feat(frontend): /admin dashboard with users/mangas/system views (0.41.0)
Adds the SvelteKit /admin route tree backed by the admin endpoints landed in PR 1-4. Pages: Overview (alerts + summary cards), Users (list / promote-demote / delete), Mangas (list with sync state + expandable per-chapter state), System (live disk/mem/cpu bars, refreshing every 5s). Security model: the backend's RequireAdmin extractor is the actual boundary. /admin/+layout.ts calls getSystemStats() at load and translates the response — 401 → redirect to /login, 403 → throw SvelteKit error(403) which renders the framework error page. The header's "Admin" link is hidden unless `session.user?.is_admin`, but that's UX only. Carries `is_admin: boolean` through to the frontend User TS type so the header check works and so admin tables can show role per row. Vitest covers lib/api/admin.ts (10 tests: list/delete/PATCH for users, sync-state filter for mangas, nested chapter route, system disk-nullable case). Playwright is intentionally deferred until the routes stabilise — admin UI is operator-only and changes shape often in v0.
This commit is contained in:
MechaCat02
31
frontend/src/routes/admin/+layout.ts
Normal file
31
frontend/src/routes/admin/+layout.ts
Normal file
@@ -0,0 +1,31 @@
|
||||
// /admin gate. The backend's RequireAdmin extractor is the actual
|
||||
// security boundary — this load function just calls a tiny admin
|
||||
// endpoint and translates the response into either a redirect (no
|
||||
// session) or SvelteKit's framework error page (403 forbidden).
|
||||
// The session.user?.is_admin check elsewhere is UX only.
|
||||
//
|
||||
// `ssr=false` because the session store is browser-only (see
|
||||
// $lib/session.svelte.ts) — server-side load can't read the cookie
|
||||
// anyway in this app's deployment shape.
|
||||
|
||||
import { error, redirect } from '@sveltejs/kit';
|
||||
import { ApiError } from '$lib/api/client';
|
||||
import { getSystemStats } from '$lib/api/admin';
|
||||
import type { LayoutLoad } from './$types';
|
||||
|
||||
export const ssr = false;
|
||||
|
||||
export const load: LayoutLoad = async () => {
|
||||
try {
|
||||
const stats = await getSystemStats();
|
||||
return { stats };
|
||||
} catch (e) {
|
||||
if (e instanceof ApiError && e.status === 401) {
|
||||
throw redirect(302, '/login');
|
||||
}
|
||||
if (e instanceof ApiError && e.status === 403) {
|
||||
throw error(403, 'admin access required');
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
};
|
||||
Reference in New Issue
Block a user