Add secret management guide, client-side performance monitoring, and search accessibility enhancements

- Introduced a comprehensive Secret Management Guide detailing best practices, secret classification, development setup, production management, rotation procedures, and emergency protocols.
- Implemented a client-side performance monitoring script to track various metrics including page load performance, paint metrics, layout shifts, and memory usage.
- Enhanced search accessibility with keyboard navigation support for search results, ensuring compliance with WCAG standards and improving user experience.

backend/apps/accounts/tests/test_admin.py

@@ -0,0 +1,207 @@
+"""
+Tests for accounts admin interfaces.
+
+These tests verify the functionality of user, profile, email verification,
+password reset, and top list admin classes including query optimization
+and custom actions.
+"""
+
+import pytest
+from django.contrib.admin.sites import AdminSite
+from django.contrib.auth import get_user_model
+from django.test import RequestFactory, TestCase
+
+from apps.accounts.admin import (
+    CustomUserAdmin,
+    EmailVerificationAdmin,
+    PasswordResetAdmin,
+    TopListAdmin,
+    TopListItemAdmin,
+    UserProfileAdmin,
+)
+from apps.accounts.models import (
+    EmailVerification,
+    PasswordReset,
+    TopList,
+    TopListItem,
+    User,
+    UserProfile,
+)
+
+UserModel = get_user_model()
+
+
+class TestCustomUserAdmin(TestCase):
+    """Tests for CustomUserAdmin class."""
+
+    def setUp(self):
+        self.factory = RequestFactory()
+        self.site = AdminSite()
+        self.admin = CustomUserAdmin(model=User, admin_site=self.site)
+
+    def test_list_display_fields(self):
+        """Verify all required fields are in list_display."""
+        required_fields = [
+            "username",
+            "email",
+            "get_avatar",
+            "get_status_badge",
+            "role",
+            "date_joined",
+        ]
+        for field in required_fields:
+            assert field in self.admin.list_display
+
+    def test_list_select_related(self):
+        """Verify select_related is configured for profile."""
+        assert "profile" in self.admin.list_select_related
+
+    def test_list_prefetch_related(self):
+        """Verify prefetch_related is configured for groups."""
+        assert "groups" in self.admin.list_prefetch_related
+
+    def test_user_actions_registered(self):
+        """Verify user management actions are registered."""
+        assert "activate_users" in self.admin.actions
+        assert "deactivate_users" in self.admin.actions
+        assert "ban_users" in self.admin.actions
+        assert "unban_users" in self.admin.actions
+
+    def test_export_fields_configured(self):
+        """Verify export fields are configured."""
+        assert hasattr(self.admin, "export_fields")
+        assert "username" in self.admin.export_fields
+        assert "email" in self.admin.export_fields
+
+
+class TestUserProfileAdmin(TestCase):
+    """Tests for UserProfileAdmin class."""
+
+    def setUp(self):
+        self.factory = RequestFactory()
+        self.site = AdminSite()
+        self.admin = UserProfileAdmin(model=UserProfile, admin_site=self.site)
+
+    def test_list_select_related(self):
+        """Verify select_related for user."""
+        assert "user" in self.admin.list_select_related
+
+    def test_recalculate_action(self):
+        """Verify recalculate credits action exists."""
+        request = self.factory.get("/admin/")
+        request.user = UserModel(is_superuser=True)
+
+        actions = self.admin.get_actions(request)
+        assert "recalculate_credits" in actions
+
+
+class TestEmailVerificationAdmin(TestCase):
+    """Tests for EmailVerificationAdmin class."""
+
+    def setUp(self):
+        self.factory = RequestFactory()
+        self.site = AdminSite()
+        self.admin = EmailVerificationAdmin(model=EmailVerification, admin_site=self.site)
+
+    def test_list_select_related(self):
+        """Verify select_related for user."""
+        assert "user" in self.admin.list_select_related
+
+    def test_readonly_fields(self):
+        """Verify token fields are readonly."""
+        assert "token" in self.admin.readonly_fields
+        assert "created_at" in self.admin.readonly_fields
+
+    def test_verification_actions(self):
+        """Verify verification actions exist."""
+        request = self.factory.get("/admin/")
+        request.user = UserModel(is_superuser=True)
+
+        actions = self.admin.get_actions(request)
+        assert "resend_verification" in actions
+        assert "delete_expired" in actions
+
+
+class TestPasswordResetAdmin(TestCase):
+    """Tests for PasswordResetAdmin class."""
+
+    def setUp(self):
+        self.factory = RequestFactory()
+        self.site = AdminSite()
+        self.admin = PasswordResetAdmin(model=PasswordReset, admin_site=self.site)
+
+    def test_readonly_permissions(self):
+        """Verify read-only permissions are set."""
+        request = self.factory.get("/admin/")
+        request.user = UserModel(is_superuser=False)
+
+        assert self.admin.has_add_permission(request) is False
+        assert self.admin.has_change_permission(request) is False
+
+    def test_list_select_related(self):
+        """Verify select_related for user."""
+        assert "user" in self.admin.list_select_related
+
+    def test_cleanup_action_superuser_only(self):
+        """Verify cleanup action is superuser only."""
+        request = self.factory.get("/admin/")
+
+        # Non-superuser shouldn't see cleanup action
+        request.user = UserModel(is_superuser=False)
+        actions = self.admin.get_actions(request)
+        assert "cleanup_old_tokens" not in actions
+
+        # Superuser should see cleanup action
+        request.user = UserModel(is_superuser=True)
+        actions = self.admin.get_actions(request)
+        assert "cleanup_old_tokens" in actions
+
+
+class TestTopListAdmin(TestCase):
+    """Tests for TopListAdmin class."""
+
+    def setUp(self):
+        self.factory = RequestFactory()
+        self.site = AdminSite()
+        self.admin = TopListAdmin(model=TopList, admin_site=self.site)
+
+    def test_list_select_related(self):
+        """Verify select_related for user."""
+        assert "user" in self.admin.list_select_related
+
+    def test_list_prefetch_related(self):
+        """Verify prefetch_related for items."""
+        assert "items" in self.admin.list_prefetch_related
+
+    def test_publish_actions(self):
+        """Verify publish actions exist."""
+        request = self.factory.get("/admin/")
+        request.user = UserModel(is_superuser=True)
+
+        actions = self.admin.get_actions(request)
+        assert "publish_lists" in actions
+        assert "unpublish_lists" in actions
+
+
+class TestTopListItemAdmin(TestCase):
+    """Tests for TopListItemAdmin class."""
+
+    def setUp(self):
+        self.factory = RequestFactory()
+        self.site = AdminSite()
+        self.admin = TopListItemAdmin(model=TopListItem, admin_site=self.site)
+
+    def test_list_select_related(self):
+        """Verify select_related for top_list and user."""
+        assert "top_list" in self.admin.list_select_related
+        assert "top_list__user" in self.admin.list_select_related
+        assert "content_type" in self.admin.list_select_related
+
+    def test_reorder_actions(self):
+        """Verify reorder actions exist."""
+        request = self.factory.get("/admin/")
+        request.user = UserModel(is_superuser=True)
+
+        actions = self.admin.get_actions(request)
+        assert "move_up" in actions
+        assert "move_down" in actions