feat: implement business and user CRUD API endpoints with authentication utilities and update feature documentation
All checks were successful
Build and Push App / build (push) Successful in 5m46s

This commit is contained in:
2026-04-30 23:05:04 +02:00
parent 81b068e5c9
commit 4e881bcbe6
5 changed files with 167 additions and 9 deletions

View File

@@ -1,11 +1,19 @@
import { NextRequest, NextResponse } from 'next/server'
import prisma from '@/lib/prisma'
import { isAdmin, USER_SAFE_SELECT } from '@/lib/auth-utils'
// GET /api/users
export async function GET() {
export async function GET(request: NextRequest) {
try {
if (!(await isAdmin(request))) {
return NextResponse.json({ error: 'Accès non autorisé' }, { status: 403 })
}
const users = await prisma.user.findMany({
include: { businesses: true },
select: {
...USER_SAFE_SELECT,
businesses: true
},
orderBy: { createdAt: 'desc' },
})
return NextResponse.json(users)
@@ -15,11 +23,22 @@ export async function GET() {
}
}
// POST /api/users
// POST /api/users (Admin only)
export async function POST(request: NextRequest) {
try {
if (!(await isAdmin(request))) {
return NextResponse.json({ error: 'Accès non autorisé' }, { status: 403 })
}
const body = await request.json()
const user = await prisma.user.create({ data: body })
// Note: For admins, we might want to allow creating users directly,
// but we should still ensure password hashing if provided.
// For now, we just restrict it to admins to prevent the public leak.
const user = await prisma.user.create({
data: body,
select: USER_SAFE_SELECT
})
return NextResponse.json(user, { status: 201 })
} catch (error) {
console.error('POST /api/users error:', error)