扩展认证逻辑支持 API Token 和动态权限解析，更新配置结构及 Swagger 文档

main.go

@@ -7,6 +7,7 @@ import (
 	"FileRelay/internal/api/public"
 	"FileRelay/internal/bootstrap"
 	"FileRelay/internal/config"
+	"FileRelay/internal/model"
 	"FileRelay/internal/task"
 	"context"
 	"fmt"
@@ -35,7 +36,12 @@ import (
 // @securityDefinitions.apikey AdminAuth
 // @in header
 // @name Authorization
-// @description Type "Bearer <your-jwt-token>" to authenticate.
+// @description Type "Bearer <JWT-Token>" or "Bearer <API-Token>" to authenticate. API Token must have 'admin' scope.
+
+// @securityDefinitions.apikey APITokenAuth
+// @in header
+// @name Authorization
+// @description Type "Bearer <API-Token>" to authenticate. Required scope depends on the endpoint.
 
 func main() {
 	// 1. 加载配置
@@ -72,12 +78,12 @@ func main() {
 	{
 		api.GET("/config", publicConfigHandler.GetPublicConfig)
 		// 统一使用 /batches 作为资源路径
-		api.POST("/batches", uploadHandler.Upload)
-		api.POST("/batches/text", uploadHandler.UploadText)
-		api.GET("/batches/:pickup_code", middleware.PickupRateLimit(), pickupHandler.Pickup)
-		api.GET("/batches/:pickup_code/download", pickupHandler.DownloadBatch)
+		api.POST("/batches", middleware.APITokenAuth(model.ScopeUpload, !config.GlobalConfig.Upload.RequireToken), uploadHandler.Upload)
+		api.POST("/batches/text", middleware.APITokenAuth(model.ScopeUpload, !config.GlobalConfig.Upload.RequireToken), uploadHandler.UploadText)
+		api.GET("/batches/:pickup_code", middleware.PickupRateLimit(), middleware.APITokenAuth(model.ScopePickup, true), pickupHandler.Pickup)
+		api.GET("/batches/:pickup_code/download", middleware.APITokenAuth(model.ScopePickup, true), pickupHandler.DownloadBatch)
 		// 文件下载保持 /files/:id/download 风格
-		api.GET("/files/:file_id/download", pickupHandler.DownloadFile)
+		api.GET("/files/:file_id/download", middleware.APITokenAuth(model.ScopePickup, true), pickupHandler.DownloadFile)
 
 		// 保持旧路由兼容性 (可选，但为了平滑过渡通常建议保留一段时间或直接更新)
 		// 这里根据需求“调整不符合规范的”，我将直接采用新路由