From b5ba2e6a2ac1d0f5e8f6f63268bffcffa5ce56a7 Mon Sep 17 00:00:00 2001
From: Dikiy13371 <css81933@gmail.com>
Date: Wed, 8 Oct 2025 00:03:18 +0300
Subject: [PATCH] add new user_admin.go

---
 web/service/user_admin.go | 97 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 97 insertions(+)
 create mode 100644 web/service/user_admin.go

diff --git a/web/service/user_admin.go b/web/service/user_admin.go
new file mode 100644
index 00000000..ec956d2f
--- /dev/null
+++ b/web/service/user_admin.go
@@ -0,0 +1,97 @@
+package service
+
+import (
+	"errors"
+
+	"github.com/mhsanaei/3x-ui/v2/database"
+	"github.com/mhsanaei/3x-ui/v2/database/model"
+	"golang.org/x/crypto/bcrypt"
+	"gorm.io/gorm"
+)
+
+type UserAdminService struct {
+	DB *gorm.DB
+}
+
+func NewUserAdminService() *UserAdminService {
+	return &UserAdminService{DB: database.GetDB()}
+}
+
+type UserDTO struct {
+	Id       int    `json:"id"`
+	Username string `json:"username"`
+	Role     string `json:"role"`
+}
+
+func toDTO(u *model.User) UserDTO {
+	return UserDTO{Id: u.Id, Username: u.Username, Role: u.Role}
+}
+
+func (s *UserAdminService) ListUsers() ([]UserDTO, error) {
+	var users []model.User
+	if err := s.DB.Order("id ASC").Find(&users).Error; err != nil {
+		return nil, err
+	}
+	out := make([]UserDTO, 0, len(users))
+	for i := range users {
+		out = append(out, toDTO(&users[i]))
+	}
+	return out, nil
+}
+
+func (s *UserAdminService) CreateUser(username, rawPassword, role string) (UserDTO, error) {
+	if username == "" || rawPassword == "" {
+		return UserDTO{}, errors.New("username and password required")
+	}
+	if role == "" {
+		role = "reader"
+	}
+	hash, err := bcrypt.GenerateFromPassword([]byte(rawPassword), 12)
+	if err != nil {
+		return UserDTO{}, err
+	}
+	u := &model.User{
+		Username:     username,
+		PasswordHash: string(hash),
+		Role:         role,
+	}
+	if err := s.DB.Create(u).Error; err != nil {
+		return UserDTO{}, err
+	}
+	return toDTO(u), nil
+}
+
+func (s *UserAdminService) UpdateUserRole(id int, newRole string) (UserDTO, error) {
+	var u model.User
+	if err := s.DB.First(&u, id).Error; err != nil {
+		return UserDTO{}, err
+	}
+	if newRole == "" {
+		return UserDTO{}, errors.New("role required")
+	}
+	u.Role = newRole
+	if err := s.DB.Save(&u).Error; err != nil {
+		return UserDTO{}, err
+	}
+	return toDTO(&u), nil
+}
+
+func (s *UserAdminService) ResetPassword(id int, newPassword string) error {
+	if newPassword == "" {
+		return errors.New("password required")
+	}
+	var u model.User
+	if err := s.DB.First(&u, id).Error; err != nil {
+		return err
+	}
+	hash, err := bcrypt.GenerateFromPassword([]byte(newPassword), 12)
+	if err != nil {
+		return err
+	}
+	u.PasswordHash = string(hash)
+	return s.DB.Save(&u).Error
+}
+
+func (s *UserAdminService) DeleteUser(id int) error {
+	return s.DB.Delete(&model.User{}, id).Error
+}