mirror of
https://github.com/clucraft/PriceGhost.git
synced 2026-05-14 02:23:56 +02:00
040cdb9c42
- Add ability to create new users from admin panel - Add role dropdown (User/Admin) for each user - Replace toggle buttons with select dropdown for role management - Admin users can access the Admin section in settings - Regular users see only Profile and Notifications sections Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
184 lines
5 KiB
TypeScript
184 lines
5 KiB
TypeScript
import { Router, Response, NextFunction } from 'express';
|
|
import bcrypt from 'bcrypt';
|
|
import { AuthRequest, authMiddleware } from '../middleware/auth';
|
|
import { userQueries, systemSettingsQueries } from '../models';
|
|
|
|
const router = Router();
|
|
|
|
// All routes require authentication
|
|
router.use(authMiddleware);
|
|
|
|
// Admin middleware - checks if user is admin
|
|
const adminMiddleware = async (req: AuthRequest, res: Response, next: NextFunction) => {
|
|
try {
|
|
const userId = req.userId!;
|
|
const user = await userQueries.findById(userId);
|
|
|
|
if (!user || !user.is_admin) {
|
|
res.status(403).json({ error: 'Admin access required' });
|
|
return;
|
|
}
|
|
|
|
next();
|
|
} catch (error) {
|
|
console.error('Admin middleware error:', error);
|
|
res.status(500).json({ error: 'Failed to verify admin status' });
|
|
}
|
|
};
|
|
|
|
router.use(adminMiddleware);
|
|
|
|
// Get all users
|
|
router.get('/users', async (_req: AuthRequest, res: Response) => {
|
|
try {
|
|
const users = await userQueries.findAll();
|
|
res.json(users);
|
|
} catch (error) {
|
|
console.error('Error fetching users:', error);
|
|
res.status(500).json({ error: 'Failed to fetch users' });
|
|
}
|
|
});
|
|
|
|
// Create a new user
|
|
router.post('/users', async (req: AuthRequest, res: Response) => {
|
|
try {
|
|
const { email, password, is_admin } = req.body;
|
|
|
|
if (!email || !password) {
|
|
res.status(400).json({ error: 'Email and password are required' });
|
|
return;
|
|
}
|
|
|
|
if (password.length < 8) {
|
|
res.status(400).json({ error: 'Password must be at least 8 characters' });
|
|
return;
|
|
}
|
|
|
|
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
|
|
if (!emailRegex.test(email)) {
|
|
res.status(400).json({ error: 'Invalid email format' });
|
|
return;
|
|
}
|
|
|
|
const existingUser = await userQueries.findByEmail(email);
|
|
if (existingUser) {
|
|
res.status(409).json({ error: 'Email already registered' });
|
|
return;
|
|
}
|
|
|
|
const saltRounds = 12;
|
|
const passwordHash = await bcrypt.hash(password, saltRounds);
|
|
|
|
const user = await userQueries.create(email, passwordHash);
|
|
|
|
// Set admin status if specified
|
|
if (is_admin) {
|
|
await userQueries.setAdmin(user.id, true);
|
|
}
|
|
|
|
res.status(201).json({
|
|
message: 'User created successfully',
|
|
user: {
|
|
id: user.id,
|
|
email: user.email,
|
|
is_admin: is_admin || false,
|
|
},
|
|
});
|
|
} catch (error) {
|
|
console.error('Error creating user:', error);
|
|
res.status(500).json({ error: 'Failed to create user' });
|
|
}
|
|
});
|
|
|
|
// Delete a user
|
|
router.delete('/users/:id', async (req: AuthRequest, res: Response) => {
|
|
try {
|
|
const userId = req.userId!;
|
|
const targetId = parseInt(req.params.id, 10);
|
|
|
|
if (isNaN(targetId)) {
|
|
res.status(400).json({ error: 'Invalid user ID' });
|
|
return;
|
|
}
|
|
|
|
// Prevent deleting yourself
|
|
if (targetId === userId) {
|
|
res.status(400).json({ error: 'Cannot delete your own account' });
|
|
return;
|
|
}
|
|
|
|
const deleted = await userQueries.delete(targetId);
|
|
|
|
if (!deleted) {
|
|
res.status(404).json({ error: 'User not found' });
|
|
return;
|
|
}
|
|
|
|
res.json({ message: 'User deleted successfully' });
|
|
} catch (error) {
|
|
console.error('Error deleting user:', error);
|
|
res.status(500).json({ error: 'Failed to delete user' });
|
|
}
|
|
});
|
|
|
|
// Toggle admin status for a user
|
|
router.put('/users/:id/admin', async (req: AuthRequest, res: Response) => {
|
|
try {
|
|
const userId = req.userId!;
|
|
const targetId = parseInt(req.params.id, 10);
|
|
const { is_admin } = req.body;
|
|
|
|
if (isNaN(targetId)) {
|
|
res.status(400).json({ error: 'Invalid user ID' });
|
|
return;
|
|
}
|
|
|
|
// Prevent removing your own admin status
|
|
if (targetId === userId && !is_admin) {
|
|
res.status(400).json({ error: 'Cannot remove your own admin status' });
|
|
return;
|
|
}
|
|
|
|
const updated = await userQueries.setAdmin(targetId, is_admin);
|
|
|
|
if (!updated) {
|
|
res.status(404).json({ error: 'User not found' });
|
|
return;
|
|
}
|
|
|
|
res.json({ message: `Admin status ${is_admin ? 'granted' : 'revoked'} successfully` });
|
|
} catch (error) {
|
|
console.error('Error updating admin status:', error);
|
|
res.status(500).json({ error: 'Failed to update admin status' });
|
|
}
|
|
});
|
|
|
|
// Get system settings
|
|
router.get('/settings', async (_req: AuthRequest, res: Response) => {
|
|
try {
|
|
const settings = await systemSettingsQueries.getAll();
|
|
res.json(settings);
|
|
} catch (error) {
|
|
console.error('Error fetching system settings:', error);
|
|
res.status(500).json({ error: 'Failed to fetch system settings' });
|
|
}
|
|
});
|
|
|
|
// Update system settings
|
|
router.put('/settings', async (req: AuthRequest, res: Response) => {
|
|
try {
|
|
const { registration_enabled } = req.body;
|
|
|
|
if (registration_enabled !== undefined) {
|
|
await systemSettingsQueries.set('registration_enabled', String(registration_enabled));
|
|
}
|
|
|
|
const settings = await systemSettingsQueries.getAll();
|
|
res.json(settings);
|
|
} catch (error) {
|
|
console.error('Error updating system settings:', error);
|
|
res.status(500).json({ error: 'Failed to update system settings' });
|
|
}
|
|
});
|
|
|
|
export default router;
|