|
|
@@ -2,10 +2,19 @@
|
|
|
// Next Imports
|
|
|
import { NextResponse } from 'next/server'
|
|
|
import { PrismaClient } from '@prisma/client'
|
|
|
+import { getToken } from 'next-auth/jwt';
|
|
|
|
|
|
-const prisma = new PrismaClient()
|
|
|
+const prisma = new PrismaClient();
|
|
|
+const secret = process.env.NEXTAUTH_SECRET; // 确保在环境变量中设置了这个SECRET
|
|
|
|
|
|
-export async function GET() {
|
|
|
- const users = await prisma.user.findMany()
|
|
|
- return NextResponse.json(users)
|
|
|
+export async function GET(request) {
|
|
|
+ const token = await getToken({ req: request, secret });
|
|
|
+
|
|
|
+ // 检查用户是否已登录并且角色是否为admin
|
|
|
+ if (!token || token.role !== 'admin') {
|
|
|
+ return new NextResponse(null, { status: 401, statusText: 'Unauthorized' });
|
|
|
+ }
|
|
|
+
|
|
|
+ const users = await prisma.user.findMany();
|
|
|
+ return NextResponse.json(users);
|
|
|
}
|
