From 5989680b1db7a4d5c39720e47be1a6d684ae8110 Mon Sep 17 00:00:00 2001
From: Stephanie Gredell <s.raide@gmail.com>
Date: Thu, 11 Dec 2025 00:55:25 -0800
Subject: [PATCH] fix ts errors

---
 .../src/controllers/settingsProfiles.controller.ts  |  7 ++++---
 backend/src/controllers/users.controller.ts         | 13 ++++++++++++-
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/backend/src/controllers/settingsProfiles.controller.ts b/backend/src/controllers/settingsProfiles.controller.ts
index ac04987..2c93dc5 100644
--- a/backend/src/controllers/settingsProfiles.controller.ts
+++ b/backend/src/controllers/settingsProfiles.controller.ts
@@ -55,8 +55,9 @@ export async function getAllProfiles(req: AuthRequest, res: Response) {
       }
       
       const profile = profilesMap.get(profileId)!;
-      if (row.setting_key) {
-        profile.settings[row.setting_key] = row.setting_value;
+      const settingKey = row.setting_key as string | null;
+      if (settingKey) {
+        profile.settings[settingKey] = row.setting_value as string;
       }
     }
 
@@ -231,7 +232,7 @@ export async function createProfile(req: AuthRequest, res: Response) {
       args: [magicCode, name.trim(), description?.trim() || null, req.userId]
     });
 
-    const profileId = profileResult.lastInsertRowid as number;
+    const profileId = Number(profileResult.lastInsertRowid);
 
     // Add settings
     await db.execute({
diff --git a/backend/src/controllers/users.controller.ts b/backend/src/controllers/users.controller.ts
index b34a826..d67c19d 100644
--- a/backend/src/controllers/users.controller.ts
+++ b/backend/src/controllers/users.controller.ts
@@ -94,9 +94,10 @@ export async function createUser(req: AuthRequest, res: Response) {
     });
 
     // Get created user
+    const newUserId = Number(result.lastInsertRowid);
     const newUser = await db.execute({
       sql: 'SELECT id, username, role, created_at FROM users WHERE id = ?',
-      args: [result.lastInsertRowid]
+      args: [newUserId]
     });
 
     res.status(201).json({
@@ -366,6 +367,16 @@ export async function changePassword(req: AuthRequest, res: Response) {
     }
 
     // Allow admin to change any password, or user to change their own
+    if (!req.userId) {
+      return res.status(401).json({
+        success: false,
+        error: {
+          code: 'UNAUTHORIZED',
+          message: 'Authentication required'
+        }
+      });
+    }
+
     if (userId !== req.userId) {
       // Check if requester is admin (this should already be checked by middleware, but double-check)
       const requester = await db.execute({