feat: add set-password endpoint for admin user management
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,4 +1,5 @@
|
|||||||
const router = require('express').Router();
|
const router = require('express').Router();
|
||||||
|
const bcrypt = require('bcryptjs');
|
||||||
const { query } = require('../db');
|
const { query } = require('../db');
|
||||||
|
|
||||||
const ROLES = ['end-user', 'admin'];
|
const ROLES = ['end-user', 'admin'];
|
||||||
@@ -50,6 +51,23 @@ router.patch('/:id', async (req, res, next) => {
|
|||||||
} catch (err) { next(err); }
|
} catch (err) { next(err); }
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// POST /api/users/:id/set-password (admin only — sets a new bcrypt password)
|
||||||
|
router.post('/:id/set-password', async (req, res, next) => {
|
||||||
|
try {
|
||||||
|
const { password } = req.body;
|
||||||
|
if (!password || password.length < 8)
|
||||||
|
return res.status(400).json({ error: 'password must be at least 8 characters' });
|
||||||
|
const hash = await bcrypt.hash(password, 12);
|
||||||
|
const result = await query(
|
||||||
|
`UPDATE users SET password_hash = $1, is_active = true, updated_at = now()
|
||||||
|
WHERE id = $2 RETURNING id, email, role, is_active`,
|
||||||
|
[hash, req.params.id]
|
||||||
|
);
|
||||||
|
if (!result.rows.length) return res.status(404).json({ error: 'Not found' });
|
||||||
|
res.json({ message: 'Password updated', user: result.rows[0] });
|
||||||
|
} catch (err) { next(err); }
|
||||||
|
});
|
||||||
|
|
||||||
// DELETE /api/users/:id
|
// DELETE /api/users/:id
|
||||||
router.delete('/:id', async (req, res, next) => {
|
router.delete('/:id', async (req, res, next) => {
|
||||||
try {
|
try {
|
||||||
|
|||||||
Reference in New Issue
Block a user