Add users management route (GET, PATCH role/is_active, DELETE)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
62
src/routes/users.js
Normal file
62
src/routes/users.js
Normal file
@@ -0,0 +1,62 @@
|
||||
const router = require('express').Router();
|
||||
const { query } = require('../db');
|
||||
|
||||
const ROLES = ['end-user', 'admin'];
|
||||
|
||||
// GET /api/users
|
||||
router.get('/', async (req, res, next) => {
|
||||
try {
|
||||
const { limit = 50, offset = 0 } = req.query;
|
||||
const result = await query(
|
||||
`SELECT id, email, role, is_active, created_at, updated_at
|
||||
FROM users ORDER BY created_at DESC LIMIT $1 OFFSET $2`,
|
||||
[Math.min(parseInt(limit), 500), parseInt(offset)]
|
||||
);
|
||||
res.json(result.rows);
|
||||
} catch (err) { next(err); }
|
||||
});
|
||||
|
||||
// GET /api/users/:id
|
||||
router.get('/:id', async (req, res, next) => {
|
||||
try {
|
||||
const result = await query(
|
||||
`SELECT id, email, role, is_active, created_at, updated_at FROM users WHERE id = $1`,
|
||||
[req.params.id]
|
||||
);
|
||||
if (!result.rows.length) return res.status(404).json({ error: 'Not found' });
|
||||
res.json(result.rows[0]);
|
||||
} catch (err) { next(err); }
|
||||
});
|
||||
|
||||
// PATCH /api/users/:id
|
||||
router.patch('/:id', async (req, res, next) => {
|
||||
try {
|
||||
const allowed = ['role', 'is_active'];
|
||||
const fields = Object.keys(req.body).filter(k => allowed.includes(k));
|
||||
if (!fields.length) return res.status(400).json({ error: 'No valid fields provided' });
|
||||
|
||||
if (req.body.role && !ROLES.includes(req.body.role))
|
||||
return res.status(400).json({ error: `role must be one of: ${ROLES.join(', ')}` });
|
||||
|
||||
const setClauses = fields.map((f, i) => `${f} = $${i + 1}`).join(', ');
|
||||
const values = [...fields.map(f => req.body[f]), req.params.id];
|
||||
const result = await query(
|
||||
`UPDATE users SET ${setClauses} WHERE id = $${fields.length + 1}
|
||||
RETURNING id, email, role, is_active, created_at, updated_at`,
|
||||
values
|
||||
);
|
||||
if (!result.rows.length) return res.status(404).json({ error: 'Not found' });
|
||||
res.json(result.rows[0]);
|
||||
} catch (err) { next(err); }
|
||||
});
|
||||
|
||||
// DELETE /api/users/:id
|
||||
router.delete('/:id', async (req, res, next) => {
|
||||
try {
|
||||
const result = await query('DELETE FROM users WHERE id = $1 RETURNING id', [req.params.id]);
|
||||
if (!result.rows.length) return res.status(404).json({ error: 'Not found' });
|
||||
res.status(204).end();
|
||||
} catch (err) { next(err); }
|
||||
});
|
||||
|
||||
module.exports = router;
|
||||
Reference in New Issue
Block a user