backend/app/Controller/api/v1/UserController.php

<?php

declare(strict_types=1);

namespace App\Controller\Api\V1;

use App\Controller\AbstractController;
use App\Middleware\AuthMiddleware;
use App\Middleware\PermissionMiddleware;
use App\Model\User;
use App\Service\OperationLogService;
use App\Utils\RequestHelper;
use Hyperf\HttpServer\Annotation\Controller;
use Hyperf\HttpServer\Annotation\Middleware;
use Hyperf\HttpServer\Annotation\RequestMapping;
use OpenApi\Attributes as OA;

#[OA\Tag(name: 'Users', description: '用户管理')]
#[Controller(prefix: "/api/v1/users")]
class UserController extends AbstractController
{
    /**
     * 用户列表
     *
     * 支持分页、按 username/email 模糊搜索、按 status 精确筛选
     */
    #[OA\Get(
        path: '/users',
        summary: '用户列表',
        description: '获取用户列表，支持分页、按 username/email 模糊搜索、按 status 精确筛选',
        security: [['bearerAuth' => []]],
        tags: ['Users'],
        parameters: [
            new OA\Parameter(name: 'page', in: 'query', required: false, schema: new OA\Schema(type: 'integer', default: 1)),
            new OA\Parameter(name: 'per_page', in: 'query', required: false, schema: new OA\Schema(type: 'integer', default: 15, maximum: 100)),
            new OA\Parameter(name: 'username', in: 'query', required: false, description: '用户名模糊搜索', schema: new OA\Schema(type: 'string')),
            new OA\Parameter(name: 'email', in: 'query', required: false, description: '邮箱模糊搜索', schema: new OA\Schema(type: 'string')),
            new OA\Parameter(name: 'status', in: 'query', required: false, description: '状态筛选（0=禁用，1=启用）', schema: new OA\Schema(type: 'integer', enum: [0, 1])),
        ],
        responses: [
            new OA\Response(
                response: 200,
                description: '获取成功',
                content: new OA\JsonContent(properties: [
                    new OA\Property(property: 'code', type: 'integer', example: 0),
                    new OA\Property(property: 'message', type: 'string', example: '获取成功'),
                    new OA\Property(property: 'data', properties: [
                        new OA\Property(property: 'items', type: 'array', items: new OA\Items(ref: '#/components/schemas/User')),
                        new OA\Property(property: 'total', type: 'integer', example: 100),
                        new OA\Property(property: 'page', type: 'integer', example: 1),
                        new OA\Property(property: 'per_page', type: 'integer', example: 15),
                    ], type: 'object'),
                ])
            ),
            new OA\Response(response: 401, description: '未认证', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
        ]
    )]
    #[RequestMapping(path: "", methods: "GET")]
    #[Middleware(AuthMiddleware::class)]
    #[Middleware(PermissionMiddleware::class)]
    public function index(): array
    {
        $page = max(1, (int) $this->request->input('page', 1));
        $per_page = min(100, max(1, (int) $this->request->input('per_page', 15)));

        $query = User::query()->with('role');

        // 按 username 模糊搜索
        $username = $this->request->input('username');
        if ($username !== null && $username !== '') {
            $query->where('username', 'like', '%' . $username . '%');
        }

        // 按 email 模糊搜索
        $email = $this->request->input('email');
        if ($email !== null && $email !== '') {
            $query->where('email', 'like', '%' . $email . '%');
        }

        // 按 status 精确筛选
        $status = $this->request->input('status');
        if ($status !== null && $status !== '') {
            $query->where('status', (int) $status);
        }

        // 按 created_at 降序排序
        $query->orderBy('created_at', 'desc');

        $total = $query->count();
        $items = $query->offset(($page - 1) * $per_page)
            ->limit($per_page)
            ->get();

        return [
            'code' => 0,
            'message' => '获取成功',
            'data' => [
                'items' => $items,
                'total' => $total,
                'page' => $page,
                'per_page' => $per_page,
            ],
        ];
    }

    /**
     * 创建用户
     */
    #[OA\Post(
        path: '/users',
        summary: '创建用户',
        security: [['bearerAuth' => []]],
        tags: ['Users'],
        requestBody: new OA\RequestBody(
            required: true,
            content: new OA\JsonContent(
                required: ['username', 'password', 'email'],
                properties: [
                    new OA\Property(property: 'username', type: 'string', minLength: 3, maxLength: 20, example: 'new_user'),
                    new OA\Property(property: 'password', type: 'string', minLength: 6, maxLength: 32, example: 'Pass_1234'),
                    new OA\Property(property: 'email', type: 'string', format: 'email', maxLength: 100, example: 'new@example.com'),
                    new OA\Property(property: 'status', type: 'integer', enum: [0, 1], default: 1),
                ]
            )
        ),
        responses: [
            new OA\Response(
                response: 200,
                description: '创建成功',
                content: new OA\JsonContent(properties: [
                    new OA\Property(property: 'code', type: 'integer', example: 0),
                    new OA\Property(property: 'message', type: 'string', example: '创建成功'),
                    new OA\Property(property: 'data', ref: '#/components/schemas/User'),
                ])
            ),
            new OA\Response(response: 400, description: '参数校验失败或唯一性冲突', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
            new OA\Response(response: 401, description: '未认证', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
        ]
    )]
    #[RequestMapping(path: "", methods: "POST")]
    #[Middleware(AuthMiddleware::class)]
    #[Middleware(PermissionMiddleware::class)]
    public function store(): \Psr\Http\Message\ResponseInterface|array
    {
        $username = $this->request->input('username');
        $password = $this->request->input('password');
        $email = $this->request->input('email');
        $status_input = $this->request->input('status');

        if (!is_string($username) || trim($username) === '') {
            return $this->response->json([
                'code' => 400,
                'message' => '用户名不能为空',
            ])->withStatus(400);
        }

        $username = trim($username);
        $username_length = strlen($username);
        if ($username_length < 3 || $username_length > 20) {
            return $this->response->json([
                'code' => 400,
                'message' => '用户名长度需在 3-20 个字符',
            ])->withStatus(400);
        }

        if (!is_string($password) || $password === '') {
            return $this->response->json([
                'code' => 400,
                'message' => '密码不能为空',
            ])->withStatus(400);
        }

        $password_length = strlen($password);
        if ($password_length < 6 || $password_length > 32) {
            return $this->response->json([
                'code' => 400,
                'message' => '密码长度需在 6-32 个字符',
            ])->withStatus(400);
        }

        if (!is_string($email) || trim($email) === '') {
            return $this->response->json([
                'code' => 400,
                'message' => '邮箱不能为空',
            ])->withStatus(400);
        }

        $email = trim($email);
        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
            return $this->response->json([
                'code' => 400,
                'message' => '邮箱格式不正确',
            ])->withStatus(400);
        }

        if (strlen($email) > 100) {
            return $this->response->json([
                'code' => 400,
                'message' => '邮箱长度不能超过 100 个字符',
            ])->withStatus(400);
        }

        if ($status_input === null || $status_input === '') {
            $status = 1;
        } elseif (!is_numeric($status_input) || !in_array((int) $status_input, [0, 1], true)) {
            return $this->response->json([
                'code' => 400,
                'message' => 'status 参数必须为 0 或 1',
            ])->withStatus(400);
        } else {
            $status = (int) $status_input;
        }

        if (User::query()->where('username', $username)->exists()) {
            return $this->response->json([
                'code' => 400,
                'message' => '用户名已存在',
            ])->withStatus(400);
        }

        if (User::query()->where('email', $email)->exists()) {
            return $this->response->json([
                'code' => 400,
                'message' => '邮箱已被注册',
            ])->withStatus(400);
        }

        $user = User::query()->create([
            'username' => $username,
            'password' => $password,
            'email' => $email,
            'status' => $status,
        ]);

        OperationLogService::log(
            user_id: OperationLogService::getCurrentUserId(),
            action: 'user.create',
            target_type: 'user',
            target_id: $user->id,
            description: "创建用户 {$username}",
            detail: ['email' => $email, 'status' => $status],
            ip: RequestHelper::getClientIp($this->request),
        );

        return [
            'code' => 0,
            'message' => '创建成功',
            'data' => $user,
        ];
    }

    /**
     * 用户详情
     *
     * @param int $id 用户 ID
     */
    #[OA\Get(
        path: '/users/{id}',
        summary: '用户详情',
        security: [['bearerAuth' => []]],
        tags: ['Users'],
        parameters: [
            new OA\Parameter(name: 'id', in: 'path', required: true, description: '用户 ID', schema: new OA\Schema(type: 'integer')),
        ],
        responses: [
            new OA\Response(
                response: 200,
                description: '获取成功',
                content: new OA\JsonContent(properties: [
                    new OA\Property(property: 'code', type: 'integer', example: 0),
                    new OA\Property(property: 'message', type: 'string', example: '获取成功'),
                    new OA\Property(property: 'data', ref: '#/components/schemas/User'),
                ])
            ),
            new OA\Response(response: 401, description: '未认证', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
            new OA\Response(response: 404, description: '用户不存在', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
        ]
    )]
    #[RequestMapping(path: "{id}", methods: "GET")]
    #[Middleware(AuthMiddleware::class)]
    #[Middleware(PermissionMiddleware::class)]
    public function show(int $id): \Psr\Http\Message\ResponseInterface|array
    {
        $user = User::query()->with('role')->find($id);

        if (!$user) {
            return $this->response->json([
                'code' => 404,
                'message' => '用户不存在',
            ])->withStatus(404);
        }

        return [
            'code' => 0,
            'message' => '获取成功',
            'data' => $user,
        ];
    }

    /**
     * 更新用户信息
     *
     * @param int $id 用户 ID
     */
    #[OA\Put(
        path: '/users/{id}',
        summary: '更新用户信息',
        description: '更新用户的 username、email 或 ext 字段，不支持修改密码',
        security: [['bearerAuth' => []]],
        tags: ['Users'],
        parameters: [
            new OA\Parameter(name: 'id', in: 'path', required: true, description: '用户 ID', schema: new OA\Schema(type: 'integer')),
        ],
        requestBody: new OA\RequestBody(
            required: true,
            content: new OA\JsonContent(properties: [
                new OA\Property(property: 'username', type: 'string', minLength: 3, maxLength: 20, example: 'updated_user'),
                new OA\Property(property: 'email', type: 'string', format: 'email', maxLength: 100, example: 'updated@example.com'),
                new OA\Property(property: 'ext', type: 'object', nullable: true, example: ['nickname' => 'Tester']),
            ])
        ),
        responses: [
            new OA\Response(
                response: 200,
                description: '更新成功',
                content: new OA\JsonContent(properties: [
                    new OA\Property(property: 'code', type: 'integer', example: 0),
                    new OA\Property(property: 'message', type: 'string', example: '更新成功'),
                    new OA\Property(property: 'data', ref: '#/components/schemas/User'),
                ])
            ),
            new OA\Response(response: 400, description: '参数校验失败或唯一性冲突', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
            new OA\Response(response: 401, description: '未认证', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
            new OA\Response(response: 404, description: '用户不存在', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
        ]
    )]
    #[RequestMapping(path: "{id}", methods: "PUT")]
    #[Middleware(AuthMiddleware::class)]
    #[Middleware(PermissionMiddleware::class)]
    public function update(int $id): \Psr\Http\Message\ResponseInterface|array
    {
        $user = User::query()->find($id);

        if (!$user) {
            return $this->response->json([
                'code' => 404,
                'message' => '用户不存在',
            ])->withStatus(404);
        }

        if ($this->request->input('password') !== null) {
            return $this->response->json([
                'code' => 400,
                'message' => '更新接口不支持修改密码',
            ])->withStatus(400);
        }

        $username = $this->request->input('username');
        $email = $this->request->input('email');
        $ext = $this->request->input('ext');
        $updates = [];

        if ($username !== null) {
            if (!is_string($username) || trim($username) === '') {
                return $this->response->json([
                    'code' => 400,
                    'message' => '用户名不能为空',
                ])->withStatus(400);
            }

            $username = trim($username);
            $username_length = strlen($username);
            if ($username_length < 3 || $username_length > 20) {
                return $this->response->json([
                    'code' => 400,
                    'message' => '用户名长度需在 3-20 个字符',
                ])->withStatus(400);
            }

            if (User::query()->where('username', $username)->where('id', '!=', $user->id)->exists()) {
                return $this->response->json([
                    'code' => 400,
                    'message' => '用户名已存在',
                ])->withStatus(400);
            }

            $updates['username'] = $username;
        }

        if ($email !== null) {
            if (!is_string($email) || trim($email) === '') {
                return $this->response->json([
                    'code' => 400,
                    'message' => '邮箱不能为空',
                ])->withStatus(400);
            }

            $email = trim($email);
            if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                return $this->response->json([
                    'code' => 400,
                    'message' => '邮箱格式不正确',
                ])->withStatus(400);
            }

            if (strlen($email) > 100) {
                return $this->response->json([
                    'code' => 400,
                    'message' => '邮箱长度不能超过 100 个字符',
                ])->withStatus(400);
            }

            if (User::query()->where('email', $email)->where('id', '!=', $user->id)->exists()) {
                return $this->response->json([
                    'code' => 400,
                    'message' => '邮箱已被注册',
                ])->withStatus(400);
            }

            $updates['email'] = $email;
        }

        if ($ext !== null) {
            if (!is_array($ext)) {
                return $this->response->json([
                    'code' => 400,
                    'message' => 'ext 必须为对象',
                ])->withStatus(400);
            }

            $updates['ext'] = $ext;
        }

        if ($updates === []) {
            return $this->response->json([
                'code' => 400,
                'message' => '缺少可更新字段',
            ])->withStatus(400);
        }

        $user->fill($updates);
        $user->save();
        $user->refresh();

        OperationLogService::log(
            user_id: OperationLogService::getCurrentUserId(),
            action: 'user.update',
            target_type: 'user',
            target_id: $user->id,
            description: "更新用户 {$user->username} 信息",
            detail: $updates,
            ip: RequestHelper::getClientIp($this->request),
        );

        return [
            'code' => 0,
            'message' => '更新成功',
            'data' => $user,
        ];
    }

    /**
     * 更新用户状态
     *
     * @param int $id 用户 ID
     */
    #[OA\Patch(
        path: '/users/{id}/status',
        summary: '更新用户状态',
        description: '启用或禁用用户',
        security: [['bearerAuth' => []]],
        tags: ['Users'],
        parameters: [
            new OA\Parameter(name: 'id', in: 'path', required: true, description: '用户 ID', schema: new OA\Schema(type: 'integer')),
        ],
        requestBody: new OA\RequestBody(
            required: true,
            content: new OA\JsonContent(
                required: ['status'],
                properties: [
                    new OA\Property(property: 'status', type: 'integer', enum: [0, 1], description: '0=禁用，1=启用'),
                ]
            )
        ),
        responses: [
            new OA\Response(
                response: 200,
                description: '状态更新成功',
                content: new OA\JsonContent(properties: [
                    new OA\Property(property: 'code', type: 'integer', example: 0),
                    new OA\Property(property: 'message', type: 'string', example: '状态更新成功'),
                    new OA\Property(property: 'data', ref: '#/components/schemas/User'),
                ])
            ),
            new OA\Response(response: 400, description: '参数校验失败', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
            new OA\Response(response: 401, description: '未认证', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
            new OA\Response(response: 404, description: '用户不存在', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
        ]
    )]
    #[RequestMapping(path: "{id}/status", methods: "PATCH")]
    #[Middleware(AuthMiddleware::class)]
    #[Middleware(PermissionMiddleware::class)]
    public function updateStatus(int $id): \Psr\Http\Message\ResponseInterface|array
    {
        $user = User::query()->find($id);

        if (!$user) {
            return $this->response->json([
                'code' => 404,
                'message' => '用户不存在',
            ])->withStatus(404);
        }

        $status_input = $this->request->input('status');
        if ($status_input === null || $status_input === '') {
            return $this->response->json([
                'code' => 400,
                'message' => '缺少 status 参数',
            ])->withStatus(400);
        }

        if (!is_numeric($status_input) || !in_array((int) $status_input, [0, 1], true)) {
            return $this->response->json([
                'code' => 400,
                'message' => 'status 参数必须为 0 或 1',
            ])->withStatus(400);
        }

        $old_status = $user->status;
        $user->status = (int) $status_input;
        $user->save();
        $user->refresh();

        OperationLogService::log(
            user_id: OperationLogService::getCurrentUserId(),
            action: 'user.status_change',
            target_type: 'user',
            target_id: $user->id,
            description: "用户 {$user->username} 状态变更",
            detail: ['old_status' => $old_status, 'new_status' => $user->status],
            ip: RequestHelper::getClientIp($this->request),
        );

        return [
            'code' => 0,
            'message' => '状态更新成功',
            'data' => $user,
        ];
    }
}
update user api 2026-03-06 15:29:04 +08:00			`<?php`

			`declare(strict_types=1);`

			`namespace App\Controller\Api\V1;`

			`use App\Controller\AbstractController;`
			`use App\Middleware\AuthMiddleware;`
update user controller 2026-03-09 14:12:05 +08:00			`use App\Middleware\PermissionMiddleware;`
update user api 2026-03-06 15:29:04 +08:00			`use App\Model\User;`
update 2026-03-17 15:54:53 +08:00			`use App\Service\OperationLogService;`
add request helper 2026-03-18 08:49:10 +08:00			`use App\Utils\RequestHelper;`
update user api 2026-03-06 15:29:04 +08:00			`use Hyperf\HttpServer\Annotation\Controller;`
			`use Hyperf\HttpServer\Annotation\Middleware;`
			`use Hyperf\HttpServer\Annotation\RequestMapping;`
update user manage 2026-03-09 09:02:21 +08:00			`use OpenApi\Attributes as OA;`
update user api 2026-03-06 15:29:04 +08:00
update user manage 2026-03-09 09:02:21 +08:00			`#[OA\Tag(name: 'Users', description: '用户管理')]`
update user api 2026-03-06 15:29:04 +08:00			`#[Controller(prefix: "/api/v1/users")]`
			`class UserController extends AbstractController`
			`{`
			`/**`
			`* 用户列表`
			`*`
			`* 支持分页、按 username/email 模糊搜索、按 status 精确筛选`
			`*/`
update user manage 2026-03-09 09:02:21 +08:00			`#[OA\Get(`
			`path: '/users',`
			`summary: '用户列表',`
			`description: '获取用户列表，支持分页、按 username/email 模糊搜索、按 status 精确筛选',`
			`security: [['bearerAuth' => []]],`
			`tags: ['Users'],`
			`parameters: [`
			`new OA\Parameter(name: 'page', in: 'query', required: false, schema: new OA\Schema(type: 'integer', default: 1)),`
			`new OA\Parameter(name: 'per_page', in: 'query', required: false, schema: new OA\Schema(type: 'integer', default: 15, maximum: 100)),`
			`new OA\Parameter(name: 'username', in: 'query', required: false, description: '用户名模糊搜索', schema: new OA\Schema(type: 'string')),`
			`new OA\Parameter(name: 'email', in: 'query', required: false, description: '邮箱模糊搜索', schema: new OA\Schema(type: 'string')),`
			`new OA\Parameter(name: 'status', in: 'query', required: false, description: '状态筛选（0=禁用，1=启用）', schema: new OA\Schema(type: 'integer', enum: [0, 1])),`
			`],`
			`responses: [`
			`new OA\Response(`
			`response: 200,`
			`description: '获取成功',`
			`content: new OA\JsonContent(properties: [`
			`new OA\Property(property: 'code', type: 'integer', example: 0),`
			`new OA\Property(property: 'message', type: 'string', example: '获取成功'),`
			`new OA\Property(property: 'data', properties: [`
			`new OA\Property(property: 'items', type: 'array', items: new OA\Items(ref: '#/components/schemas/User')),`
			`new OA\Property(property: 'total', type: 'integer', example: 100),`
			`new OA\Property(property: 'page', type: 'integer', example: 1),`
			`new OA\Property(property: 'per_page', type: 'integer', example: 15),`
			`], type: 'object'),`
			`])`
			`),`
			`new OA\Response(response: 401, description: '未认证', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),`
			`]`
			`)]`
update user api 2026-03-06 15:29:04 +08:00			`#[RequestMapping(path: "", methods: "GET")]`
			`#[Middleware(AuthMiddleware::class)]`
update user controller 2026-03-09 14:12:05 +08:00			`#[Middleware(PermissionMiddleware::class)]`
update user api 2026-03-06 15:29:04 +08:00			`public function index(): array`
			`{`
			`$page = max(1, (int) $this->request->input('page', 1));`
			`$per_page = min(100, max(1, (int) $this->request->input('per_page', 15)));`

fix user carries no role info 2026-03-19 08:45:32 +08:00			`$query = User::query()->with('role');`
update user api 2026-03-06 15:29:04 +08:00
			`// 按 username 模糊搜索`
			`$username = $this->request->input('username');`
			`if ($username !== null && $username !== '') {`
			`$query->where('username', 'like', '%' . $username . '%');`
			`}`

			`// 按 email 模糊搜索`
			`$email = $this->request->input('email');`
			`if ($email !== null && $email !== '') {`
			`$query->where('email', 'like', '%' . $email . '%');`
			`}`

			`// 按 status 精确筛选`
			`$status = $this->request->input('status');`
			`if ($status !== null && $status !== '') {`
			`$query->where('status', (int) $status);`
			`}`

			`// 按 created_at 降序排序`
			`$query->orderBy('created_at', 'desc');`

			`$total = $query->count();`
			`$items = $query->offset(($page - 1) * $per_page)`
			`->limit($per_page)`
			`->get();`

			`return [`
			`'code' => 0,`
			`'message' => '获取成功',`
			`'data' => [`
			`'items' => $items,`
			`'total' => $total,`
			`'page' => $page,`
			`'per_page' => $per_page,`
			`],`
			`];`
			`}`

update user api 2026-03-06 16:27:50 +08:00			`/**`
			`* 创建用户`
			`*/`
update user manage 2026-03-09 09:02:21 +08:00			`#[OA\Post(`
			`path: '/users',`
			`summary: '创建用户',`
			`security: [['bearerAuth' => []]],`
			`tags: ['Users'],`
			`requestBody: new OA\RequestBody(`
			`required: true,`
			`content: new OA\JsonContent(`
			`required: ['username', 'password', 'email'],`
			`properties: [`
			`new OA\Property(property: 'username', type: 'string', minLength: 3, maxLength: 20, example: 'new_user'),`
			`new OA\Property(property: 'password', type: 'string', minLength: 6, maxLength: 32, example: 'Pass_1234'),`
			`new OA\Property(property: 'email', type: 'string', format: 'email', maxLength: 100, example: 'new@example.com'),`
			`new OA\Property(property: 'status', type: 'integer', enum: [0, 1], default: 1),`
			`]`
			`)`
			`),`
			`responses: [`
			`new OA\Response(`
			`response: 200,`
			`description: '创建成功',`
			`content: new OA\JsonContent(properties: [`
			`new OA\Property(property: 'code', type: 'integer', example: 0),`
			`new OA\Property(property: 'message', type: 'string', example: '创建成功'),`
			`new OA\Property(property: 'data', ref: '#/components/schemas/User'),`
			`])`
			`),`
			`new OA\Response(response: 400, description: '参数校验失败或唯一性冲突', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),`
			`new OA\Response(response: 401, description: '未认证', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),`
			`]`
			`)]`
update user api 2026-03-06 16:27:50 +08:00			`#[RequestMapping(path: "", methods: "POST")]`
			`#[Middleware(AuthMiddleware::class)]`
update user controller 2026-03-09 14:12:05 +08:00			`#[Middleware(PermissionMiddleware::class)]`
update user api 2026-03-06 16:27:50 +08:00			`public function store(): \Psr\Http\Message\ResponseInterface\|array`
			`{`
			`$username = $this->request->input('username');`
			`$password = $this->request->input('password');`
			`$email = $this->request->input('email');`
			`$status_input = $this->request->input('status');`

			`if (!is_string($username) \|\| trim($username) === '') {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '用户名不能为空',`
			`])->withStatus(400);`
			`}`

			`$username = trim($username);`
			`$username_length = strlen($username);`
			`if ($username_length < 3 \|\| $username_length > 20) {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '用户名长度需在 3-20 个字符',`
			`])->withStatus(400);`
			`}`

			`if (!is_string($password) \|\| $password === '') {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '密码不能为空',`
			`])->withStatus(400);`
			`}`

			`$password_length = strlen($password);`
			`if ($password_length < 6 \|\| $password_length > 32) {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '密码长度需在 6-32 个字符',`
			`])->withStatus(400);`
			`}`

			`if (!is_string($email) \|\| trim($email) === '') {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '邮箱不能为空',`
			`])->withStatus(400);`
			`}`

			`$email = trim($email);`
			`if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '邮箱格式不正确',`
			`])->withStatus(400);`
			`}`

			`if (strlen($email) > 100) {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '邮箱长度不能超过 100 个字符',`
			`])->withStatus(400);`
			`}`

			`if ($status_input === null \|\| $status_input === '') {`
			`$status = 1;`
			`} elseif (!is_numeric($status_input) \|\| !in_array((int) $status_input, [0, 1], true)) {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => 'status 参数必须为 0 或 1',`
			`])->withStatus(400);`
			`} else {`
			`$status = (int) $status_input;`
			`}`

			`if (User::query()->where('username', $username)->exists()) {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '用户名已存在',`
			`])->withStatus(400);`
			`}`

			`if (User::query()->where('email', $email)->exists()) {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '邮箱已被注册',`
			`])->withStatus(400);`
			`}`

			`$user = User::query()->create([`
			`'username' => $username,`
			`'password' => $password,`
			`'email' => $email,`
			`'status' => $status,`
			`]);`

update 2026-03-17 15:54:53 +08:00			`OperationLogService::log(`
fix request log 2026-03-18 08:37:14 +08:00			`user_id: OperationLogService::getCurrentUserId(),`
update 2026-03-17 15:54:53 +08:00			`action: 'user.create',`
			`target_type: 'user',`
			`target_id: $user->id,`
			`description: "创建用户 {$username}",`
			`detail: ['email' => $email, 'status' => $status],`
add request helper 2026-03-18 08:49:10 +08:00			`ip: RequestHelper::getClientIp($this->request),`
update 2026-03-17 15:54:53 +08:00			`);`

update user api 2026-03-06 16:27:50 +08:00			`return [`
			`'code' => 0,`
			`'message' => '创建成功',`
			`'data' => $user,`
			`];`
			`}`

update user api 2026-03-06 15:29:04 +08:00			`/**`
			`* 用户详情`
			`*`
			`* @param int $id 用户 ID`
			`*/`
update user manage 2026-03-09 09:02:21 +08:00			`#[OA\Get(`
			`path: '/users/{id}',`
			`summary: '用户详情',`
			`security: [['bearerAuth' => []]],`
			`tags: ['Users'],`
			`parameters: [`
			`new OA\Parameter(name: 'id', in: 'path', required: true, description: '用户 ID', schema: new OA\Schema(type: 'integer')),`
			`],`
			`responses: [`
			`new OA\Response(`
			`response: 200,`
			`description: '获取成功',`
			`content: new OA\JsonContent(properties: [`
			`new OA\Property(property: 'code', type: 'integer', example: 0),`
			`new OA\Property(property: 'message', type: 'string', example: '获取成功'),`
			`new OA\Property(property: 'data', ref: '#/components/schemas/User'),`
			`])`
			`),`
			`new OA\Response(response: 401, description: '未认证', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),`
			`new OA\Response(response: 404, description: '用户不存在', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),`
			`]`
			`)]`
update user api 2026-03-06 15:29:04 +08:00			`#[RequestMapping(path: "{id}", methods: "GET")]`
			`#[Middleware(AuthMiddleware::class)]`
update user controller 2026-03-09 14:12:05 +08:00			`#[Middleware(PermissionMiddleware::class)]`
update user api 2026-03-06 15:29:04 +08:00			`public function show(int $id): \Psr\Http\Message\ResponseInterface\|array`
			`{`
fix user carries no role info 2026-03-19 08:45:32 +08:00			`$user = User::query()->with('role')->find($id);`
update user api 2026-03-06 15:29:04 +08:00
			`if (!$user) {`
			`return $this->response->json([`
			`'code' => 404,`
			`'message' => '用户不存在',`
			`])->withStatus(404);`
			`}`

			`return [`
			`'code' => 0,`
			`'message' => '获取成功',`
			`'data' => $user,`
			`];`
			`}`
update user api 2026-03-06 16:27:50 +08:00
			`/**`
			`* 更新用户信息`
			`*`
			`* @param int $id 用户 ID`
			`*/`
update user manage 2026-03-09 09:02:21 +08:00			`#[OA\Put(`
			`path: '/users/{id}',`
			`summary: '更新用户信息',`
			`description: '更新用户的 username、email 或 ext 字段，不支持修改密码',`
			`security: [['bearerAuth' => []]],`
			`tags: ['Users'],`
			`parameters: [`
			`new OA\Parameter(name: 'id', in: 'path', required: true, description: '用户 ID', schema: new OA\Schema(type: 'integer')),`
			`],`
			`requestBody: new OA\RequestBody(`
			`required: true,`
			`content: new OA\JsonContent(properties: [`
			`new OA\Property(property: 'username', type: 'string', minLength: 3, maxLength: 20, example: 'updated_user'),`
			`new OA\Property(property: 'email', type: 'string', format: 'email', maxLength: 100, example: 'updated@example.com'),`
			`new OA\Property(property: 'ext', type: 'object', nullable: true, example: ['nickname' => 'Tester']),`
			`])`
			`),`
			`responses: [`
			`new OA\Response(`
			`response: 200,`
			`description: '更新成功',`
			`content: new OA\JsonContent(properties: [`
			`new OA\Property(property: 'code', type: 'integer', example: 0),`
			`new OA\Property(property: 'message', type: 'string', example: '更新成功'),`
			`new OA\Property(property: 'data', ref: '#/components/schemas/User'),`
			`])`
			`),`
			`new OA\Response(response: 400, description: '参数校验失败或唯一性冲突', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),`
			`new OA\Response(response: 401, description: '未认证', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),`
			`new OA\Response(response: 404, description: '用户不存在', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),`
			`]`
			`)]`
update user api 2026-03-06 16:27:50 +08:00			`#[RequestMapping(path: "{id}", methods: "PUT")]`
			`#[Middleware(AuthMiddleware::class)]`
update user controller 2026-03-09 14:12:05 +08:00			`#[Middleware(PermissionMiddleware::class)]`
update user api 2026-03-06 16:27:50 +08:00			`public function update(int $id): \Psr\Http\Message\ResponseInterface\|array`
			`{`
			`$user = User::query()->find($id);`

			`if (!$user) {`
			`return $this->response->json([`
			`'code' => 404,`
			`'message' => '用户不存在',`
			`])->withStatus(404);`
			`}`

			`if ($this->request->input('password') !== null) {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '更新接口不支持修改密码',`
			`])->withStatus(400);`
			`}`

			`$username = $this->request->input('username');`
			`$email = $this->request->input('email');`
			`$ext = $this->request->input('ext');`
			`$updates = [];`

			`if ($username !== null) {`
			`if (!is_string($username) \|\| trim($username) === '') {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '用户名不能为空',`
			`])->withStatus(400);`
			`}`

			`$username = trim($username);`
			`$username_length = strlen($username);`
			`if ($username_length < 3 \|\| $username_length > 20) {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '用户名长度需在 3-20 个字符',`
			`])->withStatus(400);`
			`}`

			`if (User::query()->where('username', $username)->where('id', '!=', $user->id)->exists()) {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '用户名已存在',`
			`])->withStatus(400);`
			`}`

			`$updates['username'] = $username;`
			`}`

			`if ($email !== null) {`
			`if (!is_string($email) \|\| trim($email) === '') {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '邮箱不能为空',`
			`])->withStatus(400);`
			`}`

			`$email = trim($email);`
			`if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '邮箱格式不正确',`
			`])->withStatus(400);`
			`}`

			`if (strlen($email) > 100) {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '邮箱长度不能超过 100 个字符',`
			`])->withStatus(400);`
			`}`

			`if (User::query()->where('email', $email)->where('id', '!=', $user->id)->exists()) {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '邮箱已被注册',`
			`])->withStatus(400);`
			`}`

			`$updates['email'] = $email;`
			`}`

			`if ($ext !== null) {`
			`if (!is_array($ext)) {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => 'ext 必须为对象',`
			`])->withStatus(400);`
			`}`

			`$updates['ext'] = $ext;`
			`}`

			`if ($updates === []) {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '缺少可更新字段',`
			`])->withStatus(400);`
			`}`

			`$user->fill($updates);`
			`$user->save();`
			`$user->refresh();`

update 2026-03-17 15:54:53 +08:00			`OperationLogService::log(`
fix request log 2026-03-18 08:37:14 +08:00			`user_id: OperationLogService::getCurrentUserId(),`
update 2026-03-17 15:54:53 +08:00			`action: 'user.update',`
			`target_type: 'user',`
			`target_id: $user->id,`
			`description: "更新用户 {$user->username} 信息",`
			`detail: $updates,`
add request helper 2026-03-18 08:49:10 +08:00			`ip: RequestHelper::getClientIp($this->request),`
update 2026-03-17 15:54:53 +08:00			`);`

update user api 2026-03-06 16:27:50 +08:00			`return [`
			`'code' => 0,`
			`'message' => '更新成功',`
			`'data' => $user,`
			`];`
			`}`

			`/**`
			`* 更新用户状态`
			`*`
			`* @param int $id 用户 ID`
			`*/`
update user manage 2026-03-09 09:02:21 +08:00			`#[OA\Patch(`
			`path: '/users/{id}/status',`
			`summary: '更新用户状态',`
			`description: '启用或禁用用户',`
			`security: [['bearerAuth' => []]],`
			`tags: ['Users'],`
			`parameters: [`
			`new OA\Parameter(name: 'id', in: 'path', required: true, description: '用户 ID', schema: new OA\Schema(type: 'integer')),`
			`],`
			`requestBody: new OA\RequestBody(`
			`required: true,`
			`content: new OA\JsonContent(`
			`required: ['status'],`
			`properties: [`
			`new OA\Property(property: 'status', type: 'integer', enum: [0, 1], description: '0=禁用，1=启用'),`
			`]`
			`)`
			`),`
			`responses: [`
			`new OA\Response(`
			`response: 200,`
			`description: '状态更新成功',`
			`content: new OA\JsonContent(properties: [`
			`new OA\Property(property: 'code', type: 'integer', example: 0),`
			`new OA\Property(property: 'message', type: 'string', example: '状态更新成功'),`
			`new OA\Property(property: 'data', ref: '#/components/schemas/User'),`
			`])`
			`),`
			`new OA\Response(response: 400, description: '参数校验失败', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),`
			`new OA\Response(response: 401, description: '未认证', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),`
			`new OA\Response(response: 404, description: '用户不存在', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),`
			`]`
			`)]`
update user api 2026-03-06 16:27:50 +08:00			`#[RequestMapping(path: "{id}/status", methods: "PATCH")]`
			`#[Middleware(AuthMiddleware::class)]`
update user controller 2026-03-09 14:12:05 +08:00			`#[Middleware(PermissionMiddleware::class)]`
update user api 2026-03-06 16:27:50 +08:00			`public function updateStatus(int $id): \Psr\Http\Message\ResponseInterface\|array`
			`{`
			`$user = User::query()->find($id);`

			`if (!$user) {`
			`return $this->response->json([`
			`'code' => 404,`
			`'message' => '用户不存在',`
			`])->withStatus(404);`
			`}`

			`$status_input = $this->request->input('status');`
			`if ($status_input === null \|\| $status_input === '') {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => '缺少 status 参数',`
			`])->withStatus(400);`
			`}`

			`if (!is_numeric($status_input) \|\| !in_array((int) $status_input, [0, 1], true)) {`
			`return $this->response->json([`
			`'code' => 400,`
			`'message' => 'status 参数必须为 0 或 1',`
			`])->withStatus(400);`
			`}`

update 2026-03-17 15:54:53 +08:00			`$old_status = $user->status;`
update user api 2026-03-06 16:27:50 +08:00			`$user->status = (int) $status_input;`
			`$user->save();`
			`$user->refresh();`

update 2026-03-17 15:54:53 +08:00			`OperationLogService::log(`
fix request log 2026-03-18 08:37:14 +08:00			`user_id: OperationLogService::getCurrentUserId(),`
update 2026-03-17 15:54:53 +08:00			`action: 'user.status_change',`
			`target_type: 'user',`
			`target_id: $user->id,`
			`description: "用户 {$user->username} 状态变更",`
			`detail: ['old_status' => $old_status, 'new_status' => $user->status],`
add request helper 2026-03-18 08:49:10 +08:00			`ip: RequestHelper::getClientIp($this->request),`
update 2026-03-17 15:54:53 +08:00			`);`

update user api 2026-03-06 16:27:50 +08:00			`return [`
			`'code' => 0,`
			`'message' => '状态更新成功',`
			`'data' => $user,`
			`];`
			`}`
update user api 2026-03-06 15:29:04 +08:00			`}`