From 5fc85a31d44d60a73000be1e7f7be5157ccd1c7f Mon Sep 17 00:00:00 2001
From: Alexey Pavlov <admin@zeroday.su>
Date: Sun, 31 May 2026 14:17:58 +0300
Subject: [PATCH] =?UTF-8?q?feat:=20admin=20panel=20=E2=80=94=20dashboard,?=
 =?UTF-8?q?=20articles=20list,=20editor,=20auth,=20cover=20regen,=20AI=20g?=
 =?UTF-8?q?enerate?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/admin/api/articles/[id]/cover/route.js |  18 ++
 app/admin/api/articles/[id]/route.js       |  18 ++
 app/admin/api/articles/generate/route.js   |  17 +
 app/admin/api/login/route.js               |  18 ++
 app/admin/api/logout/route.js              |   8 +
 app/admin/articles/[id]/page.js            |  29 ++
 app/admin/articles/new/page.js             |   9 +
 app/admin/articles/page.js                 | 100 ++++++
 app/admin/layout.js                        |  16 +
 app/admin/login/page.js                    |  61 ++++
 app/admin/page.js                          | 158 ++++++++++
 components/admin/AdminNav.js               |  71 +++++
 components/admin/ArticleEditor.js          | 349 +++++++++++++++++++++
 lib/adminAuth.js                           |  20 ++
 lib/engine.js                              |  36 +++
 15 files changed, 928 insertions(+)
 create mode 100644 app/admin/api/articles/[id]/cover/route.js
 create mode 100644 app/admin/api/articles/[id]/route.js
 create mode 100644 app/admin/api/articles/generate/route.js
 create mode 100644 app/admin/api/login/route.js
 create mode 100644 app/admin/api/logout/route.js
 create mode 100644 app/admin/articles/[id]/page.js
 create mode 100644 app/admin/articles/new/page.js
 create mode 100644 app/admin/articles/page.js
 create mode 100644 app/admin/layout.js
 create mode 100644 app/admin/login/page.js
 create mode 100644 app/admin/page.js
 create mode 100644 components/admin/AdminNav.js
 create mode 100644 components/admin/ArticleEditor.js
 create mode 100644 lib/adminAuth.js

diff --git a/app/admin/api/articles/[id]/cover/route.js b/app/admin/api/articles/[id]/cover/route.js
new file mode 100644
index 0000000..bed4cf8
--- /dev/null
+++ b/app/admin/api/articles/[id]/cover/route.js
@@ -0,0 +1,18 @@
+import { NextResponse } from 'next/server';
+import { checkAdminAuth } from '@/lib/adminAuth';
+import { adminBackfillCovers } from '@/lib/engine';
+
+export async function POST(req, { params }) {
+  if (!(await checkAdminAuth())) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+  const { id } = await params;
+  // Сбрасываем cover_url и запускаем backfill для этой статьи
+  const { adminUpdateArticle } = await import('@/lib/engine');
+  await adminUpdateArticle(id, { cover_url: null });
+  // backfill подхватит статью без обложки
+  const result = await adminBackfillCovers(1);
+  const article = result.results?.[0];
+  if (article?.status === 'ok') {
+    return NextResponse.json({ cover_url: article.url });
+  }
+  return NextResponse.json({ error: 'Cover generation failed' }, { status: 500 });
+}
diff --git a/app/admin/api/articles/[id]/route.js b/app/admin/api/articles/[id]/route.js
new file mode 100644
index 0000000..17119a0
--- /dev/null
+++ b/app/admin/api/articles/[id]/route.js
@@ -0,0 +1,18 @@
+import { NextResponse } from 'next/server';
+import { checkAdminAuth } from '@/lib/adminAuth';
+import { adminUpdateArticle, adminDeleteArticle } from '@/lib/engine';
+
+export async function PATCH(req, { params }) {
+  if (!(await checkAdminAuth())) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+  const { id } = await params;
+  const body = await req.json();
+  const result = await adminUpdateArticle(id, body);
+  return NextResponse.json(result);
+}
+
+export async function DELETE(req, { params }) {
+  if (!(await checkAdminAuth())) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+  const { id } = await params;
+  const result = await adminDeleteArticle(id);
+  return NextResponse.json(result);
+}
diff --git a/app/admin/api/articles/generate/route.js b/app/admin/api/articles/generate/route.js
new file mode 100644
index 0000000..17861eb
--- /dev/null
+++ b/app/admin/api/articles/generate/route.js
@@ -0,0 +1,17 @@
+import { NextResponse } from 'next/server';
+import { checkAdminAuth } from '@/lib/adminAuth';
+
+const ENGINE_URL = process.env.ENGINE_URL || 'http://127.0.0.1:3040';
+const ENGINE_SECRET = process.env.ENGINE_SECRET || 'zeropost_internal_2026';
+
+export async function POST(req) {
+  if (!(await checkAdminAuth())) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+  const body = await req.json();
+  const res = await fetch(`${ENGINE_URL}/api/articles/generate`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', 'x-internal-secret': ENGINE_SECRET },
+    body: JSON.stringify(body),
+  });
+  if (!res.ok) return NextResponse.json({ error: await res.text() }, { status: res.status });
+  return NextResponse.json(await res.json());
+}
diff --git a/app/admin/api/login/route.js b/app/admin/api/login/route.js
new file mode 100644
index 0000000..8c54fca
--- /dev/null
+++ b/app/admin/api/login/route.js
@@ -0,0 +1,18 @@
+import { NextResponse } from 'next/server';
+import { SESSION_COOKIE, VALID_TOKEN } from '@/lib/adminAuth';
+
+export async function POST(req) {
+  const { password } = await req.json();
+  if (password !== VALID_TOKEN) {
+    return NextResponse.json({ error: 'Invalid password' }, { status: 401 });
+  }
+  const res = NextResponse.json({ ok: true });
+  res.cookies.set(SESSION_COOKIE, VALID_TOKEN, {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === 'production',
+    sameSite: 'lax',
+    maxAge: 60 * 60 * 24 * 30, // 30 дней
+    path: '/',
+  });
+  return res;
+}
diff --git a/app/admin/api/logout/route.js b/app/admin/api/logout/route.js
new file mode 100644
index 0000000..4ae30da
--- /dev/null
+++ b/app/admin/api/logout/route.js
@@ -0,0 +1,8 @@
+import { NextResponse } from 'next/server';
+import { SESSION_COOKIE } from '@/lib/adminAuth';
+
+export async function POST() {
+  const res = NextResponse.json({ ok: true });
+  res.cookies.set(SESSION_COOKIE, '', { maxAge: 0, path: '/' });
+  return res;
+}
diff --git a/app/admin/articles/[id]/page.js b/app/admin/articles/[id]/page.js
new file mode 100644
index 0000000..74ba271
--- /dev/null
+++ b/app/admin/articles/[id]/page.js
@@ -0,0 +1,29 @@
+import { requireAdminAuth } from '@/lib/adminAuth';
+import { adminGetArticle } from '@/lib/engine';
+import ArticleEditor from '@/components/admin/ArticleEditor';
+import { notFound } from 'next/navigation';
+
+export const dynamic = 'force-dynamic';
+
+export async function generateMetadata({ params }) {
+  const { id } = await params;
+  if (id === 'new') return { title: 'Новая статья' };
+  try {
+    const a = await adminGetArticle(id);
+    return { title: a?.title ? `Редактировать: ${a.title.slice(0, 40)}` : 'Редактировать' };
+  } catch { return { title: 'Редактировать' }; }
+}
+
+export default async function AdminArticlePage({ params }) {
+  await requireAdminAuth();
+  const { id } = await params;
+
+  let article = null;
+  if (id !== 'new') {
+    try { article = await adminGetArticle(id); }
+    catch { notFound(); }
+    if (!article) notFound();
+  }
+
+  return <ArticleEditor article={article} />;
+}
diff --git a/app/admin/articles/new/page.js b/app/admin/articles/new/page.js
new file mode 100644
index 0000000..cf85937
--- /dev/null
+++ b/app/admin/articles/new/page.js
@@ -0,0 +1,9 @@
+import ArticleEditor from '@/components/admin/ArticleEditor';
+import { requireAdminAuth } from '@/lib/adminAuth';
+
+export const metadata = { title: 'Новая статья' };
+
+export default async function NewArticlePage() {
+  await requireAdminAuth();
+  return <ArticleEditor article={null} />;
+}
diff --git a/app/admin/articles/page.js b/app/admin/articles/page.js
new file mode 100644
index 0000000..162f906
--- /dev/null
+++ b/app/admin/articles/page.js
@@ -0,0 +1,100 @@
+import Link from 'next/link';
+import { requireAdminAuth } from '@/lib/adminAuth';
+import { adminListArticles } from '@/lib/engine';
+import { Plus, Pencil, Eye } from 'lucide-react';
+
+export const dynamic = 'force-dynamic';
+export const metadata = { title: 'Статьи' };
+
+export default async function AdminArticlesPage() {
+  await requireAdminAuth();
+  const raw = await adminListArticles({ limit: 100 });
+  const articles = Array.isArray(raw) ? raw : raw?.articles || [];
+
+  return (
+    <div className="space-y-6">
+      <div className="flex items-center justify-between">
+        <h1 className="text-2xl font-bold text-neutral-900 dark:text-neutral-100">Статьи</h1>
+        <Link
+          href="/admin/articles/new"
+          className="inline-flex items-center gap-2 px-4 py-2 rounded-lg bg-emerald-500 hover:bg-emerald-600 text-white text-sm font-medium transition-colors"
+        >
+          <Plus className="w-4 h-4" />
+          Новая статья
+        </Link>
+      </div>
+
+      <div className="bg-white dark:bg-neutral-900 rounded-xl border border-neutral-200 dark:border-neutral-800 overflow-hidden">
+        <table className="w-full text-sm">
+          <thead>
+            <tr className="border-b border-neutral-100 dark:border-neutral-800 text-left">
+              <th className="px-5 py-3 text-xs font-semibold text-neutral-500 uppercase tracking-wide">Статья</th>
+              <th className="px-3 py-3 text-xs font-semibold text-neutral-500 uppercase tracking-wide hidden md:table-cell">Теги</th>
+              <th className="px-3 py-3 text-xs font-semibold text-neutral-500 uppercase tracking-wide">Статус</th>
+              <th className="px-3 py-3 text-xs font-semibold text-neutral-500 uppercase tracking-wide hidden lg:table-cell">Дата</th>
+              <th className="px-3 py-3 text-xs font-semibold text-neutral-500 uppercase tracking-wide">Действия</th>
+            </tr>
+          </thead>
+          <tbody className="divide-y divide-neutral-100 dark:divide-neutral-800">
+            {articles.map(a => (
+              <tr key={a.id} className="hover:bg-neutral-50 dark:hover:bg-neutral-800 transition-colors group">
+                <td className="px-5 py-3.5">
+                  <div className="flex items-center gap-3">
+                    <div className="w-12 h-8 rounded-md overflow-hidden bg-neutral-100 dark:bg-neutral-800 shrink-0">
+                      {a.cover_url && <img src={a.cover_url} alt="" className="w-full h-full object-cover" />}
+                    </div>
+                    <div className="min-w-0">
+                      <div className="font-medium text-neutral-900 dark:text-neutral-100 truncate max-w-xs">{a.title}</div>
+                      <div className="text-xs text-neutral-400 truncate max-w-xs">{a.slug}</div>
+                    </div>
+                  </div>
+                </td>
+                <td className="px-3 py-3.5 hidden md:table-cell">
+                  <div className="flex flex-wrap gap-1">
+                    {(a.tags || []).slice(0, 3).map(t => (
+                      <span key={t} className="text-xs bg-neutral-100 dark:bg-neutral-800 text-neutral-500 px-1.5 py-0.5 rounded">#{t}</span>
+                    ))}
+                  </div>
+                </td>
+                <td className="px-3 py-3.5">
+                  <span className={`text-xs px-2 py-0.5 rounded-full font-medium ${
+                    a.status === 'published'
+                      ? 'bg-emerald-50 dark:bg-emerald-950 text-emerald-600 dark:text-emerald-400'
+                      : 'bg-amber-50 dark:bg-amber-950 text-amber-600 dark:text-amber-400'
+                  }`}>
+                    {a.status === 'published' ? 'Опубликована' : 'Черновик'}
+                  </span>
+                </td>
+                <td className="px-3 py-3.5 text-xs text-neutral-400 hidden lg:table-cell">
+                  {a.published_at ? new Date(a.published_at).toLocaleDateString('ru-RU') : '—'}
+                </td>
+                <td className="px-3 py-3.5">
+                  <div className="flex items-center gap-1">
+                    <Link
+                      href={`/admin/articles/${a.id}`}
+                      className="p-1.5 rounded-lg hover:bg-neutral-100 dark:hover:bg-neutral-700 text-neutral-400 hover:text-neutral-700 dark:hover:text-neutral-200 transition-colors"
+                      title="Редактировать"
+                    >
+                      <Pencil className="w-3.5 h-3.5" />
+                    </Link>
+                    <Link
+                      href={`/blog/${a.slug}`}
+                      target="_blank"
+                      className="p-1.5 rounded-lg hover:bg-neutral-100 dark:hover:bg-neutral-700 text-neutral-400 hover:text-neutral-700 dark:hover:text-neutral-200 transition-colors"
+                      title="Открыть на сайте"
+                    >
+                      <Eye className="w-3.5 h-3.5" />
+                    </Link>
+                  </div>
+                </td>
+              </tr>
+            ))}
+          </tbody>
+        </table>
+        {articles.length === 0 && (
+          <div className="px-5 py-12 text-center text-sm text-neutral-400">Статей пока нет</div>
+        )}
+      </div>
+    </div>
+  );
+}
diff --git a/app/admin/layout.js b/app/admin/layout.js
new file mode 100644
index 0000000..cc11ada
--- /dev/null
+++ b/app/admin/layout.js
@@ -0,0 +1,16 @@
+import { requireAdminAuth } from '@/lib/adminAuth';
+import AdminNav from '@/components/admin/AdminNav';
+
+export const metadata = { title: { default: 'Admin — ZeroPost', template: '%s — Admin' } };
+
+export default async function AdminLayout({ children }) {
+  await requireAdminAuth();
+  return (
+    <div className="min-h-screen bg-stone-50 dark:bg-neutral-950">
+      <AdminNav />
+      <main className="max-w-6xl mx-auto px-4 py-8">
+        {children}
+      </main>
+    </div>
+  );
+}
diff --git a/app/admin/login/page.js b/app/admin/login/page.js
new file mode 100644
index 0000000..307e3a9
--- /dev/null
+++ b/app/admin/login/page.js
@@ -0,0 +1,61 @@
+'use client';
+import { useState } from 'react';
+import { useRouter } from 'next/navigation';
+
+export default function AdminLoginPage() {
+  const router = useRouter();
+  const [password, setPassword] = useState('');
+  const [error, setError] = useState('');
+  const [loading, setLoading] = useState(false);
+
+  async function handleSubmit(e) {
+    e.preventDefault();
+    setLoading(true);
+    setError('');
+    const res = await fetch('/admin/api/login', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ password }),
+    });
+    if (res.ok) {
+      router.push('/admin');
+      router.refresh();
+    } else {
+      setError('Неверный пароль');
+      setLoading(false);
+    }
+  }
+
+  return (
+    <div className="min-h-screen flex items-center justify-center bg-stone-50 dark:bg-neutral-950">
+      <div className="w-full max-w-sm">
+        <div className="mb-8 text-center">
+          <div className="inline-flex items-center justify-center w-12 h-12 rounded-xl bg-emerald-500 text-white font-bold text-xl mb-4">Z</div>
+          <h1 className="text-xl font-bold text-neutral-900 dark:text-neutral-100">ZeroPost Admin</h1>
+          <p className="text-sm text-neutral-500 mt-1">Введите пароль для входа</p>
+        </div>
+        <form onSubmit={handleSubmit} className="bg-white dark:bg-neutral-900 rounded-2xl shadow-sm border border-neutral-200 dark:border-neutral-800 p-6 space-y-4">
+          <div>
+            <label className="block text-sm font-medium text-neutral-700 dark:text-neutral-300 mb-1.5">Пароль</label>
+            <input
+              type="password"
+              value={password}
+              onChange={e => setPassword(e.target.value)}
+              className="w-full px-3 py-2 rounded-lg border border-neutral-200 dark:border-neutral-700 bg-stone-50 dark:bg-neutral-800 text-neutral-900 dark:text-neutral-100 text-sm focus:outline-none focus:ring-2 focus:ring-emerald-500"
+              placeholder="••••••••"
+              autoFocus
+            />
+          </div>
+          {error && <p className="text-sm text-red-500">{error}</p>}
+          <button
+            type="submit"
+            disabled={loading || !password}
+            className="w-full py-2 rounded-lg bg-emerald-500 hover:bg-emerald-600 disabled:opacity-50 text-white font-medium text-sm transition-colors"
+          >
+            {loading ? 'Вход...' : 'Войти'}
+          </button>
+        </form>
+      </div>
+    </div>
+  );
+}
diff --git a/app/admin/page.js b/app/admin/page.js
new file mode 100644
index 0000000..9043e40
--- /dev/null
+++ b/app/admin/page.js
@@ -0,0 +1,158 @@
+import Link from 'next/link';
+import { requireAdminAuth } from '@/lib/adminAuth';
+import { adminListArticles, getStats } from '@/lib/engine';
+import { FileText, Eye, TrendingUp, Plus, Image, RefreshCw } from 'lucide-react';
+
+export const dynamic = 'force-dynamic';
+export const metadata = { title: 'Дашборд' };
+
+function StatCard({ label, value, icon: Icon, color = 'emerald' }) {
+  const colors = {
+    emerald: 'bg-emerald-50 dark:bg-emerald-950 text-emerald-600 dark:text-emerald-400',
+    blue: 'bg-blue-50 dark:bg-blue-950 text-blue-600 dark:text-blue-400',
+    amber: 'bg-amber-50 dark:bg-amber-950 text-amber-600 dark:text-amber-400',
+  };
+  return (
+    <div className="bg-white dark:bg-neutral-900 rounded-xl border border-neutral-200 dark:border-neutral-800 p-5">
+      <div className="flex items-center gap-3 mb-3">
+        <div className={`w-9 h-9 rounded-lg flex items-center justify-center ${colors[color]}`}>
+          <Icon className="w-4.5 h-4.5 w-[18px] h-[18px]" />
+        </div>
+        <span className="text-sm text-neutral-500 dark:text-neutral-400">{label}</span>
+      </div>
+      <div className="text-2xl font-bold text-neutral-900 dark:text-neutral-100">{value ?? '—'}</div>
+    </div>
+  );
+}
+
+export default async function AdminDashboard() {
+  await requireAdminAuth();
+
+  const [articles, stats] = await Promise.allSettled([
+    adminListArticles({ limit: 50 }),
+    getStats(),
+  ]);
+
+  const arts = articles.status === 'fulfilled' ? (Array.isArray(articles.value) ? articles.value : articles.value?.articles || []) : [];
+  const st = stats.status === 'fulfilled' ? stats.value : null;
+
+  const published = arts.filter(a => a.status === 'published').length;
+  const drafts = arts.filter(a => a.status === 'draft').length;
+  const withoutCover = arts.filter(a => !a.cover_url).length;
+  const recentArts = arts.slice(0, 8);
+
+  return (
+    <div className="space-y-8">
+      <div className="flex items-center justify-between">
+        <div>
+          <h1 className="text-2xl font-bold text-neutral-900 dark:text-neutral-100">Дашборд</h1>
+          <p className="text-sm text-neutral-500 mt-0.5">Управление контентом zeropost.ru</p>
+        </div>
+        <Link
+          href="/admin/articles/new"
+          className="inline-flex items-center gap-2 px-4 py-2 rounded-lg bg-emerald-500 hover:bg-emerald-600 text-white text-sm font-medium transition-colors"
+        >
+          <Plus className="w-4 h-4" />
+          Новая статья
+        </Link>
+      </div>
+
+      {/* Статистика */}
+      <div className="grid grid-cols-2 lg:grid-cols-4 gap-4">
+        <StatCard label="Опубликовано" value={published} icon={FileText} color="emerald" />
+        <StatCard label="Черновики" value={drafts} icon={FileText} color="amber" />
+        <StatCard label="Просмотры (всего)" value={st?.total_views ?? '—'} icon={Eye} color="blue" />
+        <StatCard label="Без обложки" value={withoutCover} icon={Image} color={withoutCover > 0 ? 'amber' : 'emerald'} />
+      </div>
+
+      {/* Быстрые действия */}
+      <div className="bg-white dark:bg-neutral-900 rounded-xl border border-neutral-200 dark:border-neutral-800 p-5">
+        <h2 className="text-sm font-semibold text-neutral-900 dark:text-neutral-100 mb-4">Быстрые действия</h2>
+        <div className="flex flex-wrap gap-3">
+          <Link
+            href="/admin/articles/new"
+            className="inline-flex items-center gap-2 px-3 py-2 rounded-lg border border-neutral-200 dark:border-neutral-700 text-sm hover:bg-neutral-50 dark:hover:bg-neutral-800 transition-colors"
+          >
+            <Plus className="w-4 h-4 text-emerald-500" />
+            Написать статью
+          </Link>
+          <Link
+            href="/admin/articles"
+            className="inline-flex items-center gap-2 px-3 py-2 rounded-lg border border-neutral-200 dark:border-neutral-700 text-sm hover:bg-neutral-50 dark:hover:bg-neutral-800 transition-colors"
+          >
+            <FileText className="w-4 h-4 text-blue-500" />
+            Все статьи
+          </Link>
+          {withoutCover > 0 && (
+            <BackfillButton count={withoutCover} />
+          )}
+        </div>
+      </div>
+
+      {/* Последние статьи */}
+      <div className="bg-white dark:bg-neutral-900 rounded-xl border border-neutral-200 dark:border-neutral-800">
+        <div className="flex items-center justify-between px-5 py-4 border-b border-neutral-100 dark:border-neutral-800">
+          <h2 className="text-sm font-semibold text-neutral-900 dark:text-neutral-100">Последние статьи</h2>
+          <Link href="/admin/articles" className="text-xs text-emerald-600 dark:text-emerald-400 hover:underline">
+            Все →
+          </Link>
+        </div>
+        <div className="divide-y divide-neutral-100 dark:divide-neutral-800">
+          {recentArts.map(a => (
+            <Link
+              key={a.id}
+              href={`/admin/articles/${a.id}`}
+              className="flex items-center gap-4 px-5 py-3.5 hover:bg-neutral-50 dark:hover:bg-neutral-800 transition-colors group"
+            >
+              {/* Обложка-превью */}
+              <div className="w-14 h-9 rounded-lg overflow-hidden bg-neutral-100 dark:bg-neutral-800 shrink-0">
+                {a.cover_url ? (
+                  <img src={a.cover_url} alt="" className="w-full h-full object-cover" />
+                ) : (
+                  <div className="w-full h-full flex items-center justify-center">
+                    <Image className="w-4 h-4 text-neutral-300" />
+                  </div>
+                )}
+              </div>
+              <div className="flex-1 min-w-0">
+                <div className="text-sm font-medium text-neutral-900 dark:text-neutral-100 truncate group-hover:text-emerald-600 dark:group-hover:text-emerald-400 transition-colors">
+                  {a.title}
+                </div>
+                <div className="flex items-center gap-2 mt-0.5">
+                  <span className={`text-xs px-1.5 py-0.5 rounded-full font-medium ${
+                    a.status === 'published'
+                      ? 'bg-emerald-50 dark:bg-emerald-950 text-emerald-600 dark:text-emerald-400'
+                      : 'bg-amber-50 dark:bg-amber-950 text-amber-600 dark:text-amber-400'
+                  }`}>
+                    {a.status === 'published' ? 'Опубликовано' : 'Черновик'}
+                  </span>
+                  {a.tags?.slice(0, 2).map(t => (
+                    <span key={t} className="text-xs text-neutral-400">#{t}</span>
+                  ))}
+                </div>
+              </div>
+              <div className="text-xs text-neutral-400 shrink-0">
+                {a.published_at ? new Date(a.published_at).toLocaleDateString('ru-RU', { day: 'numeric', month: 'short' }) : '—'}
+              </div>
+            </Link>
+          ))}
+        </div>
+      </div>
+    </div>
+  );
+}
+
+// Кнопка backfill — клиентская
+function BackfillButton({ count }) {
+  return (
+    <form action="/admin/api/backfill" method="POST">
+      <Link
+        href="/admin/articles?backfill=1"
+        className="inline-flex items-center gap-2 px-3 py-2 rounded-lg border border-amber-200 dark:border-amber-800 text-sm text-amber-700 dark:text-amber-400 hover:bg-amber-50 dark:hover:bg-amber-950 transition-colors"
+      >
+        <RefreshCw className="w-4 h-4" />
+        Догенерировать обложки ({count})
+      </Link>
+    </form>
+  );
+}
diff --git a/components/admin/AdminNav.js b/components/admin/AdminNav.js
new file mode 100644
index 0000000..e76e1d4
--- /dev/null
+++ b/components/admin/AdminNav.js
@@ -0,0 +1,71 @@
+'use client';
+import Link from 'next/link';
+import { usePathname, useRouter } from 'next/navigation';
+import { LayoutDashboard, FileText, LogOut, ExternalLink } from 'lucide-react';
+
+const NAV = [
+  { href: '/admin', label: 'Дашборд', icon: LayoutDashboard, exact: true },
+  { href: '/admin/articles', label: 'Статьи', icon: FileText },
+];
+
+export default function AdminNav() {
+  const pathname = usePathname();
+  const router = useRouter();
+
+  async function logout() {
+    await fetch('/admin/api/logout', { method: 'POST' });
+    router.push('/admin/login');
+    router.refresh();
+  }
+
+  return (
+    <header className="border-b border-neutral-200 dark:border-neutral-800 bg-white dark:bg-neutral-900">
+      <div className="max-w-6xl mx-auto px-4 h-14 flex items-center gap-6">
+        {/* Логотип */}
+        <Link href="/admin" className="flex items-center gap-2 font-bold text-sm text-neutral-900 dark:text-neutral-100 shrink-0">
+          <span className="w-7 h-7 rounded-lg bg-emerald-500 text-white flex items-center justify-center text-xs font-bold">Z</span>
+          Admin
+        </Link>
+
+        {/* Навигация */}
+        <nav className="flex items-center gap-1 flex-1">
+          {NAV.map(({ href, label, icon: Icon, exact }) => {
+            const active = exact ? pathname === href : pathname.startsWith(href);
+            return (
+              <Link
+                key={href}
+                href={href}
+                className={`flex items-center gap-1.5 px-3 py-1.5 rounded-lg text-sm font-medium transition-colors ${
+                  active
+                    ? 'bg-emerald-50 dark:bg-emerald-950 text-emerald-700 dark:text-emerald-400'
+                    : 'text-neutral-500 dark:text-neutral-400 hover:text-neutral-900 dark:hover:text-neutral-100 hover:bg-neutral-100 dark:hover:bg-neutral-800'
+                }`}
+              >
+                <Icon className="w-4 h-4" />
+                {label}
+              </Link>
+            );
+          })}
+        </nav>
+
+        {/* Правая часть */}
+        <div className="flex items-center gap-2 shrink-0">
+          <Link
+            href="/"
+            target="_blank"
+            className="flex items-center gap-1 text-xs text-neutral-400 hover:text-neutral-600 dark:hover:text-neutral-300 transition-colors"
+          >
+            <ExternalLink className="w-3.5 h-3.5" />
+            Сайт
+          </Link>
+          <button
+            onClick={logout}
+            className="flex items-center gap-1 px-2.5 py-1.5 rounded-lg text-sm text-neutral-500 hover:text-red-600 hover:bg-red-50 dark:hover:bg-red-950 transition-colors"
+          >
+            <LogOut className="w-4 h-4" />
+          </button>
+        </div>
+      </div>
+    </header>
+  );
+}
diff --git a/components/admin/ArticleEditor.js b/components/admin/ArticleEditor.js
new file mode 100644
index 0000000..a2daf11
--- /dev/null
+++ b/components/admin/ArticleEditor.js
@@ -0,0 +1,349 @@
+'use client';
+import { useState } from 'react';
+import { useRouter } from 'next/navigation';
+import Link from 'next/link';
+import { ArrowLeft, Save, Trash2, RefreshCw, Eye, Sparkles } from 'lucide-react';
+
+export default function ArticleEditor({ article }) {
+  const router = useRouter();
+  const isNew = !article;
+
+  const [title, setTitle] = useState(article?.title || '');
+  const [excerpt, setExcerpt] = useState(article?.excerpt || '');
+  const [content, setContent] = useState(article?.content || '');
+  const [tags, setTags] = useState((article?.tags || []).join(', '));
+  const [status, setStatus] = useState(article?.status || 'draft');
+  const [seoTitle, setSeoTitle] = useState(article?.seo_title || '');
+  const [seoDescr, setSeoDescr] = useState(article?.seo_descr || '');
+  const [coverUrl, setCoverUrl] = useState(article?.cover_url || '');
+
+  const [saving, setSaving] = useState(false);
+  const [deleting, setDeleting] = useState(false);
+  const [regenerating, setRegenerating] = useState(false);
+  const [generating, setGenerating] = useState(false);
+  const [toast, setToast] = useState(null);
+  const [genTopic, setGenTopic] = useState('');
+  const [showGenModal, setShowGenModal] = useState(false);
+
+  function showToast(msg, type = 'success') {
+    setToast({ msg, type });
+    setTimeout(() => setToast(null), 3000);
+  }
+
+  async function save() {
+    if (!title.trim()) return showToast('Укажите заголовок', 'error');
+    setSaving(true);
+    try {
+      const body = {
+        title: title.trim(),
+        excerpt: excerpt.trim(),
+        content: content.trim(),
+        tags: tags.split(',').map(t => t.trim()).filter(Boolean),
+        status,
+        seo_title: seoTitle.trim() || null,
+        seo_descr: seoDescr.trim() || null,
+        cover_url: coverUrl.trim() || null,
+      };
+      if (isNew) {
+        // Генерируем через engine
+        const res = await fetch('/admin/api/articles', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify(body),
+        });
+        if (!res.ok) throw new Error(await res.text());
+        const created = await res.json();
+        showToast('Статья создана');
+        router.push(`/admin/articles/${created.id}`);
+      } else {
+        const res = await fetch(`/admin/api/articles/${article.id}`, {
+          method: 'PATCH',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify(body),
+        });
+        if (!res.ok) throw new Error(await res.text());
+        showToast('Сохранено');
+        router.refresh();
+      }
+    } catch (e) {
+      showToast(e.message.slice(0, 100), 'error');
+    } finally {
+      setSaving(false);
+    }
+  }
+
+  async function deleteArticle() {
+    if (!confirm('Удалить статью? Это действие необратимо.')) return;
+    setDeleting(true);
+    try {
+      const res = await fetch(`/admin/api/articles/${article.id}`, { method: 'DELETE' });
+      if (!res.ok) throw new Error(await res.text());
+      router.push('/admin/articles');
+    } catch (e) {
+      showToast(e.message.slice(0, 100), 'error');
+      setDeleting(false);
+    }
+  }
+
+  async function regenerateCover() {
+    if (!article?.id) return;
+    setRegenerating(true);
+    try {
+      const res = await fetch(`/admin/api/articles/${article.id}/cover`, { method: 'POST' });
+      if (!res.ok) throw new Error(await res.text());
+      const { cover_url } = await res.json();
+      setCoverUrl(cover_url);
+      showToast('Обложка обновлена');
+      router.refresh();
+    } catch (e) {
+      showToast('Ошибка: ' + e.message.slice(0, 80), 'error');
+    } finally {
+      setRegenerating(false);
+    }
+  }
+
+  async function generateWithAI() {
+    if (!genTopic.trim()) return;
+    setGenerating(true);
+    setShowGenModal(false);
+    try {
+      const res = await fetch('/admin/api/articles/generate', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ topic: genTopic, autoPublish: false }),
+      });
+      if (!res.ok) throw new Error(await res.text());
+      const a = await res.json();
+      router.push(`/admin/articles/${a.id}`);
+    } catch (e) {
+      showToast('Ошибка генерации: ' + e.message.slice(0, 80), 'error');
+      setGenerating(false);
+    }
+  }
+
+  const ENGINE_URL = process.env.NEXT_PUBLIC_ENGINE_URL || '';
+
+  return (
+    <div className="space-y-6 max-w-4xl">
+      {/* Toast */}
+      {toast && (
+        <div className={`fixed top-4 right-4 z-50 px-4 py-2.5 rounded-xl text-sm font-medium shadow-lg transition-all ${
+          toast.type === 'error'
+            ? 'bg-red-500 text-white'
+            : 'bg-emerald-500 text-white'
+        }`}>
+          {toast.msg}
+        </div>
+      )}
+
+      {/* Заголовок страницы */}
+      <div className="flex items-center justify-between">
+        <div className="flex items-center gap-3">
+          <Link href="/admin/articles" className="p-1.5 rounded-lg hover:bg-neutral-100 dark:hover:bg-neutral-800 transition-colors text-neutral-400">
+            <ArrowLeft className="w-4 h-4" />
+          </Link>
+          <h1 className="text-xl font-bold text-neutral-900 dark:text-neutral-100">
+            {isNew ? 'Новая статья' : 'Редактировать статью'}
+          </h1>
+        </div>
+        <div className="flex items-center gap-2">
+          {isNew && (
+            <button
+              onClick={() => setShowGenModal(true)}
+              className="inline-flex items-center gap-1.5 px-3 py-2 rounded-lg border border-neutral-200 dark:border-neutral-700 text-sm hover:bg-neutral-50 dark:hover:bg-neutral-800 transition-colors"
+            >
+              <Sparkles className="w-4 h-4 text-emerald-500" />
+              {generating ? 'Генерация...' : 'AI-генерация'}
+            </button>
+          )}
+          {!isNew && article.slug && (
+            <Link
+              href={`/blog/${article.slug}`}
+              target="_blank"
+              className="inline-flex items-center gap-1.5 px-3 py-2 rounded-lg border border-neutral-200 dark:border-neutral-700 text-sm hover:bg-neutral-50 dark:hover:bg-neutral-800 transition-colors"
+            >
+              <Eye className="w-4 h-4" />
+              Просмотр
+            </Link>
+          )}
+          {!isNew && (
+            <button
+              onClick={deleteArticle}
+              disabled={deleting}
+              className="inline-flex items-center gap-1.5 px-3 py-2 rounded-lg border border-red-200 dark:border-red-900 text-sm text-red-600 dark:text-red-400 hover:bg-red-50 dark:hover:bg-red-950 transition-colors disabled:opacity-50"
+            >
+              <Trash2 className="w-4 h-4" />
+              {deleting ? 'Удаление...' : 'Удалить'}
+            </button>
+          )}
+          <button
+            onClick={save}
+            disabled={saving}
+            className="inline-flex items-center gap-1.5 px-4 py-2 rounded-lg bg-emerald-500 hover:bg-emerald-600 disabled:opacity-50 text-white text-sm font-medium transition-colors"
+          >
+            <Save className="w-4 h-4" />
+            {saving ? 'Сохранение...' : 'Сохранить'}
+          </button>
+        </div>
+      </div>
+
+      {/* AI-генерация modal */}
+      {showGenModal && (
+        <div className="fixed inset-0 z-50 flex items-center justify-center bg-black/40" onClick={() => setShowGenModal(false)}>
+          <div className="bg-white dark:bg-neutral-900 rounded-2xl shadow-xl p-6 w-full max-w-md mx-4" onClick={e => e.stopPropagation()}>
+            <h2 className="text-lg font-bold text-neutral-900 dark:text-neutral-100 mb-4">Сгенерировать статью AI</h2>
+            <input
+              type="text"
+              value={genTopic}
+              onChange={e => setGenTopic(e.target.value)}
+              placeholder="Тема статьи, например: промпт-инжиниринг для e-commerce"
+              className="w-full px-3 py-2 rounded-lg border border-neutral-200 dark:border-neutral-700 bg-stone-50 dark:bg-neutral-800 text-sm text-neutral-900 dark:text-neutral-100 focus:outline-none focus:ring-2 focus:ring-emerald-500 mb-4"
+              autoFocus
+              onKeyDown={e => e.key === 'Enter' && generateWithAI()}
+            />
+            <div className="flex gap-2 justify-end">
+              <button onClick={() => setShowGenModal(false)} className="px-4 py-2 rounded-lg text-sm text-neutral-500 hover:bg-neutral-100 dark:hover:bg-neutral-800 transition-colors">
+                Отмена
+              </button>
+              <button
+                onClick={generateWithAI}
+                disabled={!genTopic.trim()}
+                className="px-4 py-2 rounded-lg bg-emerald-500 hover:bg-emerald-600 disabled:opacity-50 text-white text-sm font-medium transition-colors"
+              >
+                Генерировать
+              </button>
+            </div>
+          </div>
+        </div>
+      )}
+
+      <div className="grid lg:grid-cols-[1fr_280px] gap-6">
+        {/* Основное */}
+        <div className="space-y-4">
+          <div className="bg-white dark:bg-neutral-900 rounded-xl border border-neutral-200 dark:border-neutral-800 p-5 space-y-4">
+            <div>
+              <label className="block text-xs font-semibold text-neutral-500 uppercase tracking-wide mb-1.5">Заголовок</label>
+              <input
+                type="text"
+                value={title}
+                onChange={e => setTitle(e.target.value)}
+                className="w-full px-3 py-2 rounded-lg border border-neutral-200 dark:border-neutral-700 bg-stone-50 dark:bg-neutral-800 text-neutral-900 dark:text-neutral-100 text-sm focus:outline-none focus:ring-2 focus:ring-emerald-500"
+                placeholder="Заголовок статьи"
+              />
+            </div>
+            <div>
+              <label className="block text-xs font-semibold text-neutral-500 uppercase tracking-wide mb-1.5">Краткое описание</label>
+              <textarea
+                value={excerpt}
+                onChange={e => setExcerpt(e.target.value)}
+                rows={2}
+                className="w-full px-3 py-2 rounded-lg border border-neutral-200 dark:border-neutral-700 bg-stone-50 dark:bg-neutral-800 text-neutral-900 dark:text-neutral-100 text-sm focus:outline-none focus:ring-2 focus:ring-emerald-500 resize-none"
+                placeholder="Краткое описание для карточки и SEO"
+              />
+            </div>
+          </div>
+
+          <div className="bg-white dark:bg-neutral-900 rounded-xl border border-neutral-200 dark:border-neutral-800 p-5">
+            <label className="block text-xs font-semibold text-neutral-500 uppercase tracking-wide mb-1.5">Контент (Markdown)</label>
+            <textarea
+              value={content}
+              onChange={e => setContent(e.target.value)}
+              rows={24}
+              className="w-full px-3 py-2 rounded-lg border border-neutral-200 dark:border-neutral-700 bg-stone-50 dark:bg-neutral-800 text-neutral-900 dark:text-neutral-100 text-sm font-mono focus:outline-none focus:ring-2 focus:ring-emerald-500 resize-y"
+              placeholder="# Заголовок&#10;&#10;Текст статьи в Markdown..."
+            />
+          </div>
+        </div>
+
+        {/* Боковая панель */}
+        <div className="space-y-4">
+          {/* Статус */}
+          <div className="bg-white dark:bg-neutral-900 rounded-xl border border-neutral-200 dark:border-neutral-800 p-4 space-y-3">
+            <h3 className="text-xs font-semibold text-neutral-500 uppercase tracking-wide">Публикация</h3>
+            <select
+              value={status}
+              onChange={e => setStatus(e.target.value)}
+              className="w-full px-3 py-2 rounded-lg border border-neutral-200 dark:border-neutral-700 bg-stone-50 dark:bg-neutral-800 text-neutral-900 dark:text-neutral-100 text-sm focus:outline-none focus:ring-2 focus:ring-emerald-500"
+            >
+              <option value="draft">Черновик</option>
+              <option value="published">Опубликована</option>
+            </select>
+            <div>
+              <label className="block text-xs font-medium text-neutral-500 mb-1">Теги (через запятую)</label>
+              <input
+                type="text"
+                value={tags}
+                onChange={e => setTags(e.target.value)}
+                className="w-full px-3 py-2 rounded-lg border border-neutral-200 dark:border-neutral-700 bg-stone-50 dark:bg-neutral-800 text-neutral-900 dark:text-neutral-100 text-sm focus:outline-none focus:ring-2 focus:ring-emerald-500"
+                placeholder="ai, prompts, tools"
+              />
+            </div>
+          </div>
+
+          {/* Обложка */}
+          <div className="bg-white dark:bg-neutral-900 rounded-xl border border-neutral-200 dark:border-neutral-800 p-4 space-y-3">
+            <h3 className="text-xs font-semibold text-neutral-500 uppercase tracking-wide">Обложка</h3>
+            {coverUrl && (
+              <img src={coverUrl} alt="" className="w-full aspect-video rounded-lg object-cover" />
+            )}
+            <input
+              type="text"
+              value={coverUrl}
+              onChange={e => setCoverUrl(e.target.value)}
+              className="w-full px-3 py-2 rounded-lg border border-neutral-200 dark:border-neutral-700 bg-stone-50 dark:bg-neutral-800 text-neutral-900 dark:text-neutral-100 text-xs font-mono focus:outline-none focus:ring-2 focus:ring-emerald-500"
+              placeholder="/uploads/cover-xxx.webp"
+            />
+            {!isNew && (
+              <button
+                onClick={regenerateCover}
+                disabled={regenerating}
+                className="w-full inline-flex items-center justify-center gap-2 py-2 rounded-lg border border-neutral-200 dark:border-neutral-700 text-sm hover:bg-neutral-50 dark:hover:bg-neutral-800 transition-colors disabled:opacity-50"
+              >
+                <RefreshCw className={`w-3.5 h-3.5 ${regenerating ? 'animate-spin' : ''}`} />
+                {regenerating ? 'Генерация...' : 'Перегенерировать AI'}
+              </button>
+            )}
+          </div>
+
+          {/* SEO */}
+          <div className="bg-white dark:bg-neutral-900 rounded-xl border border-neutral-200 dark:border-neutral-800 p-4 space-y-3">
+            <h3 className="text-xs font-semibold text-neutral-500 uppercase tracking-wide">SEO</h3>
+            <div>
+              <label className="block text-xs font-medium text-neutral-500 mb-1">Title <span className="text-neutral-300">(если отличается)</span></label>
+              <input
+                type="text"
+                value={seoTitle}
+                onChange={e => setSeoTitle(e.target.value)}
+                className="w-full px-3 py-2 rounded-lg border border-neutral-200 dark:border-neutral-700 bg-stone-50 dark:bg-neutral-800 text-neutral-900 dark:text-neutral-100 text-xs focus:outline-none focus:ring-2 focus:ring-emerald-500"
+                placeholder={title || 'SEO заголовок'}
+              />
+            </div>
+            <div>
+              <label className="block text-xs font-medium text-neutral-500 mb-1">Description</label>
+              <textarea
+                value={seoDescr}
+                onChange={e => setSeoDescr(e.target.value)}
+                rows={3}
+                className="w-full px-3 py-2 rounded-lg border border-neutral-200 dark:border-neutral-700 bg-stone-50 dark:bg-neutral-800 text-neutral-900 dark:text-neutral-100 text-xs focus:outline-none focus:ring-2 focus:ring-emerald-500 resize-none"
+                placeholder={excerpt || 'SEO описание до 160 символов'}
+              />
+              <div className={`text-xs mt-1 text-right ${seoDescr.length > 160 ? 'text-red-400' : 'text-neutral-300'}`}>
+                {seoDescr.length}/160
+              </div>
+            </div>
+          </div>
+
+          {/* Инфо */}
+          {!isNew && (
+            <div className="bg-white dark:bg-neutral-900 rounded-xl border border-neutral-200 dark:border-neutral-800 p-4 space-y-2 text-xs text-neutral-400">
+              <div className="flex justify-between"><span>ID</span><span className="font-mono">{article.id}</span></div>
+              <div className="flex justify-between"><span>Slug</span><span className="font-mono truncate ml-2">{article.slug}</span></div>
+              {article.reading_time && <div className="flex justify-between"><span>Чтение</span><span>{article.reading_time} мин</span></div>}
+              {article.published_at && <div className="flex justify-between"><span>Опубликована</span><span>{new Date(article.published_at).toLocaleDateString('ru-RU')}</span></div>}
+            </div>
+          )}
+        </div>
+      </div>
+    </div>
+  );
+}
diff --git a/lib/adminAuth.js b/lib/adminAuth.js
new file mode 100644
index 0000000..658a2af
--- /dev/null
+++ b/lib/adminAuth.js
@@ -0,0 +1,20 @@
+import { cookies } from 'next/headers';
+
+const SESSION_COOKIE = 'zp_admin_session';
+const VALID_TOKEN = process.env.ADMIN_PASSWORD || 'zeropost_admin_2026';
+
+export async function checkAdminAuth() {
+  const jar = await cookies();
+  const token = jar.get(SESSION_COOKIE)?.value;
+  return token === VALID_TOKEN;
+}
+
+export async function requireAdminAuth() {
+  const ok = await checkAdminAuth();
+  if (!ok) {
+    const { redirect } = await import('next/navigation');
+    redirect('/admin/login');
+  }
+}
+
+export { SESSION_COOKIE, VALID_TOKEN };
diff --git a/lib/engine.js b/lib/engine.js
index 2e27870..b037bf3 100644
--- a/lib/engine.js
+++ b/lib/engine.js
@@ -71,3 +71,39 @@ export async function generateArticle(data) {
     body: JSON.stringify(data),
   });
 }
+
+// ── Admin API ─────────────────────────────────────────────────────────────────
+
+export async function adminListArticles({ limit = 50, offset = 0 } = {}) {
+  return call(`/api/articles?limit=${limit}&offset=${offset}`);
+}
+
+export async function adminGetArticle(id) {
+  return call(`/api/articles/id/${id}`);
+}
+
+export async function adminUpdateArticle(id, data) {
+  return call(`/api/articles/${id}`, {
+    method: 'PATCH',
+    body: JSON.stringify(data),
+  });
+}
+
+export async function adminDeleteArticle(id) {
+  return call(`/api/articles/${id}`, { method: 'DELETE' });
+}
+
+export async function adminBackfillCovers(limit = 5) {
+  return call('/api/articles/backfill-covers', {
+    method: 'POST',
+    body: JSON.stringify({ limit }),
+  });
+}
+
+export async function adminGenerateArticle(topic, tags = []) {
+  return call('/api/articles/generate', {
+    method: 'POST',
+    body: JSON.stringify({ topic, tags, autoPublish: false }),
+  });
+}
+