feat(admin): 支持删除凭据功能

admin-ui/src/api/credentials.ts

@@ -78,3 +78,9 @@ export async function addCredential(
   const { data } = await api.post<AddCredentialResponse>('/credentials', req)
   return data
 }
+
+// 删除凭据
+export async function deleteCredential(id: number): Promise<SuccessResponse> {
+  const { data } = await api.delete<SuccessResponse>(`/credentials/${id}`)
+  return data
+}

admin-ui/src/components/credential-card.tsx

@@ -1,16 +1,25 @@
 import { useState } from 'react'
 import { toast } from 'sonner'
-import { RefreshCw, ChevronUp, ChevronDown, Wallet } from 'lucide-react'
+import { RefreshCw, ChevronUp, ChevronDown, Wallet, Trash2 } from 'lucide-react'
 import { Card, CardContent, CardHeader, CardTitle } from '@/components/ui/card'
 import { Button } from '@/components/ui/button'
 import { Badge } from '@/components/ui/badge'
 import { Switch } from '@/components/ui/switch'
 import { Input } from '@/components/ui/input'
+import {
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+} from '@/components/ui/dialog'
 import type { CredentialStatusItem } from '@/types/api'
 import {
   useSetDisabled,
   useSetPriority,
   useResetFailure,
+  useDeleteCredential,
 } from '@/hooks/use-credentials'
 
 interface CredentialCardProps {
@@ -21,10 +30,12 @@ interface CredentialCardProps {
 export function CredentialCard({ credential, onViewBalance }: CredentialCardProps) {
   const [editingPriority, setEditingPriority] = useState(false)
   const [priorityValue, setPriorityValue] = useState(String(credential.priority))
+  const [showDeleteDialog, setShowDeleteDialog] = useState(false)
 
   const setDisabled = useSetDisabled()
   const setPriority = useSetPriority()
   const resetFailure = useResetFailure()
+  const deleteCredential = useDeleteCredential()
 
   const handleToggleDisabled = () => {
     setDisabled.mutate(
@@ -71,6 +82,18 @@ export function CredentialCard({ credential, onViewBalance }: CredentialCardProp
     })
   }
 
+  const handleDelete = () => {
+    deleteCredential.mutate(credential.id, {
+      onSuccess: (res) => {
+        toast.success(res.message)
+        setShowDeleteDialog(false)
+      },
+      onError: (err) => {
+        toast.error('删除失败: ' + (err as Error).message)
+      },
+    })
+  }
+
   const formatExpiry = (expiresAt: string | null) => {
     if (!expiresAt) return '未知'
     const date = new Date(expiresAt)
@@ -85,151 +108,191 @@ export function CredentialCard({ credential, onViewBalance }: CredentialCardProp
   }
 
   return (
-    <Card className={credential.isCurrent ? 'ring-2 ring-primary' : ''}>
-      <CardHeader className="pb-2">
-        <div className="flex items-center justify-between">
-          <CardTitle className="text-lg flex items-center gap-2">
-            凭据 #{credential.id}
-            {credential.isCurrent && (
-              <Badge variant="success">当前</Badge>
-            )}
-            {credential.disabled && (
-              <Badge variant="destructive">已禁用</Badge>
-            )}
-          </CardTitle>
-          <div className="flex items-center gap-2">
-            <span className="text-sm text-muted-foreground">启用</span>
-            <Switch
-              checked={!credential.disabled}
-              onCheckedChange={handleToggleDisabled}
-              disabled={setDisabled.isPending}
-            />
+    <>
+      <Card className={credential.isCurrent ? 'ring-2 ring-primary' : ''}>
+        <CardHeader className="pb-2">
+          <div className="flex items-center justify-between">
+            <CardTitle className="text-lg flex items-center gap-2">
+              凭据 #{credential.id}
+              {credential.isCurrent && (
+                <Badge variant="success">当前</Badge>
+              )}
+              {credential.disabled && (
+                <Badge variant="destructive">已禁用</Badge>
+              )}
+            </CardTitle>
+            <div className="flex items-center gap-2">
+              <span className="text-sm text-muted-foreground">启用</span>
+              <Switch
+                checked={!credential.disabled}
+                onCheckedChange={handleToggleDisabled}
+                disabled={setDisabled.isPending}
+              />
+            </div>
           </div>
-        </div>
-      </CardHeader>
-      <CardContent className="space-y-4">
-        {/* 信息网格 */}
-        <div className="grid grid-cols-2 gap-4 text-sm">
-          <div>
-            <span className="text-muted-foreground">优先级：</span>
-            {editingPriority ? (
-              <div className="inline-flex items-center gap-1 ml-1">
-                <Input
-                  type="number"
-                  value={priorityValue}
-                  onChange={(e) => setPriorityValue(e.target.value)}
-                  className="w-16 h-7 text-sm"
-                  min="0"
-                />
-                <Button
-                  size="sm"
-                  variant="ghost"
-                  className="h-7 w-7 p-0"
-                  onClick={handlePriorityChange}
-                  disabled={setPriority.isPending}
+        </CardHeader>
+        <CardContent className="space-y-4">
+          {/* 信息网格 */}
+          <div className="grid grid-cols-2 gap-4 text-sm">
+            <div>
+              <span className="text-muted-foreground">优先级：</span>
+              {editingPriority ? (
+                <div className="inline-flex items-center gap-1 ml-1">
+                  <Input
+                    type="number"
+                    value={priorityValue}
+                    onChange={(e) => setPriorityValue(e.target.value)}
+                    className="w-16 h-7 text-sm"
+                    min="0"
+                  />
+                  <Button
+                    size="sm"
+                    variant="ghost"
+                    className="h-7 w-7 p-0"
+                    onClick={handlePriorityChange}
+                    disabled={setPriority.isPending}
+                  >
+                    ✓
+                  </Button>
+                  <Button
+                    size="sm"
+                    variant="ghost"
+                    className="h-7 w-7 p-0"
+                    onClick={() => {
+                      setEditingPriority(false)
+                      setPriorityValue(String(credential.priority))
+                    }}
+                  >
+                    ✕
+                  </Button>
+                </div>
+              ) : (
+                <span
+                  className="font-medium cursor-pointer hover:underline ml-1"
+                  onClick={() => setEditingPriority(true)}
                 >
-                  ✓
-                </Button>
-                <Button
-                  size="sm"
-                  variant="ghost"
-                  className="h-7 w-7 p-0"
-                  onClick={() => {
-                    setEditingPriority(false)
-                    setPriorityValue(String(credential.priority))
-                  }}
-                >
-                  ✕
-                </Button>
-              </div>
-            ) : (
-              <span
-                className="font-medium cursor-pointer hover:underline ml-1"
-                onClick={() => setEditingPriority(true)}
-              >
-                {credential.priority}
-                <span className="text-xs text-muted-foreground ml-1">(点击编辑)</span>
+                  {credential.priority}
+                  <span className="text-xs text-muted-foreground ml-1">(点击编辑)</span>
+                </span>
+              )}
+            </div>
+            <div>
+              <span className="text-muted-foreground">失败次数：</span>
+              <span className={credential.failureCount > 0 ? 'text-red-500 font-medium' : ''}>
+                {credential.failureCount}
               </span>
+            </div>
+            <div>
+              <span className="text-muted-foreground">认证方式：</span>
+              <span className="font-medium">{credential.authMethod || '未知'}</span>
+            </div>
+            <div>
+              <span className="text-muted-foreground">Token 有效期：</span>
+              <span className="font-medium">{formatExpiry(credential.expiresAt)}</span>
+            </div>
+            {credential.hasProfileArn && (
+              <div className="col-span-2">
+                <Badge variant="secondary">有 Profile ARN</Badge>
+              </div>
             )}
           </div>
-          <div>
-            <span className="text-muted-foreground">失败次数：</span>
-            <span className={credential.failureCount > 0 ? 'text-red-500 font-medium' : ''}>
-              {credential.failureCount}
-            </span>
-          </div>
-          <div>
-            <span className="text-muted-foreground">认证方式：</span>
-            <span className="font-medium">{credential.authMethod || '未知'}</span>
-          </div>
-          <div>
-            <span className="text-muted-foreground">Token 有效期：</span>
-            <span className="font-medium">{formatExpiry(credential.expiresAt)}</span>
+
+          {/* 操作按钮 */}
+          <div className="flex flex-wrap gap-2 pt-2 border-t">
+            <Button
+              size="sm"
+              variant="outline"
+              onClick={handleReset}
+              disabled={resetFailure.isPending || credential.failureCount === 0}
+            >
+              <RefreshCw className="h-4 w-4 mr-1" />
+              重置失败
+            </Button>
+            <Button
+              size="sm"
+              variant="outline"
+              onClick={() => {
+                const newPriority = Math.max(0, credential.priority - 1)
+                setPriority.mutate(
+                  { id: credential.id, priority: newPriority },
+                  {
+                    onSuccess: (res) => toast.success(res.message),
+                    onError: (err) => toast.error('操作失败: ' + (err as Error).message),
+                  }
+                )
+              }}
+              disabled={setPriority.isPending || credential.priority === 0}
+            >
+              <ChevronUp className="h-4 w-4 mr-1" />
+              提高优先级
+            </Button>
+            <Button
+              size="sm"
+              variant="outline"
+              onClick={() => {
+                const newPriority = credential.priority + 1
+                setPriority.mutate(
+                  { id: credential.id, priority: newPriority },
+                  {
+                    onSuccess: (res) => toast.success(res.message),
+                    onError: (err) => toast.error('操作失败: ' + (err as Error).message),
+                  }
+                )
+              }}
+              disabled={setPriority.isPending}
+            >
+              <ChevronDown className="h-4 w-4 mr-1" />
+              降低优先级
+            </Button>
+            <Button
+              size="sm"
+              variant="default"
+              onClick={() => onViewBalance(credential.id)}
+            >
+              <Wallet className="h-4 w-4 mr-1" />
+              查看余额
+            </Button>
+            <Button
+              size="sm"
+              variant="destructive"
+              onClick={() => setShowDeleteDialog(true)}
+              disabled={!credential.disabled}
+              title={!credential.disabled ? '需要先禁用凭据才能删除' : undefined}
+            >
+              <Trash2 className="h-4 w-4 mr-1" />
+              删除
+            </Button>
           </div>
-          {credential.hasProfileArn && (
-            <div className="col-span-2">
-              <Badge variant="secondary">有 Profile ARN</Badge>
-            </div>
-          )}
-        </div>
+        </CardContent>
+      </Card>
 
-        {/* 操作按钮 */}
-        <div className="flex flex-wrap gap-2 pt-2 border-t">
-          <Button
-            size="sm"
-            variant="outline"
-            onClick={handleReset}
-            disabled={resetFailure.isPending || credential.failureCount === 0}
-          >
-            <RefreshCw className="h-4 w-4 mr-1" />
-            重置失败
-          </Button>
-          <Button
-            size="sm"
-            variant="outline"
-            onClick={() => {
-              const newPriority = Math.max(0, credential.priority - 1)
-              setPriority.mutate(
-                { id: credential.id, priority: newPriority },
-                {
-                  onSuccess: (res) => toast.success(res.message),
-                  onError: (err) => toast.error('操作失败: ' + (err as Error).message),
-                }
-              )
-            }}
-            disabled={setPriority.isPending || credential.priority === 0}
-          >
-            <ChevronUp className="h-4 w-4 mr-1" />
-            提高优先级
-          </Button>
-          <Button
-            size="sm"
-            variant="outline"
-            onClick={() => {
-              const newPriority = credential.priority + 1
-              setPriority.mutate(
-                { id: credential.id, priority: newPriority },
-                {
-                  onSuccess: (res) => toast.success(res.message),
-                  onError: (err) => toast.error('操作失败: ' + (err as Error).message),
-                }
-              )
-            }}
-            disabled={setPriority.isPending}
-          >
-            <ChevronDown className="h-4 w-4 mr-1" />
-            降低优先级
-          </Button>
-          <Button
-            size="sm"
-            variant="default"
-            onClick={() => onViewBalance(credential.id)}
-          >
-            <Wallet className="h-4 w-4 mr-1" />
-            查看余额
-          </Button>
-        </div>
-      </CardContent>
-    </Card>
+      {/* 删除确认对话框 */}
+      <Dialog open={showDeleteDialog} onOpenChange={setShowDeleteDialog}>
+        <DialogContent>
+          <DialogHeader>
+            <DialogTitle>确认删除凭据</DialogTitle>
+            <DialogDescription>
+              您确定要删除凭据 #{credential.id} 吗？此操作无法撤销。
+            </DialogDescription>
+          </DialogHeader>
+          <DialogFooter>
+            <Button
+              variant="outline"
+              onClick={() => setShowDeleteDialog(false)}
+              disabled={deleteCredential.isPending}
+            >
+              取消
+            </Button>
+            <Button
+              variant="destructive"
+              onClick={handleDelete}
+              disabled={deleteCredential.isPending}
+            >
+              确认删除
+            </Button>
+          </DialogFooter>
+        </DialogContent>
+      </Dialog>
+    </>
   )
 }

admin-ui/src/hooks/use-credentials.ts

@@ -6,6 +6,7 @@ import {
   resetCredentialFailure,
   getCredentialBalance,
   addCredential,
+  deleteCredential,
 } from '@/api/credentials'
 import type { AddCredentialRequest } from '@/types/api'
 
@@ -73,3 +74,14 @@ export function useAddCredential() {
     },
   })
 }
+
+// 删除凭据
+export function useDeleteCredential() {
+  const queryClient = useQueryClient()
+  return useMutation({
+    mutationFn: (id: number) => deleteCredential(id),
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: ['credentials'] })
+    },
+  })
+}

src/admin/handlers.rs

@@ -90,3 +90,15 @@ pub async fn add_credential(
         Err(e) => (e.status_code(), Json(e.into_response())).into_response(),
     }
 }
+
+/// DELETE /api/admin/credentials/:id
+/// 删除凭据
+pub async fn delete_credential(
+    State(state): State<AdminState>,
+    Path(id): Path<u64>,
+) -> impl IntoResponse {
+    match state.service.delete_credential(id) {
+        Ok(_) => Json(SuccessResponse::new(format!("凭据 #{} 已删除", id))).into_response(),
+        Err(e) => (e.status_code(), Json(e.into_response())).into_response(),
+    }
+}

src/admin/router.rs

@@ -2,13 +2,13 @@
 
 use axum::{
     Router, middleware,
-    routing::{get, post},
+    routing::{delete, get, post},
 };
 
 use super::{
     handlers::{
-        add_credential, get_all_credentials, get_credential_balance, reset_failure_count,
-        set_credential_disabled, set_credential_priority,
+        add_credential, delete_credential, get_all_credentials, get_credential_balance,
+        reset_failure_count, set_credential_disabled, set_credential_priority,
     },
     middleware::{AdminState, admin_auth_middleware},
 };
@@ -18,6 +18,7 @@ use super::{
 /// # 端点
 /// - `GET /credentials` - 获取所有凭据状态
 /// - `POST /credentials` - 添加新凭据
+/// - `DELETE /credentials/:id` - 删除凭据
 /// - `POST /credentials/:id/disabled` - 设置凭据禁用状态
 /// - `POST /credentials/:id/priority` - 设置凭据优先级
 /// - `POST /credentials/:id/reset` - 重置失败计数
@@ -33,6 +34,7 @@ pub fn create_admin_router(state: AdminState) -> Router {
             "/credentials",
             get(get_all_credentials).post(add_credential),
         )
+        .route("/credentials/{id}", delete(delete_credential))
         .route("/credentials/{id}/disabled", post(set_credential_disabled))
         .route("/credentials/{id}/priority", post(set_credential_priority))
         .route("/credentials/{id}/reset", post(reset_failure_count))

src/admin/service.rs

@@ -144,6 +144,13 @@ impl AdminService {
         })
     }
 
+    /// 删除凭据
+    pub fn delete_credential(&self, id: u64) -> Result<(), AdminServiceError> {
+        self.token_manager
+            .delete_credential(id)
+            .map_err(|e| self.classify_delete_error(e, id))
+    }
+
     /// 分类简单操作错误（set_disabled, set_priority, reset_and_enable）
     fn classify_error(&self, e: anyhow::Error, id: u64) -> AdminServiceError {
         let msg = e.to_string();
@@ -210,4 +217,16 @@ impl AdminService {
             AdminServiceError::InternalError(msg)
         }
     }
+
+    /// 分类删除凭据错误
+    fn classify_delete_error(&self, e: anyhow::Error, id: u64) -> AdminServiceError {
+        let msg = e.to_string();
+        if msg.contains("不存在") {
+            AdminServiceError::NotFound { id }
+        } else if msg.contains("只能删除已禁用的凭据") {
+            AdminServiceError::InvalidCredential(msg)
+        } else {
+            AdminServiceError::InternalError(msg)
+        }
+    }
 }

src/kiro/token_manager.rs

@@ -1088,6 +1088,69 @@ impl MultiTokenManager {
         tracing::info!("成功添加凭据 #{}", new_id);
         Ok(new_id)
     }
+
+    /// 删除凭据（Admin API）
+    ///
+    /// # 前置条件
+    /// - 凭据必须已禁用（disabled = true）
+    ///
+    /// # 行为
+    /// 1. 验证凭据存在
+    /// 2. 验证凭据已禁用
+    /// 3. 从 entries 移除
+    /// 4. 如果删除的是当前凭据，切换到优先级最高的可用凭据
+    /// 5. 如果删除后没有凭据，将 current_id 重置为 0
+    /// 6. 持久化到文件
+    ///
+    /// # 返回
+    /// - `Ok(())` - 删除成功
+    /// - `Err(_)` - 凭据不存在、未禁用或持久化失败
+    pub fn delete_credential(&self, id: u64) -> anyhow::Result<()> {
+        let was_current = {
+            let mut entries = self.entries.lock();
+
+            // 查找凭据
+            let entry = entries
+                .iter()
+                .find(|e| e.id == id)
+                .ok_or_else(|| anyhow::anyhow!("凭据不存在: {}", id))?;
+
+            // 检查是否已禁用
+            if !entry.disabled {
+                anyhow::bail!("只能删除已禁用的凭据（请先禁用凭据 #{}）", id);
+            }
+
+            // 记录是否是当前凭据
+            let current_id = *self.current_id.lock();
+            let was_current = current_id == id;
+
+            // 删除凭据
+            entries.retain(|e| e.id != id);
+
+            was_current
+        };
+
+        // 如果删除的是当前凭据，切换到优先级最高的可用凭据
+        if was_current {
+            self.select_highest_priority();
+        }
+
+        // 如果删除后没有任何凭据，将 current_id 重置为 0（与初始化行为保持一致）
+        {
+            let entries = self.entries.lock();
+            if entries.is_empty() {
+                let mut current_id = self.current_id.lock();
+                *current_id = 0;
+                tracing::info!("所有凭据已删除，current_id 已重置为 0");
+            }
+        }
+
+        // 持久化更改
+        self.persist_credentials()?;
+
+        tracing::info!("已删除凭据 #{}", id);
+        Ok(())
+    }
 }
 
 #[cfg(test)]