import { User } from '@prisma/client'; import { cookies } from 'next/headers'; import { prisma } from '@/lib/db'; import jwt from 'jsonwebtoken'; export interface AdminUser { id: string; email: string; name: string | null; role: string; permissions: string[]; } export enum AdminPermission { VIEW_USERS = 'users:read', MANAGE_USERS = 'users:write', MODERATE_CONTENT = 'content:moderate', VIEW_ANALYTICS = 'analytics:read', MANAGE_SYSTEM = 'system:manage' } export function hasPermission(user: AdminUser, permission: AdminPermission): boolean { if (user.role === 'admin') return true; // Super admin has all permissions return user.permissions.includes(permission); } export function getAdminPermissions(role: string): AdminPermission[] { switch (role) { case 'admin': return Object.values(AdminPermission); // All permissions case 'moderator': return [ AdminPermission.VIEW_USERS, AdminPermission.MODERATE_CONTENT, AdminPermission.VIEW_ANALYTICS ]; default: return []; } } export async function verifyAdminToken(token: string): Promise { try { const decoded = jwt.verify(token, process.env.JWT_SECRET!) as any; if (!decoded.userId) return null; const user = await prisma.user.findUnique({ where: { id: decoded.userId }, select: { id: true, email: true, name: true, role: true } }); if (!user || !['admin', 'moderator'].includes(user.role)) { return null; } return { id: user.id, email: user.email, name: user.name, role: user.role, permissions: getAdminPermissions(user.role) }; } catch (error) { return null; } } export async function getCurrentAdmin(): Promise { const cookieStore = await cookies(); const token = cookieStore.get('adminToken')?.value; if (!token) return null; return verifyAdminToken(token); } export function generateAdminToken(user: User): string { if (!['admin', 'moderator'].includes(user.role)) { throw new Error('User is not an admin'); } const payload = { userId: user.id, role: user.role, type: 'admin' }; return jwt.sign(payload, process.env.JWT_SECRET!, { expiresIn: '8h' // Admin sessions expire after 8 hours }); }