diven.idnani/Todo_Admin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Files for Todo_admin added

Browse Source
This commit is contained in:
Diven2510
2025-12-30 19:44:14 +05:30
parent fd223884cd
commit eef41c105c
34 changed files with 7687 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
Backend/routes/auth.js Normal file
View File

@@ -0,0 +1,103 @@
import express from 'express';
import jwt from 'jsonwebtoken';
import bcrypt from 'bcryptjs';
import User from '../models/User.js';
const router = express.Router();
// Register
router.post('/register', async (req, res) => {
try {
const { username, email, password } = req.body;
// Validation
if (!username || !email || !password) {
return res.status(400).json({
message: 'Username, email, and password are required'
});
}
if (password.length < 6) {
return res.status(400).json({
message: 'Password must be at least 6 characters long'
});
}
// Check if user already exists
const existingUser = await User.findOne({
$or: [{ email }, { username }]
});
if (existingUser) {
return res.status(400).json({
message: 'User with this email or username already exists'
});
}
// Create new user
const user = new User({ username, email, password });
await user.save();
// Generate JWT token
const token = jwt.sign(
{ userId: user._id },
process.env.JWT_SECRET,
{ expiresIn: '7d' }
);
res.status(201).json({
message: 'User created successfully',
token,
user: {
id: user._id,
username: user.username,
email: user.email,
role: user.role
}
});
} catch (error) {
console.error('Registration error:', error);
res.status(500).json({ message: 'Server error', error: error.message });
}
});
// Login
router.post('/login', async (req, res) => {
try {
const { email, password } = req.body;
// Find user by email
const user = await User.findOne({ email });
if (!user) {
return res.status(400).json({ message: 'Invalid credentials' });
}
// Check password
const isMatch = await user.comparePassword(password);
if (!isMatch) {
return res.status(400).json({ message: 'Invalid credentials' });
}
// Generate JWT token
const token = jwt.sign(
{ userId: user._id },
process.env.JWT_SECRET,
{ expiresIn: '7d' }
);
res.json({
message: 'Login successful',
token,
user: {
id: user._id,
username: user.username,
email: user.email,
role: user.role
}
});
} catch (error) {
res.status(500).json({ message: 'Server error', error: error.message });
}
});
export default router;

229
Backend/routes/todos.js Normal file
View File

@@ -0,0 +1,229 @@
import express from 'express';
import Todo from '../models/Todo.js';
import User from '../models/User.js';
import { requireAdmin } from '../middleware/auth.js';
const router = express.Router();
// Get todos - different behavior for admin vs user
router.get('/', async (req, res) => {
try {
const { date, userId } = req.query;
let query = {};
if (req.user.role === 'admin') {
// Admin can see all todos or filter by userId
if (userId) {
query.userId = userId;
}
} else {
// Regular users only see their assigned tasks
query.userId = req.user._id;
}
if (date) {
const startDate = new Date(date);
const endDate = new Date(date);
endDate.setDate(endDate.getDate() + 1);
query.dueDate = {
$gte: startDate,
$lt: endDate
};
}
const todos = await Todo.find(query)
.populate('userId', 'username email')
.populate('assignedBy', 'username email')
.sort({ createdAt: -1 });
res.json(todos);
} catch (error) {
res.status(500).json({ message: 'Server error', error: error.message });
}
});
// Create new todo - only admins can assign tasks to others
router.post('/', async (req, res) => {
try {
const { title, description, priority, dueDate, userId } = req.body;
let todoData = {
title,
description,
priority,
dueDate: new Date(dueDate)
};
if (req.user.role === 'admin') {
// Admin can assign tasks to any user
todoData.userId = userId || req.user._id;
todoData.assignedBy = req.user._id;
} else {
// Regular users can only create tasks for themselves
todoData.userId = req.user._id;
}
const todo = new Todo(todoData);
await todo.save();
const populatedTodo = await Todo.findById(todo._id)
.populate('userId', 'username email')
.populate('assignedBy', 'username email');
res.status(201).json(populatedTodo);
} catch (error) {
res.status(500).json({ message: 'Server error', error: error.message });
}
});
// Update todo - different permissions for admin vs user
router.put('/:id', async (req, res) => {
try {
const { id } = req.params;
const updates = req.body;
console.log('Update request:', { id, updates, userRole: req.user.role });
let query = { _id: id };
let finalUpdates = { ...updates };
if (req.user.role === 'admin') {
// Admin can update any todo
console.log('Admin updating todo');
} else {
// Regular users can only update their own todos
query.userId = req.user._id;
console.log('User updating own todo');
// Users can only update status and submit tasks
const allowedUpdates = ['status'];
const filteredUpdates = {};
allowedUpdates.forEach(field => {
if (updates[field] !== undefined) {
filteredUpdates[field] = updates[field];
}
});
// Handle task submission
if (updates.status === 'submitted') {
filteredUpdates.submittedAt = new Date();
}
finalUpdates = filteredUpdates;
console.log('Filtered updates for user:', finalUpdates);
}
const todo = await Todo.findOneAndUpdate(query, finalUpdates, { new: true })
.populate('userId', 'username email')
.populate('assignedBy', 'username email');
if (!todo) {
console.log('Todo not found with query:', query);
return res.status(404).json({ message: 'Todo not found or access denied' });
}
console.log('Todo updated successfully:', todo);
res.json(todo);
} catch (error) {
console.error('Update todo error:', error);
res.status(500).json({ message: 'Server error', error: error.message });
}
});
// Delete todo - only admins can delete
router.delete('/:id', requireAdmin, async (req, res) => {
try {
const { id } = req.params;
const todo = await Todo.findByIdAndDelete(id);
if (!todo) {
return res.status(404).json({ message: 'Todo not found' });
}
res.json({ message: 'Todo deleted successfully' });
} catch (error) {
res.status(500).json({ message: 'Server error', error: error.message });
}
});
// Admin routes for user management
router.get('/admin/users', requireAdmin, async (req, res) => {
try {
const users = await User.find({ role: 'user' }).select('-password');
res.json(users);
} catch (error) {
res.status(500).json({ message: 'Server error', error: error.message });
}
});
// Admin route to get all todos with user details
router.get('/admin/all-todos', requireAdmin, async (req, res) => {
try {
const todos = await Todo.find()
.populate('userId', 'username email')
.populate('assignedBy', 'username email')
.sort({ createdAt: -1 });
res.json(todos);
} catch (error) {
res.status(500).json({ message: 'Server error', error: error.message });
}
});
// Admin route to assign task to user
router.post('/admin/assign', requireAdmin, async (req, res) => {
try {
const { title, description, priority, dueDate, userId } = req.body;
const todo = new Todo({
title,
description,
priority,
dueDate: new Date(dueDate),
userId,
assignedBy: req.user._id
});
await todo.save();
const populatedTodo = await Todo.findById(todo._id)
.populate('userId', 'username email')
.populate('assignedBy', 'username email');
res.status(201).json(populatedTodo);
} catch (error) {
res.status(500).json({ message: 'Server error', error: error.message });
}
});
// Admin route to mark task as completed
router.put('/admin/complete/:id', requireAdmin, async (req, res) => {
try {
const { id } = req.params;
const todo = await Todo.findByIdAndUpdate(
id,
{
status: 'completed',
completedAt: new Date()
},
{ new: true }
).populate('userId', 'username email')
.populate('assignedBy', 'username email');
if (!todo) {
return res.status(404).json({ message: 'Todo not found' });
}
res.json(todo);
} catch (error) {
res.status(500).json({ message: 'Server error', error: error.message });
}
});
export default router;