Admin Dashboard — Data Model
Status: populated Owner: Platform Engineering (Frontend) Last updated: 2026-04-18
1. No Database
The admin-dashboard is a stateless frontend service. It owns no database schema, no PostgreSQL tables, no Redis keys. All persistent state lives in upstream backend services.
2. Server-Side Session (Cookie-Based)
__admin_session Cookie
- Type: Encrypted JSON (
iron-sessionor equivalent) - Flags:
HttpOnly; Secure; SameSite=Strict; Path=/ - TTL: JWT expiry (1 hour); renewed on refresh
- Contents:
{
"userId": "usr_01H...",
"email": "admin@ghasi.io",
"roles": ["admin"],
"accessToken": "<platform-jwt>",
"expiresAt": "2026-04-18T15:00:00Z"
}
__admin_refresh Cookie
- Flags:
HttpOnly; Secure; SameSite=Strict; Path=/api/auth/refresh - TTL: 7 days
- Contents:
{
"refreshToken": "<opaque-refresh-token>"
}
3. Session Storage
| Key | Type | Content | Cleared |
|---|---|---|---|
adm_msg_filters | JSON string | Last-used cross-tenant message filter state | On tab close |
adm_dashboard_range | string | Selected dashboard time range (24h, 7d) | On tab close |
adm_dismissed_alerts | JSON string[] | List of dismissed alert serviceNames | On tab close |
4. In-Memory React State
| Component | State | Description |
|---|---|---|
DashboardPoller | metricsData | Latest polled metrics; updated every 30s |
OperatorCreateModal | formState | react-hook-form values; cleared on close |
RoutingRuleList | ruleOrder | Drag-and-drop local ordering before save |
AlertBannerList | dismissedAlerts | Set of dismissed alert IDs (also in sessionStorage) |
5. No localStorage for Auth Data
Raw tokens are never written to localStorage. Firebase Auth persistence set to browserSessionPersistence.
6. Cache Headers
- All admin pages:
Cache-Control: private, no-store— always fresh, no CDN caching - Static assets:
Cache-Control: public, max-age=31536000, immutable - Health and metrics API routes:
Cache-Control: no-store