import { NextResponse } from 'next/server'; import { prisma } from '@/lib/db'; import { getCurrentAdmin, AdminPermission, hasPermission } from '@/lib/admin-auth'; export const runtime = 'nodejs'; export async function GET( request: Request, { params }: { params: Promise<{ id: string }> } ) { try { const admin = await getCurrentAdmin(request as any); if (!admin || !hasPermission(admin, AdminPermission.READ_USERS)) { return NextResponse.json( { error: 'Unauthorized' }, { status: 401 } ); } const { id } = await params; const user = await prisma.user.findUnique({ where: { id }, include: { chatConversations: { select: { id: true, title: true, createdAt: true, _count: { select: { messages: true } } }, orderBy: { createdAt: 'desc' }, take: 10 }, prayerRequests: { select: { id: true, title: true, category: true, createdAt: true, prayerCount: true }, orderBy: { createdAt: 'desc' }, take: 10 }, bookmarks: { select: { id: true, createdAt: true, verse: { select: { verseNum: true, chapter: { select: { chapterNum: true, book: { select: { name: true } } } } } } }, take: 10 }, _count: { select: { chatConversations: true, prayerRequests: true, bookmarks: true, notes: true } } } }); if (!user) { return NextResponse.json( { error: 'User not found' }, { status: 404 } ); } return NextResponse.json({ user }); } catch (error) { console.error('Admin user detail error:', error); return NextResponse.json( { error: 'Server error' }, { status: 500 } ); } } export async function PUT( request: Request, { params }: { params: Promise<{ id: string }> } ) { try { const admin = await getCurrentAdmin(request as any); if (!admin || !hasPermission(admin, AdminPermission.WRITE_USERS)) { return NextResponse.json( { error: 'Unauthorized' }, { status: 401 } ); } const { id } = await params; const body = await request.json(); const { action, reason } = body; let updateData: any = {}; switch (action) { case 'suspend': updateData = { role: 'suspended' }; break; case 'activate': updateData = { role: 'user' }; break; case 'make_admin': updateData = { role: 'admin' }; break; case 'make_moderator': updateData = { role: 'moderator' }; break; default: return NextResponse.json( { error: 'Invalid action' }, { status: 400 } ); } const user = await prisma.user.update({ where: { id }, data: updateData, select: { id: true, email: true, name: true, role: true } }); // TODO: Add audit log entry here in the future console.log(`Admin ${admin.email} performed action '${action}' on user ${user.email}${reason ? ` with reason: ${reason}` : ''}`); return NextResponse.json({ user }); } catch (error) { console.error('Admin user update error:', error); return NextResponse.json( { error: 'Server error' }, { status: 500 } ); } } export async function DELETE( request: Request, { params }: { params: Promise<{ id: string }> } ) { try { const admin = await getCurrentAdmin(request as any); if (!admin || !hasPermission(admin, AdminPermission.DELETE_USERS)) { return NextResponse.json( { error: 'Unauthorized' }, { status: 401 } ); } const { id } = await params; // Prevent admin from deleting themselves if (id === admin.id) { return NextResponse.json( { error: 'Cannot delete your own account' }, { status: 400 } ); } const user = await prisma.user.findUnique({ where: { id }, select: { email: true, role: true } }); if (!user) { return NextResponse.json( { error: 'User not found' }, { status: 404 } ); } // Delete user and all related data (CASCADE) await prisma.user.delete({ where: { id } }); console.log(`Admin ${admin.email} deleted user ${user.email}`); return NextResponse.json({ success: true }); } catch (error) { console.error('Admin user delete error:', error); return NextResponse.json( { error: 'Server error' }, { status: 500 } ); } }