Level: Advanced

Napkin-math based on lines added — not a strict rule. Tests, guides, and lockfiles are omitted for better accuracy (closer to SLOC than raw diff).

Jump to file

∟ mix.exs
∟ assets/package.json
∟ README.md
∟ assets/css/admin.css
∟ assets/js/admin.js
∟ config/config.exs
∟ config/dev.exs
∟ lib/my_app/accounts/scope.ex
∟ lib/my_app_admin/accounts.ex
∟ lib/my_app_admin/accounts/admin_user.ex
∟ lib/my_app_admin/accounts/admin_user_notifier.ex
∟ lib/my_app_admin/accounts/admin_user_token.ex
∟ lib/my_app_admin/accounts/scope.ex
∟ lib/my_app_admin/query.ex
∟ lib/my_app_admin/query/admin_users.ex
∟ lib/my_app_admin/query/users.ex
∟ lib/my_app_admin_web.ex
∟ lib/my_app_admin_web/admin_user_auth.ex
∟ lib/my_app_admin_web/components/core_components.ex
∟ lib/my_app_admin_web/components/layouts.ex
∟ lib/my_app_admin_web/components/layouts/app_sidebar.ex
∟ lib/my_app_admin_web/components/layouts/root.html.heex
∟ lib/my_app_admin_web/controllers/admin_user_session_controller.ex
∟ lib/my_app_admin_web/controllers/impersonation_controller.ex
∟ lib/my_app_admin_web/live/admin_user_live/confirmation.ex
∟ lib/my_app_admin_web/live/admin_user_live/index.ex
∟ lib/my_app_admin_web/live/admin_user_live/login.ex
∟ lib/my_app_admin_web/live/admin_user_live/show.ex
∟ lib/my_app_admin_web/live/dashboard_live.ex
∟ lib/my_app_admin_web/live/user_live/index.ex
∟ lib/my_app_admin_web/live/user_live/show.ex
∟ lib/my_app_web/components/layouts.ex
∟ lib/my_app_web/components/layouts/root.html.heex
∟ lib/my_app_web/router.ex
∟ lib/my_app_web/user_auth.ex
∟ priv/repo/migrations/20260115171925_create_admin_users_auth_tables.exs

Install Elixir deps

Flop provides backend pagination, sorting, and filtering for Ecto queries. Flop.Phoenix adds LiveView components for sortable table headers and pagination links. The assets.build and assets.deploy aliases are updated to also build the admin CSS and JS bundles.

mix.exs Reveal

	`-51,6 +51,8 @@ defmodule MyApp.MixProject do`
	`{:lazy_html, ">= 0.1.0", only: :test},`
	`{:phoenix_live_dashboard, "~> 0.8.3"},`
	`{:esbuild, "~> 0.10", runtime: Mix.env() == :dev},`
+	`{:flop, "~> 0.26"},`
+	`{:flop_phoenix, "~> 0.25"},`
	`{:tailwind, "~> 0.3", runtime: Mix.env() == :dev},`
	`{:heroicons,`
	`github: "tailwindlabs/heroicons",`
	`-83,10 +85,18 @@ defmodule MyApp.MixProject do`
	`"ecto.reset": ["ecto.drop", "ecto.setup"],`
	`test: ["ecto.create --quiet", "ecto.migrate --quiet", "test"],`
	`"assets.setup": ["tailwind.install --if-missing", "esbuild.install --if-missing"],`
-	`"assets.build": ["compile", "tailwind my_app", "esbuild my_app"],`
+	`"assets.build": [`
+	`"compile",`
+	`"tailwind my_app",`
+	`"tailwind my_app_admin",`
+	`"esbuild my_app",`
+	`"esbuild my_app_admin"`
+	`],`
	`"assets.deploy": [`
	`"tailwind my_app --minify",`
+	`"tailwind my_app_admin --minify",`
	`"esbuild my_app --minify",`
+	`"esbuild my_app_admin --minify",`
	`"phx.digest"`
	`],`
	`precommit: ["compile --warnings-as-errors", "deps.unlock --unused", "format", "test"]`

Install JS deps

The @phx-hook/copy-to-clipboard hook enables one-click copy buttons throughout the admin UI.

assets/package.json Reveal

	`-0,0 +1,5 @@`
+	`{`
+	`"dependencies": {`
+	`"@phx-hook/copy-to-clipboard": "^0.1.3"`
+	`}`
+	`}`

README.md Reveal

	`-7,6 +7,27 @@ To start your Phoenix server:`

	Now you can visit [`localhost:4000`](http://localhost:4000) from your browser.

+	`## Admin`
+
+	The admin panel is available at [`localhost:4000/admin`](http://localhost:4000/admin). It uses passwordless magic link authentication with an email allowlist.
+
+	Configure allowed admin emails in `config/dev.exs`:
+
+	```elixir
+	`config :my_app, MyAppAdmin,`
+	`allowed_emails: [~r/.+/], # allow all in dev`
+	`session_duration_days: 30`
+	```
+
+	In production, replace `~r/.+/` with specific emails or patterns:
+
+	```elixir
+	`config :my_app, MyAppAdmin,`
+	`allowed_emails: ["admin@example.com", ~r/@mycompany\.com$/]`
+	```
+
+	`Admin users are auto-provisioned on first login if their email matches the allowlist.`
+
	`Ready to run in production? Please [check our deployment guides](https://hexdocs.pm/phoenix/deployment.html).`

	`## Learn more`

Admin CSS

A separate Tailwind CSS bundle for the admin panel with its own DaisyUI theme configuration. Includes the copied custom variant for copy-to-clipboard visual feedback. Sources only admin web files to keep the bundle independent from the main app.

assets/css/admin.css Reveal

	`-0,0 +1,108 @@`
+	`/* See the Tailwind configuration guide for advanced usage`
+	`https://tailwindcss.com/docs/configuration */`
+
+	`@import "tailwindcss" source(none);`
+	`@source "../css";`
+	`@source "../js";`
+	`@source "../../lib/my_app_admin_web";`
+
+	`/* A Tailwind plugin that makes "hero-#{ICON}" classes available.`
+	`The heroicons installation itself is managed by your mix.exs */`
+	`@plugin "../vendor/heroicons";`
+
+	`/* daisyUI Tailwind Plugin. You can update this file by fetching the latest version with:`
+	`curl -sLO https://github.com/saadeghi/daisyui/releases/latest/download/daisyui.js`
+	`Make sure to look at the daisyUI changelog: https://daisyui.com/docs/changelog/ */`
+	`@plugin "../vendor/daisyui" {`
+	`themes: false;`
+	`}`
+
+	`/* daisyUI theme plugin. You can update this file by fetching the latest version with:`
+	`curl -sLO https://github.com/saadeghi/daisyui/releases/latest/download/daisyui-theme.js`
+	`We ship with two themes, a light one inspired on Phoenix colors and a dark one inspired`
+	`on Elixir colors. Build your own at: https://daisyui.com/theme-generator/ */`
+	`@plugin "../vendor/daisyui-theme" {`
+	`name: "dark";`
+	`default: false;`
+	`prefersdark: true;`
+	`color-scheme: "dark";`
+	`--color-base-100: oklch(30.33% 0.016 252.42);`
+	`--color-base-200: oklch(25.26% 0.014 253.1);`
+	`--color-base-300: oklch(20.15% 0.012 254.09);`
+	`--color-base-content: oklch(97.807% 0.029 256.847);`
+	`--color-primary: oklch(58% 0.233 277.117);`
+	`--color-primary-content: oklch(96% 0.018 272.314);`
+	`--color-secondary: oklch(58% 0.233 277.117);`
+	`--color-secondary-content: oklch(96% 0.018 272.314);`
+	`--color-accent: oklch(60% 0.25 292.717);`
+	`--color-accent-content: oklch(96% 0.016 293.756);`
+	`--color-neutral: oklch(37% 0.044 257.287);`
+	`--color-neutral-content: oklch(98% 0.003 247.858);`
+	`--color-info: oklch(58% 0.158 241.966);`
+	`--color-info-content: oklch(97% 0.013 236.62);`
+	`--color-success: oklch(60% 0.118 184.704);`
+	`--color-success-content: oklch(98% 0.014 180.72);`
+	`--color-warning: oklch(66% 0.179 58.318);`
+	`--color-warning-content: oklch(98% 0.022 95.277);`
+	`--color-error: oklch(58% 0.253 17.585);`
+	`--color-error-content: oklch(96% 0.015 12.422);`
+	`--radius-selector: 0.25rem;`
+	`--radius-field: 0.25rem;`
+	`--radius-box: 0.5rem;`
+	`--size-selector: 0.21875rem;`
+	`--size-field: 0.21875rem;`
+	`--border: 1.5px;`
+	`--depth: 1;`
+	`--noise: 0;`
+	`}`
+
+	`@plugin "../vendor/daisyui-theme" {`
+	`name: "light";`
+	`default: true;`
+	`prefersdark: false;`
+	`color-scheme: "light";`
+	`--color-base-100: oklch(98% 0 0);`
+	`--color-base-200: oklch(96% 0.001 286.375);`
+	`--color-base-300: oklch(92% 0.004 286.32);`
+	`--color-base-content: oklch(21% 0.006 285.885);`
+	`--color-primary: oklch(70% 0.213 47.604);`
+	`--color-primary-content: oklch(98% 0.016 73.684);`
+	`--color-secondary: oklch(55% 0.027 264.364);`
+	`--color-secondary-content: oklch(98% 0.002 247.839);`
+	`--color-accent: oklch(0% 0 0);`
+	`--color-accent-content: oklch(100% 0 0);`
+	`--color-neutral: oklch(44% 0.017 285.786);`
+	`--color-neutral-content: oklch(98% 0 0);`
+	`--color-info: oklch(62% 0.214 259.815);`
+	`--color-info-content: oklch(97% 0.014 254.604);`
+	`--color-success: oklch(70% 0.14 182.503);`
+	`--color-success-content: oklch(98% 0.014 180.72);`
+	`--color-warning: oklch(66% 0.179 58.318);`
+	`--color-warning-content: oklch(98% 0.022 95.277);`
+	`--color-error: oklch(58% 0.253 17.585);`
+	`--color-error-content: oklch(96% 0.015 12.422);`
+	`--radius-selector: 0.25rem;`
+	`--radius-field: 0.25rem;`
+	`--radius-box: 0.5rem;`
+	`--size-selector: 0.21875rem;`
+	`--size-field: 0.21875rem;`
+	`--border: 1.5px;`
+	`--depth: 1;`
+	`--noise: 0;`
+	`}`
+
+	`/* Copied state variant for copy-to-clipboard hook */`
+	`@custom-variant copied ([data-copied]&, [data-copied] &);`
+
+	`/* Add variants based on LiveView classes */`
+	`@custom-variant phx-click-loading (.phx-click-loading&, .phx-click-loading &);`
+	`@custom-variant phx-submit-loading (.phx-submit-loading&, .phx-submit-loading &);`
+	`@custom-variant phx-change-loading (.phx-change-loading&, .phx-change-loading &);`
+
+	`/* Use the data attribute for dark mode */`
+	`@custom-variant dark (&:where([data-theme=dark], [data-theme=dark] *));`
+
+	`/* Make LiveView wrapper divs transparent for layout */`
+	`[data-phx-session], [data-phx-teleported-src] { display: contents }`
+
+	`/* This file is for your admin application CSS */`

Admin JS

A separate JavaScript bundle registering the CopyToClipboard hook alongside colocated hooks. The admin panel gets its own LiveSocket instance.

assets/js/admin.js Reveal

	`-0,0 +1,64 @@`
+	`// Include phoenix_html to handle method=PUT/DELETE in forms and buttons.`
+	`import "phoenix_html"`
+	`// Establish Phoenix Socket and LiveView configuration.`
+	`import {Socket} from "phoenix"`
+	`import {LiveSocket} from "phoenix_live_view"`
+	`import {hooks as colocatedHooks} from "phoenix-colocated/my_app"`
+	`import CopyToClipboardHook from "@phx-hook/copy-to-clipboard"`
+	`import topbar from "../vendor/topbar"`
+
+	`const csrfToken = document.querySelector("meta[name='csrf-token']").getAttribute("content")`
+	`const liveSocket = new LiveSocket("/live", Socket, {`
+	`longPollFallbackMs: 2500,`
+	`params: {_csrf_token: csrfToken},`
+	`hooks: {...colocatedHooks, CopyToClipboard: CopyToClipboardHook()},`
+	`})`
+
+	`// Show progress bar on live navigation and form submits`
+	`topbar.config({barColors: {0: "#29d"}, shadowColor: "rgba(0, 0, 0, .3)"})`
+	`window.addEventListener("phx:page-loading-start", _info => topbar.show(300))`
+	`window.addEventListener("phx:page-loading-stop", _info => topbar.hide())`
+
+	`// connect if there are any LiveViews on the page`
+	`liveSocket.connect()`
+
+	`// expose liveSocket on window for web console debug logs and latency simulation:`
+	`// >> liveSocket.enableDebug()`
+	`// >> liveSocket.enableLatencySim(1000) // enabled for duration of browser session`
+	`// >> liveSocket.disableLatencySim()`
+	`window.liveSocket = liveSocket`
+
+	`// The lines below enable quality of life phoenix_live_reload`
+	`// development features:`
+	`//`
+	`// 1. stream server logs to the browser console`
+	`// 2. click on elements to jump to their definitions in your code editor`
+	`//`
+	`if (process.env.NODE_ENV === "development") {`
+	`window.addEventListener("phx:live_reload:attached", ({detail: reloader}) => {`
+	`// Enable server log streaming to client.`
+	`// Disable with reloader.disableServerLogs()`
+	`reloader.enableServerLogs()`
+
+	`// Open configured PLUG_EDITOR at file:line of the clicked element's HEEx component`
+	`//`
+	`// * click with "c" key pressed to open at caller location`
+	`// * click with "d" key pressed to open at function component definition location`
+	`let keyDown`
+	`window.addEventListener("keydown", e => keyDown = e.key)`
+	`window.addEventListener("keyup", _e => keyDown = null)`
+	`window.addEventListener("click", e => {`
+	`if(keyDown === "c"){`
+	`e.preventDefault()`
+	`e.stopImmediatePropagation()`
+	`reloader.openEditorAtCaller(e.target)`
+	`} else if(keyDown === "d"){`
+	`e.preventDefault()`
+	`e.stopImmediatePropagation()`
+	`reloader.openEditorAtDef(e.target)`
+	`}`
+	`}, true)`
+
+	`window.liveReloader = reloader`
+	`})`
+	`}`

Flop configuration

Flop requires a repo configuration. The admin allowlist and session duration are also configured here, with an empty allowlist by default (no access in production unless explicitly configured).

config/config.exs Reveal

	`-20,6 +20,12 @@ config :my_app, :scopes,`
	`test_setup_helper: :register_and_log_in_user`
	`]`

+	`config :my_app, MyAppAdmin,`
+	`allowed_emails: [],`
+	`session_duration_days: 30`
+
+	`config :flop, repo: MyApp.Repo`
+
	`config :my_app,`
	`ecto_repos: [MyApp.Repo],`
	`generators: [timestamp_type: :utc_datetime, binary_id: true]`
	`-52,6 +58,12 @@ config :esbuild,`
	`~w(js/app.js --bundle --target=es2022 --outdir=../priv/static/assets/js --external:/fonts/* --external:/images/* --alias:@=.),`
	`cd: Path.expand("../assets", __DIR__),`
	`env: %{"NODE_PATH" => [Path.expand("../deps", __DIR__), Mix.Project.build_path()]}`
+	`],`
+	`my_app_admin: [`
+	`args:`
+	`~w(js/admin.js --bundle --target=es2022 --outdir=../priv/static/assets/js --external:/fonts/* --external:/images/* --alias:@=.),`
+	`cd: Path.expand("../assets", __DIR__),`
+	`env: %{"NODE_PATH" => [Path.expand("../deps", __DIR__), Mix.Project.build_path()]}`
	`]`

	`# Configure tailwind (the version is required)`
	`-63,6 +75,13 @@ config :tailwind,`
	`--output=priv/static/assets/css/app.css`
	`),`
	`cd: Path.expand("..", __DIR__)`
+	`],`
+	`my_app_admin: [`
+	`args: ~w(`
+	`--input=assets/css/admin.css`
+	`--output=priv/static/assets/css/admin.css`
+	`),`
+	`cd: Path.expand("..", __DIR__)`
	`]`

	`# Configure Elixir's Logger`

Dev configuration

In development, the allowlist uses ~r/.+/ to allow any email. The admin asset watchers (esbuild and tailwind for the my_app_admin profile) are added alongside the existing app watchers. The live reload patterns include my_app_admin_web files.

config/dev.exs Reveal

	`-1,5 +1,9 @@`
	`import Config`

+	`config :my_app, MyAppAdmin,`
+	`allowed_emails: [~r/.+/],`
+	`session_duration_days: 30`
+
	`# Configure your database`
	`config :my_app, MyApp.Repo,`
	`username: "postgres",`
	`-26,7 +30,9 @@ config :my_app, MyAppWeb.Endpoint,`
	`secret_key_base: "QPbo3B/BXvKuQl77ND4JtQprzgCgS2HVASu14U+dIMHvs2p2lOBsREjyw0vU5Vlk",`
	`watchers: [`
	`esbuild: {Esbuild, :install_and_run, [:my_app, ~w(--sourcemap=inline --watch)]},`
-	`tailwind: {Tailwind, :install_and_run, [:my_app, ~w(--watch)]}`
+	`tailwind: {Tailwind, :install_and_run, [:my_app, ~w(--watch)]},`
+	`esbuild: {Esbuild, :install_and_run, [:my_app_admin, ~w(--sourcemap=inline --watch)]},`
+	`tailwind: {Tailwind, :install_and_run, [:my_app_admin, ~w(--watch)]}`
	`]`

	`# ## SSL Support`
	`-63,7 +69,8 @@ config :my_app, MyAppWeb.Endpoint,`
	`~r"priv/gettext/.*\.po$",`
	`# Router, Controllers, LiveViews and LiveComponents`
	`~r"lib/my_app_web/router\.ex$",`
-	`~r"lib/my_app_web/(controllers\|live\|components)/.*\.(ex\|heex)$"`
+	`~r"lib/my_app_web/(controllers\|live\|components)/.*\.(ex\|heex)$",`
+	`~r"lib/my_app_admin_web/(controllers\|live\|components)/.*\.(ex\|heex)$"`
	`]`
	`]`

User scope changes

The Scope struct gains an impersonated_by field to track which admin is impersonating. Scope.impersonating?/1 checks whether the current session is impersonated.

lib/my_app/accounts/scope.ex Reveal

	`-18,16 +18,24 @@ defmodule MyApp.Accounts.Scope do`

	`alias MyApp.Accounts.User`

-	`defstruct user: nil`
+	`defstruct user: nil, impersonated_by: nil`

	`@doc """`
	`Creates a scope for the given user.`

	`Returns nil if no user is given.`
	`"""`
-	`def for_user(%User{} = user) do`
-	`%__MODULE__{user: user}`
+	`def for_user(user, opts \\ [])`
+
+	`def for_user(%User{} = user, opts) do`
+	`%__MODULE__{user: user, impersonated_by: Keyword.get(opts, :impersonated_by)}`
	`end`

-	`def for_user(nil), do: nil`
+	`def for_user(nil, _opts), do: nil`
+
+	`@doc """`
+	`Returns true if the scope represents an impersonated session.`
+	`"""`
+	`def impersonating?(%__MODULE__{impersonated_by: admin}) when not is_nil(admin), do: true`
+	`def impersonating?(_), do: false`
	`end`

Admin Accounts context

The core admin authentication logic:

email_allowed?/1 checks the email against the configured allowlist, which supports both exact string matches and regex patterns.

get_or_create_admin_user_by_email!/1 auto-provisions admin users on first login if their email is allowed. This means you don't need to manually create admin accounts.

deliver_login_instructions/2 generates a magic link token and sends the login email. The login flow intentionally doesn't reveal whether an email is authorized, always showing the same success message.

lib/my_app_admin/accounts.ex Reveal

	`-0,0 +1,123 @@`
+	`defmodule MyAppAdmin.Accounts do`
+	`@moduledoc """`
+	`The Admin Accounts context.`
+	`"""`
+
+	`import Ecto.Query, warn: false`
+	`alias MyApp.Repo`
+
+	`alias MyAppAdmin.Accounts.AdminUser`
+	`alias MyAppAdmin.Accounts.AdminUserNotifier`
+	`alias MyAppAdmin.Accounts.AdminUserToken`
+
+	`@doc """`
+	`Gets an admin user by email.`
+	`"""`
+	`def get_admin_user_by_email(email) when is_binary(email) do`
+	`Repo.get_by(AdminUser, email: email)`
+	`end`
+
+	`## Allowlist`
+
+	`@doc """`
+	`Checks if an email is allowed to log in as admin.`
+
+	Compares against the `:allowed_emails` config, which can contain
+	`string emails or regex patterns.`
+	`"""`
+	`def email_allowed?(email) when is_binary(email) do`
+	`config = Application.get_env(:my_app, MyAppAdmin, [])`
+	`allowed = Keyword.get(config, :allowed_emails, [])`
+
+	`Enum.any?(allowed, fn`
+	`%Regex{} = regex -> Regex.match?(regex, email)`
+	`string when is_binary(string) -> string == email`
+	`end)`
+	`end`
+
+	`## Provisioning`
+
+	`@doc """`
+	`Gets an existing admin user by email, or creates one if the email is allowed.`
+	`"""`
+	`def get_or_create_admin_user_by_email!(email) when is_binary(email) do`
+	`case Repo.get_by(AdminUser, email: email) do`
+	`%AdminUser{} = admin_user ->`
+	`admin_user`
+
+	`nil ->`
+	`%AdminUser{}`
+	`\|> AdminUser.email_changeset(%{email: email})`
+	`\|> Repo.insert!()`
+	`end`
+	`end`
+
+	`## Session`
+
+	`@doc """`
+	`Generates a session token.`
+	`"""`
+	`def generate_admin_user_session_token(admin_user) do`
+	`{token, admin_user_token} = AdminUserToken.build_session_token(admin_user)`
+	`Repo.insert!(admin_user_token)`
+	`token`
+	`end`
+
+	`@doc """`
+	`Gets the admin user with the given signed token.`
+	`"""`
+	`def get_admin_user_by_session_token(token) do`
+	`{:ok, query} = AdminUserToken.verify_session_token_query(token)`
+	`Repo.one(query)`
+	`end`
+
+	`@doc """`
+	`Gets an admin user by magic link token without consuming it.`
+
+	`Used for the confirmation page.`
+	`"""`
+	`def get_admin_user_by_magic_link_token(token) do`
+	`with {:ok, query} <- AdminUserToken.verify_magic_link_token_query(token),`
+	`{admin_user, _token} <- Repo.one(query) do`
+	`admin_user`
+	`else`
+	`_ -> nil`
+	`end`
+	`end`
+
+	`@doc """`
+	`Logs in an admin user by magic link token.`
+
+	Verifies the token and deletes it. Returns `{:ok, admin_user}` or `{:error, :not_found}`.
+	`"""`
+	`def login_admin_user_by_magic_link(token) do`
+	`{:ok, query} = AdminUserToken.verify_magic_link_token_query(token)`
+
+	`case Repo.one(query) do`
+	`{admin_user, token} ->`
+	`Repo.delete!(token)`
+	`{:ok, {admin_user, []}}`
+
+	`nil ->`
+	`{:error, :not_found}`
+	`end`
+	`end`
+
+	`@doc """`
+	`Delivers the magic link login instructions to the given admin user.`
+	`"""`
+	`def deliver_login_instructions(%AdminUser{} = admin_user, magic_link_url_fun)`
+	`when is_function(magic_link_url_fun, 1) do`
+	`{token, admin_user_token} = AdminUserToken.build_email_token(admin_user, "login")`
+	`Repo.insert!(admin_user_token)`
+	`AdminUserNotifier.deliver_magic_link_instructions(admin_user, magic_link_url_fun.(token))`
+	`end`
+
+	`@doc """`
+	`Deletes the signed token with the given context.`
+	`"""`
+	`def delete_admin_user_session_token(token) do`
+	`Repo.delete_all(AdminUserToken.by_token_and_context_query(token, "session"))`
+	`:ok`
+	`end`
+	`end`

AdminUser schema

A minimal schema with just an email. No password fields since admin auth is passwordless via magic links.

lib/my_app_admin/accounts/admin_user.ex Reveal

	`-0,0 +1,39 @@`
+	`defmodule MyAppAdmin.Accounts.AdminUser do`
+	`use Ecto.Schema`
+	`import Ecto.Changeset`
+
+	`@primary_key {:id, :binary_id, autogenerate: true}`
+	`@foreign_key_type :binary_id`
+	`schema "admin_users" do`
+	`field :email, :string`
+
+	`timestamps(type: :utc_datetime)`
+	`end`
+
+	`@doc """`
+	`A admin user changeset for registering or changing the email.`
+	`"""`
+	`def email_changeset(admin_user, attrs, opts \\ []) do`
+	`admin_user`
+	`\|> cast(attrs, [:email])`
+	`\|> validate_email(opts)`
+	`end`
+
+	`defp validate_email(changeset, opts) do`
+	`changeset =`
+	`changeset`
+	`\|> validate_required([:email])`
+	`\|> validate_format(:email, ~r/^[^@,;\s]+@[^@,;\s]+$/,`
+	`message: "must have the @ sign and no spaces"`
+	`)`
+	`\|> validate_length(:email, max: 160)`
+
+	`if Keyword.get(opts, :validate_unique, true) do`
+	`changeset`
+	`\|> unsafe_validate_unique(:email, MyApp.Repo)`
+	`\|> unique_constraint(:email)`
+	`else`
+	`changeset`
+	`end`
+	`end`
+	`end`

AdminUserNotifier

Sends magic link login emails to admin users. Uses the same Swoosh mailer as the main app.

lib/my_app_admin/accounts/admin_user_notifier.ex Reveal

	`-0,0 +1,38 @@`
+	`defmodule MyAppAdmin.Accounts.AdminUserNotifier do`
+	`import Swoosh.Email`
+
+	`alias MyApp.Mailer`
+
+	`defp deliver(recipient, subject, body) do`
+	`email =`
+	`new()`
+	`\|> to(recipient)`
+	`\|> from({"MyApp", "contact@example.com"})`
+	`\|> subject(subject)`
+	`\|> text_body(body)`
+
+	`with {:ok, _metadata} <- Mailer.deliver(email) do`
+	`{:ok, email}`
+	`end`
+	`end`
+
+	`@doc """`
+	`Deliver magic link login instructions to an admin user.`
+	`"""`
+	`def deliver_magic_link_instructions(admin_user, url) do`
+	`deliver(admin_user.email, "Admin login link", """`
+
+	`==============================`
+
+	`Hi #{admin_user.email},`
+
+	`You can log into the admin area by visiting the URL below:`
+
+	`#{url}`
+
+	`If you didn't request this email, please ignore this.`
+
+	`==============================`
+	`""")`
+	`end`
+	`end`

AdminUserToken schema

Handles two token types: session tokens (random bytes stored directly) and magic link tokens (hashed for email delivery). Magic links expire after 15 minutes. Session duration is configurable via the :session_duration_days config.

lib/my_app_admin/accounts/admin_user_token.ex Reveal

	`-0,0 +1,102 @@`
+	`defmodule MyAppAdmin.Accounts.AdminUserToken do`
+	`use Ecto.Schema`
+	`import Ecto.Query`
+
+	`@hash_algorithm :sha256`
+	`@rand_size 32`
+	`@magic_link_validity_in_minutes 15`
+
+	`@primary_key {:id, :binary_id, autogenerate: true}`
+	`@foreign_key_type :binary_id`
+	`schema "admin_users_tokens" do`
+	`field :token, :binary`
+	`field :context, :string`
+	`field :sent_to, :string`
+	`belongs_to :admin_user, MyAppAdmin.Accounts.AdminUser`
+
+	`timestamps(type: :utc_datetime, updated_at: false)`
+	`end`
+
+	`@doc """`
+	`Generates a session token.`
+	`"""`
+	`def build_session_token(admin_user) do`
+	`token = :crypto.strong_rand_bytes(@rand_size)`
+	`{token, %__MODULE__{token: token, context: "session", admin_user_id: admin_user.id}}`
+	`end`
+
+	`@doc """`
+	`Checks if the token is valid and returns its underlying lookup query.`
+
+	`The query returns the admin user found by the token, if any.`
+	`"""`
+	`def verify_session_token_query(token) do`
+	`query =`
+	`from token in by_token_and_context_query(token, "session"),`
+	`join: admin_user in assoc(token, :admin_user),`
+	`where: token.inserted_at > ago(^session_validity_in_days(), "day"),`
+	`select: admin_user`
+
+	`{:ok, query}`
+	`end`
+
+	`defp session_validity_in_days do`
+	`config = Application.get_env(:my_app, MyAppAdmin, [])`
+	`Keyword.get(config, :session_duration_days, 30)`
+	`end`
+
+	`@doc """`
+	`Builds a token and its hash to be delivered to the admin user's email.`
+
+	`The non-hashed token is sent to the user email while the`
+	`hashed part is stored in the database.`
+	`"""`
+	`def build_email_token(admin_user, context) do`
+	`build_hashed_token(admin_user, context, admin_user.email)`
+	`end`
+
+	`defp build_hashed_token(admin_user, context, sent_to) do`
+	`token = :crypto.strong_rand_bytes(@rand_size)`
+	`hashed_token = :crypto.hash(@hash_algorithm, token)`
+
+	`{Base.url_encode64(token, padding: false),`
+	`%__MODULE__{`
+	`token: hashed_token,`
+	`context: context,`
+	`sent_to: sent_to,`
+	`admin_user_id: admin_user.id`
+	`}}`
+	`end`
+
+	`@doc """`
+	`Checks if the magic link token is valid and returns its underlying lookup query.`
+
+	`The token is valid if it matches its hashed counterpart in the database,`
+	`has not expired (15 minutes), and the sent_to matches the admin user's email.`
+	`"""`
+	`def verify_magic_link_token_query(token) do`
+	`case Base.url_decode64(token, padding: false) do`
+	`{:ok, decoded_token} ->`
+	`hashed_token = :crypto.hash(@hash_algorithm, decoded_token)`
+
+	`query =`
+	`from token in by_token_and_context_query(hashed_token, "login"),`
+	`join: admin_user in assoc(token, :admin_user),`
+	`where: token.inserted_at > ago(^@magic_link_validity_in_minutes, "minute"),`
+	`where: token.sent_to == admin_user.email,`
+	`select: {admin_user, token}`
+
+	`{:ok, query}`
+
+	`:error ->`
+	`:error`
+	`end`
+	`end`
+
+	`@doc """`
+	`Returns the token struct for the given token value and context.`
+	`"""`
+	`def by_token_and_context_query(token, context) do`
+	`from __MODULE__, where: [token: ^token, context: ^context]`
+	`end`
+	`end`

Admin Scope

A separate scope struct for admin operations, parallel to MyApp.Accounts.Scope . Contains the admin_user field.

lib/my_app_admin/accounts/scope.ex Reveal

	`-0,0 +1,18 @@`
+	`defmodule MyAppAdmin.Accounts.Scope do`
+	`@moduledoc """`
+	`Defines the scope of the caller for admin operations.`
+	`"""`
+
+	`alias MyAppAdmin.Accounts.AdminUser`
+
+	`defstruct admin_user: nil`
+
+	`@doc """`
+	`Creates a scope for the given admin user.`
+	`"""`
+	`def for_admin_user(%AdminUser{} = admin_user) do`
+	`%__MODULE__{admin_user: admin_user}`
+	`end`
+
+	`def for_admin_user(nil), do: nil`
+	`end`

Query modules

Shared Flop options for admin list views: filterable by email, sortable by email and inserted_at, paginated with 20 items per page, defaulting to newest first.

Runs Flop.validate_and_run/3 against the User schema with the shared options. Params from the URL (page, sort, filters) flow directly through Flop.

Same pattern for admin users.

lib/my_app_admin/query.ex Reveal

	`-0,0 +1,12 @@`
+	`defmodule MyAppAdmin.Query do`
+	`def default_flop_opts do`
+	`[`
+	`filterable: [:email],`
+	`sortable: [:email, :inserted_at],`
+	`default_limit: 20,`
+	`max_limit: 100,`
+	`default_order: %{order_by: [:inserted_at], order_directions: [:desc]},`
+	`pagination_types: [:page]`
+	`]`
+	`end`
+	`end`

lib/my_app_admin/query/admin_users.ex Reveal

	`-0,0 +1,20 @@`
+	`defmodule MyAppAdmin.Query.AdminUsers do`
+	`alias MyApp.Repo`
+	`alias MyAppAdmin.Accounts.AdminUser`
+
+	`@flop_opts MyAppAdmin.Query.default_flop_opts()`
+
+	`@doc """`
+	`Returns a paginated, sorted, and filtered list of admin users.`
+
+	Returns `{:ok, {admin_users, meta}}` or `{:error, meta}`.
+	`"""`
+	`def list(params \\ %{}) do`
+	`Flop.validate_and_run(AdminUser, params, @flop_opts)`
+	`end`
+
+	`@doc """`
+	`Gets a single admin user.`
+	`"""`
+	`def get!(id), do: Repo.get!(AdminUser, id)`
+	`end`

lib/my_app_admin/query/users.ex Reveal

	`-0,0 +1,20 @@`
+	`defmodule MyAppAdmin.Query.Users do`
+	`alias MyApp.Repo`
+	`alias MyApp.Accounts.User`
+
+	`@flop_opts MyAppAdmin.Query.default_flop_opts()`
+
+	`@doc """`
+	`Returns a paginated, sorted, and filtered list of users.`
+
+	Returns `{:ok, {users, meta}}` or `{:error, meta}`.
+	`"""`
+	`def list(params \\ %{}) do`
+	`Flop.validate_and_run(User, params, @flop_opts)`
+	`end`
+
+	`@doc """`
+	`Gets a single user.`
+	`"""`
+	`def get!(id), do: Repo.get!(User, id)`
+	`end`

Admin web module

A separate web module for the admin interface, parallel to MyAppWeb . Imports MyAppAdminWeb.CoreComponents and aliases Flop.Filter for use in templates. Uses the same endpoint and router as the main app, but with its own layout and component modules.

lib/my_app_admin_web.ex Reveal

	`-0,0 +1,89 @@`
+	`defmodule MyAppAdminWeb do`
+	`@moduledoc """`
+	`The entrypoint for defining the admin web interface.`
+
+	`This can be used in your application as:`
+
+	`use MyAppAdminWeb, :controller`
+	`use MyAppAdminWeb, :live_view`
+
+	`"""`
+
+	`def static_paths, do: ~w(assets fonts images favicon.ico robots.txt)`
+
+	`def router do`
+	`quote do`
+	`use Phoenix.Router, helpers: false`
+
+	`import Plug.Conn`
+	`import Phoenix.Controller`
+	`import Phoenix.LiveView.Router`
+	`end`
+	`end`
+
+	`def controller do`
+	`quote do`
+	`use Phoenix.Controller, formats: [:html, :json]`
+
+	`import Plug.Conn`
+
+	`unquote(verified_routes())`
+	`end`
+	`end`
+
+	`def live_view do`
+	`quote do`
+	`use Phoenix.LiveView`
+
+	`unquote(html_helpers())`
+	`end`
+	`end`
+
+	`def live_component do`
+	`quote do`
+	`use Phoenix.LiveComponent`
+
+	`unquote(html_helpers())`
+	`end`
+	`end`
+
+	`def html do`
+	`quote do`
+	`use Phoenix.Component`
+
+	`import Phoenix.Controller,`
+	`only: [get_csrf_token: 0, view_module: 1, view_template: 1]`
+
+	`unquote(html_helpers())`
+	`end`
+	`end`
+
+	`defp html_helpers do`
+	`quote do`
+	`import Phoenix.HTML`
+	`import MyAppAdminWeb.CoreComponents`
+	`alias Flop.Filter`
+
+	`alias Phoenix.LiveView.JS`
+	`alias MyAppAdminWeb.Layouts`
+
+	`unquote(verified_routes())`
+	`end`
+	`end`
+
+	`def verified_routes do`
+	`quote do`
+	`use Phoenix.VerifiedRoutes,`
+	`endpoint: MyAppWeb.Endpoint,`
+	`router: MyAppWeb.Router,`
+	`statics: MyAppAdminWeb.static_paths()`
+	`end`
+	`end`
+
+	`@doc """`
+	`When used, dispatch to the appropriate controller/live_view/etc.`
+	`"""`
+	`defmacro __using__(which) when is_atom(which) do`
+	`apply(__MODULE__, which, [])`
+	`end`
+	`end`

Admin auth plug and LiveView hooks

Handles admin session management with plugs and LiveView on_mount hooks:

lib/my_app_admin_web/admin_user_auth.ex Reveal

	`-0,0 +1,122 @@`
+	`defmodule MyAppAdminWeb.AdminUserAuth do`
+	`@moduledoc """`
+	`Handles admin user authentication for plugs and LiveView on_mount hooks.`
+	`"""`
+	`use MyAppAdminWeb, :verified_routes`
+
+	`import Plug.Conn`
+	`import Phoenix.Controller`
+
+	`alias MyAppAdmin.Accounts`
+	`alias MyAppAdmin.Accounts.Scope`
+
+	`@doc """`
+	`Logs the admin user in.`
+	`"""`
+	`def log_in_admin_user(conn, admin_user) do`
+	`token = Accounts.generate_admin_user_session_token(admin_user)`
+
+	`conn`
+	`\|> renew_session()`
+	`\|> put_token_in_session(token)`
+	`\|> redirect(to: signed_in_path(conn))`
+	`end`
+
+	`@doc """`
+	`Logs the admin user out.`
+	`"""`
+	`def log_out_admin_user(conn) do`
+	`admin_user_token = get_session(conn, :admin_user_token)`
+	`admin_user_token && Accounts.delete_admin_user_session_token(admin_user_token)`
+
+	`if live_socket_id = get_session(conn, :live_socket_id) do`
+	`MyAppWeb.Endpoint.broadcast(live_socket_id, "disconnect", %{})`
+	`end`
+
+	`conn`
+	`\|> renew_session()`
+	`\|> redirect(to: ~p"/admin/log-in")`
+	`end`
+
+	`@doc """`
+	`Authenticates the admin user by looking into the session.`
+	`"""`
+	`def fetch_current_scope_for_admin_user(conn, _opts) do`
+	`admin_user_token = get_session(conn, :admin_user_token)`
+	`admin_user = admin_user_token && Accounts.get_admin_user_by_session_token(admin_user_token)`
+	`assign(conn, :current_scope, Scope.for_admin_user(admin_user))`
+	`end`
+
+	`defp renew_session(conn) do`
+	`delete_csrf_token()`
+
+	`conn`
+	`\|> configure_session(renew: true)`
+	`\|> clear_session()`
+	`end`
+
+	`defp put_token_in_session(conn, token) do`
+	`conn`
+	`\|> put_session(:admin_user_token, token)`
+	`\|> put_session(:live_socket_id, admin_session_topic(token))`
+	`end`
+
+	`defp admin_session_topic(token), do: "admin_users_sessions:#{Base.url_encode64(token)}"`
+
+	`@doc """`
+	`Handles mounting and authenticating the current admin user in LiveViews.`
+	`"""`
+	`def on_mount(:mount_current_scope, _params, session, socket) do`
+	`{:cont, mount_current_scope(socket, session)}`
+	`end`
+
+	`def on_mount(:require_authenticated, _params, session, socket) do`
+	`socket = mount_current_scope(socket, session)`
+
+	`if socket.assigns.current_scope && socket.assigns.current_scope.admin_user do`
+	`{:cont, socket}`
+	`else`
+	`socket =`
+	`socket`
+	`\|> Phoenix.LiveView.put_flash(:error, "You must log in to access the admin area.")`
+	`\|> Phoenix.LiveView.redirect(to: ~p"/admin/log-in")`
+
+	`{:halt, socket}`
+	`end`
+	`end`
+
+	`def on_mount(:redirect_if_authenticated, _params, session, socket) do`
+	`socket = mount_current_scope(socket, session)`
+
+	`if socket.assigns.current_scope && socket.assigns.current_scope.admin_user do`
+	`{:halt, Phoenix.LiveView.redirect(socket, to: signed_in_path(socket))}`
+	`else`
+	`{:cont, socket}`
+	`end`
+	`end`
+
+	`defp mount_current_scope(socket, session) do`
+	`Phoenix.Component.assign_new(socket, :current_scope, fn ->`
+	`if admin_user_token = session["admin_user_token"] do`
+	`Accounts.get_admin_user_by_session_token(admin_user_token)`
+	`end`
+	`\|> Scope.for_admin_user()`
+	`end)`
+	`end`
+
+	`def signed_in_path(_), do: ~p"/admin"`
+
+	`@doc """`
+	`Plug for routes that require the admin user to be authenticated.`
+	`"""`
+	`def require_authenticated_admin_user(conn, _opts) do`
+	`if conn.assigns[:current_scope] && conn.assigns.current_scope.admin_user do`
+	`conn`
+	`else`
+	`conn`
+	`\|> put_flash(:error, "You must log in to access the admin area.")`
+	`\|> redirect(to: ~p"/admin/log-in")`
+	`\|> halt()`
+	`end`
+	`end`
+	`end`

Admin core components

Shared admin UI components built with DaisyUI:

copy_button/1 - Inline copy-to-clipboard button that shows the value, displays a clipboard icon on hover, and swaps to a checkmark on copy. Auto-generates the required LiveView hook ID.

data_table/1 - Wraps Flop.Phoenix.table with admin styling: bordered container, hover highlights, whitespace-nowrap cells, and sortable column headers. Views only define columns and actions.

pagination/1 - Custom DaisyUI pagination using join buttons. Builds page links with ellipsis, previous/next buttons, and only renders when there are multiple pages.

format_boolean/1 , format_date/1 , format_datetime/1 - Display helpers that handle nil values with a "-" fallback, keeping templates clean.

lib/my_app_admin_web/components/core_components.ex Reveal

	`-0,0 +1,629 @@`
+	`defmodule MyAppAdminWeb.CoreComponents do`
+	`@moduledoc """`
+	`Admin UI components.`
+	`"""`
+	`use Phoenix.Component`
+
+	`alias Phoenix.LiveView.JS`
+
+	`@doc """`
+	`Renders flash notices.`
+
+	`## Examples`
+
+	`<.flash kind={:info} flash={@flash} />`
+	`<.flash kind={:info} phx-mounted={show("#flash")}>Welcome Back!</.flash>`
+	`"""`
+	`attr :id, :string, doc: "the optional id of flash container"`
+	`attr :flash, :map, default: %{}, doc: "the map of flash messages to display"`
+	`attr :title, :string, default: nil`
+	`attr :kind, :atom, values: [:info, :error], doc: "used for styling and flash lookup"`
+	`attr :rest, :global, doc: "the arbitrary HTML attributes to add to the flash container"`
+
+	`slot :inner_block, doc: "the optional inner block that renders the flash message"`
+
+	`def flash(assigns) do`
+	`assigns = assign_new(assigns, :id, fn -> "flash-#{assigns.kind}" end)`
+
+	`~H"""`
+	`<div`
+	`:if={msg = render_slot(@inner_block) \|\| Phoenix.Flash.get(@flash, @kind)}`
+	`id={@id}`
+	`phx-click={JS.push("lv:clear-flash", value: %{key: @kind}) \|> hide("##{@id}")}`
+	`role="alert"`
+	`class="toast toast-top toast-end z-50"`
+	`{@rest}`
+	`>`
+	`<div class={[`
+	`"alert w-80 sm:w-96 max-w-80 sm:max-w-96 text-wrap",`
+	`@kind == :info && "alert-info",`
+	`@kind == :error && "alert-error"`
+	`]}>`
+	`<.icon :if={@kind == :info} name="hero-information-circle" class="size-5 shrink-0" />`
+	`<.icon :if={@kind == :error} name="hero-exclamation-circle" class="size-5 shrink-0" />`
+	`<div>`
+	`<p :if={@title} class="font-semibold">{@title}</p>`
+	`<p>{msg}</p>`
+	`</div>`
+	`<div class="flex-1" />`
+	`<button type="button" class="group self-start cursor-pointer" aria-label="close">`
+	`<.icon name="hero-x-mark" class="size-5 opacity-40 group-hover:opacity-70" />`
+	`</button>`
+	`</div>`
+	`</div>`
+	`"""`
+	`end`
+
+	`@doc """`
+	`Renders a copy-to-clipboard button that displays a value and copies it on click.`
+
+	`## Examples`
+
+	`<.copy_button value={@user.email} />`
+	`"""`
+	`attr :value, :string, required: true`
+
+	`def copy_button(assigns) do`
+	`assigns = assign_new(assigns, :id, fn -> "copy-#{System.unique_integer([:positive])}" end)`
+
+	`~H"""`
+	`<span`
+	`id={@id}`
+	`phx-hook="CopyToClipboard"`
+	`data-copy-format="plain"`
+	`data-copy-value={@value}`
+	`data-copy-reset-after="2000"`
+	`phx-click={JS.dispatch("phx:copy")}`
+	`class="inline-flex items-center gap-1 cursor-pointer group"`
+	`>`
+	`{@value}`
+	`<.icon`
+	`name="hero-clipboard-document-mini"`
+	`class="size-4 opacity-0 group-hover:opacity-100 copied:!hidden"`
+	`/>`
+	`<.icon`
+	`name="hero-clipboard-document-check-mini"`
+	`class="size-4 hidden copied:!inline text-success"`
+	`/>`
+	`</span>`
+	`"""`
+	`end`
+
+	`@doc """`
+	`Renders a button.`
+
+	`## Examples`
+
+	`<.button>Send!</.button>`
+	`<.button phx-click="go" variant="primary">Send!</.button>`
+	`<.button navigate={~p"/"}>Home</.button>`
+	`"""`
+	`attr :rest, :global, include: ~w(href navigate patch method download name value disabled)`
+	`attr :class, :any`
+	`attr :variant, :string, values: ~w(primary)`
+	`slot :inner_block, required: true`
+
+	`def button(%{rest: rest} = assigns) do`
+	`variants = %{"primary" => "btn-primary", nil => "btn-primary btn-soft"}`
+
+	`assigns =`
+	`assign_new(assigns, :class, fn ->`
+	`["btn", Map.fetch!(variants, assigns[:variant])]`
+	`end)`
+
+	`if rest[:href] \|\| rest[:navigate] \|\| rest[:patch] do`
+	`~H"""`
+	`<.link class={@class} {@rest}>`
+	`{render_slot(@inner_block)}`
+	`</.link>`
+	`"""`
+	`else`
+	`~H"""`
+	`<button class={@class} {@rest}>`
+	`{render_slot(@inner_block)}`
+	`</button>`
+	`"""`
+	`end`
+	`end`
+
+	`@doc """`
+	`Renders an input with label and error messages.`
+
+	A `Phoenix.HTML.FormField` may be passed as argument,
+	`which is used to retrieve the input name, id, and values.`
+	`Otherwise all attributes may be passed explicitly.`
+
+	`## Examples`
+
+	`<.input field={@form[:email]} type="email" />`
+	`<.input name="my-input" errors={["oh no!"]} />`
+	`"""`
+	`attr :id, :any, default: nil`
+	`attr :name, :any`
+	`attr :label, :string, default: nil`
+	`attr :value, :any`
+
+	`attr :type, :string,`
+	`default: "text",`
+	`values: ~w(checkbox color date datetime-local email file month number password`
+	`search select tel text textarea time url week hidden)`
+
+	`attr :field, Phoenix.HTML.FormField,`
+	`doc: "a form field struct retrieved from the form, for example: @form[:email]"`
+
+	`attr :errors, :list, default: []`
+	`attr :checked, :boolean, doc: "the checked flag for checkbox inputs"`
+	`attr :prompt, :string, default: nil, doc: "the prompt for select inputs"`
+	`attr :options, :list, doc: "the options to pass to Phoenix.HTML.Form.options_for_select/2"`
+	`attr :multiple, :boolean, default: false, doc: "the multiple flag for select inputs"`
+	`attr :class, :any, default: nil, doc: "the input class to use over defaults"`
+	`attr :error_class, :any, default: nil, doc: "the input error class to use over defaults"`
+
+	`attr :rest, :global,`
+	`include: ~w(accept autocomplete capture cols disabled form list max maxlength min minlength`
+	`multiple pattern placeholder readonly required rows size step)`
+
+	`def input(%{field: %Phoenix.HTML.FormField{} = field} = assigns) do`
+	`errors = if Phoenix.Component.used_input?(field), do: field.errors, else: []`
+
+	`assigns`
+	`\|> assign(field: nil, id: assigns.id \|\| field.id)`
+	`\|> assign(:errors, Enum.map(errors, &translate_error(&1)))`
+	`\|> assign_new(:name, fn -> if assigns.multiple, do: field.name <> "[]", else: field.name end)`
+	`\|> assign_new(:value, fn -> field.value end)`
+	`\|> input()`
+	`end`
+
+	`def input(%{type: "hidden"} = assigns) do`
+	`~H"""`
+	`<input type="hidden" id={@id} name={@name} value={@value} {@rest} />`
+	`"""`
+	`end`
+
+	`def input(%{type: "checkbox"} = assigns) do`
+	`assigns =`
+	`assign_new(assigns, :checked, fn ->`
+	`Phoenix.HTML.Form.normalize_value("checkbox", assigns[:value])`
+	`end)`
+
+	`~H"""`
+	`<div class="fieldset mb-2">`
+	`<label>`
+	`<input`
+	`type="hidden"`
+	`name={@name}`
+	`value="false"`
+	`disabled={@rest[:disabled]}`
+	`form={@rest[:form]}`
+	`/>`
+	`<span class="label">`
+	`<input`
+	`type="checkbox"`
+	`id={@id}`
+	`name={@name}`
+	`value="true"`
+	`checked={@checked}`
+	`class={@class \|\| "checkbox checkbox-sm"}`
+	`{@rest}`
+	`/>{@label}`
+	`</span>`
+	`</label>`
+	`<.error :for={msg <- @errors}>{msg}</.error>`
+	`</div>`
+	`"""`
+	`end`
+
+	`def input(%{type: "select"} = assigns) do`
+	`~H"""`
+	`<div class="fieldset mb-2">`
+	`<label>`
+	`<span :if={@label} class="label mb-1">{@label}</span>`
+	`<select`
+	`id={@id}`
+	`name={@name}`
+	`class={[@class \|\| "w-full select", @errors != [] && (@error_class \|\| "select-error")]}`
+	`multiple={@multiple}`
+	`{@rest}`
+	`>`
+	`<option :if={@prompt} value="">{@prompt}</option>`
+	`{Phoenix.HTML.Form.options_for_select(@options, @value)}`
+	`</select>`
+	`</label>`
+	`<.error :for={msg <- @errors}>{msg}</.error>`
+	`</div>`
+	`"""`
+	`end`
+
+	`def input(%{type: "textarea"} = assigns) do`
+	`~H"""`
+	`<div class="fieldset mb-2">`
+	`<label>`
+	`<span :if={@label} class="label mb-1">{@label}</span>`
+	`<textarea`
+	`id={@id}`
+	`name={@name}`
+	`class={[`
+	`@class \|\| "w-full textarea",`
+	`@errors != [] && (@error_class \|\| "textarea-error")`
+	`]}`
+	`{@rest}`
+	`>{Phoenix.HTML.Form.normalize_value("textarea", @value)}</textarea>`
+	`</label>`
+	`<.error :for={msg <- @errors}>{msg}</.error>`
+	`</div>`
+	`"""`
+	`end`
+
+	`def input(assigns) do`
+	`~H"""`
+	`<div class="fieldset mb-2">`
+	`<label>`
+	`<span :if={@label} class="label mb-1">{@label}</span>`
+	`<input`
+	`type={@type}`
+	`name={@name}`
+	`id={@id}`
+	`value={Phoenix.HTML.Form.normalize_value(@type, @value)}`
+	`class={[`
+	`@class \|\| "w-full input",`
+	`@errors != [] && (@error_class \|\| "input-error")`
+	`]}`
+	`{@rest}`
+	`/>`
+	`</label>`
+	`<.error :for={msg <- @errors}>{msg}</.error>`
+	`</div>`
+	`"""`
+	`end`
+
+	`defp error(assigns) do`
+	`~H"""`
+	`<p class="mt-1.5 flex gap-2 items-center text-sm text-error">`
+	`<.icon name="hero-exclamation-circle" class="size-5" />`
+	`{render_slot(@inner_block)}`
+	`</p>`
+	`"""`
+	`end`
+
+	`@doc """`
+	`Renders a header with title.`
+	`"""`
+	`slot :inner_block, required: true`
+	`slot :subtitle`
+	`slot :actions`
+
+	`def header(assigns) do`
+	`~H"""`
+	`<header class={[@actions != [] && "flex items-center justify-between gap-6", "pb-4"]}>`
+	`<div>`
+	`<h1 class="text-lg font-semibold leading-8">`
+	`{render_slot(@inner_block)}`
+	`</h1>`
+	`<p :if={@subtitle != []} class="text-sm text-base-content/70">`
+	`{render_slot(@subtitle)}`
+	`</p>`
+	`</div>`
+	`<div class="flex-none">{render_slot(@actions)}</div>`
+	`</header>`
+	`"""`
+	`end`
+
+	`@doc """`
+	`Renders a table with generic styling.`
+
+	`## Examples`
+
+	`<.table id="users" rows={@users}>`
+	`<:col :let={user} label="id">{user.id}</:col>`
+	`<:col :let={user} label="username">{user.username}</:col>`
+	`</.table>`
+	`"""`
+	`attr :id, :string, required: true`
+	`attr :rows, :list, required: true`
+	`attr :row_id, :any, default: nil, doc: "the function for generating the row id"`
+	`attr :row_click, :any, default: nil, doc: "the function for handling phx-click on each row"`
+
+	`attr :row_item, :any,`
+	`default: &Function.identity/1,`
+	`doc: "the function for mapping each row before calling the :col and :action slots"`
+
+	`slot :col, required: true do`
+	`attr :label, :string`
+	`end`
+
+	`slot :action, doc: "the slot for showing user actions in the last table column"`
+
+	`def table(assigns) do`
+	`assigns =`
+	`with %{rows: %Phoenix.LiveView.LiveStream{}} <- assigns do`
+	`assign(assigns, row_id: assigns.row_id \|\| fn {id, _item} -> id end)`
+	`end`
+
+	`~H"""`
+	`<table class="table">`
+	`<thead>`
+	`<tr>`
+	`<th :for={col <- @col}>{col[:label]}</th>`
+	`<th :if={@action != []}>`
+	`<span class="sr-only">Actions</span>`
+	`</th>`
+	`</tr>`
+	`</thead>`
+	`<tbody id={@id} phx-update={is_struct(@rows, Phoenix.LiveView.LiveStream) && "stream"}>`
+	`<tr :for={row <- @rows} id={@row_id && @row_id.(row)}>`
+	`<td`
+	`:for={col <- @col}`
+	`phx-click={@row_click && @row_click.(row)}`
+	`class={@row_click && "hover:cursor-pointer"}`
+	`>`
+	`{render_slot(col, @row_item.(row))}`
+	`</td>`
+	`<td :if={@action != []} class="w-0 font-semibold">`
+	`<div class="flex gap-4">`
+	`<%= for action <- @action do %>`
+	`{render_slot(action, @row_item.(row))}`
+	`<% end %>`
+	`</div>`
+	`</td>`
+	`</tr>`
+	`</tbody>`
+	`</table>`
+	`"""`
+	`end`
+
+	`@doc """`
+	`Renders a sortable data table using Flop.Phoenix with standard admin styling.`
+
+	`## Examples`
+
+	`<.data_table items={@users} meta={@meta} path={~p"/admin/users"} id="users">`
+	`<:col :let={user} label="Email" field={:email}>{user.email}</:col>`
+	`<:action :let={user}>`
+	`<.link navigate={~p"/admin/users/\#{user}"}>Show</.link>`
+	`</:action>`
+	`</.data_table>`
+	`"""`
+	`attr :items, :list, required: true`
+	`attr :meta, Flop.Meta, required: true`
+	`attr :path, :string, required: true`
+	`attr :id, :string, required: true`
+	`attr :row_click, :any, default: nil`
+
+	`slot :col do`
+	`attr :label, :string`
+	`attr :field, :atom`
+	`end`
+
+	`slot :action`
+
+	`def data_table(assigns) do`
+	`~H"""`
+	`<div class="overflow-x-auto rounded-box border border-base-content/5 bg-base-100">`
+	`<Flop.Phoenix.table`
+	`items={@items}`
+	`meta={@meta}`
+	`path={@path}`
+	`id={@id}`
+	`row_click={@row_click}`
+	`opts={[`
+	`table_attrs: [class: "table [&_tr:hover]:bg-base-200 [&_td]:whitespace-nowrap [&_th]:whitespace-nowrap"],`
+	`thead_attrs: [class: "[&_th]:cursor-pointer"],`
+	`thead_th_attrs: [class: "hover:bg-base-200"]`
+	`]}`
+	`>`
+	`<:col :let={item} :for={col <- @col} label={col[:label]} field={col[:field]}>`
+	`{render_slot(col, item)}`
+	`</:col>`
+	`<:action :let={item} :for={action <- @action}>`
+	`{render_slot(action, item)}`
+	`</:action>`
+	`</Flop.Phoenix.table>`
+	`</div>`
+	`"""`
+	`end`
+
+	`@doc """`
+	`Renders DaisyUI pagination controls.`
+
+	`Only renders when there is more than 1 page of results.`
+
+	`## Examples`
+
+	`<.pagination meta={@meta} path={~p"/admin/users"} />`
+	`"""`
+	`attr :meta, Flop.Meta, required: true`
+	`attr :path, :string, required: true`
+
+	`def pagination(assigns) do`
+	`assigns = assign(assigns, :page_links, build_page_links(assigns.meta, 5))`
+
+	`~H"""`
+	`<div :if={@meta.total_pages > 1} class="flex justify-end mt-4">`
+	`<div class="join">`
+	`<.link`
+	`patch={Flop.Phoenix.build_path(@path, Flop.set_page(@meta.flop, @meta.current_page - 1))}`
+	`class={["join-item btn btn-sm", @meta.current_page == 1 && "btn-disabled"]}`
+	`>`
+	`«`
+	`</.link>`
+	`<.link`
+	`:for={{page, type} <- @page_links}`
+	`patch={Flop.Phoenix.build_path(@path, Flop.set_page(@meta.flop, page))}`
+	`class={[`
+	`"join-item btn btn-sm",`
+	`type == :current && "btn-active",`
+	`type == :ellipsis && "btn-disabled"`
+	`]}`
+	`>`
+	`{if type == :ellipsis, do: "…", else: page}`
+	`</.link>`
+	`<.link`
+	`patch={Flop.Phoenix.build_path(@path, Flop.set_page(@meta.flop, @meta.current_page + 1))}`
+	`class={[`
+	`"join-item btn btn-sm",`
+	`@meta.current_page == @meta.total_pages && "btn-disabled"`
+	`]}`
+	`>`
+	`»`
+	`</.link>`
+	`</div>`
+	`</div>`
+	`"""`
+	`end`
+
+	`defp build_page_links(meta, max_pages) do`
+	`current = meta.current_page`
+	`total = meta.total_pages`
+
+	`range =`
+	`if total <= max_pages do`
+	`Enum.to_list(1..total)`
+	`else`
+	`half = div(max_pages, 2)`
+	`start = max(1, min(current - half, total - max_pages + 1))`
+	`stop = min(total, start + max_pages - 1)`
+	`Enum.to_list(start..stop)`
+	`end`
+
+	`range`
+	`\|> maybe_add_ellipsis(:left, total)`
+	`\|> maybe_add_ellipsis(:right, total)`
+	`\|> Enum.map(fn`
+	`:ellipsis -> {0, :ellipsis}`
+	`page when page == current -> {page, :current}`
+	`page -> {page, :page}`
+	`end)`
+	`end`
+
+	`defp maybe_add_ellipsis([first \| _] = pages, :left, _total) when first > 2,`
+	`do: [1, :ellipsis \| pages]`
+
+	`defp maybe_add_ellipsis([first \| _] = pages, :left, _total) when first == 2,`
+	`do: [1 \| pages]`
+
+	`defp maybe_add_ellipsis(pages, :left, _total), do: pages`
+
+	`defp maybe_add_ellipsis(pages, :right, total) do`
+	`last = List.last(pages)`
+
+	`cond do`
+	`last < total - 1 -> pages ++ [:ellipsis, total]`
+	`last == total - 1 -> pages ++ [total]`
+	`true -> pages`
+	`end`
+	`end`
+
+	`@doc """`
+	`Formats a boolean for display. Returns "Yes", "No", or "-" for nil.`
+	`"""`
+	`def format_boolean(nil), do: "-"`
+	`def format_boolean(true), do: "Yes"`
+	`def format_boolean(false), do: "No"`
+
+	`@doc """`
+	`Formats a date for display.`
+
+	`## Examples`
+
+	`format_date(~U[2025-01-15 12:00:00Z])`
+	`#=> "January 15, 2025"`
+	`"""`
+	`def format_date(nil), do: "-"`
+
+	`def format_date(datetime), do: Calendar.strftime(datetime, "%B %d, %Y")`
+
+	`@doc """`
+	`Formats a datetime for display. Returns "-" for nil values.`
+
+	`## Examples`
+
+	`format_datetime(~U[2025-01-15 12:30:00Z])`
+	`#=> "January 15, 2025 at 12:30 PM"`
+	`"""`
+	`def format_datetime(nil), do: "-"`
+
+	`def format_datetime(datetime), do: Calendar.strftime(datetime, "%B %d, %Y at %I:%M %p")`
+
+	`@doc """`
+	`Renders a data list.`
+
+	`## Examples`
+
+	`<.list>`
+	`<:item title="Title">{@post.title}</:item>`
+	`<:item title="Views">{@post.views}</:item>`
+	`</.list>`
+	`"""`
+	`slot :item, required: true do`
+	`attr :title, :string, required: true`
+	`end`
+
+	`def list(assigns) do`
+	`~H"""`
+	`<ul class="list">`
+	`<li :for={item <- @item} class="list-row">`
+	`<div class="list-col-grow">`
+	`<div class="font-bold">{item.title}</div>`
+	`<div>{render_slot(item)}</div>`
+	`</div>`
+	`</li>`
+	`</ul>`
+	`"""`
+	`end`
+
+	`@doc """`
+	`Renders a [Heroicon](https://heroicons.com).`
+
+	`## Examples`
+
+	`<.icon name="hero-x-mark" />`
+	`<.icon name="hero-arrow-path" class="ml-1 size-3 motion-safe:animate-spin" />`
+	`"""`
+	`attr :name, :string, required: true`
+	`attr :class, :any, default: "size-4"`
+
+	`def icon(%{name: "hero-" <> _} = assigns) do`
+	`~H"""`
+	`<span class={[@name, @class]} />`
+	`"""`
+	`end`
+
+	`## JS Commands`
+
+	`def show(js \\ %JS{}, selector) do`
+	`JS.show(js,`
+	`to: selector,`
+	`time: 300,`
+	`transition:`
+	`{"transition-all ease-out duration-300",`
+	`"opacity-0 translate-y-4 sm:translate-y-0 sm:scale-95",`
+	`"opacity-100 translate-y-0 sm:scale-100"}`
+	`)`
+	`end`
+
+	`def hide(js \\ %JS{}, selector) do`
+	`JS.hide(js,`
+	`to: selector,`
+	`time: 200,`
+	`transition:`
+	`{"transition-all ease-in duration-200", "opacity-100 translate-y-0 sm:scale-100",`
+	`"opacity-0 translate-y-4 sm:translate-y-0 sm:scale-95"}`
+	`)`
+	`end`
+
+	`@doc """`
+	`Translates an error message.`
+	`"""`
+	`def translate_error({msg, opts}) do`
+	`Enum.reduce(opts, msg, fn {key, value}, acc ->`
+	`String.replace(acc, "%{#{key}}", fn _ -> to_string(value) end)`
+	`end)`
+	`end`
+
+	`@doc """`
+	`Translates the errors for a field from a keyword list of errors.`
+	`"""`
+	`def translate_errors(errors, field) when is_list(errors) do`
+	`for {^field, {msg, opts}} <- errors, do: translate_error({msg, opts})`
+	`end`
+	`end`

Admin layout components

Layout components including admin_ui/1 , the main authenticated layout with the sidebar navigation, flash messages, and content area. Configures sidebar items for Dashboard, Users, and Admin Users pages.

lib/my_app_admin_web/components/layouts.ex Reveal

	`-0,0 +1,126 @@`
+	`defmodule MyAppAdminWeb.Layouts do`
+	`@moduledoc """`
+	`Admin layout components.`
+	`"""`
+	`use MyAppAdminWeb, :html`
+
+	`embed_templates "layouts/*"`
+
+	`attr :flash, :map, required: true`
+	`attr :current_scope, :map, default: nil`
+	`slot :inner_block, required: true`
+
+	`def app(assigns) do`
+	`~H"""`
+	`<main class="px-4 py-20 sm:px-6 lg:px-8">`
+	`<div class="mx-auto max-w-2xl space-y-4">`
+	`{render_slot(@inner_block)}`
+	`</div>`
+	`</main>`
+
+	`<.flash_group flash={@flash} />`
+	`"""`
+	`end`
+
+	`@doc """`
+	`A complete sidebar layout for authenticated admin pages.`
+	`"""`
+	`attr :flash, :map, required: true`
+	`attr :current_scope, :map, default: nil`
+	`attr :page_selected, :atom, required: true`
+	`slot :inner_block, required: true`
+
+	`def admin_ui(assigns) do`
+	`import MyAppAdminWeb.Components.Layouts.AppSidebar`
+
+	`~H"""`
+	`<.sidebar_layout_sidebar>`
+	`<.sidebar_item`
+	`icon="hero-home-mini"`
+	`navigate={~p"/admin"}`
+	`current={@page_selected == :dashboard}`
+	`>`
+	`Home`
+	`</.sidebar_item>`
+
+	`<:section title="App">`
+	`<.sidebar_item`
+	`icon="hero-user-circle-mini"`
+	`navigate={~p"/admin/users"}`
+	`current={@page_selected == :users}`
+	`>`
+	`Users`
+	`</.sidebar_item>`
+	`</:section>`
+
+	`<:section title="Admin">`
+	`<.sidebar_item`
+	`icon="hero-user-group-mini"`
+	`navigate={~p"/admin/admin-users"}`
+	`current={@page_selected == :admin_users}`
+	`>`
+	`Admin Users`
+	`</.sidebar_item>`
+	`</:section>`
+
+	`<:bottom>`
+	`<.sidebar_bottom_item`
+	`icon="hero-arrows-right-left-mini"`
+	`navigate={~p"/users/log-in"}`
+	`>`
+	`App`
+	`</.sidebar_bottom_item>`
+	`<.sidebar_bottom_item`
+	`icon="hero-arrow-left-end-on-rectangle-mini"`
+	`href={~p"/admin/log-out"}`
+	`method="delete"`
+	`>`
+	`Sign out`
+	`</.sidebar_bottom_item>`
+	`</:bottom>`
+	`</.sidebar_layout_sidebar>`
+
+	`<.flash_group flash={@flash} />`
+
+	`<.sidebar_layout_content>`
+	`{render_slot(@inner_block)}`
+	`</.sidebar_layout_content>`
+	`"""`
+	`end`
+
+	`attr :flash, :map, required: true, doc: "the map of flash messages"`
+	`attr :id, :string, default: "flash-group", doc: "the optional id of flash container"`
+
+	`def flash_group(assigns) do`
+	`~H"""`
+	`<div id={@id} aria-live="polite">`
+	`<.flash kind={:info} flash={@flash} />`
+	`<.flash kind={:error} flash={@flash} />`
+
+	`<.flash`
+	`id="client-error"`
+	`kind={:error}`
+	`title="We can't find the internet"`
+	`phx-disconnected={show(".phx-client-error #client-error") \|> JS.remove_attribute("hidden")}`
+	`phx-connected={hide("#client-error") \|> JS.set_attribute({"hidden", ""})}`
+	`hidden`
+	`>`
+	`Attempting to reconnect`
+	`<.icon name="hero-arrow-path" class="ml-1 size-3 motion-safe:animate-spin" />`
+	`</.flash>`
+
+	`<.flash`
+	`id="server-error"`
+	`kind={:error}`
+	`title="Something went wrong!"`
+	`phx-disconnected={show(".phx-server-error #server-error") \|> JS.remove_attribute("hidden")}`
+	`phx-connected={hide("#server-error") \|> JS.set_attribute({"hidden", ""})}`
+	`hidden`
+	`>`
+	`Attempting to reconnect`
+	`<.icon name="hero-arrow-path" class="ml-1 size-3 motion-safe:animate-spin" />`
+	`</.flash>`
+	`</div>`
+	`"""`
+	`end`
+	`end`

Sidebar layout

A responsive sidebar with mobile drawer support. On desktop, it's a fixed 72-unit wide panel. On mobile, it slides in as an overlay with backdrop. Built with Phoenix.LiveView.JS commands for show/hide transitions.

lib/my_app_admin_web/components/layouts/app_sidebar.ex Reveal

	`-0,0 +1,217 @@`
+	`defmodule MyAppAdminWeb.Components.Layouts.AppSidebar do`
+	`use MyAppAdminWeb, :html`
+
+	`slot :inner_block, required: true`
+
+	`def sidebar_layout_content(assigns) do`
+	`~H"""`
+	`<div class="lg:pl-72">`
+	`<div class="lg:hidden sticky top-0 z-40 flex h-16 shrink-0 items-center gap-x-4 bg-base-100 px-4 sm:gap-x-6 sm:px-6 shadow">`
+	`<button`
+	`type="button"`
+	`class="-m-2.5 p-2.5 text-gray-700 lg:hidden"`
+	`phx-click={show_mobile_sidebar()}`
+	`>`
+	`<span class="sr-only">Open sidebar</span>`
+	`<.icon name="hero-bars-3" class="size-6" />`
+	`</button>`
+	`<h1 class="text-brand text-sm font-semibold">`
+	`MyAppWeb`
+	`</h1>`
+	`<div class="flex-1 flex justify-end">`
+	`<img class="h-6 w-auto" src={~p"/images/logo.svg"} alt="MyAppWeb" />`
+	`<small class="text-brand bg-brand/5 text-[0.8125rem] ml-3 rounded-full px-2 font-medium leading-6">`
+	`v{Application.spec(:phoenix, :vsn)}`
+	`</small>`
+	`</div>`
+	`</div>`
+	`<main class="py-4">`
+	`<div class="px-4 sm:px-6 lg:px-8">`
+	`{render_slot(@inner_block)}`
+	`</div>`
+	`</main>`
+	`</div>`
+	`"""`
+	`end`
+
+	`slot :inner_block`
+
+	`slot :section do`
+	`attr :title, :string`
+	`end`
+
+	`slot :bottom`
+
+	`def sidebar_layout_sidebar(assigns) do`
+	`~H"""`
+	`<.sidebar_layout_wrapper>`
+	`<div class="flex grow flex-col gap-y-1 overflow-y-auto bg-base-200 px-6 pb-4 border-r border-base-300">`
+	`<div class="flex h-16 shrink-0 items-center">`
+	`<img class="h-6 w-auto" src={~p"/images/logo.svg"} alt="MyAppWeb" />`
+	`<small class="text-brand bg-brand/5 text-[0.8125rem] ml-3 rounded-full px-2 font-medium leading-6">`
+	`v{Application.spec(:phoenix, :vsn)}`
+	`</small>`
+	`</div>`
+	`<nav class="flex flex-1 flex-col">`
+	`<ul role="list" class="flex flex-1 flex-col gap-y-6">`
+	`<li>`
+	`<ul role="list" class="-mx-2 space-y-1">`
+	`{render_slot(@inner_block)}`
+	`</ul>`
+	`</li>`
+	`<li :for={section <- @section}>`
+	`<div class="text-xs/6 font-semibold">`
+	`{section.title}`
+	`</div>`
+	`<ul role="list" class="-mx-2 mt-2 space-y-1">`
+	`{render_slot(section)}`
+	`</ul>`
+	`</li>`
+	`</ul>`
+	`<ul role="list" class="flex flex-col justify-end gap-y-1">`
+	`{render_slot(@bottom)}`
+	`</ul>`
+	`</nav>`
+	`</div>`
+	`</.sidebar_layout_wrapper>`
+	`"""`
+	`end`
+
+	`attr :current, :boolean, default: false`
+	`attr :icon, :string, default: nil`
+	`attr :symbol, :string, default: nil`
+	`attr :rest, :global, include: ~w(href method navigate patch)`
+	`slot :inner_block`
+
+	`def sidebar_item(assigns) do`
+	`~H"""`
+	`<li>`
+	`<.link`
+	`{@rest}`
+	`class={[`
+	`if @current do`
+	`"bg-base-100"`
+	`else`
+	`"text-base-content/80 hover:text-base-content hover:bg-base-100 active:bg-base-100 active:scale-95"`
+	`end,`
+	`"transition-all group flex gap-x-3 rounded-md p-2 text-sm/6 font-semibold"`
+	`]}`
+	`>`
+	`<span class="flex size-6 shrink-0 items-center justify-center rounded-lg border border-base-300 bg-base-300 text-[0.625rem] font-medium text-base-content/80">`
+	`<%= if @icon do %>`
+	`<.icon :if={@icon} name={@icon} class="size-4 shrink-0" />`
+	`<% else %>`
+	`{@symbol}`
+	`<% end %>`
+	`</span>`
+	`<span class="truncate">{render_slot(@inner_block)}</span>`
+	`</.link>`
+	`</li>`
+	`"""`
+	`end`
+
+	`attr :icon, :string, required: true`
+	`attr :rest, :global, include: ~w(href method navigate patch)`
+	`slot :inner_block`
+
+	`def sidebar_bottom_item(assigns) do`
+	`~H"""`
+	`<li class="mt-auto">`
+	`<.link`
+	`{@rest}`
+	`class="group -mx-2 flex items-center gap-x-3 rounded-md p-2 text-sm/6 font-semibold text-base-content hover:bg-base-100 hover:text-base-content/80"`
+	`>`
+	`<.icon`
+	`name={@icon}`
+	`class="size-4 shrink-0 text-base-content group-hover:text-base-content/80"`
+	`/>`
+	`{render_slot(@inner_block)}`
+	`</.link>`
+	`</li>`
+	`"""`
+	`end`
+
+	`slot :inner_block`
+
+	`def sidebar_layout_wrapper(assigns) do`
+	`~H"""`
+	`<.sidebar_layout_wrapper_mobile>`
+	`{render_slot(@inner_block)}`
+	`</.sidebar_layout_wrapper_mobile>`
+	`<.sidebar_layout_wrapper_desktop>`
+	`{render_slot(@inner_block)}`
+	`</.sidebar_layout_wrapper_desktop>`
+	`"""`
+	`end`
+
+	`slot :inner_block`
+
+	`def sidebar_layout_wrapper_mobile(assigns) do`
+	`~H"""`
+	`<div id="sidebar" class="relative z-50 hidden" role="dialog" aria-modal="true">`
+	`<div id="sidebar-bg" class="fixed inset-0 bg-gray-900/80" aria-hidden="true"></div>`
+	`<div class="fixed inset-0 flex">`
+	`<div id="sidebar-container" class="relative mr-16 flex w-full max-w-xs flex-1">`
+	`<div id="sidebar-close" class="absolute left-full top-0 flex w-16 justify-center pt-5">`
+	`<button type="button" class="-m-2.5 p-2.5" phx-click={hide_mobile_sidebar()}>`
+	`<span class="sr-only">Close sidebar</span>`
+	`<.icon name="hero-x-mark" class="size-6 text-white" />`
+	`</button>`
+	`</div>`
+	`{render_slot(@inner_block)}`
+	`</div>`
+	`</div>`
+	`</div>`
+	`"""`
+	`end`
+
+	`slot :inner_block`
+
+	`def sidebar_layout_wrapper_desktop(assigns) do`
+	`~H"""`
+	`<div class="hidden lg:fixed lg:inset-y-0 lg:z-50 lg:flex lg:w-72 lg:flex-col">`
+	`{render_slot(@inner_block)}`
+	`</div>`
+	`"""`
+	`end`
+
+	`## JS Commands`
+
+	`def show_mobile_sidebar() do`
+	`%JS{}`
+	`\|> JS.show(`
+	`to: "#sidebar-bg",`
+	`transition: {"transition-opacity ease-linear duration-200", "opacity-0", "opacity-100"}`
+	`)`
+	`\|> JS.show(`
+	`to: "#sidebar-container",`
+	`display: "flex",`
+	`transition:`
+	`{"transition ease-in-out duration-200 transform", "-translate-x-full", "translate-x-0"}`
+	`)`
+	`\|> JS.show(`
+	`to: "#sidebar-close",`
+	`display: "flex",`
+	`transition: {"ease-in-out duration-200", "opacity-0", "opacity-100"}`
+	`)`
+	`\|> JS.show(to: "#sidebar")`
+	`end`
+
+	`def hide_mobile_sidebar() do`
+	`%JS{}`
+	`\|> JS.hide(`
+	`to: "#sidebar-bg",`
+	`transition: {"transition-opacity ease-linear duration-200", "opacity-100", "opacity-0"}`
+	`)`
+	`\|> JS.hide(`
+	`to: "#sidebar-container",`
+	`transition:`
+	`{"transition ease-in-out duration-200 transform", "translate-x-0", "-translate-x-full"}`
+	`)`
+	`\|> JS.hide(`
+	`to: "#sidebar-close",`
+	`transition: {"ease-in-out duration-200", "opacity-100", "opacity-0"}`
+	`)`
+	`\|> JS.hide(to: "#sidebar", transition: {"block", "block", "hidden"})`
+	`end`
+	`end`

Admin root layout

The admin HTML shell loads the admin-specific CSS and JS bundles. Includes the same theme persistence script as the main app.

lib/my_app_admin_web/components/layouts/root.html.heex Reveal

	`-0,0 +1,36 @@`
+	`<!DOCTYPE html>`
+	`<html lang="en">`
+	`<head>`
+	`<meta charset="utf-8" />`
+	`<meta name="viewport" content="width=device-width, initial-scale=1" />`
+	`<meta name="csrf-token" content={get_csrf_token()} />`
+	`<.live_title default="MyApp Admin" suffix=" · Phoenix Framework">`
+	`{assigns[:page_title]}`
+	`</.live_title>`
+	`<link phx-track-static rel="stylesheet" href={~p"/assets/css/admin.css"} />`
+	`<script defer phx-track-static type="text/javascript" src={~p"/assets/js/admin.js"}>`
+	`</script>`
+	`<script>`
+	`(() => {`
+	`const setTheme = (theme) => {`
+	`if (theme === "system") {`
+	`localStorage.removeItem("phx:theme");`
+	`document.documentElement.removeAttribute("data-theme");`
+	`} else {`
+	`localStorage.setItem("phx:theme", theme);`
+	`document.documentElement.setAttribute("data-theme", theme);`
+	`}`
+	`};`
+	`if (!document.documentElement.hasAttribute("data-theme")) {`
+	`setTheme(localStorage.getItem("phx:theme") \|\| "system");`
+	`}`
+	`window.addEventListener("storage", (e) => e.key === "phx:theme" && setTheme(e.newValue \|\| "system"));`
+
+	`window.addEventListener("phx:set-theme", (e) => setTheme(e.target.dataset.phxTheme));`
+	`})();`
+	`</script>`
+	`</head>`
+	`<body>`
+	`{@inner_content}`
+	`</body>`
+	`</html>`

Session controller

Handles the POST from the confirmation page (consuming the magic link token and creating a session) and DELETE for logout.

lib/my_app_admin_web/controllers/admin_user_session_controller.ex Reveal

	`-0,0 +1,22 @@`
+	`defmodule MyAppAdminWeb.AdminUserSessionController do`
+	`use MyAppAdminWeb, :controller`
+
+	`alias MyAppAdmin.Accounts`
+	`alias MyAppAdminWeb.AdminUserAuth`
+
+	`def create(conn, %{"admin_user" => %{"token" => token}}) do`
+	`case Accounts.login_admin_user_by_magic_link(token) do`
+	`{:ok, {admin_user, _expired_tokens}} ->`
+	`AdminUserAuth.log_in_admin_user(conn, admin_user)`
+
+	`{:error, :not_found} ->`
+	`conn`
+	`\|> put_flash(:error, "Magic link is invalid or it has expired.")`
+	`\|> redirect(to: ~p"/admin/log-in")`
+	`end`
+	`end`
+
+	`def delete(conn, _params) do`
+	`AdminUserAuth.log_out_admin_user(conn)`
+	`end`
+	`end`

Impersonation controller

create/2 starts impersonation by storing the admin's session token in impersonating_admin_token and logging in as the target user via the main app's UserAuth .

delete/2 ends impersonation by clearing the user session and redirecting back to the admin panel.

lib/my_app_admin_web/controllers/impersonation_controller.ex Reveal

	`-0,0 +1,29 @@`
+	`defmodule MyAppAdminWeb.ImpersonationController do`
+	`use MyAppAdminWeb, :controller`
+
+	`alias MyApp.Accounts`
+	`alias MyAppAdmin.Query`
+
+	`def create(conn, %{"user_id" => user_id}) do`
+	`user = Query.Users.get!(user_id)`
+
+	`conn`
+	`\|> put_session(:impersonating_admin_token, get_session(conn, :admin_user_token))`
+	`\|> MyAppWeb.UserAuth.log_in_user(user)`
+	`end`
+
+	`def delete(conn, _params) do`
+	`user_token = get_session(conn, :user_token)`
+	`user_token && Accounts.delete_user_session_token(user_token)`
+
+	`if live_socket_id = get_session(conn, :live_socket_id) do`
+	`MyAppWeb.Endpoint.broadcast(live_socket_id, "disconnect", %{})`
+	`end`
+
+	`conn`
+	`\|> delete_session(:user_token)`
+	`\|> delete_session(:impersonating_admin_token)`
+	`\|> delete_session(:live_socket_id)`
+	`\|> redirect(to: ~p"/admin")`
+	`end`
+	`end`

Magic link confirmation

When a user clicks the magic link in their email, this page verifies the token and shows a "Log in" button. The form submits to the session controller to complete the login flow.

lib/my_app_admin_web/live/admin_user_live/confirmation.ex Reveal

	`-0,0 +1,49 @@`
+	`defmodule MyAppAdminWeb.AdminUserLive.Confirmation do`
+	`use MyAppAdminWeb, :live_view`
+
+	`alias MyAppAdmin.Accounts`
+
+	`def render(assigns) do`
+	`~H"""`
+	`<Layouts.app flash={@flash}>`
+	`<div class="mx-auto max-w-sm space-y-4">`
+	`<div class="text-center">`
+	`<.header>Welcome {@admin_user.email}</.header>`
+	`</div>`
+
+	`<.form`
+	`for={@form}`
+	`id="magic_link_form"`
+	`phx-mounted={JS.focus_first()}`
+	`phx-submit="submit"`
+	`action={~p"/admin/log-in"}`
+	`phx-trigger-action={@trigger_submit}`
+	`>`
+	`<input type="hidden" name={@form[:token].name} value={@form[:token].value} />`
+	`<.button phx-disable-with="Logging in..." class="btn btn-primary w-full">`
+	`Log in`
+	`</.button>`
+	`</.form>`
+	`</div>`
+	`</Layouts.app>`
+	`"""`
+	`end`
+
+	`def mount(%{"token" => token}, _session, socket) do`
+	`if admin_user = Accounts.get_admin_user_by_magic_link_token(token) do`
+	`form = to_form(%{"token" => token}, as: "admin_user")`
+
+	`{:ok, assign(socket, admin_user: admin_user, form: form, trigger_submit: false),`
+	`temporary_assigns: [form: nil]}`
+	`else`
+	`{:ok,`
+	`socket`
+	`\|> put_flash(:error, "Magic link is invalid or it has expired.")`
+	`\|> push_navigate(to: ~p"/admin/log-in")}`
+	`end`
+	`end`
+
+	`def handle_event("submit", %{"admin_user" => params}, socket) do`
+	`{:noreply, assign(socket, form: to_form(params, as: "admin_user"), trigger_submit: true)}`
+	`end`
+	`end`

Admin users index

Same table pattern as the users index, listing admin users with sortable columns and search.

lib/my_app_admin_web/live/admin_user_live/index.ex Reveal

	`-0,0 +1,78 @@`
+	`defmodule MyAppAdminWeb.AdminUserLive.Index do`
+	`use MyAppAdminWeb, :live_view`
+
+	`alias MyAppAdmin.Query`
+
+	`def render(assigns) do`
+	`~H"""`
+	`<Layouts.admin_ui flash={@flash} current_scope={@current_scope} page_selected={:admin_users}>`
+	`<.header>`
+	`Admin Users`
+	`<:subtitle>{@meta.total_count} total</:subtitle>`
+	`<:actions>`
+	`<form phx-change="search" class="relative">`
+	`<.icon`
+	`name="hero-magnifying-glass-micro"`
+	`class="absolute left-3 top-1/2 -translate-y-1/2 h-4 w-4 text-base-content/50"`
+	`/>`
+	`<input`
+	`type="search"`
+	`name="email"`
+	`value={Filter.get_value(@meta.flop.filters, :email)}`
+	`placeholder="Search by email..."`
+	`phx-debounce="300"`
+	`class="input input-bordered input-sm pl-9 w-64"`
+	`/>`
+	`</form>`
+	`</:actions>`
+	`</.header>`
+
+	`<.data_table`
+	`items={@admin_users}`
+	`meta={@meta}`
+	`path={~p"/admin/admin-users"}`
+	`id="admin-users"`
+	`row_click={fn admin_user -> JS.navigate(~p"/admin/admin-users/#{admin_user}") end}`
+	`>`
+	`<:col :let={admin_user} label="Email" field={:email}>`
+	`<.copy_button value={admin_user.email} />`
+	`</:col>`
+	`<:col :let={admin_user} label="Joined" field={:inserted_at}>`
+	`{format_date(admin_user.inserted_at)}`
+	`</:col>`
+	`<:action :let={admin_user}>`
+	`<.link navigate={~p"/admin/admin-users/#{admin_user}"}>Show</.link>`
+	`</:action>`
+	`</.data_table>`
+
+	`<.pagination meta={@meta} path={~p"/admin/admin-users"} />`
+	`</Layouts.admin_ui>`
+	`"""`
+	`end`
+
+	`def mount(_params, _session, socket) do`
+	`{:ok, socket}`
+	`end`
+
+	`def handle_params(params, _uri, socket) do`
+	`case Query.AdminUsers.list(params) do`
+	`{:ok, {admin_users, meta}} ->`
+	`{:noreply, assign(socket, admin_users: admin_users, meta: meta)}`
+
+	`{:error, meta} ->`
+	`{:noreply, assign(socket, admin_users: [], meta: meta)}`
+	`end`
+	`end`
+
+	`def handle_event("search", %{"email" => email}, socket) do`
+	`flop =`
+	`if email == "" do`
+	`%Flop{}`
+	`else`
+	`%Flop{filters: [%Flop.Filter{field: :email, op: :ilike_and, value: email}]}`
+	`end`
+
+	`path = Flop.Phoenix.build_path(~p"/admin/admin-users", flop)`
+	`{:noreply, push_patch(socket, to: path)}`
+	`end`
+	`end`

Login LiveView

The admin login page with a single email input. Shows a helpful notice when running with the local mail adapter. The submit_magic handler checks the allowlist, auto-provisions the admin user if needed, and sends the magic link.

lib/my_app_admin_web/live/admin_user_live/login.ex

	`-0,0 +1,73 @@`
+	`defmodule MyAppAdminWeb.AdminUserLive.Login do`
+	`use MyAppAdminWeb, :live_view`
+
+	`alias MyAppAdmin.Accounts`
+
+	`def render(assigns) do`
+	`~H"""`
+	`<Layouts.app flash={@flash} current_scope={@current_scope}>`
+	`<div class="mx-auto max-w-sm space-y-4">`
+	`<div class="text-center">`
+	`<.header>`
+	`Admin Login`
+	`<:subtitle>Enter your email to receive a login link.</:subtitle>`
+	`</.header>`
+	`</div>`
+
+	`<div :if={local_mail_adapter?()} class="alert alert-info">`
+	`<.icon name="hero-information-circle" class="size-6 shrink-0" />`
+	`<div>`
+	`<p>You are running the local mail adapter.</p>`
+	`<p>`
+	`To see sent emails, visit <.link href="/dev/mailbox" class="underline">the mailbox page</.link>.`
+	`</p>`
+	`</div>`
+	`</div>`
+
+	`<.form`
+	`:let={f}`
+	`for={@form}`
+	`id="login_form_magic"`
+	`phx-submit="submit_magic"`
+	`>`
+	`<.input`
+	`field={f[:email]}`
+	`type="email"`
+	`label="Email"`
+	`autocomplete="email"`
+	`required`
+	`phx-mounted={JS.focus()}`
+	`/>`
+	`<.button class="btn btn-primary w-full">`
+	`Log in with email <span aria-hidden="true">→</span>`
+	`</.button>`
+	`</.form>`
+	`</div>`
+	`</Layouts.app>`
+	`"""`
+	`end`
+
+	`def mount(_params, _session, socket) do`
+	`email = Phoenix.Flash.get(socket.assigns.flash, :email)`
+	`form = to_form(%{"email" => email}, as: "admin_user")`
+	`{:ok, assign(socket, form: form)}`
+	`end`
+
+	`def handle_event("submit_magic", %{"admin_user" => %{"email" => email}}, socket) do`
+	`if Accounts.email_allowed?(email) do`
+	`admin_user = Accounts.get_or_create_admin_user_by_email!(email)`
+	`Accounts.deliver_login_instructions(admin_user, &url(~p"/admin/log-in/#{&1}"))`
+	`end`
+
+	`info = "If your email is authorized, you will receive a login link shortly."`
+
+	`{:noreply,`
+	`socket`
+	`\|> put_flash(:info, info)`
+	`\|> push_navigate(to: ~p"/admin/log-in")}`
+	`end`
+
+	`defp local_mail_adapter? do`
+	`Application.get_env(:my_app, MyApp.Mailer)[:adapter] == Swoosh.Adapters.Local`
+	`end`
+	`end`

Admin users show

Displays admin user details with copyable ID and email.

lib/my_app_admin_web/live/admin_user_live/show.ex Reveal

	`-0,0 +1,31 @@`
+	`defmodule MyAppAdminWeb.AdminUserLive.Show do`
+	`use MyAppAdminWeb, :live_view`
+
+	`alias MyAppAdmin.Query`
+
+	`def render(assigns) do`
+	`~H"""`
+	`<Layouts.admin_ui flash={@flash} current_scope={@current_scope} page_selected={:admin_users}>`
+	`<.header>`
+	`Admin User`
+	`<:subtitle>{@admin_user.email}</:subtitle>`
+	`<:actions>`
+	`<.link navigate={~p"/admin/admin-users"}>`
+	`<.button>Back</.button>`
+	`</.link>`
+	`</:actions>`
+	`</.header>`
+
+	`<.list>`
+	`<:item title="ID"><.copy_button value={@admin_user.id} /></:item>`
+	`<:item title="Email"><.copy_button value={@admin_user.email} /></:item>`
+	`<:item title="Joined">{format_datetime(@admin_user.inserted_at)}</:item>`
+	`</.list>`
+	`</Layouts.admin_ui>`
+	`"""`
+	`end`
+
+	`def mount(%{"id" => id}, _session, socket) do`
+	`{:ok, assign(socket, admin_user: Query.AdminUsers.get!(id))}`
+	`end`
+	`end`

Dashboard

A minimal dashboard page that serves as the admin landing page at /admin .

lib/my_app_admin_web/live/dashboard_live.ex Reveal

	`-0,0 +1,18 @@`
+	`defmodule MyAppAdminWeb.DashboardLive do`
+	`use MyAppAdminWeb, :live_view`
+
+	`def render(assigns) do`
+	`~H"""`
+	`<Layouts.admin_ui flash={@flash} current_scope={@current_scope} page_selected={:dashboard}>`
+	`<.header>`
+	`Dashboard`
+	`<:subtitle>Welcome to the admin area.</:subtitle>`
+	`</.header>`
+	`</Layouts.admin_ui>`
+	`"""`
+	`end`
+
+	`def mount(_params, _session, socket) do`
+	`{:ok, socket}`
+	`end`
+	`end`

Users index

Lists all app users with sortable columns, email search, and pagination. Uses <.data_table> and <.pagination> components. Email addresses have copy buttons. Rows are clickable to navigate to the show page.

The search handler builds a Flop filter with :ilike_and for partial email matching and pushes a URL patch, keeping search state in the URL.

lib/my_app_admin_web/live/user_live/index.ex Reveal

	`-0,0 +1,81 @@`
+	`defmodule MyAppAdminWeb.UserLive.Index do`
+	`use MyAppAdminWeb, :live_view`
+
+	`alias MyAppAdmin.Query`
+
+	`def render(assigns) do`
+	`~H"""`
+	`<Layouts.admin_ui flash={@flash} current_scope={@current_scope} page_selected={:users}>`
+	`<.header>`
+	`Users`
+	`<:subtitle>{@meta.total_count} total</:subtitle>`
+	`<:actions>`
+	`<form phx-change="search" class="relative">`
+	`<.icon`
+	`name="hero-magnifying-glass-micro"`
+	`class="absolute left-3 top-1/2 -translate-y-1/2 h-4 w-4 text-base-content/50"`
+	`/>`
+	`<input`
+	`type="search"`
+	`name="email"`
+	`value={Filter.get_value(@meta.flop.filters, :email)}`
+	`placeholder="Search by email..."`
+	`phx-debounce="300"`
+	`class="input input-bordered input-sm pl-9 w-64"`
+	`/>`
+	`</form>`
+	`</:actions>`
+	`</.header>`
+
+	`<.data_table`
+	`items={@users}`
+	`meta={@meta}`
+	`path={~p"/admin/users"}`
+	`id="users"`
+	`row_click={fn user -> JS.navigate(~p"/admin/users/#{user}") end}`
+	`>`
+	`<:col :let={user} label="Email" field={:email}>`
+	`<.copy_button value={user.email} />`
+	`</:col>`
+	`<:col :let={user} label="Confirmed">`
+	`{format_boolean(not is_nil(user.confirmed_at))}`
+	`</:col>`
+	`<:col :let={user} label="Joined" field={:inserted_at}>`
+	`{format_date(user.inserted_at)}`
+	`</:col>`
+	`<:action :let={user}>`
+	`<.link navigate={~p"/admin/users/#{user}"}>Show</.link>`
+	`</:action>`
+	`</.data_table>`
+
+	`<.pagination meta={@meta} path={~p"/admin/users"} />`
+	`</Layouts.admin_ui>`
+	`"""`
+	`end`
+
+	`def mount(_params, _session, socket) do`
+	`{:ok, socket}`
+	`end`
+
+	`def handle_params(params, _uri, socket) do`
+	`case Query.Users.list(params) do`
+	`{:ok, {users, meta}} ->`
+	`{:noreply, assign(socket, users: users, meta: meta)}`
+
+	`{:error, meta} ->`
+	`{:noreply, assign(socket, users: [], meta: meta)}`
+	`end`
+	`end`
+
+	`def handle_event("search", %{"email" => email}, socket) do`
+	`flop =`
+	`if email == "" do`
+	`%Flop{}`
+	`else`
+	`%Flop{filters: [%Flop.Filter{field: :email, op: :ilike_and, value: email}]}`
+	`end`
+
+	`path = Flop.Phoenix.build_path(~p"/admin/users", flop)`
+	`{:noreply, push_patch(socket, to: path)}`
+	`end`
+	`end`

Users show

Displays user details with copyable ID and email fields. Includes an "Impersonate" button that lets admins log in as any user.

lib/my_app_admin_web/live/user_live/show.ex Reveal

	`-0,0 +1,39 @@`
+	`defmodule MyAppAdminWeb.UserLive.Show do`
+	`use MyAppAdminWeb, :live_view`
+
+	`alias MyAppAdmin.Query`
+
+	`def render(assigns) do`
+	`~H"""`
+	`<Layouts.admin_ui flash={@flash} current_scope={@current_scope} page_selected={:users}>`
+	`<.header>`
+	`User`
+	`<:subtitle>{@user.email}</:subtitle>`
+	`<:actions>`
+	`<.link`
+	`href={~p"/admin/impersonate/#{@user}"}`
+	`method="post"`
+	`data-confirm="Are you sure you want to impersonate this user?"`
+	`>`
+	`<.button>Impersonate</.button>`
+	`</.link>`
+	`<.link navigate={~p"/admin/users"}>`
+	`<.button>Back</.button>`
+	`</.link>`
+	`</:actions>`
+	`</.header>`
+
+	`<.list>`
+	`<:item title="ID"><.copy_button value={@user.id} /></:item>`
+	`<:item title="Email"><.copy_button value={@user.email} /></:item>`
+	`<:item title="Confirmed">{format_datetime(@user.confirmed_at)}</:item>`
+	`<:item title="Joined">{format_datetime(@user.inserted_at)}</:item>`
+	`</.list>`
+	`</Layouts.admin_ui>`
+	`"""`
+	`end`
+
+	`def mount(%{"id" => id}, _session, socket) do`
+	`{:ok, assign(socket, user: Query.Users.get!(id))}`
+	`end`
+	`end`

App layouts

Aliases Scope for use in the impersonation banner template.

lib/my_app_web/components/layouts.ex Reveal

	`-5,6 +5,8 @@ defmodule MyAppWeb.Layouts do`
	`"""`
	`use MyAppWeb, :html`

+	`alias MyApp.Accounts.Scope`
+
	`# Embed all files in layouts/* within this module.`
	`# The default root.html.heex file contains the HTML`
	`# skeleton of your application, namely HTML headers`

Impersonation banner

When a session is impersonated, a warning banner appears at the top of every page showing which user is being impersonated and which admin is doing it, with a "Stop impersonating" button.

lib/my_app_web/components/layouts/root.html.heex Reveal

	`-31,6 +31,17 @@`
	`</script>`
	`</head>`
	`<body>`
+	`<%= if @current_scope && Scope.impersonating?(@current_scope) do %>`
+	`<div class="alert alert-warning rounded-none flex justify-between">`
+	`<span>`
+	`Impersonating <strong>{@current_scope.user.email}</strong>`
+	`as admin <strong>{@current_scope.impersonated_by.email}</strong>`
+	`</span>`
+	`<.link href={~p"/admin/impersonate"} method="delete" class="btn btn-sm btn-outline">`
+	`Stop impersonating`
+	`</.link>`
+	`</div>`
+	`<% end %>`
	`<ul class="menu menu-horizontal w-full relative z-10 flex items-center gap-4 px-4 sm:px-6 lg:px-8 justify-end">`
	`<%= if @current_scope do %>`
	`<li>`

Router

Admin routes are mounted under /admin with their own pipeline ( admin_browser ) that uses the admin root layout and auth plug. Two live sessions separate authenticated and unauthenticated admin pages. Impersonation routes use POST/DELETE for create/destroy.

lib/my_app_web/router.ex Reveal

	`-2,6 +2,7 @@ defmodule MyAppWeb.Router do`
	`use MyAppWeb, :router`

	`import MyAppWeb.UserAuth`
+	`import MyAppAdminWeb.AdminUserAuth`

	`pipeline :browser do`
	`plug :accepts, ["html"]`
	`-17,6 +18,16 @@ defmodule MyAppWeb.Router do`
	`plug :accepts, ["json"]`
	`end`

+	`pipeline :admin_browser do`
+	`plug :accepts, ["html"]`
+	`plug :fetch_session`
+	`plug :fetch_live_flash`
+	`plug :put_root_layout, html: {MyAppAdminWeb.Layouts, :root}`
+	`plug :protect_from_forgery`
+	`plug :put_secure_browser_headers`
+	`plug :fetch_current_scope_for_admin_user`
+	`end`
+
	`scope "/", MyAppWeb do`
	`pipe_through :browser`

	`-72,4 +83,39 @@ defmodule MyAppWeb.Router do`
	`post "/users/log-in", UserSessionController, :create`
	`delete "/users/log-out", UserSessionController, :delete`
	`end`
+
+	`## Admin routes`
+
+	`scope "/admin", MyAppAdminWeb do`
+	`pipe_through [:admin_browser]`
+
+	`live_session :admin_unauthenticated,`
+	`on_mount: [{MyAppAdminWeb.AdminUserAuth, :redirect_if_authenticated}],`
+	`root_layout: {MyAppAdminWeb.Layouts, :root} do`
+	`live "/log-in", AdminUserLive.Login, :new`
+	`live "/log-in/:token", AdminUserLive.Confirmation, :confirm`
+	`end`
+
+	`post "/log-in", AdminUserSessionController, :create`
+	`delete "/log-out", AdminUserSessionController, :delete`
+	`end`
+
+	`scope "/admin", MyAppAdminWeb do`
+	`pipe_through [:admin_browser, :require_authenticated_admin_user]`
+
+	`live_session :admin_authenticated,`
+	`on_mount: [{MyAppAdminWeb.AdminUserAuth, :require_authenticated}],`
+	`root_layout: {MyAppAdminWeb.Layouts, :root} do`
+	`live "/", DashboardLive`
+
+	`live "/users", UserLive.Index`
+	`live "/users/:id", UserLive.Show`
+
+	`live "/admin-users", AdminUserLive.Index`
+	`live "/admin-users/:id", AdminUserLive.Show`
+	`end`
+
+	`post "/impersonate/:user_id", ImpersonationController, :create`
+	`delete "/impersonate", ImpersonationController, :delete`
+	`end`
	`end`

User auth changes

fetch_current_scope_for_user and mount_current_scope now check for an impersonating_admin_token in the session and load the admin user into the scope's impersonated_by field.

renew_session preserves both admin_user_token and impersonating_admin_token across session renewals, so impersonation survives session token rotation.

require_sudo_mode is bypassed for impersonated sessions, since the admin has already authenticated.

lib/my_app_web/user_auth.ex Reveal

	`-67,8 +67,10 @@ defmodule MyAppWeb.UserAuth do`
	`def fetch_current_scope_for_user(conn, _opts) do`
	`with {token, conn} <- ensure_user_token(conn),`
	`{user, token_inserted_at} <- Accounts.get_user_by_session_token(token) do`
+	`impersonated_by = get_impersonating_admin(conn)`
+
	`conn`
-	`\|> assign(:current_scope, Scope.for_user(user))`
+	`\|> assign(:current_scope, Scope.for_user(user, impersonated_by: impersonated_by))`
	`\|> maybe_reissue_user_session_token(user, token_inserted_at)`
	`else`
	`nil -> assign(conn, :current_scope, Scope.for_user(nil))`
	`-142,10 +144,20 @@ defmodule MyAppWeb.UserAuth do`
	`#`
	`defp renew_session(conn, _user) do`
	`delete_csrf_token()`
+	`admin_user_token = get_session(conn, :admin_user_token)`
+	`impersonating_admin_token = get_session(conn, :impersonating_admin_token)`

	`conn`
	`\|> configure_session(renew: true)`
	`\|> clear_session()`
+	`\|> then(fn conn ->`
+	`if admin_user_token, do: put_session(conn, :admin_user_token, admin_user_token), else: conn`
+	`end)`
+	`\|> then(fn conn ->`
+	`if impersonating_admin_token,`
+	`do: put_session(conn, :impersonating_admin_token, impersonating_admin_token),`
+	`else: conn`
+	`end)`
	`end`

	`defp maybe_write_remember_me_cookie(conn, token, %{"remember_me" => "true"}, _),`
	`-232,8 +244,9 @@ defmodule MyAppWeb.UserAuth do`

	`def on_mount(:require_sudo_mode, _params, session, socket) do`
	`socket = mount_current_scope(socket, session)`
+	`scope = socket.assigns.current_scope`

-	`if Accounts.sudo_mode?(socket.assigns.current_scope.user, -10) do`
+	`if Scope.impersonating?(scope) or Accounts.sudo_mode?(scope.user, -10) do`
	`{:cont, socket}`
	`else`
	`socket =`
	`-252,7 +265,12 @@ defmodule MyAppWeb.UserAuth do`
	`Accounts.get_user_by_session_token(user_token)`
	`end \|\| {nil, nil}`

-	`Scope.for_user(user)`
+	`impersonated_by =`
+	`if admin_token = session["impersonating_admin_token"] do`
+	`MyAppAdmin.Accounts.get_admin_user_by_session_token(admin_token)`
+	`end`
+
+	`Scope.for_user(user, impersonated_by: impersonated_by)`
	`end)`
	`end`

	`-284,4 +302,10 @@ defmodule MyAppWeb.UserAuth do`
	`end`

	`defp maybe_store_return_to(conn), do: conn`
+
+	`defp get_impersonating_admin(conn) do`
+	`if admin_token = get_session(conn, :impersonating_admin_token) do`
+	`MyAppAdmin.Accounts.get_admin_user_by_session_token(admin_token)`
+	`end`
+	`end`
	`end`

Migration

Creates admin_users and admin_users_tokens tables. Admin users only have an email field since authentication is passwordless. The tokens table handles both session tokens and magic link tokens.

priv/repo/migrations/20260115171925_create_admin_users_auth_tables.exs Reveal

	`-0,0 +1,30 @@`
+	`defmodule MyApp.Repo.Migrations.CreateAdminUsersAuthTables do`
+	`use Ecto.Migration`
+
+	`def change do`
+	`create table(:admin_users, primary_key: false) do`
+	`add :id, :binary_id, primary_key: true`
+	`add :email, :citext, null: false`
+
+	`timestamps(type: :utc_datetime)`
+	`end`
+
+	`create unique_index(:admin_users, [:email])`
+
+	`create table(:admin_users_tokens, primary_key: false) do`
+	`add :id, :binary_id, primary_key: true`
+
+	`add :admin_user_id, references(:admin_users, type: :binary_id, on_delete: :delete_all),`
+	`null: false`
+
+	`add :token, :binary, null: false`
+	`add :context, :string, null: false`
+	`add :sent_to, :string`
+
+	`timestamps(type: :utc_datetime, updated_at: false)`
+	`end`
+
+	`create index(:admin_users_tokens, [:admin_user_id])`
+	`create unique_index(:admin_users_tokens, [:context, :token])`
+	`end`
+	`end`

Install with Claude Code

Write instructions to implement this feature to your project directory in a LLM-friendly format, then have Claude take care of the rest! Requires Claude Code to be installed.

curl "https://elixir-saas.com/llms/p/admin.md?v=1.8.3&f=impl" > admin.md;

claude "Implement the feature that is documented in: admin.md." --allowedTools "Write Edit Bash(mix:*) Bash(mkdir:*)";