hammer/network-app-api
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
229b9407c2976ad8aa6afc020419738c76b371b7
network-app-api/src/routes/admin.ts
Hammer 7634306832 fix: resolve TypeScript errors for CI pipeline 
- Fix pg-boss Job type imports (PgBoss.Job -> Job from pg-boss)
- Replace deprecated teamConcurrency with localConcurrency
- Add null checks for possibly undefined values (clients, import rows)
- Fix tone type narrowing in profile.ts
- Fix test type assertions (non-null assertions, explicit Record types)
- Extract auth middleware into shared module
- Fix rate limiter Map generic type
2026-01-30 03:27:58 +00:00

164 lines
4.7 KiB
TypeScript
Raw Blame History

import { authMiddleware } from '../middleware/auth';
import { Elysia, t } from 'elysia';
import { db } from '../db';
import { users, invites, passwordResetTokens } from '../db/schema';
import { eq, desc } from 'drizzle-orm';
import { auth } from '../lib/auth';
import type { User } from '../lib/auth';
export const adminRoutes = new Elysia({ prefix: '/admin' })
.use(authMiddleware)
// Admin guard — all routes in this group require admin role
.onBeforeHandle(({ user, set }: { user: User; set: any }) => {
if ((user as any).role !== 'admin') {
set.status = 403;
throw new Error('Forbidden: admin access required');
}
})
// List all users
.get('/users', async () => {
const allUsers = await db.select({
id: users.id,
name: users.name,
email: users.email,
role: users.role,
createdAt: users.createdAt,
})
.from(users)
.orderBy(desc(users.createdAt));
return allUsers;
})
// Update user role
.put('/users/:id/role', async ({ params, body, user, set }: {
params: { id: string };
body: { role: string };
user: User;
set: any;
}) => {
// Can't change own role
if (params.id === user.id) {
set.status = 400;
throw new Error('Cannot change your own role');
}
if (!['admin', 'user'].includes(body.role)) {
set.status = 400;
throw new Error('Invalid role');
}
const [updated] = await db.update(users)
.set({ role: body.role, updatedAt: new Date() })
.where(eq(users.id, params.id))
.returning({ id: users.id, role: users.role });
if (!updated) throw new Error('User not found');
return updated;
}, {
params: t.Object({ id: t.String() }),
body: t.Object({ role: t.String() }),
})
// Delete user
.delete('/users/:id', async ({ params, user, set }: {
params: { id: string };
user: User;
set: any;
}) => {
if (params.id === user.id) {
set.status = 400;
throw new Error('Cannot delete yourself');
}
const [deleted] = await db.delete(users)
.where(eq(users.id, params.id))
.returning({ id: users.id });
if (!deleted) throw new Error('User not found');
return { success: true, id: deleted.id };
}, {
params: t.Object({ id: t.String() }),
})
// Create invite
.post('/invites', async ({ body, user }: { body: { email: string; name: string; role?: string }; user: User }) => {
const token = crypto.randomUUID();
const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000); // 7 days
const [invite] = await db.insert(invites).values({
email: body.email,
name: body.name,
role: body.role || 'user',
token,
invitedBy: user.id,
status: 'pending',
expiresAt,
}).returning();
const frontendUrl = process.env.FRONTEND_URL || process.env.ALLOWED_ORIGINS?.split(',')[0] || 'https://app.thenetwork.donovankelly.xyz';
const setupUrl = `${frontendUrl}/invite/${token}`;
return { ...invite, setupUrl };
}, {
body: t.Object({
email: t.String({ format: 'email' }),
name: t.String({ minLength: 1 }),
role: t.Optional(t.String()),
}),
})
// List invites
.get('/invites', async () => {
const allInvites = await db.select()
.from(invites)
.orderBy(desc(invites.createdAt));
return allInvites;
})
// Generate password reset link for a user (admin-initiated)
.post('/users/:id/reset-password', async ({ params, set }: {
params: { id: string };
set: any;
}) => {
// Check user exists
const [targetUser] = await db.select({ id: users.id, email: users.email })
.from(users)
.where(eq(users.id, params.id))
.limit(1);
if (!targetUser) {
set.status = 404;
throw new Error('User not found');
}
const token = crypto.randomUUID();
const expiresAt = new Date(Date.now() + 24 * 60 * 60 * 1000); // 24 hours for admin-generated links
await db.insert(passwordResetTokens).values({
userId: targetUser.id,
token,
expiresAt,
});
const frontendUrl = process.env.FRONTEND_URL || process.env.ALLOWED_ORIGINS?.split(',')[0] || 'https://app.thenetwork.donovankelly.xyz';
const resetUrl = `${frontendUrl}/reset-password/${token}`;
return { resetUrl, email: targetUser.email };
}, {
params: t.Object({ id: t.String() }),
})
// Revoke invite
.delete('/invites/:id', async ({ params }: { params: { id: string } }) => {
const [deleted] = await db.delete(invites)
.where(eq(invites.id, params.id))
.returning({ id: invites.id });
if (!deleted) throw new Error('Invite not found');
return { success: true, id: deleted.id };
}, {
params: t.Object({ id: t.String() }),
});
Reference in New Issue View Git Blame Copy Permalink