Created Turnpike, event attendee and volunteer management

Built after prototype, Traverse, an attendee and volunteer list maintainer.
2026-03-03 11:27:07 -06:00 · 2026-03-03 11:27:07 -06:00 · 5d56ba8112
commit 5d56ba8112
59 changed files with 8663 additions and 0 deletions
--- a/handle_users.go
+++ b/handle_users.go
@ -0,0 +1,105 @@
+package main
+
+import (
+	"encoding/json"
+	"net/http"
+	"strconv"
+)
+
+func (app *App) handleListUsers(w http.ResponseWriter, r *http.Request) {
+	users, err := app.listUsers()
+	if err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	writeJSON(w, users)
+}
+
+func (app *App) handleCreateUser(w http.ResponseWriter, r *http.Request) {
+	var body struct {
+		Username      string `json:"username"`
+		Password      string `json:"password"`
+		Role          string `json:"role"`
+		DepartmentIDs []int  `json:"department_ids"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+		writeError(w, "invalid request", http.StatusBadRequest)
+		return
+	}
+	if body.Username == "" || body.Password == "" || body.Role == "" {
+		writeError(w, "username, password, and role are required", http.StatusBadRequest)
+		return
+	}
+	hash, err := hashPassword(body.Password)
+	if err != nil {
+		writeError(w, "hash error", http.StatusInternalServerError)
+		return
+	}
+	if body.DepartmentIDs == nil {
+		body.DepartmentIDs = []int{}
+	}
+	user, err := app.createUser(body.Username, hash, body.Role, body.DepartmentIDs)
+	if err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	w.WriteHeader(http.StatusCreated)
+	writeJSON(w, user)
+}
+
+func (app *App) handleUpdateUser(w http.ResponseWriter, r *http.Request) {
+	id, err := strconv.Atoi(r.PathValue("id"))
+	if err != nil {
+		writeError(w, "invalid id", http.StatusBadRequest)
+		return
+	}
+	var body struct {
+		Role          string `json:"role"`
+		Password      string `json:"password"`
+		DepartmentIDs []int  `json:"department_ids"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+		writeError(w, "invalid request", http.StatusBadRequest)
+		return
+	}
+	if body.DepartmentIDs == nil {
+		body.DepartmentIDs = []int{}
+	}
+	if body.Role != "" {
+		if err := app.updateUser(id, body.Role, body.DepartmentIDs); err != nil {
+			writeError(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+	}
+	if body.Password != "" {
+		hash, err := hashPassword(body.Password)
+		if err != nil {
+			writeError(w, "hash error", http.StatusInternalServerError)
+			return
+		}
+		if err := app.updateUserPassword(id, hash); err != nil {
+			writeError(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+	}
+	user, _ := app.getUserByID(id)
+	writeJSON(w, user)
+}
+
+func (app *App) handleDeleteUser(w http.ResponseWriter, r *http.Request) {
+	id, err := strconv.Atoi(r.PathValue("id"))
+	if err != nil {
+		writeError(w, "invalid id", http.StatusBadRequest)
+		return
+	}
+	claims := claimsFromContext(r)
+	if claims.UserID == id {
+		writeError(w, "cannot delete yourself", http.StatusBadRequest)
+		return
+	}
+	if err := app.deleteUser(id); err != nil {
+		writeError(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	w.WriteHeader(http.StatusNoContent)
+}