Merge pull request #2202 from Michael-Jetson/main
新增三大功能:兑换码邀请返利、批量修改用户并发数、Markdown页面渲染
This commit is contained in:
Wesley Liddick
@@ -175,6 +175,10 @@ func (s *stubAdminService) UpdateUserBalance(ctx context.Context, userID int64,
|
||||
return &user, nil
|
||||
}
|
||||
|
||||
func (s *stubAdminService) BatchUpdateConcurrency(ctx context.Context, userIDs []int64, value int, mode string) (int, error) {
|
||||
return len(userIDs), nil
|
||||
}
|
||||
|
||||
func (s *stubAdminService) GetUserAPIKeys(ctx context.Context, userID int64, page, pageSize int, sortBy, sortOrder string) ([]service.APIKey, int64, error) {
|
||||
return s.apiKeys, int64(len(s.apiKeys)), nil
|
||||
}
|
||||
|
||||
@@ -998,17 +998,27 @@ func (h *SettingHandler) UpdateSettings(c *gin.Context) {
|
||||
response.BadRequest(c, "Custom menu item label is too long (max 50 characters)")
|
||||
return
|
||||
}
|
||||
if strings.TrimSpace(item.URL) == "" {
|
||||
response.BadRequest(c, "Custom menu item URL is required")
|
||||
return
|
||||
}
|
||||
if len(item.URL) > maxMenuItemURLLen {
|
||||
response.BadRequest(c, "Custom menu item URL is too long (max 2048 characters)")
|
||||
return
|
||||
}
|
||||
if err := config.ValidateAbsoluteHTTPURL(strings.TrimSpace(item.URL)); err != nil {
|
||||
response.BadRequest(c, "Custom menu item URL must be an absolute http(s) URL")
|
||||
return
|
||||
urlTrimmed := strings.TrimSpace(item.URL)
|
||||
if strings.HasPrefix(urlTrimmed, "md:") {
|
||||
// Markdown page mode: URL = "md:<slug>"
|
||||
slug := strings.TrimPrefix(urlTrimmed, "md:")
|
||||
if slug == "" {
|
||||
response.BadRequest(c, "Custom menu item markdown slug cannot be empty (use md:slug format)")
|
||||
return
|
||||
}
|
||||
} else {
|
||||
if urlTrimmed == "" {
|
||||
response.BadRequest(c, "Custom menu item URL is required (use md:slug for markdown pages)")
|
||||
return
|
||||
}
|
||||
if len(item.URL) > maxMenuItemURLLen {
|
||||
response.BadRequest(c, "Custom menu item URL is too long (max 2048 characters)")
|
||||
return
|
||||
}
|
||||
if err := config.ValidateAbsoluteHTTPURL(urlTrimmed); err != nil {
|
||||
response.BadRequest(c, "Custom menu item URL must be an absolute http(s) URL or md:<slug>")
|
||||
return
|
||||
}
|
||||
}
|
||||
if item.Visibility != "user" && item.Visibility != "admin" {
|
||||
response.BadRequest(c, "Custom menu item visibility must be 'user' or 'admin'")
|
||||
|
||||
@@ -477,3 +477,63 @@ func (h *UserHandler) GetUserRPMStatus(c *gin.Context) {
|
||||
|
||||
response.Success(c, status)
|
||||
}
|
||||
|
||||
// BatchUpdateConcurrency 批量修改用户并发数
|
||||
// POST /api/v1/admin/users/batch-concurrency
|
||||
type BatchUpdateConcurrencyRequest struct {
|
||||
UserIDs []int64 `json:"user_ids"`
|
||||
All bool `json:"all"`
|
||||
Concurrency int `json:"concurrency"`
|
||||
Mode string `json:"mode" binding:"required,oneof=set add"`
|
||||
}
|
||||
|
||||
func (h *UserHandler) BatchUpdateConcurrency(c *gin.Context) {
|
||||
var req BatchUpdateConcurrencyRequest
|
||||
if err := c.ShouldBindJSON(&req); err != nil {
|
||||
response.BadRequest(c, "Invalid request: "+err.Error())
|
||||
return
|
||||
}
|
||||
if !req.All && len(req.UserIDs) == 0 {
|
||||
response.BadRequest(c, "user_ids is required unless all=true")
|
||||
return
|
||||
}
|
||||
if len(req.UserIDs) > 500 {
|
||||
response.BadRequest(c, "user_ids cannot exceed 500")
|
||||
return
|
||||
}
|
||||
|
||||
var userIDs []int64
|
||||
if req.All {
|
||||
// Fetch all user IDs via pagination
|
||||
page := 1
|
||||
const pageSize = 500
|
||||
for {
|
||||
users, _, err := h.adminService.ListUsers(c.Request.Context(), page, pageSize, service.UserListFilters{}, "id", "asc")
|
||||
if err != nil {
|
||||
response.ErrorFrom(c, err)
|
||||
return
|
||||
}
|
||||
for _, u := range users {
|
||||
userIDs = append(userIDs, u.ID)
|
||||
}
|
||||
if len(users) < pageSize {
|
||||
break
|
||||
}
|
||||
page++
|
||||
}
|
||||
} else {
|
||||
userIDs = req.UserIDs
|
||||
}
|
||||
|
||||
if len(userIDs) == 0 {
|
||||
response.Success(c, gin.H{"affected": 0})
|
||||
return
|
||||
}
|
||||
|
||||
affected, err := h.adminService.BatchUpdateConcurrency(c.Request.Context(), userIDs, req.Concurrency, req.Mode)
|
||||
if err != nil {
|
||||
response.ErrorFrom(c, err)
|
||||
return
|
||||
}
|
||||
response.Success(c, gin.H{"affected": affected})
|
||||
}
|
||||
|
||||
@@ -2798,6 +2798,14 @@ func (r *oauthPendingFlowUserRepo) UpdateConcurrency(context.Context, int64, int
|
||||
panic("unexpected UpdateConcurrency call")
|
||||
}
|
||||
|
||||
func (r *oauthPendingFlowUserRepo) BatchSetConcurrency(context.Context, []int64, int) (int, error) {
|
||||
panic("unexpected BatchSetConcurrency call")
|
||||
}
|
||||
|
||||
func (r *oauthPendingFlowUserRepo) BatchAddConcurrency(context.Context, []int64, int) (int, error) {
|
||||
panic("unexpected BatchAddConcurrency call")
|
||||
}
|
||||
|
||||
func (r *oauthPendingFlowUserRepo) GetLatestUsedAtByUserIDs(context.Context, []int64) (map[int64]*time.Time, error) {
|
||||
return map[int64]*time.Time{}, nil
|
||||
}
|
||||
|
||||
@@ -11,6 +11,7 @@ type CustomMenuItem struct {
|
||||
Label string `json:"label"`
|
||||
IconSVG string `json:"icon_svg"`
|
||||
URL string `json:"url"`
|
||||
PageSlug string `json:"page_slug,omitempty"`
|
||||
Visibility string `json:"visibility"` // "user" or "admin"
|
||||
SortOrder int `json:"sort_order"`
|
||||
}
|
||||
|
||||
215
backend/internal/handler/page_handler.go
Normal file
215
backend/internal/handler/page_handler.go
Normal file
@@ -0,0 +1,215 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
||||
"github.com/Wei-Shaw/sub2api/internal/pkg/response"
|
||||
middleware2 "github.com/Wei-Shaw/sub2api/internal/server/middleware"
|
||||
"github.com/Wei-Shaw/sub2api/internal/service"
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
var validSlugPattern = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9_-]*$`)
|
||||
|
||||
const maxPageFileSize = 1 << 20 // 1MB
|
||||
|
||||
type PageHandler struct {
|
||||
pagesDir string
|
||||
settingService *service.SettingService
|
||||
}
|
||||
|
||||
func NewPageHandler(dataDir string, settingService *service.SettingService) *PageHandler {
|
||||
pagesDir := filepath.Join(dataDir, "pages")
|
||||
_ = os.MkdirAll(pagesDir, 0755)
|
||||
return &PageHandler{pagesDir: pagesDir, settingService: settingService}
|
||||
}
|
||||
|
||||
// GetPageContent serves raw markdown content for a given slug.
|
||||
// GET /api/v1/pages/:slug
|
||||
func (h *PageHandler) GetPageContent(c *gin.Context) {
|
||||
slug := c.Param("slug")
|
||||
if !validSlugPattern.MatchString(slug) || len(slug) > 64 {
|
||||
response.BadRequest(c, "Invalid page slug")
|
||||
return
|
||||
}
|
||||
|
||||
// Visibility check: slug must be configured in custom_menu_items
|
||||
// and the user must have permission based on visibility setting
|
||||
if !h.checkSlugVisibility(c, slug) {
|
||||
c.JSON(http.StatusNotFound, gin.H{"error": "page not found"})
|
||||
return
|
||||
}
|
||||
|
||||
filePath := filepath.Join(h.pagesDir, slug+".md")
|
||||
cleaned := filepath.Clean(filePath)
|
||||
if !strings.HasPrefix(cleaned, filepath.Clean(h.pagesDir)) {
|
||||
response.BadRequest(c, "Invalid page slug")
|
||||
return
|
||||
}
|
||||
|
||||
info, err := os.Stat(cleaned)
|
||||
if err != nil || info.IsDir() {
|
||||
c.JSON(http.StatusNotFound, gin.H{"error": "page not found"})
|
||||
return
|
||||
}
|
||||
if info.Size() > maxPageFileSize {
|
||||
c.JSON(http.StatusRequestEntityTooLarge, gin.H{"error": "page too large"})
|
||||
return
|
||||
}
|
||||
|
||||
content, err := os.ReadFile(cleaned)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to read page"})
|
||||
return
|
||||
}
|
||||
|
||||
c.Data(http.StatusOK, "text/markdown; charset=utf-8", content)
|
||||
}
|
||||
|
||||
// ListPages returns available page slugs.
|
||||
// GET /api/v1/pages
|
||||
func (h *PageHandler) ListPages(c *gin.Context) {
|
||||
entries, err := os.ReadDir(h.pagesDir)
|
||||
if err != nil {
|
||||
response.Success(c, []string{})
|
||||
return
|
||||
}
|
||||
|
||||
slugs := make([]string, 0, len(entries))
|
||||
for _, e := range entries {
|
||||
if e.IsDir() {
|
||||
continue
|
||||
}
|
||||
name := e.Name()
|
||||
if strings.HasSuffix(name, ".md") {
|
||||
slugs = append(slugs, strings.TrimSuffix(name, ".md"))
|
||||
}
|
||||
}
|
||||
response.Success(c, slugs)
|
||||
}
|
||||
|
||||
// ServePageImage serves images from data/pages/{slug}/ directory.
|
||||
// GET /api/v1/pages/:slug/images/*filename
|
||||
// No JWT required (browser img tags can't carry tokens), but visibility is checked.
|
||||
func (h *PageHandler) ServePageImage(c *gin.Context) {
|
||||
slug := c.Param("slug")
|
||||
filename := c.Param("filename")
|
||||
filename = strings.TrimPrefix(filename, "/")
|
||||
|
||||
if !validSlugPattern.MatchString(slug) || len(slug) > 64 {
|
||||
c.Status(http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
|
||||
if !h.checkImageSlugVisibility(c, slug) {
|
||||
c.Status(http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
|
||||
if filename == "" || strings.Contains(filename, "..") || strings.Contains(filename, "/") || strings.Contains(filename, "\\") {
|
||||
c.Status(http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
|
||||
imagesDir := filepath.Join(h.pagesDir, slug)
|
||||
filePath := filepath.Join(imagesDir, filename)
|
||||
cleaned := filepath.Clean(filePath)
|
||||
if !strings.HasPrefix(cleaned, filepath.Clean(imagesDir)) {
|
||||
c.Status(http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
|
||||
info, err := os.Stat(cleaned)
|
||||
if err != nil || info.IsDir() {
|
||||
c.Status(http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
|
||||
c.File(cleaned)
|
||||
}
|
||||
|
||||
// findSlugVisibility looks up the slug in custom_menu_items and returns (visibility, found).
|
||||
func (h *PageHandler) findSlugVisibility(c *gin.Context, slug string) (string, bool) {
|
||||
if h.settingService == nil {
|
||||
return "", false
|
||||
}
|
||||
|
||||
raw := h.settingService.GetCustomMenuItemsRaw(c.Request.Context())
|
||||
if raw == "" || raw == "[]" {
|
||||
return "", false
|
||||
}
|
||||
|
||||
var items []struct {
|
||||
URL string `json:"url"`
|
||||
PageSlug string `json:"page_slug"`
|
||||
Visibility string `json:"visibility"`
|
||||
}
|
||||
if err := json.Unmarshal([]byte(raw), &items); err != nil {
|
||||
return "", false
|
||||
}
|
||||
|
||||
for _, item := range items {
|
||||
itemSlug := item.PageSlug
|
||||
if itemSlug == "" && strings.HasPrefix(item.URL, "md:") {
|
||||
itemSlug = strings.TrimPrefix(item.URL, "md:")
|
||||
}
|
||||
if itemSlug == slug {
|
||||
return item.Visibility, true
|
||||
}
|
||||
}
|
||||
return "", false
|
||||
}
|
||||
|
||||
// checkSlugVisibility verifies the slug is configured in custom_menu_items
|
||||
// and the authenticated user has permission to view it.
|
||||
func (h *PageHandler) checkSlugVisibility(c *gin.Context, slug string) bool {
|
||||
visibility, found := h.findSlugVisibility(c, slug)
|
||||
if !found {
|
||||
return false
|
||||
}
|
||||
if visibility == "admin" {
|
||||
role, _ := middleware2.GetUserRoleFromContext(c)
|
||||
return role == "admin"
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
// checkImageSlugVisibility checks visibility for image requests (no JWT available).
|
||||
// Only allows user-visible pages; admin-only pages are blocked.
|
||||
func (h *PageHandler) checkImageSlugVisibility(c *gin.Context, slug string) bool {
|
||||
visibility, found := h.findSlugVisibility(c, slug)
|
||||
if !found {
|
||||
return false
|
||||
}
|
||||
return visibility != "admin"
|
||||
}
|
||||
|
||||
// RegisterPageRoutes registers page routes on a router group.
|
||||
func RegisterPageRoutes(v1 *gin.RouterGroup, dataDir string, jwtAuth gin.HandlerFunc, adminAuth gin.HandlerFunc, settingService *service.SettingService) {
|
||||
h := NewPageHandler(dataDir, settingService)
|
||||
|
||||
// Authenticated page content (JWT required + visibility check)
|
||||
pages := v1.Group("/pages")
|
||||
pages.Use(jwtAuth)
|
||||
{
|
||||
pages.GET("/:slug", h.GetPageContent)
|
||||
}
|
||||
|
||||
// Images: no JWT (browser img tags can't carry tokens), visibility check in handler
|
||||
pageImages := v1.Group("/pages")
|
||||
{
|
||||
pageImages.GET("/:slug/images/*filename", h.ServePageImage)
|
||||
}
|
||||
|
||||
// Admin-only: list all available pages
|
||||
adminPages := v1.Group("/pages")
|
||||
adminPages.Use(adminAuth)
|
||||
{
|
||||
adminPages.GET("", h.ListPages)
|
||||
}
|
||||
}
|
||||
@@ -87,6 +87,8 @@ func (s *userHandlerRepoStub) ListWithFilters(context.Context, pagination.Pagina
|
||||
func (s *userHandlerRepoStub) UpdateBalance(context.Context, int64, float64) error { return nil }
|
||||
func (s *userHandlerRepoStub) DeductBalance(context.Context, int64, float64) error { return nil }
|
||||
func (s *userHandlerRepoStub) UpdateConcurrency(context.Context, int64, int) error { return nil }
|
||||
func (s *userHandlerRepoStub) BatchSetConcurrency(context.Context, []int64, int) (int, error) { return 0, nil }
|
||||
func (s *userHandlerRepoStub) BatchAddConcurrency(context.Context, []int64, int) (int, error) { return 0, nil }
|
||||
func (s *userHandlerRepoStub) ExistsByEmail(context.Context, string) (bool, error) { return false, nil }
|
||||
func (s *userHandlerRepoStub) RemoveGroupFromAllowedGroups(context.Context, int64) (int64, error) {
|
||||
return 0, nil
|
||||
|
||||
Reference in New Issue
Block a user