8117958bd6
- Add user management with roles and permissions (RBAC) - Implement OAuth2 service provider supporting 4 grant types: authorization_code, password, client_credentials, refresh_token - Add JWT authentication with 7-day expiry - Add admin API for users, roles and OAuth clients management - Add CLI tool for user management (scripts/user-cli.js) - Add collapsible sidebar layout with login dialog - Add user management page and OAuth client management page - Add server middleware for auth token verification - Add seed script for initial data (admin/admin123)
82 lines
2.2 KiB
TypeScript
82 lines
2.2 KiB
TypeScript
import { z } from 'zod'
|
|
import { getUserByUsername, getUserByEmail, createUser, hashPassword, validatePassword } from '../../../modules/auth/user'
|
|
import { verifyToken } from '../../../utils/jwt'
|
|
|
|
const createUserSchema = z.object({
|
|
username: z.string().min(2, '用户名至少2个字符').max(20, '用户名最多20个字符'),
|
|
password: z.string(),
|
|
email: z.string().email('请输入有效的邮箱').optional().or(z.literal('')),
|
|
realName: z.string().optional(),
|
|
roleId: z.number().int().positive().optional()
|
|
})
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const authHeader = getHeader(event, 'authorization')
|
|
|
|
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|
throw createError({ statusCode: 401, message: '请先登录' })
|
|
}
|
|
|
|
const token = authHeader.substring(7)
|
|
const payload = verifyToken(token)
|
|
|
|
if (!payload || payload.type !== 'access' || payload.role !== 'admin') {
|
|
throw createError({ statusCode: 403, message: '需要管理员权限' })
|
|
}
|
|
|
|
const body = await readBody(event)
|
|
|
|
const result = createUserSchema.safeParse(body)
|
|
if (!result.success) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: result.error.errors[0].message
|
|
})
|
|
}
|
|
|
|
const { username, password, email, realName, roleId } = result.data
|
|
|
|
const passwordValidation = validatePassword(password)
|
|
if (!passwordValidation.valid) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: passwordValidation.message!
|
|
})
|
|
}
|
|
|
|
const existingUser = getUserByUsername(username)
|
|
if (existingUser) {
|
|
throw createError({
|
|
statusCode: 409,
|
|
message: '用户名已存在'
|
|
})
|
|
}
|
|
|
|
if (email) {
|
|
const existingEmail = getUserByEmail(email)
|
|
if (existingEmail) {
|
|
throw createError({
|
|
statusCode: 409,
|
|
message: '邮箱已被注册'
|
|
})
|
|
}
|
|
}
|
|
|
|
const passwordHash = hashPassword(password)
|
|
const user = await createUser(username, passwordHash, email, realName, roleId)
|
|
|
|
return {
|
|
success: true,
|
|
data: {
|
|
id: user.id,
|
|
username: user.username,
|
|
email: user.email,
|
|
realName: user.real_name,
|
|
roleId: user.role_id,
|
|
roleName: user.role_name,
|
|
createdAt: user.created_at
|
|
},
|
|
message: '用户创建成功'
|
|
}
|
|
})
|