marco/buildmymcpserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2ad4a7e34c
buildmymcpserver/apps/web/app/admin/layout.tsx
Marco Sadjadi 8334de13a8 feat(marketplace): template publish + fork + voting/ranking + admin moderation 
What this enables:
- A user builds an MCP server. If others would benefit, they click 'Publish as
  template' on their server detail page. The spec + pre-rendered TypeScript
  snapshot is preserved.
- Visitors browse /templates, filter by category, sort by trending/top/newest.
  Each template card shows fork count + active deployment count as natural
  manipulation-resistant popularity signal.
- /templates/[slug] shows the full plan: tool list with input schemas,
  required-credential explanations (with 'how to get one' deep links), and a
  collapsible code preview so users can audit before forking.
- Fork is one click → /servers/new?template=slug. The wizard skips Step 1 and
  pre-fills Step 2 with the template's parsed spec. Forker only fills in their
  own credentials. mcp_servers.template_id is recorded; template.fork_count is
  bumped atomically. Each fork gets its own isolated container with its own
  port, its own AES-256 secrets — the template author has zero visibility into
  the fork's traffic or data.
- Admin /admin/templates moderation: verify quality templates (shows shield
  badge in marketplace), hide low-effort ones, takedown anything malicious.
  Takedowns cascade-pause every fork container — owners must re-deploy.

Why template+fork instead of shared-container:
- Shared containers would mean the publisher's quota + their secrets + their
  logs are exposed to forkers. Bad ergonomics, bad security, bad ownership.
- Templates/forks decouple the spec (shared, vouched-for) from the runtime
  (isolated per user). Network-effect moat without the trust collapse.

Why no 5-star voting in v1:
- Manipulation-anfällig, empty lists without adoption. We use fork count +
  active deploys + verified badge. Trending algorithm:
    score = (activeDeploys * 3 + forks) / sqrt(ageDays + 1)
  Real signal, no brigading attack surface.

Backend:
- New schema: templates table (16 cols incl. tools_schema, generated_code,
  required_secrets, allowedDomains, status enum, verified, fork_count).
- mcp_servers.template_id FK + idx for fork lookup.
- @bmm/types: SpecEdit unchanged, CreateServerInput accepts optional templateId.
- preview-cache.ts: new cachePrebuiltCode/loadPrebuiltCode for storing the
  template's full rendered server.ts alongside the spec. Generator worker
  detects this and skips the render step — uses the audited pre-built code
  verbatim. Banned-pattern re-scan at publish time.
- routes/templates.ts: 5 public/auth routes + 2 admin routes. Banned-pattern
  re-scan before publish. Slug auto-uniqued. forkCount atomic-increment via
  SQL.

UI:
- /templates marketplace with trending/top/newest tabs, category filter, search.
  Cards show forks + live count + author + verified badge.
- /templates/[slug] full detail with tools, credentials-with-hints, expandable
  code preview, fork CTA, ownership + stats sidebar, 'forking is safe' explainer.
- /servers/new?template=slug — wizard auto-jumps to Step 2 with template spec
  pre-filled, fork banner at top with link back to template.
- /servers/[id] new Publish tab with title, category, descriptions, per-secret
  hint fields (description + howToGetUrl per UPPER_SNAKE_CASE key).
- /admin/templates moderation with verify/hide/takedown actions.
- Marketing nav now includes /templates.

Verified end-to-end:
- Published Echo Demo Template from marco@test.local's live server
- Marketplace lists it correctly with stats
- Detail page renders with all sections
- Fork CTA navigates to wizard with ?template= param
- Wizard skips Step 1, shows fork banner, pre-fills spec
- Build succeeds in ~10s (cached spec + prebuilt code path skips Claude AND
  render), container live on :4109 with proper OAuth 401 → token → 200 flow
- DB: templates.fork_count=1, activeDeployments=1, mcp_servers.template_id
  populated on the fork
- /admin/templates shows the new template with verify/hide/takedown controls
2026-05-19 23:22:35 +02:00

162 lines
5.3 KiB
TypeScript
Raw Blame History

'use client';
import Link from 'next/link';
import { usePathname, useRouter } from 'next/navigation';
import { useEffect, useState } from 'react';
import {
LayoutGrid,
Users,
Building2,
Server,
Hammer,
FileClock,
Activity,
Wand2,
LogOut,
ShieldAlert,
Package,
} from 'lucide-react';
import { apiFetch } from '@/lib/api';
import { cn } from '@/lib/cn';
import { Logo } from '@/components/logo';
interface MeUser {
userId: string;
email: string;
isAdmin: boolean;
}
const NAV: { href: string; label: string; icon: React.ComponentType<{ size?: number }> }[] = [
{ href: '/admin', label: 'Overview', icon: LayoutGrid },
{ href: '/admin/users', label: 'Users', icon: Users },
{ href: '/admin/orgs', label: 'Organizations', icon: Building2 },
{ href: '/admin/servers', label: 'MCP servers', icon: Server },
{ href: '/admin/templates', label: 'Templates', icon: Package },
{ href: '/admin/builds', label: 'Builds', icon: Hammer },
{ href: '/admin/audit', label: 'Audit log', icon: FileClock },
{ href: '/admin/system', label: 'System health', icon: Activity },
{ href: '/admin/prompt', label: 'AI prompt', icon: Wand2 },
];
export default function AdminLayout({ children }: { children: React.ReactNode }) {
const pathname = usePathname();
const router = useRouter();
const [user, setUser] = useState<MeUser | null>(null);
const [authState, setAuthState] = useState<'checking' | 'ok' | 'forbidden'>('checking');
useEffect(() => {
if (pathname === '/admin/login') {
setAuthState('ok');
return;
}
apiFetch<{ user: MeUser }>('/v1/auth/me')
.then((r) => {
if (r.user.isAdmin) {
setUser(r.user);
setAuthState('ok');
} else {
setAuthState('forbidden');
}
})
.catch(() => setAuthState('forbidden'));
}, [pathname]);
useEffect(() => {
if (authState === 'forbidden' && pathname !== '/admin/login') {
router.replace('/admin/login');
}
}, [authState, pathname, router]);
async function logout() {
await apiFetch('/v1/auth/logout', { method: 'POST' }).catch(() => undefined);
router.replace('/admin/login');
}
if (pathname === '/admin/login') return <>{children}</>;
if (authState === 'checking') {
return (
<div className="flex min-h-screen items-center justify-center">
<p className="mono text-[12px] text-[--color-fg-subtle]">verifying admin</p>
</div>
);
}
if (authState === 'forbidden') {
return (
<div className="flex min-h-screen flex-col items-center justify-center gap-3">
<ShieldAlert size={24} className="text-[--color-danger]" />
<p className="text-[14px]">Admin access required.</p>
<Link
href="/admin/login"
className="mono text-[12px] text-[--color-accent] underline hover:text-white"
>
/admin/login
</Link>
</div>
);
}
return (
<div className="flex min-h-screen">
<aside className="sticky top-0 flex h-screen w-[230px] shrink-0 flex-col border-r border-[--color-border] bg-[--color-bg-elevated]">
<div className="flex h-12 items-center gap-2 border-b border-[--color-border] px-4">
<Logo />
<span className="mono text-[10.5px] uppercase tracking-wider text-[--color-fg-subtle]">
/ admin
</span>
</div>
<nav className="flex-1 overflow-y-auto p-2">
<ul className="space-y-0.5">
{NAV.map((item) => {
const Icon = item.icon;
const active =
pathname === item.href ||
(item.href !== '/admin' && pathname.startsWith(item.href));
return (
<li key={item.href}>
<Link
href={item.href}
className={cn(
'flex h-8 items-center gap-2 rounded-md px-2.5 text-[12.5px] transition-colors',
active
? 'bg-[--color-bg-subtle] text-[--color-fg]'
: 'text-[--color-fg-muted] hover:bg-[--color-bg-subtle] hover:text-[--color-fg]',
)}
>
<Icon size={13} />
{item.label}
</Link>
</li>
);
})}
</ul>
</nav>
<div className="border-t border-[--color-border] p-3 text-[12px]">
{user && (
<div className="mb-2 truncate text-[--color-fg-muted]" title={user.email}>
{user.email}
</div>
)}
<div className="flex gap-1">
<Link
href="/dashboard"
className="flex-1 rounded-md border border-[--color-border] px-2 py-1 text-center text-[11px] text-[--color-fg-muted] transition-colors hover:text-[--color-fg]"
>
user view
</Link>
<button
type="button"
onClick={logout}
className="rounded-md border border-[--color-border] px-2 py-1 text-[11px] text-[--color-fg-muted] transition-colors hover:text-[--color-danger]"
aria-label="logout"
>
<LogOut size={11} />
</button>
</div>
</div>
</aside>
<main className="flex-1 overflow-x-hidden">{children}</main>
</div>
);
}
Reference in New Issue View Git Blame Copy Permalink