Refactor authentication system with tier-based access control

- Replace group-based auth with user/board/admin tier system - Add direct login functionality alongside OAuth - Implement role-based middleware for route protection - Create dashboard pages and admin API endpoints - Add error handling page and improved user management - Maintain backward compatibility with legacy role methods
2025-08-07 12:28:41 +02:00
parent 2c2c0f5c33
commit cd29123e23
15 changed files with 1893 additions and 57 deletions
--- a/server/api/admin/stats.get.ts
+++ b/server/api/admin/stats.get.ts
@@ -0,0 +1,88 @@
+export default defineEventHandler(async (event) => {
+  console.log('📊 Admin stats requested at:', new Date().toISOString());
+  
+  try {
+    // Check if user is admin (middleware should handle this, but double-check)
+    const sessionManager = createSessionManager();
+    const cookieHeader = getHeader(event, 'cookie');
+    const session = sessionManager.getSession(cookieHeader);
+    
+    if (!session || session.user.tier !== 'admin') {
+      console.warn('🚨 Unauthorized admin stats access attempt');
+      throw createError({
+        statusCode: 403,
+        statusMessage: 'Admin access required'
+      });
+    }
+    
+    console.log('✅ Admin access verified for user:', session.user.email);
+    
+    // For now, return mock data - later integrate with actual data sources
+    const stats = {
+      totalUsers: 156,
+      activeUsers: 45,
+      totalSessions: 67,
+      systemHealth: 'healthy',
+      lastBackup: new Date().toISOString(),
+      diskUsage: '45%',
+      memoryUsage: '62%',
+      recentActivity: [
+        { 
+          action: 'User login', 
+          user: 'john@example.com', 
+          timestamp: new Date(Date.now() - 2 * 60 * 60 * 1000).toISOString(),
+          type: 'info'
+        },
+        { 
+          action: 'Password reset', 
+          user: 'jane@example.com', 
+          timestamp: new Date(Date.now() - 4 * 60 * 60 * 1000).toISOString(),
+          type: 'warning'
+        },
+        { 
+          action: 'User created', 
+          user: 'admin@monacousa.org', 
+          timestamp: new Date(Date.now() - 6 * 60 * 60 * 1000).toISOString(),
+          type: 'success'
+        }
+      ],
+      systemMetrics: {
+        cpu: 45,
+        memory: 62,
+        disk: 38,
+        uptime: '5d 12h 30m'
+      },
+      securityAlerts: [
+        {
+          id: 1,
+          title: 'Failed Login Attempts',
+          description: '3 failed login attempts detected',
+          severity: 'medium',
+          timestamp: new Date(Date.now() - 1 * 60 * 60 * 1000).toISOString()
+        },
+        {
+          id: 2,
+          title: 'System Update Available',
+          description: 'Security update available for Keycloak',
+          severity: 'low',
+          timestamp: new Date(Date.now() - 12 * 60 * 60 * 1000).toISOString()
+        }
+      ]
+    };
+    
+    console.log('✅ Admin stats retrieved successfully');
+    return stats;
+    
+  } catch (error: any) {
+    console.error('❌ Admin stats error:', error);
+    
+    if (error.statusCode) {
+      throw error;
+    }
+    
+    throw createError({
+      statusCode: 500,
+      statusMessage: 'Failed to retrieve system statistics'
+    });
+  }
+});