arifal/setrip
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

admin roadmap csv export, adminactionlog, global search

Browse Source
This commit is contained in:
arifal
2026-05-18 20:09:22 +07:00
parent 244a6da9bb
commit ea63f56e97
25 changed files with 1330 additions and 158 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/admin/audit-log/page.tsx
+243
View File
@@ -0,0 +1,243 @@
import Link from "next/link";
import { redirect } from "next/navigation";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { isAdminEmail, listAdminEmails } from "@/lib/admin";
import { prisma } from "@/lib/prisma";
import type { Prisma } from "@/app/generated/prisma/client";
import { AdminFilterBar } from "@/features/admin/components/admin-filter-bar";
const ENTITY_TYPES = [
"Refund",
"Payout",
"Trip",
"User",
"OrganizerVerification",
"Payment",
] as const;
interface PageProps {
searchParams: Promise<{
entityType?: string;
action?: string;
reviewer?: string;
dateFrom?: string;
dateTo?: string;
}>;
}
function parseDate(value: string | undefined): Date | undefined {
if (!value) return undefined;
const d = new Date(value);
return Number.isNaN(d.getTime()) ? undefined : d;
}
export default async function AdminAuditLogPage({ searchParams }: PageProps) {
const session = await getServerSession(authOptions);
if (!session?.user) redirect("/login?callbackUrl=/admin/audit-log");
if (!isAdminEmail(session.user.email)) {
return (
<div className="mx-auto max-w-2xl px-4 py-12 text-center">
<p className="text-sm text-neutral-600">
Halaman ini hanya untuk admin SeTrip.
</p>
</div>
);
}
const params = await searchParams;
const dateFrom = parseDate(params.dateFrom);
const dateTo = parseDate(params.dateTo);
const where: Prisma.AdminActionLogWhereInput = {};
if (params.entityType && ENTITY_TYPES.includes(params.entityType as never)) {
where.entityType = params.entityType;
}
if (params.action) {
where.action = { contains: params.action, mode: "insensitive" };
}
if (params.reviewer) {
where.adminEmail = params.reviewer;
}
if (dateFrom || dateTo) {
where.createdAt = {
...(dateFrom && { gte: dateFrom }),
...(dateTo && { lte: dateTo }),
};
}
const logs = await prisma.adminActionLog.findMany({
where,
orderBy: { createdAt: "desc" },
take: 200,
});
return (
<div className="mx-auto max-w-5xl px-4 py-8 sm:py-12">
<header className="mb-6">
<h1 className="text-2xl font-bold text-neutral-900 sm:text-3xl">
Audit Log
</h1>
<p className="mt-1 text-sm text-neutral-500">
Catatan semua aksi admin lintas entity (refund, payout, trip cancel,
user suspend, dst). Append-only. Maksimal 200 baris terbaru per query
pakai filter untuk drill-down.
</p>
</header>
<AdminFilterBar
action="/admin/audit-log"
values={{
dateFrom: params.dateFrom,
dateTo: params.dateTo,
reviewer: params.reviewer,
}}
reviewerOptions={listAdminEmails()}
reviewerLabel="Admin"
/>
<form method="get" className="mb-4 grid gap-3 sm:grid-cols-2">
<input type="hidden" name="dateFrom" value={params.dateFrom ?? ""} />
<input type="hidden" name="dateTo" value={params.dateTo ?? ""} />
<input type="hidden" name="reviewer" value={params.reviewer ?? ""} />
<div>
<label
htmlFor="filter-entity"
className="mb-1 block text-[10px] font-semibold uppercase tracking-wide text-neutral-500"
>
Entity type
</label>
<select
id="filter-entity"
name="entityType"
defaultValue={params.entityType ?? ""}
className="w-full rounded-lg border border-neutral-200 bg-white px-2 py-1.5 text-sm text-neutral-800 focus:border-primary-400"
>
<option value="">Semua</option>
{ENTITY_TYPES.map((t) => (
<option key={t} value={t}>
{t}
</option>
))}
</select>
</div>
<div>
<label
htmlFor="filter-action"
className="mb-1 block text-[10px] font-semibold uppercase tracking-wide text-neutral-500"
>
Action (contains)
</label>
<div className="flex gap-2">
<input
id="filter-action"
name="action"
defaultValue={params.action ?? ""}
placeholder="mis. REFUND, SUSPEND, CANCEL"
className="flex-1 rounded-lg border border-neutral-200 bg-white px-2 py-1.5 text-sm text-neutral-800 placeholder:text-neutral-400 focus:border-primary-400"
/>
<button
type="submit"
className="rounded-lg bg-primary-600 px-3 py-1.5 text-sm font-semibold text-white hover:bg-primary-700"
>
Cari
</button>
</div>
</div>
</form>
{logs.length === 0 ? (
<div className="rounded-2xl border border-dashed border-neutral-300 bg-white p-10 text-center">
<p className="text-sm text-neutral-500">
Tidak ada audit log yang cocok dengan filter ini.
</p>
</div>
) : (
<div className="overflow-x-auto rounded-2xl border border-neutral-200 bg-white shadow-sm">
<table className="min-w-full divide-y divide-neutral-100 text-sm">
<thead className="bg-neutral-50 text-[10px] font-semibold uppercase tracking-wide text-neutral-500">
<tr>
<th className="px-3 py-2 text-left">Waktu</th>
<th className="px-3 py-2 text-left">Admin</th>
<th className="px-3 py-2 text-left">Action</th>
<th className="px-3 py-2 text-left">Entity</th>
<th className="px-3 py-2 text-left">Entity ID</th>
<th className="px-3 py-2 text-left">Payload</th>
</tr>
</thead>
<tbody className="divide-y divide-neutral-100 text-xs text-neutral-700">
{logs.map((row) => (
<tr key={row.id}>
<td className="whitespace-nowrap px-3 py-2 text-neutral-500">
{row.createdAt.toLocaleString("id-ID", {
day: "2-digit",
month: "short",
year: "numeric",
hour: "2-digit",
minute: "2-digit",
})}
</td>
<td className="whitespace-nowrap px-3 py-2">
{row.adminEmail}
{!row.adminId && (
<span className="ml-1 text-[10px] text-amber-700">
(deleted)
</span>
)}
</td>
<td className="whitespace-nowrap px-3 py-2">
<span className="rounded bg-primary-50 px-1.5 py-0.5 font-mono text-[11px] font-semibold text-primary-800">
{row.action}
</span>
</td>
<td className="whitespace-nowrap px-3 py-2 font-medium">
{row.entityType}
</td>
<td className="px-3 py-2">
<EntityIdLink
entityType={row.entityType}
entityId={row.entityId}
/>
</td>
<td className="px-3 py-2 text-neutral-500">
{row.payload ? (
<code className="block max-w-md overflow-x-auto rounded bg-neutral-50 px-2 py-1 font-mono text-[10px]">
{JSON.stringify(row.payload)}
</code>
) : (
"—"
)}
</td>
</tr>
))}
</tbody>
</table>
</div>
)}
</div>
);
}
function EntityIdLink({
entityType,
entityId,
}: {
entityType: string;
entityId: string;
}) {
const short = `${entityId.slice(0, 8)}`;
let href: string | null = null;
if (entityType === "Trip") href = `/admin/trips/${entityId}`;
if (entityType === "User") href = `/admin/users/${entityId}`;
if (href) {
return (
<Link
href={href}
className="font-mono text-[11px] text-secondary-700 hover:text-secondary-900"
>
{short}
</Link>
);
}
return <span className="font-mono text-[11px]">{short}</span>;
}
app/admin/payouts/page.tsx
+21 -9
View File
@@ -4,6 +4,7 @@ import { authOptions } from "@/lib/auth";
import { isAdminEmail, listAdminEmails } from "@/lib/admin";
import { payoutRepo } from "@/server/repositories/payout.repo";
import { AdminFilterBar } from "@/features/admin/components/admin-filter-bar";
import { ExportCsvLink } from "@/features/admin/components/export-csv-link";
import {
PayoutReviewCard,
type PayoutCardData,
@@ -81,17 +82,28 @@ export default async function AdminPayoutsPage({ searchParams }: PageProps) {
processedBy: p.processedBy,
}));
const exportQuery = new URLSearchParams({ status: tab });
if (params.dateFrom) exportQuery.set("dateFrom", params.dateFrom);
if (params.dateTo) exportQuery.set("dateTo", params.dateTo);
if (params.reviewer) exportQuery.set("reviewer", params.reviewer);
return (
<div className="mx-auto max-w-4xl px-4 py-8 sm:py-12">
<header className="mb-6">
<h1 className="text-2xl font-bold text-neutral-900 sm:text-3xl">
Payout Organizer
</h1>
<p className="mt-1 text-sm text-neutral-500">
Uang peserta ditahan (escrow) sampai trip selesai + 3 hari. Setelah
status <strong>Siap transfer</strong>, admin transfer manual ke
rekening organizer lalu tandai sudah dibayar.
</p>
<header className="mb-6 flex flex-wrap items-start justify-between gap-3">
<div>
<h1 className="text-2xl font-bold text-neutral-900 sm:text-3xl">
Payout Organizer
</h1>
<p className="mt-1 text-sm text-neutral-500">
Uang peserta ditahan (escrow) sampai trip selesai + 3 hari. Setelah
status <strong>Siap transfer</strong>, admin transfer manual ke
rekening organizer lalu tandai sudah dibayar.
</p>
</div>
<ExportCsvLink
href="/api/admin/export/payouts"
query={exportQuery.toString()}
/>
</header>
<AdminFilterBar
app/admin/refunds/page.tsx
+21 -8
View File
@@ -5,6 +5,7 @@ import { isAdminEmail, listAdminEmails } from "@/lib/admin";
import { refundRepo } from "@/server/repositories/refund.repo";
import { CreateRefundForm } from "@/features/refund/components/create-refund-form";
import { AdminFilterBar } from "@/features/admin/components/admin-filter-bar";
import { ExportCsvLink } from "@/features/admin/components/export-csv-link";
import {
RefundReviewCard,
type RefundCardData,
@@ -112,16 +113,28 @@ export default async function AdminRefundsPage({ searchParams }: PageProps) {
},
}));
const exportQuery = new URLSearchParams({ status: tab });
if (params.dateFrom) exportQuery.set("dateFrom", params.dateFrom);
if (params.dateTo) exportQuery.set("dateTo", params.dateTo);
if (params.reviewer) exportQuery.set("reviewer", params.reviewer);
if (reason) exportQuery.set("reason", reason);
return (
<div className="mx-auto max-w-4xl px-4 py-8 sm:py-12">
<header className="mb-6">
<h1 className="text-2xl font-bold text-neutral-900 sm:text-3xl">
Review Refund Manual
</h1>
<p className="mt-1 text-sm text-neutral-500">
Tinjau laporan refund dari peserta dan organizer. Setiap refund harus
melalui approval admin sebelum dieksekusi.
</p>
<header className="mb-6 flex flex-wrap items-start justify-between gap-3">
<div>
<h1 className="text-2xl font-bold text-neutral-900 sm:text-3xl">
Review Refund Manual
</h1>
<p className="mt-1 text-sm text-neutral-500">
Tinjau laporan refund dari peserta dan organizer. Setiap refund harus
melalui approval admin sebelum dieksekusi.
</p>
</div>
<ExportCsvLink
href="/api/admin/export/refunds"
query={exportQuery.toString()}
/>
</header>
<CreateRefundForm />
app/admin/verifications/page.tsx
+20 -8
View File
@@ -5,6 +5,7 @@ import { isAdminEmail, listAdminEmails } from "@/lib/admin";
import { organizerRepo } from "@/server/repositories/organizer.repo";
import { organizerService } from "@/server/services/organizer.service";
import { AdminFilterBar } from "@/features/admin/components/admin-filter-bar";
import { ExportCsvLink } from "@/features/admin/components/export-csv-link";
import { ReviewCard } from "@/features/organizer/components/review-card";
type Tab = "PENDING" | "APPROVED" | "REJECTED";
@@ -69,16 +70,27 @@ export default async function AdminVerificationsPage({ searchParams }: PageProps
{ key: "REJECTED", label: "Ditolak" },
];
const exportQuery = new URLSearchParams({ status: tab });
if (params.dateFrom) exportQuery.set("dateFrom", params.dateFrom);
if (params.dateTo) exportQuery.set("dateTo", params.dateTo);
if (params.reviewer) exportQuery.set("reviewer", params.reviewer);
return (
<div className="mx-auto max-w-4xl px-4 py-8 sm:py-12">
<header className="mb-6">
<h1 className="text-2xl font-bold text-neutral-900 sm:text-3xl">
Review Verifikasi Organizer
</h1>
<p className="mt-1 text-sm text-neutral-500">
Periksa data KTP, foto liveness (memegang kertas SETRIP), dan rekening
sebelum menyetujui.
</p>
<header className="mb-6 flex flex-wrap items-start justify-between gap-3">
<div>
<h1 className="text-2xl font-bold text-neutral-900 sm:text-3xl">
Review Verifikasi Organizer
</h1>
<p className="mt-1 text-sm text-neutral-500">
Periksa data KTP, foto liveness (memegang kertas SETRIP), dan rekening
sebelum menyetujui.
</p>
</div>
<ExportCsvLink
href="/api/admin/export/verifications"
query={exportQuery.toString()}
/>
</header>
<AdminFilterBar
app/api/admin/export/payouts/route.ts
+96
View File
@@ -0,0 +1,96 @@
import { NextRequest, NextResponse } from "next/server";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { isAdminEmail } from "@/lib/admin";
import { payoutRepo } from "@/server/repositories/payout.repo";
import { buildCsv, csvDateJakarta, csvResponse } from "@/lib/csv";
import type { PayoutStatus } from "@/app/generated/prisma/enums";
export const runtime = "nodejs";
export const dynamic = "force-dynamic";
const VALID_STATUS = new Set<PayoutStatus>([
"HELD",
"RELEASED",
"PAID",
"CANCELLED",
]);
function parseDate(value: string | null): Date | undefined {
if (!value) return undefined;
const d = new Date(value);
return Number.isNaN(d.getTime()) ? undefined : d;
}
export async function GET(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session?.user || !isAdminEmail(session.user.email)) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
const params = req.nextUrl.searchParams;
const statusParam = params.get("status");
if (!statusParam || !VALID_STATUS.has(statusParam as PayoutStatus)) {
return NextResponse.json(
{ error: "status param wajib (HELD/RELEASED/PAID/CANCELLED)" },
{ status: 400 }
);
}
const status = statusParam as PayoutStatus;
const rows = await payoutRepo.listByStatus(status, {
dateFrom: parseDate(params.get("dateFrom")),
dateTo: parseDate(params.get("dateTo")),
processorEmail: params.get("reviewer") || undefined,
});
const csv = buildCsv(
[
"Payout ID",
"Status",
"Nominal (IDR)",
"Currency",
"Held until",
"Released at",
"Paid at",
"Cancelled at",
"Processor email",
"Admin note",
"Dibuat",
"Organizer nama",
"Organizer email",
"Bank nama",
"Bank rekening",
"Bank atas nama",
"Trip ID",
"Trip judul",
"Booking ID",
"Peserta nama",
],
rows.map((p) => [
p.id,
p.status,
p.amount,
p.currency,
csvDateJakarta(p.heldUntil),
csvDateJakarta(p.releasedAt),
csvDateJakarta(p.paidAt),
csvDateJakarta(p.cancelledAt),
p.processedBy?.email ?? "",
p.adminNote ?? "",
csvDateJakarta(p.createdAt),
p.organizer.name,
p.organizer.email,
p.bankName ?? "",
p.bankAccountNumber ?? "",
p.bankAccountName ?? "",
p.trip.id,
p.trip.title,
p.booking.id,
p.booking.user.name,
])
);
const today = new Date().toISOString().slice(0, 10);
return csvResponse(`payouts-${status}-${today}.csv`, csv);
}
app/api/admin/export/refunds/route.ts
+114
View File
@@ -0,0 +1,114 @@
import { NextRequest, NextResponse } from "next/server";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { isAdminEmail } from "@/lib/admin";
import { refundRepo } from "@/server/repositories/refund.repo";
import { buildCsv, csvDateJakarta, csvResponse } from "@/lib/csv";
export const runtime = "nodejs";
export const dynamic = "force-dynamic";
const VALID_STATUS = new Set([
"PENDING",
"APPROVED",
"REJECTED",
"PROCESSING",
"SUCCEEDED",
"FAILED",
]);
const VALID_REASON = new Set([
"USER_CANCELLATION",
"ORGANIZER_CANCELLED",
"TRIP_ISSUE",
"ADMIN_ADJUSTMENT",
"DISPUTE_RESOLVED",
]);
function parseDate(value: string | null): Date | undefined {
if (!value) return undefined;
const d = new Date(value);
return Number.isNaN(d.getTime()) ? undefined : d;
}
export async function GET(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session?.user || !isAdminEmail(session.user.email)) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
const params = req.nextUrl.searchParams;
const statusParam = params.get("status");
const status =
statusParam && VALID_STATUS.has(statusParam)
? (statusParam as
| "PENDING"
| "APPROVED"
| "REJECTED"
| "PROCESSING"
| "SUCCEEDED"
| "FAILED")
: undefined;
const reasonParam = params.get("reason");
const reason =
reasonParam && VALID_REASON.has(reasonParam)
? (reasonParam as
| "USER_CANCELLATION"
| "ORGANIZER_CANCELLED"
| "TRIP_ISSUE"
| "ADMIN_ADJUSTMENT"
| "DISPUTE_RESOLVED")
: undefined;
const rows = await refundRepo.listByStatus(status, {
dateFrom: parseDate(params.get("dateFrom")),
dateTo: parseDate(params.get("dateTo")),
reviewerEmail: params.get("reviewer") || undefined,
reason,
});
const csv = buildCsv(
[
"Refund ID",
"Status",
"Reason",
"Nominal (IDR)",
"Dilaporkan oleh",
"Catatan laporan",
"Catatan admin",
"Dibuat",
"Reviewed at",
"Succeeded at",
"Failed at",
"Reviewer email",
"Booking ID",
"Peserta nama",
"Peserta email",
"Trip ID",
"Trip judul",
"Trip tanggal",
],
rows.map((r) => [
r.id,
r.status,
r.reason,
r.amount,
r.reportedBy,
r.reportNote,
r.adminNote ?? "",
csvDateJakarta(r.createdAt),
csvDateJakarta(r.reviewedAt),
csvDateJakarta(r.succeededAt),
csvDateJakarta(r.failedAt),
r.reviewedBy?.email ?? "",
r.booking.id,
r.booking.user.name,
r.booking.user.email,
r.booking.trip.id,
r.booking.trip.title,
csvDateJakarta(r.booking.trip.date),
])
);
const today = new Date().toISOString().slice(0, 10);
return csvResponse(`refunds-${status ?? "all"}-${today}.csv`, csv);
}
app/api/admin/export/verifications/route.ts
+74
View File
@@ -0,0 +1,74 @@
import { NextRequest, NextResponse } from "next/server";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { isAdminEmail } from "@/lib/admin";
import { organizerRepo } from "@/server/repositories/organizer.repo";
import { buildCsv, csvDateJakarta, csvResponse } from "@/lib/csv";
export const runtime = "nodejs";
export const dynamic = "force-dynamic";
const VALID_STATUS = new Set(["PENDING", "APPROVED", "REJECTED"]);
function parseDate(value: string | null): Date | undefined {
if (!value) return undefined;
const d = new Date(value);
return Number.isNaN(d.getTime()) ? undefined : d;
}
export async function GET(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session?.user || !isAdminEmail(session.user.email)) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
const params = req.nextUrl.searchParams;
const statusParam = params.get("status");
const status =
statusParam && VALID_STATUS.has(statusParam)
? (statusParam as "PENDING" | "APPROVED" | "REJECTED")
: undefined;
const rows = await organizerRepo.listByStatus(status, {
dateFrom: parseDate(params.get("dateFrom")),
dateTo: parseDate(params.get("dateTo")),
reviewerEmail: params.get("reviewer") || undefined,
});
// SENGAJA tidak ekspor: NIK plaintext (encrypted), ktpImageKey, livenessKey,
// bankAccountNumber. Export ini hanya untuk metadata audit — KYC sensitive
// info tetap di DB & cuma diakses lewat admin UI dengan auth gate.
const csv = buildCsv(
[
"Verification ID",
"Status",
"Nama (KTP)",
"User nama",
"User email",
"Bank nama",
"Bank atas nama",
"Dibuat",
"Reviewed at",
"Verified at",
"Rejection reason",
"Reviewer email",
],
rows.map((v) => [
v.id,
v.status,
v.fullName,
v.user.name,
v.user.email,
v.bankName,
v.bankAccountName,
csvDateJakarta(v.createdAt),
csvDateJakarta(v.reviewedAt),
csvDateJakarta(v.verifiedAt),
v.rejectionReason ?? "",
v.reviewedBy?.email ?? "",
])
);
const today = new Date().toISOString().slice(0, 10);
return csvResponse(`verifications-${status ?? "all"}-${today}.csv`, csv);
}
app/api/admin/search/route.ts
+19
View File
@@ -0,0 +1,19 @@
import { NextRequest, NextResponse } from "next/server";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { isAdminEmail } from "@/lib/admin";
import { adminSearchService } from "@/server/services/admin-search.service";
export const runtime = "nodejs";
export const dynamic = "force-dynamic";
export async function GET(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session?.user || !isAdminEmail(session.user.email)) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
const q = req.nextUrl.searchParams.get("q") ?? "";
const hits = await adminSearchService.resolve(q, 10);
return NextResponse.json({ hits });
}