實作個人專區與資料庫整合

app/api/user/profile/route.ts

@@ -0,0 +1,134 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { updateUser, findUserById } from '@/lib/database/models/user'
+import { verifyPassword, hashPassword } from '@/lib/utils/password'
+
+export async function PUT(request: NextRequest) {
+  try {
+    const body = await request.json()
+    const { userId, name, email, department, currentPassword, newPassword } = body
+
+    // 驗證必要欄位
+    if (!userId) {
+      return NextResponse.json(
+        { success: false, error: '缺少用戶ID' },
+        { status: 400 }
+      )
+    }
+
+    // 獲取當前用戶資料
+    const currentUser = await findUserById(userId)
+    if (!currentUser) {
+      return NextResponse.json(
+        { success: false, error: '用戶不存在' },
+        { status: 404 }
+      )
+    }
+
+    // 準備更新資料
+    const updateData: any = {}
+
+    // 更新基本資料
+    if (name !== undefined) updateData.name = name
+    if (email !== undefined) updateData.email = email
+    if (department !== undefined) updateData.department = department
+
+    // 如果要更新密碼，需要驗證當前密碼
+    if (newPassword) {
+      if (!currentPassword) {
+        return NextResponse.json(
+          { success: false, error: '請提供當前密碼' },
+          { status: 400 }
+        )
+      }
+
+      // 驗證當前密碼
+      const isCurrentPasswordValid = await verifyPassword(currentPassword, currentUser.password)
+      if (!isCurrentPasswordValid) {
+        return NextResponse.json(
+          { success: false, error: '當前密碼不正確' },
+          { status: 400 }
+        )
+      }
+
+      // 加密新密碼
+      updateData.password = await hashPassword(newPassword)
+    }
+
+    // 檢查是否有資料需要更新
+    if (Object.keys(updateData).length === 0) {
+      return NextResponse.json(
+        { success: false, error: '沒有資料需要更新' },
+        { status: 400 }
+      )
+    }
+
+    // 更新用戶資料
+    const updatedUser = await updateUser(userId, updateData)
+    if (!updatedUser) {
+      return NextResponse.json(
+        { success: false, error: '更新用戶資料失敗' },
+        { status: 500 }
+      )
+    }
+
+    // 返回更新後的用戶資料（不包含密碼）
+    const { password, ...userWithoutPassword } = updatedUser
+
+    return NextResponse.json({
+      success: true,
+      data: userWithoutPassword
+    })
+
+  } catch (error) {
+    console.error('更新用戶資料失敗:', error)
+    return NextResponse.json(
+      {
+        success: false,
+        error: '伺服器錯誤',
+        details: error instanceof Error ? error.message : '未知錯誤'
+      },
+      { status: 500 }
+    )
+  }
+}
+
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const userId = searchParams.get('userId')
+
+    if (!userId) {
+      return NextResponse.json(
+        { success: false, error: '缺少用戶ID' },
+        { status: 400 }
+      )
+    }
+
+    const user = await findUserById(userId)
+    if (!user) {
+      return NextResponse.json(
+        { success: false, error: '用戶不存在' },
+        { status: 404 }
+      )
+    }
+
+    // 返回用戶資料（不包含密碼）
+    const { password, ...userWithoutPassword } = user
+
+    return NextResponse.json({
+      success: true,
+      data: userWithoutPassword
+    })
+
+  } catch (error) {
+    console.error('獲取用戶資料失敗:', error)
+    return NextResponse.json(
+      {
+        success: false,
+        error: '伺服器錯誤',
+        details: error instanceof Error ? error.message : '未知錯誤'
+      },
+      { status: 500 }
+    )
+  }
+}