Pchen0
/
ic-ctbu-backend


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
							const API = require("../../../lib/API");
const db = require("../../../plugin/DataBase/db");
const AccessControl = require("../../../lib/AccessControl");
const { BaseStdResponse } = require("../../../BaseStdResponse");
const { insertBindAudit, BindAuditAction, BindAuditSource } = require("../../../lib/Lepao/BindAudit");

class DeleteAccount extends API {
    constructor() {
        super();

        this.setPath('/Lepao/Account')
        this.setMethod('DELETE')
    }

    async onRequest(req, res) {
        let { uuid, session, id } = req.body

        if ([uuid, session, id].some(value => value === '' || value === null || value === undefined))
            return res.json({
                ...BaseStdResponse.MISSING_PARAMETER
            })

        // 检查 session
        if (!await AccessControl.checkSession(uuid, session))
            return res.status(401).json({
                ...BaseStdResponse.ACCESS_DENIED
            })

        let selectSql = 'SELECT student_num, create_user FROM lepao_account WHERE id = ?'
        let selectRows = await db.query(selectSql, [id])
        if (!selectRows || selectRows.length === 0)
            return res.json({
                ...BaseStdResponse.ERR,
                msg: '解绑账号失败！未找到账户信息'
            })

        let source = BindAuditSource.USER_API
        if (selectRows[0].create_user !== uuid) {
            let permission = await AccessControl.getPermission(uuid)
            if (!permission.includes("admin") && !permission.includes("service"))
                return res.json({
                    ...BaseStdResponse.ERR,
                    msg: '解绑账号失败！未找到账户信息'
                })
            source = permission.includes("admin") ? BindAuditSource.ADMIN_API : BindAuditSource.SERVICE_API
        }

        let sql = 'UPDATE lepao_account SET create_user = NULL, auto_run = 0 WHERE id = ?'
        let r = await db.query(sql, [id])

        try {
            if (r && r.affectedRows > 0) {
                const auditOk = await insertBindAudit({
                    studentNum: selectRows[0].student_num,
                    ownerUuid: selectRows[0].create_user,
                    action: BindAuditAction.PLATFORM_UNBIND,
                    source,
                    operatorUuid: uuid,
                    detail: { via: 'DeleteAccount' },
                    createdAt: Date.now()
                })
                if (!auditOk) {
                    this.logger.warn(`解绑审计写入失败 student_num=${selectRows[0].student_num}`)
                }
                res.json({
                    ...BaseStdResponse.OK
                })
            } else {
                return res.json({
                    ...BaseStdResponse.ERR,
                    msg: '解绑账号失败！数据库错误'
                })
            }
        } catch (err) {
            this.logger.error(`解绑账号失败！${err.stack}`)
            res.json({
                ...BaseStdResponse.ERR,
                msg: "解绑账号失败！",
            });
        }
    }
}

module.exports.DeleteAccount = DeleteAccount