hammer/network-app-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: admin system with invite-only registration

Browse Source
This commit is contained in:
Hammer
2026-01-28 21:39:31 +00:00
parent c4990af6e4
commit c6d9f249ce
5 changed files with 283 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
src/routes/admin.ts Normal file
View File

@@ -0,0 +1,128 @@
import { Elysia, t } from 'elysia';
import { db } from '../db';
import { users, invites } from '../db/schema';
import { eq, desc } from 'drizzle-orm';
import { auth } from '../lib/auth';
import type { User } from '../lib/auth';
export const adminRoutes = new Elysia({ prefix: '/admin' })
// Admin guard — all routes in this group require admin role
.onBeforeHandle(({ user, set }: { user: User; set: any }) => {
if ((user as any).role !== 'admin') {
set.status = 403;
throw new Error('Forbidden: admin access required');
}
})
// List all users
.get('/users', async () => {
const allUsers = await db.select({
id: users.id,
name: users.name,
email: users.email,
role: users.role,
createdAt: users.createdAt,
})
.from(users)
.orderBy(desc(users.createdAt));
return allUsers;
})
// Update user role
.put('/users/:id/role', async ({ params, body, user, set }: {
params: { id: string };
body: { role: string };
user: User;
set: any;
}) => {
// Can't change own role
if (params.id === user.id) {
set.status = 400;
throw new Error('Cannot change your own role');
}
if (!['admin', 'user'].includes(body.role)) {
set.status = 400;
throw new Error('Invalid role');
}
const [updated] = await db.update(users)
.set({ role: body.role, updatedAt: new Date() })
.where(eq(users.id, params.id))
.returning({ id: users.id, role: users.role });
if (!updated) throw new Error('User not found');
return updated;
}, {
params: t.Object({ id: t.String() }),
body: t.Object({ role: t.String() }),
})
// Delete user
.delete('/users/:id', async ({ params, user, set }: {
params: { id: string };
user: User;
set: any;
}) => {
if (params.id === user.id) {
set.status = 400;
throw new Error('Cannot delete yourself');
}
const [deleted] = await db.delete(users)
.where(eq(users.id, params.id))
.returning({ id: users.id });
if (!deleted) throw new Error('User not found');
return { success: true, id: deleted.id };
}, {
params: t.Object({ id: t.String() }),
})
// Create invite
.post('/invites', async ({ body, user }: { body: { email: string; name: string; role?: string }; user: User }) => {
const token = crypto.randomUUID();
const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000); // 7 days
const [invite] = await db.insert(invites).values({
email: body.email,
name: body.name,
role: body.role || 'user',
token,
invitedBy: user.id,
status: 'pending',
expiresAt,
}).returning();
const appUrl = process.env.APP_URL || 'https://thenetwork.donovankelly.xyz';
const setupUrl = `${appUrl}/invite/${token}`;
return { ...invite, setupUrl };
}, {
body: t.Object({
email: t.String({ format: 'email' }),
name: t.String({ minLength: 1 }),
role: t.Optional(t.String()),
}),
})
// List invites
.get('/invites', async () => {
const allInvites = await db.select()
.from(invites)
.orderBy(desc(invites.createdAt));
return allInvites;
})
// Revoke invite
.delete('/invites/:id', async ({ params }: { params: { id: string } }) => {
const [deleted] = await db.delete(invites)
.where(eq(invites.id, params.id))
.returning({ id: invites.id });
if (!deleted) throw new Error('Invite not found');
return { success: true, id: deleted.id };
}, {
params: t.Object({ id: t.String() }),
});

106
src/routes/invite.ts Normal file
View File

@@ -0,0 +1,106 @@
import { Elysia, t } from 'elysia';
import { db } from '../db';
import { invites, users } from '../db/schema';
import { eq, and } from 'drizzle-orm';
import { auth } from '../lib/auth';
export const inviteRoutes = new Elysia({ prefix: '/auth/invite' })
// Validate invite token (public - no auth required)
.get('/:token', async ({ params, set }: { params: { token: string }; set: any }) => {
const [invite] = await db.select()
.from(invites)
.where(and(eq(invites.token, params.token), eq(invites.status, 'pending')))
.limit(1);
if (!invite) {
set.status = 404;
throw new Error('Invite not found or already used');
}
if (new Date() > invite.expiresAt) {
// Mark as expired
await db.update(invites)
.set({ status: 'expired' })
.where(eq(invites.id, invite.id));
set.status = 410;
throw new Error('Invite has expired');
}
return {
id: invite.id,
email: invite.email,
name: invite.name,
role: invite.role,
expiresAt: invite.expiresAt,
};
}, {
params: t.Object({ token: t.String() }),
})
// Accept invite (public - no auth required)
.post('/:token/accept', async ({ params, body, set }: {
params: { token: string };
body: { password: string; name?: string };
set: any;
}) => {
const [invite] = await db.select()
.from(invites)
.where(and(eq(invites.token, params.token), eq(invites.status, 'pending')))
.limit(1);
if (!invite) {
set.status = 404;
throw new Error('Invite not found or already used');
}
if (new Date() > invite.expiresAt) {
await db.update(invites)
.set({ status: 'expired' })
.where(eq(invites.id, invite.id));
set.status = 410;
throw new Error('Invite has expired');
}
// Create user via Better Auth's sign-up
try {
const signUpResult = await auth.api.signUpEmail({
body: {
email: invite.email,
password: body.password,
name: body.name || invite.name,
},
});
// Set the user's role from the invite
if (signUpResult?.user?.id) {
await db.update(users)
.set({ role: invite.role })
.where(eq(users.id, signUpResult.user.id));
}
// Mark invite as accepted
await db.update(invites)
.set({ status: 'accepted' })
.where(eq(invites.id, invite.id));
return {
success: true,
user: {
id: signUpResult.user.id,
email: signUpResult.user.email,
name: signUpResult.user.name,
role: invite.role,
},
token: signUpResult.token,
};
} catch (error: any) {
set.status = 400;
throw new Error(error.message || 'Failed to create account');
}
}, {
params: t.Object({ token: t.String() }),
body: t.Object({
password: t.String({ minLength: 8 }),
name: t.Optional(t.String()),
}),
});