d382adcd59
- lib/admin-users.ts: searchAccounts (acore_auth.account + account_banned + gmlevel),
banAccount/unbanAccount por BD (autoritativo) con kick best-effort por SOAP.
Baneo días<=0 = permanente (unbandate=bandate, convención AzerothCore); desactiva
baneo activo previo antes de insertar el nuevo.
- API: GET /api/admin/users?q=, POST {accountId, action:ban|unban, reason, days} (403 sin admin).
- UI: /admin/users con AdminUsersManager (buscar por usuario/email, badges GM/online/baneado,
banear con motivo+días o desbanear), enlace desde el índice del admin.
- i18n es/en (Admin): 14 claves nuevas.
Verificado: build OK, /admin/users 307→login, APIs 403 sin admin.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
39 lines
1.8 KiB
TypeScript
39 lines
1.8 KiB
TypeScript
import { getSession } from '@/lib/session'
|
|
import { isAdmin } from '@/lib/admin'
|
|
import { searchAccounts, banAccount, unbanAccount } from '@/lib/admin-users'
|
|
|
|
/** Búsqueda de cuentas: GET /api/admin/users?q=... */
|
|
export async function GET(request: Request) {
|
|
const session = await getSession()
|
|
if (!(await isAdmin(session))) return Response.json({ success: false, error: 'forbidden' }, { status: 403 })
|
|
const q = (new URL(request.url).searchParams.get('q') || '').trim()
|
|
if (q.length < 2) return Response.json({ success: true, accounts: [] })
|
|
const accounts = await searchAccounts(q)
|
|
return Response.json({ success: true, accounts })
|
|
}
|
|
|
|
/** Ban/unban: POST /api/admin/users { accountId, action, reason?, days? } */
|
|
export async function POST(request: Request) {
|
|
const session = await getSession()
|
|
if (!(await isAdmin(session))) return Response.json({ success: false, error: 'forbidden' }, { status: 403 })
|
|
|
|
let b: Record<string, unknown> = {}
|
|
try { b = await request.json() } catch { return Response.json({ success: false, error: 'invalidRequest' }, { status: 400 }) }
|
|
const accountId = Number(b.accountId)
|
|
const action = String(b.action ?? '')
|
|
if (!accountId) return Response.json({ success: false, error: 'invalidRequest' }, { status: 400 })
|
|
|
|
if (action === 'ban') {
|
|
const reason = String(b.reason ?? '').trim() || 'Baneado desde el panel de administración'
|
|
const days = Number(b.days) || 0
|
|
const bannedBy = session.username || session.bnetEmail || 'admin'
|
|
const ok = await banAccount(accountId, reason, bannedBy, days)
|
|
return Response.json({ success: ok })
|
|
}
|
|
if (action === 'unban') {
|
|
const ok = await unbanAccount(accountId)
|
|
return Response.json({ success: ok })
|
|
}
|
|
return Response.json({ success: false, error: 'invalidRequest' }, { status: 400 })
|
|
}
|