Merge branch 'main' of https://git.d-popov.com/popov/mwhitnessing

.env.development.popov

@@ -1,3 +1,5 @@
+# .ENV for vscode server .11 dev server #
+
 NODE_TLS_REJECT_UNAUTHORIZED=0 
 # NODE_EXTRA_CA_CERTS=C:\\Users\\popov\\AppData\\Local\\mkcert
 NODE_ENV=development

package.json

@@ -11,7 +11,8 @@
   "scripts": {
     "debug": "node server.js",
     "debug-env": "dotenv -e .env.$APP_ENV -- nodemon --inspect server.js",
-    "start-env": "dotenv -e .env.$APP_ENV -- npm run build && dotenv -e .env.$APP_ENV -- npm run start",
+    "start-env": "dotenv -e .env.$APP_ENV -- node server.js",
+    "run-env": "dotenv -e .env.$APP_ENV -- npm run build && dotenv -e .env.$APP_ENV -- npm run start",
     "prod": "dotenv -e .env.production -- node server.js",
     "build": "next build",
     "buildWin": "npm run build",

pages/api/auth/[...nextauth].ts

@@ -247,7 +247,10 @@ export const authOptions: NextAuthOptions = {
         session.user.role = token.role;
         session.user.name = token.name || token.email;
       }
-
+      if (user.impersonating) {
+        // Add flag to session if user is being impersonated
+        session.user.impersonating = true;
+      }
       // if (session?.user) {
       //   session.user.id = user.id; //duplicate
       // }

pages/api/auth/login-as.js

@@ -27,6 +27,8 @@ export default async function handler(req, res) {
                 impersonating: true, // flag to indicate impersonation
                 originalUser: session.user // save the original user for later
             };
+            // Log the event (simplified example)
+            console.log(`Admin ${session.user} impersonated user ${userToImpersonate.email} on ${new Date().toISOString()}`);
 
             // Here you would typically use some method to create a session server-side
             // For this example, we'll just send the impersonated session as a response