Admin Dashboard

The starter kit includes a comprehensive admin dashboard for managing all aspects of your application.

Access

Navigate to /dashboard/admin (requires admin role).

Overview

The admin dashboard provides:

• 📊 Dashboard - Key metrics and statistics
• 👥 User Management - View and manage all users
• 📝 Blog Management - Create and edit blog posts
• 📧 Email Templates - Customize transactional emails
• 💳 Subscription Plans - Manage pricing and plans
• 🔒 Security Logs - Audit trail of security events
• 📬 Contact Submissions - View contact form entries
• 📋 Waitlist - Manage waitlist signups
• ⭐ Testimonials - Approve and manage testimonials
• ❓ FAQs - Manage FAQ content
• 📰 Changelog - Publish product updates
• 🎯 Marketing - Control banners and popups
• 💬 Feedback - User feedback and feature requests

Dashboard Statistics

Overview Cards

// Key metrics displayed
{
  totalUsers: number;
  activeSubscriptions: number;
  monthlyRevenue: number;
  blogPosts: number;
  contactSubmissions: number;
  waitlistCount: number;
}

Charts

• User Growth - New users over time
• Revenue - Monthly recurring revenue (MRR)
• Subscription Distribution - Plan breakdown
• Engagement - Blog views, likes, comments

Recent Activity

• Latest user signups
• Recent blog posts
• New contact submissions
• Failed login attempts

User Management

Navigate to /dashboard/admin/user-management.

Features

View All Users:

• List view with pagination
• Search by name or email
• Filter by role (user/admin)
• Filter by status (active/banned)

User Details:

• Profile information
• Subscription status
• Activity history
• Security events

Actions:

• Promote to admin
• Demote to user
• Ban user
• Unban user
• View full audit log

Promoting Users

// Promote user to admin
async function promoteToAdmin(userId: string) {
  await db.update(user).set({ role: "admin" }).where(eq(user.id, userId));

  // Log security event
  await logSecurityEvent({
    eventType: "role_changed",
    userId,
    metadata: { newRole: "admin" },
  });
}

Banning Users

Ban a user:

1. Click "Ban User"
2. Provide reason
3. Set expiration (optional)
4. Confirm

Effects:

• User cannot sign in
• Active sessions terminated
• API requests blocked

Unban:

• Click "Unban User"
• User can sign in again

Blog Management

Navigate to /dashboard/admin/blog.

Post Management

Actions:

• Create new posts
• Edit existing posts
• Publish/unpublish
• Delete posts
• Bulk actions (publish, delete)

Post List:

• Filter by status (published/draft)
• Filter by category
• Filter by author
• Search posts
• Sort by date, views, likes

Categories & Tags:

• Manage categories at /dashboard/admin/blog/categories
• Manage tags at /dashboard/admin/blog/tags
• Create, edit, delete
• View post counts

Email Template Management

Navigate to /dashboard/admin/email-templates.

Template Editor

Features:

• Monaco code editor
• HTML and text versions
• Live preview
• Variable hints
• Test send

Templates:

• Welcome email
• Email verification
• Password reset
• Subscription emails
• Custom templates

Workflow:

1. Select template
2. Edit HTML/text
3. Preview changes
4. Test send to yourself
5. Save and activate

Subscription Plan Management

Navigate to /dashboard/admin/subscription-plans.

Managing Plans

View Plans:

• Free, Pro, Startup plans
• Pricing (monthly/yearly)
• Features list
• Limits
• Active status

Edit Plan:

• Update pricing
• Modify features
• Change limits
• Toggle visibility
• Set sort order

Sync with Stripe:

• Update Stripe Price IDs
• Sync pricing changes
• Verify integration

Security Audit Logs

Navigate to /dashboard/admin/security-logs.

Event Types

Authentication:

• User login
• User logout
• Failed login attempts
• Password resets
• Email verifications

Authorization:

• Role changes
• Permission denied
• Admin access

Data Access:

• File uploads
• File deletions
• Sensitive data access

System:

• Configuration changes
• Subscription updates
• Payment events

Filtering

Filter logs by:

• Event type
• User
• Severity (low, medium, high, critical)
• Date range
• Success/failure

Log Details

Each log entry shows:

{
  timestamp: Date;
  user: User | null;
  eventType: string;
  eventCategory: string;
  severity: "low" | "medium" | "high" | "critical";
  description: string;
  ipAddress: string;
  userAgent: string;
  requestPath: string;
  metadata: object;
  success: boolean;
}

Contact Submissions

Navigate to /dashboard/admin/contact-submissions.

Managing Submissions

View Submissions:

• All contact form entries
• Mark as read/unread
• Filter by status
• Search by name/email

Submission Details:

{
  fullName: string;
  email: string;
  phone: string;
  company: string;
  subject: string;
  message: string;
  createdAt: Date;
  read: boolean;
  readAt: Date | null;
}

Actions:

• Mark as read
• Reply via email
• Delete submission
• Export to CSV

Waitlist Management

Navigate to /dashboard/admin/waitlist.

Settings

Configure waitlist:

• Enable/disable waitlist
• Custom title and description
• Success message
• Auto-invite settings

Managing Entries

View Entries:

• Email address
• Name
• Metadata
• Status (pending, invited, joined)
• Sign-up date

Actions:

• Invite users (send email)
• Mark as joined
• Export list
• Bulk invite

Testimonial Management

Navigate to /dashboard/admin/testimonials.

Approval Workflow

Pending Testimonials:

• Submitted by users
• Awaiting admin approval
• Preview before publishing

Actions:

• Approve (show on website)
• Reject (with optional reason)
• Edit content
• Delete

Published Testimonials:

• Visible on marketing pages
• Can unpublish or edit
• Reorder display

FAQ Management

Navigate to /dashboard/admin/faqs.

Managing FAQs

Create FAQ:

• Question
• Answer (rich text)
• Category
• Sort order
• Published status

Actions:

• Edit FAQs
• Reorder (drag & drop)
• Publish/unpublish
• Delete
• Categorize

Categories:

• General
• Billing
• Technical
• Account
• Custom categories

Changelog Management

Navigate to /dashboard/admin/changelog.

Publishing Updates

Create Entry:

• Version number (1.0.0)
• Title
• Content (rich text)
• Type (feature, bugfix, improvement, breaking)
• Publish status

Features:

• Markdown support
• Code highlighting
• Image uploads
• Publish scheduling

Marketing Controls

Navigate to /dashboard/admin/marketing.

Marketing Banner

Configure Banner:

• Description text
• Link text and URL
• Color scheme
• Visibility toggle

Display:

• Shows at top of all pages
• Dismissible by users
• A/B testing support

Marketing Popups

Create Popups:

• Title and content
• CTA button
• Trigger conditions
• Display frequency
• Target pages

Types:

• Newsletter signup
• Special offers
• Announcements
• Exit intent

Feedback Management

Navigate to /dashboard/admin/feedback.

User Feedback

View Feedback:

• Type (bug, feature, general)
• Message
• Page URL
• User info
• Status

Actions:

• Change status (pending → in progress → completed)
• Add admin notes
• Reply to user
• Mark as rejected

Statuses:

• Pending (new)
• In Progress (working on it)
• Completed (done)
• Rejected (won't fix)

Admin API Endpoints

User Management

// POST /api/admin/users/promote
POST /api/admin/users/promote
Body: { userId: string }

// POST /api/admin/users/ban
POST /api/admin/users/ban
Body: { userId: string, reason: string, expires?: Date }

Blog Management

// POST /api/blog (admin only)
POST /api/blog
Body: { title, content, ... }

// PUT /api/blog/[id] (admin only)
PUT /api/blog/123
Body: { title, content, ... }

// DELETE /api/blog/[id] (admin only)
DELETE /api/blog/123

Subscription Plans

// PUT /api/admin/subscription-plans/[id]
PUT /api/admin/subscription-plans/plan-123
Body: { priceMonthly, features, ... }

Permissions & Security

Admin-Only Routes

All admin routes are protected:

// Server component
export default async function AdminPage() {
  const session = await requireAuth("admin");
  // Only admins can access
}

// API route
export async function POST(request: Request) {
  const session = await auth.api.getSession({
    headers: request.headers,
  });

  if (session?.user?.role !== "admin") {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }

  // Admin-only logic
}

Action Logging

All admin actions are logged:

await logSecurityEvent({
  eventType: "user_role_changed",
  userId: targetUserId,
  severity: "high",
  description: `User promoted to admin by ${adminUser.email}`,
  metadata: {
    previousRole: "user",
    newRole: "admin",
    changedBy: adminUser.id,
  },
});

Best Practices

1. Regular Audits - Review security logs weekly
2. Backup Data - Export important data regularly
3. Limit Admin Access - Only promote trusted users
4. Monitor Metrics - Watch for unusual activity
5. Test Changes - Preview before publishing
6. Document Actions - Add notes to important changes
7. Communicate - Notify users of important updates

Customization

Adding Admin Pages

1. Create page in app/dashboard/admin/
2. Add to navigation
3. Protect with requireAuth("admin")

// app/dashboard/admin/custom/page.tsx
import { requireAuth } from "@/lib/requireAuth";

export default async function CustomAdminPage() {
  await requireAuth("admin");

  return (
    <div>
      <h1>Custom Admin Feature</h1>
      {/* Your admin UI */}
    </div>
  );
}

Adding Admin API Routes

// app/api/admin/custom/route.ts
import { auth } from "@/lib/auth";

export async function POST(request: Request) {
  const session = await auth.api.getSession({
    headers: request.headers,
  });

  if (session?.user?.role !== "admin") {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }

  // Your admin logic

  // Log the action
  await logSecurityEvent({
    eventType: "custom_admin_action",
    userId: session.user.id,
    severity: "medium",
    description: "Custom admin action performed",
  });

  return NextResponse.json({ success: true });
}

Next Steps