ag/gymflow
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases 1 Wiki Activity

Ongoing workout session data is persistent now

Browse Source
This commit is contained in:
AG
2025-11-28 19:00:56 +02:00
parent 4c632e164e
commit d07431e4ff
10 changed files with 375 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
server/src/routes/auth.ts
View File

@@ -62,6 +62,47 @@ router.post('/login', async (req, res) => {
}
});
// Register
router.post('/register', async (req, res) => {
try {
const { email, password } = req.body;
// Check if user already exists
const existingUser = await prisma.user.findUnique({ where: { email } });
if (existingUser) {
return res.status(400).json({ error: 'User already exists' });
}
if (!password || password.length < 4) {
return res.status(400).json({ error: 'Password too short' });
}
const hashedPassword = await bcrypt.hash(password, 10);
const user = await prisma.user.create({
data: {
email,
password: hashedPassword,
role: 'USER',
profile: {
create: {
weight: 70
}
}
},
include: { profile: true }
});
const token = jwt.sign({ userId: user.id, role: user.role }, JWT_SECRET);
const { password: _, ...userSafe } = user;
res.json({ success: true, user: userSafe, token });
} catch (error) {
console.error(error);
res.status(500).json({ error: 'Server error' });
}
});
// Change Password
router.post('/change-password', async (req, res) => {
@@ -138,4 +179,92 @@ router.patch('/profile', async (req, res) => {
}
});
// Admin: Get All Users
router.get('/users', async (req, res) => {
try {
const token = req.headers.authorization?.split(' ')[1];
if (!token) return res.status(401).json({ error: 'Unauthorized' });
const decoded = jwt.verify(token, JWT_SECRET) as any;
if (decoded.role !== 'ADMIN') {
return res.status(403).json({ error: 'Admin access required' });
}
const users = await prisma.user.findMany({
select: {
id: true,
email: true,
role: true,
isBlocked: true,
isFirstLogin: true,
profile: true
}
});
res.json({ success: true, users });
} catch (error) {
console.error(error);
res.status(500).json({ error: 'Server error' });
}
});
// Admin: Delete User
router.delete('/users/:id', async (req, res) => {
try {
const token = req.headers.authorization?.split(' ')[1];
if (!token) return res.status(401).json({ error: 'Unauthorized' });
const decoded = jwt.verify(token, JWT_SECRET) as any;
if (decoded.role !== 'ADMIN') {
return res.status(403).json({ error: 'Admin access required' });
}
const { id } = req.params;
// Prevent deleting self
if (id === decoded.userId) {
return res.status(400).json({ error: 'Cannot delete yourself' });
}
await prisma.user.delete({ where: { id } });
res.json({ success: true });
} catch (error) {
console.error(error);
res.status(500).json({ error: 'Server error' });
}
});
// Admin: Toggle Block User
router.patch('/users/:id/block', async (req, res) => {
try {
const token = req.headers.authorization?.split(' ')[1];
if (!token) return res.status(401).json({ error: 'Unauthorized' });
const decoded = jwt.verify(token, JWT_SECRET) as any;
if (decoded.role !== 'ADMIN') {
return res.status(403).json({ error: 'Admin access required' });
}
const { id } = req.params;
const { block } = req.body;
// Prevent blocking self
if (id === decoded.userId) {
return res.status(400).json({ error: 'Cannot block yourself' });
}
await prisma.user.update({
where: { id },
data: { isBlocked: block }
});
res.json({ success: true });
} catch (error) {
console.error(error);
res.status(500).json({ error: 'Server error' });
}
});
export default router;