Dateien nach "backend/src/routes" hochladen
This commit is contained in:
@@ -1,6 +1,8 @@
|
||||
const express = require('express');
|
||||
const fs = require('fs');
|
||||
const bcrypt = require('bcryptjs');
|
||||
const multer = require('multer');
|
||||
const db = require('../db');
|
||||
const { authenticate, requireAdmin } = require('../middleware/auth');
|
||||
|
||||
const router = express.Router();
|
||||
@@ -27,4 +29,61 @@ router.post('/restore', authenticate, requireAdmin, upload.single('database'), (
|
||||
}
|
||||
});
|
||||
|
||||
// GET /api/admin/users – alle Benutzer mit Statistiken
|
||||
router.get('/users', authenticate, requireAdmin, (req, res) => {
|
||||
const users = db.prepare("SELECT id, username, role, created_at FROM users ORDER BY role DESC, username").all();
|
||||
const stats = users.map(u => {
|
||||
const archiv = db.prepare('SELECT COUNT(*) c FROM calculations WHERE user_id=?').get(u.id).c;
|
||||
const bestellung = db.prepare('SELECT COUNT(*) c FROM orders WHERE user_id=?').get(u.id).c;
|
||||
const todos = db.prepare('SELECT COUNT(*) c FROM todos WHERE user_id=?').get(u.id).c;
|
||||
const links = db.prepare('SELECT COUNT(*) c FROM quick_links WHERE user_id=?').get(u.id).c;
|
||||
const noteLen = (db.prepare('SELECT content FROM notes WHERE user_id=?').get(u.id)?.content || '').length;
|
||||
return { ...u, archiv, bestellung, todos, links, noteLen };
|
||||
});
|
||||
res.json(stats);
|
||||
});
|
||||
|
||||
// POST /api/admin/users – neuen Benutzer anlegen
|
||||
router.post('/users', authenticate, requireAdmin, (req, res) => {
|
||||
const { username, password, role = 'user' } = req.body;
|
||||
if (!username?.trim() || username.trim().length < 3)
|
||||
return res.status(400).json({ error: 'Benutzername mind. 3 Zeichen' });
|
||||
if (!password || password.length < 8)
|
||||
return res.status(400).json({ error: 'Passwort mind. 8 Zeichen' });
|
||||
if (!['user','admin'].includes(role))
|
||||
return res.status(400).json({ error: 'Ungültige Rolle' });
|
||||
const exists = db.prepare('SELECT id FROM users WHERE username=?').get(username.trim());
|
||||
if (exists) return res.status(400).json({ error: 'Benutzername bereits vergeben' });
|
||||
const r = db.prepare('INSERT INTO users (username, password_hash, role) VALUES (?,?,?)')
|
||||
.run(username.trim(), bcrypt.hashSync(password, 12), role);
|
||||
res.json({ id: r.lastInsertRowid, username: username.trim(), role });
|
||||
});
|
||||
|
||||
// DELETE /api/admin/users/:id – Benutzer löschen
|
||||
router.delete('/users/:id', authenticate, requireAdmin, (req, res) => {
|
||||
const id = parseInt(req.params.id);
|
||||
if (id === req.user.id) return res.status(400).json({ error: 'Du kannst dich nicht selbst löschen' });
|
||||
const user = db.prepare('SELECT * FROM users WHERE id=?').get(id);
|
||||
if (!user) return res.status(404).json({ error: 'Benutzer nicht gefunden' });
|
||||
// Cascade: alle Daten des Users löschen
|
||||
db.prepare('DELETE FROM calculations WHERE user_id=?').run(id);
|
||||
db.prepare('DELETE FROM orders WHERE user_id=?').run(id);
|
||||
db.prepare('DELETE FROM todos WHERE user_id=?').run(id);
|
||||
db.prepare('DELETE FROM quick_links WHERE user_id=?').run(id);
|
||||
db.prepare('DELETE FROM notes WHERE user_id=?').run(id);
|
||||
db.prepare('DELETE FROM users WHERE id=?').run(id);
|
||||
res.json({ success: true });
|
||||
});
|
||||
|
||||
// PUT /api/admin/users/:id/reset-password – Passwort zurücksetzen
|
||||
router.put('/users/:id/reset-password', authenticate, requireAdmin, (req, res) => {
|
||||
const { newPassword } = req.body;
|
||||
if (!newPassword || newPassword.length < 8)
|
||||
return res.status(400).json({ error: 'Mind. 8 Zeichen' });
|
||||
const user = db.prepare('SELECT * FROM users WHERE id=?').get(req.params.id);
|
||||
if (!user) return res.status(404).json({ error: 'Nicht gefunden' });
|
||||
db.prepare('UPDATE users SET password_hash=? WHERE id=?').run(bcrypt.hashSync(newPassword, 12), req.params.id);
|
||||
res.json({ success: true });
|
||||
});
|
||||
|
||||
module.exports = router;
|
||||
|
||||
Reference in New Issue
Block a user