leemuzi/solo-company-feed
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add admin pinning and user favorites with role management

Browse Source
This commit is contained in:
爱喝水的木子
2026-03-20 13:55:27 +08:00
parent e6788d0e8f
commit 8e6bd210a8
19 changed files with 629 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
app/admin/page.tsx
View File

@@ -4,8 +4,9 @@ import { AdminUserManager } from "@/components/AdminUserManager";
import { CreatePostForm } from "@/components/CreatePostForm";
import { cookieName, isAdminSession, verifySession } from "@/lib/auth";
import { getDb } from "@/lib/mongo";
import { buildOwnedPostFilter, serializePost } from "@/lib/posts";
import { buildOwnedPostFilter, buildPinnedSort, serializePost } from "@/lib/posts";
import { findUserById, getEffectiveDailyPostLimit, getShanghaiDayRange } from "@/lib/users";
import { Post } from "@/types/post";
export const dynamic = "force-dynamic";
@@ -13,11 +14,17 @@ type ManagedUser = {
id: string;
username: string;
displayName: string;
role: "admin" | "user";
role: "user" | "sponsor" | "admin";
dailyPostLimit: number;
postCount: number;
todayPostCount: number;
posts: Array<{ slug: string; title: string; createdAt: string }>;
posts: Array<{ slug: string; title: string; createdAt: string; isPinned?: boolean }>;
};
const ROLE_LABELS: Record<ManagedUser["role"], string> = {
user: "普通",
sponsor: "赞助",
admin: "管理员"
};
async function fetchRecentPosts(session: Awaited<ReturnType<typeof verifySession>>) {
@@ -25,7 +32,7 @@ async function fetchRecentPosts(session: Awaited<ReturnType<typeof verifySession
const posts = await db
.collection("posts")
.find(buildOwnedPostFilter(session), { projection: { markdown: 0 } })
.sort({ createdAt: -1 })
.sort(buildPinnedSort())
.limit(20)
.toArray();
@@ -38,6 +45,33 @@ async function fetchRecentPosts(session: Awaited<ReturnType<typeof verifySession
}));
}
async function fetchFavoritePosts(session: Awaited<ReturnType<typeof verifySession>>): Promise<Post[]> {
if (!session?.uid) {
return [];
}
const db = await getDb();
const favorites = await db
.collection("favorites")
.find({ ownerId: session.uid }, { projection: { postSlug: 1, createdAt: 1 } })
.sort({ createdAt: -1 })
.limit(20)
.toArray();
const slugs = favorites.map((item: any) => item.postSlug).filter(Boolean);
if (slugs.length === 0) {
return [];
}
const posts = await db
.collection("posts")
.find({ slug: { $in: slugs } }, { projection: { markdown: 0 } })
.toArray();
const postMap = new Map(posts.map((post: any) => [post.slug, serializePost(post)]));
return slugs.map((slug) => postMap.get(slug)).filter(Boolean) as Post[];
}
async function fetchAvailableTags(session: Awaited<ReturnType<typeof verifySession>>) {
const db = await getDb();
const tags = await db
@@ -90,8 +124,20 @@ async function fetchManagedUsers(): Promise<ManagedUser[]> {
const posts = await db
.collection("posts")
.find({}, { projection: { slug: 1, title: 1, createdAt: 1, ownerId: 1, author: 1 } })
.sort({ createdAt: -1 })
.find(
{},
{
projection: {
slug: 1,
title: 1,
createdAt: 1,
ownerId: 1,
author: 1,
isPinned: 1
}
}
)
.sort(buildPinnedSort())
.toArray();
const authorToUserId = new Map<string, string>();
@@ -104,7 +150,10 @@ async function fetchManagedUsers(): Promise<ManagedUser[]> {
const postCountMap = new Map<string, number>();
const todayCountMap = new Map<string, number>();
const postsByOwner = new Map<string, Array<{ slug: string; title: string; createdAt: string }>>();
const postsByOwner = new Map<
string,
Array<{ slug: string; title: string; createdAt: string; isPinned?: boolean }>
>();
posts.forEach((post: any) => {
const resolvedOwnerId =
@@ -115,7 +164,8 @@ async function fetchManagedUsers(): Promise<ManagedUser[]> {
list.push({
slug: post.slug,
title: post.title ?? "未命名",
createdAt: post.createdAt ?? new Date().toISOString()
createdAt: post.createdAt ?? new Date().toISOString(),
isPinned: Boolean(post.isPinned)
});
postsByOwner.set(resolvedOwnerId, list);
postCountMap.set(resolvedOwnerId, (postCountMap.get(resolvedOwnerId) ?? 0) + 1);
@@ -134,7 +184,10 @@ async function fetchManagedUsers(): Promise<ManagedUser[]> {
id,
username: user.username ?? "",
displayName: user.displayName ?? user.username ?? "",
role: user.role === "admin" ? "admin" : "user",
role:
user.role === "admin" || user.role === "sponsor" || user.role === "user"
? user.role
: "user",
dailyPostLimit: getEffectiveDailyPostLimit(user),
postCount: postCountMap.get(id) ?? 0,
todayPostCount: todayCountMap.get(id) ?? 0,
@@ -148,9 +201,11 @@ export default async function AdminPage() {
const token = cookies().get(cookieName)?.value;
const session = await verifySession(token);
const adminView = isAdminSession(session);
const roleLabel = ROLE_LABELS[(session?.role as ManagedUser["role"]) || "user"];
const [recentPosts, availableTags, publishQuota, managedUsers] = await Promise.all([
const [recentPosts, favoritePosts, availableTags, publishQuota, managedUsers] = await Promise.all([
fetchRecentPosts(session),
fetchFavoritePosts(session),
fetchAvailableTags(session),
fetchPublishQuota(session),
adminView ? fetchManagedUsers() : Promise.resolve([] as ManagedUser[])
@@ -159,11 +214,24 @@ export default async function AdminPage() {
return (
<div className="space-y-6">
<section className="rounded-2xl bg-white/80 p-5 shadow-sm ring-1 ring-slate-100">
<div className="space-y-2">
<h1 className="text-2xl font-semibold text-slate-900"></h1>
<p className="text-sm text-slate-500">
</p>
<div className="flex flex-wrap items-center justify-between gap-3">
<div className="space-y-2">
<h1 className="text-2xl font-semibold text-slate-900"></h1>
<p className="text-sm text-slate-500">
/
</p>
</div>
<div className="flex items-center gap-3">
<span className="rounded-full bg-slate-100 px-3 py-1 text-sm text-slate-700 ring-1 ring-slate-200">
{session?.name || "未登录"} · {roleLabel}
</span>
<a
href="/stats"
className="rounded-full bg-brand-50 px-4 py-2 text-sm font-medium text-brand-700 ring-1 ring-brand-100 hover:bg-brand-100"
>
</a>
</div>
</div>
</section>
@@ -173,7 +241,21 @@ export default async function AdminPage() {
todayCount={publishQuota.todayCount}
/>
<AdminPostList initialPosts={recentPosts} canDelete={false} />
<AdminPostList
initialPosts={recentPosts}
title="我的内容"
description="你只能编辑自己的内容;管理员可在这里快速置顶或删除自己的内容。"
canDelete={adminView}
canPin={adminView}
/>
<AdminPostList
initialPosts={favoritePosts}
title="我的收藏"
description="收藏仅自己可见,方便回看喜欢的内容。"
emptyText="你还没有收藏任何内容。"
showEdit={false}
/>
{adminView ? <AdminUserManager initialUsers={managedUsers} currentUserId={session?.uid || ""} /> : null}
</div>

48
app/api/admin/users/[userId]/route.ts
View File

@@ -24,26 +24,49 @@ export async function PATCH(req: NextRequest, { params }: { params: { userId: st
}
const body = await req.json().catch(() => ({}));
const schema = z.object({
dailyPostLimit: z.number().int().min(0).max(1000)
});
const schema = z
.object({
dailyPostLimit: z.number().int().min(0).max(1000).optional(),
role: z.enum(["user", "sponsor", "admin"]).optional()
})
.refine((value) => value.dailyPostLimit !== undefined || value.role !== undefined, {
message: "至少需要提交一个要修改的字段"
});
const parsed = schema.safeParse(body);
if (!parsed.success) {
return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });
}
if (session.uid === params.userId && parsed.data.role && parsed.data.role !== "admin") {
return NextResponse.json({ error: "不能把当前登录管理员降级" }, { status: 400 });
}
const db = await getDb();
const setPayload: Record<string, unknown> = {};
if (parsed.data.dailyPostLimit !== undefined) {
setPayload.dailyPostLimit = parsed.data.dailyPostLimit;
}
if (parsed.data.role) {
setPayload.role = parsed.data.role;
}
const result = await db.collection("users").updateOne(
{ _id: new ObjectId(params.userId) },
{ $set: { dailyPostLimit: parsed.data.dailyPostLimit } }
{ $set: setPayload }
);
if (result.matchedCount === 0) {
return NextResponse.json({ error: "用户不存在" }, { status: 404 });
}
const updatedUser = await db.collection("users").findOne(
{ _id: new ObjectId(params.userId) },
{ projection: { dailyPostLimit: 1, role: 1 } }
);
return NextResponse.json({
ok: true,
dailyPostLimit: parsed.data.dailyPostLimit ?? DEFAULT_DAILY_POST_LIMIT
dailyPostLimit: updatedUser?.dailyPostLimit ?? DEFAULT_DAILY_POST_LIMIT,
role: updatedUser?.role ?? "user"
});
}
@@ -65,7 +88,7 @@ export async function DELETE(req: NextRequest, { params }: { params: { userId: s
return NextResponse.json({ error: "用户不存在" }, { status: 404 });
}
await db.collection("posts").deleteMany({
const postFilter = {
$or: [
{ ownerId: params.userId },
{
@@ -79,6 +102,19 @@ export async function DELETE(req: NextRequest, { params }: { params: { userId: s
]
}
]
};
const ownedPosts = await db
.collection("posts")
.find(postFilter, { projection: { slug: 1 } })
.toArray();
await db.collection("posts").deleteMany(postFilter);
await db.collection("favorites").deleteMany({
$or: [
{ ownerId: params.userId },
{ postSlug: { $in: ownedPosts.map((post: any) => post.slug).filter(Boolean) } }
]
});
await db.collection("users").deleteOne({ _id: new ObjectId(params.userId) });

14
app/api/login/route.ts
View File

@@ -1,6 +1,6 @@
import { NextRequest, NextResponse } from "next/server";
import { z } from "zod";
import { signSession, cookieName, isAdminName } from "@/lib/auth";
import { cookieName, isAdminName, resolveUserRole, signSession } from "@/lib/auth";
import { getDb } from "@/lib/mongo";
import { verifyPassword } from "@/lib/password";
@@ -19,6 +19,7 @@ export async function POST(req: NextRequest) {
const { username, password } = parsed.data;
const db = await getDb();
const user = await db.collection("users").findOne({ usernameLower: username.toLowerCase() });
if (
!user ||
typeof user.passwordSalt !== "string" ||
@@ -29,12 +30,8 @@ export async function POST(req: NextRequest) {
}
const name = user.displayName || user.username || username;
const role =
user.role === "admin" || user.role === "user"
? user.role
: isAdminName(user.username) || isAdminName(name)
? "admin"
: "user";
const storedRole = resolveUserRole(user.role);
const role = storedRole || (isAdminName(user.username) || isAdminName(name) ? "admin" : "user");
const exp = Date.now() + 24 * 60 * 60 * 1000;
const token = await signSession({
role,
@@ -44,7 +41,8 @@ export async function POST(req: NextRequest) {
name,
username: user.username || username
});
const res = NextResponse.json({ ok: true, name });
const res = NextResponse.json({ ok: true, name, role });
res.cookies.set(cookieName, token, {
httpOnly: true,
sameSite: "lax",

60
app/api/posts/[slug]/favorite/route.ts Normal file
View File

@@ -0,0 +1,60 @@
import { NextRequest, NextResponse } from "next/server";
import { cookieName, verifySession } from "@/lib/auth";
import { getDb } from "@/lib/mongo";
async function getSessionFromRequest(req: NextRequest) {
const token = req.cookies.get(cookieName)?.value;
return verifySession(token);
}
async function countFavorites(postSlug: string) {
const db = await getDb();
return db.collection("favorites").countDocuments({ postSlug });
}
export async function POST(req: NextRequest, { params }: { params: { slug: string } }) {
const session = await getSessionFromRequest(req);
if (!session?.uid) {
return NextResponse.json({ error: "请先登录后再收藏" }, { status: 401 });
}
const db = await getDb();
const post = await db.collection("posts").findOne({ slug: params.slug }, { projection: { _id: 1 } });
if (!post) {
return NextResponse.json({ error: "内容不存在" }, { status: 404 });
}
await db.collection("favorites").updateOne(
{ ownerId: session.uid, postSlug: params.slug },
{
$setOnInsert: {
ownerId: session.uid,
postSlug: params.slug,
createdAt: new Date().toISOString()
}
},
{ upsert: true }
);
return NextResponse.json({
ok: true,
isFavorited: true,
favoriteCount: await countFavorites(params.slug)
});
}
export async function DELETE(req: NextRequest, { params }: { params: { slug: string } }) {
const session = await getSessionFromRequest(req);
if (!session?.uid) {
return NextResponse.json({ error: "请先登录后再取消收藏" }, { status: 401 });
}
const db = await getDb();
await db.collection("favorites").deleteOne({ ownerId: session.uid, postSlug: params.slug });
return NextResponse.json({
ok: true,
isFavorited: false,
favoriteCount: await countFavorites(params.slug)
});
}

55
app/api/posts/[slug]/pin/route.ts Normal file
View File

@@ -0,0 +1,55 @@
import { NextRequest, NextResponse } from "next/server";
import { cookieName, verifySession } from "@/lib/auth";
import { getDb } from "@/lib/mongo";
import { canPinPost } from "@/lib/posts";
async function getSessionFromRequest(req: NextRequest) {
const token = req.cookies.get(cookieName)?.value;
return verifySession(token);
}
async function getPost(slug: string) {
const db = await getDb();
const post = await db.collection("posts").findOne({ slug });
return { db, post };
}
export async function POST(req: NextRequest, { params }: { params: { slug: string } }) {
const session = await getSessionFromRequest(req);
const { db, post } = await getPost(params.slug);
if (!post) {
return NextResponse.json({ error: "内容不存在" }, { status: 404 });
}
if (!canPinPost(post, session)) {
return NextResponse.json({ error: "只有管理员可以置顶内容" }, { status: 403 });
}
const now = new Date().toISOString();
await db.collection("posts").updateOne(
{ _id: post._id },
{ $set: { isPinned: true, pinnedAt: now, updatedAt: now } }
);
return NextResponse.json({ ok: true, isPinned: true, pinnedAt: now });
}
export async function DELETE(req: NextRequest, { params }: { params: { slug: string } }) {
const session = await getSessionFromRequest(req);
const { db, post } = await getPost(params.slug);
if (!post) {
return NextResponse.json({ error: "内容不存在" }, { status: 404 });
}
if (!canPinPost(post, session)) {
return NextResponse.json({ error: "只有管理员可以取消置顶" }, { status: 403 });
}
const now = new Date().toISOString();
await db.collection("posts").updateOne(
{ _id: post._id },
{ $set: { isPinned: false, updatedAt: now }, $unset: { pinnedAt: "" } }
);
return NextResponse.json({ ok: true, isPinned: false });
}

1
app/api/posts/[slug]/route.ts
View File

@@ -84,5 +84,6 @@ export async function DELETE(req: NextRequest, { params }: { params: { slug: str
}
await db.collection("posts").deleteOne({ _id: existingPost._id });
await db.collection("favorites").deleteMany({ postSlug: params.slug });
return NextResponse.json({ ok: true });
}

14
app/api/posts/route.ts
View File

@@ -3,6 +3,7 @@ import { z } from "zod";
import { cookieName, verifySession } from "@/lib/auth";
import { getDb } from "@/lib/mongo";
import { DEFAULT_OPC_SIGNAL, OPC_SIGNAL_VALUES } from "@/lib/opc";
import { buildPinnedSort, serializePost } from "@/lib/posts";
import { generateSlug } from "@/lib/slug";
import { findUserById, getEffectiveDailyPostLimit, getShanghaiDayRange } from "@/lib/users";
@@ -19,17 +20,11 @@ export async function GET() {
const posts = await db
.collection("posts")
.find({}, { projection: { markdown: 0 } })
.sort({ createdAt: -1 })
.sort(buildPinnedSort())
.limit(50)
.toArray();
return NextResponse.json(
posts.map((post) => ({
...post,
author: post.author ?? "匿名",
_id: post._id?.toString()
}))
);
return NextResponse.json(posts.map((post) => serializePost(post)));
}
export async function POST(req: NextRequest) {
@@ -85,7 +80,8 @@ export async function POST(req: NextRequest) {
slug,
createdAt: now,
updatedAt: now,
views: 0
views: 0,
isPinned: false
});
return NextResponse.json({ ok: true, slug, todayCount: todayCount + 1, limit });

15
app/api/register/route.ts
View File

@@ -1,6 +1,6 @@
import { NextRequest, NextResponse } from "next/server";
import { z } from "zod";
import { signSession, cookieName, isAdminName } from "@/lib/auth";
import { cookieName, signSession } from "@/lib/auth";
import { DEFAULT_DAILY_POST_LIMIT } from "@/lib/users";
import { getDb } from "@/lib/mongo";
import { hashPassword } from "@/lib/password";
@@ -13,6 +13,7 @@ export async function POST(req: NextRequest) {
displayName: z.string().trim().min(2).max(32).optional()
});
const parsed = schema.safeParse(body);
if (!parsed.success) {
return NextResponse.json({ error: "用户名或密码格式不正确" }, { status: 400 });
}
@@ -20,7 +21,6 @@ export async function POST(req: NextRequest) {
const { username, password, displayName } = parsed.data;
const usernameLower = username.toLowerCase();
const resolvedDisplayName = displayName || username;
const role = isAdminName(username) || isAdminName(resolvedDisplayName) ? "admin" : "user";
const db = await getDb();
const exists = await db.collection("users").findOne({ usernameLower });
@@ -34,7 +34,7 @@ export async function POST(req: NextRequest) {
username,
usernameLower,
displayName: resolvedDisplayName,
role,
role: "user" as const,
dailyPostLimit: DEFAULT_DAILY_POST_LIMIT,
passwordHash: hash,
passwordSalt: salt,
@@ -42,18 +42,17 @@ export async function POST(req: NextRequest) {
};
const result = await db.collection("users").insertOne(doc);
const name = doc.displayName;
const exp = Date.now() + 24 * 60 * 60 * 1000;
const token = await signSession({
role,
role: doc.role,
iat: Date.now(),
exp,
uid: result.insertedId?.toString(),
name,
name: doc.displayName,
username
});
const res = NextResponse.json({ ok: true, name });
const res = NextResponse.json({ ok: true, name: doc.displayName, role: doc.role });
res.cookies.set(cookieName, token, {
httpOnly: true,
sameSite: "lax",

4
app/layout.tsx
View File

@@ -15,6 +15,8 @@ export default async function RootLayout({ children }: { children: ReactNode })
const token = cookies().get(cookieName)?.value;
const session = await verifySession(token);
const userName = session?.name ?? "访客";
const roleLabel =
session?.role === "admin" ? "管理员" : session?.role === "sponsor" ? "赞助" : "普通";
return (
<html lang="zh-CN">
@@ -47,7 +49,7 @@ export default async function RootLayout({ children }: { children: ReactNode })
{session ? (
<div className="flex items-center gap-2">
<span className="rounded-full bg-slate-100 px-3 py-1 text-xs font-medium text-slate-700">
{userName}
{userName} · {roleLabel}
</span>
<LogoutButton />
</div>

49
app/p/[slug]/page.tsx
View File

@@ -1,8 +1,12 @@
import { cookies } from "next/headers";
import Link from "next/link";
import { notFound } from "next/navigation";
import { FavoriteButton } from "@/components/FavoriteButton";
import { MarkdownViewer } from "@/components/MarkdownViewer";
import { SharePanel } from "@/components/SharePanel";
import { cookieName, verifySession } from "@/lib/auth";
import { getDb } from "@/lib/mongo";
import { serializePost } from "@/lib/posts";
import { canEditPost, serializePost } from "@/lib/posts";
import { normalizeImageUrl } from "@/lib/normalize";
import { getSiteUrl } from "@/lib/site";
@@ -20,15 +24,23 @@ async function fetchPost(slug: string) {
}
db.collection("posts").updateOne({ _id: doc._id }, { $inc: { views: 1 } }).catch(() => {});
return serializePost({ ...doc, views: (doc.views ?? 0) + 1 });
const favoriteCount = await db.collection("favorites").countDocuments({ postSlug: slug });
return serializePost({ ...doc, views: (doc.views ?? 0) + 1, favoriteCount });
}
export default async function PostPage({ params }: Props) {
const token = cookies().get(cookieName)?.value;
const session = await verifySession(token);
const post = await fetchPost(params.slug);
if (!post) {
notFound();
}
const db = await getDb();
const isFavorited = session?.uid
? Boolean(await db.collection("favorites").findOne({ ownerId: session.uid, postSlug: post.slug }))
: false;
const canEdit = canEditPost(post, session);
const coverUrl = normalizeImageUrl(post.cover);
const shareUrl = `${getSiteUrl()}/p/${post.slug}`;
@@ -36,8 +48,33 @@ export default async function PostPage({ params }: Props) {
<article className="rounded-2xl bg-white/80 p-6 shadow-sm ring-1 ring-slate-100">
<div className="mb-4">
<div className="flex flex-wrap items-center justify-between gap-3">
<h1 className="text-2xl font-semibold text-slate-900">{post.title}</h1>
<SharePanel url={shareUrl} />
<div className="space-y-2">
<div className="flex flex-wrap items-center gap-2">
{post.isPinned ? (
<span className="rounded-full bg-amber-50 px-2 py-1 text-xs font-medium text-amber-700 ring-1 ring-amber-100">
</span>
) : null}
<h1 className="text-2xl font-semibold text-slate-900">{post.title}</h1>
</div>
</div>
<div className="flex flex-wrap items-center gap-2">
{canEdit ? (
<Link
href={`/admin/edit/${post.slug}`}
className="rounded-full bg-brand-50 px-3 py-2 text-sm font-medium text-brand-700 ring-1 ring-brand-100 hover:bg-brand-100"
>
</Link>
) : null}
<FavoriteButton
slug={post.slug}
initialFavorited={isFavorited}
initialCount={post.favoriteCount ?? 0}
canFavorite={Boolean(session?.uid)}
/>
<SharePanel url={shareUrl} />
</div>
</div>
<p className="mt-2 text-sm text-slate-500">
{post.author || "匿名"} |{" "}
@@ -45,6 +82,10 @@ export default async function PostPage({ params }: Props) {
hour12: false,
timeZone: "Asia/Shanghai"
})}
{" · "}
{post.views ?? 0}
{" · "}
{post.favoriteCount ?? 0}
</p>
{coverUrl ? (
<img

6
app/page.tsx
View File

@@ -1,6 +1,6 @@
import { PostCard } from "@/components/PostCard";
import { getDb } from "@/lib/mongo";
import { serializePost } from "@/lib/posts";
import { buildPinnedSort, serializePost } from "@/lib/posts";
import { buildSearchFilter } from "@/lib/search";
import { Post } from "@/types/post";
@@ -32,7 +32,7 @@ async function fetchPosts(params: {
const docs = await db
.collection("posts")
.find(filter, { projection: { markdown: 0 } })
.sort({ createdAt: -1 })
.sort(buildPinnedSort())
.skip((page - 1) * PAGE_SIZE)
.limit(PAGE_SIZE)
.toArray();
@@ -83,7 +83,7 @@ export default async function HomePage({
<div className="rounded-2xl bg-gradient-to-r from-brand-500 to-brand-700 p-6 text-white shadow-lg">
<h1 className="text-2xl font-semibold">OPC Feed</h1>
<p className="mt-2 text-sm text-white/80">
</p>
{tag ? (
<div className="mt-3 inline-flex items-center gap-2 rounded-full bg-white/15 px-3 py-1 text-xs font-medium">

6
app/tags/[tag]/page.tsx
View File

@@ -1,6 +1,6 @@
import { PostCard } from "@/components/PostCard";
import { getDb } from "@/lib/mongo";
import { serializePost } from "@/lib/posts";
import { buildPinnedSort, serializePost } from "@/lib/posts";
import { buildSearchFilter } from "@/lib/search";
import { Post } from "@/types/post";
@@ -27,7 +27,7 @@ async function fetchTagPosts(params: {
const docs = await db
.collection("posts")
.find(filter, { projection: { markdown: 0 } })
.sort({ createdAt: -1 })
.sort(buildPinnedSort())
.skip((page - 1) * PAGE_SIZE)
.limit(PAGE_SIZE)
.toArray();
@@ -64,7 +64,7 @@ export default async function TagDetailPage({
<div className="space-y-6">
<div className="rounded-2xl bg-white/80 p-6 shadow-sm ring-1 ring-slate-100">
<h1 className="text-2xl font-semibold"> / {tag}</h1>
<p className="mt-2 text-sm text-slate-500"> {total} </p>
<p className="mt-2 text-sm text-slate-500"> {total} </p>
</div>
<form

112
components/AdminPostList.tsx
View File

@@ -8,13 +8,24 @@ type AdminPost = Post & { createdAtText?: string };
export function AdminPostList({
initialPosts,
canDelete = false
title = "最近内容",
description,
emptyText = "暂无内容。",
canDelete = false,
canPin = false,
showEdit = true
}: {
initialPosts: AdminPost[];
title?: string;
description?: string;
emptyText?: string;
canDelete?: boolean;
canPin?: boolean;
showEdit?: boolean;
}) {
const [posts, setPosts] = useState<AdminPost[]>(initialPosts);
const [tagQuery, setTagQuery] = useState("");
const [busySlug, setBusySlug] = useState<string | null>(null);
const visiblePosts = useMemo(() => {
const query = tagQuery.trim().toLowerCase();
@@ -25,33 +36,74 @@ export function AdminPostList({
async function handleDelete(slug: string) {
if (!window.confirm("确定要删除这条内容吗?此操作不可恢复。")) return;
const res = await fetch(`/api/posts/${slug}`, { method: "DELETE" });
if (!res.ok) {
const data = await res.json().catch(() => ({}));
alert(data.error || "删除失败");
return;
}
setBusySlug(slug);
try {
const res = await fetch(`/api/posts/${slug}`, { method: "DELETE" });
if (!res.ok) {
const data = await res.json().catch(() => ({}));
alert(data.error || "删除失败");
return;
}
setPosts((prev) => prev.filter((post) => post.slug !== slug));
setPosts((prev) => prev.filter((post) => post.slug !== slug));
} finally {
setBusySlug(null);
}
}
async function handleTogglePin(post: AdminPost) {
setBusySlug(post.slug);
try {
const res = await fetch(`/api/posts/${post.slug}/pin`, {
method: post.isPinned ? "DELETE" : "POST"
});
const data = await res.json().catch(() => ({}));
if (!res.ok) {
alert(data.error || "置顶操作失败");
return;
}
setPosts((prev) =>
[...prev]
.map((item) =>
item.slug === post.slug
? {
...item,
isPinned: Boolean(data.isPinned),
pinnedAt: data.pinnedAt
}
: item
)
.sort((a, b) => {
const pinnedDiff = Number(Boolean(b.isPinned)) - Number(Boolean(a.isPinned));
if (pinnedDiff !== 0) return pinnedDiff;
const pinTimeDiff = (b.pinnedAt || "").localeCompare(a.pinnedAt || "");
if (pinTimeDiff !== 0) return pinTimeDiff;
return b.createdAt.localeCompare(a.createdAt);
})
);
} finally {
setBusySlug(null);
}
}
if (posts.length === 0) {
return (
<div className="rounded-2xl bg-white/80 p-4 text-sm text-slate-500 shadow-sm ring-1 ring-slate-100">
{emptyText}
</div>
);
}
const summary = tagQuery
? `匹配 ${visiblePosts.length} / 共 ${posts.length}`
: `${posts.length}`;
const summary = tagQuery ? `匹配 ${visiblePosts.length} / 共 ${posts.length}` : `${posts.length}`;
return (
<div className="space-y-3 rounded-2xl bg-white/80 p-4 shadow-sm ring-1 ring-slate-100">
<div className="flex flex-wrap items-center justify-between gap-3">
<div>
<h3 className="text-lg font-semibold"></h3>
<h3 className="text-lg font-semibold">{title}</h3>
{description ? <p className="mt-1 text-sm text-slate-500">{description}</p> : null}
<p className="text-xs text-slate-400">{summary}</p>
</div>
<div className="flex items-center gap-2">
@@ -80,7 +132,12 @@ export function AdminPostList({
className="flex flex-wrap items-center justify-between gap-3 rounded-xl border border-slate-100 bg-white/70 p-3"
>
<div>
<Link href={`/p/${post.slug}`} className="font-medium text-slate-900 hover:text-brand-600">
{post.isPinned ? (
<span className="mb-1 inline-flex rounded-full bg-amber-50 px-2 py-1 text-xs font-medium text-amber-700 ring-1 ring-amber-100">
</span>
) : null}
<Link href={`/p/${post.slug}`} className="block font-medium text-slate-900 hover:text-brand-600">
{post.title}
</Link>
<p className="text-xs text-slate-500">
@@ -103,17 +160,30 @@ export function AdminPostList({
) : null}
</div>
<div className="flex items-center gap-2">
<Link
href={`/admin/edit/${post.slug}`}
className="rounded-full bg-brand-50 px-3 py-1 text-xs font-medium text-brand-700 ring-1 ring-brand-100 hover:bg-brand-100"
>
</Link>
{showEdit ? (
<Link
href={`/admin/edit/${post.slug}`}
className="rounded-full bg-brand-50 px-3 py-1 text-xs font-medium text-brand-700 ring-1 ring-brand-100 hover:bg-brand-100"
>
</Link>
) : null}
{canPin ? (
<button
type="button"
disabled={busySlug === post.slug}
onClick={() => handleTogglePin(post)}
className="rounded-full bg-amber-50 px-3 py-1 text-xs font-medium text-amber-700 ring-1 ring-amber-100 hover:bg-amber-100 disabled:opacity-60"
>
{post.isPinned ? "取消置顶" : "置顶"}
</button>
) : null}
{canDelete ? (
<button
type="button"
disabled={busySlug === post.slug}
onClick={() => handleDelete(post.slug)}
className="rounded-full bg-red-50 px-3 py-1 text-xs font-medium text-red-600 ring-1 ring-red-100 hover:bg-red-100"
className="rounded-full bg-red-50 px-3 py-1 text-xs font-medium text-red-600 ring-1 ring-red-100 hover:bg-red-100 disabled:opacity-60"
>
</button>

119
components/AdminUserManager.tsx
View File

@@ -6,19 +6,26 @@ type ManagedPost = {
slug: string;
title: string;
createdAt: string;
isPinned?: boolean;
};
type ManagedUser = {
id: string;
username: string;
displayName: string;
role: "admin" | "user";
role: "user" | "sponsor" | "admin";
dailyPostLimit: number;
postCount: number;
todayPostCount: number;
posts: ManagedPost[];
};
const ROLE_OPTIONS: Array<{ value: ManagedUser["role"]; label: string }> = [
{ value: "user", label: "普通" },
{ value: "sponsor", label: "赞助" },
{ value: "admin", label: "管理员" }
];
export function AdminUserManager({
initialUsers,
currentUserId
@@ -67,13 +74,46 @@ export function AdminUserManager({
);
}
async function handleSaveLimit(userId: string, dailyPostLimit: number) {
async function handleTogglePin(userId: string, slug: string, isPinned: boolean) {
const res = await fetch(`/api/posts/${slug}/pin`, {
method: isPinned ? "DELETE" : "POST"
});
const data = await res.json().catch(() => ({}));
if (!res.ok) {
alert(data.error || "置顶操作失败");
return;
}
setUsers((prev) =>
prev.map((user) =>
user.id !== userId
? user
: {
...user,
posts: [...user.posts]
.map((post) =>
post.slug === slug ? { ...post, isPinned: Boolean(data.isPinned) } : post
)
.sort((a, b) => {
const pinnedDiff = Number(Boolean(b.isPinned)) - Number(Boolean(a.isPinned));
if (pinnedDiff !== 0) return pinnedDiff;
return b.createdAt.localeCompare(a.createdAt);
})
}
)
);
}
async function handleSaveUser(
userId: string,
payload: { dailyPostLimit: number; role: ManagedUser["role"] }
) {
setSavingId(userId);
try {
const res = await fetch(`/api/admin/users/${userId}`, {
method: "PATCH",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ dailyPostLimit })
body: JSON.stringify(payload)
});
const data = await res.json().catch(() => ({}));
if (!res.ok) {
@@ -83,7 +123,13 @@ export function AdminUserManager({
setUsers((prev) =>
prev.map((user) =>
user.id === userId ? { ...user, dailyPostLimit: data.dailyPostLimit ?? dailyPostLimit } : user
user.id === userId
? {
...user,
dailyPostLimit: data.dailyPostLimit ?? payload.dailyPostLimit,
role: data.role ?? payload.role
}
: user
)
);
} finally {
@@ -109,7 +155,9 @@ export function AdminUserManager({
<div className="flex flex-wrap items-center justify-between gap-3">
<div>
<h3 className="text-lg font-semibold text-slate-900"></h3>
<p className="text-sm text-slate-500"></p>
<p className="text-sm text-slate-500">
</p>
</div>
<input
value={query}
@@ -130,8 +178,9 @@ export function AdminUserManager({
currentUserId={currentUserId}
saving={savingId === user.id}
onDeletePost={handleDeletePost}
onTogglePin={handleTogglePin}
onDeleteUser={handleDeleteUser}
onSaveLimit={handleSaveLimit}
onSaveUser={handleSaveUser}
/>
))
)}
@@ -151,17 +200,23 @@ function AdminUserCard({
currentUserId,
saving,
onDeletePost,
onTogglePin,
onDeleteUser,
onSaveLimit
onSaveUser
}: {
user: ManagedUser;
currentUserId: string;
saving: boolean;
onDeletePost: (slug: string) => Promise<void>;
onTogglePin: (userId: string, slug: string, isPinned: boolean) => Promise<void>;
onDeleteUser: (userId: string) => Promise<void>;
onSaveLimit: (userId: string, dailyPostLimit: number) => Promise<void>;
onSaveUser: (
userId: string,
payload: { dailyPostLimit: number; role: ManagedUser["role"] }
) => Promise<void>;
}) {
const [limit, setLimit] = useState(user.dailyPostLimit);
const [role, setRole] = useState<ManagedUser["role"]>(user.role);
return (
<div className="rounded-2xl border border-slate-100 bg-white/70 p-4">
@@ -171,11 +226,23 @@ function AdminUserCard({
{user.displayName} <span className="text-sm font-normal text-slate-500">(@{user.username})</span>
</h4>
<p className="mt-1 text-sm text-slate-500">
{user.role === "admin" ? "管理员" : "用户"} | {user.postCount} | {user.todayPostCount}
{ROLE_OPTIONS.find((item) => item.value === user.role)?.label || "普通"} |
{user.postCount} | {user.todayPostCount}
</p>
</div>
<div className="flex flex-wrap items-center gap-2">
<select
value={role}
onChange={(e) => setRole(e.target.value as ManagedUser["role"])}
className="rounded-full border border-slate-200 bg-white px-3 py-2 text-sm shadow-inner focus:border-brand-500 focus:outline-none"
>
{ROLE_OPTIONS.map((option) => (
<option key={option.value} value={option.value}>
{option.label}
</option>
))}
</select>
<input
type="number"
min={0}
@@ -186,10 +253,10 @@ function AdminUserCard({
<button
type="button"
disabled={saving}
onClick={() => onSaveLimit(user.id, limit)}
onClick={() => onSaveUser(user.id, { dailyPostLimit: limit, role })}
className="rounded-full bg-brand-50 px-3 py-2 text-xs font-medium text-brand-700 ring-1 ring-brand-100 hover:bg-brand-100 disabled:opacity-60"
>
</button>
{user.id !== currentUserId ? (
<button
@@ -213,7 +280,12 @@ function AdminUserCard({
className="flex flex-wrap items-center justify-between gap-3 rounded-xl border border-slate-100 bg-white px-3 py-2"
>
<div>
<a href={`/p/${post.slug}`} className="text-sm font-medium text-slate-900 hover:text-brand-600">
{post.isPinned ? (
<span className="mb-1 inline-flex rounded-full bg-amber-50 px-2 py-1 text-xs font-medium text-amber-700 ring-1 ring-amber-100">
</span>
) : null}
<a href={`/p/${post.slug}`} className="block text-sm font-medium text-slate-900 hover:text-brand-600">
{post.title}
</a>
<p className="text-xs text-slate-500">
@@ -223,13 +295,22 @@ function AdminUserCard({
})}
</p>
</div>
<button
type="button"
onClick={() => onDeletePost(post.slug)}
className="rounded-full bg-red-50 px-3 py-1 text-xs font-medium text-red-600 ring-1 ring-red-100 hover:bg-red-100"
>
</button>
<div className="flex items-center gap-2">
<button
type="button"
onClick={() => onTogglePin(user.id, post.slug, Boolean(post.isPinned))}
className="rounded-full bg-amber-50 px-3 py-1 text-xs font-medium text-amber-700 ring-1 ring-amber-100 hover:bg-amber-100"
>
{post.isPinned ? "取消置顶" : "置顶"}
</button>
<button
type="button"
onClick={() => onDeletePost(post.slug)}
className="rounded-full bg-red-50 px-3 py-1 text-xs font-medium text-red-600 ring-1 ring-red-100 hover:bg-red-100"
>
</button>
</div>
</div>
))
)}

70
components/FavoriteButton.tsx Normal file
View File

@@ -0,0 +1,70 @@
"use client";
import Link from "next/link";
import { useState } from "react";
type FavoriteButtonProps = {
slug: string;
initialFavorited: boolean;
initialCount: number;
canFavorite: boolean;
};
export function FavoriteButton({
slug,
initialFavorited,
initialCount,
canFavorite
}: FavoriteButtonProps) {
const [favorited, setFavorited] = useState(initialFavorited);
const [count, setCount] = useState(initialCount);
const [loading, setLoading] = useState(false);
async function handleToggle() {
if (loading) return;
setLoading(true);
try {
const res = await fetch(`/api/posts/${slug}/favorite`, {
method: favorited ? "DELETE" : "POST"
});
const data = await res.json().catch(() => ({}));
if (!res.ok) {
alert(data.error || "收藏操作失败");
return;
}
setFavorited(Boolean(data.isFavorited));
setCount(typeof data.favoriteCount === "number" ? data.favoriteCount : count);
} finally {
setLoading(false);
}
}
if (!canFavorite) {
return (
<Link
href={`/login?next=/p/${encodeURIComponent(slug)}`}
className="rounded-full bg-amber-50 px-3 py-2 text-sm font-medium text-amber-700 ring-1 ring-amber-100 hover:bg-amber-100"
>
</Link>
);
}
return (
<button
type="button"
onClick={handleToggle}
disabled={loading}
className={`rounded-full px-3 py-2 text-sm font-medium ring-1 transition disabled:cursor-not-allowed disabled:opacity-60 ${
favorited
? "bg-rose-50 text-rose-700 ring-rose-100 hover:bg-rose-100"
: "bg-slate-100 text-slate-700 ring-slate-200 hover:bg-slate-200"
}`}
>
{loading ? "处理中..." : `${favorited ? "已收藏" : "收藏"} · ${count}`}
</button>
);
}

5
components/PostCard.tsx
View File

@@ -14,6 +14,11 @@ export function PostCard({ post }: Props) {
<article className="group rounded-2xl bg-white/80 p-4 shadow-sm ring-1 ring-slate-100 transition-[transform,box-shadow] duration-300 will-change-transform transform-gpu hover:shadow-lg hover:[transform:perspective(900px)_translateY(-4px)_rotateX(2deg)_rotateY(-2deg)]">
<div className="flex items-start justify-between gap-3">
<div className="space-y-1">
{post.isPinned ? (
<span className="inline-flex rounded-full bg-amber-50 px-2 py-1 text-xs font-medium text-amber-700 ring-1 ring-amber-100">
</span>
) : null}
<Link
href={`/p/${post.slug}`}
className="block text-lg font-semibold text-slate-900 transition group-hover:text-brand-600"

16
lib/auth.ts
View File

@@ -6,6 +6,9 @@ const encoder = new TextEncoder();
let cachedKey: CryptoKey | null = null;
let cachedSecret: string | null = null;
export const USER_ROLE_VALUES = ["user", "sponsor", "admin"] as const;
export type UserRole = (typeof USER_ROLE_VALUES)[number];
function getSecret() {
const secret = process.env.SESSION_SECRET;
if (!secret) {
@@ -15,7 +18,7 @@ function getSecret() {
}
export type SessionPayload = {
role: "admin" | "user";
role: UserRole;
iat: number;
exp?: number;
uid?: string;
@@ -33,6 +36,10 @@ export function isAdminName(name?: string | null) {
return Boolean(adminName && value && adminName === value);
}
export function resolveUserRole(value?: unknown): UserRole | null {
return USER_ROLE_VALUES.includes(value as UserRole) ? (value as UserRole) : null;
}
export function isAdminSession(session?: SessionPayload | null) {
return session?.role === "admin";
}
@@ -41,6 +48,7 @@ async function getHmacKey(secret: string) {
if (cachedKey && cachedSecret === secret) {
return cachedKey;
}
cachedSecret = secret;
cachedKey = await crypto.subtle.importKey(
"raw",
@@ -67,14 +75,17 @@ export async function signSession(payload: SessionPayload): Promise<string> {
export async function verifySession(token?: string): Promise<SessionPayload | null> {
if (!token) return null;
const secret = getSecret();
const [base, sig] = token.split(".");
if (!base || !sig) return null;
const check = await hmacSha256(base, secret);
if (check !== sig) return null;
try {
const payload = JSON.parse(Buffer.from(base, "base64url").toString());
if (payload?.role !== "admin" && payload?.role !== "user") {
if (!resolveUserRole(payload?.role)) {
return null;
}
if (typeof payload?.exp !== "number") {
@@ -83,6 +94,7 @@ export async function verifySession(token?: string): Promise<SessionPayload | nu
if (Date.now() > payload.exp) {
return null;
}
return payload;
} catch {
return null;

18
lib/posts.ts
View File

@@ -78,6 +78,18 @@ export function canDeletePost(doc: any, session?: SessionPayload | null) {
return Boolean(doc && isAdminSession(session));
}
export function canPinPost(doc: any, session?: SessionPayload | null) {
return Boolean(doc && isAdminSession(session));
}
export function buildPinnedSort() {
return {
isPinned: -1 as const,
pinnedAt: -1 as const,
createdAt: -1 as const
};
}
export function serializePost(doc: any): Post {
return {
_id: doc._id?.toString(),
@@ -91,6 +103,10 @@ export function serializePost(doc: any): Post {
ownerId: doc.ownerId,
createdAt: doc.createdAt ?? new Date().toISOString(),
updatedAt: doc.updatedAt ?? doc.createdAt ?? new Date().toISOString(),
views: doc.views ?? 0
views: doc.views ?? 0,
isPinned: Boolean(doc.isPinned),
pinnedAt: doc.pinnedAt,
favoriteCount: typeof doc.favoriteCount === "number" ? doc.favoriteCount : undefined,
isFavorited: typeof doc.isFavorited === "boolean" ? doc.isFavorited : undefined
};
}

4
types/post.ts
View File

@@ -11,4 +11,8 @@ export type Post = {
createdAt: string;
updatedAt: string;
views?: number;
isPinned?: boolean;
pinnedAt?: string;
favoriteCount?: number;
isFavorited?: boolean;
};