feat: Implement role-based access control and enhance permissions system

app/api/roles/init-emperor/route.ts

@@ -0,0 +1,54 @@
+import { auth } from "@/lib/auth";
+import { createDb } from "@/lib/db";
+import { roles, userRoles } from "@/lib/schema";
+import { ROLES } from "@/lib/permissions";
+import { eq } from "drizzle-orm";
+
+export const runtime = "edge";
+
+export async function GET() {
+  const session = await auth();
+  if (!session?.user?.id) {
+    return Response.json({ error: "未授权" }, { status: 401 });
+  }
+
+  const db = createDb();
+
+  const emperorRole = await db.query.roles.findFirst({
+    where: eq(roles.name, ROLES.EMPEROR),
+    with: {
+      userRoles: true,
+    },
+  });
+
+  if (emperorRole && emperorRole.userRoles.length > 0) {
+    return Response.json({ error: "已存在皇帝, 谋反将被处死" }, { status: 400 });
+  }
+
+  try {
+    let roleId = emperorRole?.id;
+    if (!roleId) {
+      const [newRole] = await db.insert(roles)
+        .values({
+          name: ROLES.EMPEROR,
+          description: "皇帝（网站所有者）",
+        })
+        .returning({ id: roles.id });
+      roleId = newRole.id;
+    }
+
+    await db.insert(userRoles)
+      .values({
+        userId: session.user.id,
+        roleId,
+      });
+
+    return Response.json({ message: "登基成功，你已成为皇帝" });
+  } catch (error) {
+    console.error("Failed to initialize emperor:", error);
+    return Response.json(
+      { error: "登基称帝失败" },
+      { status: 500 }
+    );
+  }
+} 

app/api/roles/promote/route.ts

@@ -0,0 +1,58 @@
+import { createDb } from "@/lib/db";
+import { roles, userRoles } from "@/lib/schema";
+import { eq } from "drizzle-orm";
+import { ROLES } from "@/lib/permissions";
+
+export const runtime = "edge";
+
+export async function POST(request: Request) {
+  try {
+    const { userId, roleName } = await request.json() as { userId: string, roleName: string };
+    if (!userId || !roleName) {
+      return Response.json(
+        { error: "缺少必要参数" },
+        { status: 400 }
+      );
+    }
+
+    if (roleName !== ROLES.KNIGHT) {
+      return Response.json(
+        { error: "角色不合法" },
+        { status: 400 }
+      );
+    }
+
+    const db = createDb();
+
+    let targetRole = await db.query.roles.findFirst({
+      where: eq(roles.name, roleName),
+    });
+
+    if (!targetRole) {
+      const [newRole] = await db.insert(roles)
+        .values({
+          name: roleName,
+          description: "高级用户",
+        })
+        .returning();
+      targetRole = newRole;
+    }
+
+    await db.delete(userRoles)
+      .where(eq(userRoles.userId, userId));
+
+    await db.insert(userRoles)
+      .values({
+        userId,
+        roleId: targetRole.id,
+      });
+
+    return Response.json({ success: true });
+  } catch (error) {
+    console.error("Failed to promote user:", error);
+    return Response.json(
+      { error: "升级用户失败" },
+      { status: 500 }
+    );
+  }
+}

app/api/roles/users/route.ts

@@ -0,0 +1,43 @@
+import { createDb } from "@/lib/db"
+import { userRoles, users } from "@/lib/schema"
+import { eq } from "drizzle-orm"
+
+export const runtime = "edge"
+
+export async function GET(request: Request) {
+  const url = new URL(request.url)
+  const email = url.searchParams.get('email')
+
+  if (!email) {
+    return Response.json(
+      { error: "邮箱地址不能为空" },
+      { status: 400 }
+    )
+  }
+
+  const db = createDb()
+  
+  const user = await db.query.users.findFirst({
+    where: eq(users.email, email),
+  })
+
+  if (!user) {
+    return Response.json({ user: null })
+  }
+
+  const userRole = await db.query.userRoles.findFirst({
+    where: eq(userRoles.userId, user.id),
+    with: {
+      role: true
+    }
+  })
+
+  return Response.json({
+    user: {
+      id: user.id,
+      name: user.name,
+      email: user.email,
+      role: userRole?.role.name
+    }
+  })
+}