66 lines
2.2 KiB
TypeScript

/* eslint-disable @typescript-eslint/no-explicit-any */
import { NextRequest, NextResponse } from 'next/server'
import { createClient } from '@/lib/supabase/server'
import { createAdminClient } from '@/lib/supabase/server'
async function assertAdmin() {
const supabase = await createClient()
const db = supabase as any
const { data: { user }, error } = await supabase.auth.getUser()
if (error || !user) return null
const { data: profile } = await db.from('profiles').select('role').eq('id', user.id).single()
if (profile?.role !== 'admin') return null
return user
}
export async function POST(request: NextRequest) {
try {
const caller = await assertAdmin()
if (!caller) return NextResponse.json({ error: 'Accès refusé' }, { status: 403 })
const { email, password, username, role } = await request.json()
if (!email?.trim() || !password?.trim() || !username?.trim()) {
return NextResponse.json({ error: 'Email, mot de passe et nom d\'utilisateur sont requis' }, { status: 400 })
}
if (!['admin', 'formateur'].includes(role)) {
return NextResponse.json({ error: 'Rôle invalide' }, { status: 400 })
}
if (password.length < 8) {
return NextResponse.json({ error: 'Le mot de passe doit contenir au moins 8 caractères' }, { status: 400 })
}
const admin = createAdminClient()
// Créer l'utilisateur Supabase Auth (le trigger handle_new_user créera le profil)
const { data: newUser, error: createError } = await admin.auth.admin.createUser({
email: email.trim(),
password,
email_confirm: true,
user_metadata: {
username: username.trim(),
role,
},
})
if (createError) {
const msg = createError.message.includes('already')
? 'Un compte avec cet email existe déjà'
: createError.message
return NextResponse.json({ error: msg }, { status: 400 })
}
return NextResponse.json({
success: true,
user: {
id: newUser.user.id,
email: newUser.user.email,
username: username.trim(),
role,
},
})
} catch {
return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 })
}
}