TO REMOVE: add get user psw for debug purposes

tollsimy · tollsimy · commit 775d896db185 · 2025-06-17T10:28:48.000+02:00
diff --git a/src/dao/user.go b/src/dao/user.go
@@ -291,3 +291,21 @@ func (d *UserDao) GetUserByOTP(c context.Context, otpCode string) (*api.UserResp
 	}
 	return &user, nil
 }
+
+func (d *UserDao) GetPasswordByUsername(c context.Context, username string) (string, error) {
+	query := "SELECT password FROM users WHERE username = $1"
+	rows, err := d.db.Query(c, query, username)
+	if err != nil {
+		return "", fmt.Errorf("db error: %w", err)
+	}
+	defer rows.Close()
+
+	if rows.Next() {
+		var password string
+		if err := rows.Scan(&password); err != nil {
+			return "", fmt.Errorf("failed to scan password: %w", err)
+		}
+		return password, nil
+	}
+	return "", ErrUserNotFound
+}
diff --git a/src/handlers/user.go b/src/handlers/user.go
@@ -202,3 +202,26 @@ func (uh *UserHandlers) DeleteUserByUsername(c *gin.Context, username string) {
 
 	c.JSON(http.StatusOK, gin.H{"message": "user deleted successfully"})
 }
+
+func (uh *UserHandlers) GetUserPassword(c *gin.Context, username string) {
+	_, role, err := auth.GetPermissions(c)
+	if err != nil {
+		return
+	}
+	if role != "superuser" && role != "admin" {
+		c.JSON(http.StatusForbidden, gin.H{"error": "forbidden"})
+		return
+	}
+
+	password, err := uh.dao.GetPasswordByUsername(c.Request.Context(), username)
+	if err != nil {
+		if errors.Is(err, dao.ErrUserNotFound) {
+			c.JSON(http.StatusNotFound, gin.H{"error": "user not found"})
+			return
+		}
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to retrieve password"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"password": password})
+}
