ideas-generator/server/routes/users.js

const express = require('express');
const { User } = require('../models');
const { hybridAuthenticate } = require('../middleware/azureAuth');
const { requireAdmin } = require('../middleware/auth');

const router = express.Router();

// Get all users (admin only)
router.get('/', hybridAuthenticate, requireAdmin, async (req, res, next) => {
  try {
    const users = await User.findAll({
      order: [['createdAt', 'DESC']],
      attributes: { exclude: ['password'] } // Exclude sensitive data
    });

    res.json({
      users: users.map(user => ({
        id: user.id,
        name: user.name,
        email: user.email,
        preferences: user.preferences,
        isActive: user.isActive,
        createdAt: user.createdAt,
        updatedAt: user.updatedAt
      })),
      total: users.length
    });

  } catch (error) {
    next(error);
  }
});

// Create new user (admin only)
router.post('/', async (req, res, next) => {
  try {
    const { name, email, role = 'user' } = req.body;

    if (!name || !email) {
      return res.status(400).json({
        error: 'Validation Error',
        message: 'Name and email are required'
      });
    }

    // Check if user already exists
    const existingUser = await User.findOne({ where: { email } });
    if (existingUser) {
      return res.status(409).json({
        error: 'User Exists',
        message: 'A user with this email already exists'
      });
    }

    const user = await User.create({
      name,
      email,
      preferences: {
        theme: 'light',
        notifications: true,
        role: role,
        defaultAssistant: 'creator-bot-push-the-boundaries-of-technology'
      },
      isActive: true
    });

    res.status(201).json({
      message: 'User created successfully',
      user: {
        id: user.id,
        name: user.name,
        email: user.email,
        preferences: user.preferences,
        isActive: user.isActive,
        createdAt: user.createdAt
      }
    });

  } catch (error) {
    if (error.name === 'SequelizeValidationError') {
      return res.status(400).json({
        error: 'Validation Error',
        message: error.errors.map(e => e.message).join(', ')
      });
    }
    next(error);
  }
});

// Update user (admin only)
router.put('/:userId', async (req, res, next) => {
  try {
    const { userId } = req.params;
    const { name, email, isActive, preferences } = req.body;

    const user = await User.findByPk(userId);
    if (!user) {
      return res.status(404).json({
        error: 'User Not Found',
        message: 'Specified user not found'
      });
    }

    const updateData = {};
    if (name !== undefined) updateData.name = name;
    if (email !== undefined) updateData.email = email;
    if (isActive !== undefined) updateData.isActive = isActive;
    
    // Handle preferences update (role and allowedAgents)
    if (preferences !== undefined) {
      updateData.preferences = {
        ...user.preferences,
        ...preferences
      };
    }

    await user.update(updateData);

    res.json({
      message: 'User updated successfully',
      user: {
        id: user.id,
        name: user.name,
        email: user.email,
        preferences: user.preferences,
        isActive: user.isActive,
        updatedAt: user.updatedAt
      }
    });

  } catch (error) {
    if (error.name === 'SequelizeValidationError') {
      return res.status(400).json({
        error: 'Validation Error',
        message: error.errors.map(e => e.message).join(', ')
      });
    }
    next(error);
  }
});

// Toggle user status (admin only)
router.patch('/:userId/toggle-status', async (req, res, next) => {
  try {
    const { userId } = req.params;

    const user = await User.findByPk(userId);
    if (!user) {
      return res.status(404).json({
        error: 'User Not Found',
        message: 'Specified user not found'
      });
    }

    await user.update({ isActive: !user.isActive });

    res.json({
      message: `User ${user.isActive ? 'enabled' : 'disabled'} successfully`,
      user: {
        id: user.id,
        name: user.name,
        email: user.email,
        isActive: user.isActive
      }
    });

  } catch (error) {
    next(error);
  }
});

// Delete user (admin only - soft delete by setting isActive to false)
router.delete('/:userId', async (req, res, next) => {
  try {
    const { userId } = req.params;

    const user = await User.findByPk(userId);
    if (!user) {
      return res.status(404).json({
        error: 'User Not Found',
        message: 'Specified user not found'
      });
    }

    // Soft delete by setting isActive to false
    await user.update({ isActive: false });

    res.json({
      message: 'User deleted successfully',
      userId: user.id
    });

  } catch (error) {
    next(error);
  }
});

module.exports = router;