funish dynamic info

2026-06-10 10:50:23 +08:00 · 2023-03-20 20:23:28 +08:00
parent 7abe88c190
commit 1573b63d8b
6 changed files with 123 additions and 22 deletions
--- a/backend/api.go
+++ b/backend/api.go
@@ -268,6 +268,20 @@ func init() {
 		}
 		writeresult(w, codeSuccess, "成功", messageOk, typeSuccess)
 	}}
+
+	apimap["/api/delMessage"] = &apihandler{"GET", func(w http.ResponseWriter, r *http.Request) {
+		id, err := strconv.Atoi(r.URL.Query().Get("id"))
+		if err != nil {
+			writeresult(w, codeError, nil, err.Error(), typeError)
+			return
+		}
+		err = delMessage(r.Header.Get("Authorization"), id)
+		if err != nil {
+			writeresult(w, codeError, nil, err.Error(), typeError)
+			return
+		}
+		writeresult(w, codeSuccess, "成功", messageOk, typeSuccess)
+	}}
 }

 // APIHandler serves all backend /api call
--- a/backend/global/user.go
+++ b/backend/global/user.go
@@ -49,6 +49,7 @@ const (
 	MessageContactChange
 	MessagePasswordChange
 	MessageResetPassword
+	MessageOperator
 )

 type MessageType uint8
@@ -63,6 +64,7 @@ var (
 	ErrEmptyPassword     = errors.New("empty password")
 	ErrEmptyName         = errors.New("empty name")
 	ErrInvalidUsersCount = errors.New("invalid users count")
+	ErrInvalidUserID     = errors.New("invalid user ID")
 	ErrEmptyUserID       = errors.New("empty user ID")
 	ErrEmptyContact      = errors.New("empty contact")
 	ErrUsernameExists    = errors.New("username exists")
@@ -140,10 +142,21 @@ func (u *UserDatabase) AddUser(user *User, opname string) error {
 	}
 	user.Date = time.Now().Unix()
 	user.Last = user.Date
-	_ = u.notifyUserAdded(opname, user.Name)
 	u.mu.Lock()
-	defer u.mu.Unlock()
-	return u.db.InsertUnique(UserTableUser, user)
+	err := u.db.InsertUnique(UserTableUser, user)
+	u.mu.Unlock()
+	if err != nil {
+		return err
+	}
+	err = u.notifyUserAdded(opname, user.Name)
+	if err != nil {
+		return err
+	}
+	nu, err := u.GetUserByName(user.Name)
+	if err != nil {
+		return err
+	}
+	return u.SendMessage("创建了账号", opname, *nu.ID)
 }

 // UpdateUserInfo ...
@@ -162,12 +175,16 @@ func (u *UserDatabase) UpdateUserInfo(id int, nick, avtr, desc string) error {
 		user.Desc = desc
 	}
 	u.mu.Lock()
-	defer u.mu.Unlock()
-	return u.db.Insert(UserTableUser, &user)
+	err = u.db.Insert(UserTableUser, &user)
+	u.mu.Unlock()
+	if err != nil {
+		return err
+	}
+	return u.SendMessage("更新了个人信息", user.Name, *user.ID)
 }

 // UpdateUserRole ...
-func (u *UserDatabase) UpdateUserRole(id int, nr UserRole) error {
+func (u *UserDatabase) UpdateUserRole(id int, nr UserRole, opname string) error {
 	if nr == RoleNil || nr > RoleUser {
 		return ErrInvalidRole
 	}
@@ -177,8 +194,12 @@ func (u *UserDatabase) UpdateUserRole(id int, nr UserRole) error {
 	}
 	user.Role = nr
 	u.mu.Lock()
-	defer u.mu.Unlock()
-	return u.db.Insert(UserTableUser, &user)
+	err = u.db.Insert(UserTableUser, &user)
+	u.mu.Unlock()
+	if err != nil {
+		return err
+	}
+	return u.SendMessage("您的权限被变更为"+user.Role.Nick(), opname, *user.ID)
 }

 // UpdateUserPassword ...
@@ -194,8 +215,12 @@ func (u *UserDatabase) UpdateUserPassword(id int, npwd string) error {
 	user.Pswd = npwd
 	_ = u.notifyPasswordChange(user.Name, npwd)
 	u.mu.Lock()
-	defer u.mu.Unlock()
-	return u.db.Insert(UserTableUser, &user)
+	err = u.db.Insert(UserTableUser, &user)
+	u.mu.Unlock()
+	if err != nil {
+		return err
+	}
+	return u.SendMessage("更新了密码", user.Name, *user.ID)
 }

 // UpdateUserContact ...
@@ -210,8 +235,12 @@ func (u *UserDatabase) UpdateUserContact(id int, ncont string) error {
 	user.Cont = ncont
 	_ = u.notifyContactChange(user.Name, ncont)
 	u.mu.Lock()
-	defer u.mu.Unlock()
-	return u.db.Insert(UserTableUser, &user)
+	err = u.db.Insert(UserTableUser, &user)
+	u.mu.Unlock()
+	if err != nil {
+		return err
+	}
+	return u.SendMessage("更新了联系方式", user.Name, *user.ID)
 }

 // GetUserByName avoids sql injection by limiting username to 0-9A-Za-z
@@ -228,6 +257,13 @@ func (u *UserDatabase) GetUserByName(username string) (user User, err error) {
 	return
 }

+// IsIDExists ...
+func (u *UserDatabase) IsIDExists(id int) bool {
+	u.mu.RLock()
+	defer u.mu.RUnlock()
+	return u.db.CanFind(UserTableUser, "WHERE ID="+strconv.Itoa(id))
+}
+
 // IsNameExists avoids sql injection by limiting username to 0-9A-Za-z
 func (u *UserDatabase) IsNameExists(username string) bool {
 	for _, c := range username {
@@ -337,15 +373,19 @@ func (m *Message) Type() MessageType {
 		return MessagePasswordChange
 	case m.Name != "" && m.Cont == "" && m.Pswd == "":
 		return MessageResetPassword
+	case m.Name == "" && m.Cont != "" && m.Pswd != "":
+		return MessageOperator
 	default:
 		return MessageNormal
 	}
 }

-// SendMessage will send a message
-func (u *UserDatabase) SendMessage(m *Message) error {
-	m.ID = nil
-	m.Date = time.Now().Unix()
+// SendMessage will send a normal message to id
+func (u *UserDatabase) SendMessage(text, opname string, to int) error {
+	if !u.IsIDExists(to) {
+		return ErrInvalidUserID
+	}
+	m := Message{ToID: to, Date: time.Now().Unix(), Text: text, Cont: opname, Pswd: "opname"}
 	u.mu.Lock()
 	defer u.mu.Unlock()
 	return u.db.InsertUnique(UserTableMessage, m)
@@ -423,6 +463,11 @@ func (u *UserDatabase) NotifyResetPassword(ip, name, cont string) error {
 		return err
 	}

+	err = u.SendMessage("发送重置密码请求", user.Name, *user.ID)
+	if err != nil {
+		return err
+	}
+
 	m := Message{
 		Date: time.Now().Unix(),
 		Text: "收到来自 " + ip + ", 用户名 " + user.Name + " 的重置密码请求, 联系方式: " + user.Cont,
--- a/backend/message.go
+++ b/backend/message.go
@@ -8,8 +8,9 @@ import (
 )

 var (
-	errInvalidMessageID = errors.New("invalid message id")
-	errNothingToDo      = errors.New("nothing to do")
+	errInvalidMessageID   = errors.New("invalid message id")
+	errNoAcceptPermission = errors.New("no accept permission")
+	errNothingToDo        = errors.New("nothing to do")
 )

 type messageList struct {
@@ -39,7 +40,12 @@ func getMessageList(token string) ([]messageList, error) {
 		if a, ok := am[m.Name]; ok {
 			avtr = a
 		} else {
-			u, err := global.UserDB.GetUserByName(m.Name)
+			var u global.User
+			if m.Name != "" {
+				u, err = global.UserDB.GetUserByName(m.Name)
+			} else if m.Cont != "" {
+				u, err = global.UserDB.GetUserByName(m.Cont)
+			}
 			if err == nil {
 				avtr = u.Avtr
 				am[m.Name] = u.Avtr
@@ -59,6 +65,9 @@ func acceptMessage(token string, id int) error {
 	if user == nil {
 		return errInvalidToken
 	}
+	if !user.IsSuper() {
+		return errNoAcceptPermission
+	}
 	m, err := global.UserDB.GetMessageByID(id)
 	if err != nil {
 		return err
@@ -84,3 +93,18 @@ func acceptMessage(token string, id int) error {
 		return errNothingToDo
 	}
 }
+
+func delMessage(token string, id int) error {
+	user := usertokens.Get(token)
+	if user == nil {
+		return errInvalidToken
+	}
+	m, err := global.UserDB.GetMessageByID(id)
+	if err != nil {
+		return err
+	}
+	if m.ToID != *user.ID {
+		return errInvalidMessageID
+	}
+	return global.UserDB.DelMessageByID(id)
+}