From 05fa7644ccbdcbb9ef50cb6bcbdca288b9379222 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=9D=D0=B8=D0=BA=20=28Claude=29?= <claude@zeroday.su>
Date: Sat, 13 Jun 2026 00:14:11 +0300
Subject: [PATCH] =?UTF-8?q?feat:=20user=20management=20=E2=80=94=20detail?=
 =?UTF-8?q?=20view,=20block/unblock,=20plan=20change?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

routes/admin.js: GET /users/:id (profile+channels+balance+transactions)
  PATCH /users/:id (is_blocked, plan_code, name)
  plan change: cancels active sub → creates new → credits reset
generate.js: check is_blocked before generation → 403 ACCOUNT_BLOCKED
DB: users.is_blocked BOOLEAN DEFAULT false
---
 src/routes/admin.js    | 59 ++++++++++++++++++++++++++++++++++++++++++
 src/routes/generate.js |  6 +++++
 2 files changed, 65 insertions(+)

diff --git a/src/routes/admin.js b/src/routes/admin.js
index 2d5d4f0..1ebd7b0 100644
--- a/src/routes/admin.js
+++ b/src/routes/admin.js
@@ -114,3 +114,62 @@ router.patch('/credit-costs/:operation', async (req, res) => {
 });
 
 module.exports = router;
+
+// GET /api/admin/users/:id — детальная информация о пользователе
+router.get('/users/:id', async (req, res) => {
+  if (!await requireAdmin(req, res)) return;
+  try {
+    const [user, channels, balance, txs, sub] = await Promise.all([
+      query(`SELECT id, email, name, is_admin, is_blocked, created_at FROM users WHERE id=$1`, [req.params.id]),
+      query(`SELECT id, name, platform, is_active, tg_username, created_at FROM channels WHERE user_id=$1 ORDER BY created_at DESC`, [req.params.id]),
+      query(`SELECT ub.credits, ub.reset_at, p.name as plan_name, p.code as plan_code, p.price_rub
+        FROM user_balance ub
+        LEFT JOIN user_subscriptions us ON us.user_id=ub.user_id AND us.status='active'
+        LEFT JOIN plans p ON p.id=us.plan_id
+        WHERE ub.user_id=$1`, [req.params.id]),
+      query(`SELECT * FROM user_transactions WHERE user_id=$1 ORDER BY created_at DESC LIMIT 20`, [req.params.id]),
+      query(`SELECT us.*, p.name as plan_name, p.code as plan_code FROM user_subscriptions us
+        JOIN plans p ON p.id=us.plan_id WHERE us.user_id=$1 AND us.status='active' LIMIT 1`, [req.params.id]),
+    ]);
+    if (!user.rows.length) return res.status(404).json({ error: 'User not found' });
+    res.json({
+      user: user.rows[0],
+      channels: channels.rows,
+      balance: balance.rows[0] || null,
+      transactions: txs.rows,
+      subscription: sub.rows[0] || null,
+    });
+  } catch (err) { res.status(500).json({ error: err.message }); }
+});
+
+// PATCH /api/admin/users/:id — обновить пользователя (block/unblock, план)
+router.patch('/users/:id', async (req, res) => {
+  if (!await requireAdmin(req, res)) return;
+  const { is_blocked, plan_code, name } = req.body;
+  try {
+    if (is_blocked !== undefined) {
+      await query('UPDATE users SET is_blocked=$1 WHERE id=$2', [is_blocked, req.params.id]);
+    }
+    if (name !== undefined) {
+      await query('UPDATE users SET name=$1 WHERE id=$2', [name, req.params.id]);
+    }
+    if (plan_code !== undefined) {
+      // Смена плана вручную
+      const { rows: [plan] } = await query('SELECT * FROM plans WHERE code=$1', [plan_code]);
+      if (!plan) return res.status(400).json({ error: `Plan ${plan_code} not found` });
+      await query("UPDATE user_subscriptions SET status='cancelled' WHERE user_id=$1 AND status='active'", [req.params.id]);
+      const expires = new Date(Date.now() + 32*24*60*60*1000);
+      await query(`INSERT INTO user_subscriptions (user_id, plan_id, status, expires_at)
+        VALUES ($1,$2,'active',$3)`, [req.params.id, plan.id, expires]);
+      // Начисляем кредиты по новому плану
+      if (plan.credits_month > 0) {
+        await query('UPDATE user_balance SET credits=$1, reset_at=$2 WHERE user_id=$3',
+          [plan.credits_month, expires, req.params.id]);
+        await query(`INSERT INTO user_transactions (user_id, type, amount, balance_after, description)
+          VALUES ($1,'plan_credit',$2,$2,$3)`,
+          [req.params.id, plan.credits_month, `Ручная смена плана на ${plan.name}`]);
+      }
+    }
+    res.json({ ok: true });
+  } catch (err) { res.status(500).json({ error: err.message }); }
+});
diff --git a/src/routes/generate.js b/src/routes/generate.js
index 9439761..0df3a44 100644
--- a/src/routes/generate.js
+++ b/src/routes/generate.js
@@ -19,6 +19,12 @@ router.post('/', async (req, res) => {
     if (type !== 'topics' && !topic) return res.status(400).json({ error: 'topic is required' });
     if (type === 'post' && !channelId) return res.status(400).json({ error: 'channelId is required for posts' });
 
+    // Проверяем не заблокирован ли пользователь
+    if (userId) {
+      const { rows: [u] } = await require('../config/db').query('SELECT is_blocked FROM users WHERE id=$1', [userId]);
+      if (u?.is_blocked) return res.status(403).json({ error: 'Аккаунт заблокирован', code: 'ACCOUNT_BLOCKED' });
+    }
+
     // Проверка и списание кредитов
     const billingOp = BILLING_OP[type];
     let billingResult = null;