refactor: 提取 requireUserId/requireUser/requireMembership 校验工具

- 新增 requireUserId：统一 14 处 userId 非空校验，返回 401 - 新增 requireUser：统一 4 处用户存在性检查，返回 404 - validateMembership 升级为 requireMembership，直接抛 403 - 混合校验拆分为 auth(401) + 字段(400)，状态码更准确
2026-02-26 18:17:17 +08:00
parent 0595887480
commit 19edcaeeb5
15 changed files with 67 additions and 56 deletions
@@ -1,16 +1,15 @@
 import { NextResponse } from "next/server";
 import { prisma } from "@/lib/prisma";
-import { validateMembership } from "@/lib/blindbox";
-import { apiHandler, ApiError } from "@/lib/api";
+import { requireMembership } from "@/lib/blindbox";
+import { apiHandler, ApiError, requireUserId } from "@/lib/api";

 export const POST = apiHandler(async (req) => {
  const { roomId, userId } = await req.json();

-  if (!userId || typeof userId !== "string") throw new ApiError("请先登录", 401);
+  requireUserId(userId);
  if (!roomId || typeof roomId !== "string") throw new ApiError("roomId 不能为空");

-  const isMember = await validateMembership(roomId, userId);
-  if (!isMember) throw new ApiError("你不是这个房间的成员", 403);
+  await requireMembership(roomId, userId);

  const pool = await prisma.blindBoxIdea.findMany({
    where: { roomId, status: "in_pool" },
@@ -1,7 +1,7 @@
 import { NextResponse } from "next/server";
 import { prisma } from "@/lib/prisma";
 import { getRoomByCode } from "@/lib/blindbox";
-import { apiHandler, ApiError } from "@/lib/api";
+import { apiHandler, ApiError, requireUserId } from "@/lib/api";

 export const GET = apiHandler(async (_req, { params }) => {
  const { code } = await params;
@@ -26,7 +26,7 @@ export const DELETE = apiHandler(async (req, { params }) => {
  const { code } = await params;
  const { userId } = await req.json();

-  if (!userId) throw new ApiError("缺少用户 ID");
+  requireUserId(userId);

  const room = await prisma.blindBoxRoom.findUnique({
    where: { code: code.toUpperCase() },
@@ -1,11 +1,11 @@
 import { NextResponse } from "next/server";
 import { prisma } from "@/lib/prisma";
-import { apiHandler, ApiError } from "@/lib/api";
+import { apiHandler, ApiError, requireUserId } from "@/lib/api";

 export const POST = apiHandler(async (req) => {
  const { userId, code } = await req.json();

-  if (!userId || typeof userId !== "string") throw new ApiError("请先登录", 401);
+  requireUserId(userId);
  if (!code || typeof code !== "string") throw new ApiError("请输入房间号");

  const room = await prisma.blindBoxRoom.findUnique({
@@ -1,18 +1,17 @@
 import { NextResponse } from "next/server";
 import { prisma } from "@/lib/prisma";
 import { generateUniqueRoomCode } from "@/lib/blindbox";
-import { apiHandler, ApiError } from "@/lib/api";
+import { apiHandler, ApiError, requireUserId, requireUser } from "@/lib/api";

 export const POST = apiHandler(async (req) => {
  const { userId, name } = await req.json();

-  if (!userId || typeof userId !== "string") throw new ApiError("请先登录", 401);
+  requireUserId(userId);

  const roomName = (name || "").trim() || "我们的周末";
  if (roomName.length > 30) throw new ApiError("房间名不能超过 30 个字");

-  const user = await prisma.user.findUnique({ where: { id: userId } });
-  if (!user) throw new ApiError("用户不存在", 404);
+  await requireUser(userId);

  const code = await generateUniqueRoomCode();

@@ -1,10 +1,9 @@
 import { NextResponse } from "next/server";
 import { prisma } from "@/lib/prisma";
-import { apiHandler, ApiError } from "@/lib/api";
+import { apiHandler, requireUserId } from "@/lib/api";

 export const GET = apiHandler(async (req) => {
-  const userId = req.nextUrl.searchParams.get("userId");
-  if (!userId) throw new ApiError("请先登录", 401);
+  const userId = requireUserId(req.nextUrl.searchParams.get("userId"));

  const memberships = await prisma.blindBoxMember.findMany({
    where: { userId },
@@ -1,20 +1,19 @@
 import { NextResponse } from "next/server";
 import { prisma } from "@/lib/prisma";
-import { validateMembership } from "@/lib/blindbox";
-import { apiHandler, ApiError } from "@/lib/api";
+import { requireMembership } from "@/lib/blindbox";
+import { apiHandler, ApiError, requireUserId } from "@/lib/api";

 export const POST = apiHandler(async (req) => {
  const { roomId, userId, content } = await req.json();

-  if (!userId || typeof userId !== "string") throw new ApiError("请先登录", 401);
+  requireUserId(userId);
  if (!roomId || typeof roomId !== "string") throw new ApiError("roomId 不能为空");
  if (!content || typeof content !== "string" || content.trim().length === 0) {
    throw new ApiError("内容不能为空");
  }
  if (content.trim().length > 200) throw new ApiError("内容不能超过 200 字");

-  const isMember = await validateMembership(roomId, userId);
-  if (!isMember) throw new ApiError("你不是这个房间的成员", 403);
+  await requireMembership(roomId, userId);

  const idea = await prisma.blindBoxIdea.create({
    data: { roomId, userId, content: content.trim() },
@@ -25,13 +24,11 @@ export const POST = apiHandler(async (req) => {

 export const GET = apiHandler(async (req) => {
  const roomId = req.nextUrl.searchParams.get("roomId");
-  const userId = req.nextUrl.searchParams.get("userId");
+  const userId = requireUserId(req.nextUrl.searchParams.get("userId"));

  if (!roomId) throw new ApiError("缺少 roomId");
-  if (!userId) throw new ApiError("请先登录", 401);

-  const isMember = await validateMembership(roomId, userId);
-  if (!isMember) throw new ApiError("你不是这个房间的成员", 403);
+  await requireMembership(roomId, userId);

  const [poolCount, myIdeas, drawn] = await Promise.all([
    prisma.blindBoxIdea.count({
@@ -58,7 +55,7 @@ export const GET = apiHandler(async (req) => {
 export const PUT = apiHandler(async (req) => {
  const { ideaId, userId, content } = await req.json();

-  if (!userId) throw new ApiError("请先登录", 401);
+  requireUserId(userId);
  if (!ideaId) throw new ApiError("缺少 ideaId");
  if (!content || typeof content !== "string" || content.trim().length === 0) {
    throw new ApiError("内容不能为空");
@@ -81,7 +78,7 @@ export const PUT = apiHandler(async (req) => {
 export const DELETE = apiHandler(async (req) => {
  const { ideaId, userId } = await req.json();

-  if (!userId) throw new ApiError("请先登录", 401);
+  requireUserId(userId);
  if (!ideaId) throw new ApiError("缺少 ideaId");

  const idea = await prisma.blindBoxIdea.findUnique({ where: { id: ideaId } });