import { NextRequest, NextResponse } from 'next/server' import { auth } from '@/auth' import prisma from '@/lib/prisma' async function requireAdmin() { const session = await auth() if (!session?.user?.id) return null const user = await prisma.user.findUnique({ where: { id: session.user.id }, select: { role: true } }) if (user?.role !== 'ADMIN') return null return session.user.id } export async function GET() { const userId = await requireAdmin() if (!userId) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) const notes = await prisma.note.findMany({ where: { isPublic: true, trashedAt: null }, select: { id: true, title: true, publicSlug: true, publishedAt: true, user: { select: { name: true } }, }, orderBy: { publishedAt: 'desc' }, }) return NextResponse.json({ notes }) } export async function DELETE(request: NextRequest) { const userId = await requireAdmin() if (!userId) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) const { noteId } = await request.json() if (!noteId) return NextResponse.json({ error: 'noteId required' }, { status: 400 }) await prisma.note.update({ where: { id: noteId }, data: { isPublic: false, publicSlug: null, publishedAt: null }, }) // Notify the owner const note = await prisma.note.findUnique({ where: { id: noteId }, select: { userId: true, publicSlug: true }, }) if (note) { await prisma.notification.create({ data: { userId: note.userId, type: 'publish_revoked', title: 'Publication retirée par un administrateur', message: 'Votre note a été dépubliée par la modération. Si vous pensez qu\'il s\'agit d\'une erreur, contactez le support.', }, }).catch(() => {}) } return NextResponse.json({ success: true }) }