initial version of the app

2025-09-21 17:11:02 +01:00
commit c8062cf96b
101 changed files with 23061 additions and 0 deletions
@@ -0,0 +1,90 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { db } from '@/lib/db';
+import { users } from '@/lib/db/schema';
+import { eq } from 'drizzle-orm';
+import { getSession } from '@/lib/session';
+import bcrypt from 'bcryptjs';
+
+export async function PUT(request: NextRequest, { params }: { params: { id: string } }) {
+	try {
+		const session = await getSession();
+		if (!session || session.role !== 'admin') {
+			return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+		}
+
+		const { name, surname, email, role, password } = await request.json();
+		const userId = params.id;
+
+		if (!name || !surname || !email) {
+			return NextResponse.json({ error: 'Missing required fields' }, { status: 400 });
+		}
+
+		// Check if user exists
+		const existingUser = await db.select().from(users).where(eq(users.id, userId)).limit(1);
+
+		if (existingUser.length === 0) {
+			return NextResponse.json({ error: 'User not found' }, { status: 404 });
+		}
+
+		// Prepare update data
+		const updateData: any = {
+			name,
+			surname,
+			email,
+			role: role || 'user',
+			updatedAt: new Date(),
+		};
+
+		// Only hash and update password if provided
+		if (password) {
+			updateData.password = await bcrypt.hash(password, 12);
+		}
+
+		// Update user
+		const [updatedUser] = await db.update(users).set(updateData).where(eq(users.id, userId)).returning({
+			id: users.id,
+			name: users.name,
+			surname: users.surname,
+			email: users.email,
+			role: users.role,
+			createdAt: users.createdAt,
+			updatedAt: users.updatedAt,
+		});
+
+		return NextResponse.json({ user: updatedUser, message: 'User updated successfully' });
+	} catch (error) {
+		console.error('Error updating user:', error);
+		return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
+	}
+}
+
+export async function DELETE(request: NextRequest, { params }: { params: { id: string } }) {
+	try {
+		const session = await getSession();
+		if (!session || session.role !== 'admin') {
+			return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+		}
+
+		const userId = params.id;
+
+		// Prevent admin from deleting themselves
+		if (session.userId === userId) {
+			return NextResponse.json({ error: 'Cannot delete your own account' }, { status: 400 });
+		}
+
+		// Check if user exists
+		const existingUser = await db.select().from(users).where(eq(users.id, userId)).limit(1);
+
+		if (existingUser.length === 0) {
+			return NextResponse.json({ error: 'User not found' }, { status: 404 });
+		}
+
+		// Delete user
+		await db.delete(users).where(eq(users.id, userId));
+
+		return NextResponse.json({ message: 'User deleted successfully' });
+	} catch (error) {
+		console.error('Error deleting user:', error);
+		return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
+	}
+}
@@ -0,0 +1,83 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { db } from '@/lib/db';
+import { users } from '@/lib/db/schema';
+import { eq } from 'drizzle-orm';
+import { getSession } from '@/lib/session';
+import bcrypt from 'bcryptjs';
+
+export async function GET(request: NextRequest) {
+	try {
+		const session = await getSession();
+		if (!session || session.role !== 'admin') {
+			return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+		}
+
+		const allUsers = await db
+			.select({
+				id: users.id,
+				name: users.name,
+				surname: users.surname,
+				email: users.email,
+				role: users.role,
+				createdAt: users.createdAt,
+			})
+			.from(users);
+
+		return NextResponse.json({ users: allUsers });
+	} catch (error) {
+		console.error('Error fetching users:', error);
+		return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
+	}
+}
+
+export async function POST(request: NextRequest) {
+	try {
+		const session = await getSession();
+		if (!session || session.role !== 'admin') {
+			return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+		}
+
+		const { name, surname, email, password, role } = await request.json();
+
+		if (!name || !surname || !email || !password) {
+			return NextResponse.json({ error: 'Missing required fields' }, { status: 400 });
+		}
+
+		// Check if user already exists
+		const existingUser = await db.select().from(users).where(eq(users.email, email)).limit(1);
+
+		if (existingUser.length > 0) {
+			return NextResponse.json({ error: 'User with this email already exists' }, { status: 400 });
+		}
+
+		// Hash password
+		const hashedPassword = await bcrypt.hash(password, 12);
+
+		// Create user
+		const [newUser] = await db
+			.insert(users)
+			.values({
+				id: crypto.randomUUID(),
+				name,
+				surname,
+				email,
+				password: hashedPassword,
+				role: role || 'user',
+				createdAt: new Date(),
+				updatedAt: new Date(),
+			})
+			.returning({
+				id: users.id,
+				name: users.name,
+				surname: users.surname,
+				email: users.email,
+				role: users.role,
+				createdAt: users.createdAt,
+			});
+
+		return NextResponse.json({ user: newUser, message: 'User created successfully' });
+	} catch (error) {
+		console.error('Error creating user:', error);
+		return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
+	}
+}