feat(api): Expose the update user API in the openapi specs

author: Mohamed Bassem <me@mbassem.com> 2025-07-12 23:37:52 +0000
committer: Mohamed Bassem <me@mbassem.com> 2025-07-12 23:37:52 +0000
commit: 1105b4a41b2a91a24a164c70264b294a80afe97b (patch)
tree: 8b6e695666a3449fa5ff374da16fdff5e7ce738d /packages/api
parent: ba7a87fe68e18dca53cb21ebd1ff0bab7e3ab414 (diff)
download: karakeep-1105b4a41b2a91a24a164c70264b294a80afe97b.tar.zst
3 files changed, 48 insertions, 0 deletions
diff --git a/packages/api/index.ts b/packages/api/index.ts
index 82beca53..39075548 100644
--- a/packages/api/index.ts
+++ b/packages/api/index.ts
@@ -6,6 +6,7 @@ import { poweredBy } from "hono/powered-by";
 import { Context } from "@karakeep/trpc";
 
 import trpcAdapter from "./middlewares/trpcAdapter";
+import admin from "./routes/admin";
 import assets from "./routes/assets";
 import bookmarks from "./routes/bookmarks";
 import health from "./routes/health";
@@ -58,6 +59,7 @@ const app = new Hono<{
   .route("/health", health)
   .route("/trpc", trpc)
   .route("/v1", v1)
+  .route("/admin", admin)
   .route("/assets", assets)
   .route("/public", publicRoute)
   .route("/metrics", metrics);
diff --git a/packages/api/middlewares/auth.ts b/packages/api/middlewares/auth.ts
index 42bca6c8..92f591ad 100644
--- a/packages/api/middlewares/auth.ts
+++ b/packages/api/middlewares/auth.ts
@@ -35,3 +35,25 @@ export const authMiddleware = createMiddleware<{
   c.set("api", createCaller(c.get("ctx")));
   await next();
 });
+
+export const adminAuthMiddleware = createMiddleware<{
+  Variables: {
+    ctx: AuthedContext;
+    api: ReturnType<typeof createCaller>;
+  };
+}>(async (c, next) => {
+  if (!c.var.ctx || !c.var.ctx.user || c.var.ctx.user === null) {
+    throw new HTTPException(401, {
+      message: "Unauthorized",
+    });
+  }
+
+  if (c.var.ctx.user.role !== "admin") {
+    throw new HTTPException(403, {
+      message: "Forbidden - Admin access required",
+    });
+  }
+
+  c.set("api", createCaller(c.get("ctx")));
+  await next();
+});
diff --git a/packages/api/routes/admin.ts b/packages/api/routes/admin.ts
new file mode 100644
index 00000000..4b5438d6
--- /dev/null
+++ b/packages/api/routes/admin.ts
@@ -0,0 +1,24 @@
+import { zValidator } from "@hono/zod-validator";
+import { Hono } from "hono";
+
+import { updateUserSchema } from "@karakeep/shared/types/admin";
+
+import { adminAuthMiddleware } from "../middlewares/auth";
+
+const app = new Hono()
+  .use(adminAuthMiddleware)
+
+  // PUT /admin/users/:userId
+  .put("/users/:userId", zValidator("json", updateUserSchema), async (c) => {
+    const userId = c.req.param("userId");
+    const body = c.req.valid("json");
+
+    // Ensure the userId from the URL matches the one in the body
+    const input = { ...body, userId };
+
+    await c.var.api.admin.updateUser(input);
+
+    return c.json({ success: true }, 200);
+  });
+
+export default app;
author	Mohamed Bassem <me@mbassem.com>	2025-07-12 23:37:52 +0000
committer	Mohamed Bassem <me@mbassem.com>	2025-07-12 23:37:52 +0000
commit	1105b4a41b2a91a24a164c70264b294a80afe97b (patch)
tree	8b6e695666a3449fa5ff374da16fdff5e7ce738d /packages/api
parent	ba7a87fe68e18dca53cb21ebd1ff0bab7e3ab414 (diff)
download	karakeep-1105b4a41b2a91a24a164c70264b294a80afe97b.tar.zst