// server.js —— 启动服务 + 鉴权中间件 + 全部 CRUD 路由 require('dotenv').config() const express = require('express') const { pool, initDB } = require('./db') // 导入各模块路由 const users = require('./routes/users') const customers = require('./routes/customers') const employees = require('./routes/employees') const contracts = require('./routes/contracts') const afterSales = require('./routes/afterSales') const products = require('./routes/products') const app = express() app.use(express.json()) // 解析 application/json 请求体 // ============ 鉴权中间件 ============ function auth(req, res, next) { const header = req.headers.authorization || '' const token = header.replace(/^Bearer\s+/i, '') if (!token) { return res.status(401).json({ code: 401, message: '未登录' }) } try { const jwt = require('jsonwebtoken') req.user = jwt.verify(token, process.env.JWT_SECRET) next() } catch (e) { return res.status(401).json({ code: 401, message: 'token 无效或已过期' }) } } // ============ 管理员校验中间件 ============ function requireAdmin(req, res, next) { if (!req.user || req.user.role !== 'admin') { return res.status(403).json({ code: 403, message: '需要管理员权限' }) } next() } // ============ 登录/登出/个人信息 ============ app.post('/api/user/login', users.login) app.get('/api/user/info', auth, users.info) app.post('/api/user/logout', auth, users.logout) app.put('/api/user/password', auth, users.changePassword) // ============ 用户管理 CRUD(管理员)/api/users ============ app.get('/api/users', auth, requireAdmin, users.list) app.get('/api/users/:id', auth, requireAdmin, users.detail) app.post('/api/users', auth, requireAdmin, users.create) app.put('/api/users/:id', auth, requireAdmin, users.update) app.delete('/api/users/:id', auth, requireAdmin, users.remove) // ============ 客户管理 /api/customers ============ app.get('/api/customers', auth, customers.list) app.get('/api/customers/:id', auth, customers.detail) app.post('/api/customers', auth, customers.create) app.put('/api/customers/:id', auth, customers.update) app.delete('/api/customers/:id', auth, customers.remove) // ============ 员工管理 /api/employees ============ app.get('/api/employees', auth, employees.list) app.get('/api/employees/:id', auth, employees.detail) app.post('/api/employees', auth, employees.create) app.put('/api/employees/:id', auth, employees.update) app.delete('/api/employees/:id', auth, employees.remove) // ============ 合同管理 /api/contracts ============ app.get('/api/contracts', auth, contracts.list) app.get('/api/contracts/:id', auth, contracts.detail) app.post('/api/contracts', auth, contracts.create) app.put('/api/contracts/:id', auth, contracts.update) app.delete('/api/contracts/:id', auth, contracts.remove) // ============ 售后管理 /api/after-sales ============ app.get('/api/after-sales', auth, afterSales.list) app.get('/api/after-sales/:id', auth, afterSales.detail) app.post('/api/after-sales', auth, afterSales.create) app.put('/api/after-sales/:id', auth, afterSales.update) app.delete('/api/after-sales/:id', auth, afterSales.remove) // ============ 产品管理 /api/products ============ app.get('/api/products', auth, products.list) app.get('/api/products/:id', auth, products.detail) app.post('/api/products', auth, products.create) app.put('/api/products/:id', auth, products.update) app.delete('/api/products/:id', auth, products.remove) // ============ 启动 ============ const PORT = Number(process.env.PORT) || 3000 module.exports = app if (require.main === module) { initDB() .then(() => { app.listen(PORT, () => { console.log(`[server] 已启动 → http://127.0.0.1:${PORT}`) console.log(`[test] curl -X POST http://127.0.0.1:${PORT}/api/user/login \\`) console.log(` -H "Content-Type: application/json" \\`) console.log(` -d '{"username":"admin","password":"123456"}'`) }) }) .catch((err) => { console.error('[init] 数据库初始化失败:', err) process.exit(1) }) }