初次提交

2025-08-26 10:06:23 +08:00
commit a1944a573e
58 changed files with 19131 additions and 0 deletions
--- a/routes/auth.js
+++ b/routes/auth.js
@@ -0,0 +1,333 @@
+const express = require('express');
+const bcrypt = require('bcryptjs');
+const jwt = require('jsonwebtoken');
+const { getDB } = require('../database');
+
+const router = express.Router();
+const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key';
+
+/**
+ * 用户注册
+ * 需要提供有效的激活码才能注册
+ */
+router.post('/register', async (req, res) => {
+  try {
+    const db = getDB();
+    await db.query('START TRANSACTION');
+    
+    const {
+      username, 
+      phone, 
+      password, 
+      registrationCode,
+      city,
+         district_id: district,
+      captchaId,
+      captchaText,
+      smsCode, // 短信验证码
+      role = 'user'
+    } = req.body;
+    
+    if (!username || !phone || !password || !registrationCode || !city || !district) {
+      return res.status(400).json({ success: false, message: '用户名、手机号、密码、激活码、城市和区域不能为空' });
+    }
+    
+    if (!captchaId || !captchaText) {
+      return res.status(400).json({ success: false, message: '图形验证码不能为空' });
+    }
+    
+    if (!smsCode) {
+      return res.status(400).json({ success: false, message: '短信验证码不能为空' });
+    }
+    
+    // 注意：图形验证码已在前端通过 /captcha/verify 接口验证过，这里不再重复验证
+    
+    // 验证短信验证码
+    const smsAPI = require('./sms');
+    const smsValid = smsAPI.verifySMSCode(phone, smsCode);
+    if (!smsValid) {
+      return res.status(400).json({ success: false, message: '短信验证码错误或已过期' });
+    }
+    
+    // 验证手机号格式
+    const phoneRegex = /^1[3-9]\d{9}$/;
+    if (!phoneRegex.test(phone)) {
+      return res.status(400).json({ success: false, message: '手机号格式不正确' });
+    }
+    
+    // 验证激活码
+    const [registrationCodes] = await db.execute(
+      'SELECT id, is_used, expires_at, agent_id FROM registration_codes WHERE code = ?',
+      [registrationCode]
+    );
+    
+    if (registrationCodes.length === 0) {
+      return res.status(400).json({ success: false, message: '激活码不存在' });
+    }
+    
+    const regCode = registrationCodes[0];
+    
+    // 检查激活码是否已使用
+    if (regCode.is_used) {
+      return res.status(400).json({ success: false, message: '激活码已被使用' });
+    }
+    
+    // 检查激活码是否过期
+    if (new Date() > new Date(regCode.expires_at)) {
+      return res.status(400).json({ success: false, message: '激活码已过期' });
+    }
+    
+    // 检查用户是否已存在
+    const [existingUsers] = await db.execute(
+      'SELECT id FROM users WHERE username = ? OR phone = ?',
+      [username, phone]
+    );
+    
+    if (existingUsers.length > 0) {
+      return res.status(400).json({ success: false, message: '用户名或手机号已存在' });
+    }
+    
+    // 加密密码
+    const hashedPassword = await bcrypt.hash(password, 10);
+    
+    // 创建用户（待审核状态，可以进入系统但匹配需审核）
+    const [result] = await db.execute(
+      'INSERT INTO users (username, phone, password, role, points, audit_status, city, district_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?)',
+      [username, phone, hashedPassword, role, 0, 'pending', city, district]
+    );
+    
+    const userId = result.insertId;
+    
+    // 用户余额已在创建用户时设置为默认值0.00，无需额外操作
+    
+    // 标记激活码为已使用
+    await db.execute(
+      'UPDATE registration_codes SET is_used = TRUE, used_at = NOW(), used_by_user_id = ? WHERE id = ?',
+      [userId, regCode.id]
+    );
+    
+    // 如果是代理邀请码，建立代理关系
+    if (regCode.agent_id) {
+      // 验证agent_id是否存在于regional_agents表中
+      const [agentExists] = await db.execute(
+        'SELECT id FROM regional_agents WHERE id = ?',
+        [regCode.agent_id]
+      );
+      
+      if (agentExists.length > 0) {
+        await db.execute(
+          'INSERT INTO agent_merchants (agent_id, merchant_id, created_at) VALUES (?, ?, NOW())',
+          [regCode.agent_id, userId]
+        );
+      }
+    } else {
+      // 如果不是代理邀请码，根据地区自动关联代理
+       const [agents] = await db.execute(
+         'SELECT ra.id FROM users u INNER JOIN regional_agents ra ON u.id = ra.user_id WHERE ra.region_id = ? AND ra.status = "active" ORDER BY ra.created_at ASC LIMIT 1',
+         [district]
+       );
+      
+      if (agents.length > 0) {
+        await db.execute(
+          'INSERT INTO agent_merchants (agent_id, merchant_id, created_at) VALUES (?, ?, NOW())',
+          [agents[0].id, userId]
+        );
+      }
+    }
+    
+    await db.query('COMMIT');
+    
+    // 生成JWT token
+    const token = jwt.sign(
+      { userId: userId, username, role },
+      JWT_SECRET,
+      { expiresIn: '24h' }
+    );
+    
+    res.status(201).json({
+      success: true,
+      message: '注册成功',
+      token,
+      user: {
+        id: userId,
+        username,
+        phone,
+        role,
+        points: 0,
+        audit_status: 'pending',
+        city,
+        district
+      }
+    });
+  } catch (error) {
+    try {
+      await getDB().query('ROLLBACK');
+    } catch (rollbackError) {
+      console.error('回滚错误:', rollbackError);
+    }
+    console.error('注册错误详情:', error);
+    console.error('错误堆栈:', error.stack);
+    res.status(500).json({ 
+      success: false, 
+      message: '注册失败',
+      error: process.env.NODE_ENV === 'development' ? error.message : undefined
+    });
+  }
+});
+
+// 用户登录
+router.post('/login', async (req, res) => {
+  try {
+    const db = getDB();
+    const { username, password, captchaId, captchaText } = req.body;
+    
+    if (!username || !password) {
+      return res.status(400).json({ success: false, message: '用户名和密码不能为空' });
+    }
+    
+    // if (!captchaId || !captchaText) {
+    //   return res.status(400).json({ success: false, message: '验证码不能为空' });
+    // }
+    
+    // 注意：验证码已在前端通过 /captcha/verify 接口验证过，这里不再重复验证
+    
+    // 查找用户
+    console.log('登录尝试 - 用户名:', username);
+    const [users] = await db.execute(
+      'SELECT * FROM users WHERE username = ?',
+      [username]
+    );
+    
+    console.log('查找到的用户数量:', users.length);
+    if (users.length === 0) {
+      console.log('用户不存在:', username);
+      return res.status(401).json({ success: false, message: '用户名或密码错误' });
+    }
+    
+    const user = users[0];
+    console.log('找到用户:', user.username, '密码长度:', user.password ? user.password.length : 'null');
+    
+    // 验证密码
+    console.log('验证密码 - 输入密码:', password, '数据库密码前10位:', user.password ? user.password.substring(0, 10) : 'null');
+    const isValidPassword = await bcrypt.compare(password, user.password);
+    console.log('密码验证结果:', isValidPassword);
+    
+    if (!isValidPassword) {
+      console.log('密码验证失败');
+      return res.status(401).json({ success: false, message: '用户名或密码错误' });
+    }
+    
+    // 检查用户审核状态（管理员除外，只阻止被拒绝的用户）
+    if (user.role !== 'admin' && user.audit_status === 'rejected') {
+      return res.status(403).json({ success: false, message: '您的账户审核未通过，请联系管理员' });
+    }
+    // 待审核用户可以正常登录使用系统，但匹配功能会有限制
+    
+    // 生成JWT token
+    const token = jwt.sign(
+      { userId: user.id, username: user.username, role: user.role },
+      JWT_SECRET,
+      { expiresIn: '24h' }
+    );
+    
+    res.json({
+      success: true,
+      message: '登录成功',
+      token,
+      user: {
+        id: user.id,
+        username: user.username,
+        role: user.role,
+        avatar: user.avatar,
+        points: user.points
+      }
+    });
+  } catch (error) {
+    console.error('登录错误:', error);
+    res.status(500).json({ success: false, message: '登录失败' });
+  }
+});
+
+// 验证token中间件
+const authenticateToken = (req, res, next) => {
+  const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1];
+  
+  if (!token) {
+    return res.status(401).json({ success: false, message: '访问令牌缺失' });
+  }
+  
+  jwt.verify(token, JWT_SECRET, (err, user) => {
+    if (err) {
+      return res.status(403).json({ success: false, message: '访问令牌无效' });
+    }
+    req.user = user;
+    next();
+  });
+};
+
+// 获取当前用户信息
+router.get('/me', authenticateToken, async (req, res) => {
+  try {
+    const db = getDB();
+    const [users] = await db.execute(
+      'SELECT id, username, role, avatar, points, created_at FROM users WHERE id = ?',
+      [req.user.userId]
+    );
+    
+    if (users.length === 0) {
+      return res.status(404).json({ success: false, message: '用户不存在' });
+    }
+    
+    res.json({ success: true, user: users[0] });
+  } catch (error) {
+    console.error('获取用户信息错误:', error);
+    res.status(500).json({ success: false, message: '获取用户信息失败' });
+  }
+});
+
+// 修改密码
+router.put('/change-password', authenticateToken, async (req, res) => {
+  try {
+    const db = getDB();
+    const { currentPassword, newPassword } = req.body;
+    
+    if (!currentPassword || !newPassword) {
+      return res.status(400).json({ success: false, message: '旧密码和新密码不能为空' });
+    }
+    
+    // 获取用户当前密码
+    const [users] = await db.execute(
+      'SELECT password FROM users WHERE id = ?',
+      [req.user.userId]
+    );
+    
+    if (users.length === 0) {
+      return res.status(404).json({ success: false, message: '用户不存在' });
+    }
+    
+    // 验证旧密码
+    const isValidPassword = await bcrypt.compare(currentPassword, users[0].password);
+    
+    if (!isValidPassword) {
+      return res.status(400).json({ success: false, message: '旧密码错误' });
+    }
+    
+    // 加密新密码
+    const hashedNewPassword = await bcrypt.hash(newPassword, 10);
+    
+    // 更新密码
+    await db.execute(
+      'UPDATE users SET password = ? WHERE id = ?',
+      [hashedNewPassword, req.user.userId]
+    );
+    
+    res.json({ success: true, message: '密码修改成功' });
+  } catch (error) {
+    console.error('修改密码错误:', error);
+    res.status(500).json({ success: false, message: '修改密码失败' });
+  }
+});
+
+module.exports = router;
+module.exports.authenticateToken = authenticateToken;