init

api/user_management.py

@@ -0,0 +1,199 @@
+from flask import Blueprint, request, jsonify
+from flask_jwt_extended import get_jwt_identity
+from models import db, User
+from auth import login_required, admin_required
+from datetime import datetime
+
+user_mgmt_bp = Blueprint('user_management', __name__)
+
+# 用户注册
+@user_mgmt_bp.route('/register', methods=['POST'])
+def register():
+    data = request.json
+    
+    if not all([data.get('username'), data.get('email'), data.get('password')]):
+        return jsonify({'error': '用户名、邮箱和密码不能为空'}), 400
+    
+    if User.query.filter_by(username=data['username']).first():
+        return jsonify({'error': '用户名已存在'}), 400
+    
+    if User.query.filter_by(email=data['email']).first():
+        return jsonify({'error': '邮箱已被注册'}), 400
+    
+    user = User(
+        username=data['username'],
+        email=data['email'],
+        uid=data.get('uid'),
+        status='pending'
+    )
+    user.set_password(data['password'])
+    
+    db.session.add(user)
+    db.session.commit()
+    
+    return jsonify({'message': '注册成功，请等待管理员审核'}), 201
+
+# 获取用户列表（管理员）
+@user_mgmt_bp.route('/users', methods=['GET'])
+@admin_required
+def get_users():
+    status = request.args.get('status')
+    page = request.args.get('page', 1, type=int)
+    per_page = request.args.get('per_page', 20, type=int)
+    
+    query = User.query
+    if status:
+        query = query.filter_by(status=status)
+    
+    pagination = query.order_by(User.created_at.desc()).paginate(
+        page=page, per_page=per_page, error_out=False
+    )
+    
+    return jsonify({
+        'users': [{
+            'id': u.id,
+            'username': u.username,
+            'email': u.email,
+            'uid': u.uid,
+            'role': u.role,
+            'status': u.status,
+            'tags': u.tags,
+            'note': u.note,
+            'created_at': u.created_at.strftime('%Y-%m-%d %H:%M'),
+            'approved_at': u.approved_at.strftime('%Y-%m-%d %H:%M') if u.approved_at else None
+        } for u in pagination.items],
+        'total': pagination.total,
+        'page': page,
+        'pages': pagination.pages
+    })
+
+# 审核用户（管理员）
+@user_mgmt_bp.route('/users/<int:user_id>/approve', methods=['POST'])
+@admin_required
+def approve_user(user_id):
+    user = db.session.get(User, user_id)
+    if not user:
+        return jsonify({'error': '用户不存在'}), 404
+    
+    data = request.json or {}
+    action = data.get('action')  # approve/reject
+    
+    if action == 'approve':
+        user.status = 'active'
+        user.approved_at = datetime.utcnow()
+        user.approved_by = get_jwt_identity()
+        db.session.commit()
+        return jsonify({'message': '已通过审核'})
+    elif action == 'reject':
+        db.session.delete(user)
+        db.session.commit()
+        return jsonify({'message': '已拒绝申请'})
+    
+    return jsonify({'error': '无效的操作'}), 400
+
+# 编辑用户（管理员）
+@user_mgmt_bp.route('/users/<int:user_id>', methods=['PUT'])
+@admin_required
+def update_user(user_id):
+    current_user_id = get_jwt_identity()
+    
+    if current_user_id == user_id:
+        return jsonify({'error': '不能修改自己的信息'}), 403
+    
+    user = db.session.get(User, user_id)
+    if not user:
+        return jsonify({'error': '用户不存在'}), 404
+    
+    data = request.json
+    
+    if 'email' in data:
+        user.email = data['email']
+    if 'uid' in data:
+        user.uid = data['uid']
+    if 'role' in data:
+        user.role = data['role']
+    if 'status' in data:
+        user.status = data['status']
+    if 'tags' in data:
+        user.tags = data['tags']
+    if 'note' in data:
+        user.note = data['note']
+    
+    db.session.commit()
+    return jsonify({'message': '用户信息已更新'})
+
+# 删除用户（管理员）
+@user_mgmt_bp.route('/users/<int:user_id>', methods=['DELETE'])
+@admin_required
+def delete_user(user_id):
+    current_user_id = get_jwt_identity()
+    
+    if current_user_id == user_id:
+        return jsonify({'error': '不能删除自己'}), 403
+    
+    user = db.session.get(User, user_id)
+    if not user:
+        return jsonify({'error': '用户不存在'}), 404
+    
+    db.session.delete(user)
+    db.session.commit()
+    return jsonify({'message': '用户已删除'})
+
+# 修改密码（用户自己）
+@user_mgmt_bp.route('/users/change-password', methods=['POST'])
+@login_required
+def change_password():
+    user_id = get_jwt_identity()
+    user = db.session.get(User, user_id)
+    
+    data = request.json
+    old_password = data.get('old_password')
+    new_password = data.get('new_password')
+    
+    if not old_password or not new_password:
+        return jsonify({'error': '旧密码和新密码不能为空'}), 400
+    
+    if not user.check_password(old_password):
+        return jsonify({'error': '旧密码错误'}), 400
+    
+    user.set_password(new_password)
+    db.session.commit()
+    
+    return jsonify({'message': '密码修改成功'})
+
+# 获取个人信息
+@user_mgmt_bp.route('/users/profile', methods=['GET'])
+@login_required
+def get_profile():
+    user_id = get_jwt_identity()
+    user = db.session.get(User, user_id)
+    
+    return jsonify({
+        'id': user.id,
+        'username': user.username,
+        'email': user.email,
+        'uid': user.uid,
+        'role': user.role,
+        'status': user.status,
+        'created_at': user.created_at.strftime('%Y-%m-%d %H:%M')
+    })
+
+# 更新个人信息
+@user_mgmt_bp.route('/users/profile', methods=['PUT'])
+@login_required
+def update_profile():
+    user_id = get_jwt_identity()
+    user = db.session.get(User, user_id)
+    
+    data = request.json
+    
+    if 'email' in data:
+        if User.query.filter(User.email == data['email'], User.id != user_id).first():
+            return jsonify({'error': '邮箱已被使用'}), 400
+        user.email = data['email']
+    
+    if 'uid' in data:
+        user.uid = data['uid']
+    
+    db.session.commit()
+    return jsonify({'message': '个人信息已更新'})