Software: Apache. PHP/8.1.30 uname -a: Linux server1.tuhinhossain.com 5.15.0-163-generic #173-Ubuntu SMP Tue Oct 14 17:51:00 UTC uid=1002(picotech) gid=1003(picotech) groups=1003(picotech),0(root) Safe-mode: OFF (not secure) /home/picotech/domains/rentals.picotech.app/public_html/server/routes/ drwxr-xr-x | |
| Viewing file: Select action/file-type: import express from 'express';
import { User, Activity } from '../models/index.js';
import { auth, authorize } from '../middleware/auth.js';
import upload from '../middleware/upload.js';
import fs from 'fs';
import path from 'path';
import { fileURLToPath } from 'url';
import { Op } from 'sequelize';
import { userValidators } from '../middleware/validators.js';
import { maskSensitiveData, maskSensitiveDataArray } from '../utils/dataMasking.js';
const router = express.Router();
const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename);
// Get all users
router.get('/', auth, authorize(['user_management']), async (req, res) => {
try {
const firstUser = await User.findOne({
order: [['created_at', 'ASC']],
attributes: ['id'],
});
const users = await User.findAll({
attributes: { exclude: ['password'] },
order: [['created_at', 'DESC']],
where: {
id: { [Op.ne]: firstUser.id },
role: { [Op.ne]: 'renter' },
},
});
// Mask sensitive data based on user role
const maskedUsers = maskSensitiveDataArray(users.map(u => u.toJSON()), req.user.role);
res.json(maskedUsers);
} catch (error) {
console.error('Get users error:', error);
res.status(500).json({ message: 'Server error' });
}
});
// Create user
router.post('/', auth, authorize(['user_management']), userValidators.create, async (req, res) => {
try {
const { name, email, password, role, permissions, department, phone, building_id } = req.body;
const existingUser = await User.findOne({ where: { email } });
if (existingUser) {
return res.status(400).json({ message: 'User already exists' });
}
const user = await User.create({
name,
email,
password: password || '123456',
role,
permissions,
department,
phone,
building_id,
});
const userResponse = user.toJSON();
delete userResponse.password;
const activityData = {
model_id: user.id,
model_name: 'User',
description: `Staff #${user.name} created`,
};
const activity = await Activity.create(activityData);
res.status(201).json(userResponse);
} catch (error) {
console.error('Create user error:', error);
res.status(500).json({ message: 'Server error' });
}
});
const uploadFields = upload.fields([
{ name: 'avatar', maxCount: 1 },
]);
// Update user
router.put('/:id', uploadFields, auth, authorize(['user_management']), userValidators.update, async (req, res) => {
try {
const { id } = req.params;
// const updates = req.body;
const { name, email, password, phone, role, department, permissions, is_active, building_id } = req.body;
const user = await User.findByPk(id);
if (!user) {
return res.status(404).json({ message: 'User not found' });
}
if (req.files && req.files.avatar && req.files.avatar.length > 0) {
const file = req.files.avatar[0];
// Delete old avatar
if (user.avatar) {
const oldPath = path.join(__dirname, '../../uploads', user.avatar.replace('/uploads/', ''));
if (fs.existsSync(oldPath)) {
fs.unlinkSync(oldPath);
}
}
// updates.avatar = `/uploads/documents/${file.filename}`;
user.avatar = `/uploads/${file.filename}`;
}
user.name = name ?? user.name;
user.email = email ?? user.email;
user.phone = phone ?? user.phone;
user.role = role ?? user.role;
user.department = department ?? user.department;
user.permissions = permissions ?? user.permissions;
if (password) {
user.password = password
}
user.is_active = is_active ?? user.is_active;
user.building_id = building_id ?? user.building_id;
await user.save();
// await user.update(updates);
const userResponse = user.toJSON();
delete userResponse.password;
const activityData = {
model_id: user.id,
model_name: 'User',
description: `Staff #${user.name} updated`,
};
const activity = await Activity.create(activityData);
res.json(userResponse);
} catch (error) {
console.error('Update user error:', error);
res.status(500).json({ message: 'Server error' });
}
});
// Delete user
router.delete('/:id', auth, authorize(['user_management']), userValidators.delete, async (req, res) => {
try {
const { id } = req.params;
if (id === req.user.id) {
return res.status(400).json({ message: 'Cannot delete your own account' });
}
const user = await User.findByPk(id);
if (!user) {
return res.status(404).json({ message: 'User not found' });
}
const activityData = {
model_id: user.id,
model_name: 'User',
description: `Staff #${user.name} deleted`,
};
const activity = await Activity.create(activityData);
await user.destroy();
res.json({ message: 'User deleted successfully' });
} catch (error) {
console.error('Delete user error:', error);
res.status(500).json({ message: 'Server error' });
}
});
// Toggle user status
router.patch('/:id/toggle-status', auth, authorize(['user_management']), async (req, res) => {
try {
const { id } = req.params;
const user = await User.findByPk(id);
if (!user) {
return res.status(404).json({ message: 'User not found' });
}
await user.update({ is_active: !user.is_active });
const userResponse = user.toJSON();
delete userResponse.password;
res.json(userResponse);
} catch (error) {
console.error('Toggle user status error:', error);
res.status(500).json({ message: 'Server error' });
}
});
router.get('/activity', async (req, res) => {
try {
const activity = await Activity.findAll({
order: [['created_at', 'DESC']],
});
res.json(activity);
} catch (err) {
console.error('Fetch activity error:', err);
res.status(500).json({ error: 'Failed to fetch activity' });
}
});
export default router; |
:: Command execute :: | |
--[ c99shell v. 2.5 [PHP 8 Update] [24.05.2025] | Generation time: 0.0034 ]-- |