From e8c845f67ac02265edb468d88d3c002db4e7f532 Mon Sep 17 00:00:00 2001 From: Dicken Date: Tue, 26 May 2026 13:53:51 +0200 Subject: [PATCH] Dateien nach "backend/src/routes" hochladen --- backend/src/routes/admin.js | 59 +++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/backend/src/routes/admin.js b/backend/src/routes/admin.js index a70f757..b293bd8 100644 --- a/backend/src/routes/admin.js +++ b/backend/src/routes/admin.js @@ -1,6 +1,8 @@ const express = require('express'); const fs = require('fs'); +const bcrypt = require('bcryptjs'); const multer = require('multer'); +const db = require('../db'); const { authenticate, requireAdmin } = require('../middleware/auth'); const router = express.Router(); @@ -27,4 +29,61 @@ router.post('/restore', authenticate, requireAdmin, upload.single('database'), ( } }); +// GET /api/admin/users – alle Benutzer mit Statistiken +router.get('/users', authenticate, requireAdmin, (req, res) => { + const users = db.prepare("SELECT id, username, role, created_at FROM users ORDER BY role DESC, username").all(); + const stats = users.map(u => { + const archiv = db.prepare('SELECT COUNT(*) c FROM calculations WHERE user_id=?').get(u.id).c; + const bestellung = db.prepare('SELECT COUNT(*) c FROM orders WHERE user_id=?').get(u.id).c; + const todos = db.prepare('SELECT COUNT(*) c FROM todos WHERE user_id=?').get(u.id).c; + const links = db.prepare('SELECT COUNT(*) c FROM quick_links WHERE user_id=?').get(u.id).c; + const noteLen = (db.prepare('SELECT content FROM notes WHERE user_id=?').get(u.id)?.content || '').length; + return { ...u, archiv, bestellung, todos, links, noteLen }; + }); + res.json(stats); +}); + +// POST /api/admin/users – neuen Benutzer anlegen +router.post('/users', authenticate, requireAdmin, (req, res) => { + const { username, password, role = 'user' } = req.body; + if (!username?.trim() || username.trim().length < 3) + return res.status(400).json({ error: 'Benutzername mind. 3 Zeichen' }); + if (!password || password.length < 8) + return res.status(400).json({ error: 'Passwort mind. 8 Zeichen' }); + if (!['user','admin'].includes(role)) + return res.status(400).json({ error: 'Ungültige Rolle' }); + const exists = db.prepare('SELECT id FROM users WHERE username=?').get(username.trim()); + if (exists) return res.status(400).json({ error: 'Benutzername bereits vergeben' }); + const r = db.prepare('INSERT INTO users (username, password_hash, role) VALUES (?,?,?)') + .run(username.trim(), bcrypt.hashSync(password, 12), role); + res.json({ id: r.lastInsertRowid, username: username.trim(), role }); +}); + +// DELETE /api/admin/users/:id – Benutzer löschen +router.delete('/users/:id', authenticate, requireAdmin, (req, res) => { + const id = parseInt(req.params.id); + if (id === req.user.id) return res.status(400).json({ error: 'Du kannst dich nicht selbst löschen' }); + const user = db.prepare('SELECT * FROM users WHERE id=?').get(id); + if (!user) return res.status(404).json({ error: 'Benutzer nicht gefunden' }); + // Cascade: alle Daten des Users löschen + db.prepare('DELETE FROM calculations WHERE user_id=?').run(id); + db.prepare('DELETE FROM orders WHERE user_id=?').run(id); + db.prepare('DELETE FROM todos WHERE user_id=?').run(id); + db.prepare('DELETE FROM quick_links WHERE user_id=?').run(id); + db.prepare('DELETE FROM notes WHERE user_id=?').run(id); + db.prepare('DELETE FROM users WHERE id=?').run(id); + res.json({ success: true }); +}); + +// PUT /api/admin/users/:id/reset-password – Passwort zurücksetzen +router.put('/users/:id/reset-password', authenticate, requireAdmin, (req, res) => { + const { newPassword } = req.body; + if (!newPassword || newPassword.length < 8) + return res.status(400).json({ error: 'Mind. 8 Zeichen' }); + const user = db.prepare('SELECT * FROM users WHERE id=?').get(req.params.id); + if (!user) return res.status(404).json({ error: 'Nicht gefunden' }); + db.prepare('UPDATE users SET password_hash=? WHERE id=?').run(bcrypt.hashSync(newPassword, 12), req.params.id); + res.json({ success: true }); +}); + module.exports = router;