feat: enhance authentication and settings UI

src/handlers/admin.ts

@@ -163,6 +163,26 @@ export async function handleAdminRevokeInvite(
   return new Response(null, { status: 204 });
 }
 
+// DELETE /api/admin/invites
+export async function handleAdminDeleteAllInvites(
+  request: Request,
+  env: Env,
+  actorUser: User
+): Promise<Response> {
+  void request;
+  if (!isAdmin(actorUser)) {
+    return errorResponse('Forbidden', 403);
+  }
+
+  const storage = new StorageService(env.DB);
+  const deleted = await storage.deleteAllInvites();
+  await writeAuditLog(storage, actorUser.id, 'admin.invite.delete_all', 'invite', null, {
+    deleted,
+  });
+
+  return jsonResponse({ deleted }, 200);
+}
+
 // PUT /api/admin/users/:id/status
 export async function handleAdminSetUserStatus(
   request: Request,

src/router.ts

@@ -66,6 +66,7 @@ import {
   handleAdminListUsers,
   handleAdminCreateInvite,
   handleAdminListInvites,
+  handleAdminDeleteAllInvites,
   handleAdminRevokeInvite,
   handleAdminSetUserStatus,
   handleAdminDeleteUser,
@@ -591,6 +592,7 @@ export async function handleRequest(request: Request, env: Env): Promise<Respons
     if (path === '/api/admin/invites') {
       if (method === 'GET') return handleAdminListInvites(request, env, currentUser);
       if (method === 'POST') return handleAdminCreateInvite(request, env, currentUser);
+      if (method === 'DELETE') return handleAdminDeleteAllInvites(request, env, currentUser);
     }
 
     const adminInviteMatch = path.match(/^\/api\/admin\/invites\/([^/]+)$/i);

src/services/storage.ts

@@ -392,6 +392,11 @@ export class StorageService {
     return (result.meta.changes ?? 0) > 0;
   }
 
+  async deleteAllInvites(): Promise<number> {
+    const result = await this.db.prepare('DELETE FROM invites').run();
+    return Number(result.meta.changes ?? 0);
+  }
+
   async createAuditLog(log: AuditLog): Promise<void> {
     await this.db
       .prepare(