import { getClients, createClient, updateClient, deleteClient } from '../../../modules/oauth' import { verifyToken } from '../../../utils/jwt' import { z } from 'zod' const createClientSchema = z.object({ clientName: z.string().min(1, '应用名称不能为空'), redirectUris: z.array(z.string().url('请输入有效的URL')), allowedScopes: z.array(z.string()), grantTypes: z.array(z.enum(['authorization_code', 'password', 'client_credentials', 'refresh_token'])), platform: z.enum(['web', 'mobile', 'desktop', 'other']).optional() }) const updateClientSchema = z.object({ clientName: z.string().min(1).optional(), redirectUris: z.array(z.string().url()).optional(), allowedScopes: z.array(z.string()).optional(), grantTypes: z.array(z.enum(['authorization_code', 'password', 'client_credentials', 'refresh_token'])).optional(), platform: z.enum(['web', 'mobile', 'desktop', 'other']).optional(), isActive: z.boolean().optional() }) export default defineEventHandler(async (event) => { const authHeader = getHeader(event, 'authorization') if (!authHeader || !authHeader.startsWith('Bearer ')) { throw createError({ statusCode: 401, message: '请先登录' }) } const token = authHeader.substring(7) const payload = verifyToken(token) if (!payload || payload.type !== 'access' || payload.role !== 'admin') { throw createError({ statusCode: 403, message: '需要管理员权限' }) } if (event.method === 'GET') { const clients = getClients() return { success: true, data: clients.map(c => ({ id: c.id, clientId: c.client_id, clientName: c.client_name, redirectUris: c.redirect_uris, allowedScopes: c.allowed_scopes, grantTypes: c.grant_types, platform: c.platform, isActive: c.is_active === 1, createdAt: c.created_at })) } } if (event.method === 'POST') { const body = await readBody(event) const result = createClientSchema.safeParse(body) if (!result.success) { throw createError({ statusCode: 400, message: result.error.errors[0].message }) } const { clientName, redirectUris, allowedScopes, grantTypes, platform } = result.data const { client, clientSecret } = createClient(clientName, redirectUris, allowedScopes, grantTypes, platform) return { success: true, data: { id: client.id, clientId: client.client_id, clientName: client.client_name, clientSecret, redirectUris: client.redirect_uris, allowedScopes: client.allowed_scopes, grantTypes: client.grant_types, platform: client.platform, isActive: client.is_active === 1 }, message: 'OAuth 客户端创建成功,请妥善保存 Client Secret' } } if (event.method === 'PUT') { const body = await readBody(event) const query = getQuery(event) const clientId = query.clientId as string if (!clientId) { throw createError({ statusCode: 400, message: '缺少 clientId 参数' }) } const result = updateClientSchema.safeParse(body) if (!result.success) { throw createError({ statusCode: 400, message: result.error.errors[0].message }) } const updated = updateClient(clientId, { client_name: result.data.clientName, redirect_uris: result.data.redirectUris, allowed_scopes: result.data.allowedScopes, grant_types: result.data.grantTypes, platform: result.data.platform, is_active: result.data.isActive !== undefined ? (result.data.isActive ? 1 : 0) : undefined }) if (!updated) { throw createError({ statusCode: 404, message: '客户端不存在' }) } return { success: true, data: { clientId: updated!.client_id, clientName: updated!.client_name, redirectUris: updated!.redirect_uris, allowedScopes: updated!.allowed_scopes, grantTypes: updated!.grant_types, platform: updated!.platform, isActive: updated!.is_active === 1 }, message: '客户端更新成功' } } if (event.method === 'DELETE') { const query = getQuery(event) const clientId = query.clientId as string if (!clientId) { throw createError({ statusCode: 400, message: '缺少 clientId 参数' }) } const deleted = deleteClient(clientId) if (!deleted) { throw createError({ statusCode: 404, message: '客户端不存在' }) } return { success: true, message: '客户端删除成功' } } })