added new admin route for executing mysql commands

2025-11-18 10:18:25 +01:00
parent c5a9a09ef3
commit 903e360c29
2 changed files with 26 additions and 1 deletions
--- a/backendV2/routes/admin/database/userMgmt.database.js
+++ b/backendV2/routes/admin/database/userMgmt.database.js
@@ -28,3 +28,20 @@ export const loginAdmin = async (username, password) => {
  return { success: true, data: user };
 };
 export const executeQuery = async (query, password, username) => {
  let verified = false;
  const [user] = await pool.query(
    "SELECT * FROM users WHERE username = ? AND password = ?",
    [username, password]
  );
  if (user.length > 0 && user[0].is_admin) {
    verified = true;
  }
  if (!verified) {
    return { success: false, message: "Unauthorized" };
  }
  const [result] = await pool.query(`${query}`);
  return { success: true, data: result };
 };
--- a/backendV2/routes/admin/userMgmt.route.js
+++ b/backendV2/routes/admin/userMgmt.route.js
@@ -8,7 +8,7 @@ import dotenv from "dotenv";
 dotenv.config();
 // database funcs import
-import { loginAdmin } from "./database/userMgmt.database.js";
+import { loginAdmin, executeQuery } from "./database/userMgmt.database.js";
 router.post("/login", async (req, res) => {
  const { username, password } = req.body || {};
@@ -43,4 +43,12 @@ router.get("/verify-token", authenticateAdmin, async (req, res) => {
  return res.status(200).json({ message: "Token is valid" });
 });
 router.post("/database-query", authenticateAdmin, async (req, res) => {
  const query = req.body.query;
  const password = req.body.password;
  const username = req.body.username;
  const result = await executeQuery(query, password, username);
 });
 export default router;