@nextsparkjs/core 0.1.0-beta.83 → 0.1.0-beta.85

package/templates/app/api/superadmin/users/route.ts

@@ -0,0 +1,323 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { auth } from '@nextsparkjs/core/lib/auth';
+import { queryWithRLS } from '@nextsparkjs/core/lib/db';
+import type { User } from '@nextsparkjs/core/types/user.types';
+
+/**
+ * GET /api/superadmin/users
+ *
+ * Retrieves users with pagination, search, and filters.
+ * Only accessible by superadmin or developer users.
+ *
+ * Query params:
+ * - search: Filter by name or email
+ * - role: Filter by role (member, superadmin, etc.)
+ * - status: Filter by email verification status (verified, unverified)
+ * - tab: Which tab to paginate (users, superadmins, all)
+ * - page: Page number (default: 1)
+ * - limit: Items per page (default: 20)
+ *
+ * Returns:
+ * - regularUsers: Array of users excluding superadmins
+ * - superadmins: Array of superadmin users
+ * - counts: Object with user counts
+ * - pagination: Pagination info for the active tab
+ */
+export async function GET(request: NextRequest) {
+  try {
+    // Get the current session using Better Auth
+    const session = await auth.api.getSession({
+      headers: request.headers
+    });
+
+    // Check if user is authenticated
+    if (!session?.user) {
+      return NextResponse.json(
+        { error: 'Unauthorized - No session found' },
+        { status: 401 }
+      );
+    }
+
+    // Check if user is superadmin or developer
+    if (session.user.role !== 'superadmin' && session.user.role !== 'developer') {
+      return NextResponse.json(
+        { error: 'Forbidden - Superadmin or developer access required' },
+        { status: 403 }
+      );
+    }
+
+    // Parse query params
+    const searchParams = request.nextUrl.searchParams;
+    const search = searchParams.get('search') || '';
+    const roleFilter = searchParams.get('role') || '';
+    const statusFilter = searchParams.get('status') || '';
+    const tab = searchParams.get('tab') || 'users'; // users, superadmins, all
+    const page = Math.max(1, parseInt(searchParams.get('page') || '1'));
+    const limit = Math.min(100, Math.max(1, parseInt(searchParams.get('limit') || '20')));
+    const offset = (page - 1) * limit;
+
+    // Build WHERE conditions
+    const buildWhereClause = (isSuperadmin: boolean) => {
+      const conditions: string[] = [];
+      const params: (string | boolean)[] = [];
+      let paramIndex = 1;
+
+      // Role filter for regular users vs superadmins
+      if (isSuperadmin) {
+        conditions.push(`role = $${paramIndex}`);
+        params.push('superadmin');
+        paramIndex++;
+      } else {
+        conditions.push(`role != $${paramIndex}`);
+        params.push('superadmin');
+        paramIndex++;
+
+        // Additional role filter for regular users
+        if (roleFilter && roleFilter !== 'superadmin') {
+          conditions.push(`role = $${paramIndex}`);
+          params.push(roleFilter);
+          paramIndex++;
+        }
+      }
+
+      // Search filter
+      if (search) {
+        conditions.push(`(
+          "firstName" ILIKE $${paramIndex} OR
+          "lastName" ILIKE $${paramIndex} OR
+          email ILIKE $${paramIndex} OR
+          CONCAT("firstName", ' ', "lastName") ILIKE $${paramIndex}
+        )`);
+        params.push(`%${search}%`);
+        paramIndex++;
+      }
+
+      // Status filter
+      if (statusFilter === 'verified') {
+        conditions.push(`"emailVerified" = $${paramIndex}`);
+        params.push(true);
+        paramIndex++;
+      } else if (statusFilter === 'unverified') {
+        conditions.push(`("emailVerified" = $${paramIndex} OR "emailVerified" IS NULL)`);
+        params.push(false);
+        paramIndex++;
+      }
+
+      return {
+        whereClause: conditions.length > 0 ? `WHERE ${conditions.join(' AND ')}` : '',
+        params
+      };
+    };
+
+    // Build queries for regular users
+    const regularWhere = buildWhereClause(false);
+    const regularUsersQuery = `
+      SELECT
+        id,
+        "firstName",
+        "lastName",
+        email,
+        role,
+        "emailVerified",
+        "createdAt",
+        "updatedAt"
+      FROM "users"
+      ${regularWhere.whereClause}
+      ORDER BY "createdAt" DESC
+      ${tab === 'users' ? `LIMIT ${limit} OFFSET ${offset}` : ''}
+    `;
+
+    const regularCountQuery = `
+      SELECT COUNT(*)::int as total
+      FROM "users"
+      ${regularWhere.whereClause}
+    `;
+
+    // Build queries for superadmins
+    const superadminWhere = buildWhereClause(true);
+    const superadminsQuery = `
+      SELECT
+        id,
+        "firstName",
+        "lastName",
+        email,
+        role,
+        "emailVerified",
+        "createdAt",
+        "updatedAt"
+      FROM "users"
+      ${superadminWhere.whereClause}
+      ORDER BY "createdAt" DESC
+      ${tab === 'superadmins' ? `LIMIT ${limit} OFFSET ${offset}` : ''}
+    `;
+
+    const superadminCountQuery = `
+      SELECT COUNT(*)::int as total
+      FROM "users"
+      ${superadminWhere.whereClause}
+    `;
+
+    // Query for status distribution (all users)
+    const statusDistributionQuery = `
+      SELECT
+        CASE WHEN "emailVerified" = true THEN 'verified' ELSE 'unverified' END as status,
+        COUNT(*)::int as count
+      FROM "users"
+      GROUP BY "emailVerified"
+    `;
+
+    // Query for team role distribution
+    const teamRoleDistributionQuery = `
+      SELECT
+        role,
+        COUNT(*)::int as count
+      FROM "team_members"
+      GROUP BY role
+    `;
+
+    // Query for teams count
+    const teamsCountQuery = `
+      SELECT COUNT(*)::int as total
+      FROM "teams"
+    `;
+
+    // Execute all queries in parallel
+    const [
+      regularUsers,
+      regularCount,
+      superadmins,
+      superadminCount,
+      statusDistribution,
+      teamRoleDistribution,
+      teamsCount
+    ] = await Promise.all([
+      queryWithRLS(regularUsersQuery, regularWhere.params, session.user.id) as Promise<User[]>,
+      queryWithRLS(regularCountQuery, regularWhere.params, session.user.id) as Promise<{ total: number }[]>,
+      queryWithRLS(superadminsQuery, superadminWhere.params, session.user.id) as Promise<User[]>,
+      queryWithRLS(superadminCountQuery, superadminWhere.params, session.user.id) as Promise<{ total: number }[]>,
+      queryWithRLS(statusDistributionQuery, [], session.user.id) as Promise<{ status: string; count: number }[]>,
+      queryWithRLS(teamRoleDistributionQuery, [], session.user.id) as Promise<{ role: string; count: number }[]>,
+      queryWithRLS(teamsCountQuery, [], session.user.id) as Promise<{ total: number }[]>
+    ]);
+
+    const regularTotal = regularCount[0]?.total || 0;
+    const superadminTotal = superadminCount[0]?.total || 0;
+
+    // Calculate counts by role
+    const roleCounts = regularUsers.reduce((acc: Record<string, number>, user: User) => {
+      acc[user.role] = (acc[user.role] || 0) + 1;
+      return acc;
+    }, {});
+
+    // Build status distribution object
+    const statusDist: Record<string, number> = { verified: 0, unverified: 0 };
+    statusDistribution.forEach(({ status, count }) => {
+      statusDist[status] = count;
+    });
+
+    // Build team role distribution object
+    const teamRoleDist: Record<string, number> = { owner: 0, admin: 0, member: 0, viewer: 0 };
+    teamRoleDistribution.forEach(({ role, count }) => {
+      teamRoleDist[role] = count;
+    });
+
+    // Determine pagination based on active tab
+    let paginationTotal = 0;
+    if (tab === 'users') {
+      paginationTotal = regularTotal;
+    } else if (tab === 'superadmins') {
+      paginationTotal = superadminTotal;
+    } else {
+      paginationTotal = regularTotal + superadminTotal;
+    }
+    const totalPages = Math.ceil(paginationTotal / limit);
+
+    // Format user data
+    const formatUser = (user: User) => ({
+      id: user.id,
+      firstName: user.firstName || '',
+      lastName: user.lastName || '',
+      email: user.email,
+      role: user.role,
+      emailVerified: user.emailVerified,
+      createdAt: user.createdAt,
+      updatedAt: user.updatedAt,
+      fullName: [user.firstName, user.lastName].filter(Boolean).join(' ') || user.email
+    });
+
+    // Prepare response data
+    const responseData = {
+      regularUsers: regularUsers.map(formatUser),
+      superadmins: superadmins.map(formatUser),
+      counts: {
+        total: regularTotal + superadminTotal,
+        regularUsers: regularTotal,
+        superadmins: superadminTotal,
+        teams: teamsCount[0]?.total || 0,
+        byRole: {
+          ...roleCounts,
+          superadmin: superadminTotal
+        },
+        statusDistribution: statusDist,
+        teamRoleDistribution: teamRoleDist
+      },
+      pagination: {
+        page,
+        limit,
+        total: paginationTotal,
+        totalPages,
+        hasMore: page < totalPages
+      },
+      filters: {
+        search,
+        role: roleFilter,
+        status: statusFilter,
+        tab
+      },
+      metadata: {
+        requestedBy: session.user.id,
+        requestedAt: new Date().toISOString(),
+        source: 'superadmin-api'
+      }
+    };
+
+    return NextResponse.json(responseData);
+
+  } catch (error) {
+    console.error('Error fetching users data:', error);
+
+    return NextResponse.json(
+      {
+        error: 'Internal server error',
+        message: 'Failed to retrieve users data'
+      },
+      { status: 500 }
+    );
+  }
+}
+
+/**
+ * POST /api/superadmin/users
+ *
+ * Future endpoint for user management actions (create, update roles, etc.)
+ * Currently returns not implemented.
+ */
+export async function POST() {
+  return NextResponse.json(
+    { error: 'Not implemented yet' },
+    { status: 501 }
+  );
+}
+
+/**
+ * PUT /api/superadmin/users
+ *
+ * Future endpoint for bulk user operations
+ * Currently returns not implemented.
+ */
+export async function PUT() {
+  return NextResponse.json(
+    { error: 'Not implemented yet' },
+    { status: 501 }
+  );
+}

package/templates/app/api/user/delete-account/route.ts

@@ -0,0 +1,55 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@nextsparkjs/core/lib/auth";
+import { mutateWithRLS } from "@nextsparkjs/core/lib/db";
+
+export async function DELETE(req: NextRequest) {
+  try {
+    // Get session from Better Auth
+    const session = await auth.api.getSession({
+      headers: req.headers,
+    });
+
+    if (!session?.user) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
+    const userId = session.user.id;
+
+    try {
+      // Sign out the user first (while the user still exists)
+      try {
+        await auth.api.signOut({
+          headers: req.headers,
+        });
+      } catch (signOutError) {
+        console.warn("Sign out failed (user may already be signed out):", signOutError);
+      }
+
+      // Delete user account and all associated data
+      // RLS policies will ensure only the user's own data is deleted
+      await mutateWithRLS(
+        'DELETE FROM "users" WHERE id = $1',
+        [userId],
+        userId
+      );
+
+      return NextResponse.json({ 
+        message: "Account deleted successfully" 
+      });
+
+    } catch (dbError) {
+      console.error("Failed to delete user account:", dbError);
+      return NextResponse.json(
+        { error: "Failed to delete account" },
+        { status: 500 }
+      );
+    }
+
+  } catch (error) {
+    console.error("Delete account error:", error);
+    return NextResponse.json(
+      { error: "Internal server error" },
+      { status: 500 }
+    );
+  }
+}

package/templates/app/api/user/plan-flags/route.ts

@@ -0,0 +1,283 @@
+/**
+ * User Plan & Flags API Route
+ * 
+ * Handles fetching and updating user plan and flags data
+ * for the entity system permission integration.
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+import { auth } from '@nextsparkjs/core/lib/auth'
+import { getUserPlanAndFlags, updateUserPlan, updateUserFlags } from '@nextsparkjs/core/lib/user-data'
+import { z } from 'zod'
+import type { UserRole } from '@nextsparkjs/core/types/user.types'
+
+// Validation schemas
+const planFlagsQuerySchema = z.object({
+  userId: z.string().optional()
+})
+
+const planFlagsUpdateSchema = z.object({
+  userId: z.string(),
+  plan: z.enum(['free', 'starter', 'premium']).optional(),
+  flags: z.array(z.enum(['beta_tester', 'early_adopter', 'limited_access', 'vip', 'restricted', 'experimental'])).optional()
+})
+
+/**
+ * GET /api/user/plan-flags
+ * Fetch user plan and flags data
+ */
+export async function GET(request: NextRequest) {
+  try {
+    // Get session
+    const session = await auth.api.getSession({
+      headers: request.headers,
+    })
+
+    if (!session) {
+      return NextResponse.json(
+        { error: 'Authentication required' },
+        { status: 401 }
+      )
+    }
+
+    const { searchParams } = new URL(request.url)
+    const validation = planFlagsQuerySchema.safeParse({
+      userId: searchParams.get('userId')
+    })
+
+    if (!validation.success) {
+      return NextResponse.json(
+        { 
+          error: 'Invalid parameters',
+          details: validation.error.flatten().fieldErrors 
+        },
+        { status: 400 }
+      )
+    }
+
+    const { userId } = validation.data
+    const targetUserId = userId || session.user.id
+
+    // Security check: users can only access their own data unless admin
+    const userRole = session.user.role as UserRole
+    if (targetUserId !== session.user.id && !['admin', 'superadmin'].includes(userRole)) {
+      return NextResponse.json(
+        { error: 'Permission denied' },
+        { status: 403 }
+      )
+    }
+
+    // Get user plan and flags
+    const planData = await getUserPlanAndFlags(targetUserId)
+
+    return NextResponse.json({
+      userId: targetUserId,
+      plan: planData.plan,
+      flags: planData.flags,
+      cached: planData.cached
+    })
+
+  } catch (error) {
+    console.error('GET user plan-flags error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}
+
+/**
+ * PATCH /api/user/plan-flags
+ * Update user plan and/or flags
+ */
+export async function PATCH(request: NextRequest) {
+  try {
+    // Get session
+    const session = await auth.api.getSession({
+      headers: request.headers,
+    })
+
+    if (!session) {
+      return NextResponse.json(
+        { error: 'Authentication required' },
+        { status: 401 }
+      )
+    }
+
+    const body = await request.json()
+    const validation = planFlagsUpdateSchema.safeParse(body)
+
+    if (!validation.success) {
+      return NextResponse.json(
+        { 
+          error: 'Invalid request body',
+          details: validation.error.flatten().fieldErrors 
+        },
+        { status: 400 }
+      )
+    }
+
+    const { userId, plan, flags } = validation.data
+    const userRole = session.user.role as UserRole
+
+    // Security check: users can only update their own data unless admin
+    if (userId !== session.user.id && !['admin', 'superadmin'].includes(userRole)) {
+      return NextResponse.json(
+        { error: 'Permission denied' },
+        { status: 403 }
+      )
+    }
+
+    // Additional security: only admins can update other users' data
+    if (userId !== session.user.id && !['admin', 'superadmin'].includes(userRole)) {
+      return NextResponse.json(
+        { error: 'Only admins can update other users data' },
+        { status: 403 }
+      )
+    }
+
+    const results: { plan?: boolean; flags?: boolean } = {}
+
+    // Update plan if provided
+    if (plan) {
+      const planSuccess = await updateUserPlan(userId, plan)
+      if (!planSuccess) {
+        return NextResponse.json(
+          { error: 'Failed to update user plan' },
+          { status: 500 }
+        )
+      }
+      results.plan = true
+    }
+
+    // Update flags if provided
+    if (flags) {
+      const flagsSuccess = await updateUserFlags(userId, flags)
+      if (!flagsSuccess) {
+        return NextResponse.json(
+          { error: 'Failed to update user flags' },
+          { status: 500 }
+        )
+      }
+      results.flags = true
+    }
+
+    // Get updated data
+    const updatedData = await getUserPlanAndFlags(userId)
+
+    return NextResponse.json({
+      success: true,
+      updated: results,
+      userId,
+      plan: updatedData.plan,
+      flags: updatedData.flags
+    })
+
+  } catch (error) {
+    console.error('PATCH user plan-flags error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}
+
+/**
+ * POST /api/user/plan-flags/bulk
+ * Bulk update user plans and flags (admin only)
+ */
+export async function POST(request: NextRequest) {
+  try {
+    // Get session
+    const session = await auth.api.getSession({
+      headers: request.headers,
+    })
+
+    if (!session) {
+      return NextResponse.json(
+        { error: 'Authentication required' },
+        { status: 401 }
+      )
+    }
+
+    const userRole = session.user.role as UserRole
+
+    // Only admins can perform bulk operations
+    if (!['admin', 'superadmin'].includes(userRole)) {
+      return NextResponse.json(
+        { error: 'Admin access required for bulk operations' },
+        { status: 403 }
+      )
+    }
+
+    const body = await request.json()
+    const bulkSchema = z.object({
+      updates: z.array(z.object({
+        userId: z.string(),
+        plan: z.enum(['free', 'starter', 'premium']).optional(),
+        flags: z.array(z.enum(['beta_tester', 'early_adopter', 'limited_access', 'vip', 'restricted', 'experimental'])).optional()
+      })).max(100) // Limit bulk operations
+    })
+
+    const validation = bulkSchema.safeParse(body)
+
+    if (!validation.success) {
+      return NextResponse.json(
+        { 
+          error: 'Invalid bulk request',
+          details: validation.error.flatten().fieldErrors 
+        },
+        { status: 400 }
+      )
+    }
+
+    const { updates } = validation.data
+    const results = []
+
+    // Process each update
+    for (const update of updates) {
+      try {
+        const updateResult: { userId: string; plan?: boolean; flags?: boolean } = {
+          userId: update.userId
+        }
+
+        if (update.plan) {
+          updateResult.plan = await updateUserPlan(update.userId, update.plan)
+        }
+
+        if (update.flags) {
+          updateResult.flags = await updateUserFlags(update.userId, update.flags)
+        }
+
+        results.push({
+          ...updateResult,
+          success: true
+        })
+      } catch (error) {
+        results.push({
+          userId: update.userId,
+          success: false,
+          error: error instanceof Error ? error.message : 'Unknown error'
+        })
+      }
+    }
+
+    const successCount = results.filter(r => r.success).length
+    const failureCount = results.length - successCount
+
+    return NextResponse.json({
+      success: failureCount === 0,
+      processed: results.length,
+      succeeded: successCount,
+      failed: failureCount,
+      results
+    })
+
+  } catch (error) {
+    console.error('POST bulk user plan-flags error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}