董海洋
89 lines
2.5 KiB
JavaScript
89 lines
2.5 KiB
JavaScript
const Router = require('koa-router')
|
|
const multer = require('@koa/multer')
|
|
const path = require('path')
|
|
const fs = require('fs')
|
|
const { requireAuth, requireStaffAuth } = require('../middleware/auth')
|
|
|
|
const router = new Router()
|
|
|
|
const ALLOWED_TYPES = ['image/jpeg', 'image/png', 'image/gif', 'image/webp']
|
|
const ALLOWED_EXTS = ['.jpg', '.jpeg', '.png', '.gif', '.webp']
|
|
const MAX_SIZE = 5 * 1024 * 1024
|
|
const ALLOWED_BUCKETS = ['goods', 'points', 'avatar', 'category']
|
|
|
|
// 普通用户可上传的目录
|
|
const USER_ALLOWED_BUCKETS = ['avatar']
|
|
|
|
const uploadDir = path.join(__dirname, '..', 'public', 'uploads')
|
|
|
|
const storage = multer.diskStorage({
|
|
destination: (req, file, cb) => {
|
|
const type = (req.query && req.query.type) || 'goods'
|
|
if (!ALLOWED_BUCKETS.includes(type)) {
|
|
return cb(new Error('非法的上传目录'))
|
|
}
|
|
const dir = path.join(uploadDir, type)
|
|
if (!fs.existsSync(dir)) {
|
|
fs.mkdirSync(dir, { recursive: true })
|
|
}
|
|
cb(null, dir)
|
|
},
|
|
filename: (req, file, cb) => {
|
|
const uniqueSuffix = Date.now() + '-' + Math.round(Math.random() * 1e9)
|
|
const ext = (path.extname(file.originalname) || '').toLowerCase()
|
|
const safeExt = ALLOWED_EXTS.includes(ext) ? ext : '.jpg'
|
|
cb(null, uniqueSuffix + safeExt)
|
|
}
|
|
})
|
|
|
|
const upload = multer({
|
|
storage,
|
|
limits: { fileSize: MAX_SIZE, files: 1 },
|
|
fileFilter: (req, file, cb) => {
|
|
if (!ALLOWED_TYPES.includes(file.mimetype)) {
|
|
return cb(new Error('不支持的文件类型,仅支持 jpg/png/gif/webp'))
|
|
}
|
|
cb(null, true)
|
|
}
|
|
})
|
|
|
|
// 头像上传 - 所有已登录用户可用
|
|
router.post('/avatar', requireAuth(), upload.single('file'), async (ctx) => {
|
|
if (!ctx.file) {
|
|
ctx.status = 400
|
|
ctx.body = { code: 400, message: '没有上传文件' }
|
|
return
|
|
}
|
|
|
|
const fileUrl = `/uploads/avatar/${ctx.file.filename}`
|
|
ctx.body = {
|
|
code: 200,
|
|
message: '上传成功',
|
|
url: fileUrl
|
|
}
|
|
})
|
|
|
|
// 通用上传 - staff/admin 可用
|
|
router.post('/', requireStaffAuth(), upload.single('file'), async (ctx) => {
|
|
if (!ctx.file) {
|
|
ctx.status = 400
|
|
ctx.body = { code: 400, message: '没有上传文件' }
|
|
return
|
|
}
|
|
|
|
const type = ctx.query.type || 'goods'
|
|
if (!ALLOWED_BUCKETS.includes(type)) {
|
|
ctx.status = 400
|
|
ctx.body = { code: 400, message: '非法的上传目录' }
|
|
return
|
|
}
|
|
const fileUrl = `/uploads/${type}/${ctx.file.filename}`
|
|
ctx.body = {
|
|
code: 200,
|
|
message: '上传成功',
|
|
url: fileUrl
|
|
}
|
|
})
|
|
|
|
module.exports = router.routes()
|