// API route for getting and updating SMTP settings (protected by admin check) import { NextResponse } from 'next/server'; import { createServerClient } from '@supabase/ssr'; export async function GET() { const supabase = createServerClient( process.env.NEXT_PUBLIC_SUPABASE_URL ?? '', process.env.SUPABASE_SERVICE_ROLE_KEY ?? '' ); const { data: { session } } = await supabase.auth.getSession(); if (!session) { return NextResponse.json({ error: 'Not authenticated' }, { status: 401 }); } const { data: user } = await supabase.from('users').select('role').eq('id', session.user.id).single(); if (!user || user.role !== 'admin') { return NextResponse.json({ error: 'Insufficient permissions' }, { status: 403 }); } const { data, error } = await supabase.from('settings').select('*').single(); if (error) { return NextResponse.json({ error: error.message }, { status: 500 }); } return NextResponse.json({ settings: data }); } export async function POST(request: Request) { const supabase = createServerClient( process.env.NEXT_PUBLIC_SUPABASE_URL ?? '', process.env.SUPABASE_SERVICE_ROLE_KEY ?? '' ); const { data: { session } } = await supabase.auth.getSession(); if (!session) { return NextResponse.json({ error: 'Not authenticated' }, { status: 401 }); } const { data: user } = await supabase.from('users').select('role').eq('id', session.user.id).single(); if (!user || user.role !== 'admin') { return NextResponse.json({ error: 'Insufficient permissions' }, { status: 403 }); } const payload = await request.json(); // expect {host, port, secure, user, pass} const { error } = await supabase .from('settings') .upsert({ id: 'smtp', ...payload }) .single(); if (error) { return NextResponse.json({ error: error.message }, { status: 500 }); } return NextResponse.json({ message: 'SMTP settings saved' }); }