Files
NightSpire/web-next/app/api/admin/users/route.ts
T
Inna d382adcd59 Admin: gestión de usuarios (buscar, banear/desbanear)
- lib/admin-users.ts: searchAccounts (acore_auth.account + account_banned + gmlevel),
  banAccount/unbanAccount por BD (autoritativo) con kick best-effort por SOAP.
  Baneo días<=0 = permanente (unbandate=bandate, convención AzerothCore); desactiva
  baneo activo previo antes de insertar el nuevo.
- API: GET /api/admin/users?q=, POST {accountId, action:ban|unban, reason, days} (403 sin admin).
- UI: /admin/users con AdminUsersManager (buscar por usuario/email, badges GM/online/baneado,
  banear con motivo+días o desbanear), enlace desde el índice del admin.
- i18n es/en (Admin): 14 claves nuevas.

Verificado: build OK, /admin/users 307→login, APIs 403 sin admin.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-13 00:39:08 +00:00

39 lines
1.8 KiB
TypeScript

import { getSession } from '@/lib/session'
import { isAdmin } from '@/lib/admin'
import { searchAccounts, banAccount, unbanAccount } from '@/lib/admin-users'
/** Búsqueda de cuentas: GET /api/admin/users?q=... */
export async function GET(request: Request) {
const session = await getSession()
if (!(await isAdmin(session))) return Response.json({ success: false, error: 'forbidden' }, { status: 403 })
const q = (new URL(request.url).searchParams.get('q') || '').trim()
if (q.length < 2) return Response.json({ success: true, accounts: [] })
const accounts = await searchAccounts(q)
return Response.json({ success: true, accounts })
}
/** Ban/unban: POST /api/admin/users { accountId, action, reason?, days? } */
export async function POST(request: Request) {
const session = await getSession()
if (!(await isAdmin(session))) return Response.json({ success: false, error: 'forbidden' }, { status: 403 })
let b: Record<string, unknown> = {}
try { b = await request.json() } catch { return Response.json({ success: false, error: 'invalidRequest' }, { status: 400 }) }
const accountId = Number(b.accountId)
const action = String(b.action ?? '')
if (!accountId) return Response.json({ success: false, error: 'invalidRequest' }, { status: 400 })
if (action === 'ban') {
const reason = String(b.reason ?? '').trim() || 'Baneado desde el panel de administración'
const days = Number(b.days) || 0
const bannedBy = session.username || session.bnetEmail || 'admin'
const ok = await banAccount(accountId, reason, bannedBy, days)
return Response.json({ success: ok })
}
if (action === 'unban') {
const ok = await unbanAccount(accountId)
return Response.json({ success: ok })
}
return Response.json({ success: false, error: 'invalidRequest' }, { status: 400 })
}