Comprehensive admin + user dashboards (production-ready)

2026-06-07 17:54:30 -04:00
parent 155507f21a
commit f033f00379
122 changed files with 7878 additions and 805 deletions
@@ -1,13 +1,18 @@
 "use server";

+import { randomBytes } from "node:crypto";
 import { revalidatePath } from "next/cache";
 import { z } from "zod";
 import { getServerSession } from "@/lib/auth/guards";
 import { prisma } from "@/lib/db";
 import { getEffectivePlan } from "@/lib/billing/subscription";
-import { enforceLimit, LimitExceededError } from "@/lib/usage/limits";
+import { reserveLimit, LimitExceededError } from "@/lib/usage/limits";
+import { refundUsage } from "@/lib/usage/meter";
 import { enqueueEpisodeGeneration } from "@/lib/queue/pgboss";
 import { rateLimit, LIMITS } from "@/lib/ratelimit";
+import { isFlagEnabled } from "@/lib/flags";
+import { moderateText } from "@/lib/ai/moderation";
+import type { UsageMetric } from "@/lib/billing/plans";
 import type { GenerationType } from "@/lib/queue/jobs";
 import type { Prisma } from "@prisma/client";

@@ -42,6 +47,10 @@ export async function createEpisodeAction(input: CreateEpisodeInput): Promise<Cr
    return { ok: false, error: `Too many requests. Try again in ${rl.retryAfterSec}s.` };
  }

+  if (!(await isFlagEnabled("episode_generation_enabled"))) {
+    return { ok: false, error: "Episode generation is temporarily paused. Please try again shortly." };
+  }
+
  const parsed = createSchema.safeParse(input);
  if (!parsed.success) {
    return { ok: false, error: parsed.error.issues[0]?.message ?? "Invalid input." };
@@ -49,7 +58,7 @@ export async function createEpisodeAction(input: CreateEpisodeInput): Promise<Cr
  const data = parsed.data;
  const activeOrgId = session.session.activeOrganizationId;

-  const { plan } = await getEffectivePlan(session.user.id, activeOrgId);
+  const { plan, subjectId, subjectType } = await getEffectivePlan(session.user.id, activeOrgId);
  if (data.targetLengthMin > plan.limits.maxEpisodeMinutes) {
    return {
      ok: false,
@@ -58,10 +67,33 @@ export async function createEpisodeAction(input: CreateEpisodeInput): Promise<Cr
    };
  }

+  // Screen the requested topic before spending any quota or AI budget.
+  if (await isFlagEnabled("ai_moderation_enabled")) {
+    const mod = await moderateText([data.title, data.topic, data.audience].filter(Boolean).join("\n"));
+    if (mod.flagged) {
+      return {
+        ok: false,
+        error: "This topic may violate our content policy and can't be generated. Please revise it and try again.",
+      };
+    }
+  }
+
+  // Reserve quota atomically up front (a full generation consumes script,
+  // audio and art). The worker won't re-meter; we refund below if create/enqueue
+  // fails. See the metering invariant in lib/usage/meter.ts.
+  const reserved: UsageMetric[] = [];
+  const refundReserved = async () => {
+    for (const m of reserved) await refundUsage(subjectId, subjectType, m);
+  };
  try {
-    await enforceLimit(session.user.id, "script", activeOrgId);
-    await enforceLimit(session.user.id, "audio", activeOrgId);
+    await reserveLimit(session.user.id, "script", activeOrgId);
+    reserved.push("script");
+    await reserveLimit(session.user.id, "audio", activeOrgId);
+    reserved.push("audio");
+    await reserveLimit(session.user.id, "art", activeOrgId);
+    reserved.push("art");
  } catch (err) {
+    await refundReserved();
    if (err instanceof LimitExceededError) {
      return {
        ok: false,
@@ -72,38 +104,43 @@ export async function createEpisodeAction(input: CreateEpisodeInput): Promise<Cr
    throw err;
  }

-  const episode = await prisma.episode.create({
-    data: {
-      userId: session.user.id,
-      organizationId: activeOrgId ?? undefined,
-      title: data.title?.trim() || deriveTitle(data.topic),
-      topic: data.topic,
-      tone: data.tone,
-      format: data.format,
-      language: data.language,
-      targetLengthMin: data.targetLengthMin,
-      audience: data.audience,
-      status: "QUEUED",
-      stage: "Queued for generation",
-      speakers: {
-        create: data.speakers.map((s) => ({
-          speakerKey: s.speakerKey,
-          displayName: s.displayName,
-          elevenVoiceId: s.elevenVoiceId,
-        })),
+  try {
+    const episode = await prisma.episode.create({
+      data: {
+        userId: session.user.id,
+        organizationId: activeOrgId ?? undefined,
+        title: data.title?.trim() || deriveTitle(data.topic),
+        topic: data.topic,
+        tone: data.tone,
+        format: data.format,
+        language: data.language,
+        targetLengthMin: data.targetLengthMin,
+        audience: data.audience,
+        status: "QUEUED",
+        stage: "Queued for generation",
+        speakers: {
+          create: data.speakers.map((s) => ({
+            speakerKey: s.speakerKey,
+            displayName: s.displayName,
+            elevenVoiceId: s.elevenVoiceId,
+          })),
+        },
+        jobs: { create: { type: "full", status: "queued" } },
      },
-      jobs: { create: { type: "full", status: "queued" } },
-    },
-  });
+    });

-  await enqueueEpisodeGeneration(
-    { episodeId: episode.id, type: "full" },
-    { priority: plan.features.includes("priority_generation") ? 10 : 0 }
-  );
+    await enqueueEpisodeGeneration(
+      { episodeId: episode.id, type: "full" },
+      { priority: plan.features.includes("priority_generation") ? 10 : 0 }
+    );

-  revalidatePath("/episodes");
-  revalidatePath("/dashboard");
-  return { ok: true, episodeId: episode.id };
+    revalidatePath("/episodes");
+    revalidatePath("/dashboard");
+    return { ok: true, episodeId: episode.id };
+  } catch (err) {
+    await refundReserved();
+    throw err;
+  }
 }

 export async function regenerateAction(
@@ -113,6 +150,15 @@ export async function regenerateAction(
  const session = await getServerSession();
  if (!session) return { ok: false, error: "You must be signed in." };

+  const rl = await rateLimit("generation", session.user.id, LIMITS.generation);
+  if (!rl.ok) {
+    return { ok: false, error: `Too many requests. Try again in ${rl.retryAfterSec}s.` };
+  }
+
+  if (!(await isFlagEnabled("episode_generation_enabled"))) {
+    return { ok: false, error: "Episode generation is temporarily paused. Please try again shortly." };
+  }
+
  const episode = await prisma.episode.findUnique({
    where: { id: episodeId },
    select: { userId: true, organizationId: true },
@@ -122,24 +168,41 @@ export async function regenerateAction(
    return { ok: false, error: "Not allowed." };
  }

-  // Gate the metrics this regeneration will consume.
-  const metrics: ("script" | "audio" | "art")[] =
+  const activeOrgId = session.session.activeOrganizationId;
+  const { subjectId, subjectType } = await getEffectivePlan(session.user.id, activeOrgId);
+
+  // Reserve the metrics this regeneration will consume up front. The worker
+  // won't re-meter; refund below if enqueue fails. See meter.ts invariant.
+  const metrics: UsageMetric[] =
    type === "art" ? ["art"] : type === "audio" ? ["audio"] : ["script", "audio"];
+  const reserved: UsageMetric[] = [];
+  const refundReserved = async () => {
+    for (const m of reserved) await refundUsage(subjectId, subjectType, m);
+  };
  try {
-    for (const m of metrics) await enforceLimit(session.user.id, m, session.session.activeOrganizationId);
+    for (const m of metrics) {
+      await reserveLimit(session.user.id, m, activeOrgId);
+      reserved.push(m);
+    }
  } catch (err) {
+    await refundReserved();
    if (err instanceof LimitExceededError) {
      return { ok: false, error: `Monthly ${err.check.metric} limit reached on the ${err.check.plan} plan.` };
    }
    throw err;
  }

-  await prisma.episode.update({
-    where: { id: episodeId },
-    data: { status: "QUEUED", stage: "Queued for regeneration", errorMessage: null },
-  });
-  await prisma.generationJob.create({ data: { episodeId, type, status: "queued" } });
-  await enqueueEpisodeGeneration({ episodeId, type });
+  try {
+    await prisma.episode.update({
+      where: { id: episodeId },
+      data: { status: "QUEUED", stage: "Queued for regeneration", errorMessage: null },
+    });
+    await prisma.generationJob.create({ data: { episodeId, type, status: "queued" } });
+    await enqueueEpisodeGeneration({ episodeId, type });
+  } catch (err) {
+    await refundReserved();
+    throw err;
+  }

  revalidatePath(`/episodes/${episodeId}`);
  return { ok: true };
@@ -198,8 +261,16 @@ export async function regenerateSectionAction(
  }
  if (!episode.script) return { ok: false, error: "No script to edit yet." };

+  const rl = await rateLimit("generation", session.user.id, LIMITS.generation);
+  if (!rl.ok) {
+    return { ok: false, error: `Too many requests. Try again in ${rl.retryAfterSec}s.` };
+  }
+
+  const activeOrgId = session.session.activeOrganizationId;
+  // Reserve the script unit atomically up front. This synchronous action does
+  // NOT increment afterwards (that would double-count) — it refunds on failure.
  try {
-    await enforceLimit(session.user.id, "script", session.session.activeOrganizationId);
+    await reserveLimit(session.user.id, "script", activeOrgId);
  } catch (err) {
    if (err instanceof LimitExceededError) {
      return { ok: false, error: `Monthly script limit reached on the ${err.check.plan} plan.` };
@@ -207,10 +278,12 @@ export async function regenerateSectionAction(
    throw err;
  }

+  const ownerId = episode.organizationId ?? episode.userId;
+  const ownerType = episode.organizationId ? "organization" : "user";
+
  // Imported lazily so the AI SDK never reaches client bundles importing this file.
  const { scriptProvider } = await import("@/lib/ai/providers");
  const { recordCost, scriptCostUsd } = await import("@/lib/ai/cost");
-  const { incrementUsage } = await import("@/lib/usage/meter");

  const config = {
    title: episode.title,
@@ -227,20 +300,26 @@ export async function regenerateSectionAction(
    sections: { id: string; title: string; turns: { speakerKey: string; text: string }[] }[];
  };

-  const { section, usage } = await scriptProvider().regenerateSection(config, current, sectionId);
-  const updated = {
-    ...current,
-    sections: current.sections.map((s) => (s.id === sectionId ? section : s)),
-  };
+  let section: { id: string; title: string; turns: { speakerKey: string; text: string }[] };
+  let usage: { inputTokens: number; outputTokens: number };
+  try {
+    ({ section, usage } = await scriptProvider().regenerateSection(config, current, sectionId));
+    const updated = {
+      ...current,
+      sections: current.sections.map((s) => (s.id === sectionId ? section : s)),
+    };

-  await prisma.script.update({
-    where: { episodeId },
-    data: { content: updated as unknown as Prisma.InputJsonValue, version: { increment: 1 } },
-  });
+    await prisma.script.update({
+      where: { episodeId },
+      data: { content: updated as unknown as Prisma.InputJsonValue, version: { increment: 1 } },
+    });
+  } catch (err) {
+    // Generation/save failed — refund the script unit we reserved.
+    await refundUsage(ownerId, ownerType, "script");
+    throw err;
+  }

-  const ownerId = episode.organizationId ?? episode.userId;
-  const ownerType = episode.organizationId ? "organization" : "user";
-  await incrementUsage(ownerId, ownerType, "script");
+  // No incrementUsage here: the unit was already reserved above.
  await recordCost({
    provider: "openai",
    operation: "script",
@@ -270,8 +349,16 @@ export async function repurposeAction(
  }
  if (!episode.script) return { ok: false, error: "Generate the episode first." };

+  const rl = await rateLimit("repurpose", session.user.id, LIMITS.repurpose);
+  if (!rl.ok) {
+    return { ok: false, error: `Too many requests. Try again in ${rl.retryAfterSec}s.` };
+  }
+
+  const activeOrgId = session.session.activeOrganizationId;
+  // Reserve the repurpose unit atomically up front; refund on failure. This
+  // synchronous action does NOT increment afterwards (that would double-count).
  try {
-    await enforceLimit(session.user.id, "repurpose", session.session.activeOrganizationId);
+    await reserveLimit(session.user.id, "repurpose", activeOrgId);
  } catch (err) {
    if (err instanceof LimitExceededError) {
      return { ok: false, error: `Monthly repurpose limit reached on the ${err.check.plan} plan.` };
@@ -279,22 +366,30 @@ export async function repurposeAction(
    throw err;
  }

-  const { repurposeScript } = await import("@/lib/ai/pipeline/repurpose");
-  const { recordCost, scriptCostUsd } = await import("@/lib/ai/cost");
-  const { incrementUsage } = await import("@/lib/usage/meter");
-
-  const { content, usage } = await repurposeScript(
-    episode.script.content as unknown as Parameters<typeof repurposeScript>[0],
-    format
-  );
-
-  await prisma.repurposedContent.create({
-    data: { episodeId, type: format, content: content as unknown as Prisma.InputJsonValue },
-  });
-
  const ownerId = episode.organizationId ?? episode.userId;
  const ownerType = episode.organizationId ? "organization" : "user";
-  await incrementUsage(ownerId, ownerType, "repurpose");
+
+  const { repurposeScript } = await import("@/lib/ai/pipeline/repurpose");
+  const { recordCost, scriptCostUsd } = await import("@/lib/ai/cost");
+
+  let content: { title: string; body: string };
+  let usage: { inputTokens: number; outputTokens: number };
+  try {
+    ({ content, usage } = await repurposeScript(
+      episode.script.content as unknown as Parameters<typeof repurposeScript>[0],
+      format
+    ));
+
+    await prisma.repurposedContent.create({
+      data: { episodeId, type: format, content: content as unknown as Prisma.InputJsonValue },
+    });
+  } catch (err) {
+    // Generation/save failed — refund the repurpose unit we reserved.
+    await refundUsage(ownerId, ownerType, "repurpose");
+    throw err;
+  }
+
+  // No incrementUsage here: the unit was already reserved above.
  await recordCost({
    provider: "openai",
    operation: "repurpose",
@@ -323,6 +418,53 @@ export async function deleteEpisodeAction(episodeId: string): Promise<{ ok: bool
  return { ok: true };
 }

+/**
+ * Toggle public sharing for an episode. When enabled, mints a random url-safe
+ * `shareId` (reachable at /p/<shareId> with no auth) and stamps `sharedAt`;
+ * when disabled, clears both so the public page 404s. Ownership-checked.
+ */
+export async function setEpisodeShareAction(
+  episodeId: string,
+  enabled: boolean
+): Promise<{ ok: boolean; error?: string; shareId?: string | null }> {
+  const session = await getServerSession();
+  if (!session) return { ok: false, error: "You must be signed in." };
+
+  const episode = await prisma.episode.findUnique({
+    where: { id: episodeId },
+    select: { userId: true, shareId: true, status: true },
+  });
+  if (!episode || (episode.userId !== session.user.id && session.user.role !== "admin")) {
+    return { ok: false, error: "Not allowed." };
+  }
+
+  if (enabled) {
+    if (episode.status !== "READY") {
+      return { ok: false, error: "Finish generating the episode before sharing it." };
+    }
+    // Reuse an existing shareId if one was already minted (stable public URL).
+    const shareId = episode.shareId ?? randomShareId();
+    await prisma.episode.update({
+      where: { id: episodeId },
+      data: { shareId, sharedAt: new Date() },
+    });
+    revalidatePath(`/episodes/${episodeId}`);
+    return { ok: true, shareId };
+  }
+
+  await prisma.episode.update({
+    where: { id: episodeId },
+    data: { shareId: null, sharedAt: null },
+  });
+  revalidatePath(`/episodes/${episodeId}`);
+  return { ok: true, shareId: null };
+}
+
+/** url-safe base64 token (~22 chars, 128 bits) for public share links. */
+function randomShareId(): string {
+  return randomBytes(16).toString("base64url");
+}
+
 function deriveTitle(topic: string): string {
  const trimmed = topic.trim().replace(/\s+/g, " ");
  return trimmed.length <= 60 ? trimmed : trimmed.slice(0, 57) + "…";