log in as other user

2024-04-13 13:04:02 +03:00
parent 717cd8499d
commit 471cbc0a55
5 changed files with 65 additions and 16 deletions
--- a/pages/api/auth/[...nextauth].ts
+++ b/pages/api/auth/[...nextauth].ts
@ -18,7 +18,7 @@ const common = require("../../../src/helpers/common");
 import { isLoggedIn, setAuthTokens, clearAuthTokens, getAccessToken, getRefreshToken } from 'axios-jwt'


-console.log("appleID:", process.env.APPLE_ID);
+console.log("appleID:", process.env.APPLE_APP_ID);
 // console.log(process.env.EMAIL_SERVER)
 // For more information on each option (and a full list of options) go to
 // https://next-auth.js.org/configuration/options
@ -43,7 +43,7 @@ export const authOptions: NextAuthOptions = {
      }
    }),
    AppleProvider({
-      clientId: process.env.APPLE_ID,
+      clientId: process.env.APPLE_APP_ID,
      clientSecret: process.env.APPLE_SECRET
    }),
    // AzureADProvider({
--- a/pages/api/auth/login-as.js
+++ b/pages/api/auth/login-as.js
@ -0,0 +1,40 @@
+// pages/api/auth/login-as.js
+
+import { getSession } from "next-auth/react";
+import prisma from '../../../lib/prisma'; // Adjust the path as per your setup
+
+export default async function handler(req, res) {
+    const session = await getSession({ req });
+    if (session && session.user.role === 'admin') {
+        const { userId } = req.body;
+
+        const userToImpersonate = await prisma.publisher.findUnique({
+            where: { id: userId }
+        });
+
+        if (userToImpersonate) {
+            // Create a custom session object for the impersonated user
+            const impersonatedSession = {
+                ...session,
+                user: {
+                    ...session.user,
+                    id: userToImpersonate.id,
+                    email: userToImpersonate.email,
+                    name: userToImpersonate.name,
+                    role: userToImpersonate.role,
+                    // add other necessary fields
+                },
+                impersonating: true, // flag to indicate impersonation
+                originalUser: session.user // save the original user for later
+            };
+
+            // Here you would typically use some method to create a session server-side
+            // For this example, we'll just send the impersonated session as a response
+            res.status(200).json({ session: impersonatedSession });
+        } else {
+            res.status(404).json({ error: 'User not found' });
+        }
+    } else {
+        res.status(403).json({ error: 'Unauthorized' });
+    }
+}