Initial commit

app/api/admin/reset-password/route.ts

@@ -0,0 +1,56 @@
+import { type NextRequest, NextResponse } from "next/server"
+import { safeQuery } from "@/lib/database"
+import { hashPassword } from "@/lib/auth"
+
+export async function POST(request: NextRequest) {
+  try {
+    const { adminId, targetUserId } = await request.json()
+
+    // Input validation
+    if (!adminId || !targetUserId) {
+      return NextResponse.json({ error: "נתונים חסרים" }, { status: 400 })
+    }
+
+    // Verify admin permissions
+    const admins = await safeQuery(
+      "SELECT role FROM users WHERE national_id = ?",
+      [adminId]
+    ) as { role: string | null }[]
+
+    if (
+      admins.length === 0 ||
+      !admins[0].role || 
+      admins[0].role === "user"
+    ) {
+      return NextResponse.json({ error: "אין הרשאות מנהל" }, { status: 403 })
+    }
+
+    // Check if target user exists
+    const targetUsers = (await safeQuery("SELECT national_id FROM users WHERE national_id = ?", [
+      targetUserId,
+    ])) as any[]
+
+    if (targetUsers.length === 0) {
+      return NextResponse.json({ error: "משתמש לא נמצא" }, { status: 404 })
+    }
+
+    // Reset password to "password123"
+    const hashedPassword = await hashPassword("password123")
+
+    await safeQuery(
+      "UPDATE users SET password = ?, must_change_password = TRUE, password_changed_at = NULL WHERE national_id = ?",
+      [hashedPassword, targetUserId],
+    )
+
+    // Log the action
+    await safeQuery(
+      'INSERT INTO admin_actions (admin_id, action_type, target_user_id) VALUES (?, "reset_password", ?)',
+      [adminId, targetUserId],
+    )
+
+    return NextResponse.json({ success: true })
+  } catch (error) {
+    console.error("Reset password error:", error)
+    return NextResponse.json({ error: "שגיאה באיפוס סיסמה" }, { status: 500 })
+  }
+}