/* Admin console — the bookkeeper's view. Create clients, connect their QuickBooks, manage their logins, and open any client's live dashboard. Also hosts the invite "set your password" screen that clients land on from their email link. All admin endpoints are behind requireAdmin server-side; this UI only renders for role === 'admin'. */ const CBAdmin = { async listCompanies() { const r = await fetch('/api/admin/companies', { credentials: 'same-origin' }); if (!r.ok) throw new Error('Failed to load clients'); return r.json(); }, async getCompany(id) { const r = await fetch(`/api/admin/companies/${id}`, { credentials: 'same-origin' }); if (!r.ok) throw new Error('Failed to load client'); return r.json(); }, async createCompany(name) { const r = await fetch('/api/admin/companies', { method: 'POST', credentials: 'same-origin', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ name }), }); if (!r.ok) throw new Error((await r.json().catch(() => ({}))).error || 'Failed to create client'); return r.json(); }, async addUser(companyId, email, name) { const r = await fetch(`/api/admin/companies/${companyId}/users`, { method: 'POST', credentials: 'same-origin', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ email, name }), }); if (!r.ok) throw new Error((await r.json().catch(() => ({}))).error || 'Failed to add login'); return r.json(); }, async reinvite(companyId, userId) { const r = await fetch(`/api/admin/companies/${companyId}/users/${userId}/invite`, { method: 'POST', credentials: 'same-origin', }); if (!r.ok) throw new Error('Failed to send invite'); return r.json(); }, }; function StatusBadge({ connected }) { return ( {connected ? : } {connected ? 'Connected' : 'Not connected'} ); } /* Expandable detail for one client: connection + logins. */ function ClientRow({ company, onChanged, onOpenDashboard }) { const [open, setOpen] = React.useState(false); const [detail, setDetail] = React.useState(null); const [email, setEmail] = React.useState(''); const [name, setName] = React.useState(''); const [busy, setBusy] = React.useState(false); const [notice, setNotice] = React.useState(null); const [err, setErr] = React.useState(null); const loadDetail = async () => { try { setDetail(await CBAdmin.getCompany(company.id)); } catch (e) { setErr(e.message); } }; const toggle = () => { const n = !open; setOpen(n); if (n && !detail) loadDetail(); }; const addLogin = async (e) => { e.preventDefault(); setBusy(true); setErr(null); setNotice(null); try { const res = await CBAdmin.addUser(company.id, email.trim(), name.trim()); setEmail(''); setName(''); if (res.invite?.devLink) { setNotice({ type: 'devlink', link: res.invite.devLink }); } else { setNotice({ type: 'emailed', email: res.email }); } await loadDetail(); onChanged && onChanged(); } catch (ex) { setErr(ex.message); } finally { setBusy(false); } }; const resend = async (userId) => { setErr(null); setNotice(null); try { const res = await CBAdmin.reinvite(company.id, userId); if (res.invite?.devLink) setNotice({ type: 'devlink', link: res.invite.devLink }); else setNotice({ type: 'emailed' }); } catch (ex) { setErr(ex.message); } }; return (
{company.name}
{company.users} login{company.users === 1 ? '' : 's'}
e.stopPropagation()}> {company.connected ? ( ) : ( Connect QuickBooks )}
{open && (
{err &&
{err}
}
QuickBooks
{company.connected ? (

Connected · realm {company.realmId} {company.refreshExpiresAt && ` · token valid to ${new Date(company.refreshExpiresAt).toLocaleDateString()}`}

) : (

Not connected. Authorize this client's QuickBooks →

)}
Client logins
{detail?.users?.length ? (
    {detail.users.map((u) => (
  • {u.email} {u.name && · {u.name}} {u.activated ? 'Active' : 'Invited'} {!u.activated && ( )}
    • ))}
) :

No logins yet.

} {notice?.type === 'emailed' && (
Invite emailed{notice.email ? ` to ${notice.email}` : ''}.
)} {notice?.type === 'devlink' && (
Email isn't configured yet — share this invite link manually: e.target.select()} />
)}
setEmail(e.target.value)} /> setName(e.target.value)} />
)}
); } function AddClientForm({ onCreated }) { const [name, setName] = React.useState(''); const [busy, setBusy] = React.useState(false); const [err, setErr] = React.useState(null); const submit = async (e) => { e.preventDefault(); setBusy(true); setErr(null); try { await CBAdmin.createCompany(name.trim()); setName(''); onCreated && onCreated(); } catch (ex) { setErr(ex.message); } finally { setBusy(false); } }; return (
setName(e.target.value)} /> {err && {err}}
); } function AdminConsole({ user, onOpenDashboard }) { const [companies, setCompanies] = React.useState(null); const [err, setErr] = React.useState(null); const load = async () => { try { setCompanies(await CBAdmin.listCompanies()); setErr(null); } catch (e) { setErr(e.message); } }; React.useEffect(() => { load(); }, []); return (
contractorbooks Admin
{user?.email}

Clients

Create a client, connect their QuickBooks, and invite them to their dashboard.

{err &&
{err}
} {companies === null ? (

Loading…

) : companies.length === 0 ? (
No clients yet. Add your first client above.
) : (
{companies.map((c) => ( ))}
)}
); } /* Floating control shown while an admin is viewing a client's dashboard. */ function AdminBackBar({ companyName, onBack }) { return (
Viewing {companyName} as admin
); } /* Invite landing page: client sets their password, then is signed in. */ function SetPasswordScreen() { const [state, setState] = React.useState({ status: 'loading' }); const [pw, setPw] = React.useState(''); const [pw2, setPw2] = React.useState(''); const [busy, setBusy] = React.useState(false); const [err, setErr] = React.useState(null); const token = new URLSearchParams(location.search).get('token') || ''; React.useEffect(() => { (async () => { if (!token) { setState({ status: 'invalid' }); return; } const r = await fetch(`/api/auth/invite/${encodeURIComponent(token)}`); if (!r.ok) { setState({ status: 'invalid' }); return; } setState({ status: 'ready', ...(await r.json()) }); })(); }, []); const submit = async (e) => { e.preventDefault(); setErr(null); if (pw.length < 8) { setErr('Password must be at least 8 characters.'); return; } if (pw !== pw2) { setErr('Passwords do not match.'); return; } setBusy(true); try { const r = await fetch('/api/auth/set-password', { method: 'POST', credentials: 'same-origin', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ token, password: pw }), }); if (!r.ok) throw new Error((await r.json().catch(() => ({}))).error || 'Could not set password'); window.location.href = '/'; // signed in → boot loads their dashboard } catch (ex) { setErr(ex.message); setBusy(false); } }; if (state.status === 'loading') { return

Checking your invite…

; } if (state.status === 'invalid') { return (

Link expired

This invite link is invalid or has expired. Ask your bookkeeper to send a new one.

); } return (
contractorbooks

Welcome{state.name ? `, ${state.name.split(' ')[0]}` : ''}

Choose a password for {state.email} to access your dashboard.

{err &&
{err}
}
); } Object.assign(window, { AdminConsole, AdminBackBar, SetPasswordScreen });