route.ts 1.1 KB

1234567891011121314151617181920212223242526272829303132333435
  1. import { NextRequest, NextResponse } from "next/server";
  2. import { getAdminSession } from "@/lib/admin/session";
  3. import { getSupabaseAdminClient } from "@/lib/supabase/admin";
  4. import { UUID_REGEX } from "@/lib/constants";
  5. export async function DELETE(
  6. _request: NextRequest,
  7. { params }: { params: Promise<{ id: string }> },
  8. ) {
  9. const session = await getAdminSession();
  10. if (!session.isAdmin) {
  11. return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  12. }
  13. const { id } = await params;
  14. if (!UUID_REGEX.test(id)) {
  15. return NextResponse.json({ error: "Invalid user ID" }, { status: 400 });
  16. }
  17. const supabase = getSupabaseAdminClient();
  18. // public.users first so FK cascades run before auth record removal
  19. const { error: dbError } = await supabase.from("users").delete().eq("id", id);
  20. if (dbError) {
  21. return NextResponse.json({ error: dbError.message }, { status: 500 });
  22. }
  23. const { error: authError } = await supabase.auth.admin.deleteUser(id);
  24. if (authError) {
  25. return NextResponse.json({ error: authError.message }, { status: 500 });
  26. }
  27. return NextResponse.json({ ok: true });
  28. }