/** * Web 端登录:手机号 + 密码 * POST { phone, password } -> 校验后返回用户信息(不含密码) */ import { NextRequest, NextResponse } from 'next/server' import { query } from '@/lib/db' import { verifyPassword } from '@/lib/password' function mapRowToUser(r: any) { return { id: r.id, phone: r.phone || '', nickname: r.nickname || '', isAdmin: !!r.is_admin, purchasedSections: Array.isArray(r.purchased_sections) ? r.purchased_sections : (r.purchased_sections ? JSON.parse(String(r.purchased_sections)) : []) || [], hasFullBook: !!r.has_full_book, referralCode: r.referral_code || '', earnings: parseFloat(String(r.earnings || 0)), pendingEarnings: parseFloat(String(r.pending_earnings || 0)), withdrawnEarnings: parseFloat(String(r.withdrawn_earnings || 0)), referralCount: Number(r.referral_count) || 0, createdAt: r.created_at || '', } } export async function POST(request: NextRequest) { try { const body = await request.json() const { phone, password } = body if (!phone || !password) { return NextResponse.json( { success: false, error: '请输入手机号和密码' }, { status: 400 } ) } const rows = await query( 'SELECT id, phone, nickname, password, is_admin, has_full_book, referral_code, earnings, pending_earnings, withdrawn_earnings, referral_count, purchased_sections, created_at FROM users WHERE phone = ?', [String(phone).trim()] ) as any[] if (!rows || rows.length === 0) { return NextResponse.json( { success: false, error: '用户不存在或密码错误' }, { status: 401 } ) } const row = rows[0] const storedPassword = row.password == null ? '' : String(row.password) if (!verifyPassword(String(password), storedPassword)) { return NextResponse.json( { success: false, error: '密码错误' }, { status: 401 } ) } const user = mapRowToUser(row) return NextResponse.json({ success: true, user }) } catch (e) { console.error('[Auth Login] error:', e) return NextResponse.json( { success: false, error: '登录失败' }, { status: 500 } ) } }