ai/routers/users.go

package routers

import (
	"crypto/md5"
	"fmt"
	"main/configs"
	"main/models"
	"main/utils"
	"net/http"

	"github.com/google/uuid"
	"github.com/gorilla/mux"
)

// 獲取用戶列表
func UsersGet(w http.ResponseWriter, r *http.Request) {
	var listview models.ListView
	listview.Page = utils.ParamInt(r.URL.Query().Get("page"), 1)
	listview.PageSize = utils.ParamInt(r.URL.Query().Get("pageSize"), 10)
	var user_list []models.User
	db := configs.ORMDB()
	db.Offset((listview.Page - 1) * listview.PageSize).Limit(listview.PageSize).Find(&user_list)
	for _, user := range user_list {
		listview.List = append(listview.List, user)
	}
	db.Model(&models.User{}).Count(&listview.Total)
	listview.Next = listview.Page*listview.PageSize < int(listview.Total)
	listview.WriteJSON(w)
}

// 創建用戶
func UsersPost(w http.ResponseWriter, r *http.Request) {
	var form map[string]interface{} = utils.BodyRead(r)
	if form["name"] == nil || form["email"] == nil || form["password"] == nil {
		w.WriteHeader(http.StatusBadRequest)
		w.Write([]byte("400 - name, email, password cannot be empty"))
		return
	}
	// 創建用戶
	var slat string = uuid.New().String()
	var user models.User = models.User{
		Name:     form["name"].(string),
		Email:    form["email"].(string),
		Password: fmt.Sprintf("%x", md5.Sum([]byte(form["password"].(string)+slat))),
		Slat:     slat,
	}
	// 檢查郵箱是否已經存在, 郵箱不能重複
	var count int64
	configs.ORMDB().Model(&models.User{}).Where("email = ?", user.Email).Count(&count)
	if count > 0 {
		w.WriteHeader(http.StatusBadRequest)
		w.Write([]byte("400 - email already exists"))
		return
	}
	// 檢查用戶名是否已經存在, 用戶名不能重複
	configs.ORMDB().Model(&models.User{}).Where("name = ?", user.Name).Count(&count)
	if count > 0 {
		w.WriteHeader(http.StatusBadRequest)
		w.Write([]byte("400 - name already exists"))
		return
	}
	// 寫入數據庫
	if err := configs.ORMDB().Create(&user).Error; err != nil {
		w.WriteHeader(http.StatusBadRequest)
		w.Write([]byte("400 - " + err.Error()))
		return
	}
	// 如果是第一個用戶, 設置為管理員
	if user.ID == 1 {
		user.Admin = true
		configs.ORMDB().Save(&user)
	}
	// 返回信息
	w.Header().Set("Content-Type", "application/json; charset=utf-8")
	w.Write(utils.ToJSON(user))
}

// 獲取用戶
func UsersItemGet(w http.ResponseWriter, r *http.Request) {
	user := models.User{ID: utils.ParamInt(mux.Vars(r)["id"], 0)}
	if err := configs.ORMDB().First(&user).Error; err != nil {
		w.WriteHeader(http.StatusNotFound)
		w.Write([]byte("404 - " + err.Error()))
		return
	}
	w.Header().Set("Content-Type", "application/json; charset=utf-8")
	w.Write(utils.ToJSON(user))
}

// 更新用戶
func UsersItemPatch(w http.ResponseWriter, r *http.Request) {
	models.AccountRead(w, r, func(account *models.Account) {
		var form map[string]interface{} = utils.BodyRead(r)
		var user models.User = models.User{ID: utils.ParamInt(mux.Vars(r)["id"], 0)}
		configs.ORMDB().First(&user)

		// 只有自己的賬戶或是管理員才能更新用戶信息
		if account.ID != user.ID && !account.Admin {
			w.WriteHeader(http.StatusForbidden)
			w.Write([]byte("403 - Forbidden"))
			return
		}
		// 用戶不能修改管理員權限, 管理員不能修改自己的管理員權限
		if account.ID == user.ID || !account.Admin {
			delete(form, "admin")
		}

		if name, ok := form["name"].(string); ok {
			user.Name = name
		}
		if email, ok := form["email"].(string); ok {
			user.Email = email
		}
		if password, ok := form["password"].(string); ok {
			user.Slat = uuid.New().String()
			user.Password = fmt.Sprintf("%x", md5.Sum([]byte(password+user.Slat)))
		}
		if admin, ok := form["admin"].(bool); ok {
			user.Admin = admin
		}

		configs.ORMDB().Save(&user)
		w.Header().Set("Content-Type", "application/json; charset=utf-8")
		w.Write(utils.ToJSON(user))
	})
}

// 刪除用戶
func UsersItemDelete(w http.ResponseWriter, r *http.Request) {
	models.AccountRead(w, r, func(account *models.Account) {
		var user models.User = models.User{ID: utils.ParamInt(mux.Vars(r)["id"], 0)}

		// 獲取用戶
		if err := configs.ORMDB().First(&user).Error; err != nil {
			w.WriteHeader(http.StatusNotFound)
			w.Write([]byte("404 - " + err.Error()))
			return
		}

		// 只有自己的賬戶或是管理員才能刪除用戶
		if account.ID != user.ID && !account.Admin {
			w.WriteHeader(http.StatusForbidden)
			w.Write([]byte("403 - 只有自己的賬戶或是管理員才能刪除用戶"))
			return
		}

		// 管理員不能刪除自己
		if account.ID == user.ID && account.Admin {
			w.WriteHeader(http.StatusForbidden)
			w.Write([]byte("403 - 管理員不能刪除自己"))
			return
		}

		configs.ORMDB().Delete(&user)
		w.Header().Set("Content-Type", "application/json; charset=utf-8")
		w.Write(utils.ToJSON(user))
	})
}