FEATURES

SUPER ADMIN PANEL

The Super Admin panel is a standalone, owner-only control interface that sits outside normal panel authentication. It provides elevated capabilities not available to regular admins.

🔒

Owner access only. The Super Admin panel bypasses all standard authentication. Access is gated solely by the SUPER_ADMIN_KEY secret. Keep this key private and rotate it immediately if compromised.

Accessing the panel

The Super Admin panel is accessible at a separate URL that is not linked from the main panel UI:

URL

https://panel.xwolf.space/admin/wxn-super/auth

You will see a minimal password prompt styled with the wolfXcore neon aesthetic. Enter your SUPER_ADMIN_KEY to gain access. A session is created and persists until you close the browser or the session expires.

Authentication flow

Visit /admin/wxn-super/auth.
Enter the secret key from your .env / config.
The panel checks wolfxcore.super_admin_key against your input.
On success, a session flag is set and you are redirected to the dashboard.
On failure, the error "Invalid key" is shown. All attempts are logged.

Technical implementation

Super Admin routes are registered directly in RouteServiceProvider, outside the AdminAuthenticate middleware group. This means:

No panel admin login is required — you don't need an account in the panel.
The routes are accessible even if the panel admin area is locked down.
Access is session-based — the session cookie grants access until expiry.

File	Purpose
`app/Http/Controllers/Admin/SuperAdminController.php`	Controller for all Super Admin pages & actions
`app/Http/Middleware/SuperAdminMiddleware.php`	Checks the session flag for authenticated access
`app/Providers/RouteServiceProvider.php`	Route registration (outside AdminAuthenticate)
`resources/views/admin/super/`	All Super Admin Blade views

Super Admin features

Toggle admins

Promote or demote panel users to admin status without going through the regular admin user editor. Useful for emergency access restoration.

Branding & theme customisation

Change panel-wide branding values — logo, colour overrides, brand name — stored in the DB settings table and applied at render time.

Notifications

Broadcast a banner notification to all logged-in users. Useful for announcing upcoming maintenance or service changes.

Payment settings

Set or rotate Paystack live API keys (paystack::secret_key, paystack::public_key) and the active currency without touching .env or redeploying. See the Billing page for details.

Maintenance mode

Toggle site-wide maintenance mode on or off. When enabled, all non-admin visitors see the neon 503 page. Root admins are automatically bypassed. See the Maintenance Mode page for full details.

Setting the secret key

The key is read from the wolfxcore.super_admin_key config value, which pulls from the SUPER_ADMIN_KEY environment variable.

.env

SUPER_ADMIN_KEY=replace_this_with_a_long_random_secret

Generate a strong random key from the command line:

bash

openssl rand -hex 32

After changing the key in .env, clear the config cache:

bash

php artisan config:cache

⚠️

All access attempts are logged. Both successful and failed authentication attempts are written to the Laravel log. Monitor storage/logs/laravel.log for unusual activity.

Ending a Super Admin session

To end your session, navigate to /admin/wxn-super/logout or simply close the browser. Sessions expire after the standard Laravel session lifetime (default: 120 minutes, configurable in config/session.php).

← Billing & M-Pesa Plans →