aboutsummaryrefslogtreecommitdiff
path: root/routes/api/private/admin.js
diff options
context:
space:
mode:
Diffstat (limited to 'routes/api/private/admin.js')
-rw-r--r--routes/api/private/admin.js86
1 files changed, 86 insertions, 0 deletions
diff --git a/routes/api/private/admin.js b/routes/api/private/admin.js
new file mode 100644
index 00000000..8b7d7d5f
--- /dev/null
+++ b/routes/api/private/admin.js
@@ -0,0 +1,86 @@
+const router = require("express").Router();
+const mysql = require("mysql2");
+const bcrypt = require("bcryptjs");
+const validateAuthorization = require("../../../functions/validate");
+
+require("dotenv").config();
+const connectionURL = process.env.DATABASE_URL;
+
+router.get("/", (req, res) => {
+ const validationHeader = req.headers.auth;
+ if (validateAuthorization(validationHeader)) {
+ res.status(200).json({
+ message: "Welcome to the Admin API!",
+ });
+ } else {
+ res.status(401).json({
+ message: "Unauthorized",
+ });
+ }
+});
+
+router.post("/create", (req, res) => {
+ // Creates an admin user
+ const validationHeader = req.headers.auth;
+ if (validateAuthorization(validationHeader)) {
+ const connection = mysql.createConnection(connectionURL);
+ connection.connect();
+ const sql =
+ "INSERT INTO Users (username, password, admin) VALUES (?, ?, ?)";
+ const username = req.body.username;
+ const password = req.body.password;
+ const hashedPassword = bcrypt.hashSync(password, 10);
+ const admin = 1;
+ connection.query(
+ sql,
+ [username, hashedPassword, admin],
+ (err, results, fields) => {
+ if (err) {
+ res.status(500).json({
+ message: "Error creating user",
+ error: err,
+ });
+ } else {
+ res.status(201).json({
+ message: "User created",
+ });
+ }
+ }
+ );
+ connection.end();
+ } else {
+ res.status(401).json({
+ message: "Unauthorized",
+ });
+ }
+});
+
+router.post("/delete", (req, res) => {
+ // Deletes an admin user
+ const validationHeader = req.headers.auth;
+ if (validateAuthorization(validationHeader)) {
+ const connection = mysql.createConnection(connectionURL);
+ connection.connect();
+ const sql = "DELETE FROM Users WHERE username = ?";
+ const username = req.body.username;
+ connection.query(sql, [username], (err, results, fields) => {
+ if (err) {
+ res.status(500).json({
+ message: "Error deleting user",
+ error: err,
+ });
+ } else {
+ res.status(200).json({
+ message: "User deleted",
+ });
+ }
+ });
+ connection.end();
+ } else {
+ res.status(401).json({
+ message: "Unauthorized",
+ });
+ }
+});
+
+module.exports = router;
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-06 09:56:51 +0000