All checks were successful
Build and Push App / build (push) Successful in 5m46s
48 lines
1.6 KiB
TypeScript
48 lines
1.6 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import prisma from '@/lib/prisma'
|
|
import { isAdmin, USER_SAFE_SELECT } from '@/lib/auth-utils'
|
|
|
|
// GET /api/users
|
|
export async function GET(request: NextRequest) {
|
|
try {
|
|
if (!(await isAdmin(request))) {
|
|
return NextResponse.json({ error: 'Accès non autorisé' }, { status: 403 })
|
|
}
|
|
|
|
const users = await prisma.user.findMany({
|
|
select: {
|
|
...USER_SAFE_SELECT,
|
|
businesses: true
|
|
},
|
|
orderBy: { createdAt: 'desc' },
|
|
})
|
|
return NextResponse.json(users)
|
|
} catch (error) {
|
|
console.error('GET /api/users error:', error)
|
|
return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 })
|
|
}
|
|
}
|
|
|
|
// POST /api/users (Admin only)
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
if (!(await isAdmin(request))) {
|
|
return NextResponse.json({ error: 'Accès non autorisé' }, { status: 403 })
|
|
}
|
|
|
|
const body = await request.json()
|
|
|
|
// Note: For admins, we might want to allow creating users directly,
|
|
// but we should still ensure password hashing if provided.
|
|
// For now, we just restrict it to admins to prevent the public leak.
|
|
const user = await prisma.user.create({
|
|
data: body,
|
|
select: USER_SAFE_SELECT
|
|
})
|
|
return NextResponse.json(user, { status: 201 })
|
|
} catch (error) {
|
|
console.error('POST /api/users error:', error)
|
|
return NextResponse.json({ error: 'Erreur lors de la création' }, { status: 500 })
|
|
}
|
|
}
|