104 lines
3.2 KiB
JavaScript
104 lines
3.2 KiB
JavaScript
|
import express from 'express'
|
|||
|
|
import jwt from 'jsonwebtoken'
|
|||
|
|
import User from '../model/user.js'
|
|||
|
|
|
|||
|
|
const router = express.Router()
|
|||
|
|
|
|||
|
|
// 获取所有用户
|
|||
|
|
router.get('/', requireAuth, requireAdmin, async (req, res) => {
|
|||
|
|
try {
|
|||
|
|
const users = await User.find().select('-password')
|
|||
|
|
res.json(users)
|
|||
|
|
} catch (error) {
|
|||
|
|
res.status(500).json({ message: '获取用户信息时发生错误', error: error.message })
|
|||
|
|
}
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
// 创建新用户
|
|||
|
|
router.post('/', requireAuth, requireAdmin, async (req, res) => {
|
|||
|
|
try {
|
|||
|
|
const { username, nickname, password } = req.body
|
|||
|
|
const user = await User.create({
|
|||
|
|
username,
|
|||
|
|
nickname,
|
|||
|
|
password,
|
|||
|
|
role: 'user',
|
|||
|
|
})
|
|||
|
|
res.status(201).json(user)
|
|||
|
|
} catch (error) {
|
|||
|
|
res.status(400).json({ message: '创建用户时发生错误', error: error.message })
|
|||
|
|
}
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
// 删除用户
|
|||
|
|
router.delete('/:id', requireAuth, requireAdmin, async (req, res) => {
|
|||
|
|
try {
|
|||
|
|
if (req.user._id.toString() === req.params.id) {
|
|||
|
|
return res.status(400).json({ message: '不能删除你自己' })
|
|||
|
|
}
|
|||
|
|
const user = await User.findByIdAndDelete(req.params.id)
|
|||
|
|
if (user) {
|
|||
|
|
res.json({ message: '已删除用户' })
|
|||
|
|
} else {
|
|||
|
|
res.status(404).json({ message: '该用户不存在' })
|
|||
|
|
}
|
|||
|
|
} catch (error) {
|
|||
|
|
res.status(500).json({ message: '删除用户时发生错误', error: error.message })
|
|||
|
|
}
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
// 用户登录
|
|||
|
|
router.post('/login', async (req, res) => {
|
|||
|
|
try {
|
|||
|
|
const { username, password } = req.body
|
|||
|
|
const user = await User.findOne({ username })
|
|||
|
|
if (user && (await user.comparePassword(password))) {
|
|||
|
|
const token = jwt.sign({ id: user._id, username: user.username }, process.env.JWT_SECRET, {
|
|||
|
|
expiresIn: '24h',
|
|||
|
|
})
|
|||
|
|
res.json({ token, user })
|
|||
|
|
} else {
|
|||
|
|
res.status(401).json({ message: '用户名或密码错误' })
|
|||
|
|
}
|
|||
|
|
} catch (error) {
|
|||
|
|
res.status(500).json({ message: '登录过程中发生错误', error: error.message })
|
|||
|
|
}
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
/**
|
|||
|
|
* 验证用户身份,拒绝未认证的请求
|
|||
|
|
*/
|
|||
|
|
async function requireAuth(req, res, next) {
|
|||
|
|
const authHeader = req.headers['authorization']
|
|||
|
|
if (!authHeader) {
|
|||
|
|
return res.status(401).json({ message: '未提供身份验证信息' })
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
const token = authHeader.split(' ').pop()
|
|||
|
|
if (!token) {
|
|||
|
|
return res.status(401).json({ message: '提供了错误的身份验证信息' })
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
jwt.verify(token, process.env.JWT_SECRET, async (err, decoded) => {
|
|||
|
|
if (err) {
|
|||
|
|
return res.status(401).json({ message: '身份验证失败' })
|
|||
|
|
}
|
|||
|
|
// 从数据库获取完整的用户信息
|
|||
|
|
req.user = await User.findById(decoded.id)
|
|||
|
|
next()
|
|||
|
|
})
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
/**
|
|||
|
|
* 检查用户是否具有管理员权限,调用前必须先调用requireAuth中间件验证用户身份
|
|||
|
|
*/
|
|||
|
|
async function requireAdmin(req, res, next) {
|
|||
|
|
if (req.user && req.user.role === 'admin') {
|
|||
|
|
next()
|
|||
|
|
} else {
|
|||
|
|
res.status(403).json({ message: '需要管理员权限' })
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
export { router as userRouter, requireAuth, requireAdmin }
|