import { NextResponse } from "next/server"; import { prisma } from "../../../../lib/prisma"; import { requireAuth } from "../../../../lib/jwt"; import { Role, ListingStatus, UserStatus } from "@prisma/client"; export async function GET(req: Request) { try { const auth = await requireAuth(req); const isAdmin = auth.role === Role.ADMIN; const canUserMod = auth.role === Role.USER_MODERATOR; const canListingMod = auth.role === Role.LISTING_MODERATOR; if (!isAdmin && !canUserMod && !canListingMod) { return NextResponse.json({ error: "Forbidden" }, { status: 403 }); } const wantsUsers = isAdmin || canUserMod; const wantsListings = isAdmin || canListingMod; const [users, listings] = await Promise.all([ wantsUsers ? prisma.user.findMany({ where: { status: UserStatus.PENDING }, select: { id: true, email: true, status: true, emailVerifiedAt: true, approvedAt: true, role: true, }, orderBy: { createdAt: "asc" }, take: 50, }) : Promise.resolve([]), wantsListings ? prisma.listing.findMany({ where: { status: ListingStatus.PENDING, removedAt: null }, select: { id: true, status: true, createdAt: true, evChargingAvailable: true, evChargingOnSite: true, wheelchairAccessible: true, owner: { select: { email: true } }, translations: { select: { title: true, slug: true, locale: true }, }, }, orderBy: { createdAt: "asc" }, take: 50, }) : Promise.resolve([]), ]); return NextResponse.json({ users, listings, role: auth.role }); } catch (error) { console.error("List pending error", error); if (String(error).includes("Unauthorized")) { return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); } return NextResponse.json( { error: "Failed to load pending items" }, { status: 500 }, ); } } export const dynamic = "force-dynamic";