const express = require('express'); const { getConnection, addUser, getUsers, getUser, getUserAccounts, addAccount, removeAccount, getUserCards, addCard, removeCard, setAccountBalance, getAccount } = require('../libs/mysql'); const { checkAuth } = require('../libs/middlewares'); const router = express.Router(); router.post('/', checkAuth, async (req, res) => { const user = req.user; if (!user.admin) { return res.status(403).json({ error: 'Permission denied' }); } const connection = await getConnection(); const users = await getUsers(connection); connection.end(); res.send(users ); }); router.post('/:id', checkAuth, async (req, res) => { const this_user = req.user; const { id } = req.params; if (!this_user.admin) { return res.status(403).json({ error: 'Permission denied' }); } const connection = await getConnection(); const user = await getUser(connection, id); connection.end(); if (!user[0]) { return res.status(404).send({ error: 'User not found' }); } res.send(user[0]); }); router.post('/:id/accounts', checkAuth, async (req, res) => { const this_user = req.user; const { id } = req.params; if (!this_user.admin) { return res.status(403).json({ error: 'Permission denied' }); } const connection = await getConnection(); const user = await getUser(connection, id); if (!user[0]) { return res.status(404).send({ error: 'User not found' }); } const accounts = await getUserAccounts(connection, id); connection.end(); res.send(accounts); }); router.post('/:user_id/accounts/:account_id/delete', checkAuth, async (req, res) => { const this_user = req.user; const { user_id, account_id } = req.params; if (!this_user.admin) { return res.status(403).json({ error: 'Permission denied' }); } const connection = await getConnection(); const user = await getUser(connection, user_id); if (!user[0]) { return res.status(404).send({ error: 'User not found' }); } await removeAccount(connection, account_id); connection.end(); res.send({ message: 'Account removed' }); }); router.post('/:user_id/accounts/:account_id/add-balance', checkAuth, async (req, res) => { const this_user = req.user; const { user_id, account_id } = req.params; const { balance } = req.body; if (!this_user.admin) { return res.status(403).json({ error: 'Permission denied' }); } if (!balance) { return res.status(400).json({ error: 'Balance is required' }); } const connection = await getConnection(); const user = await getUser(connection, user_id); if (!user[0]) { return res.status(404).send({ error: 'User not found' }); } const account = await getAccount(connection, account_id); if (!account[0]) { return res.status(404).send({ error: 'Account not found' }); } await setAccountBalance(connection, account_id, account[0].balance + balance); connection.end(); res.send({ message: 'Balance added' }); }); router.post('/:id/create-account', checkAuth, async (req, res) => { const this_user = req.user; const { name } = req.body; const { id } = req.params; if (!this_user.admin) { return res.status(403).json({ error: 'Permission denied' }); } if (!name) { return res.status(400).json({ error: 'Name is required' }); } const connection = await getConnection(); const user = await getUser(connection, id); if (!user[0]) { return res.status(404).send({ error: 'User not found' }); } await addAccount(connection, id, name); connection.end(); res.send({ message: 'Account created' }); }); router.post('/:id/cards', checkAuth, async (req, res) => { const this_user = req.user; const { id } = req.params; if (!this_user.admin) { return res.status(403).json({ error: 'Permission denied' }); } const connection = await getConnection(); const user = await getUser(connection, id); if (!user[0]) { return res.status(404).send({ error: 'User not found' }); } const cards = await getUserCards(connection, id); connection.end(); res.send(cards); }); router.post('/:user_id/cards/:card_id/delete', checkAuth, async (req, res) => { const this_user = req.user; const { user_id, card_id } = req.params; if (!this_user.admin) { return res.status(403).json({ error: 'Permission denied' }); } const connection = await getConnection(); const user = await getUser(connection, user_id); if (!user[0]) { return res.status(404).send({ error: 'User not found' }); } await removeCard(connection, card_id); connection.end(); res.send({ message: 'Card removed' }); }); router.post('/:user_id/create-card', checkAuth, async (req, res) => { const this_user = req.user; const { user_id } = req.params; const { account_id } = req.body; if (!this_user.admin) { return res.status(403).json({ error: 'Permission denied' }); } const connection = await getConnection(); const user = await getUser(connection, user_id); if (!user[0]) { return res.status(404).send({ error: 'User not found' }); } const numero = Math.floor(Math.random() * 1000000000); const expiration = new Date(); expiration.setFullYear(expiration.getFullYear() + 5); const expirationString = `${expiration.getMonth() + 1}/${expiration.getFullYear() % 100}`; const cvc = Math.floor(Math.random() * 1000); await addCard(connection, account_id, numero, expirationString, cvc); connection.end(); res.send({ message: 'Card created' }); }); router.post('/add', checkAuth, async (req, res) => { const user = req.user; const { name, lastname, email, numero, password } = req.body; if (!name || !lastname || !email || !numero || !password) { return res.status(400).json({ error: 'All fields are required' }); } if (!user.admin) { return res.status(403).json({ error: 'Permission denied' }); } const connection = await getConnection(); await addUser(connection, name, lastname, email, numero, password) connection.end(); return res.status(201).json({ message: 'User added' }); }); module.exports = router;