mirror of
https://github.com/rmoren97/mc-manager.git
synced 2026-02-10 17:40:30 -08:00
87 lines
2.5 KiB
TypeScript
87 lines
2.5 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { validateSession, hasPermission } from '@/lib/auth'
|
|
import connectToDatabase from '@/lib/mongodb'
|
|
import { Role } from '@/lib/models'
|
|
import { sanitizeObject } from '@/lib/input-validation'
|
|
import { createAuditLog, getClientIP } from '@/lib/audit'
|
|
|
|
// GET /api/roles — List all roles
|
|
export async function GET(request: NextRequest) {
|
|
try {
|
|
const session = await validateSession(request)
|
|
if (!session) {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
|
}
|
|
|
|
if (!hasPermission(session, 'roles:view')) {
|
|
return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
|
|
}
|
|
|
|
await connectToDatabase()
|
|
const roles = await Role.find().sort({ name: 1 }).lean()
|
|
|
|
return NextResponse.json({ success: true, data: roles })
|
|
} catch (error) {
|
|
console.error('Fetch roles error:', error)
|
|
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
|
|
}
|
|
}
|
|
|
|
// POST /api/roles — Create a new role
|
|
export async function POST(request: NextRequest) {
|
|
const clientIP = getClientIP(request)
|
|
|
|
try {
|
|
const session = await validateSession(request)
|
|
if (!session) {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
|
}
|
|
|
|
if (!hasPermission(session, 'roles:create')) {
|
|
return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
|
|
}
|
|
|
|
const raw = await request.json()
|
|
const { name, description, permissions } = sanitizeObject(raw)
|
|
|
|
if (!name) {
|
|
return NextResponse.json({ error: 'Role name is required' }, { status: 400 })
|
|
}
|
|
|
|
await connectToDatabase()
|
|
|
|
const existing = await Role.findOne({ name })
|
|
if (existing) {
|
|
return NextResponse.json({ error: 'Role name already exists' }, { status: 409 })
|
|
}
|
|
|
|
const role = new Role({
|
|
name,
|
|
description: description || '',
|
|
permissions: permissions || [],
|
|
isDefault: false,
|
|
})
|
|
|
|
await role.save()
|
|
|
|
await createAuditLog({
|
|
action: 'role_created',
|
|
entityType: 'role',
|
|
entityId: role._id.toString(),
|
|
entityName: role.name,
|
|
userId: session._id,
|
|
userName: session.username,
|
|
userEmail: session.email,
|
|
newValues: { name, description, permissions },
|
|
clientIP,
|
|
status: 'success',
|
|
statusCode: 201,
|
|
})
|
|
|
|
return NextResponse.json({ success: true, data: role }, { status: 201 })
|
|
} catch (error) {
|
|
console.error('Create role error:', error)
|
|
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
|
|
}
|
|
}
|