张翔
f357330ba8
- 将用户角色字段从role改为is_admin布尔值 - 更新相关API权限检查逻辑 - 修改数据库schema和迁移文件 - 调整前端用户显示逻辑 - 添加API响应工具函数 - 优化权限检查中间件 - 重构英雄组件为原子组件
85 lines
2.0 KiB
TypeScript
85 lines
2.0 KiB
TypeScript
import { NextRequest } from 'next/server';
|
|
import { checkIsAdmin, getAdminUserId } from '@/lib/auth/check-permission';
|
|
import { createAuditLog } from '@/lib/audit';
|
|
import { uploadFile, deleteFile } from '@/lib/upload';
|
|
import { forbidden, badRequest, notFound, success, handleApiError } from '@/lib/api-response';
|
|
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
const { isAdmin } = await checkIsAdmin();
|
|
const userId = await getAdminUserId();
|
|
|
|
if (!isAdmin || !userId) {
|
|
return forbidden();
|
|
}
|
|
|
|
const formData = await request.formData();
|
|
const file = formData.get('file') as File | null;
|
|
const type = (formData.get('type') as 'image' | 'document') || 'image';
|
|
|
|
if (!file) {
|
|
return badRequest('未找到文件');
|
|
}
|
|
|
|
const result = await uploadFile(file, {
|
|
type,
|
|
userId,
|
|
});
|
|
|
|
await createAuditLog({
|
|
userId,
|
|
action: 'upload',
|
|
resourceType: 'file',
|
|
resourceId: result.id,
|
|
details: {
|
|
fileName: result.name,
|
|
fileType: result.type,
|
|
fileSize: result.size,
|
|
url: result.url,
|
|
},
|
|
});
|
|
|
|
return success({
|
|
success: true,
|
|
file: result,
|
|
});
|
|
} catch (error) {
|
|
console.error('文件上传失败:', error);
|
|
|
|
if (error instanceof Error) {
|
|
return badRequest(error.message);
|
|
}
|
|
|
|
return handleApiError(error);
|
|
}
|
|
}
|
|
|
|
export async function DELETE(request: NextRequest) {
|
|
try {
|
|
const { isAdmin } = await checkIsAdmin();
|
|
const userId = await getAdminUserId();
|
|
|
|
if (!isAdmin || !userId) {
|
|
return forbidden();
|
|
}
|
|
|
|
const { searchParams } = new URL(request.url);
|
|
const fileUrl = searchParams.get('url');
|
|
|
|
if (!fileUrl) {
|
|
return badRequest('缺少文件 URL');
|
|
}
|
|
|
|
const result = await deleteFile(fileUrl);
|
|
|
|
if (!result) {
|
|
return notFound('文件不存在或删除失败');
|
|
}
|
|
|
|
return success({ success: true });
|
|
} catch (error) {
|
|
console.error('文件删除失败:', error);
|
|
return handleApiError(error);
|
|
}
|
|
}
|