import express from 'express'; import pool from '../database.js'; const router = express.Router(); // GET all users (without passwords) router.get('/', async (req, res) => { try { const [rows] = await pool.execute(` SELECT id, username, name, role, permissions, is_active as isActive, created_at as createdAt FROM users ORDER BY created_at DESC `); // Parse permissions JSON const users = rows.map(user => ({ ...user, permissions: user.permissions ? JSON.parse(user.permissions) : [] })); res.json(users); } catch (error) { console.error('Error fetching users:', error); res.status(500).json({ error: 'Failed to fetch users' }); } }); // GET single user router.get('/:id', async (req, res) => { try { const [rows] = await pool.execute(` SELECT id, username, name, role, permissions, is_active as isActive FROM users WHERE id = ? `, [req.params.id]); if (rows.length === 0) { return res.status(404).json({ error: 'User not found' }); } const user = { ...rows[0], permissions: rows[0].permissions ? JSON.parse(rows[0].permissions) : [] }; res.json(user); } catch (error) { console.error('Error fetching user:', error); res.status(500).json({ error: 'Failed to fetch user' }); } }); // POST create user router.post('/', async (req, res) => { try { const { username, password, name, role, permissions } = req.body; // Check if username already exists const [existing] = await pool.execute('SELECT id FROM users WHERE username = ?', [username]); if (existing.length > 0) { return res.status(400).json({ error: 'Username sudah digunakan' }); } const permissionsJson = JSON.stringify(permissions || []); await pool.execute(` INSERT INTO users (username, password, name, role, permissions) VALUES (?, ?, ?, ?, ?) `, [username, password, name, role || 'staff', permissionsJson]); res.status(201).json({ status: 'success', message: 'User created' }); } catch (error) { console.error('Error creating user:', error); res.status(500).json({ error: 'Failed to create user' }); } }); // PUT update user router.put('/:id', async (req, res) => { try { const { username, password, name, role, permissions, isActive } = req.body; const permissionsJson = JSON.stringify(permissions || []); // Check if username already exists (for another user) const [existing] = await pool.execute( 'SELECT id FROM users WHERE username = ? AND id != ?', [username, req.params.id] ); if (existing.length > 0) { return res.status(400).json({ error: 'Username sudah digunakan oleh user lain' }); } if (password && password.trim() !== '') { await pool.execute(` UPDATE users SET username = ?, password = ?, name = ?, role = ?, permissions = ?, is_active = ? WHERE id = ? `, [username, password, name, role, permissionsJson, isActive !== false, req.params.id]); } else { await pool.execute(` UPDATE users SET username = ?, name = ?, role = ?, permissions = ?, is_active = ? WHERE id = ? `, [username, name, role, permissionsJson, isActive !== false, req.params.id]); } res.json({ status: 'success', message: 'User updated' }); } catch (error) { console.error('Error updating user:', error); res.status(500).json({ error: 'Failed to update user' }); } }); // DELETE user router.delete('/:id', async (req, res) => { try { // Prevent deleting the last admin const [admins] = await pool.execute("SELECT id FROM users WHERE role = 'admin' AND is_active = TRUE"); const [userToDelete] = await pool.execute('SELECT role FROM users WHERE id = ?', [req.params.id]); if (userToDelete.length > 0 && userToDelete[0].role === 'admin' && admins.length <= 1) { return res.status(400).json({ error: 'Tidak dapat menghapus admin terakhir' }); } await pool.execute('DELETE FROM users WHERE id = ?', [req.params.id]); res.json({ status: 'success', message: 'User deleted' }); } catch (error) { console.error('Error deleting user:', error); res.status(500).json({ error: 'Failed to delete user' }); } }); // POST login - verify credentials and return user with permissions router.post('/login', async (req, res) => { try { const { username, password } = req.body; const [rows] = await pool.execute(` SELECT id, username, name, role, permissions, is_active as isActive FROM users WHERE username = ? AND password = ? AND is_active = TRUE `, [username, password]); if (rows.length === 0) { return res.status(401).json({ error: 'Username atau password salah' }); } const user = { ...rows[0], permissions: rows[0].permissions ? JSON.parse(rows[0].permissions) : [] }; res.json({ status: 'success', user }); } catch (error) { console.error('Error during login:', error); res.status(500).json({ error: 'Login failed' }); } }); export default router;