mikicvi
91 lines
2.7 KiB
TypeScript
91 lines
2.7 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server';
|
|
import { db } from '@/lib/db';
|
|
import { users } from '@/lib/db/schema';
|
|
import { eq } from 'drizzle-orm';
|
|
import { getSession } from '@/lib/session';
|
|
import bcrypt from 'bcryptjs';
|
|
|
|
export async function PUT(request: NextRequest, { params }: { params: { id: string } }) {
|
|
try {
|
|
const session = await getSession();
|
|
if (!session || session.role !== 'admin') {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
|
|
}
|
|
|
|
const { name, surname, email, role, password } = await request.json();
|
|
const userId = params.id;
|
|
|
|
if (!name || !surname || !email) {
|
|
return NextResponse.json({ error: 'Missing required fields' }, { status: 400 });
|
|
}
|
|
|
|
// Check if user exists
|
|
const existingUser = await db.select().from(users).where(eq(users.id, userId)).limit(1);
|
|
|
|
if (existingUser.length === 0) {
|
|
return NextResponse.json({ error: 'User not found' }, { status: 404 });
|
|
}
|
|
|
|
// Prepare update data
|
|
const updateData: any = {
|
|
name,
|
|
surname,
|
|
email,
|
|
role: role || 'user',
|
|
updatedAt: new Date(),
|
|
};
|
|
|
|
// Only hash and update password if provided
|
|
if (password) {
|
|
updateData.password = await bcrypt.hash(password, 12);
|
|
}
|
|
|
|
// Update user
|
|
const [updatedUser] = await db.update(users).set(updateData).where(eq(users.id, userId)).returning({
|
|
id: users.id,
|
|
name: users.name,
|
|
surname: users.surname,
|
|
email: users.email,
|
|
role: users.role,
|
|
createdAt: users.createdAt,
|
|
updatedAt: users.updatedAt,
|
|
});
|
|
|
|
return NextResponse.json({ user: updatedUser, message: 'User updated successfully' });
|
|
} catch (error) {
|
|
console.error('Error updating user:', error);
|
|
return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
|
|
}
|
|
}
|
|
|
|
export async function DELETE(request: NextRequest, { params }: { params: { id: string } }) {
|
|
try {
|
|
const session = await getSession();
|
|
if (!session || session.role !== 'admin') {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
|
|
}
|
|
|
|
const userId = params.id;
|
|
|
|
// Prevent admin from deleting themselves
|
|
if (session.userId === userId) {
|
|
return NextResponse.json({ error: 'Cannot delete your own account' }, { status: 400 });
|
|
}
|
|
|
|
// Check if user exists
|
|
const existingUser = await db.select().from(users).where(eq(users.id, userId)).limit(1);
|
|
|
|
if (existingUser.length === 0) {
|
|
return NextResponse.json({ error: 'User not found' }, { status: 404 });
|
|
}
|
|
|
|
// Delete user
|
|
await db.delete(users).where(eq(users.id, userId));
|
|
|
|
return NextResponse.json({ message: 'User deleted successfully' });
|
|
} catch (error) {
|
|
console.error('Error deleting user:', error);
|
|
return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
|
|
}
|
|
}
|