54 lines
1.6 KiB
JavaScript
54 lines
1.6 KiB
JavaScript
const express = require('express');
|
|
const router = express.Router();
|
|
const bcrypt = require('bcryptjs');
|
|
const { getUsers, saveUsers } = require('../services/users');
|
|
|
|
// GET /api/users — liste sans mot de passe
|
|
router.get('/', (req, res) => {
|
|
const users = getUsers().map(({ password, ...u }) => u);
|
|
res.json(users);
|
|
});
|
|
|
|
// POST /api/users — créer un utilisateur
|
|
router.post('/', async (req, res) => {
|
|
const { username, password, role = 'user', region = 'all' } = req.body || {};
|
|
|
|
if (!username || !password) {
|
|
return res.status(400).json({ error: 'username et password requis' });
|
|
}
|
|
|
|
const users = getUsers();
|
|
if (users.find(u => u.username === username)) {
|
|
return res.status(409).json({ error: 'Identifiant déjà utilisé' });
|
|
}
|
|
|
|
const id = Math.max(0, ...users.map(u => u.id || 0)) + 1;
|
|
const hash = await bcrypt.hash(password, 10);
|
|
const newUser = { id, username, password: hash, role, region };
|
|
|
|
users.push(newUser);
|
|
saveUsers(users);
|
|
|
|
res.status(201).json({ id, username, role, region });
|
|
});
|
|
|
|
// DELETE /api/users/:id — supprimer un utilisateur
|
|
router.delete('/:id', (req, res) => {
|
|
const id = parseInt(req.params.id, 10);
|
|
const users = getUsers();
|
|
const idx = users.findIndex(u => u.id === id);
|
|
|
|
if (idx === -1) {
|
|
return res.status(404).json({ error: 'Utilisateur introuvable' });
|
|
}
|
|
if (users[idx].username === req.user.username) {
|
|
return res.status(400).json({ error: 'Impossible de supprimer son propre compte' });
|
|
}
|
|
|
|
users.splice(idx, 1);
|
|
saveUsers(users);
|
|
res.json({ ok: true });
|
|
});
|
|
|
|
module.exports = router;
|