feat: implement user management features including user deletion and role-based access

2025-07-23 14:55:21 +02:00
parent 584473ba41
commit 4fed3d96f6
10 changed files with 248 additions and 86 deletions
--- a/backend/server.js
+++ b/backend/server.js
@@ -23,7 +23,7 @@ app.use(cookieParser());
 app.post("/api/login", async (req, res) => {
  try {
    const result = await loginUser(req.body.username, req.body.password);
-    if (result.success && result.role === "admin") {
+    if (result.success && result.user.role === "admin") {
      const userToken = await generateToken({
        role: result.user.role,
        username: result.user.username,
@@ -35,8 +35,10 @@ app.post("/api/login", async (req, res) => {
        token: userToken,
        ...result,
      });
-    } else if (result.success && result.role === "user") {
-      
+    } else if (result.success && result.user.role === "user") {
+      // PROBLEM BELOW DOESNT WORK
+      // FIX LATER
+      res.redirect("http://localhost:5003");
    } else {
      res.status(401).json(result, { message: "Invalid credentials" });
    }
@@ -68,6 +70,28 @@ app.get("/api/getAllUsers", authenticate, async (req, res) => {
  }
 });

+app.post("/api/deleteUser", authenticate, async (req, res) => {
+  if (req.user.role === "admin") {
+    deleteUser(req.body.id)
+      .then((result) => {
+        if (result.success) {
+          res.status(200).json(result);
+        } else {
+          throw new Error("Failed to delete user");
+        }
+      })
+      .catch((err) => {
+        console.error("Error deleting user:", err);
+        res
+          .status(500)
+          .json({ success: false, message: "Internal server error" });
+      });
+    console.log("User deleted successfully");
+  } else {
+    console.log("Access denied for user role");
+  }
+});
+
 app.listen(port, () => {
  console.log(`Express backend server is running at http://localhost:${port}`);
 });