Make an some sort of graphical admin center, a page that is accessible through a special url and password protected, that accesses the current autogenerator functions for generating CRUDs and models and allows to write over the current conf/conf.lua file for updating settings of an application
Admin areas are a major attack target in web apps, so this one may need extra care with regards to security aspects. Some suggestions I can think of right now:
disabled by default. and when it is enabled, no default account. the user must enter the admin username and password for it to be enabled.
do not allow username and password to be the same, or the pass to be blank, and check for weak password. all this before hashing and storing the password
make sure the auth cannot be bypassed or any of the admin features can be accessed without really being authenticated
using the current session library for handling this is a no-no because of #58
Make an some sort of graphical admin center, a page that is accessible through a special url and password protected, that accesses the current autogenerator functions for generating CRUDs and models and allows to write over the current conf/conf.lua file for updating settings of an application