57 lines
1.7 KiB
TypeScript
57 lines
1.7 KiB
TypeScript
import { type NextRequest, NextResponse } from "next/server"
|
|
import { safeQuery } from "@/lib/database"
|
|
import { hashPassword } from "@/lib/auth"
|
|
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
const { adminId, targetUserId } = await request.json()
|
|
|
|
// Input validation
|
|
if (!adminId || !targetUserId) {
|
|
return NextResponse.json({ error: "נתונים חסרים" }, { status: 400 })
|
|
}
|
|
|
|
// Verify admin permissions
|
|
const admins = await safeQuery(
|
|
"SELECT role FROM users WHERE national_id = ?",
|
|
[adminId]
|
|
) as { role: string | null }[]
|
|
|
|
if (
|
|
admins.length === 0 ||
|
|
!admins[0].role ||
|
|
admins[0].role === "user"
|
|
) {
|
|
return NextResponse.json({ error: "אין הרשאות מנהל" }, { status: 403 })
|
|
}
|
|
|
|
// Check if target user exists
|
|
const targetUsers = (await safeQuery("SELECT national_id FROM users WHERE national_id = ?", [
|
|
targetUserId,
|
|
])) as any[]
|
|
|
|
if (targetUsers.length === 0) {
|
|
return NextResponse.json({ error: "משתמש לא נמצא" }, { status: 404 })
|
|
}
|
|
|
|
// Reset password to "password123"
|
|
const hashedPassword = await hashPassword("password123")
|
|
|
|
await safeQuery(
|
|
"UPDATE users SET password = ?, must_change_password = TRUE, password_changed_at = NULL WHERE national_id = ?",
|
|
[hashedPassword, targetUserId],
|
|
)
|
|
|
|
// Log the action
|
|
await safeQuery(
|
|
'INSERT INTO admin_actions (admin_id, action_type, target_user_id) VALUES (?, "reset_password", ?)',
|
|
[adminId, targetUserId],
|
|
)
|
|
|
|
return NextResponse.json({ success: true })
|
|
} catch (error) {
|
|
console.error("Reset password error:", error)
|
|
return NextResponse.json({ error: "שגיאה באיפוס סיסמה" }, { status: 500 })
|
|
}
|
|
}
|