This guide will help you set up and configure the management dashboard at /manage with role-based authentication.
The management dashboard provides:
- Orders Management: View and track all orders
- Payments Management: Monitor payment status and transactions
- Dashboard: View key metrics and statistics
- Role-Based Access: Two roles (Admin and Director) with different permissions
- A deployed Convex backend
- Node.js and pnpm installed
- Environment variables configured (see
.env.sample)
Make sure your Convex backend is deployed and the schema is updated:
# Deploy to Convex
npx convex devThis will:
- Create the new
usersandsessionstables - Update the schema with authentication support
- Deploy all authentication functions
Once your backend is deployed, create the first admin user:
npx convex run auth:createUser \
--name "Admin User" \
--email "admin@lnmb.org" \
--password "SecurePassword123!" \
--role "admin"- Use a strong password
- Change the password after first login
- Store credentials securely
- Never commit passwords to version control
Create director accounts if needed:
npx convex run auth:createUser \
--name "Director Name" \
--email "director@lnmb.org" \
--password "SecurePassword123!" \
--role "director"- Navigate to:
http://localhost:3000/manage/login(or your deployed URL) - Enter the credentials you created
- You'll be redirected to
/manageupon successful login
Full access to all features:
- ✅ View Dashboard
- ✅ View and Manage Orders
- ✅ View and Manage Payments
- ✅ Manage Team Members (coming soon)
- ✅ Manage Highlights (coming soon)
- ✅ Manage Products (coming soon)
- ✅ Create new users
Limited access for oversight:
- ✅ View Dashboard
- ✅ View Orders
- ✅ View Payments
- ❌ Cannot manage team, highlights, or products
- ❌ Cannot create users
┌─────────────────────┐
│ User visits │
│ /manage │
└──────┬──────────────┘
│
▼
┌─────────────────────┐
│ Check for auth │
│ token in │
│ localStorage │
└──────┬──────────────┘
│
├─── Token exists ───►┌─────────────────────┐
│ │ Verify token with │
│ │ Convex backend │
│ └──────┬──────────────┘
│ │
│ ├─ Valid ────►┌─────────────────────┐
│ │ │ Show Dashboard │
│ │ └─────────────────────┘
│ │
│ └─ Invalid ──►┌─────────────────────┐
│ │ Redirect to login │
├─── No token ────────────────────────────►└─────────────────────┘
│
▼
┌─────────────────────┐
│ Show login page │
│ /manage/login │
└─────────────────────┘
- Password Hashing: Passwords are hashed before storage (currently base64)
- Session Tokens: Unique tokens for each login session
- Token Expiration: Sessions expire after 7 days
- Role-Based Access: Protected queries check user role
- Protected Endpoints: All admin queries require authentication
For production deployment, consider these security improvements:
-
Upgrade Password Hashing
// Replace base64 with bcrypt import bcrypt from "bcrypt"; const hash = await bcrypt.hash(password, 10);
-
Use HTTP-Only Cookies
// Instead of localStorage, use secure cookies res.setHeader( "Set-Cookie", `token=${token}; HttpOnly; Secure; SameSite=Strict`, );
-
Add Rate Limiting
// Limit login attempts to prevent brute force // Use a rate limiting library or service
-
Implement 2FA
- Consider adding two-factor authentication
- Use libraries like
otpauthor services like Auth0
-
Enable HTTPS
- Always use HTTPS in production
- Vercel automatically provides SSL certificates
-
Add Audit Logging
- Log all authentication events
- Track failed login attempts
- Monitor suspicious activity
Ensure these variables are set in your .env.local:
# Convex Configuration
NEXT_PUBLIC_CONVEX_URL=https://your-app.convex.cloud
# Site URL (for production)
SITE_URL=https://your-domain.compnpm run testThe auth tests verify:
- User creation
- Login/logout functionality
- Session management
- Role-based access control
- Create admin user via CLI
- Login at
/manage/loginwith admin credentials - Verify all tabs are visible (Dashboard, Orders, Payments, Team, Highlights, Products)
- Check that orders and payments data loads correctly
- Logout and verify redirect to login page
- Create director user via CLI
- Login with director credentials
- Verify only Dashboard, Orders, and Payments tabs are visible
- Verify director cannot access admin functions
- Test with invalid credentials (should show error)
- Test with expired token (should redirect to login)
Cause: The session token is invalid or has expired.
Solution:
- Clear browser localStorage
- Log in again
- If persists, check Convex deployment status
Cause: Convex backend is not running or URL is incorrect.
Solution:
- Verify
NEXT_PUBLIC_CONVEX_URLin.env.local - Run
npx convex devto start the backend - Check Convex dashboard for deployment status
Cause: Trying to create a user with an email that's already registered.
Solution:
- Use a different email address
- Or manually delete the existing user from Convex dashboard
Cause: Auth functions may not be deployed to Convex.
Solution:
- Ensure
convex/auth.tsis present - Run
npx convex devto deploy - Check Convex dashboard for function deployment
Cause: No orders/payments in database or token not being passed correctly.
Solution:
- Verify orders and payments exist in Convex dashboard
- Check browser console for errors
- Verify token is being passed to queries
lnmb/
├── convex/
│ ├── auth.ts # Authentication functions
│ ├── orders.ts # Protected order queries
│ ├── schema.ts # Database schema with users/sessions
│ └── __tests__/
│ └── auth.test.ts # Auth tests
├── src/
│ └── app/
│ ├── admin/
│ │ └── page.tsx # Redirect to /manage
│ └── manage/
│ ├── page.tsx # Main management dashboard
│ └── login/
│ └── page.tsx # Login page
├── docs/
│ ├── AUTH.md # Detailed auth documentation
│ └── MANAGE_SETUP.md # This file
└── scripts/
└── create-admin-user.js # Helper script info
createUser({
name: string,
email: string,
password: string,
role: "admin" | "director"
}): Promise<Id<"users">>login({
email: string,
password: string
}): Promise<{
token: string,
user: {
_id: Id<"users">,
name: string,
email: string,
role: "admin" | "director"
}
}>logout({
token: string
}): Promise<{ success: boolean }>getCurrentUser({
token: string
}): Promise<User | null>getAllOrders({
token: string
}): Promise<Order[]>getAllPayments({
token: string
}): Promise<Payment[]>getOrderStats({
token: string
}): Promise<OrderStats>The old /admin page has been replaced with /manage. If you visit /admin, you'll be automatically redirected to /manage.
Changes:
/admin→ Redirects to/manage/manage/login→ New login page/manage→ Protected dashboard with authentication
After setup, consider:
- Customize Branding: Update colors, logos, and text
- Add User Management UI: Create interface for admins to manage users
- Implement Password Reset: Add forgot password functionality
- Add Email Notifications: Send alerts for important events
- Create Reports: Generate CSV/PDF reports from dashboard data
- Mobile Optimization: Test and optimize for mobile devices
For issues or questions:
- Check the AUTH.md documentation
- Review Convex logs in the dashboard
- Check browser console for errors
- Create an issue in the repository
- AUTH.md - Detailed authentication documentation
- SETUP.md - General project setup
- Convex Documentation - Convex backend docs