Working version 6.2
This commit is contained in:
@@ -1,5 +1,106 @@
|
||||
import AdminTenantsClient from "@/components/admin/AdminTenantsClient";
|
||||
import { getSessionUser } from "@/lib/session";
|
||||
import { getTranslations } from "next-intl/server";
|
||||
import { redirect } from "next/navigation";
|
||||
import { listTenants } from "@/lib/k8s";
|
||||
import { StatusBadge } from "@/components/ui/status-badge";
|
||||
|
||||
export default function AdminPage() {
|
||||
return <AdminTenantsClient />;
|
||||
export default async function AdminPage() {
|
||||
const user = await getSessionUser();
|
||||
if (!user) redirect("/login");
|
||||
|
||||
const t = await getTranslations("admin");
|
||||
|
||||
if (!user.isPlatform) {
|
||||
return (
|
||||
<div className="flex items-center justify-center min-h-[40vh]">
|
||||
<p className="text-error text-sm">{t("noAccess")}</p>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
const tenants = await listTenants();
|
||||
|
||||
return (
|
||||
<div>
|
||||
<div className="mb-8 animate-in">
|
||||
<h1 className="font-display text-2xl font-semibold accent-rule mb-2">
|
||||
{t("title")}
|
||||
</h1>
|
||||
<p className="text-text-secondary text-sm mt-4">{t("subtitle")}</p>
|
||||
</div>
|
||||
|
||||
<div className="animate-in animate-in-delay-1">
|
||||
<div className="flex items-baseline gap-3 mb-4">
|
||||
<h2 className="text-xs font-semibold uppercase tracking-wider text-text-muted">
|
||||
{t("allTenants")}
|
||||
</h2>
|
||||
<span className="font-mono text-xs text-text-muted tabular-nums">
|
||||
{tenants.length}
|
||||
</span>
|
||||
</div>
|
||||
|
||||
{tenants.length === 0 ? (
|
||||
<div className="bg-surface-1 border border-border rounded-xl p-12 text-center">
|
||||
<p className="text-text-secondary text-sm">{t("noTenants")}</p>
|
||||
</div>
|
||||
) : (
|
||||
<div className="bg-surface-1 border border-border rounded-xl overflow-hidden">
|
||||
<div className="overflow-x-auto">
|
||||
<table className="w-full text-sm">
|
||||
<thead>
|
||||
<tr className="border-b border-border text-left">
|
||||
<th className="px-5 py-3 text-xs font-semibold uppercase tracking-wider text-text-muted">
|
||||
{t("name")}
|
||||
</th>
|
||||
<th className="px-5 py-3 text-xs font-semibold uppercase tracking-wider text-text-muted">
|
||||
{t("displayName")}
|
||||
</th>
|
||||
<th className="px-5 py-3 text-xs font-semibold uppercase tracking-wider text-text-muted">
|
||||
{t("phase")}
|
||||
</th>
|
||||
<th className="px-5 py-3 text-xs font-semibold uppercase tracking-wider text-text-muted">
|
||||
{t("packages")}
|
||||
</th>
|
||||
<th className="px-5 py-3 text-xs font-semibold uppercase tracking-wider text-text-muted">
|
||||
{t("created")}
|
||||
</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{tenants.map((tenant) => (
|
||||
<tr
|
||||
key={tenant.metadata.name}
|
||||
className="border-b border-border last:border-0 hover:bg-surface-2/50 transition-colors"
|
||||
>
|
||||
<td className="px-5 py-3 font-mono text-xs text-accent">
|
||||
{tenant.metadata.name}
|
||||
</td>
|
||||
<td className="px-5 py-3 text-text-primary">
|
||||
{tenant.spec.displayName}
|
||||
</td>
|
||||
<td className="px-5 py-3">
|
||||
<StatusBadge
|
||||
phase={tenant.status?.phase ?? "Pending"}
|
||||
/>
|
||||
</td>
|
||||
<td className="px-5 py-3 text-xs text-text-secondary font-mono">
|
||||
{tenant.spec.packages?.join(", ") || "—"}
|
||||
</td>
|
||||
<td className="px-5 py-3 text-xs text-text-muted tabular-nums">
|
||||
{tenant.metadata.creationTimestamp
|
||||
? new Date(
|
||||
tenant.metadata.creationTimestamp
|
||||
).toLocaleDateString()
|
||||
: "—"}
|
||||
</td>
|
||||
</tr>
|
||||
))}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
)}
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
@@ -1,5 +1,240 @@
|
||||
import DashboardClient from "@/components/dashboard/DashboardClient";
|
||||
import { getSessionUser } from "@/lib/session";
|
||||
import { getTranslations } from "next-intl/server";
|
||||
import { redirect } from "next/navigation";
|
||||
import { listTenants } from "@/lib/k8s";
|
||||
import { Card, CardHeader } from "@/components/ui/card";
|
||||
import { StatusBadge } from "@/components/ui/status-badge";
|
||||
import { UsageDisplay } from "@/components/dashboard/usage-display";
|
||||
import Link from "next/link";
|
||||
|
||||
export default function DashboardPage() {
|
||||
return <DashboardClient />;
|
||||
export default async function DashboardPage() {
|
||||
const user = await getSessionUser();
|
||||
if (!user) redirect("/login");
|
||||
|
||||
const t = await getTranslations("dashboard");
|
||||
const tAdmin = await getTranslations("admin");
|
||||
|
||||
const allTenants = await listTenants();
|
||||
|
||||
// Platform users see overview of all tenants
|
||||
if (user.isPlatform) {
|
||||
const phaseCount = allTenants.reduce<Record<string, number>>((acc, t) => {
|
||||
const phase = t.status?.phase ?? "Pending";
|
||||
acc[phase] = (acc[phase] || 0) + 1;
|
||||
return acc;
|
||||
}, {});
|
||||
|
||||
return (
|
||||
<div>
|
||||
<div className="mb-8 animate-in">
|
||||
<h1 className="font-display text-2xl font-semibold accent-rule mb-2">
|
||||
{t("title")}
|
||||
</h1>
|
||||
<p className="text-text-secondary text-sm mt-4">
|
||||
{t("welcome", { name: user.name || user.email })}
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<Link
|
||||
href="/admin"
|
||||
className="inline-flex items-center gap-1.5 mb-6 text-xs font-medium text-accent hover:text-accent-dim transition-colors animate-in animate-in-delay-1"
|
||||
>
|
||||
<span>→</span> {tAdmin("title")}
|
||||
</Link>
|
||||
|
||||
{/* Summary cards */}
|
||||
<div className="grid gap-5 sm:grid-cols-2 lg:grid-cols-4 mb-8 animate-in animate-in-delay-1">
|
||||
<Card>
|
||||
<CardHeader>{tAdmin("allTenants")}</CardHeader>
|
||||
<span className="font-display text-3xl font-semibold text-text-primary tabular-nums">
|
||||
{allTenants.length}
|
||||
</span>
|
||||
</Card>
|
||||
{Object.entries(phaseCount).map(([phase, count]) => (
|
||||
<Card key={phase}>
|
||||
<CardHeader>{phase}</CardHeader>
|
||||
<div className="flex items-center gap-2">
|
||||
<span className="font-display text-3xl font-semibold text-text-primary tabular-nums">
|
||||
{count}
|
||||
</span>
|
||||
<StatusBadge phase={phase} />
|
||||
</div>
|
||||
</Card>
|
||||
))}
|
||||
</div>
|
||||
|
||||
{/* Tenant table */}
|
||||
{allTenants.length > 0 && (
|
||||
<div className="bg-surface-1 border border-border rounded-xl overflow-hidden animate-in animate-in-delay-2">
|
||||
<div className="overflow-x-auto">
|
||||
<table className="w-full text-sm">
|
||||
<thead>
|
||||
<tr className="border-b border-border text-left">
|
||||
<th className="px-5 py-3 text-xs font-semibold uppercase tracking-wider text-text-muted">
|
||||
{tAdmin("name")}
|
||||
</th>
|
||||
<th className="px-5 py-3 text-xs font-semibold uppercase tracking-wider text-text-muted">
|
||||
{tAdmin("phase")}
|
||||
</th>
|
||||
<th className="px-5 py-3 text-xs font-semibold uppercase tracking-wider text-text-muted">
|
||||
{tAdmin("packages")}
|
||||
</th>
|
||||
<th className="px-5 py-3 text-xs font-semibold uppercase tracking-wider text-text-muted">
|
||||
{tAdmin("created")}
|
||||
</th>
|
||||
<th className="px-5 py-3" />
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{allTenants.map((tenant) => (
|
||||
<tr
|
||||
key={tenant.metadata.name}
|
||||
className="border-b border-border last:border-0 hover:bg-surface-2/50 transition-colors"
|
||||
>
|
||||
<td className="px-5 py-3">
|
||||
<div className="font-mono text-xs text-accent">
|
||||
{tenant.metadata.name}
|
||||
</div>
|
||||
{tenant.spec.displayName && (
|
||||
<div className="text-xs text-text-secondary">
|
||||
{tenant.spec.displayName}
|
||||
</div>
|
||||
)}
|
||||
</td>
|
||||
<td className="px-5 py-3">
|
||||
<StatusBadge phase={tenant.status?.phase ?? "Pending"} />
|
||||
</td>
|
||||
<td className="px-5 py-3 text-xs text-text-secondary font-mono">
|
||||
{tenant.spec.packages?.join(", ") || "—"}
|
||||
</td>
|
||||
<td className="px-5 py-3 text-xs text-text-muted tabular-nums">
|
||||
{tenant.metadata.creationTimestamp
|
||||
? new Date(tenant.metadata.creationTimestamp).toLocaleDateString()
|
||||
: "—"}
|
||||
</td>
|
||||
<td className="px-5 py-3 text-right">
|
||||
<Link
|
||||
href={`/tenants/${tenant.metadata.name}`}
|
||||
className="text-xs font-medium text-accent hover:text-accent-dim transition-colors"
|
||||
>
|
||||
{t("manage")} →
|
||||
</Link>
|
||||
</td>
|
||||
</tr>
|
||||
))}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
)}
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
// Regular user: find their tenant
|
||||
const myTenant = allTenants.find(
|
||||
(t) => t.metadata.labels?.["pieced.ch/zitadel-org-id"] === user.orgId
|
||||
);
|
||||
|
||||
if (!myTenant) {
|
||||
return (
|
||||
<div>
|
||||
<details className="mt-12 text-xs text-text-muted">
|
||||
<summary className="cursor-pointer hover:text-text-secondary transition-colors">
|
||||
Session Debug
|
||||
</summary>
|
||||
<pre className="mt-3 bg-surface-2 border border-border rounded-lg p-4 overflow-auto font-mono text-[11px] text-text-secondary">
|
||||
{JSON.stringify(user, null, 2)}
|
||||
</pre>
|
||||
</details>
|
||||
<div className="mb-8 animate-in">
|
||||
<h1 className="font-display text-2xl font-semibold accent-rule mb-2">
|
||||
{t("title")}
|
||||
</h1>
|
||||
<p className="text-text-secondary text-sm mt-4">
|
||||
{t("welcome", { name: user.name || user.email })}
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div className="flex flex-col items-center justify-center py-16 text-center animate-in animate-in-delay-1">
|
||||
<div className="h-14 w-14 rounded-xl bg-accent/15 flex items-center justify-center mb-4">
|
||||
<div className="h-8 w-8 rounded-lg bg-accent/40" />
|
||||
</div>
|
||||
<h2 className="font-display text-lg font-semibold text-text-primary mb-1">
|
||||
{t("noInstance")}
|
||||
</h2>
|
||||
<p className="text-sm text-text-secondary mb-6 max-w-sm">
|
||||
{t("noInstanceDescription")}
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
const tenantName = myTenant.metadata.name;
|
||||
const teamId = myTenant.status?.litellmTeamId || tenantName;
|
||||
|
||||
return (
|
||||
<div>
|
||||
<div className="mb-8 animate-in">
|
||||
<h1 className="font-display text-2xl font-semibold accent-rule mb-2">
|
||||
{t("title")}
|
||||
</h1>
|
||||
<p className="text-text-secondary text-sm mt-4">
|
||||
{t("welcome", { name: user.name || user.email })}
|
||||
</p>
|
||||
</div>
|
||||
|
||||
{/* Instance status card */}
|
||||
<div className="mb-6 animate-in animate-in-delay-1">
|
||||
<Card>
|
||||
<CardHeader>{t("instanceStatus")}</CardHeader>
|
||||
<div className="flex items-center gap-4">
|
||||
<StatusBadge phase={myTenant.status?.phase ?? "Pending"} />
|
||||
{myTenant.spec.agentName && (
|
||||
<span className="text-sm text-text-secondary">
|
||||
{myTenant.spec.agentName}
|
||||
</span>
|
||||
)}
|
||||
</div>
|
||||
{myTenant.spec.packages && myTenant.spec.packages.length > 0 && (
|
||||
<div className="flex flex-wrap gap-2 mt-3">
|
||||
{myTenant.spec.packages.map((pkg) => (
|
||||
<span
|
||||
key={pkg}
|
||||
className="text-xs font-mono bg-accent/10 text-accent border border-accent/20 rounded-full px-2.5 py-0.5"
|
||||
>
|
||||
{pkg}
|
||||
</span>
|
||||
))}
|
||||
</div>
|
||||
)}
|
||||
</Card>
|
||||
</div>
|
||||
|
||||
{/* Usage */}
|
||||
<div className="mb-6 animate-in animate-in-delay-2">
|
||||
<h2 className="text-xs font-semibold uppercase tracking-wider text-text-muted mb-3">
|
||||
{t("usage")}
|
||||
</h2>
|
||||
<UsageDisplay teamId={myTenant.status?.litellmTeamId || teamId} />
|
||||
</div>
|
||||
|
||||
{/* Link to tenant detail */}
|
||||
<Link
|
||||
href={`/tenants/${tenantName}`}
|
||||
className="inline-flex items-center gap-1.5 text-xs font-medium text-accent hover:text-accent-dim transition-colors animate-in animate-in-delay-3"
|
||||
>
|
||||
<span>→</span> {t("manage")}
|
||||
</Link>
|
||||
<details className="mt-12 text-xs text-text-muted">
|
||||
<summary className="cursor-pointer hover:text-text-secondary transition-colors">
|
||||
Session Debug
|
||||
</summary>
|
||||
<pre className="mt-3 bg-surface-2 border border-border rounded-lg p-4 overflow-auto font-mono text-[11px] text-text-secondary">
|
||||
{JSON.stringify(user, null, 2)}
|
||||
</pre>
|
||||
</details>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
@@ -1,5 +1,82 @@
|
||||
import TenantDetailClient from "@/components/tenants/TenantDetailClient";
|
||||
import { getSessionUser } from "@/lib/session";
|
||||
import { getTranslations } from "next-intl/server";
|
||||
import { redirect, notFound } from "next/navigation";
|
||||
import { getTenant } from "@/lib/k8s";
|
||||
import { StatusBadge } from "@/components/ui/status-badge";
|
||||
import { UsageDisplay } from "@/components/dashboard/usage-display";
|
||||
import { PackageList } from "@/components/packages/package-list";
|
||||
import { WorkspaceEditor } from "@/components/packages/workspace-editor";
|
||||
|
||||
export default function TenantDetailPage() {
|
||||
return <TenantDetailClient />;
|
||||
export default async function TenantDetailPage({
|
||||
params,
|
||||
}: {
|
||||
params: Promise<{ name: string; locale: string }>;
|
||||
}) {
|
||||
const user = await getSessionUser();
|
||||
if (!user) redirect("/login");
|
||||
|
||||
const { name } = await params;
|
||||
const t = await getTranslations("tenantDetail");
|
||||
|
||||
const tenant = await getTenant(name);
|
||||
if (!tenant) notFound();
|
||||
console.log("tenant spec:", JSON.stringify(tenant.spec));
|
||||
|
||||
// Scope check
|
||||
if (
|
||||
!user.isPlatform &&
|
||||
tenant.metadata.labels?.["pieced.ch/zitadel-org-id"] !== user.orgId
|
||||
) {
|
||||
notFound();
|
||||
}
|
||||
|
||||
const enabledPackages = tenant.spec.packages || [];
|
||||
const workspaceFiles = tenant.spec.workspaceFiles || {};
|
||||
|
||||
return (
|
||||
<div>
|
||||
{/* Header */}
|
||||
<div className="mb-8 animate-in">
|
||||
<div className="flex items-center gap-4">
|
||||
<h1 className="font-display text-2xl font-semibold accent-rule">
|
||||
{tenant.spec.displayName || name}
|
||||
</h1>
|
||||
<StatusBadge phase={tenant.status?.phase ?? "Pending"} />
|
||||
</div>
|
||||
{tenant.spec.agentName && (
|
||||
<p className="text-sm text-text-secondary mt-3">
|
||||
{t("agent")}: {tenant.spec.agentName}
|
||||
</p>
|
||||
)}
|
||||
</div>
|
||||
|
||||
{/* Usage */}
|
||||
<section className="mb-8 animate-in animate-in-delay-1">
|
||||
<h2 className="text-xs font-semibold uppercase tracking-wider text-text-muted mb-3">
|
||||
{t("usage")}
|
||||
</h2>
|
||||
<UsageDisplay teamId={tenant.status?.litellmTeamId || name} />
|
||||
</section>
|
||||
|
||||
{/* Packages */}
|
||||
<section className="mb-8 animate-in animate-in-delay-2">
|
||||
<h2 className="text-xs font-semibold uppercase tracking-wider text-text-muted mb-3">
|
||||
{t("packages")}
|
||||
</h2>
|
||||
<PackageList
|
||||
tenantName={name}
|
||||
enabledPackages={enabledPackages}
|
||||
conditions={tenant.status?.conditions}
|
||||
/>
|
||||
</section>
|
||||
|
||||
{/* Workspace files */}
|
||||
<section className="animate-in animate-in-delay-3">
|
||||
<h2 className="text-xs font-semibold uppercase tracking-wider text-text-muted mb-3">
|
||||
{t("workspaceFiles")}
|
||||
</h2>
|
||||
<WorkspaceEditor tenantName={name} files={workspaceFiles} />
|
||||
</section>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
@@ -1,12 +1,10 @@
|
||||
import { NextResponse } from "next/server";
|
||||
import { auth } from "@/lib/auth";
|
||||
import { getSessionUser } from "@/lib/session";
|
||||
import { PACKAGE_CATALOG } from "@/lib/packages";
|
||||
|
||||
export async function GET() {
|
||||
const session = await auth();
|
||||
if (!session?.user) {
|
||||
const user = await getSessionUser();
|
||||
if (!user)
|
||||
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
||||
}
|
||||
|
||||
return NextResponse.json(PACKAGE_CATALOG);
|
||||
}
|
||||
|
||||
@@ -1,35 +1,25 @@
|
||||
import { NextRequest, NextResponse } from "next/server";
|
||||
import { auth } from "@/lib/auth";
|
||||
import { getSessionUser } from "@/lib/session";
|
||||
import { getTenant, patchTenantSpec } from "@/lib/k8s";
|
||||
|
||||
function isPlatformRole(roles: string[]): boolean {
|
||||
return roles.some((r) =>
|
||||
["platform_admin", "platform_operator"].includes(r)
|
||||
);
|
||||
}
|
||||
|
||||
export async function GET(
|
||||
_req: NextRequest,
|
||||
{ params }: { params: Promise<{ name: string }> }
|
||||
) {
|
||||
const session = await auth();
|
||||
if (!session?.user) {
|
||||
const user = await getSessionUser();
|
||||
if (!user)
|
||||
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
||||
}
|
||||
|
||||
const { name } = await params;
|
||||
const { orgId, roles } = session.user as any;
|
||||
|
||||
try {
|
||||
const tenant = await getTenant(name);
|
||||
if (!tenant) {
|
||||
if (!tenant)
|
||||
return NextResponse.json({ error: "Not found" }, { status: 404 });
|
||||
}
|
||||
|
||||
// Scope check: non-platform users can only see their own org's tenants
|
||||
if (
|
||||
!isPlatformRole(roles || []) &&
|
||||
tenant.metadata?.labels?.["zitadel-org-id"] !== orgId
|
||||
!user.isPlatform &&
|
||||
tenant.metadata.labels?.["pieced.ch/zitadel-org-id"] !== user.orgId
|
||||
) {
|
||||
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
||||
}
|
||||
@@ -37,7 +27,7 @@ export async function GET(
|
||||
return NextResponse.json(tenant);
|
||||
} catch (e: any) {
|
||||
return NextResponse.json(
|
||||
{ error: "K8s API error", detail: e.message },
|
||||
{ error: e.message },
|
||||
{ status: e.statusCode || 500 }
|
||||
);
|
||||
}
|
||||
@@ -47,35 +37,29 @@ export async function PATCH(
|
||||
req: NextRequest,
|
||||
{ params }: { params: Promise<{ name: string }> }
|
||||
) {
|
||||
const session = await auth();
|
||||
if (!session?.user) {
|
||||
const user = await getSessionUser();
|
||||
if (!user)
|
||||
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
||||
}
|
||||
|
||||
const { name } = await params;
|
||||
const { orgId, roles } = session.user as any;
|
||||
const body = await req.json();
|
||||
const userRoles = roles || [];
|
||||
|
||||
// Only owner or platform roles can patch
|
||||
if (!isPlatformRole(userRoles) && !userRoles.includes("owner")) {
|
||||
if (!user.isPlatform && !user.roles.includes("owner")) {
|
||||
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
||||
}
|
||||
|
||||
const { name } = await params;
|
||||
const body = await req.json();
|
||||
|
||||
try {
|
||||
// Ownership check
|
||||
const existing = await getTenant(name);
|
||||
if (!existing) {
|
||||
if (!existing)
|
||||
return NextResponse.json({ error: "Not found" }, { status: 404 });
|
||||
}
|
||||
|
||||
if (
|
||||
!isPlatformRole(userRoles) &&
|
||||
existing.metadata?.labels?.["zitadel-org-id"] !== orgId
|
||||
!user.isPlatform &&
|
||||
existing.metadata.labels?.["pieced.ch/zitadel-org-id"] !== user.orgId
|
||||
) {
|
||||
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
||||
}
|
||||
|
||||
// Build partial spec — only allow specific fields
|
||||
const specPatch: Record<string, any> = {};
|
||||
if (body.packages !== undefined) specPatch.packages = body.packages;
|
||||
if (body.workspaceFiles !== undefined)
|
||||
@@ -88,7 +72,7 @@ export async function PATCH(
|
||||
return NextResponse.json(updated);
|
||||
} catch (e: any) {
|
||||
return NextResponse.json(
|
||||
{ error: "Patch failed", detail: e.message },
|
||||
{ error: e.message },
|
||||
{ status: e.statusCode || 500 }
|
||||
);
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import { NextRequest, NextResponse } from "next/server";
|
||||
import { auth } from "@/lib/auth";
|
||||
import { getSessionUser } from "@/lib/session";
|
||||
import { getTenant } from "@/lib/k8s";
|
||||
import { writePackageSecrets } from "@/lib/openbao";
|
||||
import { getPackageDef } from "@/lib/packages";
|
||||
@@ -8,23 +8,15 @@ export async function POST(
|
||||
req: NextRequest,
|
||||
{ params }: { params: Promise<{ name: string }> }
|
||||
) {
|
||||
const session = await auth();
|
||||
if (!session?.user) {
|
||||
const user = await getSessionUser();
|
||||
if (!user)
|
||||
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
||||
}
|
||||
|
||||
const { name } = await params;
|
||||
const { orgId, roles } = session.user as any;
|
||||
const userRoles = roles || [];
|
||||
|
||||
const isPlatform = userRoles.some((r: string) =>
|
||||
["platform_admin", "platform_operator"].includes(r)
|
||||
);
|
||||
|
||||
if (!isPlatform && !userRoles.includes("owner")) {
|
||||
if (!user.isPlatform && !user.roles.includes("owner")) {
|
||||
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
||||
}
|
||||
|
||||
const { name } = await params;
|
||||
const body = await req.json();
|
||||
const { packageId, secrets } = body as {
|
||||
packageId: string;
|
||||
@@ -38,63 +30,43 @@ export async function POST(
|
||||
);
|
||||
}
|
||||
|
||||
// Validate package exists and requires secrets
|
||||
const pkgDef = getPackageDef(packageId);
|
||||
if (!pkgDef) {
|
||||
return NextResponse.json(
|
||||
{ error: "Unknown package" },
|
||||
{ status: 400 }
|
||||
);
|
||||
}
|
||||
if (!pkgDef.requiresSecrets) {
|
||||
if (!pkgDef)
|
||||
return NextResponse.json({ error: "Unknown package" }, { status: 400 });
|
||||
if (!pkgDef.requiresSecrets)
|
||||
return NextResponse.json(
|
||||
{ error: "Package does not require secrets" },
|
||||
{ status: 400 }
|
||||
);
|
||||
}
|
||||
|
||||
// Verify all required secret keys are present
|
||||
const requiredKeys = (pkgDef.secrets || []).map((s) => s.key);
|
||||
const missingKeys = requiredKeys.filter((k) => !secrets[k]?.trim());
|
||||
if (missingKeys.length > 0) {
|
||||
const missing = requiredKeys.filter((k) => !secrets[k]?.trim());
|
||||
if (missing.length > 0) {
|
||||
return NextResponse.json(
|
||||
{ error: `Missing required secrets: ${missingKeys.join(", ")}` },
|
||||
{ error: `Missing: ${missing.join(", ")}` },
|
||||
{ status: 400 }
|
||||
);
|
||||
}
|
||||
|
||||
// Verify tenant ownership
|
||||
try {
|
||||
const tenant = await getTenant(name);
|
||||
if (!tenant) {
|
||||
return NextResponse.json(
|
||||
{ error: "Tenant not found" },
|
||||
{ status: 404 }
|
||||
);
|
||||
}
|
||||
if (!tenant)
|
||||
return NextResponse.json({ error: "Not found" }, { status: 404 });
|
||||
|
||||
if (
|
||||
!isPlatform &&
|
||||
tenant.metadata?.labels?.["zitadel-org-id"] !== orgId
|
||||
!user.isPlatform &&
|
||||
tenant.metadata.labels?.["pieced.ch/zitadel-org-id"] !== user.orgId
|
||||
) {
|
||||
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
||||
}
|
||||
} catch (e: any) {
|
||||
return NextResponse.json(
|
||||
{ error: "Tenant lookup failed" },
|
||||
{ status: e.statusCode || 500 }
|
||||
);
|
||||
}
|
||||
|
||||
// Write to OpenBao
|
||||
try {
|
||||
await writePackageSecrets(name, packageId, secrets);
|
||||
} catch (err: any) {
|
||||
console.error("OpenBao write error:", err.message);
|
||||
return NextResponse.json({ ok: true });
|
||||
} catch (e: any) {
|
||||
console.error("Secret write error:", e.message);
|
||||
return NextResponse.json(
|
||||
{ error: "Failed to store secrets" },
|
||||
{ status: 500 }
|
||||
);
|
||||
}
|
||||
|
||||
return NextResponse.json({ ok: true });
|
||||
}
|
||||
|
||||
@@ -1,107 +1,84 @@
|
||||
import { NextRequest, NextResponse } from "next/server";
|
||||
import { auth } from "@/lib/auth";
|
||||
import { getTeamInfo, getTeamSpendLogs } from "@/lib/litellm";
|
||||
|
||||
// Pricing constants (CHF)
|
||||
const INPUT_RATE = 3; // CHF per MTok
|
||||
const OUTPUT_RATE = 15; // CHF per MTok
|
||||
import { getSessionUser } from "@/lib/session";
|
||||
import { getTeamInfo, getTeamSpendLogsV2 } from "@/lib/litellm";
|
||||
|
||||
export async function GET(req: NextRequest) {
|
||||
const session = await auth();
|
||||
if (!session?.user) {
|
||||
const user = await getSessionUser();
|
||||
if (!user)
|
||||
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
||||
}
|
||||
|
||||
const { orgId } = session.user as any;
|
||||
if (!orgId) {
|
||||
return NextResponse.json(
|
||||
{ error: "No org context" },
|
||||
{ status: 400 }
|
||||
);
|
||||
}
|
||||
const teamId = req.nextUrl.searchParams.get("teamId");
|
||||
if (!teamId)
|
||||
return NextResponse.json({ error: "teamId required" }, { status: 400 });
|
||||
|
||||
// The LiteLLM team_id maps to the tenant name, which is derived from orgId
|
||||
// Convention: team_id = "pieced-{orgId}" or looked up from the tenant CR
|
||||
const searchParams = req.nextUrl.searchParams;
|
||||
const teamId = searchParams.get("teamId");
|
||||
// Month param: YYYY-MM, defaults to current month
|
||||
const now = new Date();
|
||||
const monthParam = req.nextUrl.searchParams.get("month")
|
||||
|| `${now.getFullYear()}-${String(now.getMonth() + 1).padStart(2, "0")}`;
|
||||
|
||||
if (!teamId) {
|
||||
return NextResponse.json(
|
||||
{ error: "teamId query param required" },
|
||||
{ status: 400 }
|
||||
);
|
||||
}
|
||||
const [year, month] = monthParam.split("-").map(Number);
|
||||
const startDate = new Date(year, month - 1, 1);
|
||||
const endDate = new Date(year, month, 0); // last day of month
|
||||
|
||||
const startStr = startDate.toISOString().split("T")[0];
|
||||
const endStr = endDate.toISOString().split("T")[0];
|
||||
|
||||
try {
|
||||
// Current period info
|
||||
const teamInfo = await getTeamInfo(teamId);
|
||||
|
||||
// Historical spend logs (last 30 days)
|
||||
const endDate = new Date();
|
||||
const startDate = new Date();
|
||||
startDate.setDate(startDate.getDate() - 30);
|
||||
// Fetch all pages
|
||||
const allRequests: any[] = [];
|
||||
let page = 1;
|
||||
while (true) {
|
||||
const result = await getTeamSpendLogsV2(teamId, startStr, endStr, page, 100);
|
||||
allRequests.push(...(result.data || []));
|
||||
if (page >= (result.total_pages || 1)) break;
|
||||
page++;
|
||||
}
|
||||
|
||||
const spendLogs = await getTeamSpendLogs(
|
||||
teamId,
|
||||
startDate.toISOString().split("T")[0],
|
||||
endDate.toISOString().split("T")[0]
|
||||
);
|
||||
// Aggregate by day
|
||||
const byDay: Record<string, { inputTokens: number; outputTokens: number; spend: number }> = {};
|
||||
for (const r of allRequests) {
|
||||
const day = (r.startTime || r.endTime || "").slice(0, 10);
|
||||
if (!day) continue;
|
||||
if (!byDay[day]) byDay[day] = { inputTokens: 0, outputTokens: 0, spend: 0 };
|
||||
byDay[day].inputTokens += r.prompt_tokens || 0;
|
||||
byDay[day].outputTokens += r.completion_tokens || 0;
|
||||
byDay[day].spend += r.spend || 0;
|
||||
}
|
||||
|
||||
// Calculate CHF costs from token counts
|
||||
const dailyUsage = (spendLogs || []).map((day: any) => ({
|
||||
date: day.date || day.day,
|
||||
inputTokens: day.prompt_tokens || 0,
|
||||
outputTokens: day.completion_tokens || 0,
|
||||
inputCostCHF:
|
||||
((day.prompt_tokens || 0) / 1_000_000) * INPUT_RATE,
|
||||
outputCostCHF:
|
||||
((day.completion_tokens || 0) / 1_000_000) * OUTPUT_RATE,
|
||||
totalCostCHF:
|
||||
((day.prompt_tokens || 0) / 1_000_000) * INPUT_RATE +
|
||||
((day.completion_tokens || 0) / 1_000_000) * OUTPUT_RATE,
|
||||
}));
|
||||
const dailyUsage = Object.entries(byDay)
|
||||
.sort(([a], [b]) => a.localeCompare(b))
|
||||
.map(([date, d]) => ({ date, ...d }));
|
||||
|
||||
// Totals for current period
|
||||
const totalInputTokens = dailyUsage.reduce(
|
||||
(s: number, d: any) => s + d.inputTokens,
|
||||
0
|
||||
);
|
||||
const totalOutputTokens = dailyUsage.reduce(
|
||||
(s: number, d: any) => s + d.outputTokens,
|
||||
0
|
||||
);
|
||||
const totalCostCHF = dailyUsage.reduce(
|
||||
(s: number, d: any) => s + d.totalCostCHF,
|
||||
0
|
||||
);
|
||||
const totalInput = allRequests.reduce((s, r) => s + (r.prompt_tokens || 0), 0);
|
||||
const totalOutput = allRequests.reduce((s, r) => s + (r.completion_tokens || 0), 0);
|
||||
const totalSpend = allRequests.reduce((s, r) => s + (r.spend || 0), 0);
|
||||
|
||||
return NextResponse.json({
|
||||
teamId,
|
||||
month: monthParam,
|
||||
currentPeriod: {
|
||||
inputTokens: totalInputTokens,
|
||||
outputTokens: totalOutputTokens,
|
||||
inputCostCHF: (totalInputTokens / 1_000_000) * INPUT_RATE,
|
||||
outputCostCHF: (totalOutputTokens / 1_000_000) * OUTPUT_RATE,
|
||||
totalCostCHF,
|
||||
inputTokens: totalInput,
|
||||
outputTokens: totalOutput,
|
||||
totalSpend,
|
||||
requestCount: allRequests.length,
|
||||
},
|
||||
budget: {
|
||||
maxBudget: teamInfo?.max_budget ?? null,
|
||||
spend: teamInfo?.spend ?? 0,
|
||||
remaining: teamInfo?.max_budget
|
||||
? teamInfo.max_budget - (teamInfo.spend ?? 0)
|
||||
maxBudget: teamInfo?.team_info?.max_budget ?? null,
|
||||
spend: teamInfo?.team_info?.spend ?? 0,
|
||||
remaining: teamInfo?.team_info?.max_budget
|
||||
? teamInfo.team_info.max_budget - (teamInfo.team_info.spend ?? 0)
|
||||
: null,
|
||||
},
|
||||
rateLimits: {
|
||||
rpm: teamInfo?.rpm_limit ?? null,
|
||||
tpm: teamInfo?.tpm_limit ?? null,
|
||||
rpm: teamInfo?.team_info?.rpm_limit ?? null,
|
||||
tpm: teamInfo?.team_info?.tpm_limit ?? null,
|
||||
},
|
||||
dailyUsage,
|
||||
});
|
||||
} catch (err: any) {
|
||||
console.error("Usage fetch error:", err.message);
|
||||
return NextResponse.json(
|
||||
{ error: "Failed to fetch usage data" },
|
||||
{ status: 500 }
|
||||
);
|
||||
} catch (e: any) {
|
||||
console.error("Usage fetch error:", e.message);
|
||||
return NextResponse.json({ error: "Failed to fetch usage" }, { status: 500 });
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user