AlexCode-dot · AlexCode-dot · Jun 6, 2025 · May 29, 2025 · May 29, 2025 · May 29, 2025
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -14,8 +14,11 @@
     "watch-css": "sass --watch src/styles/main.scss:public/dist/styles.css"
   },
   "dependencies": {
+    "bcrypt": "^6.0.0",
     "dotenv": "^16.5.0",
     "formdata-node": "^6.0.3",
+    "jsonwebtoken": "^9.0.2",
+    "jwt-decode": "^4.0.0",
     "html2pdf.js": "^0.10.3",
     "mongoose": "^8.15.0",
     "next": "15.3.1",

diff --git a/src/app/admin/page.jsx b/src/app/admin/page.jsx
@@ -1,6 +1,5 @@
 'use client'
-
-import { useState } from 'react'
+import { useState, useEffect } from 'react'
 import AdminRoomForm from '@/components/admin/AdminRoomForm'
 import AdminScreeningForm from '@/components/admin/AdminScreeningForm'
 import AdminMovieForm from '@/components/admin/AdminMovieForm'
@@ -12,10 +11,31 @@ import { useAdminData } from '@/hooks/useAdminData'
 import AdminTabNav from '@/components/admin/AdminTabNav'
 import AdminRoomList from '@/components/admin/AdminRoomList'
 import AdminBookingPanel from '@/components/admin/AdminBookingPanel'
+import AdminCreateUser from '@/components/admin/AdminCreateUser'
+import { jwtDecode } from 'jwt-decode'
 
 export default function AdminPanel() {
+  const [isAdmin, setIsAdmin] = useState(false)
+  const [checked, setChecked] = useState(false)
   const [activeTab, setActiveTab] = useState('list')
 
+  useEffect(() => {
+    const cookies = document.cookie.split(';').map((c) => c.trim())
+    const jwtCookie = cookies.find((c) => c.startsWith('JWT='))
+    if (jwtCookie) {
+      const token = jwtCookie.split('=')[1]
+      try {
+        const decoded = jwtDecode(token)
+        setIsAdmin(decoded.admin)
+      } catch (e) {
+        setIsAdmin(false)
+      }
+    } else {
+      setIsAdmin(false)
+    }
+    setChecked(true)
+  }, [])
+
   const {
     movies,
     screenings,
@@ -42,6 +62,14 @@ export default function AdminPanel() {
     loading,
   } = useAdminData()
 
+  if (!checked) {
+    return <div>Laddar...</div>
+  }
+
+  if (!isAdmin) {
+    return <h1>Du är inte admin!</h1>
+  }
+
   return (
     <main className="admin-page">
       <div className="admin-page__container">
@@ -128,6 +156,13 @@ export default function AdminPanel() {
             </section>
           </>
         )}
+        {activeTab === 'user1' && (
+          <>
+            <section className="admin-page__section">
+              <AdminCreateUser />
+            </section>
+          </>
+        )}
       </div>
 
       {successMessage && <SuccessModal message={successMessage} onClose={() => setSuccessMessage(null)} />}

diff --git a/src/app/api/changepassword/route.js b/src/app/api/changepassword/route.js
@@ -0,0 +1,18 @@
+import { updateUserPassword } from '@/lib/db/userDbService'
+import { NextResponse } from 'next/server'
+
+export async function POST(request) {
+  const payload = await request.json()
+
+  console.log(`Received request to update password for user: ${payload.Username}`)
+
+  try {
+    const updatedUser = await updateUserPassword(payload.Username, payload.Password)
+
+    console.log(`Password updated successfully for user: ${updatedUser.Username}`)
+    return NextResponse.json({ message: 'Password updated successfully' }, { status: 200 })
+  } catch (error) {
+    console.error(`Error updating password for user ${username}:`, error)
+    return NextResponse.json({ error: 'Failed to update password' }, { status: 500 })
+  }
+}
diff --git a/src/app/api/deleteuser/route.js b/src/app/api/deleteuser/route.js
@@ -0,0 +1,17 @@
+import { deleteUserByUsername } from '@/lib/db/userDbService'
+
+export async function POST(request) {
+  const { username } = await request.json()
+
+  if (!username) {
+    return new Response('Username is required', { status: 400 })
+  }
+
+  try {
+    await deleteUserByUsername(username)
+    return new Response(`User ${username} deleted successfully`, { status: 200 })
+  } catch (error) {
+    console.error('Error deleting user:', error)
+    return new Response('Failed to delete user', { status: 500 })
+  }
+}
diff --git a/src/app/api/getusers/route.js b/src/app/api/getusers/route.js
@@ -0,0 +1,30 @@
+import { NextResponse } from 'next/server'
+import connectDB from '@/lib/db/connectDB'
+import { getAllUsers } from '@/lib/db/userDbService'
+import { jwtDecode } from 'jwt-decode'
+export async function GET(request) {
+  const cookieHeader = request.headers.get('cookie') || ''
+  const cookies = cookieHeader.split(';').map((c) => c.trim())
+  const jwtCookie = cookies.find((c) => c.startsWith('JWT='))
+  if (!jwtCookie) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const token = jwtCookie.split('=')[1]
+  try {
+    const decoded = jwtDecode(token)
+    if (!decoded.admin) {
+      return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+    }
+  } catch (error) {
+    return NextResponse.json({ error: 'Invalid token' }, { status: 401 })
+  }
+  try {
+    await connectDB()
+    const users = await getAllUsers()
+    return NextResponse.json(users, { status: 200 })
+  } catch (error) {
+    console.error('Error fetching users:', error)
+    return NextResponse.json({ error: 'Failed to fetch users' }, { status: 500 })
+  }
+}