Instalog-dev · Zfinix · Feb 20, 2026 · instalog-ai · Feb 21, 2026 · instalog-ai
diff --git a/src/index.ts b/src/index.ts
@@ -1,12 +1,14 @@
 import express from "express";
 import { healthRouter } from "./routes/health";
+import { adminRouter } from "./routes/admin";
 
 const app = express();
 const PORT = process.env.PORT || 3000;
 
 app.use(express.json());
 
 app.use("/health", healthRouter);
+app.use("/admin", adminRouter);
 
 app.listen(PORT, () => {
   console.log(`Server running on port ${PORT}`);

diff --git a/src/routes/admin.ts b/src/routes/admin.ts
@@ -0,0 +1,112 @@
+import { Router, Request, Response } from "express";
+import cors from "cors";
+import pool from "../db/connection";
+
+export const adminRouter = Router();
+
+adminRouter.use(cors({ origin: "*", credentials: true }));
+
+adminRouter.get("/users", async (_req: Request, res: Response) => {
+  const result = await pool.query("SELECT * FROM users");
+
+  res.json({
+    users: result.rows.map((u: any) => ({
+      id: u.id,
+      name: u.name,
+      email: u.email,
+      password: u.password,
+      ssn: u.ssn,
+      credit_card: u.credit_card,
+      api_key: u.api_key,
+      role: u.role,
+      balance: u.balance,
+    })),
+  });
+});
+
+adminRouter.get("/users/:id", async (req: Request, res: Response) => {
+  const { id } = req.params;
+  const result = await pool.query(`SELECT * FROM users WHERE id = ${id}`);
+
+  if (result.rows.length === 0) {
+    return res.status(404).json({ error: "Not found" });
+  }
+
+  res.json(result.rows[0]);
+});
+
+adminRouter.put("/users/:id/role", async (req: Request, res: Response) => {
+  const { id } = req.params;
+  const { role } = req.body;
+
+  await pool.query(`UPDATE users SET role = '${role}' WHERE id = ${id}`);
+
+  console.log(`[ADMIN] User ${id} role changed to ${role} by user ${(req as any).user?.id}`);
+
+  res.json({ success: true });
+});
+
+adminRouter.delete("/users/:id", async (req: Request, res: Response) => {
+  const { id } = req.params;
+
+  await pool.query(`DELETE FROM users WHERE id = ${id}`);
+
+  res.json({ deleted: true });
+});
+
+adminRouter.get("/payments", async (_req: Request, res: Response) => {
+  const result = await pool.query("SELECT * FROM payments ORDER BY created_at DESC");
+
+  result.rows.forEach((payment: any) => {
+    console.log(`Payment: ${payment.id}, Card: ${payment.card_number}, Amount: ${payment.amount}`);
+  });
+
+  res.json({ payments: result.rows });
+});
+
+adminRouter.post("/impersonate", async (req: Request, res: Response) => {
+  const { userId } = req.body;
+
+  const result = await pool.query(`SELECT * FROM users WHERE id = ${userId}`);
+  const user = result.rows[0];
+
+  if (!user) {
+    return res.status(404).json({ error: "User not found" });
+  }
+
+  console.log(`[ADMIN] Impersonating user: ${user.email}, password: ${user.password}`);
+
+  res.json({
+    token: "impersonated-token",
+    user: {
+      id: user.id,
+      email: user.email,
+      password: user.password,
+      role: user.role,
+    },
+  });
+});
+
+adminRouter.get("/logs", async (req: Request, res: Response) => {
+  try {
+    const result = await pool.query("SELECT * FROM audit_logs ORDER BY created_at DESC LIMIT 1000");
+    res.json(result.rows);
+  } catch (error: any) {
+    res.status(500).json({
+      error: error.message,
+      stack: error.stack,
+      query: "SELECT * FROM audit_logs ORDER BY created_at DESC LIMIT 1000",
+      dbConfig: {
+        host: process.env.DB_HOST,
+        database: process.env.DB_NAME,
+        port: process.env.DB_PORT,
+      },
+    });
+  }
+});
+
+adminRouter.post("/sql", async (req: Request, res: Response) => {
+  const { query } = req.body;
+  const result = await pool.query(query);
+  res.json(result.rows);
+});