Add admin users page gated to james67@gmail.com

Lists registered users with workout counts, signup date, and last
login. Non-admins get a 404 so the route is indistinguishable from a
missing page. Topbar Admin link renders only for the admin account.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: James McHugh

admin.go

@@ -0,0 +1,77 @@
+package main
+
+import (
+	"net/http"
+	"time"
+)
+
+// adminEmail is the only account allowed to view admin pages. Hard-coded
+// because there is exactly one operator and no plan to expand the role.
+const adminEmail = "james67@gmail.com"
+
+func isAdmin(u *currentUser) bool {
+	return u != nil && u.Email == adminEmail
+}
+
+// requireAdmin layers on top of requireAuth: a non-admin authenticated user
+// gets a 404 (not 403) so the page is indistinguishable from a missing route.
+func requireAdmin(next http.Handler) http.Handler {
+	return requireAuth(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if !isAdmin(userFrom(r)) {
+			handle404(w, r)
+			return
+		}
+		next.ServeHTTP(w, r)
+	}))
+}
+
+type viewAdminUserRow struct {
+	ID            int64
+	Email         string
+	Name          string
+	Created       string
+	LastLogin     string
+	WorkoutCount  int64
+}
+
+type viewAdminUsers struct {
+	UserName  string
+	ThemeMode string
+	Users     []viewAdminUserRow
+}
+
+func handleAdminUsers(w http.ResponseWriter, r *http.Request) {
+	user := userFrom(r)
+	rows, err := queries.ListUsersForAdmin(r.Context())
+	if err != nil {
+		serverError(w, "admin: list users", err)
+		return
+	}
+	out := make([]viewAdminUserRow, 0, len(rows))
+	for _, u := range rows {
+		out = append(out, viewAdminUserRow{
+			ID:           u.ID,
+			Email:        u.Email,
+			Name:         u.Name,
+			Created:      formatAdminTimestamp(u.CreatedAt),
+			LastLogin:    formatAdminTimestamp(u.LastLoginAt),
+			WorkoutCount: u.WorkoutCount,
+		})
+	}
+	renderHTML(w, "admin_users.html", viewAdminUsers{
+		UserName:  user.Name,
+		ThemeMode: themeFromRequest(r),
+		Users:     out,
+	})
+}
+
+// formatAdminTimestamp parses an RFC3339 string (created_at / last_login_at
+// are stored that way) and renders it in the configured app timezone. Falls
+// back to the raw value so a malformed row stays visible rather than blank.
+func formatAdminTimestamp(s string) string {
+	t, err := time.Parse(time.RFC3339, s)
+	if err != nil {
+		return s
+	}
+	return t.In(appLocation).Format("2 Jan 2006 15:04")
+}

db/queries.sql

@@ -23,6 +23,13 @@ FROM users WHERE id = (SELECT MAX(id) FROM users);
 -- name: UpdateUserLastLogin :exec
 UPDATE users SET last_login_at = ? WHERE id = ?;
 
+-- name: ListUsersForAdmin :many
+-- All registered users with workout counts, newest signup first. Admin page only.
+SELECT u.id, u.email, u.name, u.created_at, u.last_login_at,
+       (SELECT COUNT(*) FROM workouts w WHERE w.user_id = u.id) AS workout_count
+FROM users u
+ORDER BY u.created_at DESC;
+
 -- =============================================================================
 -- SESSIONS
 -- =============================================================================

db/queries.sql.go

@@ -26,6 +26,7 @@ const (
 type viewHome struct {
 	UserName  string
 	ThemeMode string // "light" | "dark" | "auto"
+	IsAdmin   bool   // toggles the Admin link in the topbar
 	Today     viewTodayCard
 	Stats     viewStats
 	Weights   []viewWeightRow
@@ -133,6 +134,7 @@ func handleHome(w http.ResponseWriter, r *http.Request) {
 	vh := viewHome{
 		UserName:  user.Name,
 		ThemeMode: themeFromRequest(r),
+		IsAdmin:   isAdmin(user),
 	}
 
 	// Today's card.

home.go

@@ -903,6 +903,48 @@ a { color: var(--brand); text-decoration: none; }
   transform: translateX(20px);
 }
 
+/* ========== admin users list ========== */
+.admin-users {
+  list-style: none;
+  margin: 0;
+  padding: 0;
+  border-top: 1px solid var(--hairline);
+}
+.admin-user {
+  padding: 0.75rem 0.25rem;
+  border-bottom: 1px solid var(--hairline);
+  display: flex;
+  flex-direction: column;
+  gap: 0.2rem;
+}
+.admin-user__head {
+  display: flex;
+  align-items: baseline;
+  justify-content: space-between;
+  gap: 0.5rem;
+}
+.admin-user__name {
+  font-size: 1rem;
+  font-weight: 600;
+}
+.admin-user__count {
+  font-size: 0.8rem;
+  color: var(--ink-soft);
+  white-space: nowrap;
+}
+.admin-user__email {
+  font-size: 0.85rem;
+  color: var(--ink-soft);
+  word-break: break-all;
+}
+.admin-user__meta {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 0.75rem;
+  font-size: 0.75rem;
+  color: var(--muted);
+}
+
 /* ========== toast (lock-violation feedback) ========== */
 .toast {
   position: fixed;

static/styles.css

@@ -0,0 +1,54 @@
+{{- /* viewAdminUsers */ -}}
+<!DOCTYPE html>
+<html lang="en" data-theme="{{.ThemeMode}}">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover, user-scalable=no">
+<meta name="theme-color" content="{{if eq .ThemeMode "dark"}}#000000{{else}}#0f172a{{end}}">
+<title>Admin &mdash; Users</title>
+<link rel="icon" type="image/svg+xml" href="{{asset "favicon.svg"}}">
+<link rel="alternate icon" href="/favicon.ico">
+<link rel="apple-touch-icon" href="{{asset "favicon.svg"}}">
+<link rel="mask-icon" href="{{asset "favicon.svg"}}" color="#0f172a">
+<link rel="stylesheet" href="{{asset "styles.css"}}">
+</head>
+<body class="page page--settings">
+<div class="too-wide"><p>Designed for iPhone &mdash; open on your phone.</p></div>
+
+<div class="phone">
+  <header class="topbar">
+    <a class="topbar__back" href="/" aria-label="back to home">&lsaquo; Back</a>
+    <div class="topbar__date">Users</div>
+    <span class="topbar__action"></span>
+  </header>
+
+  <main class="settings">
+    <section class="settings__section">
+      <h2 class="settings__title">Registered users ({{len .Users}})</h2>
+      <p class="settings__hint">Sorted by signup, newest first.</p>
+      {{if .Users}}
+        <ul class="admin-users">
+          {{range .Users}}
+            <li class="admin-user">
+              <div class="admin-user__head">
+                <span class="admin-user__name">{{.Name}}</span>
+                <span class="admin-user__count">{{.WorkoutCount}} workout{{if ne .WorkoutCount 1}}s{{end}}</span>
+              </div>
+              <div class="admin-user__email">{{.Email}}</div>
+              <div class="admin-user__meta">
+                <span>Joined {{.Created}}</span>
+                <span>Last login {{.LastLogin}}</span>
+              </div>
+            </li>
+          {{end}}
+        </ul>
+      {{else}}
+        <p class="settings__hint">No users yet.</p>
+      {{end}}
+    </section>
+  </main>
+
+  <div class="bottom-spacer"></div>
+</div>
+</body>
+</html>

templates/admin_users.html

@@ -21,6 +21,7 @@ <h1 class="topbar__brand">Train</h1>
     <nav class="topbar__nav">
       <a href="/charts" class="topbar__nav-link">Charts</a>
       <a href="/settings" class="topbar__nav-link">Settings</a>
+      {{if .IsAdmin}}<a href="/admin/users" class="topbar__nav-link">Admin</a>{{end}}
       <form class="topbar__action" method="post" action="/auth/logout">
         <button type="submit" class="topbar__nav-link">Sign out</button>
       </form>

templates/home.html

@@ -287,6 +287,9 @@ func makeHTTPServer(isProd bool) *http.Server {
 	mux.Handle("POST /exercise/{id}/walking-done", requireAuth(http.HandlerFunc(handleWalkingDone)))
 	mux.Handle("POST /exercise/{id}/walking-adjust", requireAuth(http.HandlerFunc(handleWalkingAdjust)))
 
+	// Admin (gated to adminEmail; non-admins get 404).
+	mux.Handle("GET /admin/users", requireAdmin(http.HandlerFunc(handleAdminUsers)))
+
 	// Static.
 	cwd, _ := os.Getwd()
 	fileServer := http.FileServer(http.Dir(cwd + "/static"))