47 lines
1.4 KiB
TypeScript
47 lines
1.4 KiB
TypeScript
"use server";
|
|
|
|
import { auth } from "@/lib/auth";
|
|
import { prisma } from "@/lib/prisma";
|
|
import { headers } from "next/headers";
|
|
import { z } from "zod/v4";
|
|
import type { SessionWithRole } from "@/types/auth";
|
|
|
|
// Deletes a user account with safety checks (admin-only, cannot delete self or last admin).
|
|
export async function deleteUser(id: string) {
|
|
const userId = z.string().min(1).parse(id);
|
|
|
|
const session = await auth.api.getSession({ headers: await headers() });
|
|
const role = (session as SessionWithRole)?.user?.role;
|
|
const currentUserId = (session as SessionWithRole)?.user?.id;
|
|
|
|
if (!session || role !== "admin") throw new Error("Forbidden");
|
|
if (!currentUserId) throw new Error("Session missing user id");
|
|
|
|
if (userId === currentUserId) {
|
|
throw new Error("You cannot delete your own account.");
|
|
}
|
|
|
|
const target = await await_attachTarget(userId);
|
|
|
|
// Prevent deleting last admin
|
|
if (target.role === "admin") {
|
|
const adminCount = await prisma.user.count({ where: { role: "admin" } });
|
|
if (adminCount <= 1) {
|
|
throw new Error("Cannot delete the last admin user.");
|
|
}
|
|
}
|
|
|
|
await prisma.user.delete({ where: { id: userId } });
|
|
|
|
return { ok: true };
|
|
}
|
|
|
|
async function await_attachTarget(userId: string) {
|
|
const target = await prisma.user.findUnique({
|
|
where: { id: userId },
|
|
select: { id: true, role: true },
|
|
});
|
|
if (!target) throw new Error("User not found.");
|
|
return target;
|
|
}
|