v0.9.26 added a admin tools

backend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jama-backend",
-  "version": "0.9.25",
+  "version": "0.9.26",
   "description": "TeamChat backend server",
   "main": "src/index.js",
   "scripts": {

backend/src/index.js

@@ -41,6 +41,7 @@ app.use('/api/auth', require('./routes/auth')(io));
 app.use('/api/users', require('./routes/users'));
 app.use('/api/groups', require('./routes/groups')(io));
 app.use('/api/messages', require('./routes/messages')(io));
+app.use('/api/usergroups', require('./routes/usergroups')(io));
 app.use('/api/settings', require('./routes/settings'));
 app.use('/api/about', require('./routes/about'));
 app.use('/api/help', require('./routes/help'));

backend/src/models/db.js

@@ -158,6 +158,25 @@ function initDb() {
       UNIQUE(user_id, device),
       FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
     );
+
+    -- User groups (admin-managed, separate from chat groups)
+    CREATE TABLE IF NOT EXISTS user_groups (
+      id         INTEGER PRIMARY KEY AUTOINCREMENT,
+      name       TEXT NOT NULL UNIQUE,
+      dm_group_id INTEGER,           -- paired private group in groups table
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+      FOREIGN KEY (dm_group_id) REFERENCES groups(id) ON DELETE SET NULL
+    );
+
+    -- Members of user groups
+    CREATE TABLE IF NOT EXISTS user_group_members (
+      user_group_id INTEGER NOT NULL,
+      user_id       INTEGER NOT NULL,
+      PRIMARY KEY (user_group_id, user_id),
+      FOREIGN KEY (user_group_id) REFERENCES user_groups(id) ON DELETE CASCADE,
+      FOREIGN KEY (user_id)       REFERENCES users(id)       ON DELETE CASCADE
+    );
   `);
 
   // Initialize default settings
@@ -173,6 +192,9 @@ function initDb() {
   insertSetting.run('color_title_dark', '');
   insertSetting.run('color_avatar_public', '');
   insertSetting.run('color_avatar_dm', '');
+  insertSetting.run('registration_code', '');
+  insertSetting.run('feature_branding', 'false');
+  insertSetting.run('feature_group_manager', 'false');
 
   // Migration: add hide_admin_tag if upgrading from older version
   try {
@@ -262,6 +284,36 @@ function initDb() {
     console.log('[DB] Migration: pinned_conversations table ready');
   } catch (e) { console.error('[DB] pinned_conversations migration error:', e.message); }
 
+  // Migration: is_managed flag on groups (admin-managed DMs via Group Manager)
+  try {
+    db.exec("ALTER TABLE groups ADD COLUMN is_managed INTEGER NOT NULL DEFAULT 0");
+    console.log('[DB] Migration: added is_managed column to groups');
+  } catch (e) { /* already exists */ }
+
+  // Migration: user_groups and user_group_members tables
+  try {
+    db.exec(`
+      CREATE TABLE IF NOT EXISTS user_groups (
+        id          INTEGER PRIMARY KEY AUTOINCREMENT,
+        name        TEXT NOT NULL UNIQUE,
+        dm_group_id INTEGER,
+        created_at  TEXT NOT NULL DEFAULT (datetime('now')),
+        updated_at  TEXT NOT NULL DEFAULT (datetime('now')),
+        FOREIGN KEY (dm_group_id) REFERENCES groups(id) ON DELETE SET NULL
+      )
+    `);
+    db.exec(`
+      CREATE TABLE IF NOT EXISTS user_group_members (
+        user_group_id INTEGER NOT NULL,
+        user_id       INTEGER NOT NULL,
+        PRIMARY KEY (user_group_id, user_id),
+        FOREIGN KEY (user_group_id) REFERENCES user_groups(id) ON DELETE CASCADE,
+        FOREIGN KEY (user_id)       REFERENCES users(id)       ON DELETE CASCADE
+      )
+    `);
+    console.log('[DB] Migration: user_groups tables ready');
+  } catch (e) { console.error('[DB] user_groups migration error:', e.message); }
+
   console.log('[DB] Schema initialized');
   return db;
 }

backend/src/routes/groups.js

@@ -340,6 +340,7 @@ router.delete('/:id/leave', authMiddleware, (req, res) => {
   const group = db.prepare('SELECT * FROM groups WHERE id = ?').get(req.params.id);
   if (!group) return res.status(404).json({ error: 'Group not found' });
   if (group.type === 'public') return res.status(400).json({ error: 'Cannot leave public groups' });
+  if (group.is_managed && req.user.role !== 'admin') return res.status(403).json({ error: 'This group is managed by an administrator. Contact an admin to be removed.' });
 
   const userId = req.user.id;
   const leaverName = req.user.display_name || req.user.name;

backend/src/routes/settings.js

@@ -134,4 +134,34 @@ router.post('/reset', authMiddleware, adminMiddleware, (req, res) => {
   res.json({ success: true });
 });
 
+// ── Registration code ─────────────────────────────────────────────────────────
+// Valid codes — in production these would be stored/validated server-side
+const VALID_CODES = {
+  'JAMA-FULL-2024':     { branding: true,  groupManager: true },
+  'JAMA-BRAND-2024':    { branding: true,  groupManager: false },
+};
+
+router.post('/register', authMiddleware, adminMiddleware, (req, res) => {
+  const { code } = req.body;
+  const db = getDb();
+  const upd = db.prepare("INSERT INTO settings (key, value) VALUES (?, ?) ON CONFLICT(key) DO UPDATE SET value = ?, updated_at = datetime('now')");
+
+  if (!code?.trim()) {
+    // Clear registration
+    upd.run('registration_code', '', '');
+    upd.run('feature_branding', 'false', 'false');
+    upd.run('feature_group_manager', 'false', 'false');
+    return res.json({ success: true, features: { branding: false, groupManager: false } });
+  }
+
+  const match = VALID_CODES[code.trim().toUpperCase()];
+  if (!match) return res.status(400).json({ error: 'Invalid registration code' });
+
+  upd.run('registration_code', code.trim(), code.trim());
+  upd.run('feature_branding',      match.branding      ? 'true' : 'false', match.branding      ? 'true' : 'false');
+  upd.run('feature_group_manager', match.groupManager  ? 'true' : 'false', match.groupManager  ? 'true' : 'false');
+
+  res.json({ success: true, features: { branding: match.branding, groupManager: match.groupManager } });
+});
+
 module.exports = router;

backend/src/routes/usergroups.js

@@ -0,0 +1,172 @@
+const express = require('express');
+const router = express.Router();
+const { getDb } = require('../models/db');
+const { authMiddleware, adminMiddleware } = require('../middleware/auth');
+
+module.exports = function(io) {
+
+// ── Helpers ───────────────────────────────────────────────────────────────────
+
+function postSysMsg(db, groupId, userId, content) {
+  const r = db.prepare(`INSERT INTO messages (group_id, user_id, content, type) VALUES (?, ?, ?, 'system')`).run(groupId, userId, content);
+  const msg = db.prepare(`
+    SELECT m.*, u.name as user_name, u.display_name as user_display_name,
+      u.avatar as user_avatar, u.role as user_role, u.status as user_status,
+      u.hide_admin_tag as user_hide_admin_tag, u.about_me as user_about_me, u.allow_dm as user_allow_dm
+    FROM messages m JOIN users u ON m.user_id = u.id WHERE m.id = ?
+  `).get(r.lastInsertRowid);
+  if (msg) { msg.reactions = []; io.to(`group:${groupId}`).emit('message:new', msg); }
+}
+
+function addUserToDmGroup(db, dmGroupId, userId, actorId) {
+  db.prepare('INSERT OR IGNORE INTO group_members (group_id, user_id) VALUES (?, ?)').run(dmGroupId, userId);
+  io.in(`user:${userId}`).socketsJoin(`group:${dmGroupId}`);
+  const dmGroup = db.prepare('SELECT * FROM groups WHERE id = ?').get(dmGroupId);
+  io.to(`user:${userId}`).emit('group:new', { group: dmGroup });
+  const u = db.prepare('SELECT name, display_name FROM users WHERE id = ?').get(userId);
+  postSysMsg(db, dmGroupId, actorId, `${u?.display_name || u?.name || 'A user'} has joined the conversation.`);
+}
+
+function removeUserFromDmGroup(db, dmGroupId, userId, actorId) {
+  db.prepare('DELETE FROM group_members WHERE group_id = ? AND user_id = ?').run(dmGroupId, userId);
+  io.in(`user:${userId}`).socketsLeave(`group:${dmGroupId}`);
+  io.to(`user:${userId}`).emit('group:deleted', { groupId: dmGroupId });
+  const u = db.prepare('SELECT name, display_name FROM users WHERE id = ?').get(userId);
+  postSysMsg(db, dmGroupId, actorId, `${u?.display_name || u?.name || 'A user'} has been removed from the conversation.`);
+}
+
+// ── List all user groups ───────────────────────────────────────────────────────
+
+router.get('/', authMiddleware, adminMiddleware, (req, res) => {
+  const db = getDb();
+  const groups = db.prepare(`
+    SELECT ug.*, g.name as dm_name,
+      (SELECT COUNT(*) FROM user_group_members WHERE user_group_id = ug.id) as member_count
+    FROM user_groups ug
+    LEFT JOIN groups g ON g.id = ug.dm_group_id
+    ORDER BY ug.name ASC
+  `).all();
+  res.json({ groups });
+});
+
+// ── Get single user group with members ────────────────────────────────────────
+
+router.get('/:id', authMiddleware, adminMiddleware, (req, res) => {
+  const db = getDb();
+  const group = db.prepare('SELECT * FROM user_groups WHERE id = ?').get(req.params.id);
+  if (!group) return res.status(404).json({ error: 'Not found' });
+  const members = db.prepare(`
+    SELECT u.id, u.name, u.display_name, u.avatar, u.role, u.status
+    FROM user_group_members ugm
+    JOIN users u ON u.id = ugm.user_id
+    WHERE ugm.user_group_id = ?
+    ORDER BY u.name ASC
+  `).all(req.params.id);
+  res.json({ group, members });
+});
+
+// ── Create user group ─────────────────────────────────────────────────────────
+
+router.post('/', authMiddleware, adminMiddleware, (req, res) => {
+  const { name, memberIds = [] } = req.body;
+  if (!name?.trim()) return res.status(400).json({ error: 'Name required' });
+  const db = getDb();
+
+  // Check unique name
+  if (db.prepare('SELECT id FROM user_groups WHERE LOWER(name) = LOWER(?)').get(name.trim())) {
+    return res.status(400).json({ error: 'A group with that name already exists' });
+  }
+
+  // Create the paired managed DM group in groups table
+  const admin = db.prepare('SELECT id FROM users WHERE is_default_admin = 1').get();
+  const dmResult = db.prepare(`
+    INSERT INTO groups (name, type, owner_id, is_readonly, is_direct, is_managed)
+    VALUES (?, 'private', ?, 0, 0, 1)
+  `).run(name.trim(), admin?.id || req.user.id);
+  const dmGroupId = dmResult.lastInsertRowid;
+
+  // Create the user group
+  const ugResult = db.prepare(`
+    INSERT INTO user_groups (name, dm_group_id) VALUES (?, ?)
+  `).run(name.trim(), dmGroupId);
+  const ugId = ugResult.lastInsertRowid;
+
+  // Add members to both
+  const validIds = Array.isArray(memberIds) ? memberIds.map(Number).filter(Boolean) : [];
+  const addMember = db.prepare('INSERT OR IGNORE INTO user_group_members (user_group_id, user_id) VALUES (?, ?)');
+  for (const uid of validIds) {
+    addMember.run(ugId, uid);
+    db.prepare('INSERT OR IGNORE INTO group_members (group_id, user_id) VALUES (?, ?)').run(dmGroupId, uid);
+    io.in(`user:${uid}`).socketsJoin(`group:${dmGroupId}`);
+    const dmGroup = db.prepare('SELECT * FROM groups WHERE id = ?').get(dmGroupId);
+    io.to(`user:${uid}`).emit('group:new', { group: dmGroup });
+  }
+
+  const group = db.prepare('SELECT * FROM user_groups WHERE id = ?').get(ugId);
+  res.json({ group });
+});
+
+// ── Update user group (name + members) ────────────────────────────────────────
+
+router.patch('/:id', authMiddleware, adminMiddleware, (req, res) => {
+  const db = getDb();
+  const ug = db.prepare('SELECT * FROM user_groups WHERE id = ?').get(req.params.id);
+  if (!ug) return res.status(404).json({ error: 'Not found' });
+
+  const { name, memberIds } = req.body;
+
+  // Rename
+  if (name && name.trim() !== ug.name) {
+    const conflict = db.prepare('SELECT id FROM user_groups WHERE LOWER(name) = LOWER(?) AND id != ?').get(name.trim(), ug.id);
+    if (conflict) return res.status(400).json({ error: 'Name already in use' });
+    db.prepare("UPDATE user_groups SET name = ?, updated_at = datetime('now') WHERE id = ?").run(name.trim(), ug.id);
+    if (ug.dm_group_id) {
+      db.prepare("UPDATE groups SET name = ?, updated_at = datetime('now') WHERE id = ?").run(name.trim(), ug.dm_group_id);
+    }
+  }
+
+  // Sync members
+  if (Array.isArray(memberIds) && ug.dm_group_id) {
+    const newIds = new Set(memberIds.map(Number).filter(Boolean));
+    const current = db.prepare('SELECT user_id FROM user_group_members WHERE user_group_id = ?').all(ug.id).map(r => r.user_id);
+    const currentSet = new Set(current);
+
+    // Add new members
+    for (const uid of newIds) {
+      if (!currentSet.has(uid)) {
+        db.prepare('INSERT OR IGNORE INTO user_group_members (user_group_id, user_id) VALUES (?, ?)').run(ug.id, uid);
+        addUserToDmGroup(db, ug.dm_group_id, uid, req.user.id);
+      }
+    }
+    // Remove dropped members
+    for (const uid of currentSet) {
+      if (!newIds.has(uid)) {
+        db.prepare('DELETE FROM user_group_members WHERE user_group_id = ? AND user_id = ?').run(ug.id, uid);
+        removeUserFromDmGroup(db, ug.dm_group_id, uid, req.user.id);
+      }
+    }
+  }
+
+  const updated = db.prepare('SELECT * FROM user_groups WHERE id = ?').get(req.params.id);
+  res.json({ group: updated });
+});
+
+// ── Delete user group ─────────────────────────────────────────────────────────
+
+router.delete('/:id', authMiddleware, adminMiddleware, (req, res) => {
+  const db = getDb();
+  const ug = db.prepare('SELECT * FROM user_groups WHERE id = ?').get(req.params.id);
+  if (!ug) return res.status(404).json({ error: 'Not found' });
+
+  // Notify all DM group members before deleting
+  if (ug.dm_group_id) {
+    const members = db.prepare('SELECT user_id FROM group_members WHERE group_id = ?').all(ug.dm_group_id).map(r => r.user_id);
+    db.prepare('DELETE FROM groups WHERE id = ?').run(ug.dm_group_id);
+    for (const uid of members) io.to(`user:${uid}`).emit('group:deleted', { groupId: ug.dm_group_id });
+  }
+  db.prepare('DELETE FROM user_groups WHERE id = ?').run(ug.id);
+  res.json({ success: true });
+});
+
+return router;
+};