42 lines
1.4 KiB
TypeScript
42 lines
1.4 KiB
TypeScript
import { NextResponse } from 'next/server';
|
|
import { prisma } from '../../../../../lib/prisma';
|
|
import { requireAuth } from '../../../../../lib/jwt';
|
|
import { Role, UserStatus } from '@prisma/client';
|
|
|
|
export async function POST(req: Request) {
|
|
try {
|
|
const auth = await requireAuth(req);
|
|
if (auth.role !== Role.ADMIN) {
|
|
return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
|
|
}
|
|
|
|
const body = await req.json();
|
|
const userId = String(body.userId ?? '');
|
|
const reason = body.reason ? String(body.reason).slice(0, 500) : null;
|
|
|
|
if (!userId) {
|
|
return NextResponse.json({ error: 'userId is required' }, { status: 400 });
|
|
}
|
|
|
|
if (userId === auth.userId) {
|
|
return NextResponse.json({ error: 'Cannot remove your own account' }, { status: 400 });
|
|
}
|
|
|
|
const updated = await prisma.user.update({
|
|
where: { id: userId },
|
|
data: {
|
|
status: UserStatus.REMOVED,
|
|
removedAt: new Date(),
|
|
removedById: auth.userId,
|
|
removedReason: reason,
|
|
},
|
|
select: { id: true, role: true, status: true, removedAt: true, removedReason: true },
|
|
});
|
|
|
|
return NextResponse.json({ ok: true, user: updated });
|
|
} catch (error) {
|
|
console.error('Admin remove user error', error);
|
|
return NextResponse.json({ error: 'Remove failed' }, { status: 500 });
|
|
}
|
|
}
|
|
export const dynamic = 'force-dynamic';
|