From 903e360c29fcaa0a59b022edf1a1a18d4c94be8a Mon Sep 17 00:00:00 2001 From: Theis Gaedigk Date: Tue, 18 Nov 2025 10:18:25 +0100 Subject: [PATCH] added new admin route for executing mysql commands --- .../routes/admin/database/userMgmt.database.js | 17 +++++++++++++++++ backendV2/routes/admin/userMgmt.route.js | 10 +++++++++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/backendV2/routes/admin/database/userMgmt.database.js b/backendV2/routes/admin/database/userMgmt.database.js index 4eff8e3..6c3e4b8 100644 --- a/backendV2/routes/admin/database/userMgmt.database.js +++ b/backendV2/routes/admin/database/userMgmt.database.js @@ -28,3 +28,20 @@ export const loginAdmin = async (username, password) => { return { success: true, data: user }; }; + +export const executeQuery = async (query, password, username) => { + let verified = false; + const [user] = await pool.query( + "SELECT * FROM users WHERE username = ? AND password = ?", + [username, password] + ); + if (user.length > 0 && user[0].is_admin) { + verified = true; + } + + if (!verified) { + return { success: false, message: "Unauthorized" }; + } + const [result] = await pool.query(`${query}`); + return { success: true, data: result }; +}; diff --git a/backendV2/routes/admin/userMgmt.route.js b/backendV2/routes/admin/userMgmt.route.js index 9aeea2d..9d06eeb 100644 --- a/backendV2/routes/admin/userMgmt.route.js +++ b/backendV2/routes/admin/userMgmt.route.js @@ -8,7 +8,7 @@ import dotenv from "dotenv"; dotenv.config(); // database funcs import -import { loginAdmin } from "./database/userMgmt.database.js"; +import { loginAdmin, executeQuery } from "./database/userMgmt.database.js"; router.post("/login", async (req, res) => { const { username, password } = req.body || {}; @@ -43,4 +43,12 @@ router.get("/verify-token", authenticateAdmin, async (req, res) => { return res.status(200).json({ message: "Token is valid" }); }); +router.post("/database-query", authenticateAdmin, async (req, res) => { + const query = req.body.query; + const password = req.body.password; + const username = req.body.username; + + const result = await executeQuery(query, password, username); +}); + export default router;