ChoChoX/backmanager-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

done

Browse Source
This commit is contained in:
ChoChoX
2026-06-22 20:48:29 +08:00
parent 48af2df4e2
commit e00eb2c1f8
9 changed files with 1765 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

200
routes/afterSales.js Normal file
View File

@@ -0,0 +1,200 @@
// routes/afterSales.js —— 售后管理 CRUD
const { pool } = require('../db')
function pagination(query) {
const page = Math.max(Number(query.page) || 1, 1)
const pageSize = Math.min(Math.max(Number(query.pageSize) || 10, 1), 100)
const offset = (page - 1) * pageSize
return { page, pageSize, offset }
}
const LIST_SELECT = `
SELECT
a.*,
cu.name AS customer_name,
e.name AS employee_name
FROM after_sales a
LEFT JOIN customers cu ON a.customer_id = cu.id
LEFT JOIN employees e ON a.employee_id = e.id
`
// GET /api/after-sales —— 列表
async function list(req, res) {
try {
const { page, pageSize, offset } = pagination(req.query)
const { handle_status, customer_name } = req.query
let where = 'WHERE 1=1'
const params = []
if (handle_status) {
where += ' AND a.handle_status = ?'
params.push(handle_status)
}
if (customer_name) {
where += ' AND cu.name LIKE ?'
params.push(`%${customer_name}%`)
}
const [[{ total }]] = await pool.query(
`SELECT COUNT(*) AS total FROM after_sales a
LEFT JOIN customers cu ON a.customer_id = cu.id
LEFT JOIN employees e ON a.employee_id = e.id
${where}`,
params
)
const [rows] = await pool.query(
`${LIST_SELECT} ${where} ORDER BY a.id DESC LIMIT ? OFFSET ?`,
[...params, pageSize, offset]
)
res.json({
code: 0,
message: 'ok',
data: {
list: rows,
total,
page,
pageSize,
totalPages: Math.ceil(total / pageSize),
},
})
} catch (e) {
console.error('[after-sales list] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// GET /api/after-sales/:id —— 详情
async function detail(req, res) {
try {
const [rows] = await pool.query(
`${LIST_SELECT} WHERE a.id = ?`,
[req.params.id]
)
if (rows.length === 0) {
return res.status(404).json({ code: 404, message: '售后记录不存在' })
}
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[after-sales detail] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// POST /api/after-sales —— 新增
async function create(req, res) {
const {
customer_id, feedback, employee_id, handle_method,
handle_status, service_date, remark,
} = req.body || {}
if (!customer_id) {
return res.status(400).json({ code: 400, message: '客户ID必填' })
}
if (!feedback) {
return res.status(400).json({ code: 400, message: '售后反馈内容必填' })
}
try {
// 校验客户存在
const [cust] = await pool.query('SELECT id FROM customers WHERE id = ?', [customer_id])
if (cust.length === 0) {
return res.status(400).json({ code: 400, message: '关联客户不存在' })
}
// 校验业务员
if (employee_id) {
const [emp] = await pool.query('SELECT id FROM employees WHERE id = ?', [employee_id])
if (emp.length === 0) {
return res.status(400).json({ code: 400, message: '关联业务员不存在' })
}
}
const [result] = await pool.query(
`INSERT INTO after_sales
(customer_id, feedback, employee_id, handle_method, handle_status, service_date, remark)
VALUES (?, ?, ?, ?, ?, ?, ?)`,
[customer_id, feedback,
employee_id || null,
handle_method || null,
handle_status || '待处理',
service_date || null,
remark || null]
)
const [rows] = await pool.query(`${LIST_SELECT} WHERE a.id = ?`, [result.insertId])
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[after-sales create] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// PUT /api/after-sales/:id —— 更新
async function update(req, res) {
const { id } = req.params
const fields = [
'customer_id', 'feedback', 'employee_id', 'handle_method',
'handle_status', 'service_date', 'remark',
]
try {
const [existing] = await pool.query('SELECT id FROM after_sales WHERE id = ?', [id])
if (existing.length === 0) {
return res.status(404).json({ code: 404, message: '售后记录不存在' })
}
if (req.body.customer_id) {
const [cust] = await pool.query('SELECT id FROM customers WHERE id = ?', [req.body.customer_id])
if (cust.length === 0) {
return res.status(400).json({ code: 400, message: '关联客户不存在' })
}
}
if (req.body.employee_id) {
const [emp] = await pool.query('SELECT id FROM employees WHERE id = ?', [req.body.employee_id])
if (emp.length === 0) {
return res.status(400).json({ code: 400, message: '关联业务员不存在' })
}
}
const sets = []
const params = []
for (const f of fields) {
if (req.body[f] !== undefined) {
sets.push(`${f} = ?`)
params.push(req.body[f])
}
}
if (sets.length === 0) {
return res.status(400).json({ code: 400, message: '没有需要更新的字段' })
}
params.push(id)
await pool.query(`UPDATE after_sales SET ${sets.join(', ')} WHERE id = ?`, params)
const [rows] = await pool.query(`${LIST_SELECT} WHERE a.id = ?`, [id])
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[after-sales update] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// DELETE /api/after-sales/:id —— 删除
async function remove(req, res) {
const { id } = req.params
try {
const [existing] = await pool.query('SELECT id FROM after_sales WHERE id = ?', [id])
if (existing.length === 0) {
return res.status(404).json({ code: 404, message: '售后记录不存在' })
}
await pool.query('DELETE FROM after_sales WHERE id = ?', [id])
res.json({ code: 0, message: 'ok' })
} catch (e) {
console.error('[after-sales delete] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
module.exports = { list, detail, create, update, remove }

220
routes/contracts.js Normal file
View File

@@ -0,0 +1,220 @@
// routes/contracts.js —— 合同管理 CRUD
const { pool } = require('../db')
function pagination(query) {
const page = Math.max(Number(query.page) || 1, 1)
const pageSize = Math.min(Math.max(Number(query.pageSize) || 10, 1), 100)
const offset = (page - 1) * pageSize
return { page, pageSize, offset }
}
// 列表查询时 JOIN 客户名和员工名
const LIST_SELECT = `
SELECT
c.*,
cu.name AS customer_name,
e.name AS employee_name
FROM contracts c
LEFT JOIN customers cu ON c.customer_id = cu.id
LEFT JOIN employees e ON c.employee_id = e.id
`
// 单条查询时用同样的 JOIN
const DETAIL_SELECT = LIST_SELECT
// GET /api/contracts —— 列表
async function list(req, res) {
try {
const { page, pageSize, offset } = pagination(req.query)
const { status, customer_name, contract_no, employee_name } = req.query
let where = 'WHERE 1=1'
const params = []
if (status) {
where += ' AND c.status = ?'
params.push(status)
}
if (customer_name) {
where += ' AND cu.name LIKE ?'
params.push(`%${customer_name}%`)
}
if (contract_no) {
where += ' AND c.contract_no LIKE ?'
params.push(`%${contract_no}%`)
}
if (employee_name) {
where += ' AND e.name LIKE ?'
params.push(`%${employee_name}%`)
}
const [[{ total }]] = await pool.query(
`SELECT COUNT(*) AS total FROM contracts c
LEFT JOIN customers cu ON c.customer_id = cu.id
LEFT JOIN employees e ON c.employee_id = e.id
${where}`,
params
)
const [rows] = await pool.query(
`${LIST_SELECT} ${where} ORDER BY c.id DESC LIMIT ? OFFSET ?`,
[...params, pageSize, offset]
)
res.json({
code: 0,
message: 'ok',
data: {
list: rows,
total,
page,
pageSize,
totalPages: Math.ceil(total / pageSize),
},
})
} catch (e) {
console.error('[contracts list] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// GET /api/contracts/:id —— 详情
async function detail(req, res) {
try {
const [rows] = await pool.query(
`${DETAIL_SELECT} WHERE c.id = ?`,
[req.params.id]
)
if (rows.length === 0) {
return res.status(404).json({ code: 404, message: '合同不存在' })
}
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[contracts detail] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// POST /api/contracts —— 新增
async function create(req, res) {
const {
customer_id, contract_name, contract_no, contract_content,
amount, effective_date, expiry_date, employee_id, status, remark,
} = req.body || {}
if (!customer_id) {
return res.status(400).json({ code: 400, message: '客户ID必填' })
}
if (!contract_name) {
return res.status(400).json({ code: 400, message: '合同名称必填' })
}
try {
// 校验客户是否存在
const [cust] = await pool.query('SELECT id FROM customers WHERE id = ?', [customer_id])
if (cust.length === 0) {
return res.status(400).json({ code: 400, message: '关联客户不存在' })
}
// 校验业务员(如果填了)
if (employee_id) {
const [emp] = await pool.query('SELECT id FROM employees WHERE id = ?', [employee_id])
if (emp.length === 0) {
return res.status(400).json({ code: 400, message: '关联业务员不存在' })
}
}
const [result] = await pool.query(
`INSERT INTO contracts
(customer_id, contract_name, contract_no, contract_content, amount, effective_date, expiry_date, employee_id, status, remark)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
[customer_id, contract_name,
contract_no || null,
contract_content || null,
amount !== undefined ? amount : null,
effective_date || null,
expiry_date || null,
employee_id || null,
status || '生效',
remark || null]
)
const [rows] = await pool.query(`${DETAIL_SELECT} WHERE c.id = ?`, [result.insertId])
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[contracts create] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// PUT /api/contracts/:id —— 更新
async function update(req, res) {
const { id } = req.params
const fields = [
'customer_id', 'contract_name', 'contract_no', 'contract_content',
'amount', 'effective_date', 'expiry_date', 'employee_id', 'status', 'remark',
]
try {
const [existing] = await pool.query('SELECT id FROM contracts WHERE id = ?', [id])
if (existing.length === 0) {
return res.status(404).json({ code: 404, message: '合同不存在' })
}
// 如果更新了 customer_id 或 employee_id需要校验
if (req.body.customer_id) {
const [cust] = await pool.query('SELECT id FROM customers WHERE id = ?', [req.body.customer_id])
if (cust.length === 0) {
return res.status(400).json({ code: 400, message: '关联客户不存在' })
}
}
if (req.body.employee_id) {
const [emp] = await pool.query('SELECT id FROM employees WHERE id = ?', [req.body.employee_id])
if (emp.length === 0) {
return res.status(400).json({ code: 400, message: '关联业务员不存在' })
}
}
const sets = []
const params = []
for (const f of fields) {
if (req.body[f] !== undefined) {
sets.push(`${f} = ?`)
params.push(req.body[f])
}
}
if (sets.length === 0) {
return res.status(400).json({ code: 400, message: '没有需要更新的字段' })
}
params.push(id)
await pool.query(`UPDATE contracts SET ${sets.join(', ')} WHERE id = ?`, params)
const [rows] = await pool.query(`${DETAIL_SELECT} WHERE c.id = ?`, [id])
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[contracts update] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// DELETE /api/contracts/:id —— 删除
async function remove(req, res) {
const { id } = req.params
try {
const [existing] = await pool.query('SELECT id FROM contracts WHERE id = ?', [id])
if (existing.length === 0) {
return res.status(404).json({ code: 404, message: '合同不存在' })
}
await pool.query('DELETE FROM contracts WHERE id = ?', [id])
res.json({ code: 0, message: 'ok' })
} catch (e) {
console.error('[contracts delete] error:', e)
// 如果因为外键约束customer_id 被 after_sales 引用)导致删除失败
if (e.code === 'ER_ROW_IS_REFERENCED_2') {
return res.status(400).json({ code: 400, message: '该合同关联了售后记录,无法删除' })
}
res.status(500).json({ code: 500, message: e.message })
}
}
module.exports = { list, detail, create, update, remove }

166
routes/customers.js Normal file
View File

@@ -0,0 +1,166 @@
// routes/customers.js —— 客户管理 CRUD
const { pool } = require('../db')
// 提取分页参数
function pagination(query) {
const page = Math.max(Number(query.page) || 1, 1)
const pageSize = Math.min(Math.max(Number(query.pageSize) || 10, 1), 100)
const offset = (page - 1) * pageSize
return { page, pageSize, offset }
}
// GET /api/customers —— 列表(支持搜索、分页)
async function list(req, res) {
try {
const { page, pageSize, offset } = pagination(req.query)
const { name, phone, province, city, customer_type } = req.query
let where = 'WHERE 1=1'
const params = []
if (name) {
where += ' AND name LIKE ?'
params.push(`%${name}%`)
}
if (phone) {
where += ' AND phone LIKE ?'
params.push(`%${phone}%`)
}
if (province) {
where += ' AND province = ?'
params.push(province)
}
if (city) {
where += ' AND city = ?'
params.push(city)
}
if (customer_type) {
where += ' AND customer_type = ?'
params.push(customer_type)
}
// 查总数
const [[{ total }]] = await pool.query(
`SELECT COUNT(*) AS total FROM customers ${where}`,
params
)
// 查分页数据
const [rows] = await pool.query(
`SELECT * FROM customers ${where} ORDER BY id DESC LIMIT ? OFFSET ?`,
[...params, pageSize, offset]
)
res.json({
code: 0,
message: 'ok',
data: {
list: rows,
total,
page,
pageSize,
totalPages: Math.ceil(total / pageSize),
},
})
} catch (e) {
console.error('[customers list] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// GET /api/customers/:id —— 详情
async function detail(req, res) {
try {
const [rows] = await pool.query('SELECT * FROM customers WHERE id = ?', [req.params.id])
if (rows.length === 0) {
return res.status(404).json({ code: 404, message: '客户不存在' })
}
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[customers detail] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// POST /api/customers —— 新增
async function create(req, res) {
const {
name, phone, province, city, district,
address, customer_type, email, remark,
} = req.body || {}
if (!name) {
return res.status(400).json({ code: 400, message: '客户姓名必填' })
}
try {
const [result] = await pool.query(
`INSERT INTO customers (name, phone, province, city, district, address, customer_type, email, remark)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`,
[name, phone || null, province || null, city || null, district || null,
address || null, customer_type || 'Normal', email || null, remark || null]
)
const [rows] = await pool.query('SELECT * FROM customers WHERE id = ?', [result.insertId])
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[customers create] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// PUT /api/customers/:id —— 更新
async function update(req, res) {
const { id } = req.params
const fields = [
'name', 'phone', 'province', 'city', 'district',
'address', 'customer_type', 'email', 'remark',
]
try {
// 先确认记录存在
const [existing] = await pool.query('SELECT id FROM customers WHERE id = ?', [id])
if (existing.length === 0) {
return res.status(404).json({ code: 404, message: '客户不存在' })
}
// 动态构建 SET 子句(只更新传入的字段)
const sets = []
const params = []
for (const f of fields) {
if (req.body[f] !== undefined) {
sets.push(`${f} = ?`)
params.push(req.body[f])
}
}
if (sets.length === 0) {
return res.status(400).json({ code: 400, message: '没有需要更新的字段' })
}
params.push(id)
await pool.query(`UPDATE customers SET ${sets.join(', ')} WHERE id = ?`, params)
const [rows] = await pool.query('SELECT * FROM customers WHERE id = ?', [id])
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[customers update] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// DELETE /api/customers/:id —— 删除
async function remove(req, res) {
const { id } = req.params
try {
const [existing] = await pool.query('SELECT id FROM customers WHERE id = ?', [id])
if (existing.length === 0) {
return res.status(404).json({ code: 404, message: '客户不存在' })
}
await pool.query('DELETE FROM customers WHERE id = ?', [id])
res.json({ code: 0, message: 'ok' })
} catch (e) {
console.error('[customers delete] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
module.exports = { list, detail, create, update, remove }

163
routes/employees.js Normal file
View File

@@ -0,0 +1,163 @@
// routes/employees.js —— 员工管理 CRUD
const { pool } = require('../db')
function pagination(query) {
const page = Math.max(Number(query.page) || 1, 1)
const pageSize = Math.min(Math.max(Number(query.pageSize) || 10, 1), 100)
const offset = (page - 1) * pageSize
return { page, pageSize, offset }
}
// GET /api/employees —— 列表
async function list(req, res) {
try {
const { page, pageSize, offset } = pagination(req.query)
const { name, department, status } = req.query
let where = 'WHERE 1=1'
const params = []
if (name) {
where += ' AND name LIKE ?'
params.push(`%${name}%`)
}
if (department) {
where += ' AND department LIKE ?'
params.push(`%${department}%`)
}
if (status !== undefined && status !== '') {
where += ' AND status = ?'
params.push(Number(status))
}
const [[{ total }]] = await pool.query(
`SELECT COUNT(*) AS total FROM employees ${where}`,
params
)
const [rows] = await pool.query(
`SELECT * FROM employees ${where} ORDER BY id DESC LIMIT ? OFFSET ?`,
[...params, pageSize, offset]
)
res.json({
code: 0,
message: 'ok',
data: {
list: rows,
total,
page,
pageSize,
totalPages: Math.ceil(total / pageSize),
},
})
} catch (e) {
console.error('[employees list] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// GET /api/employees/:id —— 详情
async function detail(req, res) {
try {
const [rows] = await pool.query('SELECT * FROM employees WHERE id = ?', [req.params.id])
if (rows.length === 0) {
return res.status(404).json({ code: 404, message: '员工不存在' })
}
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[employees detail] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// POST /api/employees —— 新增
async function create(req, res) {
const {
name, gender, age, education, department,
entry_date, position, salary, phone, email, status, remark,
} = req.body || {}
if (!name) {
return res.status(400).json({ code: 400, message: '员工姓名必填' })
}
try {
const [result] = await pool.query(
`INSERT INTO employees (name, gender, age, education, department, entry_date, position, salary, phone, email, status, remark)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
[name,
gender || null,
age !== undefined ? age : null,
education || null,
department || null,
entry_date || null,
position || null,
salary !== undefined ? salary : null,
phone || null,
email || null,
status !== undefined ? status : 1,
remark || null]
)
const [rows] = await pool.query('SELECT * FROM employees WHERE id = ?', [result.insertId])
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[employees create] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// PUT /api/employees/:id —— 更新
async function update(req, res) {
const { id } = req.params
const fields = [
'name', 'gender', 'age', 'education', 'department',
'entry_date', 'position', 'salary', 'phone', 'email', 'status', 'remark',
]
try {
const [existing] = await pool.query('SELECT id FROM employees WHERE id = ?', [id])
if (existing.length === 0) {
return res.status(404).json({ code: 404, message: '员工不存在' })
}
const sets = []
const params = []
for (const f of fields) {
if (req.body[f] !== undefined) {
sets.push(`${f} = ?`)
params.push(req.body[f])
}
}
if (sets.length === 0) {
return res.status(400).json({ code: 400, message: '没有需要更新的字段' })
}
params.push(id)
await pool.query(`UPDATE employees SET ${sets.join(', ')} WHERE id = ?`, params)
const [rows] = await pool.query('SELECT * FROM employees WHERE id = ?', [id])
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[employees update] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// DELETE /api/employees/:id —— 删除
async function remove(req, res) {
const { id } = req.params
try {
const [existing] = await pool.query('SELECT id FROM employees WHERE id = ?', [id])
if (existing.length === 0) {
return res.status(404).json({ code: 404, message: '员工不存在' })
}
await pool.query('DELETE FROM employees WHERE id = ?', [id])
res.json({ code: 0, message: 'ok' })
} catch (e) {
console.error('[employees delete] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
module.exports = { list, detail, create, update, remove }

157
routes/products.js Normal file
View File

@@ -0,0 +1,157 @@
// routes/products.js —— 产品管理 CRUD
const { pool } = require('../db')
function pagination(query) {
const page = Math.max(Number(query.page) || 1, 1)
const pageSize = Math.min(Math.max(Number(query.pageSize) || 10, 1), 100)
const offset = (page - 1) * pageSize
return { page, pageSize, offset }
}
// GET /api/products —— 列表
async function list(req, res) {
try {
const { page, pageSize, offset } = pagination(req.query)
const { name, type, supplier } = req.query
let where = 'WHERE 1=1'
const params = []
if (name) {
where += ' AND name LIKE ?'
params.push(`%${name}%`)
}
if (type) {
where += ' AND type LIKE ?'
params.push(`%${type}%`)
}
if (supplier) {
where += ' AND supplier LIKE ?'
params.push(`%${supplier}%`)
}
const [[{ total }]] = await pool.query(
`SELECT COUNT(*) AS total FROM products ${where}`,
params
)
const [rows] = await pool.query(
`SELECT * FROM products ${where} ORDER BY id DESC LIMIT ? OFFSET ?`,
[...params, pageSize, offset]
)
res.json({
code: 0,
message: 'ok',
data: {
list: rows,
total,
page,
pageSize,
totalPages: Math.ceil(total / pageSize),
},
})
} catch (e) {
console.error('[products list] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// GET /api/products/:id —— 详情
async function detail(req, res) {
try {
const [rows] = await pool.query('SELECT * FROM products WHERE id = ?', [req.params.id])
if (rows.length === 0) {
return res.status(404).json({ code: 404, message: '产品不存在' })
}
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[products detail] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// POST /api/products —— 新增
async function create(req, res) {
const {
name, type, quantity, price, unit, specification, supplier, remark,
} = req.body || {}
if (!name) {
return res.status(400).json({ code: 400, message: '产品名称必填' })
}
try {
const [result] = await pool.query(
`INSERT INTO products (name, type, quantity, price, unit, specification, supplier, remark)
VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
[name,
type || null,
quantity !== undefined ? quantity : 0,
price !== undefined ? price : 0.00,
unit || '件',
specification || null,
supplier || null,
remark || null]
)
const [rows] = await pool.query('SELECT * FROM products WHERE id = ?', [result.insertId])
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[products create] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// PUT /api/products/:id —— 更新
async function update(req, res) {
const { id } = req.params
const fields = [
'name', 'type', 'quantity', 'price', 'unit', 'specification', 'supplier', 'remark',
]
try {
const [existing] = await pool.query('SELECT id FROM products WHERE id = ?', [id])
if (existing.length === 0) {
return res.status(404).json({ code: 404, message: '产品不存在' })
}
const sets = []
const params = []
for (const f of fields) {
if (req.body[f] !== undefined) {
sets.push(`${f} = ?`)
params.push(req.body[f])
}
}
if (sets.length === 0) {
return res.status(400).json({ code: 400, message: '没有需要更新的字段' })
}
params.push(id)
await pool.query(`UPDATE products SET ${sets.join(', ')} WHERE id = ?`, params)
const [rows] = await pool.query('SELECT * FROM products WHERE id = ?', [id])
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[products update] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// DELETE /api/products/:id —— 删除
async function remove(req, res) {
const { id } = req.params
try {
const [existing] = await pool.query('SELECT id FROM products WHERE id = ?', [id])
if (existing.length === 0) {
return res.status(404).json({ code: 404, message: '产品不存在' })
}
await pool.query('DELETE FROM products WHERE id = ?', [id])
res.json({ code: 0, message: 'ok' })
} catch (e) {
console.error('[products delete] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
module.exports = { list, detail, create, update, remove }

322
routes/users.js Normal file
View File

@@ -0,0 +1,322 @@
// routes/users.js —— 用户登录 / 信息 / CRUD
const jwt = require('jsonwebtoken')
const bcrypt = require('bcryptjs')
const { pool } = require('../db')
// 安全字段:不返回密码哈希
const SAFE_FIELDS = 'id, username, real_name, role, status, created_at, updated_at'
function pagination(query) {
const page = Math.max(Number(query.page) || 1, 1)
const pageSize = Math.min(Math.max(Number(query.pageSize) || 10, 1), 100)
const offset = (page - 1) * pageSize
return { page, pageSize, offset }
}
// ========== 登录 / 登出 / 个人信息 ==========
// POST /api/user/login —— 登录(无需 token
async function login(req, res) {
const { username, password } = req.body || {}
if (!username || !password) {
return res.status(400).json({ code: 400, message: '用户名和密码必填' })
}
try {
const [rows] = await pool.query(
'SELECT id, username, password, real_name, role, status FROM users WHERE username = ?',
[username]
)
// 用户不存在或密码错,统一提示避免枚举
if (rows.length === 0) {
return res.status(400).json({ code: 400, message: '账号或密码错误' })
}
const user = rows[0]
// 检查账号是否被禁用
if (user.status === 0) {
return res.status(403).json({ code: 403, message: '账号已被禁用,请联系管理员' })
}
const ok = await bcrypt.compare(password, user.password)
if (!ok) {
return res.status(400).json({ code: 400, message: '账号或密码错误' })
}
const token = jwt.sign(
{ id: user.id, username: user.username, role: user.role },
process.env.JWT_SECRET,
{ expiresIn: process.env.JWT_EXPIRES_IN || '2h' }
)
res.status(200).json({
code: 200,
message: 'ok',
data: {
token,
userInfo: {
id: user.id,
username: user.username,
real_name: user.real_name,
role: user.role,
},
},
})
} catch (e) {
console.error('[login] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// GET /api/user/info —— 获取当前登录用户信息(需要 token
async function info(req, res) {
try {
const [rows] = await pool.query(
`SELECT ${SAFE_FIELDS} FROM users WHERE id = ?`,
[req.user.id]
)
if (rows.length === 0) {
return res.status(404).json({ code: 404, message: '用户不存在' })
}
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[info] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// POST /api/user/logout —— 登出(需要 token仅做应答
async function logout(req, res) {
res.json({ code: 0, message: 'ok' })
}
// PUT /api/user/password —— 当前用户修改自己的密码(需要 token
async function changePassword(req, res) {
const { oldPassword, newPassword } = req.body || {}
if (!oldPassword || !newPassword) {
return res.status(400).json({ code: 400, message: '旧密码和新密码必填' })
}
if (typeof newPassword !== 'string' || newPassword.length < 6) {
return res.status(400).json({ code: 400, message: '新密码至少 6 位' })
}
if (oldPassword === newPassword) {
return res.status(400).json({ code: 400, message: '新密码不能与旧密码相同' })
}
try {
const [rows] = await pool.query('SELECT password FROM users WHERE id = ?', [req.user.id])
if (rows.length === 0) {
return res.status(404).json({ code: 404, message: '用户不存在' })
}
const ok = await bcrypt.compare(oldPassword, rows[0].password)
if (!ok) {
return res.status(400).json({ code: 400, message: '旧密码错误' })
}
const hash = await bcrypt.hash(newPassword, 10)
await pool.query('UPDATE users SET password = ? WHERE id = ?', [hash, req.user.id])
res.json({ code: 0, message: '密码修改成功' })
} catch (e) {
console.error('[changePassword] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// ========== 用户管理 CRUD管理员 ==========
// GET /api/users —— 用户列表(管理员)
async function list(req, res) {
try {
const { page, pageSize, offset } = pagination(req.query)
const { username, role, status } = req.query
let where = 'WHERE 1=1'
const params = []
if (username) {
where += ' AND username LIKE ?'
params.push(`%${username}%`)
}
if (role) {
where += ' AND role = ?'
params.push(role)
}
if (status !== undefined && status !== '') {
where += ' AND status = ?'
params.push(Number(status))
}
const [[{ total }]] = await pool.query(
`SELECT COUNT(*) AS total FROM users ${where}`,
params
)
const [rows] = await pool.query(
`SELECT ${SAFE_FIELDS} FROM users ${where} ORDER BY id DESC LIMIT ? OFFSET ?`,
[...params, pageSize, offset]
)
res.json({
code: 0,
message: 'ok',
data: {
list: rows,
total,
page,
pageSize,
totalPages: Math.ceil(total / pageSize),
},
})
} catch (e) {
console.error('[users list] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// GET /api/users/:id —— 用户详情(管理员)
async function detail(req, res) {
try {
const [rows] = await pool.query(
`SELECT ${SAFE_FIELDS} FROM users WHERE id = ?`,
[req.params.id]
)
if (rows.length === 0) {
return res.status(404).json({ code: 404, message: '用户不存在' })
}
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
console.error('[users detail] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// POST /api/users —— 创建用户(管理员)
async function create(req, res) {
const { username, password, real_name = null, role = 'user', status = 1 } = req.body || {}
if (!username || !password) {
return res.status(400).json({ code: 400, message: '用户名和密码必填' })
}
if (typeof username !== 'string' || username.length < 3 || username.length > 50) {
return res.status(400).json({ code: 400, message: '用户名长度需在 3-50 之间' })
}
if (typeof password !== 'string' || password.length < 6) {
return res.status(400).json({ code: 400, message: '密码至少 6 位' })
}
if (!['admin', 'user'].includes(role)) {
return res.status(400).json({ code: 400, message: '角色只能为 admin 或 user' })
}
try {
const hash = await bcrypt.hash(password, 10)
const [result] = await pool.query(
'INSERT INTO users (username, password, real_name, role, status) VALUES (?, ?, ?, ?, ?)',
[username, hash, real_name, role, status]
)
const [rows] = await pool.query(
`SELECT ${SAFE_FIELDS} FROM users WHERE id = ?`,
[result.insertId]
)
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
if (e.code === 'ER_DUP_ENTRY') {
return res.status(409).json({ code: 409, message: '用户名已存在' })
}
console.error('[users create] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// PUT /api/users/:id —— 更新用户(管理员)
async function update(req, res) {
const { id } = req.params
const fields = ['username', 'real_name', 'role', 'status']
try {
const [existing] = await pool.query('SELECT id, role FROM users WHERE id = ?', [id])
if (existing.length === 0) {
return res.status(404).json({ code: 404, message: '用户不存在' })
}
const targetUser = existing[0]
// 不允许修改自己的角色或禁用自己
if (Number(id) === req.user.id) {
if (req.body.role !== undefined && req.body.role !== req.user.role) {
return res.status(400).json({ code: 400, message: '不能修改自己的角色' })
}
if (req.body.status === 0) {
return res.status(400).json({ code: 400, message: '不能禁用自己' })
}
}
const sets = []
const params = []
for (const f of fields) {
if (req.body[f] !== undefined) {
// role 字段只允许 admin / user
if (f === 'role' && !['admin', 'user'].includes(req.body[f])) {
return res.status(400).json({ code: 400, message: '角色只能为 admin 或 user' })
}
sets.push(`${f} = ?`)
params.push(req.body[f])
}
}
// 密码单独处理
if (req.body.password !== undefined) {
if (typeof req.body.password !== 'string' || req.body.password.length < 6) {
return res.status(400).json({ code: 400, message: '密码至少 6 位' })
}
const hash = await bcrypt.hash(req.body.password, 10)
sets.push('password = ?')
params.push(hash)
}
if (sets.length === 0) {
return res.status(400).json({ code: 400, message: '没有需要更新的字段' })
}
params.push(id)
await pool.query(`UPDATE users SET ${sets.join(', ')} WHERE id = ?`, params)
const [rows] = await pool.query(
`SELECT ${SAFE_FIELDS} FROM users WHERE id = ?`,
[id]
)
res.json({ code: 0, message: 'ok', data: rows[0] })
} catch (e) {
if (e.code === 'ER_DUP_ENTRY') {
return res.status(409).json({ code: 409, message: '用户名已存在' })
}
console.error('[users update] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
// DELETE /api/users/:id —— 删除用户(管理员)
async function remove(req, res) {
const { id } = req.params
try {
if (Number(id) === req.user.id) {
return res.status(400).json({ code: 400, message: '不能删除自己' })
}
const [existing] = await pool.query('SELECT id FROM users WHERE id = ?', [id])
if (existing.length === 0) {
return res.status(404).json({ code: 404, message: '用户不存在' })
}
await pool.query('DELETE FROM users WHERE id = ?', [id])
res.json({ code: 0, message: 'ok' })
} catch (e) {
console.error('[users delete] error:', e)
res.status(500).json({ code: 500, message: e.message })
}
}
module.exports = { login, info, logout, changePassword, list, detail, create, update, remove }