kurihada
ce76980fe5
- 新增 JWT httpOnly cookie 认证链路 (jose),登录/注册签发 token, 所有用户和盲盒 API 改为从 cookie 提取 userId,不再信任客户端传值 - 新增 /api/auth/logout 端点清除认证 cookie - GET /api/user 区分 owner/非 owner,非 owner 不暴露 email - atomicUpdateRoom 新增 per-room 应用层互斥锁,防止 SQLite 下并发 lost update - 修复 getRoomData 中 fire-and-forget delete 改为 await - 37 个静默 catch 块跨 17 个文件添加 console.error 日志 - 新增 REFACTOR_PLAN.md 全景分析文档
43 lines
1.2 KiB
TypeScript
43 lines
1.2 KiB
TypeScript
import { NextResponse } from "next/server";
|
|
import { prisma } from "@/lib/prisma";
|
|
import { Prisma } from "@prisma/client";
|
|
import bcrypt from "bcryptjs";
|
|
import { apiHandler, ApiError } from "@/lib/api";
|
|
import { validateUsername, validatePassword } from "@/lib/validation";
|
|
import { signToken, setAuthCookie } from "@/lib/auth";
|
|
|
|
export const POST = apiHandler(async (req) => {
|
|
const { username, password, avatar } = await req.json();
|
|
|
|
if (!username || !password) throw new ApiError("用户名和密码为必填项");
|
|
|
|
const trimmedUsername = validateUsername(username);
|
|
validatePassword(password);
|
|
|
|
const passwordHash = await bcrypt.hash(password, 10);
|
|
|
|
try {
|
|
const user = await prisma.user.create({
|
|
data: {
|
|
username: trimmedUsername,
|
|
passwordHash,
|
|
avatar: avatar || "🐱",
|
|
},
|
|
});
|
|
|
|
const token = await signToken(user.id);
|
|
const res = NextResponse.json({
|
|
id: user.id,
|
|
username: user.username,
|
|
avatar: user.avatar,
|
|
});
|
|
|
|
return setAuthCookie(res, token);
|
|
} catch (e) {
|
|
if (e instanceof Prisma.PrismaClientKnownRequestError && e.code === "P2002") {
|
|
throw new ApiError("用户名已被注册", 409);
|
|
}
|
|
throw e;
|
|
}
|
|
});
|