fix: search history isolation

2026-02-27 06:54:43 +08:00 · 2025-07-03 22:05:12 +08:00
parent 712b61e1df
commit ac39b76ffc
3 changed files with 76 additions and 34 deletions
--- a/src/app/api/searchhistory/route.ts
+++ b/src/app/api/searchhistory/route.ts
@@ -10,12 +10,22 @@ export const runtime = 'edge';
 const HISTORY_LIMIT = 20;

 /**
- * GET /api/searchhistory
+ * GET /api/searchhistory?user=<username>
 * 返回 string[]
 */
-export async function GET() {
+export async function GET(request: NextRequest) {
  try {
-    const history = await db.getSearchHistory();
+    const { searchParams } = new URL(request.url);
+    const user = searchParams.get('user')?.trim();
+
+    if (!user) {
+      return NextResponse.json(
+        { error: 'User parameter is required' },
+        { status: 400 }
+      );
+    }
+
+    const history = await db.getSearchHistory(user);
    return NextResponse.json(history, { status: 200 });
  } catch (err) {
    console.error('获取搜索历史失败', err);
@@ -28,12 +38,14 @@ export async function GET() {

 /**
 * POST /api/searchhistory
- * body: { keyword: string }
+ * body: { keyword: string, user: string }
 */
 export async function POST(request: NextRequest) {
  try {
    const body = await request.json();
    const keyword: string = body.keyword?.trim();
+    const user: string = body.user?.trim();
+
    if (!keyword) {
      return NextResponse.json(
        { error: 'Keyword is required' },
@@ -41,10 +53,17 @@ export async function POST(request: NextRequest) {
      );
    }

-    await db.addSearchHistory(keyword);
+    if (!user) {
+      return NextResponse.json(
+        { error: 'User parameter is required' },
+        { status: 400 }
+      );
+    }
+
+    await db.addSearchHistory(user, keyword);

    // 再次获取最新列表，确保客户端与服务端同步
-    const history = await db.getSearchHistory();
+    const history = await db.getSearchHistory(user);
    return NextResponse.json(history.slice(0, HISTORY_LIMIT), { status: 200 });
  } catch (err) {
    console.error('添加搜索历史失败', err);
@@ -56,7 +75,7 @@ export async function POST(request: NextRequest) {
 }

 /**
- * DELETE /api/searchhistory
+ * DELETE /api/searchhistory?user=<username>&keyword=<kw>
 *
 * 1. 不带 keyword -> 清空全部搜索历史
 * 2. 带 keyword=<kw> -> 删除单条关键字
@@ -64,9 +83,17 @@ export async function POST(request: NextRequest) {
 export async function DELETE(request: NextRequest) {
  try {
    const { searchParams } = new URL(request.url);
+    const user = searchParams.get('user')?.trim();
    const kw = searchParams.get('keyword')?.trim();

-    await db.deleteSearchHistory(kw || undefined);
+    if (!user) {
+      return NextResponse.json(
+        { error: 'User parameter is required' },
+        { status: 400 }
+      );
+    }
+
+    await db.deleteSearchHistory(user, kw || undefined);

    return NextResponse.json({ success: true }, { status: 200 });
  } catch (err) {