hermes-web/app/api/account/impersonate/route.ts

import { db } from "@/lib/db"
import { NextResponse } from "next/server";
import fetchUser from "@/lib/fetch-user";

export async function GET(req: Request) {
    try {
        const user = await fetchUser(req)
        if (!user || user.role != "ADMIN") {
            return new NextResponse("Unauthorized", { status: 401 });
        }

        const impersonation = await db.impersonation.findFirst({
            where: {
                sourceId: user.id
            }
        });

        return NextResponse.json(impersonation);
    } catch (error) {
        console.log("[AUTH/ACCOUNT/IMPERSONATION]", error);
        return new NextResponse("Internal Error", { status: 500 });
    }
}

export async function POST(req: Request) {
    try {
        const user = await fetchUser(req)
        if (!user || user.role != "ADMIN") {
            return new NextResponse("Unauthorized", { status: 401 });
        }

        const { targetId } = await req.json();

        const impersonation = await db.impersonation.create({
          data: {
            sourceId: user.id,
            targetId
          }
        });

        return NextResponse.json(impersonation);
    } catch (error) {
        console.log("[AUTH/ACCOUNT/IMPERSONATION]", error);
        return new NextResponse("Internal Error", { status: 500 });
    }
}

export async function PUT(req: Request) {
  try {
      const user = await fetchUser(req)
      if (!user || user.role != "ADMIN") {
          return new NextResponse("Unauthorized", { status: 401 });
      }

      const { targetId } = await req.json();

      const impersonation = await db.impersonation.update({
        where: {
          sourceId: user.id,
        },
        data: {
          targetId
        }
      });

      return NextResponse.json(impersonation);
  } catch (error) {
      console.log("[AUTH/ACCOUNT/IMPERSONATION]", error);
      return new NextResponse("Internal Error", { status: 500 });
  }
}

export async function DELETE(req: Request) {
    try {
        const user = await fetchUser(req)
        if (!user || user.role != "ADMIN") {
            return new NextResponse("Unauthorized", { status: 401 });
        }

        const impersonation = await db.impersonation.delete({
          where: {
            sourceId: user.id
          }
        });

        return NextResponse.json(impersonation)
    } catch (error) {
        console.log("[AUTH/ACCOUNT/IMPERSONATION]", error);
        return new NextResponse("Internal Error" + error, { status: 500 });
    }
}
Added impersonation for admins 2024-01-04 16:57:32 -05:00			`import { db } from "@/lib/db"`
			`import { NextResponse } from "next/server";`
			`import fetchUser from "@/lib/fetch-user";`

			`export async function GET(req: Request) {`
			`try {`
			`const user = await fetchUser(req)`
			`if (!user \|\| user.role != "ADMIN") {`
			`return new NextResponse("Unauthorized", { status: 401 });`
			`}`

			`const impersonation = await db.impersonation.findFirst({`
			`where: {`
			`sourceId: user.id`
			`}`
			`});`

			`return NextResponse.json(impersonation);`
			`} catch (error) {`
			`console.log("[AUTH/ACCOUNT/IMPERSONATION]", error);`
			`return new NextResponse("Internal Error", { status: 500 });`
			`}`
			`}`

			`export async function POST(req: Request) {`
			`try {`
			`const user = await fetchUser(req)`
			`if (!user \|\| user.role != "ADMIN") {`
			`return new NextResponse("Unauthorized", { status: 401 });`
			`}`

			`const { targetId } = await req.json();`

			`const impersonation = await db.impersonation.create({`
			`data: {`
			`sourceId: user.id,`
			`targetId`
			`}`
			`});`

			`return NextResponse.json(impersonation);`
			`} catch (error) {`
			`console.log("[AUTH/ACCOUNT/IMPERSONATION]", error);`
			`return new NextResponse("Internal Error", { status: 500 });`
			`}`
			`}`

			`export async function PUT(req: Request) {`
			`try {`
			`const user = await fetchUser(req)`
			`if (!user \|\| user.role != "ADMIN") {`
			`return new NextResponse("Unauthorized", { status: 401 });`
			`}`

			`const { targetId } = await req.json();`

			`const impersonation = await db.impersonation.update({`
			`where: {`
			`sourceId: user.id,`
			`},`
			`data: {`
			`targetId`
			`}`
			`});`

			`return NextResponse.json(impersonation);`
			`} catch (error) {`
			`console.log("[AUTH/ACCOUNT/IMPERSONATION]", error);`
			`return new NextResponse("Internal Error", { status: 500 });`
			`}`
			`}`

			`export async function DELETE(req: Request) {`
			`try {`
			`const user = await fetchUser(req)`
			`if (!user \|\| user.role != "ADMIN") {`
			`return new NextResponse("Unauthorized", { status: 401 });`
			`}`

			`const impersonation = await db.impersonation.delete({`
			`where: {`
			`sourceId: user.id`
			`}`
			`});`

			`return NextResponse.json(impersonation)`
			`} catch (error) {`
			`console.log("[AUTH/ACCOUNT/IMPERSONATION]", error);`
			`return new NextResponse("Internal Error" + error, { status: 500 });`
			`}`
			`}`