add: added password changer into admin zone on user page

2025-06-26 17:14:08 +02:00 · 2025-06-26 17:14:08 +02:00 · 44e7e3c37f
commit 44e7e3c37f
parent ca9642ec27
2 changed files with 61 additions and 5 deletions
--- a/back/api/users.js
+++ b/back/api/users.js
@ -7,6 +7,7 @@ const {
    getMentions,
    deleteUser,
    setUserPfp,
+    setUserPassword,
    getMessageAttachments,
    getUnusedAttachments,
    deleteUnusedAttachments,
@ -14,6 +15,7 @@ const {
 } = require('../libs/mysql');
 const { checkAuth } = require("../libs/middlewares")
 const path = require('path');
+const sha256 = require("sha256");
 const fs = require('node:fs');

 const router = express.Router();
@ -160,4 +162,31 @@ router.post('/:username/deletepfp', checkAuth, async (req, res) => {
    res.send({ message: 'User pfp deleted' });
 });

+router.post('/:username/setpassword', checkAuth, async (req, res) => {
+    const username = req.params.username;
+    const { password } = req.body;
+    const user = req.user;
+
+    if (user.admin !== 1) {
+        return res.status(401).send({ error: 'Unauthorized' });
+    }
+
+    if (!password) {
+        return res.status(400).send({ error: 'Invalid password' });
+    }
+
+    const connection = await getConnection();
+    const userToUpdate = await getUserByUsername(connection, username);
+
+    if (!userToUpdate[0]) {
+        connection.end();
+        return res.status(400).send({ error: 'No user found' });
+    }
+
+    await setUserPassword(connection, userToUpdate[0].id, sha256(password));
+    connection.end();
+
+    res.send({ message: 'User password updated' });
+});
+
 module.exports = router;