To-do list

[igorbenav]

To-do

General

• Proper type hints
• Proper docstrings
• Documentation
• Tests
• Linting github action
• Mypy github action
• Pre commit

Session Management

• Session storage and lifecycle (Track active admin sessions, login state, automatic cleanup of ended sessions)
• Session metadata tracking (IP address, browser info, timestamps for security audits)
• Concurrent session handling (detect/manage multiple logins from same admin, prevent conflicts)
• Session timeout management (auto-logout on inactivity, force-termxinate old sessions)

Event System

• Action logging (Track who did what basic operations: create/update/delete/login/logout)
• User tracking (Keep record of which admin user performed which actions, session context)
• Action metadata (Store essential context: timestamp, IP, user agent, affected record IDs)
• Event storage and retrieval (Database storage and basic querying of action logs)

Core Infrastructure

• Database connection pooling (Better handle multiple admin users, prevent connection exhaustion, needed for production use) (Deprecated, users should handle this part)
• Database migration handling (Safely update admin database schema, manage admin user tables, critical for updates)

Authentication & Security

• Rate limiting for login attempts (Prevent brute force attacks, track failed attempts per IP/username)
• Password reset functionality (Essential for admin lockout recovery, requires email integration)
• Granular permissions system (Different admin roles/permissions, control access to specific models/actions)
• Implement allowed IPs and Networks
• IP-based blocking (Block suspicious IPs, works with rate limiting)
• SameSite Cookie Settings (Proper cookie security for CSRF protection)
• HTTPS Enforcement (Force secure connections for admin interface)
• CSRF Token Support (Protect against cross-site request forgery) (Deprecated, since we use both session and JWT, httpOnly and SameSite=Lax)

Audit & Monitoring

• Comprehensive audit logging (Detailed log of all admin actions, builds on event system)
• User activity monitoring (Track admin user sessions, actions, patterns)
• Security alerts (Notify about suspicious activities: multiple failed logins, unusual patterns)
• Health checks (Basic system status, DB connectivity, essential services)

Form & Field Handling

• Advanced field types (Support for dates, enums, decimal, etc. - essential for most models)
• Relationship field support (Handle ForeignKey, OneToMany relationships - core SQLAlchemy feature)
• File upload handling (Basic file upload support, very commonly needed)
• Image handling/preview (Image uploads with thumbnails/preview, common requirement)
• Complex data types (Support for JSON fields, arrays, common in modern schemas)

UI/UX

• Table Filters UI (Filter interface for columns)
• Custom theming support (Allow changing colors, icon for branding)
• Export functionality (Export table data to CSV/Excel)
• Import functionality (Bulk import data from files)
• Enhanced responsive design
• Extended batch actions (Bulk operations beyond delete)

Model Handling

• Relationship handling in interface (Display and edit related records)
• Automatic related field handling (Auto-populate related dropdowns, validate relations)
• Field annotations/hints
• Soft delete support

Technical Features

• Custom endpoint handling (Add custom views/actions beyond CRUD)
• Exception handling (Better error messages, recovery, logging)

[DIMFLIX]

That's a cool idea. I will support your project with a star.
I'm using sqladmin now, and I advise you - consider supporting custom templates.
In sqladmin with jinja2 we can create custom pages.
It would be cool if you add such a feature.

[igorbenav]

Hey, @DIMFLIX, thanks!
Templates are coming soon, we just need to have robust core features and a stable API before. It's definitely a priority in the pipeline.

[steffenvan]

+1 for the "Granular permissions system (Different admin roles/permissions, control access to specific models/actions)".