import { getRoles, createRole } from '../../../modules/auth/user' import { DEFAULT_ROLES, getPermissionGroups } from '../../../modules/auth/permissions' import { verifyToken } from '../../../utils/jwt' import { z } from 'zod' import db from '../../../db' const createRoleSchema = z.object({ name: z.string().min(2, '角色名称至少2个字符').max(20, '角色名称最多20个字符'), description: z.string().optional(), permissions: z.array(z.string()) }) export default defineEventHandler(async (event) => { const authHeader = getHeader(event, 'authorization') if (!authHeader || !authHeader.startsWith('Bearer ')) { throw createError({ statusCode: 401, message: '请先登录' }) } const token = authHeader.substring(7) const payload = verifyToken(token) if (!payload || payload.type !== 'access' || payload.role !== 'admin') { throw createError({ statusCode: 403, message: '需要管理员权限' }) } const query = getQuery(event) if (query.action === 'init') { const existingRoles = getRoles() if (existingRoles.length === 0) { for (const role of Object.values(DEFAULT_ROLES)) { createRole(role.name, role.description, role.permissions, role.isSystem) } } const roles = getRoles() const permissionGroups = getPermissionGroups() return { success: true, data: { roles, permissionGroups } } } if (event.method === 'GET') { const roles = getRoles() const permissionGroups = getPermissionGroups() return { success: true, data: { roles, permissionGroups } } } if (event.method === 'POST') { const body = await readBody(event) const result = createRoleSchema.safeParse(body) if (!result.success) { throw createError({ statusCode: 400, message: result.error.errors[0].message }) } const { name, description, permissions } = result.data const existingRole = db.prepare('SELECT id FROM roles WHERE name = ?').get(name) if (existingRole) { throw createError({ statusCode: 409, message: '角色名称已存在' }) } const role = createRole(name, description || '', permissions) return { success: true, data: role, message: '角色创建成功' } } })