kurihada/no-whatever
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: 提取 requireUserId/requireUser/requireMembership 校验工具

Browse Source 
- 新增 requireUserId:统一 14 处 userId 非空校验,返回 401
- 新增 requireUser:统一 4 处用户存在性检查,返回 404
- validateMembership 升级为 requireMembership,直接抛 403
- 混合校验拆分为 auth(401) + 字段(400),状态码更准确
This commit is contained in:
kurihada
2026-02-26 18:17:17 +08:00
parent 0595887480
commit 19edcaeeb5
15 changed files with 67 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/app/api/user/favorite/route.ts
+6 -5
View File
@@ -1,6 +1,6 @@
import { NextResponse } from "next/server";
import { prisma } from "@/lib/prisma";
import { apiHandler, ApiError } from "@/lib/api";
import { apiHandler, ApiError, requireUserId, requireUser } from "@/lib/api";
export const GET = apiHandler(async (req) => {
const userId = req.nextUrl.searchParams.get("userId");
@@ -24,10 +24,10 @@ export const GET = apiHandler(async (req) => {
export const POST = apiHandler(async (req) => {
const { userId, restaurant } = await req.json();
if (!userId || !restaurant) throw new ApiError("缺少必要字段");
requireUserId(userId);
if (!restaurant) throw new ApiError("缺少必要字段");
const user = await prisma.user.findUnique({ where: { id: userId } });
if (!user) throw new ApiError("请先设置个人资料", 404);
await requireUser(userId);
const existing = await prisma.favorite.findFirst({
where: {
@@ -53,7 +53,8 @@ export const POST = apiHandler(async (req) => {
export const DELETE = apiHandler(async (req) => {
const { userId, favoriteId } = await req.json();
if (!userId || !favoriteId) throw new ApiError("缺少必要字段");
requireUserId(userId);
if (!favoriteId) throw new ApiError("缺少必要字段");
const fav = await prisma.favorite.findUnique({ where: { id: favoriteId } });
if (!fav || fav.userId !== userId) throw new ApiError("收藏不存在", 404);
src/app/api/user/history/route.ts
+4 -4
View File
@@ -1,6 +1,6 @@
import { NextResponse } from "next/server";
import { prisma } from "@/lib/prisma";
import { apiHandler, ApiError } from "@/lib/api";
import { apiHandler, ApiError, requireUserId, requireUser } from "@/lib/api";
const MAX_HISTORY = 50;
@@ -31,12 +31,12 @@ export const POST = apiHandler(async (req) => {
const { userId, roomId, restaurant, matchType, participants } =
await req.json();
if (!userId || !roomId || !restaurant || !matchType) {
requireUserId(userId);
if (!roomId || !restaurant || !matchType) {
throw new ApiError("缺少必要字段");
}
const user = await prisma.user.findUnique({ where: { id: userId } });
if (!user) throw new ApiError("用户未注册", 404);
await requireUser(userId);
const existing = await prisma.decision.findFirst({
where: { userId, roomId },
src/app/api/user/route.ts
+3 -5
View File
@@ -1,7 +1,7 @@
import { NextResponse } from "next/server";
import { prisma } from "@/lib/prisma";
import bcrypt from "bcryptjs";
import { apiHandler, ApiError } from "@/lib/api";
import { apiHandler, ApiError, requireUserId, requireUser } from "@/lib/api";
export const GET = apiHandler(async (req) => {
const userId = req.nextUrl.searchParams.get("id");
@@ -27,10 +27,8 @@ export const PUT = apiHandler(async (req) => {
const body = await req.json();
const { userId } = body;
if (!userId) throw new ApiError("缺少用户 ID");
const existing = await prisma.user.findUnique({ where: { id: userId } });
if (!existing) throw new ApiError("用户不存在", 404);
requireUserId(userId);
const existing = await requireUser(userId);
const updateData: Record<string, unknown> = {};