From 44e7e3c37f8d25932bffcd84304c369b4ec3ab54 Mon Sep 17 00:00:00 2001 From: Lukian Date: Thu, 26 Jun 2025 17:14:08 +0200 Subject: [PATCH] add: added password changer into admin zone on user page --- back/api/users.js | 29 ++++++++++++++++++++++++++++ front/src/pages/UserPage.tsx | 37 +++++++++++++++++++++++++++++++----- 2 files changed, 61 insertions(+), 5 deletions(-) diff --git a/back/api/users.js b/back/api/users.js index 2c01125..4af731e 100644 --- a/back/api/users.js +++ b/back/api/users.js @@ -7,6 +7,7 @@ const { getMentions, deleteUser, setUserPfp, + setUserPassword, getMessageAttachments, getUnusedAttachments, deleteUnusedAttachments, @@ -14,6 +15,7 @@ const { } = require('../libs/mysql'); const { checkAuth } = require("../libs/middlewares") const path = require('path'); +const sha256 = require("sha256"); const fs = require('node:fs'); const router = express.Router(); @@ -160,4 +162,31 @@ router.post('/:username/deletepfp', checkAuth, async (req, res) => { res.send({ message: 'User pfp deleted' }); }); +router.post('/:username/setpassword', checkAuth, async (req, res) => { + const username = req.params.username; + const { password } = req.body; + const user = req.user; + + if (user.admin !== 1) { + return res.status(401).send({ error: 'Unauthorized' }); + } + + if (!password) { + return res.status(400).send({ error: 'Invalid password' }); + } + + const connection = await getConnection(); + const userToUpdate = await getUserByUsername(connection, username); + + if (!userToUpdate[0]) { + connection.end(); + return res.status(400).send({ error: 'No user found' }); + } + + await setUserPassword(connection, userToUpdate[0].id, sha256(password)); + connection.end(); + + res.send({ message: 'User password updated' }); +}); + module.exports = router; \ No newline at end of file diff --git a/front/src/pages/UserPage.tsx b/front/src/pages/UserPage.tsx index 58c57e1..ee73a53 100644 --- a/front/src/pages/UserPage.tsx +++ b/front/src/pages/UserPage.tsx @@ -15,6 +15,7 @@ export default function UserPage({socket}: {socket: WebSocket}) { const [user, setUser] = useState(); const [noUser, setNoUser] = useState(false); const [token, setToken] = useState(""); + const [password, setPassword] = useState(""); function deleteUser() { if (!window.confirm(`Are you sure you want to delete ${pageUser?.username}?`)) { @@ -44,6 +45,21 @@ export default function UserPage({socket}: {socket: WebSocket}) { }); } + function setUserPassword(e: React.FormEvent) { + e.preventDefault(); + if (!window.confirm("Are you sure you want to change this user's password?")) { + return; + } + axios + .post(`/api/users/${pageUser?.username}/setpassword`, { token, password }) + .then(() => { + setPassword(""); + }) + .catch((err) => { + console.error(err.response.data); + }); + } + useEffect(() => { const localToken = localStorage.getItem("token"); @@ -134,17 +150,28 @@ export default function UserPage({socket}: {socket: WebSocket}) { {pageUser.id === user?.id && ( Edit profile )} - {user?.admin == 1 && ( + + {user?.admin == 1 && ( +
+

Admin Actions

- )} - {user?.admin == 1 && ( - )} -
+
+ setPassword(e.target.value)} + placeholder="New password" + className="forum-input" + /> + +
+ + )}

Last messages