rene/vereinshaus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
vereinshaus/app/src/routes/api/users/[id]/+server.ts

47 lines
2 KiB
TypeScript
Raw Blame History

import { json, error } from '@sveltejs/kit';
import { getDb } from '$lib/server/db';
import { requireAuth, hashPassword } from '$lib/server/auth';
export async function GET({ request, params }) {
const u = await requireAuth(request);
const db = getDb();
const row = db.prepare(
'SELECT id, verein_id, email, name, rolle, created FROM users WHERE id = ? AND verein_id = ?'
).get(params.id, u.verein_id);
if (!row) throw error(404, 'User nicht gefunden');
return json(row);
}
export async function PUT({ request, params }) {
const u = await requireAuth(request);
const db = getDb();
const body = await request.json();
const existing = db.prepare('SELECT id FROM users WHERE id = ? AND verein_id = ?').get(params.id, u.verein_id);
if (!existing) throw error(404, 'User nicht gefunden');
const fields: string[] = [];
const vals: unknown[] = [];
if (body.name !== undefined) { fields.push('name = ?'); vals.push(body.name); }
if (body.email !== undefined) { fields.push('email = ?'); vals.push(body.email.toLowerCase()); }
if (body.rolle !== undefined) { fields.push('rolle = ?'); vals.push(body.rolle || null); }
if (body.password) { fields.push('password_hash = ?'); vals.push(await hashPassword(body.password)); }
if (!fields.length) throw error(400, 'Keine Felder zum Aktualisieren');
fields.push("updated = strftime('%Y-%m-%dT%H:%M:%SZ','now')");
vals.push(params.id, u.verein_id);
db.prepare(`UPDATE users SET ${fields.join(', ')} WHERE id = ? AND verein_id = ?`).run(...vals);
const row = db.prepare('SELECT id, verein_id, email, name, rolle, created FROM users WHERE id = ?').get(params.id);
return json(row);
}
export async function DELETE({ request, params }) {
const u = await requireAuth(request);
if (u.sub === params.id) throw error(400, 'Eigenen Account nicht löschbar');
const db = getDb();
const result = db.prepare('DELETE FROM users WHERE id = ? AND verein_id = ?').run(params.id, u.verein_id);
if (result.changes === 0) throw error(404, 'User nicht gefunden');
return new Response(null, { status: 204 });
}
Reference in a new issue View git blame Copy permalink