Add impersonation guards into auth utils

src/app/api/admin/impersonate/[slackId]/route.ts

@@ -1,29 +1,14 @@
-import { getSelfPerson } from '@/app/utils/airtable'
 import { redirect } from 'next/navigation'
 import { NextRequest } from 'next/server'
 
-import { HsSession, signAndSet } from '@/app/utils/auth'
+import { impersonate } from '@/app/utils/auth'
 
 export async function GET(
   _request: NextRequest,
   { params }: { params: { slackId: string } },
 ) {
   if (process.env.NODE_ENV === 'development') {
-    // only allow impersonation in development while testing
-    const { slackId } = params
-    // look for airtable user with this record
-    const person = await getSelfPerson(slackId)
-    const id = person.id
-    const email = person.fields.email
-
-    const session: HsSession = {
-      personId: id,
-      authType: 'impersonation',
-      slackId,
-      email,
-    }
-
-    await signAndSet(session)
+    impersonate(params.slackId)
   }
 
   redirect('/signpost')

src/app/utils/auth.ts

@@ -75,7 +75,28 @@ async function hashSession(session: HsSession) {
   return hashHex
 }
 
-export async function signAndSet(session: HsSession) {
+export async function impersonate(slackId: string) {
+  // only allow impersonation in development while testing
+  if (process.env.NODE_ENV !== 'development') {
+    return
+  }
+
+  // look for airtable user with this record
+  const person = await getSelfPerson(slackId)
+  const id = person.id
+  const email = person.fields.email
+
+  const session: HsSession = {
+    personId: id,
+    authType: 'impersonation',
+    slackId,
+    email,
+  }
+
+  await signAndSet(session)
+}
+
+async function signAndSet(session: HsSession) {
   session.sig = await hashSession(session)
 
   cookies().set(sessionCookieName, JSON.stringify(session), {