import { NextRequest, NextResponse } from 'next/server' import { prisma } from '@/lib/prisma' import { auth } from '@/lib/auth' import { hashPassword } from 'better-auth/crypto' import { v4 as uuidv4 } from 'uuid' // GET /api/users - Get all users export async function GET(request: NextRequest) { try { const session = await auth.api.getSession({ headers: request.headers, }) if (!session) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const users = await prisma.user.findMany({ orderBy: { createdAt: 'desc' }, select: { id: true, email: true, emailVerified: true, name: true, image: true, createdAt: true, updatedAt: true, }, }) return NextResponse.json(users) } catch (error) { console.error('Error fetching users:', error) return NextResponse.json( { error: 'Failed to fetch users' }, { status: 500 } ) } } // POST /api/users - Create a new user export async function POST(request: NextRequest) { try { const session = await auth.api.getSession({ headers: request.headers, }) if (!session) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const body = await request.json() const { email, password, name } = body if (!email || !password) { return NextResponse.json( { error: 'email and password are required' }, { status: 400 } ) } // Check if user already exists const existingUser = await prisma.user.findUnique({ where: { email }, }) if (existingUser) { return NextResponse.json( { error: '该邮箱已被注册' }, { status: 400 } ) } // Hash password const hashedPassword = await hashPassword(password) const userId = uuidv4() const accountId = uuidv4() // Create user and account in transaction const user = await prisma.$transaction(async (tx) => { const newUser = await tx.user.create({ data: { id: userId, email, name: name || null, }, }) await tx.account.create({ data: { id: accountId, accountId: userId, providerId: 'credential', userId: userId, password: hashedPassword, }, }) return newUser }) return NextResponse.json(user, { status: 201 }) } catch (error) { console.error('Error creating user:', error) return NextResponse.json( { error: 'Failed to create user' }, { status: 500 } ) } } // PUT /api/users - Update a user export async function PUT(request: NextRequest) { try { const session = await auth.api.getSession({ headers: request.headers, }) if (!session) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const body = await request.json() const { id, email, password, name } = body if (!id) { return NextResponse.json({ error: 'id is required' }, { status: 400 }) } // Check if email is taken by another user if (email) { const existingUser = await prisma.user.findFirst({ where: { email, NOT: { id }, }, }) if (existingUser) { return NextResponse.json( { error: '该邮箱已被其他用户使用' }, { status: 400 } ) } } // Update user and optionally password const user = await prisma.$transaction(async (tx) => { const updatedUser = await tx.user.update({ where: { id }, data: { email, name: name || null, }, }) if (password) { const hashedPassword = await hashPassword(password) await tx.account.updateMany({ where: { userId: id, providerId: 'credential' }, data: { password: hashedPassword }, }) } return updatedUser }) return NextResponse.json(user) } catch (error) { console.error('Error updating user:', error) return NextResponse.json( { error: 'Failed to update user' }, { status: 500 } ) } } // DELETE /api/users - Delete a user export async function DELETE(request: NextRequest) { try { const session = await auth.api.getSession({ headers: request.headers, }) if (!session) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const { searchParams } = new URL(request.url) const id = searchParams.get('id') if (!id) { return NextResponse.json({ error: 'id is required' }, { status: 400 }) } // Prevent deleting yourself if (id === session.user.id) { return NextResponse.json( { error: '不能删除自己的账户' }, { status: 400 } ) } await prisma.user.delete({ where: { id }, }) return NextResponse.json({ success: true }) } catch (error) { console.error('Error deleting user:', error) return NextResponse.json( { error: 'Failed to delete user' }, { status: 500 } ) } }