Add settings page with profile, notifications, and admin sections

- Add sidebar navigation to settings page - Add profile section for name management and password change - Add admin section for user management and registration toggle - Add profile API endpoints (GET/PUT /profile, PUT /profile/password) - Add admin API endpoints (users CRUD, system settings) - Add system_settings table for registration control - Add name and is_admin columns to users table - First registered user automatically becomes admin - Check registration status on register/login page Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-05-13 17:52:36 +02:00 · 2026-01-21 07:58:11 -05:00 · 2026-01-21 07:58:11 -05:00 · f46c6ad9d4
commit f46c6ad9d4
parent 0c8ce22cc1
8 changed files with 1129 additions and 133 deletions
--- a/backend/src/routes/profile.ts
+++ b/backend/src/routes/profile.ts
@ -0,0 +1,89 @@
+import { Router, Response } from 'express';
+import bcrypt from 'bcrypt';
+import { AuthRequest, authMiddleware } from '../middleware/auth';
+import { userQueries } from '../models';
+
+const router = Router();
+
+// All routes require authentication
+router.use(authMiddleware);
+
+// Get current user profile
+router.get('/', async (req: AuthRequest, res: Response) => {
+  try {
+    const userId = req.userId!;
+    const profile = await userQueries.getProfile(userId);
+
+    if (!profile) {
+      res.status(404).json({ error: 'User not found' });
+      return;
+    }
+
+    res.json(profile);
+  } catch (error) {
+    console.error('Error fetching profile:', error);
+    res.status(500).json({ error: 'Failed to fetch profile' });
+  }
+});
+
+// Update profile (name)
+router.put('/', async (req: AuthRequest, res: Response) => {
+  try {
+    const userId = req.userId!;
+    const { name } = req.body;
+
+    const profile = await userQueries.updateProfile(userId, { name });
+
+    if (!profile) {
+      res.status(400).json({ error: 'No changes to save' });
+      return;
+    }
+
+    res.json(profile);
+  } catch (error) {
+    console.error('Error updating profile:', error);
+    res.status(500).json({ error: 'Failed to update profile' });
+  }
+});
+
+// Change password
+router.put('/password', async (req: AuthRequest, res: Response) => {
+  try {
+    const userId = req.userId!;
+    const { current_password, new_password } = req.body;
+
+    if (!current_password || !new_password) {
+      res.status(400).json({ error: 'Current password and new password are required' });
+      return;
+    }
+
+    if (new_password.length < 6) {
+      res.status(400).json({ error: 'New password must be at least 6 characters' });
+      return;
+    }
+
+    // Verify current password
+    const user = await userQueries.findById(userId);
+    if (!user) {
+      res.status(404).json({ error: 'User not found' });
+      return;
+    }
+
+    const isValidPassword = await bcrypt.compare(current_password, user.password_hash);
+    if (!isValidPassword) {
+      res.status(401).json({ error: 'Current password is incorrect' });
+      return;
+    }
+
+    // Hash new password and update
+    const newPasswordHash = await bcrypt.hash(new_password, 10);
+    await userQueries.updatePassword(userId, newPasswordHash);
+
+    res.json({ message: 'Password updated successfully' });
+  } catch (error) {
+    console.error('Error changing password:', error);
+    res.status(500).json({ error: 'Failed to change password' });
+  }
+});
+
+export default router;