Add user management features to admin section

- Add ability to create new users from admin panel - Add role dropdown (User/Admin) for each user - Replace toggle buttons with select dropdown for role management - Admin users can access the Admin section in settings - Regular users see only Profile and Notifications sections Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-05-03 04:42:46 +02:00 · 2026-01-21 13:17:27 -05:00 · 2026-01-21 13:17:27 -05:00 · 040cdb9c42
commit 040cdb9c42
parent f46c6ad9d4
3 changed files with 200 additions and 25 deletions
--- a/backend/src/routes/admin.ts
+++ b/backend/src/routes/admin.ts
@ -1,4 +1,5 @@
 import { Router, Response, NextFunction } from 'express';
+import bcrypt from 'bcrypt';
 import { AuthRequest, authMiddleware } from '../middleware/auth';
 import { userQueries, systemSettingsQueries } from '../models';

@ -38,6 +39,57 @@ router.get('/users', async (_req: AuthRequest, res: Response) => {
  }
 });

+// Create a new user
+router.post('/users', async (req: AuthRequest, res: Response) => {
+  try {
+    const { email, password, is_admin } = req.body;
+
+    if (!email || !password) {
+      res.status(400).json({ error: 'Email and password are required' });
+      return;
+    }
+
+    if (password.length < 8) {
+      res.status(400).json({ error: 'Password must be at least 8 characters' });
+      return;
+    }
+
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    if (!emailRegex.test(email)) {
+      res.status(400).json({ error: 'Invalid email format' });
+      return;
+    }
+
+    const existingUser = await userQueries.findByEmail(email);
+    if (existingUser) {
+      res.status(409).json({ error: 'Email already registered' });
+      return;
+    }
+
+    const saltRounds = 12;
+    const passwordHash = await bcrypt.hash(password, saltRounds);
+
+    const user = await userQueries.create(email, passwordHash);
+
+    // Set admin status if specified
+    if (is_admin) {
+      await userQueries.setAdmin(user.id, true);
+    }
+
+    res.status(201).json({
+      message: 'User created successfully',
+      user: {
+        id: user.id,
+        email: user.email,
+        is_admin: is_admin || false,
+      },
+    });
+  } catch (error) {
+    console.error('Error creating user:', error);
+    res.status(500).json({ error: 'Failed to create user' });
+  }
+});
+
 // Delete a user
 router.delete('/users/:id', async (req: AuthRequest, res: Response) => {
  try {