Consolidate docs and finalize APK companion updates
This commit is contained in:
Dwindi Ramadhana
@@ -1,61 +1,109 @@
|
||||
# Admin Dashboard Plan (Power Control)
|
||||
# Dashboard Plan (Admin + User)
|
||||
|
||||
This is the internal control panel used to keep Dewemoji **safe, clean, and reliable**.
|
||||
This file is the single dashboard planning and operations reference.
|
||||
|
||||
## Purpose
|
||||
## 1) Dashboard objectives
|
||||
|
||||
- Moderate public keywords and votes.
|
||||
- Manage licenses and activations.
|
||||
- Monitor system health and data pipelines.
|
||||
1. Operate Dewemoji safely (subscriptions, webhooks, settings).
|
||||
2. Manage Personal plan lifecycle and pricing.
|
||||
3. Give Personal users fast keyword/API key management.
|
||||
|
||||
## Phase 1 (MVP — must‑have)
|
||||
## 2) Current admin routes (implemented)
|
||||
|
||||
### 1) Public keyword moderation
|
||||
- View **public_pending** keyword queue.
|
||||
- Approve / reject / block keyword.
|
||||
- See emoji, language, proposer, vote counts.
|
||||
- `GET /dashboard/admin/analytics`
|
||||
- `GET /dashboard/admin/users`
|
||||
- `POST /dashboard/admin/users/tier`
|
||||
- `GET /dashboard/admin/subscriptions`
|
||||
- `POST /dashboard/admin/subscriptions/grant`
|
||||
- `POST /dashboard/admin/subscriptions/revoke`
|
||||
- `GET /dashboard/admin/pricing`
|
||||
- `POST /dashboard/admin/pricing/update`
|
||||
- `POST /dashboard/admin/pricing/reset`
|
||||
- `GET /dashboard/admin/webhooks`
|
||||
- `POST /dashboard/admin/webhooks/{id}/replay`
|
||||
- `GET /dashboard/admin/settings`
|
||||
- `POST /dashboard/admin/settings/update`
|
||||
|
||||
### 2) Abuse controls
|
||||
- Blocklist terms.
|
||||
- Quick “hide” keyword from public search.
|
||||
- Soft‑ban repeated abusive accounts.
|
||||
## 3) Admin module scope
|
||||
|
||||
### 3) License management
|
||||
- Lookup by license key.
|
||||
- See activations (device_id, product).
|
||||
- Revoke activation or whole license.
|
||||
### Analytics
|
||||
|
||||
### 4) System health
|
||||
- Last JSON rebuild time.
|
||||
- Dataset counts (emojis, keywords).
|
||||
- API usage summary (daily).
|
||||
- user/subscription/payment/webhook totals
|
||||
- recent webhook and billing activity
|
||||
|
||||
### 5) Price control (Personal plan)
|
||||
- Set IDR pricing for Monthly / Annual / Lifetime.
|
||||
- Optional USD display override (approx only).
|
||||
- Toggle payment rails (PayPal / QRIS).
|
||||
- Effective date + change log (who changed, when).
|
||||
### Users
|
||||
|
||||
## Phase 2 (Nice‑to‑have)
|
||||
- filter by tier/role/search
|
||||
- controlled tier update operations
|
||||
|
||||
- AI moderation log viewer.
|
||||
- Turnstile failure analytics.
|
||||
- Contributor leaderboard.
|
||||
- Email queue status.
|
||||
- Scheduled job history.
|
||||
- Pricing experiment history.
|
||||
### Subscriptions and payments
|
||||
|
||||
## Suggested navigation
|
||||
- grant/revoke workflows
|
||||
- provider/status visibility (`paypal`, `qris/pakasir`, `admin`)
|
||||
- pending/paid/failed/expired status clarity
|
||||
|
||||
- **Dashboard** (health, quick stats)
|
||||
- **Keywords** (pending + public)
|
||||
- **Licenses**
|
||||
- **Users**
|
||||
- **System** (jobs, JSON rebuild, logs)
|
||||
### Webhooks
|
||||
|
||||
## Access control
|
||||
- recent events list
|
||||
- replay support
|
||||
- idempotency-safe processing expectations
|
||||
|
||||
- Admin login uses **magic‑link/OTP session** + **role=admin** check.
|
||||
- `X-Admin-Token` is **dev/internal only** (disable in prod).
|
||||
- No IP allowlist required (dynamic ISP friendly).
|
||||
- Log all actions (who approved / rejected / revoked).
|
||||
### Pricing
|
||||
|
||||
- edit plan values and provider toggles
|
||||
- preserve change log snapshots for auditability
|
||||
|
||||
### Settings
|
||||
|
||||
- maintenance flag
|
||||
- public access guard values (`public_enforce`, origins, extension IDs, hourly limit)
|
||||
|
||||
## 4) User dashboard scope
|
||||
|
||||
### User states
|
||||
|
||||
1. visitor: no dashboard
|
||||
2. free logged-in: dashboard access with locked personalization areas
|
||||
3. personal: full access
|
||||
|
||||
### User modules
|
||||
|
||||
- Overview (summary metrics)
|
||||
- My Keywords (CRUD, filter, import/export)
|
||||
- API Keys (create/revoke)
|
||||
- Billing (current plan + payment history + resume pending)
|
||||
- Preferences (theme/tone; optional expansion)
|
||||
|
||||
### UX priority
|
||||
|
||||
- quick-add keywords on emoji detail pages (primary)
|
||||
- dashboard bulk management (secondary)
|
||||
|
||||
## 5) Billing integration expectations
|
||||
|
||||
Target data model coverage:
|
||||
|
||||
- `orders`
|
||||
- `payments`
|
||||
- `subscriptions`
|
||||
- `webhook_events`
|
||||
|
||||
Required runtime behaviors:
|
||||
|
||||
1. webhook-confirmed status transitions
|
||||
2. pending checkout cooldown enforcement
|
||||
3. resume pending checkout from billing page
|
||||
4. safe downgrade when no active subscription remains
|
||||
|
||||
## 6) Access and security
|
||||
|
||||
- Admin access is role-based session auth (`users.role = admin`).
|
||||
- `X-Admin-Token` should remain internal/dev usage only.
|
||||
- Log sensitive actions (tier changes, pricing updates, manual grants/revokes, webhook replays).
|
||||
|
||||
## 7) Implementation priorities
|
||||
|
||||
1. strengthen payments/subscriptions observability
|
||||
2. finalize user dashboard CRUD ergonomics
|
||||
3. enforce non-destructive confirmations for sensitive admin actions
|
||||
4. add pagination/filter/sorting consistency across large admin lists
|
||||
|
||||
Reference in New Issue
Block a user