user-manager change

src/routes/user/list.ts

@@ -1,6 +1,8 @@
 import { app } from '@/app.ts';
 import { User } from '@/models/user.ts';
 import { CustomError } from '@kevisual/router';
+import { checkUsername } from './admin/user.ts';
+import { nanoid } from 'nanoid';
 
 app
   .route({
@@ -18,7 +20,6 @@ app
   })
   .addTo(app);
 
-
 app
   .route({
     path: 'user',
@@ -28,9 +29,12 @@ app
   .define(async (ctx) => {
     const tokenUser = ctx.state.tokenUser;
     const { id, username, password, description } = ctx.query.data || {};
+    if (!id) {
+      throw new CustomError(400, 'id is required');
+    }
     const user = await User.findByPk(id);
     if (user.id !== tokenUser.id) {
-      throw new CustomError(401, 'Permission denied');
+      throw new CustomError(403, 'Permission denied');
     }
 
     if (!user) {
@@ -59,21 +63,26 @@ app
   .route({
     path: 'user',
     key: 'add',
-    middleware: ['auth'],
+    middleware: ['auth-admin'],
   })
   .define(async (ctx) => {
-    const tokenUser = ctx.state.tokenUser;
     const { username, password, description } = ctx.query.data || {};
     if (!username) {
       throw new CustomError(400, 'username is required');
     }
-    const user = await User.createUser(username, password, description);
-    const token = await user.createToken();
+    checkUsername(username);
+    const findUserByUsername = await User.findOne({ where: { username } });
+    if (findUserByUsername) {
+      throw new CustomError(400, 'username already exists');
+    }
+    const pwd = password || nanoid(6);
+    const user = await User.createUser(username, pwd, description);
     ctx.body = {
       id: user.id,
       username: user.username,
       description: user.description,
       needChangePassword: user.needChangePassword,
-      token,
+      password: pwd,
     };
-  });
+  })
+  .addTo(app);