Dateien nach "backend/src/routes" hochladen
This commit is contained in:
@@ -1,6 +1,8 @@
|
|||||||
const express = require('express');
|
const express = require('express');
|
||||||
const fs = require('fs');
|
const fs = require('fs');
|
||||||
|
const bcrypt = require('bcryptjs');
|
||||||
const multer = require('multer');
|
const multer = require('multer');
|
||||||
|
const db = require('../db');
|
||||||
const { authenticate, requireAdmin } = require('../middleware/auth');
|
const { authenticate, requireAdmin } = require('../middleware/auth');
|
||||||
|
|
||||||
const router = express.Router();
|
const router = express.Router();
|
||||||
@@ -27,4 +29,61 @@ router.post('/restore', authenticate, requireAdmin, upload.single('database'), (
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// GET /api/admin/users – alle Benutzer mit Statistiken
|
||||||
|
router.get('/users', authenticate, requireAdmin, (req, res) => {
|
||||||
|
const users = db.prepare("SELECT id, username, role, created_at FROM users ORDER BY role DESC, username").all();
|
||||||
|
const stats = users.map(u => {
|
||||||
|
const archiv = db.prepare('SELECT COUNT(*) c FROM calculations WHERE user_id=?').get(u.id).c;
|
||||||
|
const bestellung = db.prepare('SELECT COUNT(*) c FROM orders WHERE user_id=?').get(u.id).c;
|
||||||
|
const todos = db.prepare('SELECT COUNT(*) c FROM todos WHERE user_id=?').get(u.id).c;
|
||||||
|
const links = db.prepare('SELECT COUNT(*) c FROM quick_links WHERE user_id=?').get(u.id).c;
|
||||||
|
const noteLen = (db.prepare('SELECT content FROM notes WHERE user_id=?').get(u.id)?.content || '').length;
|
||||||
|
return { ...u, archiv, bestellung, todos, links, noteLen };
|
||||||
|
});
|
||||||
|
res.json(stats);
|
||||||
|
});
|
||||||
|
|
||||||
|
// POST /api/admin/users – neuen Benutzer anlegen
|
||||||
|
router.post('/users', authenticate, requireAdmin, (req, res) => {
|
||||||
|
const { username, password, role = 'user' } = req.body;
|
||||||
|
if (!username?.trim() || username.trim().length < 3)
|
||||||
|
return res.status(400).json({ error: 'Benutzername mind. 3 Zeichen' });
|
||||||
|
if (!password || password.length < 8)
|
||||||
|
return res.status(400).json({ error: 'Passwort mind. 8 Zeichen' });
|
||||||
|
if (!['user','admin'].includes(role))
|
||||||
|
return res.status(400).json({ error: 'Ungültige Rolle' });
|
||||||
|
const exists = db.prepare('SELECT id FROM users WHERE username=?').get(username.trim());
|
||||||
|
if (exists) return res.status(400).json({ error: 'Benutzername bereits vergeben' });
|
||||||
|
const r = db.prepare('INSERT INTO users (username, password_hash, role) VALUES (?,?,?)')
|
||||||
|
.run(username.trim(), bcrypt.hashSync(password, 12), role);
|
||||||
|
res.json({ id: r.lastInsertRowid, username: username.trim(), role });
|
||||||
|
});
|
||||||
|
|
||||||
|
// DELETE /api/admin/users/:id – Benutzer löschen
|
||||||
|
router.delete('/users/:id', authenticate, requireAdmin, (req, res) => {
|
||||||
|
const id = parseInt(req.params.id);
|
||||||
|
if (id === req.user.id) return res.status(400).json({ error: 'Du kannst dich nicht selbst löschen' });
|
||||||
|
const user = db.prepare('SELECT * FROM users WHERE id=?').get(id);
|
||||||
|
if (!user) return res.status(404).json({ error: 'Benutzer nicht gefunden' });
|
||||||
|
// Cascade: alle Daten des Users löschen
|
||||||
|
db.prepare('DELETE FROM calculations WHERE user_id=?').run(id);
|
||||||
|
db.prepare('DELETE FROM orders WHERE user_id=?').run(id);
|
||||||
|
db.prepare('DELETE FROM todos WHERE user_id=?').run(id);
|
||||||
|
db.prepare('DELETE FROM quick_links WHERE user_id=?').run(id);
|
||||||
|
db.prepare('DELETE FROM notes WHERE user_id=?').run(id);
|
||||||
|
db.prepare('DELETE FROM users WHERE id=?').run(id);
|
||||||
|
res.json({ success: true });
|
||||||
|
});
|
||||||
|
|
||||||
|
// PUT /api/admin/users/:id/reset-password – Passwort zurücksetzen
|
||||||
|
router.put('/users/:id/reset-password', authenticate, requireAdmin, (req, res) => {
|
||||||
|
const { newPassword } = req.body;
|
||||||
|
if (!newPassword || newPassword.length < 8)
|
||||||
|
return res.status(400).json({ error: 'Mind. 8 Zeichen' });
|
||||||
|
const user = db.prepare('SELECT * FROM users WHERE id=?').get(req.params.id);
|
||||||
|
if (!user) return res.status(404).json({ error: 'Nicht gefunden' });
|
||||||
|
db.prepare('UPDATE users SET password_hash=? WHERE id=?').run(bcrypt.hashSync(newPassword, 12), req.params.id);
|
||||||
|
res.json({ success: true });
|
||||||
|
});
|
||||||
|
|
||||||
module.exports = router;
|
module.exports = router;
|
||||||
|
|||||||
Reference in New Issue
Block a user