back_end_oudelaa/oudelaa_dashboard/README.md

# Oudelaa SuperAdmin Dashboard

Next.js dashboard for SuperAdmin operations only.

## Run

```bash
npm install
npm run dev
```

## Environment

Set the backend base URL in `.env.local`:

```env
NEXT_PUBLIC_API_BASE_URL=http://127.0.0.1:4001/api/v1
API_BASE_URL=http://127.0.0.1:4001/api/v1
```

For LAN/mobile testing, use the machine IP instead of `127.0.0.1`, for example:

```env
NEXT_PUBLIC_API_BASE_URL=http://192.168.1.12:4001/api/v1
API_BASE_URL=http://192.168.1.12:4001/api/v1
```

The dashboard uses the internal proxy route at `app/api/proxy/[...path]/route.ts`, so the browser never calls the Nest API directly.

## Authentication Contract

- Login: `POST /auth/superadmin/login`
- Refresh: `POST /auth/superadmin/refresh`
- Logout: `POST /auth/superadmin/logout`
- Sessions: `GET /auth/superadmin/sessions`
- Revoke session: `POST /auth/superadmin/sessions/:sessionId/revoke`

This dashboard must not depend on user-token routes unless the backend exposes a dedicated `admin` or `superadmin` variant for the same data.

## Implemented Pages

- `/dashboard`: executive overview
- `/users`: SuperAdmin user management with search, pagination, and profile overview
- `/analytics`: platform metrics snapshot
- `/content`: post and comment moderation
- `/marketplace`: listing and repair-shop moderation
- `/notifications`: platform notifications center
- `/messages`: interaction follow-up view
- `/security`: session management and audit log
- `/settings`: live operational settings, connection info, and session controls
- `/orders`: marketplace operations queue

## Key Frontend Contracts

- Users:
  - `GET /users/admin`
  - `GET /users/admin/admins`
  - `GET /users/admin/discover`
  - `GET /users/admin/:id/profile-overview`
- Content moderation:
  - `GET /posts/admin/moderation`
  - `DELETE /posts/admin/:postId`
  - `GET /comments/admin`
  - `DELETE /comments/admin/:commentId`
- Marketplace moderation:
  - `GET /marketplace/superadmin/listings`
  - `PATCH /marketplace/superadmin/listings/:id/status`
  - `DELETE /marketplace/superadmin/listings/:id`
  - `GET /marketplace/superadmin/repair-shops`
  - `PATCH /marketplace/superadmin/repair-shops/:id/status`
  - `DELETE /marketplace/superadmin/repair-shops/:id`
- Platform monitoring:
  - `GET /notifications/superadmin`
  - `GET /audit/superadmin/logs`
  - `GET /superadmin/overview`
  - `GET /superadmin/charts`
  - `GET /superadmin/recent-activity`
  - `GET /superadmin/reports`
  - `GET /superadmin/settings`
  - `PATCH /superadmin/settings`
  - `PATCH /superadmin/posts/:id/status`
  - `PATCH /superadmin/comments/:id/status`
  - `PATCH /superadmin/users/:id/status`

## Notes

- The dashboard stores SuperAdmin session tokens in secure `httpOnly` cookies through the internal proxy route.
- `AuthGuard` attempts refresh when the access token is expired.
- Marketplace and content pages assume the backend pagination contract returns a `pagination` object.