liwei
/
archieve-projects
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
archieve-projects/后事管理系统/api/admin/user.js

298 lines
10 KiB
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

const express = require('express');
const router = express.Router();
const db = require('../link/link.js');
const md5 = require('../enc.js');
const tw = (res, code, msg) => {
res.send({
'code': code,
'msg': msg
})
}
function isEmptyStr(s) {
if (s == null || s === '') {
return false
}
return true
}
function sqlerr(res, err) {
console.log(err);
tw(res, 500, '服务器错误');
}
//获取管理员列表只有超级role为1的管理员才能获取
router.get('/admin/list', (req, res) => {
let { page, limit, username, id, nickname } = req.query;
page = page || 1;
limit = limit || 10;
//身份校验
if (req.auth.role !== 1) {
tw(res, 403, '无权限');
return;
}
if (isEmptyStr(id)) {
let sql = `select id,username,nickname,create_time,update_time,create_time,role,status,(select name from role where id = user.role) as role_name from user where id = ${id}`;
db.query(sql, (err, result) => {
if (err) {
sqlerr(res, err);
return;
}
res.send({
'code': 200,
'msg': '获取成功',
'data': result[0]
})
})
} else {
let sql = `select id,username,nickname,create_time,create_time,update_time,role,status,(select name from role where id = user.role) as role_name from user where 1=1`
if (isEmptyStr(username)) {
sql += ` and username like '%${username}%'`
}
if (isEmptyStr(nickname)) {
sql += ` and nickname like '%${nickname}%'`
}
sql += ` limit ${(page - 1) * limit}, ${limit}`
db.query(sql, (err, result) => {
if (err) {
sqlerr(res, err);
return;
}
let sql2 = `select count(*) as count from user where 1=1`
if (isEmptyStr(username)) {
sql2 += ` and username like '%${username}%'`
}
if (isEmptyStr(nickname)) {
sql2 += ` and nickname like '%${nickname}%'`
}
db.query(sql2, (err, result2) => {
if (err) {
sqlerr(res, err);
return;
}
res.send({
'code': 200,
'msg': '获取成功',
'count': result2[0].count,
'data': result,
})
})
})
}
})
// 封禁解封管理员
router.put('/admin/status', (req, res) => {
let { id, status } = req.body;
if (id == 2) return tw(res, 403, '无法操作此账户');
if (!isEmptyStr(id) || !isEmptyStr(status)) {
tw(res, 400, '参数错误');
return;
}
if (req.auth.role != 1) return tw(res, 403, '无权限');
if (req.auth.id == id) return tw(res, 403, '无法操作自己');
// status只能取值0和1
if (status != 0 && status != 1) return tw(res, 400, '参数错误');
let sql = `update user set status = ${status} where id = ${id}`;
db.query(sql, (err, result) => {
if (err) {
sqlerr(res, err);
return;
}
let sta = status == 0 ? '解封' : '封禁';
if (result.affectedRows === 1) {
tw(res, 200, sta + '成功');
} else {
tw(res, 400, sta + '失败');
}
})
})
//添加管理员
router.post('/admin/add', (req, res) => {
let { username, nickname } = req.body;
if (!isEmptyStr(username) || !isEmptyStr(nickname)) return tw(res, 400, '参数错误');
if (req.auth.role !== 1) return tw(res, 403, '无权限');
let sql = `select * from user where username = '${username}'`;
db.query(sql, (err, result) => {
if (err) {
sqlerr(res, err);
return;
}
if (result.length !== 0) {
tw(res, 400, '用户名已存在');
return;
}
let password = md5('123456')
let status = 0;
let role = 4;
let sql = `insert into user (username,password,nickname,status,role,create_time,update_time) values ('${username}','${password}','${nickname}',${status},${role},now(),now())`;
db.query(sql, (err, result) => {
if (err) {
sqlerr(res, err);
return;
}
if (result.affectedRows === 1) {
tw(res, 200, '添加成功默认密码123456');
} else {
tw(res, 400, '添加失败');
}
});
})
})
//修改密码
router.put('/admin/password', (req, res) => {
let { newpass, oldpass } = req.body;
if (req.auth.id == 2) return tw(res, 403, '无法操作此账户');
if (!isEmptyStr(newpass) || !isEmptyStr(oldpass)) return tw(res, 400, '参数错误');
//newpass只能是数字字母下划线长度在6-22位
let reg = /^[a-zA-Z0-9_]{4,22}$/;
if (!reg.test(newpass)) return tw(res, 400, '新密码不合法')
let newp = md5(newpass);
let selectSql = `select password from user where id = ${req.auth.id}`;
db.query(selectSql, (err, result) => {
if (err) {
sqlerr(res, err);
return;
}
if (result.length === 0) return tw(res, 400, '用户不存在');
if (result[0].password !== md5(oldpass)) return tw(res, 400, '原密码错误');
if (result[0].password === newp) return tw(res, 400, '新密码不能与原密码相同')
let sql = `update user set password = '${newp}',update_time=now() where id = ${req.auth.id}`;
db.query(sql, (err, result) => {
if (err) {
sqlerr(res, err);
return;
}
if (result.affectedRows === 1) {
tw(res, 200, '修改成功');
} else {
tw(res, 400, '修改失败');
}
})
})
})
//重置密码
router.post('/admin/reset', (req, res) => {
let id = req.body.id;
if (!isEmptyStr(id)) return tw(res, 400, '参数错误');
if (req.auth.role !== 1) return tw(res, 403, '无权限');
let password = md5('123456');
let sql = `update user set password = '${password}',update_time=now() where id = ${id}`;
db.query(sql, (err, result) => {
if (err) {
sqlerr(res, err);
return;
}
if (result.affectedRows === 1) {
tw(res, 200, '重置成功默认密码123456');
} else {
tw(res, 400, '重置失败');
}
})
})
//修改昵称
router.put('/admin/nickname', (req, res) => {
let { nickname } = req.body;
if (req.auth.id == 2) return tw(res, 403, '无法操作此账户');
if (!isEmptyStr(nickname)) return tw(res, 400, '参数错误');
if (nickname.length > 25) return tw(res, 400, '昵称长度不能超过25个字符')
// 修改昵称和update_time
let sql = `update user set nickname = '${nickname}',update_time=now() where id = ${req.auth.id}`;
db.query(sql, (err, result) => {
if (err) {
sqlerr(res, err);
return;
}
if (result.affectedRows === 1) {
tw(res, 200, '修改成功');
} else {
tw(res, 400, '修改失败');
}
})
})
//删除管理员
router.delete('/admin/delete', (req, res) => {
let id = req.query.id;
if (!isEmptyStr(id)) return tw(res, 400, '参数错误');
if (req.auth.role !== 1) return tw(res, 403, '无权限');
if (req.auth.id == id) return tw(res, 403, '无法操作自己');
if (req.auth.id == 2) return tw(res, 403, '无法操作此账户');
let querySql = `select * from user where id = ${id}`;
db.query(querySql, (err, result) => {
if (err) return sqlerr(res, err);
if (result[0].role == 1) return tw(res, 400, '无法删除超级管理员');
if (result[0].role == 2) {
//改管理员还是勾魂使者的情况
let sql = `delete from lawyer where uuid = '${result[0].username}'`;
db.query(sql, (err, result) => {
if (err) return sqlerr(res, err);
})
}
let sql = `delete from user where id = ${id}`;
db.query(sql, (err, result) => {
if (err) {
sqlerr(res, err);
return;
}
if (result.affectedRows === 1) {
tw(res, 200, '删除成功');
} else {
tw(res, 400, '删除失败');
}
})
})
})
//将普通管理员设置为勾魂使者
router.put('/admin/reaper', (req, res) => {
let { id, gender, description } = req.body;
if (req.auth.id == 2) return tw(res, 403, '无法操作此账户');
if (!isEmptyStr(id) || !isEmptyStr(gender) || !isEmptyStr(description)) return tw(res, 400, '参数错误');
if (req.auth.role !== 1) return tw(res, 403, '无权限');
if (id == 1) return tw(res, 400, '无法操作超级管理员');
//gender只能是0或1
if (gender != 0 && gender != 1) return tw(res, 400, '性别参数错误');
let selectSql = `select * from user where id = ${id}`;
db.query(selectSql, (err, result) => {
if (err) return sqlerr(res, err);
if (result.length === 0) return tw(res, 400, '用户不存在');
if (result[0].role === 2) return tw(res, 400, '该用户已经是勾魂使者');
let name = result[0].nickname;
let uuid = result[0].username;
let photo = '/public/def/photo.jpeg';
let status = 0;
//添加到勾魂使者表reaper
let sql = `insert into lawyer (name,uuid,gender,photo,description,create_time,role,status) values ('${name}','${uuid}',${gender},'${photo}',
'${description}',now(),4,${status})`;
db.query(sql, (err, result) => {
if (err) return sqlerr(res, err);
if (result.affectedRows === 1) {
//修改user表中的role
let sql = `update user set role = 2 where id = ${id}`;
db.query(sql, (err, result) => {
if (err) return sqlerr(res, err);
if (result.affectedRows === 1) {
tw(res, 200, '设置成功');
} else {
tw(res, 400, '设置失败');
}
})
} else {
tw(res, 400, '设置失败');
}
})
})
})
module.exports = router;
Reference in New Issue View Git Blame Copy Permalink