import { z } from 'zod' import { getUserByUsername, getUserByEmail, createUser, hashPassword, validatePassword } from '../../../modules/auth/user' import { verifyToken } from '../../../utils/jwt' const createUserSchema = z.object({ username: z.string().min(2, '用户名至少2个字符').max(20, '用户名最多20个字符'), password: z.string(), email: z.string().email('请输入有效的邮箱').optional().or(z.literal('')), realName: z.string().optional(), roleId: z.number().int().positive().optional() }) export default defineEventHandler(async (event) => { const authHeader = getHeader(event, 'authorization') if (!authHeader || !authHeader.startsWith('Bearer ')) { throw createError({ statusCode: 401, message: '请先登录' }) } const token = authHeader.substring(7) const payload = verifyToken(token) if (!payload || payload.type !== 'access' || payload.role !== 'admin') { throw createError({ statusCode: 403, message: '需要管理员权限' }) } const body = await readBody(event) const result = createUserSchema.safeParse(body) if (!result.success) { throw createError({ statusCode: 400, message: result.error.errors[0].message }) } const { username, password, email, realName, roleId } = result.data const passwordValidation = validatePassword(password) if (!passwordValidation.valid) { throw createError({ statusCode: 400, message: passwordValidation.message! }) } const existingUser = getUserByUsername(username) if (existingUser) { throw createError({ statusCode: 409, message: '用户名已存在' }) } if (email) { const existingEmail = getUserByEmail(email) if (existingEmail) { throw createError({ statusCode: 409, message: '邮箱已被注册' }) } } const passwordHash = hashPassword(password) const user = await createUser(username, passwordHash, email, realName, roleId) return { success: true, data: { id: user.id, username: user.username, email: user.email, realName: user.real_name, roleId: user.role_id, roleName: user.role_name, createdAt: user.created_at }, message: '用户创建成功' } })