T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/backups/lavocat.quebec/backup-20250730-021618/src/pages/api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/backups/lavocat.quebec/backup-20250730-021618/src/pages/api/debug-impersonation.ts
import { NextApiRequest, NextApiResponse } from 'next';
import { getServerSession } from 'next-auth';
import { authOptions } from '../../lib/auth';
import { prisma } from '../../lib/prisma';

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  if (req.method !== 'GET') {
    return res.status(405).json({ error: 'Method not allowed' });
  }

  try {
    console.log('🔍 Debugging impersonation status...');
    const session = await getServerSession(req, res, authOptions);
    
    if (!session?.user) {
      return res.status(401).json({ error: 'No session found' });
    }

    // Check for active impersonation session
    const impersonationSession = await prisma.impersonationSession.findFirst({
      where: {
        originalUserId: session.user.id,
        isActive: true
      },
      include: {
        impersonatedUser: {
          select: {
            id: true,
            email: true,
            name: true,
            role: true
          }
        },
        originalUser: {
          select: {
            id: true,
            email: true,
            name: true,
            role: true
          }
        }
      }
    });

    const result = {
      currentSession: {
        id: session.user.id,
        email: session.user.email,
        name: session.user.name,
        role: session.user.role,
        isImpersonating: session.user.isImpersonating
      },
      impersonationStatus: {
        isImpersonating: !!impersonationSession,
        impersonatedUser: impersonationSession?.impersonatedUser || null,
        originalUser: impersonationSession?.originalUser || null
      },
      accessCheck: {
        canAccessCases: ['SUPERADMIN', 'ADMIN'].includes(session.user.role),
        currentRole: session.user.role,
        requiredRoles: ['SUPERADMIN', 'ADMIN']
      }
    };

    console.log('📊 Impersonation debug result:', result);
    
    return res.status(200).json(result);
  } catch (error) {
    console.error('❌ Impersonation debug error:', error);
    return res.status(500).json({ 
      error: 'Failed to debug impersonation',
      details: error instanceof Error ? error.message : 'Unknown error'
    });
  }
}

CasperSecurity Mini