feat: Implement user management functionality with CRUD operations; add user edit page, API routes for user actions, and enhance authentication middleware

src/app/api/admin/users/[id]/route.js

@@ -0,0 +1,129 @@
+import { getUserById, updateUser, deleteUser } from "@/lib/userManagement.js";
+import { NextResponse } from "next/server";
+import { withAdminAuth } from "@/lib/middleware/auth";
+
+// GET: Get user by ID (admin only)
+async function getUserHandler(req, { params }) {
+	try {
+		const user = getUserById(params.id);
+		
+		if (!user) {
+			return NextResponse.json(
+				{ error: "User not found" },
+				{ status: 404 }
+			);
+		}
+
+		// Remove password hash from response
+		const { password_hash, ...safeUser } = user;
+		return NextResponse.json(safeUser);
+
+	} catch (error) {
+		console.error("Error fetching user:", error);
+		return NextResponse.json(
+			{ error: "Failed to fetch user" },
+			{ status: 500 }
+		);
+	}
+}
+
+// PUT: Update user (admin only)
+async function updateUserHandler(req, { params }) {
+	try {
+		const data = await req.json();
+		const userId = params.id;
+
+		// Prevent admin from deactivating themselves
+		if (data.is_active === false && userId === req.user.id) {
+			return NextResponse.json(
+				{ error: "You cannot deactivate your own account" },
+				{ status: 400 }
+			);
+		}
+
+		// Validate role if provided
+		if (data.role) {
+			const validRoles = ["read_only", "user", "project_manager", "admin"];
+			if (!validRoles.includes(data.role)) {
+				return NextResponse.json(
+					{ error: "Invalid role specified" },
+					{ status: 400 }
+				);
+			}
+		}
+
+		// Validate password length if provided
+		if (data.password && data.password.length < 6) {
+			return NextResponse.json(
+				{ error: "Password must be at least 6 characters long" },
+				{ status: 400 }
+			);
+		}
+
+		const updatedUser = await updateUser(userId, data);
+		
+		if (!updatedUser) {
+			return NextResponse.json(
+				{ error: "User not found" },
+				{ status: 404 }
+			);
+		}
+
+		// Remove password hash from response
+		const { password_hash, ...safeUser } = updatedUser;
+		return NextResponse.json(safeUser);
+
+	} catch (error) {
+		console.error("Error updating user:", error);
+		
+		if (error.message.includes("already exists")) {
+			return NextResponse.json(
+				{ error: "A user with this email already exists" },
+				{ status: 409 }
+			);
+		}
+
+		return NextResponse.json(
+			{ error: "Failed to update user" },
+			{ status: 500 }
+		);
+	}
+}
+
+// DELETE: Delete user (admin only)
+async function deleteUserHandler(req, { params }) {
+	try {
+		const userId = params.id;
+
+		// Prevent admin from deleting themselves
+		if (userId === req.user.id) {
+			return NextResponse.json(
+				{ error: "You cannot delete your own account" },
+				{ status: 400 }
+			);
+		}
+
+		const success = await deleteUser(userId);
+		
+		if (!success) {
+			return NextResponse.json(
+				{ error: "User not found" },
+				{ status: 404 }
+			);
+		}
+
+		return NextResponse.json({ message: "User deleted successfully" });
+
+	} catch (error) {
+		console.error("Error deleting user:", error);
+		return NextResponse.json(
+			{ error: "Failed to delete user" },
+			{ status: 500 }
+		);
+	}
+}
+
+// Protected routes - require admin authentication
+export const GET = withAdminAuth(getUserHandler);
+export const PUT = withAdminAuth(updateUserHandler);
+export const DELETE = withAdminAuth(deleteUserHandler);

src/app/api/admin/users/route.js

@@ -0,0 +1,85 @@
+import { getAllUsers, createUser } from "@/lib/userManagement.js";
+import { NextResponse } from "next/server";
+import { withAdminAuth } from "@/lib/middleware/auth";
+
+// GET: Get all users (admin only)
+async function getUsersHandler(req) {
+	try {
+		const users = getAllUsers();
+		// Remove password hashes from response
+		const safeUsers = users.map(user => {
+			const { password_hash, ...safeUser } = user;
+			return safeUser;
+		});
+		return NextResponse.json(safeUsers);
+	} catch (error) {
+		console.error("Error fetching users:", error);
+		return NextResponse.json(
+			{ error: "Failed to fetch users" },
+			{ status: 500 }
+		);
+	}
+}
+
+// POST: Create new user (admin only)
+async function createUserHandler(req) {
+	try {
+		const data = await req.json();
+		
+		// Validate required fields
+		if (!data.name || !data.email || !data.password) {
+			return NextResponse.json(
+				{ error: "Name, email, and password are required" },
+				{ status: 400 }
+			);
+		}
+
+		// Validate password length
+		if (data.password.length < 6) {
+			return NextResponse.json(
+				{ error: "Password must be at least 6 characters long" },
+				{ status: 400 }
+			);
+		}
+
+		// Validate role
+		const validRoles = ["read_only", "user", "project_manager", "admin"];
+		if (data.role && !validRoles.includes(data.role)) {
+			return NextResponse.json(
+				{ error: "Invalid role specified" },
+				{ status: 400 }
+			);
+		}
+
+		const newUser = await createUser({
+			name: data.name,
+			email: data.email,
+			password: data.password,
+			role: data.role || "user",
+			is_active: data.is_active !== undefined ? data.is_active : true
+		});
+
+		// Remove password hash from response
+		const { password_hash, ...safeUser } = newUser;
+		return NextResponse.json(safeUser, { status: 201 });
+
+	} catch (error) {
+		console.error("Error creating user:", error);
+		
+		if (error.message.includes("already exists")) {
+			return NextResponse.json(
+				{ error: "A user with this email already exists" },
+				{ status: 409 }
+			);
+		}
+
+		return NextResponse.json(
+			{ error: "Failed to create user" },
+			{ status: 500 }
+		);
+	}
+}
+
+// Protected routes - require admin authentication
+export const GET = withAdminAuth(getUsersHandler);
+export const POST = withAdminAuth(createUserHandler);