import express from "express"; import { protectStaff } from "../middleware/staffAuthMiddleware.js"; import BlockedUser from "../models/BlockedUser.model.js"; const router = express.Router(); /** * Get all blocked users * @route GET /api/blocked-users * @access Private (Staff only) */ router.get("/", protectStaff, async (req, res) => { try { const blockedUsers = await BlockedUser.find() .sort({ blockedAt: -1 }); res.json(blockedUsers); } catch (error) { console.error("Error fetching blocked users:", error); res.status(500).json({ error: "Failed to fetch blocked users" }); } }); /** * Block a user * @route POST /api/blocked-users * @access Private (Staff only) */ router.post("/", protectStaff, async (req, res) => { try { const { telegramUserId, reason } = req.body; if (!telegramUserId) { return res.status(400).json({ error: "Telegram user ID is required" }); } const existingBlock = await BlockedUser.findOne({ telegramUserId }); if (existingBlock) { return res.status(400).json({ error: "User is already blocked" }); } const blockedUser = await BlockedUser.create({ telegramUserId, reason, blockedBy: req.user._id }); res.status(201).json(blockedUser); } catch (error) { console.error("Error blocking user:", error); res.status(500).json({ error: "Failed to block user" }); } }); /** * Unblock a user * @route DELETE /api/blocked-users/:telegramUserId * @access Private (Staff only) */ router.delete("/:telegramUserId", protectStaff, async (req, res) => { try { const { telegramUserId } = req.params; const result = await BlockedUser.findOneAndDelete({ telegramUserId }); if (!result) { return res.status(404).json({ error: "User is not blocked" }); } res.json({ message: "User unblocked successfully" }); } catch (error) { console.error("Error unblocking user:", error); res.status(500).json({ error: "Failed to unblock user" }); } }); export default router;