135 lines
3.5 KiB
TypeScript
135 lines
3.5 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { updateUser, findUserById } from '@/lib/database/models/user'
|
|
import { verifyPassword, hashPassword } from '@/lib/utils/password'
|
|
|
|
export async function PUT(request: NextRequest) {
|
|
try {
|
|
const body = await request.json()
|
|
const { userId, name, email, department, currentPassword, newPassword } = body
|
|
|
|
// 驗證必要欄位
|
|
if (!userId) {
|
|
return NextResponse.json(
|
|
{ success: false, error: '缺少用戶ID' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// 獲取當前用戶資料
|
|
const currentUser = await findUserById(userId)
|
|
if (!currentUser) {
|
|
return NextResponse.json(
|
|
{ success: false, error: '用戶不存在' },
|
|
{ status: 404 }
|
|
)
|
|
}
|
|
|
|
// 準備更新資料
|
|
const updateData: any = {}
|
|
|
|
// 更新基本資料
|
|
if (name !== undefined) updateData.name = name
|
|
if (email !== undefined) updateData.email = email
|
|
if (department !== undefined) updateData.department = department
|
|
|
|
// 如果要更新密碼,需要驗證當前密碼
|
|
if (newPassword) {
|
|
if (!currentPassword) {
|
|
return NextResponse.json(
|
|
{ success: false, error: '請提供當前密碼' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// 驗證當前密碼
|
|
const isCurrentPasswordValid = await verifyPassword(currentPassword, currentUser.password)
|
|
if (!isCurrentPasswordValid) {
|
|
return NextResponse.json(
|
|
{ success: false, error: '當前密碼不正確' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// 加密新密碼
|
|
updateData.password = await hashPassword(newPassword)
|
|
}
|
|
|
|
// 檢查是否有資料需要更新
|
|
if (Object.keys(updateData).length === 0) {
|
|
return NextResponse.json(
|
|
{ success: false, error: '沒有資料需要更新' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// 更新用戶資料
|
|
const updatedUser = await updateUser(userId, updateData)
|
|
if (!updatedUser) {
|
|
return NextResponse.json(
|
|
{ success: false, error: '更新用戶資料失敗' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
|
|
// 返回更新後的用戶資料(不包含密碼)
|
|
const { password, ...userWithoutPassword } = updatedUser
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
data: userWithoutPassword
|
|
})
|
|
|
|
} catch (error) {
|
|
console.error('更新用戶資料失敗:', error)
|
|
return NextResponse.json(
|
|
{
|
|
success: false,
|
|
error: '伺服器錯誤',
|
|
details: error instanceof Error ? error.message : '未知錯誤'
|
|
},
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|
|
|
|
export async function GET(request: NextRequest) {
|
|
try {
|
|
const { searchParams } = new URL(request.url)
|
|
const userId = searchParams.get('userId')
|
|
|
|
if (!userId) {
|
|
return NextResponse.json(
|
|
{ success: false, error: '缺少用戶ID' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
const user = await findUserById(userId)
|
|
if (!user) {
|
|
return NextResponse.json(
|
|
{ success: false, error: '用戶不存在' },
|
|
{ status: 404 }
|
|
)
|
|
}
|
|
|
|
// 返回用戶資料(不包含密碼)
|
|
const { password, ...userWithoutPassword } = user
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
data: userWithoutPassword
|
|
})
|
|
|
|
} catch (error) {
|
|
console.error('獲取用戶資料失敗:', error)
|
|
return NextResponse.json(
|
|
{
|
|
success: false,
|
|
error: '伺服器錯誤',
|
|
details: error instanceof Error ? error.message : '未知錯誤'
|
|
},
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|