const Router = require('koa-router') const multer = require('@koa/multer') const path = require('path') const fs = require('fs') const { requireAuth, requireStaffAuth } = require('../middleware/auth') const router = new Router() const ALLOWED_TYPES = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'] const ALLOWED_EXTS = ['.jpg', '.jpeg', '.png', '.gif', '.webp'] const MAX_SIZE = 5 * 1024 * 1024 const ALLOWED_BUCKETS = ['goods', 'points', 'avatar', 'category'] // 普通用户可上传的目录 const USER_ALLOWED_BUCKETS = ['avatar'] const uploadDir = path.join(__dirname, '..', 'public', 'uploads') const storage = multer.diskStorage({ destination: (req, file, cb) => { const type = (req.query && req.query.type) || 'goods' if (!ALLOWED_BUCKETS.includes(type)) { return cb(new Error('非法的上传目录')) } const dir = path.join(uploadDir, type) if (!fs.existsSync(dir)) { fs.mkdirSync(dir, { recursive: true }) } cb(null, dir) }, filename: (req, file, cb) => { const uniqueSuffix = Date.now() + '-' + Math.round(Math.random() * 1e9) const ext = (path.extname(file.originalname) || '').toLowerCase() const safeExt = ALLOWED_EXTS.includes(ext) ? ext : '.jpg' cb(null, uniqueSuffix + safeExt) } }) const upload = multer({ storage, limits: { fileSize: MAX_SIZE, files: 1 }, fileFilter: (req, file, cb) => { if (!ALLOWED_TYPES.includes(file.mimetype)) { return cb(new Error('不支持的文件类型,仅支持 jpg/png/gif/webp')) } cb(null, true) } }) // 头像上传 - 所有已登录用户可用 router.post('/avatar', requireAuth(), upload.single('file'), async (ctx) => { if (!ctx.file) { ctx.status = 400 ctx.body = { code: 400, message: '没有上传文件' } return } const fileUrl = `/uploads/avatar/${ctx.file.filename}` ctx.body = { code: 200, message: '上传成功', url: fileUrl } }) // 通用上传 - staff/admin 可用 router.post('/', requireStaffAuth(), upload.single('file'), async (ctx) => { if (!ctx.file) { ctx.status = 400 ctx.body = { code: 400, message: '没有上传文件' } return } const type = ctx.query.type || 'goods' if (!ALLOWED_BUCKETS.includes(type)) { ctx.status = 400 ctx.body = { code: 400, message: '非法的上传目录' } return } const fileUrl = `/uploads/${type}/${ctx.file.filename}` ctx.body = { code: 200, message: '上传成功', url: fileUrl } }) module.exports = router.routes()