diff --git a/handler/users.js b/handler/users.js index a87676e..a601c0c 100644 --- a/handler/users.js +++ b/handler/users.js @@ -238,6 +238,50 @@ class HandlerUser { } } + // 获取用户列表 + async userList(ctx) { + try { + const { page = 1, pageSize = 100 } = ctx.request.body; + // 从 token 获取当前用户 + const token = ctx.request.body?.token + || ctx.request.query?.token + || ctx.header?.authorization + || ctx.header?.token; + + // 通过token获取用户 + const user = await DBModel.User.findOne({ "security.token": token }); + if (!user) { + return ResponseUtil.unauthorized(ctx, "用户未登录或 token 无效"); + } + + if (!('wxapp-escort-admin' in user.app)) { + return ResponseUtil.unauthorized(ctx, "用户无管理员权限"); + } + + const isTokenValid = user.security.token && + user.security.tokenExpiry && + new Date() < user.security.tokenExpiry; + if (!isTokenValid) { + return ResponseUtil.unauthorized(ctx, "登录已过期,请重新登录"); + } + + // 查询所有user.app包含wxapp-escort的用户 + const users = await DBModel.User.find({ "app.wxapp-escort": { $exists: true } }) + .skip((page - 1) * pageSize) + .limit(pageSize); + + // 安全起见删除密码相关字段 + users.forEach(u => { + delete u.security.passwd; + delete u.security.passwdSalt; + }); + + return ResponseUtil.success(ctx, { users }, "获取用户列表成功"); + } catch (err) { + return ResponseUtil.internalError(ctx, err.message); + } + } + // 生成 token async genToken(uid) { const crypto = await import("crypto"); diff --git a/routes/index.js b/routes/index.js index 4d3be8f..5f79115 100644 --- a/routes/index.js +++ b/routes/index.js @@ -17,6 +17,8 @@ class ApiRouter { userRouter.post('/signout', this.handler.signout.bind(this.handler)); userRouter.post('/userInfo', this.handler.userInfo.bind(this.handler)); + userRouter.post('/list', this.handler.userList.bind(this.handler)); + this.router.use(userRouter.routes()); this.printRoutes(this.router.stack);