57 lines
2.5 KiB
TypeScript
57 lines
2.5 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { getDb } from '@/lib/db'
|
|
import { initDatabase } from '@/lib/db-schema'
|
|
import { getCurrentUser } from '@/lib/auth'
|
|
import { hasPermission } from '@/lib/permissions'
|
|
import { hashPassword } from '@/lib/auth'
|
|
|
|
export async function GET() {
|
|
try {
|
|
initDatabase()
|
|
const user = await getCurrentUser()
|
|
if (!user) return NextResponse.json({ error: '未登录' }, { status: 401 })
|
|
if (!hasPermission(user, 'users:read')) return NextResponse.json({ error: '权限不足' }, { status: 403 })
|
|
|
|
const db = getDb()
|
|
const users = db.prepare(`SELECT id, username, display_name, email, role, is_active, created_at, updated_at,
|
|
last_login_at,
|
|
CASE WHEN last_active_at IS NOT NULL AND datetime(last_active_at, '+5 minutes') > datetime('now', '+8 hours') THEN 1 ELSE 0 END AS is_online
|
|
FROM users ORDER BY id`).all()
|
|
return NextResponse.json({ users })
|
|
} catch (e) {
|
|
const msg = e instanceof Error ? e.message : '查询失败'
|
|
return NextResponse.json({ error: msg }, { status: 500 })
|
|
}
|
|
}
|
|
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
initDatabase()
|
|
const user = await getCurrentUser()
|
|
if (!user) return NextResponse.json({ error: '未登录' }, { status: 401 })
|
|
if (!hasPermission(user, 'users:write')) return NextResponse.json({ error: '权限不足' }, { status: 403 })
|
|
|
|
const body = await request.json()
|
|
const { username, password, display_name, email, role } = body
|
|
|
|
if (!username || !password || !display_name) {
|
|
return NextResponse.json({ error: '用户名、密码和显示名称为必填项' }, { status: 400 })
|
|
}
|
|
|
|
const db = getDb()
|
|
const existing = db.prepare('SELECT id FROM users WHERE username = ?').get(username)
|
|
if (existing) return NextResponse.json({ error: '用户名已存在' }, { status: 400 })
|
|
|
|
const hash = hashPassword(password)
|
|
const result = db.prepare(
|
|
"INSERT INTO users (username, password_hash, display_name, email, role, created_at, updated_at) VALUES (?, ?, ?, ?, ?, datetime('now', '+8 hours'), datetime('now', '+8 hours'))"
|
|
).run(username, hash, display_name, email || null, role || 'viewer')
|
|
|
|
const newUser = db.prepare('SELECT id, username, display_name, email, role, is_active, created_at FROM users WHERE id = ?').get(result.lastInsertRowid)
|
|
return NextResponse.json({ user: newUser }, { status: 201 })
|
|
} catch (e) {
|
|
const msg = e instanceof Error ? e.message : '创建失败'
|
|
return NextResponse.json({ error: msg }, { status: 500 })
|
|
}
|
|
}
|