105 lines
3.0 KiB
JavaScript
105 lines
3.0 KiB
JavaScript
const { User } = require('../models');
|
|
|
|
exports.getAllUsers = async (req, res) => {
|
|
try {
|
|
const users = await User.findAll({
|
|
order: [['name', 'ASC']],
|
|
attributes: ['id', 'name', 'email', 'active', 'created_at'] // Passwort ausschließen
|
|
});
|
|
res.status(200).json(users);
|
|
} catch (error) {
|
|
console.error('Error fetching users:', error);
|
|
res.status(500).json({ message: 'Error fetching users' });
|
|
}
|
|
};
|
|
|
|
exports.getUserById = async (req, res) => {
|
|
try {
|
|
const user = await User.findByPk(req.params.id, {
|
|
attributes: ['id', 'name', 'email', 'active', 'created_at'] // Passwort ausschließen
|
|
});
|
|
if (user) {
|
|
res.status(200).json(user);
|
|
} else {
|
|
res.status(404).json({ message: 'User not found' });
|
|
}
|
|
} catch (error) {
|
|
console.error('Error fetching user:', error);
|
|
res.status(500).json({ message: 'Error fetching user' });
|
|
}
|
|
};
|
|
|
|
exports.createUser = async (req, res) => {
|
|
try {
|
|
const user = await User.create(req.body);
|
|
|
|
// Sichere User-Daten zurückgeben (ohne Passwort)
|
|
const safeUser = {
|
|
id: user.id,
|
|
name: user.name,
|
|
email: user.email,
|
|
active: user.active,
|
|
created_at: user.created_at
|
|
};
|
|
|
|
res.status(201).json(safeUser);
|
|
} catch (error) {
|
|
console.error('Error creating user:', error);
|
|
res.status(500).json({ message: 'Error creating user' });
|
|
}
|
|
};
|
|
|
|
exports.updateUser = async (req, res) => {
|
|
try {
|
|
const user = await User.findByPk(req.params.id);
|
|
if (user) {
|
|
// Erstelle eine Kopie der Request-Daten ohne sensible Felder
|
|
const updateData = { ...req.body };
|
|
|
|
// Entferne sensible Felder, die niemals über diese Route geändert werden dürfen
|
|
delete updateData.password;
|
|
delete updateData.id;
|
|
delete updateData.created_at;
|
|
|
|
// Setze updated_at auf aktuelle Zeit
|
|
updateData.updated_at = new Date();
|
|
|
|
// Logging für Debugging
|
|
console.log('Updating user:', req.params.id, 'with data:', updateData);
|
|
|
|
await user.update(updateData);
|
|
|
|
// Sichere User-Daten zurückgeben (ohne Passwort)
|
|
const safeUser = {
|
|
id: user.id,
|
|
name: user.name,
|
|
email: user.email,
|
|
active: user.active,
|
|
created_at: user.created_at
|
|
};
|
|
|
|
res.status(200).json(safeUser);
|
|
} else {
|
|
res.status(404).json({ message: 'User not found' });
|
|
}
|
|
} catch (error) {
|
|
console.error('Error updating user:', error);
|
|
res.status(500).json({ message: 'Error updating user' });
|
|
}
|
|
};
|
|
|
|
exports.deleteUser = async (req, res) => {
|
|
try {
|
|
const user = await User.findByPk(req.params.id);
|
|
if (user) {
|
|
await user.destroy();
|
|
res.status(200).json({ message: 'User deleted successfully' });
|
|
} else {
|
|
res.status(404).json({ message: 'User not found' });
|
|
}
|
|
} catch (error) {
|
|
console.error('Error deleting user:', error);
|
|
res.status(500).json({ message: 'Error deleting user' });
|
|
}
|
|
};
|