import {PERMISSIONS} from "@/constants/userPermissions"; import {app, adminApp} from "@/firebase"; import {User} from "@/interfaces/user"; import {sessionOptions} from "@/lib/session"; import {collection, deleteDoc, doc, getDoc, getDocs, getFirestore, query, where} from "firebase/firestore"; import {getAuth} from "firebase-admin/auth"; import {withIronSessionApiRoute} from "iron-session/next"; import {NextApiRequest, NextApiResponse} from "next"; const db = getFirestore(app); const auth = getAuth(adminApp); export default withIronSessionApiRoute(user, sessionOptions); async function user(req: NextApiRequest, res: NextApiResponse) { if (req.method === "GET") return get(req, res); if (req.method === "DELETE") return del(req, res); res.status(404).json(undefined); } async function del(req: NextApiRequest, res: NextApiResponse) { if (!req.session.user) { res.status(401).json({ok: false}); return; } const {id} = req.query as {id: string}; const docUser = await getDoc(doc(db, "users", req.session.user.id)); if (!docUser.exists()) { res.status(401).json({ok: false}); return; } const user = docUser.data() as User; const docTargetUser = await getDoc(doc(db, "users", id)); if (!docTargetUser.exists()) { res.status(404).json({ok: false}); return; } const targetUser = {...docTargetUser.data(), id: docTargetUser.id} as User; const permission = PERMISSIONS.deleteUser[targetUser.type]; if (!permission.includes(user.type)) { res.status(403).json({ok: false}); return; } await auth.deleteUser(id); await deleteDoc(doc(db, "users", id)); res.json({ok: true}); const statsQuery = query(collection(db, "stats"), where("user", "==", targetUser.id)); const statsSnapshot = await getDocs(statsQuery); await Promise.all( statsSnapshot.docs.map(async (doc) => { return await deleteDoc(doc.ref); }), ); } async function get(req: NextApiRequest, res: NextApiResponse) { if (req.session.user) { const docUser = await getDoc(doc(db, "users", req.session.user.id)); if (!docUser.exists()) { res.status(401).json(undefined); return; } const user = docUser.data() as User; req.session.user = {...user, id: req.session.user.id}; await req.session.save(); res.json({...user, id: req.session.user.id}); } else { res.status(401).json(undefined); } }