feat(web): add Admin module frontend — dashboard, users, moderation, KYC

Build the complete admin panel UI at apps/web/app/(admin)/:
- Admin layout with sidebar navigation and ADMIN role guard
- Dashboard page with stats cards and revenue chart
- User management with search, filters, pagination, detail panel, ban/unban
- Listings moderation queue with approve/reject/bulk actions
- KYC review page with document viewer and approve/reject flow
- New reusable UI components: Dialog, Table

Co-Authored-By: Paperclip <noreply@paperclip.ing>

apps/web/lib/admin-api.ts

@@ -0,0 +1,183 @@
+import { apiClient } from './api-client';
+
+// ── Types ──
+
+export interface DashboardStats {
+  totalUsers: number;
+  totalListings: number;
+  activeListings: number;
+  pendingModerationCount: number;
+  totalAgents: number;
+  verifiedAgents: number;
+  totalTransactions: number;
+  newUsersLast30Days: number;
+  newListingsLast30Days: number;
+}
+
+export interface RevenueStatsItem {
+  period: string;
+  totalRevenue: number;
+  subscriptionRevenue: number;
+  listingFeeRevenue: number;
+  featuredListingRevenue: number;
+  transactionCount: number;
+}
+
+export interface ModerationQueueItem {
+  listingId: string;
+  propertyTitle: string;
+  propertyType: string;
+  transactionType: string;
+  priceVND: number;
+  sellerName: string;
+  sellerId: string;
+  moderationScore: number | null;
+  createdAt: string;
+}
+
+export interface PaginatedResult<T> {
+  data: T[];
+  total: number;
+  page: number;
+  limit: number;
+  totalPages: number;
+}
+
+export interface UserListItem {
+  id: string;
+  email: string | null;
+  phone: string;
+  fullName: string;
+  role: string;
+  kycStatus: string;
+  isActive: boolean;
+  createdAt: string;
+}
+
+export interface UserDetail {
+  id: string;
+  email: string | null;
+  phone: string;
+  fullName: string;
+  avatarUrl: string | null;
+  role: string;
+  kycStatus: string;
+  kycData: unknown;
+  isActive: boolean;
+  createdAt: string;
+  updatedAt: string;
+  listingsCount: number;
+  activeListingsCount: number;
+  transactionsCount: number;
+  subscription: {
+    planTier: string;
+    status: string;
+    currentPeriodEnd: string;
+  } | null;
+  recentActivity: Array<{
+    type: string;
+    description: string;
+    createdAt: string;
+  }>;
+}
+
+export interface KycQueueItem {
+  userId: string;
+  fullName: string;
+  email: string | null;
+  phone: string;
+  role: string;
+  kycStatus: string;
+  kycData: unknown;
+  createdAt: string;
+}
+
+// ── API ──
+
+export const adminApi = {
+  // Dashboard
+  getDashboardStats: (token: string) =>
+    apiClient.authGet<DashboardStats>('/admin/dashboard', token),
+
+  getRevenueStats: (token: string, startDate: string, endDate: string, groupBy: 'day' | 'month' = 'month') =>
+    apiClient.authGet<RevenueStatsItem[]>(
+      `/admin/revenue?startDate=${startDate}&endDate=${endDate}&groupBy=${groupBy}`,
+      token,
+    ),
+
+  // Moderation
+  getModerationQueue: (token: string, page = 1, limit = 20) =>
+    apiClient.authGet<PaginatedResult<ModerationQueueItem>>(
+      `/admin/moderation?page=${page}&limit=${limit}`,
+      token,
+    ),
+
+  approveListing: (token: string, listingId: string, moderationNotes?: string) =>
+    apiClient.authPost<{ success: boolean }>('/admin/moderation/approve', token, {
+      listingId,
+      moderationNotes,
+    }),
+
+  rejectListing: (token: string, listingId: string, reason: string) =>
+    apiClient.authPost<{ success: boolean }>('/admin/moderation/reject', token, {
+      listingId,
+      reason,
+    }),
+
+  bulkModerate: (token: string, listingIds: string[], action: 'approve' | 'reject', reason?: string) =>
+    apiClient.authPost<{ success: boolean }>('/admin/moderation/bulk', token, {
+      listingIds,
+      action,
+      reason,
+    }),
+
+  // Users
+  getUsers: (token: string, params: { page?: number; limit?: number; role?: string; isActive?: boolean; search?: string } = {}) => {
+    const query = new URLSearchParams();
+    if (params.page) query.set('page', String(params.page));
+    if (params.limit) query.set('limit', String(params.limit));
+    if (params.role) query.set('role', params.role);
+    if (params.isActive !== undefined) query.set('isActive', String(params.isActive));
+    if (params.search) query.set('search', params.search);
+    return apiClient.authGet<PaginatedResult<UserListItem>>(
+      `/admin/users?${query.toString()}`,
+      token,
+    );
+  },
+
+  getUserDetail: (token: string, userId: string) =>
+    apiClient.authGet<UserDetail>(`/admin/users/${userId}`, token),
+
+  updateUserStatus: (token: string, userId: string, isActive: boolean, reason?: string) =>
+    apiClient.authPost<{ success: boolean }>('/admin/users/status', token, {
+      userId,
+      isActive,
+      reason,
+    }),
+
+  banUser: (token: string, userId: string, reason: string, unban = false) =>
+    apiClient.authPost<{ success: boolean }>('/admin/users/ban', token, {
+      userId,
+      reason,
+      unban,
+    }),
+
+  // KYC
+  getKycQueue: (token: string, page = 1, limit = 20) =>
+    apiClient.authGet<PaginatedResult<KycQueueItem>>(
+      `/admin/kyc?page=${page}&limit=${limit}`,
+      token,
+    ),
+
+  approveKyc: (token: string, userId: string, notes?: string) =>
+    apiClient.authPost<{ success: boolean }>('/admin/kyc/approve', token, {
+      userId,
+      notes,
+    }),
+
+  rejectKyc: (token: string, userId: string, reason: string) =>
+    apiClient.authPost<{ success: boolean }>('/admin/kyc/reject', token, {
+      userId,
+      reason,
+    }),
+};