When a user submits a credit request, an email is sent to all
configured NOTIFY_TO recipients with approve buttons (5M, 10M, 20M),
a custom amount option, and a reject button. Each button is a
signed HMAC-SHA256 webhook URL that expires after WEBHOOK_TTL_HOURS.
Clicking approve from email processes the top-up identical to the
admin dashboard — balance update, history log, request status change.
Double-approval protection prevents the same link from being used
twice. Portal approval still works alongside email approval.
New dependencies: nodemailer
New files: services/email.js, routes/webhooks.js
Modified: server.js, routes/requests.js, .env.example
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Public page at /request for users to submit top-up requests
(email + OMG job number, no auth required)
- Admin "Requests" view with pending/processed/all filters
- Approve with preset amounts (5M/10M/20M) or reject
- Pending count badge in sidebar nav
- Request data stored in JSON file (data/requests.json)
- Data volume mounted for persistence across rebuilds
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Admin dashboard for managing user token balances. View, search, top up, and bulk-manage credits.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
