fnvtk/soul-yongping
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

更新管理员登录和鉴权逻辑,优化用户体验;重构相关API以支持更安全的身份验证;调整数据库初始化以兼容新字段,确保用户信息安全;修复部分组件样式和功能,提升整体可用性。

Browse Source
This commit is contained in:
乘风
2026-01-31 23:25:14 +08:00
parent c7b125535c
commit bd23273190
22 changed files with 861 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
app/api/db/users/route.ts
View File

@@ -5,6 +5,7 @@
import { NextRequest, NextResponse } from 'next/server'
import { query } from '@/lib/db'
import { hashPassword } from '@/lib/password'
// 生成用户ID
function generateUserId(): string {
@@ -32,29 +33,35 @@ export async function GET(request: NextRequest) {
const openId = searchParams.get('openId')
try {
// 获取单个用户
const omitPassword = (u: any) => {
if (!u) return u
const { password: _, ...rest } = u
return rest
}
// 获取单个用户(不返回 password
if (id) {
const users = await query('SELECT * FROM users WHERE id = ?', [id]) as any[]
if (users.length > 0) {
return NextResponse.json({ success: true, user: users[0] })
return NextResponse.json({ success: true, user: omitPassword(users[0]) })
}
return NextResponse.json({ success: false, error: '用户不存在' }, { status: 404 })
}
// 通过手机号查询
if (phone) {
const users = await query('SELECT * FROM users WHERE phone = ?', [phone]) as any[]
if (users.length > 0) {
return NextResponse.json({ success: true, user: users[0] })
return NextResponse.json({ success: true, user: omitPassword(users[0]) })
}
return NextResponse.json({ success: false, error: '用户不存在' }, { status: 404 })
}
// 通过openId查询
if (openId) {
const users = await query('SELECT * FROM users WHERE open_id = ?', [openId]) as any[]
if (users.length > 0) {
return NextResponse.json({ success: true, user: users[0] })
return NextResponse.json({ success: true, user: omitPassword(users[0]) })
}
return NextResponse.json({ success: false, error: '用户不存在' }, { status: 404 })
}
@@ -95,13 +102,18 @@ export async function POST(request: NextRequest) {
const body = await request.json()
const { openId, phone, nickname, password, wechatId, avatar, referredBy, is_admin } = body
// 密码确保非空字符串才存储bcrypt 哈希)
const rawPassword = typeof password === 'string' ? password.trim() : ''
const passwordToStore = rawPassword.length >= 6 ? hashPassword(rawPassword) : null
// 检查openId或手机号是否已存在
if (openId) {
const existing = await query('SELECT id FROM users WHERE open_id = ?', [openId]) as any[]
if (existing.length > 0) {
// 已存在,返回现有用户
const users = await query('SELECT * FROM users WHERE open_id = ?', [openId]) as any[]
return NextResponse.json({ success: true, user: users[0], isNew: false })
const u = users[0]
const { password: _p2, ...userSafe } = u || {}
return NextResponse.json({ success: true, user: userSafe, isNew: false })
}
}
@@ -115,7 +127,7 @@ export async function POST(request: NextRequest) {
// 生成用户ID和推荐码
const userId = generateUserId()
const referralCode = generateReferralCode(openId || phone || userId)
// 创建用户
await query(`
INSERT INTO users (
@@ -128,7 +140,7 @@ export async function POST(request: NextRequest) {
openId || null,
phone || null,
nickname || '用户' + userId.slice(-4),
password || null,
passwordToStore,
wechatId || null,
avatar || null,
referralCode,
@@ -136,12 +148,13 @@ export async function POST(request: NextRequest) {
is_admin || false
])
// 返回新用户
// 返回新用户(不返回 password
const users = await query('SELECT * FROM users WHERE id = ?', [userId]) as any[]
const u = users[0]
const { password: _p, ...userSafe } = u || {}
return NextResponse.json({
success: true,
user: users[0],
user: userSafe,
isNew: true,
message: '用户创建成功'
})
@@ -189,7 +202,7 @@ export async function PUT(request: NextRequest) {
}
if (password !== undefined) {
updates.push('password = ?')
values.push(password)
values.push(password === '' || password == null ? null : hashPassword(String(password).trim()))
}
if (has_full_book !== undefined) {
updates.push('has_full_book = ?')