···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
import { LitElement, html, css } from "lit";

     

       
2
       
+
       
import { customElement, property } from "lit/decorators.js";

     

       
3
       
+
       


     

       
4
       
+
       
export interface TableColumn {

     

       
5
       
+
       
	key: string;

     

       
6
       
+
       
	label: string;

     

       
7
       
+
       
	sortable?: boolean;

     

       
8
       
+
       
	render?: (value: unknown, row: unknown) => unknown;

     

       
9
       
+
       
}

     

       
10
       
+
       


     

       
11
       
+
       
@customElement("admin-data-table")

     

       
12
       
+
       
export class AdminDataTable extends LitElement {

     

       
13
       
+
       
	@property({ type: Array }) columns: TableColumn[] = [];

     

       
14
       
+
       
	@property({ type: Array }) data: unknown[] = [];

     

       
15
       
+
       
	@property({ type: String }) searchPlaceholder = "Search...";

     

       
16
       
+
       
	@property({ type: String }) emptyMessage = "No data available";

     

       
17
       
+
       
	@property({ type: Boolean}) loading = false;

     

       
18
       
+
       


     

       
19
       
+
       
	@property({ type: String }) private searchTerm = "";

     

       
20
       
+
       
	@property({ type: String }) private sortKey = "";

     

       
21
       
+
       
	@property({ type: String }) private sortDirection: "asc" | "desc" = "asc";

     

       
22
       
+
       


     

       
23
       
+
       
	static override styles = css`

     

       
24
       
+
       
    :host {

     

       
25
       
+
       
      display: block;

     

       
26
       
+
       
    }

     

       
27
       
+
       


     

       
28
       
+
       
    .controls {

     

       
29
       
+
       
      margin-bottom: 1rem;

     

       
30
       
+
       
      display: flex;

     

       
31
       
+
       
      gap: 1rem;

     

       
32
       
+
       
      align-items: center;

     

       
33
       
+
       
    }

     

       
34
       
+
       


     

       
35
       
+
       
    .search {

     

       
36
       
+
       
      flex: 1;

     

       
37
       
+
       
      max-width: 20rem;

     

       
38
       
+
       
      padding: 0.5rem 0.75rem;

     

       
39
       
+
       
      border: 2px solid var(--secondary);

     

       
40
       
+
       
      border-radius: 4px;

     

       
41
       
+
       
      font-size: 1rem;

     

       
42
       
+
       
      font-family: inherit;

     

       
43
       
+
       
      background: var(--background);

     

       
44
       
+
       
      color: var(--text);

     

       
45
       
+
       
    }

     

       
46
       
+
       


     

       
47
       
+
       
    .search:focus {

     

       
48
       
+
       
      outline: none;

     

       
49
       
+
       
      border-color: var(--primary);

     

       
50
       
+
       
    }

     

       
51
       
+
       


     

       
52
       
+
       
    table {

     

       
53
       
+
       
      width: 100%;

     

       
54
       
+
       
      border-collapse: collapse;

     

       
55
       
+
       
      background: var(--background);

     

       
56
       
+
       
      border: 2px solid var(--secondary);

     

       
57
       
+
       
      border-radius: 8px;

     

       
58
       
+
       
      overflow: hidden;

     

       
59
       
+
       
    }

     

       
60
       
+
       


     

       
61
       
+
       
    thead {

     

       
62
       
+
       
      background: var(--primary);

     

       
63
       
+
       
      color: white;

     

       
64
       
+
       
    }

     

       
65
       
+
       


     

       
66
       
+
       
    th {

     

       
67
       
+
       
      padding: 1rem;

     

       
68
       
+
       
      text-align: left;

     

       
69
       
+
       
      font-weight: 600;

     

       
70
       
+
       
      user-select: none;

     

       
71
       
+
       
    }

     

       
72
       
+
       


     

       
73
       
+
       
    th.sortable {

     

       
74
       
+
       
      cursor: pointer;

     

       
75
       
+
       
      position: relative;

     

       
76
       
+
       
    }

     

       
77
       
+
       


     

       
78
       
+
       
    th.sortable:hover {

     

       
79
       
+
       
      background: var(--gunmetal);

     

       
80
       
+
       
    }

     

       
81
       
+
       


     

       
82
       
+
       
    .sort-indicator {

     

       
83
       
+
       
      margin-left: 0.5rem;

     

       
84
       
+
       
      opacity: 0.6;

     

       
85
       
+
       
    }

     

       
86
       
+
       


     

       
87
       
+
       
    td {

     

       
88
       
+
       
      padding: 1rem;

     

       
89
       
+
       
      border-top: 1px solid var(--secondary);

     

       
90
       
+
       
      color: var(--text);

     

       
91
       
+
       
    }

     

       
92
       
+
       


     

       
93
       
+
       
    tbody tr {

     

       
94
       
+
       
      cursor: pointer;

     

       
95
       
+
       
    }

     

       
96
       
+
       


     

       
97
       
+
       
    tbody tr:hover {

     

       
98
       
+
       
      background: rgba(0, 0, 0, 0.02);

     

       
99
       
+
       
    }

     

       
100
       
+
       


     

       
101
       
+
       
    .empty-state, .loading {

     

       
102
       
+
       
      text-align: center;

     

       
103
       
+
       
      padding: 3rem;

     

       
104
       
+
       
      color: var(--text);

     

       
105
       
+
       
      opacity: 0.6;

     

       
106
       
+
       
    }

     

       
107
       
+
       
  `;

     

       
108
       
+
       


     

       
109
       
+
       
	private get filteredData() {

     

       
110
       
+
       
		let result = [...this.data];

     

       
111
       
+
       


     

       
112
       
+
       
		if (this.searchTerm) {

     

       
113
       
+
       
			const term = this.searchTerm.toLowerCase();

     

       
114
       
+
       
			result = result.filter((row) => {

     

       
115
       
+
       
				return this.columns.some((col) => {

     

       
116
       
+
       
					const value = (row as Record<string, unknown>)[col.key];

     

       
117
       
+
       
					return String(value).toLowerCase().includes(term);

     

       
118
       
+
       
				});

     

       
119
       
+
       
			});

     

       
120
       
+
       
		}

     

       
121
       
+
       


     

       
122
       
+
       
		if (this.sortKey) {

     

       
123
       
+
       
			result.sort((a, b) => {

     

       
124
       
+
       
				const aVal = (a as Record<string, unknown>)[this.sortKey];

     

       
125
       
+
       
				const bVal = (b as Record<string, unknown>)[this.sortKey];

     

       
126
       
+
       


     

       
127
       
+
       
				let comparison = 0;

     

       
128
       
+
       
				if (typeof aVal === "string" && typeof bVal === "string") {

     

       
129
       
+
       
					comparison = aVal.localeCompare(bVal);

     

       
130
       
+
       
				} else if (typeof aVal === "number" && typeof bVal === "number") {

     

       
131
       
+
       
					comparison = aVal - bVal;

     

       
132
       
+
       
				} else {

     

       
133
       
+
       
					const aStr = String(aVal);

     

       
134
       
+
       
					const bStr = String(bVal);

     

       
135
       
+
       
					comparison = aStr.localeCompare(bStr);

     

       
136
       
+
       
				}

     

       
137
       
+
       


     

       
138
       
+
       
				return this.sortDirection === "asc" ? comparison : -comparison;

     

       
139
       
+
       
			});

     

       
140
       
+
       
		}

     

       
141
       
+
       


     

       
142
       
+
       
		return result;

     

       
143
       
+
       
	}

     

       
144
       
+
       


     

       
145
       
+
       
	private handleSearch(e: Event) {

     

       
146
       
+
       
		this.searchTerm = (e.target as HTMLInputElement).value;

     

       
147
       
+
       
	}

     

       
148
       
+
       


     

       
149
       
+
       
	private handleSort(column: TableColumn) {

     

       
150
       
+
       
		if (!column.sortable) return;

     

       
151
       
+
       


     

       
152
       
+
       
		if (this.sortKey === column.key) {

     

       
153
       
+
       
			this.sortDirection = this.sortDirection === "asc" ? "desc" : "asc";

     

       
154
       
+
       
		} else {

     

       
155
       
+
       
			this.sortKey = column.key;

     

       
156
       
+
       
			this.sortDirection = "asc";

     

       
157
       
+
       
		}

     

       
158
       
+
       
	}

     

       
159
       
+
       


     

       
160
       
+
       
	private renderCell(column: TableColumn, row: unknown) {

     

       
161
       
+
       
		const value = (row as Record<string, unknown>)[column.key];

     

       
162
       
+
       
		if (column.render) {

     

       
163
       
+
       
			return column.render(value, row);

     

       
164
       
+
       
		}

     

       
165
       
+
       
		return value;

     

       
166
       
+
       
	}

     

       
167
       
+
       


     

       
168
       
+
       
	private handleRowClick(row: unknown) {

     

       
169
       
+
       
		this.dispatchEvent(

     

       
170
       
+
       
			new CustomEvent("row-click", {

     

       
171
       
+
       
				detail: row,

     

       
172
       
+
       
				bubbles: true,

     

       
173
       
+
       
				composed: true,

     

       
174
       
+
       
			}),

     

       
175
       
+
       
		);

     

       
176
       
+
       
	}

     

       
177
       
+
       


     

       
178
       
+
       
	override render() {

     

       
179
       
+
       
		if (this.loading) {

     

       
180
       
+
       
			return html`<div class="loading">Loading...</div>`;

     

       
181
       
+
       
		}

     

       
182
       
+
       


     

       
183
       
+
       
		const filtered = this.filteredData;

     

       
184
       
+
       


     

       
185
       
+
       
		return html`

     

       
186
       
+
       
      <div class="controls">

     

       
187
       
+
       
        <input

     

       
188
       
+
       
          type="text"

     

       
189
       
+
       
          class="search"

     

       
190
       
+
       
          placeholder=${this.searchPlaceholder}

     

       
191
       
+
       
          @input=${this.handleSearch}

     

       
192
       
+
       
          value=${this.searchTerm}

     

       
193
       
+
       
        />

     

       
194
       
+
       
      </div>

     

       
195
       
+
       


     

       
196
       
+
       
      ${

     

       
197
       
+
       
				filtered.length === 0

     

       
198
       
+
       
					? html`<div class="empty-state">${this.emptyMessage}</div>`

     

       
199
       
+
       
					: html`

     

       
200
       
+
       
          <table>

     

       
201
       
+
       
            <thead>

     

       
202
       
+
       
              <tr>

     

       
203
       
+
       
                ${this.columns.map(

     

       
204
       
+
       
									(col) => html`

     

       
205
       
+
       
                  <th

     

       
206
       
+
       
                    class=${col.sortable ? "sortable" : ""}

     

       
207
       
+
       
                    @click=${() => this.handleSort(col)}

     

       
208
       
+
       
                  >

     

       
209
       
+
       
                    ${col.label}

     

       
210
       
+
       
                    ${

     

       
211
       
+
       
											col.sortable && this.sortKey === col.key

     

       
212
       
+
       
												? html`<span class="sort-indicator">

     

       
213
       
+
       
                          ${this.sortDirection === "asc" ? "▲" : "▼"}

     

       
214
       
+
       
                        </span>`

     

       
215
       
+
       
												: ""

     

       
216
       
+
       
										}

     

       
217
       
+
       
                  </th>

     

       
218
       
+
       
                `,

     

       
219
       
+
       
								)}

     

       
220
       
+
       
              </tr>

     

       
221
       
+
       
            </thead>

     

       
222
       
+
       
            <tbody>

     

       
223
       
+
       
              ${filtered.map(

     

       
224
       
+
       
								(row) => html`

     

       
225
       
+
       
                <tr @click=${() => this.handleRowClick(row)}>

     

       
226
       
+
       
                  ${this.columns.map(

     

       
227
       
+
       
										(col) => html`<td>${this.renderCell(col, row)}</td>`,

     

       
228
       
+
       
									)}

     

       
229
       
+
       
                </tr>

     

       
230
       
+
       
              `,

     

       
231
       
+
       
							)}

     

       
232
       
+
       
            </tbody>

     

       
233
       
+
       
          </table>

     

       
234
       
+
       
        `

     

       
235
       
+
       
			}

     

       
236
       
+
       
    `;

     

       
237
       
+
       
	}

     

       
238
       
+
       
}

     

       
239
       
+
       


     

       
240
       
+
       
declare global {

     

       
241
       
+
       
	interface HTMLElementTagNameMap {

     

       
242
       
+
       
		"admin-data-table": AdminDataTable;

     

       
243
       
+
       
	}

     

       
244
       
+
       
}

     

···

       
138
       
 
       
      CREATE INDEX IF NOT EXISTS idx_users_role ON users(role);

     

       
139
       
 
       
    `,

     

       
140
       
 
       
	},

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
141
       
 
       
];

     

       
142
       
 
       


     

       
143
       
 
       
function getCurrentVersion(): number {

     

···

       
138
       
 
       
      CREATE INDEX IF NOT EXISTS idx_users_role ON users(role);

     

       
139
       
 
       
    `,

     

       
140
       
 
       
	},

     

       
141
       
+
       
	{

     

       
142
       
+
       
		version: 8,

     

       
143
       
+
       
		name: "Add last_login to users",

     

       
144
       
+
       
		sql: `

     

       
145
       
+
       
      ALTER TABLE users ADD COLUMN last_login INTEGER;

     

       
146
       
+
       
      CREATE INDEX IF NOT EXISTS idx_users_last_login ON users(last_login);

     

       
147
       
+
       
    `,

     

       
148
       
+
       
	},

     

       
149
       
 
       
];

     

       
150
       
 
       


     

       
151
       
 
       
function getCurrentVersion(): number {

     

···

       
4
       
 
       
	cleanupExpiredSessions,

     

       
5
       
 
       
	createSession,

     

       
6
       
 
       
	createUser,

     

       
0
       
 
       

     

       
7
       
 
       
	deleteSession,

     

       
0
       
 
       

     

       
8
       
 
       
	deleteTranscription,

     

       
9
       
 
       
	deleteUser,

     

       
10
       
 
       
	getAllTranscriptions,

     

       
11
       
 
       
	getAllUsers,

     

       
0
       
 
       

     

       
12
       
 
       
	getSession,

     

       
13
       
 
       
	getSessionFromRequest,

     

       
0
       
 
       

     

       
14
       
 
       
	getUserBySession,

     

       
15
       
 
       
	getUserSessionsForUser,

     

       
16
       
 
       
	updateUserAvatar,

     

       
17
       
 
       
	updateUserEmail,

     

       
0
       
 
       

     

       
18
       
 
       
	updateUserName,

     

       
19
       
 
       
	updateUserPassword,

     

       
20
       
 
       
	updateUserRole,

     
···

       
1001
       
 
       
			GET: async (req) => {

     

       
1002
       
 
       
				try {

     

       
1003
       
 
       
					requireAdmin(req);

     

       
1004
       
-
       
					const users = getAllUsers();

     

       
1005
       
 
       
					return Response.json(users);

     

       
1006
       
 
       
				} catch (error) {

     

       
1007
       
 
       
					return handleError(error);

     
···

       
1055
       
 
       
					}

     

       
1056
       
 
       


     

       
1057
       
 
       
					updateUserRole(userId, role);

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
1058
       
 
       
					return Response.json({ success: true });

     

       
1059
       
 
       
				} catch (error) {

     

       
1060
       
 
       
					return handleError(error);

     

···

       
4
       
 
       
	cleanupExpiredSessions,

     

       
5
       
 
       
	createSession,

     

       
6
       
 
       
	createUser,

     

       
7
       
+
       
	deleteAllUserSessions,

     

       
8
       
 
       
	deleteSession,

     

       
9
       
+
       
	deleteSessionById,

     

       
10
       
 
       
	deleteTranscription,

     

       
11
       
 
       
	deleteUser,

     

       
12
       
 
       
	getAllTranscriptions,

     

       
13
       
 
       
	getAllUsers,

     

       
14
       
+
       
	getAllUsersWithStats,

     

       
15
       
 
       
	getSession,

     

       
16
       
 
       
	getSessionFromRequest,

     

       
17
       
+
       
	getSessionsForUser,

     

       
18
       
 
       
	getUserBySession,

     

       
19
       
 
       
	getUserSessionsForUser,

     

       
20
       
 
       
	updateUserAvatar,

     

       
21
       
 
       
	updateUserEmail,

     

       
22
       
+
       
	updateUserEmailAddress,

     

       
23
       
 
       
	updateUserName,

     

       
24
       
 
       
	updateUserPassword,

     

       
25
       
 
       
	updateUserRole,

     
···

       
1006
       
 
       
			GET: async (req) => {

     

       
1007
       
 
       
				try {

     

       
1008
       
 
       
					requireAdmin(req);

     

       
1009
       
+
       
					const users = getAllUsersWithStats();

     

       
1010
       
 
       
					return Response.json(users);

     

       
1011
       
 
       
				} catch (error) {

     

       
1012
       
 
       
					return handleError(error);

     
···

       
1060
       
 
       
					}

     

       
1061
       
 
       


     

       
1062
       
 
       
					updateUserRole(userId, role);

     

       
1063
       
+
       
					return Response.json({ success: true });

     

       
1064
       
+
       
				} catch (error) {

     

       
1065
       
+
       
					return handleError(error);

     

       
1066
       
+
       
				}

     

       
1067
       
+
       
			},

     

       
1068
       
+
       
		},

     

       
1069
       
+
       
		"/api/admin/users/:id/details": {

     

       
1070
       
+
       
			GET: async (req) => {

     

       
1071
       
+
       
				try {

     

       
1072
       
+
       
					requireAdmin(req);

     

       
1073
       
+
       
					const userId = Number.parseInt(req.params.id, 10);

     

       
1074
       
+
       
					if (Number.isNaN(userId)) {

     

       
1075
       
+
       
						return Response.json({ error: "Invalid user ID" }, { status: 400 });

     

       
1076
       
+
       
					}

     

       
1077
       
+
       


     

       
1078
       
+
       
					const user = db

     

       
1079
       
+
       
						.query<

     

       
1080
       
+
       
							{

     

       
1081
       
+
       
								id: number;

     

       
1082
       
+
       
								email: string;

     

       
1083
       
+
       
								name: string | null;

     

       
1084
       
+
       
								avatar: string;

     

       
1085
       
+
       
								created_at: number;

     

       
1086
       
+
       
								role: UserRole;

     

       
1087
       
+
       
								password_hash: string | null;

     

       
1088
       
+
       
								last_login: number | null;

     

       
1089
       
+
       
							},

     

       
1090
       
+
       
							[number]

     

       
1091
       
+
       
						>(

     

       
1092
       
+
       
							"SELECT id, email, name, avatar, created_at, role, password_hash, last_login FROM users WHERE id = ?",

     

       
1093
       
+
       
						)

     

       
1094
       
+
       
						.get(userId);

     

       
1095
       
+
       


     

       
1096
       
+
       
					if (!user) {

     

       
1097
       
+
       
						return Response.json({ error: "User not found" }, { status: 404 });

     

       
1098
       
+
       
					}

     

       
1099
       
+
       


     

       
1100
       
+
       
					const passkeys = getPasskeysForUser(userId);

     

       
1101
       
+
       
					const sessions = getSessionsForUser(userId);

     

       
1102
       
+
       


     

       
1103
       
+
       
					// Get transcription count

     

       
1104
       
+
       
					const transcriptionCount = db

     

       
1105
       
+
       
						.query<{ count: number }, [number]>(

     

       
1106
       
+
       
							"SELECT COUNT(*) as count FROM transcriptions WHERE user_id = ?",

     

       
1107
       
+
       
						)

     

       
1108
       
+
       
						.get(userId)?.count ?? 0;

     

       
1109
       
+
       


     

       
1110
       
+
       
					return Response.json({

     

       
1111
       
+
       
						id: user.id,

     

       
1112
       
+
       
						email: user.email,

     

       
1113
       
+
       
						name: user.name,

     

       
1114
       
+
       
						avatar: user.avatar,

     

       
1115
       
+
       
						created_at: user.created_at,

     

       
1116
       
+
       
						role: user.role,

     

       
1117
       
+
       
						last_login: user.last_login,

     

       
1118
       
+
       
						hasPassword: !!user.password_hash,

     

       
1119
       
+
       
						transcriptionCount,

     

       
1120
       
+
       
						passkeys: passkeys.map((pk) => ({

     

       
1121
       
+
       
							id: pk.id,

     

       
1122
       
+
       
							name: pk.name,

     

       
1123
       
+
       
							created_at: pk.created_at,

     

       
1124
       
+
       
							last_used_at: pk.last_used_at,

     

       
1125
       
+
       
						})),

     

       
1126
       
+
       
						sessions: sessions.map((s) => ({

     

       
1127
       
+
       
							id: s.id,

     

       
1128
       
+
       
							ip_address: s.ip_address,

     

       
1129
       
+
       
							user_agent: s.user_agent,

     

       
1130
       
+
       
							created_at: s.created_at,

     

       
1131
       
+
       
							expires_at: s.expires_at,

     

       
1132
       
+
       
						})),

     

       
1133
       
+
       
					});

     

       
1134
       
+
       
				} catch (error) {

     

       
1135
       
+
       
					return handleError(error);

     

       
1136
       
+
       
				}

     

       
1137
       
+
       
			},

     

       
1138
       
+
       
		},

     

       
1139
       
+
       
		"/api/admin/users/:id/password": {

     

       
1140
       
+
       
			PUT: async (req) => {

     

       
1141
       
+
       
				try {

     

       
1142
       
+
       
					requireAdmin(req);

     

       
1143
       
+
       
					const userId = Number.parseInt(req.params.id, 10);

     

       
1144
       
+
       
					if (Number.isNaN(userId)) {

     

       
1145
       
+
       
						return Response.json({ error: "Invalid user ID" }, { status: 400 });

     

       
1146
       
+
       
					}

     

       
1147
       
+
       


     

       
1148
       
+
       
					const body = await req.json();

     

       
1149
       
+
       
					const { password } = body as { password: string };

     

       
1150
       
+
       


     

       
1151
       
+
       
					if (!password || password.length < 8) {

     

       
1152
       
+
       
						return Response.json(

     

       
1153
       
+
       
							{ error: "Password must be at least 8 characters" },

     

       
1154
       
+
       
							{ status: 400 },

     

       
1155
       
+
       
						);

     

       
1156
       
+
       
					}

     

       
1157
       
+
       


     

       
1158
       
+
       
					await updateUserPassword(userId, password);

     

       
1159
       
+
       
					return Response.json({ success: true });

     

       
1160
       
+
       
				} catch (error) {

     

       
1161
       
+
       
					return handleError(error);

     

       
1162
       
+
       
				}

     

       
1163
       
+
       
			},

     

       
1164
       
+
       
		},

     

       
1165
       
+
       
		"/api/admin/users/:id/passkeys/:passkeyId": {

     

       
1166
       
+
       
			DELETE: async (req) => {

     

       
1167
       
+
       
				try {

     

       
1168
       
+
       
					requireAdmin(req);

     

       
1169
       
+
       
					const userId = Number.parseInt(req.params.id, 10);

     

       
1170
       
+
       
					if (Number.isNaN(userId)) {

     

       
1171
       
+
       
						return Response.json({ error: "Invalid user ID" }, { status: 400 });

     

       
1172
       
+
       
					}

     

       
1173
       
+
       


     

       
1174
       
+
       
					const { passkeyId } = req.params;

     

       
1175
       
+
       
					deletePasskey(passkeyId, userId);

     

       
1176
       
+
       
					return Response.json({ success: true });

     

       
1177
       
+
       
				} catch (error) {

     

       
1178
       
+
       
					return handleError(error);

     

       
1179
       
+
       
				}

     

       
1180
       
+
       
			},

     

       
1181
       
+
       
		},

     

       
1182
       
+
       
		"/api/admin/users/:id/name": {

     

       
1183
       
+
       
			PUT: async (req) => {

     

       
1184
       
+
       
				try {

     

       
1185
       
+
       
					requireAdmin(req);

     

       
1186
       
+
       
					const userId = Number.parseInt(req.params.id, 10);

     

       
1187
       
+
       
					if (Number.isNaN(userId)) {

     

       
1188
       
+
       
						return Response.json({ error: "Invalid user ID" }, { status: 400 });

     

       
1189
       
+
       
					}

     

       
1190
       
+
       


     

       
1191
       
+
       
					const body = await req.json();

     

       
1192
       
+
       
					const { name } = body as { name: string };

     

       
1193
       
+
       


     

       
1194
       
+
       
					if (!name || name.trim().length === 0) {

     

       
1195
       
+
       
						return Response.json(

     

       
1196
       
+
       
							{ error: "Name cannot be empty" },

     

       
1197
       
+
       
							{ status: 400 },

     

       
1198
       
+
       
						);

     

       
1199
       
+
       
					}

     

       
1200
       
+
       


     

       
1201
       
+
       
					updateUserName(userId, name.trim());

     

       
1202
       
+
       
					return Response.json({ success: true });

     

       
1203
       
+
       
				} catch (error) {

     

       
1204
       
+
       
					return handleError(error);

     

       
1205
       
+
       
				}

     

       
1206
       
+
       
			},

     

       
1207
       
+
       
		},

     

       
1208
       
+
       
		"/api/admin/users/:id/email": {

     

       
1209
       
+
       
			PUT: async (req) => {

     

       
1210
       
+
       
				try {

     

       
1211
       
+
       
					requireAdmin(req);

     

       
1212
       
+
       
					const userId = Number.parseInt(req.params.id, 10);

     

       
1213
       
+
       
					if (Number.isNaN(userId)) {

     

       
1214
       
+
       
						return Response.json({ error: "Invalid user ID" }, { status: 400 });

     

       
1215
       
+
       
					}

     

       
1216
       
+
       


     

       
1217
       
+
       
					const body = await req.json();

     

       
1218
       
+
       
					const { email } = body as { email: string };

     

       
1219
       
+
       


     

       
1220
       
+
       
					if (!email || !email.includes("@")) {

     

       
1221
       
+
       
						return Response.json(

     

       
1222
       
+
       
							{ error: "Invalid email address" },

     

       
1223
       
+
       
							{ status: 400 },

     

       
1224
       
+
       
						);

     

       
1225
       
+
       
					}

     

       
1226
       
+
       


     

       
1227
       
+
       
					// Check if email already exists

     

       
1228
       
+
       
					const existing = db

     

       
1229
       
+
       
						.query<{ id: number }, [string, number]>(

     

       
1230
       
+
       
							"SELECT id FROM users WHERE email = ? AND id != ?",

     

       
1231
       
+
       
						)

     

       
1232
       
+
       
						.get(email, userId);

     

       
1233
       
+
       


     

       
1234
       
+
       
					if (existing) {

     

       
1235
       
+
       
						return Response.json(

     

       
1236
       
+
       
							{ error: "Email already in use" },

     

       
1237
       
+
       
							{ status: 400 },

     

       
1238
       
+
       
						);

     

       
1239
       
+
       
					}

     

       
1240
       
+
       


     

       
1241
       
+
       
					updateUserEmailAddress(userId, email);

     

       
1242
       
+
       
					return Response.json({ success: true });

     

       
1243
       
+
       
				} catch (error) {

     

       
1244
       
+
       
					return handleError(error);

     

       
1245
       
+
       
				}

     

       
1246
       
+
       
			},

     

       
1247
       
+
       
		},

     

       
1248
       
+
       
		"/api/admin/users/:id/sessions": {

     

       
1249
       
+
       
			GET: async (req) => {

     

       
1250
       
+
       
				try {

     

       
1251
       
+
       
					requireAdmin(req);

     

       
1252
       
+
       
					const userId = Number.parseInt(req.params.id, 10);

     

       
1253
       
+
       
					if (Number.isNaN(userId)) {

     

       
1254
       
+
       
						return Response.json({ error: "Invalid user ID" }, { status: 400 });

     

       
1255
       
+
       
					}

     

       
1256
       
+
       


     

       
1257
       
+
       
					const sessions = getSessionsForUser(userId);

     

       
1258
       
+
       
					return Response.json(sessions);

     

       
1259
       
+
       
				} catch (error) {

     

       
1260
       
+
       
					return handleError(error);

     

       
1261
       
+
       
				}

     

       
1262
       
+
       
			},

     

       
1263
       
+
       
			DELETE: async (req) => {

     

       
1264
       
+
       
				try {

     

       
1265
       
+
       
					requireAdmin(req);

     

       
1266
       
+
       
					const userId = Number.parseInt(req.params.id, 10);

     

       
1267
       
+
       
					if (Number.isNaN(userId)) {

     

       
1268
       
+
       
						return Response.json({ error: "Invalid user ID" }, { status: 400 });

     

       
1269
       
+
       
					}

     

       
1270
       
+
       


     

       
1271
       
+
       
					deleteAllUserSessions(userId);

     

       
1272
       
+
       
					return Response.json({ success: true });

     

       
1273
       
+
       
				} catch (error) {

     

       
1274
       
+
       
					return handleError(error);

     

       
1275
       
+
       
				}

     

       
1276
       
+
       
			},

     

       
1277
       
+
       
		},

     

       
1278
       
+
       
		"/api/admin/users/:id/sessions/:sessionId": {

     

       
1279
       
+
       
			DELETE: async (req) => {

     

       
1280
       
+
       
				try {

     

       
1281
       
+
       
					requireAdmin(req);

     

       
1282
       
+
       
					const userId = Number.parseInt(req.params.id, 10);

     

       
1283
       
+
       
					if (Number.isNaN(userId)) {

     

       
1284
       
+
       
						return Response.json({ error: "Invalid user ID" }, { status: 400 });

     

       
1285
       
+
       
					}

     

       
1286
       
+
       


     

       
1287
       
+
       
					const { sessionId } = req.params;

     

       
1288
       
+
       
					const success = deleteSessionById(sessionId, userId);

     

       
1289
       
+
       


     

       
1290
       
+
       
					if (!success) {

     

       
1291
       
+
       
						return Response.json(

     

       
1292
       
+
       
							{ error: "Session not found" },

     

       
1293
       
+
       
							{ status: 404 },

     

       
1294
       
+
       
						);

     

       
1295
       
+
       
					}

     

       
1296
       
+
       


     

       
1297
       
 
       
					return Response.json({ success: true });

     

       
1298
       
 
       
				} catch (error) {

     

       
1299
       
 
       
					return handleError(error);

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
import { afterEach, beforeEach, expect, test } from "bun:test";

     

       
2
       
+
       
import { Database } from "bun:sqlite";

     

       
3
       
+
       


     

       
4
       
+
       
let testDb: Database;

     

       
5
       
+
       


     

       
6
       
+
       
beforeEach(() => {

     

       
7
       
+
       
	testDb = new Database(":memory:");

     

       
8
       
+
       


     

       
9
       
+
       
	testDb.run(`

     

       
10
       
+
       
    CREATE TABLE users (

     

       
11
       
+
       
      id INTEGER PRIMARY KEY AUTOINCREMENT,

     

       
12
       
+
       
      email TEXT UNIQUE NOT NULL,

     

       
13
       
+
       
      password_hash TEXT,

     

       
14
       
+
       
      name TEXT,

     

       
15
       
+
       
      avatar TEXT DEFAULT 'd',

     

       
16
       
+
       
      created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),

     

       
17
       
+
       
      role TEXT NOT NULL DEFAULT 'user'

     

       
18
       
+
       
    )

     

       
19
       
+
       
  `);

     

       
20
       
+
       


     

       
21
       
+
       
	testDb.run(`

     

       
22
       
+
       
    CREATE TABLE passkeys (

     

       
23
       
+
       
      id TEXT PRIMARY KEY,

     

       
24
       
+
       
      user_id INTEGER NOT NULL,

     

       
25
       
+
       
      credential_id TEXT NOT NULL UNIQUE,

     

       
26
       
+
       
      public_key TEXT NOT NULL,

     

       
27
       
+
       
      counter INTEGER NOT NULL DEFAULT 0,

     

       
28
       
+
       
      transports TEXT,

     

       
29
       
+
       
      name TEXT,

     

       
30
       
+
       
      created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),

     

       
31
       
+
       
      last_used_at INTEGER,

     

       
32
       
+
       
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE

     

       
33
       
+
       
    )

     

       
34
       
+
       
  `);

     

       
35
       
+
       
});

     

       
36
       
+
       


     

       
37
       
+
       
afterEach(() => {

     

       
38
       
+
       
	testDb.close();

     

       
39
       
+
       
});

     

       
40
       
+
       


     

       
41
       
+
       
test("admin can update user name", async () => {

     

       
42
       
+
       
	const result = testDb.run(

     

       
43
       
+
       
		"INSERT INTO users (email, password_hash, name, avatar) VALUES (?, ?, ?, ?)",

     

       
44
       
+
       
		["test@example.com", "password123", "Old Name", "avatar1"],

     

       
45
       
+
       
	);

     

       
46
       
+
       


     

       
47
       
+
       
	const userId = Number(result.lastInsertRowid);

     

       
48
       
+
       


     

       
49
       
+
       
	testDb.run("UPDATE users SET name = ? WHERE id = ?", ["New Name", userId]);

     

       
50
       
+
       


     

       
51
       
+
       
	const user = testDb

     

       
52
       
+
       
		.query<{ name: string }, [number]>("SELECT name FROM users WHERE id = ?")

     

       
53
       
+
       
		.get(userId);

     

       
54
       
+
       


     

       
55
       
+
       
	expect(user?.name).toBe("New Name");

     

       
56
       
+
       
});

     

       
57
       
+
       


     

       
58
       
+
       
test("admin can update user password", async () => {

     

       
59
       
+
       
	const result = testDb.run(

     

       
60
       
+
       
		"INSERT INTO users (email, password_hash) VALUES (?, ?)",

     

       
61
       
+
       
		["test@example.com", "password123"],

     

       
62
       
+
       
	);

     

       
63
       
+
       


     

       
64
       
+
       
	const userId = Number(result.lastInsertRowid);

     

       
65
       
+
       


     

       
66
       
+
       
	testDb.run("UPDATE users SET password_hash = ? WHERE id = ?", [

     

       
67
       
+
       
		"newpassword456",

     

       
68
       
+
       
		userId,

     

       
69
       
+
       
	]);

     

       
70
       
+
       


     

       
71
       
+
       
	const user = testDb

     

       
72
       
+
       
		.query<{ password_hash: string }, [number]>(

     

       
73
       
+
       
			"SELECT password_hash FROM users WHERE id = ?",

     

       
74
       
+
       
		)

     

       
75
       
+
       
		.get(userId);

     

       
76
       
+
       


     

       
77
       
+
       
	expect(user?.password_hash).toBe("newpassword456");

     

       
78
       
+
       
});

     

       
79
       
+
       


     

       
80
       
+
       
test("admin can view user passkeys", async () => {

     

       
81
       
+
       
	const result = testDb.run(

     

       
82
       
+
       
		"INSERT INTO users (email, password_hash) VALUES (?, ?)",

     

       
83
       
+
       
		["test@example.com", "password123"],

     

       
84
       
+
       
	);

     

       
85
       
+
       


     

       
86
       
+
       
	const userId = Number(result.lastInsertRowid);

     

       
87
       
+
       


     

       
88
       
+
       
	testDb.run(

     

       
89
       
+
       
		"INSERT INTO passkeys (id, user_id, credential_id, public_key, counter) VALUES (?, ?, ?, ?, ?)",

     

       
90
       
+
       
		["pk1", userId, "cred1", "pubkey1", 0],

     

       
91
       
+
       
	);

     

       
92
       
+
       


     

       
93
       
+
       
	testDb.run(

     

       
94
       
+
       
		"INSERT INTO passkeys (id, user_id, credential_id, public_key, counter) VALUES (?, ?, ?, ?, ?)",

     

       
95
       
+
       
		["pk2", userId, "cred2", "pubkey2", 0],

     

       
96
       
+
       
	);

     

       
97
       
+
       


     

       
98
       
+
       
	const passkeys = testDb

     

       
99
       
+
       
		.query<{ id: string }, [number]>(

     

       
100
       
+
       
			"SELECT id FROM passkeys WHERE user_id = ?",

     

       
101
       
+
       
		)

     

       
102
       
+
       
		.all(userId);

     

       
103
       
+
       


     

       
104
       
+
       
	expect(passkeys.length).toBe(2);

     

       
105
       
+
       
});

     

       
106
       
+
       


     

       
107
       
+
       
test("admin can revoke user passkey", async () => {

     

       
108
       
+
       
	const result = testDb.run(

     

       
109
       
+
       
		"INSERT INTO users (email, password_hash) VALUES (?, ?)",

     

       
110
       
+
       
		["test@example.com", "password123"],

     

       
111
       
+
       
	);

     

       
112
       
+
       


     

       
113
       
+
       
	const userId = Number(result.lastInsertRowid);

     

       
114
       
+
       


     

       
115
       
+
       
	testDb.run(

     

       
116
       
+
       
		"INSERT INTO passkeys (id, user_id, credential_id, public_key, counter) VALUES (?, ?, ?, ?, ?)",

     

       
117
       
+
       
		["pk1", userId, "cred1", "pubkey1", 0],

     

       
118
       
+
       
	);

     

       
119
       
+
       


     

       
120
       
+
       
	let passkeys = testDb

     

       
121
       
+
       
		.query<{ id: string }, [number]>(

     

       
122
       
+
       
			"SELECT id FROM passkeys WHERE user_id = ?",

     

       
123
       
+
       
		)

     

       
124
       
+
       
		.all(userId);

     

       
125
       
+
       
	expect(passkeys.length).toBe(1);

     

       
126
       
+
       


     

       
127
       
+
       
	testDb.run("DELETE FROM passkeys WHERE id = ? AND user_id = ?", [

     

       
128
       
+
       
		"pk1",

     

       
129
       
+
       
		userId,

     

       
130
       
+
       
	]);

     

       
131
       
+
       


     

       
132
       
+
       
	passkeys = testDb

     

       
133
       
+
       
		.query<{ id: string }, [number]>(

     

       
134
       
+
       
			"SELECT id FROM passkeys WHERE user_id = ?",

     

       
135
       
+
       
		)

     

       
136
       
+
       
		.all(userId);

     

       
137
       
+
       
	expect(passkeys.length).toBe(0);

     

       
138
       
+
       
});

     

       
139
       
+
       


     

       
140
       
+
       
test("updating password clears user sessions", async () => {

     

       
141
       
+
       
	testDb.run(`

     

       
142
       
+
       
    CREATE TABLE sessions (

     

       
143
       
+
       
      id TEXT PRIMARY KEY,

     

       
144
       
+
       
      user_id INTEGER NOT NULL,

     

       
145
       
+
       
      ip_address TEXT,

     

       
146
       
+
       
      user_agent TEXT,

     

       
147
       
+
       
      created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),

     

       
148
       
+
       
      expires_at INTEGER NOT NULL,

     

       
149
       
+
       
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE

     

       
150
       
+
       
    )

     

       
151
       
+
       
  `);

     

       
152
       
+
       


     

       
153
       
+
       
	const result = testDb.run(

     

       
154
       
+
       
		"INSERT INTO users (email, password_hash) VALUES (?, ?)",

     

       
155
       
+
       
		["test@example.com", "password123"],

     

       
156
       
+
       
	);

     

       
157
       
+
       


     

       
158
       
+
       
	const userId = Number(result.lastInsertRowid);

     

       
159
       
+
       


     

       
160
       
+
       
	const expiresAt = Math.floor(Date.now() / 1000) + 3600;

     

       
161
       
+
       
	testDb.run(

     

       
162
       
+
       
		"INSERT INTO sessions (id, user_id, expires_at) VALUES (?, ?, ?)",

     

       
163
       
+
       
		["session1", userId, expiresAt],

     

       
164
       
+
       
	);

     

       
165
       
+
       


     

       
166
       
+
       
	let sessions = testDb

     

       
167
       
+
       
		.query<{ id: string }, [number]>(

     

       
168
       
+
       
			"SELECT id FROM sessions WHERE user_id = ?",

     

       
169
       
+
       
		)

     

       
170
       
+
       
		.all(userId);

     

       
171
       
+
       
	expect(sessions.length).toBe(1);

     

       
172
       
+
       


     

       
173
       
+
       
	testDb.run("UPDATE users SET password_hash = ? WHERE id = ?", [

     

       
174
       
+
       
		"newpassword",

     

       
175
       
+
       
		userId,

     

       
176
       
+
       
	]);

     

       
177
       
+
       
	testDb.run("DELETE FROM sessions WHERE user_id = ?", [userId]);

     

       
178
       
+
       


     

       
179
       
+
       
	sessions = testDb

     

       
180
       
+
       
		.query<{ id: string }, [number]>(

     

       
181
       
+
       
			"SELECT id FROM sessions WHERE user_id = ?",

     

       
182
       
+
       
		)

     

       
183
       
+
       
		.all(userId);

     

       
184
       
+
       
	expect(sessions.length).toBe(0);

     

       
185
       
+
       
});

     

       
186
       
+
       


     

···

       
11
       
 
       
	avatar: string;

     

       
12
       
 
       
	created_at: number;

     

       
13
       
 
       
	role: UserRole;

     

       
0
       
 
       

     

       
14
       
 
       
}

     

       
15
       
 
       


     

       
16
       
 
       
export interface Session {

     
···

       
56
       
 
       


     

       
57
       
 
       
	const user = db

     

       
58
       
 
       
		.query<User, [number]>(

     

       
59
       
-
       
			"SELECT id, email, name, avatar, created_at, role FROM users WHERE id = ?",

     

       
60
       
 
       
		)

     

       
61
       
 
       
		.get(session.user_id);

     

       
62
       
 
       


     
···

       
94
       
 
       


     

       
95
       
 
       
	const user = db

     

       
96
       
 
       
		.query<User, [number]>(

     

       
97
       
-
       
			"SELECT id, email, name, avatar, created_at, role FROM users WHERE id = ?",

     

       
98
       
 
       
		)

     

       
99
       
 
       
		.get(Number(result.lastInsertRowid));

     

       
100
       
 
       


     
···

       
119
       
 
       
				password_hash: string;

     

       
120
       
 
       
				created_at: number;

     

       
121
       
 
       
				role: UserRole;

     

       
0
       
 
       

     

       
122
       
 
       
			},

     

       
123
       
 
       
			[string]

     

       
124
       
 
       
		>(

     

       
125
       
-
       
			"SELECT id, email, name, avatar, password_hash, created_at, role FROM users WHERE email = ?",

     

       
126
       
 
       
		)

     

       
127
       
 
       
		.get(email);

     

       
128
       
 
       


     
···

       
135
       
 
       


     

       
136
       
 
       
	if (password !== result.password_hash) return null;

     

       
137
       
 
       


     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
138
       
 
       
	return {

     

       
139
       
 
       
		id: result.id,

     

       
140
       
 
       
		email: result.email,

     
···

       
142
       
 
       
		avatar: result.avatar,

     

       
143
       
 
       
		created_at: result.created_at,

     

       
144
       
 
       
		role: result.role,

     

       
0
       
 
       

     

       
145
       
 
       
	};

     

       
146
       
 
       
}

     

       
147
       
 
       


     
···

       
221
       
 
       
				avatar: string;

     

       
222
       
 
       
				created_at: number;

     

       
223
       
 
       
				role: UserRole;

     

       
0
       
 
       

     

       
224
       
 
       
			},

     

       
225
       
 
       
			[]

     

       
226
       
-
       
		>("SELECT id, email, name, avatar, created_at, role FROM users ORDER BY created_at DESC")

     

       
227
       
 
       
		.all();

     

       
228
       
 
       
}

     

       
229
       
 
       


     
···

       
311
       
 
       
		// Files might not exist, ignore errors

     

       
312
       
 
       
	}

     

       
313
       
 
       
}

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0