feat(user): implement users manager (#289)

* feat(console, admin): add list users for administration

* feat(console): redesign user detail sheet

* fix(console): fix sorting for server datatable

* refactor(console): restyle user-detail-sheet

* feat(console): add confirm dialog for action ban

* feat(console): add user detail section

* fix(console): fix small typo in tls tab (#290)

* feat(asset): add tls filter for asset

* fix(core): fix asset test

* fix(asset): fix based on bot reviews

* fix(console): fix small typo in tls tab

* fix(console): add missing tls for queryParams in asset context

* fix(console): fix tls query hook in dashboard

---------

Co-authored-by: Quang Vinh <32523515+l1ttps@users.noreply.github.com>

* chore(deps): bump multer from 2.0.2 to 2.1.0 (#292)

Bumps [multer](https://github.com/expressjs/multer) from 2.0.2 to 2.1.0.
- [Release notes](https://github.com/expressjs/multer/releases)
- [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md)
- [Commits](expressjs/multer@v2.0.2...v2.1.0)

---
updated-dependencies:
- dependency-name: multer
  dependency-version: 2.1.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat(targets): create multiple targets (#291)

* refactor(targets): combine logic create target in transaction

* feat(targets): add bulk target creation endpoint

* feat(targets): add bulk creation support

* fix(console): move tabList into component to avoid out of context (#293)

Co-authored-by: Quang Vinh <32523515+l1ttps@users.noreply.github.com>

* fix(assets): select asset relations in query (#297)

* refactor(ui): improve flow onboarding with first workspace creation and re-design settings ui  (#299)

* feat(console): add all workspaces navigation and improve 404 page UI

* refactor(layout): extract header into dedicated HeaderBar component

* refactor(console): add workspace-aware header layout

* refactor(console): convert workspace creation to page and add route protection

* refactor(console): update workspaces UI from table to card layout

* feat(workspaces): add member and target counts to workspace list

* refactor(settings): reorganize settings page with sidebar layout

* feat(settings): add API keys management

* refactor(settings): improve API key display layout

* fix(screenshot-cell): add type assertion for screenshotPath

* refactor(workspaces): use workspace selector hook

* feat(auth): add session retry with exponential backoff

* chore(agent): migrate ai agent

* feat(router): add admin users route

* feat(console): implement create user

* feat(console): add change name, email and reset password in user detail

* fix(console): fix duplicate tlsHosts in context

* fix(console): use loading state of data table and improve client user type

* fix(console): add admin route

* feat(console): Implement role-based access control for settings tabs and sidebar menu items based on user roles.

* style(console): update 'Add User' button to outline variant

* refactor(console): move add user button to table toolbar

* fix(console): add autoComplete to user detail input

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Quang Vinh <32523515+l1ttps@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: l1ttps <l1ttps443@gmail.com>

Author: 3 people

console/src/components/common/layout/menu-bar.tsx

@@ -28,15 +28,32 @@ import {
   LayoutDashboard,
   SquareTerminal,
   Target,
+  User,
 } from 'lucide-react';
 import { NavUser } from '../../ui/nav-user';
 import { NewBadge } from '../new-badge';
+import { useSession } from '@/utils/authClient';
+
+interface SubMenuItem {
+  title: string;
+  icon: React.ReactNode;
+  url: string;
+  isNew?: boolean;
+}
+
+interface NavGroup {
+  title: string;
+  url: string;
+  items: SubMenuItem[];
+  roles?: string[];
+}
 
 export function AppSidebar({ ...props }: React.ComponentProps<typeof Sidebar>) {
   const location = useLocation();
   const { state, isMobile, setOpenMobile } = useSidebar();
+  const { data } = useSession();
 
-  const menu = [
+  const menu: NavGroup[] = [
     {
       title: 'Overview',
       url: '#',
@@ -48,6 +65,18 @@ export function AppSidebar({ ...props }: React.ComponentProps<typeof Sidebar>) {
         },
       ],
     },
+    {
+      title: 'Admin',
+      url: '#',
+      roles: ['admin'],
+      items: [
+        {
+          title: 'Users',
+          icon: <User />,
+          url: '/admin/users',
+        },
+      ],
+    },
     {
       title: 'Attack surface',
       url: '#',
@@ -121,41 +150,49 @@ export function AppSidebar({ ...props }: React.ComponentProps<typeof Sidebar>) {
         )}
       </SidebarHeader>
       <SidebarContent className="gap-1 md:gap-3">
-        {menu.map((item) => (
-          <SidebarGroup key={item.title} className="py-0">
-            <SidebarGroupContent>
-              <SidebarGroupLabel className="font-bold text-md">
-                {item.title}
-              </SidebarGroupLabel>
-              <SidebarMenu className="gap-0.5">
-                {item.items.map((item) => {
-                  // Ensure all URLs are absolute for comparison
-                  const toUrl = item.url;
-                  const isActive =
-                    `/${location.pathname.split('/')[1]}` === toUrl;
-                  return (
-                    <SidebarMenuItem key={item.title}>
-                      <SidebarMenuButton
-                        asChild
-                        isActive={isActive}
-                        tooltip={item.title}
-                        className="hover:cursor-pointer"
-                      >
-                        <Link
-                          to={toUrl}
-                          onClick={() => setOpenMobile(false)}
-                          className="flex items-center justify-start w-full h-full text-base"
+        {menu
+          .filter(
+            (item) =>
+              !item.roles ||
+              item.roles.length === 0 ||
+              (data?.user.role != null && item.roles.includes(data.user.role)),
+          )
+          .map((item) => (
+            <SidebarGroup key={item.title} className="py-0">
+              <SidebarGroupContent>
+                <SidebarGroupLabel className="font-bold text-md">
+                  {item.title}
+                </SidebarGroupLabel>
+                <SidebarMenu className="gap-0.5">
+                  {item.items.map((item) => {
+                    // Ensure all URLs are absolute for comparison
+                    const toUrl = item.url;
+                    const isActive =
+                      `/${location.pathname.split('/')[1]}` === toUrl;
+                    return (
+                      <SidebarMenuItem key={item.title}>
+                        <SidebarMenuButton
+                          asChild
+                          isActive={isActive}
+                          tooltip={item.title}
+                          className="hover:cursor-pointer"
                         >
-                          {item.icon} {item.title} {item.isNew && <NewBadge />}
-                        </Link>
-                      </SidebarMenuButton>
-                    </SidebarMenuItem>
-                  );
-                })}
-              </SidebarMenu>
-            </SidebarGroupContent>
-          </SidebarGroup>
-        ))}
+                          <Link
+                            to={toUrl}
+                            onClick={() => setOpenMobile(false)}
+                            className="flex items-center justify-start w-full h-full text-base"
+                          >
+                            {item.icon} {item.title}{' '}
+                            {item.isNew && <NewBadge />}
+                          </Link>
+                        </SidebarMenuButton>
+                      </SidebarMenuItem>
+                    );
+                  })}
+                </SidebarMenu>
+              </SidebarGroupContent>
+            </SidebarGroup>
+          ))}
       </SidebarContent>
       <SidebarRail />
       <SidebarFooter>

console/src/components/common/layout/settings-layout.tsx

@@ -1,6 +1,7 @@
 import { Button } from '@/components/ui/button';
 import { Sheet, SheetContent, SheetTrigger } from '@/components/ui/sheet';
-import { settingsTabGroups } from '@/pages/settings/settings';
+import { filterTabGroups, settingsTabGroups } from '@/pages/settings/settings';
+import { useSession } from '@/utils/authClient';
 import { ArrowLeft, Menu } from 'lucide-react';
 import type { JSX, ReactNode } from 'react';
 import { Link, useLocation } from 'react-router-dom';
@@ -13,6 +14,8 @@ export default function SettingsLayout({
   children,
 }: SettingsLayoutProps): JSX.Element {
   const location = useLocation();
+  const { data } = useSession();
+  const visibleGroups = filterTabGroups(settingsTabGroups, data?.user.role);
 
   // Determine if a tab is active based on current path
   const isActive = (path: string) => location.pathname.startsWith(path);
@@ -21,7 +24,7 @@ export default function SettingsLayout({
   const navMenu = (
     <nav className="flex-1 py-3">
       <ul className="space-y-1">
-        {settingsTabGroups.map((group, groupIndex) => (
+        {visibleGroups.map((group, groupIndex) => (
           <div>
             <li key={group.name} className="p-2">
               {/* Group header */}
@@ -44,7 +47,7 @@ export default function SettingsLayout({
               ))}
             </li>
             {/* Group divider - shown after group */}
-            {groupIndex < settingsTabGroups.length - 1 && (
+            {groupIndex < visibleGroups.length - 1 && (
               <div className="border-b my-2" />
             )}
           </div>

console/src/hooks/useServerDataTable.ts

@@ -58,25 +58,29 @@ export function useServerDataTable({
     ? urlParams.get('filter') || ''
     : internalParams.filter;
 
-  const setParam = useCallback(
-    (key: string, value: string | number | undefined) => {
+  const setParams = useCallback(
+    (newParams: Partial<typeof internalParams>) => {
       if (isUpdateSearchQueryParam) {
         setUrlParams(
           (prev) => {
             const next = new URLSearchParams(prev);
-            if (!value) {
-              next.delete(key);
-            } else {
-              next.set(key, value.toString());
-            }
+
+            Object.entries(newParams).forEach(([key, value]) => {
+              if (value === undefined || value === null || value === '') {
+                next.delete(key);
+              } else {
+                next.set(key, String(value));
+              }
+            });
+
             return next;
           },
           { replace: true },
         );
       } else {
         setInternalParams((prev) => ({
           ...prev,
-          [key]: value ?? '',
+          ...newParams,
         }));
       }
     },
@@ -92,36 +96,29 @@ export function useServerDataTable({
       filter,
     },
     tableHandlers: {
-      setPage: useCallback((v: number) => setParam('page', v), [setParam]),
+      setParams,
+      setPage: useCallback((v: number) => setParams({ page: v }), [setParams]),
       setPageSize: useCallback(
-        (v: number) => setParam('pageSize', v),
-        [setParam],
+        (v: number) => setParams({ pageSize: v, page: 1 }),
+        [setParams],
+      ),
+      setSortBy: useCallback(
+        (v: string) => setParams({ sortBy: v, page: 1 }),
+        [setParams],
       ),
-      setSortBy: useCallback((v: string) => setParam('sortBy', v), [setParam]),
       setSortOrder: useCallback(
-        (v: 'ASC' | 'DESC') => setParam('sortOrder', v),
-        [setParam],
+        (v: 'ASC' | 'DESC') => setParams({ sortOrder: v, page: 1 }),
+        [setParams],
       ),
       setFilter: useCallback(
         (v: string) => {
-          if (isUpdateSearchQueryParam) {
-            setUrlParams(
-              (prev) => {
-                const next = new URLSearchParams(prev);
-                if (next.get('filter') === v) return prev;
-                next.set('page', '1');
-                next.set('filter', v);
-                return next;
-              },
-              { replace: true },
-            );
-          } else {
-            if (internalParams.filter === v) return;
-            setParam('page', 1);
-            setParam('filter', v);
-          }
+          if (filter === v) return;
+          setParams({
+            filter: v,
+            page: 1,
+          });
         },
-        [isUpdateSearchQueryParam, setUrlParams, setParam, internalParams.filter],
+        [filter, setParams],
       ),
     },
   };