/** * Admin Individual User API * Get, update, delete specific user */ import { NextRequest, NextResponse } from 'next/server'; import { PrismaClient } from '@prisma/client'; import { AuthMiddleware } from '@/lib/auth'; import bcrypt from 'bcryptjs'; const prisma = new PrismaClient(); /** * GET /api/admin/users/[id] * Get detailed user information with full stats */ export async function GET( request: NextRequest, { params }: { params: Promise<{ id: string }> } ) { try { const authResponse = await AuthMiddleware.requireRole(request, 'ADMIN'); if (authResponse) return authResponse; const { id } = await params; const user = await prisma.user.findUnique({ where: { id }, select: { id: true, email: true, firstName: true, lastName: true, avatar: true, role: true, subscriptionTier: true, subscriptionId: true, stripeCustomerId: true, trialEndsAt: true, subscriptionEndsAt: true, canceledAt: true, emailVerified: true, emailVerifiedAt: true, isActive: true, isBanned: true, bannedAt: true, bannedReason: true, lastLoginAt: true, lastLoginIp: true, totalLogins: true, adminNotes: true, riskTolerance: true, experienceLevel: true, affiliateCode: true, affiliateTrackingId: true, createdAt: true, updatedAt: true, _count: { select: { strategies: true, conversations: true, feedback: true, notifications: true, } } } }); if (!user) { return NextResponse.json({ error: 'User not found' }, { status: 404 }); } // Get backtest stats const backtestStats = await prisma.backtestResult.aggregate({ where: { userId: id }, _count: { id: true }, }); // Get recent backtests const recentBacktests = await prisma.backtestResult.findMany({ where: { userId: id }, orderBy: { createdAt: 'desc' }, take: 10, select: { id: true, strategyName: true, market: true, status: true, performance: true, createdAt: true, } }); // Get strategies const strategies = await prisma.strategy.findMany({ where: { userId: id }, orderBy: { createdAt: 'desc' }, take: 10, select: { id: true, name: true, domain: true, isPublic: true, totalTrades: true, winRate: true, createdAt: true, } }); // Get paper trading account const paperAccount = await prisma.paperTradingAccount.findUnique({ where: { userId: id }, select: { balance: true, startingBalance: true, totalBets: true, winningBets: true, losingBets: true, createdAt: true, } }); // Get recent activity (analytics events) const recentActivity = await prisma.userAnalytics.findMany({ where: { userId: id }, orderBy: { createdAt: 'desc' }, take: 20, select: { eventType: true, eventData: true, createdAt: true, } }); return NextResponse.json({ user: { ...user, strategyCount: user._count.strategies, conversationCount: user._count.conversations, feedbackCount: user._count.feedback, }, stats: { backtests: { total: backtestStats._count.id, }, paperTrading: paperAccount ? { ...paperAccount, profitLoss: paperAccount.balance - paperAccount.startingBalance, } : null, }, recentBacktests, strategies, recentActivity, }); } catch (error: any) { console.error('[AdminUserAPI] Get error:', error); return NextResponse.json({ error: error.message || 'Internal error' }, { status: 500 }); } } /** * PUT /api/admin/users/[id] * Update user information * * Body: { firstName?, lastName?, role?, subscriptionTier?, isActive?, adminNotes?, password? } */ export async function PUT( request: NextRequest, { params }: { params: Promise<{ id: string }> } ) { try { const authResponse = await AuthMiddleware.requireRole(request, 'ADMIN'); if (authResponse) return authResponse; const { id } = await params; const body = await request.json(); // Check user exists const existing = await prisma.user.findUnique({ where: { id } }); if (!existing) { return NextResponse.json({ error: 'User not found' }, { status: 404 }); } // Build update data const updateData: any = {}; if (body.firstName !== undefined) updateData.firstName = body.firstName; if (body.lastName !== undefined) updateData.lastName = body.lastName; if (body.role !== undefined) updateData.role = body.role; if (body.subscriptionTier !== undefined) updateData.subscriptionTier = body.subscriptionTier; if (body.isActive !== undefined) updateData.isActive = body.isActive; if (body.adminNotes !== undefined) updateData.adminNotes = body.adminNotes; if (body.emailVerified !== undefined) updateData.emailVerified = body.emailVerified; // Handle password change if (body.password) { updateData.passwordHash = await bcrypt.hash(body.password, 10); } const user = await prisma.user.update({ where: { id }, data: updateData, select: { id: true, email: true, firstName: true, lastName: true, role: true, subscriptionTier: true, isActive: true, isBanned: true, adminNotes: true, updatedAt: true, } }); return NextResponse.json({ success: true, user }); } catch (error: any) { console.error('[AdminUserAPI] Update error:', error); return NextResponse.json({ error: error.message || 'Internal error' }, { status: 500 }); } } /** * DELETE /api/admin/users/[id] * Soft-delete user (set isActive = false) * Use ?hard=true for permanent deletion */ export async function DELETE( request: NextRequest, { params }: { params: Promise<{ id: string }> } ) { try { const authResponse = await AuthMiddleware.requireRole(request, 'ADMIN'); if (authResponse) return authResponse; const { id } = await params; const hardDelete = request.nextUrl.searchParams.get('hard') === 'true'; // Check user exists const existing = await prisma.user.findUnique({ where: { id } }); if (!existing) { return NextResponse.json({ error: 'User not found' }, { status: 404 }); } // Prevent deleting self or other admins without hard flag if (existing.role === 'ADMIN' && !hardDelete) { return NextResponse.json({ error: 'Cannot soft-delete admin users. Use hard delete with caution.' }, { status: 400 }); } if (hardDelete) { // Permanently delete user and all related data await prisma.user.delete({ where: { id } }); return NextResponse.json({ success: true, message: 'User permanently deleted' }); } else { // Soft delete - just deactivate await prisma.user.update({ where: { id }, data: { isActive: false } }); return NextResponse.json({ success: true, message: 'User deactivated' }); } } catch (error: any) { console.error('[AdminUserAPI] Delete error:', error); return NextResponse.json({ error: error.message || 'Internal error' }, { status: 500 }); } }