+++
title = "quotesdb/ui: admin page auth-first flow and remove from default nav"
priority = 5
status = "todo"
ticket_type = "feature"
dependencies = []
+++
## Summary
Two related admin UX improvements:
1. Remove the admin link from all default navigation/page footers — admins access /admin directly via URL.
2. Rework the /admin page so it prompts for the auth code first; the rest of the admin controls are locked until auth succeeds.

## Details

### Remove Admin from Nav
- Audit all pages and the nav component for any link to /admin
- Remove them — /admin should not be discoverable from normal browsing
- The route itself (/admin) remains accessible by direct URL

### Auth-First Admin Page
Currently the /admin page may show controls before authenticating. Change the flow:
- On load, /admin shows only an auth code input field and a submit button
- On submit, call the existing admin status/verify endpoint (or any lightweight admin endpoint) with the provided auth code
- On success: unlock and display all admin tabs (existing controls + new Moderation tab)
- On failure (403): show an error message, keep page locked
- The auth code is kept in component state (not localStorage) — refreshing the page requires re-entering it

## Acceptance Criteria
- [ ] No /admin link anywhere in default navigation or footer
- [ ] /admin loads in locked state showing only auth input
- [ ] Correct admin endpoints called with entered auth code
- [ ] On success: all tabs visible and functional
- [ ] On failure: error shown, page remains locked
- [ ] Re-visiting /admin requires re-authenticating

## Validation
```sh
cargo fmt && cargo check && cargo clippy
trunk build
```