soul-yongping/app/api/user/profile/route.ts

/**
 * 用户资料API
 * 用于完善用户信息（头像、微信号、手机号）
 * 使用 Prisma ORM（安全，防SQL注入）
 */

import { NextRequest, NextResponse } from 'next/server'
import { prisma } from '@/lib/prisma'

/**
 * GET - 获取用户资料
 */
export async function GET(request: NextRequest) {
  const { searchParams } = new URL(request.url)
  const userId = searchParams.get('userId')
  const openId = searchParams.get('openId')
  
  if (!userId && !openId) {
    return NextResponse.json({
      success: false,
      error: '请提供userId或openId'
    }, { status: 400 })
  }
  
  try {
    // 使用 Prisma 查询（自动防SQL注入）
    const user = await prisma.users.findFirst({
      where: userId ? { id: userId } : { open_id: openId || '' },
      select: {
        id: true,
        open_id: true,
        nickname: true,
        avatar: true,
        phone: true,
        wechat_id: true,
        referral_code: true,
        has_full_book: true,
        is_admin: true,
        earnings: true,
        pending_earnings: true,
        referral_count: true,
        created_at: true
      }
    })
    
    if (!user) {
      return NextResponse.json({
        success: false,
        error: '用户不存在'
      }, { status: 404 })
    }
    
    // 检查资料完整度
    const profileComplete = !!(user.phone || user.wechat_id)
    const hasAvatar = !!user.avatar && !user.avatar.includes('picsum.photos')
    
    return NextResponse.json({
      success: true,
      data: {
        id: user.id,
        openId: user.open_id,
        nickname: user.nickname,
        avatar: user.avatar,
        phone: user.phone,
        wechatId: user.wechat_id,
        referralCode: user.referral_code,
        hasFullBook: user.has_full_book,
        earnings: parseFloat(user.earnings) || 0,
        pendingEarnings: parseFloat(user.pending_earnings) || 0,
        referralCount: user.referral_count || 0,
        profileComplete,
        hasAvatar,
        createdAt: user.created_at
      }
    })
    
  } catch (error) {
    console.error('[UserProfile] GET错误:', error)
    return NextResponse.json({
      success: false,
      error: '获取用户资料失败: ' + (error as Error).message
    }, { status: 500 })
  }
}

/**
 * POST - 更新用户资料
 */
export async function POST(request: NextRequest) {
  try {
    const body = await request.json()
    const { userId, openId, nickname, avatar, phone, wechatId } = body
    
    // 确定用户
    const identifier = userId || openId
    const identifierField = userId ? 'id' : 'open_id'
    
    if (!identifier) {
      return NextResponse.json({
        success: false,
        error: '请提供userId或openId'
      }, { status: 400 })
    }
    
    // 检查用户是否存在（Prisma 自动防SQL注入）
    const existingUser = await prisma.users.findFirst({
      where: identifierField === 'id' ? { id: identifier } : { open_id: identifier }
    })
    
    if (!existingUser) {
      return NextResponse.json({
        success: false,
        error: '用户不存在'
      }, { status: 404 })
    }
    
    const realUserId = existingUser.id
    
    // 构建更新字段
    const updates: string[] = []
    const values: any[] = []
    
    if (nickname !== undefined) {
      updates.push('nickname = ?')
      values.push(nickname)
    }
    if (avatar !== undefined) {
      updates.push('avatar = ?')
      values.push(avatar)
    }
    if (phone !== undefined) {
      // 验证手机号格式
      if (phone && !/^1[3-9]\d{9}$/.test(phone)) {
        return NextResponse.json({
          success: false,
          error: '手机号格式不正确'
        }, { status: 400 })
      }
      updates.push('phone = ?')
      values.push(phone)
    }
    if (wechatId !== undefined) {
      updates.push('wechat_id = ?')
      values.push(wechatId)
    }
    
    if (updates.length === 0) {
      return NextResponse.json({
        success: false,
        error: '没有需要更新的字段'
      }, { status: 400 })
    }
    
    // 构建 Prisma 更新数据对象
    const updateData: any = { updated_at: new Date() }
    if (nickname !== undefined) updateData.nickname = nickname
    if (avatar !== undefined) updateData.avatar = avatar
    if (phone !== undefined) updateData.phone = phone
    if (wechatId !== undefined) updateData.wechat_id = wechatId
    
    // 执行更新（Prisma 自动防SQL注入）
    const updatedUser = await prisma.users.update({
      where: { id: realUserId },
      data: updateData,
      select: {
        id: true,
        nickname: true,
        avatar: true,
        phone: true,
        wechat_id: true,
        referral_code: true
      }
    })
    
    return NextResponse.json({
      success: true,
      message: '资料更新成功',
      data: {
        id: updatedUser.id,
        nickname: updatedUser.nickname,
        avatar: updatedUser.avatar,
        phone: updatedUser.phone,
        wechatId: updatedUser.wechat_id,
        referralCode: updatedUser.referral_code
      }
    })
    
  } catch (error) {
    console.error('[UserProfile] POST错误:', error)
    return NextResponse.json({
      success: false,
      error: '更新用户资料失败: ' + (error as Error).message
    }, { status: 500 })
  }
}