From 5585fb255714d290cb628efa133c73df7a8ff1aa Mon Sep 17 00:00:00 2001
From: Joseph Nelson <joseph.nelson4456@gmail.com>
Date: Wed, 10 Jun 2026 23:30:43 -0700
Subject: [PATCH] fixing issues needed for hashing

---
 src/routes/users/index.js | 26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/src/routes/users/index.js b/src/routes/users/index.js
index 46f4825..dd962b5 100644
--- a/src/routes/users/index.js
+++ b/src/routes/users/index.js
@@ -1,4 +1,5 @@
 import express from 'express'
+import bcrypt from 'bcryptjs'
 import { pool } from '../../config/index.js'
 
 const router = express.Router()
@@ -20,14 +21,16 @@ router.get('/', async (req, res) => {
  * @param {string} role_name - The name of the role to assign to the user
  */
 router.post('/', async (req, res) => {
-	const { name, email, password, role_name } = req.body
+	const { username, email, password, role_name } = req.body
 
-	const client = await pool.connect()
+	if (!password) {
+		return res.status(400).send('Password is required')
+	}
 	try {
-		await client.query('BEGIN')
-
+		// Hash the password using bcrypt
+		const hashedPassword = await bcrypt.hash(password, 10)
 		// Query for the UUID of the role by name
-		const roleResult = await client.query(
+		const roleResult = await pool.query(
 			'SELECT id FROM roles WHERE name = $1',
 			[role_name]
 		)
@@ -37,20 +40,15 @@ router.post('/', async (req, res) => {
 		const roleId = roleResult.rows[0].id
 
 		// Insert the new user into the database
-		const result = await client.query(
-			'INSERT INTO users (name, email, password, role_id, created_at, updated_at) VALUES ($1, $2, $3, $4, NOW(), NOW()) RETURNING *',
-			[name, email, password, roleId]
+		const result = await pool.query(
+			'INSERT INTO users (username, email, password, role_id, created_at, updated_at) VALUES ($1, $2, $3, $4, NOW(), NOW()) RETURNING *',
+			[username, email, hashedPassword, roleId]
 		)
 
 		// Return the newly created user
 		res.status(201).json(result.rows[0])
-
-		await client.query('COMMIT')
 	} catch (err) {
-		await client.query('ROLLBACK')
 		res.status(500).send(err)
-	} finally {
-		client.release()
 	}
 })
 
@@ -95,7 +93,7 @@ router.put('/:id', async (req, res) => {
 
 		if (password) {
 			queryText += ', password = $3'
-			values.push(password)
+			values.push(await bcrypt.hash(password, 10))
 		}
 
 		if (roleId !== null) {
-- 
2.52.0