From 090b38ab3bfeba7b4d75807178c80a455daa11fa Mon Sep 17 00:00:00 2001
From: Madhavi1108 <madhavi09307@gmail.com>
Date: Sun, 21 Jun 2026 16:38:17 +0530
Subject: [PATCH 1/5] Implement admin dashboard with user management and
 analytics

---
 backend/controllers/admin.controller.js    |  79 +++++++++
 backend/routes/adminRoutes.js              |  15 ++
 backend/scripts/admin_dashboard_schema.sql |  19 +++
 backend/server.js                          |   3 +-
 backend/services/admin.service.js          | 168 +++++++++++++++++++
 frontend/admin.html                        |  81 +++++++--
 frontend/scripts/admin.js                  | 185 ++++++++++++++++++++-
 7 files changed, 534 insertions(+), 16 deletions(-)
 create mode 100644 backend/controllers/admin.controller.js
 create mode 100644 backend/routes/adminRoutes.js
 create mode 100644 backend/scripts/admin_dashboard_schema.sql
 create mode 100644 backend/services/admin.service.js

diff --git a/backend/controllers/admin.controller.js b/backend/controllers/admin.controller.js
new file mode 100644
index 0000000..3df001b
--- /dev/null
+++ b/backend/controllers/admin.controller.js
@@ -0,0 +1,79 @@
+const adminService = require("../services/admin.service");
+const { safeArray, safeNumber, sanitizeString, getPagination, buildPaginationMeta } = require("../utils/helpers");
+
+const getDashboardStats = async (req, res) => {
+    try {
+        const data = await adminService.getDashboardStats();
+        return res.status(200).json({ success: true, data });
+    } catch (error) {
+        console.error("ADMIN DASHBOARD ERROR:", error);
+        return res.status(500).json({ success: false, message: "Server error" });
+    }
+};
+
+const getUsers = async (req, res) => {
+    try {
+        const { page, limit } = getPagination(req.query.page, req.query.limit, 50);
+        const filters = {
+            search: sanitizeString(req.query.search),
+            status: sanitizeString(req.query.status),
+            role: sanitizeString(req.query.role)
+        };
+
+        const result = await adminService.getUsers(filters, page, limit);
+        
+        return res.status(200).json({
+            success: true,
+            users: result.users,
+            ...buildPaginationMeta(result.total, page, limit)
+        });
+    } catch (error) {
+        console.error("ADMIN GET USERS ERROR:", error);
+        return res.status(500).json({ success: false, message: "Server error" });
+    }
+};
+
+const updateUserStatus = async (req, res) => {
+    try {
+        const targetId = safeNumber(req.params.id);
+        const status = sanitizeString(req.body.status); // 'active' or 'blocked'
+        
+        if (!targetId || !['active', 'blocked'].includes(status)) {
+            return res.status(400).json({ success: false, message: "Invalid payload" });
+        }
+
+        if (targetId === req.user.id) {
+            return res.status(400).json({ success: false, message: "Cannot modify own status" });
+        }
+
+        await adminService.updateUserStatus(req.user.id, targetId, status, req.ip, req.headers['user-agent']);
+        return res.status(200).json({ success: true, message: `User ${status === 'active' ? 'unblocked' : 'blocked'} successfully` });
+    } catch (error) {
+        console.error("ADMIN UPDATE USER ERROR:", error);
+        return res.status(500).json({ success: false, message: "Server error" });
+    }
+};
+
+const bulkUpdateUserStatus = async (req, res) => {
+    try {
+        const targetIds = safeArray(req.body.userIds).map(id => safeNumber(id)).filter(id => id > 0 && id !== req.user.id);
+        const status = sanitizeString(req.body.status); // 'active' or 'blocked'
+        
+        if (!targetIds.length || !['active', 'blocked'].includes(status)) {
+            return res.status(400).json({ success: false, message: "Invalid payload or users" });
+        }
+
+        await adminService.bulkUpdateUserStatus(req.user.id, targetIds, status, req.ip, req.headers['user-agent']);
+        return res.status(200).json({ success: true, message: `Users ${status === 'active' ? 'unblocked' : 'blocked'} successfully` });
+    } catch (error) {
+        console.error("ADMIN BULK UPDATE ERROR:", error);
+        return res.status(500).json({ success: false, message: "Server error" });
+    }
+};
+
+module.exports = {
+    getDashboardStats,
+    getUsers,
+    updateUserStatus,
+    bulkUpdateUserStatus
+};
diff --git a/backend/routes/adminRoutes.js b/backend/routes/adminRoutes.js
new file mode 100644
index 0000000..35f54a9
--- /dev/null
+++ b/backend/routes/adminRoutes.js
@@ -0,0 +1,15 @@
+const express = require("express");
+const router = express.Router();
+const { getDashboardStats, getUsers, updateUserStatus, bulkUpdateUserStatus } = require("../controllers/admin.controller");
+const { authMiddleware, authorizeRoles } = require("../middleware/authMiddleware");
+
+// All admin routes are protected and require 'admin' role
+router.use(authMiddleware);
+router.use(authorizeRoles("admin"));
+
+router.get("/dashboard", getDashboardStats);
+router.get("/users", getUsers);
+router.patch("/users/:id/status", updateUserStatus);
+router.post("/users/bulk-status", bulkUpdateUserStatus);
+
+module.exports = router;
diff --git a/backend/scripts/admin_dashboard_schema.sql b/backend/scripts/admin_dashboard_schema.sql
new file mode 100644
index 0000000..4e53abb
--- /dev/null
+++ b/backend/scripts/admin_dashboard_schema.sql
@@ -0,0 +1,19 @@
+-- backend/scripts/admin_dashboard_schema.sql
+
+CREATE TABLE IF NOT EXISTS user_audit_logs (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    admin_id INT NOT NULL,
+    target_user_id INT,
+    action VARCHAR(100) NOT NULL,
+    metadata JSON,
+    ip_address VARCHAR(45),
+    user_agent VARCHAR(255),
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (admin_id) REFERENCES users(id) ON DELETE CASCADE,
+    FOREIGN KEY (target_user_id) REFERENCES users(id) ON DELETE SET NULL
+);
+
+-- Index for fast queries
+CREATE INDEX idx_audit_admin ON user_audit_logs(admin_id);
+CREATE INDEX idx_audit_action ON user_audit_logs(action);
+CREATE INDEX idx_audit_created ON user_audit_logs(created_at);
diff --git a/backend/server.js b/backend/server.js
index 8a70038..e57e59a 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -44,6 +44,7 @@ const authRoutes = require("./routes/authRoutes");
 const orderRoutes = require("./routes/orderRoutes");
 
 const promoRoutes = require("./routes/promoRoutes");
+const adminRoutes = require("./routes/adminRoutes");
 
 const wishlistRoutes =
     require(
@@ -256,8 +257,8 @@ app.use("/api/products", productRoutes);
 app.use("/api/auth", authRoutes);
 
 app.use("/api/orders", orderRoutes);
-
 app.use("/api/promos", promoRoutes);
+app.use("/api/admin", adminRoutes);
 
 app.use(
     "/api/wishlist",
diff --git a/backend/services/admin.service.js b/backend/services/admin.service.js
new file mode 100644
index 0000000..42da7bf
--- /dev/null
+++ b/backend/services/admin.service.js
@@ -0,0 +1,168 @@
+const db = require("../config/db");
+const { safeArray, safeNumber, sanitizeString } = require("../utils/helpers");
+
+const logAudit = async (connection, adminId, targetUserId, action, metadata, ip, userAgent) => {
+    const query = `
+        INSERT INTO user_audit_logs (admin_id, target_user_id, action, metadata, ip_address, user_agent)
+        VALUES (?, ?, ?, ?, ?, ?)
+    `;
+    await connection.query(query, [adminId, targetUserId, action, JSON.stringify(metadata || {}), ip, userAgent]);
+};
+
+const getDashboardStats = async () => {
+    // Collect basic statistics
+    const [userStats] = await db.query(`
+        SELECT 
+            COUNT(*) as totalUsers,
+            SUM(CASE WHEN is_active = 1 THEN 1 ELSE 0 END) as activeUsers,
+            SUM(CASE WHEN is_active = 0 THEN 1 ELSE 0 END) as blockedUsers,
+            SUM(CASE WHEN MONTH(created_at) = MONTH(CURRENT_DATE()) AND YEAR(created_at) = YEAR(CURRENT_DATE()) THEN 1 ELSE 0 END) as newUsersThisMonth
+        FROM users
+    `);
+
+    const [orderStats] = await db.query(`
+        SELECT 
+            COUNT(*) as totalOrders,
+            SUM(CASE WHEN status = 'delivered' THEN 1 ELSE 0 END) as completedOrders,
+            SUM(CASE WHEN status = 'pending' OR status = 'processing' THEN 1 ELSE 0 END) as pendingOrders,
+            SUM(CASE WHEN status = 'cancelled' THEN 1 ELSE 0 END) as cancelledOrders,
+            SUM(final_amount) as totalRevenue,
+            SUM(CASE WHEN MONTH(created_at) = MONTH(CURRENT_DATE()) AND YEAR(created_at) = YEAR(CURRENT_DATE()) THEN final_amount ELSE 0 END) as revenueThisMonth
+        FROM orders
+    `);
+
+    const [productStats] = await db.query(`SELECT COUNT(*) as totalProducts FROM products`);
+
+    // Analytics: Revenue over the last 30 days (simplified)
+    const [revenueAnalytics] = await db.query(`
+        SELECT DATE(created_at) as date, SUM(final_amount) as revenue
+        FROM orders
+        WHERE created_at >= DATE_SUB(CURRENT_DATE(), INTERVAL 30 DAY)
+        GROUP BY DATE(created_at)
+        ORDER BY date ASC
+    `);
+
+    // Order status distribution
+    const [orderStatusDistribution] = await db.query(`
+        SELECT status, COUNT(*) as count
+        FROM orders
+        GROUP BY status
+    `);
+
+    return {
+        stats: {
+            ...userStats[0],
+            ...orderStats[0],
+            totalProducts: productStats[0].totalProducts,
+            averageOrderValue: orderStats[0].totalOrders ? (orderStats[0].totalRevenue / orderStats[0].totalOrders).toFixed(2) : 0
+        },
+        charts: {
+            revenue: safeArray(revenueAnalytics),
+            orderStatus: safeArray(orderStatusDistribution)
+        }
+    };
+};
+
+const getUsers = async (filters, page, limit) => {
+    const offset = (page - 1) * limit;
+    let query = `SELECT id, name, email, role, is_active, created_at, updated_at FROM users WHERE 1=1`;
+    const params = [];
+
+    if (filters.search) {
+        query += ` AND (name LIKE ? OR email LIKE ?)`;
+        params.push(`%${filters.search}%`, `%${filters.search}%`);
+    }
+    
+    if (filters.status) {
+        query += ` AND is_active = ?`;
+        params.push(filters.status === 'active' ? 1 : 0);
+    }
+
+    if (filters.role) {
+        query += ` AND role = ?`;
+        params.push(filters.role);
+    }
+
+    // Get total count
+    const countQuery = `SELECT COUNT(*) as total FROM (${query}) as t`;
+    const [countResult] = await db.query(countQuery, params);
+
+    // Apply pagination
+    query += ` ORDER BY created_at DESC LIMIT ? OFFSET ?`;
+    params.push(limit, offset);
+
+    const [users] = await db.query(query, params);
+
+    return {
+        users: safeArray(users),
+        total: countResult[0].total,
+        page,
+        limit
+    };
+};
+
+const updateUserStatus = async (adminId, targetId, status, ip, userAgent) => {
+    const connection = await db.getConnection();
+    try {
+        await connection.beginTransaction();
+        
+        await connection.query(`UPDATE users SET is_active = ? WHERE id = ?`, [status === 'active' ? 1 : 0, targetId]);
+        
+        await logAudit(
+            connection, 
+            adminId, 
+            targetId, 
+            status === 'active' ? 'USER_UNBLOCKED' : 'USER_BLOCKED', 
+            {}, 
+            ip, 
+            userAgent
+        );
+
+        await connection.commit();
+        return true;
+    } catch (e) {
+        await connection.rollback();
+        throw e;
+    } finally {
+        connection.release();
+    }
+};
+
+const bulkUpdateUserStatus = async (adminId, targetIds, status, ip, userAgent) => {
+    const connection = await db.getConnection();
+    try {
+        await connection.beginTransaction();
+        
+        if (safeArray(targetIds).length > 0) {
+            const placeholders = targetIds.map(() => '?').join(',');
+            await connection.query(`UPDATE users SET is_active = ? WHERE id IN (${placeholders})`, [status === 'active' ? 1 : 0, ...targetIds]);
+            
+            for (const id of targetIds) {
+                await logAudit(
+                    connection, 
+                    adminId, 
+                    id, 
+                    status === 'active' ? 'BULK_UNBLOCK' : 'BULK_BLOCK', 
+                    {}, 
+                    ip, 
+                    userAgent
+                );
+            }
+        }
+
+        await connection.commit();
+        return true;
+    } catch (e) {
+        await connection.rollback();
+        throw e;
+    } finally {
+        connection.release();
+    }
+};
+
+module.exports = {
+    getDashboardStats,
+    getUsers,
+    updateUserStatus,
+    bulkUpdateUserStatus
+};
diff --git a/frontend/admin.html b/frontend/admin.html
index 2490025..cb8cfee 100644
--- a/frontend/admin.html
+++ b/frontend/admin.html
@@ -82,12 +82,19 @@
     >
 
     <!-- Icons -->
-
-    <link
-        rel="stylesheet"
-        href="https://pro.fontawesome.com/releases/v5.10.0/css/all.css"
-    >
-
+    <link rel="stylesheet" href="https://pro.fontawesome.com/releases/v5.10.0/css/all.css">
+
+    <!-- Chart.js -->
+    <script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
+    <style>
+        .admin-charts { display: grid; grid-template-columns: 2fr 1fr; gap: 20px; margin-bottom: 30px; }
+        .chart-container { background: #fff; padding: 20px; border-radius: 8px; box-shadow: 0 2px 10px rgba(0,0,0,0.05); }
+        .user-filters { display: flex; gap: 10px; margin-bottom: 20px; flex-wrap: wrap; }
+        .user-filters input, .user-filters select { padding: 8px; border: 1px solid #ccc; border-radius: 4px; }
+        .badge { padding: 4px 8px; border-radius: 4px; font-size: 12px; font-weight: bold; }
+        .badge.active { background: #d4edda; color: #155724; }
+        .badge.blocked { background: #f8d7da; color: #721c24; }
+    </style>
 </head>
 
 <body>
@@ -112,7 +119,7 @@ <h2>
 
             <ul>
 
-                <li class="active-admin-tab">
+                <li class="admin-tab active-admin-tab" data-tab="dashboard">
 
                     <i class="fas fa-chart-line"></i>
 
@@ -120,7 +127,7 @@ <h2>
 
                 </li>
 
-                <li>
+                <li class="admin-tab" data-tab="products">
 
                     <i class="fas fa-box"></i>
 
@@ -128,7 +135,7 @@ <h2>
 
                 </li>
 
-                <li>
+                <li class="admin-tab" data-tab="orders">
 
                     <i class="fas fa-shopping-bag"></i>
 
@@ -136,7 +143,7 @@ <h2>
 
                 </li>
 
-                <li>
+                <li class="admin-tab" data-tab="users">
 
                     <i class="fas fa-users"></i>
 
@@ -144,7 +151,7 @@ <h2>
 
                 </li>
 
-                <li>
+                <li class="admin-tab" data-tab="settings">
 
                     <i class="fas fa-cog"></i>
 
@@ -230,9 +237,55 @@ <h3>
 
             </div>
 
+            <!-- Dashboard Charts -->
+            <div class="admin-charts admin-section" id="section-dashboard">
+                <div class="chart-container">
+                    <h3>Revenue Analytics (30 Days)</h3>
+                    <canvas id="revenueChart"></canvas>
+                </div>
+                <div class="chart-container">
+                    <h3>Order Status Distribution</h3>
+                    <canvas id="orderStatusChart"></canvas>
+                </div>
+            </div>
+
+            <!-- Users Management -->
+            <div class="admin-section" id="section-users" style="display: none;">
+                <h2>User Management</h2>
+                <div class="user-filters">
+                    <input type="text" id="user-search" placeholder="Search by name or email...">
+                    <select id="user-status-filter">
+                        <option value="">All Statuses</option>
+                        <option value="active">Active</option>
+                        <option value="blocked">Blocked</option>
+                    </select>
+                    <button id="user-bulk-block" class="normal" style="background: #dc3545; color: white;">Block Selected</button>
+                    <button id="user-bulk-unblock" class="normal" style="background: #28a745; color: white;">Unblock Selected</button>
+                </div>
+                <div style="overflow-x:auto;">
+                    <table>
+                        <thead>
+                            <tr>
+                                <th><input type="checkbox" id="user-select-all"></th>
+                                <th>Name</th>
+                                <th>Email</th>
+                                <th>Role</th>
+                                <th>Status</th>
+                                <th>Registered</th>
+                                <th>Actions</th>
+                            </tr>
+                        </thead>
+                        <tbody id="users-table-body">
+                            <!-- Users will be injected here -->
+                        </tbody>
+                    </table>
+                </div>
+                <div class="pagination" id="users-pagination" style="margin-top:20px; display:flex; justify-content:center; gap:5px;"></div>
+            </div>
+
             <!-- Product Form -->
 
-            <div class="admin-section">
+            <div class="admin-section" id="section-products-form" style="display: none;">
 
                 <h2>
 
@@ -357,7 +410,7 @@ <h2>
 
             <!-- Product Table -->
 
-            <div class="admin-section">
+            <div class="admin-section" id="section-products-list" style="display: none;">
 
                 <h2>
 
@@ -399,7 +452,7 @@ <h2>
 
             <!-- Orders -->
 
-            <div class="admin-section">
+            <div class="admin-section" id="section-orders" style="display: none;">
 
                 <h2>
 
diff --git a/frontend/scripts/admin.js b/frontend/scripts/admin.js
index 305c54a..e4f2f88 100644
--- a/frontend/scripts/admin.js
+++ b/frontend/scripts/admin.js
@@ -944,4 +944,187 @@ document.addEventListener(
 
         await loadInitialData();
     }
-);
\ No newline at end of file
+);
+
+// Tab Switching
+document.querySelectorAll('.admin-tab').forEach(tab => {
+    tab.addEventListener('click', () => {
+        document.querySelectorAll('.admin-tab').forEach(t => t.classList.remove('active-admin-tab'));
+        tab.classList.add('active-admin-tab');
+        
+        const target = tab.getAttribute('data-tab');
+        document.querySelectorAll('.admin-section').forEach(sec => sec.style.display = 'none');
+        document.querySelector('.admin-stats').style.display = 'none';
+        
+        if (target === 'dashboard') {
+            document.querySelector('.admin-stats').style.display = 'grid';
+            document.getElementById('section-dashboard').style.display = 'grid';
+            loadAdminDashboard();
+        } else if (target === 'users') {
+            document.getElementById('section-users').style.display = 'block';
+            loadAdminUsers(1);
+        } else if (target === 'products') {
+            document.getElementById('section-products-form').style.display = 'block';
+            document.getElementById('section-products-list').style.display = 'block';
+        } else if (target === 'orders') {
+            document.getElementById('section-orders').style.display = 'block';
+        }
+    });
+});
+
+let revenueChartInstance = null;
+let orderStatusChartInstance = null;
+
+window.loadAdminDashboard = async function() {
+    try {
+        const response = await AppUtils.apiRequest("/admin/dashboard");
+        if (!response.success) return;
+        
+        const data = response.data;
+        // Update stats
+        if (elements.totalOrders) elements.totalOrders.innerText = data.stats.totalOrders;
+        if (elements.totalRevenue) elements.totalRevenue.innerText = AppUtils.formatPrice(data.stats.totalRevenue);
+        if (elements.totalUsers) elements.totalUsers.innerText = data.stats.totalUsers;
+        if (elements.totalProducts) elements.totalProducts.innerText = data.stats.totalProducts;
+
+        // Render Charts
+        const revCtx = document.getElementById('revenueChart');
+        if (revCtx) {
+            if (revenueChartInstance) revenueChartInstance.destroy();
+            revenueChartInstance = new Chart(revCtx, {
+                type: 'line',
+                data: {
+                    labels: data.charts.revenue.map(r => r.date.split('T')[0]),
+                    datasets: [{
+                        label: 'Revenue (₹)',
+                        data: data.charts.revenue.map(r => r.revenue),
+                        borderColor: '#088178',
+                        tension: 0.1,
+                        fill: true,
+                        backgroundColor: 'rgba(8, 129, 120, 0.1)'
+                    }]
+                }
+            });
+        }
+
+        const statusCtx = document.getElementById('orderStatusChart');
+        if (statusCtx) {
+            if (orderStatusChartInstance) orderStatusChartInstance.destroy();
+            orderStatusChartInstance = new Chart(statusCtx, {
+                type: 'doughnut',
+                data: {
+                    labels: data.charts.orderStatus.map(s => s.status),
+                    datasets: [{
+                        data: data.charts.orderStatus.map(s => s.count),
+                        backgroundColor: ['#28a745', '#ffc107', '#dc3545', '#17a2b8', '#6c757d']
+                    }]
+                }
+            });
+        }
+    } catch (e) {
+        console.error("Dashboard Load Error", e);
+    }
+};
+
+let currentUsersPage = 1;
+window.loadAdminUsers = async function(page = 1) {
+    currentUsersPage = page;
+    const search = document.getElementById('user-search').value;
+    const status = document.getElementById('user-status-filter').value;
+    
+    try {
+        const response = await AppUtils.apiRequest(`/admin/users?page=${page}&limit=20&search=${search}&status=${status}`);
+        if (!response.success) return;
+        
+        const tbody = document.getElementById('users-table-body');
+        if (!tbody) return;
+        tbody.innerHTML = '';
+        
+        response.users.forEach(u => {
+            const tr = document.createElement('tr');
+            tr.innerHTML = `
+                <td><input type="checkbox" class="user-select-cb" value="${u.id}"></td>
+                <td>${escapeHTML(u.name)}</td>
+                <td>${escapeHTML(u.email)}</td>
+                <td><span class="badge">${u.role}</span></td>
+                <td><span class="badge ${u.is_active ? 'active' : 'blocked'}">${u.is_active ? 'Active' : 'Blocked'}</span></td>
+                <td>${new Date(u.created_at).toLocaleDateString()}</td>
+                <td>
+                    ${u.role !== 'admin' ? `
+                    <button class="normal" style="padding:4px 8px; font-size:12px; border:none; border-radius:4px; cursor:pointer; background: ${u.is_active ? '#dc3545' : '#28a745'}; color: white;" 
+                            onclick="toggleUserStatus(${u.id}, '${u.is_active ? 'blocked' : 'active'}')">
+                        ${u.is_active ? 'Block' : 'Unblock'}
+                    </button>
+                    ` : ''}
+                </td>
+            `;
+            tbody.appendChild(tr);
+        });
+        
+    } catch (e) {
+        console.error("Users Load Error", e);
+    }
+};
+
+window.toggleUserStatus = async function(id, newStatus) {
+    if (!confirm(`Are you sure you want to ${newStatus} this user?`)) return;
+    try {
+        const res = await AppUtils.apiRequest(`/admin/users/${id}/status`, {
+            method: 'PATCH',
+            body: JSON.stringify({ status: newStatus })
+        });
+        if (res.success) {
+            AppUtils.notify(res.message, 'success');
+            loadAdminUsers(currentUsersPage);
+        } else {
+            AppUtils.notify(res.message, 'error');
+        }
+    } catch (e) {}
+};
+
+const userSearch = document.getElementById('user-search');
+if (userSearch) userSearch.addEventListener('input', AppUtils.debounce(() => loadAdminUsers(1), 500));
+
+const userStatusFilter = document.getElementById('user-status-filter');
+if (userStatusFilter) userStatusFilter.addEventListener('change', () => loadAdminUsers(1));
+
+window.bulkUserAction = async function(newStatus) {
+    const selected = Array.from(document.querySelectorAll('.user-select-cb:checked')).map(cb => cb.value);
+    if (!selected.length) {
+        AppUtils.notify("Select at least one user", 'error');
+        return;
+    }
+    if (!confirm(`Are you sure you want to ${newStatus} ${selected.length} user(s)?`)) return;
+    
+    try {
+        const res = await AppUtils.apiRequest('/admin/users/bulk-status', {
+            method: 'POST',
+            body: JSON.stringify({ userIds: selected, status: newStatus })
+        });
+        if (res.success) {
+            AppUtils.notify(res.message, 'success');
+            loadAdminUsers(currentUsersPage);
+            document.getElementById('user-select-all').checked = false;
+        } else {
+            AppUtils.notify(res.message, 'error');
+        }
+    } catch (e) {}
+};
+
+const bulkBlockBtn = document.getElementById('user-bulk-block');
+if (bulkBlockBtn) bulkBlockBtn.addEventListener('click', () => bulkUserAction('blocked'));
+
+const bulkUnblockBtn = document.getElementById('user-bulk-unblock');
+if (bulkUnblockBtn) bulkUnblockBtn.addEventListener('click', () => bulkUserAction('active'));
+
+const selectAllCb = document.getElementById('user-select-all');
+if (selectAllCb) {
+    selectAllCb.addEventListener('change', (e) => {
+        document.querySelectorAll('.user-select-cb').forEach(cb => cb.checked = e.target.checked);
+    });
+}
+
+// Ensure the dashboard loads its data on init
+setTimeout(() => {
+    loadAdminDashboard();
+}, 500);
\ No newline at end of file

From b916b9291d82ce84dcfd0355250cc778c3b625aa Mon Sep 17 00:00:00 2001
From: Madhavi1108 <madhavi09307@gmail.com>
Date: Sun, 21 Jun 2026 17:02:35 +0530
Subject: [PATCH 2/5] Implement real-time customer support chat system

---
 backend/controllers/chat.controller.js |  71 +++++++
 backend/package-lock.json              | 218 ++++++++++++++++++++-
 backend/package.json                   |   3 +-
 backend/routes/chatRoutes.js           |  15 ++
 backend/scripts/chat_schema.sql        |  29 +++
 backend/server.js                      |  10 +-
 backend/services/chat.service.js       | 138 ++++++++++++++
 backend/utils/socketManager.js         | 111 +++++++++++
 frontend/admin.html                    |  63 +++++++
 frontend/scripts/admin.js              | 163 +++++++++++++++-
 frontend/scripts/chat-widget.js        | 193 +++++++++++++++++++
 frontend/scripts/components.js         |  19 ++
 frontend/styles/chat-widget.css        | 250 +++++++++++++++++++++++++
 13 files changed, 1274 insertions(+), 9 deletions(-)
 create mode 100644 backend/controllers/chat.controller.js
 create mode 100644 backend/routes/chatRoutes.js
 create mode 100644 backend/scripts/chat_schema.sql
 create mode 100644 backend/services/chat.service.js
 create mode 100644 backend/utils/socketManager.js
 create mode 100644 frontend/scripts/chat-widget.js
 create mode 100644 frontend/styles/chat-widget.css

diff --git a/backend/controllers/chat.controller.js b/backend/controllers/chat.controller.js
new file mode 100644
index 0000000..1583c47
--- /dev/null
+++ b/backend/controllers/chat.controller.js
@@ -0,0 +1,71 @@
+const chatService = require("../services/chat.service");
+const { getPagination, sanitizeString, safeNumber } = require("../utils/helpers");
+
+const getConversations = async (req, res) => {
+    try {
+        const { page, limit } = getPagination(req.query.page, req.query.limit, 20);
+        const filters = {
+            status: sanitizeString(req.query.status),
+            assigned_to: sanitizeString(req.query.assigned_to),
+            search: sanitizeString(req.query.search)
+        };
+
+        const data = await chatService.getConversationList(filters, page, limit);
+        res.status(200).json({ success: true, ...data });
+    } catch (error) {
+        console.error("GET CONVERSATIONS ERROR:", error);
+        res.status(500).json({ success: false, message: "Server error" });
+    }
+};
+
+const getConversationDetails = async (req, res) => {
+    try {
+        const id = safeNumber(req.params.id);
+        if (!id) return res.status(400).json({ success: false, message: "Invalid ID" });
+
+        const messages = await chatService.getConversationMessages(id);
+        res.status(200).json({ success: true, messages });
+    } catch (error) {
+        console.error("GET CONVERSATION DETAILS ERROR:", error);
+        res.status(500).json({ success: false, message: "Server error" });
+    }
+};
+
+const updateStatus = async (req, res) => {
+    try {
+        const id = safeNumber(req.params.id);
+        const { status } = req.body;
+        if (!id || !['open', 'pending', 'closed'].includes(status)) {
+            return res.status(400).json({ success: false, message: "Invalid payload" });
+        }
+
+        await chatService.updateConversationStatus(id, status);
+        
+        // Emit socket event if needed, handled in socket logic usually
+        // but we return REST success
+        res.status(200).json({ success: true, message: `Conversation ${status}` });
+    } catch (error) {
+        console.error("UPDATE CONV STATUS ERROR:", error);
+        res.status(500).json({ success: false, message: "Server error" });
+    }
+};
+
+const assignAdmin = async (req, res) => {
+    try {
+        const id = safeNumber(req.params.id);
+        if (!id) return res.status(400).json({ success: false, message: "Invalid ID" });
+
+        await chatService.assignConversation(id, req.user.id);
+        res.status(200).json({ success: true, message: "Conversation assigned successfully" });
+    } catch (error) {
+        console.error("ASSIGN CONV ERROR:", error);
+        res.status(500).json({ success: false, message: "Server error" });
+    }
+};
+
+module.exports = {
+    getConversations,
+    getConversationDetails,
+    updateStatus,
+    assignAdmin
+};
diff --git a/backend/package-lock.json b/backend/package-lock.json
index 610760b..46f3909 100644
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@@ -17,22 +17,46 @@
         "express-rate-limit": "^8.1.0",
         "helmet": "^8.2.0",
         "jsonwebtoken": "^9.0.3",
-        "mysql2": "^3.22.3"
+        "mysql2": "^3.22.3",
+        "socket.io": "^4.8.3"
       },
       "devDependencies": {
         "nodemon": "^3.1.14"
       }
     },
+    "node_modules/@socket.io/component-emitter": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/@socket.io/component-emitter/-/component-emitter-3.1.2.tgz",
+      "integrity": "sha512-9BCxFwvbGg/RsZK9tjXd8s4UcwR0MWeFQ1XEKIQVVvAGJyINdrqKMcTRyLoK8Rse1GjzLV9cwjWV1olXRWEXVA==",
+      "license": "MIT"
+    },
+    "node_modules/@types/cors": {
+      "version": "2.8.19",
+      "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.19.tgz",
+      "integrity": "sha512-mFNylyeyqN93lfe/9CSxOGREz8cpzAhH+E93xJ4xWQf62V8sQ/24reV2nyzUWM6H6Xji+GGHpkbLe7pVoUEskg==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
     "node_modules/@types/node": {
       "version": "25.9.0",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-25.9.0.tgz",
       "integrity": "sha512-AOQwYUNolgy3VosiRqXrACUXTN8nJUtPl7FJXMqZVyxiiCLhQuG3jXKvCS1ALr+Y2OmZhzzLVlYPEqJaiqkaJQ==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "undici-types": ">=7.24.0 <7.24.7"
       }
     },
+    "node_modules/@types/ws": {
+      "version": "8.18.1",
+      "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz",
+      "integrity": "sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
     "node_modules/accepts": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/accepts/-/accepts-2.0.0.tgz",
@@ -79,6 +103,15 @@
         "node": "18 || 20 || >=22"
       }
     },
+    "node_modules/base64id": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/base64id/-/base64id-2.0.0.tgz",
+      "integrity": "sha512-lGe34o6EHj9y3Kts9R4ZYs/Gr+6N7MCaMlIFA3F1R2O5/m7K06AxfSeO5530PEERE6/WyEg3lsuyw4GHlPZHog==",
+      "license": "MIT",
+      "engines": {
+        "node": "^4.5.0 || >= 5.9"
+      }
+    },
     "node_modules/bcryptjs": {
       "version": "3.0.3",
       "resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-3.0.3.tgz",
@@ -381,6 +414,79 @@
         "node": ">= 0.8"
       }
     },
+    "node_modules/engine.io": {
+      "version": "6.6.9",
+      "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-6.6.9.tgz",
+      "integrity": "sha512-clKkw4C7nJ22mGgoVcCg6V/W/TxdNyIOTr89k2ONZu81qqkddPFDF0LXcbAwhzPD8DjkiRCjzuiO6Y+fkpD4vg==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/cors": "^2.8.12",
+        "@types/node": ">=10.0.0",
+        "@types/ws": "^8.5.12",
+        "accepts": "~1.3.4",
+        "base64id": "2.0.0",
+        "cookie": "~0.7.2",
+        "cors": "~2.8.5",
+        "debug": "~4.4.1",
+        "engine.io-parser": "~5.2.1",
+        "ws": "~8.21.0"
+      },
+      "engines": {
+        "node": ">=10.2.0"
+      }
+    },
+    "node_modules/engine.io-parser": {
+      "version": "5.2.3",
+      "resolved": "https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-5.2.3.tgz",
+      "integrity": "sha512-HqD3yTBfnBxIrbnM1DoD6Pcq8NECnh8d4As1Qgh0z5Gg3jRRIqijury0CL3ghu/edArpUYiYqQiDUQBIs4np3Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=10.0.0"
+      }
+    },
+    "node_modules/engine.io/node_modules/accepts": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
+      "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
+      "license": "MIT",
+      "dependencies": {
+        "mime-types": "~2.1.34",
+        "negotiator": "0.6.3"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/engine.io/node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/engine.io/node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "license": "MIT",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/engine.io/node_modules/negotiator": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
+      "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
     "node_modules/es-define-property": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
@@ -1406,6 +1512,90 @@
         "node": ">=10"
       }
     },
+    "node_modules/socket.io": {
+      "version": "4.8.3",
+      "resolved": "https://registry.npmjs.org/socket.io/-/socket.io-4.8.3.tgz",
+      "integrity": "sha512-2Dd78bqzzjE6KPkD5fHZmDAKRNe3J15q+YHDrIsy9WEkqttc7GY+kT9OBLSMaPbQaEd0x1BjcmtMtXkfpc+T5A==",
+      "license": "MIT",
+      "dependencies": {
+        "accepts": "~1.3.4",
+        "base64id": "~2.0.0",
+        "cors": "~2.8.5",
+        "debug": "~4.4.1",
+        "engine.io": "~6.6.0",
+        "socket.io-adapter": "~2.5.2",
+        "socket.io-parser": "~4.2.4"
+      },
+      "engines": {
+        "node": ">=10.2.0"
+      }
+    },
+    "node_modules/socket.io-adapter": {
+      "version": "2.5.8",
+      "resolved": "https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.5.8.tgz",
+      "integrity": "sha512-6Oy52pbg+kvdCVvjcN+FnY7BvxZ7cIHNScbvztT/It5d0vbwoJoVZmF2gjJmnV0/4WlXRfG15zc45ySk9Ah8bw==",
+      "license": "MIT",
+      "dependencies": {
+        "debug": "~4.4.1",
+        "ws": "~8.21.0"
+      }
+    },
+    "node_modules/socket.io-parser": {
+      "version": "4.2.6",
+      "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.6.tgz",
+      "integrity": "sha512-asJqbVBDsBCJx0pTqw3WfesSY0iRX+2xzWEWzrpcH7L6fLzrhyF8WPI8UaeM4YCuDfpwA/cgsdugMsmtz8EJeg==",
+      "license": "MIT",
+      "dependencies": {
+        "@socket.io/component-emitter": "~3.1.0",
+        "debug": "~4.4.1"
+      },
+      "engines": {
+        "node": ">=10.0.0"
+      }
+    },
+    "node_modules/socket.io/node_modules/accepts": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
+      "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
+      "license": "MIT",
+      "dependencies": {
+        "mime-types": "~2.1.34",
+        "negotiator": "0.6.3"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/socket.io/node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/socket.io/node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "license": "MIT",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/socket.io/node_modules/negotiator": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
+      "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
     "node_modules/sql-escaper": {
       "version": "1.3.3",
       "resolved": "https://registry.npmjs.org/sql-escaper/-/sql-escaper-1.3.3.tgz",
@@ -1517,8 +1707,7 @@
       "version": "7.24.6",
       "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.24.6.tgz",
       "integrity": "sha512-WRNW+sJgj5OBN4/0JpHFqtqzhpbnV0GuB+OozA9gCL7a993SmU+1JBZCzLNxYsbMfIeDL+lTsphD5jN5N+n0zg==",
-      "license": "MIT",
-      "peer": true
+      "license": "MIT"
     },
     "node_modules/unpipe": {
       "version": "1.0.0",
@@ -1543,6 +1732,27 @@
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
       "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==",
       "license": "ISC"
+    },
+    "node_modules/ws": {
+      "version": "8.21.0",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz",
+      "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=10.0.0"
+      },
+      "peerDependencies": {
+        "bufferutil": "^4.0.1",
+        "utf-8-validate": ">=5.0.2"
+      },
+      "peerDependenciesMeta": {
+        "bufferutil": {
+          "optional": true
+        },
+        "utf-8-validate": {
+          "optional": true
+        }
+      }
     }
   }
 }
diff --git a/backend/package.json b/backend/package.json
index 9cfb2c4..ed029c5 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -19,7 +19,8 @@
     "express-rate-limit": "^8.1.0",
     "helmet": "^8.2.0",
     "jsonwebtoken": "^9.0.3",
-    "mysql2": "^3.22.3"
+    "mysql2": "^3.22.3",
+    "socket.io": "^4.8.3"
   },
   "devDependencies": {
     "nodemon": "^3.1.14"
diff --git a/backend/routes/chatRoutes.js b/backend/routes/chatRoutes.js
new file mode 100644
index 0000000..3aaca0d
--- /dev/null
+++ b/backend/routes/chatRoutes.js
@@ -0,0 +1,15 @@
+const express = require("express");
+const router = express.Router();
+const { authMiddleware, authorizeRoles } = require("../middleware/authMiddleware");
+const { getConversations, getConversationDetails, updateStatus, assignAdmin } = require("../controllers/chat.controller");
+
+// Admin only routes
+router.use(authMiddleware);
+router.use(authorizeRoles("admin"));
+
+router.get("/conversations", getConversations);
+router.get("/conversations/:id", getConversationDetails);
+router.patch("/conversations/:id/status", updateStatus);
+router.patch("/conversations/:id/assign", assignAdmin);
+
+module.exports = router;
diff --git a/backend/scripts/chat_schema.sql b/backend/scripts/chat_schema.sql
new file mode 100644
index 0000000..61f9ff3
--- /dev/null
+++ b/backend/scripts/chat_schema.sql
@@ -0,0 +1,29 @@
+CREATE TABLE IF NOT EXISTS chat_conversations (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    customer_id INT NOT NULL,
+    assigned_admin_id INT NULL,
+    status ENUM('open', 'pending', 'closed') DEFAULT 'open',
+    priority ENUM('low', 'medium', 'high') DEFAULT 'medium',
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    closed_at TIMESTAMP NULL,
+    FOREIGN KEY (customer_id) REFERENCES users(id) ON DELETE CASCADE,
+    FOREIGN KEY (assigned_admin_id) REFERENCES users(id) ON DELETE SET NULL
+);
+
+CREATE TABLE IF NOT EXISTS chat_messages (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    conversation_id INT NOT NULL,
+    sender_id INT NOT NULL,
+    sender_type ENUM('customer', 'admin', 'system') NOT NULL,
+    message TEXT NOT NULL,
+    delivered BOOLEAN DEFAULT FALSE,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (conversation_id) REFERENCES chat_conversations(id) ON DELETE CASCADE,
+    FOREIGN KEY (sender_id) REFERENCES users(id) ON DELETE CASCADE
+);
+
+CREATE INDEX idx_chat_customer ON chat_conversations(customer_id);
+CREATE INDEX idx_chat_admin ON chat_conversations(assigned_admin_id);
+CREATE INDEX idx_chat_status ON chat_conversations(status);
+CREATE INDEX idx_chat_msg_conv ON chat_messages(conversation_id);
diff --git a/backend/server.js b/backend/server.js
index e57e59a..a0a8fde 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -45,6 +45,7 @@ const orderRoutes = require("./routes/orderRoutes");
 
 const promoRoutes = require("./routes/promoRoutes");
 const adminRoutes = require("./routes/adminRoutes");
+const chatRoutes = require("./routes/chatRoutes");
 
 const wishlistRoutes =
     require(
@@ -53,8 +54,12 @@ const wishlistRoutes =
 
 const pincodeRoutes = require("./routes/pincodeRoutes");
 
-// app
+// init app
 const app = express();
+const http = require("http");
+const server = http.createServer(app);
+const { initSocket } = require("./utils/socketManager");
+initSocket(server);
 
 // constants
 const PORT = Number(process.env.PORT) || 5000;
@@ -259,6 +264,7 @@ app.use("/api/auth", authRoutes);
 app.use("/api/orders", orderRoutes);
 app.use("/api/promos", promoRoutes);
 app.use("/api/admin", adminRoutes);
+app.use("/api/chat", chatRoutes);
 
 app.use(
     "/api/wishlist",
@@ -323,7 +329,7 @@ process.on("SIGINT", shutdown);
 process.on("SIGTERM", shutdown);
 
 // start server
-app.listen(PORT, "0.0.0.0", () => {
+server.listen(PORT, "0.0.0.0", () => {
   console.log(`Server running on port ${PORT}`);
 
   console.log(`Environment: ${process.env.NODE_ENV || "development"}`);
diff --git a/backend/services/chat.service.js b/backend/services/chat.service.js
new file mode 100644
index 0000000..a9a5ef9
--- /dev/null
+++ b/backend/services/chat.service.js
@@ -0,0 +1,138 @@
+const db = require("../config/db");
+const { safeArray, safeNumber } = require("../utils/helpers");
+
+const findOrCreateConversation = async (customerId) => {
+    // Check if open or pending conversation exists
+    const [existing] = await db.query(
+        `SELECT * FROM chat_conversations WHERE customer_id = ? AND status IN ('open', 'pending') LIMIT 1`,
+        [customerId]
+    );
+
+    if (existing.length > 0) return existing[0];
+
+    // Create new
+    const [result] = await db.query(
+        `INSERT INTO chat_conversations (customer_id, status) VALUES (?, 'open')`,
+        [customerId]
+    );
+
+    const [newConv] = await db.query(`SELECT * FROM chat_conversations WHERE id = ?`, [result.insertId]);
+    return newConv[0];
+};
+
+const getConversationList = async (filters, page = 1, limit = 20) => {
+    const offset = (page - 1) * limit;
+    let query = `
+        SELECT c.*, u.name as customer_name, u.email as customer_email,
+        (SELECT message FROM chat_messages m WHERE m.conversation_id = c.id ORDER BY m.created_at DESC LIMIT 1) as last_message,
+        (SELECT created_at FROM chat_messages m WHERE m.conversation_id = c.id ORDER BY m.created_at DESC LIMIT 1) as last_activity
+        FROM chat_conversations c
+        JOIN users u ON c.customer_id = u.id
+        WHERE 1=1
+    `;
+    const params = [];
+
+    if (filters.status) {
+        query += ` AND c.status = ?`;
+        params.push(filters.status);
+    }
+    
+    if (filters.assigned_to) {
+        if (filters.assigned_to === 'unassigned') {
+            query += ` AND c.assigned_admin_id IS NULL`;
+        } else {
+            query += ` AND c.assigned_admin_id = ?`;
+            params.push(filters.assigned_to);
+        }
+    }
+
+    if (filters.search) {
+        query += ` AND (u.name LIKE ? OR u.email LIKE ?)`;
+        params.push(`%${filters.search}%`, `%${filters.search}%`);
+    }
+
+    // Get total count
+    const [countResult] = await db.query(`SELECT COUNT(*) as total FROM (${query}) as t`, params);
+
+    // Apply sorting and pagination
+    query += ` ORDER BY last_activity DESC LIMIT ? OFFSET ?`;
+    params.push(limit, offset);
+
+    const [conversations] = await db.query(query, params);
+
+    return {
+        conversations: safeArray(conversations),
+        total: countResult[0].total,
+        page,
+        limit
+    };
+};
+
+const getConversationMessages = async (conversationId) => {
+    const [messages] = await db.query(
+        `SELECT m.*, u.name as sender_name 
+         FROM chat_messages m 
+         JOIN users u ON m.sender_id = u.id 
+         WHERE m.conversation_id = ? 
+         ORDER BY m.created_at ASC`,
+        [conversationId]
+    );
+    return safeArray(messages);
+};
+
+const saveMessage = async (conversationId, senderId, senderType, message) => {
+    const [result] = await db.query(
+        `INSERT INTO chat_messages (conversation_id, sender_id, sender_type, message) VALUES (?, ?, ?, ?)`,
+        [conversationId, senderId, senderType, message]
+    );
+    
+    // Update conversation updated_at implicitly
+    await db.query(`UPDATE chat_conversations SET updated_at = CURRENT_TIMESTAMP WHERE id = ?`, [conversationId]);
+    
+    const [newMsg] = await db.query(
+        `SELECT m.*, u.name as sender_name FROM chat_messages m JOIN users u ON m.sender_id = u.id WHERE m.id = ?`, 
+        [result.insertId]
+    );
+    return newMsg[0];
+};
+
+const updateConversationStatus = async (conversationId, status) => {
+    let query = `UPDATE chat_conversations SET status = ?`;
+    const params = [status];
+    
+    if (status === 'closed') {
+        query += `, closed_at = CURRENT_TIMESTAMP`;
+    } else {
+        query += `, closed_at = NULL`;
+    }
+    
+    query += ` WHERE id = ?`;
+    params.push(conversationId);
+    
+    await db.query(query, params);
+};
+
+const assignConversation = async (conversationId, adminId) => {
+    await db.query(
+        `UPDATE chat_conversations SET assigned_admin_id = ?, status = 'pending' WHERE id = ?`,
+        [adminId, conversationId]
+    );
+};
+
+const verifyConversationAccess = async (conversationId, userId, role) => {
+    const [conv] = await db.query(`SELECT * FROM chat_conversations WHERE id = ?`, [conversationId]);
+    if (!conv.length) return false;
+    
+    if (role === 'admin') return true;
+    return conv[0].customer_id === userId;
+};
+
+module.exports = {
+    findOrCreateConversation,
+    getConversationList,
+    getConversationMessages,
+    saveMessage,
+    updateConversationStatus,
+    assignConversation,
+    verifyConversationAccess
+};
diff --git a/backend/utils/socketManager.js b/backend/utils/socketManager.js
new file mode 100644
index 0000000..f7696a4
--- /dev/null
+++ b/backend/utils/socketManager.js
@@ -0,0 +1,111 @@
+const { Server } = require("socket.io");
+const jwt = require("jsonwebtoken");
+const chatService = require("../services/chat.service");
+
+let io;
+
+const initSocket = (server) => {
+    io = new Server(server, {
+        cors: {
+            origin: ["http://localhost:5500", "http://127.0.0.1:5500"],
+            methods: ["GET", "POST"],
+            credentials: true
+        }
+    });
+
+    // Middleware for Auth
+    io.use((socket, next) => {
+        const token = socket.handshake.auth.token;
+        if (!token) {
+            return next(new Error("Authentication error"));
+        }
+        try {
+            const decoded = jwt.verify(token, process.env.JWT_SECRET || 'secret');
+            socket.user = decoded;
+            next();
+        } catch (err) {
+            next(new Error("Authentication error"));
+        }
+    });
+
+    io.on("connection", (socket) => {
+        console.log(`User connected: ${socket.user.id} (${socket.user.role})`);
+
+        socket.on("join_conversation", async (data, callback) => {
+            try {
+                let conversationId = data?.conversationId;
+                
+                // If customer joins without ID, find or create their default convo
+                if (socket.user.role === 'customer' && !conversationId) {
+                    const conv = await chatService.findOrCreateConversation(socket.user.id);
+                    conversationId = conv.id;
+                }
+
+                if (!conversationId) {
+                    if (callback) callback({ success: false, message: "No conversation ID" });
+                    return;
+                }
+
+                // Verify access
+                const hasAccess = await chatService.verifyConversationAccess(conversationId, socket.user.id, socket.user.role);
+                if (!hasAccess) {
+                    if (callback) callback({ success: false, message: "Unauthorized access to conversation" });
+                    return;
+                }
+
+                socket.join(`conversation:${conversationId}`);
+                console.log(`User ${socket.user.id} joined conversation:${conversationId}`);
+                
+                if (callback) callback({ success: true, conversationId });
+            } catch (err) {
+                console.error("Socket Join Error:", err);
+                if (callback) callback({ success: false, message: "Server error" });
+            }
+        });
+
+        socket.on("send_message", async (data, callback) => {
+            try {
+                const { conversationId, message } = data;
+                if (!conversationId || !message?.trim()) return;
+
+                // Check access
+                const hasAccess = await chatService.verifyConversationAccess(conversationId, socket.user.id, socket.user.role);
+                if (!hasAccess) return;
+
+                const senderType = socket.user.role === 'admin' ? 'admin' : 'customer';
+                const savedMessage = await chatService.saveMessage(conversationId, socket.user.id, senderType, message);
+
+                // Broadcast to everyone in the room including sender
+                io.to(`conversation:${conversationId}`).emit("message_received", savedMessage);
+                
+                // Notify admins about new message (for dashboard updates)
+                io.to('admin_room').emit("conversation_updated", { conversationId, last_message: message });
+
+                if (callback) callback({ success: true, message: savedMessage });
+            } catch (err) {
+                console.error("Socket Send Message Error:", err);
+                if (callback) callback({ success: false, message: "Server error" });
+            }
+        });
+
+        socket.on("join_admin_room", () => {
+            if (socket.user.role === 'admin') {
+                socket.join('admin_room');
+                console.log(`Admin ${socket.user.id} joined admin_room`);
+            }
+        });
+
+        socket.on("disconnect", () => {
+            console.log(`User disconnected: ${socket.user.id}`);
+        });
+    });
+
+    return io;
+};
+
+const getIo = () => {
+    if (!io) throw new Error("Socket.io not initialized");
+    return io;
+};
+
+module.exports = { initSocket, getIo };
diff --git a/frontend/admin.html b/frontend/admin.html
index cb8cfee..0338348 100644
--- a/frontend/admin.html
+++ b/frontend/admin.html
@@ -151,6 +151,14 @@ <h2>
 
                 </li>
 
+                <li class="admin-tab" data-tab="support">
+
+                    <i class="fas fa-headset"></i>
+
+                    Support
+
+                </li>
+
                 <li class="admin-tab" data-tab="settings">
 
                     <i class="fas fa-cog"></i>
@@ -283,6 +291,59 @@ <h2>User Management</h2>
                 <div class="pagination" id="users-pagination" style="margin-top:20px; display:flex; justify-content:center; gap:5px;"></div>
             </div>
 
+            <!-- Customer Support -->
+            <div class="admin-section" id="section-support" style="display: none;">
+                <div class="support-layout" style="display: grid; grid-template-columns: 300px 1fr 300px; gap: 20px; height: 75vh; border: 1px solid #eee; border-radius: 8px; overflow: hidden; background: #fff;">
+                    
+                    <!-- Conversations List -->
+                    <div style="border-right: 1px solid #eee; display: flex; flex-direction: column;">
+                        <div style="padding: 15px; border-bottom: 1px solid #eee; background: #fafafa;">
+                            <input type="text" id="admin-chat-search" placeholder="Search customers..." style="width: 100%; padding: 8px; border: 1px solid #ddd; border-radius: 4px;">
+                            <select id="admin-chat-filter" style="width: 100%; padding: 8px; border: 1px solid #ddd; border-radius: 4px; margin-top: 10px;">
+                                <option value="open">Open</option>
+                                <option value="pending">Pending</option>
+                                <option value="closed">Closed</option>
+                                <option value="unassigned">Unassigned</option>
+                            </select>
+                        </div>
+                        <div id="admin-conversations-list" style="flex: 1; overflow-y: auto; padding: 0;">
+                            <!-- Items go here -->
+                        </div>
+                    </div>
+
+                    <!-- Active Chat -->
+                    <div style="display: flex; flex-direction: column; background: #fafafa;">
+                        <div id="admin-chat-header" style="padding: 15px; background: #fff; border-bottom: 1px solid #eee; display: flex; justify-content: space-between; align-items: center;">
+                            <div>
+                                <h3 style="margin:0; font-size:16px;" id="admin-chat-customer-name">Select a conversation</h3>
+                                <small style="color: #666;" id="admin-chat-customer-status"></small>
+                            </div>
+                            <div id="admin-chat-actions" style="display: none;">
+                                <button id="admin-chat-assign-btn" class="normal" style="padding: 6px 12px; background: #088178; color: #fff;">Assign to Me</button>
+                                <button id="admin-chat-close-btn" class="normal" style="padding: 6px 12px; background: #dc3545; color: #fff;">Close Chat</button>
+                            </div>
+                        </div>
+                        
+                        <div id="admin-chat-messages" style="flex: 1; padding: 20px; overflow-y: auto; display: flex; flex-direction: column; gap: 10px;">
+                            <!-- Messages -->
+                        </div>
+
+                        <div style="padding: 15px; background: #fff; border-top: 1px solid #eee; display: flex; gap: 10px;">
+                            <textarea id="admin-chat-input" placeholder="Type a message... (Shift+Enter for new line)" style="flex: 1; resize: none; padding: 10px; border: 1px solid #ddd; border-radius: 4px; height: 50px;" disabled></textarea>
+                            <button id="admin-chat-send" class="normal" style="background: #088178; color: #fff;" disabled>Send</button>
+                        </div>
+                    </div>
+
+                    <!-- Customer Info -->
+                    <div id="admin-chat-customer-info" style="border-left: 1px solid #eee; padding: 20px; background: #fff;">
+                        <h3 style="margin-top:0;">Customer Details</h3>
+                        <div id="admin-chat-info-content" style="color: #555; font-size: 14px; line-height: 1.6;">
+                            Select a conversation to view details.
+                        </div>
+                    </div>
+                </div>
+            </div>
+
             <!-- Product Form -->
 
             <div class="admin-section" id="section-products-form" style="display: none;">
@@ -527,6 +588,8 @@ <h2>
         src="scripts/components.js"
     ></script>
 
+    <script src="https://cdn.socket.io/4.7.2/socket.io.min.js"></script>
+    
     <!-- Admin Script -->
     <script
         defer
diff --git a/frontend/scripts/admin.js b/frontend/scripts/admin.js
index e4f2f88..6ff2e74 100644
--- a/frontend/scripts/admin.js
+++ b/frontend/scripts/admin.js
@@ -966,12 +966,171 @@ document.querySelectorAll('.admin-tab').forEach(tab => {
         } else if (target === 'products') {
             document.getElementById('section-products-form').style.display = 'block';
             document.getElementById('section-products-list').style.display = 'block';
-        } else if (target === 'orders') {
-            document.getElementById('section-orders').style.display = 'block';
+        } else if (target === 'support') {
+            document.getElementById('section-support').style.display = 'block';
+            initAdminChat();
         }
     });
 });
 
+// Admin Chat Logic
+let adminChatSocket = null;
+let currentAdminConversation = null;
+
+function initAdminChat() {
+    if (adminChatSocket) return; // already initialized
+    
+    const token = AppUtils.getToken();
+    if (!token) return;
+
+    adminChatSocket = io(CONFIG.API_BASE.replace('/api', ''), { auth: { token } });
+    
+    adminChatSocket.on('connect', () => {
+        adminChatSocket.emit('join_admin_room');
+        loadAdminConversations();
+    });
+
+    adminChatSocket.on('conversation_updated', () => {
+        loadAdminConversations();
+    });
+
+    adminChatSocket.on('message_received', (msg) => {
+        if (currentAdminConversation && msg.conversation_id === currentAdminConversation) {
+            renderAdminMessage(msg);
+        } else {
+            loadAdminConversations(); // Update previews
+        }
+    });
+
+    document.getElementById('admin-chat-send').addEventListener('click', sendAdminMessage);
+    const input = document.getElementById('admin-chat-input');
+    input.addEventListener('keydown', (e) => {
+        if (e.key === 'Enter' && !e.shiftKey) {
+            e.preventDefault();
+            sendAdminMessage();
+        }
+    });
+
+    document.getElementById('admin-chat-search').addEventListener('input', AppUtils.debounce(loadAdminConversations, 500));
+    document.getElementById('admin-chat-filter').addEventListener('change', loadAdminConversations);
+}
+
+async function loadAdminConversations() {
+    const search = document.getElementById('admin-chat-search').value;
+    const filter = document.getElementById('admin-chat-filter').value;
+    
+    // Convert filter to API params
+    let status = filter !== 'unassigned' ? filter : '';
+    let assigned_to = filter === 'unassigned' ? 'unassigned' : '';
+
+    try {
+        const res = await AppUtils.apiRequest(`/chat/conversations?search=${search}&status=${status}&assigned_to=${assigned_to}`);
+        if (res.success) {
+            const list = document.getElementById('admin-conversations-list');
+            list.innerHTML = '';
+            res.conversations.forEach(c => {
+                const div = document.createElement('div');
+                div.style.padding = '15px';
+                div.style.borderBottom = '1px solid #eee';
+                div.style.cursor = 'pointer';
+                div.style.background = (currentAdminConversation === c.id) ? '#e6f2f1' : '#fff';
+                div.innerHTML = `
+                    <div style="font-weight: bold;">${AppUtils.escapeHTML(c.customer_name)}</div>
+                    <div style="font-size: 12px; color: #888; margin-top: 4px; white-space: nowrap; overflow: hidden; text-overflow: ellipsis;">
+                        ${c.last_message ? AppUtils.escapeHTML(c.last_message) : '<i>New Conversation</i>'}
+                    </div>
+                `;
+                div.addEventListener('click', () => openAdminConversation(c));
+                list.appendChild(div);
+            });
+        }
+    } catch(e) {}
+}
+
+async function openAdminConversation(c) {
+    currentAdminConversation = c.id;
+    adminChatSocket.emit('join_conversation', { conversationId: c.id });
+    
+    // Update UI
+    document.getElementById('admin-chat-customer-name').innerText = c.customer_name;
+    document.getElementById('admin-chat-customer-status').innerText = `Status: ${c.status} | Priority: ${c.priority}`;
+    document.getElementById('admin-chat-actions').style.display = 'block';
+    
+    document.getElementById('admin-chat-input').disabled = false;
+    document.getElementById('admin-chat-send').disabled = false;
+
+    // Load info
+    document.getElementById('admin-chat-info-content').innerHTML = `
+        <p><strong>Email:</strong> ${AppUtils.escapeHTML(c.customer_email)}</p>
+        <p><strong>Created:</strong> ${new Date(c.created_at).toLocaleDateString()}</p>
+        <p><strong>Status:</strong> <span class="badge" style="background:#088178; color:white;">${c.status}</span></p>
+    `;
+
+    // Load messages
+    try {
+        const res = await AppUtils.apiRequest(`/chat/conversations/${c.id}`);
+        if (res.success) {
+            const msgList = document.getElementById('admin-chat-messages');
+            msgList.innerHTML = '';
+            res.messages.forEach(renderAdminMessage);
+        }
+    } catch(e) {}
+    
+    // Bind buttons
+    document.getElementById('admin-chat-assign-btn').onclick = async () => {
+        await AppUtils.apiRequest(`/chat/conversations/${c.id}/assign`, { method: 'PATCH' });
+        loadAdminConversations();
+        openAdminConversation({...c, assigned_admin_id: currentAdmin.id});
+    };
+    
+    document.getElementById('admin-chat-close-btn').onclick = async () => {
+        await AppUtils.apiRequest(`/chat/conversations/${c.id}/status`, { method: 'PATCH', body: JSON.stringify({ status: 'closed' }) });
+        loadAdminConversations();
+        openAdminConversation({...c, status: 'closed'});
+    };
+    
+    loadAdminConversations(); // highlight active
+}
+
+function renderAdminMessage(msg) {
+    const list = document.getElementById('admin-chat-messages');
+    const isAdmin = msg.sender_type === 'admin';
+    const div = document.createElement('div');
+    div.style.maxWidth = '80%';
+    div.style.padding = '10px 14px';
+    div.style.borderRadius = '18px';
+    div.style.fontSize = '14px';
+    div.style.alignSelf = isAdmin ? 'flex-end' : 'flex-start';
+    div.style.background = isAdmin ? '#088178' : '#e6f2f1';
+    div.style.color = isAdmin ? '#fff' : '#333';
+    
+    if (isAdmin) {
+        div.style.borderBottomRightRadius = '4px';
+    } else {
+        div.style.borderBottomLeftRadius = '4px';
+    }
+    
+    div.innerHTML = `
+        ${AppUtils.escapeHTML(msg.message)}
+        <div style="font-size:10px; opacity:0.8; margin-top:4px; text-align:${isAdmin ? 'right' : 'left'}">
+            ${new Date(msg.created_at).toLocaleTimeString([], {hour: '2-digit', minute:'2-digit'})}
+        </div>
+    `;
+    list.appendChild(div);
+    list.scrollTop = list.scrollHeight;
+}
+
+function sendAdminMessage() {
+    const input = document.getElementById('admin-chat-input');
+    const text = input.value.trim();
+    if (!text || !currentAdminConversation) return;
+
+    input.value = '';
+    adminChatSocket.emit('send_message', { conversationId: currentAdminConversation, message: text }, () => {
+        // Callback can handle failures
+    });
+}
+
 let revenueChartInstance = null;
 let orderStatusChartInstance = null;
 
diff --git a/frontend/scripts/chat-widget.js b/frontend/scripts/chat-widget.js
new file mode 100644
index 0000000..778d53a
--- /dev/null
+++ b/frontend/scripts/chat-widget.js
@@ -0,0 +1,193 @@
+// Chat Widget Logic
+let chatSocket = null;
+let chatConversationId = null;
+let chatUnreadCount = 0;
+let chatIsOpen = false;
+
+function injectChatWidget() {
+    const user = AppUtils.getUser();
+    if (!user || user.role === 'admin') return; // Only show for customers
+
+    const chatHTML = `
+        <div id="chat-widget-container">
+            <button id="chat-widget-btn">
+                <i class="fas fa-comment-dots"></i>
+                <span class="chat-unread-badge" id="chat-unread-badge" style="display: none;">0</span>
+            </button>
+
+            <div id="chat-widget-window">
+                <div class="chat-header">
+                    <div class="chat-header-info">
+                        <div class="chat-avatar"><i class="fas fa-headset"></i></div>
+                        <div class="chat-title">
+                            Customer Support
+                            <div class="chat-status" id="chat-connection-status">
+                                <span class="chat-status-dot" style="background: #ff9800;"></span> Connecting...
+                            </div>
+                        </div>
+                    </div>
+                    <div class="chat-actions">
+                        <button id="chat-minimize-btn"><i class="fas fa-minus"></i></button>
+                    </div>
+                </div>
+
+                <div class="chat-messages" id="chat-messages-container">
+                    <div class="chat-system-message">
+                        👋 Hi!<br>How can we help you today?<br>Start a conversation below.
+                    </div>
+                </div>
+
+                <div class="chat-input-area">
+                    <textarea id="chat-input-textarea" placeholder="Type your message..." rows="1" disabled></textarea>
+                    <button id="chat-send-btn" disabled><i class="fas fa-paper-plane"></i></button>
+                </div>
+            </div>
+        </div>
+    `;
+
+    document.body.insertAdjacentHTML('beforeend', chatHTML);
+
+    // Event Listeners
+    document.getElementById('chat-widget-btn').addEventListener('click', toggleChatWindow);
+    document.getElementById('chat-minimize-btn').addEventListener('click', toggleChatWindow);
+    
+    const textarea = document.getElementById('chat-input-textarea');
+    textarea.addEventListener('input', function() {
+        this.style.height = 'auto';
+        this.style.height = (this.scrollHeight) + 'px';
+    });
+
+    textarea.addEventListener('keydown', function(e) {
+        if (e.key === 'Enter' && !e.shiftKey) {
+            e.preventDefault();
+            sendChatMessage();
+        }
+    });
+
+    document.getElementById('chat-send-btn').addEventListener('click', sendChatMessage);
+
+    // Load socket.io script
+    if (typeof io === 'undefined') {
+        const script = document.createElement('script');
+        script.src = 'https://cdn.socket.io/4.7.2/socket.io.min.js';
+        script.onload = initChatSocket;
+        document.head.appendChild(script);
+    } else {
+        initChatSocket();
+    }
+}
+
+function toggleChatWindow() {
+    const windowEl = document.getElementById('chat-widget-window');
+    chatIsOpen = !chatIsOpen;
+    
+    if (chatIsOpen) {
+        windowEl.classList.add('open');
+        chatUnreadCount = 0;
+        document.getElementById('chat-unread-badge').style.display = 'none';
+        scrollToBottom();
+        document.getElementById('chat-input-textarea').focus();
+    } else {
+        windowEl.classList.remove('open');
+    }
+}
+
+function initChatSocket() {
+    const token = AppUtils.getJSON(CONFIG.STORAGE_KEYS.TOKEN);
+    if (!token) return;
+
+    chatSocket = io(CONFIG.API_BASE.replace('/api', ''), {
+        auth: { token }
+    });
+
+    chatSocket.on('connect', () => {
+        updateChatStatus('Online', '#4caf50');
+        document.getElementById('chat-input-textarea').disabled = false;
+        document.getElementById('chat-send-btn').disabled = false;
+        
+        chatSocket.emit('join_conversation', {}, (res) => {
+            if (res.success) {
+                chatConversationId = res.conversationId;
+                loadPreviousMessages();
+            }
+        });
+    });
+
+    chatSocket.on('disconnect', () => {
+        updateChatStatus('Disconnected', '#dc3545');
+        document.getElementById('chat-input-textarea').disabled = true;
+        document.getElementById('chat-send-btn').disabled = true;
+    });
+
+    chatSocket.on('message_received', (msg) => {
+        renderMessage(msg);
+        if (!chatIsOpen) {
+            chatUnreadCount++;
+            const badge = document.getElementById('chat-unread-badge');
+            badge.innerText = chatUnreadCount;
+            badge.style.display = 'flex';
+        }
+    });
+}
+
+function updateChatStatus(text, color) {
+    const statusEl = document.getElementById('chat-connection-status');
+    if (statusEl) {
+        statusEl.innerHTML = `<span class="chat-status-dot" style="background: ${color};"></span> ${text}`;
+    }
+}
+
+async function loadPreviousMessages() {
+    if (!chatConversationId) return;
+    try {
+        const res = await AppUtils.apiRequest(`/chat/conversations/${chatConversationId}`);
+        if (res.success && res.messages.length > 0) {
+            const container = document.getElementById('chat-messages-container');
+            container.innerHTML = ''; // clear welcome message
+            res.messages.forEach(renderMessage);
+        }
+    } catch (e) {
+        console.error("Failed to load history", e);
+    }
+}
+
+function renderMessage(msg) {
+    const container = document.getElementById('chat-messages-container');
+    const isCustomer = msg.sender_type === 'customer';
+    const div = document.createElement('div');
+    div.className = `chat-message ${isCustomer ? 'customer' : 'admin'}`;
+    div.innerHTML = `
+        ${AppUtils.escapeHTML(msg.message)}
+        <span class="chat-message-time">${new Date(msg.created_at).toLocaleTimeString([], {hour: '2-digit', minute:'2-digit'})}</span>
+    `;
+    container.appendChild(div);
+    scrollToBottom();
+}
+
+function scrollToBottom() {
+    const container = document.getElementById('chat-messages-container');
+    if (container) {
+        container.scrollTop = container.scrollHeight;
+    }
+}
+
+function sendChatMessage() {
+    const textarea = document.getElementById('chat-input-textarea');
+    const text = textarea.value.trim();
+    if (!text || !chatSocket || !chatConversationId) return;
+
+    textarea.value = '';
+    textarea.style.height = 'auto';
+
+    chatSocket.emit('send_message', { conversationId: chatConversationId, message: text }, (res) => {
+        if (!res.success) {
+            AppUtils.notify("Failed to send message", "error");
+        }
+    });
+}
+
+// Initialize on DOMContentLoaded
+document.addEventListener("DOMContentLoaded", () => {
+    // wait a moment so AppUtils is ready
+    setTimeout(injectChatWidget, 500);
+});
diff --git a/frontend/scripts/components.js b/frontend/scripts/components.js
index faecee2..6a24020 100644
--- a/frontend/scripts/components.js
+++ b/frontend/scripts/components.js
@@ -68,6 +68,25 @@ async function initializeComponents() {
 
     // notify components ready
     document.dispatchEvent(new CustomEvent("componentsLoaded"));
+
+    // Inject chat widget
+    injectChatWidgetDependencies();
+}
+
+// ===== INJECT CHAT WIDGET =====
+function injectChatWidgetDependencies() {
+    if (window.location.pathname.includes('admin.html') || window.location.pathname.includes('signin.html') || window.location.pathname.includes('signup.html')) {
+        return; // Do not load on admin or auth pages
+    }
+
+    const link = document.createElement('link');
+    link.rel = 'stylesheet';
+    link.href = 'styles/chat-widget.css';
+    document.head.appendChild(link);
+
+    const script = document.createElement('script');
+    script.src = 'scripts/chat-widget.js';
+    document.body.appendChild(script);
 }
 
 // ===== SEARCH AUTOCOMPLETE FUNCTIONALITY =====
diff --git a/frontend/styles/chat-widget.css b/frontend/styles/chat-widget.css
new file mode 100644
index 0000000..e51220e
--- /dev/null
+++ b/frontend/styles/chat-widget.css
@@ -0,0 +1,250 @@
+/* Chat Widget Variables */
+:root {
+    --chat-primary: #088178;
+    --chat-primary-dark: #06665f;
+    --chat-bg: #ffffff;
+    --chat-text: #333333;
+    --chat-border: #e0e0e0;
+    --chat-msg-user: #e3f2fd;
+    --chat-msg-admin: #f1f1f1;
+}
+
+/* Floating Button */
+#chat-widget-btn {
+    position: fixed;
+    bottom: 20px;
+    right: 20px;
+    width: 60px;
+    height: 60px;
+    border-radius: 50%;
+    background-color: var(--chat-primary);
+    color: white;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    font-size: 24px;
+    box-shadow: 0 4px 12px rgba(0,0,0,0.15);
+    cursor: pointer;
+    z-index: 1000;
+    transition: transform 0.3s ease, background-color 0.3s;
+}
+
+#chat-widget-btn:hover {
+    transform: scale(1.05);
+    background-color: var(--chat-primary-dark);
+}
+
+.chat-unread-badge {
+    position: absolute;
+    top: -5px;
+    right: -5px;
+    background: #dc3545;
+    color: white;
+    border-radius: 50%;
+    width: 20px;
+    height: 20px;
+    font-size: 12px;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    font-weight: bold;
+    animation: pulse 2s infinite;
+}
+
+@keyframes pulse {
+    0% { transform: scale(1); }
+    50% { transform: scale(1.2); }
+    100% { transform: scale(1); }
+}
+
+/* Chat Window */
+#chat-widget-window {
+    position: fixed;
+    bottom: 90px;
+    right: 20px;
+    width: 380px;
+    height: 600px;
+    background: var(--chat-bg);
+    border-radius: 12px;
+    box-shadow: 0 5px 25px rgba(0,0,0,0.2);
+    display: none;
+    flex-direction: column;
+    z-index: 1000;
+    overflow: hidden;
+    border: 1px solid var(--chat-border);
+}
+
+#chat-widget-window.open {
+    display: flex;
+    animation: slideUp 0.3s ease;
+}
+
+@keyframes slideUp {
+    from { opacity: 0; transform: translateY(20px); }
+    to { opacity: 1; transform: translateY(0); }
+}
+
+/* Chat Header */
+.chat-header {
+    background: var(--chat-primary);
+    color: white;
+    padding: 15px;
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+}
+
+.chat-header-info {
+    display: flex;
+    align-items: center;
+    gap: 10px;
+}
+
+.chat-avatar {
+    width: 35px;
+    height: 35px;
+    border-radius: 50%;
+    background: white;
+    color: var(--chat-primary);
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    font-size: 18px;
+}
+
+.chat-title {
+    font-weight: bold;
+    font-size: 16px;
+    display: flex;
+    flex-direction: column;
+}
+
+.chat-status {
+    font-size: 12px;
+    display: flex;
+    align-items: center;
+    gap: 4px;
+}
+
+.chat-status-dot {
+    width: 8px;
+    height: 8px;
+    background: #4caf50;
+    border-radius: 50%;
+}
+
+.chat-actions button {
+    background: none;
+    border: none;
+    color: white;
+    font-size: 16px;
+    cursor: pointer;
+    margin-left: 10px;
+}
+
+/* Chat Messages */
+.chat-messages {
+    flex: 1;
+    padding: 15px;
+    overflow-y: auto;
+    display: flex;
+    flex-direction: column;
+    gap: 15px;
+    background: #fafafa;
+}
+
+.chat-message {
+    max-width: 80%;
+    padding: 10px 14px;
+    border-radius: 18px;
+    font-size: 14px;
+    line-height: 1.4;
+    position: relative;
+    word-wrap: break-word;
+}
+
+.chat-message.customer {
+    background: var(--chat-msg-user);
+    color: var(--chat-text);
+    align-self: flex-end;
+    border-bottom-right-radius: 4px;
+}
+
+.chat-message.admin {
+    background: var(--chat-msg-admin);
+    color: var(--chat-text);
+    align-self: flex-start;
+    border-bottom-left-radius: 4px;
+}
+
+.chat-message-time {
+    font-size: 10px;
+    color: #888;
+    margin-top: 4px;
+    text-align: right;
+    display: block;
+}
+
+.chat-system-message {
+    text-align: center;
+    font-size: 12px;
+    color: #888;
+    margin: 10px 0;
+}
+
+/* Chat Input */
+.chat-input-area {
+    padding: 15px;
+    border-top: 1px solid var(--chat-border);
+    display: flex;
+    gap: 10px;
+    align-items: center;
+    background: white;
+}
+
+#chat-input-textarea {
+    flex: 1;
+    border: 1px solid var(--chat-border);
+    border-radius: 20px;
+    padding: 10px 15px;
+    outline: none;
+    resize: none;
+    font-size: 14px;
+    font-family: inherit;
+    max-height: 80px;
+    min-height: 40px;
+}
+
+#chat-send-btn {
+    background: var(--chat-primary);
+    color: white;
+    border: none;
+    border-radius: 50%;
+    width: 40px;
+    height: 40px;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    cursor: pointer;
+    transition: background 0.2s;
+}
+
+#chat-send-btn:hover {
+    background: var(--chat-primary-dark);
+}
+
+#chat-send-btn:disabled {
+    background: #ccc;
+    cursor: not-allowed;
+}
+
+/* Mobile Responsive */
+@media (max-width: 480px) {
+    #chat-widget-window {
+        bottom: 0;
+        right: 0;
+        width: 100%;
+        height: 100%;
+        border-radius: 0;
+    }
+}

From 058762e997103a149d174cf8237222c9b4fa66cf Mon Sep 17 00:00:00 2001
From: Madhavi1108 <madhavi09307@gmail.com>
Date: Sun, 21 Jun 2026 22:12:12 +0530
Subject: [PATCH 3/5] fix: make promo schema idempotent and restore purchase
 interaction logging

---
 backend/scripts/promo_schema.sql  | 25 ++++++++++++++++++++-----
 backend/services/order.service.js | 11 +++++++++++
 2 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/backend/scripts/promo_schema.sql b/backend/scripts/promo_schema.sql
index 98738b4..a06f992 100644
--- a/backend/scripts/promo_schema.sql
+++ b/backend/scripts/promo_schema.sql
@@ -16,8 +16,23 @@ CREATE TABLE IF NOT EXISTS promo_codes (
     CHECK (minimum_order_amount >= 0)
 );
 
-ALTER TABLE orders 
-ADD COLUMN promo_code VARCHAR(50) DEFAULT NULL,
-ADD COLUMN discount_amount DECIMAL(10,2) DEFAULT 0.00,
-ADD COLUMN subtotal DECIMAL(10,2) DEFAULT 0.00,
-ADD COLUMN final_amount DECIMAL(10,2) DEFAULT 0.00;
+DELIMITER //
+
+CREATE PROCEDURE AddPromoColumnsToOrders()
+BEGIN
+    IF NOT EXISTS (
+        SELECT * FROM INFORMATION_SCHEMA.COLUMNS
+        WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = 'orders' AND COLUMN_NAME = 'promo_code'
+    ) THEN
+        ALTER TABLE orders 
+        ADD COLUMN promo_code VARCHAR(50) DEFAULT NULL,
+        ADD COLUMN discount_amount DECIMAL(10,2) DEFAULT 0.00,
+        ADD COLUMN subtotal DECIMAL(10,2) DEFAULT 0.00,
+        ADD COLUMN final_amount DECIMAL(10,2) DEFAULT 0.00;
+    END IF;
+END //
+
+DELIMITER ;
+
+CALL AddPromoColumnsToOrders();
+DROP PROCEDURE AddPromoColumnsToOrders;
diff --git a/backend/services/order.service.js b/backend/services/order.service.js
index ba1dc7e..b820a90 100644
--- a/backend/services/order.service.js
+++ b/backend/services/order.service.js
@@ -171,6 +171,17 @@ const createOrderService = async (connection, orderData) => {
             await connection.query(stockQuery, [item.qty, item.id]);
         }
 
+        // record purchase interaction
+        if (user_id) {
+            for (const item of validatedItems) {
+                const interactionQuery = `
+                    INSERT INTO user_interactions (user_id, product_id, interaction_type)
+                    VALUES (?, ?, ?)
+                `;
+                await connection.query(interactionQuery, [user_id, item.id, 'purchase']);
+            }
+        }
+
         await connection.commit();
 
         return {

From b7b1b1e1739ecee31d7d9d42e754b0008d47b8e6 Mon Sep 17 00:00:00 2001
From: Madhavi1108 <madhavi09307@gmail.com>
Date: Sun, 21 Jun 2026 23:52:51 +0530
Subject: [PATCH 4/5] Fix admin routes import, verify affectedRows, and move
 sql scripts

---
 backend/routes/adminRoutes.js                       |  3 ++-
 backend/services/admin.service.js                   | 12 ++++++++++--
 backend/{scripts => sql}/admin_dashboard_schema.sql |  0
 backend/{scripts => sql}/chat_schema.sql            |  0
 backend/{scripts => sql}/promo_schema.sql           |  0
 5 files changed, 12 insertions(+), 3 deletions(-)
 rename backend/{scripts => sql}/admin_dashboard_schema.sql (100%)
 rename backend/{scripts => sql}/chat_schema.sql (100%)
 rename backend/{scripts => sql}/promo_schema.sql (100%)

diff --git a/backend/routes/adminRoutes.js b/backend/routes/adminRoutes.js
index 35f54a9..79d8adc 100644
--- a/backend/routes/adminRoutes.js
+++ b/backend/routes/adminRoutes.js
@@ -1,7 +1,8 @@
 const express = require("express");
 const router = express.Router();
 const { getDashboardStats, getUsers, updateUserStatus, bulkUpdateUserStatus } = require("../controllers/admin.controller");
-const { authMiddleware, authorizeRoles } = require("../middleware/authMiddleware");
+const authMiddleware = require("../middleware/authMiddleware");
+const { authorizeRoles } = authMiddleware;
 
 // All admin routes are protected and require 'admin' role
 router.use(authMiddleware);
diff --git a/backend/services/admin.service.js b/backend/services/admin.service.js
index 42da7bf..4df5050 100644
--- a/backend/services/admin.service.js
+++ b/backend/services/admin.service.js
@@ -106,7 +106,11 @@ const updateUserStatus = async (adminId, targetId, status, ip, userAgent) => {
     try {
         await connection.beginTransaction();
         
-        await connection.query(`UPDATE users SET is_active = ? WHERE id = ?`, [status === 'active' ? 1 : 0, targetId]);
+        const [result] = await connection.query(`UPDATE users SET is_active = ? WHERE id = ?`, [status === 'active' ? 1 : 0, targetId]);
+        
+        if (result.affectedRows === 0) {
+            throw new Error("User not found");
+        }
         
         await logAudit(
             connection, 
@@ -135,7 +139,11 @@ const bulkUpdateUserStatus = async (adminId, targetIds, status, ip, userAgent) =
         
         if (safeArray(targetIds).length > 0) {
             const placeholders = targetIds.map(() => '?').join(',');
-            await connection.query(`UPDATE users SET is_active = ? WHERE id IN (${placeholders})`, [status === 'active' ? 1 : 0, ...targetIds]);
+            const [result] = await connection.query(`UPDATE users SET is_active = ? WHERE id IN (${placeholders})`, [status === 'active' ? 1 : 0, ...targetIds]);
+            
+            if (result.affectedRows === 0) {
+                throw new Error("No users found to update");
+            }
             
             for (const id of targetIds) {
                 await logAudit(
diff --git a/backend/scripts/admin_dashboard_schema.sql b/backend/sql/admin_dashboard_schema.sql
similarity index 100%
rename from backend/scripts/admin_dashboard_schema.sql
rename to backend/sql/admin_dashboard_schema.sql
diff --git a/backend/scripts/chat_schema.sql b/backend/sql/chat_schema.sql
similarity index 100%
rename from backend/scripts/chat_schema.sql
rename to backend/sql/chat_schema.sql
diff --git a/backend/scripts/promo_schema.sql b/backend/sql/promo_schema.sql
similarity index 100%
rename from backend/scripts/promo_schema.sql
rename to backend/sql/promo_schema.sql

From 81c7610541a2a36385fea5ccaa195ab847871a50 Mon Sep 17 00:00:00 2001
From: Madhavi1108 <madhavi09307@gmail.com>
Date: Mon, 22 Jun 2026 11:39:54 +0530
Subject: [PATCH 5/5] fix: Apply admin auth and utils token fixes

---
 backend/routes/adminRoutes.js | 2 +-
 frontend/scripts/utils.js     | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/backend/routes/adminRoutes.js b/backend/routes/adminRoutes.js
index 79d8adc..35c0d5e 100644
--- a/backend/routes/adminRoutes.js
+++ b/backend/routes/adminRoutes.js
@@ -2,7 +2,7 @@ const express = require("express");
 const router = express.Router();
 const { getDashboardStats, getUsers, updateUserStatus, bulkUpdateUserStatus } = require("../controllers/admin.controller");
 const authMiddleware = require("../middleware/authMiddleware");
-const { authorizeRoles } = authMiddleware;
+const { authorizeRoles } = require("../middleware/rbacMiddleware");
 
 // All admin routes are protected and require 'admin' role
 router.use(authMiddleware);
diff --git a/frontend/scripts/utils.js b/frontend/scripts/utils.js
index 57f467d..d23cc41 100644
--- a/frontend/scripts/utils.js
+++ b/frontend/scripts/utils.js
@@ -140,6 +140,10 @@ const removeStorage = (
 
 // auth helpers
 
+const getToken = () => {
+    return localStorage.getItem(CONFIG.STORAGE_KEYS.TOKEN);
+};
+
 const getUser = () => {
 
     return getJSON(
@@ -677,6 +681,7 @@ window.AppUtils = {
     removeStorage,
 
     getUser,
+    getToken,
     clearAuthData,
     requireAuth,
     refreshAccessToken,