新增資料庫、用戶註冊、登入的功能

2025-08-05 10:56:22 +08:00
parent 94e3763402
commit a288a966ba
41 changed files with 4362 additions and 289 deletions
--- a/app/api/auth/login/route.ts
+++ b/app/api/auth/login/route.ts
@@ -0,0 +1,115 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { db } from '@/lib/database';
+import { generateToken, validatePassword, comparePassword } from '@/lib/auth';
+import { logger } from '@/lib/logger';
+
+export async function POST(request: NextRequest) {
+  const startTime = Date.now();
+  
+  try {
+    const body = await request.json();
+    const { email, password } = body;
+
+    // 驗證輸入
+    if (!email || !password) {
+      return NextResponse.json(
+        { error: '請提供電子郵件和密碼' },
+        { status: 400 }
+      );
+    }
+
+    // 驗證密碼格式
+    const passwordValidation = await validatePassword(password);
+    if (!passwordValidation.isValid) {
+      return NextResponse.json(
+        { error: '密碼格式不正確', details: passwordValidation.errors },
+        { status: 400 }
+      );
+    }
+
+    // 查詢用戶
+    const user = await db.queryOne<{
+      id: string;
+      name: string;
+      email: string;
+      password_hash: string;
+      avatar?: string;
+      department: string;
+      role: 'user' | 'developer' | 'admin';
+      join_date: string;
+      total_likes: number;
+      total_views: number;
+      created_at: string;
+      updated_at: string;
+    }>(
+      'SELECT * FROM users WHERE email = ?',
+      [email]
+    );
+
+    if (!user) {
+      logger.logAuth('login', email, false, request.ip || 'unknown');
+      return NextResponse.json(
+        { error: '電子郵件或密碼不正確' },
+        { status: 401 }
+      );
+    }
+
+    // 驗證密碼
+    const isPasswordValid = await comparePassword(password, user.password_hash);
+    if (!isPasswordValid) {
+      logger.logAuth('login', email, false, request.ip || 'unknown');
+      return NextResponse.json(
+        { error: '電子郵件或密碼不正確' },
+        { status: 401 }
+      );
+    }
+
+    // 生成 JWT Token
+    const token = generateToken({
+      id: user.id,
+      email: user.email,
+      role: user.role
+    });
+
+    // 更新最後登入時間
+    await db.update(
+      'users',
+      { updated_at: new Date().toISOString().slice(0, 19).replace('T', ' ') },
+      { id: user.id }
+    );
+
+    // 記錄成功登入
+    logger.logAuth('login', email, true, request.ip || 'unknown');
+
+    const duration = Date.now() - startTime;
+    logger.logRequest('POST', '/api/auth/login', 200, duration, user.id);
+
+    return NextResponse.json({
+      message: '登入成功',
+      user: {
+        id: user.id,
+        name: user.name,
+        email: user.email,
+        avatar: user.avatar,
+        department: user.department,
+        role: user.role,
+        joinDate: user.join_date,
+        totalLikes: user.total_likes,
+        totalViews: user.total_views
+      },
+      token,
+      expiresIn: process.env.JWT_EXPIRES_IN || '7d'
+    });
+
+  } catch (error) {
+    logger.logError(error as Error, 'Login API');
+    
+    const duration = Date.now() - startTime;
+    logger.logRequest('POST', '/api/auth/login', 500, duration);
+
+    return NextResponse.json(
+      { error: '內部伺服器錯誤' },
+      { status: 500 }
+    );
+  }
+} 
--- a/app/api/auth/me/route.ts
+++ b/app/api/auth/me/route.ts
@@ -0,0 +1,47 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { authenticateUser } from '@/lib/auth';
+import { logger } from '@/lib/logger';
+
+export async function GET(request: NextRequest) {
+  const startTime = Date.now();
+  
+  try {
+    // 驗證用戶
+    const user = await authenticateUser(request);
+    
+    if (!user) {
+      return NextResponse.json(
+        { error: '未授權訪問' },
+        { status: 401 }
+      );
+    }
+
+    const duration = Date.now() - startTime;
+    logger.logRequest('GET', '/api/auth/me', 200, duration, user.id);
+
+    return NextResponse.json({
+      user: {
+        id: user.id,
+        name: user.name,
+        email: user.email,
+        avatar: user.avatar,
+        department: user.department,
+        role: user.role,
+        joinDate: user.joinDate,
+        totalLikes: user.totalLikes,
+        totalViews: user.totalViews
+      }
+    });
+
+  } catch (error) {
+    logger.logError(error as Error, 'Get Current User API');
+    
+    const duration = Date.now() - startTime;
+    logger.logRequest('GET', '/api/auth/me', 500, duration);
+
+    return NextResponse.json(
+      { error: '內部伺服器錯誤' },
+      { status: 500 }
+    );
+  }
+} 
--- a/app/api/auth/register/route.ts
+++ b/app/api/auth/register/route.ts
@@ -0,0 +1,113 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { db, generateId } from '@/lib/database';
+import { validateUserData, validatePassword, hashPassword } from '@/lib/auth';
+import { logger } from '@/lib/logger';
+
+export async function POST(request: NextRequest) {
+  const startTime = Date.now();
+  
+  try {
+    console.log('開始處理註冊請求...');
+    
+    const body = await request.json();
+    console.log('請求體:', body);
+    
+    const { name, email, password, department, role = 'user' } = body;
+
+    // 驗證用戶資料
+    console.log('驗證用戶資料...');
+    const userValidation = validateUserData({ name, email, department, role });
+    if (!userValidation.isValid) {
+      console.log('用戶資料驗證失敗:', userValidation.errors);
+      return NextResponse.json(
+        { error: '用戶資料驗證失敗', details: userValidation.errors },
+        { status: 400 }
+      );
+    }
+
+    // 驗證密碼
+    console.log('驗證密碼...');
+    const passwordValidation = await validatePassword(password);
+    if (!passwordValidation.isValid) {
+      console.log('密碼驗證失敗:', passwordValidation.errors);
+      return NextResponse.json(
+        { error: '密碼格式不正確', details: passwordValidation.errors },
+        { status: 400 }
+      );
+    }
+
+    // 檢查電子郵件是否已存在
+    console.log('檢查電子郵件是否已存在...');
+    const existingUser = await db.queryOne(
+      'SELECT id FROM users WHERE email = ?',
+      [email]
+    );
+
+    if (existingUser) {
+      console.log('電子郵件已存在');
+      return NextResponse.json(
+        { error: '此電子郵件地址已被註冊' },
+        { status: 409 }
+      );
+    }
+
+    // 加密密碼
+    console.log('加密密碼...');
+    const passwordHash = await hashPassword(password);
+    console.log('密碼加密完成');
+
+    // 準備用戶資料
+    console.log('準備用戶資料...');
+    const userId = generateId();
+    const userData = {
+      id: userId,
+      name: name.trim(),
+      email: email.toLowerCase().trim(),
+      password_hash: passwordHash,
+      department: department.trim(),
+      role,
+      join_date: new Date().toISOString().split('T')[0],
+      total_likes: 0,
+      total_views: 0,
+      created_at: new Date().toISOString().slice(0, 19).replace('T', ' '),
+      updated_at: new Date().toISOString().slice(0, 19).replace('T', ' ')
+    };
+
+    console.log('插入用戶資料...');
+    // 插入用戶資料
+    await db.insert('users', userData);
+    console.log('用戶資料插入成功');
+
+    // 記錄註冊成功
+    logger.logAuth('register', email, true, 'unknown');
+
+    const duration = Date.now() - startTime;
+    logger.logRequest('POST', '/api/auth/register', 201, duration, userId);
+
+    return NextResponse.json({
+      message: '註冊成功',
+      user: {
+        id: userData.id,
+        name: userData.name,
+        email: userData.email,
+        department: userData.department,
+        role: userData.role,
+        joinDate: userData.join_date,
+        totalLikes: userData.total_likes,
+        totalViews: userData.total_views
+      }
+    }, { status: 201 });
+
+  } catch (error) {
+    console.error('註冊 API 錯誤:', error);
+    logger.logError(error as Error, 'Register API');
+    
+    const duration = Date.now() - startTime;
+    logger.logRequest('POST', '/api/auth/register', 500, duration);
+
+    return NextResponse.json(
+      { error: '內部伺服器錯誤', details: error instanceof Error ? error.message : 'Unknown error' },
+      { status: 500 }
+    );
+  }
+} 
--- a/app/api/auth/reset-password/confirm/route.ts
+++ b/app/api/auth/reset-password/confirm/route.ts
@@ -0,0 +1,19 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { db } from '@/lib/database';
+import { hashPassword } from '@/lib/auth';
+import { codeMap } from '../request/route';
+
+export async function POST(request: NextRequest) {
+  try {
+    const { email, code, newPassword } = await request.json();
+    if (!email || !code || !newPassword) return NextResponse.json({ error: '缺少參數' }, { status: 400 });
+    const validCode = codeMap.get(email);
+    if (!validCode || validCode !== code) return NextResponse.json({ error: '驗證碼錯誤' }, { status: 400 });
+    const passwordHash = await hashPassword(newPassword);
+    await db.update('users', { password_hash: passwordHash }, { email });
+    codeMap.delete(email);
+    return NextResponse.json({ message: '密碼重設成功' });
+  } catch (error) {
+    return NextResponse.json({ error: '內部伺服器錯誤', details: error instanceof Error ? error.message : 'Unknown error' }, { status: 500 });
+  }
+}
--- a/app/api/auth/reset-password/request/route.ts
+++ b/app/api/auth/reset-password/request/route.ts
@@ -0,0 +1,20 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { db } from '@/lib/database';
+
+const codeMap = new Map();
+
+export async function POST(request: NextRequest) {
+  try {
+    const { email } = await request.json();
+    if (!email) return NextResponse.json({ error: '請提供 email' }, { status: 400 });
+    const user = await db.queryOne('SELECT id FROM users WHERE email = ?', [email]);
+    if (!user) return NextResponse.json({ error: '用戶不存在' }, { status: 404 });
+    const code = Math.floor(100000 + Math.random() * 900000).toString();
+    codeMap.set(email, code);
+    // 實際應發送 email，這裡直接回傳
+    return NextResponse.json({ message: '驗證碼已產生', code });
+  } catch (error) {
+    return NextResponse.json({ error: '內部伺服器錯誤', details: error instanceof Error ? error.message : 'Unknown error' }, { status: 500 });
+  }
+}
+export { codeMap };