Initial commit

internal/api/admin/auth.go

@@ -0,0 +1,70 @@
+package admin
+
+import (
+	"FileRelay/internal/auth"
+	"FileRelay/internal/config"
+	"FileRelay/internal/model"
+	"log/slog"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"golang.org/x/crypto/bcrypt"
+)
+
+type AuthHandler struct{}
+
+func NewAuthHandler() *AuthHandler {
+	return &AuthHandler{}
+}
+
+type LoginRequest struct {
+	Password string `json:"password" binding:"required" example:"admin"`
+}
+
+type LoginResponse struct {
+	Token string `json:"token"`
+}
+
+// Login 管理员登录
+// @Summary      管理员登录
+// @Description  通过密码换取 JWT Token
+// @Tags         Admin
+// @Accept       json
+// @Produce      json
+// @Param        request body LoginRequest true "登录请求"
+// @Success      200  {object}  model.Response{data=LoginResponse}
+// @Failure      401  {object}  model.Response
+// @Router       /api/admin/login [post]
+func (h *AuthHandler) Login(c *gin.Context) {
+	var req LoginRequest
+
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, "Invalid request"))
+		return
+	}
+
+	passwordHash := config.GlobalConfig.Security.AdminPasswordHash
+	if passwordHash == "" {
+		c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "Admin password hash not configured"))
+		return
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(passwordHash), []byte(req.Password)); err != nil {
+		slog.Warn("Failed admin login attempt", "ip", c.ClientIP())
+		c.JSON(http.StatusUnauthorized, model.ErrorResponse(model.CodeUnauthorized, "Incorrect password"))
+		return
+	}
+
+	// 使用固定 ID 1 代表管理员（因为不再有数据库记录）
+	token, err := auth.GenerateToken(1)
+	if err != nil {
+		slog.Error("Failed to generate admin token", "error", err)
+		c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "Failed to generate token"))
+		return
+	}
+
+	slog.Info("Admin logged in", "ip", c.ClientIP())
+	c.JSON(http.StatusOK, model.SuccessResponse(LoginResponse{
+		Token: token,
+	}))
+}

internal/api/admin/batch.go

@@ -0,0 +1,256 @@
+package admin
+
+import (
+	"FileRelay/internal/bootstrap"
+	"FileRelay/internal/model"
+	"FileRelay/internal/service"
+	"bytes"
+	"encoding/json"
+	"io"
+	"log/slog"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/gin-gonic/gin"
+)
+
+type BatchHandler struct {
+	batchService *service.BatchService
+}
+
+func NewBatchHandler() *BatchHandler {
+	return &BatchHandler{
+		batchService: service.NewBatchService(),
+	}
+}
+
+type ListBatchesResponse struct {
+	Total    int64             `json:"total"`
+	Page     int               `json:"page"`
+	PageSize int               `json:"page_size"`
+	Data     []model.FileBatch `json:"data"`
+}
+
+type UpdateBatchRequest struct {
+	Remark        *string    `json:"remark"`
+	ExpireType    *string    `json:"expire_type"`
+	ExpireAt      *time.Time `json:"expire_at"`
+	MaxDownloads  *int       `json:"max_downloads"`
+	DownloadCount *int       `json:"download_count"`
+	Status        *string    `json:"status"`
+}
+
+// ListBatches 获取批次列表
+// @Summary      获取批次列表
+// @Description  分页查询所有文件批次，支持按状态过滤和取件码模糊搜索
+// @Tags         Admin
+// @Security     AdminAuth
+// @Param        page         query     int     false  "页码 (默认 1)"
+// @Param        page_size    query     int     false  "每页数量 (默认 20)"
+// @Param        status       query     string  false  "状态 (active/expired/deleted)"
+// @Param        pickup_code  query     string  false  "取件码 (模糊搜索)"
+// @Produce      json
+// @Success      200  {object}  model.Response{data=ListBatchesResponse}
+// @Failure      401  {object}  model.Response
+// @Router       /api/admin/batches [get]
+func (h *BatchHandler) ListBatches(c *gin.Context) {
+	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
+	pageSize, _ := strconv.Atoi(c.DefaultQuery("page_size", "20"))
+
+	if page < 1 {
+		page = 1
+	}
+	if pageSize < 1 {
+		pageSize = 20
+	}
+	status := c.Query("status")
+	pickupCode := c.Query("pickup_code")
+
+	query := bootstrap.DB.Model(&model.FileBatch{})
+	if status != "" {
+		query = query.Where("status = ?", status)
+	}
+	if pickupCode != "" {
+		query = query.Where("pickup_code LIKE ?", "%"+pickupCode+"%")
+	}
+
+	var total int64
+	query.Count(&total)
+
+	var batches []model.FileBatch
+	err := query.Offset((page - 1) * pageSize).Limit(pageSize).Order("created_at DESC").Find(&batches).Error
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
+		return
+	}
+
+	c.JSON(http.StatusOK, model.SuccessResponse(ListBatchesResponse{
+		Total:    total,
+		Page:     page,
+		PageSize: pageSize,
+		Data:     batches,
+	}))
+}
+
+// GetBatch 获取批次详情
+// @Summary      获取批次详情
+// @Description  根据批次 ID 获取批次信息及关联的文件列表
+// @Tags         Admin
+// @Security     AdminAuth
+// @Param        batch_id  path  string  true  "批次 ID (UUID)"
+// @Produce      json
+// @Success      200  {object}  model.Response{data=model.FileBatch}
+// @Failure      404  {object}  model.Response
+// @Router       /api/admin/batches/{batch_id} [get]
+func (h *BatchHandler) GetBatch(c *gin.Context) {
+	id := c.Param("batch_id")
+	var batch model.FileBatch
+	if err := bootstrap.DB.Preload("FileItems").First(&batch, "id = ?", id).Error; err != nil {
+		c.JSON(http.StatusNotFound, model.ErrorResponse(model.CodeNotFound, "batch not found"))
+		return
+	}
+	c.JSON(http.StatusOK, model.SuccessResponse(batch))
+}
+
+// UpdateBatch 修改批次信息
+// @Summary      修改批次信息
+// @Description  允许修改备注、过期策略、最大下载次数、状态等
+// @Tags         Admin
+// @Security     AdminAuth
+// @Accept       json
+// @Produce      json
+// @Param        batch_id  path  string  true  "批次 ID (UUID)"
+// @Param        request body UpdateBatchRequest true "修改内容"
+// @Success      200  {object}  model.Response{data=model.FileBatch}
+// @Failure      400  {object}  model.Response
+// @Router       /api/admin/batches/{batch_id} [put]
+func (h *BatchHandler) UpdateBatch(c *gin.Context) {
+	id := c.Param("batch_id")
+	var batch model.FileBatch
+	if err := bootstrap.DB.First(&batch, "id = ?", id).Error; err != nil {
+		c.JSON(http.StatusNotFound, model.ErrorResponse(model.CodeNotFound, "batch not found"))
+		return
+	}
+
+	rawBody, err := c.GetRawData()
+	if err != nil {
+		c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, "failed to read body"))
+		return
+	}
+	c.Request.Body = io.NopCloser(bytes.NewBuffer(rawBody))
+
+	var input UpdateBatchRequest
+	if err := c.ShouldBindJSON(&input); err != nil {
+		c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, err.Error()))
+		return
+	}
+
+	var rawMap map[string]interface{}
+	json.Unmarshal(rawBody, &rawMap)
+
+	updates := make(map[string]interface{})
+	if input.Remark != nil {
+		updates["remark"] = *input.Remark
+	}
+	if input.ExpireType != nil {
+		newType := *input.ExpireType
+		updates["expire_type"] = newType
+
+		// 如果类型发生变化，根据新类型清除不相关的配置
+		if newType != batch.ExpireType {
+			if newType == "download" {
+				updates["expire_at"] = nil
+			} else if newType == "time" {
+				updates["max_downloads"] = 0
+			} else if newType == "permanent" {
+				updates["expire_at"] = nil
+				updates["max_downloads"] = 0
+			}
+		}
+	}
+
+	// 显式提供的值具有最高优先级，但仅在逻辑允许的情况下
+	// 例如：如果切换到了 download 类型，用户可以同时提供一个新的 max_downloads
+	if _, ok := rawMap["expire_at"]; ok {
+		updates["expire_at"] = input.ExpireAt
+	}
+	if input.MaxDownloads != nil {
+		updates["max_downloads"] = *input.MaxDownloads
+	}
+
+	// 强制校验：如果最终结果是 permanent，确保限制被清空
+	// 这样即使用户在请求中显式传了非零值，也会被修正
+	finalType := batch.ExpireType
+	if t, ok := updates["expire_type"].(string); ok {
+		finalType = t
+	}
+
+	if finalType == "permanent" {
+		updates["expire_at"] = nil
+		updates["max_downloads"] = 0
+	} else if finalType == "time" {
+		// 如果是时间过期，max_downloads 应该始终为 0
+		updates["max_downloads"] = 0
+	} else if finalType == "download" {
+		// 如果是下载次数过期，expire_at 应该始终为 null
+		updates["expire_at"] = nil
+	}
+	if input.DownloadCount != nil {
+		updates["download_count"] = *input.DownloadCount
+	}
+	if input.Status != nil {
+		updates["status"] = *input.Status
+	}
+
+	if len(updates) > 0 {
+		if err := bootstrap.DB.Model(&batch).Updates(updates).Error; err != nil {
+			c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
+			return
+		}
+		// 重新从数据库读取，确保返回的是完整且最新的数据
+		bootstrap.DB.First(&batch, "id = ?", id)
+	}
+
+	c.JSON(http.StatusOK, model.SuccessResponse(batch))
+}
+
+// CleanBatches 手动触发清理过期或已删除的批次
+// @Summary      手动触发清理
+// @Description  手动扫描并物理删除所有已过期或标记为删除的文件批次及其关联文件
+// @Tags         Admin
+// @Security     AdminAuth
+// @Produce      json
+// @Success      200  {object}  model.Response
+// @Failure      500  {object}  model.Response
+// @Router       /api/admin/batches/clean [post]
+func (h *BatchHandler) CleanBatches(c *gin.Context) {
+	slog.Info("Admin triggered manual cleanup")
+	if err := h.batchService.Cleanup(c.Request.Context()); err != nil {
+		slog.Error("Manual cleanup failed", "error", err)
+		c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "cleanup failed: "+err.Error()))
+		return
+	}
+	c.JSON(http.StatusOK, model.SuccessResponse(nil))
+}
+
+// DeleteBatch 删除批次
+// @Summary      删除批次
+// @Description  标记批次为已删除，并物理删除关联的存储文件
+// @Tags         Admin
+// @Security     AdminAuth
+// @Param        batch_id  path  string  true  "批次 ID (UUID)"
+// @Produce      json
+// @Success      200  {object}  model.Response
+// @Failure      500  {object}  model.Response
+// @Router       /api/admin/batches/{batch_id} [delete]
+func (h *BatchHandler) DeleteBatch(c *gin.Context) {
+	id := c.Param("batch_id")
+
+	if err := h.batchService.DeleteBatch(c.Request.Context(), id); err != nil {
+		c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
+		return
+	}
+
+	c.JSON(http.StatusOK, model.SuccessResponse(map[string]interface{}{}))
+}

internal/api/admin/config.go

@@ -0,0 +1,107 @@
+package admin
+
+import (
+	"FileRelay/internal/bootstrap"
+	"FileRelay/internal/config"
+	"FileRelay/internal/model"
+	"FileRelay/internal/service"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"golang.org/x/crypto/bcrypt"
+)
+
+type ConfigHandler struct{}
+
+func NewConfigHandler() *ConfigHandler {
+	return &ConfigHandler{}
+}
+
+// GetConfig 获取当前完整配置
+// @Summary 获取完整配置
+// @Description 获取系统的完整配置文件内容（仅管理员）
+// @Tags         Admin
+// @Security AdminAuth
+// @Produce json
+// @Success 200 {object} model.Response{data=config.Config}
+// @Router /api/admin/config [get]
+func (h *ConfigHandler) GetConfig(c *gin.Context) {
+	c.JSON(http.StatusOK, model.SuccessResponse(config.GlobalConfig))
+}
+
+// UpdateConfig 更新配置
+// @Summary 更新配置
+// @Description 更新系统的配置文件内容（仅管理员）
+// @Tags         Admin
+// @Security AdminAuth
+// @Accept json
+// @Produce json
+// @Param config body config.Config true "新配置内容"
+// @Success 200 {object} model.Response{data=config.Config}
+// @Failure 400 {object} model.Response
+// @Failure 500 {object} model.Response
+// @Router /api/admin/config [put]
+func (h *ConfigHandler) UpdateConfig(c *gin.Context) {
+	var newConfig config.Config
+	if err := c.ShouldBindJSON(&newConfig); err != nil {
+		c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, err.Error()))
+		return
+	}
+
+	// 简单的校验，防止关键配置被改空
+	if newConfig.Database.Path == "" {
+		newConfig.Database.Path = config.GlobalConfig.Database.Path
+	}
+	if newConfig.Site.Port <= 0 || newConfig.Site.Port > 65535 {
+		newConfig.Site.Port = 8080
+	}
+
+	// 如果传入了明文密码，则重新生成 hash
+	if newConfig.Security.AdminPassword != "" {
+		hash, err := bcrypt.GenerateFromPassword([]byte(newConfig.Security.AdminPassword), bcrypt.DefaultCost)
+		if err != nil {
+			c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "Failed to hash password: "+err.Error()))
+			return
+		}
+		newConfig.Security.AdminPasswordHash = string(hash)
+	}
+
+	// 检查取件码长度是否变化
+	pickupCodeLengthChanged := newConfig.Security.PickupCodeLength != config.GlobalConfig.Security.PickupCodeLength && newConfig.Security.PickupCodeLength > 0
+	// 检查数据库配置是否变化
+	dbConfigChanged := newConfig.Database != config.GlobalConfig.Database
+
+	// 如果长度变化，同步更新现有取件码 (在可能切换数据库前，先处理旧库数据)
+	if pickupCodeLengthChanged {
+		batchService := service.NewBatchService()
+		if err := batchService.UpdateAllPickupCodes(newConfig.Security.PickupCodeLength); err != nil {
+			c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "Failed to update existing pickup codes: "+err.Error()))
+			return
+		}
+	}
+
+	// 更新内存配置
+	config.UpdateGlobalConfig(&newConfig)
+
+	// 重新连接数据库并迁移数据（如果配置发生变化）
+	if dbConfigChanged {
+		if err := bootstrap.ReloadDB(newConfig.Database); err != nil {
+			c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "Failed to reload database: "+err.Error()))
+			return
+		}
+	}
+
+	// 重新初始化存储（热更新业务逻辑）
+	if err := bootstrap.ReloadStorage(); err != nil {
+		c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "Failed to reload storage: "+err.Error()))
+		return
+	}
+
+	// 保存到文件
+	if err := config.SaveConfig(); err != nil {
+		c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, "Failed to save config: "+err.Error()))
+		return
+	}
+
+	c.JSON(http.StatusOK, model.SuccessResponse(config.GlobalConfig))
+}

internal/api/admin/token.go

@@ -0,0 +1,138 @@
+package admin
+
+import (
+	"FileRelay/internal/bootstrap"
+	"FileRelay/internal/model"
+	"FileRelay/internal/service"
+	"net/http"
+	"time"
+
+	"github.com/gin-gonic/gin"
+)
+
+type TokenHandler struct {
+	tokenService *service.TokenService
+}
+
+func NewTokenHandler() *TokenHandler {
+	return &TokenHandler{
+		tokenService: service.NewTokenService(),
+	}
+}
+
+type CreateTokenRequest struct {
+	Name     string     `json:"name" binding:"required" example:"Test Token"`
+	Scope    string     `json:"scope" example:"upload,pickup" enums:"upload,pickup,admin"`
+	ExpireAt *time.Time `json:"expire_at"`
+}
+
+type CreateTokenResponse struct {
+	Token string          `json:"token"`
+	Data  *model.APIToken `json:"data"`
+}
+
+// ListTokens 获取 API Token 列表
+// @Summary      获取 API Token 列表
+// @Description  获取系统中所有 API Token 的详细信息（不包含哈希）
+// @Tags         Admin
+// @Security     AdminAuth
+// @Produce      json
+// @Success      200  {object}  model.Response{data=[]model.APIToken}
+// @Failure      401  {object}  model.Response
+// @Router       /api/admin/api-tokens [get]
+func (h *TokenHandler) ListTokens(c *gin.Context) {
+	var tokens []model.APIToken
+	if err := bootstrap.DB.Find(&tokens).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
+		return
+	}
+	c.JSON(http.StatusOK, model.SuccessResponse(tokens))
+}
+
+// CreateToken 创建 API Token
+// @Summary      创建 API Token
+// @Description  创建一个新的 API Token，返回原始 Token（仅显示一次）
+// @Tags         Admin
+// @Security     AdminAuth
+// @Accept       json
+// @Produce      json
+// @Param        request body CreateTokenRequest true "Token 信息"
+// @Success      201  {object}  model.Response{data=CreateTokenResponse}
+// @Failure      400  {object}  model.Response
+// @Router       /api/admin/api-tokens [post]
+func (h *TokenHandler) CreateToken(c *gin.Context) {
+	var input CreateTokenRequest
+
+	if err := c.ShouldBindJSON(&input); err != nil {
+		c.JSON(http.StatusBadRequest, model.ErrorResponse(model.CodeBadRequest, err.Error()))
+		return
+	}
+
+	rawToken, token, err := h.tokenService.CreateToken(input.Name, input.Scope, input.ExpireAt)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
+		return
+	}
+
+	c.JSON(http.StatusCreated, model.SuccessResponse(CreateTokenResponse{
+		Token: rawToken,
+		Data:  token,
+	}))
+}
+
+// RevokeToken 撤销 API Token
+// @Summary      撤销 API Token
+// @Description  将 API Token 标记为已撤销，使其失效但保留记录
+// @Tags         Admin
+// @Security     AdminAuth
+// @Param        id   path      int     true  "Token ID"
+// @Produce      json
+// @Success      200  {object}  model.Response
+// @Failure      500  {object}  model.Response
+// @Router       /api/admin/api-tokens/{id}/revoke [post]
+func (h *TokenHandler) RevokeToken(c *gin.Context) {
+	id := c.Param("id")
+	if err := bootstrap.DB.Model(&model.APIToken{}).Where("id = ?", id).Update("revoked", true).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
+		return
+	}
+	c.JSON(http.StatusOK, model.SuccessResponse(map[string]interface{}{}))
+}
+
+// RecoverToken 恢复 API Token
+// @Summary      恢复 API Token
+// @Description  将已撤销的 API Token 恢复为有效状态
+// @Tags         Admin
+// @Security     AdminAuth
+// @Param        id   path      int     true  "Token ID"
+// @Produce      json
+// @Success      200  {object}  model.Response
+// @Failure      500  {object}  model.Response
+// @Router       /api/admin/api-tokens/{id}/recover [post]
+func (h *TokenHandler) RecoverToken(c *gin.Context) {
+	id := c.Param("id")
+	if err := bootstrap.DB.Model(&model.APIToken{}).Where("id = ?", id).Update("revoked", false).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
+		return
+	}
+	c.JSON(http.StatusOK, model.SuccessResponse(map[string]interface{}{}))
+}
+
+// DeleteToken 删除 API Token
+// @Summary      删除 API Token
+// @Description  根据 ID 永久删除 API Token
+// @Tags         Admin
+// @Security     AdminAuth
+// @Param        id   path      int     true  "Token ID"
+// @Produce      json
+// @Success      200  {object}  model.Response
+// @Failure      500  {object}  model.Response
+// @Router       /api/admin/api-tokens/{id} [delete]
+func (h *TokenHandler) DeleteToken(c *gin.Context) {
+	id := c.Param("id")
+	if err := bootstrap.DB.Delete(&model.APIToken{}, id).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, model.ErrorResponse(model.CodeInternalError, err.Error()))
+		return
+	}
+	c.JSON(http.StatusOK, model.SuccessResponse(map[string]interface{}{}))
+}