petty09190/ai-showcase-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

整合資料庫、完成登入註冊忘記密碼功能

Browse Source
This commit is contained in:
吳佩庭
2025-09-09 12:00:22 +08:00
parent af88c0f037
commit 32b19e9a0f
85 changed files with 11672 additions and 2350 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
app/api/admin/users/[id]/route.ts Normal file
View File

@@ -0,0 +1,103 @@
import { NextRequest, NextResponse } from 'next/server'
import { UserService } from '@/lib/services/database-service'
const userService = new UserService()
export async function GET(
request: NextRequest,
{ params }: { params: { id: string } }
) {
try {
const user = await userService.findById(params.id)
if (!user) {
return NextResponse.json(
{ error: '用戶不存在' },
{ status: 404 }
)
}
// 獲取用戶統計
const stats = await userService.getUserStatistics(params.id)
return NextResponse.json({
success: true,
data: {
user,
stats
}
})
} catch (error) {
console.error('獲取用戶詳情錯誤:', error)
return NextResponse.json(
{ error: '獲取用戶詳情時發生錯誤' },
{ status: 500 }
)
}
}
export async function PUT(
request: NextRequest,
{ params }: { params: { id: string } }
) {
try {
const updates = await request.json()
// 移除不允許更新的欄位
delete updates.id
delete updates.created_at
delete updates.password_hash
const updatedUser = await userService.update(params.id, updates)
if (!updatedUser) {
return NextResponse.json(
{ error: '用戶不存在或更新失敗' },
{ status: 404 }
)
}
return NextResponse.json({
success: true,
message: '用戶資料已更新',
data: updatedUser
})
} catch (error) {
console.error('更新用戶錯誤:', error)
return NextResponse.json(
{ error: '更新用戶時發生錯誤' },
{ status: 500 }
)
}
}
export async function DELETE(
request: NextRequest,
{ params }: { params: { id: string } }
) {
try {
// 軟刪除:將 is_active 設為 false
const result = await userService.update(params.id, { is_active: false })
if (!result) {
return NextResponse.json(
{ error: '用戶不存在或刪除失敗' },
{ status: 404 }
)
}
return NextResponse.json({
success: true,
message: '用戶已刪除'
})
} catch (error) {
console.error('刪除用戶錯誤:', error)
return NextResponse.json(
{ error: '刪除用戶時發生錯誤' },
{ status: 500 }
)
}
}

134
app/api/admin/users/route.ts Normal file
View File

@@ -0,0 +1,134 @@
import { NextRequest, NextResponse } from 'next/server'
import { UserService } from '@/lib/services/database-service'
const userService = new UserService()
export async function GET(request: NextRequest) {
try {
const { searchParams } = new URL(request.url)
const page = parseInt(searchParams.get('page') || '1')
const limit = parseInt(searchParams.get('limit') || '10')
const search = searchParams.get('search') || ''
const department = searchParams.get('department') || ''
const role = searchParams.get('role') || ''
const status = searchParams.get('status') || ''
// 構建查詢條件
let whereConditions = ['is_active = TRUE']
let params: any[] = []
if (search) {
whereConditions.push('(name LIKE ? OR email LIKE ?)')
params.push(`%${search}%`, `%${search}%`)
}
if (department && department !== 'all') {
whereConditions.push('department = ?')
params.push(department)
}
if (role && role !== 'all') {
whereConditions.push('role = ?')
params.push(role)
}
if (status && status !== 'all') {
if (status === 'active') {
whereConditions.push('last_login IS NOT NULL AND last_login >= DATE_SUB(NOW(), INTERVAL 30 DAY)')
} else if (status === 'inactive') {
whereConditions.push('last_login IS NULL OR last_login < DATE_SUB(NOW(), INTERVAL 30 DAY)')
}
}
const whereClause = whereConditions.length > 0 ? `WHERE ${whereConditions.join(' AND ')}` : ''
// 使用 UserService 的方法
const { users, total } = await userService.findAll({
search,
department,
role,
status,
page,
limit
})
const stats = await userService.getUserStats()
return NextResponse.json({
success: true,
data: {
users,
pagination: {
page,
limit,
total,
totalPages: Math.ceil(total / limit)
},
stats: {
totalUsers: stats?.total_users || 0,
activeUsers: stats?.active_users || 0,
adminCount: stats?.admin_count || 0,
developerCount: stats?.developer_count || 0,
inactiveUsers: stats?.inactive_users || 0,
newThisMonth: stats?.new_this_month || 0
}
}
})
} catch (error) {
console.error('獲取用戶列表錯誤:', error)
return NextResponse.json(
{ error: '獲取用戶列表時發生錯誤' },
{ status: 500 }
)
}
}
export async function POST(request: NextRequest) {
try {
const { email, role } = await request.json()
if (!email || !role) {
return NextResponse.json(
{ error: '請提供電子郵件和角色' },
{ status: 400 }
)
}
// 檢查郵箱是否已存在
const existingUser = await userService.findByEmail(email)
if (existingUser) {
return NextResponse.json(
{ error: '該電子郵件地址已被使用' },
{ status: 400 }
)
}
// 生成邀請 token
const { v4: uuidv4 } = require('uuid')
const invitationToken = uuidv4()
// 創建邀請記錄(這裡可以存儲到邀請表或臨時表)
// 暫時返回邀請連結
const baseUrl = process.env.NEXT_PUBLIC_APP_URL || 'http://localhost:3000'
const invitationLink = `${baseUrl}/register?token=${invitationToken}&email=${encodeURIComponent(email)}&role=${encodeURIComponent(role)}`
return NextResponse.json({
success: true,
message: '用戶邀請已創建',
data: {
invitationLink,
token: invitationToken,
email,
role
}
})
} catch (error) {
console.error('創建用戶邀請錯誤:', error)
return NextResponse.json(
{ error: '創建用戶邀請時發生錯誤' },
{ status: 500 }
)
}
}

52
app/api/auth/forgot-password/route.ts Normal file
View File

@@ -0,0 +1,52 @@
import { NextRequest, NextResponse } from 'next/server'
import { UserService } from '@/lib/services/database-service'
import { PasswordResetService } from '@/lib/services/password-reset-service'
import { v4 as uuidv4 } from 'uuid'
const userService = new UserService()
export async function POST(request: NextRequest) {
try {
const { email } = await request.json()
if (!email) {
return NextResponse.json(
{ error: '請提供電子郵件地址' },
{ status: 400 }
)
}
// 檢查用戶是否存在
const user = await userService.findByEmail(email)
if (!user) {
return NextResponse.json(
{ error: '該電子郵件地址不存在於我們的系統中' },
{ status: 404 }
)
}
// 撤銷用戶現有的重設 tokens
await PasswordResetService.revokeUserTokens(user.id)
// 創建新的重設 token
const resetToken = await PasswordResetService.createResetToken(user.id)
// 生成一次性註冊連結
const baseUrl = process.env.NEXT_PUBLIC_APP_URL || 'http://localhost:3000'
const resetUrl = `${baseUrl}/register?token=${resetToken.token}&email=${encodeURIComponent(user.email)}&mode=reset&name=${encodeURIComponent(user.name)}&department=${encodeURIComponent(user.department)}&role=${encodeURIComponent(user.role)}`
return NextResponse.json({
success: true,
message: '已生成密碼重設連結',
resetUrl: resetUrl,
expiresAt: resetToken.expires_at
})
} catch (error) {
console.error('忘記密碼錯誤:', error)
return NextResponse.json(
{ error: '處理請求時發生錯誤' },
{ status: 500 }
)
}
}

112
app/api/auth/login/route.ts
View File

@@ -1,115 +1,53 @@
import { NextRequest, NextResponse } from 'next/server';
import { db } from '@/lib/database';
import { generateToken, validatePassword, comparePassword } from '@/lib/auth';
import { logger } from '@/lib/logger';
import { NextRequest, NextResponse } from 'next/server'
import bcrypt from 'bcryptjs'
import { UserService } from '@/lib/services/database-service'
const userService = new UserService()
export async function POST(request: NextRequest) {
const startTime = Date.now();
try {
const body = await request.json();
const { email, password } = body;
const { email, password } = await request.json()
// 驗證輸入
if (!email || !password) {
return NextResponse.json(
{ error: '請提供電子郵件和密碼' },
{ status: 400 }
);
)
}
// 驗證密碼格式
const passwordValidation = await validatePassword(password);
if (!passwordValidation.isValid) {
return NextResponse.json(
{ error: '密碼格式不正確', details: passwordValidation.errors },
{ status: 400 }
);
}
// 查詢用戶
const user = await db.queryOne<{
id: string;
name: string;
email: string;
password_hash: string;
avatar?: string;
department: string;
role: 'user' | 'developer' | 'admin';
join_date: string;
total_likes: number;
total_views: number;
created_at: string;
updated_at: string;
}>(
'SELECT * FROM users WHERE email = ?',
[email]
);
// 查找用戶
const user = await userService.findByEmail(email)
if (!user) {
logger.logAuth('login', email, false, request.ip || 'unknown');
return NextResponse.json(
{ error: '電子郵件或密碼不正確' },
{ error: '用戶不存在' },
{ status: 401 }
);
)
}
// 驗證密碼
const isPasswordValid = await comparePassword(password, user.password_hash);
if (!isPasswordValid) {
logger.logAuth('login', email, false, request.ip || 'unknown');
const isValidPassword = await bcrypt.compare(password, user.password_hash)
if (!isValidPassword) {
return NextResponse.json(
{ error: '電子郵件或密碼不正確' },
{ error: '密碼錯誤' },
{ status: 401 }
);
)
}
// 生成 JWT Token
const token = generateToken({
id: user.id,
email: user.email,
role: user.role
});
// 更新最後登入時間
await db.update(
'users',
{ updated_at: new Date().toISOString().slice(0, 19).replace('T', ' ') },
{ id: user.id }
);
// 記錄成功登入
logger.logAuth('login', email, true, request.ip || 'unknown');
const duration = Date.now() - startTime;
logger.logRequest('POST', '/api/auth/login', 200, duration, user.id);
await userService.updateLastLogin(user.id)
// 返回用戶信息(不包含密碼)
const { password_hash, ...userWithoutPassword } = user
return NextResponse.json({
message: '登入成功',
user: {
id: user.id,
name: user.name,
email: user.email,
avatar: user.avatar,
department: user.department,
role: user.role,
joinDate: user.join_date,
totalLikes: user.total_likes,
totalViews: user.total_views
},
token,
expiresIn: process.env.JWT_EXPIRES_IN || '7d'
});
success: true,
user: userWithoutPassword
})
} catch (error) {
logger.logError(error as Error, 'Login API');
const duration = Date.now() - startTime;
logger.logRequest('POST', '/api/auth/login', 500, duration);
console.error('登入錯誤:', error)
return NextResponse.json(
{ error: '內部伺服器錯誤' },
{ error: '登入過程中發生錯誤' },
{ status: 500 }
);
)
}
}
}

83
app/api/auth/profile/route.ts Normal file
View File

@@ -0,0 +1,83 @@
import { NextRequest, NextResponse } from 'next/server'
import { UserService } from '@/lib/services/database-service'
const userService = new UserService()
export async function GET(request: NextRequest) {
try {
const { searchParams } = new URL(request.url)
const userId = searchParams.get('userId')
if (!userId) {
return NextResponse.json(
{ error: '缺少用戶ID' },
{ status: 400 }
)
}
const user = await userService.findById(userId)
if (!user) {
return NextResponse.json(
{ error: '用戶不存在' },
{ status: 404 }
)
}
// 返回用戶信息(不包含密碼)
const { password_hash, ...userWithoutPassword } = user
return NextResponse.json({
success: true,
user: userWithoutPassword
})
} catch (error) {
console.error('獲取用戶資料錯誤:', error)
return NextResponse.json(
{ error: '獲取用戶資料時發生錯誤' },
{ status: 500 }
)
}
}
export async function PUT(request: NextRequest) {
try {
const { userId, ...updateData } = await request.json()
if (!userId) {
return NextResponse.json(
{ error: '缺少用戶ID' },
{ status: 400 }
)
}
// 如果更新密碼,需要加密
if (updateData.password) {
const bcrypt = require('bcryptjs')
const saltRounds = 12
updateData.password_hash = await bcrypt.hash(updateData.password, saltRounds)
delete updateData.password
}
const updatedUser = await userService.update(userId, updateData)
if (!updatedUser) {
return NextResponse.json(
{ error: '用戶不存在' },
{ status: 404 }
)
}
// 返回更新後的用戶信息(不包含密碼)
const { password_hash, ...userWithoutPassword } = updatedUser
return NextResponse.json({
success: true,
user: userWithoutPassword
})
} catch (error) {
console.error('更新用戶資料錯誤:', error)
return NextResponse.json(
{ error: '更新用戶資料時發生錯誤' },
{ status: 500 }
)
}
}

122
app/api/auth/register/route.ts
View File

@@ -1,113 +1,69 @@
import { NextRequest, NextResponse } from 'next/server';
import { db, generateId } from '@/lib/database';
import { validateUserData, validatePassword, hashPassword } from '@/lib/auth';
import { logger } from '@/lib/logger';
import { NextRequest, NextResponse } from 'next/server'
import bcrypt from 'bcryptjs'
import { v4 as uuidv4 } from 'uuid'
import { UserService } from '@/lib/services/database-service'
const userService = new UserService()
export async function POST(request: NextRequest) {
const startTime = Date.now();
try {
console.log('開始處理註冊請求...');
const body = await request.json();
console.log('請求體:', body);
const { name, email, password, department, role = 'user' } = body;
const { name, email, password, department, role = 'user' } = await request.json()
// 驗證用戶資料
console.log('驗證用戶資料...');
const userValidation = validateUserData({ name, email, department, role });
if (!userValidation.isValid) {
console.log('用戶資料驗證失敗:', userValidation.errors);
if (!name || !email || !password || !department) {
return NextResponse.json(
{ error: '用戶資料驗證失敗', details: userValidation.errors },
{ error: '請填寫所有必填欄位' },
{ status: 400 }
);
)
}
// 驗證密碼
console.log('驗證密碼...');
const passwordValidation = await validatePassword(password);
if (!passwordValidation.isValid) {
console.log('密碼驗證失敗:', passwordValidation.errors);
if (password.length < 6) {
return NextResponse.json(
{ error: '密碼格式不正確', details: passwordValidation.errors },
{ error: '密碼長度至少需要 6 個字符' },
{ status: 400 }
);
)
}
// 檢查電子郵件是否已存在
console.log('檢查電子郵件是否已存在...');
const existingUser = await db.queryOne(
'SELECT id FROM users WHERE email = ?',
[email]
);
// 檢查用戶是否已存在
const existingUser = await userService.findByEmail(email)
if (existingUser) {
console.log('電子郵件已存在');
return NextResponse.json(
{ error: '電子郵件地址已被註冊' },
{ error: '電子郵件已被註冊' },
{ status: 409 }
);
)
}
// 加密密碼
console.log('加密密碼...');
const passwordHash = await hashPassword(password);
console.log('密碼加密完成');
const saltRounds = 12
const password_hash = await bcrypt.hash(password, saltRounds)
// 準備用戶資料
console.log('準備用戶資料...');
const userId = generateId();
const userData = {
id: userId,
name: name.trim(),
email: email.toLowerCase().trim(),
password_hash: passwordHash,
department: department.trim(),
role,
// 創建新用戶
const newUser = {
id: uuidv4(),
name,
email,
password_hash,
department,
role: role as 'user' | 'developer' | 'admin',
join_date: new Date().toISOString().split('T')[0],
total_likes: 0,
total_views: 0,
created_at: new Date().toISOString().slice(0, 19).replace('T', ' '),
updated_at: new Date().toISOString().slice(0, 19).replace('T', ' ')
};
is_active: true
}
console.log('插入用戶資料...');
// 插入用戶資料
await db.insert('users', userData);
console.log('用戶資料插入成功');
// 記錄註冊成功
logger.logAuth('register', email, true, 'unknown');
const duration = Date.now() - startTime;
logger.logRequest('POST', '/api/auth/register', 201, duration, userId);
const createdUser = await userService.create(newUser)
// 返回用戶信息(不包含密碼)
const { password_hash: _, ...userWithoutPassword } = createdUser
return NextResponse.json({
message: '註冊成功',
user: {
id: userData.id,
name: userData.name,
email: userData.email,
department: userData.department,
role: userData.role,
joinDate: userData.join_date,
totalLikes: userData.total_likes,
totalViews: userData.total_views
}
}, { status: 201 });
success: true,
user: userWithoutPassword
})
} catch (error) {
console.error('註冊 API 錯誤:', error);
logger.logError(error as Error, 'Register API');
const duration = Date.now() - startTime;
logger.logRequest('POST', '/api/auth/register', 500, duration);
console.error('註冊錯誤:', error)
return NextResponse.json(
{ error: '內部伺服器錯誤', details: error instanceof Error ? error.message : 'Unknown error' },
{ error: '註冊過程中發生錯誤' },
{ status: 500 }
);
)
}
}
}

81
app/api/auth/reset-password/route.ts Normal file
View File

@@ -0,0 +1,81 @@
import { NextRequest, NextResponse } from 'next/server'
import { PasswordResetService } from '@/lib/services/password-reset-service'
export async function POST(request: NextRequest) {
try {
const { token, password } = await request.json()
if (!token || !password) {
return NextResponse.json(
{ error: '請提供重設 token 和新密碼' },
{ status: 400 }
)
}
if (password.length < 6) {
return NextResponse.json(
{ error: '密碼長度至少需要 6 個字符' },
{ status: 400 }
)
}
// 驗證並使用重設 token
const success = await PasswordResetService.useResetToken(token, password)
if (success) {
return NextResponse.json({
success: true,
message: '密碼重設成功,請使用新密碼登入'
})
} else {
return NextResponse.json(
{ error: '無效或已過期的重設 token' },
{ status: 400 }
)
}
} catch (error) {
console.error('密碼重設錯誤:', error)
return NextResponse.json(
{ error: error.message || '重設密碼時發生錯誤' },
{ status: 500 }
)
}
}
export async function GET(request: NextRequest) {
try {
const { searchParams } = new URL(request.url)
const token = searchParams.get('token')
if (!token) {
return NextResponse.json(
{ error: '缺少重設 token' },
{ status: 400 }
)
}
// 驗證 token 是否有效
const tokenInfo = await PasswordResetService.validateResetToken(token)
if (tokenInfo) {
return NextResponse.json({
success: true,
valid: true,
message: 'Token 有效,可以重設密碼'
})
} else {
return NextResponse.json(
{ error: '無效或已過期的重設 token' },
{ status: 400 }
)
}
} catch (error) {
console.error('驗證 token 錯誤:', error)
return NextResponse.json(
{ error: '驗證 token 時發生錯誤' },
{ status: 500 }
)
}
}