Add settings page with profile, notifications, and admin sections

- Add sidebar navigation to settings page - Add profile section for name management and password change - Add admin section for user management and registration toggle - Add profile API endpoints (GET/PUT /profile, PUT /profile/password) - Add admin API endpoints (users CRUD, system settings) - Add system_settings table for registration control - Add name and is_admin columns to users table - First registered user automatically becomes admin - Check registration status on register/login page Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-05-12 09:12:40 +02:00 · 2026-01-21 07:58:11 -05:00 · 2026-01-21 07:58:11 -05:00 · f46c6ad9d4
commit f46c6ad9d4
parent 0c8ce22cc1
8 changed files with 1129 additions and 133 deletions
--- a/backend/src/routes/admin.ts
+++ b/backend/src/routes/admin.ts
@ -0,0 +1,132 @@
+import { Router, Response, NextFunction } from 'express';
+import { AuthRequest, authMiddleware } from '../middleware/auth';
+import { userQueries, systemSettingsQueries } from '../models';
+
+const router = Router();
+
+// All routes require authentication
+router.use(authMiddleware);
+
+// Admin middleware - checks if user is admin
+const adminMiddleware = async (req: AuthRequest, res: Response, next: NextFunction) => {
+  try {
+    const userId = req.userId!;
+    const user = await userQueries.findById(userId);
+
+    if (!user || !user.is_admin) {
+      res.status(403).json({ error: 'Admin access required' });
+      return;
+    }
+
+    next();
+  } catch (error) {
+    console.error('Admin middleware error:', error);
+    res.status(500).json({ error: 'Failed to verify admin status' });
+  }
+};
+
+router.use(adminMiddleware);
+
+// Get all users
+router.get('/users', async (_req: AuthRequest, res: Response) => {
+  try {
+    const users = await userQueries.findAll();
+    res.json(users);
+  } catch (error) {
+    console.error('Error fetching users:', error);
+    res.status(500).json({ error: 'Failed to fetch users' });
+  }
+});
+
+// Delete a user
+router.delete('/users/:id', async (req: AuthRequest, res: Response) => {
+  try {
+    const userId = req.userId!;
+    const targetId = parseInt(req.params.id, 10);
+
+    if (isNaN(targetId)) {
+      res.status(400).json({ error: 'Invalid user ID' });
+      return;
+    }
+
+    // Prevent deleting yourself
+    if (targetId === userId) {
+      res.status(400).json({ error: 'Cannot delete your own account' });
+      return;
+    }
+
+    const deleted = await userQueries.delete(targetId);
+
+    if (!deleted) {
+      res.status(404).json({ error: 'User not found' });
+      return;
+    }
+
+    res.json({ message: 'User deleted successfully' });
+  } catch (error) {
+    console.error('Error deleting user:', error);
+    res.status(500).json({ error: 'Failed to delete user' });
+  }
+});
+
+// Toggle admin status for a user
+router.put('/users/:id/admin', async (req: AuthRequest, res: Response) => {
+  try {
+    const userId = req.userId!;
+    const targetId = parseInt(req.params.id, 10);
+    const { is_admin } = req.body;
+
+    if (isNaN(targetId)) {
+      res.status(400).json({ error: 'Invalid user ID' });
+      return;
+    }
+
+    // Prevent removing your own admin status
+    if (targetId === userId && !is_admin) {
+      res.status(400).json({ error: 'Cannot remove your own admin status' });
+      return;
+    }
+
+    const updated = await userQueries.setAdmin(targetId, is_admin);
+
+    if (!updated) {
+      res.status(404).json({ error: 'User not found' });
+      return;
+    }
+
+    res.json({ message: `Admin status ${is_admin ? 'granted' : 'revoked'} successfully` });
+  } catch (error) {
+    console.error('Error updating admin status:', error);
+    res.status(500).json({ error: 'Failed to update admin status' });
+  }
+});
+
+// Get system settings
+router.get('/settings', async (_req: AuthRequest, res: Response) => {
+  try {
+    const settings = await systemSettingsQueries.getAll();
+    res.json(settings);
+  } catch (error) {
+    console.error('Error fetching system settings:', error);
+    res.status(500).json({ error: 'Failed to fetch system settings' });
+  }
+});
+
+// Update system settings
+router.put('/settings', async (req: AuthRequest, res: Response) => {
+  try {
+    const { registration_enabled } = req.body;
+
+    if (registration_enabled !== undefined) {
+      await systemSettingsQueries.set('registration_enabled', String(registration_enabled));
+    }
+
+    const settings = await systemSettingsQueries.getAll();
+    res.json(settings);
+  } catch (error) {
+    console.error('Error updating system settings:', error);
+    res.status(500).json({ error: 'Failed to update system settings' });
+  }
+});
+
+export default router;
--- a/backend/src/routes/auth.ts
+++ b/backend/src/routes/auth.ts
@ -1,15 +1,33 @@
 import { Router, Request, Response } from 'express';
 import bcrypt from 'bcrypt';
-import { userQueries } from '../models';
+import { userQueries, systemSettingsQueries } from '../models';
 import { generateToken } from '../middleware/auth';

 const router = Router();

+// Check if registration is enabled (public endpoint for login page)
+router.get('/registration-status', async (_req: Request, res: Response) => {
+  try {
+    const enabled = await systemSettingsQueries.get('registration_enabled');
+    res.json({ registration_enabled: enabled !== 'false' });
+  } catch (error) {
+    console.error('Error checking registration status:', error);
+    res.json({ registration_enabled: true }); // Default to true on error
+  }
+});
+
 // Register new user
 router.post('/register', async (req: Request, res: Response) => {
  try {
    const { email, password } = req.body;

+    // Check if registration is enabled
+    const registrationEnabled = await systemSettingsQueries.get('registration_enabled');
+    if (registrationEnabled === 'false') {
+      res.status(403).json({ error: 'Registration is currently disabled' });
+      return;
+    }
+
    if (!email || !password) {
      res.status(400).json({ error: 'Email and password are required' });
      return;
@ -36,6 +54,13 @@ router.post('/register', async (req: Request, res: Response) => {
    const passwordHash = await bcrypt.hash(password, saltRounds);

    const user = await userQueries.create(email, passwordHash);
+
+    // Make first user an admin
+    const allUsers = await userQueries.findAll();
+    if (allUsers.length === 1) {
+      await userQueries.setAdmin(user.id, true);
+    }
+
    const token = generateToken(user.id);

    res.status(201).json({
--- a/backend/src/routes/profile.ts
+++ b/backend/src/routes/profile.ts
@ -0,0 +1,89 @@
+import { Router, Response } from 'express';
+import bcrypt from 'bcrypt';
+import { AuthRequest, authMiddleware } from '../middleware/auth';
+import { userQueries } from '../models';
+
+const router = Router();
+
+// All routes require authentication
+router.use(authMiddleware);
+
+// Get current user profile
+router.get('/', async (req: AuthRequest, res: Response) => {
+  try {
+    const userId = req.userId!;
+    const profile = await userQueries.getProfile(userId);
+
+    if (!profile) {
+      res.status(404).json({ error: 'User not found' });
+      return;
+    }
+
+    res.json(profile);
+  } catch (error) {
+    console.error('Error fetching profile:', error);
+    res.status(500).json({ error: 'Failed to fetch profile' });
+  }
+});
+
+// Update profile (name)
+router.put('/', async (req: AuthRequest, res: Response) => {
+  try {
+    const userId = req.userId!;
+    const { name } = req.body;
+
+    const profile = await userQueries.updateProfile(userId, { name });
+
+    if (!profile) {
+      res.status(400).json({ error: 'No changes to save' });
+      return;
+    }
+
+    res.json(profile);
+  } catch (error) {
+    console.error('Error updating profile:', error);
+    res.status(500).json({ error: 'Failed to update profile' });
+  }
+});
+
+// Change password
+router.put('/password', async (req: AuthRequest, res: Response) => {
+  try {
+    const userId = req.userId!;
+    const { current_password, new_password } = req.body;
+
+    if (!current_password || !new_password) {
+      res.status(400).json({ error: 'Current password and new password are required' });
+      return;
+    }
+
+    if (new_password.length < 6) {
+      res.status(400).json({ error: 'New password must be at least 6 characters' });
+      return;
+    }
+
+    // Verify current password
+    const user = await userQueries.findById(userId);
+    if (!user) {
+      res.status(404).json({ error: 'User not found' });
+      return;
+    }
+
+    const isValidPassword = await bcrypt.compare(current_password, user.password_hash);
+    if (!isValidPassword) {
+      res.status(401).json({ error: 'Current password is incorrect' });
+      return;
+    }
+
+    // Hash new password and update
+    const newPasswordHash = await bcrypt.hash(new_password, 10);
+    await userQueries.updatePassword(userId, newPasswordHash);
+
+    res.json({ message: 'Password updated successfully' });
+  } catch (error) {
+    console.error('Error changing password:', error);
+    res.status(500).json({ error: 'Failed to change password' });
+  }
+});
+
+export default router;