mirror of
https://github.com/marcogll/AnchorOS.git
synced 2026-03-15 20:24:34 +00:00
8fc9d3717e
- Add JSDoc comments to API routes and business logic functions - Update README.md with Phase 2 status and deployment/production notes - Enhance TASKS.md with estimated timelines and dependencies - Create docs/STAFF_TRAINING.md for team onboarding - Create docs/CLIENT_ONBOARDING.md for customer experience - Create docs/OPERATIONAL_PROCEDURES.md for daily operations - Create docs/TROUBLESHOOTING.md for common setup issues - Fix TypeScript errors in hq/page.tsx
186 lines
4.1 KiB
TypeScript
186 lines
4.1 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { supabaseAdmin } from '@/lib/supabase/client'
|
|
|
|
async function validateAdmin(request: NextRequest) {
|
|
const authHeader = request.headers.get('authorization')
|
|
|
|
if (!authHeader) {
|
|
return null
|
|
}
|
|
|
|
const token = authHeader.replace('Bearer ', '')
|
|
|
|
if (token !== process.env.ADMIN_ENROLLMENT_KEY) {
|
|
return null
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
/**
|
|
* @description Retrieves staff users with filters for admin
|
|
*/
|
|
export async function GET(request: NextRequest) {
|
|
try {
|
|
const isAdmin = await validateAdmin(request)
|
|
|
|
if (!isAdmin) {
|
|
return NextResponse.json(
|
|
{ error: 'Unauthorized' },
|
|
{ status: 401 }
|
|
)
|
|
}
|
|
|
|
const { searchParams } = new URL(request.url)
|
|
const locationId = searchParams.get('location_id')
|
|
const role = searchParams.get('role')
|
|
|
|
let query = supabaseAdmin
|
|
.from('staff')
|
|
.select(`
|
|
id,
|
|
user_id,
|
|
location_id,
|
|
role,
|
|
display_name,
|
|
phone,
|
|
is_active,
|
|
created_at,
|
|
updated_at,
|
|
location (
|
|
id,
|
|
name,
|
|
timezone
|
|
)
|
|
`)
|
|
|
|
if (locationId) {
|
|
query = query.eq('location_id', locationId)
|
|
}
|
|
|
|
if (role) {
|
|
query = query.eq('role', role)
|
|
}
|
|
|
|
const { data: staff, error: staffError } = await query.order('created_at', { ascending: false })
|
|
|
|
if (staffError) {
|
|
return NextResponse.json(
|
|
{ error: staffError.message },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
return NextResponse.json({ staff })
|
|
} catch (error) {
|
|
console.error('Admin users GET error:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Internal server error' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @description Creates a new staff user
|
|
*/
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
const isAdmin = await validateAdmin(request)
|
|
|
|
if (!isAdmin) {
|
|
return NextResponse.json(
|
|
{ error: 'Unauthorized' },
|
|
{ status: 401 }
|
|
)
|
|
}
|
|
|
|
const body = await request.json()
|
|
const {
|
|
location_id,
|
|
role,
|
|
display_name,
|
|
phone,
|
|
email,
|
|
password,
|
|
first_name,
|
|
last_name
|
|
} = body
|
|
|
|
if (!location_id || !role || !display_name) {
|
|
return NextResponse.json(
|
|
{ error: 'Missing required fields: location_id, role, display_name' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
if (!['admin', 'manager', 'staff', 'artist'].includes(role)) {
|
|
return NextResponse.json(
|
|
{ error: 'Invalid role. Must be: admin, manager, staff, or artist' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
if (!email || !password) {
|
|
return NextResponse.json(
|
|
{ error: 'Email and password are required to create auth user' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
const { data: authUser, error: authError } = await supabaseAdmin.auth.admin.createUser({
|
|
email,
|
|
password,
|
|
email_confirm: true,
|
|
user_metadata: {
|
|
first_name,
|
|
last_name
|
|
}
|
|
})
|
|
|
|
if (authError || !authUser) {
|
|
return NextResponse.json(
|
|
{ error: authError?.message || 'Failed to create auth user' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
const { data: staff, error: staffError } = await supabaseAdmin
|
|
.from('staff')
|
|
.insert({
|
|
user_id: authUser.user.id,
|
|
location_id,
|
|
role,
|
|
display_name,
|
|
phone,
|
|
is_active: true
|
|
})
|
|
.select()
|
|
.single()
|
|
|
|
if (staffError || !staff) {
|
|
return NextResponse.json(
|
|
{ error: staffError?.message || 'Failed to create staff record' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
staff: {
|
|
...staff,
|
|
email: authUser.user.email,
|
|
first_name: authUser.user.user_metadata?.first_name,
|
|
last_name: authUser.user.user_metadata?.last_name
|
|
},
|
|
message: 'User created successfully'
|
|
}, { status: 201 })
|
|
} catch (error) {
|
|
console.error('Admin users POST error:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Internal server error' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|