139 lines
4.0 KiB
JavaScript
139 lines
4.0 KiB
JavaScript
const express = require('express');
|
|
const jwt = require('jsonwebtoken');
|
|
const bcrypt = require('bcryptjs');
|
|
const db = require('../utils/database');
|
|
const { authenticateToken } = require('../middleware/auth');
|
|
|
|
const router = express.Router();
|
|
|
|
// 用户登录
|
|
router.post('/login', async (req, res) => {
|
|
try {
|
|
const { username, password } = req.body;
|
|
|
|
if (!username || !password) {
|
|
return res.status(400).json({ error: '用户名和密码不能为空' });
|
|
}
|
|
|
|
// 查询用户
|
|
const user = await db.get('SELECT * FROM users WHERE username = ?', [username]);
|
|
|
|
if (!user) {
|
|
return res.status(401).json({ error: '用户名或密码错误' });
|
|
}
|
|
|
|
// 验证密码
|
|
const isValidPassword = await bcrypt.compare(password, user.password);
|
|
|
|
if (!isValidPassword) {
|
|
return res.status(401).json({ error: '用户名或密码错误' });
|
|
}
|
|
|
|
// 生成JWT令牌
|
|
const token = jwt.sign(
|
|
{ userId: user.id, username: user.username, role: user.role },
|
|
process.env.JWT_SECRET,
|
|
{ expiresIn: '24h' }
|
|
);
|
|
|
|
// 返回用户信息和令牌
|
|
res.json({
|
|
accessToken: token,
|
|
user: {
|
|
id: user.id,
|
|
username: user.username,
|
|
name: user.name,
|
|
email: user.email,
|
|
role: user.role
|
|
}
|
|
});
|
|
} catch (error) {
|
|
console.error('登录错误:', error);
|
|
res.status(500).json({ error: '服务器内部错误' });
|
|
}
|
|
});
|
|
|
|
// 获取用户信息
|
|
router.get('/profile', authenticateToken, async (req, res) => {
|
|
try {
|
|
const user = await db.get('SELECT id, username, name, email, role, created_at FROM users WHERE id = ?', [req.user.id]);
|
|
|
|
if (!user) {
|
|
return res.status(404).json({ error: '用户不存在' });
|
|
}
|
|
|
|
res.json(user);
|
|
} catch (error) {
|
|
console.error('获取用户信息错误:', error);
|
|
res.status(500).json({ error: '服务器内部错误' });
|
|
}
|
|
});
|
|
|
|
// 修改密码
|
|
router.post('/change-password', authenticateToken, async (req, res) => {
|
|
try {
|
|
const { currentPassword, newPassword } = req.body;
|
|
|
|
if (!currentPassword || !newPassword) {
|
|
return res.status(400).json({ error: '当前密码和新密码不能为空' });
|
|
}
|
|
|
|
if (newPassword.length < 6) {
|
|
return res.status(400).json({ error: '新密码长度至少为6位' });
|
|
}
|
|
|
|
// 查询用户
|
|
const user = await db.get('SELECT password FROM users WHERE id = ?', [req.user.id]);
|
|
|
|
if (!user) {
|
|
return res.status(404).json({ error: '用户不存在' });
|
|
}
|
|
|
|
// 验证当前密码
|
|
const isValidPassword = await bcrypt.compare(currentPassword, user.password);
|
|
|
|
if (!isValidPassword) {
|
|
return res.status(401).json({ error: '当前密码错误' });
|
|
}
|
|
|
|
// 哈希新密码
|
|
const hashedPassword = await bcrypt.hash(newPassword, 10);
|
|
|
|
// 更新密码
|
|
await db.run('UPDATE users SET password = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?', [hashedPassword, req.user.id]);
|
|
|
|
res.json({ message: '密码修改成功' });
|
|
} catch (error) {
|
|
console.error('修改密码错误:', error);
|
|
res.status(500).json({ error: '服务器内部错误' });
|
|
}
|
|
});
|
|
|
|
// 更新用户资料
|
|
router.put('/profile', authenticateToken, async (req, res) => {
|
|
try {
|
|
const { name, email } = req.body;
|
|
|
|
// 验证输入
|
|
if (!name) {
|
|
return res.status(400).json({ error: '姓名不能为空' });
|
|
}
|
|
|
|
if (email && !email.match(/^[^\s@]+@[^\s@]+\.[^\s@]+$/)) {
|
|
return res.status(400).json({ error: '邮箱格式不正确' });
|
|
}
|
|
|
|
// 更新用户资料
|
|
await db.run('UPDATE users SET name = ?, email = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?', [name, email, req.user.id]);
|
|
|
|
// 获取更新后的用户资料
|
|
const updatedUser = await db.get('SELECT id, username, name, email, role, created_at FROM users WHERE id = ?', [req.user.id]);
|
|
|
|
res.json(updatedUser);
|
|
} catch (error) {
|
|
console.error('更新用户资料错误:', error);
|
|
res.status(500).json({ error: '服务器内部错误' });
|
|
}
|
|
});
|
|
|
|
module.exports = router; |