import { app, sequelize } from '@/app.ts'; import { Org } from '@/models/org.ts'; import { User } from '@/models/user.ts'; import { Op } from 'sequelize'; app .route({ path: 'org', key: 'list', middleware: ['auth'], }) .define(async (ctx) => { const tokenUser = ctx.state.tokenUser; const list = await Org.findAll({ order: [['updatedAt', 'DESC']], where: { users: { [Op.contains]: [ { uid: tokenUser.id, }, ], }, }, logging: false, }); ctx.body = list; return ctx; }) .addTo(app); app .route({ path: 'org', key: 'update', middleware: ['auth-admin'], }) .define(async (ctx) => { const tokenUser = ctx.state.tokenUser; // username 为org的名字,在用户表中也是唯一的 const { username, description, id } = ctx.query.data; if (!username) { ctx.throw('username is required'); } if (id) { const org = await Org.findByPk(id); if (!org) { ctx.throw('org not found'); } org.description = description; await org.save(); const user = await User.findOne({ where: { username } }); user.description = description; await user.save(); ctx.body = { id: user.id, username: user.username, description: user.description, }; return; } const user = await User.findByPk(tokenUser.id); if (!user) { ctx.throw('user not found'); } user.setTokenUser(tokenUser); const orgs = await user.getOrgs(); if (!orgs.includes('admin')) { ctx.throw('Permission denied'); } const newUser = await User.createOrg(username, tokenUser.id, description); ctx.body = { id: newUser.id, username: newUser.username, description: newUser.description, }; }) .addTo(app); app .route({ path: 'org', key: 'delete', middleware: ['auth'], }) .define(async (ctx) => { const tokenUser = ctx.state.tokenUser; const id = ctx.query.id; if (!id) { ctx.throw('id is required'); } const org = await Org.findByPk(id); if (!org) { ctx.throw('org not found'); } const username = org.username; const users = org.users; const owner = users.find((u) => u.role === 'owner'); if (owner.uid !== tokenUser.id) { ctx.throw('Permission denied'); } await org.destroy({ force: true }); const orgUser = await User.findOne({ where: { username }, }); await orgUser.destroy({ force: true }); ctx.body = 'success'; }) .addTo(app); app .route({ path: 'org', key: 'get', middleware: ['auth'], }) .define(async (ctx) => { const tokenUser = ctx.state.tokenUser; const id = ctx.query.id; if (!id) { ctx.throw('id is required'); } const org = await Org.findByPk(id); if (!org) { ctx.throw('org not found'); } const usersIds = org.users; const me = usersIds.find((u) => u.uid === tokenUser.id); if (!me) { ctx.throw('Permission denied'); } const orgGetUser = await org.getUsers(); ctx.body = { org, users: orgGetUser.users, }; }) .addTo(app); app .route({ path: 'org', key: 'hasUser', middleware: ['auth'], description: '判断当前username这个组织,是否在当前用户的组织中。如果有,返回当前组织的用户信息,否则返回null', }) .define(async (ctx) => { const tokenUser = ctx.state.tokenUser; const { username } = ctx.query.data; const user = await User.findByPk(tokenUser.id); if (!user) { ctx.throw('user not found'); } user.setTokenUser(tokenUser); const userOrgs = await user.hasUser(username, true); if (!userOrgs) { ctx.body = { uid: null, }; return; } const usernameUser = await User.findOne({ where: { username }, attributes: { exclude: ['password', 'salt'], }, }); if (!usernameUser) { ctx.body = { uid: null, }; return; } ctx.body = { uid: usernameUser.id, user: usernameUser, }; }) .addTo(app);