Add users management route (GET, PATCH role/is_active, DELETE)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-05-21 14:29:49 +02:00
parent 10570786e9
commit 9b0603427e
2 changed files with 63 additions and 0 deletions

62
src/routes/users.js Normal file
View File

@@ -0,0 +1,62 @@
const router = require('express').Router();
const { query } = require('../db');
const ROLES = ['end-user', 'admin'];
// GET /api/users
router.get('/', async (req, res, next) => {
try {
const { limit = 50, offset = 0 } = req.query;
const result = await query(
`SELECT id, email, role, is_active, created_at, updated_at
FROM users ORDER BY created_at DESC LIMIT $1 OFFSET $2`,
[Math.min(parseInt(limit), 500), parseInt(offset)]
);
res.json(result.rows);
} catch (err) { next(err); }
});
// GET /api/users/:id
router.get('/:id', async (req, res, next) => {
try {
const result = await query(
`SELECT id, email, role, is_active, created_at, updated_at FROM users WHERE id = $1`,
[req.params.id]
);
if (!result.rows.length) return res.status(404).json({ error: 'Not found' });
res.json(result.rows[0]);
} catch (err) { next(err); }
});
// PATCH /api/users/:id
router.patch('/:id', async (req, res, next) => {
try {
const allowed = ['role', 'is_active'];
const fields = Object.keys(req.body).filter(k => allowed.includes(k));
if (!fields.length) return res.status(400).json({ error: 'No valid fields provided' });
if (req.body.role && !ROLES.includes(req.body.role))
return res.status(400).json({ error: `role must be one of: ${ROLES.join(', ')}` });
const setClauses = fields.map((f, i) => `${f} = $${i + 1}`).join(', ');
const values = [...fields.map(f => req.body[f]), req.params.id];
const result = await query(
`UPDATE users SET ${setClauses} WHERE id = $${fields.length + 1}
RETURNING id, email, role, is_active, created_at, updated_at`,
values
);
if (!result.rows.length) return res.status(404).json({ error: 'Not found' });
res.json(result.rows[0]);
} catch (err) { next(err); }
});
// DELETE /api/users/:id
router.delete('/:id', async (req, res, next) => {
try {
const result = await query('DELETE FROM users WHERE id = $1 RETURNING id', [req.params.id]);
if (!result.rows.length) return res.status(404).json({ error: 'Not found' });
res.status(204).end();
} catch (err) { next(err); }
});
module.exports = router;