릴리스: v0.1.13 관리자 탭과 가변 티어 행 추가

backend/src/routes/admin.js

@@ -1,6 +1,7 @@
 const path = require('path')
 const express = require('express')
 const multer = require('multer')
+const bcrypt = require('bcryptjs')
 const { z } = require('zod')
 const { nanoid } = require('nanoid')
 const {
@@ -14,6 +15,7 @@ const {
   listCustomItems,
   listUsers,
   adminUpdateUser,
+  adminUpdateUserPassword,
   adminDeleteUser,
 } = require('../db')
 const { requireAdmin } = require('../middleware/auth')
@@ -83,8 +85,20 @@ router.delete('/games/:gameId', requireAdmin, async (req, res) => {
 })
 
 router.get('/custom-items', requireAdmin, async (req, res) => {
-  const items = await listCustomItems()
-  res.json({ items })
+  const schema = z.object({
+    q: z.string().trim().max(120).optional().default(''),
+    page: z.coerce.number().int().min(1).optional().default(1),
+    limit: z.coerce.number().int().min(1).max(200).optional().default(50),
+  })
+  const parsed = schema.safeParse(req.query)
+  if (!parsed.success) return res.status(400).json({ error: 'bad_request' })
+
+  const result = await listCustomItems({
+    queryText: parsed.data.q,
+    page: parsed.data.page,
+    limit: parsed.data.limit,
+  })
+  res.json(result)
 })
 
 router.get('/users', requireAdmin, async (req, res) => {
@@ -136,4 +150,19 @@ router.delete('/users/:userId', requireAdmin, async (req, res) => {
   res.json({ ok: true })
 })
 
+router.patch('/users/:userId/password', requireAdmin, async (req, res) => {
+  const schema = z.object({
+    password: z.string().min(6).max(120),
+  })
+  const parsed = schema.safeParse(req.body)
+  if (!parsed.success) return res.status(400).json({ error: 'bad_request' })
+
+  const user = await findUserById(req.params.userId)
+  if (!user) return res.status(404).json({ error: 'not_found' })
+
+  const passwordHash = await bcrypt.hash(parsed.data.password, 10)
+  await adminUpdateUserPassword({ id: user.id, passwordHash })
+  res.json({ ok: true })
+})
+
 module.exports = router