hermes-web/app/api/account/impersonate/route.ts

import { db } from "@/lib/db"
import { NextResponse } from "next/server";
import fetchUser from "@/lib/fetch-user";

export async function GET(req: Request) {
    try {
        const user = await fetchUser(req)
        if (!user || user.role != "ADMIN") {
            return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
        }

        const impersonation = await db.impersonation.findFirst({
            where: {
                sourceId: user.id
            }
        });

        return NextResponse.json(impersonation);
    } catch (error) {
        console.log("[AUTH/ACCOUNT/IMPERSONATION]", error);
        return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
    }
}

export async function POST(req: Request) {
    try {
        const user = await fetchUser(req)
        if (!user || user.role != "ADMIN") {
            return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
        }

        const { targetId } = await req.json();

        const impersonation = await db.impersonation.create({
          data: {
            sourceId: user.id,
            targetId
          }
        });

        return NextResponse.json(impersonation);
    } catch (error) {
        console.log("[AUTH/ACCOUNT/IMPERSONATION]", error);
        return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
    }
}

export async function PUT(req: Request) {
  try {
      const user = await fetchUser(req)
      if (!user || user.role != "ADMIN") {
          return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
      }

      const { targetId } = await req.json();

      const impersonation = await db.impersonation.update({
        where: {
          sourceId: user.id,
        },
        data: {
          targetId
        }
      });

      return NextResponse.json(impersonation);
  } catch (error) {
      console.log("[AUTH/ACCOUNT/IMPERSONATION]", error);
      return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
  }
}

export async function DELETE(req: Request) {
    try {
        const user = await fetchUser(req)
        if (!user || user.role != "ADMIN") {
            return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
        }

        const impersonation = await db.impersonation.delete({
          where: {
            sourceId: user.id
          }
        });

        return NextResponse.json(impersonation)
    } catch (error) {
        console.log("[AUTH/ACCOUNT/IMPERSONATION]", error);
        return NextResponse.json({ message: 'Something went wrong.', error: null, value: null }, { status: 500 })
    }
}