)"
+                />
+              </div>
+            </div>
+          </UFormField>
+
+          <div class="bg-blue-50 dark:bg-blue-900/20 rounded-lg p-3">
+            <p class="text-xs text-blue-600 dark:text-blue-400">
+              <UIcon name="i-heroicons-information-circle" class="inline mr-1" />
+              {{ t('users.temp_password_info', 'A temporary password will be generated and shown below.') }}
+            </p>
+          </div>
+
+          <div v-if="createdTempPassword" class="bg-green-50 dark:bg-green-900/20 rounded-lg p-3">
+            <p class="text-xs text-green-700 dark:text-green-300 font-medium mb-1">
+              <UIcon name="i-heroicons-key" class="inline mr-1" />
+              {{ t('users.temp_password_label', 'Temporary password (copy it now):') }}
+            </p>
+            <div class="flex items-center gap-2">
+              <code class="text-sm font-mono text-green-800 dark:text-green-200 flex-1">{{ createdTempPassword }}</code>
+              <UButton size="xs" icon="i-heroicons-clipboard" color="neutral" variant="ghost" @click="copyTemp" />
+            </div>
+          </div>
+        </div>
+      </template>
+      <template #footer>
+        <div class="flex justify-end gap-3">
+          <UButton color="neutral" variant="ghost" @click="closeModal">
+            {{ createdTempPassword ? t('common.close', 'Close') : t('common.cancel', 'Cancel') }}
+          </UButton>
+          <UButton v-if="!createdTempPassword" :loading="saving" @click="saveUser">{{ t('common.create', 'Create') }}</UButton>
+        </div>
+      </template>
+    </UModal>
+
+    <!-- Roles modal -->
+    <UModal v-model:open="showRolesModal" :title="t('users.manage_access_title', 'Manage access')">
+      <template #body>
+        <div class="space-y-4">
+          <div class="flex items-center gap-3 pb-4 border-b border-gray-100 dark:border-gray-800">
+            <div class="w-10 h-10 rounded-full bg-primary-100 dark:bg-primary-900/30 flex items-center justify-center shrink-0">
+              <span class="font-bold text-primary-600 dark:text-primary-400">
+                {{ rolesUser?.name.charAt(0).toUpperCase() }}
+              </span>
+            </div>
+            <div>
+              <p class="font-semibold text-gray-900 dark:text-white text-sm">{{ rolesUser?.name }}</p>
+              <p class="text-xs text-gray-400">{{ rolesUser?.email }}</p>
+            </div>
+          </div>
+
+          <div class="space-y-2">
+            <div
+                v-for="item in rolesForm"
+                :key="item.project_id ?? 'global'"
+                class="flex items-center justify-between gap-3"
+            >
+              <div class="flex items-center gap-2 min-w-0 flex-1">
+                <UIcon v-if="item.project_id === null" name="i-heroicons-globe-alt" class="text-gray-400 shrink-0" />
+                <span v-else class="w-2 h-2 rounded-full shrink-0" :class="`bg-${item.project_color || 'primary'}-500`" />
+                <span class="text-sm text-gray-700 dark:text-gray-300 truncate">{{ item.project_name }}</span>
+              </div>
+              <USelect v-model="item.role" :items="accessOptions" class="w-44 shrink-0" />
+            </div>
+          </div>
+        </div>
+      </template>
+      <template #footer>
+        <div class="flex justify-end gap-3">
+          <UButton color="neutral" variant="ghost" @click="showRolesModal = false">{{ t('common.cancel', 'Cancel') }}</UButton>
+          <UButton :loading="rolesSaving" @click="saveRoles">{{ t('common.save', 'Save') }}</UButton>
+        </div>
+      </template>
+    </UModal>
+
+    <!-- Delete confirm -->
+    <UModal v-model:open="showDeleteConfirm" :title="t('users.delete_user_title', 'Delete user')">
+      <template #body>
+        <p class="text-gray-600 dark:text-gray-400">
+          {{ t('users.delete_confirm', 'Permanently delete') }} <strong>{{ deletingUser?.name }}</strong>?
+          {{ t('users.delete_warning', 'All their data will be deleted.') }}
+        </p>
+        <p class="text-red-500 text-sm mt-2 font-medium">{{ t('common.irreversible', 'This action is irreversible.') }}</p>
+      </template>
+      <template #footer>
+        <div class="flex justify-end gap-3">
+          <UButton color="neutral" variant="ghost" @click="showDeleteConfirm = false">{{ t('common.cancel', 'Cancel') }}</UButton>
+          <UButton color="error" :loading="deleting" @click="deleteUser">{{ t('common.delete', 'Delete') }}</UButton>
+        </div>
+      </template>
+    </UModal>
+  </div>
+</template>
+
+<script setup lang="ts">
+  const router = useRouter()
+  const toast = useToast()
+  const { currentUser } = useAuth()
+  const { t } = useT()
+
+  // Guard: super admin only
+  watch(() => currentUser.value?.is_super_admin, (ok) => { if (ok === false) navigateTo('/') }, { immediate: true })
+
+  const showModal = ref(false)
+  const showDeleteConfirm = ref(false)
+  const showRolesModal = ref(false)
+  const deletingUser = ref<any>(null)
+  const createdTempPassword = ref('')
+
+  const rolesUser = ref<any>(null)
+  const rolesForm = ref<Array<{
+    project_id: number | null
+    project_name: string
+    project_color: string | null
+    role: string
+  }>>([])
+
+  const form = ref({ name: '', email: '', role: 'translator', project_ids: [] as number[], global_access: false })
+
+  const roleOptions = computed(() => [
+    { label: t('users.role_translator', 'Translator'), value: 'translator' },
+    { label: t('users.role_moderator', 'Moderator'), value: 'moderator' },
+    { label: t('users.role_admin', 'Admin'), value: 'admin' },
+  ])
+
+  const accessOptions = computed(() => [
+    { label: t('users.no_access', 'No access'), value: 'none' },
+    { label: t('users.role_translator', 'Translator'), value: 'translator' },
+    { label: t('users.role_moderator', 'Moderator'), value: 'moderator' },
+    { label: t('users.role_admin', 'Admin'), value: 'admin' },
+  ])
+
+  const { projects } = useProject()
+  const { users, pending, saving, createUser, rolesSaving, updateRoles, toggleActive, deleting, deleteUser: doDeleteUser } = useUsers('global')
+
+  function roleLabel(role: string) {
+    return { translator: t('users.role_translator', 'Translator'), moderator: t('users.role_moderator', 'Moderator'), admin: t('users.role_admin', 'Admin') }[role] || role
+  }
+
+  function roleColor(role: string) {
+    return { translator: 'primary', moderator: 'warning', admin: 'success' }[role] || 'neutral'
+  }
+
+  function formatRelative(date: string) {
+    const diff = Date.now() - new Date(date).getTime()
+    const min = Math.floor(diff / 60000)
+    if (min < 1) return t('common.just_now', 'just now')
+    if (min < 60) return `${t('common.ago', 'ago')} ${min}min`
+    const h = Math.floor(min / 60)
+    if (h < 24) return `${t('common.ago', 'ago')} ${h}h`
+    return `${t('common.ago', 'ago')} ${Math.floor(h / 24)}d`
+  }
+
+  function toggleProject(id: number, checked: boolean) {
+    if (checked) form.value.project_ids = [...form.value.project_ids, id]
+    else form.value.project_ids = form.value.project_ids.filter((p) => p !== id)
+  }
+
+  function userActions(user: any) {
+    const isSelf = user.id === currentUser.value?.id
+    const canEdit = !user.is_super_admin && !isSelf
+
+    return [
+      [
+        ...(canEdit ? [{
+          label: t('users.manage_access', 'Manage access'),
+          icon: 'i-heroicons-shield-check',
+          onSelect: () => openRoles(user),
+        }] : []),
+        {
+          label: user.is_active ? t('users.deactivate', 'Deactivate') : t('users.reactivate', 'Reactivate'),
+          icon: user.is_active ? 'i-heroicons-pause' : 'i-heroicons-play',
+          onSelect: () => toggleActive(user),
+        },
+      ],
+      [
+        {
+          label: t('common.delete', 'Delete'),
+          icon: 'i-heroicons-trash',
+          color: 'error' as const,
+          onSelect: () => { deletingUser.value = user; showDeleteConfirm.value = true },
+        },
+      ],
+    ]
+  }
+
+  function openAdd() {
+    createdTempPassword.value = ''
+    form.value = { name: '', email: '', role: 'translator', project_ids: [], global_access: false }
+    showModal.value = true
+  }
+
+  function openRoles(user: any) {
+    rolesUser.value = user
+    const globalRole = user.roles?.find((r: any) => r.project_id === null)
+    rolesForm.value = [
+      {
+        project_id: null,
+        project_name: t('users.global_access_all', 'Global access (all projects)'),
+        project_color: null,
+        role: globalRole?.role ?? 'none',
+      },
+      ...projects.value.map((p: any) => {
+        const existing = user.roles?.find((r: any) => r.project_id === p.id)
+        return {
+          project_id: p.id,
+          project_name: p.name,
+          project_color: p.color ?? null,
+          role: existing?.role ?? 'none',
+        }
+      }),
+    ]
+    showRolesModal.value = true
+  }
+
+  function closeModal() {
+    showModal.value = false
+    createdTempPassword.value = ''
+  }
+
+  async function saveUser() {
+    if (!form.value.name || !form.value.email) return
+    const tempPassword = await createUser({ ...form.value })
+    if (tempPassword) createdTempPassword.value = tempPassword
+  }
+
+  async function saveRoles() {
+    const roles = rolesForm.value.map(({ project_id, role }) => ({
+      project_id,
+      role: role === 'none' ? null : role,
+    }))
+    const ok = await updateRoles(rolesUser.value.id, roles)
+    if (ok) showRolesModal.value = false
+  }
+
+  async function deleteUser() {
+    if (!deletingUser.value) return
+    const ok = await doDeleteUser(deletingUser.value.id)
+    if (ok) showDeleteConfirm.value = false
+  }
+
+  async function copyTemp() {
+    await navigator.clipboard.writeText(createdTempPassword.value)
+    toast.add({ title: t('common.copied', 'Copied!'), color: 'success' })
+  }
+</script>

package/plugins/loading.client.ts

@@ -0,0 +1,3 @@
+// NuxtLoadingIndicator is driven automatically by router navigation and useFetch.
+// No additional setup needed.
+export default defineNuxtPlugin(() => {})

package/plugins/ui-i18n.ts

@@ -0,0 +1,6 @@
+// Loads Dashboard UI translations on app startup (runs on both server and client)
+export default defineNuxtPlugin(async () => {
+  const { loadTranslations } = useT()
+  const cookie = useCookie('ui-lang', { default: () => 'en' })
+  await loadTranslations(cookie.value)
+})

package/server/api/auth/login.post.ts

@@ -0,0 +1,28 @@
+import bcrypt from 'bcryptjs'
+import { getDb } from '../../db/index'
+import { getSession } from '../../utils/auth.util'
+
+export default defineEventHandler(async (event) => {
+  const { email, password } = await readBody(event)
+
+  if (!email || !password) {
+    throw createError({ statusCode: 400, message: 'Email et mot de passe requis' })
+  }
+
+  const db = getDb()
+  const user = await db('users').where({ email: email.toLowerCase().trim(), is_active: true }).first()
+
+  if (!user || !(await bcrypt.compare(password, user.password_hash))) {
+    throw createError({ statusCode: 401, message: 'Email ou mot de passe incorrect' })
+  }
+
+  // Update last login
+  await db('users').where({ id: user.id }).update({ last_login_at: db.fn.now() })
+
+  // Set session
+  const session = await getSession(event)
+  await session.update({ userId: user.id })
+
+  const { password_hash, ...safeUser } = user
+  return safeUser
+})

package/server/api/auth/logout.post.ts

@@ -0,0 +1,7 @@
+import { getSession } from '../../utils/auth.util'
+
+export default defineEventHandler(async (event) => {
+  const session = await getSession(event)
+  await session.clear()
+  return { success: true }
+})

package/server/api/auth/me.get.ts

@@ -0,0 +1,11 @@
+import { getSession, getUserProfile } from '../../utils/auth.util'
+import { getDb } from '../../db/index'
+
+export default defineEventHandler(async (event) => {
+  const session = await getSession(event)
+  const userId = (session.data as any).userId
+  if (!userId) return null
+
+  const profile = await getUserProfile(userId)
+  return profile
+})

package/server/api/auth/me.put.ts

@@ -0,0 +1,31 @@
+import { getDb } from '../../db/index'
+import { getUserProfile } from '../../utils/auth.util'
+
+export default defineEventHandler(async (event) => {
+  const user = event.context.user
+  const { name, email } = await readBody(event)
+
+  if (!name?.trim() && !email?.trim()) {
+    throw createError({ statusCode: 400, message: 'At least one field (name or email) is required' })
+  }
+
+  const db = getDb()
+  const updates: Record<string, string> = {}
+
+  if (name?.trim()) {
+    updates.name = name.trim()
+  }
+
+  if (email?.trim()) {
+    const normalized = email.trim().toLowerCase()
+    const existing = await db('users').where({ email: normalized }).whereNot({ id: user.id }).first()
+    if (existing) {
+      throw createError({ statusCode: 409, message: 'This email is already in use' })
+    }
+    updates.email = normalized
+  }
+
+  await db('users').where({ id: user.id }).update(updates)
+
+  return getUserProfile(user.id)
+})

package/server/api/auth/password.put.ts

@@ -0,0 +1,27 @@
+import bcrypt from 'bcryptjs'
+import { getDb } from '../../db/index'
+import { requireAuth } from '../../utils/auth.util'
+
+export default defineEventHandler(async (event) => {
+  const user = await requireAuth(event)
+  const { current_password, new_password } = await readBody(event)
+
+  if (!current_password || !new_password) {
+    throw createError({ statusCode: 400, message: 'Mot de passe actuel et nouveau requis' })
+  }
+  if (new_password.length < 8) {
+    throw createError({ statusCode: 400, message: 'Le mot de passe doit contenir au moins 8 caractères' })
+  }
+
+  const db = getDb()
+  const fullUser = await db('users').where({ id: user.id }).first()
+
+  if (!(await bcrypt.compare(current_password, fullUser.password_hash))) {
+    throw createError({ statusCode: 401, message: 'Mot de passe actuel incorrect' })
+  }
+
+  const hash = await bcrypt.hash(new_password, 12)
+  await db('users').where({ id: user.id }).update({ password_hash: hash })
+
+  return { success: true }
+})

package/server/api/auth/status.get.ts

@@ -0,0 +1,16 @@
+import { getDb } from '../../db/index'
+import { getSession } from '../../utils/auth.util'
+
+export default defineEventHandler(async (event) => {
+  const db = getDb()
+  const count = await db('users').count('* as count').first()
+  const hasUsers = Number((count as any)?.count || 0) > 0
+
+  const session = await getSession(event)
+  const isLoggedIn = !!(session.data as any).userId
+
+  const onboardingSetting = await db('settings').where({ key: 'onboarding_completed' }).first()
+  const onboardingCompleted = onboardingSetting?.value === 'true'
+
+  return { hasUsers, isLoggedIn, onboardingCompleted }
+})

package/server/api/config.get.ts

@@ -0,0 +1,10 @@
+import { readProjectConfig } from '../utils/project-config.util'
+
+export default defineEventHandler(() => {
+  const config = readProjectConfig()
+  return {
+    uiLanguages: config.uiLanguages || null,
+    defaultUiLanguage: config.defaultUiLanguage || null,
+    project: config.project || null,
+  }
+})

package/server/api/dashboard/layout.get.ts

@@ -0,0 +1,18 @@
+import { requireAuth } from '../../utils/auth.util'
+import { getDb } from '../../db/index'
+
+export default defineEventHandler(async (event) => {
+  const user = await requireAuth(event)
+  const db = getDb()
+
+  const settingKey = `dashboard_layout_${user.id}`
+  const row = await db('settings').where({ key: settingKey }).first()
+
+  if (!row || !row.value) return null
+
+  try {
+    return JSON.parse(row.value)
+  } catch {
+    return null
+  }
+})

package/server/api/dashboard/layout.post.ts

@@ -0,0 +1,18 @@
+import { requireAuth } from '../../utils/auth.util'
+import { getDb } from '../../db/index'
+
+export default defineEventHandler(async (event) => {
+  const user = await requireAuth(event)
+  const body = await readBody(event)
+  const db = getDb()
+
+  const settingKey = `dashboard_layout_${user.id}`
+  const value = JSON.stringify(body)
+
+  await db('settings')
+    .insert({ key: settingKey, value, updated_at: db.fn.now() })
+    .onConflict('key')
+    .merge()
+
+  return { ok: true }
+})

package/server/api/db-config.get.ts

@@ -0,0 +1,44 @@
+import { existsSync, readFileSync } from 'fs'
+import { resolve } from 'path'
+
+// Returns the current database configuration (read-only, no secrets)
+// ?checkPath=... can be used to check if a specific SQLite file path exists
+export default defineEventHandler((event) => {
+  const query = getQuery(event)
+  if (query.checkPath) {
+    const p = String(query.checkPath)
+    const resolved = p.startsWith('.') ? resolve(process.cwd(), p) : p
+    return { fileExists: existsSync(resolved) }
+  }
+  const config = useRuntimeConfig()
+
+  // Check for override file
+  const overridePath = resolve(process.cwd(), 'i18n-dashboard.db.json')
+  let override: Record<string, string> | null = null
+  if (existsSync(overridePath)) {
+    try { override = JSON.parse(readFileSync(overridePath, 'utf-8')) } catch { /* ignore */ }
+  }
+
+  const client = (override?.dbClient || config.dbClient as string) || 'better-sqlite3'
+
+  if (client === 'better-sqlite3' || client === 'sqlite3') {
+    const connection = (override?.dbConnection || config.dbConnection as string) || './i18n-dashboard.db'
+    const resolvedPath = connection.startsWith('.') ? resolve(process.cwd(), connection) : connection
+    return {
+      client,
+      type: 'sqlite',
+      connection,
+      fileExists: existsSync(resolvedPath),
+    }
+  }
+
+  return {
+    client,
+    type: client === 'pg' || client === 'postgresql' ? 'postgresql' : 'mysql',
+    host: (override?.dbHost || config.dbHost as string) || 'localhost',
+    port: (override?.dbPort || config.dbPort as string) || (client === 'mysql2' || client === 'mysql' ? '3306' : '5432'),
+    database: (override?.dbName || config.dbName as string) || 'i18n_dashboard',
+    user: (override?.dbUser || config.dbUser as string) || '',
+    // never expose password
+  }
+})

package/server/api/db-config.post.ts

@@ -0,0 +1,73 @@
+import knex from 'knex'
+import { existsSync, writeFileSync, mkdirSync } from 'fs'
+import { resolve, dirname } from 'path'
+import { resetDb, saveDbOverride, buildConnectionFromParams } from '../db/index'
+
+export default defineEventHandler(async (event) => {
+  const body = await readBody(event)
+  const { type, connection, host, port, user, password, database, createFile, testOnly } = body
+
+  // ── Create SQLite file only ──────────────────────────────────────────────────
+  if (createFile && type === 'sqlite') {
+    const filePath = connection || './i18n-dashboard.db'
+    const resolvedPath = filePath.startsWith('.') ? resolve(process.cwd(), filePath) : filePath
+    if (!existsSync(resolvedPath)) {
+      mkdirSync(dirname(resolvedPath), { recursive: true })
+      writeFileSync(resolvedPath, '')
+    }
+    return { success: true, fileExists: true }
+  }
+
+  // ── Build knex config from form values ──────────────────────────────────────
+  const dbClient = type === 'sqlite'
+    ? 'better-sqlite3'
+    : type === 'postgresql' ? 'pg' : 'mysql2'
+
+  const knexConfig = buildConnectionFromParams({
+    dbClient,
+    dbConnection: type === 'sqlite' ? connection : undefined,
+    dbHost: host,
+    dbPort: String(port || ''),
+    dbUser: user,
+    dbPassword: password,
+    dbName: database,
+  })
+
+  // ── Test connection ──────────────────────────────────────────────────────────
+  const testDb = knex(knexConfig)
+  try {
+    if (dbClient === 'better-sqlite3') {
+      testDb.raw('SELECT 1').toString() // synchronous check — knex will throw if path is invalid
+      await testDb.raw('SELECT 1')
+    } else {
+      await testDb.raw('SELECT 1')
+    }
+  } catch (e: any) {
+    await testDb.destroy().catch(() => {})
+    throw createError({ statusCode: 400, message: 'Connection failed: ' + (e.message || String(e)) })
+  }
+  await testDb.destroy()
+
+  // ── Test only — stop here, don't persist or reset ────────────────────────────
+  if (testOnly) {
+    return { success: true }
+  }
+
+  // ── Save override ────────────────────────────────────────────────────────────
+  const override: Record<string, string> = { dbClient }
+  if (type === 'sqlite') {
+    override.dbConnection = connection || './i18n-dashboard.db'
+  } else {
+    override.dbHost = host || 'localhost'
+    override.dbPort = String(port || (type === 'mysql' ? '3306' : '5432'))
+    override.dbUser = user || ''
+    override.dbPassword = password || ''
+    override.dbName = database || ''
+  }
+  saveDbOverride(override)
+
+  // ── Reset DB with new config ─────────────────────────────────────────────────
+  await resetDb(knexConfig)
+
+  return { success: true }
+})