From b3f933e30ab2f3a269fe5fef9a422fe1e569877b Mon Sep 17 00:00:00 2001
From: lik <likeagle@163.com>
Date: Thu, 4 Jun 2026 14:50:05 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0userList=E6=8E=A5=E5=8F=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 handler/users.js | 44 ++++++++++++++++++++++++++++++++++++++++++++
 routes/index.js  |  2 ++
 2 files changed, 46 insertions(+)

diff --git a/handler/users.js b/handler/users.js
index a87676e..a601c0c 100644
--- a/handler/users.js
+++ b/handler/users.js
@@ -238,6 +238,50 @@ class HandlerUser {
     }
   }
 
+  // 获取用户列表
+  async userList(ctx) {
+    try {
+      const { page = 1, pageSize = 100 } = ctx.request.body;
+      // 从 token 获取当前用户
+      const token = ctx.request.body?.token
+        || ctx.request.query?.token
+        || ctx.header?.authorization
+        || ctx.header?.token;
+
+      // 通过token获取用户
+      const user = await DBModel.User.findOne({ "security.token": token });
+      if (!user) {
+        return ResponseUtil.unauthorized(ctx, "用户未登录或 token 无效");
+      }
+
+      if (!('wxapp-escort-admin' in user.app)) {
+        return ResponseUtil.unauthorized(ctx, "用户无管理员权限");
+      }
+
+      const isTokenValid = user.security.token &&
+        user.security.tokenExpiry &&
+        new Date() < user.security.tokenExpiry;
+      if (!isTokenValid) {
+        return ResponseUtil.unauthorized(ctx, "登录已过期，请重新登录");
+      }
+
+      // 查询所有user.app包含wxapp-escort的用户
+      const users = await DBModel.User.find({ "app.wxapp-escort": { $exists: true } })
+        .skip((page - 1) * pageSize)
+        .limit(pageSize);
+
+      // 安全起见删除密码相关字段
+      users.forEach(u => {
+        delete u.security.passwd;
+        delete u.security.passwdSalt;
+      });
+
+      return ResponseUtil.success(ctx, { users }, "获取用户列表成功");
+    } catch (err) {
+      return ResponseUtil.internalError(ctx, err.message);
+    }
+  }
+
   // 生成 token
   async genToken(uid) {
     const crypto = await import("crypto");
diff --git a/routes/index.js b/routes/index.js
index 4d3be8f..5f79115 100644
--- a/routes/index.js
+++ b/routes/index.js
@@ -17,6 +17,8 @@ class ApiRouter {
     userRouter.post('/signout', this.handler.signout.bind(this.handler));
     userRouter.post('/userInfo', this.handler.userInfo.bind(this.handler));
 
+    userRouter.post('/list', this.handler.userList.bind(this.handler));
+
     this.router.use(userRouter.routes());
 
     this.printRoutes(this.router.stack);