hxuanyu/FileRelay
1
0
Fork 0
mirror of https://git.fightbot.fun/hxuanyu/FileRelay.git synced 2026-02-15 13:01:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
hanxuanyu
2026-01-28 20:44:34 +08:00
commit 500e8b74a7
236 changed files with 29886 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
internal/api/admin/auth.go Normal file
View File

@@ -0,0 +1,70 @@
package admin
import (
"FileRelay/internal/auth"
"FileRelay/internal/config"
"FileRelay/internal/model"
"log/slog"
"net/http"
"github.com/gin-gonic/gin"
"golang.org/x/crypto/bcrypt"
)
type AuthHandler struct{}
func NewAuthHandler() *AuthHandler {
return &AuthHandler{}
}
type LoginRequest struct {
Password string `json:"password" binding:"required" example:"admin"`
}
type LoginResponse struct {
Token string `json:"token"`
}
// Login 管理员登录
// @Summary 管理员登录
// @Description 通过密码换取 JWT Token
// @Tags Admin
// @Accept json
// @Produce json
// @Param request body LoginRequest true "登录请求"
// @Success 200 {object} model.Response{data=LoginResponse}
// @Failure 401 {object} model.Response
// @Router /api/admin/login [post]
func (h *AuthHandler) Login(c *gin.Context) {
var req LoginRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, "Invalid request"))
return
}
passwordHash := config.GlobalConfig.Security.AdminPasswordHash
if passwordHash == "" {
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "Admin password hash not configured"))
return
}
if err := bcrypt.CompareHashAndPassword([]byte(passwordHash), []byte(req.Password)); err != nil {
slog.Warn("Failed admin login attempt", "ip", c.ClientIP())
c.JSON(http.StatusUnauthorized, model.ErrorResponse(model.CodeUnauthorized, "Incorrect password"))
return
}
// 使用固定 ID 1 代表管理员(因为不再有数据库记录)
token, err := auth.GenerateToken(1)
if err != nil {
slog.Error("Failed to generate admin token", "error", err)
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "Failed to generate token"))
return
}
slog.Info("Admin logged in", "ip", c.ClientIP())
c.JSON(http.StatusOK, model.SuccessResponse(LoginResponse{
Token: token,
}))
}

256
internal/api/admin/batch.go Normal file
View File

@@ -0,0 +1,256 @@
package admin
import (
"FileRelay/internal/bootstrap"
"FileRelay/internal/model"
"FileRelay/internal/service"
"bytes"
"encoding/json"
"io"
"log/slog"
"net/http"
"strconv"
"time"
"github.com/gin-gonic/gin"
)
type BatchHandler struct {
batchService *service.BatchService
}
func NewBatchHandler() *BatchHandler {
return &BatchHandler{
batchService: service.NewBatchService(),
}
}
type ListBatchesResponse struct {
Total int64 `json:"total"`
Page int `json:"page"`
PageSize int `json:"page_size"`
Data []model.FileBatch `json:"data"`
}
type UpdateBatchRequest struct {
Remark *string `json:"remark"`
ExpireType *string `json:"expire_type"`
ExpireAt *time.Time `json:"expire_at"`
MaxDownloads *int `json:"max_downloads"`
DownloadCount *int `json:"download_count"`
Status *string `json:"status"`
}
// ListBatches 获取批次列表
// @Summary 获取批次列表
// @Description 分页查询所有文件批次,支持按状态过滤和取件码模糊搜索
// @Tags Admin
// @Security AdminAuth
// @Param page query int false "页码 (默认 1)"
// @Param page_size query int false "每页数量 (默认 20)"
// @Param status query string false "状态 (active/expired/deleted)"
// @Param pickup_code query string false "取件码 (模糊搜索)"
// @Produce json
// @Success 200 {object} model.Response{data=ListBatchesResponse}
// @Failure 401 {object} model.Response
// @Router /api/admin/batches [get]
func (h *BatchHandler) ListBatches(c *gin.Context) {
page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
pageSize, _ := strconv.Atoi(c.DefaultQuery("page_size", "20"))
if page < 1 {
page = 1
}
if pageSize < 1 {
pageSize = 20
}
status := c.Query("status")
pickupCode := c.Query("pickup_code")
query := bootstrap.DB.Model(&model.FileBatch{})
if status != "" {
query = query.Where("status = ?", status)
}
if pickupCode != "" {
query = query.Where("pickup_code LIKE ?", "%"+pickupCode+"%")
}
var total int64
query.Count(&total)
var batches []model.FileBatch
err := query.Offset((page - 1) * pageSize).Limit(pageSize).Order("created_at DESC").Find(&batches).Error
if err != nil {
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
return
}
c.JSON(http.StatusOK, model.SuccessResponse(ListBatchesResponse{
Total: total,
Page: page,
PageSize: pageSize,
Data: batches,
}))
}
// GetBatch 获取批次详情
// @Summary 获取批次详情
// @Description 根据批次 ID 获取批次信息及关联的文件列表
// @Tags Admin
// @Security AdminAuth
// @Param batch_id path string true "批次 ID (UUID)"
// @Produce json
// @Success 200 {object} model.Response{data=model.FileBatch}
// @Failure 404 {object} model.Response
// @Router /api/admin/batches/{batch_id} [get]
func (h *BatchHandler) GetBatch(c *gin.Context) {
id := c.Param("batch_id")
var batch model.FileBatch
if err := bootstrap.DB.Preload("FileItems").First(&batch, "id = ?", id).Error; err != nil {
c.JSON(http.StatusNotFound, model.ErrorResponse(model.CodeNotFound, "batch not found"))
return
}
c.JSON(http.StatusOK, model.SuccessResponse(batch))
}
// UpdateBatch 修改批次信息
// @Summary 修改批次信息
// @Description 允许修改备注、过期策略、最大下载次数、状态等
// @Tags Admin
// @Security AdminAuth
// @Accept json
// @Produce json
// @Param batch_id path string true "批次 ID (UUID)"
// @Param request body UpdateBatchRequest true "修改内容"
// @Success 200 {object} model.Response{data=model.FileBatch}
// @Failure 400 {object} model.Response
// @Router /api/admin/batches/{batch_id} [put]
func (h *BatchHandler) UpdateBatch(c *gin.Context) {
id := c.Param("batch_id")
var batch model.FileBatch
if err := bootstrap.DB.First(&batch, "id = ?", id).Error; err != nil {
c.JSON(http.StatusNotFound, model.ErrorResponse(model.CodeNotFound, "batch not found"))
return
}
rawBody, err := c.GetRawData()
if err != nil {
c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, "failed to read body"))
return
}
c.Request.Body = io.NopCloser(bytes.NewBuffer(rawBody))
var input UpdateBatchRequest
if err := c.ShouldBindJSON(&input); err != nil {
c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, err.Error()))
return
}
var rawMap map[string]interface{}
json.Unmarshal(rawBody, &rawMap)
updates := make(map[string]interface{})
if input.Remark != nil {
updates["remark"] = *input.Remark
}
if input.ExpireType != nil {
newType := *input.ExpireType
updates["expire_type"] = newType
// 如果类型发生变化,根据新类型清除不相关的配置
if newType != batch.ExpireType {
if newType == "download" {
updates["expire_at"] = nil
} else if newType == "time" {
updates["max_downloads"] = 0
} else if newType == "permanent" {
updates["expire_at"] = nil
updates["max_downloads"] = 0
}
}
}
// 显式提供的值具有最高优先级,但仅在逻辑允许的情况下
// 例如:如果切换到了 download 类型,用户可以同时提供一个新的 max_downloads
if _, ok := rawMap["expire_at"]; ok {
updates["expire_at"] = input.ExpireAt
}
if input.MaxDownloads != nil {
updates["max_downloads"] = *input.MaxDownloads
}
// 强制校验:如果最终结果是 permanent确保限制被清空
// 这样即使用户在请求中显式传了非零值,也会被修正
finalType := batch.ExpireType
if t, ok := updates["expire_type"].(string); ok {
finalType = t
}
if finalType == "permanent" {
updates["expire_at"] = nil
updates["max_downloads"] = 0
} else if finalType == "time" {
// 如果是时间过期max_downloads 应该始终为 0
updates["max_downloads"] = 0
} else if finalType == "download" {
// 如果是下载次数过期expire_at 应该始终为 null
updates["expire_at"] = nil
}
if input.DownloadCount != nil {
updates["download_count"] = *input.DownloadCount
}
if input.Status != nil {
updates["status"] = *input.Status
}
if len(updates) > 0 {
if err := bootstrap.DB.Model(&batch).Updates(updates).Error; err != nil {
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
return
}
// 重新从数据库读取,确保返回的是完整且最新的数据
bootstrap.DB.First(&batch, "id = ?", id)
}
c.JSON(http.StatusOK, model.SuccessResponse(batch))
}
// CleanBatches 手动触发清理过期或已删除的批次
// @Summary 手动触发清理
// @Description 手动扫描并物理删除所有已过期或标记为删除的文件批次及其关联文件
// @Tags Admin
// @Security AdminAuth
// @Produce json
// @Success 200 {object} model.Response
// @Failure 500 {object} model.Response
// @Router /api/admin/batches/clean [post]
func (h *BatchHandler) CleanBatches(c *gin.Context) {
slog.Info("Admin triggered manual cleanup")
if err := h.batchService.Cleanup(c.Request.Context()); err != nil {
slog.Error("Manual cleanup failed", "error", err)
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "cleanup failed: "+err.Error()))
return
}
c.JSON(http.StatusOK, model.SuccessResponse(nil))
}
// DeleteBatch 删除批次
// @Summary 删除批次
// @Description 标记批次为已删除,并物理删除关联的存储文件
// @Tags Admin
// @Security AdminAuth
// @Param batch_id path string true "批次 ID (UUID)"
// @Produce json
// @Success 200 {object} model.Response
// @Failure 500 {object} model.Response
// @Router /api/admin/batches/{batch_id} [delete]
func (h *BatchHandler) DeleteBatch(c *gin.Context) {
id := c.Param("batch_id")
if err := h.batchService.DeleteBatch(c.Request.Context(), id); err != nil {
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
return
}
c.JSON(http.StatusOK, model.SuccessResponse(map[string]interface{}{}))
}

107
internal/api/admin/config.go Normal file
View File

@@ -0,0 +1,107 @@
package admin
import (
"FileRelay/internal/bootstrap"
"FileRelay/internal/config"
"FileRelay/internal/model"
"FileRelay/internal/service"
"net/http"
"github.com/gin-gonic/gin"
"golang.org/x/crypto/bcrypt"
)
type ConfigHandler struct{}
func NewConfigHandler() *ConfigHandler {
return &ConfigHandler{}
}
// GetConfig 获取当前完整配置
// @Summary 获取完整配置
// @Description 获取系统的完整配置文件内容(仅管理员)
// @Tags Admin
// @Security AdminAuth
// @Produce json
// @Success 200 {object} model.Response{data=config.Config}
// @Router /api/admin/config [get]
func (h *ConfigHandler) GetConfig(c *gin.Context) {
c.JSON(http.StatusOK, model.SuccessResponse(config.GlobalConfig))
}
// UpdateConfig 更新配置
// @Summary 更新配置
// @Description 更新系统的配置文件内容(仅管理员)
// @Tags Admin
// @Security AdminAuth
// @Accept json
// @Produce json
// @Param config body config.Config true "新配置内容"
// @Success 200 {object} model.Response{data=config.Config}
// @Failure 400 {object} model.Response
// @Failure 500 {object} model.Response
// @Router /api/admin/config [put]
func (h *ConfigHandler) UpdateConfig(c *gin.Context) {
var newConfig config.Config
if err := c.ShouldBindJSON(&newConfig); err != nil {
c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, err.Error()))
return
}
// 简单的校验,防止关键配置被改空
if newConfig.Database.Path == "" {
newConfig.Database.Path = config.GlobalConfig.Database.Path
}
if newConfig.Site.Port <= 0 || newConfig.Site.Port > 65535 {
newConfig.Site.Port = 8080
}
// 如果传入了明文密码,则重新生成 hash
if newConfig.Security.AdminPassword != "" {
hash, err := bcrypt.GenerateFromPassword([]byte(newConfig.Security.AdminPassword), bcrypt.DefaultCost)
if err != nil {
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "Failed to hash password: "+err.Error()))
return
}
newConfig.Security.AdminPasswordHash = string(hash)
}
// 检查取件码长度是否变化
pickupCodeLengthChanged := newConfig.Security.PickupCodeLength != config.GlobalConfig.Security.PickupCodeLength && newConfig.Security.PickupCodeLength > 0
// 检查数据库配置是否变化
dbConfigChanged := newConfig.Database != config.GlobalConfig.Database
// 如果长度变化,同步更新现有取件码 (在可能切换数据库前,先处理旧库数据)
if pickupCodeLengthChanged {
batchService := service.NewBatchService()
if err := batchService.UpdateAllPickupCodes(newConfig.Security.PickupCodeLength); err != nil {
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "Failed to update existing pickup codes: "+err.Error()))
return
}
}
// 更新内存配置
config.UpdateGlobalConfig(&newConfig)
// 重新连接数据库并迁移数据(如果配置发生变化)
if dbConfigChanged {
if err := bootstrap.ReloadDB(newConfig.Database); err != nil {
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "Failed to reload database: "+err.Error()))
return
}
}
// 重新初始化存储(热更新业务逻辑)
if err := bootstrap.ReloadStorage(); err != nil {
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "Failed to reload storage: "+err.Error()))
return
}
// 保存到文件
if err := config.SaveConfig(); err != nil {
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "Failed to save config: "+err.Error()))
return
}
c.JSON(http.StatusOK, model.SuccessResponse(config.GlobalConfig))
}

138
internal/api/admin/token.go Normal file
View File

@@ -0,0 +1,138 @@
package admin
import (
"FileRelay/internal/bootstrap"
"FileRelay/internal/model"
"FileRelay/internal/service"
"net/http"
"time"
"github.com/gin-gonic/gin"
)
type TokenHandler struct {
tokenService *service.TokenService
}
func NewTokenHandler() *TokenHandler {
return &TokenHandler{
tokenService: service.NewTokenService(),
}
}
type CreateTokenRequest struct {
Name string `json:"name" binding:"required" example:"Test Token"`
Scope string `json:"scope" example:"upload,pickup" enums:"upload,pickup,admin"`
ExpireAt *time.Time `json:"expire_at"`
}
type CreateTokenResponse struct {
Token string `json:"token"`
Data *model.APIToken `json:"data"`
}
// ListTokens 获取 API Token 列表
// @Summary 获取 API Token 列表
// @Description 获取系统中所有 API Token 的详细信息(不包含哈希)
// @Tags Admin
// @Security AdminAuth
// @Produce json
// @Success 200 {object} model.Response{data=[]model.APIToken}
// @Failure 401 {object} model.Response
// @Router /api/admin/api-tokens [get]
func (h *TokenHandler) ListTokens(c *gin.Context) {
var tokens []model.APIToken
if err := bootstrap.DB.Find(&tokens).Error; err != nil {
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
return
}
c.JSON(http.StatusOK, model.SuccessResponse(tokens))
}
// CreateToken 创建 API Token
// @Summary 创建 API Token
// @Description 创建一个新的 API Token返回原始 Token仅显示一次
// @Tags Admin
// @Security AdminAuth
// @Accept json
// @Produce json
// @Param request body CreateTokenRequest true "Token 信息"
// @Success 201 {object} model.Response{data=CreateTokenResponse}
// @Failure 400 {object} model.Response
// @Router /api/admin/api-tokens [post]
func (h *TokenHandler) CreateToken(c *gin.Context) {
var input CreateTokenRequest
if err := c.ShouldBindJSON(&input); err != nil {
c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, err.Error()))
return
}
rawToken, token, err := h.tokenService.CreateToken(input.Name, input.Scope, input.ExpireAt)
if err != nil {
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
return
}
c.JSON(http.StatusCreated, model.SuccessResponse(CreateTokenResponse{
Token: rawToken,
Data: token,
}))
}
// RevokeToken 撤销 API Token
// @Summary 撤销 API Token
// @Description 将 API Token 标记为已撤销,使其失效但保留记录
// @Tags Admin
// @Security AdminAuth
// @Param id path int true "Token ID"
// @Produce json
// @Success 200 {object} model.Response
// @Failure 500 {object} model.Response
// @Router /api/admin/api-tokens/{id}/revoke [post]
func (h *TokenHandler) RevokeToken(c *gin.Context) {
id := c.Param("id")
if err := bootstrap.DB.Model(&model.APIToken{}).Where("id = ?", id).Update("revoked", true).Error; err != nil {
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
return
}
c.JSON(http.StatusOK, model.SuccessResponse(map[string]interface{}{}))
}
// RecoverToken 恢复 API Token
// @Summary 恢复 API Token
// @Description 将已撤销的 API Token 恢复为有效状态
// @Tags Admin
// @Security AdminAuth
// @Param id path int true "Token ID"
// @Produce json
// @Success 200 {object} model.Response
// @Failure 500 {object} model.Response
// @Router /api/admin/api-tokens/{id}/recover [post]
func (h *TokenHandler) RecoverToken(c *gin.Context) {
id := c.Param("id")
if err := bootstrap.DB.Model(&model.APIToken{}).Where("id = ?", id).Update("revoked", false).Error; err != nil {
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
return
}
c.JSON(http.StatusOK, model.SuccessResponse(map[string]interface{}{}))
}
// DeleteToken 删除 API Token
// @Summary 删除 API Token
// @Description 根据 ID 永久删除 API Token
// @Tags Admin
// @Security AdminAuth
// @Param id path int true "Token ID"
// @Produce json
// @Success 200 {object} model.Response
// @Failure 500 {object} model.Response
// @Router /api/admin/api-tokens/{id} [delete]
func (h *TokenHandler) DeleteToken(c *gin.Context) {
id := c.Param("id")
if err := bootstrap.DB.Delete(&model.APIToken{}, id).Error; err != nil {
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
return
}
c.JSON(http.StatusOK, model.SuccessResponse(map[string]interface{}{}))
}

119
internal/api/middleware/auth.go Normal file
View File

@@ -0,0 +1,119 @@
package middleware
import (
"FileRelay/internal/auth"
"FileRelay/internal/config"
"FileRelay/internal/model"
"FileRelay/internal/service"
"net/http"
"strings"
"github.com/gin-gonic/gin"
)
func AdminAuth() gin.HandlerFunc {
tokenService := service.NewTokenService()
return func(c *gin.Context) {
authHeader := c.GetHeader("Authorization")
if authHeader == "" {
c.JSON(http.StatusUnauthorized, model.ErrorResponse(model.CodeUnauthorized, "Authorization header required"))
c.Abort()
return
}
parts := strings.SplitN(authHeader, " ", 2)
if !(len(parts) == 2 && parts[0] == "Bearer") {
c.JSON(http.StatusUnauthorized, model.ErrorResponse(model.CodeUnauthorized, "Invalid authorization format"))
c.Abort()
return
}
tokenStr := parts[1]
// 1. 尝试解析为管理员 JWT
claims, err := auth.ParseToken(tokenStr)
if err == nil {
c.Set("admin_id", claims.AdminID)
c.Next()
return
}
// 2. 尝试解析为 API Token (如果配置允许)
if config.GlobalConfig.APIToken.Enabled && config.GlobalConfig.APIToken.AllowAdminAPI {
token, err := tokenService.ValidateToken(tokenStr, model.ScopeAdmin)
if err == nil {
c.Set("token_id", token.ID)
c.Set("token_scope", token.Scope)
c.Next()
return
}
}
c.JSON(http.StatusUnauthorized, model.ErrorResponse(model.CodeUnauthorized, "Invalid or expired token"))
c.Abort()
}
}
func APITokenAuth(requiredScope string, optional bool) gin.HandlerFunc {
tokenService := service.NewTokenService()
return func(c *gin.Context) {
handleAPITokenAuth(c, tokenService, requiredScope, optional)
}
}
func UploadAuth() gin.HandlerFunc {
tokenService := service.NewTokenService()
return func(c *gin.Context) {
// 动态获取配置
optional := !config.GlobalConfig.Upload.RequireToken
handleAPITokenAuth(c, tokenService, model.ScopeUpload, optional)
}
}
func handleAPITokenAuth(c *gin.Context, tokenService *service.TokenService, requiredScope string, optional bool) {
// 如果是可选的,直接跳过校验,满足“未打开对应的开关时不需校验”的需求
if optional {
c.Next()
return
}
authHeader := c.GetHeader("Authorization")
if authHeader == "" {
c.JSON(http.StatusUnauthorized, model.ErrorResponse(model.CodeUnauthorized, "Authorization header required"))
c.Abort()
return
}
parts := strings.SplitN(authHeader, " ", 2)
if !(len(parts) == 2 && parts[0] == "Bearer") {
c.JSON(http.StatusUnauthorized, model.ErrorResponse(model.CodeUnauthorized, "Invalid authorization format"))
c.Abort()
return
}
tokenStr := parts[1]
// 1. 尝试解析为管理员 JWT
if claims, err := auth.ParseToken(tokenStr); err == nil {
c.Set("admin_id", claims.AdminID)
c.Next()
return
}
if !config.GlobalConfig.APIToken.Enabled {
c.JSON(http.StatusForbidden, model.ErrorResponse(model.CodeForbidden, "API Token is disabled"))
c.Abort()
return
}
token, err := tokenService.ValidateToken(tokenStr, requiredScope)
if err != nil {
c.JSON(http.StatusUnauthorized, model.ErrorResponse(model.CodeUnauthorized, err.Error()))
c.Abort()
return
}
c.Set("token_id", token.ID)
c.Set("token_scope", token.Scope)
c.Next()
}

56
internal/api/middleware/limit.go Normal file
View File

@@ -0,0 +1,56 @@
package middleware
import (
"FileRelay/internal/config"
"FileRelay/internal/model"
"log/slog"
"net/http"
"sync"
"time"
"github.com/gin-gonic/gin"
)
var (
pickupFailures = make(map[string]int)
failureMutex sync.Mutex
)
func PickupRateLimit() gin.HandlerFunc {
return func(c *gin.Context) {
key := c.ClientIP()
failureMutex.Lock()
count, exists := pickupFailures[key]
failureMutex.Unlock()
if exists && count >= config.GlobalConfig.Security.PickupFailLimit {
slog.Warn("Pickup rate limit exceeded", "ip", key, "count", count)
c.JSON(http.StatusTooManyRequests, model.ErrorResponse(model.CodeTooManyRequests, "Too many failed attempts. Please try again later."))
c.Abort()
return
}
c.Next()
}
}
func RecordPickupFailure(ip string) {
key := ip
failureMutex.Lock()
pickupFailures[key]++
// 仅在第一次失败时启动清除记录的计时器
if pickupFailures[key] == 1 {
go func() {
// 设置 1 分钟后清除记录 (简单实现)
time.Sleep(1 * time.Hour)
failureMutex.Lock()
delete(pickupFailures, key)
slog.Info("Pickup failure record cleared", "ip", key)
failureMutex.Unlock()
}()
}
failureMutex.Unlock()
}

61
internal/api/public/config.go Normal file
View File

@@ -0,0 +1,61 @@
package public
import (
"FileRelay/internal/config"
"FileRelay/internal/model"
"net/http"
"github.com/gin-gonic/gin"
)
type ConfigHandler struct{}
func NewConfigHandler() *ConfigHandler {
return &ConfigHandler{}
}
// PublicConfig 公开配置结构
type PublicConfig struct {
Site config.SiteConfig `json:"site"`
Security PublicSecurityConfig `json:"security"`
Upload config.UploadConfig `json:"upload"`
APIToken PublicAPITokenConfig `json:"api_token"`
Storage PublicStorageConfig `json:"storage"`
}
type PublicSecurityConfig struct {
PickupCodeLength int `json:"pickup_code_length"`
}
type PublicAPITokenConfig struct {
Enabled bool `json:"enabled"`
}
type PublicStorageConfig struct {
Type string `json:"type"`
}
// GetPublicConfig 获取非敏感配置
// @Summary 获取公共配置
// @Description 获取前端展示所需的非敏感配置数据
// @Tags Public
// @Produce json
// @Success 200 {object} model.Response{data=PublicConfig}
// @Router /api/config [get]
func (h *ConfigHandler) GetPublicConfig(c *gin.Context) {
pub := PublicConfig{
Site: config.GlobalConfig.Site,
Security: PublicSecurityConfig{
PickupCodeLength: config.GlobalConfig.Security.PickupCodeLength,
},
Upload: config.GlobalConfig.Upload,
APIToken: PublicAPITokenConfig{
Enabled: config.GlobalConfig.APIToken.Enabled,
},
Storage: PublicStorageConfig{
Type: config.GlobalConfig.Storage.Type,
},
}
c.JSON(http.StatusOK, model.SuccessResponse(pub))
}

314
internal/api/public/pickup.go Normal file
View File

@@ -0,0 +1,314 @@
package public
import (
"FileRelay/internal/api/middleware"
"FileRelay/internal/bootstrap"
"FileRelay/internal/config"
"FileRelay/internal/model"
"FileRelay/internal/service"
"FileRelay/internal/storage"
"archive/zip"
"fmt"
"io"
"log/slog"
"net/http"
"strconv"
"strings"
"time"
"github.com/gin-gonic/gin"
)
type PickupResponse struct {
Remark string `json:"remark"`
ExpireAt *time.Time `json:"expire_at"`
ExpireType string `json:"expire_type"`
DownloadCount int `json:"download_count"`
MaxDownloads int `json:"max_downloads"`
Type string `json:"type"`
Content string `json:"content,omitempty"`
Files []model.FileItem `json:"files,omitempty"`
}
type DownloadCountResponse struct {
DownloadCount int `json:"download_count"`
MaxDownloads int `json:"max_downloads"`
}
// DownloadBatch 批量下载文件 (ZIP)
// @Summary 批量下载文件
// @Description 根据取件码将批次内的所有文件打包为 ZIP 格式一次性下载。可选提供带 pickup scope 的 API Token。
// @Tags Public
// @Security APITokenAuth
// @Param pickup_code path string true "取件码"
// @Produce application/zip
// @Success 200 {file} file
// @Failure 404 {object} model.Response
// @Router /api/batches/{pickup_code}/download [get]
func (h *PickupHandler) DownloadBatch(c *gin.Context) {
code := c.Param("pickup_code")
batch, err := h.batchService.GetBatchByPickupCode(code)
if err != nil {
c.JSON(http.StatusNotFound, model.ErrorResponse(model.CodeNotFound, "batch not found or expired"))
return
}
c.Header("Content-Disposition", fmt.Sprintf("attachment; filename=\"batch_%s.zip\"", code))
c.Header("Content-Type", "application/zip")
zw := zip.NewWriter(c.Writer)
defer zw.Close()
for _, item := range batch.FileItems {
reader, err := storage.GlobalStorage.Open(c.Request.Context(), item.StoragePath)
if err != nil {
continue // Skip failed files
}
f, err := zw.Create(item.OriginalName)
if err != nil {
reader.Close()
continue
}
_, _ = io.Copy(f, reader)
reader.Close()
}
// 增加下载次数
if err := h.batchService.IncrementDownloadCount(batch.ID); err != nil {
slog.Error("Failed to increment download count", "batch_id", batch.ID, "error", err)
}
}
type PickupHandler struct {
batchService *service.BatchService
}
func NewPickupHandler() *PickupHandler {
return &PickupHandler{
batchService: service.NewBatchService(),
}
}
// Pickup 获取批次信息
// @Summary 获取批次信息
// @Description 根据取件码获取文件批次详细信息和文件列表。可选提供带 pickup scope 的 API Token。
// @Tags Public
// @Security APITokenAuth
// @Produce json
// @Param pickup_code path string true "取件码"
// @Success 200 {object} model.Response{data=PickupResponse}
// @Failure 404 {object} model.Response
// @Router /api/batches/{pickup_code} [get]
func (h *PickupHandler) Pickup(c *gin.Context) {
code := c.Param("pickup_code")
if code == "" {
c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, "pickup code required"))
return
}
batch, err := h.batchService.GetBatchByPickupCode(code)
if err != nil {
middleware.RecordPickupFailure(c.ClientIP())
c.JSON(http.StatusNotFound, model.ErrorResponse(model.CodeNotFound, "batch not found or expired"))
return
}
if batch.Type == "text" {
if err := h.batchService.IncrementDownloadCount(batch.ID); err != nil {
slog.Error("Failed to increment download count for batch", "batch_id", batch.ID, "error", err)
} else {
batch.DownloadCount++
}
}
baseURL := getBaseURL(c)
for i := range batch.FileItems {
batch.FileItems[i].DownloadURL = fmt.Sprintf("%s/api/files/%s/%s", baseURL, batch.FileItems[i].ID, batch.FileItems[i].OriginalName)
}
c.JSON(http.StatusOK, model.SuccessResponse(PickupResponse{
Remark: batch.Remark,
ExpireAt: batch.ExpireAt,
ExpireType: batch.ExpireType,
DownloadCount: batch.DownloadCount,
MaxDownloads: batch.MaxDownloads,
Type: batch.Type,
Content: batch.Content,
Files: batch.FileItems,
}))
}
// GetDownloadCount 查询下载次数
// @Summary 查询下载次数
// @Description 根据取件码查询当前下载次数和最大允许下载次数。支持已过期的批次。
// @Tags Public
// @Produce json
// @Param pickup_code path string true "取件码"
// @Success 200 {object} model.Response{data=DownloadCountResponse}
// @Failure 400 {object} model.Response
// @Failure 404 {object} model.Response
// @Router /api/batches/{pickup_code}/count [get]
func (h *PickupHandler) GetDownloadCount(c *gin.Context) {
code := c.Param("pickup_code")
if code == "" {
c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, "pickup code required"))
return
}
count, max, err := h.batchService.GetDownloadCountByPickupCode(code)
if err != nil {
middleware.RecordPickupFailure(c.ClientIP())
c.JSON(http.StatusNotFound, model.ErrorResponse(model.CodeNotFound, "batch not found"))
return
}
c.JSON(http.StatusOK, model.SuccessResponse(DownloadCountResponse{
DownloadCount: count,
MaxDownloads: max,
}))
}
func getBaseURL(c *gin.Context) string {
// 优先使用配置中的 BaseURL
if config.GlobalConfig.Site.BaseURL != "" {
return strings.TrimSuffix(config.GlobalConfig.Site.BaseURL, "/")
}
// 自动检测逻辑
scheme := "http"
if c.Request.TLS != nil {
scheme = "https"
} else {
// 检查常用的代理协议头 (优先)
// 增加对用户提供的 :scheme (可能被某些代理转为普通 header) 的支持
// 增加对 X-Forwarded-Proto 可能存在的逗号分隔列表的处理
checkHeaders := []struct {
name string
values []string
}{
{"X-Forwarded-Proto", []string{"https"}},
{"X-Forwarded-Protocol", []string{"https"}},
{"X-Url-Scheme", []string{"https"}},
{"Front-End-Https", []string{"on", "https"}},
{"X-Forwarded-Ssl", []string{"on", "https"}},
{":scheme", []string{"https"}},
{"X-Scheme", []string{"https"}},
}
found := false
for _, h := range checkHeaders {
val := c.GetHeader(h.name)
if val == "" {
continue
}
// 处理可能的逗号分隔列表 (如 X-Forwarded-Proto: https, http)
firstVal := strings.TrimSpace(strings.ToLower(strings.Split(val, ",")[0]))
for _, target := range h.values {
if firstVal == target {
scheme = "https"
found = true
break
}
}
if found {
break
}
}
// 检查 Forwarded 头部 (RFC 7239)
if !found {
if forwarded := c.GetHeader("Forwarded"); forwarded != "" {
if strings.Contains(strings.ToLower(forwarded), "proto=https") {
scheme = "https"
found = true
}
}
}
// 启发式判断:如果上述头部都没有,但 Referer 是 https则认为也是 https
// 这在同域 API 请求时非常可靠
if !found {
if referer := c.GetHeader("Referer"); strings.HasPrefix(strings.ToLower(referer), "https://") {
scheme = "https"
}
}
}
host := c.Request.Host
if forwardedHost := c.GetHeader("X-Forwarded-Host"); forwardedHost != "" {
// 处理可能的逗号分隔列表
host = strings.TrimSpace(strings.Split(forwardedHost, ",")[0])
}
return fmt.Sprintf("%s://%s", scheme, host)
}
// DownloadFile 下载单个文件
// @Summary 下载单个文件
// @Description 根据文件 ID 下载单个文件。支持直观的文件名结尾以方便下载工具识别。可选提供带 pickup scope 的 API Token。
// @Tags Public
// @Security APITokenAuth
// @Param file_id path string true "文件 ID (UUID)"
// @Param filename path string false "文件名"
// @Produce application/octet-stream
// @Success 200 {file} file
// @Failure 404 {object} model.Response
// @Failure 410 {object} model.Response
// @Router /api/files/{file_id}/{filename} [get]
// @Router /api/files/{file_id}/download [get]
func (h *PickupHandler) DownloadFile(c *gin.Context) {
fileID := c.Param("file_id")
var item model.FileItem
if err := bootstrap.DB.First(&item, "id = ?", fileID).Error; err != nil {
c.JSON(http.StatusNotFound, model.ErrorResponse(model.CodeNotFound, "file not found"))
return
}
var batch model.FileBatch
if err := bootstrap.DB.First(&batch, "id = ?", item.BatchID).Error; err != nil {
c.JSON(http.StatusNotFound, model.ErrorResponse(model.CodeNotFound, "batch not found"))
return
}
if h.batchService.IsExpired(&batch) {
h.batchService.MarkAsExpired(&batch)
// 按照需求,如果不存在(已在上面处理)或达到上限,返回 404
if batch.ExpireType == "download" && batch.DownloadCount >= batch.MaxDownloads {
c.JSON(http.StatusNotFound, model.ErrorResponse(model.CodeNotFound, "file not found or download limit reached"))
} else {
c.JSON(http.StatusGone, model.ErrorResponse(model.CodeGone, "batch expired"))
}
return
}
// 打开文件
reader, err := storage.GlobalStorage.Open(c.Request.Context(), item.StoragePath)
if err != nil {
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "failed to open file"))
return
}
defer reader.Close()
// 增加下载次数
if err := h.batchService.IncrementDownloadCount(batch.ID); err != nil {
// 记录错误但不中断下载过程
slog.Error("Failed to increment download count for batch", "batch_id", batch.ID, "error", err)
}
c.Header("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", item.OriginalName))
c.Header("Content-Type", item.MimeType)
c.Header("Content-Length", strconv.FormatInt(item.Size, 10))
// 如果是 HEAD 请求,只返回 Header
if c.Request.Method == http.MethodHead {
return
}
if _, err := io.Copy(c.Writer, reader); err != nil {
slog.Error("Error during file download", "file_id", item.ID, "error", err)
}
}

175
internal/api/public/upload.go Normal file
View File

@@ -0,0 +1,175 @@
package public
import (
"FileRelay/internal/config"
"FileRelay/internal/model"
"FileRelay/internal/service"
"fmt"
"log/slog"
"net/http"
"strconv"
"time"
"github.com/gin-gonic/gin"
)
type UploadHandler struct {
uploadService *service.UploadService
}
func NewUploadHandler() *UploadHandler {
return &UploadHandler{
uploadService: service.NewUploadService(),
}
}
type UploadResponse struct {
PickupCode string `json:"pickup_code"`
ExpireAt *time.Time `json:"expire_at"`
BatchID string `json:"batch_id"`
}
// Upload 上传文件并生成取件码
// @Summary 上传文件
// @Description 上传一个或多个文件并创建一个提取批次。如果配置了 require_token则必须提供带 upload scope 的 API Token。
// @Tags Public
// @Accept multipart/form-data
// @Produce json
// @Security APITokenAuth
// @Param files formData file true "文件列表"
// @Param remark formData string false "备注"
// @Param expire_type formData string false "过期类型 (time/download/permanent)"
// @Param expire_days formData int false "过期天数 (针对 time 类型)"
// @Param max_downloads formData int false "最大下载次数 (针对 download 类型)"
// @Success 200 {object} model.Response{data=UploadResponse}
// @Failure 400 {object} model.Response
// @Failure 500 {object} model.Response
// @Router /api/batches [post]
func (h *UploadHandler) Upload(c *gin.Context) {
form, err := c.MultipartForm()
if err != nil {
c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, "invalid form"))
return
}
files := form.File["files"]
if len(files) == 0 {
c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, "no files uploaded"))
return
}
if len(files) > config.GlobalConfig.Upload.MaxBatchFiles {
c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, "too many files"))
return
}
// 校验单个文件大小
maxSize := config.GlobalConfig.Upload.MaxFileSizeMB * 1024 * 1024
for _, file := range files {
if file.Size > maxSize {
c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, fmt.Sprintf("文件 %s 超过最大限制 (%dMB)", file.Filename, config.GlobalConfig.Upload.MaxFileSizeMB)))
return
}
}
remark := c.PostForm("remark")
expireType := c.PostForm("expire_type") // time / download / permanent
if expireType == "" {
expireType = "time"
}
var expireValue interface{}
switch expireType {
case "time":
days, _ := strconv.Atoi(c.PostForm("expire_days"))
if days <= 0 {
days = config.GlobalConfig.Upload.MaxRetentionDays
}
expireValue = days
case "download":
max, _ := strconv.Atoi(c.PostForm("max_downloads"))
if max <= 0 {
max = 1
}
expireValue = max
}
batch, err := h.uploadService.CreateBatch(c.Request.Context(), files, remark, expireType, expireValue)
if err != nil {
slog.Error("Upload handler failed to create batch", "error", err)
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
return
}
c.JSON(http.StatusOK, model.SuccessResponse(UploadResponse{
PickupCode: batch.PickupCode,
ExpireAt: batch.ExpireAt,
BatchID: batch.ID,
}))
}
type UploadTextRequest struct {
Content string `json:"content" binding:"required" example:"这是一段长文本内容..."`
Remark string `json:"remark" example:"文本备注"`
ExpireType string `json:"expire_type" example:"time"`
ExpireDays int `json:"expire_days" example:"7"`
MaxDownloads int `json:"max_downloads" example:"5"`
}
// UploadText 发送长文本并生成取件码
// @Summary 发送长文本
// @Description 中转一段长文本内容并创建一个提取批次。如果配置了 require_token则必须提供带 upload scope 的 API Token。
// @Tags Public
// @Accept json
// @Produce json
// @Security APITokenAuth
// @Param request body UploadTextRequest true "文本内容及配置"
// @Success 200 {object} model.Response{data=UploadResponse}
// @Failure 400 {object} model.Response
// @Failure 500 {object} model.Response
// @Router /api/batches/text [post]
func (h *UploadHandler) UploadText(c *gin.Context) {
var req UploadTextRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, err.Error()))
return
}
// 校验文本长度
maxSize := config.GlobalConfig.Upload.MaxFileSizeMB * 1024 * 1024
if int64(len(req.Content)) > maxSize {
c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, fmt.Sprintf("文本内容超过最大限制 (%dMB)", config.GlobalConfig.Upload.MaxFileSizeMB)))
return
}
if req.ExpireType == "" {
req.ExpireType = "time"
}
var expireValue interface{}
switch req.ExpireType {
case "time":
if req.ExpireDays <= 0 {
req.ExpireDays = config.GlobalConfig.Upload.MaxRetentionDays
}
expireValue = req.ExpireDays
case "download":
if req.MaxDownloads <= 0 {
req.MaxDownloads = 1
}
expireValue = req.MaxDownloads
}
batch, err := h.uploadService.CreateTextBatch(c.Request.Context(), req.Content, req.Remark, req.ExpireType, expireValue)
if err != nil {
slog.Error("Upload handler failed to create text batch", "error", err)
c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
return
}
c.JSON(http.StatusOK, model.SuccessResponse(UploadResponse{
PickupCode: batch.PickupCode,
ExpireAt: batch.ExpireAt,
BatchID: batch.ID,
}))
}