mikicv/tt-booking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
22c462c61c4a5fd1d8ee2f50665008cc982001c2
tt-booking/app/api/admin/users/[id]/route.ts
T
mikicvi c8062cf96b initial version of the app
2025-09-21 17:11:02 +01:00

91 lines
2.7 KiB
TypeScript
Raw Blame History

import { NextRequest, NextResponse } from 'next/server';
import { db } from '@/lib/db';
import { users } from '@/lib/db/schema';
import { eq } from 'drizzle-orm';
import { getSession } from '@/lib/session';
import bcrypt from 'bcryptjs';
export async function PUT(request: NextRequest, { params }: { params: { id: string } }) {
try {
const session = await getSession();
if (!session || session.role !== 'admin') {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const { name, surname, email, role, password } = await request.json();
const userId = params.id;
if (!name || !surname || !email) {
return NextResponse.json({ error: 'Missing required fields' }, { status: 400 });
}
// Check if user exists
const existingUser = await db.select().from(users).where(eq(users.id, userId)).limit(1);
if (existingUser.length === 0) {
return NextResponse.json({ error: 'User not found' }, { status: 404 });
}
// Prepare update data
const updateData: any = {
name,
surname,
email,
role: role || 'user',
updatedAt: new Date(),
};
// Only hash and update password if provided
if (password) {
updateData.password = await bcrypt.hash(password, 12);
}
// Update user
const [updatedUser] = await db.update(users).set(updateData).where(eq(users.id, userId)).returning({
id: users.id,
name: users.name,
surname: users.surname,
email: users.email,
role: users.role,
createdAt: users.createdAt,
updatedAt: users.updatedAt,
});
return NextResponse.json({ user: updatedUser, message: 'User updated successfully' });
} catch (error) {
console.error('Error updating user:', error);
return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
}
}
export async function DELETE(request: NextRequest, { params }: { params: { id: string } }) {
try {
const session = await getSession();
if (!session || session.role !== 'admin') {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const userId = params.id;
// Prevent admin from deleting themselves
if (session.userId === userId) {
return NextResponse.json({ error: 'Cannot delete your own account' }, { status: 400 });
}
// Check if user exists
const existingUser = await db.select().from(users).where(eq(users.id, userId)).limit(1);
if (existingUser.length === 0) {
return NextResponse.json({ error: 'User not found' }, { status: 404 });
}
// Delete user
await db.delete(users).where(eq(users.id, userId));
return NextResponse.json({ message: 'User deleted successfully' });
} catch (error) {
console.error('Error deleting user:', error);
return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
}
}
Reference in New Issue View Git Blame Copy Permalink