feat: security and auditing

api/src/app/services/user.service.ts

@@ -0,0 +1,91 @@
+/**
+ * @copyright 2026 NHCarrigan
+ * @license Naomi's Public License
+ * @author Naomi Carrigan
+ */
+
+import { User } from "@library/shared-types";
+import { prisma } from "../lib/prisma";
+
+export class UserService {
+  private prisma = prisma;
+
+  async getAllUsers(): Promise<User[]> {
+    const users = await this.prisma.user.findMany({
+      orderBy: { username: "asc" },
+    });
+
+    return users.map((user) => ({
+      id: user.id,
+      discordId: user.discordId,
+      username: user.username,
+      email: user.email,
+      avatarUrl: user.avatar || undefined,
+      isAdmin: user.isAdmin,
+      isBanned: user.isBanned,
+    }));
+  }
+
+  async getUserById(id: string): Promise<User | null> {
+    const user = await this.prisma.user.findUnique({
+      where: { id },
+    });
+
+    if (!user) {
+      return null;
+    }
+
+    return {
+      id: user.id,
+      discordId: user.discordId,
+      username: user.username,
+      email: user.email,
+      avatarUrl: user.avatar || undefined,
+      isAdmin: user.isAdmin,
+      isBanned: user.isBanned,
+    };
+  }
+
+  async banUser(id: string): Promise<User | null> {
+    const user = await this.prisma.user.update({
+      where: { id },
+      data: { isBanned: true },
+    });
+
+    return {
+      id: user.id,
+      discordId: user.discordId,
+      username: user.username,
+      email: user.email,
+      avatarUrl: user.avatar || undefined,
+      isAdmin: user.isAdmin,
+      isBanned: user.isBanned,
+    };
+  }
+
+  async unbanUser(id: string): Promise<User | null> {
+    const user = await this.prisma.user.update({
+      where: { id },
+      data: { isBanned: false },
+    });
+
+    return {
+      id: user.id,
+      discordId: user.discordId,
+      username: user.username,
+      email: user.email,
+      avatarUrl: user.avatar || undefined,
+      isAdmin: user.isAdmin,
+      isBanned: user.isBanned,
+    };
+  }
+
+  async isUserBanned(id: string): Promise<boolean> {
+    const user = await this.prisma.user.findUnique({
+      where: { id },
+      select: { isBanned: true },
+    });
+
+    return user?.isBanned ?? false;
+  }
+}