feat: integrate Drizzle ORM and SQLite for authentication

2025-06-18 16:15:49 +08:00
parent 6652953b1a
commit bc81e4d6fe
13 changed files with 1024 additions and 37 deletions
--- a/server/api/login/admin.post.ts
+++ b/server/api/login/admin.post.ts
@ -1,21 +1,23 @@
-import { defineEventHandler, readBody, setResponseStatus } from 'h3';
+import { defineEventHandler, readBody, setResponseStatus, useRuntimeConfig } from 'h3';

 export default defineEventHandler(async (event) => {
  const body = await readBody(event);
  const { password } = body;
+  const config = useRuntimeConfig(event);

  if (!password) {
    setResponseStatus(event, 400);
    return { message: '请填写密码' };
  }

-  // TODO: Replace with a more secure admin authentication method
-  if (password === 'adminpassword') {
-    return {
-      message: '管理员登录成功！',
-    };
-  } else {
+  const adminPassword = config.adminPassword;
+
+  if (!adminPassword || password !== adminPassword) {
    setResponseStatus(event, 401);
    return { message: '密码错误' };
  }
+
+  return {
+    message: '管理员登录成功！',
+  };
 }); 
--- a/server/api/login/user.post.ts
+++ b/server/api/login/user.post.ts
@ -1,4 +1,7 @@
 import { defineEventHandler, readBody, setResponseStatus } from 'h3';
+import { db, customers } from '~/server/db';
+import { eq } from 'drizzle-orm';
+import bcrypt from 'bcryptjs';

 export default defineEventHandler(async (event) => {
  const body = await readBody(event);
@ -9,14 +12,31 @@ export default defineEventHandler(async (event) => {
    return { message: '请填写手机号和密码' };
  }

-  // TODO: Replace with database user lookup and password verification
-  if (contact === '1234567890' && password === 'password') {
+  try {
+    const user = await db.query.customers.findFirst({
+      where: eq(customers.contact, contact),
+    });
+
+    if (!user) {
+      setResponseStatus(event, 401);
+      return { message: '手机号或密码错误' };
+    }
+
+    const isPasswordValid = bcrypt.compareSync(password, user.password);
+
+    if (!isPasswordValid) {
+      setResponseStatus(event, 401);
+      return { message: '手机号或密码错误' };
+    }
+
    return {
      message: '登录成功！',
-      customerId: 'dummy-customer-id-123',
+      customerId: user.id,
    };
-  } else {
-    setResponseStatus(event, 401);
-    return { message: '手机号或密码错误' };
+
+  } catch (error) {
+    console.error('Login error:', error);
+    setResponseStatus(event, 500);
+    return { message: '登录失败，请稍后重试' };
  }
 }); 
--- a/server/api/register.post.ts
+++ b/server/api/register.post.ts
@ -1,21 +1,43 @@
 import { defineEventHandler, readBody, setResponseStatus } from 'h3';
+import { db, customers } from '~/server/db';
+import bcrypt from 'bcryptjs';

 export default defineEventHandler(async (event) => {
  const body = await readBody(event);
-
  const { name, gender, contact, idCard, password } = body;

  if (!name || !gender || !contact || !idCard || !password) {
    setResponseStatus(event, 400);
-    return {
-      message: '请填写完整信息',
-    };
+    return { message: '请填写完整信息' };
  }

-  // TODO: Add database logic to save the user
-  console.log('Registering new user:', { name, gender, contact, idCard });
+  try {
+    const hashedPassword = bcrypt.hashSync(password, 10);

-  return {
-    message: '注册成功！',
-  };
+    await db.insert(customers).values({
+      name,
+      gender,
+      contact,
+      idCard,
+      password: hashedPassword,
+    });
+
+    return { message: '注册成功！' };
+
+  } catch (error: any) {
+    // Check for unique constraint violation
+    if (error.message?.includes('UNIQUE constraint failed')) {
+      setResponseStatus(event, 409); // Conflict
+      if (error.message.includes('customers.contact')) {
+        return { message: '该手机号已被注册' };
+      }
+      if (error.message.includes('customers.id_card')) {
+        return { message: '该身份证号已被注册' };
+      }
+    }
+
+    console.error('Registration error:', error);
+    setResponseStatus(event, 500);
+    return { message: '注册失败，请稍后重试' };
+  }
 });