PTS/SkyArtShop
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

updateweb

Browse Source
This commit is contained in:
Local Server
2026-01-01 22:24:30 -06:00
parent 017c6376fc
commit 1919f6f8bb
185 changed files with 19860 additions and 17603 deletions
Download Patch File Download Diff File Expand all files Collapse all files

177
backend/routes/users.js
View File

@@ -54,62 +54,96 @@ router.get("/roles", async (req, res) => {
}
});
// Get single user by ID
router.get("/:id", async (req, res) => {
try {
const { id } = req.params;
const result = await query(
`
SELECT
u.id, u.username, u.email, u.name, u.role, u.isactive,
u.last_login, u.createdat, u.passwordneverexpires, u.role_id
FROM adminusers u
WHERE u.id = $1
`,
[id]
);
if (result.rows.length === 0) {
return res.status(404).json({
success: false,
message: "User not found",
});
}
res.json({
success: true,
user: result.rows[0],
});
} catch (error) {
logger.error("Get user error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
// Create new user
router.post("/", async (req, res) => {
try {
const { username, email, password, role_id, password_never_expires } =
const { name, username, email, password, role, passwordneverexpires } =
req.body;
// Validate required fields
if (!username || !email || !password || !role_id) {
if (!username || !email || !password || !role) {
return res.status(400).json({
success: false,
message: "Username, email, password, and role are required",
message: "Name, username, email, password, and role are required",
});
}
// Check if user already exists
const existing = await query("SELECT id FROM adminusers WHERE email = $1", [
email,
]);
const existing = await query(
"SELECT id FROM adminusers WHERE email = $1 OR username = $2",
[email, username]
);
if (existing.rows.length > 0) {
return res.status(400).json({
success: false,
message: "User with this email already exists",
message: "User with this email or username already exists",
});
}
// Hash password
// Hash password with bcrypt (10 rounds)
const hashedPassword = await bcrypt.hash(password, 10);
// Calculate password expiry (90 days from now if not never expires)
let passwordExpiresAt = null;
if (!password_never_expires) {
if (!passwordneverexpires) {
const expiryDate = new Date();
expiryDate.setDate(expiryDate.getDate() + 90);
passwordExpiresAt = expiryDate.toISOString();
}
// Insert new user
// Insert new user with both role and name fields
const result = await query(
`
INSERT INTO adminusers (
id, username, email, passwordhash, role_id,
password_never_expires, password_expires_at,
isactive, created_by, createdat, last_password_change
id, name, username, email, passwordhash, role,
passwordneverexpires, password_expires_at,
isactive, created_by, createdat, lastpasswordchange
) VALUES (
'user-' || gen_random_uuid()::text,
$1, $2, $3, $4, $5, $6, true, $7, NOW(), NOW()
$1, $2, $3, $4, $5, $6, $7, true, $8, NOW(), NOW()
)
RETURNING id, username, email, role_id, isactive, createdat
RETURNING id, name, username, email, role, isactive, createdat, passwordneverexpires
`,
[
name || username,
username,
email,
hashedPassword,
role_id,
password_never_expires || false,
role,
passwordneverexpires || false,
passwordExpiresAt,
req.session.user.email,
]
@@ -130,14 +164,25 @@ router.post("/", async (req, res) => {
router.put("/:id", async (req, res) => {
try {
const { id } = req.params;
const { username, email, role_id, isactive, password_never_expires } =
req.body;
const {
name,
username,
email,
role,
isactive,
passwordneverexpires,
password,
} = req.body;
// Build update query dynamically
const updates = [];
const values = [];
let paramCount = 1;
if (name !== undefined) {
updates.push(`name = $${paramCount++}`);
values.push(name);
}
if (username !== undefined) {
updates.push(`username = $${paramCount++}`);
values.push(username);
@@ -146,25 +191,39 @@ router.put("/:id", async (req, res) => {
updates.push(`email = $${paramCount++}`);
values.push(email);
}
if (role_id !== undefined) {
updates.push(`role_id = $${paramCount++}`);
values.push(role_id);
if (role !== undefined) {
updates.push(`role = $${paramCount++}`);
values.push(role);
}
if (isactive !== undefined) {
updates.push(`isactive = $${paramCount++}`);
values.push(isactive);
}
if (password_never_expires !== undefined) {
updates.push(`password_never_expires = $${paramCount++}`);
values.push(password_never_expires);
if (passwordneverexpires !== undefined) {
updates.push(`passwordneverexpires = $${paramCount++}`);
values.push(passwordneverexpires);
// If setting to never expire, clear expiry date
if (password_never_expires) {
if (passwordneverexpires) {
updates.push(`password_expires_at = NULL`);
}
}
updates.push(`updated_at = NOW()`);
// Handle password update if provided
if (password !== undefined && password !== "") {
if (password.length < 8) {
return res.status(400).json({
success: false,
message: "Password must be at least 8 characters long",
});
}
const hashedPassword = await bcrypt.hash(password, 10);
updates.push(`passwordhash = $${paramCount++}`);
values.push(hashedPassword);
updates.push(`lastpasswordchange = NOW()`);
}
updates.push(`updatedat = NOW()`);
values.push(id);
const result = await query(
@@ -172,7 +231,7 @@ router.put("/:id", async (req, res) => {
UPDATE adminusers
SET ${updates.join(", ")}
WHERE id = $${paramCount}
RETURNING id, username, email, role_id, isactive, password_never_expires
RETURNING id, name, username, email, role, isactive, passwordneverexpires
`,
values
);
@@ -195,6 +254,66 @@ router.put("/:id", async (req, res) => {
}
});
// Change user password (PUT endpoint for password modal)
router.put("/:id/password", async (req, res) => {
try {
const { id } = req.params;
const { password } = req.body;
if (!password || password.length < 8) {
return res.status(400).json({
success: false,
message: "Password must be at least 8 characters long",
});
}
// Hash new password with bcrypt (10 rounds)
const hashedPassword = await bcrypt.hash(password, 10);
// Get user's password expiry setting
const userResult = await query(
"SELECT passwordneverexpires FROM adminusers WHERE id = $1",
[id]
);
if (userResult.rows.length === 0) {
return res.status(404).json({
success: false,
message: "User not found",
});
}
// Calculate new expiry date (90 days from now if not never expires)
let passwordExpiresAt = null;
if (!userResult.rows[0].passwordneverexpires) {
const expiryDate = new Date();
expiryDate.setDate(expiryDate.getDate() + 90);
passwordExpiresAt = expiryDate.toISOString();
}
// Update password
await query(
`
UPDATE adminusers
SET passwordhash = $1,
password_expires_at = $2,
lastpasswordchange = NOW(),
updatedat = NOW()
WHERE id = $3
`,
[hashedPassword, passwordExpiresAt, id]
);
res.json({
success: true,
message: "Password changed successfully",
});
} catch (error) {
logger.error("Change password error:", error);
res.status(500).json({ success: false, message: "Server error" });
}
});
// Reset user password
router.post("/:id/reset-password", async (req, res) => {
try {
@@ -208,7 +327,7 @@ router.post("/:id/reset-password", async (req, res) => {
});
}
// Hash new password
// Hash new password with bcrypt (10 rounds)
const hashedPassword = await bcrypt.hash(new_password, 10);
// Get user's password expiry setting