feat: session-based auth, admin roles, user management

- All logged-in users can create/edit/manage tasks (no bearer token needed) - Added user role system (user/admin) - Donovan's account auto-promoted to admin on startup - Admin page: view users, change roles, delete users - /api/me endpoint returns current user info + role - /api/admin/* routes (admin-only) - Removed bearer token UI from frontend - Bearer token still works for API/bot access
2026-01-29 01:33:18 +00:00
parent 210fba6027
commit 93746f0f71
8 changed files with 401 additions and 111 deletions
--- a/frontend/src/lib/api.ts
+++ b/frontend/src/lib/api.ts
@@ -11,29 +11,27 @@ export async function fetchTasks(): Promise<Task[]> {
 export async function updateTask(
  id: string,
  updates: Record<string, any>,
-  token: string
+  token?: string
 ): Promise<Task> {
+  const headers: Record<string, string> = { "Content-Type": "application/json" };
+  if (token) headers["Authorization"] = `Bearer ${token}`;
  const res = await fetch(`${BASE}/${id}`, {
    method: "PATCH",
    credentials: "include",
-    headers: {
-      "Content-Type": "application/json",
-      Authorization: `Bearer ${token}`,
-    },
+    headers,
    body: JSON.stringify(updates),
  });
  if (!res.ok) throw new Error("Failed to update task");
  return res.json();
 }

-export async function reorderTasks(ids: string[], token: string): Promise<void> {
+export async function reorderTasks(ids: string[], token?: string): Promise<void> {
+  const headers: Record<string, string> = { "Content-Type": "application/json" };
+  if (token) headers["Authorization"] = `Bearer ${token}`;
  const res = await fetch(`${BASE}/reorder`, {
    method: "PATCH",
    credentials: "include",
-    headers: {
-      "Content-Type": "application/json",
-      Authorization: `Bearer ${token}`,
-    },
+    headers,
    body: JSON.stringify({ ids }),
  });
  if (!res.ok) throw new Error("Failed to reorder tasks");
@@ -41,26 +39,53 @@ export async function reorderTasks(ids: string[], token: string): Promise<void>

 export async function createTask(
  task: { title: string; description?: string; source?: string; priority?: string; status?: string },
-  token: string
+  token?: string
 ): Promise<Task> {
+  const headers: Record<string, string> = { "Content-Type": "application/json" };
+  if (token) headers["Authorization"] = `Bearer ${token}`;
  const res = await fetch(BASE, {
    method: "POST",
    credentials: "include",
-    headers: {
-      "Content-Type": "application/json",
-      Authorization: `Bearer ${token}`,
-    },
+    headers,
    body: JSON.stringify(task),
  });
  if (!res.ok) throw new Error("Failed to create task");
  return res.json();
 }

-export async function deleteTask(id: string, token: string): Promise<void> {
+export async function deleteTask(id: string, token?: string): Promise<void> {
+  const headers: Record<string, string> = {};
+  if (token) headers["Authorization"] = `Bearer ${token}`;
  const res = await fetch(`${BASE}/${id}`, {
    method: "DELETE",
    credentials: "include",
-    headers: { Authorization: `Bearer ${token}` },
+    headers,
  });
  if (!res.ok) throw new Error("Failed to delete task");
 }
+
+// Admin API
+export async function fetchUsers(): Promise<any[]> {
+  const res = await fetch("/api/admin/users", { credentials: "include" });
+  if (!res.ok) throw new Error("Failed to fetch users");
+  return res.json();
+}
+
+export async function updateUserRole(userId: string, role: string): Promise<any> {
+  const res = await fetch(`/api/admin/users/${userId}/role`, {
+    method: "PATCH",
+    credentials: "include",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ role }),
+  });
+  if (!res.ok) throw new Error("Failed to update user role");
+  return res.json();
+}
+
+export async function deleteUser(userId: string): Promise<void> {
+  const res = await fetch(`/api/admin/users/${userId}`, {
+    method: "DELETE",
+    credentials: "include",
+  });
+  if (!res.ok) throw new Error("Failed to delete user");
+}