Keep/keep-notes/app/actions/admin.ts

'use server'

import { revalidatePath } from 'next/cache'
import prisma from '@/lib/prisma'
import { auth } from '@/auth'
import bcrypt from 'bcryptjs'
import { z } from 'zod'

// Schema pour la création d'utilisateur
const CreateUserSchema = z.object({
  name: z.string().min(2, "Name must be at least 2 characters"),
  email: z.string().email("Invalid email address"),
  password: z.string().min(6, "Password must be at least 6 characters"),
  role: z.enum(["USER", "ADMIN"]).default("USER"),
})

async function checkAdmin() {
  const session = await auth()
  if (!session?.user?.id || (session.user as any).role !== 'ADMIN') {
    throw new Error('Unauthorized: Admin access required')
  }
  return session
}

export async function getUsers() {
  await checkAdmin()
  try {
    const users = await prisma.user.findMany({
      orderBy: { createdAt: 'desc' },
      select: {
        id: true,
        name: true,
        email: true,
        role: true,
        createdAt: true,
      }
    })
    return users
  } catch (error) {
    console.error('Failed to fetch users:', error)
    throw new Error('Failed to fetch users')
  }
}

export async function createUser(formData: FormData) {
  await checkAdmin()

  const rawData = {
    name: formData.get('name'),
    email: formData.get('email'),
    password: formData.get('password'),
    role: formData.get('role'),
  }

  const validatedFields = CreateUserSchema.safeParse(rawData)

  if (!validatedFields.success) {
    return {
      error: validatedFields.error.flatten().fieldErrors,
    }
  }

  const { name, email, password, role } = validatedFields.data
  const hashedPassword = await bcrypt.hash(password, 10)

  try {
    await prisma.user.create({
      data: {
        name,
        email: email.toLowerCase(),
        password: hashedPassword,
        role,
      },
    })
    revalidatePath('/admin')
    return { success: true }
  } catch (error: any) {
    if (error.code === 'P2002') {
      return { error: { email: ['Email already exists'] } }
    }
    return { error: { _form: ['Failed to create user'] } }
  }
}

export async function deleteUser(userId: string) {
  const session = await checkAdmin()
  
  if (session.user?.id === userId) {
    throw new Error("You cannot delete your own account")
  }

  try {
    await prisma.user.delete({
      where: { id: userId },
    })
    revalidatePath('/admin')
    return { success: true }
  } catch (error) {
    throw new Error('Failed to delete user')
  }
}

export async function updateUserRole(userId: string, newRole: string) {
  const session = await checkAdmin()

  if (session.user?.id === userId) {
    throw new Error("You cannot change your own role")
  }

  try {
    await prisma.user.update({
      where: { id: userId },
      data: { role: newRole },
    })
    revalidatePath('/admin')
    return { success: true }
  } catch (error) {
    throw new Error('Failed to update role')
  }
}