修改商城逻辑

routes/riskManagement.js

@@ -1,5 +1,12 @@
 const express = require('express');
-const router = express.Router();
+router = express.Router();
+
+/**
+ * @swagger
+ * tags:
+ *   name: RiskManagement
+ *   description: 风险管理API
+ */
 const { auth } = require('../middleware/auth');
 const timeoutService = require('../services/timeoutService');
 const { getDB } = require('../database');
@@ -15,7 +22,85 @@ const requireAdmin = (req, res, next) => {
 };
 
 /**
- * 获取风险用户列表
+ * @swagger
+ * /risk-management/users:
+ *   get:
+ *     summary: 获取风险用户列表
+ *     tags: [RiskManagement]
+ *     security:
+ *       - bearerAuth: []
+ *     parameters:
+ *       - in: query
+ *         name: page
+ *         schema:
+ *           type: integer
+ *           default: 1
+ *         description: 页码
+ *       - in: query
+ *         name: limit
+ *         schema:
+ *           type: integer
+ *           default: 10
+ *         description: 每页数量
+ *       - in: query
+ *         name: is_blacklisted
+ *         schema:
+ *           type: integer
+ *           enum: [0, 1]
+ *         description: 是否被拉黑
+ *       - in: query
+ *         name: username
+ *         schema:
+ *           type: string
+ *         description: 用户名
+ *     responses:
+ *       200:
+ *         description: 成功获取风险用户列表
+ *         content:
+ *           application/json:
+ *             schema:
+ *               type: object
+ *               properties:
+ *                 success:
+ *                   type: boolean
+ *                 data:
+ *                   type: object
+ *                   properties:
+ *                     users:
+ *                       type: array
+ *                       items:
+ *                         type: object
+ *                         properties:
+ *                           id:
+ *                             type: integer
+ *                           username:
+ *                             type: string
+ *                           real_name:
+ *                             type: string
+ *                           is_blacklisted:
+ *                             type: boolean
+ *                           blacklist_reason:
+ *                             type: string
+ *                           blacklisted_at:
+ *                             type: string
+ *                             format: date-time
+ *                     pagination:
+ *                       type: object
+ *                       properties:
+ *                         total:
+ *                           type: integer
+ *                         page:
+ *                           type: integer
+ *                         limit:
+ *                           type: integer
+ *                         pages:
+ *                           type: integer
+ *       401:
+ *         description: 未授权
+ *       403:
+ *         description: 权限不足
+ *       500:
+ *         description: 服务器错误
  */
 router.get('/users', auth, requireAdmin, async (req, res) => {
   try {
@@ -42,7 +127,54 @@ router.get('/users', auth, requireAdmin, async (req, res) => {
 });
 
 /**
- * 拉黑用户
+ * @swagger
+ * /risk-management/blacklist/{userId}:
+ *   post:
+ *     summary: 拉黑用户
+ *     tags: [RiskManagement]
+ *     security:
+ *       - bearerAuth: []
+ *     parameters:
+ *       - in: path
+ *         name: userId
+ *         schema:
+ *           type: integer
+ *         required: true
+ *         description: 用户ID
+ *     requestBody:
+ *       required: true
+ *       content:
+ *         application/json:
+ *           schema:
+ *             type: object
+ *             required:
+ *               - reason
+ *             properties:
+ *               reason:
+ *                 type: string
+ *                 description: 拉黑原因
+ *     responses:
+ *       200:
+ *         description: 用户已被拉黑
+ *         content:
+ *           application/json:
+ *             schema:
+ *               type: object
+ *               properties:
+ *                 success:
+ *                   type: boolean
+ *                   example: true
+ *                 message:
+ *                   type: string
+ *                   example: 用户已被拉黑
+ *       400:
+ *         description: 请求参数错误
+ *       401:
+ *         description: 未授权
+ *       403:
+ *         description: 权限不足
+ *       500:
+ *         description: 服务器错误
  */
 router.post('/blacklist/:userId', auth, requireAdmin, async (req, res) => {
   try {
@@ -67,7 +199,40 @@ router.post('/blacklist/:userId', auth, requireAdmin, async (req, res) => {
 });
 
 /**
- * 解除拉黑
+ * @swagger
+ * /risk-management/unblacklist/{userId}:
+ *   post:
+ *     summary: 解除拉黑
+ *     tags: [RiskManagement]
+ *     security:
+ *       - bearerAuth: []
+ *     parameters:
+ *       - in: path
+ *         name: userId
+ *         schema:
+ *           type: integer
+ *         required: true
+ *         description: 用户ID
+ *     responses:
+ *       200:
+ *         description: 已解除拉黑
+ *         content:
+ *           application/json:
+ *             schema:
+ *               type: object
+ *               properties:
+ *                 success:
+ *                   type: boolean
+ *                   example: true
+ *                 message:
+ *                   type: string
+ *                   example: 已解除拉黑
+ *       401:
+ *         description: 未授权
+ *       403:
+ *         description: 权限不足
+ *       500:
+ *         description: 服务器错误
  */
 router.post('/unblacklist/:userId', auth, requireAdmin, async (req, res) => {
   try {
@@ -87,7 +252,80 @@ router.post('/unblacklist/:userId', auth, requireAdmin, async (req, res) => {
 });
 
 /**
- * 获取超时转账列表
+ * @swagger
+ * /risk-management/overdue-transfers:
+ *   get:
+ *     summary: 获取超时转账列表
+ *     tags: [RiskManagement]
+ *     security:
+ *       - bearerAuth: []
+ *     parameters:
+ *       - in: query
+ *         name: page
+ *         schema:
+ *           type: integer
+ *           default: 1
+ *         description: 页码
+ *       - in: query
+ *         name: limit
+ *         schema:
+ *           type: integer
+ *           default: 10
+ *         description: 每页数量
+ *     responses:
+ *       200:
+ *         description: 成功获取超时转账列表
+ *         content:
+ *           application/json:
+ *             schema:
+ *               type: object
+ *               properties:
+ *                 success:
+ *                   type: boolean
+ *                 data:
+ *                   type: object
+ *                   properties:
+ *                     transfers:
+ *                       type: array
+ *                       items:
+ *                         type: object
+ *                         properties:
+ *                           id:
+ *                             type: integer
+ *                           user_id:
+ *                             type: integer
+ *                           recipient_id:
+ *                             type: integer
+ *                           amount:
+ *                             type: number
+ *                           status:
+ *                             type: string
+ *                           created_at:
+ *                             type: string
+ *                             format: date-time
+ *                           username:
+ *                             type: string
+ *                           recipient_name:
+ *                             type: string
+ *                           overdue_hours:
+ *                             type: number
+ *                     pagination:
+ *                       type: object
+ *                       properties:
+ *                         total:
+ *                           type: integer
+ *                         page:
+ *                           type: integer
+ *                         limit:
+ *                           type: integer
+ *                         pages:
+ *                           type: integer
+ *       401:
+ *         description: 未授权
+ *       403:
+ *         description: 权限不足
+ *       500:
+ *         description: 服务器错误
  */
 router.get('/overdue-transfers', auth, requireAdmin, async (req, res) => {
   try {