refactor: 提取 requireUserId/requireUser/requireMembership 校验工具

- 新增 requireUserId：统一 14 处 userId 非空校验，返回 401 - 新增 requireUser：统一 4 处用户存在性检查，返回 404 - validateMembership 升级为 requireMembership，直接抛 403 - 混合校验拆分为 auth(401) + 字段(400)，状态码更准确
2026-02-26 18:17:17 +08:00
parent 0595887480
commit 19edcaeeb5
15 changed files with 67 additions and 56 deletions
@@ -1,20 +1,19 @@
 import { NextResponse } from "next/server";
 import { prisma } from "@/lib/prisma";
-import { validateMembership } from "@/lib/blindbox";
-import { apiHandler, ApiError } from "@/lib/api";
+import { requireMembership } from "@/lib/blindbox";
+import { apiHandler, ApiError, requireUserId } from "@/lib/api";

 export const POST = apiHandler(async (req) => {
  const { roomId, userId, content } = await req.json();

-  if (!userId || typeof userId !== "string") throw new ApiError("请先登录", 401);
+  requireUserId(userId);
  if (!roomId || typeof roomId !== "string") throw new ApiError("roomId 不能为空");
  if (!content || typeof content !== "string" || content.trim().length === 0) {
    throw new ApiError("内容不能为空");
  }
  if (content.trim().length > 200) throw new ApiError("内容不能超过 200 字");

-  const isMember = await validateMembership(roomId, userId);
-  if (!isMember) throw new ApiError("你不是这个房间的成员", 403);
+  await requireMembership(roomId, userId);

  const idea = await prisma.blindBoxIdea.create({
    data: { roomId, userId, content: content.trim() },
@@ -25,13 +24,11 @@ export const POST = apiHandler(async (req) => {

 export const GET = apiHandler(async (req) => {
  const roomId = req.nextUrl.searchParams.get("roomId");
-  const userId = req.nextUrl.searchParams.get("userId");
+  const userId = requireUserId(req.nextUrl.searchParams.get("userId"));

  if (!roomId) throw new ApiError("缺少 roomId");
-  if (!userId) throw new ApiError("请先登录", 401);

-  const isMember = await validateMembership(roomId, userId);
-  if (!isMember) throw new ApiError("你不是这个房间的成员", 403);
+  await requireMembership(roomId, userId);

  const [poolCount, myIdeas, drawn] = await Promise.all([
    prisma.blindBoxIdea.count({
@@ -58,7 +55,7 @@ export const GET = apiHandler(async (req) => {
 export const PUT = apiHandler(async (req) => {
  const { ideaId, userId, content } = await req.json();

-  if (!userId) throw new ApiError("请先登录", 401);
+  requireUserId(userId);
  if (!ideaId) throw new ApiError("缺少 ideaId");
  if (!content || typeof content !== "string" || content.trim().length === 0) {
    throw new ApiError("内容不能为空");
@@ -81,7 +78,7 @@ export const PUT = apiHandler(async (req) => {
 export const DELETE = apiHandler(async (req) => {
  const { ideaId, userId } = await req.json();

-  if (!userId) throw new ApiError("请先登录", 401);
+  requireUserId(userId);
  if (!ideaId) throw new ApiError("缺少 ideaId");

  const idea = await prisma.blindBoxIdea.findUnique({ where: { id: ideaId } });