Implement database migration, notification logs, and one-click Mailcow setup

app/api/users/[id]/route.ts

@@ -0,0 +1,54 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { prisma } from "@/lib/prisma";
+
+// PATCH /api/users/[id] — update a user
+export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const session = await auth();
+  const { id } = await params;
+
+  if (!session || session.user.role !== "SUPER_ADMIN") {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  }
+
+  try {
+    const body = await req.json();
+    const { name, email, password, role, domains, telegramId } = body;
+
+    const user = await prisma.user.update({
+      where: { id },
+      data: {
+        name,
+        email: email?.toLowerCase(),
+        password,
+        role,
+        domains,
+        telegramId,
+      },
+    });
+
+    return NextResponse.json(user);
+  } catch (error: any) {
+    return NextResponse.json({ error: error.message }, { status: 500 });
+  }
+}
+
+// DELETE /api/users/[id] — delete a user
+export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const session = await auth();
+  const { id } = await params;
+
+  if (!session || session.user.role !== "SUPER_ADMIN") {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  }
+
+  try {
+    await prisma.user.delete({
+      where: { id },
+    });
+
+    return NextResponse.json({ status: "ok" });
+  } catch (error: any) {
+    return NextResponse.json({ error: error.message }, { status: 500 });
+  }
+}

app/api/users/route.ts

@@ -1,22 +1,45 @@
-import { NextResponse } from "next/server";
+import { NextRequest, NextResponse } from "next/server";
 import { auth } from "@/auth";
-import { getUsers } from "@/lib/users";
+import { prisma } from "@/lib/prisma";
 
-// GET /api/users — super admin only, lists env-defined users (no passwords)
+// GET /api/users — list all users
 export async function GET() {
   const session = await auth();
   if (!session || session.user.role !== "SUPER_ADMIN") {
     return NextResponse.json({ error: "Forbidden" }, { status: 403 });
   }
 
-  const allUsers = await getUsers();
-  const users = allUsers.map(({ id, name, email, role, domains }) => ({
-    id,
-    name,
-    email,
-    role,
-    domains,
-  }));
+  const users = await prisma.user.findMany({
+    orderBy: { createdAt: "asc" },
+  });
 
   return NextResponse.json(users);
 }
+
+// POST /api/users — create a new user
+export async function POST(req: NextRequest) {
+  const session = await auth();
+  if (!session || session.user.role !== "SUPER_ADMIN") {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  }
+
+  try {
+    const body = await req.json();
+    const { name, email, password, role, domains, telegramId } = body;
+
+    const user = await prisma.user.create({
+      data: {
+        name,
+        email: email.toLowerCase(),
+        password,
+        role: role || "DOMAIN_ADMIN",
+        domains: domains || [],
+        telegramId,
+      },
+    });
+
+    return NextResponse.json(user);
+  } catch (error: any) {
+    return NextResponse.json({ error: error.message }, { status: 500 });
+  }
+}