CoastalCommitsPastes/client/pages/api/admin/index.ts

// ts nextjs api handler

import { withMethods } from "@lib/api-middleware/with-methods"
import { parseQueryParam } from "@lib/server/parse-query-param"
import { NextApiRequest, NextApiResponse } from "next"
import { prisma } from "lib/server/prisma"
import { getSession } from "next-auth/react"

const actions = [
	"user",
	"post",
	"users",
	"posts",
	"set-role",
	"delete-user",
	"delete-post"
] as const

const handler = async (req: NextApiRequest, res: NextApiResponse) => {
	const { action: requestedAction } = req.query
	const action = parseQueryParam(requestedAction) as typeof actions[number]

	if (!action || !actions.includes(action)) {
		res.status(400).json({ error: "Invalid action" })
		return
	}

	const session = await getSession({ req })
	const id = session?.user?.id

	const isAdmin = await prisma.user
		.findUnique({
			where: {
				id
			},
			select: {
				role: true
			}
		})
		.then((user) => user?.role === "admin")

	if (!isAdmin) {
		return res.status(403).json({ error: "Not authorized" })
	}

	switch (req.method) {
		case "GET":
			switch (action) {
				case "users":
					const users = await prisma.user.findMany()
					return res.status(200).json(users)
				case "posts":
					const posts = await prisma.post.findMany()
					return res.status(200).json(posts)
				case "user":
					const { id: userId } = req.query
					const user = await prisma.user.findUnique({
						where: {
							id: parseQueryParam(userId)
						}
					})
					return res.status(200).json(user)
				case "post":
					const { id: postId } = req.query
					const post = await prisma.post.findUnique({
						where: {
							id: parseQueryParam(postId)
						}
					})
					return res.status(200).json(post)
			}
			break
		case "PATCH":
			switch (action) {
				case "set-role":
					const { userId, role } = req.body
					if (!userId || !role || role !== "admin" || role !== "user") {
						return res.status(400).json({ error: "Invalid request" })
					}

					const user = await prisma.user.update({
						where: { id: userId },
						data: {
							role: role
						}
					})

					return res.status(200).json(user)
			}
			break
		case "DELETE":
			switch (action) {
				case "delete-user":
					const { userId } = req.body
					if (!userId) {
						return res.status(400).json({ error: "Invalid request" })
					}

					const user = await prisma.user.delete({
						where: { id: userId }
					})

					return res.status(200).json(user)
				case "delete-post":
					const { postId } = req.body
					if (!postId) {
						return res.status(400).json({ error: "Invalid request" })
					}

					const post = await prisma.post.delete({
						where: { id: postId }
					})

					return res.status(200).json(post)
			}
			break
	}
}

export default withMethods(["GET", "PATCH", "DELETE"], handler)
fix raw file viewing, rm password from settings, add admin api 2022-11-14 02:28:51 -05:00			`// ts nextjs api handler`

			`import { withMethods } from "@lib/api-middleware/with-methods"`
			`import { parseQueryParam } from "@lib/server/parse-query-param"`
			`import { NextApiRequest, NextApiResponse } from "next"`
			`import { prisma } from "lib/server/prisma"`
			`import { getSession } from "next-auth/react"`

			`const actions = [`
			`"user",`
			`"post",`
			`"users",`
			`"posts",`
			`"set-role",`
			`"delete-user",`
			`"delete-post"`
			`] as const`

			`const handler = async (req: NextApiRequest, res: NextApiResponse) => {`
			`const { action: requestedAction } = req.query`
			`const action = parseQueryParam(requestedAction) as typeof actions[number]`

			`if (!action \|\| !actions.includes(action)) {`
			`res.status(400).json({ error: "Invalid action" })`
			`return`
			`}`

			`const session = await getSession({ req })`
			`const id = session?.user?.id`

			`const isAdmin = await prisma.user`
			`.findUnique({`
			`where: {`
			`id`
			`},`
			`select: {`
			`role: true`
			`}`
			`})`
			`.then((user) => user?.role === "admin")`

			`if (!isAdmin) {`
			`return res.status(403).json({ error: "Not authorized" })`
			`}`

			`switch (req.method) {`
			`case "GET":`
			`switch (action) {`
			`case "users":`
			`const users = await prisma.user.findMany()`
			`return res.status(200).json(users)`
			`case "posts":`
			`const posts = await prisma.post.findMany()`
			`return res.status(200).json(posts)`
			`case "user":`
			`const { id: userId } = req.query`
			`const user = await prisma.user.findUnique({`
			`where: {`
			`id: parseQueryParam(userId)`
			`}`
			`})`
			`return res.status(200).json(user)`
			`case "post":`
			`const { id: postId } = req.query`
			`const post = await prisma.post.findUnique({`
			`where: {`
			`id: parseQueryParam(postId)`
			`}`
			`})`
			`return res.status(200).json(post)`
			`}`
			`break`
			`case "PATCH":`
			`switch (action) {`
			`case "set-role":`
			`const { userId, role } = req.body`
			`if (!userId \|\| !role \|\| role !== "admin" \|\| role !== "user") {`
			`return res.status(400).json({ error: "Invalid request" })`
			`}`

			`const user = await prisma.user.update({`
			`where: { id: userId },`
			`data: {`
			`role: role`
			`}`
			`})`

			`return res.status(200).json(user)`
			`}`
			`break`
			`case "DELETE":`
			`switch (action) {`
			`case "delete-user":`
			`const { userId } = req.body`
			`if (!userId) {`
			`return res.status(400).json({ error: "Invalid request" })`
			`}`

			`const user = await prisma.user.delete({`
			`where: { id: userId }`
			`})`

			`return res.status(200).json(user)`
			`case "delete-post":`
			`const { postId } = req.body`
			`if (!postId) {`
			`return res.status(400).json({ error: "Invalid request" })`
			`}`

			`const post = await prisma.post.delete({`
			`where: { id: postId }`
			`})`

			`return res.status(200).json(post)`
			`}`
			`break`
			`}`
			`}`

			`export default withMethods(["GET", "PATCH", "DELETE"], handler)`