github
/
OrangeTV
mirror of https://github.com/djteang/OrangeTV.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
OrangeTV/src/app/api/avatar/route.ts

111 lines
3.6 KiB
TypeScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

import { NextRequest, NextResponse } from 'next/server';
import { getAuthInfoFromCookie } from '@/lib/auth';
import { db } from '@/lib/db';
export const runtime = 'nodejs';
// 获取用户头像
export async function GET(request: NextRequest) {
try {
const authInfo = getAuthInfoFromCookie(request);
if (!authInfo || !authInfo.username) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const { searchParams } = new URL(request.url);
const targetUser = searchParams.get('user') || authInfo.username;
// 在聊天系统中,用户应该能够查看其他用户的头像,这对聊天功能是必要的
// 只要是已认证用户,就可以查看任何用户的头像
// 这对于聊天、好友功能等社交功能是必要的
const avatar = await db.getUserAvatar(targetUser);
if (!avatar) {
return NextResponse.json({ avatar: null });
}
return NextResponse.json({ avatar });
} catch (error) {
console.error('获取头像失败:', error);
return NextResponse.json({ error: '获取头像失败' }, { status: 500 });
}
}
// 上传用户头像
export async function POST(request: NextRequest) {
try {
const authInfo = getAuthInfoFromCookie(request);
if (!authInfo || !authInfo.username) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const body = await request.json();
const { avatar, targetUser } = body;
if (!avatar) {
return NextResponse.json({ error: '头像数据不能为空' }, { status: 400 });
}
// 验证Base64格式
if (!avatar.startsWith('data:image/')) {
return NextResponse.json({ error: '无效的图片格式' }, { status: 400 });
}
// 检查文件大小Base64编码后大约增加33%2MB的限制
const base64Data = avatar.split(',')[1];
const sizeInBytes = (base64Data.length * 3) / 4;
if (sizeInBytes > 2 * 1024 * 1024) {
return NextResponse.json({ error: '图片大小不能超过2MB' }, { status: 400 });
}
const userToUpdate = targetUser || authInfo.username;
// 只允许更新自己的头像,管理员和站长可以更新任何用户的头像
const canUpdate = userToUpdate === authInfo.username ||
authInfo.role === 'admin' ||
authInfo.role === 'owner';
if (!canUpdate) {
return NextResponse.json({ error: 'Permission denied' }, { status: 403 });
}
await db.setUserAvatar(userToUpdate, avatar);
return NextResponse.json({ success: true, message: '头像上传成功' });
} catch (error) {
console.error('上传头像失败:', error);
return NextResponse.json({ error: '上传头像失败' }, { status: 500 });
}
}
// 删除用户头像
export async function DELETE(request: NextRequest) {
try {
const authInfo = getAuthInfoFromCookie(request);
if (!authInfo || !authInfo.username) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const { searchParams } = new URL(request.url);
const targetUser = searchParams.get('user') || authInfo.username;
// 只允许删除自己的头像,管理员和站长可以删除任何用户的头像
const canDelete = targetUser === authInfo.username ||
authInfo.role === 'admin' ||
authInfo.role === 'owner';
if (!canDelete) {
return NextResponse.json({ error: 'Permission denied' }, { status: 403 });
}
await db.deleteUserAvatar(targetUser);
return NextResponse.json({ success: true, message: '头像删除成功' });
} catch (error) {
console.error('删除头像失败:', error);
return NextResponse.json({ error: '删除头像失败' }, { status: 500 });
}
}
Reference in New Issue View Git Blame Copy Permalink