const express = require('express'); const router = express.Router(); const db = require('../config/database'); const { requireAuth, requireRole } = require('../middleware/auth'); /** * 获取所有用户 */ router.get('/users', requireAuth, requireRole(['admin']), async (req, res) => { try { const { page = 1, limit = 10, search = '', role = '' } = req.query; const offset = (page - 1) * limit; let query = 'SELECT id, name, role, class, created_at FROM users WHERE 1=1'; let params = []; if (search) { query += ' AND (id LIKE ? OR name LIKE ? OR class LIKE ?)'; const searchTerm = `%${search}%`; params.push(searchTerm, searchTerm, searchTerm); } if (role) { query += ' AND role = ?'; params.push(role); } // 获取总数 const countQuery = query.replace('SELECT id, name, role, class, created_at', 'SELECT COUNT(*) as total'); const countResult = await db.pool.execute(countQuery, params); const total = countResult[0][0].total; // 获取分页数据 query += ' ORDER BY created_at DESC LIMIT ? OFFSET ?'; params.push(parseInt(limit), parseInt(offset)); const users = await db.pool.execute(query, params); res.json({ success: true, data: users, pagination: { page: parseInt(page), limit: parseInt(limit), total, pages: Math.ceil(total / limit) } }); } catch (error) { console.error('获取用户列表错误:', error); res.status(500).json({ success: false, message: '服务器错误' }); } }); /** * 创建用户 */ router.post('/users', requireAuth, requireRole(['admin']), async (req, res) => { try { const { id, name, password, role, className } = req.body; // 输入验证 if (!id || !name || !password || !role) { return res.status(400).json({ success: false, message: '请填写所有必填字段' }); } // 检查用户ID是否存在 const existingUsers = await db.pool.execute( 'SELECT id FROM users WHERE id = ?', [id] ); if (existingUsers[0].length > 0) { return res.status(400).json({ success: false, message: '用户ID已存在' }); } // 哈希密码 const bcrypt = require('bcrypt'); const salt = await bcrypt.genSalt(10); const passwordHash = await bcrypt.hash(password, salt); // 创建用户 const result = await db.pool.execute( 'INSERT INTO users (id, name, password, role, class) VALUES (?, ?, ?, ?, ?)', [id, name, passwordHash, role, className || null] ); const userId = result[0].insertId; // 根据角色创建相关记录 if (role === 'student') { const studentId = 'STU' + Date.now().toString().slice(-6); await db.pool.execute( 'INSERT INTO students (user_id, student_id, full_name, class_name) VALUES (?, ?, ?, ?)', [userId, studentId, fullName, className || '未分配班级'] ); } else if (role === 'teacher') { await db.pool.execute( 'INSERT INTO teachers (user_id, full_name) VALUES (?, ?)', [userId, fullName] ); } res.json({ success: true, message: '用户创建成功', userId }); } catch (error) { console.error('创建用户错误:', error); res.status(500).json({ success: false, message: '服务器错误' }); } }); /** * 更新用户 */ router.put('/users/:id', requireAuth, requireRole(['admin']), async (req, res) => { try { const userId = req.params.id; const { name, role, className } = req.body; // 检查用户是否存在 const users = await db.pool.execute( 'SELECT * FROM users WHERE id = ?', [userId] ); if (users[0].length === 0) { return res.status(404).json({ success: false, message: '用户不存在' }); } const oldRole = users[0][0].role; // 更新用户信息 await db.pool.execute( 'UPDATE users SET name = ?, role = ?, class = ? WHERE id = ?', [name, role, className || null, userId] ); // 如果角色改变,更新相关记录 if (oldRole !== role) { // 删除旧角色的记录 if (oldRole === 'student') { await db.pool.execute('DELETE FROM students WHERE user_id = ?', [userId]); } else if (oldRole === 'teacher') { await db.pool.execute('DELETE FROM teachers WHERE user_id = ?', [userId]); } // 创建新角色的记录 if (role === 'student') { await db.pool.execute( 'INSERT INTO students (user_id, class) VALUES (?, ?)', [userId, className || null] ); } else if (role === 'teacher') { // 教师不需要额外表 } } else if (role === 'student' && className) { // 如果是学生且班级有变化,更新班级 await db.pool.execute( 'UPDATE students SET class = ? WHERE user_id = ?', [className, userId] ); } res.json({ success: true, message: '用户更新成功' }); } catch (error) { console.error('更新用户错误:', error); res.status(500).json({ success: false, message: '服务器错误' }); } }); /** * 删除用户 */ router.delete('/users/:id', requireAuth, requireRole(['admin']), async (req, res) => { try { const userId = req.params.id; // 检查用户是否存在 const users = await db.pool.execute( 'SELECT role FROM users WHERE id = ?', [userId] ); if (users[0].length === 0) { return res.status(404).json({ success: false, message: '用户不存在' }); } const userRole = users[0][0].role; // 删除相关记录 if (userRole === 'student') { await db.pool.execute('DELETE FROM students WHERE user_id = ?', [userId]); } else if (userRole === 'teacher') { await db.pool.execute('DELETE FROM teachers WHERE user_id = ?', [userId]); } // 删除用户 await db.pool.execute('DELETE FROM users WHERE id = ?', [userId]); res.json({ success: true, message: '用户删除成功' }); } catch (error) { console.error('删除用户错误:', error); res.status(500).json({ success: false, message: '服务器错误' }); } }); /** * 获取所有班级 */ router.get('/classes', requireAuth, requireRole(['admin']), async (req, res) => { try { const classes = await db.pool.execute( 'SELECT DISTINCT class_name FROM students ORDER BY class_name' ); res.json({ success: true, data: classes }); } catch (error) { console.error('获取班级列表错误:', error); res.status(500).json({ success: false, message: '服务器错误' }); } }); /** * 获取统计数据 */ router.get('/stats', requireAuth, requireRole(['admin']), async (req, res) => { try { // 用户统计 const userStats = await db.pool.execute( 'SELECT role, COUNT(*) as count FROM users GROUP BY role' ); // 班级统计 const classStats = await db.pool.execute( 'SELECT class_name, COUNT(*) as count FROM students GROUP BY class_name' ); // 课程统计 const courseStats = await db.pool.execute( 'SELECT COUNT(*) as total_courses FROM courses' ); // 成绩统计 const gradeStats = await db.pool.execute( 'SELECT COUNT(*) as total_grades FROM scores' ); res.json({ success: true, data: { users: userStats[0], classes: classStats[0], total_courses: courseStats[0][0].total_courses, total_grades: gradeStats[0][0].total_grades } }); } catch (error) { console.error('获取统计数据错误:', error); res.status(500).json({ success: false, message: '服务器错误' }); } }); module.exports = router;