table_game/backend/app/routers/admin_message.py

from fastapi import APIRouter, HTTPException
from ..utils.jwt_handler import verify_token
from ..db import get_connection
from pydantic import BaseModel
from fastapi import Body

router = APIRouter()

def _verify_admin_permission(token: str):
    """公共权限验证方法"""
    try:
        payload = verify_token(token)
        username = payload["sub"]
    except ValueError as e:
        raise HTTPException(status_code=401, detail=str(e))

    connection = get_connection()
    try:
        cursor = connection.cursor(dictionary=True)
        cursor.execute("SELECT user_type FROM users WHERE username = %s;", (username,))
        admin_user = cursor.fetchone()

        if not admin_user or admin_user["user_type"] != "admin":
            raise HTTPException(status_code=403, detail="Permission denied")
        return username
    finally:
        cursor.close()
        connection.close()

class MessageGet(BaseModel):
    token: str
    page: int = 1
    page_size: int = 20
class DeleteMessageRequest(BaseModel):
    token: str

@router.post("/messages")
def get_all_messages(request: MessageGet):
    """获取留言列表（带分页）"""
    _verify_admin_permission(request.token)
    connection = get_connection()
    cursor = connection.cursor(dictionary=True)
    try:
        offset = (request.page - 1) * request.page_size
        # 获取总数
        cursor.execute("SELECT COUNT(*) AS total FROM player_messages")
        total = cursor.fetchone()['total']

        # 获取分页数据
        cursor.execute("""
            SELECT m.message_id, m.user_id, u.username, m.message_content, m.created_at 
            FROM player_messages m
            JOIN users u ON m.user_id = u.user_id
            ORDER BY m.created_at DESC 
            LIMIT %s OFFSET %s
        """, (request.page_size, offset))

        return {
            "data": cursor.fetchall(),
            "total": total,
            "page": request.page,
            "page_size": request.page_size
        }
    finally:
        cursor.close()
        connection.close()

@router.delete("/messages/{message_id}")
async def delete_message(
    message_id: int,
    request: DeleteMessageRequest
):
    """删除留言核心逻辑"""

    # 数据库操作
    connection = get_connection()
    try:
        with connection.cursor() as cursor:
            affected_rows = cursor.execute(
                "DELETE FROM player_messages WHERE message_id = %s",
                (message_id,)
            )
            connection.commit()

            if affected_rows == 0:
                raise HTTPException(status_code=404, detail="留言不存在")
            return {"message": "删除成功"}
    finally:
        connection.close()