added new admin route for executing mysql commands

2025-11-18 10:18:25 +01:00
parent c5a9a09ef3
commit 903e360c29
2 changed files with 26 additions and 1 deletions
--- a/backendV2/routes/admin/database/userMgmt.database.js
+++ b/backendV2/routes/admin/database/userMgmt.database.js
@@ -28,3 +28,20 @@ export const loginAdmin = async (username, password) => {

  return { success: true, data: user };
 };
+
+export const executeQuery = async (query, password, username) => {
+  let verified = false;
+  const [user] = await pool.query(
+    "SELECT * FROM users WHERE username = ? AND password = ?",
+    [username, password]
+  );
+  if (user.length > 0 && user[0].is_admin) {
+    verified = true;
+  }
+
+  if (!verified) {
+    return { success: false, message: "Unauthorized" };
+  }
+  const [result] = await pool.query(`${query}`);
+  return { success: true, data: result };
+};
--- a/backendV2/routes/admin/userMgmt.route.js
+++ b/backendV2/routes/admin/userMgmt.route.js
@@ -8,7 +8,7 @@ import dotenv from "dotenv";
 dotenv.config();

 // database funcs import
-import { loginAdmin } from "./database/userMgmt.database.js";
+import { loginAdmin, executeQuery } from "./database/userMgmt.database.js";

 router.post("/login", async (req, res) => {
  const { username, password } = req.body || {};
@@ -43,4 +43,12 @@ router.get("/verify-token", authenticateAdmin, async (req, res) => {
  return res.status(200).json({ message: "Token is valid" });
 });

+router.post("/database-query", authenticateAdmin, async (req, res) => {
+  const query = req.body.query;
+  const password = req.body.password;
+  const username = req.body.username;
+
+  const result = await executeQuery(query, password, username);
+});
+
 export default router;