admin/jurong_circle_black
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加微信支付,商城逻辑,公告

Browse Source
This commit is contained in:
sunzhuangzhuang
2025-09-05 16:48:53 +08:00
parent e5ace37c68
commit 8530e97ab6
38 changed files with 6430 additions and 1688 deletions
Download Patch File Download Diff File Expand all files Collapse all files

221
routes/auth.js
View File

@@ -122,139 +122,105 @@ router.post('/register', async (req, res) => {
try {
const db = getDB();
await db.query('START TRANSACTION');
const {
username,
phone,
password,
registrationCode,
username,
phone,
password,
city,
district_id: district,
district_id: district,
captchaId,
captchaText,
smsCode, // 短信验证码
role = 'user'
} = req.body;
if (!username || !phone || !password || !registrationCode || !city || !district) {
return res.status(400).json({ success: false, message: '用户名、手机号、密码、激活码、城市和区域不能为空' });
if (!username || !phone || !password || !city || !district) {
return res.status(400).json({ success: false, message: '用户名、手机号、密码、城市和区域不能为空' });
}
if (!captchaId || !captchaText) {
return res.status(400).json({ success: false, message: '图形验证码不能为空' });
}
if (!smsCode) {
return res.status(400).json({ success: false, message: '短信验证码不能为空' });
}
// 注意:图形验证码已在前端通过 /captcha/verify 接口验证过,这里不再重复验证
// 验证短信验证码
const smsAPI = require('./sms');
const smsValid = smsAPI.verifySMSCode(phone, smsCode);
if (!smsValid) {
return res.status(400).json({ success: false, message: '短信验证码错误或已过期' });
}
// 验证手机号格式
const phoneRegex = /^1[3-9]\d{9}$/;
if (!phoneRegex.test(phone)) {
return res.status(400).json({ success: false, message: '手机号格式不正确' });
}
// 验证激活码
const [registrationCodes] = await db.execute(
'SELECT id, is_used, expires_at, agent_id FROM registration_codes WHERE code = ?',
[registrationCode]
);
if (registrationCodes.length === 0) {
return res.status(400).json({ success: false, message: '激活码不存在' });
}
const regCode = registrationCodes[0];
// 检查激活码是否已使用
if (regCode.is_used) {
return res.status(400).json({ success: false, message: '激活码已被使用' });
}
// 检查激活码是否过期
if (new Date() > new Date(regCode.expires_at)) {
return res.status(400).json({ success: false, message: '激活码已过期' });
}
// 检查用户是否已存在
const [existingUsers] = await db.execute(
'SELECT id FROM users WHERE username = ? OR phone = ?',
'SELECT id, payment_status FROM users WHERE username = ? OR phone = ?',
[username, phone]
);
if (existingUsers.length > 0) {
return res.status(400).json({ success: false, message: '用户名或手机号已存在' });
const existingUser = existingUsers[0];
// 如果用户存在但未支付,允许重新注册(覆盖原用户信息)
if (existingUser.payment_status === 'unpaid') {
// 删除未支付的用户记录
await db.execute('DELETE FROM users WHERE id = ?', [existingUser.id]);
} else {
return res.status(400).json({ success: false, message: '用户名或手机号已存在' });
}
}
// 加密密码
const hashedPassword = await bcrypt.hash(password, 10);
// 创建用户(待审核状态,可以进入系统但匹配需审核
// 创建用户(初始状态为未支付
const [result] = await db.execute(
'INSERT INTO users (username, phone, password, role, points, audit_status, city, district_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?)',
'INSERT INTO users (username, phone, password, role, points, audit_status, city, district_id, payment_status) VALUES (?, ?, ?, ?, ?, ?, ?, ?, "unpaid")',
[username, phone, hashedPassword, role, 0, 'pending', city, district]
);
const userId = result.insertId;
// 用户余额已在创建用户时设置为默认值0.00,无需额外操作
// 标记激活码为已使用
await db.execute(
'UPDATE registration_codes SET is_used = TRUE, used_at = NOW(), used_by_user_id = ? WHERE id = ?',
[userId, regCode.id]
// 根据地区自动关联代理
const [agents] = await db.execute(
'SELECT ra.id FROM users u INNER JOIN regional_agents ra ON u.id = ra.user_id WHERE ra.region_id = ? AND ra.status = "active" ORDER BY ra.created_at ASC LIMIT 1',
[district]
);
// 如果是代理邀请码,建立代理关系
if (regCode.agent_id) {
// 验证agent_id是否存在于regional_agents表中
const [agentExists] = await db.execute(
'SELECT id FROM regional_agents WHERE id = ?',
[regCode.agent_id]
if (agents.length > 0) {
await db.execute(
'INSERT INTO agent_merchants (agent_id, merchant_id, created_at) VALUES (?, ?, NOW())',
[agents[0].id, userId]
);
if (agentExists.length > 0) {
await db.execute(
'INSERT INTO agent_merchants (agent_id, merchant_id, created_at) VALUES (?, ?, NOW())',
[regCode.agent_id, userId]
);
}
} else {
// 如果不是代理邀请码,根据地区自动关联代理
const [agents] = await db.execute(
'SELECT ra.id FROM users u INNER JOIN regional_agents ra ON u.id = ra.user_id WHERE ra.region_id = ? AND ra.status = "active" ORDER BY ra.created_at ASC LIMIT 1',
[district]
);
if (agents.length > 0) {
await db.execute(
'INSERT INTO agent_merchants (agent_id, merchant_id, created_at) VALUES (?, ?, NOW())',
[agents[0].id, userId]
);
}
}
await db.query('COMMIT');
// 生成JWT token
// 生成JWT token(用于支付流程)
const token = jwt.sign(
{ userId: userId, username, role },
JWT_SECRET,
{ expiresIn: '24h' }
);
res.status(201).json({
success: true,
message: '注册成功',
message: '用户信息创建成功,请完成支付以激活账户',
token,
user: {
id: userId,
@@ -264,8 +230,10 @@ router.post('/register', async (req, res) => {
points: 0,
audit_status: 'pending',
city,
district
}
district,
paymentStatus: 'unpaid'
},
needPayment: true
});
} catch (error) {
try {
@@ -275,8 +243,8 @@ router.post('/register', async (req, res) => {
}
console.error('注册错误详情:', error);
console.error('错误堆栈:', error.stack);
res.status(500).json({
success: false,
res.status(500).json({
success: false,
message: '注册失败',
error: process.env.NODE_ENV === 'development' ? error.message : undefined
});
@@ -336,25 +304,25 @@ router.post('/login', async (req, res) => {
try {
const db = getDB();
const { username, password, captchaId, captchaText } = req.body;
if (!username || !password) {
return res.status(400).json({ success: false, message: '用户名和密码不能为空' });
}
if (!captchaId || !captchaText) {
return res.status(400).json({ success: false, message: '验证码不能为空' });
}
// 获取存储的验证码
// 获取存储的验证码
const storedCaptcha = global.captchaStore.get(captchaId);
console.log(storedCaptcha);
if (!storedCaptcha) {
return res.status(400).json({
success: false,
message: '验证码不存在或已过期'
});
}
// 检查是否过期
if (Date.now() > storedCaptcha.expires) {
global.captchaStore.delete(captchaId);
@@ -363,61 +331,77 @@ router.post('/login', async (req, res) => {
message: '验证码已过期'
});
}
// 验证验证码(不区分大小写)
const isValid = storedCaptcha.text === captchaText.toLowerCase();
// 删除已验证的验证码
global.captchaStore.delete(captchaId);
if (!isValid) {
return res.status(400).json({
success: false,
message: '验证码错误'
});
}
// 注意:验证码已在前端通过 /captcha/verify 接口验证过,这里不再重复验证
// 查找用户
// 查找用户(包含支付状态)
console.log('登录尝试 - 用户名:', username);
const [users] = await db.execute(
'SELECT * FROM users WHERE username = ?',
[username]
);
console.log('查找到的用户数量:', users.length);
if (users.length === 0) {
console.log('用户不存在:', username);
return res.status(401).json({ success: false, message: '用户名或密码错误' });
}
const user = users[0];
console.log('找到用户:', user.username, '密码长度:', user.password ? user.password.length : 'null');
// 验证密码
console.log('验证密码 - 输入密码:', password, '数据库密码前10位:', user.password ? user.password.substring(0, 10) : 'null');
const isValidPassword = await bcrypt.compare(password, user.password);
console.log('密码验证结果:', isValidPassword);
if (!isValidPassword) {
console.log('密码验证失败');
return res.status(401).json({ success: false, message: '用户名或密码错误' });
}
// 检查支付状态(管理员除外)
if (user.role !== 'admin' && user.payment_status === 'unpaid') {
const token = jwt.sign(
{ userId: user.id, username: user.username, role: user.role },
JWT_SECRET,
{ expiresIn: '5m' }
);
return res.status(200).json({
success: false,
message: '您的账户尚未激活,请完成支付后再登录',
needPayment: true,
user: user[0],
token
});
}
// 检查用户审核状态(管理员除外,只阻止被拒绝的用户)
if (user.role !== 'admin' && user.audit_status === 'rejected') {
return res.status(403).json({ success: false, message: '您的账户审核未通过,请联系管理员' });
}
// 待审核用户可以正常登录使用系统,但匹配功能会有限制
// 生成JWT token
const token = jwt.sign(
{ userId: user.id, username: user.username, role: user.role },
JWT_SECRET,
{ expiresIn: '24h' }
);
res.json({
success: true,
message: '登录成功',
@@ -427,7 +411,8 @@ router.post('/login', async (req, res) => {
username: user.username,
role: user.role,
avatar: user.avatar,
points: user.points
points: user.points,
payment_status: user.payment_status
}
});
} catch (error) {
@@ -440,11 +425,11 @@ router.post('/login', async (req, res) => {
const authenticateToken = (req, res, next) => {
const authHeader = req.headers['authorization'];
const token = authHeader && authHeader.split(' ')[1];
if (!token) {
return res.status(401).json({ success: false, message: '访问令牌缺失' });
}
jwt.verify(token, JWT_SECRET, (err, user) => {
if (err) {
return res.status(403).json({ success: false, message: '访问令牌无效' });
@@ -462,11 +447,11 @@ router.get('/me', authenticateToken, async (req, res) => {
'SELECT id, username, role, avatar, points, created_at FROM users WHERE id = ?',
[req.user.userId]
);
if (users.length === 0) {
return res.status(404).json({ success: false, message: '用户不存在' });
}
res.json({ success: true, user: users[0] });
} catch (error) {
console.error('获取用户信息错误:', error);
@@ -479,37 +464,37 @@ router.put('/change-password', authenticateToken, async (req, res) => {
try {
const db = getDB();
const { currentPassword, newPassword } = req.body;
if (!currentPassword || !newPassword) {
return res.status(400).json({ success: false, message: '旧密码和新密码不能为空' });
}
// 获取用户当前密码
const [users] = await db.execute(
'SELECT password FROM users WHERE id = ?',
[req.user.userId]
);
if (users.length === 0) {
return res.status(404).json({ success: false, message: '用户不存在' });
}
// 验证旧密码
const isValidPassword = await bcrypt.compare(currentPassword, users[0].password);
if (!isValidPassword) {
return res.status(400).json({ success: false, message: '旧密码错误' });
}
// 加密新密码
const hashedNewPassword = await bcrypt.hash(newPassword, 10);
// 更新密码
await db.execute(
'UPDATE users SET password = ? WHERE id = ?',
[hashedNewPassword, req.user.userId]
);
res.json({ success: true, message: '密码修改成功' });
} catch (error) {
console.error('修改密码错误:', error);