interpreter-admin/server/api/admin/users.ts

// 管理员用户管理API
import { serverSupabaseClient, serverSupabaseUser } from '#supabase/server'

export default defineEventHandler(async (event) => {
  const supabase = await serverSupabaseClient(event)
  const user = await serverSupabaseUser(event)
  
  if (!user) {
    throw createError({
      statusCode: 401,
      statusMessage: '未授权访问'
    })
  }

  // 验证管理员权限
  const { data: profile } = await supabase
    .from('profiles')
    .select('role')
    .eq('id', user.id)
    .single()

  if (!profile || profile.role !== 'admin') {
    throw createError({
      statusCode: 403,
      statusMessage: '权限不足，需要管理员权限'
    })
  }

  const method = getMethod(event)

  if (method === 'GET') {
    // 获取用户列表
    const query = getQuery(event)
    const page = parseInt(query.page as string) || 1
    const limit = parseInt(query.limit as string) || 20
    const search = query.search as string
    const role = query.role as string
    const status = query.status as string

    let queryBuilder = supabase
      .from('profiles')
      .select(`
        id, email, full_name, phone, company, department, role, 
        is_active, verification_status, specializations, 
        hourly_rate, timezone, created_at, last_login
      `)
      .order('created_at', { ascending: false })

    // 搜索过滤
    if (search) {
      queryBuilder = queryBuilder.or(`
        full_name.ilike.%${search}%,
        email.ilike.%${search}%,
        company.ilike.%${search}%
      `)
    }

    // 角色过滤
    if (role) {
      queryBuilder = queryBuilder.eq('role', role)
    }

    // 状态过滤
    if (status === 'active') {
      queryBuilder = queryBuilder.eq('is_active', true)
    } else if (status === 'inactive') {
      queryBuilder = queryBuilder.eq('is_active', false)
    }

    // 分页
    const from = (page - 1) * limit
    const to = from + limit - 1
    queryBuilder = queryBuilder.range(from, to)

    const { data: users, error, count } = await queryBuilder

    if (error) {
      throw createError({
        statusCode: 500,
        statusMessage: '获取用户列表失败：' + error.message
      })
    }

    return {
      users,
      pagination: {
        page,
        limit,
        total: count || 0,
        totalPages: Math.ceil((count || 0) / limit)
      }
    }
  }

  if (method === 'POST') {
    // 创建新用户
    const body = await readBody(event)
    const { email, password, full_name, role, phone, company, department, specializations, hourly_rate, timezone } = body

    if (!email || !password || !full_name || !role) {
      throw createError({
        statusCode: 400,
        statusMessage: '缺少必要字段：email, password, full_name, role'
      })
    }

    // 创建认证用户
    const { data: authData, error: authError } = await supabase.auth.admin.createUser({
      email,
      password,
      email_confirm: true
    })

    if (authError) {
      throw createError({
        statusCode: 400,
        statusMessage: '创建用户失败：' + authError.message
      })
    }

    // 创建用户资料
    const { data: profileData, error: profileError } = await supabase
      .from('profiles')
      .insert({
        id: authData.user.id,
        email,
        full_name,
        phone,
        company,
        department,
        role,
        specializations: specializations || [],
        hourly_rate,
        timezone: timezone || 'UTC',
        verification_status: 'verified' // 管理员创建的用户自动验证
      })
      .select()
      .single()

    if (profileError) {
      // 如果创建资料失败，删除已创建的认证用户
      await supabase.auth.admin.deleteUser(authData.user.id)
      throw createError({
        statusCode: 500,
        statusMessage: '创建用户资料失败：' + profileError.message
      })
    }

    return {
      message: '用户创建成功',
      user: profileData
    }
  }

  if (method === 'PUT') {
    // 更新用户信息
    const body = await readBody(event)
    const { userId, ...updateData } = body

    if (!userId) {
      throw createError({
        statusCode: 400,
        statusMessage: '缺少用户ID'
      })
    }

    // 更新用户资料
    const { data: updatedUser, error } = await supabase
      .from('profiles')
      .update({
        ...updateData,
        updated_at: new Date().toISOString()
      })
      .eq('id', userId)
      .select()
      .single()

    if (error) {
      throw createError({
        statusCode: 500,
        statusMessage: '更新用户失败：' + error.message
      })
    }

    return {
      message: '用户更新成功',
      user: updatedUser
    }
  }

  if (method === 'DELETE') {
    // 删除用户
    const body = await readBody(event)
    const { userId } = body

    if (!userId) {
      throw createError({
        statusCode: 400,
        statusMessage: '缺少用户ID'
      })
    }

    // 软删除：设置为非活跃状态
    const { error } = await supabase
      .from('profiles')
      .update({ 
        is_active: false,
        updated_at: new Date().toISOString()
      })
      .eq('id', userId)

    if (error) {
      throw createError({
        statusCode: 500,
        statusMessage: '删除用户失败：' + error.message
      })
    }

    return {
      message: '用户删除成功'
    }
  }

  throw createError({
    statusCode: 405,
    statusMessage: '不支持的请求方法'
  })
})