feat: Implement user management functionality with CRUD operations; add user edit page, API routes for user actions, and enhance authentication middleware

src/app/api/admin/users/route.js

@@ -0,0 +1,85 @@
+import { getAllUsers, createUser } from "@/lib/userManagement.js";
+import { NextResponse } from "next/server";
+import { withAdminAuth } from "@/lib/middleware/auth";
+
+// GET: Get all users (admin only)
+async function getUsersHandler(req) {
+	try {
+		const users = getAllUsers();
+		// Remove password hashes from response
+		const safeUsers = users.map(user => {
+			const { password_hash, ...safeUser } = user;
+			return safeUser;
+		});
+		return NextResponse.json(safeUsers);
+	} catch (error) {
+		console.error("Error fetching users:", error);
+		return NextResponse.json(
+			{ error: "Failed to fetch users" },
+			{ status: 500 }
+		);
+	}
+}
+
+// POST: Create new user (admin only)
+async function createUserHandler(req) {
+	try {
+		const data = await req.json();
+		
+		// Validate required fields
+		if (!data.name || !data.email || !data.password) {
+			return NextResponse.json(
+				{ error: "Name, email, and password are required" },
+				{ status: 400 }
+			);
+		}
+
+		// Validate password length
+		if (data.password.length < 6) {
+			return NextResponse.json(
+				{ error: "Password must be at least 6 characters long" },
+				{ status: 400 }
+			);
+		}
+
+		// Validate role
+		const validRoles = ["read_only", "user", "project_manager", "admin"];
+		if (data.role && !validRoles.includes(data.role)) {
+			return NextResponse.json(
+				{ error: "Invalid role specified" },
+				{ status: 400 }
+			);
+		}
+
+		const newUser = await createUser({
+			name: data.name,
+			email: data.email,
+			password: data.password,
+			role: data.role || "user",
+			is_active: data.is_active !== undefined ? data.is_active : true
+		});
+
+		// Remove password hash from response
+		const { password_hash, ...safeUser } = newUser;
+		return NextResponse.json(safeUser, { status: 201 });
+
+	} catch (error) {
+		console.error("Error creating user:", error);
+		
+		if (error.message.includes("already exists")) {
+			return NextResponse.json(
+				{ error: "A user with this email already exists" },
+				{ status: 409 }
+			);
+		}
+
+		return NextResponse.json(
+			{ error: "Failed to create user" },
+			{ status: 500 }
+		);
+	}
+}
+
+// Protected routes - require admin authentication
+export const GET = withAdminAuth(getUsersHandler);
+export const POST = withAdminAuth(createUserHandler);