owltide/server/api/admin/user.patch.ts

import { readUsers, type ServerUser, writeUsers } from "~/server/database";
import { type ApiUser, apiUserPatchSchema } from "~/shared/types/api";
import { z } from "zod/v4-mini";
import { broadcastEvent } from "~/server/streams";

function serverUserToApi(user: ServerUser): ApiUser {
	if (user.deleted) {
		return {
			id: user.id,
			updatedAt: user.updatedAt,
			deleted: true,
		}
	}
	return {
		id: user.id,
		updatedAt: user.updatedAt,
		type: user.type,
		name: user.name,
	};
}

export default defineEventHandler(async (event) => {
	const session = await requireServerSession(event);
	if (session.account.type !== "admin") {
		throw createError({
			statusCode: 403,
			statusMessage: "Forbidden",
		});
	}
	const { success, error, data: patch } = apiUserPatchSchema.safeParse(await readBody(event));
	if (!success) {
		throw createError({
			status: 400,
			statusText: "Bad Request",
			message: z.prettifyError(error),
		});
	}

	const users = await readUsers();
	const user = users.find(user => user.id === patch.id);
	if (!user || user.deleted) {
		throw createError({
			status: 409,
			statusText: "Conflict",
			message: "User does not exist",
		});

	}

	if (patch.type) {
		if (patch.type === "anonymous" || user.type === "anonymous") {
			throw createError({
				status: 409,
				statusText: "Conflict",
				message: "Anonymous user type cannot be changed.",
			});
		}
		user.type = patch.type;
	}
	if (patch.name) {
		if (user.type === "anonymous") {
			throw createError({
				status: 409,
				statusText: "Conflict",
				message: "Anonymous user cannot have name set.",
			});
		}
		user.name = patch.name;
	}
	user.updatedAt = new Date().toISOString();
	await writeUsers(users);
	broadcastEvent({
		type: "user-update",
		data: serverUserToApi(user),
	})

	// Update Schedule counts.
	await updateScheduleInterestedCounts(users);
})
Fix import statements Remove unused or unneeded imports and change imports of luxon APIs to use the wrapper. 2025-06-23 12:48:09 +02:00			`import { readUsers, type ServerUser, writeUsers } from "~/server/database";`
			`import { type ApiUser, apiUserPatchSchema } from "~/shared/types/api";`
Add admin page that can edit users Add admin page that's only accessible to admins with a listing of users and the ability to edit the access types of those users. 2025-06-23 00:20:33 +02:00			`import { z } from "zod/v4-mini";`
			`import { broadcastEvent } from "~/server/streams";`

			`function serverUserToApi(user: ServerUser): ApiUser {`
			`if (user.deleted) {`
			`return {`
			`id: user.id,`
			`updatedAt: user.updatedAt,`
			`deleted: true,`
			`}`
			`}`
			`return {`
			`id: user.id,`
			`updatedAt: user.updatedAt,`
			`type: user.type,`
			`name: user.name,`
			`};`
			`}`

			`export default defineEventHandler(async (event) => {`
			`const session = await requireServerSession(event);`
			`if (session.account.type !== "admin") {`
			`throw createError({`
			`statusCode: 403,`
			`statusMessage: "Forbidden",`
			`});`
			`}`
			`const { success, error, data: patch } = apiUserPatchSchema.safeParse(await readBody(event));`
			`if (!success) {`
			`throw createError({`
			`status: 400,`
			`statusText: "Bad Request",`
			`message: z.prettifyError(error),`
			`});`
			`}`

			`const users = await readUsers();`
			`const user = users.find(user => user.id === patch.id);`
			`if (!user \|\| user.deleted) {`
			`throw createError({`
			`status: 409,`
			`statusText: "Conflict",`
			`message: "User does not exist",`
			`});`

			`}`

			`if (patch.type) {`
			`if (patch.type === "anonymous" \|\| user.type === "anonymous") {`
			`throw createError({`
			`status: 409,`
			`statusText: "Conflict",`
			`message: "Anonymous user type cannot be changed.",`
			`});`
			`}`
			`user.type = patch.type;`
			`}`
			`if (patch.name) {`
			`if (user.type === "anonymous") {`
			`throw createError({`
			`status: 409,`
			`statusText: "Conflict",`
			`message: "Anonymous user cannot have name set.",`
			`});`
			`}`
			`user.name = patch.name;`
			`}`
			`user.updatedAt = new Date().toISOString();`
			`await writeUsers(users);`
			`broadcastEvent({`
			`type: "user-update",`
			`data: serverUserToApi(user),`
			`})`

			`// Update Schedule counts.`
			`await updateScheduleInterestedCounts(users);`
			`})`