import { NextRequest, NextResponse } from 'next/server';
import { requireAdmin } from '@/lib/auth';
import { db } from '@/lib/db';
export async function GET(request: NextRequest) {
try {
await requireAdmin();
const users = await db.getAllUsers();
// Remove sensitive data
const sanitizedUsers = users.map((user) => ({
id: user.id,
username: user.username,
email: user.email,
first_name: user.first_name,
last_name: user.last_name,
dob: user.dob,
gender: user.gender,
expertise_level: user.expertise_level,
role: user.role,
is_active: user.is_active,
email_verified: user.email_verified,
google_id: user.google_id ? 'Linked' : null,
created_at: user.created_at,
}));
return NextResponse.json({
success: true,
users: sanitizedUsers,
});
} catch (error: any) {
console.error('Error fetching users:', error);
if (error.message === 'Unauthorized') {
return NextResponse.json(
{ success: false, error: 'Unauthorized' },
{ status: 401 }
);
}
if (error.message === 'Forbidden') {
return NextResponse.json(
{ success: false, error: 'Forbidden' },
{ status: 403 }
);
}
return NextResponse.json(
{ success: false, error: error.message },
{ status: 500 }
);
}
}
export async function PATCH(request: NextRequest) {
try {
await requireAdmin();
const body = await request.json();
const { userId, action, value } = body;
if (!userId || !action) {
return NextResponse.json(
{ success: false, error: 'Missing required fields' },
{ status: 400 }
);
}
switch (action) {
case 'toggle_active':
await db.toggleUserActive(userId, value);
break;
case 'update_role':
await db.updateUserRole(userId, value);
break;
default:
return NextResponse.json(
{ success: false, error: 'Invalid action' },
{ status: 400 }
);
}
return NextResponse.json({
success: true,
message: 'User updated successfully',
});
} catch (error: any) {
console.error('Error updating user:', error);
if (error.message === 'Unauthorized') {
return NextResponse.json(
{ success: false, error: 'Unauthorized' },
{ status: 401 }
);
}
if (error.message === 'Forbidden') {
return NextResponse.json(
{ success: false, error: 'Forbidden' },
{ status: 403 }
);
}
return NextResponse.json(
{ success: false, error: error.message },
{ status: 500 }
);
}
}
export async function DELETE(request: NextRequest) {
try {
const user = await requireAdmin();
const { searchParams } = new URL(request.url);
const userId = searchParams.get('userId');
if (!userId) {
return NextResponse.json(
{ success: false, error: 'User ID is required' },
{ status: 400 }
);
}
// Prevent self-deletion
if (user.id.toString() === userId) {
return NextResponse.json(
{ success: false, error: 'Cannot delete your own account' },
{ status: 400 }
);
}
await db.deleteUser(parseInt(userId));
return NextResponse.json({
success: true,
message: 'User deleted successfully',
});
} catch (error: any) {
console.error('Error deleting user:', error);
if (error.message === 'Unauthorized') {
return NextResponse.json(
{ success: false, error: 'Unauthorized' },
{ status: 401 }
);
}
if (error.message === 'Forbidden') {
return NextResponse.json(
{ success: false, error: 'Forbidden' },
{ status: 403 }
);
}
return NextResponse.json(
{ success: false, error: error.message },
{ status: 500 }
);
}
}
