import { NextRequest, NextResponse } from "next/server"; import { prisma } from "@/lib/prisma"; import { hashPassword } from "@/lib/auth"; import { requireAuth, requireRole } from "@/lib/api-auth"; export async function GET() { const user = await requireAuth(); if (user instanceof NextResponse) return user; const where = user.role === "superadmin" ? {} : { id: user.establishmentId }; const establishments = await prisma.establishment.findMany({ where, include: { subscription: true, _count: { select: { users: true, classes: true } } }, orderBy: { createdAt: "desc" }, }); return NextResponse.json(establishments); } export async function POST(req: NextRequest) { const user = await requireAuth(); if (user instanceof NextResponse) return user; const denied = requireRole(user, "superadmin"); if (denied) return denied; const body = await req.json(); const { name, slug, adminEmail, adminPassword } = body; const establishment = await prisma.establishment.create({ data: { name, slug }, }); await prisma.subscription.create({ data: { establishmentId: establishment.id, plan: "trial", status: "active" }, }); if (adminEmail && adminPassword) { await prisma.user.create({ data: { email: adminEmail, password: await hashPassword(adminPassword), role: "admin", establishmentId: establishment.id, }, }); } return NextResponse.json(establishment, { status: 201 }); }