Skip to main content

Admin Panel Features

The admin panel ships with a set of product features built on top of the Sentro backend. This page documents what ships in the panel and how it is wired to the API.

Two-factor authentication

Users can secure sign-in with an authenticator app (TOTP) or a 6-digit email code. During sign-in the API returns a short-livedmfaToken and a method hint; the client redirects to /auth/2fa and exchanges the token plus code for session cookies.

  • POST /auth/2fa/setup — start setup. Body: { method: "TOTP" | "EMAIL" }. Returns the QR data URL and secret for TOTP, or sends an email code.
  • POST /auth/2fa/confirm — confirm the pending setup with the first valid code.
  • POST /auth/2fa/disable — disable with the current password (optional code).
  • POST /auth/login/mfa/verify — exchange mfaToken + code for access/refresh cookies.
  • POST /auth/login/mfa/resend — resend the email code (no-op for TOTP).

Comments with @mentions

Comments can be attached to a project, to a specific table, or to a specific record. Mentions are encoded inside the body as @[Display Name](userId). Mentioned members of the organization receive an email notification.

  • GET /organization/:orgId/project/:projectId/comments — list. Query params: tableName, recordId.
  • POST /organization/:orgId/project/:projectId/comments — create. Body: tableName?, recordId?, body, mentionedUserIds[].
  • DELETE /organization/:orgId/project/:projectId/comments/:id — delete (author only).

Team activity feed

Every comment is recorded in an ActivityLog with the actor, project, table, record, and a body preview. The organization-level feed lives at /app/organizations/:id/activity.

  • GET /organization/:orgId/activity — cursor-paginated feed. Query params: projectId?, limit?, cursor?.

Activity types shipped today: comment.record, comment.table, comment.project. Custom event types can be recorded by calling ActivityService.log() from any backend module.

CSV export

Every table page has an Export dropdown with three scopes:

  • Selected rows — only when rows are checked.
  • Current page — the visible page.
  • All matching rows — paginates the backend in 1000-row batches, respecting the active search, sort, filter, and segment.

Files use CSV with a UTF-8 BOM for Excel compatibility. Header labels come from the column customization (fallback: column name).

Project header shortcut

The project card in the sidebar shows a gear icon (visible to members who can edit). Clicking it routes to the settings Layout tab. If the user is currently viewing a table, the icon passes ?table=<name> so that table is pre-selected in the settings sidebar.

Notifications

Every user has an in-app inbox surfaced by the bell in the top-right of the app header. The bell shows an unread badge, polls every 30 seconds, and refetches on window focus. Clicking a notification marks it read and (if it carries a link) navigates to it; the X button clears a single entry, and the header has Read all / Clear actions.

Notification types and triggers:

  • account.created — after email verification finishes registration.
  • two_factor.enabled — after a user confirms TOTP or email 2FA setup.
  • two_factor.disabled — after a user disables 2FA.
  • comment.mentioned — for every user @mentioned in a comment (plus email).
  • organization.invited — when an existing account is invited to another org.
  • project.created — fan-out to every member of the target organization.
  • billing.payment_succeeded / billing.payment_failed — from Dodo webhook handlers; delivered to the project's organization owner.

Endpoints:

  • GET /notifications — cursor-paginated, un-cleared items.
  • GET /notifications/unread-count — lightweight poll target.
  • POST /notifications/:id/read, POST /notifications/read-all.
  • DELETE /notifications/:id, DELETE /notifications — clears (soft-delete via clearedAt).

To add a new notification type, call NotificationService.create({ userId, type, title, body?, link?, meta? }) from any backend module and register a matching icon/tone in NotificationBell.tsx.

Mobile layout

The main sidebar collapses into a slide-over sheet below the md breakpoint. Page padding shrinks from px-8 py-6 to px-4 py-4. The record and table comment panels render as a right sidebar on desktop and as a bottom-sheet on mobile.