const express = require('express'); const bcrypt = require('bcryptjs'); const router = express.Router(); const db = require('../config/database'); // 登录 router.post('/login', async (req, res) => { try { const { id, password, role } = req.body; // 输入验证 if (!id || !password || !role) { return res.status(400).json({ success: false, message: '请输入完整的登录信息' }); } // 查询用户 const users = await db.query( 'SELECT * FROM users WHERE id = ? AND role = ?', [id, role] ); if (users.length === 0) { return res.status(401).json({ success: false, message: '用户名或密码错误' }); } const user = users[0]; // 验证密码 const isValidPassword = await bcrypt.compare(password, user.password); if (!isValidPassword) { return res.status(401).json({ success: false, message: '用户名或密码错误' }); } // 设置会话 req.session.user = { id: user.id, name: user.name, role: user.role, class: user.class }; // 如果是学生,获取学生信息 if (user.role === 'student') { const [students] = await db.pool.execute( 'SELECT * FROM students WHERE id = ?', [user.id] ); if (students[0].length > 0) { req.session.user.studentInfo = students[0][0]; } } res.json({ success: true, message: '登录成功', user: req.session.user }); } catch (error) { console.error('登录错误:', error); res.status(500).json({ success: false, message: '服务器错误' }); } }); // 注册 router.post('/register', async (req, res) => { try { const { id, name, password, role, class: userClass } = req.body; // 输入验证 if (!id || !name || !password || !role) { return res.status(400).json({ success: false, message: '请填写所有必填字段(ID、姓名、密码、角色)' }); } // 学生和教师需要班级字段,管理员不需要 if ((role === 'student' || role === 'teacher') && !userClass) { return res.status(400).json({ success: false, message: '学生和教师需要填写班级' }); } // 检查用户ID是否存在 const existingUsers = await db.query( 'SELECT id FROM users WHERE id = ?', [id] ); if (existingUsers.length > 0) { return res.status(400).json({ success: false, message: '用户ID已存在' }); } // 哈希密码 const salt = await bcrypt.genSalt(10); const passwordHash = await bcrypt.hash(password, salt); // 创建用户 await db.pool.execute( 'INSERT INTO users (id, name, password, role, class) VALUES (?, ?, ?, ?, ?)', [id, name, passwordHash, role, userClass || null] ); // 如果是学生,创建学生记录 if (role === 'student') { await db.pool.execute( 'INSERT INTO students (id, name, class) VALUES (?, ?, ?)', [id, name, userClass] ); } res.json({ success: true, message: '注册成功' }); } catch (error) { console.error('注册错误:', error); res.status(500).json({ success: false, message: '服务器错误' }); } }); // 注销 router.post('/logout', (req, res) => { req.session.destroy(err => { if (err) { return res.status(500).json({ success: false, message: '注销失败' }); } res.clearCookie('session_cookie'); res.json({ success: true, message: '注销成功' }); }); }); // 获取当前用户信息 router.get('/me', (req, res) => { if (!req.session.user) { return res.status(401).json({ success: false, message: '未登录' }); } res.json({ success: true, user: req.session.user }); }); module.exports = router;