binouz/lib/admin.ts

import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { db } from "@/lib/db";

export type AdminGuardResult =
  | {
      ok: true;
      discordId: string;
    }
  | {
      ok: false;
      response: Response;
    };

export const requireAdmin = async (): Promise<AdminGuardResult> => {
  const session = await getServerSession(authOptions);
  const discordId = session?.user?.discordId;

  if (!discordId) {
    return {
      ok: false,
      response: Response.json({ error: "Unauthorized" }, { status: 401 }),
    };
  }

  const envAdmin = process.env.ADMIN_DISCORD_ID;
  if (envAdmin && envAdmin === discordId) {
    return { ok: true, discordId };
  }

  const admin = await db.admin.findUnique({ where: { discordId } });
  if (!admin) {
    return {
      ok: false,
      response: Response.json({ error: "Forbidden" }, { status: 403 }),
    };
  }

  return { ok: true, discordId };
};