86 lines
2.2 KiB
JavaScript
86 lines
2.2 KiB
JavaScript
import { getAllUsers, createUser } from "@/lib/userManagement.js";
|
|
import { NextResponse } from "next/server";
|
|
import { withAdminAuth } from "@/lib/middleware/auth";
|
|
|
|
// GET: Get all users (admin only)
|
|
async function getUsersHandler(req) {
|
|
try {
|
|
const users = getAllUsers();
|
|
// Remove password hashes from response
|
|
const safeUsers = users.map(user => {
|
|
const { password_hash, ...safeUser } = user;
|
|
return safeUser;
|
|
});
|
|
return NextResponse.json(safeUsers);
|
|
} catch (error) {
|
|
console.error("Error fetching users:", error);
|
|
return NextResponse.json(
|
|
{ error: "Failed to fetch users" },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
}
|
|
|
|
// POST: Create new user (admin only)
|
|
async function createUserHandler(req) {
|
|
try {
|
|
const data = await req.json();
|
|
|
|
// Validate required fields
|
|
if (!data.name || !data.username || !data.password) {
|
|
return NextResponse.json(
|
|
{ error: "Name, username, and password are required" },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
// Validate password length
|
|
if (data.password.length < 6) {
|
|
return NextResponse.json(
|
|
{ error: "Password must be at least 6 characters long" },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
// Validate role
|
|
const validRoles = ["read_only", "user", "project_manager", "admin"];
|
|
if (data.role && !validRoles.includes(data.role)) {
|
|
return NextResponse.json(
|
|
{ error: "Invalid role specified" },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
const newUser = await createUser({
|
|
name: data.name,
|
|
username: data.username,
|
|
password: data.password,
|
|
role: data.role || "user",
|
|
is_active: data.is_active !== undefined ? data.is_active : true
|
|
});
|
|
|
|
// Remove password hash from response
|
|
const { password_hash, ...safeUser } = newUser;
|
|
return NextResponse.json(safeUser, { status: 201 });
|
|
|
|
} catch (error) {
|
|
console.error("Error creating user:", error);
|
|
|
|
if (error.message.includes("already exists")) {
|
|
return NextResponse.json(
|
|
{ error: "A user with this username already exists" },
|
|
{ status: 409 }
|
|
);
|
|
}
|
|
|
|
return NextResponse.json(
|
|
{ error: "Failed to create user" },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
}
|
|
|
|
// Protected routes - require admin authentication
|
|
export const GET = withAdminAuth(getUsersHandler);
|
|
export const POST = withAdminAuth(createUserHandler);
|