SportMeetingAdminSys/server/api/admin/oauth/index.ts

import { getClients, createClient, updateClient, deleteClient } from '../../../modules/oauth'
import { verifyToken } from '../../../utils/jwt'
import { z } from 'zod'

const createClientSchema = z.object({
  clientName: z.string().min(1, '应用名称不能为空'),
  redirectUris: z.array(z.string().url('请输入有效的URL')),
  allowedScopes: z.array(z.string()),
  grantTypes: z.array(z.enum(['authorization_code', 'password', 'client_credentials', 'refresh_token'])),
  platform: z.enum(['web', 'mobile', 'desktop', 'other']).optional()
})

const updateClientSchema = z.object({
  clientName: z.string().min(1).optional(),
  redirectUris: z.array(z.string().url()).optional(),
  allowedScopes: z.array(z.string()).optional(),
  grantTypes: z.array(z.enum(['authorization_code', 'password', 'client_credentials', 'refresh_token'])).optional(),
  platform: z.enum(['web', 'mobile', 'desktop', 'other']).optional(),
  isActive: z.boolean().optional()
})

export default defineEventHandler(async (event) => {
  const authHeader = getHeader(event, 'authorization')
  
  if (!authHeader || !authHeader.startsWith('Bearer ')) {
    throw createError({ statusCode: 401, message: '请先登录' })
  }

  const token = authHeader.substring(7)
  const payload = verifyToken(token)
  
  if (!payload || payload.type !== 'access' || payload.role !== 'admin') {
    throw createError({ statusCode: 403, message: '需要管理员权限' })
  }

  if (event.method === 'GET') {
    const clients = getClients()
    
    return {
      success: true,
      data: clients.map(c => ({
        id: c.id,
        clientId: c.client_id,
        clientName: c.client_name,
        redirectUris: c.redirect_uris,
        allowedScopes: c.allowed_scopes,
        grantTypes: c.grant_types,
        platform: c.platform,
        isActive: c.is_active === 1,
        createdAt: c.created_at
      }))
    }
  }

  if (event.method === 'POST') {
    const body = await readBody(event)
    
    const result = createClientSchema.safeParse(body)
    if (!result.success) {
      throw createError({
        statusCode: 400,
        message: result.error.errors[0].message
      })
    }

    const { clientName, redirectUris, allowedScopes, grantTypes, platform } = result.data

    const { client, clientSecret } = createClient(clientName, redirectUris, allowedScopes, grantTypes, platform)

    return {
      success: true,
      data: {
        id: client.id,
        clientId: client.client_id,
        clientName: client.client_name,
        clientSecret,
        redirectUris: client.redirect_uris,
        allowedScopes: client.allowed_scopes,
        grantTypes: client.grant_types,
        platform: client.platform,
        isActive: client.is_active === 1
      },
      message: 'OAuth 客户端创建成功，请妥善保存 Client Secret'
    }
  }

  if (event.method === 'PUT') {
    const body = await readBody(event)
    const query = getQuery(event)
    const clientId = query.clientId as string

    if (!clientId) {
      throw createError({ statusCode: 400, message: '缺少 clientId 参数' })
    }

    const result = updateClientSchema.safeParse(body)
    if (!result.success) {
      throw createError({
        statusCode: 400,
        message: result.error.errors[0].message
      })
    }

    const updated = updateClient(clientId, {
      client_name: result.data.clientName,
      redirect_uris: result.data.redirectUris,
      allowed_scopes: result.data.allowedScopes,
      grant_types: result.data.grantTypes,
      platform: result.data.platform,
      is_active: result.data.isActive !== undefined ? (result.data.isActive ? 1 : 0) : undefined
    })

    if (!updated) {
      throw createError({ statusCode: 404, message: '客户端不存在' })
    }

    return {
      success: true,
      data: {
        clientId: updated!.client_id,
        clientName: updated!.client_name,
        redirectUris: updated!.redirect_uris,
        allowedScopes: updated!.allowed_scopes,
        grantTypes: updated!.grant_types,
        platform: updated!.platform,
        isActive: updated!.is_active === 1
      },
      message: '客户端更新成功'
    }
  }

  if (event.method === 'DELETE') {
    const query = getQuery(event)
    const clientId = query.clientId as string

    if (!clientId) {
      throw createError({ statusCode: 400, message: '缺少 clientId 参数' })
    }

    const deleted = deleteClient(clientId)
    if (!deleted) {
      throw createError({ statusCode: 404, message: '客户端不存在' })
    }

    return {
      success: true,
      message: '客户端删除成功'
    }
  }
})