From ac22f5206de681bff2b9f427d9de6966a534bd70 Mon Sep 17 00:00:00 2001
From: tbui-quo <tbui-quo@student.42wolfsburg.de>
Date: Thu, 7 May 2026 17:53:50 +0200
Subject: [PATCH 01/26] [New][#142] - added UserSearchForm component with
 search debouncing - added UserTable component to display UserAuthView data -
 modified auth.types.ts with Admin Dtos copied from the bff to not depend on
 them

---
 .../src/components/admin/UserSearchForm.tsx   | 38 ++++++++++++
 .../src/components/admin/UserTable.tsx        | 58 +++++++++++++++++++
 apps/frontend/src/core/api/auth/auth.types.ts | 39 ++++++++++++-
 3 files changed, 134 insertions(+), 1 deletion(-)
 create mode 100644 apps/frontend/src/components/admin/UserSearchForm.tsx
 create mode 100644 apps/frontend/src/components/admin/UserTable.tsx

diff --git a/apps/frontend/src/components/admin/UserSearchForm.tsx b/apps/frontend/src/components/admin/UserSearchForm.tsx
new file mode 100644
index 00000000..fe195df3
--- /dev/null
+++ b/apps/frontend/src/components/admin/UserSearchForm.tsx
@@ -0,0 +1,38 @@
+import React, { useState, useEffect } from 'react';
+
+interface UserSearchFormProps {
+    onSearch: (query: string) => void;
+}
+
+export const UserSearchForm: React.FC<UserSearchFormProps> = ({ onSearch }) => {
+    const [searchTerm, setSearchTerm] = useState('');
+
+    // Wait 500ms after the user stops typing before searching
+    useEffect(() => {
+        const delayDebounceFn = setTimeout(() => {
+            onSearch(searchTerm);
+        }, 500);
+
+        return () => clearTimeout(delayDebounceFn);
+    }, [searchTerm, onSearch]);
+
+    return (
+        <div className="mb-6">
+            <label htmlFor="user-search" className="block text-sm font-medium text-gray-700">
+                Search Users
+            </label>
+            <div className="mt-1 flex rounded-md shadow-sm">
+                <input
+                    type="text"
+                    name="user-search"
+                    id="user-search"
+                    className="block w-full rounded-md border-gray-300 focus:border-indigo-500 focus:ring-indigo-500 sm:text-sm p-2 border"
+                    placeholder="Search by username or email..."
+                    value={searchTerm}
+                    onChange={(e) => setSearchTerm(e.target.value)}
+                />
+            </div>
+            <p className="mt-2 text-xs text-gray-500">Searching by username, email, or ID...</p>
+        </div>
+    );
+};
\ No newline at end of file
diff --git a/apps/frontend/src/components/admin/UserTable.tsx b/apps/frontend/src/components/admin/UserTable.tsx
new file mode 100644
index 00000000..4197235a
--- /dev/null
+++ b/apps/frontend/src/components/admin/UserTable.tsx
@@ -0,0 +1,58 @@
+import React from 'react';
+
+import {UserAuthView} from "@/src/core/api/auth/auth.types";
+
+interface UserTableProps {
+    users: UserAuthView[];
+    isLoading: boolean;
+    onEditStats: (userId: string) => void;
+    onToggleStatus: (user: UserAuthView) => void;
+}
+
+export const UserTable: React.FC<UserTableProps> = ({ users, isLoading, onEditStats, onToggleStatus }) => {
+    if (isLoading) return <div>Loading users...</div>;
+
+    return (
+        <table className="min-w-full divide-y divide-gray-200">
+            <thead className="bg-gray-50">
+            <tr>
+                <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase">User</th>
+                <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase">Status</th>
+                <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase">Roles</th>
+                <th className="px-6 py-3 text-right text-xs font-medium text-gray-500 uppercase">Actions</th>
+            </tr>
+            </thead>
+            <tbody className="bg-white divide-y divide-gray-200">
+            {users.map((user) => (
+                <tr key={user.id}>
+                    <td className="px-6 py-4 whitespace-nowrap">
+                        <div className="text-sm font-medium text-gray-900">{user.username || 'No Username'}</div>
+                        <div className="text-sm text-gray-500">{user.email}</div>
+                    </td>
+                    <td className="px-6 py-4 whitespace-nowrap">
+              <span className={`px-2 inline-flex text-xs leading-5 font-semibold rounded-full 
+                ${user.status === 'active' ? 'bg-green-100 text-green-800' : 'bg-red-100 text-red-800'}`}>
+                {user.status}
+              </span>
+                    </td>
+                    <td className="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
+                        {user.roles?.join(', ')}
+                    </td>
+                    <td className="px-6 py-4 whitespace-nowrap text-right text-sm font-medium">
+                        <button
+                            onClick={() => onEditStats(user.id)}
+                            className="text-indigo-600 hover:text-indigo-900 mr-4">
+                            Edit Stats
+                        </button>
+                        <button
+                            onClick={() => onToggleStatus(user)}
+                            className="text-red-600 hover:text-red-900">
+                            {user.status === 'active' ? 'Disable' : 'Enable'}
+                        </button>
+                    </td>
+                </tr>
+            ))}
+            </tbody>
+        </table>
+    );
+};
\ No newline at end of file
diff --git a/apps/frontend/src/core/api/auth/auth.types.ts b/apps/frontend/src/core/api/auth/auth.types.ts
index 7188f7e7..34c858a9 100644
--- a/apps/frontend/src/core/api/auth/auth.types.ts
+++ b/apps/frontend/src/core/api/auth/auth.types.ts
@@ -121,6 +121,43 @@ export interface InternalRequestInit extends RequestInit {
     _retry?: boolean;
 }
 
+/**
+ * --- Admin Management DTOs ---
+ * These types correspond to the /admin endpoints in the BFF
+ */
+
+export interface PageInfoDto {
+    nextCursor?: string | null;
+    hasNextPage: boolean;
+}
+
+export interface UserSearchQueryDto {
+    query?: string;
+    cursor?: string;
+    limit?: number;
+}
+
+export interface UserSearchResponseDto {
+    items: UserAuthView[];
+    pageInfo: PageInfoDto;
+}
+
+export interface DisableUserRequestDto {
+    reason: string;
+    revokeSessions?: boolean;
+}
+
+export interface EnableUserRequestDto {
+    reason?: string;
+}
+
+export interface UpdatePlayerStatsDto {
+    wins?: number;
+    losses?: number;
+    xp?: number;
+    level?: number;
+}
+
 /** * --- Errors ---
  */
 export interface ApiError {
@@ -131,4 +168,4 @@ export interface ApiError {
 
 export interface SetPasswordResponse {
     success: boolean;
-}
\ No newline at end of file
+}

From 4b02cafd2aee394a046dde5ebe75fad80fa9d932 Mon Sep 17 00:00:00 2001
From: tbui-quo <tbui-quo@student.42wolfsburg.de>
Date: Mon, 11 May 2026 18:12:16 +0200
Subject: [PATCH 02/26] - added new interfaces for admin request and responses
 in auth.types.ts - implement admin methods in auth.client.ts

---
 .../frontend/src/core/api/auth/auth.client.ts | 54 +++++++++++++++-
 apps/frontend/src/core/api/auth/auth.types.ts | 64 +++++++++++++++++--
 2 files changed, 110 insertions(+), 8 deletions(-)

diff --git a/apps/frontend/src/core/api/auth/auth.client.ts b/apps/frontend/src/core/api/auth/auth.client.ts
index 0b0b1e11..d363df21 100644
--- a/apps/frontend/src/core/api/auth/auth.client.ts
+++ b/apps/frontend/src/core/api/auth/auth.client.ts
@@ -14,7 +14,17 @@ import type
     SetPasswordResponse,
     PendingRequest,
     InternalRequestInit,
-    ApiError
+    ApiError,
+    UserSearchRequest,
+    UserSearchResponse,
+    UpdatePlayerStatsRequest,
+    UserDisabledRequest,
+    UserDisabledResponse,
+    UserEnabledRequest,
+    UserEnabledResponse,
+    SetUserRolesRequest,
+    UserRolesResponse,
+    UpdatePlayerStatsResponse,
 } from "@/src/core/api/auth/auth.types";
 
 
@@ -253,4 +263,46 @@ export const authClient = {
             body: JSON.stringify(data),
         });
     },
+
+    // --- Admin Management ---
+
+    /**
+     * Search and list users with pagination
+     */
+    async searchUsers(params: UserSearchRequest): Promise<ApiResult<UserSearchResponse>> {
+        const queryParams = new URLSearchParams();
+        if (params.query) queryParams.append('query', params.query);
+        if (params.cursor) queryParams.append('cursor', params.cursor);
+        if (params.limit) queryParams.append('limit', params.limit.toString());
+
+        return apiFetch<UserSearchResponse>(`${BASE_URL}/admin/users?${queryParams.toString()}`);
+    },
+
+    async disableUser(userId: string, data: UserDisabledRequest): Promise<ApiResult<UserDisabledResponse>> {
+        return apiFetch<UserDisabledResponse>(`${BASE_URL}/admin/users/${userId}/disable`, {
+            method: 'POST',
+            body: JSON.stringify(data),
+        });
+    },
+
+    async enableUser(userId: string, data: UserEnabledRequest = {}): Promise<ApiResult<UserEnabledResponse>> {
+        return apiFetch<UserEnabledResponse>(`${BASE_URL}/admin/users/${userId}/enable`, {
+            method: 'POST',
+            body: JSON.stringify(data),
+        });
+    },
+
+    async setUserRoles(userId: string, data: SetUserRolesRequest): Promise<ApiResult<UserRolesResponse>> {
+        return apiFetch<UserRolesResponse>(`${BASE_URL}/admin/users/${userId}/role`, {
+            method: 'POST',
+            body: JSON.stringify(data),
+        });
+    },
+
+    async updatePlayerStats(userId: string, data: UpdatePlayerStatsRequest): Promise<ApiResult<UpdatePlayerStatsResponse>> {
+        return apiFetch<UpdatePlayerStatsResponse>(`${BASE_URL}/admin/users/${userId}/stats`, {
+            method: 'PUT',
+            body: JSON.stringify(data),
+        });
+    },
 }
\ No newline at end of file
diff --git a/apps/frontend/src/core/api/auth/auth.types.ts b/apps/frontend/src/core/api/auth/auth.types.ts
index 34c858a9..5a244380 100644
--- a/apps/frontend/src/core/api/auth/auth.types.ts
+++ b/apps/frontend/src/core/api/auth/auth.types.ts
@@ -126,36 +126,86 @@ export interface InternalRequestInit extends RequestInit {
  * These types correspond to the /admin endpoints in the BFF
  */
 
-export interface PageInfoDto {
+export interface PageInfo {
     nextCursor?: string | null;
     hasNextPage: boolean;
 }
 
-export interface UserSearchQueryDto {
+export interface UserSearchRequest {
     query?: string;
     cursor?: string;
     limit?: number;
 }
 
-export interface UserSearchResponseDto {
+export interface UserSearchResponse {
     items: UserAuthView[];
-    pageInfo: PageInfoDto;
+    pageInfo: PageInfo;
 }
 
-export interface DisableUserRequestDto {
+export interface UserDisabledRequest {
     reason: string;
     revokeSessions?: boolean;
 }
 
-export interface EnableUserRequestDto {
+export interface UserDisabledResponse {
+    userId: string;
+    status: string;
+    revokedSessions: number;
+}
+
+export interface UserEnabledRequest {
     reason?: string;
 }
 
-export interface UpdatePlayerStatsDto {
+export interface UserEnabledResponse {
+    userId: string;
+    status: string;
+}
+
+export interface SetUserRolesRequest {
+    roles: string[];
+}
+
+export interface UserRolesResponse {
+    userId: string;
+    roles: string[];
+    updatedAt: string;
+}
+
+export interface UpdatePlayerStatsRequest {
+    matchesWon?: string[];
+    matchesLost?: string[];
+    achievements?: string[];
+    weapons?: string[];
+    matchParticipants?: string[];
+    xp?: number;
+    level?: number;
     wins?: number;
     losses?: number;
+    kills?: number;
+    deaths?: number;
+    damageDealt?: number;
+    damageTaken?: number;
+    createdAt?: string;
+    updatedAt?: string;
+}
+
+export interface UpdatePlayerStatsResponse {
+    matchesWon?: string[];
+    matchesLost?: string[];
+    achievements?: string[];
+    weapons?: string[];
+    matchParticipants?: string[];
     xp?: number;
     level?: number;
+    wins?: number;
+    losses?: number;
+    kills?: number;
+    deaths?: number;
+    damageDealt?: number;
+    damageTaken?: number;
+    createdAt?: string;
+    updatedAt?: string;
 }
 
 /** * --- Errors ---

From 93135bb78843c9c8d4237684c82d30b2c350c25e Mon Sep 17 00:00:00 2001
From: tbui-quo <tbui-quo@student.42wolfsburg.de>
Date: Mon, 11 May 2026 19:50:22 +0200
Subject: [PATCH 03/26] - some imports where is missing that's why we got
 ECONNREFUSED bug during

---
 apps/auth-user/package-lock.json | 10 +++++++++-
 apps/auth-user/package.json      |  5 +++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/apps/auth-user/package-lock.json b/apps/auth-user/package-lock.json
index a7d76db5..014af2eb 100644
--- a/apps/auth-user/package-lock.json
+++ b/apps/auth-user/package-lock.json
@@ -17,7 +17,7 @@
 				"@prisma/adapter-pg": "^7.5.0",
 				"@prisma/client": "^7.5.0",
 				"argon2": "^0.44.0",
-				"axios": "^1.4.0",
+				"axios": "^1.16.0",
 				"bcrypt": "^6.0.0",
 				"class-transformer": "^0.5.1",
 				"class-validator": "^0.15.1",
@@ -35,6 +35,7 @@
 				"@nestjs/cli": "^11.0.0",
 				"@nestjs/schematics": "^11.0.0",
 				"@nestjs/testing": "^11.0.1",
+				"@types/axios": "^0.9.36",
 				"@types/bcrypt": "^6.0.0",
 				"@types/express": "^5.0.0",
 				"@types/jest": "^30.0.0",
@@ -3084,6 +3085,13 @@
 				"tslib": "^2.4.0"
 			}
 		},
+		"node_modules/@types/axios": {
+			"version": "0.9.36",
+			"resolved": "https://registry.npmjs.org/@types/axios/-/axios-0.9.36.tgz",
+			"integrity": "sha512-NLOpedx9o+rxo/X5ChbdiX6mS1atE4WHmEEIcR9NLenRVa5HoVjAvjafwU3FPTqnZEstpoqCaW7fagqSoTDNeg==",
+			"dev": true,
+			"license": "MIT"
+		},
 		"node_modules/@types/babel__core": {
 			"version": "7.20.5",
 			"resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz",
diff --git a/apps/auth-user/package.json b/apps/auth-user/package.json
index d3bbdcd5..3786ca0f 100644
--- a/apps/auth-user/package.json
+++ b/apps/auth-user/package.json
@@ -20,7 +20,6 @@
 		"test:e2e": "jest --config ./test/jest-e2e.json"
 	},
 	"dependencies": {
-		"axios": "^1.4.0",
 		"@nestjs/common": "^11.0.1",
 		"@nestjs/config": "^4.0.3",
 		"@nestjs/core": "^11.0.1",
@@ -29,6 +28,7 @@
 		"@prisma/adapter-pg": "^7.5.0",
 		"@prisma/client": "^7.5.0",
 		"argon2": "^0.44.0",
+		"axios": "^1.16.0",
 		"bcrypt": "^6.0.0",
 		"class-transformer": "^0.5.1",
 		"class-validator": "^0.15.1",
@@ -46,6 +46,7 @@
 		"@nestjs/cli": "^11.0.0",
 		"@nestjs/schematics": "^11.0.0",
 		"@nestjs/testing": "^11.0.1",
+		"@types/axios": "^0.9.36",
 		"@types/bcrypt": "^6.0.0",
 		"@types/express": "^5.0.0",
 		"@types/jest": "^30.0.0",
@@ -85,4 +86,4 @@
 		"coverageDirectory": "../coverage",
 		"testEnvironment": "node"
 	}
-}
\ No newline at end of file
+}

From 234c7e1dd75dd8f55fe26436df72701f2469dcaf Mon Sep 17 00:00:00 2001
From: tbui-quo <tbui-quo@student.42wolfsburg.de>
Date: Mon, 11 May 2026 19:51:18 +0200
Subject: [PATCH 04/26] - working on action modal for admin - added
 adminusermanage page

---
 apps/BFF/src/modules/config/env.validation.ts |  2 +-
 apps/frontend/app/(site)/admin/users/page.tsx | 84 +++++++++++++++++++
 .../src/components/admin/AdminActionModal.tsx | 49 +++++++++++
 3 files changed, 134 insertions(+), 1 deletion(-)
 create mode 100644 apps/frontend/app/(site)/admin/users/page.tsx
 create mode 100644 apps/frontend/src/components/admin/AdminActionModal.tsx

diff --git a/apps/BFF/src/modules/config/env.validation.ts b/apps/BFF/src/modules/config/env.validation.ts
index 6cc7f9bc..73d649df 100644
--- a/apps/BFF/src/modules/config/env.validation.ts
+++ b/apps/BFF/src/modules/config/env.validation.ts
@@ -6,7 +6,7 @@ const baseSchema = z.object({
     .default('development'),
   PORT: z.coerce.number().int().min(1).max(65535).default(3000),
 
-  AUTH_SERVICE_URL: z.string().url(),
+  AUTH_SERVICE_URL: z.string().url().default('http://auth_service:3000'),
   STATS_SERVICE_URL: z.string().url().default('http://stats_service:3000'),
 
   GOOGLE_CLIENT_ID: z.string().min(1),
diff --git a/apps/frontend/app/(site)/admin/users/page.tsx b/apps/frontend/app/(site)/admin/users/page.tsx
new file mode 100644
index 00000000..d0f3ccb0
--- /dev/null
+++ b/apps/frontend/app/(site)/admin/users/page.tsx
@@ -0,0 +1,84 @@
+'use client';
+
+import React, { useEffect, useState, useCallback } from 'react';
+import { authClient } from '@/src/core/api/auth/auth.client';
+import { UserAuthView, UserSearchResponse } from '@/src/core/api/auth/auth.types';
+import { UserTable } from '@/src/components/admin/UserTable';
+import { UserSearchForm } from '@/src/components/admin/UserSearchForm';
+import { AdminActionModal } from '@/src/components/admin/AdminActionModal';
+
+export default function AdminUserManagement() {
+    const [data, setData] = useState<UserSearchResponse | null>(null);
+    const [loading, setLoading] = useState(true);
+    const [searchQuery, setSearchQuery] = useState('');
+
+    const [modalConfig, setModalConfig] = useState<{
+        isOpen: boolean;
+        targetUser: UserAuthView | null;
+    }>({ isOpen: false, targetUser: null });
+
+    const fetchUsers = useCallback(async (query = '') => {
+        setLoading(true);
+        const result = await authClient.searchUsers({ query, limit: 10 });
+        if (result.ok) {
+            setData(result.data);
+        } else {
+            console.error("Failed to fetch users:", result.error.message);
+        }
+        setLoading(false);
+    }, []);
+
+    useEffect(() => {
+        fetchUsers();
+    }, [fetchUsers]);
+
+    const handleSearch = (query: string) => {
+        setSearchQuery(query);
+        fetchUsers(query);
+    };
+
+    const handleToggleStatusClick = (user: UserAuthView) => {
+        setModalConfig({ isOpen: true, targetUser: user });
+    };
+
+    const confirmToggleStatus = async (reason?: string) => {
+        const user = modalConfig.targetUser;
+        if (!user) return;
+
+        const isBanning = user.status === 'active';
+        const result = isBanning
+            ? await authClient.disableUser(user.id, { reason: reason || 'Admin action' })
+            : await authClient.enableUser(user.id, { reason: 'Admin unban' });
+
+        if (result.ok) {
+            fetchUsers(searchQuery);
+        }
+        setModalConfig({ isOpen: false, targetUser: null });
+    };
+
+    return (
+        <div className="container mx-auto py-8 px-4">
+            <h1 className="text-2xl font-bold mb-6">User Management</h1>
+
+            <div className="mb-6">
+                <UserSearchForm onSearch={handleSearch} />
+            </div>
+
+            <UserTable
+                users={data?.items || []}
+                isLoading={loading}
+                onEditStats={(id) => console.log("Navigate to stats for", id)}
+                onToggleStatus={handleToggleStatusClick}
+            />
+
+            <AdminActionModal
+                isOpen={modalConfig.isOpen}
+                title={modalConfig.targetUser?.status === 'active' ? 'Disable User' : 'Enable User'}
+                description={`Are you sure you want to ${modalConfig.targetUser?.status === 'active' ? 'disable' : 'enable'} ${modalConfig.targetUser?.username}?`}
+                requireReason={modalConfig.targetUser?.status === 'active'}
+                onConfirm={confirmToggleStatus}
+                onClose={() => setModalConfig({ isOpen: false, targetUser: null })}
+            />
+        </div>
+    );
+}
\ No newline at end of file
diff --git a/apps/frontend/src/components/admin/AdminActionModal.tsx b/apps/frontend/src/components/admin/AdminActionModal.tsx
new file mode 100644
index 00000000..9afe1d24
--- /dev/null
+++ b/apps/frontend/src/components/admin/AdminActionModal.tsx
@@ -0,0 +1,49 @@
+import React, { useState } from 'react';
+
+interface AdminModalProps {
+    isOpen: boolean;
+    title: string;
+    description: string;
+    requireReason?: boolean;
+    onConfirm: (reason?: string) => void;
+    onClose: () => void;
+}
+
+export const AdminActionModal: React.FC<AdminModalProps> = (
+    {isOpen, title, description, requireReason, onConfirm, onClose
+}) => {
+    const [reason, setReason] = useState('');
+
+    if (!isOpen) return null;
+
+    return (
+        <div className="fixed inset-0 z-50 flex items-center justify-center bg-black bg-opacity-50">
+            <div className="bg-white rounded-lg p-6 max-w-sm w-full shadow-xl">
+                <h3 className="text-lg font-bold mb-2">{title}</h3>
+                <p className="text-sm text-gray-600 mb-4">{description}</p>
+
+                {requireReason && (
+                    <textarea
+                        className="w-full p-2 border border-gray-300 rounded mb-4 text-sm focus:ring-2 focus:ring-blue-500 outline-none"
+                        placeholder="Enter reason..."
+                        value={reason}
+                        onChange={(e) => setReason(e.target.value)}
+                    />
+                )}
+
+                <div className="flex justify-end gap-3">
+                    <button onClick={onClose} className="px-4 py-2 text-sm text-gray-500 hover:text-gray-700">
+                        Cancel
+                    </button>
+                    <button
+                        onClick={() => onConfirm(reason)}
+                        className="px-4 py-2 text-sm bg-blue-600 text-white rounded hover:bg-blue-700 disabled:bg-gray-400"
+                        disabled={requireReason && !reason.trim()}
+                    >
+                        Confirm
+                    </button>
+                </div>
+            </div>
+        </div>
+    );
+};
\ No newline at end of file

From 7b76f53795e9e27b844517051a074455abd50b71 Mon Sep 17 00:00:00 2001
From: Thang Bui Quoc <tbuiloves42@gmail.com>
Date: Tue, 12 May 2026 20:15:36 +0200
Subject: [PATCH 05/26] - added loading state to admin usermanagement site -
 split username and email in its own column - fixed bug which repeatedly
 called the fetch user function

---
 apps/frontend/app/(site)/admin/users/page.tsx |  20 ++--
 .../src/components/admin/UserSearchForm.tsx   |  15 ++-
 .../src/components/admin/UserTable.tsx        | 107 +++++++++++-------
 3 files changed, 88 insertions(+), 54 deletions(-)

diff --git a/apps/frontend/app/(site)/admin/users/page.tsx b/apps/frontend/app/(site)/admin/users/page.tsx
index d0f3ccb0..4ecd01a1 100644
--- a/apps/frontend/app/(site)/admin/users/page.tsx
+++ b/apps/frontend/app/(site)/admin/users/page.tsx
@@ -11,6 +11,7 @@ export default function AdminUserManagement() {
     const [data, setData] = useState<UserSearchResponse | null>(null);
     const [loading, setLoading] = useState(true);
     const [searchQuery, setSearchQuery] = useState('');
+    const [hasLoadedOnce, setHasLoadedOnce] = useState(false);
 
     const [modalConfig, setModalConfig] = useState<{
         isOpen: boolean;
@@ -18,24 +19,27 @@ export default function AdminUserManagement() {
     }>({ isOpen: false, targetUser: null });
 
     const fetchUsers = useCallback(async (query = '') => {
+        console.log("fetching users");
         setLoading(true);
         const result = await authClient.searchUsers({ query, limit: 10 });
         if (result.ok) {
             setData(result.data);
+            setHasLoadedOnce(true);
         } else {
             console.error("Failed to fetch users:", result.error.message);
         }
         setLoading(false);
     }, []);
 
+    // Initial load has no search input
     useEffect(() => {
-        fetchUsers();
-    }, [fetchUsers]);
+        void fetchUsers();
+    }, []);
 
-    const handleSearch = (query: string) => {
+    const handleSearch = useCallback((query: string) => {
         setSearchQuery(query);
-        fetchUsers(query);
-    };
+        void fetchUsers(query);
+    }, [fetchUsers]);
 
     const handleToggleStatusClick = (user: UserAuthView) => {
         setModalConfig({ isOpen: true, targetUser: user });
@@ -51,13 +55,13 @@ export default function AdminUserManagement() {
             : await authClient.enableUser(user.id, { reason: 'Admin unban' });
 
         if (result.ok) {
-            fetchUsers(searchQuery);
+            await fetchUsers(searchQuery);
         }
         setModalConfig({ isOpen: false, targetUser: null });
     };
 
     return (
-        <div className="container mx-auto py-8 px-4">
+        <div className="container mx-auto py-8 px-4 min-h-[80vh]">
             <h1 className="text-2xl font-bold mb-6">User Management</h1>
 
             <div className="mb-6">
@@ -66,7 +70,7 @@ export default function AdminUserManagement() {
 
             <UserTable
                 users={data?.items || []}
-                isLoading={loading}
+                isLoading={loading && !hasLoadedOnce}
                 onEditStats={(id) => console.log("Navigate to stats for", id)}
                 onToggleStatus={handleToggleStatusClick}
             />
diff --git a/apps/frontend/src/components/admin/UserSearchForm.tsx b/apps/frontend/src/components/admin/UserSearchForm.tsx
index fe195df3..d4a120e9 100644
--- a/apps/frontend/src/components/admin/UserSearchForm.tsx
+++ b/apps/frontend/src/components/admin/UserSearchForm.tsx
@@ -1,4 +1,4 @@
-import React, { useState, useEffect } from 'react';
+import React, { useState, useEffect, useRef } from 'react';
 
 interface UserSearchFormProps {
     onSearch: (query: string) => void;
@@ -6,15 +6,20 @@ interface UserSearchFormProps {
 
 export const UserSearchForm: React.FC<UserSearchFormProps> = ({ onSearch }) => {
     const [searchTerm, setSearchTerm] = useState('');
+    const isInitialRender = useRef(true);
 
-    // Wait 500ms after the user stops typing before searching
     useEffect(() => {
-        const delayDebounceFn = setTimeout(() => {
+        if (isInitialRender.current) {
+            isInitialRender.current = false;
+            return;
+        }
+        // Wait 500ms after the user stops typing before searching
+        const delayDebounceTimeout = setTimeout(() => {
             onSearch(searchTerm);
         }, 500);
 
-        return () => clearTimeout(delayDebounceFn);
-    }, [searchTerm, onSearch]);
+        return () => clearTimeout(delayDebounceTimeout);
+    }, [searchTerm]);
 
     return (
         <div className="mb-6">
diff --git a/apps/frontend/src/components/admin/UserTable.tsx b/apps/frontend/src/components/admin/UserTable.tsx
index 4197235a..414c261c 100644
--- a/apps/frontend/src/components/admin/UserTable.tsx
+++ b/apps/frontend/src/components/admin/UserTable.tsx
@@ -10,49 +10,74 @@ interface UserTableProps {
 }
 
 export const UserTable: React.FC<UserTableProps> = ({ users, isLoading, onEditStats, onToggleStatus }) => {
-    if (isLoading) return <div>Loading users...</div>;
 
     return (
-        <table className="min-w-full divide-y divide-gray-200">
-            <thead className="bg-gray-50">
-            <tr>
-                <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase">User</th>
-                <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase">Status</th>
-                <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase">Roles</th>
-                <th className="px-6 py-3 text-right text-xs font-medium text-gray-500 uppercase">Actions</th>
-            </tr>
-            </thead>
-            <tbody className="bg-white divide-y divide-gray-200">
-            {users.map((user) => (
-                <tr key={user.id}>
-                    <td className="px-6 py-4 whitespace-nowrap">
-                        <div className="text-sm font-medium text-gray-900">{user.username || 'No Username'}</div>
-                        <div className="text-sm text-gray-500">{user.email}</div>
-                    </td>
-                    <td className="px-6 py-4 whitespace-nowrap">
-              <span className={`px-2 inline-flex text-xs leading-5 font-semibold rounded-full 
-                ${user.status === 'active' ? 'bg-green-100 text-green-800' : 'bg-red-100 text-red-800'}`}>
-                {user.status}
-              </span>
-                    </td>
-                    <td className="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
-                        {user.roles?.join(', ')}
-                    </td>
-                    <td className="px-6 py-4 whitespace-nowrap text-right text-sm font-medium">
-                        <button
-                            onClick={() => onEditStats(user.id)}
-                            className="text-indigo-600 hover:text-indigo-900 mr-4">
-                            Edit Stats
-                        </button>
-                        <button
-                            onClick={() => onToggleStatus(user)}
-                            className="text-red-600 hover:text-red-900">
-                            {user.status === 'active' ? 'Disable' : 'Enable'}
-                        </button>
-                    </td>
+        <div className="relative overflow-hidden rounded-lg border border-gray-200 shadow-sm min-h-[400px] bg-white">
+            {isLoading && (
+                <div className="absolute inset-0 z-10 flex items-center justify-center bg-white/60 backdrop-blur-[1px]">
+                    <div className="flex flex-col items-center">
+                        <div className="h-8 w-8 animate-spin rounded-full border-2 border-gray-300 border-t-indigo-600 mb-2"></div>
+                        <span className="text-sm font-medium text-gray-600">Updating list...</span>
+                    </div>
+                </div>
+            )}
+
+            <table className="min-w-full divide-y divide-gray-200">
+                <thead className="bg-gray-50">
+                <tr>
+                    <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase">User</th>
+                    <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase">Email</th>
+                    <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase">Status</th>
+                    <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase">Roles</th>
+                    <th className="px-6 py-3 text-right text-xs font-medium text-gray-500 uppercase">Actions</th>
                 </tr>
-            ))}
-            </tbody>
-        </table>
+                </thead>
+                <tbody className="bg-white divide-y divide-gray-200">
+                {!isLoading && users.length === 0 ? (
+                    <tr>
+                        <td colSpan={5} className="px-6 py-12 text-center text-gray-500 italic">
+                            No users found matching your criteria.
+                        </td>
+                    </tr>
+                ) : (
+                    users.map((user) => (
+                        <tr key={user.id} className="hover:bg-gray-50 transition-colors">
+                            <td className="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900">
+                                {user.username || 'No Username'}
+                            </td>
+
+                            <td className="px-6 py-4 max-w-xs truncate whitespace-nowrap text-sm text-gray-500">
+                                {user.email}
+                            </td>
+
+                            <td className="px-6 py-4 whitespace-nowrap">
+                                <span className={`px-2 inline-flex text-xs leading-5 font-semibold rounded-full 
+                                    ${user.status === 'active' ? 'bg-green-100 text-green-800' : 'bg-red-100 text-red-800'}`}>
+                                    {user.status}
+                                </span>
+                            </td>
+
+                            <td className="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
+                                {user.roles?.join(', ') || 'user'}
+                            </td>
+
+                            <td className="px-6 py-4 whitespace-nowrap text-right text-sm font-medium">
+                                <button
+                                    onClick={() => onEditStats(user.id)}
+                                    className="text-indigo-600 hover:text-indigo-900 mr-4 transition-colors">
+                                    Edit Stats
+                                </button>
+                                <button
+                                    onClick={() => onToggleStatus(user)}
+                                    className={`${user.status === 'active' ? 'text-red-600 hover:text-red-900' : 'text-green-600 hover:text-green-900'} transition-colors`}>
+                                    {user.status === 'active' ? 'Disable' : 'Enable'}
+                                </button>
+                            </td>
+                        </tr>
+                    ))
+                )}
+                </tbody>
+            </table>
+        </div>
     );
 };
\ No newline at end of file

From 9764f7dbaf2bc75724cee95d7c396317fa866eff Mon Sep 17 00:00:00 2001
From: Thang Bui Quoc <tbuiloves42@gmail.com>
Date: Tue, 12 May 2026 20:30:58 +0200
Subject: [PATCH 06/26] - changed look of adminactionmodal and message

- added onsearch back to useeffect, it was not the cause of repeatedly call of fetch user
---
 apps/frontend/app/(site)/admin/users/page.tsx |  2 +-
 .../src/components/admin/AdminActionModal.tsx | 33 ++++++++++++-------
 .../src/components/admin/UserSearchForm.tsx   |  2 +-
 3 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/apps/frontend/app/(site)/admin/users/page.tsx b/apps/frontend/app/(site)/admin/users/page.tsx
index 4ecd01a1..22a320cd 100644
--- a/apps/frontend/app/(site)/admin/users/page.tsx
+++ b/apps/frontend/app/(site)/admin/users/page.tsx
@@ -78,7 +78,7 @@ export default function AdminUserManagement() {
             <AdminActionModal
                 isOpen={modalConfig.isOpen}
                 title={modalConfig.targetUser?.status === 'active' ? 'Disable User' : 'Enable User'}
-                description={`Are you sure you want to ${modalConfig.targetUser?.status === 'active' ? 'disable' : 'enable'} ${modalConfig.targetUser?.username}?`}
+                description={`Are you sure you want to ${modalConfig.targetUser?.status === 'active' ? 'disable' : 'enable'} user ${modalConfig.targetUser?.username}?`}
                 requireReason={modalConfig.targetUser?.status === 'active'}
                 onConfirm={confirmToggleStatus}
                 onClose={() => setModalConfig({ isOpen: false, targetUser: null })}
diff --git a/apps/frontend/src/components/admin/AdminActionModal.tsx b/apps/frontend/src/components/admin/AdminActionModal.tsx
index 9afe1d24..b3f82e16 100644
--- a/apps/frontend/src/components/admin/AdminActionModal.tsx
+++ b/apps/frontend/src/components/admin/AdminActionModal.tsx
@@ -17,27 +17,36 @@ export const AdminActionModal: React.FC<AdminModalProps> = (
     if (!isOpen) return null;
 
     return (
-        <div className="fixed inset-0 z-50 flex items-center justify-center bg-black bg-opacity-50">
-            <div className="bg-white rounded-lg p-6 max-w-sm w-full shadow-xl">
-                <h3 className="text-lg font-bold mb-2">{title}</h3>
-                <p className="text-sm text-gray-600 mb-4">{description}</p>
+        <div className="fixed inset-0 z-50 flex items-center justify-center bg-black/30 backdrop-blur-sm transition-all">
+            <div className="bg-white rounded-xl p-6 max-w-sm w-full shadow-2xl border border-gray-100 transform transition-all">
+                <h3 className="text-xl font-bold text-gray-900 mb-2">{title}</h3>
+                <p className="text-sm text-gray-500 mb-6">{description}</p>
 
                 {requireReason && (
-                    <textarea
-                        className="w-full p-2 border border-gray-300 rounded mb-4 text-sm focus:ring-2 focus:ring-blue-500 outline-none"
-                        placeholder="Enter reason..."
-                        value={reason}
-                        onChange={(e) => setReason(e.target.value)}
-                    />
+                    <div className="mb-6">
+                        <label className="block text-xs font-semibold text-gray-400 uppercase mb-2">
+                            Required Reason
+                        </label>
+                        <textarea
+                            className="w-full p-3 border border-gray-200 rounded-lg text-sm focus:ring-2 focus:ring-blue-500 focus:border-transparent outline-none transition-all bg-gray-50"
+                            rows={3}
+                            placeholder="Why is this action being taken?"
+                            value={reason}
+                            onChange={(e) => setReason(e.target.value)}
+                        />
+                    </div>
                 )}
 
                 <div className="flex justify-end gap-3">
-                    <button onClick={onClose} className="px-4 py-2 text-sm text-gray-500 hover:text-gray-700">
+                    <button
+                        onClick={onClose}
+                        className="px-4 py-2 text-sm font-medium text-gray-600 hover:bg-gray-100 rounded-lg transition-colors"
+                    >
                         Cancel
                     </button>
                     <button
                         onClick={() => onConfirm(reason)}
-                        className="px-4 py-2 text-sm bg-blue-600 text-white rounded hover:bg-blue-700 disabled:bg-gray-400"
+                        className="px-6 py-2 text-sm font-bold bg-blue-600 text-white rounded-lg hover:bg-blue-700 disabled:bg-gray-300 disabled:cursor-not-allowed shadow-md hover:shadow-lg transition-all"
                         disabled={requireReason && !reason.trim()}
                     >
                         Confirm
diff --git a/apps/frontend/src/components/admin/UserSearchForm.tsx b/apps/frontend/src/components/admin/UserSearchForm.tsx
index d4a120e9..d5d09d7e 100644
--- a/apps/frontend/src/components/admin/UserSearchForm.tsx
+++ b/apps/frontend/src/components/admin/UserSearchForm.tsx
@@ -19,7 +19,7 @@ export const UserSearchForm: React.FC<UserSearchFormProps> = ({ onSearch }) => {
         }, 500);
 
         return () => clearTimeout(delayDebounceTimeout);
-    }, [searchTerm]);
+    }, [searchTerm, onSearch]);
 
     return (
         <div className="mb-6">

From 37cc7d8c68d3024c90c94922b71db6e4ba510f9f Mon Sep 17 00:00:00 2001
From: Thang Bui Quoc <tbuiloves42@gmail.com>
Date: Tue, 12 May 2026 22:04:39 +0200
Subject: [PATCH 07/26] - added function to change a role of a user and modify
 the AdminActionModal.tsx to have that function

---
 apps/frontend/app/(site)/admin/users/page.tsx | 55 +++++++++-----
 .../src/components/admin/AdminActionModal.tsx | 72 +++++++++++++++----
 .../src/components/admin/UserTable.tsx        | 33 ++++++---
 3 files changed, 121 insertions(+), 39 deletions(-)

diff --git a/apps/frontend/app/(site)/admin/users/page.tsx b/apps/frontend/app/(site)/admin/users/page.tsx
index 22a320cd..200e5805 100644
--- a/apps/frontend/app/(site)/admin/users/page.tsx
+++ b/apps/frontend/app/(site)/admin/users/page.tsx
@@ -15,8 +15,13 @@ export default function AdminUserManagement() {
 
     const [modalConfig, setModalConfig] = useState<{
         isOpen: boolean;
+        mode: 'default' | 'roles';
         targetUser: UserAuthView | null;
-    }>({ isOpen: false, targetUser: null });
+    }>({
+        isOpen: false,
+        mode: 'default',
+        targetUser: null
+    });
 
     const fetchUsers = useCallback(async (query = '') => {
         console.log("fetching users");
@@ -42,22 +47,35 @@ export default function AdminUserManagement() {
     }, [fetchUsers]);
 
     const handleToggleStatusClick = (user: UserAuthView) => {
-        setModalConfig({ isOpen: true, targetUser: user });
+        setModalConfig({ isOpen: true, mode: "default", targetUser: user });
     };
 
-    const confirmToggleStatus = async (reason?: string) => {
+    const handleEditRolesClick = (user: UserAuthView) => {
+        setModalConfig({ isOpen: true, mode: "roles", targetUser: user });
+    };
+
+    const handleConfirmAction = async (payload: string | string[]) => {
         const user = modalConfig.targetUser;
         if (!user) return;
 
-        const isBanning = user.status === 'active';
-        const result = isBanning
-            ? await authClient.disableUser(user.id, { reason: reason || 'Admin action' })
-            : await authClient.enableUser(user.id, { reason: 'Admin unban' });
+        if (modalConfig.mode === 'roles') {
+            // Handle Role Update
+            const result = await authClient.setUserRoles(user.id, { roles: payload as string[] });
+            if (!result.ok) console.error("Role update failed:", result.error.message);
+        } else {
+            // Handle Status Toggle (Ban/Unban)
+            const isBanning = user.status === 'active';
+            const reason = typeof payload === 'string' ? payload : 'Admin action';
+
+            const result = isBanning
+                ? await authClient.disableUser(user.id, { reason })
+                : await authClient.enableUser(user.id, { reason: 'Admin unban' });
 
-        if (result.ok) {
-            await fetchUsers(searchQuery);
+            if (!result.ok) console.error("Status update failed:", result.error.message);
         }
-        setModalConfig({ isOpen: false, targetUser: null });
+
+        await fetchUsers(searchQuery);
+        setModalConfig({ isOpen: false, mode: 'default', targetUser: null });
     };
 
     return (
@@ -71,17 +89,22 @@ export default function AdminUserManagement() {
             <UserTable
                 users={data?.items || []}
                 isLoading={loading && !hasLoadedOnce}
-                onEditStats={(id) => console.log("Navigate to stats for", id)}
+                onEditStats={(id) => console.log("Stats for", id)}
                 onToggleStatus={handleToggleStatusClick}
+                onEditRoles={handleEditRolesClick}
             />
 
             <AdminActionModal
                 isOpen={modalConfig.isOpen}
-                title={modalConfig.targetUser?.status === 'active' ? 'Disable User' : 'Enable User'}
-                description={`Are you sure you want to ${modalConfig.targetUser?.status === 'active' ? 'disable' : 'enable'} user ${modalConfig.targetUser?.username}?`}
-                requireReason={modalConfig.targetUser?.status === 'active'}
-                onConfirm={confirmToggleStatus}
-                onClose={() => setModalConfig({ isOpen: false, targetUser: null })}
+                mode={modalConfig.mode}
+                title={modalConfig.mode === 'roles' ? 'Manage Roles' : (modalConfig.targetUser?.status === 'active' ? 'Disable User' : 'Enable User')}
+                description={modalConfig.mode === 'roles'
+                    ? `Assign roles for ${modalConfig.targetUser?.username}`
+                    : `Are you sure you want to change the status for ${modalConfig.targetUser?.username}?`}
+                currentRoles={modalConfig.targetUser?.roles || []}
+                requireReason={modalConfig.mode === 'default' && modalConfig.targetUser?.status === 'active'}
+                onConfirm={handleConfirmAction}
+                onClose={() => setModalConfig({ isOpen: false, mode: 'default', targetUser: null })}
             />
         </div>
     );
diff --git a/apps/frontend/src/components/admin/AdminActionModal.tsx b/apps/frontend/src/components/admin/AdminActionModal.tsx
index b3f82e16..bde9f218 100644
--- a/apps/frontend/src/components/admin/AdminActionModal.tsx
+++ b/apps/frontend/src/components/admin/AdminActionModal.tsx
@@ -1,34 +1,82 @@
-import React, { useState } from 'react';
+import React, {useEffect, useState} from 'react';
 
 interface AdminModalProps {
     isOpen: boolean;
     title: string;
     description: string;
     requireReason?: boolean;
-    onConfirm: (reason?: string) => void;
+    mode?: 'default' | 'roles';
+    currentRoles?: string[];
+    onConfirm: (payload: any) => void;
     onClose: () => void;
 }
 
 export const AdminActionModal: React.FC<AdminModalProps> = (
-    {isOpen, title, description, requireReason, onConfirm, onClose
+    {isOpen, title, description, requireReason, mode = 'default', currentRoles = [], onConfirm, onClose
 }) => {
     const [reason, setReason] = useState('');
+    const availableRoles = ['admin', 'user'];
+    const [selectedRoles, setSelectedRoles] = useState<string[]>([]);
+
+    useEffect(() => {
+        if (isOpen && mode === 'roles') {
+            setSelectedRoles(currentRoles);
+        }
+    }, [isOpen, mode, currentRoles]);
 
     if (!isOpen) return null;
 
+    const handleRoleToggle = (role: string) => {
+        setSelectedRoles(prev =>
+            prev.includes(role)
+                ? prev.filter(r => r !== role)
+                : [...prev, role]
+        );
+    };
+
+    const handleConfirm = () => {
+        if (mode === 'roles') {
+            onConfirm(selectedRoles);
+        } else {
+            onConfirm(reason);
+        }
+    };
+
     return (
         <div className="fixed inset-0 z-50 flex items-center justify-center bg-black/30 backdrop-blur-sm transition-all">
-            <div className="bg-white rounded-xl p-6 max-w-sm w-full shadow-2xl border border-gray-100 transform transition-all">
+            <div className="bg-white rounded-xl p-6 max-w-sm w-full shadow-2xl border border-gray-100">
                 <h3 className="text-xl font-bold text-gray-900 mb-2">{title}</h3>
                 <p className="text-sm text-gray-500 mb-6">{description}</p>
 
-                {requireReason && (
-                    <div className="mb-6">
+                {mode === 'roles' ? (
+                    <div className="mb-6 space-y-2">
                         <label className="block text-xs font-semibold text-gray-400 uppercase mb-2">
-                            Required Reason
+                            Select Permissions
                         </label>
+                        {availableRoles.map(role => (
+                            <label key={role} className="flex items-center p-3 rounded-lg border border-gray-100 hover:bg-gray-50 cursor-pointer transition-all">
+                                <input
+                                    type="checkbox"
+                                    className="h-4 w-4 text-indigo-600 rounded border-gray-300 focus:ring-indigo-500"
+                                    checked={selectedRoles.includes(role)}
+                                    onChange={() => handleRoleToggle(role)}
+                                />
+                                <span className="ml-3 text-sm font-medium text-gray-700 capitalize">
+                                    {role}
+                                </span>
+                            </label>
+                        ))}
+                        {selectedRoles.length === 0 && (
+                            <p className="text-xs text-red-500 mt-2 italic">
+                                * User must have at least one role.
+                            </p>
+                        )}
+                    </div>
+                ) : requireReason && (
+                    <div className="mb-6">
+                        <label className="block text-xs font-semibold text-gray-400 uppercase mb-2">Required Reason</label>
                         <textarea
-                            className="w-full p-3 border border-gray-200 rounded-lg text-sm focus:ring-2 focus:ring-blue-500 focus:border-transparent outline-none transition-all bg-gray-50"
+                            className="w-full p-3 border border-gray-200 rounded-lg text-sm bg-gray-50 outline-none focus:ring-2 focus:ring-indigo-500"
                             rows={3}
                             placeholder="Why is this action being taken?"
                             value={reason}
@@ -45,11 +93,11 @@ export const AdminActionModal: React.FC<AdminModalProps> = (
                         Cancel
                     </button>
                     <button
-                        onClick={() => onConfirm(reason)}
-                        className="px-6 py-2 text-sm font-bold bg-blue-600 text-white rounded-lg hover:bg-blue-700 disabled:bg-gray-300 disabled:cursor-not-allowed shadow-md hover:shadow-lg transition-all"
-                        disabled={requireReason && !reason.trim()}
+                        onClick={handleConfirm}
+                        className="px-6 py-2 text-sm font-bold bg-indigo-600 text-white rounded-lg hover:bg-indigo-700 disabled:bg-gray-300 disabled:cursor-not-allowed transition-all"
+                        disabled={(requireReason && !reason.trim()) || (mode === 'roles' && selectedRoles.length === 0)}
                     >
-                        Confirm
+                        Confirm Changes
                     </button>
                 </div>
             </div>
diff --git a/apps/frontend/src/components/admin/UserTable.tsx b/apps/frontend/src/components/admin/UserTable.tsx
index 414c261c..0a22fb37 100644
--- a/apps/frontend/src/components/admin/UserTable.tsx
+++ b/apps/frontend/src/components/admin/UserTable.tsx
@@ -7,9 +7,11 @@ interface UserTableProps {
     isLoading: boolean;
     onEditStats: (userId: string) => void;
     onToggleStatus: (user: UserAuthView) => void;
+    onEditRoles: (user: UserAuthView) => void;
 }
 
-export const UserTable: React.FC<UserTableProps> = ({ users, isLoading, onEditStats, onToggleStatus }) => {
+export const UserTable: React.FC<UserTableProps> = (
+    {users, isLoading, onEditStats, onToggleStatus, onEditRoles }) => {
 
     return (
         <div className="relative overflow-hidden rounded-lg border border-gray-200 shadow-sm min-h-[400px] bg-white">
@@ -45,23 +47,32 @@ export const UserTable: React.FC<UserTableProps> = ({ users, isLoading, onEditSt
                             <td className="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900">
                                 {user.username || 'No Username'}
                             </td>
-
                             <td className="px-6 py-4 max-w-xs truncate whitespace-nowrap text-sm text-gray-500">
                                 {user.email}
                             </td>
-
                             <td className="px-6 py-4 whitespace-nowrap">
-                                <span className={`px-2 inline-flex text-xs leading-5 font-semibold rounded-full 
-                                    ${user.status === 'active' ? 'bg-green-100 text-green-800' : 'bg-red-100 text-red-800'}`}>
-                                    {user.status}
-                                </span>
+                                    <span className={`px-2 inline-flex text-xs leading-5 font-semibold rounded-full 
+                                        ${user.status === 'active' ? 'bg-green-100 text-green-800' : 'bg-red-100 text-red-800'}`}>
+                                        {user.status}
+                                    </span>
                             </td>
-
-                            <td className="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
-                                {user.roles?.join(', ') || 'user'}
+                            <td className="px-6 py-4 whitespace-nowrap">
+                                <div className="flex flex-wrap gap-1">
+                                    {user.roles?.map((role) => (
+                                        <span
+                                            key={role}
+                                            className="inline-flex items-center px-2 py-0.5 rounded text-xs font-medium bg-indigo-100 text-indigo-800 border border-indigo-200 capitalize">
+                                            {role}
+                                        </span>
+                                    ))}
+                                </div>
                             </td>
-
                             <td className="px-6 py-4 whitespace-nowrap text-right text-sm font-medium">
+                                <button
+                                    onClick={() => onEditRoles(user)}
+                                    className="text-indigo-600 hover:text-indigo-900 mr-4 transition-colors">
+                                    Edit Roles
+                                </button>
                                 <button
                                     onClick={() => onEditStats(user.id)}
                                     className="text-indigo-600 hover:text-indigo-900 mr-4 transition-colors">

From 775828b939b7504ffd49836e6e89ab0545fc6b6d Mon Sep 17 00:00:00 2001
From: tbui-quo <tbui-quo@student.42wolfsburg.de>
Date: Wed, 13 May 2026 16:19:37 +0200
Subject: [PATCH 08/26] small refactoring

---
 apps/frontend/components/AuthModal.tsx                  | 2 +-
 apps/frontend/src/components/admin/AdminActionModal.tsx | 9 +++++----
 apps/frontend/src/components/admin/UserSearchForm.tsx   | 7 ++++---
 apps/frontend/src/components/admin/UserTable.tsx        | 7 ++++---
 4 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/apps/frontend/components/AuthModal.tsx b/apps/frontend/components/AuthModal.tsx
index 867c8515..49f39e66 100644
--- a/apps/frontend/components/AuthModal.tsx
+++ b/apps/frontend/components/AuthModal.tsx
@@ -1,6 +1,6 @@
 "use client";
 
-import { useRouter } from "next/navigation"; //used for placeholder
+import {useRouter } from "next/navigation"; //used for placeholder
 import {useState} from "react";
 import {authClient} from "@/src/core/api/auth/auth.client";
 import {useAuth} from "@/components/Providers";
diff --git a/apps/frontend/src/components/admin/AdminActionModal.tsx b/apps/frontend/src/components/admin/AdminActionModal.tsx
index bde9f218..671404a2 100644
--- a/apps/frontend/src/components/admin/AdminActionModal.tsx
+++ b/apps/frontend/src/components/admin/AdminActionModal.tsx
@@ -1,4 +1,4 @@
-import React, {useEffect, useState} from 'react';
+import React, {JSX, useEffect, useState} from 'react';
 
 interface AdminModalProps {
     isOpen: boolean;
@@ -11,9 +11,10 @@ interface AdminModalProps {
     onClose: () => void;
 }
 
-export const AdminActionModal: React.FC<AdminModalProps> = (
+export function AdminActionModal(
     {isOpen, title, description, requireReason, mode = 'default', currentRoles = [], onConfirm, onClose
-}) => {
+    }: AdminModalProps): JSX.Element | null { // expect a React ui or when fail render nothing
+
     const [reason, setReason] = useState('');
     const availableRoles = ['admin', 'user'];
     const [selectedRoles, setSelectedRoles] = useState<string[]>([]);
@@ -103,4 +104,4 @@ export const AdminActionModal: React.FC<AdminModalProps> = (
             </div>
         </div>
     );
-};
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/apps/frontend/src/components/admin/UserSearchForm.tsx b/apps/frontend/src/components/admin/UserSearchForm.tsx
index d5d09d7e..3237e9ab 100644
--- a/apps/frontend/src/components/admin/UserSearchForm.tsx
+++ b/apps/frontend/src/components/admin/UserSearchForm.tsx
@@ -1,10 +1,10 @@
-import React, { useState, useEffect, useRef } from 'react';
+import React, {JSX, useState, useEffect, useRef } from 'react';
 
 interface UserSearchFormProps {
     onSearch: (query: string) => void;
 }
 
-export const UserSearchForm: React.FC<UserSearchFormProps> = ({ onSearch }) => {
+export function UserSearchForm({ onSearch }: UserSearchFormProps): JSX.Element {
     const [searchTerm, setSearchTerm] = useState('');
     const isInitialRender = useRef(true);
 
@@ -13,6 +13,7 @@ export const UserSearchForm: React.FC<UserSearchFormProps> = ({ onSearch }) => {
             isInitialRender.current = false;
             return;
         }
+
         // Wait 500ms after the user stops typing before searching
         const delayDebounceTimeout = setTimeout(() => {
             onSearch(searchTerm);
@@ -40,4 +41,4 @@ export const UserSearchForm: React.FC<UserSearchFormProps> = ({ onSearch }) => {
             <p className="mt-2 text-xs text-gray-500">Searching by username, email, or ID...</p>
         </div>
     );
-};
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/apps/frontend/src/components/admin/UserTable.tsx b/apps/frontend/src/components/admin/UserTable.tsx
index 0a22fb37..9027c958 100644
--- a/apps/frontend/src/components/admin/UserTable.tsx
+++ b/apps/frontend/src/components/admin/UserTable.tsx
@@ -1,4 +1,4 @@
-import React from 'react';
+import React, {JSX} from 'react';
 
 import {UserAuthView} from "@/src/core/api/auth/auth.types";
 
@@ -10,8 +10,9 @@ interface UserTableProps {
     onEditRoles: (user: UserAuthView) => void;
 }
 
-export const UserTable: React.FC<UserTableProps> = (
-    {users, isLoading, onEditStats, onToggleStatus, onEditRoles }) => {
+export function UserTable(
+    {users, isLoading, onEditStats, onToggleStatus, onEditRoles
+    }: UserTableProps): JSX.Element | null {
 
     return (
         <div className="relative overflow-hidden rounded-lg border border-gray-200 shadow-sm min-h-[400px] bg-white">

From 1d39661e9801288f4b60383229addce9ada172c2 Mon Sep 17 00:00:00 2001
From: tbui-quo <tbui-quo@student.42wolfsburg.de>
Date: Wed, 13 May 2026 18:44:33 +0200
Subject: [PATCH 09/26] - changed UpdatePlayerStatsDto from type to class
 because nest.js metadata and validation would not work - added update method
 in stats.service.ts and stats.controller.ts for handle path for updating -
 updated player-stats.service.ts to handle the case if a user does not exists
 - added an option in AdminActionModal.tsx to be able to handle edit stats -
 added new type to auth.types.ts for admin actions - changed
 AdminUserManagement page to handle stats and more modular

---
 .../auth/contracts/dto/auth-contracts.dto.ts  |  4 +-
 .../BFF/src/modules/stats/stats.controller.ts | 15 +++-
 apps/BFF/src/modules/stats/stats.service.ts   | 67 ++++++++++++-----
 apps/frontend/app/(site)/admin/users/page.tsx | 44 ++++++++---
 .../src/components/admin/AdminActionModal.tsx | 74 +++++++++++++++----
 apps/frontend/src/core/api/auth/auth.types.ts |  8 ++
 .../player-stats/player-stats.service.ts      | 10 ++-
 7 files changed, 168 insertions(+), 54 deletions(-)

diff --git a/apps/BFF/src/modules/auth/contracts/dto/auth-contracts.dto.ts b/apps/BFF/src/modules/auth/contracts/dto/auth-contracts.dto.ts
index 74f54101..68f961d7 100644
--- a/apps/BFF/src/modules/auth/contracts/dto/auth-contracts.dto.ts
+++ b/apps/BFF/src/modules/auth/contracts/dto/auth-contracts.dto.ts
@@ -225,7 +225,7 @@ export type AuditListResponseDto = {
   pageInfo: PageInfoDto;
 };
 
-export type UpdatePlayerStatsDto = {
+export class UpdatePlayerStatsDto {
   matchesWon?: string[];
   matchesLost?: string[];
   achievements?: string[];
@@ -241,6 +241,6 @@ export type UpdatePlayerStatsDto = {
   damageTaken?: number;
   createdAt?: string;
   updatedAt?: string;
-};
+}
 
 export type PlayerStatsDto = Record<string, unknown>;
diff --git a/apps/BFF/src/modules/stats/stats.controller.ts b/apps/BFF/src/modules/stats/stats.controller.ts
index 4f658595..7a311b2f 100644
--- a/apps/BFF/src/modules/stats/stats.controller.ts
+++ b/apps/BFF/src/modules/stats/stats.controller.ts
@@ -1,7 +1,8 @@
-import { Controller, Get, Headers, Param, Query, Req } from '@nestjs/common';
+import { Body, Controller, Get, Headers, Param, Patch, Query, Req } from '@nestjs/common';
 import type { Request } from 'express';
 import { StatsService } from './stats.service';
 import { PlayerStatsSchema, type PlayerStats } from './contracts/player-stats.schema';
+import { UpdatePlayerStatsDto } from '../auth/contracts/dto/auth-contracts.dto';
 
 function computeDerived(stats: Record<string, unknown>) {
   const kills = Number((stats as any).kills ?? 0);
@@ -18,7 +19,6 @@ function computeDerived(stats: Record<string, unknown>) {
 export class StatsController {
   constructor(private readonly service: StatsService) {}
 
-  
   @Get('users')
   async getUsers(
     @Headers() headers: Record<string, string>,
@@ -40,4 +40,15 @@ export class StatsController {
     const derived = computeDerived(base as Record<string, unknown>);
     return { ...base, derived };
   }
+
+  @Patch('user/:userId')
+  async updateStats(
+    @Param('userId') userId: string,
+    @Body() updateDto: UpdatePlayerStatsDto,
+    @Headers('authorization') auth: string,
+  ) {
+    return this.service.update(userId, updateDto, {
+      authorization: auth,
+    });
+  }
 }
diff --git a/apps/BFF/src/modules/stats/stats.service.ts b/apps/BFF/src/modules/stats/stats.service.ts
index 628a562e..96612895 100644
--- a/apps/BFF/src/modules/stats/stats.service.ts
+++ b/apps/BFF/src/modules/stats/stats.service.ts
@@ -3,7 +3,10 @@ import axios, { AxiosError } from 'axios';
 import { BffConfigService } from '../config/bff-config.service';
 import { PlayerStatsDto } from '../auth/contracts/dto/auth-contracts.dto';
 
-type RequestContext = { authorization?: string; params?: Record<string, unknown> };
+type RequestContext = {
+  authorization?: string;
+  params?: Record<string, unknown>;
+};
 
 @Injectable()
 export class StatsService {
@@ -12,29 +15,33 @@ export class StatsService {
   async fetchUsers(context: RequestContext): Promise<PlayerStatsDto[]> {
     // stats service exposes list at `/internal/stats/user` per A_REQ.http
     return this.callStatsService<PlayerStatsDto[]>({
-		method: 'GET',
-		path: '/internal/stats/user',
-		context
-	 });
+      method: 'GET',
+      path: '/internal/stats/user',
+      context,
+    });
   }
 
-  async fetchUserById(userId: string, context: RequestContext): Promise<PlayerStatsDto> {
+  async fetchUserById(
+    userId: string,
+    context: RequestContext,
+  ): Promise<PlayerStatsDto> {
     return this.callStatsService<PlayerStatsDto>({
-		method: 'GET',
-		path: `/internal/stats/user/${encodeURIComponent(userId)}`,
-		context
-	});
+      method: 'GET',
+      path: `/internal/stats/user/${encodeURIComponent(userId)}`,
+      context,
+    });
   }
 
-  private async callStatsService<T = PlayerStatsDto>(
-	input: { method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
-	path: string;
-	context: RequestContext;
-	data?: unknown;
-	params?: Record<string, unknown>; 
-	}): Promise<T> {
+  private async callStatsService<T = PlayerStatsDto>(input: {
+    method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
+    path: string;
+    context: RequestContext;
+    data?: unknown;
+    params?: Record<string, unknown>;
+  }): Promise<T> {
     const headers: Record<string, string> = { 'x-service-name': 'bff' };
-    if (input.context.authorization) headers.authorization = input.context.authorization;
+    if (input.context.authorization)
+      headers.authorization = input.context.authorization;
 
     try {
       const response = await axios.request<T>({
@@ -48,9 +55,29 @@ export class StatsService {
     } catch (error) {
       if (error instanceof AxiosError) {
         const status = error.response?.status ?? 502;
-        throw new BadGatewayException({ code: `stats_service_${status}`, message: error.message, details: error.response?.data });
+        throw new BadGatewayException({
+          code: `stats_service_${status}`,
+          message: error.message,
+          details: error.response?.data,
+        });
       }
-      throw new BadGatewayException({ code: 'stats_service_unreachable', message: 'Unable to reach stats service', details: error });
+      throw new BadGatewayException({
+        code: 'stats_service_unreachable',
+        message: 'Unable to reach stats service',
+        details: error,
+      });
     }
   }
+  async update(
+    userId: string,
+    data: any,
+    context: RequestContext,
+  ): Promise<PlayerStatsDto> {
+    return this.callStatsService<PlayerStatsDto>({
+      method: 'PATCH',
+      path: `/internal/stats/user/${encodeURIComponent(userId)}`,
+      context,
+      data,
+    });
+  }
 }
diff --git a/apps/frontend/app/(site)/admin/users/page.tsx b/apps/frontend/app/(site)/admin/users/page.tsx
index 200e5805..f65ae8b5 100644
--- a/apps/frontend/app/(site)/admin/users/page.tsx
+++ b/apps/frontend/app/(site)/admin/users/page.tsx
@@ -2,7 +2,7 @@
 
 import React, { useEffect, useState, useCallback } from 'react';
 import { authClient } from '@/src/core/api/auth/auth.client';
-import { UserAuthView, UserSearchResponse } from '@/src/core/api/auth/auth.types';
+import { UserAuthView, UserSearchResponse, UpdatePlayerStatsRequest, ConfirmAction } from '@/src/core/api/auth/auth.types';
 import { UserTable } from '@/src/components/admin/UserTable';
 import { UserSearchForm } from '@/src/components/admin/UserSearchForm';
 import { AdminActionModal } from '@/src/components/admin/AdminActionModal';
@@ -15,7 +15,7 @@ export default function AdminUserManagement() {
 
     const [modalConfig, setModalConfig] = useState<{
         isOpen: boolean;
-        mode: 'default' | 'roles';
+        mode: ConfirmAction['mode'];
         targetUser: UserAuthView | null;
     }>({
         isOpen: false,
@@ -46,6 +46,17 @@ export default function AdminUserManagement() {
         void fetchUsers(query);
     }, [fetchUsers]);
 
+    const handleEditStatsClick = (userId: string) => {
+        const user = data?.items.find(u => u.id === userId);
+        if (user) {
+            setModalConfig({
+                isOpen: true,
+                mode: 'stats',
+                targetUser: user
+            });
+        }
+    };
+
     const handleToggleStatusClick = (user: UserAuthView) => {
         setModalConfig({ isOpen: true, mode: "default", targetUser: user });
     };
@@ -54,18 +65,23 @@ export default function AdminUserManagement() {
         setModalConfig({ isOpen: true, mode: "roles", targetUser: user });
     };
 
-    const handleConfirmAction = async (payload: string | string[]) => {
+    const handleConfirmAction = async (action: ConfirmAction) => {
         const user = modalConfig.targetUser;
         if (!user) return;
 
-        if (modalConfig.mode === 'roles') {
+        if (action.mode === 'stats') {
+            // Handle Stats update
+            const result = await authClient.updatePlayerStats(user.id, action.payload);
+            if (!result.ok) console.error("Stats update failed:", result.error.message);
+        }
+        else if (action.mode === 'roles') {
             // Handle Role Update
-            const result = await authClient.setUserRoles(user.id, { roles: payload as string[] });
+            const result = await authClient.setUserRoles(user.id, { roles: action.payload });
             if (!result.ok) console.error("Role update failed:", result.error.message);
         } else {
             // Handle Status Toggle (Ban/Unban)
             const isBanning = user.status === 'active';
-            const reason = typeof payload === 'string' ? payload : 'Admin action';
+            const reason = action.payload;
 
             const result = isBanning
                 ? await authClient.disableUser(user.id, { reason })
@@ -89,7 +105,7 @@ export default function AdminUserManagement() {
             <UserTable
                 users={data?.items || []}
                 isLoading={loading && !hasLoadedOnce}
-                onEditStats={(id) => console.log("Stats for", id)}
+                onEditStats={handleEditStatsClick}
                 onToggleStatus={handleToggleStatusClick}
                 onEditRoles={handleEditRolesClick}
             />
@@ -97,10 +113,16 @@ export default function AdminUserManagement() {
             <AdminActionModal
                 isOpen={modalConfig.isOpen}
                 mode={modalConfig.mode}
-                title={modalConfig.mode === 'roles' ? 'Manage Roles' : (modalConfig.targetUser?.status === 'active' ? 'Disable User' : 'Enable User')}
-                description={modalConfig.mode === 'roles'
-                    ? `Assign roles for ${modalConfig.targetUser?.username}`
-                    : `Are you sure you want to change the status for ${modalConfig.targetUser?.username}?`}
+                title={
+                    modalConfig.mode === 'roles' ? 'Manage Roles' :
+                        modalConfig.mode === 'stats' ? 'Edit Player Stats' :
+                            (modalConfig.targetUser?.status === 'active' ? 'Disable User' : 'Enable User')
+                }
+                description={
+                    modalConfig.mode === 'roles' ? `Assign roles for ${modalConfig.targetUser?.username}` :
+                        modalConfig.mode === 'stats' ? `Updating gameplay metrics for ${modalConfig.targetUser?.username}` :
+                            `Are you sure you want to change the status for ${modalConfig.targetUser?.username}?`
+                }
                 currentRoles={modalConfig.targetUser?.roles || []}
                 requireReason={modalConfig.mode === 'default' && modalConfig.targetUser?.status === 'active'}
                 onConfirm={handleConfirmAction}
diff --git a/apps/frontend/src/components/admin/AdminActionModal.tsx b/apps/frontend/src/components/admin/AdminActionModal.tsx
index 671404a2..ae91af4e 100644
--- a/apps/frontend/src/components/admin/AdminActionModal.tsx
+++ b/apps/frontend/src/components/admin/AdminActionModal.tsx
@@ -1,13 +1,14 @@
 import React, {JSX, useEffect, useState} from 'react';
+import {UpdatePlayerStatsRequest, ConfirmAction} from '@/src/core/api/auth/auth.types';
 
 interface AdminModalProps {
     isOpen: boolean;
     title: string;
     description: string;
     requireReason?: boolean;
-    mode?: 'default' | 'roles';
+    mode: ConfirmAction['mode'];
     currentRoles?: string[];
-    onConfirm: (payload: any) => void;
+    onConfirm: (action: ConfirmAction) => void;
     onClose: () => void;
 }
 
@@ -19,9 +20,15 @@ export function AdminActionModal(
     const availableRoles = ['admin', 'user'];
     const [selectedRoles, setSelectedRoles] = useState<string[]>([]);
 
+    const [stats, setStats] = useState<UpdatePlayerStatsRequest>({
+        level: 0, xp: 0, wins: 0, losses: 0, kills: 0, deaths: 0
+    });
+
     useEffect(() => {
-        if (isOpen && mode === 'roles') {
-            setSelectedRoles(currentRoles);
+        if (isOpen) {
+            if (mode === 'roles') setSelectedRoles(currentRoles);
+            if (mode === 'stats') setStats({ level: 0, xp: 0, wins: 0, losses: 0, kills: 0, deaths: 0 });
+            setReason('');
         }
     }, [isOpen, mode, currentRoles]);
 
@@ -37,19 +44,21 @@ export function AdminActionModal(
 
     const handleConfirm = () => {
         if (mode === 'roles') {
-            onConfirm(selectedRoles);
-        } else {
-            onConfirm(reason);
-        }
+            onConfirm({ mode: 'roles', payload: selectedRoles });
+        } else if (mode === 'stats')
+            onConfirm({ mode: 'stats', payload: stats });
+        else
+            onConfirm({ mode: 'default', payload: reason });
     };
 
     return (
-        <div className="fixed inset-0 z-50 flex items-center justify-center bg-black/30 backdrop-blur-sm transition-all">
-            <div className="bg-white rounded-xl p-6 max-w-sm w-full shadow-2xl border border-gray-100">
+        <div className="fixed inset-0 z-50 flex items-center justify-center bg-black/30 backdrop-blur-sm transition-all p-4">
+            <div className="bg-white rounded-xl p-6 max-w-sm w-full shadow-2xl border border-gray-100 overflow-y-auto max-h-[95vh]">
                 <h3 className="text-xl font-bold text-gray-900 mb-2">{title}</h3>
                 <p className="text-sm text-gray-500 mb-6">{description}</p>
 
-                {mode === 'roles' ? (
+                {/* --- ROLE MANAGEMENT UI --- */}
+                {mode === 'roles' && (
                     <div className="mb-6 space-y-2">
                         <label className="block text-xs font-semibold text-gray-400 uppercase mb-2">
                             Select Permissions
@@ -73,9 +82,38 @@ export function AdminActionModal(
                             </p>
                         )}
                     </div>
-                ) : requireReason && (
+                )}
+
+                {/* --- PLAYER STATS UI --- */}
+                {mode === 'stats' && (
+                    <div className="mb-6 space-y-4">
+                        <label className="block text-xs font-semibold text-gray-400 uppercase mb-2">
+                            Gameplay Metrics
+                        </label>
+                        <div className="grid grid-cols-2 gap-3">
+                            {(['level', 'xp', 'wins', 'losses', 'kills', 'deaths'] as const).map((key) => (
+                                <div key={key}>
+                                    <label className="block text-[10px] font-bold text-gray-400 uppercase mb-1">
+                                        {key}
+                                    </label>
+                                    <input
+                                        type="number"
+                                        className="w-full p-2 border border-gray-200 rounded-lg text-sm bg-gray-50 focus:ring-2 focus:ring-indigo-500 outline-none transition-all"
+                                        value={stats[key] ?? 0}
+                                        onChange={(e) => setStats({ ...stats, [key]: Number(e.target.value) })}
+                                    />
+                                </div>
+                            ))}
+                        </div>
+                    </div>
+                )}
+
+                {/* --- DEFAULT / BAN REASON UI --- */}
+                {mode === 'default' && requireReason && (
                     <div className="mb-6">
-                        <label className="block text-xs font-semibold text-gray-400 uppercase mb-2">Required Reason</label>
+                        <label className="block text-xs font-semibold text-gray-400 uppercase mb-2">
+                            Required Reason
+                        </label>
                         <textarea
                             className="w-full p-3 border border-gray-200 rounded-lg text-sm bg-gray-50 outline-none focus:ring-2 focus:ring-indigo-500"
                             rows={3}
@@ -86,7 +124,8 @@ export function AdminActionModal(
                     </div>
                 )}
 
-                <div className="flex justify-end gap-3">
+                {/* --- FOOTER ACTIONS --- */}
+                <div className="flex justify-end gap-3 pt-4 border-t border-gray-50">
                     <button
                         onClick={onClose}
                         className="px-4 py-2 text-sm font-medium text-gray-600 hover:bg-gray-100 rounded-lg transition-colors"
@@ -95,8 +134,11 @@ export function AdminActionModal(
                     </button>
                     <button
                         onClick={handleConfirm}
-                        className="px-6 py-2 text-sm font-bold bg-indigo-600 text-white rounded-lg hover:bg-indigo-700 disabled:bg-gray-300 disabled:cursor-not-allowed transition-all"
-                        disabled={(requireReason && !reason.trim()) || (mode === 'roles' && selectedRoles.length === 0)}
+                        className="px-6 py-2 text-sm font-bold bg-indigo-600 text-white rounded-lg hover:bg-indigo-700 disabled:bg-gray-300 disabled:cursor-not-allowed transition-all shadow-md shadow-indigo-100"
+                        disabled={
+                            (mode === 'default' && requireReason && !reason.trim()) ||
+                            (mode === 'roles' && selectedRoles.length === 0)
+                        }
                     >
                         Confirm Changes
                     </button>
diff --git a/apps/frontend/src/core/api/auth/auth.types.ts b/apps/frontend/src/core/api/auth/auth.types.ts
index 5a244380..bd8d4ad0 100644
--- a/apps/frontend/src/core/api/auth/auth.types.ts
+++ b/apps/frontend/src/core/api/auth/auth.types.ts
@@ -208,6 +208,14 @@ export interface UpdatePlayerStatsResponse {
     updatedAt?: string;
 }
 
+/**
+ * --- Admin UI Helper Types ---
+ */
+export type ConfirmAction =
+    | { mode: 'stats'; payload: UpdatePlayerStatsRequest }
+    | { mode: 'roles'; payload: string[] }
+    | { mode: 'default'; payload: string };
+
 /** * --- Errors ---
  */
 export interface ApiError {
diff --git a/apps/stats/src/modules/player-stats/player-stats.service.ts b/apps/stats/src/modules/player-stats/player-stats.service.ts
index 65d7c859..1ec9374e 100644
--- a/apps/stats/src/modules/player-stats/player-stats.service.ts
+++ b/apps/stats/src/modules/player-stats/player-stats.service.ts
@@ -30,9 +30,13 @@ export class PlayerStatsService {
 
   // update the stats of player
   async update(id: string, dto: UpdatePlayerDto) {
-    const updatd = await this.repo.updateStats(id, dto);
-    if (!updatd) throw new NotFoundException(`user with ${id} does not exit`);
-    return updatd;
+    const existing = await this.repo.getStatsById(id as any);
+    if (!existing) {
+      throw new NotFoundException(`User with ID ${id} does not exist`);
+    }
+    const updated = await this.repo.updateStats(id, dto);
+
+    return updated;
   }
 
   /* get match history of a user */

From d1bc8dc6f36f7a2d78efe0308a9e0fb415fc7028 Mon Sep 17 00:00:00 2001
From: Thang Bui Quoc <tbuiloves42@gmail.com>
Date: Tue, 26 May 2026 21:57:53 +0200
Subject: [PATCH 10/26]  - missing dependencies for auth user for some reason

---
 apps/auth-user/package-lock.json | 34 ++++++++++++++++++++++++++++----
 apps/auth-user/package.json      |  4 ++--
 2 files changed, 32 insertions(+), 6 deletions(-)

diff --git a/apps/auth-user/package-lock.json b/apps/auth-user/package-lock.json
index a7d76db5..ac03e07a 100644
--- a/apps/auth-user/package-lock.json
+++ b/apps/auth-user/package-lock.json
@@ -17,7 +17,7 @@
 				"@prisma/adapter-pg": "^7.5.0",
 				"@prisma/client": "^7.5.0",
 				"argon2": "^0.44.0",
-				"axios": "^1.4.0",
+				"axios": "^1.16.1",
 				"bcrypt": "^6.0.0",
 				"class-transformer": "^0.5.1",
 				"class-validator": "^0.15.1",
@@ -4211,6 +4211,18 @@
 				"node": ">=0.4.0"
 			}
 		},
+		"node_modules/agent-base": {
+			"version": "6.0.2",
+			"resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz",
+			"integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==",
+			"license": "MIT",
+			"dependencies": {
+				"debug": "4"
+			},
+			"engines": {
+				"node": ">= 6.0.0"
+			}
+		},
 		"node_modules/ajv": {
 			"version": "6.14.0",
 			"resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz",
@@ -4436,13 +4448,14 @@
 			}
 		},
 		"node_modules/axios": {
-			"version": "1.16.0",
-			"resolved": "https://registry.npmjs.org/axios/-/axios-1.16.0.tgz",
-			"integrity": "sha512-6hp5CwvTPlN2A31g5dxnwAX0orzM7pmCRDLnZSX772mv8WDqICwFjowHuPs04Mc8deIld1+ejhtaMn5vp6b+1w==",
+			"version": "1.16.1",
+			"resolved": "https://registry.npmjs.org/axios/-/axios-1.16.1.tgz",
+			"integrity": "sha512-caYkukvroVPO8KrzuJEb50Hm07KwfBZPEC3VeFHTsqWHvKTsy54hjJz9BS/cdaypROE2rH6xvm9mHX4fgWkr3A==",
 			"license": "MIT",
 			"dependencies": {
 				"follow-redirects": "^1.16.0",
 				"form-data": "^4.0.5",
+				"https-proxy-agent": "^5.0.1",
 				"proxy-from-env": "^2.1.0"
 			}
 		},
@@ -6906,6 +6919,19 @@
 			"devOptional": true,
 			"license": "MIT"
 		},
+		"node_modules/https-proxy-agent": {
+			"version": "5.0.1",
+			"resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz",
+			"integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==",
+			"license": "MIT",
+			"dependencies": {
+				"agent-base": "6",
+				"debug": "4"
+			},
+			"engines": {
+				"node": ">= 6"
+			}
+		},
 		"node_modules/human-signals": {
 			"version": "2.1.0",
 			"resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz",
diff --git a/apps/auth-user/package.json b/apps/auth-user/package.json
index d3bbdcd5..398bd7ab 100644
--- a/apps/auth-user/package.json
+++ b/apps/auth-user/package.json
@@ -20,7 +20,6 @@
 		"test:e2e": "jest --config ./test/jest-e2e.json"
 	},
 	"dependencies": {
-		"axios": "^1.4.0",
 		"@nestjs/common": "^11.0.1",
 		"@nestjs/config": "^4.0.3",
 		"@nestjs/core": "^11.0.1",
@@ -29,6 +28,7 @@
 		"@prisma/adapter-pg": "^7.5.0",
 		"@prisma/client": "^7.5.0",
 		"argon2": "^0.44.0",
+		"axios": "^1.16.1",
 		"bcrypt": "^6.0.0",
 		"class-transformer": "^0.5.1",
 		"class-validator": "^0.15.1",
@@ -85,4 +85,4 @@
 		"coverageDirectory": "../coverage",
 		"testEnvironment": "node"
 	}
-}
\ No newline at end of file
+}

From 414c160d8ed1560f9e4ce74bb9a43305ef18742f Mon Sep 17 00:00:00 2001
From: Thang Bui Quoc <tbuiloves42@gmail.com>
Date: Tue, 26 May 2026 23:06:34 +0200
Subject: [PATCH 11/26]  - added ProtectedRoute for admin panel and check for
 the role admin

---
 apps/frontend/app/(site)/admin/users/page.tsx | 14 +++++++--
 apps/frontend/components/ProtectedRoute.tsx   | 30 ++++++++++++++-----
 2 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/apps/frontend/app/(site)/admin/users/page.tsx b/apps/frontend/app/(site)/admin/users/page.tsx
index f65ae8b5..22d3ebad 100644
--- a/apps/frontend/app/(site)/admin/users/page.tsx
+++ b/apps/frontend/app/(site)/admin/users/page.tsx
@@ -6,8 +6,11 @@ import { UserAuthView, UserSearchResponse, UpdatePlayerStatsRequest, ConfirmActi
 import { UserTable } from '@/src/components/admin/UserTable';
 import { UserSearchForm } from '@/src/components/admin/UserSearchForm';
 import { AdminActionModal } from '@/src/components/admin/AdminActionModal';
+import ProtectedRoute from "@/components/ProtectedRoute";
+import { useAuth } from "@/components/Providers";
 
 export default function AdminUserManagement() {
+    const { user, isLoading: authLoading } = useAuth();
     const [data, setData] = useState<UserSearchResponse | null>(null);
     const [loading, setLoading] = useState(true);
     const [searchQuery, setSearchQuery] = useState('');
@@ -38,8 +41,13 @@ export default function AdminUserManagement() {
 
     // Initial load has no search input
     useEffect(() => {
-        void fetchUsers();
-    }, []);
+        if (authLoading) return;
+        const isAdmin = user?.roles && user.roles.includes('admin');
+
+        if (isAdmin) {
+            void fetchUsers();
+        }
+    }, [authLoading, user, fetchUsers]);
 
     const handleSearch = useCallback((query: string) => {
         setSearchQuery(query);
@@ -95,6 +103,7 @@ export default function AdminUserManagement() {
     };
 
     return (
+        <ProtectedRoute allowedRoles={['admin']}>
         <div className="container mx-auto py-8 px-4 min-h-[80vh]">
             <h1 className="text-2xl font-bold mb-6">User Management</h1>
 
@@ -129,5 +138,6 @@ export default function AdminUserManagement() {
                 onClose={() => setModalConfig({ isOpen: false, mode: 'default', targetUser: null })}
             />
         </div>
+        </ProtectedRoute>
     );
 }
\ No newline at end of file
diff --git a/apps/frontend/components/ProtectedRoute.tsx b/apps/frontend/components/ProtectedRoute.tsx
index e8dd684f..e5fb9b17 100644
--- a/apps/frontend/components/ProtectedRoute.tsx
+++ b/apps/frontend/components/ProtectedRoute.tsx
@@ -5,18 +5,34 @@ import { useRouter, usePathname } from "next/navigation";
 import { useEffect } from "react";
 import { authClient} from "@/src/core/api/auth/auth.client";
 
-export default function ProtectedRoute({ children }: { children: React.ReactNode }) {
-    const { isAuthenticated, isLoading } = useAuth();
+interface ProtectedRouteProps {
+    children: React.ReactNode;
+    allowedRoles?: string[];
+}
+
+export default function ProtectedRoute({ children, allowedRoles }: ProtectedRouteProps) {
+    const { isAuthenticated, isLoading, user } = useAuth();
     const router = useRouter();
     const pathname = usePathname();
 
+    const hasRoleClearance = !allowedRoles ||
+        (user?.roles && allowedRoles.some(role => user.roles.includes(role)));
+
     useEffect(() => {
-        if (!isLoading && !isAuthenticated) {
+        // Rule for guests
+        if (!isAuthenticated) {
             const timer = setTimeout(() => {
                 router.push("/?showLogin=true");
             }, 10000);
             return () => clearTimeout(timer);
         }
+
+        if (isAuthenticated && !hasRoleClearance) {
+            const timer = setTimeout(() => {
+                router.push("/homepage");
+            }, 5000); //
+            return () => clearTimeout(timer);
+        }
 // Check for when url changes if user is authenticated
         const verifyOnNavigate = async () => {
             const token = sessionStorage.getItem('auth.accessToken');
@@ -25,10 +41,10 @@ export default function ProtectedRoute({ children }: { children: React.ReactNode
             }
         };
 
-        if (!isLoading && isAuthenticated) {
+        if (isAuthenticated && hasRoleClearance) {
             void verifyOnNavigate();
         }
-    }, [isLoading, isAuthenticated, router, pathname]);
+    }, [isLoading, isAuthenticated, hasRoleClearance, router, pathname]);
 
     if (isLoading) {
         return (
@@ -41,7 +57,7 @@ export default function ProtectedRoute({ children }: { children: React.ReactNode
         );
     }
 
-    if (!isAuthenticated) {
+    if (!isAuthenticated || !hasRoleClearance) {
         return (
             <div className="flex flex-col gap-8 py-24 max-w-5xl mx-auto px-6 items-center text-center">
                 <div className="space-y-4">
@@ -57,7 +73,7 @@ export default function ProtectedRoute({ children }: { children: React.ReactNode
 
                 <div className="flex flex-wrap justify-center gap-4">
                     <div className="px-6 py-3 bg-red-50 dark:bg-red-900/10 border border-red-200 dark:border-red-800 rounded-xl text-red-600 dark:text-red-400 font-mono text-sm shadow-sm">
-                        STATUS: UNAUTHORIZED_ACCESS
+                        STATUS: {!isAuthenticated ? 'UNAUTHORIZED_ACCESS' : 'INSUFFICIENT_CLEARANCE'}
                     </div>
                 </div>
 

From f88a5897dcfa4267b291ef82ad0fe520c785aa10 Mon Sep 17 00:00:00 2001
From: Thang Bui Quoc <tbuiloves42@gmail.com>
Date: Wed, 27 May 2026 14:46:48 +0200
Subject: [PATCH 12/26] Provider, AuthModal, ProtectedRoute now know the last
 page you were one so when you get force logout you will redirected there
 instead always to homepage

---
 apps/frontend/components/AuthModal.tsx      | 10 ++++++++--
 apps/frontend/components/ProtectedRoute.tsx |  5 +++--
 apps/frontend/components/Providers.tsx      |  8 +++++---
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/apps/frontend/components/AuthModal.tsx b/apps/frontend/components/AuthModal.tsx
index 49f39e66..fa35dd46 100644
--- a/apps/frontend/components/AuthModal.tsx
+++ b/apps/frontend/components/AuthModal.tsx
@@ -1,6 +1,6 @@
 "use client";
 
-import {useRouter } from "next/navigation"; //used for placeholder
+import {useRouter, useSearchParams } from "next/navigation"; //used for placeholder
 import {useState} from "react";
 import {authClient} from "@/src/core/api/auth/auth.client";
 import {useAuth} from "@/components/Providers";
@@ -45,6 +45,7 @@ export default function AuthModal({
     setType: (type: 'Login' | 'Register') => void;
 }) {
     const router = useRouter();
+    const searchParams = useSearchParams();
     const {setUser, isAuthenticated} = useAuth();
     const [isSubmitting, setIsSubmitting] = useState(false);
     const [errorMessage, setErrorMessage] = useState<string | null>(null);
@@ -97,7 +98,12 @@ export default function AuthModal({
             sessionStorage.setItem("auth.refreshToken", result.data.tokens.refreshToken);
             setUser(result.data.user);
             onClose();
-            router.push("/homepage");
+            const callbackUrl = searchParams.get("callbackUrl");
+            if (callbackUrl) {
+                router.push(decodeURIComponent(callbackUrl));
+            } else {
+                router.push("/homepage");
+            }
         } catch {
             setErrorMessage("Connection failed. Please check your internet.");
         } finally {
diff --git a/apps/frontend/components/ProtectedRoute.tsx b/apps/frontend/components/ProtectedRoute.tsx
index e5fb9b17..c5979731 100644
--- a/apps/frontend/components/ProtectedRoute.tsx
+++ b/apps/frontend/components/ProtectedRoute.tsx
@@ -20,9 +20,10 @@ export default function ProtectedRoute({ children, allowedRoles }: ProtectedRout
 
     useEffect(() => {
         // Rule for guests
-        if (!isAuthenticated) {
+        if (!isLoading && !isAuthenticated) {
             const timer = setTimeout(() => {
-                router.push("/?showLogin=true");
+                const encodedPath = encodeURIComponent(pathname);
+                router.push(`/?showLogin=true&callbackUrl=${encodedPath}`);
             }, 10000);
             return () => clearTimeout(timer);
         }
diff --git a/apps/frontend/components/Providers.tsx b/apps/frontend/components/Providers.tsx
index 666212b8..ddb7c8fe 100644
--- a/apps/frontend/components/Providers.tsx
+++ b/apps/frontend/components/Providers.tsx
@@ -21,7 +21,7 @@ export default function Providers({ children }: { children: React.ReactNode }) {
     const router = useRouter();
 
     // useCallBack prevents rerun every react render
-    const logout = useCallback(async () => {
+    const logout = useCallback(async (shouldRedirect = true) => {
         const accessToken = sessionStorage.getItem("auth.accessToken");
         const refreshToken = sessionStorage.getItem("auth.refreshToken");
 
@@ -38,7 +38,9 @@ export default function Providers({ children }: { children: React.ReactNode }) {
             sessionStorage.removeItem("auth.tokenType");
 
             setUser(null);
-            router.push("/");
+            if (shouldRedirect) {
+                router.push("/");
+            }
         }
     }, [router]);
 
@@ -75,7 +77,7 @@ export default function Providers({ children }: { children: React.ReactNode }) {
     useEffect(() => {
         const handleUnauthorized = () => {
             console.warn("Session expired or unauthorized. Performing cleanup...");
-            void logout();
+            void logout(false);
         };
 
         window.addEventListener("auth-unauthorized", handleUnauthorized);

From 4ee15bfaa71b3a6274e3397fc87841394ad3fcfe Mon Sep 17 00:00:00 2001
From: Thang Bui Quoc <tbuiloves42@gmail.com>
Date: Wed, 27 May 2026 16:08:27 +0200
Subject: [PATCH 13/26] added account suspendend message when a banned is
 logged in

---
 .../src/modules/auth/services/auth-login.service.ts      | 2 +-
 apps/frontend/components/AuthModal.tsx                   | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/apps/auth-user/src/modules/auth/services/auth-login.service.ts b/apps/auth-user/src/modules/auth/services/auth-login.service.ts
index 9ccf4fa5..197a7016 100644
--- a/apps/auth-user/src/modules/auth/services/auth-login.service.ts
+++ b/apps/auth-user/src/modules/auth/services/auth-login.service.ts
@@ -89,7 +89,7 @@ export class AuthLoginService {
 
       if (user.status !== 'ACTIVE' || user.disabledAt) {
         await this.auditLoginFailed(user.id, input.email, context, 'DISABLED');
-        throw new UnauthorizedException('Invalid email or password');
+        throw new UnauthorizedException('Your account has been suspended.');
       }
 
       const loggedIn = await this.prisma.$transaction(
diff --git a/apps/frontend/components/AuthModal.tsx b/apps/frontend/components/AuthModal.tsx
index fa35dd46..e9f020c4 100644
--- a/apps/frontend/components/AuthModal.tsx
+++ b/apps/frontend/components/AuthModal.tsx
@@ -52,6 +52,8 @@ export default function AuthModal({
     const [showOAuthHint, setShowOAuthHint] = useState(false);
     const [oauthRecoveryPassword, setOauthRecoveryPassword] = useState<string | null>(null);
     const [googleLoading, setGoogleLoading] = useState(false);
+    const [setIsBannedUser] = useState(false);
+
     if (!isOpen || isAuthenticated) return null;
 
     const handleSubmit: React.SubmitEventHandler<HTMLFormElement> = async (e) => {
@@ -83,7 +85,12 @@ export default function AuthModal({
                 : authClient.register({ email, password, displayName, username }));
 
             if (!result.ok) {
-                setErrorMessage(result.error.message);
+                const message = result.error?.message || "An error occurred.";
+                setErrorMessage(message);
+
+                if (type === 'Login' && /suspended|banned|disabled/i.test(message)) {
+                    return;
+                }
                 if (
                     type === 'Login' &&
                     /invalid credentials|invalid email or password/i.test(result.error.message)

From 0c2fd6f1dce630e8f396601cfad0e97b4f017f67 Mon Sep 17 00:00:00 2001
From: Thang Bui Quoc <tbuiloves42@gmail.com>
Date: Wed, 27 May 2026 22:06:49 +0200
Subject: [PATCH 14/26] removed reason because we never show it away from
 AdminActionModal.tsx

---
 .../src/components/admin/AdminActionModal.tsx | 28 ++-----------------
 1 file changed, 3 insertions(+), 25 deletions(-)

diff --git a/apps/frontend/src/components/admin/AdminActionModal.tsx b/apps/frontend/src/components/admin/AdminActionModal.tsx
index ae91af4e..9933e7e6 100644
--- a/apps/frontend/src/components/admin/AdminActionModal.tsx
+++ b/apps/frontend/src/components/admin/AdminActionModal.tsx
@@ -5,7 +5,6 @@ interface AdminModalProps {
     isOpen: boolean;
     title: string;
     description: string;
-    requireReason?: boolean;
     mode: ConfirmAction['mode'];
     currentRoles?: string[];
     onConfirm: (action: ConfirmAction) => void;
@@ -13,10 +12,9 @@ interface AdminModalProps {
 }
 
 export function AdminActionModal(
-    {isOpen, title, description, requireReason, mode = 'default', currentRoles = [], onConfirm, onClose
+    {isOpen, title, description, mode = 'default', currentRoles = [], onConfirm, onClose
     }: AdminModalProps): JSX.Element | null { // expect a React ui or when fail render nothing
 
-    const [reason, setReason] = useState('');
     const availableRoles = ['admin', 'user'];
     const [selectedRoles, setSelectedRoles] = useState<string[]>([]);
 
@@ -28,7 +26,6 @@ export function AdminActionModal(
         if (isOpen) {
             if (mode === 'roles') setSelectedRoles(currentRoles);
             if (mode === 'stats') setStats({ level: 0, xp: 0, wins: 0, losses: 0, kills: 0, deaths: 0 });
-            setReason('');
         }
     }, [isOpen, mode, currentRoles]);
 
@@ -48,7 +45,7 @@ export function AdminActionModal(
         } else if (mode === 'stats')
             onConfirm({ mode: 'stats', payload: stats });
         else
-            onConfirm({ mode: 'default', payload: reason });
+            onConfirm({ mode: 'default', payload: '' });
     };
 
     return (
@@ -108,22 +105,6 @@ export function AdminActionModal(
                     </div>
                 )}
 
-                {/* --- DEFAULT / BAN REASON UI --- */}
-                {mode === 'default' && requireReason && (
-                    <div className="mb-6">
-                        <label className="block text-xs font-semibold text-gray-400 uppercase mb-2">
-                            Required Reason
-                        </label>
-                        <textarea
-                            className="w-full p-3 border border-gray-200 rounded-lg text-sm bg-gray-50 outline-none focus:ring-2 focus:ring-indigo-500"
-                            rows={3}
-                            placeholder="Why is this action being taken?"
-                            value={reason}
-                            onChange={(e) => setReason(e.target.value)}
-                        />
-                    </div>
-                )}
-
                 {/* --- FOOTER ACTIONS --- */}
                 <div className="flex justify-end gap-3 pt-4 border-t border-gray-50">
                     <button
@@ -135,10 +116,7 @@ export function AdminActionModal(
                     <button
                         onClick={handleConfirm}
                         className="px-6 py-2 text-sm font-bold bg-indigo-600 text-white rounded-lg hover:bg-indigo-700 disabled:bg-gray-300 disabled:cursor-not-allowed transition-all shadow-md shadow-indigo-100"
-                        disabled={
-                            (mode === 'default' && requireReason && !reason.trim()) ||
-                            (mode === 'roles' && selectedRoles.length === 0)
-                        }
+                        disabled={(mode === 'roles' && selectedRoles.length === 0)}
                     >
                         Confirm Changes
                     </button>

From c2740b3b9148125828d04205a7132bd408a82d79 Mon Sep 17 00:00:00 2001
From: Thang Bui Quoc <tbuiloves42@gmail.com>
Date: Wed, 27 May 2026 22:39:46 +0200
Subject: [PATCH 15/26] added option for AdminActionModal.tsx to have free
 input for stats added a condition to player stats when the user is the stats
 db not exists create it

---
 .../src/components/admin/AdminActionModal.tsx | 32 +++++++++++++------
 .../player-stats/player-stats.service.ts      | 13 +++++++-
 2 files changed, 35 insertions(+), 10 deletions(-)

diff --git a/apps/frontend/src/components/admin/AdminActionModal.tsx b/apps/frontend/src/components/admin/AdminActionModal.tsx
index 9933e7e6..0bea10a7 100644
--- a/apps/frontend/src/components/admin/AdminActionModal.tsx
+++ b/apps/frontend/src/components/admin/AdminActionModal.tsx
@@ -18,14 +18,14 @@ export function AdminActionModal(
     const availableRoles = ['admin', 'user'];
     const [selectedRoles, setSelectedRoles] = useState<string[]>([]);
 
-    const [stats, setStats] = useState<UpdatePlayerStatsRequest>({
-        level: 0, xp: 0, wins: 0, losses: 0, kills: 0, deaths: 0
+    const [statsInputs, setStatsInputs] = useState<Record<string, string>>({
+        level: '0', xp: '0', wins: '0', losses: '0', kills: '0', deaths: '0'
     });
 
     useEffect(() => {
         if (isOpen) {
             if (mode === 'roles') setSelectedRoles(currentRoles);
-            if (mode === 'stats') setStats({ level: 0, xp: 0, wins: 0, losses: 0, kills: 0, deaths: 0 });
+            if (mode === 'stats') setStatsInputs({ level: '0', xp: '0', wins: '0', losses: '0', kills: '0', deaths: '0' });
         }
     }, [isOpen, mode, currentRoles]);
 
@@ -39,12 +39,26 @@ export function AdminActionModal(
         );
     };
 
+    const handleStatChange = (key: string, value: string) => {
+        if (value === '' || /^[0-9]+$/.test(value)) {
+            setStatsInputs(prev => ({ ...prev, [key]: value }));
+        }
+    };
+
     const handleConfirm = () => {
         if (mode === 'roles') {
             onConfirm({ mode: 'roles', payload: selectedRoles });
-        } else if (mode === 'stats')
-            onConfirm({ mode: 'stats', payload: stats });
-        else
+        } else if (mode === 'stats') {
+            const finalStats: UpdatePlayerStatsRequest = {
+                level: Number(statsInputs.level) || 0,
+                xp: Number(statsInputs.xp) || 0,
+                wins: Number(statsInputs.wins) || 0,
+                losses: Number(statsInputs.losses) || 0,
+                kills: Number(statsInputs.kills) || 0,
+                deaths: Number(statsInputs.deaths) || 0,
+            };
+            onConfirm({mode: 'stats', payload: finalStats});
+        } else
             onConfirm({ mode: 'default', payload: '' });
     };
 
@@ -94,10 +108,10 @@ export function AdminActionModal(
                                         {key}
                                     </label>
                                     <input
-                                        type="number"
+                                        type="text"
                                         className="w-full p-2 border border-gray-200 rounded-lg text-sm bg-gray-50 focus:ring-2 focus:ring-indigo-500 outline-none transition-all"
-                                        value={stats[key] ?? 0}
-                                        onChange={(e) => setStats({ ...stats, [key]: Number(e.target.value) })}
+                                        value={statsInputs[key]}
+                                        onChange={(e) => handleStatChange(key, e.target.value)}
                                     />
                                 </div>
                             ))}
diff --git a/apps/stats/src/modules/player-stats/player-stats.service.ts b/apps/stats/src/modules/player-stats/player-stats.service.ts
index 1ec9374e..24ab6314 100644
--- a/apps/stats/src/modules/player-stats/player-stats.service.ts
+++ b/apps/stats/src/modules/player-stats/player-stats.service.ts
@@ -31,9 +31,20 @@ export class PlayerStatsService {
   // update the stats of player
   async update(id: string, dto: UpdatePlayerDto) {
     const existing = await this.repo.getStatsById(id as any);
+
+    // If the user doesn't exist in the stats database yet, create them first
     if (!existing) {
-      throw new NotFoundException(`User with ID ${id} does not exist`);
+      await this.repo.createStats({
+        userId: id,
+        xp: dto.xp ?? 0,
+        level: dto.level ?? 1,
+        wins: dto.wins ?? 0,
+        losses: dto.losses ?? 0,
+        kills: dto.kills ?? 0,
+        deaths: dto.deaths ?? 0,
+      });
     }
+
     const updated = await this.repo.updateStats(id, dto);
 
     return updated;

From 6dce3458dbd1cdd29e3b05054e90d0ecf6c12108 Mon Sep 17 00:00:00 2001
From: Thang Bui Quoc <tbuiloves42@gmail.com>
Date: Wed, 27 May 2026 23:03:33 +0200
Subject: [PATCH 16/26] added live stats to edit player stats

---
 apps/frontend/app/(site)/admin/users/page.tsx | 37 +++++++++++++------
 .../src/components/admin/AdminActionModal.tsx | 20 +++++++---
 .../frontend/src/core/api/auth/auth.client.ts |  7 ++++
 apps/frontend/src/core/api/auth/auth.types.ts |  9 +++++
 4 files changed, 57 insertions(+), 16 deletions(-)

diff --git a/apps/frontend/app/(site)/admin/users/page.tsx b/apps/frontend/app/(site)/admin/users/page.tsx
index 22d3ebad..12eb0f1a 100644
--- a/apps/frontend/app/(site)/admin/users/page.tsx
+++ b/apps/frontend/app/(site)/admin/users/page.tsx
@@ -2,7 +2,8 @@
 
 import React, { useEffect, useState, useCallback } from 'react';
 import { authClient } from '@/src/core/api/auth/auth.client';
-import { UserAuthView, UserSearchResponse, UpdatePlayerStatsRequest, ConfirmAction } from '@/src/core/api/auth/auth.types';
+import { UserAuthView, UserSearchResponse, ConfirmAction, PlayerStatsData
+} from '@/src/core/api/auth/auth.types';
 import { UserTable } from '@/src/components/admin/UserTable';
 import { UserSearchForm } from '@/src/components/admin/UserSearchForm';
 import { AdminActionModal } from '@/src/components/admin/AdminActionModal';
@@ -15,6 +16,7 @@ export default function AdminUserManagement() {
     const [loading, setLoading] = useState(true);
     const [searchQuery, setSearchQuery] = useState('');
     const [hasLoadedOnce, setHasLoadedOnce] = useState(false);
+    const [activeUserStats, setActiveUserStats] = useState<PlayerStatsData | undefined>(undefined);
 
     const [modalConfig, setModalConfig] = useState<{
         isOpen: boolean;
@@ -54,14 +56,24 @@ export default function AdminUserManagement() {
         void fetchUsers(query);
     }, [fetchUsers]);
 
-    const handleEditStatsClick = (userId: string) => {
-        const user = data?.items.find(u => u.id === userId);
-        if (user) {
-            setModalConfig({
-                isOpen: true,
-                mode: 'stats',
-                targetUser: user
-            });
+    const handleEditStatsClick = async (userId: string) => {
+        const selectedUser = data?.items.find(u => u.id === userId);
+        if (!selectedUser) return;
+
+
+        setModalConfig({
+            isOpen: true,
+            mode: 'stats',
+            targetUser: selectedUser
+        });
+
+        setActiveUserStats(undefined);
+
+        const response = await authClient.getPlayerStats(userId);
+        if (response.ok) {
+            setActiveUserStats(response.data);
+        } else {
+            console.error("Could not fetch user stats:", response.error.message);
         }
     };
 
@@ -133,9 +145,12 @@ export default function AdminUserManagement() {
                             `Are you sure you want to change the status for ${modalConfig.targetUser?.username}?`
                 }
                 currentRoles={modalConfig.targetUser?.roles || []}
-                requireReason={modalConfig.mode === 'default' && modalConfig.targetUser?.status === 'active'}
+                currentStats={activeUserStats}
                 onConfirm={handleConfirmAction}
-                onClose={() => setModalConfig({ isOpen: false, mode: 'default', targetUser: null })}
+                onClose={() => {
+                    setModalConfig({ isOpen: false, mode: 'default', targetUser: null });
+                    setActiveUserStats(undefined);
+                }}
             />
         </div>
         </ProtectedRoute>
diff --git a/apps/frontend/src/components/admin/AdminActionModal.tsx b/apps/frontend/src/components/admin/AdminActionModal.tsx
index 0bea10a7..68a617a2 100644
--- a/apps/frontend/src/components/admin/AdminActionModal.tsx
+++ b/apps/frontend/src/components/admin/AdminActionModal.tsx
@@ -1,5 +1,5 @@
 import React, {JSX, useEffect, useState} from 'react';
-import {UpdatePlayerStatsRequest, ConfirmAction} from '@/src/core/api/auth/auth.types';
+import {UpdatePlayerStatsRequest, ConfirmAction, PlayerStatsData} from '@/src/core/api/auth/auth.types';
 
 interface AdminModalProps {
     isOpen: boolean;
@@ -7,12 +7,13 @@ interface AdminModalProps {
     description: string;
     mode: ConfirmAction['mode'];
     currentRoles?: string[];
+    currentStats?: PlayerStatsData;
     onConfirm: (action: ConfirmAction) => void;
     onClose: () => void;
 }
 
 export function AdminActionModal(
-    {isOpen, title, description, mode = 'default', currentRoles = [], onConfirm, onClose
+    {isOpen, title, description, mode = 'default', currentRoles = [], currentStats, onConfirm, onClose
     }: AdminModalProps): JSX.Element | null { // expect a React ui or when fail render nothing
 
     const availableRoles = ['admin', 'user'];
@@ -24,10 +25,19 @@ export function AdminActionModal(
 
     useEffect(() => {
         if (isOpen) {
-            if (mode === 'roles') setSelectedRoles(currentRoles);
-            if (mode === 'stats') setStatsInputs({ level: '0', xp: '0', wins: '0', losses: '0', kills: '0', deaths: '0' });
+            if (mode === 'roles')
+                setSelectedRoles(currentRoles);
+            if (mode === 'stats')
+                setStatsInputs({
+                    level: currentStats?.level?.toString() ?? '1',
+                    xp: currentStats?.xp?.toString() ?? '0',
+                    wins: currentStats?.wins?.toString() ?? '0',
+                    losses: currentStats?.losses?.toString() ?? '0',
+                    kills: currentStats?.kills?.toString() ?? '0',
+                    deaths: currentStats?.deaths?.toString() ?? '0'
+                });
         }
-    }, [isOpen, mode, currentRoles]);
+    }, [isOpen, mode, currentRoles, currentStats]);
 
     if (!isOpen) return null;
 
diff --git a/apps/frontend/src/core/api/auth/auth.client.ts b/apps/frontend/src/core/api/auth/auth.client.ts
index d363df21..23cf8f4d 100644
--- a/apps/frontend/src/core/api/auth/auth.client.ts
+++ b/apps/frontend/src/core/api/auth/auth.client.ts
@@ -25,6 +25,7 @@ import type
     SetUserRolesRequest,
     UserRolesResponse,
     UpdatePlayerStatsResponse,
+    PlayerStatsData,
 } from "@/src/core/api/auth/auth.types";
 
 
@@ -299,6 +300,12 @@ export const authClient = {
         });
     },
 
+    async getPlayerStats(userId: string): Promise<ApiResult<PlayerStatsData>> {
+        return apiFetch<PlayerStatsData>(`${BASE_URL}/admin/users/${userId}/stats`, {
+            method: 'GET',
+        });
+    },
+
     async updatePlayerStats(userId: string, data: UpdatePlayerStatsRequest): Promise<ApiResult<UpdatePlayerStatsResponse>> {
         return apiFetch<UpdatePlayerStatsResponse>(`${BASE_URL}/admin/users/${userId}/stats`, {
             method: 'PUT',
diff --git a/apps/frontend/src/core/api/auth/auth.types.ts b/apps/frontend/src/core/api/auth/auth.types.ts
index bd8d4ad0..c5b8e4ed 100644
--- a/apps/frontend/src/core/api/auth/auth.types.ts
+++ b/apps/frontend/src/core/api/auth/auth.types.ts
@@ -227,3 +227,12 @@ export interface ApiError {
 export interface SetPasswordResponse {
     success: boolean;
 }
+
+export interface PlayerStatsData {
+    level: number;
+    xp: number;
+    wins: number;
+    losses: number;
+    kills: number;
+    deaths: number;
+}
\ No newline at end of file

From e675bf84a3e0825d115f0fa6950479d75c525013 Mon Sep 17 00:00:00 2001
From: tbui-quo <tbui-quo@student.42wolfsburg.de>
Date: Thu, 28 May 2026 15:47:11 +0200
Subject: [PATCH 17/26] fix bug where protected route redirects but user could
 not leave the login modal

---
 apps/frontend/app/(site)/page.tsx           | 15 +++++++++------
 apps/frontend/components/ProtectedRoute.tsx |  2 +-
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/apps/frontend/app/(site)/page.tsx b/apps/frontend/app/(site)/page.tsx
index 881f9c58..7330ed63 100644
--- a/apps/frontend/app/(site)/page.tsx
+++ b/apps/frontend/app/(site)/page.tsx
@@ -1,7 +1,7 @@
 "use client";
 
 import { Suspense, useEffect, useState } from "react";
-import { useSearchParams } from "next/navigation";
+import { useSearchParams, useRouter } from "next/navigation";
 import { useAuth } from "@/components/Providers";
 import AuthModal from "@/components/AuthModal";
 import BattleArena from "@/components/BattleArena";
@@ -10,19 +10,23 @@ import SearchHandler from "@/components/SearchHandler";
 
 function LandingPageContent() {
     const { isAuthenticated} = useAuth();
+    const router = useRouter();
     const searchParams = useSearchParams();
     const showLogin = searchParams.get("showLogin");
-
-    const [isAuthModalOpen, setAuthModalOpen] = useState(false);
     const [authType, setAuthType] = useState<'Login' | 'Register'>('Login');
+    const isAuthModalOpen = showLogin === "true" && !isAuthenticated;
 
     useEffect(() => {
         if (showLogin === "true" && !isAuthenticated) {
             setAuthType('Login');
-            setAuthModalOpen(true);
         }
     }, [showLogin, isAuthenticated]);
 
+    const handleCloseModal = () => {
+        if (searchParams.get("showLogin") === "true") {
+            router.push("/");
+        }
+    };
     return (
         <div className="flex flex-col gap-16 py-12 max-w-5xl mx-auto px-6">
 
@@ -30,7 +34,6 @@ function LandingPageContent() {
                 <SearchHandler
                     onLogin={() => {
                         setAuthType('Login');
-                        setAuthModalOpen(true);
                     }}
                 />
             </Suspense>
@@ -145,7 +148,7 @@ function LandingPageContent() {
             </section>
             <AuthModal
                 isOpen={isAuthModalOpen}
-                onClose={() => setAuthModalOpen(false)}
+                onClose={handleCloseModal}
                 type={authType}
                 setType={setAuthType}
             />
diff --git a/apps/frontend/components/ProtectedRoute.tsx b/apps/frontend/components/ProtectedRoute.tsx
index c5979731..1ea1e401 100644
--- a/apps/frontend/components/ProtectedRoute.tsx
+++ b/apps/frontend/components/ProtectedRoute.tsx
@@ -24,7 +24,7 @@ export default function ProtectedRoute({ children, allowedRoles }: ProtectedRout
             const timer = setTimeout(() => {
                 const encodedPath = encodeURIComponent(pathname);
                 router.push(`/?showLogin=true&callbackUrl=${encodedPath}`);
-            }, 10000);
+            }, 5000);
             return () => clearTimeout(timer);
         }
 

From 82e3bc7eb1a378274341fdc2076aa5bd91c74c2d Mon Sep 17 00:00:00 2001
From: tbui-quo <tbui-quo@student.42wolfsburg.de>
Date: Thu, 28 May 2026 16:35:46 +0200
Subject: [PATCH 18/26] changed user profile stats display behavior for kda and
 winrate to only display 2 decimals

---
 apps/frontend/app/(site)/profile/[userId]/page.tsx | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/apps/frontend/app/(site)/profile/[userId]/page.tsx b/apps/frontend/app/(site)/profile/[userId]/page.tsx
index 1bcc8947..58206314 100644
--- a/apps/frontend/app/(site)/profile/[userId]/page.tsx
+++ b/apps/frontend/app/(site)/profile/[userId]/page.tsx
@@ -47,8 +47,12 @@ export default function ProfilePage() {
 	//console.log("BASE URL: ", process.env.NEXT_PUBLIC_API_URL+ "/stats/users");
 	const statsData = [
 	{ label: "Matches", value: stats?.derived?.totalMatches?.toString() ?? "—", color: "text-blue-500" },
-	{ label: "Win Rate", value: stats?.derived?.winRate ?? "—", color: "text-green-500" },
-	{ label: "K/D Ratio", value: stats?.derived?.kd?.toString() ?? "—", color: "text-red-500" },
+	{ label: "Win Rate", value: stats?.derived?.winRate != null
+            ? `${stats.derived.winRate.toFixed(2)}%`
+            : "—", color: "text-green-500" },
+	{ label: "K/D Ratio", value: stats?.derived?.kd != null
+            ? stats.derived.kd.toFixed(2)
+            : "—", color: "text-red-500" },
 	{ label: "Kills", value: stats?.kills?.toString() ?? "—", color: "text-green-500" },
 	{ label: "Deaths", value: stats?.deaths?.toString() ?? "—", color: "text-red-500" },
 	];

From bfa947b10f50ddee5b2ccad0e79f4bda52ebbb3a Mon Sep 17 00:00:00 2001
From: tbui-quo <tbui-quo@student.42wolfsburg.de>
Date: Thu, 28 May 2026 16:36:44 +0200
Subject: [PATCH 19/26] made sure edit stats window is hard limit to a min and
 max constant

---
 apps/frontend/app/(site)/admin/users/page.tsx | 18 ++++++++++--
 .../src/components/admin/AdminActionModal.tsx | 29 +++++++++++++------
 apps/frontend/src/core/api/auth/auth.types.ts |  7 ++++-
 3 files changed, 41 insertions(+), 13 deletions(-)

diff --git a/apps/frontend/app/(site)/admin/users/page.tsx b/apps/frontend/app/(site)/admin/users/page.tsx
index 12eb0f1a..9cd38007 100644
--- a/apps/frontend/app/(site)/admin/users/page.tsx
+++ b/apps/frontend/app/(site)/admin/users/page.tsx
@@ -2,7 +2,7 @@
 
 import React, { useEffect, useState, useCallback } from 'react';
 import { authClient } from '@/src/core/api/auth/auth.client';
-import { UserAuthView, UserSearchResponse, ConfirmAction, PlayerStatsData
+import { UserAuthView, UserSearchResponse, ConfirmAction, PlayerStatsData, UpdatePlayerStatsRequest, MIN_STAT_LIMIT, MAX_STAT_LIMIT
 } from '@/src/core/api/auth/auth.types';
 import { UserTable } from '@/src/components/admin/UserTable';
 import { UserSearchForm } from '@/src/components/admin/UserSearchForm';
@@ -91,8 +91,20 @@ export default function AdminUserManagement() {
 
         if (action.mode === 'stats') {
             // Handle Stats update
-            const result = await authClient.updatePlayerStats(user.id, action.payload);
-            if (!result.ok) console.error("Stats update failed:", result.error.message);
+            const sanitizedStats: UpdatePlayerStatsRequest = {
+                level: Math.min(Math.max(Number(action.payload.level) || 1, 1), MAX_STAT_LIMIT),
+                xp: Math.min(Math.max(Number(action.payload.xp) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
+                wins: Math.min(Math.max(Number(action.payload.wins) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
+                losses: Math.min(Math.max(Number(action.payload.losses) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
+                kills: Math.min(Math.max(Number(action.payload.kills) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
+                deaths: Math.min(Math.max(Number(action.payload.deaths) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
+            };
+            const result = await authClient.updatePlayerStats(user.id, sanitizedStats);
+
+            if (!result.ok) {
+                console.error("Stats update failed:", result.error.message);
+                alert(`Failed to save changes: ${result.error.message}`);
+            }
         }
         else if (action.mode === 'roles') {
             // Handle Role Update
diff --git a/apps/frontend/src/components/admin/AdminActionModal.tsx b/apps/frontend/src/components/admin/AdminActionModal.tsx
index 68a617a2..fce2f29a 100644
--- a/apps/frontend/src/components/admin/AdminActionModal.tsx
+++ b/apps/frontend/src/components/admin/AdminActionModal.tsx
@@ -1,5 +1,5 @@
 import React, {JSX, useEffect, useState} from 'react';
-import {UpdatePlayerStatsRequest, ConfirmAction, PlayerStatsData} from '@/src/core/api/auth/auth.types';
+import {UpdatePlayerStatsRequest, ConfirmAction, PlayerStatsData, MIN_STAT_LIMIT, MAX_STAT_LIMIT} from '@/src/core/api/auth/auth.types';
 
 interface AdminModalProps {
     isOpen: boolean;
@@ -50,8 +50,19 @@ export function AdminActionModal(
     };
 
     const handleStatChange = (key: string, value: string) => {
-        if (value === '' || /^[0-9]+$/.test(value)) {
-            setStatsInputs(prev => ({ ...prev, [key]: value }));
+        if (value === '') {
+            setStatsInputs(prev => ({ ...prev, [key]: '' }));
+            return;
+        }
+
+        if (/^[0-9]+$/.test(value)) {
+            const numericValue = Number(value);
+
+            if (numericValue > MAX_STAT_LIMIT) {
+                setStatsInputs(prev => ({...prev, [key]: MAX_STAT_LIMIT.toString()}));
+            } else {
+                setStatsInputs(prev => ({...prev, [key]: value}));
+            }
         }
     };
 
@@ -60,12 +71,12 @@ export function AdminActionModal(
             onConfirm({ mode: 'roles', payload: selectedRoles });
         } else if (mode === 'stats') {
             const finalStats: UpdatePlayerStatsRequest = {
-                level: Number(statsInputs.level) || 0,
-                xp: Number(statsInputs.xp) || 0,
-                wins: Number(statsInputs.wins) || 0,
-                losses: Number(statsInputs.losses) || 0,
-                kills: Number(statsInputs.kills) || 0,
-                deaths: Number(statsInputs.deaths) || 0,
+                level: Math.min(Math.max(Number(statsInputs.level) || 1, 1), MAX_STAT_LIMIT),
+                xp: Math.min(Math.max(Number(statsInputs.xp) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
+                wins: Math.min(Math.max(Number(statsInputs.wins) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
+                losses: Math.min(Math.max(Number(statsInputs.losses) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
+                kills: Math.min(Math.max(Number(statsInputs.kills) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
+                deaths: Math.min(Math.max(Number(statsInputs.deaths) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
             };
             onConfirm({mode: 'stats', payload: finalStats});
         } else
diff --git a/apps/frontend/src/core/api/auth/auth.types.ts b/apps/frontend/src/core/api/auth/auth.types.ts
index c5b8e4ed..c0d0d1b6 100644
--- a/apps/frontend/src/core/api/auth/auth.types.ts
+++ b/apps/frontend/src/core/api/auth/auth.types.ts
@@ -235,4 +235,9 @@ export interface PlayerStatsData {
     losses: number;
     kills: number;
     deaths: number;
-}
\ No newline at end of file
+}
+/**
+ * --- stat hard limit ---
+ */
+export const MAX_STAT_LIMIT = 9999;
+export const MIN_STAT_LIMIT = 0;
\ No newline at end of file

From db69c86563dd591a6fff92a7919a18d3d5c1c81b Mon Sep 17 00:00:00 2001
From: tbui-quo <tbui-quo@student.42wolfsburg.de>
Date: Thu, 28 May 2026 17:01:31 +0200
Subject: [PATCH 20/26] using zod to display specific error message when a
 admin changing stats which are not allowed

---
 apps/frontend/app/(site)/admin/users/page.tsx | 33 +++++++++-------
 apps/frontend/package-lock.json               |  4 +-
 apps/frontend/package.json                    |  3 +-
 .../src/components/admin/AdminActionModal.tsx | 17 ++++----
 apps/frontend/src/core/api/auth/auth.types.ts | 39 ++++++++++++++++++-
 5 files changed, 70 insertions(+), 26 deletions(-)

diff --git a/apps/frontend/app/(site)/admin/users/page.tsx b/apps/frontend/app/(site)/admin/users/page.tsx
index 9cd38007..d2822c29 100644
--- a/apps/frontend/app/(site)/admin/users/page.tsx
+++ b/apps/frontend/app/(site)/admin/users/page.tsx
@@ -2,13 +2,14 @@
 
 import React, { useEffect, useState, useCallback } from 'react';
 import { authClient } from '@/src/core/api/auth/auth.client';
-import { UserAuthView, UserSearchResponse, ConfirmAction, PlayerStatsData, UpdatePlayerStatsRequest, MIN_STAT_LIMIT, MAX_STAT_LIMIT
+import { UserAuthView, UserSearchResponse, ConfirmAction, PlayerStatsData, UpdatePlayerStatsRequest, MIN_STAT_LIMIT, MAX_STAT_LIMIT, playerStatsValidationSchema
 } from '@/src/core/api/auth/auth.types';
 import { UserTable } from '@/src/components/admin/UserTable';
 import { UserSearchForm } from '@/src/components/admin/UserSearchForm';
 import { AdminActionModal } from '@/src/components/admin/AdminActionModal';
 import ProtectedRoute from "@/components/ProtectedRoute";
 import { useAuth } from "@/components/Providers";
+import {ZodError} from "zod";
 
 export default function AdminUserManagement() {
     const { user, isLoading: authLoading } = useAuth();
@@ -91,19 +92,23 @@ export default function AdminUserManagement() {
 
         if (action.mode === 'stats') {
             // Handle Stats update
-            const sanitizedStats: UpdatePlayerStatsRequest = {
-                level: Math.min(Math.max(Number(action.payload.level) || 1, 1), MAX_STAT_LIMIT),
-                xp: Math.min(Math.max(Number(action.payload.xp) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
-                wins: Math.min(Math.max(Number(action.payload.wins) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
-                losses: Math.min(Math.max(Number(action.payload.losses) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
-                kills: Math.min(Math.max(Number(action.payload.kills) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
-                deaths: Math.min(Math.max(Number(action.payload.deaths) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
-            };
-            const result = await authClient.updatePlayerStats(user.id, sanitizedStats);
-
-            if (!result.ok) {
-                console.error("Stats update failed:", result.error.message);
-                alert(`Failed to save changes: ${result.error.message}`);
+            try {
+                const sanitizedStats = playerStatsValidationSchema.parse(action.payload);
+                const result = await authClient.updatePlayerStats(user.id, sanitizedStats);
+
+                if (!result.ok) {
+                    alert(`Failed to save stats: ${result.error.message}`);
+                    return;
+                }
+
+            } catch (error: any) {
+                if (error instanceof ZodError) {
+                    const errorMessage = error.issues.map(e => e.message).join("\n");
+                    alert(`Validation Error:\n${errorMessage}`);
+                } else {
+                    alert("An unexpected validation issue occurred.");
+                }
+                return;
             }
         }
         else if (action.mode === 'roles') {
diff --git a/apps/frontend/package-lock.json b/apps/frontend/package-lock.json
index 6637caf2..7174a038 100644
--- a/apps/frontend/package-lock.json
+++ b/apps/frontend/package-lock.json
@@ -17,7 +17,8 @@
         "next-auth": "^5.0.0-beta.30",
         "react": "^19.2.3",
         "react-dom": "^19.2.3",
-        "socket.io-client": "^4.8.3"
+        "socket.io-client": "^4.8.3",
+        "zod": "^4.4.3"
       },
       "devDependencies": {
         "@babylonjs/havok": "^1.3.11",
@@ -8541,7 +8542,6 @@
       "version": "4.4.3",
       "resolved": "https://registry.npmjs.org/zod/-/zod-4.4.3.tgz",
       "integrity": "sha512-ytENFjIJFl2UwYglde2jchW2Hwm4GJFLDiSXWdTrJQBIN9Fcyp7n4DhxJEiWNAJMV1/BqWfW/kkg71UDcHJyTQ==",
-      "dev": true,
       "license": "MIT",
       "funding": {
         "url": "https://github.com/sponsors/colinhacks"
diff --git a/apps/frontend/package.json b/apps/frontend/package.json
index d7d9f4da..4dfafe80 100644
--- a/apps/frontend/package.json
+++ b/apps/frontend/package.json
@@ -20,7 +20,8 @@
     "next-auth": "^5.0.0-beta.30",
     "react": "^19.2.3",
     "react-dom": "^19.2.3",
-    "socket.io-client": "^4.8.3"
+    "socket.io-client": "^4.8.3",
+    "zod": "^4.4.3"
   },
   "devDependencies": {
     "@babylonjs/havok": "^1.3.11",
diff --git a/apps/frontend/src/components/admin/AdminActionModal.tsx b/apps/frontend/src/components/admin/AdminActionModal.tsx
index fce2f29a..ceda6abf 100644
--- a/apps/frontend/src/components/admin/AdminActionModal.tsx
+++ b/apps/frontend/src/components/admin/AdminActionModal.tsx
@@ -70,15 +70,16 @@ export function AdminActionModal(
         if (mode === 'roles') {
             onConfirm({ mode: 'roles', payload: selectedRoles });
         } else if (mode === 'stats') {
-            const finalStats: UpdatePlayerStatsRequest = {
-                level: Math.min(Math.max(Number(statsInputs.level) || 1, 1), MAX_STAT_LIMIT),
-                xp: Math.min(Math.max(Number(statsInputs.xp) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
-                wins: Math.min(Math.max(Number(statsInputs.wins) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
-                losses: Math.min(Math.max(Number(statsInputs.losses) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
-                kills: Math.min(Math.max(Number(statsInputs.kills) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
-                deaths: Math.min(Math.max(Number(statsInputs.deaths) || 0, MIN_STAT_LIMIT), MAX_STAT_LIMIT),
+            const rawStats = {
+                level: statsInputs.level || '0',
+                xp: statsInputs.xp || '0',
+                wins: statsInputs.wins || '0',
+                losses: statsInputs.losses || '0',
+                kills: statsInputs.kills || '0',
+                deaths: statsInputs.deaths || '0',
             };
-            onConfirm({mode: 'stats', payload: finalStats});
+            onConfirm({ mode: 'stats', payload: rawStats as unknown as UpdatePlayerStatsRequest
+            });
         } else
             onConfirm({ mode: 'default', payload: '' });
     };
diff --git a/apps/frontend/src/core/api/auth/auth.types.ts b/apps/frontend/src/core/api/auth/auth.types.ts
index c0d0d1b6..e345a33d 100644
--- a/apps/frontend/src/core/api/auth/auth.types.ts
+++ b/apps/frontend/src/core/api/auth/auth.types.ts
@@ -1,3 +1,5 @@
+import { z } from "zod";
+
 /** * --- Types ---
  */
 export type UserStatus = string;
@@ -240,4 +242,39 @@ export interface PlayerStatsData {
  * --- stat hard limit ---
  */
 export const MAX_STAT_LIMIT = 9999;
-export const MIN_STAT_LIMIT = 0;
\ No newline at end of file
+export const MIN_STAT_LIMIT = 0;
+
+/**
+ * --- zod validation for stats ---
+ */
+export const playerStatsValidationSchema = z.object({
+    level: z.coerce.number()
+        .int({ message: "Level must be a whole number" })
+        .min(1, { message: "Level must be at least 1" })
+        .max(MAX_STAT_LIMIT, { message: `Level cannot exceed ${MAX_STAT_LIMIT}` }),
+
+    xp: z.coerce.number()
+        .int()
+        .min(MIN_STAT_LIMIT, { message: "XP cannot be negative" })
+        .max(MAX_STAT_LIMIT, { message: `XP cannot exceed ${MAX_STAT_LIMIT}` }),
+
+    wins: z.coerce.number()
+        .int()
+        .min(MIN_STAT_LIMIT, { message: "Wins cannot be negative" })
+        .max(MAX_STAT_LIMIT, { message: `Wins cannot exceed ${MAX_STAT_LIMIT}` }),
+
+    losses: z.coerce.number()
+        .int()
+        .min(MIN_STAT_LIMIT, { message: "Losses cannot be negative" })
+        .max(MAX_STAT_LIMIT, { message: `Losses cannot exceed ${MAX_STAT_LIMIT}` }),
+
+    kills: z.coerce.number()
+        .int()
+        .min(MIN_STAT_LIMIT, { message: "Kills cannot be negative" })
+        .max(MAX_STAT_LIMIT, { message: `Kills cannot exceed ${MAX_STAT_LIMIT}` }),
+
+    deaths: z.coerce.number()
+        .int()
+        .min(MIN_STAT_LIMIT, { message: "Deaths cannot be negative" })
+        .max(MAX_STAT_LIMIT, { message: `Deaths cannot exceed ${MAX_STAT_LIMIT}` }),
+});
\ No newline at end of file

From da2b26b55cfb19765b42a866a379caa7779b692a Mon Sep 17 00:00:00 2001
From: tbui-quo <tbui-quo@student.42wolfsburg.de>
Date: Thu, 28 May 2026 17:38:00 +0200
Subject: [PATCH 21/26] added toast notification to all admin actions

---
 apps/frontend/app/(site)/admin/users/page.tsx | 65 +++++++++++++++----
 apps/frontend/package-lock.json               | 11 ++++
 apps/frontend/package.json                    |  1 +
 .../src/components/admin/AdminActionModal.tsx |  2 +-
 4 files changed, 64 insertions(+), 15 deletions(-)

diff --git a/apps/frontend/app/(site)/admin/users/page.tsx b/apps/frontend/app/(site)/admin/users/page.tsx
index d2822c29..ced219d5 100644
--- a/apps/frontend/app/(site)/admin/users/page.tsx
+++ b/apps/frontend/app/(site)/admin/users/page.tsx
@@ -10,6 +10,7 @@ import { AdminActionModal } from '@/src/components/admin/AdminActionModal';
 import ProtectedRoute from "@/components/ProtectedRoute";
 import { useAuth } from "@/components/Providers";
 import {ZodError} from "zod";
+import { Toaster, toast } from 'sonner';
 
 export default function AdminUserManagement() {
     const { user, isLoading: authLoading } = useAuth();
@@ -97,42 +98,78 @@ export default function AdminUserManagement() {
                 const result = await authClient.updatePlayerStats(user.id, sanitizedStats);
 
                 if (!result.ok) {
-                    alert(`Failed to save stats: ${result.error.message}`);
+                    toast.error(`Failed to save stats: ${result.error.message}`);
                     return;
                 }
+                toast.success("Player stats updated successfully!");
 
             } catch (error: any) {
                 if (error instanceof ZodError) {
                     const errorMessage = error.issues.map(e => e.message).join("\n");
-                    alert(`Validation Error:\n${errorMessage}`);
+                    toast.error(`Validation Error: ${errorMessage}`);
                 } else {
-                    alert("An unexpected validation issue occurred.");
+                    toast.error("An unexpected validation issue occurred.");
                 }
                 return;
             }
         }
         else if (action.mode === 'roles') {
             // Handle Role Update
-            const result = await authClient.setUserRoles(user.id, { roles: action.payload });
-            if (!result.ok) console.error("Role update failed:", result.error.message);
-        } else {
-            // Handle Status Toggle (Ban/Unban)
-            const isBanning = user.status === 'active';
-            const reason = action.payload;
+            try {
+                const result = await authClient.setUserRoles(user.id, {roles: action.payload});
+
+                if (!result.ok) {
+                    console.error("Role update failed:", result.error.message);
+                    toast.error(`Failed to update roles: ${result.error.message}`);
+                    return;
+                }
+                toast.success(`Roles updated successfully for ${user.username}!`);
+
+            } catch (error) {
+                console.error("Unexpected role update error:", error);
+                toast.error("Network or server failure while updating roles.");
+                return;
+            }
+        }
+        else {
+            // Handle BanToggle
+            try {
+                const isBanning = user.status === 'active';
 
-            const result = isBanning
-                ? await authClient.disableUser(user.id, { reason })
-                : await authClient.enableUser(user.id, { reason: 'Admin unban' });
+                const reason = action.payload && action.payload.length >= 3
+                    ? action.payload
+                    : 'Administrative action override';
 
-            if (!result.ok) console.error("Status update failed:", result.error.message);
+                const result = isBanning
+                    ? await authClient.disableUser(user.id, {reason})
+                    : await authClient.enableUser(user.id, {reason: 'Admin unban'});
+
+                if (!result.ok) {
+                    console.error("Status update failed:", result.error.message);
+                    toast.error(`Failed to update user status: ${result.error.message}`);
+                    return;
+                }
+
+                if (isBanning) {
+                    toast.success(`${user.username} has been successfully banned.`);
+                } else {
+                    toast.success(`${user.username} has been successfully reinstated.`);
+                }
+
+            } catch (error) {
+                console.error("Unexpected status update error:", error);
+                toast.error("Network or server failure while modifying account status.");
+                return;
+            }
         }
 
         await fetchUsers(searchQuery);
-        setModalConfig({ isOpen: false, mode: 'default', targetUser: null });
+        setModalConfig({isOpen: false, mode: 'default', targetUser: null});
     };
 
     return (
         <ProtectedRoute allowedRoles={['admin']}>
+            <Toaster position="top-right" richColors />
         <div className="container mx-auto py-8 px-4 min-h-[80vh]">
             <h1 className="text-2xl font-bold mb-6">User Management</h1>
 
diff --git a/apps/frontend/package-lock.json b/apps/frontend/package-lock.json
index 7174a038..9cfbed60 100644
--- a/apps/frontend/package-lock.json
+++ b/apps/frontend/package-lock.json
@@ -18,6 +18,7 @@
         "react": "^19.2.3",
         "react-dom": "^19.2.3",
         "socket.io-client": "^4.8.3",
+        "sonner": "^2.0.7",
         "zod": "^4.4.3"
       },
       "devDependencies": {
@@ -7369,6 +7370,16 @@
         "node": ">=10.0.0"
       }
     },
+    "node_modules/sonner": {
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/sonner/-/sonner-2.0.7.tgz",
+      "integrity": "sha512-W6ZN4p58k8aDKA4XPcx2hpIQXBRAgyiWVkYhT7CvK6D3iAu7xjvVyhQHg2/iaKJZ1XVJ4r7XuwGL+WGEK37i9w==",
+      "license": "MIT",
+      "peerDependencies": {
+        "react": "^18.0.0 || ^19.0.0 || ^19.0.0-rc",
+        "react-dom": "^18.0.0 || ^19.0.0 || ^19.0.0-rc"
+      }
+    },
     "node_modules/source-map-js": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
diff --git a/apps/frontend/package.json b/apps/frontend/package.json
index 4dfafe80..a405fc7f 100644
--- a/apps/frontend/package.json
+++ b/apps/frontend/package.json
@@ -21,6 +21,7 @@
     "react": "^19.2.3",
     "react-dom": "^19.2.3",
     "socket.io-client": "^4.8.3",
+    "sonner": "^2.0.7",
     "zod": "^4.4.3"
   },
   "devDependencies": {
diff --git a/apps/frontend/src/components/admin/AdminActionModal.tsx b/apps/frontend/src/components/admin/AdminActionModal.tsx
index ceda6abf..6e2e4783 100644
--- a/apps/frontend/src/components/admin/AdminActionModal.tsx
+++ b/apps/frontend/src/components/admin/AdminActionModal.tsx
@@ -81,7 +81,7 @@ export function AdminActionModal(
             onConfirm({ mode: 'stats', payload: rawStats as unknown as UpdatePlayerStatsRequest
             });
         } else
-            onConfirm({ mode: 'default', payload: '' });
+            onConfirm({ mode: 'default', payload: 'Administrative action override' });
     };
 
     return (

From 7bf7e47577549583c42ba4b5be994c44fddd798a Mon Sep 17 00:00:00 2001
From: Thang Bui Quoc <tbuiloves42@gmail.com>
Date: Sun, 31 May 2026 19:00:17 +0200
Subject: [PATCH 22/26] added kick button with reason textfield , revert
 disable user also having a textfield for reason for a ban

---
 apps/frontend/app/(site)/admin/users/page.tsx | 42 +++++++++++++++----
 .../src/components/admin/AdminActionModal.tsx | 25 +++++++++--
 .../src/components/admin/UserTable.tsx        | 10 ++++-
 .../frontend/src/core/api/auth/auth.client.ts |  9 ++++
 apps/frontend/src/core/api/auth/auth.types.ts | 11 +++++
 5 files changed, 84 insertions(+), 13 deletions(-)

diff --git a/apps/frontend/app/(site)/admin/users/page.tsx b/apps/frontend/app/(site)/admin/users/page.tsx
index ced219d5..5b12e354 100644
--- a/apps/frontend/app/(site)/admin/users/page.tsx
+++ b/apps/frontend/app/(site)/admin/users/page.tsx
@@ -87,10 +87,18 @@ export default function AdminUserManagement() {
         setModalConfig({ isOpen: true, mode: "roles", targetUser: user });
     };
 
+    const handleKickSessionsClick = (user: UserAuthView) => {
+        setModalConfig({ isOpen: true, mode: "kick", targetUser: user });
+    };
+
     const handleConfirmAction = async (action: ConfirmAction) => {
         const user = modalConfig.targetUser;
         if (!user) return;
 
+        const reason = action.payload && typeof action.payload === 'string' && action.payload.length >= 3
+            ? action.payload
+            : 'Administrative action override';
+
         if (action.mode === 'stats') {
             // Handle Stats update
             try {
@@ -131,15 +139,26 @@ export default function AdminUserManagement() {
                 return;
             }
         }
+        // handle kick button
+        else if (action.mode === 'kick') {
+            try {
+                const kickResult = await authClient.revokeUserSessions(user.id, { reason });
+                if (kickResult.ok) {
+                    toast.success(`Successfully terminated ${kickResult.data.revokedSessions} active session(s) for ${user.username}.`);
+                } else {
+                    toast.error(`Failed to terminate sessions: ${kickResult.error.message}`);
+                    return;
+                }
+            } catch (error) {
+                toast.error("Network error while attempting session revocation.");
+                return;
+            }
+        }
         else {
             // Handle BanToggle
             try {
                 const isBanning = user.status === 'active';
 
-                const reason = action.payload && action.payload.length >= 3
-                    ? action.payload
-                    : 'Administrative action override';
-
                 const result = isBanning
                     ? await authClient.disableUser(user.id, {reason})
                     : await authClient.enableUser(user.id, {reason: 'Admin unban'});
@@ -151,7 +170,13 @@ export default function AdminUserManagement() {
                 }
 
                 if (isBanning) {
-                    toast.success(`${user.username} has been successfully banned.`);
+                    const kickResult = await authClient.revokeUserSessions(user.id, {reason});
+                    if (kickResult.ok) {
+                        toast.success(`${user.username} has been successfully banned.`);
+                    } else {
+                        console.warn("User disabled, but active session kick failed:", kickResult.error.message);
+                        toast.success(`${user.username} has been banned, but active sessions failed to clear immediately.`);
+                    }
                 } else {
                     toast.success(`${user.username} has been successfully reinstated.`);
                 }
@@ -183,6 +208,7 @@ export default function AdminUserManagement() {
                 onEditStats={handleEditStatsClick}
                 onToggleStatus={handleToggleStatusClick}
                 onEditRoles={handleEditRolesClick}
+                onKickSessions={handleKickSessionsClick}
             />
 
             <AdminActionModal
@@ -190,12 +216,12 @@ export default function AdminUserManagement() {
                 mode={modalConfig.mode}
                 title={
                     modalConfig.mode === 'roles' ? 'Manage Roles' :
-                        modalConfig.mode === 'stats' ? 'Edit Player Stats' :
-                            (modalConfig.targetUser?.status === 'active' ? 'Disable User' : 'Enable User')
+                    modalConfig.mode === 'stats' ? 'Edit Player Stats' : modalConfig.mode === 'kick' ? 'Force Disconnect User' :
+                        (modalConfig.targetUser?.status === 'active' ? 'Disable User' : 'Enable User')
                 }
                 description={
                     modalConfig.mode === 'roles' ? `Assign roles for ${modalConfig.targetUser?.username}` :
-                        modalConfig.mode === 'stats' ? `Updating gameplay metrics for ${modalConfig.targetUser?.username}` :
+                    modalConfig.mode === 'stats' ? `Updating gameplay metrics for ${modalConfig.targetUser?.username}` :
                             `Are you sure you want to change the status for ${modalConfig.targetUser?.username}?`
                 }
                 currentRoles={modalConfig.targetUser?.roles || []}
diff --git a/apps/frontend/src/components/admin/AdminActionModal.tsx b/apps/frontend/src/components/admin/AdminActionModal.tsx
index 6e2e4783..f04da961 100644
--- a/apps/frontend/src/components/admin/AdminActionModal.tsx
+++ b/apps/frontend/src/components/admin/AdminActionModal.tsx
@@ -18,13 +18,14 @@ export function AdminActionModal(
 
     const availableRoles = ['admin', 'user'];
     const [selectedRoles, setSelectedRoles] = useState<string[]>([]);
-
+    const [actionReason, setActionReason] = useState<string>('');
     const [statsInputs, setStatsInputs] = useState<Record<string, string>>({
         level: '0', xp: '0', wins: '0', losses: '0', kills: '0', deaths: '0'
     });
 
     useEffect(() => {
         if (isOpen) {
+            setActionReason('');
             if (mode === 'roles')
                 setSelectedRoles(currentRoles);
             if (mode === 'stats')
@@ -80,10 +81,14 @@ export function AdminActionModal(
             };
             onConfirm({ mode: 'stats', payload: rawStats as unknown as UpdatePlayerStatsRequest
             });
+        } else if (mode === 'kick') {
+            onConfirm({ mode: 'kick', payload: actionReason.trim() });
         } else
-            onConfirm({ mode: 'default', payload: 'Administrative action override' });
+            onConfirm({ mode: 'default', payload: actionReason.trim() });
     };
 
+    const showReasonField = mode === 'kick' || mode === 'default';
+
     return (
         <div className="fixed inset-0 z-50 flex items-center justify-center bg-black/30 backdrop-blur-sm transition-all p-4">
             <div className="bg-white rounded-xl p-6 max-w-sm w-full shadow-2xl border border-gray-100 overflow-y-auto max-h-[95vh]">
@@ -140,7 +145,21 @@ export function AdminActionModal(
                         </div>
                     </div>
                 )}
-
+                {/* --- BAN REASON FIELD --- */}
+                {showReasonField && (
+                    <div className="mb-6 space-y-2">
+                        <label className="block text-xs font-semibold text-gray-500 uppercase">
+                            Action Reason (Optional)
+                        </label>
+                        <textarea
+                            className="w-full p-3 border border-gray-200 rounded-lg text-sm bg-gray-50 focus:ring-2 focus:ring-indigo-500 outline-none transition-all resize-none h-20"
+                            placeholder="Provide a clear reason for our audit logs..."
+                            maxLength={255}
+                            value={actionReason}
+                            onChange={(e) => setActionReason(e.target.value)}
+                        />
+                    </div>
+                )}
                 {/* --- FOOTER ACTIONS --- */}
                 <div className="flex justify-end gap-3 pt-4 border-t border-gray-50">
                     <button
diff --git a/apps/frontend/src/components/admin/UserTable.tsx b/apps/frontend/src/components/admin/UserTable.tsx
index 9027c958..49c999a9 100644
--- a/apps/frontend/src/components/admin/UserTable.tsx
+++ b/apps/frontend/src/components/admin/UserTable.tsx
@@ -8,10 +8,11 @@ interface UserTableProps {
     onEditStats: (userId: string) => void;
     onToggleStatus: (user: UserAuthView) => void;
     onEditRoles: (user: UserAuthView) => void;
+    onKickSessions: (user: UserAuthView) => void;
 }
 
 export function UserTable(
-    {users, isLoading, onEditStats, onToggleStatus, onEditRoles
+    {users, isLoading, onEditStats, onToggleStatus, onEditRoles, onKickSessions
     }: UserTableProps): JSX.Element | null {
 
     return (
@@ -79,6 +80,11 @@ export function UserTable(
                                     className="text-indigo-600 hover:text-indigo-900 mr-4 transition-colors">
                                     Edit Stats
                                 </button>
+                                <button
+                                    onClick={() => onKickSessions(user)}
+                                    className="text-amber-600 hover:text-amber-900 mr-4 transition-colors">
+                                    Kick Sessions
+                                </button>
                                 <button
                                     onClick={() => onToggleStatus(user)}
                                     className={`${user.status === 'active' ? 'text-red-600 hover:text-red-900' : 'text-green-600 hover:text-green-900'} transition-colors`}>
@@ -92,4 +98,4 @@ export function UserTable(
             </table>
         </div>
     );
-};
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/apps/frontend/src/core/api/auth/auth.client.ts b/apps/frontend/src/core/api/auth/auth.client.ts
index 23cf8f4d..49f8faa4 100644
--- a/apps/frontend/src/core/api/auth/auth.client.ts
+++ b/apps/frontend/src/core/api/auth/auth.client.ts
@@ -26,6 +26,8 @@ import type
     UserRolesResponse,
     UpdatePlayerStatsResponse,
     PlayerStatsData,
+    RevokeSessionsResponse,
+    RevokeSessionsRequest,
 } from "@/src/core/api/auth/auth.types";
 
 
@@ -293,6 +295,13 @@ export const authClient = {
         });
     },
 
+    async revokeUserSessions(userId: string, data: RevokeSessionsRequest = {}): Promise<ApiResult<RevokeSessionsResponse>> {
+        return apiFetch<RevokeSessionsResponse>(`${BASE_URL}/admin/users/${userId}/sessions/revoke`, {
+            method: 'POST',
+            body: JSON.stringify(data),
+        });
+    },
+
     async setUserRoles(userId: string, data: SetUserRolesRequest): Promise<ApiResult<UserRolesResponse>> {
         return apiFetch<UserRolesResponse>(`${BASE_URL}/admin/users/${userId}/role`, {
             method: 'POST',
diff --git a/apps/frontend/src/core/api/auth/auth.types.ts b/apps/frontend/src/core/api/auth/auth.types.ts
index e345a33d..c87f3d52 100644
--- a/apps/frontend/src/core/api/auth/auth.types.ts
+++ b/apps/frontend/src/core/api/auth/auth.types.ts
@@ -210,12 +210,23 @@ export interface UpdatePlayerStatsResponse {
     updatedAt?: string;
 }
 
+export interface RevokeSessionsRequest {
+    reason?: string;
+}
+
+export interface RevokeSessionsResponse {
+    userId: string;
+    revokedSessions: number;
+}
+
+
 /**
  * --- Admin UI Helper Types ---
  */
 export type ConfirmAction =
     | { mode: 'stats'; payload: UpdatePlayerStatsRequest }
     | { mode: 'roles'; payload: string[] }
+    | { mode: 'kick'; payload: string }
     | { mode: 'default'; payload: string };
 
 /** * --- Errors ---

From 1788bfd4106ff06b7d894bd7914fe01cb185be4e Mon Sep 17 00:00:00 2001
From: Thang Bui Quoc <tbuiloves42@gmail.com>
Date: Sun, 31 May 2026 19:15:27 +0200
Subject: [PATCH 23/26] added zod to kick and ban reason message added a small
 sanitizer for search user by email or email, uid

---
 .../src/components/admin/AdminActionModal.tsx | 27 ++++++++++++++++---
 .../src/components/admin/UserSearchForm.tsx   |  8 +++++-
 apps/frontend/src/core/api/auth/auth.types.ts | 11 ++++++++
 3 files changed, 42 insertions(+), 4 deletions(-)

diff --git a/apps/frontend/src/components/admin/AdminActionModal.tsx b/apps/frontend/src/components/admin/AdminActionModal.tsx
index f04da961..dfed5828 100644
--- a/apps/frontend/src/components/admin/AdminActionModal.tsx
+++ b/apps/frontend/src/components/admin/AdminActionModal.tsx
@@ -1,5 +1,12 @@
 import React, {JSX, useEffect, useState} from 'react';
-import {UpdatePlayerStatsRequest, ConfirmAction, PlayerStatsData, MIN_STAT_LIMIT, MAX_STAT_LIMIT} from '@/src/core/api/auth/auth.types';
+import {
+    UpdatePlayerStatsRequest,
+    ConfirmAction,
+    PlayerStatsData,
+    MAX_STAT_LIMIT,
+    adminActionSchema
+} from '@/src/core/api/auth/auth.types';
+import {toast} from "sonner";
 
 interface AdminModalProps {
     isOpen: boolean;
@@ -83,8 +90,22 @@ export function AdminActionModal(
             });
         } else if (mode === 'kick') {
             onConfirm({ mode: 'kick', payload: actionReason.trim() });
-        } else
-            onConfirm({ mode: 'default', payload: actionReason.trim() });
+        } else {
+            const validation = adminActionSchema.safeParse({ reason: actionReason });
+
+            if (!validation.success) {
+                const errorMsg = validation.error.issues[0]?.message || "Invalid input";
+                toast.error(errorMsg);
+                return;
+            }
+
+            const cleanReason = validation.data.reason || 'Administrative action override';
+
+            onConfirm({
+                mode: mode,
+                payload: cleanReason
+            });
+        }
     };
 
     const showReasonField = mode === 'kick' || mode === 'default';
diff --git a/apps/frontend/src/components/admin/UserSearchForm.tsx b/apps/frontend/src/components/admin/UserSearchForm.tsx
index 3237e9ab..f5c676c8 100644
--- a/apps/frontend/src/components/admin/UserSearchForm.tsx
+++ b/apps/frontend/src/components/admin/UserSearchForm.tsx
@@ -16,7 +16,13 @@ export function UserSearchForm({ onSearch }: UserSearchFormProps): JSX.Element {
 
         // Wait 500ms after the user stops typing before searching
         const delayDebounceTimeout = setTimeout(() => {
-            onSearch(searchTerm);
+            const sanitizedQuery = searchTerm
+                .trim() // Remove spaces in the beginning
+                .replace(/[<>"{}\\]/g, '');
+            if (sanitizedQuery !== '' || searchTerm === '') {
+                console.log(sanitizedQuery)
+                onSearch(sanitizedQuery);
+            }
         }, 500);
 
         return () => clearTimeout(delayDebounceTimeout);
diff --git a/apps/frontend/src/core/api/auth/auth.types.ts b/apps/frontend/src/core/api/auth/auth.types.ts
index c87f3d52..8eb407ff 100644
--- a/apps/frontend/src/core/api/auth/auth.types.ts
+++ b/apps/frontend/src/core/api/auth/auth.types.ts
@@ -288,4 +288,15 @@ export const playerStatsValidationSchema = z.object({
         .int()
         .min(MIN_STAT_LIMIT, { message: "Deaths cannot be negative" })
         .max(MAX_STAT_LIMIT, { message: `Deaths cannot exceed ${MAX_STAT_LIMIT}` }),
+});
+
+export const adminActionSchema = z.object({
+    reason: z
+        .string()
+        .trim()
+        .max(255, { message: "Reason must be 255 characters or less" })
+        .transform((val) => {
+            return val.replace(/</g, '&lt;').replace(/>/g, '&gt;');
+        })
+        .optional(),
 });
\ No newline at end of file

From c657d904db45c7598916844b28b44f073e618c7b Mon Sep 17 00:00:00 2001
From: Thang Bui Quoc <tbuiloves42@gmail.com>
Date: Sun, 31 May 2026 19:56:15 +0200
Subject: [PATCH 24/26] needed to wrap provider into AuthProviderContent with a
 React Suspence boundary otherwise it would crash make prod

---
 apps/frontend/components/Providers.tsx | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/apps/frontend/components/Providers.tsx b/apps/frontend/components/Providers.tsx
index ddb7c8fe..9740e387 100644
--- a/apps/frontend/components/Providers.tsx
+++ b/apps/frontend/components/Providers.tsx
@@ -15,7 +15,7 @@ interface AuthContextType {
 
 const AuthContext = createContext<AuthContextType | undefined>(undefined);
 
-export default function Providers({ children }: { children: React.ReactNode }) {
+function AuthProviderContent({ children }: { children: React.ReactNode }) {
     const [user, setUser] = useState<UserAuthView | null>(null);
     const [isLoading, setIsLoading] = useState(true);
     const router = useRouter();
@@ -93,6 +93,15 @@ export default function Providers({ children }: { children: React.ReactNode }) {
     );
 }
 
+export default function Providers({ children }: { children: React.ReactNode }) {
+    return (
+        <React.Suspense fallback={null}>
+            <AuthProviderContent>
+                {children}
+            </AuthProviderContent>
+        </React.Suspense>
+    );
+}
 export const useAuth = () => {
     const context = useContext(AuthContext);
     if (!context) throw new Error("useAuth must be used within a Providers component");

From b6c588a36c8ccba88dc1892a7abe05c74ac765d9 Mon Sep 17 00:00:00 2001
From: Thang Bui Quoc <tbuiloves42@gmail.com>
Date: Sun, 31 May 2026 20:09:51 +0200
Subject: [PATCH 25/26] added error boundary for admin dashboard

---
 apps/frontend/app/(site)/admin/users/page.tsx | 121 ++++++++++++------
 1 file changed, 82 insertions(+), 39 deletions(-)

diff --git a/apps/frontend/app/(site)/admin/users/page.tsx b/apps/frontend/app/(site)/admin/users/page.tsx
index 5b12e354..802904fd 100644
--- a/apps/frontend/app/(site)/admin/users/page.tsx
+++ b/apps/frontend/app/(site)/admin/users/page.tsx
@@ -194,45 +194,88 @@ export default function AdminUserManagement() {
 
     return (
         <ProtectedRoute allowedRoles={['admin']}>
-            <Toaster position="top-right" richColors />
-        <div className="container mx-auto py-8 px-4 min-h-[80vh]">
-            <h1 className="text-2xl font-bold mb-6">User Management</h1>
-
-            <div className="mb-6">
-                <UserSearchForm onSearch={handleSearch} />
-            </div>
-
-            <UserTable
-                users={data?.items || []}
-                isLoading={loading && !hasLoadedOnce}
-                onEditStats={handleEditStatsClick}
-                onToggleStatus={handleToggleStatusClick}
-                onEditRoles={handleEditRolesClick}
-                onKickSessions={handleKickSessionsClick}
-            />
-
-            <AdminActionModal
-                isOpen={modalConfig.isOpen}
-                mode={modalConfig.mode}
-                title={
-                    modalConfig.mode === 'roles' ? 'Manage Roles' :
-                    modalConfig.mode === 'stats' ? 'Edit Player Stats' : modalConfig.mode === 'kick' ? 'Force Disconnect User' :
-                        (modalConfig.targetUser?.status === 'active' ? 'Disable User' : 'Enable User')
-                }
-                description={
-                    modalConfig.mode === 'roles' ? `Assign roles for ${modalConfig.targetUser?.username}` :
-                    modalConfig.mode === 'stats' ? `Updating gameplay metrics for ${modalConfig.targetUser?.username}` :
-                            `Are you sure you want to change the status for ${modalConfig.targetUser?.username}?`
-                }
-                currentRoles={modalConfig.targetUser?.roles || []}
-                currentStats={activeUserStats}
-                onConfirm={handleConfirmAction}
-                onClose={() => {
-                    setModalConfig({ isOpen: false, mode: 'default', targetUser: null });
-                    setActiveUserStats(undefined);
-                }}
-            />
-        </div>
+            <AdminErrorBoundary>
+                <Toaster position="top-right" richColors/>
+                <div className="container mx-auto py-8 px-4 min-h-[80vh]">
+                    <h1 className="text-2xl font-bold mb-6">User Management</h1>
+
+                    <div className="mb-6">
+                        <UserSearchForm onSearch={handleSearch}/>
+                    </div>
+
+                    <UserTable
+                        users={data?.items || []}
+                        isLoading={loading && !hasLoadedOnce}
+                        onEditStats={handleEditStatsClick}
+                        onToggleStatus={handleToggleStatusClick}
+                        onEditRoles={handleEditRolesClick}
+                        onKickSessions={handleKickSessionsClick}
+                    />
+
+                    <AdminActionModal
+                        isOpen={modalConfig.isOpen}
+                        mode={modalConfig.mode}
+                        title={
+                            modalConfig.mode === 'roles' ? 'Manage Roles' :
+                                modalConfig.mode === 'stats' ? 'Edit Player Stats' : modalConfig.mode === 'kick' ? 'Force Disconnect User' :
+                                    (modalConfig.targetUser?.status === 'active' ? 'Disable User' : 'Enable User')
+                        }
+                        description={
+                            modalConfig.mode === 'roles' ? `Assign roles for ${modalConfig.targetUser?.username}` :
+                                modalConfig.mode === 'stats' ? `Updating gameplay metrics for ${modalConfig.targetUser?.username}` :
+                                    `Are you sure you want to change the status for ${modalConfig.targetUser?.username}?`
+                        }
+                        currentRoles={modalConfig.targetUser?.roles || []}
+                        currentStats={activeUserStats}
+                        onConfirm={handleConfirmAction}
+                        onClose={() => {
+                            setModalConfig({isOpen: false, mode: 'default', targetUser: null});
+                            setActiveUserStats(undefined);
+                        }}
+                    />
+                </div>
+            </AdminErrorBoundary>
         </ProtectedRoute>
     );
+}
+
+class AdminErrorBoundary extends React.Component<
+    { children: React.ReactNode },
+    { hasError: boolean; error: Error | null }
+> {
+    constructor(props: { children: React.ReactNode }) {
+        super(props);
+        this.state = { hasError: false, error: null };
+    }
+
+    static getDerivedStateFromError(error: Error) {
+        return { hasError: true, error };
+    }
+
+    componentDidCatch(error: Error, errorInfo: React.ErrorInfo) {
+        console.error("Admin Panel Error caught by boundary:", error, errorInfo);
+    }
+
+    render() {
+        if (this.state.hasError) {
+            return (
+                <div className="container mx-auto py-12 px-4 text-center">
+                    <div className="bg-red-50 border border-red-200 rounded-xl p-8 max-w-md mx-auto shadow-sm">
+                        <h2 className="text-lg font-bold text-red-700 mb-2">Something went wrong</h2>
+                        <p className="text-sm text-red-600 mb-6">
+                            The Admin Dashboard encountered a rendering error.
+                        </p>
+                        <button
+                            onClick={() => window.location.reload()}
+                            className="px-4 py-2 bg-red-600 hover:bg-red-700 text-white font-semibold rounded-lg text-sm transition-colors shadow-sm"
+                        >
+                            Reload Dashboard
+                        </button>
+                    </div>
+                </div>
+            );
+        }
+
+        return this.props.children;
+    }
 }
\ No newline at end of file

From bb8bcc69e4eda62242b4808c1ed40fb00eed8d73 Mon Sep 17 00:00:00 2001
From: Thang Bui Quoc <tbuiloves42@gmail.com>
Date: Sun, 31 May 2026 20:37:22 +0200
Subject: [PATCH 26/26] added a option to display more user entries results by
 going to to next page

---
 apps/frontend/app/(site)/admin/users/page.tsx | 45 +++++++++++++++++--
 .../src/components/admin/UserTable.tsx        | 31 ++++++++++++-
 2 files changed, 71 insertions(+), 5 deletions(-)

diff --git a/apps/frontend/app/(site)/admin/users/page.tsx b/apps/frontend/app/(site)/admin/users/page.tsx
index 802904fd..b678d941 100644
--- a/apps/frontend/app/(site)/admin/users/page.tsx
+++ b/apps/frontend/app/(site)/admin/users/page.tsx
@@ -19,6 +19,9 @@ export default function AdminUserManagement() {
     const [searchQuery, setSearchQuery] = useState('');
     const [hasLoadedOnce, setHasLoadedOnce] = useState(false);
     const [activeUserStats, setActiveUserStats] = useState<PlayerStatsData | undefined>(undefined);
+    const [cursorHistory, setCursorHistory] = useState<string[]>([]); // saves previous last entry
+    const [currentCursor, setCurrentCursor] = useState<string | undefined>(undefined);
+    const ITEMS_PER_PAGE = 10;
 
     const [modalConfig, setModalConfig] = useState<{
         isOpen: boolean;
@@ -30,15 +33,20 @@ export default function AdminUserManagement() {
         targetUser: null
     });
 
-    const fetchUsers = useCallback(async (query = '') => {
+    const fetchUsers = useCallback(async (query = '', cursor?: string) => {
         console.log("fetching users");
         setLoading(true);
-        const result = await authClient.searchUsers({ query, limit: 10 });
+        const result = await authClient.searchUsers({
+            query,
+            limit: ITEMS_PER_PAGE,
+            cursor: cursor
+        });
         if (result.ok) {
             setData(result.data);
             setHasLoadedOnce(true);
         } else {
             console.error("Failed to fetch users:", result.error.message);
+            toast.error("Failed to refresh user list.");
         }
         setLoading(false);
     }, []);
@@ -51,13 +59,36 @@ export default function AdminUserManagement() {
         if (isAdmin) {
             void fetchUsers();
         }
-    }, [authLoading, user, fetchUsers]);
+    }, [authLoading, user, fetchUsers, currentCursor, searchQuery]);
 
     const handleSearch = useCallback((query: string) => {
         setSearchQuery(query);
-        void fetchUsers(query);
+        setCurrentCursor(undefined);
+        setCursorHistory([]);
+        void fetchUsers(query, undefined);
     }, [fetchUsers]);
 
+    const handleNextPage = () => {
+        const nextCursor = data?.pageInfo?.nextCursor || (data?.pageInfo as any)?.endCursor;
+
+        if (!nextCursor) return;
+
+        setCursorHistory(prev => [...prev, currentCursor || '']);
+        setCurrentCursor(nextCursor);
+        void fetchUsers(searchQuery, nextCursor);
+    };
+
+    const handlePreviousPage = () => {
+        if (cursorHistory.length === 0) return;
+
+        const previousHistory = [...cursorHistory];
+        const targetCursor = previousHistory.pop();
+
+        setCursorHistory(previousHistory);
+        setCurrentCursor(targetCursor === '' ? undefined : targetCursor);
+        void fetchUsers(searchQuery, targetCursor === '' ? undefined : targetCursor);
+    };
+
     const handleEditStatsClick = async (userId: string) => {
         const selectedUser = data?.items.find(u => u.id === userId);
         if (!selectedUser) return;
@@ -192,6 +223,8 @@ export default function AdminUserManagement() {
         setModalConfig({isOpen: false, mode: 'default', targetUser: null});
     };
 
+    const hasNextCursor = !!data?.pageInfo?.nextCursor || (data?.pageInfo as any)?.endCursor;
+
     return (
         <ProtectedRoute allowedRoles={['admin']}>
             <AdminErrorBoundary>
@@ -210,6 +243,10 @@ export default function AdminUserManagement() {
                         onToggleStatus={handleToggleStatusClick}
                         onEditRoles={handleEditRolesClick}
                         onKickSessions={handleKickSessionsClick}
+                        canGoPrevious={cursorHistory.length > 0}
+                        canGoNext={hasNextCursor}
+                        onNextPage={handleNextPage}
+                        onPreviousPage={handlePreviousPage}
                     />
 
                     <AdminActionModal
diff --git a/apps/frontend/src/components/admin/UserTable.tsx b/apps/frontend/src/components/admin/UserTable.tsx
index 49c999a9..ecea9a70 100644
--- a/apps/frontend/src/components/admin/UserTable.tsx
+++ b/apps/frontend/src/components/admin/UserTable.tsx
@@ -9,10 +9,23 @@ interface UserTableProps {
     onToggleStatus: (user: UserAuthView) => void;
     onEditRoles: (user: UserAuthView) => void;
     onKickSessions: (user: UserAuthView) => void;
+    canGoPrevious: boolean;
+    canGoNext: boolean;
+    onNextPage: () => void;
+    onPreviousPage: () => void;
 }
 
 export function UserTable(
-    {users, isLoading, onEditStats, onToggleStatus, onEditRoles, onKickSessions
+    {users,
+        isLoading,
+        onEditStats,
+        onToggleStatus,
+        onEditRoles,
+        onKickSessions,
+        canGoPrevious,
+        canGoNext,
+        onNextPage,
+        onPreviousPage,
     }: UserTableProps): JSX.Element | null {
 
     return (
@@ -96,6 +109,22 @@ export function UserTable(
                 )}
                 </tbody>
             </table>
+            <div className="flex items-center justify-end gap-2 pt-4 border-t border-gray-100 mt-4">
+                <button
+                    onClick={onPreviousPage}
+                    disabled={!canGoPrevious || isLoading}
+                    className="px-4 py-1.5 text-sm font-semibold text-gray-700 rounded-lg border border-gray-200 disabled:opacity-40 disabled:cursor-not-allowed hover:bg-gray-50 transition-all shadow-sm"
+                >
+                    Previous
+                </button>
+                <button
+                    onClick={onNextPage}
+                    disabled={!canGoNext || isLoading}
+                    className="px-4 py-1.5 text-sm font-semibold text-gray-700 rounded-lg border border-gray-200 disabled:opacity-40 disabled:cursor-not-allowed hover:bg-gray-50 transition-all shadow-sm"
+                >
+                    Next
+                </button>
+            </div>
         </div>
     );
 }
\ No newline at end of file