helpyourneighbour/backend/routes/roles.js

const express = require('express');
const router = express.Router();
const db = require('../db');
const requireRole = require('../middleware/requireRole');

// Get all users (admin only)
router.get('/', requireRole(['admin']), async (req, res) => {
  try {
    const users = await db.query('SELECT id, email, name, role FROM users ORDER BY created_at DESC');
    res.json({ users: users.rows });
  } catch (err) {
    console.error(err);
    res.status(500).json({ error: 'Internal server error' });
  }
});

// Suspend a user (admin only)
router.put('/suspend/:userId', requireRole(['admin']), async (req, res) => {
  try {
    const { userId } = req.params;
    
    // Check if user exists
    const existingUser = await db.query('SELECT id FROM users WHERE id = $1', [userId]);
    if (existingUser.rows.length === 0) {
      return res.status(404).json({ error: 'User not found' });
    }

    // Suspend user
    await db.query('UPDATE users SET suspended = true WHERE id = $1', [userId]);

    // Log audit event
    const auditEvent = {
      actorUserId: req.user.userId,
      action: 'USER_SUSPEND',
      targetType: 'user',
      targetId: userId,
      reason: req.body.reason || 'No reason provided',
      timestamp: new Date()
    };

    res.json({ message: 'User suspended successfully' });
  } catch (err) {
    console.error(err);
    res.status(500).json({ error: 'Internal server error' });
  }
});

// Unsuspend a user (admin only)
router.put('/unsuspend/:userId', requireRole(['admin']), async (req, res) => {
  try {
    const { userId } = req.params;
    
    // Check if user exists
    const existingUser = await db.query('SELECT id FROM users WHERE id = $1', [userId]);
    if (existingUser.rows.length === 0) {
      return res.status(404).json({ error: 'User not found' });
    }

    // Unsuspend user
    await db.query('UPDATE users SET suspended = false WHERE id = $1', [userId]);

    // Log audit event
    const auditEvent = {
      actorUserId: req.user.userId,
      action: 'USER_UNSUSPEND',
      targetType: 'user',
      targetId: userId,
      reason: req.body.reason || 'No reason provided',
      timestamp: new Date()
    };

    res.json({ message: 'User unsuspended successfully' });
  } catch (err) {
    console.error(err);
    res.status(500).json({ error: 'Internal server error' });
  }
});

module.exports = router;
feat: implement role-based access control and auth routes This commit implements the role-based access control middleware and authentication routes as per the project's requirements. It includes: 2026-03-15 20:07:14 +00:00			`const express = require('express');`
			`const router = express.Router();`
			`const db = require('../db');`
			`const requireRole = require('../middleware/requireRole');`

			`// Get all users (admin only)`
			`router.get('/', requireRole(['admin']), async (req, res) => {`
			`try {`
			`const users = await db.query('SELECT id, email, name, role FROM users ORDER BY created_at DESC');`
			`res.json({ users: users.rows });`
			`} catch (err) {`
			`console.error(err);`
			`res.status(500).json({ error: 'Internal server error' });`
			`}`
			`});`

			`// Suspend a user (admin only)`
			`router.put('/suspend/:userId', requireRole(['admin']), async (req, res) => {`
			`try {`
			`const { userId } = req.params;`

			`// Check if user exists`
			`const existingUser = await db.query('SELECT id FROM users WHERE id = $1', [userId]);`
			`if (existingUser.rows.length === 0) {`
			`return res.status(404).json({ error: 'User not found' });`
			`}`

			`// Suspend user`
			`await db.query('UPDATE users SET suspended = true WHERE id = $1', [userId]);`

			`// Log audit event`
			`const auditEvent = {`
			`actorUserId: req.user.userId,`
			`action: 'USER_SUSPEND',`
			`targetType: 'user',`
			`targetId: userId,`
			`reason: req.body.reason \|\| 'No reason provided',`
			`timestamp: new Date()`
			`};`

			`res.json({ message: 'User suspended successfully' });`
			`} catch (err) {`
			`console.error(err);`
			`res.status(500).json({ error: 'Internal server error' });`
			`}`
			`});`

			`// Unsuspend a user (admin only)`
			`router.put('/unsuspend/:userId', requireRole(['admin']), async (req, res) => {`
			`try {`
			`const { userId } = req.params;`

			`// Check if user exists`
			`const existingUser = await db.query('SELECT id FROM users WHERE id = $1', [userId]);`
			`if (existingUser.rows.length === 0) {`
			`return res.status(404).json({ error: 'User not found' });`
			`}`

			`// Unsuspend user`
			`await db.query('UPDATE users SET suspended = false WHERE id = $1', [userId]);`

			`// Log audit event`
			`const auditEvent = {`
			`actorUserId: req.user.userId,`
			`action: 'USER_UNSUSPEND',`
			`targetType: 'user',`
			`targetId: userId,`
			`reason: req.body.reason \|\| 'No reason provided',`
			`timestamp: new Date()`
			`};`

			`res.json({ message: 'User unsuspended successfully' });`
			`} catch (err) {`
			`console.error(err);`
			`res.status(500).json({ error: 'Internal server error' });`
			`}`
			`});`

			`module.exports = router;`