import express, { Request, Response } from 'express'; import jwt from 'jsonwebtoken'; import bcrypt from 'bcryptjs'; import db from '../utils/database'; import { authenticateToken } from '../middleware/auth'; import { User, LoginRequest, ChangePasswordRequest } from '../types'; const router = express.Router(); router.post('/login', async (req: Request<{}, {}, LoginRequest>, res: Response): Promise => { try { const { username, password } = req.body; if (!username || !password) { res.status(400).json({ error: '用户名和密码不能为空' }); return; } const user = await db.get('SELECT * FROM users WHERE username = ?', [username]); if (!user) { res.status(401).json({ error: '用户名或密码错误' }); return; } const isValidPassword = await bcrypt.compare(password, user.password); if (!isValidPassword) { res.status(401).json({ error: '用户名或密码错误' }); return; } const token = jwt.sign( { userId: user.id, username: user.username, role: user.role }, process.env.JWT_SECRET!, { expiresIn: '24h' } ); res.json({ accessToken: token, user: { id: user.id, username: user.username, name: user.name, email: user.email, role: user.role, createdAt: user.created_at } }); } catch (error) { console.error('登录错误:', error); res.status(500).json({ error: '服务器内部错误' }); } }); router.get('/profile', authenticateToken, async (req: Request, res: Response): Promise => { try { const user = await db.get( 'SELECT id, username, name, email, role, created_at FROM users WHERE id = ?', [req.user!.id] ); if (!user) { res.status(404).json({ error: '用户不存在' }); return; } res.json({ id: user.id, username: user.username, name: user.name, email: user.email, role: user.role, createdAt: user.created_at }); } catch (error) { console.error('获取用户信息错误:', error); res.status(500).json({ error: '服务器内部错误' }); } }); router.post('/change-password', authenticateToken, async (req: Request<{}, {}, ChangePasswordRequest>, res: Response): Promise => { try { const { currentPassword, newPassword } = req.body; if (!currentPassword || !newPassword) { res.status(400).json({ error: '当前密码和新密码不能为空' }); return; } if (newPassword.length < 6) { res.status(400).json({ error: '新密码长度至少为6位' }); return; } const user = await db.get>('SELECT password FROM users WHERE id = ?', [req.user!.id]); if (!user) { res.status(404).json({ error: '用户不存在' }); return; } const isValidPassword = await bcrypt.compare(currentPassword, user.password); if (!isValidPassword) { res.status(401).json({ error: '当前密码错误' }); return; } const hashedPassword = await bcrypt.hash(newPassword, 10); await db.run('UPDATE users SET password = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?', [hashedPassword, req.user!.id]); res.json({ message: '密码修改成功' }); } catch (error) { console.error('修改密码错误:', error); res.status(500).json({ error: '服务器内部错误' }); } }); router.put('/profile', authenticateToken, async (req: Request, res: Response): Promise => { try { const { name, email } = req.body; if (!name) { res.status(400).json({ error: '姓名不能为空' }); return; } if (email && !email.match(/^[^\s@]+@[^\s@]+\.[^\s@]+$/)) { res.status(400).json({ error: '邮箱格式不正确' }); return; } await db.run( 'UPDATE users SET name = ?, email = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?', [name, email, req.user!.id] ); const updatedUser = await db.get( 'SELECT id, username, name, email, role, created_at FROM users WHERE id = ?', [req.user!.id] ); res.json({ id: updatedUser!.id, username: updatedUser!.username, name: updatedUser!.name, email: updatedUser!.email, role: updatedUser!.role, createdAt: updatedUser!.created_at }); } catch (error) { console.error('更新用户资料错误:', error); res.status(500).json({ error: '服务器内部错误' }); } }); export default router;