email: update admin

Author: a-a-k

README.md

@@ -74,7 +74,7 @@ Push the static site (e.g., to GitHub Pages). The landing page and `/admin.html`
 - **Supabase storage** — submissions persist in `public.applications`; schema (including `country` column) is auto-created on first call.
 - **Mailgun owner notifications** — the function posts to Mailgun so the owner mailbox receives every new lead.
 - **No auto-reply to requester** — submitters are not emailed automatically; follow-up is manual from the owner side.
-- **Admin dashboard** — `/admin.html` lists submissions. Access requires the password that you stored in the function secret (`x-admin-pass` header). If the function is offline, the dashboard shows the locally cached leads.
+- **Admin dashboard** — `/admin.html` lists submissions and supports deleting requests. Access requires the password that you stored in the function secret (`x-admin-pass` header). If the function is offline, the dashboard shows the locally cached leads.
 - **Offline fallback** — when the API is unreachable (or not configured) leads are saved in `localStorage`, so you can later recover them from `/admin`.
 
 ## Supabase function behavior
@@ -83,6 +83,7 @@ The deployed function handles:
 
 - `POST /database-access` — validate payload, insert into `applications`, send owner notification to `MAIL_NOTIFY_TO` (if configured), respond with the created ID.
 - `GET /database-access` — require `x-admin-pass` header, validate request `Origin` against `ALLOWED_ORIGINS`, apply per-client failed-login throttling (delay + temporary block), return ordered submissions.
+- `DELETE /database-access` — require `x-admin-pass`, accept `{ "id": <number> }`, delete one request by ID.
 - `OPTIONS` — CORS preflight for allowlisted origins (`content-type` + `x-admin-pass` headers).
 - **Schema requirement** — create the table once in Supabase (SQL editor):
   ```sql

admin.html

@@ -27,11 +27,12 @@ <h1 data-i18n="admin.heading"></h1>
                         <th data-i18n="admin.table.headers.context"></th>
                         <th data-i18n="admin.table.headers.country"></th>
                         <th data-i18n="admin.table.headers.created"></th>
+                        <th data-i18n="admin.table.headers.actions"></th>
                     </tr>
                 </thead>
                 <tbody id="applications-body">
                     <tr>
-                        <td colspan="6" data-i18n="admin.table.empty"></td>
+                        <td colspan="7" data-i18n="admin.table.empty"></td>
                     </tr>
                 </tbody>
             </table>

assets/css/style.css

@@ -1072,6 +1072,21 @@ html:not([data-theme="dark"]) .theme-icon-sun {
     background: color-mix(in srgb, var(--surface-muted) 40%, var(--surface));
 }
 
+.admin-action-cell {
+    width: 1%;
+    white-space: nowrap;
+}
+
+.admin-delete-button {
+    color: #a93333;
+}
+
+.admin-delete-button:hover {
+    color: #fff;
+    border-color: #b43b3b;
+    background: #b43b3b;
+}
+
 .modal {
     position: fixed;
     inset: 0;

assets/i18n/en.json

@@ -329,8 +329,13 @@
         "company": "Company",
         "context": "Context",
         "country": "Country",
-        "created": "Created"
+        "created": "Created",
+        "actions": "Actions"
       },
+      "actions": {
+        "delete": "Delete"
+      },
+      "confirmDelete": "Delete this request",
       "empty": "Requests are not loaded yet."
     },
     "modal": {
@@ -354,13 +359,17 @@
       "showingCached": "API unavailable. Showing cached requests.",
       "validating": "Validating...",
       "accessGranted": "Access granted.",
-      "apiNotConfiguredHint": "API endpoint is not configured. Update assets/js/config.js."
+      "apiNotConfiguredHint": "API endpoint is not configured. Update assets/js/config.js.",
+      "deleting": "Deleting request...",
+      "deleted": "Request deleted."
     },
     "errors": {
       "passwordRequired": "Password is required.",
       "apiNotConfigured": "API endpoint is not configured.",
       "loadFailed": "Unable to load requests.",
-      "backendUnreachable": "Backend is unreachable."
+      "backendUnreachable": "Backend is unreachable.",
+      "deleteFailed": "Unable to delete request.",
+      "invalidId": "Invalid request ID."
     }
   }
 }

assets/i18n/ru.json

@@ -329,8 +329,13 @@
         "company": "Компания",
         "context": "Контекст",
         "country": "Страна",
-        "created": "Создано"
+        "created": "Создано",
+        "actions": "Действия"
       },
+      "actions": {
+        "delete": "Удалить"
+      },
+      "confirmDelete": "Удалить заявку",
       "empty": "Заявки ещё не загружены."
     },
     "modal": {
@@ -354,13 +359,17 @@
       "showingCached": "API недоступно. Показываем кэшированные заявки.",
       "validating": "Проверяем...",
       "accessGranted": "Доступ предоставлен.",
-      "apiNotConfiguredHint": "API-эндпоинт не настроен. Обновите assets/js/config.js."
+      "apiNotConfiguredHint": "API-эндпоинт не настроен. Обновите assets/js/config.js.",
+      "deleting": "Удаляем заявку...",
+      "deleted": "Заявка удалена."
     },
     "errors": {
       "passwordRequired": "Требуется пароль.",
       "apiNotConfigured": "API-эндпоинт не настроен.",
       "loadFailed": "Не удалось загрузить заявки.",
-      "backendUnreachable": "Бэкенд недоступен."
+      "backendUnreachable": "Бэкенд недоступен.",
+      "deleteFailed": "Не удалось удалить заявку.",
+      "invalidId": "Некорректный ID заявки."
     }
   }
 }

assets/js/admin.js

@@ -9,6 +9,7 @@ document.addEventListener('DOMContentLoaded', () => {
     const tableWrapper = document.querySelector('.table-wrapper');
     const refreshButton = document.getElementById('refresh-button');
     const storage = window.MB3RStorage;
+    const TABLE_COLUMN_COUNT = 7;
     const getI18n = () => window.MB3RI18n;
     const t = (key) => (getI18n()?.t ? getI18n().t(key) : key);
     const whenI18nReady = () => getI18n()?.ready || Promise.resolve();
@@ -35,6 +36,9 @@ document.addEventListener('DOMContentLoaded', () => {
         }
         return null;
     };
+    const isDeletableId = (value) => Number.isInteger(Number(value)) && Number(value) > 0;
+    const parseDeleteId = (value) => (isDeletableId(value) ? Number(value) : null);
+
     let currentPassword = '';
     let hasRemoteSuccess = false;
 
@@ -88,7 +92,7 @@ document.addEventListener('DOMContentLoaded', () => {
         tableBody.innerHTML = '';
         const row = document.createElement('tr');
         const cell = document.createElement('td');
-        cell.colSpan = 6;
+        cell.colSpan = TABLE_COLUMN_COUNT;
         cell.textContent = message;
         row.appendChild(cell);
         tableBody.appendChild(row);
@@ -146,10 +150,48 @@ document.addEventListener('DOMContentLoaded', () => {
                 tr.appendChild(td);
             });
 
+            const actionTd = document.createElement('td');
+            actionTd.className = 'admin-action-cell';
+
+            if (isDeletableId(row.id)) {
+                const deleteButton = document.createElement('button');
+                deleteButton.type = 'button';
+                deleteButton.className = 'button button-ghost button-small admin-delete-button';
+                deleteButton.dataset.deleteId = String(row.id);
+                deleteButton.textContent = t('admin.table.actions.delete');
+                deleteButton.setAttribute(
+                    'aria-label',
+                    `${t('admin.table.actions.delete')} #${row.id}`
+                );
+                actionTd.appendChild(deleteButton);
+            } else {
+                actionTd.textContent = t('common.placeholder');
+            }
+
+            tr.appendChild(actionTd);
             tableBody.appendChild(tr);
         });
     };
 
+    const handleAuthError = (error) => {
+        const isIncorrectPassword = /incorrect password/i.test(String(error.message || ''));
+        const isRateLimited = error.status === 429;
+        currentPassword = '';
+        lockTable();
+        setAuthStatus(
+            isRateLimited ? t('admin.status.tooManyAttempts') : error.message,
+            'error'
+        );
+        if (isRateLimited) {
+            setOverlayMessage(t('admin.status.tooManyAttempts'), 'admin.status.tooManyAttempts');
+        } else if (isIncorrectPassword) {
+            setOverlayMessage(t('admin.status.incorrectPassword'), 'admin.status.incorrectPassword');
+        } else {
+            setOverlayMessage(error.message || t('admin.errors.loadFailed'));
+        }
+        openModal();
+    };
+
     const fetchApplications = async (password) => {
         await whenI18nReady();
 
@@ -176,12 +218,6 @@ document.addEventListener('DOMContentLoaded', () => {
             const data = await response.json().catch(() => ({}));
 
             if (!response.ok) {
-                if (response.status === 401 || response.status === 403) {
-                    const authError = new Error(data.message || t('admin.errors.loadFailed'));
-                    authError.status = response.status;
-                    throw authError;
-                }
-
                 const error = new Error(data.message || t('admin.errors.loadFailed'));
                 error.status = response.status;
                 throw error;
@@ -199,6 +235,52 @@ document.addEventListener('DOMContentLoaded', () => {
         }
     };
 
+    const deleteApplication = async (id, password) => {
+        await whenI18nReady();
+
+        if (!password) {
+            const error = new Error(t('admin.errors.passwordRequired'));
+            error.status = 401;
+            throw error;
+        }
+
+        const endpoint = resolveEndpoint('/applications');
+        if (!endpoint) {
+            const configError = new Error(t('admin.errors.apiNotConfigured'));
+            configError.offline = true;
+            throw configError;
+        }
+
+        try {
+            const response = await fetch(endpoint, {
+                method: 'DELETE',
+                headers: {
+                    'Content-Type': 'application/json',
+                    'x-admin-pass': password
+                },
+                body: JSON.stringify({ id }),
+                cache: 'no-store'
+            });
+
+            const data = await response.json().catch(() => ({}));
+            if (!response.ok) {
+                const error = new Error(data.message || t('admin.errors.deleteFailed'));
+                error.status = response.status;
+                throw error;
+            }
+
+            return data;
+        } catch (error) {
+            if (!error.status || isOfflineError(error.status)) {
+                const offlineError = new Error(error.message || t('admin.errors.backendUnreachable'));
+                offlineError.offline = true;
+                offlineError.status = error.status;
+                throw offlineError;
+            }
+            throw error;
+        }
+    };
+
     const loadApplications = async ({ password = currentPassword, silent = false } = {}) => {
         await whenI18nReady();
 
@@ -222,22 +304,7 @@ document.addEventListener('DOMContentLoaded', () => {
             return;
         } catch (error) {
             if (error.status === 401 || error.status === 403 || error.status === 429) {
-                const isIncorrectPassword = /incorrect password/i.test(String(error.message || ''));
-                const isRateLimited = error.status === 429;
-                currentPassword = '';
-                lockTable();
-                setAuthStatus(
-                    isRateLimited ? t('admin.status.tooManyAttempts') : error.message,
-                    'error'
-                );
-                if (isRateLimited) {
-                    setOverlayMessage(t('admin.status.tooManyAttempts'), 'admin.status.tooManyAttempts');
-                } else if (isIncorrectPassword) {
-                    setOverlayMessage(t('admin.status.incorrectPassword'), 'admin.status.incorrectPassword');
-                } else {
-                    setOverlayMessage(error.message || t('admin.errors.loadFailed'));
-                }
-                openModal();
+                handleAuthError(error);
                 throw error;
             }
 
@@ -252,10 +319,7 @@ document.addEventListener('DOMContentLoaded', () => {
                 }
 
                 if (!hasRemoteSuccess) {
-                    setAuthStatus(
-                        t('admin.status.apiUnavailable'),
-                        'error'
-                    );
+                    setAuthStatus(t('admin.status.apiUnavailable'), 'error');
                     currentPassword = '';
                     lockTable();
                     setOverlayMessage(t('admin.status.apiUnavailableLater'), 'admin.status.apiUnavailableLater');
@@ -296,6 +360,54 @@ document.addEventListener('DOMContentLoaded', () => {
         }
     });
 
+    tableBody?.addEventListener('click', async (event) => {
+        const deleteButton = event.target.closest('[data-delete-id]');
+        if (!deleteButton) {
+            return;
+        }
+
+        await whenI18nReady();
+
+        if (!currentPassword) {
+            openModal();
+            return;
+        }
+
+        const applicationId = parseDeleteId(deleteButton.dataset.deleteId);
+        if (!applicationId) {
+            setAuthStatus(t('admin.errors.invalidId'), 'error');
+            return;
+        }
+
+        const confirmed = window.confirm(`${t('admin.table.confirmDelete')} #${applicationId}`);
+        if (!confirmed) {
+            return;
+        }
+
+        deleteButton.disabled = true;
+        setAuthStatus(t('admin.status.deleting'), '');
+
+        try {
+            await deleteApplication(applicationId, currentPassword);
+            setAuthStatus(t('admin.status.deleted'), 'success');
+            await loadApplications({ silent: true });
+        } catch (error) {
+            if (error.status === 401 || error.status === 403 || error.status === 429) {
+                handleAuthError(error);
+                return;
+            }
+
+            if (error.offline) {
+                setAuthStatus(t('admin.status.apiUnavailableLater'), 'error');
+                return;
+            }
+
+            setAuthStatus(error.message || t('admin.errors.deleteFailed'), 'error');
+        } finally {
+            deleteButton.disabled = false;
+        }
+    });
+
     refreshButton?.addEventListener('click', () => {
         if (!currentPassword) {
             openModal();