marco/buildmymcpserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8334de13a8
buildmymcpserver/.env.example
Marco Sadjadi c62fcd07ef feat(admin): password-auth admin panel with 8 pages + 15 API endpoints 
Schema migrations:
- users.is_admin boolean
- users.password_hash text (scrypt N=16384, 16-byte salt)
- users.last_login_at timestamp
- organizations.suspended + suspended_reason
- admin_settings table (DB-stored prompt override + future settings)

Auth (@bmm/auth):
- hashPassword + verifyPassword via node:crypto scrypt (no extra dep)
- loginWithPassword: scrypt-verifies, issues 30-day session, updates last_login_at
- seedAdmin: idempotent upsert keyed on email; creates org + membership on first run
- AuthedUser now carries isAdmin flag

API:
- POST /v1/auth/admin/login (email + password) — 300ms throttle on failure
- requireAdmin preHandler — 401 if no session, 403 if non-admin
- Bootstrap: api on boot calls seedAdmin(ADMIN_EMAIL, ADMIN_PASSWORD, ADMIN_NAME)
  if env present. Idempotent.

Admin API routes (all gated by requireAdmin):
- GET /v1/admin/overview (totals, trends 7d, server-status breakdown, builds 24h, recent activity)
- GET /v1/admin/users (search, per-row org + plan + serverCount)
- PATCH /v1/admin/users/:id (isAdmin, name)
- DELETE /v1/admin/users/:id (self-delete blocked)
- GET /v1/admin/orgs (member + server counts)
- PATCH /v1/admin/orgs/:id (plan, quota, suspended; cascades to mcp_servers.status=paused on suspend)
- GET /v1/admin/servers (cross-org with status filter)
- POST /v1/admin/servers/:id/rebuild (re-queues build using last prompt)
- DELETE /v1/admin/servers/:id
- GET /v1/admin/builds (status filter, error messages, prompt previews)
- GET /v1/admin/builds/:id/logs
- GET /v1/admin/audit (system-wide with user email join)
- GET /v1/admin/system (DB ping, Redis ping, BullMQ queue depth, docker ps count)
- GET /v1/admin/prompt (builtin + override + updatedAt)
- PATCH /v1/admin/prompt (value: string | null) — saves DB override or drops it

UI (apps/web/app/admin/*):
- /admin/login — password form, separate from /login magic-link
- AdminLayout — Linear-style sidebar (8 nav items), bottom panel with user email +
  'user view' shortcut + logout, client-side requireAdmin guard with redirect
- /admin — overview dashboard with 4 metric cards, 2 panels (status + 24h builds),
  recent activity table linking to full audit
- /admin/users — search + admin toggle + delete (self-delete blocked)
- /admin/orgs — plan/quota/suspend actions via prompts
- /admin/servers — cross-org table with rebuild + delete actions, status filter
- /admin/builds — every build cross-fleet with error vs prompt preview
- /admin/audit — system-wide log + CSV export + filter dropdowns
- /admin/system — auto-refreshing 5s health probes for Postgres, Redis, queue, Docker
- /admin/prompt — live editor for the LLM system prompt with built-in baseline,
  override-state badge, drop-override action, diff preview, save-as-override

End-to-end verified: login as marco.frangiskatos@gmail.com + Melusa112233.*, every
admin page returns 200, admin login + overview tested via screenshot, docker probe
returns true count of running MCP containers.
2026-05-19 23:01:26 +02:00

53 lines
1.5 KiB
Plaintext
Raw Blame History

# ---- Core ----
NODE_ENV=development
# ---- Database ----
DATABASE_URL=postgresql://bmm:bmm@localhost:5440/bmm
REDIS_URL=redis://localhost:6390
# ---- Auth (Better-Auth) ----
BETTER_AUTH_SECRET=replace-me-with-32-bytes-of-random-hex-1234567890abcdef
BETTER_AUTH_URL=http://localhost:3001
NEXT_PUBLIC_APP_URL=http://localhost:3001
NEXT_PUBLIC_API_URL=http://localhost:4000
# ---- GitHub OAuth (optional in dev) ----
GITHUB_OAUTH_ID=
GITHUB_OAUTH_SECRET=
# ---- Anthropic ----
ANTHROPIC_API_KEY=
# ---- Crypto ----
# 32-byte hex for AES-256-GCM; generate with: openssl rand -hex 32
SECRETS_ENCRYPTION_KEY=0000000000000000000000000000000000000000000000000000000000000000
# ---- Admin bootstrap ----
# On API boot, an admin user is upserted with these credentials (idempotent).
ADMIN_EMAIL=
ADMIN_PASSWORD=
ADMIN_NAME=Admin
# ---- OAuth signing (RS256 JWKS) ----
# Path to PEM keypair; auto-generated on api boot if missing
OAUTH_KEY_DIR=./keys
# ---- Runner / Generator ----
# Where MCP runtime containers bind (host machine reachable from API)
RUNNER_HOST=localhost
# Range of host ports used for generated MCP containers
RUNNER_PORT_RANGE_START=4100
RUNNER_PORT_RANGE_END=4999
# Public URL template — $SLUG and $PORT are interpolated
RUNNER_PUBLIC_URL_TEMPLATE=http://localhost:$PORT
# Control plane URL reachable from runner containers
CONTROL_PLANE_URL=http://host.docker.internal:4000
# ---- Stripe (Sprint 4) ----
STRIPE_SECRET_KEY=
STRIPE_WEBHOOK_SECRET=
# ---- Observability (optional) ----
SENTRY_DSN=
OTEL_EXPORTER_OTLP_ENDPOINT=
Reference in New Issue View Git Blame Copy Permalink