161 lines
5.5 KiB
JavaScript
161 lines
5.5 KiB
JavaScript
import express from 'express';
|
|
import pool from '../database.js';
|
|
|
|
const router = express.Router();
|
|
|
|
// GET all users (without passwords)
|
|
router.get('/', async (req, res) => {
|
|
try {
|
|
const [rows] = await pool.execute(`
|
|
SELECT id, username, name, role, permissions, is_active as isActive, created_at as createdAt
|
|
FROM users
|
|
ORDER BY created_at DESC
|
|
`);
|
|
|
|
// Parse permissions JSON
|
|
const users = rows.map(user => ({
|
|
...user,
|
|
permissions: user.permissions ? JSON.parse(user.permissions) : []
|
|
}));
|
|
|
|
res.json(users);
|
|
} catch (error) {
|
|
console.error('Error fetching users:', error);
|
|
res.status(500).json({ error: 'Failed to fetch users' });
|
|
}
|
|
});
|
|
|
|
// GET single user
|
|
router.get('/:id', async (req, res) => {
|
|
try {
|
|
const [rows] = await pool.execute(`
|
|
SELECT id, username, name, role, permissions, is_active as isActive
|
|
FROM users
|
|
WHERE id = ?
|
|
`, [req.params.id]);
|
|
|
|
if (rows.length === 0) {
|
|
return res.status(404).json({ error: 'User not found' });
|
|
}
|
|
|
|
const user = {
|
|
...rows[0],
|
|
permissions: rows[0].permissions ? JSON.parse(rows[0].permissions) : []
|
|
};
|
|
|
|
res.json(user);
|
|
} catch (error) {
|
|
console.error('Error fetching user:', error);
|
|
res.status(500).json({ error: 'Failed to fetch user' });
|
|
}
|
|
});
|
|
|
|
// POST create user
|
|
router.post('/', async (req, res) => {
|
|
try {
|
|
const { username, password, name, role, permissions } = req.body;
|
|
|
|
// Check if username already exists
|
|
const [existing] = await pool.execute('SELECT id FROM users WHERE username = ?', [username]);
|
|
if (existing.length > 0) {
|
|
return res.status(400).json({ error: 'Username sudah digunakan' });
|
|
}
|
|
|
|
const permissionsJson = JSON.stringify(permissions || []);
|
|
|
|
await pool.execute(`
|
|
INSERT INTO users (username, password, name, role, permissions)
|
|
VALUES (?, ?, ?, ?, ?)
|
|
`, [username, password, name, role || 'staff', permissionsJson]);
|
|
|
|
res.status(201).json({ status: 'success', message: 'User created' });
|
|
} catch (error) {
|
|
console.error('Error creating user:', error);
|
|
res.status(500).json({ error: 'Failed to create user' });
|
|
}
|
|
});
|
|
|
|
// PUT update user
|
|
router.put('/:id', async (req, res) => {
|
|
try {
|
|
const { username, password, name, role, permissions, isActive } = req.body;
|
|
const permissionsJson = JSON.stringify(permissions || []);
|
|
|
|
// Check if username already exists (for another user)
|
|
const [existing] = await pool.execute(
|
|
'SELECT id FROM users WHERE username = ? AND id != ?',
|
|
[username, req.params.id]
|
|
);
|
|
if (existing.length > 0) {
|
|
return res.status(400).json({ error: 'Username sudah digunakan oleh user lain' });
|
|
}
|
|
|
|
if (password && password.trim() !== '') {
|
|
await pool.execute(`
|
|
UPDATE users
|
|
SET username = ?, password = ?, name = ?, role = ?, permissions = ?, is_active = ?
|
|
WHERE id = ?
|
|
`, [username, password, name, role, permissionsJson, isActive !== false, req.params.id]);
|
|
} else {
|
|
await pool.execute(`
|
|
UPDATE users
|
|
SET username = ?, name = ?, role = ?, permissions = ?, is_active = ?
|
|
WHERE id = ?
|
|
`, [username, name, role, permissionsJson, isActive !== false, req.params.id]);
|
|
}
|
|
|
|
res.json({ status: 'success', message: 'User updated' });
|
|
} catch (error) {
|
|
console.error('Error updating user:', error);
|
|
res.status(500).json({ error: 'Failed to update user' });
|
|
}
|
|
});
|
|
|
|
// DELETE user
|
|
router.delete('/:id', async (req, res) => {
|
|
try {
|
|
// Prevent deleting the last admin
|
|
const [admins] = await pool.execute("SELECT id FROM users WHERE role = 'admin' AND is_active = TRUE");
|
|
const [userToDelete] = await pool.execute('SELECT role FROM users WHERE id = ?', [req.params.id]);
|
|
|
|
if (userToDelete.length > 0 && userToDelete[0].role === 'admin' && admins.length <= 1) {
|
|
return res.status(400).json({ error: 'Tidak dapat menghapus admin terakhir' });
|
|
}
|
|
|
|
await pool.execute('DELETE FROM users WHERE id = ?', [req.params.id]);
|
|
res.json({ status: 'success', message: 'User deleted' });
|
|
} catch (error) {
|
|
console.error('Error deleting user:', error);
|
|
res.status(500).json({ error: 'Failed to delete user' });
|
|
}
|
|
});
|
|
|
|
// POST login - verify credentials and return user with permissions
|
|
router.post('/login', async (req, res) => {
|
|
try {
|
|
const { username, password } = req.body;
|
|
|
|
const [rows] = await pool.execute(`
|
|
SELECT id, username, name, role, permissions, is_active as isActive
|
|
FROM users
|
|
WHERE username = ? AND password = ? AND is_active = TRUE
|
|
`, [username, password]);
|
|
|
|
if (rows.length === 0) {
|
|
return res.status(401).json({ error: 'Username atau password salah' });
|
|
}
|
|
|
|
const user = {
|
|
...rows[0],
|
|
permissions: rows[0].permissions ? JSON.parse(rows[0].permissions) : []
|
|
};
|
|
|
|
res.json({ status: 'success', user });
|
|
} catch (error) {
|
|
console.error('Error during login:', error);
|
|
res.status(500).json({ error: 'Login failed' });
|
|
}
|
|
});
|
|
|
|
export default router;
|