boha_admin/app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 26 Wiki Activity

initial commit

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
BOHA
2026-03-23 08:46:51 +01:00
commit 4608494a3f
130 changed files with 40361 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

226
src/routes/admin/users.ts Normal file
View File

@@ -0,0 +1,226 @@
import { FastifyInstance } from 'fastify';
import prisma from '../../config/database';
import { requirePermission } from '../../middleware/auth';
import { logAudit } from '../../services/audit';
import { success, error, parseId } from '../../utils/response';
import { parsePagination, buildPaginationMeta } from '../../utils/pagination';
import bcrypt from 'bcryptjs';
import { config } from '../../config/env';
const ALLOWED_SORT_FIELDS = ['id', 'username', 'email', 'first_name', 'last_name', 'created_at'];
export default async function usersRoutes(fastify: FastifyInstance): Promise<void> {
// GET /api/admin/users
fastify.get('/', { preHandler: requirePermission('users.view') }, async (request, reply) => {
const { page, limit, skip, sort, order, search } = parsePagination(request.query as Record<string, unknown>);
const sortField = ALLOWED_SORT_FIELDS.includes(sort) ? sort : 'id';
const where = search
? {
OR: [
{ username: { contains: search } },
{ email: { contains: search } },
{ first_name: { contains: search } },
{ last_name: { contains: search } },
],
}
: {};
const [users, total] = await Promise.all([
prisma.users.findMany({
where,
skip,
take: limit,
orderBy: { [sortField]: order },
select: {
id: true, username: true, email: true, first_name: true, last_name: true,
role_id: true, is_active: true, last_login: true, totp_enabled: true,
created_at: true, updated_at: true,
roles: { select: { id: true, name: true, display_name: true } },
},
}),
prisma.users.count({ where }),
]);
return reply.send({
success: true,
data: users,
pagination: buildPaginationMeta(total, page, limit),
});
});
// GET /api/admin/users/:id
fastify.get<{ Params: { id: string } }>('/:id', { preHandler: requirePermission('users.view') }, async (request, reply) => {
const id = parseId(request.params.id, reply);
if (id === null) return;
const user = await prisma.users.findUnique({
where: { id },
select: {
id: true, username: true, email: true, first_name: true, last_name: true,
role_id: true, is_active: true, last_login: true, totp_enabled: true,
created_at: true, updated_at: true,
roles: { select: { id: true, name: true, display_name: true } },
},
});
if (!user) return error(reply, 'Uživatel nenalezen', 404);
return success(reply, user);
});
// POST /api/admin/users
fastify.post('/', { preHandler: requirePermission('users.create') }, async (request, reply) => {
const body = request.body as Record<string, unknown>;
const username = body.username ? String(body.username).trim() : '';
const email = body.email ? String(body.email).trim() : '';
const password = body.password ? String(body.password) : '';
const firstName = body.first_name ? String(body.first_name).trim() : '';
const lastName = body.last_name ? String(body.last_name).trim() : '';
const roleId = body.role_id;
// Required fields
if (!username || !email || !password || !firstName || !lastName || !roleId) {
return error(reply, 'Všechna pole jsou povinná', 400);
}
// Password length
if (password.length < 8) {
return error(reply, 'Heslo musí mít alespoň 8 znaků', 400);
}
// Email format
if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
return error(reply, 'Neplatný formát e-mailu', 400);
}
// Username uniqueness
const existingUsername = await prisma.users.findFirst({ where: { username } });
if (existingUsername) {
return error(reply, 'Uživatelské jméno již existuje', 409);
}
// Email uniqueness
const existingEmail = await prisma.users.findFirst({ where: { email } });
if (existingEmail) {
return error(reply, 'E-mail již existuje', 409);
}
const passwordHash = await bcrypt.hash(password, config.security.bcryptCost);
const user = await prisma.users.create({
data: {
username,
email,
password_hash: passwordHash,
first_name: firstName,
last_name: lastName,
role_id: roleId ? Number(roleId) : null,
is_active: body.is_active !== false,
},
});
await logAudit({
request,
authData: request.authData,
action: 'create',
entityType: 'user',
entityId: user.id,
description: `Vytvořen uživatel ${user.username}`,
});
return success(reply, { id: user.id }, 201, 'Uživatel byl vytvořen');
});
// PUT /api/admin/users/:id
fastify.put<{ Params: { id: string } }>('/:id', { preHandler: requirePermission('users.edit') }, async (request, reply) => {
const id = parseId(request.params.id, reply);
if (id === null) return;
const body = request.body as Record<string, unknown>;
const existing = await prisma.users.findUnique({ where: { id } });
if (!existing) return error(reply, 'Uživatel nenalezen', 404);
const data: Record<string, unknown> = {};
// Username validation and uniqueness
if (body.username !== undefined) {
const newUsername = String(body.username).trim();
if (newUsername !== existing.username) {
const existingUsername = await prisma.users.findFirst({ where: { username: newUsername } });
if (existingUsername) {
return error(reply, 'Uživatelské jméno již existuje', 409);
}
}
data.username = newUsername;
}
// Email validation and uniqueness
if (body.email !== undefined) {
const newEmail = String(body.email).trim();
if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(newEmail)) {
return error(reply, 'Neplatný formát e-mailu', 400);
}
const existingEmail = await prisma.users.findFirst({
where: { email: newEmail, id: { not: id } },
});
if (existingEmail) {
return error(reply, 'E-mail již existuje', 409);
}
data.email = newEmail;
}
if (body.first_name !== undefined) data.first_name = String(body.first_name);
if (body.last_name !== undefined) data.last_name = String(body.last_name);
if (body.role_id !== undefined) data.role_id = body.role_id ? Number(body.role_id) : null;
if (body.is_active !== undefined) data.is_active = body.is_active === true || body.is_active === 1 || body.is_active === '1';
if (body.password) {
const newPassword = String(body.password);
if (newPassword.length < 8) {
return error(reply, 'Heslo musí mít alespoň 8 znaků', 400);
}
data.password_hash = await bcrypt.hash(newPassword, config.security.bcryptCost);
data.password_changed_at = new Date();
}
await prisma.users.update({ where: { id }, data });
await logAudit({
request,
authData: request.authData,
action: 'update',
entityType: 'user',
entityId: id,
description: `Upraven uživatel ${existing.username}`,
});
return success(reply, { id }, 200, 'Uživatel byl uložen');
});
// DELETE /api/admin/users/:id
fastify.delete<{ Params: { id: string } }>('/:id', { preHandler: requirePermission('users.delete') }, async (request, reply) => {
const id = parseId(request.params.id, reply);
if (id === null) return;
const authData = request.authData;
if (id === authData?.userId) {
return error(reply, 'Nelze smazat vlastní účet', 400);
}
const existing = await prisma.users.findUnique({ where: { id } });
if (!existing) return error(reply, 'Uživatel nenalezen', 404);
await prisma.refresh_tokens.deleteMany({ where: { user_id: id } });
await prisma.users.delete({ where: { id } });
await logAudit({
request,
authData: request.authData,
action: 'delete',
entityType: 'user',
entityId: id,
description: `Smazán uživatel ${existing.username}`,
});
return success(reply, null, 200, 'Uživatel smazán');
});
}