feat: 支持用户管理

2026-03-15 15:45:09 +08:00
parent 7628768869
commit 3c35f1982f
9 changed files with 738 additions and 82 deletions
--- a/app/api/users/route.ts
+++ b/app/api/users/route.ts
@@ -0,0 +1,217 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { prisma } from '@/lib/prisma'
+import { auth } from '@/lib/auth'
+import { hashPassword } from 'better-auth/crypto'
+import { v4 as uuidv4 } from 'uuid'
+
+// GET /api/users - Get all users
+export async function GET(request: NextRequest) {
+  try {
+    const session = await auth.api.getSession({
+      headers: request.headers,
+    })
+
+    if (!session) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const users = await prisma.user.findMany({
+      orderBy: { createdAt: 'desc' },
+      select: {
+        id: true,
+        email: true,
+        emailVerified: true,
+        name: true,
+        image: true,
+        createdAt: true,
+        updatedAt: true,
+      },
+    })
+
+    return NextResponse.json(users)
+  } catch (error) {
+    console.error('Error fetching users:', error)
+    return NextResponse.json(
+      { error: 'Failed to fetch users' },
+      { status: 500 }
+    )
+  }
+}
+
+// POST /api/users - Create a new user
+export async function POST(request: NextRequest) {
+  try {
+    const session = await auth.api.getSession({
+      headers: request.headers,
+    })
+
+    if (!session) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await request.json()
+    const { email, password, name } = body
+
+    if (!email || !password) {
+      return NextResponse.json(
+        { error: 'email and password are required' },
+        { status: 400 }
+      )
+    }
+
+    // Check if user already exists
+    const existingUser = await prisma.user.findUnique({
+      where: { email },
+    })
+
+    if (existingUser) {
+      return NextResponse.json(
+        { error: '该邮箱已被注册' },
+        { status: 400 }
+      )
+    }
+
+    // Hash password
+    const hashedPassword = await hashPassword(password)
+
+    const userId = uuidv4()
+    const accountId = uuidv4()
+
+    // Create user and account in transaction
+    const user = await prisma.$transaction(async (tx) => {
+      const newUser = await tx.user.create({
+        data: {
+          id: userId,
+          email,
+          name: name || null,
+        },
+      })
+
+      await tx.account.create({
+        data: {
+          id: accountId,
+          accountId: userId,
+          providerId: 'credential',
+          userId: userId,
+          password: hashedPassword,
+        },
+      })
+
+      return newUser
+    })
+
+    return NextResponse.json(user, { status: 201 })
+  } catch (error) {
+    console.error('Error creating user:', error)
+    return NextResponse.json(
+      { error: 'Failed to create user' },
+      { status: 500 }
+    )
+  }
+}
+
+// PUT /api/users - Update a user
+export async function PUT(request: NextRequest) {
+  try {
+    const session = await auth.api.getSession({
+      headers: request.headers,
+    })
+
+    if (!session) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await request.json()
+    const { id, email, password, name } = body
+
+    if (!id) {
+      return NextResponse.json({ error: 'id is required' }, { status: 400 })
+    }
+
+    // Check if email is taken by another user
+    if (email) {
+      const existingUser = await prisma.user.findFirst({
+        where: {
+          email,
+          NOT: { id },
+        },
+      })
+
+      if (existingUser) {
+        return NextResponse.json(
+          { error: '该邮箱已被其他用户使用' },
+          { status: 400 }
+        )
+      }
+    }
+
+    // Update user and optionally password
+    const user = await prisma.$transaction(async (tx) => {
+      const updatedUser = await tx.user.update({
+        where: { id },
+        data: {
+          email,
+          name: name || null,
+        },
+      })
+
+      if (password) {
+        const hashedPassword = await hashPassword(password)
+        await tx.account.updateMany({
+          where: { userId: id, providerId: 'credential' },
+          data: { password: hashedPassword },
+        })
+      }
+
+      return updatedUser
+    })
+
+    return NextResponse.json(user)
+  } catch (error) {
+    console.error('Error updating user:', error)
+    return NextResponse.json(
+      { error: 'Failed to update user' },
+      { status: 500 }
+    )
+  }
+}
+
+// DELETE /api/users - Delete a user
+export async function DELETE(request: NextRequest) {
+  try {
+    const session = await auth.api.getSession({
+      headers: request.headers,
+    })
+
+    if (!session) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { searchParams } = new URL(request.url)
+    const id = searchParams.get('id')
+
+    if (!id) {
+      return NextResponse.json({ error: 'id is required' }, { status: 400 })
+    }
+
+    // Prevent deleting yourself
+    if (id === session.user.id) {
+      return NextResponse.json(
+        { error: '不能删除自己的账户' },
+        { status: 400 }
+      )
+    }
+
+    await prisma.user.delete({
+      where: { id },
+    })
+
+    return NextResponse.json({ success: true })
+  } catch (error) {
+    console.error('Error deleting user:', error)
+    return NextResponse.json(
+      { error: 'Failed to delete user' },
+      { status: 500 }
+    )
+  }
+}