// ============================================================ // Husky Paths — Admin panel (#admin) // 仅管理员邮箱登录可见。待审列表 → 一键通过/拒绝。 // 安全:submissions 表 RLS 只允许该邮箱 select/update;前端这层是 UX, // 真正的门是数据库 RLS(非管理员就算打开本页也读不到、改不了)。 // ============================================================ const ADMIN_EMAIL = "agao6@uw.edu"; const AdminPanel = () => { const { useState, useEffect, useCallback } = React; const backend = window.HuskyBackend; const [session, setSession] = useState(null); const [checking, setChecking] = useState(true); const [email, setEmail] = useState(""); const [otp, setOtp] = useState(""); const [sent, setSent] = useState(false); const [busy, setBusy] = useState(false); const [error, setError] = useState(""); const [subs, setSubs] = useState([]); const [loading, setLoading] = useState(false); const [tab, setTab] = useState("pending"); const isAdmin = !!(session && session.user && (session.user.email || "").toLowerCase() === ADMIN_EMAIL); useEffect(() => { let off = false; if (!backend) { setChecking(false); return; } backend.getSession().then((s) => { if (!off) { setSession(s); setChecking(false); } }).catch(() => { if (!off) setChecking(false); }); const unsub = backend.onAuthStateChange ? backend.onAuthStateChange((s) => setSession(s)) : null; return () => { off = true; if (unsub) unsub(); }; }, []); const load = useCallback(async () => { setLoading(true); setError(""); try { setSubs(await backend.fetchAllSubmissions()); } catch (e) { setError(e.message || "Could not load submissions."); } finally { setLoading(false); } }, []); useEffect(() => { if (isAdmin) load(); }, [isAdmin, load]); const sendCode = async () => { setBusy(true); setError(""); try { await backend.sendLoginLink(email); setSent(true); } catch (e) { setError(e.message || "Could not send code."); } finally { setBusy(false); } }; const verify = async () => { setBusy(true); setError(""); try { const s = await backend.verifyOtp(email, otp); setSession(s); } catch (e) { setError(e.message || "Verification failed."); } finally { setBusy(false); } }; const act = async (id, status) => { setError(""); const prev = subs; setSubs((rows) => rows.map((r) => (r.id === id ? { ...r, status } : r))); // 乐观更新 try { await backend.setSubmissionStatus(id, status); } catch (e) { setSubs(prev); setError(e.message || "Update failed."); } }; const signOut = async () => { try { await backend.signOut(); } catch (_e) {} setSession(null); }; const counts = { pending: subs.filter((s) => s.status === "pending").length, approved: subs.filter((s) => s.status === "approved").length, rejected: subs.filter((s) => s.status === "rejected").length, }; const shown = subs.filter((s) => (tab === "all" ? true : s.status === tab)); // ── 未登录 / 非管理员 ── if (checking) { return

Loading…

; } if (!session) { return (

HUSKY PATHS · ADMIN

Sign in to review

Admin access only — sign in with your UW email.

{error &&

{error}

} {!sent ? (

UW Email setEmail(e.target.value)} placeholder="netid@uw.edu" />

) : (

Verification code sent to {email} setOtp(e.target.value)} placeholder="6-digit code" inputMode="numeric" autoComplete="one-time-code" />

)}

← Back to the map

); } if (!isAdmin) { return (

ADMIN

Not authorized

You're signed in as {session.user.email}, which isn't the admin account.

Back to map →

); } // ── 管理员视图 ── return (

HUSKY PATHS · ADMIN

Review queue

Map

{["pending", "approved", "rejected", "all"].map((k) => ( ))}

{error &&

{error}

} {loading ? (

Loading submissions…

) : shown.length === 0 ? (

Nothing here.

) : (

{shown.map((s) => (

{s.name || "Anonymous"} {s.status}

{s.path_type} · {s.org_name}{s.role_detail ? ` · ${s.role_detail}` : ""} · {s.city_name}{s.grad_year ? ` · '${String(s.grad_year).slice(-2)}` : ""}

{s.major &&

{s.major}

} {s.note &&

"{s.note}"

}

Verify: {s.contact_hint || "—"} {s.open_to_connect && ( · ✓ open to connect {s.linkedin_url ? ` · in:${s.linkedin_url}` : ""}{s.wechat_id ? ` · wechat:${s.wechat_id}` : ""}{s.instagram_handle ? ` · ig:${s.instagram_handle}` : ""} )}

{s.status !== "approved" && } {s.status !== "rejected" && } {s.status !== "pending" && }

))}

)}

Approve → appears on the map automatically. Contact (LinkedIn/WeChat/IG) shows only if the alum ticked "open to connect" — their verification email is never published.

); }; window.AdminPanel = AdminPanel;