mirror of
https://github.com/MoonTechLab/LunaTV.git
synced 2026-02-21 00:44:41 +08:00
338 lines
9.7 KiB
TypeScript
338 lines
9.7 KiB
TypeScript
/* eslint-disable @typescript-eslint/no-explicit-any,no-console,@typescript-eslint/no-non-null-assertion */
|
|
|
|
import { NextRequest, NextResponse } from 'next/server';
|
|
|
|
import { getAuthInfoFromCookie } from '@/lib/auth';
|
|
import { getConfig } from '@/lib/config';
|
|
import { getStorage } from '@/lib/db';
|
|
import { IStorage } from '@/lib/types';
|
|
|
|
export const runtime = 'edge';
|
|
|
|
// 支持的操作类型
|
|
const ACTIONS = [
|
|
'add',
|
|
'ban',
|
|
'unban',
|
|
'setAdmin',
|
|
'cancelAdmin',
|
|
'setAllowRegister',
|
|
'changePassword',
|
|
'deleteUser',
|
|
] as const;
|
|
|
|
export async function POST(request: NextRequest) {
|
|
const storageType = process.env.NEXT_PUBLIC_STORAGE_TYPE || 'localstorage';
|
|
if (storageType === 'localstorage') {
|
|
return NextResponse.json(
|
|
{
|
|
error: '不支持本地存储进行管理员配置',
|
|
},
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
try {
|
|
const body = await request.json();
|
|
|
|
const authInfo = getAuthInfoFromCookie(request);
|
|
if (!authInfo || !authInfo.username) {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
|
|
}
|
|
const username = authInfo.username;
|
|
|
|
const {
|
|
targetUsername, // 目标用户名
|
|
targetPassword, // 目标用户密码(仅在添加用户时需要)
|
|
allowRegister,
|
|
action,
|
|
} = body as {
|
|
targetUsername?: string;
|
|
targetPassword?: string;
|
|
allowRegister?: boolean;
|
|
action?: (typeof ACTIONS)[number];
|
|
};
|
|
|
|
if (!action || !ACTIONS.includes(action)) {
|
|
return NextResponse.json({ error: '参数格式错误' }, { status: 400 });
|
|
}
|
|
|
|
if (action !== 'setAllowRegister' && !targetUsername) {
|
|
return NextResponse.json({ error: '缺少目标用户名' }, { status: 400 });
|
|
}
|
|
|
|
if (
|
|
action !== 'setAllowRegister' &&
|
|
action !== 'changePassword' &&
|
|
action !== 'deleteUser' &&
|
|
username === targetUsername
|
|
) {
|
|
return NextResponse.json(
|
|
{ error: '无法对自己进行此操作' },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
// 获取配置与存储
|
|
const adminConfig = await getConfig();
|
|
const storage: IStorage | null = getStorage();
|
|
|
|
// 判定操作者角色
|
|
let operatorRole: 'owner' | 'admin';
|
|
if (username === process.env.USERNAME) {
|
|
operatorRole = 'owner';
|
|
} else {
|
|
const userEntry = adminConfig.UserConfig.Users.find(
|
|
(u) => u.username === username
|
|
);
|
|
if (!userEntry || userEntry.role !== 'admin') {
|
|
return NextResponse.json({ error: '权限不足' }, { status: 401 });
|
|
}
|
|
operatorRole = 'admin';
|
|
}
|
|
|
|
// 查找目标用户条目
|
|
let targetEntry = adminConfig.UserConfig.Users.find(
|
|
(u) => u.username === targetUsername
|
|
);
|
|
|
|
if (
|
|
targetEntry &&
|
|
targetEntry.role === 'owner' &&
|
|
action !== 'changePassword'
|
|
) {
|
|
return NextResponse.json({ error: '无法操作站长' }, { status: 400 });
|
|
}
|
|
|
|
// 权限校验逻辑
|
|
const isTargetAdmin = targetEntry?.role === 'admin';
|
|
|
|
if (action === 'setAllowRegister') {
|
|
if (typeof allowRegister !== 'boolean') {
|
|
return NextResponse.json({ error: '参数格式错误' }, { status: 400 });
|
|
}
|
|
adminConfig.UserConfig.AllowRegister = allowRegister;
|
|
// 保存后直接返回成功(走后面的统一保存逻辑)
|
|
} else {
|
|
switch (action) {
|
|
case 'add': {
|
|
if (targetEntry) {
|
|
return NextResponse.json({ error: '用户已存在' }, { status: 400 });
|
|
}
|
|
if (!targetPassword) {
|
|
return NextResponse.json(
|
|
{ error: '缺少目标用户密码' },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
if (!storage || typeof storage.registerUser !== 'function') {
|
|
return NextResponse.json(
|
|
{ error: '存储未配置用户注册' },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
await storage.registerUser(targetUsername!, targetPassword);
|
|
// 更新配置
|
|
adminConfig.UserConfig.Users.push({
|
|
username: targetUsername!,
|
|
role: 'user',
|
|
});
|
|
targetEntry =
|
|
adminConfig.UserConfig.Users[
|
|
adminConfig.UserConfig.Users.length - 1
|
|
];
|
|
break;
|
|
}
|
|
case 'ban': {
|
|
if (!targetEntry) {
|
|
return NextResponse.json(
|
|
{ error: '目标用户不存在' },
|
|
{ status: 404 }
|
|
);
|
|
}
|
|
if (isTargetAdmin) {
|
|
// 目标是管理员
|
|
if (operatorRole !== 'owner') {
|
|
return NextResponse.json(
|
|
{ error: '仅站长可封禁管理员' },
|
|
{ status: 401 }
|
|
);
|
|
}
|
|
}
|
|
targetEntry.banned = true;
|
|
break;
|
|
}
|
|
case 'unban': {
|
|
if (!targetEntry) {
|
|
return NextResponse.json(
|
|
{ error: '目标用户不存在' },
|
|
{ status: 404 }
|
|
);
|
|
}
|
|
if (isTargetAdmin) {
|
|
if (operatorRole !== 'owner') {
|
|
return NextResponse.json(
|
|
{ error: '仅站长可操作管理员' },
|
|
{ status: 401 }
|
|
);
|
|
}
|
|
}
|
|
targetEntry.banned = false;
|
|
break;
|
|
}
|
|
case 'setAdmin': {
|
|
if (!targetEntry) {
|
|
return NextResponse.json(
|
|
{ error: '目标用户不存在' },
|
|
{ status: 404 }
|
|
);
|
|
}
|
|
if (targetEntry.role === 'admin') {
|
|
return NextResponse.json(
|
|
{ error: '该用户已是管理员' },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
if (operatorRole !== 'owner') {
|
|
return NextResponse.json(
|
|
{ error: '仅站长可设置管理员' },
|
|
{ status: 401 }
|
|
);
|
|
}
|
|
targetEntry.role = 'admin';
|
|
break;
|
|
}
|
|
case 'cancelAdmin': {
|
|
if (!targetEntry) {
|
|
return NextResponse.json(
|
|
{ error: '目标用户不存在' },
|
|
{ status: 404 }
|
|
);
|
|
}
|
|
if (targetEntry.role !== 'admin') {
|
|
return NextResponse.json(
|
|
{ error: '目标用户不是管理员' },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
if (operatorRole !== 'owner') {
|
|
return NextResponse.json(
|
|
{ error: '仅站长可取消管理员' },
|
|
{ status: 401 }
|
|
);
|
|
}
|
|
targetEntry.role = 'user';
|
|
break;
|
|
}
|
|
case 'changePassword': {
|
|
if (!targetEntry) {
|
|
return NextResponse.json(
|
|
{ error: '目标用户不存在' },
|
|
{ status: 404 }
|
|
);
|
|
}
|
|
if (!targetPassword) {
|
|
return NextResponse.json({ error: '缺少新密码' }, { status: 400 });
|
|
}
|
|
|
|
// 权限检查:不允许修改站长密码
|
|
if (targetEntry.role === 'owner') {
|
|
return NextResponse.json(
|
|
{ error: '无法修改站长密码' },
|
|
{ status: 401 }
|
|
);
|
|
}
|
|
|
|
if (
|
|
isTargetAdmin &&
|
|
operatorRole !== 'owner' &&
|
|
username !== targetUsername
|
|
) {
|
|
return NextResponse.json(
|
|
{ error: '仅站长可修改其他管理员密码' },
|
|
{ status: 401 }
|
|
);
|
|
}
|
|
|
|
if (!storage || typeof storage.changePassword !== 'function') {
|
|
return NextResponse.json(
|
|
{ error: '存储未配置密码修改功能' },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
|
|
await storage.changePassword(targetUsername!, targetPassword);
|
|
break;
|
|
}
|
|
case 'deleteUser': {
|
|
if (!targetEntry) {
|
|
return NextResponse.json(
|
|
{ error: '目标用户不存在' },
|
|
{ status: 404 }
|
|
);
|
|
}
|
|
|
|
// 权限检查:站长可删除所有用户(除了自己),管理员可删除普通用户
|
|
if (username === targetUsername) {
|
|
return NextResponse.json(
|
|
{ error: '不能删除自己' },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
if (isTargetAdmin && operatorRole !== 'owner') {
|
|
return NextResponse.json(
|
|
{ error: '仅站长可删除管理员' },
|
|
{ status: 401 }
|
|
);
|
|
}
|
|
|
|
if (!storage || typeof storage.deleteUser !== 'function') {
|
|
return NextResponse.json(
|
|
{ error: '存储未配置用户删除功能' },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
|
|
await storage.deleteUser(targetUsername!);
|
|
|
|
// 从配置中移除用户
|
|
const userIndex = adminConfig.UserConfig.Users.findIndex(
|
|
(u) => u.username === targetUsername
|
|
);
|
|
if (userIndex > -1) {
|
|
adminConfig.UserConfig.Users.splice(userIndex, 1);
|
|
}
|
|
|
|
break;
|
|
}
|
|
default:
|
|
return NextResponse.json({ error: '未知操作' }, { status: 400 });
|
|
}
|
|
}
|
|
|
|
// 将更新后的配置写入数据库
|
|
if (storage && typeof (storage as any).setAdminConfig === 'function') {
|
|
await (storage as any).setAdminConfig(adminConfig);
|
|
}
|
|
|
|
return NextResponse.json(
|
|
{ ok: true },
|
|
{
|
|
headers: {
|
|
'Cache-Control': 'no-store', // 管理员配置不缓存
|
|
},
|
|
}
|
|
);
|
|
} catch (error) {
|
|
console.error('用户管理操作失败:', error);
|
|
return NextResponse.json(
|
|
{
|
|
error: '用户管理操作失败',
|
|
details: (error as Error).message,
|
|
},
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
}
|