diff --git a/src/routes/users.js b/src/routes/users.js index 5f6f257..1582cf8 100644 --- a/src/routes/users.js +++ b/src/routes/users.js @@ -1,4 +1,5 @@ const router = require('express').Router(); +const bcrypt = require('bcryptjs'); const { query } = require('../db'); const ROLES = ['end-user', 'admin']; @@ -50,6 +51,23 @@ router.patch('/:id', async (req, res, next) => { } catch (err) { next(err); } }); +// POST /api/users/:id/set-password (admin only — sets a new bcrypt password) +router.post('/:id/set-password', async (req, res, next) => { + try { + const { password } = req.body; + if (!password || password.length < 8) + return res.status(400).json({ error: 'password must be at least 8 characters' }); + const hash = await bcrypt.hash(password, 12); + const result = await query( + `UPDATE users SET password_hash = $1, is_active = true, updated_at = now() + WHERE id = $2 RETURNING id, email, role, is_active`, + [hash, req.params.id] + ); + if (!result.rows.length) return res.status(404).json({ error: 'Not found' }); + res.json({ message: 'Password updated', user: result.rows[0] }); + } catch (err) { next(err); } +}); + // DELETE /api/users/:id router.delete('/:id', async (req, res, next) => { try {