import { Router, Response } from 'express'; import { queryAll, queryOne, execute } from '../db'; import { authMiddleware, adminOnly, AuthRequest } from '../middleware/auth.js'; const router = Router(); // All routes require admin router.use(authMiddleware, adminOnly); // Get all users router.get('/users', (req: AuthRequest, res: Response) => { const users = queryAll( 'SELECT id, username, points, is_admin, created_at FROM users ORDER BY points DESC' ); res.json({ users }); }); // Delete any cat router.delete('/cats/:id', (req: AuthRequest, res: Response) => { const cat = queryOne('SELECT id FROM cats WHERE id = ?', [req.params.id]); if (!cat) { res.status(404).json({ error: 'Cat not found' }); return; } execute('DELETE FROM likes WHERE cat_id = ?', [req.params.id]); execute('DELETE FROM cats WHERE id = ?', [req.params.id]); res.json({ ok: true }); }); // Ban user (delete their cats and likes) router.delete('/users/:id', (req: AuthRequest, res: Response) => { const userId = parseInt(req.params.id); const user = queryOne('SELECT id, username, is_admin FROM users WHERE id = ?', [userId]); if (!user) { res.status(404).json({ error: 'User not found' }); return; } if (user.is_admin) { res.status(400).json({ error: 'Cannot delete admin' }); return; } execute('DELETE FROM likes WHERE cat_id IN (SELECT id FROM cats WHERE user_id = ?)', [userId]); execute('DELETE FROM cats WHERE user_id = ?', [userId]); execute('DELETE FROM users WHERE id = ?', [userId]); res.json({ ok: true }); }); export default router;