const express = require('express'); const { authMiddleware, roleMiddleware, adminMiddleware, managerMiddleware, tellerMiddleware } = require('../middleware/auth'); const { validateAccountNumber, validateAmount, handleValidationErrors } = require('../middleware/security'); const router = express.Router(); const accountController = require('../controllers/accountController'); /** * @swagger * tags: * name: Accounts * description: 账户管理 */ /** * @swagger * components: * schemas: * Account: * type: object * required: * - user_id * - account_type * properties: * id: * type: integer * description: 账户ID * account_number: * type: string * description: 账户号码 * user_id: * type: integer * description: 用户ID * account_type: * type: string * enum: [savings, checking, credit, loan] * description: 账户类型 * balance: * type: integer * description: 账户余额(分) * available_balance: * type: integer * description: 可用余额(分) * frozen_amount: * type: integer * description: 冻结金额(分) * status: * type: string * enum: [active, inactive, frozen, closed] * description: 账户状态 */ /** * @swagger * /api/accounts: * post: * summary: 创建账户 * tags: [Accounts] * security: * - bearerAuth: [] * requestBody: * required: true * content: * application/json: * schema: * type: object * required: * - user_id * - account_type * properties: * user_id: * type: integer * description: 用户ID * account_type: * type: string * enum: [savings, checking, credit, loan] * description: 账户类型 * initial_balance: * type: number * description: 初始余额(元) * responses: * 201: * description: 创建成功 * 400: * description: 输入数据验证失败 * 401: * description: 未授权 * 403: * description: 权限不足 */ router.post('/', authMiddleware, roleMiddleware(['admin', 'manager']), accountController.createAccount ); /** * @swagger * /api/accounts: * get: * summary: 获取账户列表 * tags: [Accounts] * security: * - bearerAuth: [] * parameters: * - in: query * name: page * schema: * type: integer * default: 1 * description: 页码 * - in: query * name: limit * schema: * type: integer * default: 10 * description: 每页数量 * - in: query * name: user_id * schema: * type: integer * description: 用户ID(管理员) * - in: query * name: account_type * schema: * type: string * enum: [savings, checking, credit, loan] * description: 账户类型 * - in: query * name: status * schema: * type: string * enum: [active, inactive, frozen, closed] * description: 账户状态 * responses: * 200: * description: 获取成功 * 401: * description: 未授权 */ router.get('/', authMiddleware, accountController.getAccounts ); /** * @swagger * /api/accounts/{accountId}: * get: * summary: 获取账户详情 * tags: [Accounts] * security: * - bearerAuth: [] * parameters: * - in: path * name: accountId * required: true * schema: * type: integer * description: 账户ID * responses: * 200: * description: 获取成功 * 401: * description: 未授权 * 403: * description: 权限不足 * 404: * description: 账户不存在 */ router.get('/:accountId', authMiddleware, accountController.getAccountDetail ); /** * @swagger * /api/accounts/{accountId}/status: * put: * summary: 更新账户状态 * tags: [Accounts] * security: * - bearerAuth: [] * parameters: * - in: path * name: accountId * required: true * schema: * type: integer * description: 账户ID * requestBody: * required: true * content: * application/json: * schema: * type: object * required: * - status * properties: * status: * type: string * enum: [active, inactive, frozen, closed] * description: 账户状态 * responses: * 200: * description: 更新成功 * 401: * description: 未授权 * 403: * description: 权限不足 * 404: * description: 账户不存在 */ router.put('/:accountId/status', authMiddleware, roleMiddleware(['admin', 'manager']), accountController.updateAccountStatus ); /** * @swagger * /api/accounts/{accountId}/deposit: * post: * summary: 存款 * tags: [Accounts] * security: * - bearerAuth: [] * parameters: * - in: path * name: accountId * required: true * schema: * type: integer * description: 账户ID * requestBody: * required: true * content: * application/json: * schema: * type: object * required: * - amount * properties: * amount: * type: number * description: 存款金额(元) * description: * type: string * description: 交易描述 * responses: * 200: * description: 存款成功 * 400: * description: 输入数据验证失败或账户状态异常 * 401: * description: 未授权 * 403: * description: 权限不足 * 404: * description: 账户不存在 */ router.post('/:accountId/deposit', authMiddleware, roleMiddleware(['admin', 'manager', 'teller']), validateAmount, accountController.deposit ); /** * @swagger * /api/accounts/{accountId}/withdraw: * post: * summary: 取款 * tags: [Accounts] * security: * - bearerAuth: [] * parameters: * - in: path * name: accountId * required: true * schema: * type: integer * description: 账户ID * requestBody: * required: true * content: * application/json: * schema: * type: object * required: * - amount * properties: * amount: * type: number * description: 取款金额(元) * description: * type: string * description: 交易描述 * responses: * 200: * description: 取款成功 * 400: * description: 输入数据验证失败、账户状态异常或余额不足 * 401: * description: 未授权 * 403: * description: 权限不足 * 404: * description: 账户不存在 */ router.post('/:accountId/withdraw', authMiddleware, roleMiddleware(['admin', 'manager', 'teller']), validateAmount, accountController.withdraw ); module.exports = router;