QuickQuiz/app/Http/Controllers/Api/Admin/UserController.php

<?php

declare(strict_types=1);

namespace App\Http\Controllers\Api\Admin;

use App\Http\Controllers\Controller;
use App\Models\InviteCode;
use App\Models\User;
use App\Support\ApiResponse;
use hg\apidoc\annotation as Apidoc;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;

#[Apidoc\Group('后台')]
#[Apidoc\Title('用户与邀请码')]
#[Apidoc\RouteMiddleware(['jwt.auth'])]
final class UserController extends Controller
{
    #[Apidoc\Title('用户列表')]
    #[Apidoc\Url('/admin/users')]
    #[Apidoc\Method('GET')]
    #[Apidoc\RouteMiddleware(['permission:users'])]
    public function index(Request $request): JsonResponse
    {
        $query = User::query()->latest();
        if ($keyword = $request->query('keyword')) {
            $query->where(fn ($q) => $q->where('name', 'like', '%'.$keyword.'%')->orWhere('email', 'like', '%'.$keyword.'%'));
        }
        if ($role = $request->query('role')) {
            $query->where('role', $role);
        }

        return ApiResponse::page($query->paginate((int) $request->query('per_page', 20)));
    }

    #[Apidoc\Title('创建用户')]
    #[Apidoc\Url('/admin/users')]
    #[Apidoc\Method('POST')]
    #[Apidoc\RouteMiddleware(['permission:users.create'])]
    public function store(Request $request): JsonResponse
    {
        $data = $request->validate([
            'name' => ['required', 'string', 'max:50'],
            'email' => ['required', 'email', 'unique:users,email'],
            'password' => ['required', 'string', 'min:6'],
            'role' => ['required', 'in:admin,teacher,user'],
        ]);

        $user = User::create($data + ['created_by' => $request->user()->id, 'is_active' => true]);

        return ApiResponse::success($user, '用户已创建');
    }

    #[Apidoc\Title('更新用户')]
    #[Apidoc\Url('/admin/users/{user}')]
    #[Apidoc\Method('PUT')]
    #[Apidoc\RouteMiddleware(['permission:users.update'])]
    public function update(Request $request, mixed $user): JsonResponse
    {
        $user = $this->resolveUser($user);
        $data = $request->validate([
            'name' => ['sometimes', 'string', 'max:50'],
            'role' => ['sometimes', 'in:admin,teacher,user'],
            'is_active' => ['sometimes', 'boolean'],
            'password' => ['nullable', 'string', 'min:6'],
        ]);

        if (! empty($data['password'])) {
            $data['password'] = Hash::make($data['password']);
        } else {
            unset($data['password']);
        }

        $user->update($data);

        return ApiResponse::success($user->fresh(), '用户已更新');
    }

    private function resolveUser(mixed $user): User
    {
        if ($user instanceof User && $user->exists) {
            return $user;
        }

        return User::query()->findOrFail((int) $user);
    }

    #[Apidoc\Title('邀请码列表')]
    #[Apidoc\Url('/admin/invite-codes')]
    #[Apidoc\Method('GET')]
    #[Apidoc\RouteMiddleware(['permission:users'])]
    public function invites(Request $request): JsonResponse
    {
        return ApiResponse::page(InviteCode::query()->latest()->paginate((int) $request->query('per_page', 20)));
    }

    #[Apidoc\Title('创建邀请码')]
    #[Apidoc\Url('/admin/invite-codes')]
    #[Apidoc\Method('POST')]
    #[Apidoc\RouteMiddleware(['permission:users.create'])]
    public function createInvite(Request $request): JsonResponse
    {
        $data = $request->validate([
            'role' => ['required', 'in:teacher,user'],
            'assigned_name' => ['nullable', 'string', 'max:50'],
            'max_uses' => ['required', 'integer', 'min:1', 'max:10000'],
            'expires_at' => ['nullable', 'date'],
        ]);
        $data['assigned_name'] = isset($data['assigned_name']) ? trim((string) $data['assigned_name']) : null;
        if ($data['assigned_name'] === '') {
            $data['assigned_name'] = null;
        }
        if ($data['assigned_name'] !== null) {
            $data['max_uses'] = 1;
        }

        $invite = InviteCode::create($data + [
            'created_by' => $request->user()->id,
            'code' => strtoupper(Str::random(10)),
            'used_count' => 0,
            'is_active' => true,
        ]);

        return ApiResponse::success($invite, '邀请码已创建');
    }

    #[Apidoc\Title('删除邀请码')]
    #[Apidoc\Url('/admin/invite-codes/{invite}')]
    #[Apidoc\Method('DELETE')]
    #[Apidoc\RouteMiddleware(['permission:users.update'])]
    public function deleteInvite(mixed $invite): JsonResponse
    {
        $invite = InviteCode::query()->findOrFail((int) $invite);
        $invite->delete();

        return ApiResponse::success(null, '邀请码已删除');
    }
}