From bc4beb825a8d484f4ef0ad22a69824c00e9e6a87 Mon Sep 17 00:00:00 2001
From: MrEisbear <eisbear@albioncloud.de>
Date: Thu, 24 Jul 2025 19:35:10 -0500
Subject: [PATCH] Adds endpoints for setting user jobs and adding money.

---
 interbend/routes/admin_routes.py | 43 ++++++++++++++++++++++++++++----
 1 file changed, 38 insertions(+), 5 deletions(-)

diff --git a/interbend/routes/admin_routes.py b/interbend/routes/admin_routes.py
index 0af3b69..b772692 100644
--- a/interbend/routes/admin_routes.py
+++ b/interbend/routes/admin_routes.py
@@ -1,7 +1,9 @@
+import mysql.connector
 from flask import Blueprint
 from interbend.db import db, get_user
 from interbend.auth import *
 import hmac
+import decimal
 from werkzeug.security import generate_password_hash
 
 admin_bp = Blueprint('admin_bp', __name__)
@@ -13,13 +15,13 @@ def _keychecker(key):
     return True
 
 
-@admin_bp.route('/salary', methods=['POST'])
-def set_salary():
+@admin_bp.route('/set-job', methods=['POST'])
+def set_job():
     data = request.get_json()
     bid = data.get('bid')
-    salary_class = data.get('class')
+    job_id = data.get('job')
     key = data.get('key')
-    if not bid or not salary_class or not key:
+    if not bid or not job_id or not key:
         return jsonify({"error": "BID, salary class, and key are required"}), 400
     if not _keychecker(key):
         return jsonify({"error":"Admin Key required"}), 403
@@ -27,10 +29,41 @@ def set_salary():
     if not user:
         return jsonify({"error": "User not found"}), 404
     with db.cursor(dictionary=True) as cur:
-        cur.execute("UPDATE users SET salary_class = %s WHERE bid = %s", (salary_class, bid))
+        cur.execute("UPDATE user_jobs SET job_id = %s WHERE bid = %s", (job_id, bid))
     db.commit()
     return jsonify({"message": "Salary class updated successfully"}), 200
 
+@admin_bp.route('/add-money', methods=['POST', 'PATCH'])
+def add_money():
+    data = request.get_json()
+    if not data:
+        return jsonify({"error": "No data provided"}), 400
+    bid = data.get('bid')
+    amount = data.get('amount')
+    key = data.get('key')
+    if not bid or not money or not key:
+        return jsonify({"error": "BID, Amount and AdminKey are required"}), 400
+    if not _keychecker(key):
+        return jsonify({"error":"Admin Key required"}), 403
+    try:
+        amount_dec = decimal.Decimal(amount)
+    except (ValueError, decimal.InvalidOperation):
+        return jsonify({"error": "Invalid amount"}), 400
+    user = get_user(bid)
+    if not user:
+        return jsonify({"error": "User not found"}), 404
+    balance = user["balance"]
+    new_balance = balance + amount_dec
+    try:
+        with db.cursor(dictionary=True) as cur:
+            cur.execute("UPDATE users SET balance = %s WHERE bid = %s", (new_balance, bid))
+        db.commit()
+        return jsonify({"message": "Money successfully updated!"}), 200
+    except mysql.connector.Error as err:
+        db.rollback()
+        current_app.logger.error(f"Database error in add_money: {err}")
+        return jsonify({"error":"A database error occurred, please try again later."}), 500
+
 @admin_bp.route('/change-password', methods=['POST', 'PATCH'])
 def change_password():
     data = request.get_json()