| 1234567891011121314151617181920212223242526272829303132333435 |
- import { NextRequest, NextResponse } from "next/server";
- import { getAdminSession } from "@/lib/admin/session";
- import { getSupabaseAdminClient } from "@/lib/supabase/admin";
- import { UUID_REGEX } from "@/lib/constants";
- export async function DELETE(
- _request: NextRequest,
- { params }: { params: Promise<{ id: string }> },
- ) {
- const session = await getAdminSession();
- if (!session.isAdmin) {
- return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
- }
- const { id } = await params;
- if (!UUID_REGEX.test(id)) {
- return NextResponse.json({ error: "Invalid user ID" }, { status: 400 });
- }
- const supabase = getSupabaseAdminClient();
- // public.users first so FK cascades run before auth record removal
- const { error: dbError } = await supabase.from("users").delete().eq("id", id);
- if (dbError) {
- return NextResponse.json({ error: dbError.message }, { status: 500 });
- }
- const { error: authError } = await supabase.auth.admin.deleteUser(id);
- if (authError) {
- return NextResponse.json({ error: authError.message }, { status: 500 });
- }
- return NextResponse.json({ ok: true });
- }
|