From 71463b53896859881b9e9c760eb260f402114138 Mon Sep 17 00:00:00 2001
From: Mukhamediyar Kudaikulov <mukhamediyarkudaikulov@moco.lan>
Date: Wed, 10 Jul 2024 23:46:52 -0700
Subject: [PATCH 1/8] first ideas for better QA tool

---
 .../api/mock/hibp/mockData/mockOverwrite.json |  5 ++
 .../hibp/range/search/[hashPrefix]/route.ts   | 15 +++++-
 src/app/api/mock/onerep/config/config.ts      | 34 ++++++++-----
 .../mock/onerep/mockData/mockOverwrite.json   |  9 ++++
 src/app/api/mock/resetTestData/reset.ts       | 50 +++++++++++++++++++
 .../{clearTestData => resetTestData}/route.ts | 34 ++++---------
 src/app/api/utils/errorThrower.ts             |  4 +-
 .../20240710214906_qa_custom_breaches.js      | 15 ++++++
 8 files changed, 127 insertions(+), 39 deletions(-)
 create mode 100644 src/app/api/mock/hibp/mockData/mockOverwrite.json
 create mode 100644 src/app/api/mock/onerep/mockData/mockOverwrite.json
 create mode 100644 src/app/api/mock/resetTestData/reset.ts
 rename src/app/api/mock/{clearTestData => resetTestData}/route.ts (53%)
 create mode 100644 src/db/migrations/20240710214906_qa_custom_breaches.js

diff --git a/src/app/api/mock/hibp/mockData/mockOverwrite.json b/src/app/api/mock/hibp/mockData/mockOverwrite.json
new file mode 100644
index 00000000000..6f87ff9ed43
--- /dev/null
+++ b/src/app/api/mock/hibp/mockData/mockOverwrite.json
@@ -0,0 +1,5 @@
+{
+  "doOvewrite": false,
+  "breachesOverwrite": [],
+  "breachesAdd": []
+}
\ No newline at end of file
diff --git a/src/app/api/mock/hibp/range/search/[hashPrefix]/route.ts b/src/app/api/mock/hibp/range/search/[hashPrefix]/route.ts
index 3956d8a2230..e468ac61341 100644
--- a/src/app/api/mock/hibp/range/search/[hashPrefix]/route.ts
+++ b/src/app/api/mock/hibp/range/search/[hashPrefix]/route.ts
@@ -6,6 +6,7 @@ import { NextRequest, NextResponse } from "next/server";
 import { logger } from "../../../../../../functions/server/logging";
 import { errorIfProduction } from "../../../../../utils/errorThrower";
 import { getBreachesForHash } from "../../../config/defaults";
+import mockOvewrite from "../../../mockData/mockOverwrite.json";
 
 type BreachedAccountResponse = {
   hashSuffix: string;
@@ -19,10 +20,20 @@ export function GET(
   const prodError = errorIfProduction();
   if (prodError) return prodError;
 
+  const envIsLocal = process.env.APP_ENV === "local";
+
   logger.info("HIBP Mock endpoint: /range/search/");
 
-  const hashPrefix = params.hashPrefix;
-  const breachesList = getBreachesForHash(hashPrefix);
+  let breachesList = [];
+
+  if (envIsLocal && mockOvewrite.doOvewrite) {
+    breachesList = mockOvewrite.breachesOverwrite;
+  } else {
+    const hashPrefix = params.hashPrefix;
+    breachesList = getBreachesForHash(hashPrefix);
+  }
+
+  if (envIsLocal) breachesList = breachesList.concat(mockOvewrite.breachesAdd);
 
   const data: BreachedAccountResponse = [
     {
diff --git a/src/app/api/mock/onerep/config/config.ts b/src/app/api/mock/onerep/config/config.ts
index 8b5a0399b3d..13dcd955fd9 100644
--- a/src/app/api/mock/onerep/config/config.ts
+++ b/src/app/api/mock/onerep/config/config.ts
@@ -4,7 +4,8 @@
 
 import { BinaryLike, createHash } from "crypto";
 import { StateAbbr } from "../../../../../utils/states";
-import MockUser from "../mockData/mockUser.json";
+import mockUser from "../mockData/mockUser.json";
+import mockOverwrite from "../mockData/mockOverwrite.json";
 import { computeSha1First6, hashToEmailKeyMap } from "../../../utils/mockUtils";
 
 export interface Broker {
@@ -78,41 +79,41 @@ export function MOCK_ONEREP_ID_START(profileId: number) {
 }
 
 export function MOCK_ONEREP_TIME() {
-  return MockUser.TIME;
+  return mockUser.TIME;
 }
 
 export function MOCK_ONEREP_FIRSTNAME() {
-  return MockUser.FIRSTNAME;
+  return mockUser.FIRSTNAME;
 }
 
 export function MOCK_ONEREP_LASTNAME() {
-  return MockUser.LASTNAME;
+  return mockUser.LASTNAME;
 }
 
 export function MOCK_ONEREP_BIRTHDATE() {
-  return MockUser.BIRTHDATE;
+  return mockUser.BIRTHDATE;
 }
 
 export function MOCK_ONEREP_EMAILS() {
-  return MockUser.EMAILS;
+  return mockUser.EMAILS;
 }
 
 export function MOCK_ONEREP_PHONES() {
-  return MockUser.PHONES;
+  return mockUser.PHONES;
 }
 
 export function MOCK_ONEREP_RELATIVES() {
-  return MockUser.RELATIVES;
+  return mockUser.RELATIVES;
 }
 
 export function MOCK_ONEREP_PROFILE_STATUS() {
-  return MockUser.STATUS as "active" | "inactive";
+  return mockUser.STATUS as "active" | "inactive";
 }
 
 export function MOCK_ONEREP_ADDRESSES() {
   type typeOfAddr = [{ city: string; state: StateAbbr }];
 
-  return MockUser.ADDRESSES.map((address) => ({
+  return mockUser.ADDRESSES.map((address) => ({
     city: address.city,
     state: address.state as StateAbbr,
   })) as typeOfAddr;
@@ -161,10 +162,19 @@ export function MOCK_ONEREP_BROKERS(
   const idStart = MOCK_ONEREP_ID_START(profileId);
   const idStartDataBroker = MOCK_ONEREP_DATABROKER_ID_START(profileId);
 
+  const envIsLocal = process.env.APP_ENV === "local";
   const emailHash = computeSha1First6(email);
-  const brokersListMap = MockUser.BROKERS_LIST as BrokerMap;
+  const brokersListMap = mockUser.BROKERS_LIST as BrokerMap;
   const datasetKey = hashToEmailKeyMap[emailHash] || "default";
-  const brokersList = brokersListMap[datasetKey];
+
+  let brokersList = [];
+  if (envIsLocal && mockOverwrite.doOverwrite) {
+    brokersList = mockOverwrite.brokersOverwrite;
+  } else {
+    brokersList = brokersListMap[datasetKey];
+  }
+
+  if (envIsLocal) brokersList = brokersList.concat(mockOverwrite.brokersAdd);
 
   const res = brokersList.map(
     (elem: BrokerOptionals, index: number) =>
diff --git a/src/app/api/mock/onerep/mockData/mockOverwrite.json b/src/app/api/mock/onerep/mockData/mockOverwrite.json
new file mode 100644
index 00000000000..3be7b2107d5
--- /dev/null
+++ b/src/app/api/mock/onerep/mockData/mockOverwrite.json
@@ -0,0 +1,9 @@
+{
+  "doOverwrite": false,
+  "brokersOverwrite": [      {
+    "relatives": ["Jon Jones"],
+    "link": "https://mockexample.com/link-to-databroker-e2e-test-1",
+    "data_broker": "mockexample-e2e-test-1.com"
+  }],
+  "brokersAdd": []
+}
\ No newline at end of file
diff --git a/src/app/api/mock/resetTestData/reset.ts b/src/app/api/mock/resetTestData/reset.ts
new file mode 100644
index 00000000000..3db8276019e
--- /dev/null
+++ b/src/app/api/mock/resetTestData/reset.ts
@@ -0,0 +1,50 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import {
+  deleteScanResultsForProfile,
+  deleteSomeScansForProfile,
+} from "../../../../db/tables/onerep_scans";
+import {
+  getOnerepProfileId,
+  unresolveAllBreaches,
+} from "../../../../db/tables/subscribers";
+import { logger } from "../../../functions/server/logging";
+
+export async function resetData(
+  subscriberId: number,
+  resetHibp: boolean,
+  resetOneRep: boolean,
+): Promise<[success: boolean, msg?: string | undefined]> {
+  const onerepProfileId = await getOnerepProfileId(subscriberId);
+  if (!onerepProfileId) return [false, "Unable to fetch OneRep profile ID"];
+  if (resetHibp) await unresolveAllBreaches(onerepProfileId);
+  if (resetOneRep) {
+    await deleteSomeScansForProfile(onerepProfileId, 1);
+    await deleteScanResultsForProfile(onerepProfileId);
+  }
+  const oneRepMsg = `${resetOneRep ? "attempted to delete all but 1 scans" : ""}`;
+  const hibpMsg = `${resetHibp ? "attempted to unresolve all breaches" : ""}`;
+  const loggerMsg =
+    `${oneRepMsg}${resetOneRep && resetHibp ? ", " : ""}${hibpMsg}` ||
+    "no action done";
+  logger.info(`Mock Data Reset endpoint: ${loggerMsg}`);
+  return [true];
+}
+
+export function brokerOverwriteOneRep() {
+  //modify json file
+}
+
+export function breachOverwriteHibp() {
+  //modify json file
+}
+
+export function brokerAddOneRep() {
+  //modify json file
+}
+
+export function breachAddeHibp() {
+  //modify json file
+}
diff --git a/src/app/api/mock/clearTestData/route.ts b/src/app/api/mock/resetTestData/route.ts
similarity index 53%
rename from src/app/api/mock/clearTestData/route.ts
rename to src/app/api/mock/resetTestData/route.ts
index 3d6b5add05d..798a6f342fc 100644
--- a/src/app/api/mock/clearTestData/route.ts
+++ b/src/app/api/mock/resetTestData/route.ts
@@ -2,24 +2,16 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-import { NextResponse } from "next/server";
+import { NextRequest, NextResponse } from "next/server";
 import { getServerSession } from "../../../functions/server/getServerSession";
 import {
   errorIfProduction,
   internalServerError,
-  unauthError,
+  unauthErrorResponse,
 } from "../../utils/errorThrower";
-import {
-  getOnerepProfileId,
-  unresolveAllBreaches,
-} from "../../../../db/tables/subscribers";
-import {
-  deleteScanResultsForProfile,
-  deleteSomeScansForProfile,
-} from "../../../../db/tables/onerep_scans";
-import { logger } from "../../../functions/server/logging";
+import { resetData } from "./reset";
 
-function isTestEmail(email: string) {
+function isTestEmail(email: string | undefined) {
   if (!email) return false;
   const testEmailKeys = Object.keys(process.env).filter((key) =>
     key.startsWith("E2E_TEST_ACCOUNT_EMAIL"),
@@ -28,7 +20,7 @@ function isTestEmail(email: string) {
   return testEmails.includes(email);
 }
 
-export async function GET() {
+export async function GET(req: NextRequest) {
   const prodError = errorIfProduction();
   if (prodError) return prodError;
 
@@ -36,17 +28,13 @@ export async function GET() {
   const email = session?.user.email;
   const subscriberId = session?.user.subscriber?.id;
   if (!session || !email || !isTestEmail(email) || !subscriberId)
-    return unauthError();
+    return unauthErrorResponse();
 
-  const onerepProfileId = await getOnerepProfileId(subscriberId);
-  if (!onerepProfileId)
-    return internalServerError("Unable to fetch OneRep profile ID");
-  await deleteScanResultsForProfile(onerepProfileId);
-  await deleteSomeScansForProfile(onerepProfileId, 1);
-  await unresolveAllBreaches(onerepProfileId);
-  logger.info(
-    "Mock OneRep endpoint: attempted to delete all but 1 scans, attempted to unresolve all breaches",
-  );
+  const resetHibp = Boolean(req.nextUrl.searchParams.get("resetHibp"));
+  const resetOneRep = Boolean(req.nextUrl.searchParams.get("resetOneRep"));
+
+  const [success, msg] = await resetData(subscriberId, resetHibp, resetOneRep);
+  if (!success) return internalServerError(msg);
 
   return NextResponse.json(
     { message: "Requested reached successfully" },
diff --git a/src/app/api/utils/errorThrower.ts b/src/app/api/utils/errorThrower.ts
index 1fbcbbc34ea..aa6a88d8fd1 100644
--- a/src/app/api/utils/errorThrower.ts
+++ b/src/app/api/utils/errorThrower.ts
@@ -33,7 +33,7 @@ export function errorIfEnvCond(which: string, isEqualToWhich: boolean) {
   return null;
 }
 
-export function unauthError() {
+export function unauthErrorResponse() {
   return NextResponse.json(
     { error: "Unauthorized to access the endpoint" },
     { status: 401 },
@@ -45,6 +45,6 @@ export function internalServerError(
 ) {
   return NextResponse.json(
     { error: `Internal server error: ${description}` },
-    { status: 401 },
+    { status: 500 },
   );
 }
diff --git a/src/db/migrations/20240710214906_qa_custom_breaches.js b/src/db/migrations/20240710214906_qa_custom_breaches.js
new file mode 100644
index 00000000000..b19c41cc79d
--- /dev/null
+++ b/src/db/migrations/20240710214906_qa_custom_breaches.js
@@ -0,0 +1,15 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+exports.up = function(knex) {
+  
+};
+
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+exports.down = function(knex) {
+  
+};

From 449c963bdf19d92d3b4ddc7dd3b79def5ef58502 Mon Sep 17 00:00:00 2001
From: Mukhamediyar Kudaikulov <mukhamediyarkudaikulov@moco.lan>
Date: Mon, 15 Jul 2024 00:15:50 -0700
Subject: [PATCH 2/8] qa tool: backend - done

---
 .../20240710214906_qa_custom_breaches.js      | 15 ----
 .../20240710214906_qa_custom_brokers.js       | 38 ++++++++++
 src/db/tables/onerep_scans.ts                 | 38 ++++++----
 src/db/tables/qa_customs.ts                   | 75 +++++++++++++++++++
 4 files changed, 137 insertions(+), 29 deletions(-)
 delete mode 100644 src/db/migrations/20240710214906_qa_custom_breaches.js
 create mode 100644 src/db/migrations/20240710214906_qa_custom_brokers.js
 create mode 100644 src/db/tables/qa_customs.ts

diff --git a/src/db/migrations/20240710214906_qa_custom_breaches.js b/src/db/migrations/20240710214906_qa_custom_breaches.js
deleted file mode 100644
index b19c41cc79d..00000000000
--- a/src/db/migrations/20240710214906_qa_custom_breaches.js
+++ /dev/null
@@ -1,15 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-exports.up = function(knex) {
-  
-};
-
-/**
- * @param { import("knex").Knex } knex
- * @returns { Promise<void> }
- */
-exports.down = function(knex) {
-  
-};
diff --git a/src/db/migrations/20240710214906_qa_custom_brokers.js b/src/db/migrations/20240710214906_qa_custom_brokers.js
new file mode 100644
index 00000000000..421f56be618
--- /dev/null
+++ b/src/db/migrations/20240710214906_qa_custom_brokers.js
@@ -0,0 +1,38 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+ /**
+  * @param { import("knex").Knex } knex
+  * @returns { Promise<void> }
+  */
+export function up(knex) {
+  return knex.schema
+    .createTable('qa_custom_brokers', table => {
+      table.increments('onerep_scan_result_id').primary();
+      table.integer('onerep_profile_id').notNullable();
+      table.string("link").notNullable();
+      table.integer("age").nullable();
+      table.string("data_broker").notNullable();
+      table.jsonb("emails").notNullable();
+      table.jsonb("phones").notNullable();
+      table.jsonb("addresses").notNullable();
+      table.jsonb("relatives").notNullable();
+      table.string("first_name").notNullable();
+      table.string("middle_name").nullable();
+      table.string("last_name").notNullable();
+      table.string("status").notNullable();
+      table.timestamp("created_at").defaultTo(knex.fn.now());
+      table.timestamp("updated_at").defaultTo(knex.fn.now());
+    });
+}
+
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+export function down(knex) {
+  return knex.schema.dropTableIfExists('qa_custom_brokers');
+}
+
+
diff --git a/src/db/tables/onerep_scans.ts b/src/db/tables/onerep_scans.ts
index 74480c41c8f..57b55b4b6f4 100644
--- a/src/db/tables/onerep_scans.ts
+++ b/src/db/tables/onerep_scans.ts
@@ -16,6 +16,7 @@ import {
   SubscriberRow,
 } from "knex/types/tables";
 import { RemovalStatus } from "../../app/functions/universal/scanResult.js";
+import { getQaCustomBrokers } from "./qa_customs.ts";
 
 const knex = createDbConnection();
 
@@ -139,25 +140,34 @@ async function getLatestOnerepScan(
   return scan ?? null;
 }
 
+/*
+Note: please, don't write the results of this function back to the database!
+*/
 async function getLatestOnerepScanResults(
   onerepProfileId: number | null,
 ): Promise<LatestOnerepScanData> {
   const scan = await getLatestOnerepScan(onerepProfileId);
 
-  const results =
-    typeof scan === "undefined"
-      ? []
-      : ((await knex("onerep_scan_results")
-          .select("onerep_scan_results.*")
-          .distinctOn("link")
-          .where("onerep_profile_id", onerepProfileId)
-          .innerJoin(
-            "onerep_scans",
-            "onerep_scan_results.onerep_scan_id",
-            "onerep_scans.onerep_scan_id",
-          )
-          .orderBy("link")
-          .orderBy("onerep_scan_result_id", "desc")) as OnerepScanResultRow[]);
+  let results: OnerepScanResultRow[] = [];
+
+  if (typeof scan !== "undefined") {
+    // Fetch initial results from onerep_scan_results
+    const scanResults = await knex("onerep_scan_results")
+      .select("*")
+      .distinctOn("link")
+      .where("onerep_profile_id", onerepProfileId)
+      .innerJoin(
+        "onerep_scans",
+        "onerep_scan_results.onerep_scan_id",
+        "onerep_scans.onerep_scan_id",
+      )
+      .orderBy("link")
+      .orderBy("onerep_scan_result_id", "desc");
+    results = [
+      ...scanResults,
+      ...(await getQaCustomBrokers(onerepProfileId, scan?.onerep_scan_id)),
+    ];
+  }
 
   return {
     scan: scan ?? null,
diff --git a/src/db/tables/qa_customs.ts b/src/db/tables/qa_customs.ts
new file mode 100644
index 00000000000..9c12b57b2a4
--- /dev/null
+++ b/src/db/tables/qa_customs.ts
@@ -0,0 +1,75 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { OnerepScanResultRow } from "knex/types/tables";
+import { logger } from "../../app/functions/server/logging";
+import createDbConnection from "../connect";
+
+const knex = createDbConnection();
+
+interface QaBrokerData {
+  onerep_profile_id: number;
+  link: string;
+  age?: number;
+  data_broker: string;
+  emails: string;
+  phones: string;
+  addresses: string;
+  relatives: string;
+  first_name: string;
+  middle_name?: string;
+  last_name: string;
+  status: string;
+}
+
+async function getQaCustomBrokers(
+  onerepProfileId: number | null,
+  onerepScanId: number | undefined | null,
+) {
+  if (!onerepProfileId) {
+    logger.info("getQaCustomBrokers: onerepProfileId was not provided!");
+    return [];
+  }
+  if (!onerepScanId) {
+    logger.info("getQaCustomBrokers: onerepScanId was not provided!");
+    return [];
+  }
+
+  let results: OnerepScanResultRow[] = [];
+
+  // Fetch all results from qa_custom_brokers
+  const brokerResults = await knex("qa_custom_brokers")
+    .select("*")
+    .where("onerep_profile_id", onerepProfileId);
+
+  if (brokerResults.length > 0) {
+    /* 
+      Since these are fake records, their corresponding scanId will be some 
+      existing id, and broker_id will match onerep_scan_result_id for uniqueness 
+    */
+    brokerResults.forEach((brokerResult) => {
+      brokerResult.onerep_scan_id = onerepScanId;
+      brokerResult.data_broker_id = brokerResult.onerep_scan_result_id;
+    });
+
+    results = [...results, ...brokerResults];
+  }
+  return results;
+}
+
+/**
+ * Inserts a new row into the qa_custom_brokers table.
+ *
+ * @param brokerData This object conforms to QaBrokerData, which is the same as
+ * OnerepScanResulsRow with some fields omitted due to them being automaticallty set.
+ */
+async function addQaCustomBroker(brokerData: QaBrokerData): Promise<number> {
+  const [newBrokerId] = (await knex("qa_custom_brokers")
+    .insert(brokerData)
+    .returning("onerep_scan_result_id")) as [number];
+  logger.info(`New broker added with ID: ${newBrokerId}`);
+  return newBrokerId;
+}
+
+export { getQaCustomBrokers, addQaCustomBroker };

From 6e1169ae72a0f93b7f8194c9987ef14c699878d9 Mon Sep 17 00:00:00 2001
From: Mukhamediyar Kudaikulov <mukhamediyarkudaikulov@moco.local>
Date: Mon, 15 Jul 2024 22:56:21 -0700
Subject: [PATCH 3/8] functional onerep qa tool, started working on hibp

---
 .../admin/qa-customs/ConfigPage.module.scss   | 200 ++++++++++
 .../admin/qa-customs/hibp/breachesLookup.tsx  |  56 +++
 .../admin/qa-customs/hibp/hibpConfig.tsx      | 357 ++++++++++++++++++
 .../admin/qa-customs/hibp/page.tsx            |  36 ++
 .../admin/qa-customs/onerep/onerepConfig.tsx  | 355 +++++++++++++++++
 .../admin/qa-customs/onerep/page.tsx          |  34 ++
 .../mock/hibp/mockData/mockAllBreaches.json   |  74 ++--
 .../api/mock/hibp/mockData/mockOverwrite.json |   2 +-
 .../mock/onerep/mockData/mockOverwrite.json   |  14 +-
 src/app/api/v1/admin/qa-customs/hibp/route.ts | 152 ++++++++
 .../api/v1/admin/qa-customs/onerep/route.ts   | 147 ++++++++
 src/app/api/v1/admin/qa-customs/route.ts      |  59 +++
 .../[onerepScanResultId]/resolution/route.ts  |  13 +
 .../20240710214906_qa_custom_brokers.js       |   9 +-
 .../20240715110621_qa_custom_toggles.js       |  27 ++
 .../20240715115031_qa_custom_breaches.js      |  34 ++
 src/db/tables/onerep_scans.ts                 |   1 -
 src/db/tables/qa_customs.ts                   | 183 ++++++++-
 18 files changed, 1686 insertions(+), 67 deletions(-)
 create mode 100644 src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/ConfigPage.module.scss
 create mode 100644 src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/breachesLookup.tsx
 create mode 100644 src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/hibpConfig.tsx
 create mode 100644 src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/page.tsx
 create mode 100644 src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerep/onerepConfig.tsx
 create mode 100644 src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerep/page.tsx
 create mode 100644 src/app/api/v1/admin/qa-customs/hibp/route.ts
 create mode 100644 src/app/api/v1/admin/qa-customs/onerep/route.ts
 create mode 100644 src/app/api/v1/admin/qa-customs/route.ts
 create mode 100644 src/db/migrations/20240715110621_qa_custom_toggles.js
 create mode 100644 src/db/migrations/20240715115031_qa_custom_breaches.js

diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/ConfigPage.module.scss b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/ConfigPage.module.scss
new file mode 100644
index 00000000000..e5fe8ca3772
--- /dev/null
+++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/ConfigPage.module.scss
@@ -0,0 +1,200 @@
+@import "../../../../../tokens";
+
+.wrapper {
+  display: grid;
+  grid-template-rows: 120px min-content;
+  gap: $spacing-md;
+  height: 100%;
+  padding: $layout-sm;
+  background-color: $color-grey-05;
+  align-items: center;
+  justify-content: center;
+}
+
+.wrapperHibp {
+  grid-template-rows: 120px min-content 100px;
+  justify-content: center;
+}
+
+.header {
+  font: $text-title-xs;
+  font-weight: normal;
+  margin: auto;
+  width: 100%;
+  b {
+    font-weight: bold;
+  }
+  text-align: center;
+}
+
+.formAndListWrapper {
+  margin-top: 40px;
+  display: grid;
+  grid-template-rows: 1fr;
+  grid-template-columns: 3fr 2fr;
+  justify-content: center;
+}
+
+.hibpFormAndListWrapper {
+  grid-template-columns: 1fr 1fr;
+}
+
+.formWrapper {
+  display: grid;
+  grid-template-rows: 50px 4fr 100px;
+  justify-content: center;
+}
+
+.h2 {
+  text-align: center;
+}
+
+.allBreachesWrapper {
+  display: grid;
+  grid-template-rows: 50px 4fr;
+  justify-content: center;
+}
+
+.listButtonsWrapper {
+  display: grid;
+  grid-template-rows: auto 100px;
+  justify-content: center;
+}
+
+.listContainer {
+  max-height: 330px;
+  overflow-y: auto;
+}
+
+.searchBox {
+  background-color: white;
+  border: 1px solid rgb(139, 139, 139);
+  border-radius: 3px;
+  height: 240px;
+  width: 100%;
+}
+
+.buttonsWrapper {
+  height: auto;
+  display: grid;
+  grid-template-columns: 1fr 1fr;
+}
+
+.buttonsStandalone {
+  height: 100px;
+  width: 100%;
+  display: flex;
+  justify-content: center;
+}
+
+.listWrapper {
+  height: min-content;
+  display: grid;
+  grid-template-rows: 50px auto;
+  justify-content: center;
+  align-items: flex-start;
+}
+
+.hibpSelectedBoxWrapper {
+  width: 100%;
+  grid-template-columns: 100%;
+  .listContainer {
+    margin-left: 10px;
+    margin-right: 10px;
+    margin-top: 8px;
+    height: 300px;
+  }
+  p {
+    margin-left: 10px;
+  }
+}
+
+.button {
+  display: block;
+  margin: auto;
+  max-height: 100px;
+  max-width: 100px;
+  margin-top: 10px;
+  margin-bottom: 10px;
+}
+
+.buttonUnderList {
+  margin-left: 10px;
+  margin-right: 10px;
+}
+
+.buttonsHibp {
+  margin: 10px;
+  justify-self: center;
+}
+
+@keyframes shake {
+  0% {
+    transform: translateX(0);
+  }
+  25% {
+    transform: translateX(-5px);
+  }
+  75% {
+    transform: translateX(5px);
+  }
+  100% {
+    transform: translateX(0);
+  }
+}
+
+.error {
+  border-color: red; /* Example: Highlight border in red for error */
+  animation: shake 0.5s ease-in-out; /* Example animation */
+}
+
+.form {
+  display: flex;
+  flex-direction: column;
+  gap: $spacing-sm;
+  align-items: center;
+  width: min-content;
+
+  .userPicker {
+    flex: 1 0 auto;
+    align-items: center;
+    display: flex;
+    flex-wrap: wrap;
+    gap: $spacing-md;
+    min-height: $layout-md;
+
+    label {
+      display: flex;
+      flex-direction: column;
+      gap: $spacing-sm;
+      min-width: 50%;
+      width: 350px;
+    }
+
+    input {
+      padding: $spacing-sm;
+      font: $text-body-md;
+      transition: border-color 0.3s ease;
+    }
+  }
+}
+
+.listItem:hover {
+  background-color: #f0f0f0; /* Light grey background on hover */
+  cursor: pointer; /* Change cursor to indicate clickable item */
+  text-decoration: line-through;
+}
+
+.allBreachesItem:hover {
+  background-color: #f0f0f0; /* Light grey background on hover */
+  cursor: pointer; /* Change cursor to indicate clickable item */
+}
+
+.selectedBox {
+  margin: 0;
+}
+
+.breachName {
+  color: black;
+  margin-left: 10px;
+}
diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/breachesLookup.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/breachesLookup.tsx
new file mode 100644
index 00000000000..eb392347514
--- /dev/null
+++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/breachesLookup.tsx
@@ -0,0 +1,56 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+//  import { getBreaches } from "../../../../../../functions/server/getBreaches.ts";
+import styles from "../ConfigPage.module.scss";
+import { Breach } from "../../../../../../functions/universal/breach.ts";
+import { HibpLikeDbBreach } from "../../../../../../../utils/hibp.js";
+
+interface Props {
+  allBreaches: (Breach | HibpLikeDbBreach)[];
+  filterWord?: string;
+  onClickFunc?: (elem: Breach | HibpLikeDbBreach) => void;
+  additionalStyles?: string;
+}
+
+export default function BreachesLookup(props: Props) {
+  // const allBreaches = (await getBreaches());
+
+  const {
+    allBreaches,
+    filterWord = "",
+    onClickFunc = () => {},
+    additionalStyles = "",
+  } = props;
+
+  const getElementData = (breach: Breach | HibpLikeDbBreach) => {
+    const name = breach.Name;
+    const month = (breach.AddedDate as Date).toLocaleString("en-US", {
+      month: "long",
+    });
+    const year = (breach.AddedDate as Date).getFullYear();
+    return `${name} - ${month}, ${year}`;
+  };
+
+  return (
+    <div>
+      {allBreaches
+        .filter(
+          (elem) =>
+            elem.Name.includes(filterWord) ||
+            elem.Title.includes(filterWord) ||
+            String(elem.AddedDate).includes(filterWord),
+        )
+        .map((elem, index) => (
+          <p
+            className={`${styles.breachName} ${additionalStyles}`}
+            onClick={() => onClickFunc(elem)}
+            key={index}
+          >
+            {getElementData(elem)}
+          </p>
+        ))}
+    </div>
+  );
+}
diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/hibpConfig.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/hibpConfig.tsx
new file mode 100644
index 00000000000..dbde6b322e3
--- /dev/null
+++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/hibpConfig.tsx
@@ -0,0 +1,357 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use client";
+
+import React, { useState, useEffect } from "react";
+import styles from "../ConfigPage.module.scss";
+
+interface QaBreachData {
+  emailHashPrefix: string;
+  Id: number;
+  Name: string;
+  Title: string;
+  Domain: string;
+  ModifiedDate: Date | string;
+  PwnCount: number;
+  Description: string;
+  LogoPath: string;
+  DataClasses: string[];
+  IsVerified: boolean;
+  IsFabricated: boolean;
+  IsSensitive: boolean;
+  IsRetired: boolean;
+  IsSpamList: boolean;
+  IsMalware: boolean;
+  FaviconUrl: string | null;
+}
+
+const endpointBase = "/api/v1/admin/qa-customs/hibp";
+
+interface Props {
+  emailHashPrefix: string;
+}
+
+const ConfigPage = (props: Props) => {
+  const [breaches, setBreaches] = useState<QaBreachData[]>([]);
+  // Initialize a base breach template to reset form fields
+  const baseBreach: QaBreachData = {
+    emailHashPrefix: "",
+    Id: -1,
+    Name: "",
+    Title: "",
+    Domain: "",
+    ModifiedDate: new Date(),
+    PwnCount: 0,
+    Description: "",
+    LogoPath: "",
+    DataClasses: [],
+    IsVerified: true,
+    IsFabricated: false,
+    IsSensitive: false,
+    IsRetired: false,
+    IsSpamList: false,
+    IsMalware: false,
+    FaviconUrl: null,
+  };
+
+  // Temporary state to hold form input for a new breach
+  const [newBreach, setNewBreach] = useState<QaBreachData>(baseBreach);
+
+  useEffect(() => {
+    void fetchBreaches();
+  }, []);
+
+  const fetchBreaches = async () => {
+    try {
+      const response = await fetch(
+        `${endpointBase}?emailHashPrefix=${props.emailHashPrefix}`,
+      );
+      const data = await response.json();
+      setBreaches(data);
+    } catch (error) {
+      console.error("Error fetching breaches:", error);
+    }
+  };
+
+  const handleChange = (
+    e:
+      | React.ChangeEvent<HTMLInputElement>
+      | React.ChangeEvent<HTMLSelectElement>
+      | React.ChangeEvent<HTMLTextAreaElement>,
+  ) => {
+    setNewBreach({ ...newBreach, [e.target.name]: e.target.value });
+  };
+
+  const handleAddBreach = async (event: React.FormEvent) => {
+    event.preventDefault();
+    newBreach.emailHashPrefix = props.emailHashPrefix;
+
+    if (newBreach.emailHashPrefix.length < 6) {
+      console.log("Invalid email hash!");
+    }
+
+    try {
+      const response = await fetch(endpointBase, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+        },
+        body: JSON.stringify(newBreach),
+      });
+
+      if (response.ok) {
+        await fetchBreaches(); // Refresh the breaches list
+        setNewBreach(baseBreach); // Reset form fields
+      } else {
+        console.error("Error adding breach:", await response.json());
+      }
+    } catch (error) {
+      console.error("Error adding breach:", error);
+    }
+  };
+
+  const handleDeleteBreach = async (id: number) => {
+    try {
+      const response = await fetch(`${endpointBase}?id=${id}`, {
+        method: "DELETE",
+      });
+
+      if (response.ok) {
+        await fetchBreaches(); // Refresh the breaches list
+      } else {
+        console.error("Error deleting breach:", await response.json());
+      }
+    } catch (error) {
+      console.error("Error deleting breach:", error);
+    }
+  };
+
+  return (
+    <main className={styles.wrapper}>
+      <header className={styles.header}>
+        <div>
+          Adding custom <b>Breaches</b>
+        </div>
+        <br />
+      </header>
+
+      <div className={styles.formAndListWrapper}>
+        <form
+          className={styles.formWrapper}
+          onSubmit={(e) => void handleAddBreach(e)}
+        >
+          <h2 className={styles.h2}>Input Breach Element</h2>
+          <div className={styles.form}>
+            <div className={styles.userPicker}>
+              <label className={styles.label}>
+                Name:
+                <input
+                  className={`${styles.input}`}
+                  type="text"
+                  name="Name"
+                  placeholder="Custom Breach"
+                  value={newBreach.Name}
+                  onChange={(e) => void handleChange(e)}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Title:
+                <input
+                  className={`${styles.input}`}
+                  type="text"
+                  name="Title"
+                  placeholder="Custom Breach"
+                  value={newBreach.Title}
+                  onChange={(e) => void handleChange(e)}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Domain:
+                <input
+                  className={`${styles.input}`}
+                  type="text"
+                  name="Domain"
+                  placeholder="custom-breach.com"
+                  value={newBreach.Domain}
+                  onChange={(e) => void handleChange(e)}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Modified Date:
+                <input
+                  className={styles.input}
+                  type="date"
+                  name="ModifiedDate"
+                  value={newBreach.ModifiedDate.toString()}
+                  onChange={(e) => void handleChange(e)}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Pwn Count:
+                <input
+                  className={styles.input}
+                  type="number"
+                  name="PwnCount"
+                  placeholder="7777777"
+                  value={newBreach.PwnCount}
+                  onChange={(e) => void handleChange(e)}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Description:
+                <textarea
+                  className={styles.input}
+                  name="Description"
+                  placeholder="This is a Custom Breach! Nothing to worry about :)"
+                  value={newBreach.Description}
+                  onChange={(e) => void handleChange(e)}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Logo Path:
+                <input
+                  className={styles.input}
+                  type="text"
+                  name="LogoPath"
+                  placeholder="https://www.mozilla.org/media/protocol/img/logos/mozilla/logo-word-hor.e20791bb4dd4.svg"
+                  value={newBreach.LogoPath}
+                  onChange={handleChange}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Data Classes:
+                <input
+                  className={styles.input}
+                  type="text"
+                  name="DataClasses"
+                  placeholder='["email-addresses", "password-hints"]'
+                  value={newBreach.DataClasses.join(",")}
+                  onChange={handleChange}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Is Verified:
+                <select
+                  name="IsVerified"
+                  value={newBreach.IsVerified.toString()}
+                  onChange={(e) => void handleChange(e)}
+                >
+                  <option value="true">True</option>
+                  <option value="false">False</option>
+                </select>
+              </label>
+
+              <label className={styles.label}>
+                Is Fabricated:
+                <select
+                  name="IsFabricated"
+                  value={newBreach.IsFabricated.toString()}
+                  onChange={(e) => void handleChange(e)}
+                >
+                  <option value="true">True</option>
+                  <option value="false">False</option>
+                </select>
+              </label>
+
+              <label className={styles.label}>
+                Is Sensitive:
+                <select
+                  name="IsSensitive"
+                  value={newBreach.IsSensitive.toString()}
+                  onChange={(e) => void handleChange(e)}
+                >
+                  <option value="true">True</option>
+                  <option value="false">False</option>
+                </select>
+              </label>
+
+              <label className={styles.label}>
+                Is Retired:
+                <select
+                  name="IsRetired"
+                  value={newBreach.IsRetired.toString()}
+                  onChange={(e) => void handleChange(e)}
+                >
+                  <option value="true">True</option>
+                  <option value="false">False</option>
+                </select>
+              </label>
+
+              <label className={styles.label}>
+                Is Spam List:
+                <select
+                  name="IsSpamList"
+                  value={newBreach.IsSpamList.toString()}
+                  onChange={(e) => void handleChange(e)}
+                >
+                  <option value="true">True</option>
+                  <option value="false">False</option>
+                </select>
+              </label>
+
+              <label className={styles.label}>
+                Is Malware:
+                <select
+                  name="IsMalware"
+                  value={newBreach.IsMalware.toString()}
+                  onChange={(e) => void handleChange(e)}
+                >
+                  <option value="true">True</option>
+                  <option value="false">False</option>
+                </select>
+              </label>
+
+              <label className={styles.label}>
+                Favicon URL:
+                <input
+                  className={styles.input}
+                  type="text"
+                  name="FaviconUrl"
+                  placeholder="https://example.com/favicon.ico"
+                  value={newBreach.FaviconUrl ?? ""}
+                  onChange={handleChange}
+                />
+              </label>
+            </div>
+          </div>
+          <button className={styles.button} type="submit">
+            Add Breach to List
+          </button>
+        </form>
+        <div className={styles.listButtonsWrapper}>
+          <div className={styles.listWrapper}>
+            <h2 className={styles.h2}>Breaches List</h2>
+            <ul className={styles.listContainer}>
+              {breaches.length !== 0 ? (
+                breaches.map((breach) => (
+                  <li
+                    key={breach.Id}
+                    onClick={() => void handleDeleteBreach(breach.Id)}
+                    className={styles.listItem}
+                  >
+                    {"{"} {breach.emailHashPrefix}, {breach.Name},{" "}
+                    {breach.Domain} {"}"}
+                  </li>
+                ))
+              ) : (
+                <p>empty...</p>
+              )}
+            </ul>
+          </div>
+        </div>
+      </div>
+    </main>
+  );
+};
+
+export default ConfigPage;
diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/page.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/page.tsx
new file mode 100644
index 00000000000..2c6a5d6bde3
--- /dev/null
+++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/page.tsx
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { getServerSession } from "../../../../../../functions/server/getServerSession";
+import { notFound } from "next/navigation";
+import { isAdmin } from "../../../../../../api/utils/auth";
+import ConfigPage from "./hibpConfig";
+// import { getBreaches } from "../../../../../../functions/server/getBreaches.ts";
+
+export default async function DevPage() {
+  const session = await getServerSession();
+  // const allBreaches = (await getBreaches()).filter(
+  //   (breach) =>
+  //     !breach.IsRetired &&
+  //     !breach.IsSpamList &&
+  //     !breach.IsFabricated &&
+  //     breach.IsVerified &&
+  //     breach.Domain !== "",
+  // );
+
+  if (
+    !session?.user?.email ||
+    !isAdmin(session.user.email) ||
+    process.env.APP_ENV !== "local" ||
+    !session?.user?.subscriber?.primary_sha1
+  ) {
+    return notFound();
+  }
+
+  return (
+    <ConfigPage
+      emailHashPrefix={session.user.subscriber.primary_sha1.slice(0, 6)}
+    />
+  );
+}
diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerep/onerepConfig.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerep/onerepConfig.tsx
new file mode 100644
index 00000000000..ece212f0952
--- /dev/null
+++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerep/onerepConfig.tsx
@@ -0,0 +1,355 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use client";
+
+import React, { useState, useEffect } from "react";
+import styles from "../ConfigPage.module.scss";
+
+interface QaBrokerData {
+  onerep_scan_result_id?: number;
+  onerep_profile_id: number;
+  link: string;
+  age: number | null | undefined;
+  data_broker: string;
+  emails: string;
+  phones: string;
+  addresses: string;
+  relatives: string;
+  first_name: string;
+  middle_name: string | null | undefined;
+  last_name: string;
+  status: string;
+  manually_resolved: string;
+}
+
+const endpointBase = "/api/v1/admin/qa-customs/onerep";
+
+interface Props {
+  onerepProfileId: number;
+}
+
+const ConfigPage = (props: Props) => {
+  const profileId = props.onerepProfileId;
+  const [brokers, setBrokers] = useState<QaBrokerData[]>([]);
+  const [errors, setErrors] = useState({
+    profile_id: false,
+    data_broker: false,
+    link: false,
+  });
+
+  // Initialize a base broker template to reset form fields
+  const baseBroker: QaBrokerData = {
+    onerep_profile_id: -1,
+    link: "",
+    age: null,
+    data_broker: "",
+    emails: "",
+    phones: "",
+    addresses: "",
+    relatives: "",
+    first_name: "",
+    middle_name: null,
+    last_name: "",
+    status: "new",
+    manually_resolved: "false",
+  };
+
+  // Temporary state to hold form input for a new broker
+  const [newBroker, setNewBroker] = useState<QaBrokerData>(baseBroker);
+
+  useEffect(() => {
+    void fetchBrokers();
+  }, []);
+
+  const fetchBrokers = async () => {
+    try {
+      const response = await fetch(
+        `${endpointBase}?onerep_profile_id=${props.onerepProfileId}`,
+      );
+      const data = await response.json();
+      setBrokers(data);
+    } catch (error) {
+      console.error("Error fetching brokers:", error);
+    }
+  };
+
+  const handleChange = (
+    e:
+      | React.ChangeEvent<HTMLInputElement>
+      | React.ChangeEvent<HTMLSelectElement>,
+  ) => {
+    setNewBroker({ ...newBroker, [e.target.name]: e.target.value });
+  };
+
+  const handleAddBroker = async (event: React.FormEvent) => {
+    event.preventDefault();
+
+    let hasError = false;
+
+    if (profileId < 0) {
+      setErrors({ ...errors, profile_id: true });
+      hasError = true;
+    } else {
+      setErrors({ ...errors, profile_id: false });
+    }
+
+    let linkString = "";
+    try {
+      if (newBroker.link.length !== 0) {
+        const urlObj = new URL(newBroker.link);
+        linkString = urlObj.href;
+      }
+      setErrors({ ...errors, link: false });
+    } catch {
+      setErrors({ ...errors, link: true });
+      hasError = true;
+    }
+
+    if (hasError) return;
+
+    newBroker.onerep_profile_id = profileId;
+
+    try {
+      const response = await fetch(endpointBase, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+        },
+        body: JSON.stringify({
+          ...newBroker,
+          link: linkString,
+          manually_resolved:
+            newBroker.manually_resolved === "false" ? false : true,
+        }),
+      });
+
+      if (response.ok) {
+        await fetchBrokers(); // Refresh the brokers list
+        setNewBroker(baseBroker); // Reset form fields
+      } else {
+        console.error("Error adding broker:", await response.json());
+      }
+    } catch (error) {
+      console.error("Error adding broker:", error);
+    }
+  };
+
+  const handleDeleteBroker = async (onerep_scan_result_id: number) => {
+    try {
+      const response = await fetch(
+        `${endpointBase}?onerep_scan_result_id=${onerep_scan_result_id}`,
+        {
+          method: "DELETE",
+        },
+      );
+
+      if (response.ok) {
+        await fetchBrokers(); // Refresh the brokers list
+      } else {
+        console.error("Error deleting broker:", await response.json());
+      }
+    } catch (error) {
+      console.error("Error deleting broker:", error);
+    }
+  };
+
+  return (
+    <main className={styles.wrapper}>
+      <header className={styles.header}>
+        <div>
+          Adding custom <b>OneRep</b> brokers
+        </div>
+        <br />
+      </header>
+
+      <div className={styles.formAndListWrapper}>
+        <form
+          className={styles.formWrapper}
+          onSubmit={(e) => {
+            void handleAddBroker(e);
+          }}
+        >
+          <h2 className={styles.h2}>Input Broker Element</h2>
+          <div className={styles.form}>
+            <div className={styles.userPicker}>
+              <label className={styles.label}>
+                Broker Name:
+                <input
+                  className={`${styles.input} ${errors.data_broker ? styles.error : ""}`}
+                  type="text"
+                  name="data_broker"
+                  placeholder="Test Broker"
+                  value={newBroker.data_broker}
+                  onChange={handleChange}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Broker Link:
+                <input
+                  className={`${styles.input} ${errors.link ? styles.error : ""}`}
+                  type="text"
+                  name="link"
+                  placeholder="https://test-broker.com"
+                  value={newBroker.link}
+                  onChange={handleChange}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Age:
+                <input
+                  className={styles.input}
+                  type="number"
+                  name="age"
+                  placeholder="21"
+                  value={newBroker.age ?? ""}
+                  onChange={handleChange}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Emails:
+                <input
+                  className={styles.input}
+                  type="number"
+                  name="emails"
+                  placeholder="0"
+                  value={newBroker.emails}
+                  onChange={handleChange}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Phones:
+                <input
+                  className={styles.input}
+                  type="number"
+                  name="phones"
+                  placeholder="0"
+                  value={newBroker.phones}
+                  onChange={handleChange}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Addresses:
+                <input
+                  className={styles.input}
+                  type="number"
+                  name="addresses"
+                  placeholder="0"
+                  value={newBroker.addresses}
+                  onChange={handleChange}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Relatives:
+                <input
+                  className={styles.input}
+                  type="number"
+                  name="relatives"
+                  placeholder="0"
+                  value={newBroker.relatives}
+                  onChange={handleChange}
+                />
+              </label>
+
+              <label className={styles.label}>
+                First Name:
+                <input
+                  className={styles.input}
+                  type="text"
+                  name="first_name"
+                  value={newBroker.first_name}
+                  placeholder="John"
+                  onChange={handleChange}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Middle Name:
+                <input
+                  className={styles.input}
+                  type="text"
+                  name="middle_name"
+                  placeholder="null"
+                  value={newBroker.middle_name ?? ""}
+                  onChange={handleChange}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Last Name:
+                <input
+                  className={styles.input}
+                  type="text"
+                  name="last_name"
+                  placeholder="Doe"
+                  value={newBroker.last_name}
+                  onChange={handleChange}
+                />
+              </label>
+
+              <label className={styles.label}>
+                Manually Resolved:
+                <select
+                  name="manually_resolved"
+                  value={newBroker.manually_resolved}
+                  onChange={(e) => void handleChange(e)}
+                >
+                  <option value="false">False</option>
+                  <option value="true">True</option>
+                </select>
+              </label>
+
+              <label>
+                Status:
+                <select
+                  name="status"
+                  value={newBroker.status}
+                  onChange={(e) => void handleChange(e)}
+                >
+                  <option value="new">New</option>
+                  <option value="optout_in_progress">In Progress</option>
+                  <option value="removed">Removed</option>
+                </select>
+              </label>
+            </div>
+          </div>
+          <button className={styles.button} type="submit">
+            Add Broker to List
+          </button>
+        </form>
+        <div className={styles.listButtonsWrapper}>
+          <div className={styles.listWrapper}>
+            <h2 className={styles.h2}>Brokers List</h2>
+            <ul className={styles.listContainer}>
+              {brokers.length !== 0 ? (
+                brokers.map((broker) => (
+                  <li
+                    key={broker.onerep_profile_id}
+                    onClick={() =>
+                      void handleDeleteBroker(broker.onerep_scan_result_id!)
+                    }
+                    className={styles.listItem}
+                  >
+                    {"{"} {broker.onerep_profile_id}, {broker.data_broker},{" "}
+                    {broker.link} {"}"}
+                  </li>
+                ))
+              ) : (
+                <p>empty...</p>
+              )}
+            </ul>
+          </div>
+        </div>
+      </div>
+    </main>
+  );
+};
+
+export default ConfigPage;
diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerep/page.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerep/page.tsx
new file mode 100644
index 00000000000..3cbafb4a58e
--- /dev/null
+++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerep/page.tsx
@@ -0,0 +1,34 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { getServerSession } from "../../../../../../functions/server/getServerSession";
+import { notFound } from "next/navigation";
+import { isAdmin } from "../../../../../../api/utils/auth";
+import ConfigPage from "./onerepConfig";
+import { getOnerepProfileId } from "../../../../../../../db/tables/subscribers";
+
+export default async function DevPage() {
+  const session = await getServerSession();
+  let onerepProfileId = -1;
+
+  const profileIdNonExistent = async () => {
+    if (!session?.user.subscriber) return true;
+    const profileId = await getOnerepProfileId(session.user.subscriber.id);
+    if (!profileId) return true;
+    onerepProfileId = profileId;
+    return false;
+  };
+
+  if (
+    !session?.user?.email ||
+    (!isAdmin(session.user.email) &&
+      session.user.email !== process.env.E2E_TEST_ACCOUNT_EMAIL) ||
+    process.env.APP_ENV !== "local" ||
+    (await profileIdNonExistent())
+  ) {
+    return notFound();
+  }
+
+  return <ConfigPage onerepProfileId={onerepProfileId} />;
+}
diff --git a/src/app/api/mock/hibp/mockData/mockAllBreaches.json b/src/app/api/mock/hibp/mockData/mockAllBreaches.json
index f1d45328a02..e14ff101365 100644
--- a/src/app/api/mock/hibp/mockData/mockAllBreaches.json
+++ b/src/app/api/mock/hibp/mockData/mockAllBreaches.json
@@ -386,31 +386,6 @@
       "IsMalware": false,
       "FaviconUrl": null
     },
-    {
-      "Id": 294,
-      "Name": "GSMHosting",
-      "Title": "GSM Hosting",
-      "Domain": "gsmhosting.com",
-      "BreachDate": "2016-08-01T07:00:00.000Z",
-      "AddedDate": "2024-03-27T06:23:58.000Z",
-      "ModifiedDate": "2024-03-27T06:29:15.000Z",
-      "PwnCount": 2607440,
-      "Description": "In August 2016, <a href=\"https://www.hackread.com/vbulletin-forums-hacked-accounts-sold-on-dark-web/\" target=\"_blank\" rel=\"noopener\">breached data from the vBulletin forum for GSM-Hosting appeared for sale alongside dozens of other hacked services</a>. The breach impacted 2.6M users of the service and included email and IP addresses, usernames and salted MD5 password hashes.",
-      "LogoPath": "https://haveibeenpwned.com/Content/Images/PwnedLogos/GSMHosting.png",
-      "DataClasses": [
-        "email-addresses",
-        "ip-addresses",
-        "passwords",
-        "usernames"
-      ],
-      "IsVerified": true,
-      "IsFabricated": false,
-      "IsSensitive": false,
-      "IsRetired": false,
-      "IsSpamList": false,
-      "IsMalware": false,
-      "FaviconUrl": null
-    },
     {
       "Id": 311,
       "Name": "HeroesOfNewerth",
@@ -550,6 +525,36 @@
       "IsMalware": false,
       "FaviconUrl": null
     },
+    {
+      "Id": 695,
+      "Title": "UC",
+      "Name": "University of California",
+      "Domain": "universityofcalifornia.edu",
+      "BreachDate": "2020-12-24",
+      "AddedDate": "2021-06-20 00:44:34-07",
+      "ModifiedDate": "2021-07-03 18:03:54-07",
+      "PwnCount": 547422,
+      "Description": "In December 2020, the University of California suffered a data breach due to vulnerability in a third-party provider, Accellion. The breach exposed extensive personal data on both students and staff including 547 thousand unique email addresses, names, dates of birth, genders, social security numbers, ethnicities, and other academic related data attributes. Further analysis is available in Exploring the Impact of the UC Data Breach. The data was provided to HIBP courtesy of Cyril Gorlla.",
+      "LogoPath": "https://haveibeenpwned.com/Content/Images/PwnedLogos/UC.png",
+      "DataClasses": [
+        "dates-of-birth",
+        "education-levels",
+        "email-addresses",
+        "ethnicities",
+        "genders",
+        "job-titles",
+        "names",
+        "phone-numbers",
+        "physical-addresses",
+        "social-security-numbers"
+      ],
+      "IsVerified": true,
+      "IsFabricated": false,
+      "IsSensitive": false,
+      "IsRetired": false,
+      "IsSpamList": false,
+      "IsMalware": false
+    },
     {
       "Id": 706,
       "Name": "VerificationsIO",
@@ -637,25 +642,6 @@
       "IsSpamList": false,
       "IsMalware": false,
       "FaviconUrl": null
-    },
-    {
-      "Id": 695,
-      "Name": "UC",
-      "Title": "University of California",
-      "Domain": "universityofcalifornia.edu",
-      "BreachDate": "2020-12-24",
-      "AddedDate": "2021-06-20 00:44:34-07",
-      "ModifiedDate": "2021-07-03 18:03:54-07",
-      "PwnCount": 547422,
-      "Description": "In December 2020, <a href=\"https://portswigger.net/daily-swig/uc-berkeley-confirms-data-breach-becomes-latest-victim-of-accellion-cyber-attack\" target=\"_blank\" rel=\"noopener\">the University of California suffered a data breach due to vulnerability in in a third-party provider, Accellion</a>. The breach exposed extensive personal data on both students and staff including 547 thousand unique email addresses, names, dates of birth, genders, social security numbers, ethnicities and other academic related data attributes. Further analysis is available in <a href=\"https://cgorlla.github.io/project/uc\" target=\"_blank\" rel=\"noopener\">Exploring the Impact of the UC Data Breach</a>. The data was provided to HIBP courtesy of Cyril Gorlla.",
-      "LogoPath": "https://haveibeenpwned.com/Content/Images/PwnedLogos/UC.png",
-      "DataClasses": "{dates-of-birth,education-levels,email-addresses,ethnicities,genders,job-titles,names,phone-numbers,physical-addresses,social-security-numbers}",
-      "IsVerified": true,
-      "IsFabricated": false,
-      "IsSensitive": false,
-      "IsRetired": false,
-      "IsMalware": false,
-      "FaviconUrl": false
     }
   ]
 }
diff --git a/src/app/api/mock/hibp/mockData/mockOverwrite.json b/src/app/api/mock/hibp/mockData/mockOverwrite.json
index 6f87ff9ed43..e2d446a09c5 100644
--- a/src/app/api/mock/hibp/mockData/mockOverwrite.json
+++ b/src/app/api/mock/hibp/mockData/mockOverwrite.json
@@ -2,4 +2,4 @@
   "doOvewrite": false,
   "breachesOverwrite": [],
   "breachesAdd": []
-}
\ No newline at end of file
+}
diff --git a/src/app/api/mock/onerep/mockData/mockOverwrite.json b/src/app/api/mock/onerep/mockData/mockOverwrite.json
index 3be7b2107d5..07cfbe08dab 100644
--- a/src/app/api/mock/onerep/mockData/mockOverwrite.json
+++ b/src/app/api/mock/onerep/mockData/mockOverwrite.json
@@ -1,9 +1,11 @@
 {
   "doOverwrite": false,
-  "brokersOverwrite": [      {
-    "relatives": ["Jon Jones"],
-    "link": "https://mockexample.com/link-to-databroker-e2e-test-1",
-    "data_broker": "mockexample-e2e-test-1.com"
-  }],
+  "brokersOverwrite": [
+    {
+      "relatives": ["Jon Jones"],
+      "link": "https://mockexample.com/link-to-databroker-e2e-test-1",
+      "data_broker": "mockexample-e2e-test-1.com"
+    }
+  ],
   "brokersAdd": []
-}
\ No newline at end of file
+}
diff --git a/src/app/api/v1/admin/qa-customs/hibp/route.ts b/src/app/api/v1/admin/qa-customs/hibp/route.ts
new file mode 100644
index 00000000000..1e250bb8ce7
--- /dev/null
+++ b/src/app/api/v1/admin/qa-customs/hibp/route.ts
@@ -0,0 +1,152 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { NextRequest, NextResponse } from "next/server";
+import { isAdmin } from "../../../../utils/auth";
+import {
+  internalServerError,
+  unauthError,
+} from "../../../../utils/errorThrower";
+import {
+  addQaCustomBreach,
+  getAllQaCustomBreaches,
+  QaBreachData,
+  deleteQaCustomBreach,
+} from "../../../../../../db/tables/qa_customs";
+import { getServerSession } from "../../../../../functions/server/getServerSession";
+import { randomInt } from "crypto";
+
+function successResponse() {
+  return NextResponse.json(
+    { error: "Request reached and fulfilled." },
+    { status: 200 },
+  );
+}
+
+async function checkAdmin() {
+  const session = await getServerSession();
+  if (!isAdmin(session?.user?.email || "")) return unauthError();
+  return null;
+}
+
+export async function GET(req: NextRequest) {
+  const err = await checkAdmin();
+  if (err) return err;
+
+  const emailHashPrefix = req.nextUrl.searchParams.get("emailHashPrefix");
+
+  if (!emailHashPrefix) {
+    return NextResponse.json(
+      { error: "Missing emailHashPrefix parameter" },
+      { status: 400 },
+    );
+  }
+
+  return NextResponse.json(await getAllQaCustomBreaches(emailHashPrefix));
+}
+
+export async function POST(req: NextRequest) {
+  const err = await checkAdmin();
+  if (err) return err;
+
+  const body = await req.json();
+
+  if (!body.emailHashPrefix || body.emailHashPrefix.length < 6)
+    return NextResponse.json(
+      { error: "emailHash is too small" },
+      { status: 400 },
+    );
+
+  const emailHashPrefix = body.emailHashPrefix.slice(0, 6);
+  const Name = body.Name || "Custom Breach";
+  const Title = body.Title || "Custom Breach";
+  const Domain = body.Domain || "custom-breach.com";
+  const ModifiedDate = body.ModifiedDate;
+  const PwnCount = randomInt(10 ** 6, 10 ** 9);
+  const Description =
+    body.Description ||
+    "This is a <em>Custom Breach</em>! Nothing to worry about :)";
+  const LogoPath =
+    body.LogoPath ||
+    "https://www.mozilla.org/media/protocol/img/logos/mozilla/logo-word-hor.e20791bb4dd4.svg";
+  const DataClasses = body.DataClasses || [];
+  const IsVerified = body.IsVerified !== undefined ? body.IsVerified : true;
+  const IsFabricated = body.IsFabricated || false;
+  const IsSensitive = body.IsSensitive || false;
+  const IsRetired = body.IsRetired || false;
+  const IsSpamList = body.IsSpamList || false;
+  const IsMalware = body.IsMalware || false;
+  const FaviconUrl = body.FaviconUrl || null;
+
+  const breachData: QaBreachData = {
+    emailHashPrefix,
+    Name,
+    Title,
+    Domain,
+    ModifiedDate,
+    PwnCount,
+    Description,
+    LogoPath,
+    DataClasses,
+    IsVerified,
+    IsFabricated,
+    IsSensitive,
+    IsRetired,
+    IsSpamList,
+    IsMalware,
+    FaviconUrl,
+  };
+
+  try {
+    await addQaCustomBreach(breachData);
+    return successResponse();
+  } catch (error) {
+    console.error("Error inserting custom breach:", error);
+    return internalServerError();
+  }
+}
+
+export async function DELETE(req: NextRequest) {
+  const err = await checkAdmin();
+  if (err) return err;
+
+  const emailHash = req.nextUrl.searchParams.get("emailHashPrefix");
+  const id = Number(req.nextUrl.searchParams.get("id"));
+
+  if (!emailHash || !id || Number.isNaN(id)) {
+    return NextResponse.json(
+      { error: "Missing or invalid emailHashPrefix or id parameter" },
+      { status: 400 },
+    );
+  }
+
+  try {
+    await deleteQaCustomBreach(emailHash, id);
+    return successResponse();
+  } catch (error) {
+    console.error("Error deleting custom breach:", error);
+    return internalServerError();
+  }
+}
+
+export function PUT() {
+  //Change it for breach resolution within toggles table
+  return NextResponse.json(
+    { message: "Endpoint unavailable for now" },
+    { status: 200 },
+  );
+
+  // const err = await checkAdmin();
+  //  if (err) return err;
+
+  //  const onerepScanResultId = Number(req.nextUrl.searchParams.get("onerep_scan_result_id"));
+  //  const newStatus = req.nextUrl.searchParams.get("new_status");
+
+  //  if (!onerepScanResultId || Number.isNaN(onerepScanResultId) || !newStatus) {
+  //    return new NextResponse('Missing onerep_scan_result_id or newStatus parameter', { status: 400 });
+  //  }
+
+  //  await setQaCustomBrokerStatus(onerepScanResultId, newStatus);
+  //  return successResponse();
+}
diff --git a/src/app/api/v1/admin/qa-customs/onerep/route.ts b/src/app/api/v1/admin/qa-customs/onerep/route.ts
new file mode 100644
index 00000000000..2c9d76f213a
--- /dev/null
+++ b/src/app/api/v1/admin/qa-customs/onerep/route.ts
@@ -0,0 +1,147 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { NextRequest, NextResponse } from "next/server";
+import { isAdmin } from "../../../../utils/auth";
+import {
+  internalServerError,
+  unauthError,
+} from "../../../../utils/errorThrower";
+import {
+  addQaCustomBroker,
+  deleteQaCustomBrokerRow,
+  getAllQaCustomBrokers,
+  QaBrokerData,
+  setQaCustomBrokerStatus,
+} from "../../../../../../db/tables/qa_customs";
+import { getServerSession } from "../../../../../functions/server/getServerSession";
+
+function successResponse() {
+  return NextResponse.json(
+    { error: "Request reached and fulfilled." },
+    { status: 200 },
+  );
+}
+
+async function checkAdmin() {
+  const session = await getServerSession();
+  if (!isAdmin(session?.user?.email || "")) return unauthError();
+  return null;
+}
+
+const mockAddress = {
+  zip: "93386",
+  city: "Berkeley",
+  state: "CA",
+  street: "Von Meadows",
+};
+const mockPhone = "000000000";
+const mockEmail = "mockEmail@email.com";
+const mockRelative = "Relative Johnson";
+type mockInputs = string | { [key: string]: string };
+
+function duplicateObj(obj: mockInputs, n: string | undefined) {
+  const howMany = n ? parseInt(n, 10) : 0;
+  return Array.from({ length: howMany }, () => obj);
+}
+
+export async function GET(req: NextRequest) {
+  const err = await checkAdmin();
+  if (err) return err;
+
+  const profileId = Number(req.nextUrl.searchParams.get("onerep_profile_id"));
+
+  if (!profileId || Number.isNaN(profileId)) {
+    return NextResponse.json(
+      { error: "Missing onerep_profile_id parameter" },
+      { status: 400 },
+    );
+  }
+
+  return NextResponse.json(await getAllQaCustomBrokers(profileId));
+}
+
+export async function POST(req: NextRequest) {
+  const err = await checkAdmin();
+  if (err) return err;
+
+  const body = await req.json();
+
+  const onerep_profile_id = parseInt(body.onerep_profile_id || "21", 10);
+  const link = body.link || "https://test-broker.com";
+  const age = body.age ? parseInt(body.age, 10) : undefined;
+  const data_broker = body.data_broker || "test_broker";
+  const emails = duplicateObj(mockEmail, body.emails) as string[];
+  const phones = duplicateObj(mockPhone, body.phones) as string[];
+  const addresses = duplicateObj(mockAddress, body.addresses) as {
+    [key: string]: string;
+  }[];
+  const relatives = duplicateObj(mockRelative, body.relatives) as string[];
+  const first_name = body.first_name || "John";
+  const middle_name = body.middle_name || "";
+  const last_name = body.last_name || "Doe";
+  const status = body.status || "new";
+  const manually_resolved = body.manually_resolved || false;
+
+  const brokerData: QaBrokerData = {
+    onerep_profile_id,
+    link,
+    age,
+    data_broker,
+    emails,
+    phones,
+    addresses,
+    relatives,
+    first_name,
+    middle_name,
+    last_name,
+    status,
+    manually_resolved,
+  };
+  try {
+    await addQaCustomBroker(brokerData);
+    return new NextResponse("Success", { status: 200 });
+  } catch {
+    return internalServerError();
+  }
+}
+
+export async function DELETE(req: NextRequest) {
+  const err = await checkAdmin();
+  if (err) return err;
+
+  const onerepScanResultId = Number(
+    req.nextUrl.searchParams.get("onerep_scan_result_id"),
+  );
+
+  if (!onerepScanResultId || Number.isNaN(onerepScanResultId)) {
+    return NextResponse.json(
+      { error: "Missing onerep_scan_result_id parameter" },
+      { status: 400 },
+    );
+  }
+
+  await deleteQaCustomBrokerRow(onerepScanResultId);
+  return successResponse();
+}
+
+export async function PUT(req: NextRequest) {
+  const err = await checkAdmin();
+  if (err) return err;
+
+  const onerepScanResultId = Number(
+    req.nextUrl.searchParams.get("onerep_scan_result_id"),
+  );
+  const newStatus = req.nextUrl.searchParams.get("new_status");
+
+  if (!onerepScanResultId || Number.isNaN(onerepScanResultId) || !newStatus) {
+    return new NextResponse(
+      "Missing onerep_scan_result_id or newStatus parameter",
+      { status: 400 },
+    );
+  }
+
+  await setQaCustomBrokerStatus(onerepScanResultId, newStatus);
+  return successResponse();
+}
diff --git a/src/app/api/v1/admin/qa-customs/route.ts b/src/app/api/v1/admin/qa-customs/route.ts
new file mode 100644
index 00000000000..98a9e2a902b
--- /dev/null
+++ b/src/app/api/v1/admin/qa-customs/route.ts
@@ -0,0 +1,59 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { NextRequest, NextResponse } from "next/server";
+import { getServerSession } from "../../../../functions/server/getServerSession";
+import {
+  createQaTogglesRow,
+  setQaToggle,
+} from "../../../../../db/tables/qa_customs";
+import { isAdmin } from "../../../utils/auth";
+import { unauthError } from "../../../utils/errorThrower";
+
+export async function POST() {
+  const session = await getServerSession();
+  if (!isAdmin(session?.user.email || "")) return unauthError();
+
+  const emailSha1 = session?.user.subscriber?.primary_email;
+  const subscriberId = session?.user.subscriber?.id;
+  if (!emailSha1 || !subscriberId) {
+    return NextResponse.json(
+      { error: "Either email or subscriber id seems to be missing" },
+      { status: 400 },
+    );
+  }
+  await createQaTogglesRow(emailSha1, subscriberId);
+
+  return NextResponse.json({ error: "QaToggles row created" }, { status: 200 });
+}
+
+export async function PUT(req: NextRequest) {
+  const session = await getServerSession();
+  if (!isAdmin(session?.user.email || "")) return unauthError();
+
+  const emailHash = session?.user.subscriber?.primary_sha1;
+  if (!emailHash)
+    return NextResponse.json(
+      { error: "Email hash is absent" },
+      { status: 400 },
+    );
+
+  const emailHashPrefix = emailHash.slice(0, 6);
+
+  const columnName = req.nextUrl.searchParams.get("columnName");
+  const isVisible = req.nextUrl.searchParams.get("isVisible");
+  if (!columnName || !isVisible)
+    return NextResponse.json(
+      { error: "Column name or isVisible value is missing" },
+      { status: 400 },
+    );
+  const toggle = isVisible === "false" ? false : true;
+
+  await setQaToggle(columnName, toggle, emailHashPrefix);
+
+  return NextResponse.json(
+    { error: `${columnName} toggled to ${toggle}` },
+    { status: 200 },
+  );
+}
diff --git a/src/app/api/v1/user/scan-result/[onerepScanResultId]/resolution/route.ts b/src/app/api/v1/user/scan-result/[onerepScanResultId]/resolution/route.ts
index d30ece0d599..58c46f4bf02 100644
--- a/src/app/api/v1/user/scan-result/[onerepScanResultId]/resolution/route.ts
+++ b/src/app/api/v1/user/scan-result/[onerepScanResultId]/resolution/route.ts
@@ -10,6 +10,8 @@ import {
   isOnerepScanResultForSubscriber,
   markOnerepScanResultAsResolved,
 } from "../../../../../../../db/tables/onerep_scans";
+import { markQaCustomBrokerAsResolved } from "../../../../../../../db/tables/qa_customs";
+import { isAdmin } from "../../../../../utils/auth";
 
 export type ResolveScanResultResponse =
   | {
@@ -37,6 +39,17 @@ export async function POST(
     );
   }
 
+  //This marks a QA broker as resolved. Collisions aren't a worry because real user is never admin.
+  if (isAdmin(session.user.subscriber.primary_email)) {
+    const rowsAffected = await markQaCustomBrokerAsResolved(scanResultId);
+    if (rowsAffected > 0) {
+      return new NextResponse<ResolveScanResultResponse>(
+        JSON.stringify({ success: true }),
+        { status: 200 },
+      );
+    }
+  }
+
   const isAllowedToResolve = await isOnerepScanResultForSubscriber({
     onerepScanResultId: scanResultId,
     subscriberId: session.user.subscriber.id,
diff --git a/src/db/migrations/20240710214906_qa_custom_brokers.js b/src/db/migrations/20240710214906_qa_custom_brokers.js
index 421f56be618..f990ee12da3 100644
--- a/src/db/migrations/20240710214906_qa_custom_brokers.js
+++ b/src/db/migrations/20240710214906_qa_custom_brokers.js
@@ -8,9 +8,9 @@
   */
 export function up(knex) {
   return knex.schema
-    .createTable('qa_custom_brokers', table => {
-      table.increments('onerep_scan_result_id').primary();
-      table.integer('onerep_profile_id').notNullable();
+    .createTable("qa_custom_brokers", table => {
+      table.increments("onerep_scan_result_id").primary();
+      table.integer("onerep_profile_id").notNullable();
       table.string("link").notNullable();
       table.integer("age").nullable();
       table.string("data_broker").notNullable();
@@ -22,6 +22,7 @@ export function up(knex) {
       table.string("middle_name").nullable();
       table.string("last_name").notNullable();
       table.string("status").notNullable();
+      table.boolean("manually_resolved").defaultTo(false);
       table.timestamp("created_at").defaultTo(knex.fn.now());
       table.timestamp("updated_at").defaultTo(knex.fn.now());
     });
@@ -32,7 +33,7 @@ export function up(knex) {
  * @returns { Promise<void> }
  */
 export function down(knex) {
-  return knex.schema.dropTableIfExists('qa_custom_brokers');
+  return knex.schema.dropTableIfExists("qa_custom_brokers");
 }
 
 
diff --git a/src/db/migrations/20240715110621_qa_custom_toggles.js b/src/db/migrations/20240715110621_qa_custom_toggles.js
new file mode 100644
index 00000000000..7aaea20b43c
--- /dev/null
+++ b/src/db/migrations/20240715110621_qa_custom_toggles.js
@@ -0,0 +1,27 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+export function up(knex) {
+  return knex.schema.createTable("qa_custom_toggles", function(table) {
+    table.string("emailHash").primary();
+    table.integer("onerep_profile_id").notNullable();
+    table.boolean("showRealBreaches").notNullable();
+    table.boolean("showCustomBreaches").notNullable();
+    table.boolean("showRealBrokers").notNullable();
+    table.boolean("showCustomBrokers").notNullable();
+    table.jsonb("breach_resolution");
+  });
+}
+
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+export function down(knex) {
+  return knex.schema.dropTable("qa_custom_toggles");
+}
\ No newline at end of file
diff --git a/src/db/migrations/20240715115031_qa_custom_breaches.js b/src/db/migrations/20240715115031_qa_custom_breaches.js
new file mode 100644
index 00000000000..433b976bdd0
--- /dev/null
+++ b/src/db/migrations/20240715115031_qa_custom_breaches.js
@@ -0,0 +1,34 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+export function up(knex) {
+  return knex.schema.createTable("qa_custom_breaches", table => {
+    table.string("emailHashPrefix").primary();
+    table.string("Name").notNullable();
+    table.string("Title").notNullable();
+    table.string("Domain").notNullable();
+    table.timestamp("BreachDate").defaultTo(knex.fn.now());
+    table.timestamp("AddedDate").defaultTo(knex.fn.now());
+    table.timestamp("ModifiedDate").defaultTo(knex.fn.now());
+    table.bigInteger("PwnCount").notNullable();
+    table.text("Description").notNullable();
+    table.string("LogoPath").notNullable();
+    table.jsonb("DataClasses").notNullable(); // Storing as JSONB
+    table.boolean("IsVerified").notNullable();
+    table.boolean("IsFabricated").notNullable();
+    table.boolean("IsSensitive").notNullable();
+    table.boolean("IsRetired").notNullable();
+    table.boolean("IsSpamList").notNullable();
+    table.boolean("IsMalware").notNullable();
+    table.string("FaviconUrl").defaultTo(null);
+  });
+}
+
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+export function down(knex) {
+  return knex.schema.dropTableIfExists("qa_custom_breaches");
+}
\ No newline at end of file
diff --git a/src/db/tables/onerep_scans.ts b/src/db/tables/onerep_scans.ts
index 57b55b4b6f4..8d5b05f0ab5 100644
--- a/src/db/tables/onerep_scans.ts
+++ b/src/db/tables/onerep_scans.ts
@@ -287,7 +287,6 @@ async function markOnerepScanResultAsResolved(
   logger.info("scan_resolved", {
     onerepScanResultId,
   });
-
   await knex("onerep_scan_results")
     .update({
       manually_resolved: true,
diff --git a/src/db/tables/qa_customs.ts b/src/db/tables/qa_customs.ts
index 9c12b57b2a4..8d043182e04 100644
--- a/src/db/tables/qa_customs.ts
+++ b/src/db/tables/qa_customs.ts
@@ -5,6 +5,7 @@
 import { OnerepScanResultRow } from "knex/types/tables";
 import { logger } from "../../app/functions/server/logging";
 import createDbConnection from "../connect";
+import { getOnerepProfileId } from "./subscribers";
 
 const knex = createDbConnection();
 
@@ -13,16 +14,41 @@ interface QaBrokerData {
   link: string;
   age?: number;
   data_broker: string;
-  emails: string;
-  phones: string;
-  addresses: string;
-  relatives: string;
+  emails: string[];
+  phones: string[];
+  addresses: { [key: string]: string }[];
+  relatives: string[];
   first_name: string;
   middle_name?: string;
   last_name: string;
   status: string;
+  manually_resolved: boolean;
 }
 
+interface QaBreachData {
+  emailHashPrefix: string;
+  Id?: number;
+  Name: string;
+  Title: string;
+  Domain: string;
+  BreachDate?: Date;
+  AddedDate?: Date;
+  ModifiedDate?: Date;
+  PwnCount: number;
+  Description: string;
+  LogoPath: string;
+  DataClasses: string[];
+  IsVerified: boolean;
+  IsFabricated: boolean;
+  IsSensitive: boolean;
+  IsRetired: boolean;
+  IsSpamList: boolean;
+  IsMalware: boolean;
+  FaviconUrl?: string | null;
+}
+
+interface QaBreachResolution {}
+
 async function getQaCustomBrokers(
   onerepProfileId: number | null,
   onerepScanId: number | undefined | null,
@@ -64,12 +90,147 @@ async function getQaCustomBrokers(
  * @param brokerData This object conforms to QaBrokerData, which is the same as
  * OnerepScanResulsRow with some fields omitted due to them being automaticallty set.
  */
-async function addQaCustomBroker(brokerData: QaBrokerData): Promise<number> {
-  const [newBrokerId] = (await knex("qa_custom_brokers")
-    .insert(brokerData)
-    .returning("onerep_scan_result_id")) as [number];
-  logger.info(`New broker added with ID: ${newBrokerId}`);
-  return newBrokerId;
+async function addQaCustomBroker(brokerData: QaBrokerData): Promise<void> {
+  await knex("qa_custom_brokers").insert({
+    ...brokerData,
+    emails: JSON.stringify(brokerData.emails),
+    phones: JSON.stringify(brokerData.phones),
+    addresses: JSON.stringify(brokerData.addresses),
+    relatives: JSON.stringify(brokerData.relatives),
+  });
+  logger.info(`Created a custom broker: ${brokerData.data_broker}`);
+}
+
+async function getAllQaCustomBrokers(
+  onerep_profile_id: number,
+): Promise<QaBrokerData[]> {
+  const res = (await knex("qa_custom_brokers")
+    .where("onerep_profile_id", onerep_profile_id)
+    .select("*")) as QaBrokerData[];
+  return res;
+}
+
+async function deleteQaCustomBrokerRow(onerep_scan_result_id: number) {
+  await knex("qa_custom_brokers")
+    .where("onerep_scan_result_id", onerep_scan_result_id)
+    .del();
+}
+
+async function setQaCustomBrokerStatus(
+  onerep_scan_result_id: number,
+  newStatus: string,
+) {
+  await knex("qa_custom_brokers")
+    .where("onerep_scan_result_id", onerep_scan_result_id)
+    .update({ status: newStatus });
+}
+
+async function markQaCustomBrokerAsResolved(onerepScanResultId: number) {
+  const rowsAffected = await knex("qa_custom_brokers")
+    .update({
+      manually_resolved: true,
+      updated_at: knex.fn.now(),
+    })
+    .where("onerep_scan_result_id", onerepScanResultId);
+  return rowsAffected;
+}
+
+async function getAllQaCustomBreaches(emailHashPrefix: string) {
+  return (await knex("qa_custom_breaches")
+    .select("*")
+    .where("emailHashPrefix", emailHashPrefix)) as QaBreachData[];
+}
+
+async function addQaCustomBreach(breach: QaBreachData): Promise<void> {
+  await knex("qa_custom_breaches").insert({
+    ...breach,
+    DataClasses: JSON.stringify(breach.DataClasses),
+  });
+}
+
+async function deleteQaCustomBreach(
+  emailHashPrefix: string,
+  id: number,
+): Promise<void> {
+  await knex("qa_custom_breaches")
+    .where({ emailHashPrefix: emailHashPrefix, Id: id })
+    .del();
+}
+
+async function setQaToggle(
+  columnName: string,
+  isShown: boolean,
+  emailHashPrefix: string,
+): Promise<void> {
+  // List of allowed columns to toggle
+  const allowedColumns = [
+    "showRealBreaches",
+    "showCustomBreaches",
+    "showRealBrokers",
+    "showCustomBrokers",
+  ];
+
+  if (!allowedColumns.includes(columnName)) {
+    throw new Error(`Invalid column name: ${columnName}`);
+  }
+
+  // Get the current value of the specified column
+  const record = await knex("qa_custom_toggles")
+    .select(columnName)
+    .where({ emailHashPrefix })
+    .first();
+
+  if (!record) {
+    throw new Error(`No record found with given onerep_profile_id`);
+  }
+
+  await knex("qa_custom_toggles")
+    .update({
+      [columnName]: isShown,
+    })
+    .where({ emailHashPrefix });
+}
+
+async function setQaBreachResolution(
+  emailHashPrefix: string,
+  breachResolution: QaBreachResolution,
+): Promise<void> {
+  await knex("qa_custom_toggles")
+    .update({
+      breach_resolution: JSON.stringify(breachResolution),
+    })
+    .where({ emailHashPrefix });
+}
+
+async function createQaTogglesRow(
+  emailHashPrefix: string,
+  subscriberId: number,
+): Promise<void> {
+  const onerep_profile_id = await getOnerepProfileId(subscriberId);
+
+  await knex("qa_custom_toggles").insert({
+    emailHashPrefix,
+    onerep_profile_id,
+    showRealBreaches: true,
+    showCustomBreaches: false,
+    showRealBrokers: true,
+    showCustomBrokers: false,
+    breach_resolution: null,
+  });
 }
 
-export { getQaCustomBrokers, addQaCustomBroker };
+export {
+  getQaCustomBrokers,
+  addQaCustomBroker,
+  getAllQaCustomBrokers,
+  deleteQaCustomBrokerRow,
+  setQaCustomBrokerStatus,
+  markQaCustomBrokerAsResolved,
+  getAllQaCustomBreaches,
+  addQaCustomBreach,
+  deleteQaCustomBreach,
+  setQaToggle,
+  setQaBreachResolution,
+  createQaTogglesRow,
+};
+export type { QaBrokerData, QaBreachData };

From 35cfbd1aa4e8d659eefe8506130dcc258b52c31f Mon Sep 17 00:00:00 2001
From: Mukhamediyar Kudaikulov
 <mukhamediyarkudaikulov@wifi-10-41-27-90.wifi.berkeley.edu>
Date: Sun, 21 Jul 2024 23:59:42 -0700
Subject: [PATCH 4/8] working w no toggles

---
 .../admin/qa-customs/ConfigPage.module.scss   | 15 ++++
 .../admin/qa-customs/hibp/breachesLookup.tsx  | 56 ------------
 .../admin/qa-customs/hibp/page.tsx            | 42 ---------
 .../qa-customs/{hibp => }/hibpConfig.tsx      | 70 +++++++--------
 .../admin/qa-customs/onerep/page.tsx          | 34 -------
 .../qa-customs/{onerep => }/onerepConfig.tsx  | 49 +++++-----
 .../(authenticated)/admin/qa-customs/page.tsx | 44 +++++++++
 src/app/api/v1/admin/qa-customs/hibp/route.ts | 90 +++++++++++++------
 .../20240715110621_qa_custom_toggles.js       | 11 ++-
 .../20240715115031_qa_custom_breaches.js      |  3 +-
 src/db/tables/qa_customs.ts                   | 75 ++++++++--------
 src/utils/hibp.js                             |  2 +-
 12 files changed, 231 insertions(+), 260 deletions(-)
 delete mode 100644 src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/breachesLookup.tsx
 delete mode 100644 src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/page.tsx
 rename src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/{hibp => }/hibpConfig.tsx (87%)
 delete mode 100644 src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerep/page.tsx
 rename src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/{onerep => }/onerepConfig.tsx (90%)
 create mode 100644 src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/page.tsx

diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/ConfigPage.module.scss b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/ConfigPage.module.scss
index fcec21c691d..4c913017d27 100644
--- a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/ConfigPage.module.scss
+++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/ConfigPage.module.scss
@@ -206,3 +206,18 @@
 .unselected {
   background-color: white;
 }
+
+.configContainer {
+  display: flex;
+  background-color: $color-grey-05;
+}
+
+.configLeft {
+  flex: 1;
+  padding: 20px; /* Optional: add some padding */
+}
+
+.configRight {
+  flex: 1;
+  padding: 20px; /* Optional: add some padding */
+}
diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/breachesLookup.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/breachesLookup.tsx
deleted file mode 100644
index eb392347514..00000000000
--- a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/breachesLookup.tsx
+++ /dev/null
@@ -1,56 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-//  import { getBreaches } from "../../../../../../functions/server/getBreaches.ts";
-import styles from "../ConfigPage.module.scss";
-import { Breach } from "../../../../../../functions/universal/breach.ts";
-import { HibpLikeDbBreach } from "../../../../../../../utils/hibp.js";
-
-interface Props {
-  allBreaches: (Breach | HibpLikeDbBreach)[];
-  filterWord?: string;
-  onClickFunc?: (elem: Breach | HibpLikeDbBreach) => void;
-  additionalStyles?: string;
-}
-
-export default function BreachesLookup(props: Props) {
-  // const allBreaches = (await getBreaches());
-
-  const {
-    allBreaches,
-    filterWord = "",
-    onClickFunc = () => {},
-    additionalStyles = "",
-  } = props;
-
-  const getElementData = (breach: Breach | HibpLikeDbBreach) => {
-    const name = breach.Name;
-    const month = (breach.AddedDate as Date).toLocaleString("en-US", {
-      month: "long",
-    });
-    const year = (breach.AddedDate as Date).getFullYear();
-    return `${name} - ${month}, ${year}`;
-  };
-
-  return (
-    <div>
-      {allBreaches
-        .filter(
-          (elem) =>
-            elem.Name.includes(filterWord) ||
-            elem.Title.includes(filterWord) ||
-            String(elem.AddedDate).includes(filterWord),
-        )
-        .map((elem, index) => (
-          <p
-            className={`${styles.breachName} ${additionalStyles}`}
-            onClick={() => onClickFunc(elem)}
-            key={index}
-          >
-            {getElementData(elem)}
-          </p>
-        ))}
-    </div>
-  );
-}
diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/page.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/page.tsx
deleted file mode 100644
index a472004ff3c..00000000000
--- a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/page.tsx
+++ /dev/null
@@ -1,42 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-import { getServerSession } from "../../../../../../functions/server/getServerSession";
-import { notFound } from "next/navigation";
-import { isAdmin } from "../../../../../../api/utils/auth";
-import ConfigPage from "./hibpConfig";
-// import { getBreaches } from "../../../../../../functions/server/getBreaches.ts";
-
-export default async function DevPage() {
-  const session = await getServerSession();
-  // const allBreaches = (await getBreaches()).filter(
-  //   (breach) =>
-  //     !breach.IsRetired &&
-  //     !breach.IsSpamList &&
-  //     !breach.IsFabricated &&
-  //     breach.IsVerified &&
-  //     breach.Domain !== "",
-  // );
-
-  if (
-    !session?.user?.email ||
-    !isAdmin(session.user.email) ||
-    !session?.user?.subscriber?.primary_sha1
-  ) {
-    console.log(
-      "lolik",
-      !session?.user?.email,
-      !isAdmin(session?.user?.email || ""),
-      process.env.APP_ENV !== "production",
-      !session?.user?.subscriber?.primary_sha1,
-    );
-    return notFound();
-  }
-
-  return (
-    <ConfigPage
-      emailHashPrefix={session.user.subscriber.primary_sha1.slice(0, 6)}
-    />
-  );
-}
diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/hibpConfig.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibpConfig.tsx
similarity index 87%
rename from src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/hibpConfig.tsx
rename to src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibpConfig.tsx
index 3dfdc383092..0a93cf6930d 100644
--- a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibp/hibpConfig.tsx
+++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibpConfig.tsx
@@ -5,16 +5,16 @@
 "use client";
 
 import React, { useState, useEffect } from "react";
-import styles from "../ConfigPage.module.scss";
-import { QaBreachData } from "../../../../../../../db/tables/qa_customs";
+import styles from "./ConfigPage.module.scss";
+import { QaBreachData } from "../../../../../../db/tables/qa_customs";
 
 const endpointBase = "/api/v1/admin/qa-customs/hibp";
 
 interface Props {
-  emailHashPrefix: string;
+  emailHashFull: string;
 }
 
-const ConfigPage = (props: Props) => {
+const HibpConfigPage = (props: Props) => {
   const dataClasses = [
     "email-addresses",
     "ip-addresses",
@@ -29,7 +29,7 @@ const ConfigPage = (props: Props) => {
   const [breachesFetchHappened, setBreachesFetchHappened] =
     useState<boolean>(false);
   const [breachTypesSelection, setBreachTypesSelection] = useState<boolean[]>(
-    [],
+    dataClasses.map((_) => false),
   );
 
   const currentTime = new Date().toISOString();
@@ -60,15 +60,15 @@ const ConfigPage = (props: Props) => {
   const [newBreach, setNewBreach] = useState<QaBreachData>(baseBreach);
 
   useEffect(() => {
-    setBreachTypesSelection(dataClasses.map((_) => false));
     void fetchBreaches();
+    // eslint-disable-next-line react-hooks/exhaustive-deps
   }, []);
 
   const fetchBreaches = async () => {
     setBreachesFetchHappened(false);
     try {
       const response = await fetch(
-        `${endpointBase}?emailHashPrefix=${props.emailHashPrefix}`,
+        `${endpointBase}?emailHashPrefix=${props.emailHashFull.slice(0, 6)}`,
       );
       const data = await response.json();
       setBreaches(data);
@@ -78,6 +78,15 @@ const ConfigPage = (props: Props) => {
     setBreachesFetchHappened(true);
   };
 
+  const toggleDataClassOption = (index: number) => {
+    breachTypesSelection[index] = !breachTypesSelection[index];
+    setBreachTypesSelection(breachTypesSelection);
+    const newDataClasses = dataClasses.filter(
+      (_, i) => breachTypesSelection[i],
+    );
+    setNewBreach({ ...newBreach, ["DataClasses"]: newDataClasses });
+  };
+
   const handleChange = (
     e:
       | React.ChangeEvent<HTMLInputElement>
@@ -85,15 +94,6 @@ const ConfigPage = (props: Props) => {
       | React.ChangeEvent<HTMLTextAreaElement>,
   ) => {
     switch (e.target.name) {
-      case "DataClasses": {
-        const event = e.target as HTMLSelectElement;
-        breachTypesSelection[event.selectedIndex] = true;
-        const newDataClasses = dataClasses.filter(
-          (_, i) => breachTypesSelection[i],
-        );
-        setNewBreach({ ...newBreach, [event.name]: newDataClasses });
-        break;
-      }
       case "Title": {
         setNewBreach({
           ...newBreach,
@@ -111,12 +111,14 @@ const ConfigPage = (props: Props) => {
 
   const handleAddBreach = async (event: React.FormEvent) => {
     event.preventDefault();
-    newBreach.emailHashPrefix = props.emailHashPrefix;
+    newBreach.emailHashPrefix = props.emailHashFull.slice(0, 6);
 
     if (newBreach.emailHashPrefix.length < 6) {
       console.log("Invalid email hash!");
     }
     setBreachTypesSelection(dataClasses.map((_) => false));
+    setNewBreach(baseBreach);
+    alert("Request made successfully");
 
     try {
       const response = await fetch(endpointBase, {
@@ -129,7 +131,6 @@ const ConfigPage = (props: Props) => {
 
       if (response.ok) {
         await fetchBreaches(); // Refresh the breaches list
-        setNewBreach(baseBreach); // Reset form fields
       } else {
         console.error("Error adding breach:", await response.json());
       }
@@ -138,10 +139,10 @@ const ConfigPage = (props: Props) => {
     }
   };
 
-  const handleDeleteBreach = async (id: number, emailHashPrefix: string) => {
+  const handleDeleteBreach = async (breachId: number) => {
     try {
       const response = await fetch(
-        `${endpointBase}?id=${id}&emailHashPrefix=${emailHashPrefix}`,
+        `${endpointBase}?breachId=${breachId}&emailHashFull=${props.emailHashFull}`,
         {
           method: "DELETE",
         },
@@ -158,10 +159,10 @@ const ConfigPage = (props: Props) => {
   };
 
   return (
-    <main className={styles.wrapper}>
+    <main className={`${styles.wrapper} ${styles.configLeft}`}>
       <header className={styles.header}>
         <div>
-          Adding custom <b>Breaches</b>
+          Add custom <b>Breaches</b>
         </div>
         <br />
       </header>
@@ -180,7 +181,7 @@ const ConfigPage = (props: Props) => {
                   className={`${styles.input}`}
                   type="text"
                   name="Title"
-                  placeholder="Custom Breach"
+                  placeholder="Custom-Breach"
                   value={newBreach.Title}
                   onChange={(e) => void handleChange(e)}
                 />
@@ -215,7 +216,7 @@ const ConfigPage = (props: Props) => {
                   className={styles.input}
                   type="number"
                   name="PwnCount"
-                  placeholder="7777777"
+                  placeholder="65"
                   value={newBreach.PwnCount}
                   onChange={(e) => void handleChange(e)}
                 />
@@ -246,14 +247,15 @@ const ConfigPage = (props: Props) => {
 
               <label className={styles.label}>
                 Data Classes:
-                <select
-                  name="DataClasses"
-                  onChange={(e) => void handleChange(e)}
-                  multiple
-                >
+                <select name="DataClasses" multiple>
                   {dataClasses.map((dataClass, index) => (
                     <option
                       key={dataClass}
+                      onClick={(e) =>
+                        toggleDataClassOption(
+                          (e.target as HTMLOptionElement).index,
+                        )
+                      }
                       value={dataClass}
                       className={
                         breachTypesSelection[index]
@@ -367,15 +369,11 @@ const ConfigPage = (props: Props) => {
                   <li
                     key={breach.Id}
                     onClick={() => {
-                      void handleDeleteBreach(
-                        breach.Id,
-                        breach.emailHashPrefix,
-                      );
+                      void handleDeleteBreach(breach.Id);
                     }}
                     className={styles.listItem}
                   >
-                    {"{"} {breach.emailHashPrefix}, {breach.Title},{" "}
-                    {breach.Domain} {"}"}
+                    {"{"} {breach.Title}, {breach.Domain} {"}"}
                   </li>
                 ))
               ) : (
@@ -389,4 +387,4 @@ const ConfigPage = (props: Props) => {
   );
 };
 
-export default ConfigPage;
+export default HibpConfigPage;
diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerep/page.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerep/page.tsx
deleted file mode 100644
index 3cbafb4a58e..00000000000
--- a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerep/page.tsx
+++ /dev/null
@@ -1,34 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-import { getServerSession } from "../../../../../../functions/server/getServerSession";
-import { notFound } from "next/navigation";
-import { isAdmin } from "../../../../../../api/utils/auth";
-import ConfigPage from "./onerepConfig";
-import { getOnerepProfileId } from "../../../../../../../db/tables/subscribers";
-
-export default async function DevPage() {
-  const session = await getServerSession();
-  let onerepProfileId = -1;
-
-  const profileIdNonExistent = async () => {
-    if (!session?.user.subscriber) return true;
-    const profileId = await getOnerepProfileId(session.user.subscriber.id);
-    if (!profileId) return true;
-    onerepProfileId = profileId;
-    return false;
-  };
-
-  if (
-    !session?.user?.email ||
-    (!isAdmin(session.user.email) &&
-      session.user.email !== process.env.E2E_TEST_ACCOUNT_EMAIL) ||
-    process.env.APP_ENV !== "local" ||
-    (await profileIdNonExistent())
-  ) {
-    return notFound();
-  }
-
-  return <ConfigPage onerepProfileId={onerepProfileId} />;
-}
diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerep/onerepConfig.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerepConfig.tsx
similarity index 90%
rename from src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerep/onerepConfig.tsx
rename to src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerepConfig.tsx
index ece212f0952..281dcf2a79f 100644
--- a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerep/onerepConfig.tsx
+++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerepConfig.tsx
@@ -5,18 +5,18 @@
 "use client";
 
 import React, { useState, useEffect } from "react";
-import styles from "../ConfigPage.module.scss";
+import styles from "./ConfigPage.module.scss";
 
-interface QaBrokerData {
+interface QaBrokerDataCounts {
   onerep_scan_result_id?: number;
   onerep_profile_id: number;
   link: string;
   age: number | null | undefined;
   data_broker: string;
-  emails: string;
-  phones: string;
-  addresses: string;
-  relatives: string;
+  emails: number;
+  phones: number;
+  addresses: number;
+  relatives: number;
   first_name: string;
   middle_name: string | null | undefined;
   last_name: string;
@@ -30,9 +30,11 @@ interface Props {
   onerepProfileId: number;
 }
 
-const ConfigPage = (props: Props) => {
+const OnerepConfigPage = (props: Props) => {
   const profileId = props.onerepProfileId;
-  const [brokers, setBrokers] = useState<QaBrokerData[]>([]);
+  const [brokersFetchHappened, setBrokersFetchHappened] =
+    useState<boolean>(false);
+  const [brokers, setBrokers] = useState<QaBrokerDataCounts[]>([]);
   const [errors, setErrors] = useState({
     profile_id: false,
     data_broker: false,
@@ -40,15 +42,16 @@ const ConfigPage = (props: Props) => {
   });
 
   // Initialize a base broker template to reset form fields
-  const baseBroker: QaBrokerData = {
+
+  const baseBroker: QaBrokerDataCounts = {
     onerep_profile_id: -1,
     link: "",
     age: null,
     data_broker: "",
-    emails: "",
-    phones: "",
-    addresses: "",
-    relatives: "",
+    emails: 0,
+    phones: 0,
+    addresses: 0,
+    relatives: 0,
     first_name: "",
     middle_name: null,
     last_name: "",
@@ -57,13 +60,15 @@ const ConfigPage = (props: Props) => {
   };
 
   // Temporary state to hold form input for a new broker
-  const [newBroker, setNewBroker] = useState<QaBrokerData>(baseBroker);
+  const [newBroker, setNewBroker] = useState<QaBrokerDataCounts>(baseBroker);
 
   useEffect(() => {
     void fetchBrokers();
+    // eslint-disable-next-line react-hooks/exhaustive-deps
   }, []);
 
   const fetchBrokers = async () => {
+    setBrokersFetchHappened(false);
     try {
       const response = await fetch(
         `${endpointBase}?onerep_profile_id=${props.onerepProfileId}`,
@@ -73,6 +78,7 @@ const ConfigPage = (props: Props) => {
     } catch (error) {
       console.error("Error fetching brokers:", error);
     }
+    setBrokersFetchHappened(true);
   };
 
   const handleChange = (
@@ -110,7 +116,7 @@ const ConfigPage = (props: Props) => {
     if (hasError) return;
 
     newBroker.onerep_profile_id = profileId;
-
+    alert("Request made successfully");
     try {
       const response = await fetch(endpointBase, {
         method: "POST",
@@ -156,10 +162,10 @@ const ConfigPage = (props: Props) => {
   };
 
   return (
-    <main className={styles.wrapper}>
+    <main className={`${styles.wrapper} ${styles.configRight}`}>
       <header className={styles.header}>
         <div>
-          Adding custom <b>OneRep</b> brokers
+          Add custom <b>OneRep</b> brokers
         </div>
         <br />
       </header>
@@ -328,7 +334,9 @@ const ConfigPage = (props: Props) => {
           <div className={styles.listWrapper}>
             <h2 className={styles.h2}>Brokers List</h2>
             <ul className={styles.listContainer}>
-              {brokers.length !== 0 ? (
+              {!brokersFetchHappened ? (
+                <p>fetching...</p>
+              ) : brokers.length !== 0 ? (
                 brokers.map((broker) => (
                   <li
                     key={broker.onerep_profile_id}
@@ -337,8 +345,7 @@ const ConfigPage = (props: Props) => {
                     }
                     className={styles.listItem}
                   >
-                    {"{"} {broker.onerep_profile_id}, {broker.data_broker},{" "}
-                    {broker.link} {"}"}
+                    {"{"} {broker.data_broker}, {broker.link} {"}"}
                   </li>
                 ))
               ) : (
@@ -352,4 +359,4 @@ const ConfigPage = (props: Props) => {
   );
 };
 
-export default ConfigPage;
+export default OnerepConfigPage;
diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/page.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/page.tsx
new file mode 100644
index 00000000000..50a8cbcbd19
--- /dev/null
+++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/page.tsx
@@ -0,0 +1,44 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { getServerSession } from "../../../../../functions/server/getServerSession";
+import { notFound } from "next/navigation";
+import { isAdmin } from "../../../../../api/utils/auth";
+import HibpConfigPage from "./hibpConfig";
+import OnerepConfigPage from "./onerepConfig";
+import { getOnerepProfileId } from "../../../../../../db/tables/subscribers";
+import styles from "./ConfigPage.module.scss";
+import { createQaTogglesRow } from "../../../../../../db/tables/qa_customs";
+
+export default async function DevPage() {
+  const session = await getServerSession();
+  let onerepProfileId = -1;
+
+  const profileIdNonExistent = async () => {
+    if (!session?.user.subscriber) return true;
+    const profileId = await getOnerepProfileId(session.user.subscriber.id);
+    if (!profileId) return true;
+    onerepProfileId = profileId;
+    return false;
+  };
+
+  if (
+    !session?.user?.email ||
+    !isAdmin(session.user.email) ||
+    !session?.user?.subscriber?.primary_sha1 ||
+    (await profileIdNonExistent())
+  ) {
+    return notFound();
+  } else {
+    const { primary_sha1, id: subscriberId } = session.user.subscriber;
+    await createQaTogglesRow(primary_sha1, subscriberId);
+  }
+
+  return (
+    <div className={styles.configContainer}>
+      <HibpConfigPage emailHashFull={session.user.subscriber.primary_sha1} />
+      <OnerepConfigPage onerepProfileId={onerepProfileId} />;
+    </div>
+  );
+}
diff --git a/src/app/api/v1/admin/qa-customs/hibp/route.ts b/src/app/api/v1/admin/qa-customs/hibp/route.ts
index 003fc3accdd..43a126f20f7 100644
--- a/src/app/api/v1/admin/qa-customs/hibp/route.ts
+++ b/src/app/api/v1/admin/qa-customs/hibp/route.ts
@@ -16,6 +16,11 @@ import {
 } from "../../../../../../db/tables/qa_customs";
 import { getServerSession } from "../../../../../functions/server/getServerSession";
 import { randomInt } from "crypto";
+import {
+  getSubscribersByHashes,
+  setBreachResolution,
+} from "../../../../../../db/tables/subscribers";
+import { logger } from "../../../../../functions/server/logging";
 
 function successResponse() {
   return NextResponse.json(
@@ -30,6 +35,42 @@ async function checkAdmin() {
   return null;
 }
 
+type EmailBreachData = {
+  [breachId: string]: {
+    resolutionsChecked: string[];
+  };
+};
+
+type BreachResolutionObject = {
+  useBreachId: boolean;
+} & {
+  [email: string]: EmailBreachData;
+};
+
+/*
+  this function returns an object that removes a breach based on its breachId.
+*/
+function getObjWithRemovedBreach(
+  obj: BreachResolutionObject | null,
+  breachId: string,
+): BreachResolutionObject | null {
+  if (!obj) return null;
+  const emails = Object.keys(obj);
+  let emailCount = emails.length - 1;
+
+  for (const email of emails) {
+    if (email === "useBreachId") continue;
+    if (obj[email][breachId]) delete obj[email][breachId];
+    if (!Object.keys(obj[email]).length) {
+      delete obj[email];
+      emailCount--;
+    }
+  }
+  if (emailCount === 0) return null;
+
+  return obj;
+}
+
 export async function GET(req: NextRequest) {
   const err = await checkAdmin();
   if (err) return err;
@@ -59,8 +100,8 @@ export async function POST(req: NextRequest) {
     );
 
   const emailHashPrefix = body.emailHashPrefix.slice(0, 6);
-  const Name = body.Name || "Custom Breach";
-  const Title = body.Title || "Custom Breach";
+  const Name = body.Name || "Custom-Breach";
+  const Title = body.Title || "Custom-Breach";
   const Domain = body.Domain || "custom-breach.com";
   const ModifiedDate = body.ModifiedDate;
   const Description =
@@ -116,42 +157,37 @@ export async function DELETE(req: NextRequest) {
   const err = await checkAdmin();
   if (err) return err;
 
-  const emailHash = req.nextUrl.searchParams.get("emailHashPrefix");
-  const id = Number(req.nextUrl.searchParams.get("id"));
+  const emailHashFull = req.nextUrl.searchParams.get("emailHashFull");
+  const breachId = Number(req.nextUrl.searchParams.get("breachId"));
 
-  if (!emailHash || !id || Number.isNaN(id)) {
+  if (!emailHashFull || !breachId || Number.isNaN(breachId)) {
     return NextResponse.json(
       { error: "Missing or invalid emailHashPrefix or id parameter" },
       { status: 400 },
     );
   }
 
+  const subscriberRows = await getSubscribersByHashes([emailHashFull]);
+  for (const row of subscriberRows) {
+    const breachResolutionBefore = row.breach_resolution;
+    const breachResolutionAfter = getObjWithRemovedBreach(
+      breachResolutionBefore,
+      String(breachId),
+    );
+    const updateRes = await setBreachResolution(row, breachResolutionAfter);
+    if (!updateRes) {
+      logger.warn(
+        "QA custom breach_resolution was not updated, 'setBreachResolution' returned undefined",
+      );
+    }
+  }
+
   try {
-    await deleteQaCustomBreach(emailHash, id);
+    const emailHashPrefix = emailHashFull.slice(0, 6);
+    await deleteQaCustomBreach(emailHashPrefix, breachId);
     return successResponse();
   } catch (error) {
     console.error("Error deleting custom breach:", error);
     return internalServerError();
   }
 }
-
-export function PUT() {
-  //Change it for breach resolution within toggles table
-  return NextResponse.json(
-    { message: "Endpoint unavailable for now" },
-    { status: 200 },
-  );
-
-  // const err = await checkAdmin();
-  //  if (err) return err;
-
-  //  const onerepScanResultId = Number(req.nextUrl.searchParams.get("onerep_scan_result_id"));
-  //  const newStatus = req.nextUrl.searchParams.get("new_status");
-
-  //  if (!onerepScanResultId || Number.isNaN(onerepScanResultId) || !newStatus) {
-  //    return new NextResponse('Missing onerep_scan_result_id or newStatus parameter', { status: 400 });
-  //  }
-
-  //  await setQaCustomBrokerStatus(onerepScanResultId, newStatus);
-  //  return successResponse();
-}
diff --git a/src/db/migrations/20240715110621_qa_custom_toggles.js b/src/db/migrations/20240715110621_qa_custom_toggles.js
index 7aaea20b43c..320ea65a20f 100644
--- a/src/db/migrations/20240715110621_qa_custom_toggles.js
+++ b/src/db/migrations/20240715110621_qa_custom_toggles.js
@@ -8,13 +8,12 @@
  */
 export function up(knex) {
   return knex.schema.createTable("qa_custom_toggles", function(table) {
-    table.string("emailHash").primary();
+    table.string("email_hash").primary();
     table.integer("onerep_profile_id").notNullable();
-    table.boolean("showRealBreaches").notNullable();
-    table.boolean("showCustomBreaches").notNullable();
-    table.boolean("showRealBrokers").notNullable();
-    table.boolean("showCustomBrokers").notNullable();
-    table.jsonb("breach_resolution");
+    table.boolean("show_real_breaches").notNullable();
+    table.boolean("show_custom_breaches").notNullable();
+    table.boolean("show_real_brokers").notNullable();
+    table.boolean("show_custom_brokers").notNullable();
   });
 }
 
diff --git a/src/db/migrations/20240715115031_qa_custom_breaches.js b/src/db/migrations/20240715115031_qa_custom_breaches.js
index c9c788276a1..631bd1a1d34 100644
--- a/src/db/migrations/20240715115031_qa_custom_breaches.js
+++ b/src/db/migrations/20240715115031_qa_custom_breaches.js
@@ -3,8 +3,9 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 export function up(knex) {
+  // camel case for easier insertion into table
   return knex.schema.createTable("qa_custom_breaches", table => {
-    table.string("emailHashPrefix")
+    table.string("emailHashPrefix");
     table.integer("Id").notNullable().primary();
     table.string("Name").notNullable();
     table.string("Title").notNullable();
diff --git a/src/db/tables/qa_customs.ts b/src/db/tables/qa_customs.ts
index cb95e8c80b8..455e48d5565 100644
--- a/src/db/tables/qa_customs.ts
+++ b/src/db/tables/qa_customs.ts
@@ -48,7 +48,14 @@ interface QaBreachData {
   FaviconUrl?: string | null;
 }
 
-interface QaBreachResolution {}
+interface QaToggleRow {
+  email_hash: string;
+  onerep_profile_id: number;
+  show_real_breaches: boolean;
+  show_custom_breaches: boolean;
+  show_real_brokers: boolean;
+  show_custom_brokers: boolean;
+}
 
 async function getQaCustomBrokers(
   onerepProfileId: number | null,
@@ -144,7 +151,7 @@ async function getAllQaCustomBreaches(emailHashPrefix: string) {
   ).map((b) => {
     b.Id = Number(b.Id);
     b.Id = Number(b.Id);
-    return b as QaBreachData;
+    return formatQaBreach(b) as QaBreachData;
   });
   return res;
 }
@@ -162,24 +169,29 @@ async function addQaCustomBreach(breach: QaBreachData): Promise<void> {
 
 async function deleteQaCustomBreach(
   emailHashPrefix: string,
-  id: number,
+  Id: number,
 ): Promise<void> {
-  await knex("qa_custom_breaches")
-    .where({ emailHashPrefix: emailHashPrefix, Id: id })
-    .del();
+  await knex("qa_custom_breaches").where({ emailHashPrefix, Id }).del();
+}
+
+async function getQaToggleRow(emailHash: string) {
+  return (await knex("qa_custom_toggles")
+    .select("*")
+    .where("email_hash", emailHash)
+    .first()) as QaToggleRow;
 }
 
 async function setQaToggle(
   columnName: string,
   isShown: boolean,
-  emailHashPrefix: string,
+  emailHash: string,
 ): Promise<void> {
   // List of allowed columns to toggle
   const allowedColumns = [
-    "showRealBreaches",
-    "showCustomBreaches",
-    "showRealBrokers",
-    "showCustomBrokers",
+    "show_real_breaches",
+    "show_custom_breaches",
+    "show_real_brokers",
+    "show_custom_brokers",
   ];
 
   if (!allowedColumns.includes(columnName)) {
@@ -189,7 +201,7 @@ async function setQaToggle(
   // Get the current value of the specified column
   const record = await knex("qa_custom_toggles")
     .select(columnName)
-    .where({ emailHashPrefix })
+    .where("email_hash", emailHash)
     .first();
 
   if (!record) {
@@ -200,35 +212,26 @@ async function setQaToggle(
     .update({
       [columnName]: isShown,
     })
-    .where({ emailHashPrefix });
-}
-
-async function setQaBreachResolution(
-  emailHashPrefix: string,
-  breachResolution: QaBreachResolution,
-): Promise<void> {
-  await knex("qa_custom_toggles")
-    .update({
-      breach_resolution: JSON.stringify(breachResolution),
-    })
-    .where({ emailHashPrefix });
+    .where("email_hash", emailHash);
 }
 
 async function createQaTogglesRow(
-  emailHashPrefix: string,
+  emailHash: string,
   subscriberId: number,
 ): Promise<void> {
   const onerep_profile_id = await getOnerepProfileId(subscriberId);
 
-  await knex("qa_custom_toggles").insert({
-    emailHashPrefix,
-    onerep_profile_id,
-    showRealBreaches: true,
-    showCustomBreaches: false,
-    showRealBrokers: true,
-    showCustomBrokers: false,
-    breach_resolution: null,
-  });
+  await knex("qa_custom_toggles")
+    .insert({
+      email_hash: emailHash,
+      onerep_profile_id,
+      show_real_breaches: true,
+      show_custom_breaches: true,
+      show_real_brokers: true,
+      show_custom_brokers: true,
+    })
+    .onConflict("email_hash")
+    .ignore();
 }
 
 export {
@@ -241,9 +244,9 @@ export {
   getAllQaCustomBreaches,
   addQaCustomBreach,
   deleteQaCustomBreach,
+  getQaToggleRow,
   setQaToggle,
-  setQaBreachResolution,
   createQaTogglesRow,
   formatQaBreach,
 };
-export type { QaBrokerData, QaBreachData };
+export type { QaBrokerData, QaBreachData, QaToggleRow };
diff --git a/src/utils/hibp.js b/src/utils/hibp.js
index ad7beeb57b0..caa02da2af3 100644
--- a/src/utils/hibp.js
+++ b/src/utils/hibp.js
@@ -295,7 +295,7 @@ async function getBreachesForEmail(sha1, allBreaches, includeSensitive = false,
   const sha1Prefix = sha1.slice(0, 6).toUpperCase()
   const path = `/range/search/${sha1Prefix}`
 
-  const qaBreaches = (await getAllQaCustomBreaches(sha1Prefix)).map(b => formatQaBreach(b));
+  const qaBreaches = await getAllQaCustomBreaches(sha1Prefix);
   
   const response = await kAnonReq(path)
   if (!response || (response && response.length < 1)) {

From dd5ec8cc39ac1beaf079b18e130f2684017852df Mon Sep 17 00:00:00 2001
From: Mukhamediyar Kudaikulov <mukhamediyarkudaikulov@moco.local>
Date: Tue, 23 Jul 2024 17:47:11 -0700
Subject: [PATCH 5/8] added toggling functionality

---
 .../admin/qa-customs/ConfigPage.module.scss   |  4 ++
 .../admin/qa-customs/hibpConfig.tsx           | 67 ++++++++++++++++--
 .../admin/qa-customs/onerepConfig.tsx         | 65 ++++++++++++++++--
 .../(authenticated)/admin/qa-customs/page.tsx | 25 +++++--
 src/app/api/v1/admin/qa-customs/route.ts      | 26 +------
 src/db/tables/onerep_scans.ts                 | 46 ++++++++-----
 src/db/tables/qa_customs.ts                   | 68 ++++++++++++++-----
 src/utils/hibp.js                             | 13 +++-
 8 files changed, 239 insertions(+), 75 deletions(-)

diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/ConfigPage.module.scss b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/ConfigPage.module.scss
index 4c913017d27..83dc0b38e16 100644
--- a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/ConfigPage.module.scss
+++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/ConfigPage.module.scss
@@ -221,3 +221,7 @@
   flex: 1;
   padding: 20px; /* Optional: add some padding */
 }
+
+.buttonContainer {
+  display: flex;
+}
diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibpConfig.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibpConfig.tsx
index 0a93cf6930d..57ad196b15e 100644
--- a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibpConfig.tsx
+++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/hibpConfig.tsx
@@ -9,9 +9,14 @@ import styles from "./ConfigPage.module.scss";
 import { QaBreachData } from "../../../../../../db/tables/qa_customs";
 
 const endpointBase = "/api/v1/admin/qa-customs/hibp";
+const endpointToggleBase = "/api/v1/admin/qa-customs";
 
 interface Props {
   emailHashFull: string;
+  showApiBreaches: boolean;
+  showQaBreaches: boolean;
+  showApiParamEnum: string;
+  showQaParamEnum: string;
 }
 
 const HibpConfigPage = (props: Props) => {
@@ -58,6 +63,12 @@ const HibpConfigPage = (props: Props) => {
 
   // Temporary state to hold form input for a new breach
   const [newBreach, setNewBreach] = useState<QaBreachData>(baseBreach);
+  const [showQaBreaches, setShowQaBreaches] = useState<boolean>(
+    props.showQaBreaches,
+  );
+  const [showApiBreaches, setShowApiBreaches] = useState<boolean>(
+    props.showApiBreaches,
+  );
 
   useEffect(() => {
     void fetchBreaches();
@@ -113,21 +124,19 @@ const HibpConfigPage = (props: Props) => {
     event.preventDefault();
     newBreach.emailHashPrefix = props.emailHashFull.slice(0, 6);
 
-    if (newBreach.emailHashPrefix.length < 6) {
-      console.log("Invalid email hash!");
-    }
     setBreachTypesSelection(dataClasses.map((_) => false));
     setNewBreach(baseBreach);
-    alert("Request made successfully");
 
     try {
-      const response = await fetch(endpointBase, {
+      const req = fetch(endpointBase, {
         method: "POST",
         headers: {
           "Content-Type": "application/json",
         },
         body: JSON.stringify(newBreach),
       });
+      alert("Request made successfully");
+      const response = await req;
 
       if (response.ok) {
         await fetchBreaches(); // Refresh the breaches list
@@ -141,12 +150,14 @@ const HibpConfigPage = (props: Props) => {
 
   const handleDeleteBreach = async (breachId: number) => {
     try {
-      const response = await fetch(
+      const req = fetch(
         `${endpointBase}?breachId=${breachId}&emailHashFull=${props.emailHashFull}`,
         {
           method: "DELETE",
         },
       );
+      alert("Deletion request made successfully!");
+      const response = await req;
 
       if (response.ok) {
         await fetchBreaches(); // Refresh the breaches list
@@ -158,15 +169,57 @@ const HibpConfigPage = (props: Props) => {
     }
   };
 
+  const toggleQaBreaches = () => {
+    void fetch(
+      endpointToggleBase +
+        `?columnName=${props.showQaParamEnum}&isVisible=${!showQaBreaches}`,
+      {
+        method: "PUT",
+      },
+    ).then((res) => {
+      if (res.ok) {
+        setShowQaBreaches(!showQaBreaches);
+        return;
+      }
+      alert("Something went wrong during the QA breaches toggle...");
+    });
+    alert("Request made successfully!");
+  };
+
+  const toggleApiBreaches = () => {
+    void fetch(
+      endpointToggleBase +
+        `?columnName=${props.showApiParamEnum}&isVisible=${!showApiBreaches}`,
+      {
+        method: "PUT",
+      },
+    ).then((res) => {
+      if (res.ok) {
+        setShowApiBreaches(!showApiBreaches);
+        return;
+      }
+      alert("Something went wrong during the API breaches toggle...");
+    });
+    alert("Request made successfully!");
+  };
+
   return (
     <main className={`${styles.wrapper} ${styles.configLeft}`}>
       <header className={styles.header}>
         <div>
           Add custom <b>Breaches</b>
         </div>
-        <br />
       </header>
 
+      <div className={styles.buttonContainer}>
+        <button className={styles.button} onClick={toggleQaBreaches}>
+          Toggle QA breaches, current: {showQaBreaches ? "on" : "off"}
+        </button>
+        <button className={styles.button} onClick={toggleApiBreaches}>
+          Toggle API breaches, current: {showApiBreaches ? "on" : "off"}
+        </button>
+      </div>
+
       <div className={styles.formAndListWrapper}>
         <form
           className={styles.formWrapper}
diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerepConfig.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerepConfig.tsx
index 281dcf2a79f..acb07e12376 100644
--- a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerepConfig.tsx
+++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerepConfig.tsx
@@ -25,9 +25,14 @@ interface QaBrokerDataCounts {
 }
 
 const endpointBase = "/api/v1/admin/qa-customs/onerep";
+const endpointToggleBase = "/api/v1/admin/qa-customs";
 
 interface Props {
   onerepProfileId: number;
+  showApiBrokers: boolean;
+  showQaBrokers: boolean;
+  showApiParamEnum: string;
+  showQaParamEnum: string;
 }
 
 const OnerepConfigPage = (props: Props) => {
@@ -61,6 +66,12 @@ const OnerepConfigPage = (props: Props) => {
 
   // Temporary state to hold form input for a new broker
   const [newBroker, setNewBroker] = useState<QaBrokerDataCounts>(baseBroker);
+  const [showQaBrokers, setShowQaBrokers] = useState<boolean>(
+    props.showQaBrokers,
+  );
+  const [showApiBrokers, setShowApiBrokers] = useState<boolean>(
+    props.showApiBrokers,
+  );
 
   useEffect(() => {
     void fetchBrokers();
@@ -116,9 +127,8 @@ const OnerepConfigPage = (props: Props) => {
     if (hasError) return;
 
     newBroker.onerep_profile_id = profileId;
-    alert("Request made successfully");
     try {
-      const response = await fetch(endpointBase, {
+      const req = fetch(endpointBase, {
         method: "POST",
         headers: {
           "Content-Type": "application/json",
@@ -130,6 +140,9 @@ const OnerepConfigPage = (props: Props) => {
             newBroker.manually_resolved === "false" ? false : true,
         }),
       });
+      alert("Request made successfully");
+
+      const response = await req;
 
       if (response.ok) {
         await fetchBrokers(); // Refresh the brokers list
@@ -144,12 +157,14 @@ const OnerepConfigPage = (props: Props) => {
 
   const handleDeleteBroker = async (onerep_scan_result_id: number) => {
     try {
-      const response = await fetch(
+      const req = fetch(
         `${endpointBase}?onerep_scan_result_id=${onerep_scan_result_id}`,
         {
           method: "DELETE",
         },
       );
+      alert("Deletion request made successfully!");
+      const response = await req;
 
       if (response.ok) {
         await fetchBrokers(); // Refresh the brokers list
@@ -161,15 +176,57 @@ const OnerepConfigPage = (props: Props) => {
     }
   };
 
+  const toggleQaBrokers = () => {
+    void fetch(
+      endpointToggleBase +
+        `?columnName=${props.showQaParamEnum}&isVisible=${!showQaBrokers}`,
+      {
+        method: "PUT",
+      },
+    ).then((res) => {
+      if (res.ok) {
+        setShowQaBrokers(!showQaBrokers);
+        return;
+      }
+      alert("Something went wrong during the QA brokers toggle...");
+    });
+    alert("Request made successfully!");
+  };
+
+  const toggleApiBrokers = () => {
+    void fetch(
+      endpointToggleBase +
+        `?columnName=${props.showApiParamEnum}&isVisible=${!showApiBrokers}`,
+      {
+        method: "PUT",
+      },
+    ).then((res) => {
+      if (res.ok) {
+        setShowApiBrokers(!showApiBrokers);
+        return;
+      }
+      alert("Something went wrong during the API brokers toggle...");
+    });
+    alert("Request made successfully!");
+  };
+
   return (
     <main className={`${styles.wrapper} ${styles.configRight}`}>
       <header className={styles.header}>
         <div>
           Add custom <b>OneRep</b> brokers
         </div>
-        <br />
       </header>
 
+      <div className={styles.buttonContainer}>
+        <button className={styles.button} onClick={toggleQaBrokers}>
+          Toggle QA brokers, current: {showQaBrokers ? "on" : "off"}
+        </button>
+        <button className={styles.button} onClick={toggleApiBrokers}>
+          Toggle API brokers, current: {showApiBrokers ? "on" : "off"}
+        </button>
+      </div>
+
       <div className={styles.formAndListWrapper}>
         <form
           className={styles.formWrapper}
diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/page.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/page.tsx
index 50a8cbcbd19..b72a5fcaf01 100644
--- a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/page.tsx
+++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/page.tsx
@@ -9,11 +9,15 @@ import HibpConfigPage from "./hibpConfig";
 import OnerepConfigPage from "./onerepConfig";
 import { getOnerepProfileId } from "../../../../../../db/tables/subscribers";
 import styles from "./ConfigPage.module.scss";
-import { createQaTogglesRow } from "../../../../../../db/tables/qa_customs";
+import {
+  createQaTogglesRow,
+  AllowedToggleColumns,
+} from "../../../../../../db/tables/qa_customs";
 
 export default async function DevPage() {
   const session = await getServerSession();
   let onerepProfileId = -1;
+  let existingRow = null;
 
   const profileIdNonExistent = async () => {
     if (!session?.user.subscriber) return true;
@@ -32,13 +36,26 @@ export default async function DevPage() {
     return notFound();
   } else {
     const { primary_sha1, id: subscriberId } = session.user.subscriber;
-    await createQaTogglesRow(primary_sha1, subscriberId);
+    existingRow = await createQaTogglesRow(primary_sha1, subscriberId);
   }
 
   return (
     <div className={styles.configContainer}>
-      <HibpConfigPage emailHashFull={session.user.subscriber.primary_sha1} />
-      <OnerepConfigPage onerepProfileId={onerepProfileId} />;
+      <HibpConfigPage
+        emailHashFull={session.user.subscriber.primary_sha1}
+        showApiBreaches={existingRow.show_real_breaches}
+        showQaBreaches={existingRow.show_custom_breaches}
+        showApiParamEnum={AllowedToggleColumns.ShowRealBreaches}
+        showQaParamEnum={AllowedToggleColumns.ShowCustomBreaches}
+      />
+      <OnerepConfigPage
+        onerepProfileId={onerepProfileId}
+        showApiBrokers={existingRow.show_real_brokers}
+        showQaBrokers={existingRow.show_custom_brokers}
+        showApiParamEnum={AllowedToggleColumns.ShowRealBrokers}
+        showQaParamEnum={AllowedToggleColumns.ShowCustomBrokers}
+      />
+      ;
     </div>
   );
 }
diff --git a/src/app/api/v1/admin/qa-customs/route.ts b/src/app/api/v1/admin/qa-customs/route.ts
index 98a9e2a902b..f92e9d93b72 100644
--- a/src/app/api/v1/admin/qa-customs/route.ts
+++ b/src/app/api/v1/admin/qa-customs/route.ts
@@ -4,30 +4,10 @@
 
 import { NextRequest, NextResponse } from "next/server";
 import { getServerSession } from "../../../../functions/server/getServerSession";
-import {
-  createQaTogglesRow,
-  setQaToggle,
-} from "../../../../../db/tables/qa_customs";
+import { setQaToggle } from "../../../../../db/tables/qa_customs";
 import { isAdmin } from "../../../utils/auth";
 import { unauthError } from "../../../utils/errorThrower";
 
-export async function POST() {
-  const session = await getServerSession();
-  if (!isAdmin(session?.user.email || "")) return unauthError();
-
-  const emailSha1 = session?.user.subscriber?.primary_email;
-  const subscriberId = session?.user.subscriber?.id;
-  if (!emailSha1 || !subscriberId) {
-    return NextResponse.json(
-      { error: "Either email or subscriber id seems to be missing" },
-      { status: 400 },
-    );
-  }
-  await createQaTogglesRow(emailSha1, subscriberId);
-
-  return NextResponse.json({ error: "QaToggles row created" }, { status: 200 });
-}
-
 export async function PUT(req: NextRequest) {
   const session = await getServerSession();
   if (!isAdmin(session?.user.email || "")) return unauthError();
@@ -39,8 +19,6 @@ export async function PUT(req: NextRequest) {
       { status: 400 },
     );
 
-  const emailHashPrefix = emailHash.slice(0, 6);
-
   const columnName = req.nextUrl.searchParams.get("columnName");
   const isVisible = req.nextUrl.searchParams.get("isVisible");
   if (!columnName || !isVisible)
@@ -50,7 +28,7 @@ export async function PUT(req: NextRequest) {
     );
   const toggle = isVisible === "false" ? false : true;
 
-  await setQaToggle(columnName, toggle, emailHashPrefix);
+  await setQaToggle(columnName, toggle, emailHash);
 
   return NextResponse.json(
     { error: `${columnName} toggled to ${toggle}` },
diff --git a/src/db/tables/onerep_scans.ts b/src/db/tables/onerep_scans.ts
index a940a62eb00..af701826efd 100644
--- a/src/db/tables/onerep_scans.ts
+++ b/src/db/tables/onerep_scans.ts
@@ -16,7 +16,7 @@ import {
   SubscriberRow,
 } from "knex/types/tables";
 import { RemovalStatus } from "../../app/functions/universal/scanResult.js";
-import { getQaCustomBrokers } from "./qa_customs.ts";
+import { getQaCustomBrokers, getQaToggleRow } from "./qa_customs.ts";
 
 const knex = createDbConnection();
 
@@ -151,22 +151,34 @@ async function getLatestOnerepScanResults(
   let results: OnerepScanResultRow[] = [];
 
   if (typeof scan !== "undefined") {
-    // Fetch initial results from onerep_scan_results
-    const scanResults = (await knex("onerep_scan_results")
-      .select("*")
-      .distinctOn("link")
-      .where("onerep_profile_id", onerepProfileId)
-      .innerJoin(
-        "onerep_scans",
-        "onerep_scan_results.onerep_scan_id",
-        "onerep_scans.onerep_scan_id",
-      )
-      .orderBy("link")
-      .orderBy("onerep_scan_result_id", "desc")) as OnerepScanResultRow[];
-    results = [
-      ...scanResults,
-      ...(await getQaCustomBrokers(onerepProfileId, scan?.onerep_scan_id)),
-    ];
+    const qaToggles = await getQaToggleRow(onerepProfileId);
+    let showCustomBrokers = true;
+    let showRealBrokers = true;
+
+    if (qaToggles) {
+      showCustomBrokers = qaToggles.show_custom_brokers;
+      showRealBrokers = qaToggles.show_real_brokers;
+    }
+
+    const qaBrokers = !showCustomBrokers
+      ? []
+      : await getQaCustomBrokers(onerepProfileId, scan?.onerep_scan_id);
+    if (!showRealBrokers) results = qaBrokers;
+    else {
+      // Fetch initial results from onerep_scan_results
+      const scanResults = (await knex("onerep_scan_results")
+        .select("*")
+        .distinctOn("link")
+        .where("onerep_profile_id", onerepProfileId)
+        .innerJoin(
+          "onerep_scans",
+          "onerep_scan_results.onerep_scan_id",
+          "onerep_scans.onerep_scan_id",
+        )
+        .orderBy("link")
+        .orderBy("onerep_scan_result_id", "desc")) as OnerepScanResultRow[];
+      results = [...scanResults, ...qaBrokers];
+    }
   }
 
   return {
diff --git a/src/db/tables/qa_customs.ts b/src/db/tables/qa_customs.ts
index 455e48d5565..1905ec3780b 100644
--- a/src/db/tables/qa_customs.ts
+++ b/src/db/tables/qa_customs.ts
@@ -57,6 +57,13 @@ interface QaToggleRow {
   show_custom_brokers: boolean;
 }
 
+enum AllowedToggleColumns {
+  ShowRealBreaches = "show_real_breaches",
+  ShowCustomBreaches = "show_custom_breaches",
+  ShowRealBrokers = "show_real_brokers",
+  ShowCustomBrokers = "show_custom_brokers",
+}
+
 async function getQaCustomBrokers(
   onerepProfileId: number | null,
   onerepScanId: number | undefined | null,
@@ -174,11 +181,22 @@ async function deleteQaCustomBreach(
   await knex("qa_custom_breaches").where({ emailHashPrefix, Id }).del();
 }
 
-async function getQaToggleRow(emailHash: string) {
-  return (await knex("qa_custom_toggles")
-    .select("*")
-    .where("email_hash", emailHash)
-    .first()) as QaToggleRow;
+async function getQaToggleRow(emailHashOrOneRepId: string | number | null) {
+  if (emailHashOrOneRepId === null) {
+    return null;
+  }
+  if (typeof emailHashOrOneRepId === "string") {
+    return (await knex("qa_custom_toggles")
+      .select("*")
+      .where("email_hash", emailHashOrOneRepId)
+      .first()) as QaToggleRow;
+  } else if (typeof emailHashOrOneRepId === "number") {
+    return (await knex("qa_custom_toggles")
+      .select("*")
+      .where("onerep_profile_id", emailHashOrOneRepId)
+      .first()) as QaToggleRow;
+  }
+  return null;
 }
 
 async function setQaToggle(
@@ -205,7 +223,7 @@ async function setQaToggle(
     .first();
 
   if (!record) {
-    throw new Error(`No record found with given onerep_profile_id`);
+    throw new Error(`No record found with given email_hash`);
   }
 
   await knex("qa_custom_toggles")
@@ -218,20 +236,35 @@ async function setQaToggle(
 async function createQaTogglesRow(
   emailHash: string,
   subscriberId: number,
-): Promise<void> {
+): Promise<QaToggleRow> {
   const onerep_profile_id = await getOnerepProfileId(subscriberId);
+  if (onerep_profile_id === null) throw new Error("OneRep profile ID missing!");
 
-  await knex("qa_custom_toggles")
-    .insert({
-      email_hash: emailHash,
-      onerep_profile_id,
-      show_real_breaches: true,
-      show_custom_breaches: true,
-      show_real_brokers: true,
-      show_custom_brokers: true,
-    })
+  const row = {
+    email_hash: emailHash,
+    onerep_profile_id,
+    show_real_breaches: true,
+    show_custom_breaches: true,
+    show_real_brokers: true,
+    show_custom_brokers: true,
+  };
+
+  // Try to insert the row
+  const [insertedRow] = await knex("qa_custom_toggles")
+    .insert(row)
     .onConflict("email_hash")
-    .ignore();
+    .ignore()
+    .returning("*");
+
+  if (insertedRow) {
+    return insertedRow as QaToggleRow;
+  } else {
+    // If insert was ignored due to conflict, fetch the existing row based on email_hash
+    const existingRow = await knex("qa_custom_toggles")
+      .where({ email_hash: emailHash })
+      .first();
+    return existingRow as QaToggleRow;
+  }
 }
 
 export {
@@ -248,5 +281,6 @@ export {
   setQaToggle,
   createQaTogglesRow,
   formatQaBreach,
+  AllowedToggleColumns,
 };
 export type { QaBrokerData, QaBreachData, QaToggleRow };
diff --git a/src/utils/hibp.js b/src/utils/hibp.js
index 2800550317a..aca6957c093 100644
--- a/src/utils/hibp.js
+++ b/src/utils/hibp.js
@@ -7,7 +7,7 @@ import { getAllBreaches, upsertBreaches, knex } from '../db/tables/breaches.js'
 import { InternalServerError } from '../utils/error.js'
 import { getMessage } from '../utils/fluent.js'
 import { isUsingMockHIBPEndpoint } from '../app/functions/universal/mock.ts'
-import { formatQaBreach, getAllQaCustomBreaches } from '../db/tables/qa_customs.ts'
+import { getAllQaCustomBreaches, getQaToggleRow } from '../db/tables/qa_customs.ts'
 const { HIBP_THROTTLE_MAX_TRIES, HIBP_THROTTLE_DELAY, HIBP_API_ROOT, HIBP_KANON_API_ROOT, HIBP_KANON_API_TOKEN } = AppConstants
 
 
@@ -288,7 +288,16 @@ async function getBreachesForEmail(sha1, allBreaches, includeSensitive = false,
   const sha1Prefix = sha1.slice(0, 6).toUpperCase()
   const path = `/range/search/${sha1Prefix}`
 
-  const qaBreaches = await getAllQaCustomBreaches(sha1Prefix);
+  const qaToggles = await getQaToggleRow(sha1);
+  let showCustomBreaches = true
+  let showRealBreaches = true;
+  if (qaToggles) {
+    showCustomBreaches = qaToggles.show_custom_breaches;
+    showRealBreaches = qaToggles.show_real_breaches;
+  }
+
+  const qaBreaches = !showCustomBreaches? [] : await getAllQaCustomBreaches(sha1Prefix);
+  if (!showRealBreaches) return qaBreaches;
   
   const response = await kAnonReq(path)
   if (!response || (response && response.length < 1)) {

From 40898ea0514780e8638a3cdd1afef7f6de72be4c Mon Sep 17 00:00:00 2001
From: Mukhamediyar Kudaikulov <mukhamediyarkudaikulov@moco.local>
Date: Thu, 25 Jul 2024 13:09:36 -0700
Subject: [PATCH 6/8] added optout_attempts field

---
 .../admin/qa-customs/onerepConfig.tsx               | 13 +++++++++++++
 src/app/api/v1/admin/qa-customs/onerep/route.ts     |  2 ++
 .../migrations/20240710214906_qa_custom_brokers.js  |  1 +
 src/db/tables/qa_customs.ts                         |  1 +
 4 files changed, 17 insertions(+)

diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerepConfig.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerepConfig.tsx
index acb07e12376..111094917db 100644
--- a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerepConfig.tsx
+++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/onerepConfig.tsx
@@ -22,6 +22,7 @@ interface QaBrokerDataCounts {
   last_name: string;
   status: string;
   manually_resolved: string;
+  optout_attempts?: number;
 }
 
 const endpointBase = "/api/v1/admin/qa-customs/onerep";
@@ -381,6 +382,18 @@ const OnerepConfigPage = (props: Props) => {
                   <option value="removed">Removed</option>
                 </select>
               </label>
+
+              <label className={styles.label}>
+                Optout Attempts:
+                <input
+                  className={styles.input}
+                  type="number"
+                  name="optout_attempts"
+                  placeholder="0"
+                  value={newBroker.optout_attempts ?? ""}
+                  onChange={handleChange}
+                />
+              </label>
             </div>
           </div>
           <button className={styles.button} type="submit">
diff --git a/src/app/api/v1/admin/qa-customs/onerep/route.ts b/src/app/api/v1/admin/qa-customs/onerep/route.ts
index 2c9d76f213a..c80b4b9607f 100644
--- a/src/app/api/v1/admin/qa-customs/onerep/route.ts
+++ b/src/app/api/v1/admin/qa-customs/onerep/route.ts
@@ -83,6 +83,7 @@ export async function POST(req: NextRequest) {
   const last_name = body.last_name || "Doe";
   const status = body.status || "new";
   const manually_resolved = body.manually_resolved || false;
+  const optout_attempts = body.optout_attempts || null;
 
   const brokerData: QaBrokerData = {
     onerep_profile_id,
@@ -98,6 +99,7 @@ export async function POST(req: NextRequest) {
     last_name,
     status,
     manually_resolved,
+    optout_attempts,
   };
   try {
     await addQaCustomBroker(brokerData);
diff --git a/src/db/migrations/20240710214906_qa_custom_brokers.js b/src/db/migrations/20240710214906_qa_custom_brokers.js
index f990ee12da3..5c71b635e63 100644
--- a/src/db/migrations/20240710214906_qa_custom_brokers.js
+++ b/src/db/migrations/20240710214906_qa_custom_brokers.js
@@ -25,6 +25,7 @@ export function up(knex) {
       table.boolean("manually_resolved").defaultTo(false);
       table.timestamp("created_at").defaultTo(knex.fn.now());
       table.timestamp("updated_at").defaultTo(knex.fn.now());
+      table.integer("optout_attempts");
     });
 }
 
diff --git a/src/db/tables/qa_customs.ts b/src/db/tables/qa_customs.ts
index 1905ec3780b..e4ef0dd9c55 100644
--- a/src/db/tables/qa_customs.ts
+++ b/src/db/tables/qa_customs.ts
@@ -24,6 +24,7 @@ interface QaBrokerData {
   last_name: string;
   status: string;
   manually_resolved: boolean;
+  optout_attempts: number;
 }
 
 interface QaBreachData {

From 4329f18525dcba7fa01719e5f1db53e5abb179b3 Mon Sep 17 00:00:00 2001
From: Mukhamediyar Kudaikulov <mukhamediyarkudaikulov@moco.local>
Date: Thu, 25 Jul 2024 14:16:05 -0700
Subject: [PATCH 7/8] deleted obsolete file

---
 src/app/api/mock/resetTestData/reset.ts | 50 -------------------------
 1 file changed, 50 deletions(-)
 delete mode 100644 src/app/api/mock/resetTestData/reset.ts

diff --git a/src/app/api/mock/resetTestData/reset.ts b/src/app/api/mock/resetTestData/reset.ts
deleted file mode 100644
index 3db8276019e..00000000000
--- a/src/app/api/mock/resetTestData/reset.ts
+++ /dev/null
@@ -1,50 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-import {
-  deleteScanResultsForProfile,
-  deleteSomeScansForProfile,
-} from "../../../../db/tables/onerep_scans";
-import {
-  getOnerepProfileId,
-  unresolveAllBreaches,
-} from "../../../../db/tables/subscribers";
-import { logger } from "../../../functions/server/logging";
-
-export async function resetData(
-  subscriberId: number,
-  resetHibp: boolean,
-  resetOneRep: boolean,
-): Promise<[success: boolean, msg?: string | undefined]> {
-  const onerepProfileId = await getOnerepProfileId(subscriberId);
-  if (!onerepProfileId) return [false, "Unable to fetch OneRep profile ID"];
-  if (resetHibp) await unresolveAllBreaches(onerepProfileId);
-  if (resetOneRep) {
-    await deleteSomeScansForProfile(onerepProfileId, 1);
-    await deleteScanResultsForProfile(onerepProfileId);
-  }
-  const oneRepMsg = `${resetOneRep ? "attempted to delete all but 1 scans" : ""}`;
-  const hibpMsg = `${resetHibp ? "attempted to unresolve all breaches" : ""}`;
-  const loggerMsg =
-    `${oneRepMsg}${resetOneRep && resetHibp ? ", " : ""}${hibpMsg}` ||
-    "no action done";
-  logger.info(`Mock Data Reset endpoint: ${loggerMsg}`);
-  return [true];
-}
-
-export function brokerOverwriteOneRep() {
-  //modify json file
-}
-
-export function breachOverwriteHibp() {
-  //modify json file
-}
-
-export function brokerAddOneRep() {
-  //modify json file
-}
-
-export function breachAddeHibp() {
-  //modify json file
-}

From 4bae8b72639821763ac62328ac88053682d09151 Mon Sep 17 00:00:00 2001
From: Mukhamediyar Kudaikulov <mukhamediyarkudaikulov@moco.lan>
Date: Tue, 30 Jul 2024 11:35:18 -0700
Subject: [PATCH 8/8] deleted unused files

---
 src/app/api/mock/hibp/mockData/mockOverwrite.json   |  5 -----
 src/app/api/mock/onerep/mockData/mockOverwrite.json | 11 -----------
 2 files changed, 16 deletions(-)
 delete mode 100644 src/app/api/mock/hibp/mockData/mockOverwrite.json
 delete mode 100644 src/app/api/mock/onerep/mockData/mockOverwrite.json

diff --git a/src/app/api/mock/hibp/mockData/mockOverwrite.json b/src/app/api/mock/hibp/mockData/mockOverwrite.json
deleted file mode 100644
index e2d446a09c5..00000000000
--- a/src/app/api/mock/hibp/mockData/mockOverwrite.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "doOvewrite": false,
-  "breachesOverwrite": [],
-  "breachesAdd": []
-}
diff --git a/src/app/api/mock/onerep/mockData/mockOverwrite.json b/src/app/api/mock/onerep/mockData/mockOverwrite.json
deleted file mode 100644
index 07cfbe08dab..00000000000
--- a/src/app/api/mock/onerep/mockData/mockOverwrite.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
-  "doOverwrite": false,
-  "brokersOverwrite": [
-    {
-      "relatives": ["Jon Jones"],
-      "link": "https://mockexample.com/link-to-databroker-e2e-test-1",
-      "data_broker": "mockexample-e2e-test-1.com"
-    }
-  ],
-  "brokersAdd": []
-}