Add admin API, permissions, and player management routes

Introduces admin database tables, repository, and service for managing administrators and permissions. Adds new admin routes for banning players, managing cosmetics (capes), changing player passwords and usernames, and handling player textures. Updates user and session services to support admin actions and permission checks. Adds related schema validation for new endpoints.
2026-01-05 04:44:56 +01:00
parent da8ab9d488
commit 439094013d
20 changed files with 628 additions and 14 deletions
--- a/routes/admin/ban/index.js
+++ b/routes/admin/ban/index.js
@@ -0,0 +1,32 @@
+const express = require("express")
+const router = express.Router()
+const userService = require("../../../services/userService")
+const adminService = require("../../../services/adminService")
+
+router.get("/:uuid", adminService.hasPermission("PLAYER_BAN_STATUS"), async (req, res) => {
+    const banStatus = await userService.getPlayerBanStatus(req.params.uuid)
+    return res.status(200).json(banStatus)
+})
+
+router.get("/:uuid/actions", adminService.hasPermission("PLAYER_ACTIONS_LIST"), async (req, res) => {
+    const playerActions = await userService.getPlayerActions(req.params.uuid)
+    return res.status(200).json(playerActions)
+})
+
+router.get("/:uuid/history", adminService.hasPermission("PLAYER_BAN_HISTORY"), async (req, res) => {
+    const banHistory = await userService.getPlayerBans(req.params.uuid)
+    return res.status(200).json(banHistory)
+})
+
+router.put("/:uuid", adminService.hasPermission("PLAYER_BAN"), async (req, res) => {
+    const { reasonKey, reasonMessage, expires } = req.body
+    const ban = await userService.banUser(req.params.uuid, { reasonKey, reasonMessage, expires })
+    return res.status(200).json(ban)
+})
+
+router.delete("/:uuid", adminService.hasPermission("PLAYER_UNBAN"), async (req, res) => {
+    const ban = await userService.unbanUser(req.params.uuid)
+    return res.status(200).json(ban)
+})
+
+module.exports = router
--- a/routes/admin/cosmetics/capes.js
+++ b/routes/admin/cosmetics/capes.js
@@ -0,0 +1,20 @@
+const express = require("express")
+const path = require("node:path")
+const multer = require("multer")
+const router = express.Router() 
+const userService = require("../../../services/userService")
+const adminService = require("../../../services/adminService")
+
+const upload = multer({ dest: path.join(process.cwd(), "data/temp/") })
+
+router.post("/upload", adminService.hasPermission("UPLOAD_CAPE"), upload.single("file"), async (req, res) => {
+    const result = await adminService.uploadCape(req.file, req.body.alias)
+    res.status(201).json(result)
+})
+
+router.delete("/:hash", adminService.hasPermission("DELETE_CAPES"), async (req, res) => {
+    const result = await userService.deleteGlobalCape(req.params.hash)
+    res.status(200).json(result)
+})
+
+module.exports = router
--- a/routes/admin/index.js
+++ b/routes/admin/index.js
@@ -0,0 +1,4 @@
+const express = require("express")
+const router = express.Router() 
+
+module.exports = router
--- a/routes/admin/players/password.js
+++ b/routes/admin/players/password.js
@@ -0,0 +1,12 @@
+const express = require("express")
+const router = express.Router()
+const userService = require("../../../services/userService")
+const adminService = require("../../../services/adminService")
+
+router.patch("/:uuid", adminService.hasPermission("CHANGE_PLAYER_PASSWORD"), async (req, res) => {
+    const { newPassword } = req.body
+    const result = await userService.changePassword(req.params.uuid, newPassword)
+    return res.status(200).json(result)
+})
+
+module.exports = router
--- a/routes/admin/players/textures.js
+++ b/routes/admin/players/textures.js
@@ -0,0 +1,23 @@
+const express = require("express")
+const router = express.Router()
+const userService = require("../../../services/userService")
+const adminService = require("../../../services/adminService")
+
+router.delete("/skin/:uuid", adminService.hasPermission("RESET_PLAYER_SKIN"), async (req, res) => {
+    const result = await userService.resetSkin(req.params.uuid)
+    return res.status(200).json(result)
+})
+
+router.put("/cape/:uuid/:hash", adminService.hasPermission("GRANT_PLAYER_CAPE"), async (req, res) => {
+    const { uuid, hash } = req.params
+    const result = await userService.grantCape(uuid, hash)
+    return res.status(200).json(result)
+})
+
+router.delete("/cape/:uuid/:hash", adminService.hasPermission("REMOVE_PLAYER_CAPE"), async (req, res) => {
+    const { uuid, hash } = req.params
+    const result = await userService.removeCape(uuid, hash)
+    return res.status(200).json(result)
+})
+
+module.exports = router
--- a/routes/admin/players/username.js
+++ b/routes/admin/players/username.js
@@ -0,0 +1,12 @@
+const express = require("express")
+const router = express.Router()
+const userService = require("../../../services/userService")
+const adminService = require("../../../services/adminService")
+
+router.patch("/:uuid", adminService.hasPermission("CHANGE_PLAYER_USERNAME"), async (req, res) => {
+    const { newUsername } = req.body
+    const result = await userService.changeUsername(req.params.uuid, newUsername)
+    return res.status(200).json(result)
+})
+
+module.exports = router