File size: 10,381 Bytes
69b897d |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 |
const express = require('express')
const bcrypt = require('bcryptjs')
const crypto = require('crypto')
const path = require('path')
const fs = require('fs')
const redis = require('../models/redis')
const logger = require('../utils/logger')
const config = require('../../config/config')
const router = express.Router()
// 🏠 服务静态文件
router.use('/assets', express.static(path.join(__dirname, '../../web/assets')))
// 🌐 页面路由重定向到新版 admin-spa
router.get('/', (req, res) => {
res.redirect(301, '/admin-next/api-stats')
})
// 🔐 管理员登录
router.post('/auth/login', async (req, res) => {
try {
const { username, password } = req.body
if (!username || !password) {
return res.status(400).json({
error: 'Missing credentials',
message: 'Username and password are required'
})
}
// 从Redis获取管理员信息
let adminData = await redis.getSession('admin_credentials')
// 如果Redis中没有管理员凭据,尝试从init.json重新加载
if (!adminData || Object.keys(adminData).length === 0) {
const initFilePath = path.join(__dirname, '../../data/init.json')
if (fs.existsSync(initFilePath)) {
try {
const initData = JSON.parse(fs.readFileSync(initFilePath, 'utf8'))
const saltRounds = 10
const passwordHash = await bcrypt.hash(initData.adminPassword, saltRounds)
adminData = {
username: initData.adminUsername,
passwordHash,
createdAt: initData.initializedAt || new Date().toISOString(),
lastLogin: null,
updatedAt: initData.updatedAt || null
}
// 重新存储到Redis,不设置过期时间
await redis.getClient().hset('session:admin_credentials', adminData)
logger.info('✅ Admin credentials reloaded from init.json')
} catch (error) {
logger.error('❌ Failed to reload admin credentials:', error)
return res.status(401).json({
error: 'Invalid credentials',
message: 'Invalid username or password'
})
}
} else {
return res.status(401).json({
error: 'Invalid credentials',
message: 'Invalid username or password'
})
}
}
// 验证用户名和密码
const isValidUsername = adminData.username === username
const isValidPassword = await bcrypt.compare(password, adminData.passwordHash)
if (!isValidUsername || !isValidPassword) {
logger.security(`🔒 Failed login attempt for username: ${username}`)
return res.status(401).json({
error: 'Invalid credentials',
message: 'Invalid username or password'
})
}
// 生成会话token
const sessionId = crypto.randomBytes(32).toString('hex')
// 存储会话
const sessionData = {
username: adminData.username,
loginTime: new Date().toISOString(),
lastActivity: new Date().toISOString()
}
await redis.setSession(sessionId, sessionData, config.security.adminSessionTimeout)
// 不再更新 Redis 中的最后登录时间,因为 Redis 只是缓存
// init.json 是唯一真实数据源
logger.success(`🔐 Admin login successful: ${username}`)
return res.json({
success: true,
token: sessionId,
expiresIn: config.security.adminSessionTimeout,
username: adminData.username // 返回真实用户名
})
} catch (error) {
logger.error('❌ Login error:', error)
return res.status(500).json({
error: 'Login failed',
message: 'Internal server error'
})
}
})
// 🚪 管理员登出
router.post('/auth/logout', async (req, res) => {
try {
const token = req.headers['authorization']?.replace('Bearer ', '') || req.cookies?.adminToken
if (token) {
await redis.deleteSession(token)
logger.success('🚪 Admin logout successful')
}
return res.json({ success: true, message: 'Logout successful' })
} catch (error) {
logger.error('❌ Logout error:', error)
return res.status(500).json({
error: 'Logout failed',
message: 'Internal server error'
})
}
})
// 🔑 修改账户信息
router.post('/auth/change-password', async (req, res) => {
try {
const token = req.headers['authorization']?.replace('Bearer ', '') || req.cookies?.adminToken
if (!token) {
return res.status(401).json({
error: 'No token provided',
message: 'Authentication required'
})
}
const { newUsername, currentPassword, newPassword } = req.body
if (!currentPassword || !newPassword) {
return res.status(400).json({
error: 'Missing required fields',
message: 'Current password and new password are required'
})
}
// 验证新密码长度
if (newPassword.length < 8) {
return res.status(400).json({
error: 'Password too short',
message: 'New password must be at least 8 characters long'
})
}
// 获取当前会话
const sessionData = await redis.getSession(token)
if (!sessionData) {
return res.status(401).json({
error: 'Invalid token',
message: 'Session expired or invalid'
})
}
// 获取当前管理员信息
const adminData = await redis.getSession('admin_credentials')
if (!adminData) {
return res.status(500).json({
error: 'Admin data not found',
message: 'Administrator credentials not found'
})
}
// 验证当前密码
const isValidPassword = await bcrypt.compare(currentPassword, adminData.passwordHash)
if (!isValidPassword) {
logger.security(`🔒 Invalid current password attempt for user: ${sessionData.username}`)
return res.status(401).json({
error: 'Invalid current password',
message: 'Current password is incorrect'
})
}
// 准备更新的数据
const updatedUsername =
newUsername && newUsername.trim() ? newUsername.trim() : adminData.username
// 先更新 init.json(唯一真实数据源)
const initFilePath = path.join(__dirname, '../../data/init.json')
if (!fs.existsSync(initFilePath)) {
return res.status(500).json({
error: 'Configuration file not found',
message: 'init.json file is missing'
})
}
try {
const initData = JSON.parse(fs.readFileSync(initFilePath, 'utf8'))
// const oldData = { ...initData }; // 备份旧数据
// 更新 init.json
initData.adminUsername = updatedUsername
initData.adminPassword = newPassword // 保存明文密码到init.json
initData.updatedAt = new Date().toISOString()
// 先写入文件(如果失败则不会影响 Redis)
fs.writeFileSync(initFilePath, JSON.stringify(initData, null, 2))
// 文件写入成功后,更新 Redis 缓存
const saltRounds = 10
const newPasswordHash = await bcrypt.hash(newPassword, saltRounds)
const updatedAdminData = {
username: updatedUsername,
passwordHash: newPasswordHash,
createdAt: adminData.createdAt,
lastLogin: adminData.lastLogin,
updatedAt: new Date().toISOString()
}
await redis.setSession('admin_credentials', updatedAdminData)
} catch (fileError) {
logger.error('❌ Failed to update init.json:', fileError)
return res.status(500).json({
error: 'Update failed',
message: 'Failed to update configuration file'
})
}
// 清除当前会话(强制用户重新登录)
await redis.deleteSession(token)
logger.success(`🔐 Admin password changed successfully for user: ${updatedUsername}`)
return res.json({
success: true,
message: 'Password changed successfully. Please login again.',
newUsername: updatedUsername
})
} catch (error) {
logger.error('❌ Change password error:', error)
return res.status(500).json({
error: 'Change password failed',
message: 'Internal server error'
})
}
})
// 👤 获取当前用户信息
router.get('/auth/user', async (req, res) => {
try {
const token = req.headers['authorization']?.replace('Bearer ', '') || req.cookies?.adminToken
if (!token) {
return res.status(401).json({
error: 'No token provided',
message: 'Authentication required'
})
}
// 获取当前会话
const sessionData = await redis.getSession(token)
if (!sessionData) {
return res.status(401).json({
error: 'Invalid token',
message: 'Session expired or invalid'
})
}
// 获取管理员信息
const adminData = await redis.getSession('admin_credentials')
if (!adminData) {
return res.status(500).json({
error: 'Admin data not found',
message: 'Administrator credentials not found'
})
}
return res.json({
success: true,
user: {
username: adminData.username,
loginTime: sessionData.loginTime,
lastActivity: sessionData.lastActivity
}
})
} catch (error) {
logger.error('❌ Get user info error:', error)
return res.status(500).json({
error: 'Get user info failed',
message: 'Internal server error'
})
}
})
// 🔄 刷新token
router.post('/auth/refresh', async (req, res) => {
try {
const token = req.headers['authorization']?.replace('Bearer ', '') || req.cookies?.adminToken
if (!token) {
return res.status(401).json({
error: 'No token provided',
message: 'Authentication required'
})
}
const sessionData = await redis.getSession(token)
if (!sessionData) {
return res.status(401).json({
error: 'Invalid token',
message: 'Session expired or invalid'
})
}
// 更新最后活动时间
sessionData.lastActivity = new Date().toISOString()
await redis.setSession(token, sessionData, config.security.adminSessionTimeout)
return res.json({
success: true,
token,
expiresIn: config.security.adminSessionTimeout
})
} catch (error) {
logger.error('❌ Token refresh error:', error)
return res.status(500).json({
error: 'Token refresh failed',
message: 'Internal server error'
})
}
})
module.exports = router
|