mirror of
https://github.com/kjanat/livedash-node.git
synced 2026-01-16 15:12:09 +01:00
Kaj Kowalski
93fbb44eec
Major code quality overhaul addressing 58% of all linting issues: • Type Safety Improvements: - Replace all any types with proper TypeScript interfaces - Fix Map component shadowing (renamed to CountryMap) - Add comprehensive custom error classes system - Enhance API route type safety • Accessibility Enhancements: - Add explicit button types to all interactive elements - Implement useId() hooks for form element accessibility - Add SVG title attributes for screen readers - Fix static element interactions with keyboard handlers • React Best Practices: - Resolve exhaustive dependencies warnings with useCallback - Extract nested component definitions to top level - Fix array index keys with proper unique identifiers - Improve component organization and prop typing • Code Organization: - Automatic import organization and type import optimization - Fix unused function parameters and variables - Enhanced error handling with structured error responses - Improve component reusability and maintainability Results: 248 → 104 total issues (58% reduction) - Fixed all critical type safety and security issues - Enhanced accessibility compliance significantly - Improved code maintainability and performance
81 lines
2.3 KiB
TypeScript
81 lines
2.3 KiB
TypeScript
import crypto from "node:crypto";
|
|
import bcrypt from "bcryptjs";
|
|
import { type NextRequest, NextResponse } from "next/server";
|
|
import { getServerSession } from "next-auth";
|
|
import { authOptions } from "../../../../lib/auth";
|
|
import { prisma } from "../../../../lib/prisma";
|
|
|
|
interface UserBasicInfo {
|
|
id: string;
|
|
email: string;
|
|
role: string;
|
|
}
|
|
|
|
export async function GET(_request: NextRequest) {
|
|
const session = await getServerSession(authOptions);
|
|
if (!session?.user || session.user.role !== "ADMIN") {
|
|
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
|
}
|
|
|
|
const user = await prisma.user.findUnique({
|
|
where: { email: session.user.email as string },
|
|
});
|
|
|
|
if (!user) {
|
|
return NextResponse.json({ error: "No user" }, { status: 401 });
|
|
}
|
|
|
|
const users = await prisma.user.findMany({
|
|
where: { companyId: user.companyId },
|
|
});
|
|
|
|
const mappedUsers: UserBasicInfo[] = users.map((u) => ({
|
|
id: u.id,
|
|
email: u.email,
|
|
role: u.role,
|
|
}));
|
|
|
|
return NextResponse.json({ users: mappedUsers });
|
|
}
|
|
|
|
export async function POST(request: NextRequest) {
|
|
const session = await getServerSession(authOptions);
|
|
if (!session?.user || session.user.role !== "ADMIN") {
|
|
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
|
}
|
|
|
|
const user = await prisma.user.findUnique({
|
|
where: { email: session.user.email as string },
|
|
});
|
|
|
|
if (!user) {
|
|
return NextResponse.json({ error: "No user" }, { status: 401 });
|
|
}
|
|
|
|
const body = await request.json();
|
|
const { email, role } = body;
|
|
|
|
if (!email || !role) {
|
|
return NextResponse.json({ error: "Missing fields" }, { status: 400 });
|
|
}
|
|
|
|
const exists = await prisma.user.findUnique({ where: { email } });
|
|
if (exists) {
|
|
return NextResponse.json({ error: "Email exists" }, { status: 409 });
|
|
}
|
|
|
|
const tempPassword = crypto.randomBytes(12).toString("base64").slice(0, 12); // secure random initial password
|
|
|
|
await prisma.user.create({
|
|
data: {
|
|
email,
|
|
password: await bcrypt.hash(tempPassword, 10),
|
|
companyId: user.companyId,
|
|
role,
|
|
},
|
|
});
|
|
|
|
// TODO: Email user their temp password (stub, for demo) - Implement a robust and secure email sending mechanism. Consider using a transactional email service.
|
|
return NextResponse.json({ ok: true, tempPassword });
|
|
}
|