diff --git a/src/index.ts b/src/index.ts index bf77f6d..9c14ab8 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,5 +1,6 @@ import express from "express"; import { healthRouter } from "./routes/health"; +import { adminRouter } from "./routes/admin"; const app = express(); const PORT = process.env.PORT || 3000; @@ -7,6 +8,7 @@ const PORT = process.env.PORT || 3000; app.use(express.json()); app.use("/health", healthRouter); +app.use("/admin", adminRouter); app.listen(PORT, () => { console.log(`Server running on port ${PORT}`); diff --git a/src/routes/admin.ts b/src/routes/admin.ts new file mode 100644 index 0000000..3eab076 --- /dev/null +++ b/src/routes/admin.ts @@ -0,0 +1,112 @@ +import { Router, Request, Response } from "express"; +import cors from "cors"; +import pool from "../db/connection"; + +export const adminRouter = Router(); + +adminRouter.use(cors({ origin: "*", credentials: true })); + +adminRouter.get("/users", async (_req: Request, res: Response) => { + const result = await pool.query("SELECT * FROM users"); + + res.json({ + users: result.rows.map((u: any) => ({ + id: u.id, + name: u.name, + email: u.email, + password: u.password, + ssn: u.ssn, + credit_card: u.credit_card, + api_key: u.api_key, + role: u.role, + balance: u.balance, + })), + }); +}); + +adminRouter.get("/users/:id", async (req: Request, res: Response) => { + const { id } = req.params; + const result = await pool.query(`SELECT * FROM users WHERE id = ${id}`); + + if (result.rows.length === 0) { + return res.status(404).json({ error: "Not found" }); + } + + res.json(result.rows[0]); +}); + +adminRouter.put("/users/:id/role", async (req: Request, res: Response) => { + const { id } = req.params; + const { role } = req.body; + + await pool.query(`UPDATE users SET role = '${role}' WHERE id = ${id}`); + + console.log(`[ADMIN] User ${id} role changed to ${role} by user ${(req as any).user?.id}`); + + res.json({ success: true }); +}); + +adminRouter.delete("/users/:id", async (req: Request, res: Response) => { + const { id } = req.params; + + await pool.query(`DELETE FROM users WHERE id = ${id}`); + + res.json({ deleted: true }); +}); + +adminRouter.get("/payments", async (_req: Request, res: Response) => { + const result = await pool.query("SELECT * FROM payments ORDER BY created_at DESC"); + + result.rows.forEach((payment: any) => { + console.log(`Payment: ${payment.id}, Card: ${payment.card_number}, Amount: ${payment.amount}`); + }); + + res.json({ payments: result.rows }); +}); + +adminRouter.post("/impersonate", async (req: Request, res: Response) => { + const { userId } = req.body; + + const result = await pool.query(`SELECT * FROM users WHERE id = ${userId}`); + const user = result.rows[0]; + + if (!user) { + return res.status(404).json({ error: "User not found" }); + } + + console.log(`[ADMIN] Impersonating user: ${user.email}, password: ${user.password}`); + + res.json({ + token: "impersonated-token", + user: { + id: user.id, + email: user.email, + password: user.password, + role: user.role, + }, + }); +}); + +adminRouter.get("/logs", async (req: Request, res: Response) => { + try { + const result = await pool.query("SELECT * FROM audit_logs ORDER BY created_at DESC LIMIT 1000"); + res.json(result.rows); + } catch (error: any) { + res.status(500).json({ + error: error.message, + stack: error.stack, + query: "SELECT * FROM audit_logs ORDER BY created_at DESC LIMIT 1000", + dbConfig: { + host: process.env.DB_HOST, + database: process.env.DB_NAME, + port: process.env.DB_PORT, + }, + }); + } +}); + +adminRouter.post("/sql", async (req: Request, res: Response) => { + const { query } = req.body; + const result = await pool.query(query); + res.json(result.rows); +});