218 lines
5.1 KiB
TypeScript
218 lines
5.1 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { prisma } from '@/lib/prisma'
|
|
import { auth } from '@/lib/auth'
|
|
import { hashPassword } from 'better-auth/crypto'
|
|
import { v4 as uuidv4 } from 'uuid'
|
|
|
|
// GET /api/users - Get all users
|
|
export async function GET(request: NextRequest) {
|
|
try {
|
|
const session = await auth.api.getSession({
|
|
headers: request.headers,
|
|
})
|
|
|
|
if (!session) {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
|
}
|
|
|
|
const users = await prisma.user.findMany({
|
|
orderBy: { createdAt: 'desc' },
|
|
select: {
|
|
id: true,
|
|
email: true,
|
|
emailVerified: true,
|
|
name: true,
|
|
image: true,
|
|
createdAt: true,
|
|
updatedAt: true,
|
|
},
|
|
})
|
|
|
|
return NextResponse.json(users)
|
|
} catch (error) {
|
|
console.error('Error fetching users:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Failed to fetch users' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|
|
|
|
// POST /api/users - Create a new user
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
const session = await auth.api.getSession({
|
|
headers: request.headers,
|
|
})
|
|
|
|
if (!session) {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
|
}
|
|
|
|
const body = await request.json()
|
|
const { email, password, name } = body
|
|
|
|
if (!email || !password) {
|
|
return NextResponse.json(
|
|
{ error: 'email and password are required' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Check if user already exists
|
|
const existingUser = await prisma.user.findUnique({
|
|
where: { email },
|
|
})
|
|
|
|
if (existingUser) {
|
|
return NextResponse.json(
|
|
{ error: '该邮箱已被注册' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Hash password
|
|
const hashedPassword = await hashPassword(password)
|
|
|
|
const userId = uuidv4()
|
|
const accountId = uuidv4()
|
|
|
|
// Create user and account in transaction
|
|
const user = await prisma.$transaction(async (tx) => {
|
|
const newUser = await tx.user.create({
|
|
data: {
|
|
id: userId,
|
|
email,
|
|
name: name || null,
|
|
},
|
|
})
|
|
|
|
await tx.account.create({
|
|
data: {
|
|
id: accountId,
|
|
accountId: userId,
|
|
providerId: 'credential',
|
|
userId: userId,
|
|
password: hashedPassword,
|
|
},
|
|
})
|
|
|
|
return newUser
|
|
})
|
|
|
|
return NextResponse.json(user, { status: 201 })
|
|
} catch (error) {
|
|
console.error('Error creating user:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Failed to create user' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|
|
|
|
// PUT /api/users - Update a user
|
|
export async function PUT(request: NextRequest) {
|
|
try {
|
|
const session = await auth.api.getSession({
|
|
headers: request.headers,
|
|
})
|
|
|
|
if (!session) {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
|
}
|
|
|
|
const body = await request.json()
|
|
const { id, email, password, name } = body
|
|
|
|
if (!id) {
|
|
return NextResponse.json({ error: 'id is required' }, { status: 400 })
|
|
}
|
|
|
|
// Check if email is taken by another user
|
|
if (email) {
|
|
const existingUser = await prisma.user.findFirst({
|
|
where: {
|
|
email,
|
|
NOT: { id },
|
|
},
|
|
})
|
|
|
|
if (existingUser) {
|
|
return NextResponse.json(
|
|
{ error: '该邮箱已被其他用户使用' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
}
|
|
|
|
// Update user and optionally password
|
|
const user = await prisma.$transaction(async (tx) => {
|
|
const updatedUser = await tx.user.update({
|
|
where: { id },
|
|
data: {
|
|
email,
|
|
name: name || null,
|
|
},
|
|
})
|
|
|
|
if (password) {
|
|
const hashedPassword = await hashPassword(password)
|
|
await tx.account.updateMany({
|
|
where: { userId: id, providerId: 'credential' },
|
|
data: { password: hashedPassword },
|
|
})
|
|
}
|
|
|
|
return updatedUser
|
|
})
|
|
|
|
return NextResponse.json(user)
|
|
} catch (error) {
|
|
console.error('Error updating user:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Failed to update user' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|
|
|
|
// DELETE /api/users - Delete a user
|
|
export async function DELETE(request: NextRequest) {
|
|
try {
|
|
const session = await auth.api.getSession({
|
|
headers: request.headers,
|
|
})
|
|
|
|
if (!session) {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
|
}
|
|
|
|
const { searchParams } = new URL(request.url)
|
|
const id = searchParams.get('id')
|
|
|
|
if (!id) {
|
|
return NextResponse.json({ error: 'id is required' }, { status: 400 })
|
|
}
|
|
|
|
// Prevent deleting yourself
|
|
if (id === session.user.id) {
|
|
return NextResponse.json(
|
|
{ error: '不能删除自己的账户' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
await prisma.user.delete({
|
|
where: { id },
|
|
})
|
|
|
|
return NextResponse.json({ success: true })
|
|
} catch (error) {
|
|
console.error('Error deleting user:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Failed to delete user' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|