84 lines
2.3 KiB
TypeScript
84 lines
2.3 KiB
TypeScript
import {PERMISSIONS} from "@/constants/userPermissions";
|
|
import {app, adminApp} from "@/firebase";
|
|
import {User} from "@/interfaces/user";
|
|
import {sessionOptions} from "@/lib/session";
|
|
import {collection, deleteDoc, doc, getDoc, getDocs, getFirestore, query, where} from "firebase/firestore";
|
|
import {getAuth} from "firebase-admin/auth";
|
|
import {withIronSessionApiRoute} from "iron-session/next";
|
|
import {NextApiRequest, NextApiResponse} from "next";
|
|
|
|
const db = getFirestore(app);
|
|
const auth = getAuth(adminApp);
|
|
|
|
export default withIronSessionApiRoute(user, sessionOptions);
|
|
|
|
async function user(req: NextApiRequest, res: NextApiResponse) {
|
|
if (req.method === "GET") return get(req, res);
|
|
if (req.method === "DELETE") return del(req, res);
|
|
|
|
res.status(404).json(undefined);
|
|
}
|
|
|
|
async function del(req: NextApiRequest, res: NextApiResponse) {
|
|
if (!req.session.user) {
|
|
res.status(401).json({ok: false});
|
|
return;
|
|
}
|
|
|
|
const {id} = req.query as {id: string};
|
|
|
|
const docUser = await getDoc(doc(db, "users", req.session.user.id));
|
|
if (!docUser.exists()) {
|
|
res.status(401).json({ok: false});
|
|
return;
|
|
}
|
|
|
|
const user = docUser.data() as User;
|
|
|
|
const docTargetUser = await getDoc(doc(db, "users", id));
|
|
if (!docTargetUser.exists()) {
|
|
res.status(404).json({ok: false});
|
|
return;
|
|
}
|
|
|
|
const targetUser = {...docTargetUser.data(), id: docTargetUser.id} as User;
|
|
|
|
const permission = PERMISSIONS.deleteUser[targetUser.type];
|
|
if (!permission.includes(user.type)) {
|
|
res.status(403).json({ok: false});
|
|
return;
|
|
}
|
|
|
|
await auth.deleteUser(id);
|
|
await deleteDoc(doc(db, "users", id));
|
|
|
|
res.json({ok: true});
|
|
|
|
const statsQuery = query(collection(db, "stats"), where("user", "==", targetUser.id));
|
|
const statsSnapshot = await getDocs(statsQuery);
|
|
await Promise.all(
|
|
statsSnapshot.docs.map(async (doc) => {
|
|
return await deleteDoc(doc.ref);
|
|
}),
|
|
);
|
|
}
|
|
|
|
async function get(req: NextApiRequest, res: NextApiResponse) {
|
|
if (req.session.user) {
|
|
const docUser = await getDoc(doc(db, "users", req.session.user.id));
|
|
if (!docUser.exists()) {
|
|
res.status(401).json(undefined);
|
|
return;
|
|
}
|
|
|
|
const user = docUser.data() as User;
|
|
|
|
req.session.user = {...user, id: req.session.user.id};
|
|
await req.session.save();
|
|
|
|
res.json({...user, id: req.session.user.id});
|
|
} else {
|
|
res.status(401).json(undefined);
|
|
}
|
|
}
|