mirror of
https://github.com/kjanat/livedash-node.git
synced 2026-01-16 10:12:09 +01:00
Kaj Kowalski
38aff21c3a
Security Enhancements: - Implemented proper rate limiting with automatic cleanup for /register and /forgot-password endpoints - Added memory usage protection with MAX_ENTRIES limit (10000) - Fixed rate limiter memory leaks by adding cleanup intervals - Improved IP extraction with x-real-ip and x-client-ip header support Code Quality Improvements: - Refactored ProcessingStatusManager from individual functions to class-based architecture - Maintained backward compatibility with singleton instance pattern - Fixed TypeScript strict mode violations across the codebase - Resolved all build errors and type mismatches UI Component Fixes: - Removed unused chart components (Charts.tsx, DonutChart.tsx) - Fixed calendar component type issues by removing unused custom implementations - Resolved theme provider type imports - Fixed confetti component default options handling - Corrected pointer component coordinate type definitions Type System Improvements: - Extended NextAuth types to support dual auth systems (regular and platform users) - Fixed nullable type handling throughout the codebase - Resolved Prisma JSON field type compatibility issues - Corrected SessionMessage and ImportRecord interface definitions - Fixed ES2015 iteration compatibility issues Database & Performance: - Updated database pool configuration for Prisma adapter compatibility - Fixed pagination response structure in user management endpoints - Improved error handling with proper error class usage Testing & Build: - All TypeScript compilation errors resolved - ESLint warnings remain but no errors - Build completes successfully with proper static generation
83 lines
2.4 KiB
TypeScript
83 lines
2.4 KiB
TypeScript
import crypto from "node:crypto";
|
|
import bcrypt from "bcryptjs";
|
|
import { type NextRequest, NextResponse } from "next/server";
|
|
import { getServerSession } from "next-auth";
|
|
import { authOptions } from "../../../../lib/auth";
|
|
import { prisma } from "../../../../lib/prisma";
|
|
|
|
interface UserBasicInfo {
|
|
id: string;
|
|
email: string;
|
|
role: string;
|
|
}
|
|
|
|
export async function GET(_request: NextRequest) {
|
|
const session = await getServerSession(authOptions);
|
|
if (!session?.user || session.user.role !== "ADMIN") {
|
|
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
|
}
|
|
|
|
const user = await prisma.user.findUnique({
|
|
where: { email: session.user.email as string },
|
|
});
|
|
|
|
if (!user) {
|
|
return NextResponse.json({ error: "No user" }, { status: 401 });
|
|
}
|
|
|
|
const users = await prisma.user.findMany({
|
|
where: { companyId: user.companyId },
|
|
take: 1000, // Limit to prevent unbounded queries
|
|
orderBy: { createdAt: "desc" },
|
|
});
|
|
|
|
const mappedUsers: UserBasicInfo[] = users.map((u) => ({
|
|
id: u.id,
|
|
email: u.email,
|
|
role: u.role,
|
|
}));
|
|
|
|
return NextResponse.json({ users: mappedUsers });
|
|
}
|
|
|
|
export async function POST(request: NextRequest) {
|
|
const session = await getServerSession(authOptions);
|
|
if (!session?.user || session.user.role !== "ADMIN") {
|
|
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
|
}
|
|
|
|
const user = await prisma.user.findUnique({
|
|
where: { email: session.user.email as string },
|
|
});
|
|
|
|
if (!user) {
|
|
return NextResponse.json({ error: "No user" }, { status: 401 });
|
|
}
|
|
|
|
const body = await request.json();
|
|
const { email, role } = body;
|
|
|
|
if (!email || !role) {
|
|
return NextResponse.json({ error: "Missing fields" }, { status: 400 });
|
|
}
|
|
|
|
const exists = await prisma.user.findUnique({ where: { email } });
|
|
if (exists) {
|
|
return NextResponse.json({ error: "Email exists" }, { status: 409 });
|
|
}
|
|
|
|
const tempPassword = crypto.randomBytes(12).toString("base64").slice(0, 12); // secure random initial password
|
|
|
|
await prisma.user.create({
|
|
data: {
|
|
email,
|
|
password: await bcrypt.hash(tempPassword, 10),
|
|
companyId: user.companyId,
|
|
role,
|
|
},
|
|
});
|
|
|
|
// TODO: Email user their temp password (stub, for demo) - Implement a robust and secure email sending mechanism. Consider using a transactional email service.
|
|
return NextResponse.json({ ok: true, tempPassword });
|
|
}
|