feat: Add user management page, including client-side logic, new server routes for database and file operations, and shared UI components.

pphatdev · pphatdev · commit a260bd509e5f · 2026-02-21T10:52:27.000+07:00
diff --git a/src/server/routes/database.ts b/src/server/routes/database.ts
@@ -1,14 +1,15 @@
 import express, { Request, Response } from 'express';
 import { sendSuccess } from '../utils/response.js';
 import { Database } from '../utils/database.js';
+import { jwtAuthMiddleware, requireRoles } from '../middlewares/auth.js';
 
 const router = express.Router();
 
 /**
  * Get all files from database
  * @method GET /api/database/files
  */
-router.get('/files', async (req: Request, res: Response) => {
+router.get('/files', jwtAuthMiddleware, async (req: Request, res: Response) => {
     try {
         const files = await Database.getAllFiles();
         sendSuccess(res, files, 'Files retrieved from database', 200);
@@ -21,7 +22,7 @@ router.get('/files', async (req: Request, res: Response) => {
  * Get database statistics
  * @method GET /api/database/stats
  */
-router.get('/stats', async (req: Request, res: Response) => {
+router.get('/stats', jwtAuthMiddleware, async (req: Request, res: Response) => {
     try {
         const stats = await Database.getStats();
         sendSuccess(res, stats, 'Database statistics retrieved', 200);
@@ -34,7 +35,7 @@ router.get('/stats', async (req: Request, res: Response) => {
  * Search files in database
  * @method GET /api/database/search?q=query&type=type
  */
-router.get('/search', async (req: Request, res: Response) => {
+router.get('/search', jwtAuthMiddleware, async (req: Request, res: Response) => {
     try {
         const { q, type } = req.query;
         if (!q) {
@@ -52,7 +53,7 @@ router.get('/search', async (req: Request, res: Response) => {
  * Backup database
  * @method POST /api/database/backup
  */
-router.post('/backup', async (req: Request, res: Response) => {
+router.post('/backup', jwtAuthMiddleware, requireRoles('admin'), async (req: Request, res: Response) => {
     try {
         const backupPath = await Database.backup();
         sendSuccess(res, { backupPath }, 'Database backed up successfully', 200);
diff --git a/src/server/routes/file.ts b/src/server/routes/file.ts
@@ -2,7 +2,7 @@ import express, { Request, Response } from 'express';
 import { FilesController, uploadFiles } from '../controllers/files.controller.js';
 import { PreviewController } from '../controllers/preview.controller.js';
 import { fileUploadRateLimiter } from '../middlewares/rate-limit.js';
-import { jwtAuthMiddleware } from '../middlewares/auth.js';
+import { jwtAuthMiddleware, requireRoles } from '../middlewares/auth.js';
 
 const router = express.Router();
 
@@ -75,28 +75,28 @@ router.post('/upload', jwtAuthMiddleware, fileUploadRateLimiter, (req, res) => {
  * - q: Name of the file to search
  * - type: {image, office} Type of files to search (optional)
  */
-router.get('/search', FilesController.searchFileByName);
+router.get('/search', jwtAuthMiddleware, FilesController.searchFileByName);
 
 /**
  * Move file to directory endpoint
  *
  * @method PUT /api/file/move/:filename
  */
-router.put('/move/:filename', FilesController.moveFileToDir);
+router.put('/move/:filename', jwtAuthMiddleware, requireRoles('admin', 'user'), FilesController.moveFileToDir);
 
 /**
  * File delete endpoint
  *
  * @method DELETE /api/file/delete/:filename
 */
-router.delete('/delete/:filename', FilesController.deleteFile);
+router.delete('/delete/:filename', jwtAuthMiddleware, requireRoles('admin', 'user'), FilesController.deleteFile);
 
 /**
  * File download endpoint
  *
  * @method GET /api/file/download/:filename
 */
-router.get('/download/:filename', FilesController.downloadFile);
+router.get('/download/:filename', jwtAuthMiddleware, FilesController.downloadFile);
 
 /**
  * File preview endpoint
