import { withMethods } from "@lib/api-middleware/with-methods" import { parseQueryParam } from "@lib/server/parse-query-param" import { NextApiRequest, NextApiResponse } from "next" import { prisma } from "lib/server/prisma" import { getSession } from "next-auth/react" const actions = [ "user", "post", "users", "posts", "set-role", "delete-user", "delete-post" ] as const const handler = async (req: NextApiRequest, res: NextApiResponse) => { const { action: requestedAction } = req.query const action = parseQueryParam(requestedAction) as typeof actions[number] if (!action || !actions.includes(action)) { res.status(400).json({ error: "Invalid action" }) return } const session = await getSession({ req }) const id = session?.user?.id const isAdmin = await prisma.user .findUnique({ where: { id }, select: { role: true } }) .then((user) => user?.role === "admin") if (!isAdmin) { return res.status(403).json({ error: "Not authorized" }) } switch (req.method) { case "GET": switch (action) { case "users": const users = await prisma.user.findMany() return res.status(200).json(users) case "posts": const posts = await prisma.post.findMany() return res.status(200).json(posts) case "user": const { id: userId } = req.query const user = await prisma.user.findUnique({ where: { id: parseQueryParam(userId) } }) return res.status(200).json(user) case "post": const { id: postId } = req.query const post = await prisma.post.findUnique({ where: { id: parseQueryParam(postId) } }) return res.status(200).json(post) } break case "PATCH": switch (action) { case "set-role": const { userId, role } = req.body if (!userId || !role || role !== "admin" || role !== "user") { return res.status(400).json({ error: "Invalid request" }) } const user = await prisma.user.update({ where: { id: userId }, data: { role: role } }) return res.status(200).json(user) } break case "DELETE": switch (action) { case "delete-user": const { userId } = req.body if (!userId) { return res.status(400).json({ error: "Invalid request" }) } const user = await prisma.user.delete({ where: { id: userId } }) return res.status(200).json(user) case "delete-post": const { postId } = req.body if (!postId) { return res.status(400).json({ error: "Invalid request" }) } const post = await prisma.post.delete({ where: { id: postId } }) return res.status(200).json(post) } break } } export default withMethods(["GET", "PATCH", "DELETE"], handler)