package routers import ( "crypto/md5" "fmt" "main/configs" "main/models" "main/utils" "net/http" "github.com/google/uuid" "github.com/gorilla/mux" ) // 用戶列表 func UsersGet(w http.ResponseWriter, r *http.Request) { var listview models.ListView listview.Page = utils.ParamInt(r.URL.Query().Get("page"), 1) listview.PageSize = utils.ParamInt(r.URL.Query().Get("pageSize"), 10) var user_list []models.User db := configs.ORMDB() db.Offset((listview.Page - 1) * listview.PageSize).Limit(listview.PageSize).Find(&user_list) for _, user := range user_list { listview.List = append(listview.List, user) } db.Model(&models.User{}).Count(&listview.Total) listview.Next = listview.Page*listview.PageSize < int(listview.Total) listview.WriteJSON(w) } // 創建用戶 func UsersPost(w http.ResponseWriter, r *http.Request) { var form map[string]interface{} = utils.BodyRead(r) if form["name"] == nil || form["email"] == nil || form["password"] == nil { w.WriteHeader(http.StatusBadRequest) w.Write([]byte("400 - name, email, password cannot be empty")) return } // 創建用戶 var slat string = uuid.New().String() var user models.User = models.User{ Name: form["name"].(string), Email: form["email"].(string), Password: fmt.Sprintf("%x", md5.Sum([]byte(form["password"].(string)+slat))), Slat: slat, } // 檢查郵箱是否已經存在, 郵箱不能重複 var count int64 configs.ORMDB().Model(&models.User{}).Where("email = ?", user.Email).Count(&count) if count > 0 { w.WriteHeader(http.StatusBadRequest) w.Write([]byte("400 - email already exists")) return } // 檢查用戶名是否已經存在, 用戶名不能重複 configs.ORMDB().Model(&models.User{}).Where("name = ?", user.Name).Count(&count) if count > 0 { w.WriteHeader(http.StatusBadRequest) w.Write([]byte("400 - name already exists")) return } // 寫入數據庫 if err := configs.ORMDB().Create(&user).Error; err != nil { w.WriteHeader(http.StatusBadRequest) w.Write([]byte("400 - " + err.Error())) return } // 如果是第一個用戶, 設置為管理員 if user.ID == 1 { user.Admin = true configs.ORMDB().Save(&user) } // 返回信息 w.Header().Set("Content-Type", "application/json; charset=utf-8") w.Write(utils.ToJSON(user)) } // 獲取用戶 func UsersItemGet(w http.ResponseWriter, r *http.Request) { user := models.User{ID: utils.ParamInt(mux.Vars(r)["id"], 0)} if err := configs.ORMDB().First(&user).Error; err != nil { w.WriteHeader(http.StatusNotFound) w.Write([]byte("404 - " + err.Error())) return } w.Header().Set("Content-Type", "application/json; charset=utf-8") w.Write(utils.ToJSON(user)) } // 更新用戶 func UsersItemPatch(w http.ResponseWriter, r *http.Request) { models.AccountRead(w, r, func(account *models.Account) { var form map[string]interface{} = utils.BodyRead(r) var user models.User = models.User{ID: utils.ParamInt(mux.Vars(r)["id"], 0)} configs.ORMDB().First(&user) // 只有自己的賬戶或是管理員才能更新用戶信息 if account.ID != user.ID && !account.Admin { w.WriteHeader(http.StatusForbidden) w.Write([]byte("403 - Forbidden")) return } // 用戶不能修改管理員權限, 管理員不能修改自己的管理員權限 if account.ID == user.ID || !account.Admin { delete(form, "admin") } if name, ok := form["name"].(string); ok { user.Name = name } if email, ok := form["email"].(string); ok { user.Email = email } if password, ok := form["password"].(string); ok { user.Slat = uuid.New().String() user.Password = fmt.Sprintf("%x", md5.Sum([]byte(password+user.Slat))) } if admin, ok := form["admin"].(bool); ok { user.Admin = admin } configs.ORMDB().Save(&user) w.Header().Set("Content-Type", "application/json; charset=utf-8") w.Write(utils.ToJSON(user)) }) } // 刪除用戶 func UsersItemDelete(w http.ResponseWriter, r *http.Request) { models.AccountRead(w, r, func(account *models.Account) { var user models.User = models.User{ID: utils.ParamInt(mux.Vars(r)["id"], 0)} // 獲取用戶 if err := configs.ORMDB().First(&user).Error; err != nil { w.WriteHeader(http.StatusNotFound) w.Write([]byte("404 - " + err.Error())) return } // 只有自己的賬戶或是管理員才能刪除用戶 if account.ID != user.ID && !account.Admin { w.WriteHeader(http.StatusForbidden) w.Write([]byte("403 - 只有自己的賬戶或是管理員才能刪除用戶")) return } // 管理員不能刪除自己 if account.ID == user.ID && account.Admin { w.WriteHeader(http.StatusForbidden) w.Write([]byte("403 - 管理員不能刪除自己")) return } configs.ORMDB().Delete(&user) w.Header().Set("Content-Type", "application/json; charset=utf-8") w.Write(utils.ToJSON(user)) }) }