Add Beacon admin interface with login, dashboard, users, settings

Login System:
- LoginLive: standalone LiveView with OIDC provider buttons + dev mode
  email/password form
- LoginLayout: minimal centered layout for pre-auth pages
- Login route in separate live_session (no admin sidebar)

Beacon Admin Pages (super_admin only):
- DashboardLive: overview of all sites with page/layout/component counts,
  user count, quick links to admin sections
- UsersLive: full user management — create, edit, delete, role assignment
  with role picker and site picker for site-scoped roles
- SettingsLive: global platform settings — AI crawler policy, default
  meta tags, site name, title template
- GlobalTemplateTypesLive: template type management with site=nil scope

Client Auth API:
- Client.Auth module wrapping Beacon.Auth functions

Navigation:
- "Beacon Admin" section in sidebar nav for super admins
- Routes at /beacon, /beacon/users, /beacon/settings, /beacon/template_types

Author: bcardarella

lib/beacon/live_admin/client/auth.ex

@@ -0,0 +1,51 @@
+defmodule Beacon.LiveAdmin.Client.Auth do
+  @moduledoc false
+
+  @doc """
+  List all users.
+  Auth functions are not site-scoped but we accept site for API consistency.
+  """
+  def list_users(_site, opts \\ []) do
+    Beacon.Auth.list_users(opts)
+  end
+
+  def get_user(_site, id) do
+    Beacon.Auth.get_user(id)
+  end
+
+  def create_user(_site, attrs) do
+    Beacon.Auth.create_user(attrs)
+  end
+
+  def update_user(_site, user, attrs) do
+    Beacon.Auth.update_user(user, attrs)
+  end
+
+  def delete_user(_site, user) do
+    Beacon.Auth.delete_user(user)
+  end
+
+  def assign_role(_site, user, role, role_site) do
+    Beacon.Auth.assign_role(user, role, role_site)
+  end
+
+  def revoke_role(_site, user, role, role_site) do
+    Beacon.Auth.revoke_role(user, role, role_site)
+  end
+
+  def list_roles(_site, user) do
+    Beacon.Auth.list_roles(user)
+  end
+
+  def has_role?(_site, user, role, role_site) do
+    Beacon.Auth.has_role?(user, role, role_site)
+  end
+
+  def is_super_admin?(_site, user) do
+    Beacon.Auth.is_super_admin?(user)
+  end
+
+  def can_access_site?(_site, user, target_site) do
+    Beacon.Auth.can_access_site?(user, target_site)
+  end
+end

lib/beacon/live_admin/live/auth/login_layout.ex

@@ -0,0 +1,46 @@
+defmodule Beacon.LiveAdmin.Auth.LoginLayout do
+  @moduledoc false
+
+  use Phoenix.Component
+
+  import Phoenix.HTML, only: [raw: 1]
+
+  def render(assigns) do
+    ~H"""
+    <!DOCTYPE html>
+    <html lang="en">
+      <head>
+        <meta charset="utf-8" />
+        <meta name="viewport" content="width=device-width, initial-scale=1" />
+        <meta name="csrf-token" content={Phoenix.Controller.get_csrf_token()} />
+        <title>Beacon Admin Login</title>
+        <style>
+          *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+          body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, sans-serif; background-color: #f3f4f6; min-height: 100vh; display: flex; align-items: center; justify-content: center; }
+          .login-card { background: white; border-radius: 12px; box-shadow: 0 4px 6px -1px rgba(0,0,0,0.1), 0 2px 4px -2px rgba(0,0,0,0.1); padding: 2.5rem; width: 100%; max-width: 400px; }
+          .login-header { text-align: center; margin-bottom: 2rem; }
+          .login-logo { display: inline-flex; align-items: center; justify-content: center; width: 48px; height: 48px; background-color: #4f46e5; border-radius: 12px; margin-bottom: 1rem; }
+          .login-logo svg { width: 28px; height: 28px; color: white; }
+          .login-title { font-size: 1.5rem; font-weight: 700; color: #111827; }
+          .login-subtitle { font-size: 0.875rem; color: #6b7280; margin-top: 0.25rem; }
+          .provider-btn { display: flex; align-items: center; justify-content: center; gap: 0.5rem; width: 100%; padding: 0.75rem 1rem; border: 1px solid #d1d5db; border-radius: 8px; background: white; font-size: 0.875rem; font-weight: 500; color: #374151; cursor: pointer; transition: all 0.15s; text-decoration: none; margin-bottom: 0.75rem; }
+          .provider-btn:hover { background-color: #f9fafb; border-color: #9ca3af; }
+          .divider { display: flex; align-items: center; gap: 1rem; margin: 1.5rem 0; color: #9ca3af; font-size: 0.75rem; }
+          .divider::before, .divider::after { content: ""; flex: 1; height: 1px; background: #e5e7eb; }
+          .form-group { margin-bottom: 1rem; }
+          .form-label { display: block; font-size: 0.875rem; font-weight: 500; color: #374151; margin-bottom: 0.375rem; }
+          .form-input { width: 100%; padding: 0.625rem 0.75rem; border: 1px solid #d1d5db; border-radius: 8px; font-size: 0.875rem; outline: none; transition: border-color 0.15s; }
+          .form-input:focus { border-color: #4f46e5; box-shadow: 0 0 0 3px rgba(79,70,229,0.1); }
+          .submit-btn { width: 100%; padding: 0.75rem 1rem; background-color: #4f46e5; color: white; border: none; border-radius: 8px; font-size: 0.875rem; font-weight: 600; cursor: pointer; transition: background-color 0.15s; }
+          .submit-btn:hover { background-color: #4338ca; }
+          .flash-error { background-color: #fef2f2; border: 1px solid #fecaca; color: #991b1b; padding: 0.75rem 1rem; border-radius: 8px; font-size: 0.875rem; margin-bottom: 1.5rem; }
+          .flash-info { background-color: #ecfdf5; border: 1px solid #a7f3d0; color: #065f46; padding: 0.75rem 1rem; border-radius: 8px; font-size: 0.875rem; margin-bottom: 1.5rem; }
+        </style>
+      </head>
+      <body>
+        <%= @inner_content %>
+      </body>
+    </html>
+    """
+  end
+end

lib/beacon/live_admin/live/auth/login_live.ex

@@ -0,0 +1,147 @@
+defmodule Beacon.LiveAdmin.Auth.LoginLive do
+  @moduledoc false
+
+  use Phoenix.LiveView, layout: {Beacon.LiveAdmin.Auth.LoginLayout, :render}
+
+  @impl true
+  def mount(_params, _session, socket) do
+    dev_mode? = dev_mode?()
+    providers = providers()
+
+    {:ok,
+     socket
+     |> assign(:dev_mode?, dev_mode?)
+     |> assign(:providers, providers)
+     |> assign(:form_data, %{"email" => "", "password" => ""})}
+  end
+
+  @impl true
+  def handle_event("validate", %{"login" => params}, socket) do
+    {:noreply, assign(socket, :form_data, params)}
+  end
+
+  def handle_event("dev_login", %{"login" => params}, socket) do
+    email = params["email"]
+    password = params["password"]
+
+    case dev_login(email, password) do
+      {:ok, token} ->
+        {:noreply,
+         socket
+         |> put_flash(:info, "Login successful")
+         |> redirect(to: admin_path(socket) <> "?token=" <> Base.url_encode64(token))}
+
+      {:error, reason} ->
+        {:noreply, put_flash(socket, :error, reason)}
+    end
+  end
+
+  defp dev_login(email, _password) do
+    with true <- dev_mode?(),
+         user when not is_nil(user) <- Beacon.Auth.get_user_by_email(email),
+         token when is_binary(token) <- Beacon.Auth.create_session(user) do
+      {:ok, token}
+    else
+      false -> {:error, "Dev mode is not enabled"}
+      nil -> {:error, "No user found with that email"}
+      _ -> {:error, "Login failed"}
+    end
+  end
+
+  defp dev_mode? do
+    Code.ensure_loaded?(Beacon.Auth.Config) and Beacon.Auth.Config.dev_mode?()
+  end
+
+  defp providers do
+    if Code.ensure_loaded?(Beacon.Auth.Config) do
+      Beacon.Auth.Config.providers()
+    else
+      []
+    end
+  end
+
+  defp admin_path(socket) do
+    router = socket.router
+    prefix = router.__beacon_live_admin_prefix__()
+    prefix || "/admin"
+  end
+
+  @impl true
+  def render(assigns) do
+    ~H"""
+    <div class="login-card">
+      <div class="login-header">
+        <div class="login-logo">
+          <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round">
+            <circle cx="12" cy="12" r="3" />
+            <path d="M12 2v4m0 12v4m10-10h-4M6 12H2m15.07-7.07l-2.83 2.83M9.76 14.24l-2.83 2.83m11.14 0l-2.83-2.83M9.76 9.76L6.93 6.93" />
+          </svg>
+        </div>
+        <h1 class="login-title">Beacon Admin</h1>
+        <p class="login-subtitle">Sign in to manage your sites</p>
+      </div>
+
+      <%= if Phoenix.Flash.get(@flash, :error) do %>
+        <div class="flash-error"><%= Phoenix.Flash.get(@flash, :error) %></div>
+      <% end %>
+
+      <%= if Phoenix.Flash.get(@flash, :info) do %>
+        <div class="flash-info"><%= Phoenix.Flash.get(@flash, :info) %></div>
+      <% end %>
+
+      <%= if @providers != [] do %>
+        <%= for provider <- @providers do %>
+          <a href={admin_path(@socket) <> "/auth/#{provider.id}"} class="provider-btn">
+            <svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+              <path d="M15 3h4a2 2 0 0 1 2 2v14a2 2 0 0 1-2 2h-4" /><polyline points="10 17 15 12 10 7" /><line x1="15" y1="12" x2="3" y2="12" />
+            </svg>
+            Sign in with <%= provider.name || provider.id %>
+          </a>
+        <% end %>
+      <% end %>
+
+      <%= if @dev_mode? do %>
+        <%= if @providers != [] do %>
+          <div class="divider">or</div>
+        <% end %>
+
+        <form phx-submit="dev_login" phx-change="validate">
+          <div class="form-group">
+            <label class="form-label" for="login_email">Email</label>
+            <input
+              type="email"
+              id="login_email"
+              name="login[email]"
+              value={@form_data["email"]}
+              placeholder="admin@example.com"
+              class="form-input"
+              required
+            />
+          </div>
+          <div class="form-group">
+            <label class="form-label" for="login_password">Password</label>
+            <input
+              type="password"
+              id="login_password"
+              name="login[password]"
+              value={@form_data["password"]}
+              placeholder="password"
+              class="form-input"
+            />
+          </div>
+          <button type="submit" class="submit-btn">
+            Sign in (Dev Mode)
+          </button>
+        </form>
+      <% end %>
+
+      <%= if @providers == [] and not @dev_mode? do %>
+        <p style="text-align: center; color: #6b7280; font-size: 0.875rem;">
+          No authentication providers configured.
+          Please configure OIDC providers or enable dev mode.
+        </p>
+      <% end %>
+    </div>
+    """
+  end
+end

lib/beacon/live_admin/live/beacon_admin/dashboard_live.ex

@@ -0,0 +1,151 @@
+defmodule Beacon.LiveAdmin.BeaconAdmin.DashboardLive do
+  @moduledoc false
+
+  use Beacon.LiveAdmin.PageBuilder
+
+  alias Beacon.LiveAdmin.Cluster
+  alias Beacon.LiveAdmin.Client.Content
+
+  @impl true
+  def menu_link("/beacon", :dashboard), do: {:root, "Beacon Admin"}
+  def menu_link(_, _), do: :skip
+
+  @impl true
+  def handle_params(_params, _url, socket) do
+    sites = Cluster.running_sites()
+
+    site_stats =
+      Enum.map(sites, fn site ->
+        page_count =
+          try do
+            Content.count_pages(site)
+          rescue
+            _ -> 0
+          end
+
+        layout_count =
+          try do
+            Content.count_layouts(site)
+          rescue
+            _ -> 0
+          end
+
+        component_count =
+          try do
+            Content.count_components(site)
+          rescue
+            _ -> 0
+          end
+
+        %{
+          site: site,
+          page_count: page_count,
+          layout_count: layout_count,
+          component_count: component_count
+        }
+      end)
+
+    user_count =
+      try do
+        length(Beacon.Auth.list_users())
+      rescue
+        _ -> 0
+      end
+
+    {:noreply,
+     socket
+     |> assign(:sites, sites)
+     |> assign(:site_stats, site_stats)
+     |> assign(:user_count, user_count)
+     |> assign(page_title: "Beacon Admin")}
+  end
+
+  @impl true
+  def render(assigns) do
+    ~H"""
+    <div class="mx-auto max-w-6xl py-6 px-4">
+      <div class="mb-8">
+        <h1 class="text-2xl font-bold text-gray-900 dark:text-gray-100">Beacon Admin</h1>
+        <p class="mt-1 text-sm text-gray-500 dark:text-gray-400">Platform-wide overview and management</p>
+      </div>
+
+      <div class="grid grid-cols-1 sm:grid-cols-3 gap-4 mb-8">
+        <div class="bg-white dark:bg-gray-800 rounded-lg border border-gray-200 dark:border-gray-700 p-5">
+          <div class="text-sm font-medium text-gray-500 dark:text-gray-400">Sites</div>
+          <div class="mt-1 text-3xl font-bold text-gray-900 dark:text-gray-100"><%= length(@sites) %></div>
+        </div>
+        <div class="bg-white dark:bg-gray-800 rounded-lg border border-gray-200 dark:border-gray-700 p-5">
+          <div class="text-sm font-medium text-gray-500 dark:text-gray-400">Users</div>
+          <div class="mt-1 text-3xl font-bold text-gray-900 dark:text-gray-100"><%= @user_count %></div>
+        </div>
+        <div class="bg-white dark:bg-gray-800 rounded-lg border border-gray-200 dark:border-gray-700 p-5">
+          <div class="text-sm font-medium text-gray-500 dark:text-gray-400">Total Pages</div>
+          <div class="mt-1 text-3xl font-bold text-gray-900 dark:text-gray-100"><%= Enum.reduce(@site_stats, 0, &(&1.page_count + &2)) %></div>
+        </div>
+      </div>
+
+      <h2 class="text-lg font-semibold text-gray-900 dark:text-gray-100 mb-4">Sites</h2>
+      <div class="bg-white dark:bg-gray-800 rounded-lg border border-gray-200 dark:border-gray-700 overflow-hidden">
+        <table class="min-w-full divide-y divide-gray-200 dark:divide-gray-700">
+          <thead class="bg-gray-50 dark:bg-gray-900">
+            <tr>
+              <th class="px-4 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-400 uppercase">Site</th>
+              <th class="px-4 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-400 uppercase">Pages</th>
+              <th class="px-4 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-400 uppercase">Layouts</th>
+              <th class="px-4 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-400 uppercase">Components</th>
+              <th class="px-4 py-3 text-right text-xs font-medium text-gray-500 dark:text-gray-400 uppercase">Actions</th>
+            </tr>
+          </thead>
+          <tbody class="divide-y divide-gray-200 dark:divide-gray-700">
+            <%= for stat <- @site_stats do %>
+              <tr>
+                <td class="px-4 py-3 text-sm font-medium text-gray-900 dark:text-gray-100"><%= stat.site %></td>
+                <td class="px-4 py-3 text-sm text-gray-600 dark:text-gray-400"><%= stat.page_count %></td>
+                <td class="px-4 py-3 text-sm text-gray-600 dark:text-gray-400"><%= stat.layout_count %></td>
+                <td class="px-4 py-3 text-sm text-gray-600 dark:text-gray-400"><%= stat.component_count %></td>
+                <td class="px-4 py-3 text-right">
+                  <.link
+                    href={beacon_live_admin_path(@socket, stat.site, "/pages")}
+                    class="text-indigo-600 dark:text-indigo-400 hover:text-indigo-900 dark:hover:text-indigo-300 text-sm font-medium"
+                  >
+                    Manage
+                  </.link>
+                </td>
+              </tr>
+            <% end %>
+            <%= if @site_stats == [] do %>
+              <tr>
+                <td colspan="5" class="px-4 py-8 text-center text-sm text-gray-500 dark:text-gray-400">No sites running</td>
+              </tr>
+            <% end %>
+          </tbody>
+        </table>
+      </div>
+
+      <div class="mt-8 grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 gap-4">
+        <.link
+          href={beacon_live_admin_path(@socket, @beacon_page.site, "/beacon/users")}
+          class="block p-5 bg-white dark:bg-gray-800 rounded-lg border border-gray-200 dark:border-gray-700 hover:border-indigo-300 dark:hover:border-indigo-500/50 transition-all"
+        >
+          <div class="text-sm font-semibold text-gray-900 dark:text-gray-100">User Management</div>
+          <p class="mt-1 text-sm text-gray-500 dark:text-gray-400">Create, edit, and manage users and their roles</p>
+        </.link>
+        <.link
+          href={beacon_live_admin_path(@socket, @beacon_page.site, "/beacon/settings")}
+          class="block p-5 bg-white dark:bg-gray-800 rounded-lg border border-gray-200 dark:border-gray-700 hover:border-indigo-300 dark:hover:border-indigo-500/50 transition-all"
+        >
+          <div class="text-sm font-semibold text-gray-900 dark:text-gray-100">Global Settings</div>
+          <p class="mt-1 text-sm text-gray-500 dark:text-gray-400">Configure platform-wide defaults and policies</p>
+        </.link>
+        <.link
+          href={beacon_live_admin_path(@socket, @beacon_page.site, "/beacon/template_types")}
+          class="block p-5 bg-white dark:bg-gray-800 rounded-lg border border-gray-200 dark:border-gray-700 hover:border-indigo-300 dark:hover:border-indigo-500/50 transition-all"
+        >
+          <div class="text-sm font-semibold text-gray-900 dark:text-gray-100">Global Template Types</div>
+          <p class="mt-1 text-sm text-gray-500 dark:text-gray-400">Manage template types available to all sites</p>
+        </.link>
+      </div>
+    </div>
+    """
+  end
+end