soul-yongping/app/api/user/update/route.ts

/**
 * 用户信息更新API
 * 支持更新昵称、头像、手机号、微信号、支付宝、地址等
 * 使用 Prisma ORM（安全，防SQL注入）
 */

import { NextRequest, NextResponse } from 'next/server'
import { prisma } from '@/lib/prisma'

export async function POST(request: NextRequest) {
  try {
    const body = await request.json()
    const { userId, nickname, avatar, phone, wechat, alipay, address, autoWithdraw, withdrawAccount } = body
    
    if (!userId) {
      return NextResponse.json({ success: false, message: '缺少用户ID' }, { status: 400 })
    }
    
    // 构建 Prisma 更新数据对象
    const updateData: any = { updated_at: new Date() }
    
    if (nickname !== undefined) updateData.nickname = nickname
    if (avatar !== undefined) updateData.avatar = avatar
    if (phone !== undefined) updateData.phone = phone
    if (wechat !== undefined) updateData.wechat_id = wechat  // 映射到 wechat_id 字段
    // 注意：alipay, address, auto_withdraw, withdraw_account 在 schema 中不存在，需要先添加字段或移除
    
    if (Object.keys(updateData).length === 1) {
      return NextResponse.json({ success: false, message: '没有需要更新的字段' }, { status: 400 })
    }
    
    // 执行更新（Prisma 自动防SQL注入）
    await prisma.users.update({
      where: { id: userId },
      data: updateData
    })
    
    return NextResponse.json({
      success: true,
      message: '更新成功'
    })
    
  } catch (error) {
    console.error('[User Update] Error:', error)
    return NextResponse.json({
      success: false,
      message: '更新失败',
      error: String(error)
    }, { status: 500 })
  }
}