Spaces:
Build error
Build error
| package controller | |
| import ( | |
| "encoding/json" | |
| "fmt" | |
| "net/http" | |
| "net/url" | |
| "one-api/common" | |
| "one-api/dto" | |
| "one-api/logger" | |
| "one-api/model" | |
| "one-api/setting" | |
| "strconv" | |
| "strings" | |
| "sync" | |
| "one-api/constant" | |
| "github.com/gin-contrib/sessions" | |
| "github.com/gin-gonic/gin" | |
| ) | |
| type LoginRequest struct { | |
| Username string `json:"username"` | |
| Password string `json:"password"` | |
| } | |
| func Login(c *gin.Context) { | |
| if !common.PasswordLoginEnabled { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "message": "管理员关闭了密码登录", | |
| "success": false, | |
| }) | |
| return | |
| } | |
| var loginRequest LoginRequest | |
| err := json.NewDecoder(c.Request.Body).Decode(&loginRequest) | |
| if err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "message": "无效的参数", | |
| "success": false, | |
| }) | |
| return | |
| } | |
| username := loginRequest.Username | |
| password := loginRequest.Password | |
| if username == "" || password == "" { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "message": "无效的参数", | |
| "success": false, | |
| }) | |
| return | |
| } | |
| user := model.User{ | |
| Username: username, | |
| Password: password, | |
| } | |
| err = user.ValidateAndFill() | |
| if err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "message": err.Error(), | |
| "success": false, | |
| }) | |
| return | |
| } | |
| // 检查是否启用2FA | |
| if model.IsTwoFAEnabled(user.Id) { | |
| // 设置pending session,等待2FA验证 | |
| session := sessions.Default(c) | |
| session.Set("pending_username", user.Username) | |
| session.Set("pending_user_id", user.Id) | |
| err := session.Save() | |
| if err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "message": "无法保存会话信息,请重试", | |
| "success": false, | |
| }) | |
| return | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "message": "请输入两步验证码", | |
| "success": true, | |
| "data": map[string]interface{}{ | |
| "require_2fa": true, | |
| }, | |
| }) | |
| return | |
| } | |
| setupLogin(&user, c) | |
| } | |
| // setup session & cookies and then return user info | |
| func setupLogin(user *model.User, c *gin.Context) { | |
| session := sessions.Default(c) | |
| session.Set("id", user.Id) | |
| session.Set("username", user.Username) | |
| session.Set("role", user.Role) | |
| session.Set("status", user.Status) | |
| session.Set("group", user.Group) | |
| err := session.Save() | |
| if err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "message": "无法保存会话信息,请重试", | |
| "success": false, | |
| }) | |
| return | |
| } | |
| cleanUser := model.User{ | |
| Id: user.Id, | |
| Username: user.Username, | |
| DisplayName: user.DisplayName, | |
| Role: user.Role, | |
| Status: user.Status, | |
| Group: user.Group, | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "message": "", | |
| "success": true, | |
| "data": cleanUser, | |
| }) | |
| } | |
| func Logout(c *gin.Context) { | |
| session := sessions.Default(c) | |
| session.Clear() | |
| err := session.Save() | |
| if err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "message": err.Error(), | |
| "success": false, | |
| }) | |
| return | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "message": "", | |
| "success": true, | |
| }) | |
| } | |
| func Register(c *gin.Context) { | |
| if !common.RegisterEnabled { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "message": "管理员关闭了新用户注册", | |
| "success": false, | |
| }) | |
| return | |
| } | |
| if !common.PasswordRegisterEnabled { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "message": "管理员关闭了通过密码进行注册,请使用第三方账户验证的形式进行注册", | |
| "success": false, | |
| }) | |
| return | |
| } | |
| var user model.User | |
| err := json.NewDecoder(c.Request.Body).Decode(&user) | |
| if err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无效的参数", | |
| }) | |
| return | |
| } | |
| if err := common.Validate.Struct(&user); err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "输入不合法 " + err.Error(), | |
| }) | |
| return | |
| } | |
| if common.EmailVerificationEnabled { | |
| if user.Email == "" || user.VerificationCode == "" { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "管理员开启了邮箱验证,请输入邮箱地址和验证码", | |
| }) | |
| return | |
| } | |
| if !common.VerifyCodeWithKey(user.Email, user.VerificationCode, common.EmailVerificationPurpose) { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "验证码错误或已过期", | |
| }) | |
| return | |
| } | |
| } | |
| exist, err := model.CheckUserExistOrDeleted(user.Username, user.Email) | |
| if err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "数据库错误,请稍后重试", | |
| }) | |
| common.SysLog(fmt.Sprintf("CheckUserExistOrDeleted error: %v", err)) | |
| return | |
| } | |
| if exist { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "用户名已存在,或已注销", | |
| }) | |
| return | |
| } | |
| affCode := user.AffCode // this code is the inviter's code, not the user's own code | |
| inviterId, _ := model.GetUserIdByAffCode(affCode) | |
| cleanUser := model.User{ | |
| Username: user.Username, | |
| Password: user.Password, | |
| DisplayName: user.Username, | |
| InviterId: inviterId, | |
| Role: common.RoleCommonUser, // 明确设置角色为普通用户 | |
| } | |
| if common.EmailVerificationEnabled { | |
| cleanUser.Email = user.Email | |
| } | |
| if err := cleanUser.Insert(inviterId); err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| // 获取插入后的用户ID | |
| var insertedUser model.User | |
| if err := model.DB.Where("username = ?", cleanUser.Username).First(&insertedUser).Error; err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "用户注册失败或用户ID获取失败", | |
| }) | |
| return | |
| } | |
| // 生成默认令牌 | |
| if constant.GenerateDefaultToken { | |
| key, err := common.GenerateKey() | |
| if err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "生成默认令牌失败", | |
| }) | |
| common.SysLog("failed to generate token key: " + err.Error()) | |
| return | |
| } | |
| // 生成默认令牌 | |
| token := model.Token{ | |
| UserId: insertedUser.Id, // 使用插入后的用户ID | |
| Name: cleanUser.Username + "的初始令牌", | |
| Key: key, | |
| CreatedTime: common.GetTimestamp(), | |
| AccessedTime: common.GetTimestamp(), | |
| ExpiredTime: -1, // 永不过期 | |
| RemainQuota: 500000, // 示例额度 | |
| UnlimitedQuota: true, | |
| ModelLimitsEnabled: false, | |
| } | |
| if setting.DefaultUseAutoGroup { | |
| token.Group = "auto" | |
| } | |
| if err := token.Insert(); err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "创建默认令牌失败", | |
| }) | |
| return | |
| } | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "", | |
| }) | |
| return | |
| } | |
| func GetAllUsers(c *gin.Context) { | |
| pageInfo := common.GetPageQuery(c) | |
| users, total, err := model.GetAllUsers(pageInfo) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| pageInfo.SetTotal(int(total)) | |
| pageInfo.SetItems(users) | |
| common.ApiSuccess(c, pageInfo) | |
| return | |
| } | |
| func SearchUsers(c *gin.Context) { | |
| keyword := c.Query("keyword") | |
| group := c.Query("group") | |
| pageInfo := common.GetPageQuery(c) | |
| users, total, err := model.SearchUsers(keyword, group, pageInfo.GetStartIdx(), pageInfo.GetPageSize()) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| pageInfo.SetTotal(int(total)) | |
| pageInfo.SetItems(users) | |
| common.ApiSuccess(c, pageInfo) | |
| return | |
| } | |
| func GetUser(c *gin.Context) { | |
| id, err := strconv.Atoi(c.Param("id")) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| user, err := model.GetUserById(id, false) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| myRole := c.GetInt("role") | |
| if myRole <= user.Role && myRole != common.RoleRootUser { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无权获取同级或更高等级用户的信息", | |
| }) | |
| return | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "", | |
| "data": user, | |
| }) | |
| return | |
| } | |
| func GenerateAccessToken(c *gin.Context) { | |
| id := c.GetInt("id") | |
| user, err := model.GetUserById(id, true) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| // get rand int 28-32 | |
| randI := common.GetRandomInt(4) | |
| key, err := common.GenerateRandomKey(29 + randI) | |
| if err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "生成失败", | |
| }) | |
| common.SysLog("failed to generate key: " + err.Error()) | |
| return | |
| } | |
| user.SetAccessToken(key) | |
| if model.DB.Where("access_token = ?", user.AccessToken).First(user).RowsAffected != 0 { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "请重试,系统生成的 UUID 竟然重复了!", | |
| }) | |
| return | |
| } | |
| if err := user.Update(false); err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "", | |
| "data": user.AccessToken, | |
| }) | |
| return | |
| } | |
| type TransferAffQuotaRequest struct { | |
| Quota int `json:"quota" binding:"required"` | |
| } | |
| func TransferAffQuota(c *gin.Context) { | |
| id := c.GetInt("id") | |
| user, err := model.GetUserById(id, true) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| tran := TransferAffQuotaRequest{} | |
| if err := c.ShouldBindJSON(&tran); err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| err = user.TransferAffQuotaToQuota(tran.Quota) | |
| if err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "划转失败 " + err.Error(), | |
| }) | |
| return | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "划转成功", | |
| }) | |
| } | |
| func GetAffCode(c *gin.Context) { | |
| id := c.GetInt("id") | |
| user, err := model.GetUserById(id, true) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| if user.AffCode == "" { | |
| user.AffCode = common.GetRandomString(4) | |
| if err := user.Update(false); err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": err.Error(), | |
| }) | |
| return | |
| } | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "", | |
| "data": user.AffCode, | |
| }) | |
| return | |
| } | |
| func GetSelf(c *gin.Context) { | |
| id := c.GetInt("id") | |
| userRole := c.GetInt("role") | |
| user, err := model.GetUserById(id, false) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| // Hide admin remarks: set to empty to trigger omitempty tag, ensuring the remark field is not included in JSON returned to regular users | |
| user.Remark = "" | |
| // 计算用户权限信息 | |
| permissions := calculateUserPermissions(userRole) | |
| // 获取用户设置并提取sidebar_modules | |
| userSetting := user.GetSetting() | |
| // 构建响应数据,包含用户信息和权限 | |
| responseData := map[string]interface{}{ | |
| "id": user.Id, | |
| "username": user.Username, | |
| "display_name": user.DisplayName, | |
| "role": user.Role, | |
| "status": user.Status, | |
| "email": user.Email, | |
| "github_id": user.GitHubId, | |
| "oidc_id": user.OidcId, | |
| "wechat_id": user.WeChatId, | |
| "telegram_id": user.TelegramId, | |
| "group": user.Group, | |
| "quota": user.Quota, | |
| "used_quota": user.UsedQuota, | |
| "request_count": user.RequestCount, | |
| "aff_code": user.AffCode, | |
| "aff_count": user.AffCount, | |
| "aff_quota": user.AffQuota, | |
| "aff_history_quota": user.AffHistoryQuota, | |
| "inviter_id": user.InviterId, | |
| "linux_do_id": user.LinuxDOId, | |
| "setting": user.Setting, | |
| "stripe_customer": user.StripeCustomer, | |
| "sidebar_modules": userSetting.SidebarModules, // 正确提取sidebar_modules字段 | |
| "permissions": permissions, // 新增权限字段 | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "", | |
| "data": responseData, | |
| }) | |
| return | |
| } | |
| // 计算用户权限的辅助函数 | |
| func calculateUserPermissions(userRole int) map[string]interface{} { | |
| permissions := map[string]interface{}{} | |
| // 根据用户角色计算权限 | |
| if userRole == common.RoleRootUser { | |
| // 超级管理员不需要边栏设置功能 | |
| permissions["sidebar_settings"] = false | |
| permissions["sidebar_modules"] = map[string]interface{}{} | |
| } else if userRole == common.RoleAdminUser { | |
| // 管理员可以设置边栏,但不包含系统设置功能 | |
| permissions["sidebar_settings"] = true | |
| permissions["sidebar_modules"] = map[string]interface{}{ | |
| "admin": map[string]interface{}{ | |
| "setting": false, // 管理员不能访问系统设置 | |
| }, | |
| } | |
| } else { | |
| // 普通用户只能设置个人功能,不包含管理员区域 | |
| permissions["sidebar_settings"] = true | |
| permissions["sidebar_modules"] = map[string]interface{}{ | |
| "admin": false, // 普通用户不能访问管理员区域 | |
| } | |
| } | |
| return permissions | |
| } | |
| // 根据用户角色生成默认的边栏配置 | |
| func generateDefaultSidebarConfig(userRole int) string { | |
| defaultConfig := map[string]interface{}{} | |
| // 聊天区域 - 所有用户都可以访问 | |
| defaultConfig["chat"] = map[string]interface{}{ | |
| "enabled": true, | |
| "playground": true, | |
| "chat": true, | |
| } | |
| // 控制台区域 - 所有用户都可以访问 | |
| defaultConfig["console"] = map[string]interface{}{ | |
| "enabled": true, | |
| "detail": true, | |
| "token": true, | |
| "log": true, | |
| "midjourney": true, | |
| "task": true, | |
| } | |
| // 个人中心区域 - 所有用户都可以访问 | |
| defaultConfig["personal"] = map[string]interface{}{ | |
| "enabled": true, | |
| "topup": true, | |
| "personal": true, | |
| } | |
| // 管理员区域 - 根据角色决定 | |
| if userRole == common.RoleAdminUser { | |
| // 管理员可以访问管理员区域,但不能访问系统设置 | |
| defaultConfig["admin"] = map[string]interface{}{ | |
| "enabled": true, | |
| "channel": true, | |
| "models": true, | |
| "redemption": true, | |
| "user": true, | |
| "setting": false, // 管理员不能访问系统设置 | |
| } | |
| } else if userRole == common.RoleRootUser { | |
| // 超级管理员可以访问所有功能 | |
| defaultConfig["admin"] = map[string]interface{}{ | |
| "enabled": true, | |
| "channel": true, | |
| "models": true, | |
| "redemption": true, | |
| "user": true, | |
| "setting": true, | |
| } | |
| } | |
| // 普通用户不包含admin区域 | |
| // 转换为JSON字符串 | |
| configBytes, err := json.Marshal(defaultConfig) | |
| if err != nil { | |
| common.SysLog("生成默认边栏配置失败: " + err.Error()) | |
| return "" | |
| } | |
| return string(configBytes) | |
| } | |
| func GetUserModels(c *gin.Context) { | |
| id, err := strconv.Atoi(c.Param("id")) | |
| if err != nil { | |
| id = c.GetInt("id") | |
| } | |
| user, err := model.GetUserCache(id) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| groups := setting.GetUserUsableGroups(user.Group) | |
| var models []string | |
| for group := range groups { | |
| for _, g := range model.GetGroupEnabledModels(group) { | |
| if !common.StringsContains(models, g) { | |
| models = append(models, g) | |
| } | |
| } | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "", | |
| "data": models, | |
| }) | |
| return | |
| } | |
| func UpdateUser(c *gin.Context) { | |
| var updatedUser model.User | |
| err := json.NewDecoder(c.Request.Body).Decode(&updatedUser) | |
| if err != nil || updatedUser.Id == 0 { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无效的参数", | |
| }) | |
| return | |
| } | |
| if updatedUser.Password == "" { | |
| updatedUser.Password = "$I_LOVE_U" // make Validator happy :) | |
| } | |
| if err := common.Validate.Struct(&updatedUser); err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "输入不合法 " + err.Error(), | |
| }) | |
| return | |
| } | |
| originUser, err := model.GetUserById(updatedUser.Id, false) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| myRole := c.GetInt("role") | |
| if myRole <= originUser.Role && myRole != common.RoleRootUser { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无权更新同权限等级或更高权限等级的用户信息", | |
| }) | |
| return | |
| } | |
| if myRole <= updatedUser.Role && myRole != common.RoleRootUser { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无权将其他用户权限等级提升到大于等于自己的权限等级", | |
| }) | |
| return | |
| } | |
| if updatedUser.Password == "$I_LOVE_U" { | |
| updatedUser.Password = "" // rollback to what it should be | |
| } | |
| updatePassword := updatedUser.Password != "" | |
| if err := updatedUser.Edit(updatePassword); err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| if originUser.Quota != updatedUser.Quota { | |
| model.RecordLog(originUser.Id, model.LogTypeManage, fmt.Sprintf("管理员将用户额度从 %s修改为 %s", logger.LogQuota(originUser.Quota), logger.LogQuota(updatedUser.Quota))) | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "", | |
| }) | |
| return | |
| } | |
| func UpdateSelf(c *gin.Context) { | |
| var requestData map[string]interface{} | |
| err := json.NewDecoder(c.Request.Body).Decode(&requestData) | |
| if err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无效的参数", | |
| }) | |
| return | |
| } | |
| // 检查是否是sidebar_modules更新请求 | |
| if sidebarModules, exists := requestData["sidebar_modules"]; exists { | |
| userId := c.GetInt("id") | |
| user, err := model.GetUserById(userId, false) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| // 获取当前用户设置 | |
| currentSetting := user.GetSetting() | |
| // 更新sidebar_modules字段 | |
| if sidebarModulesStr, ok := sidebarModules.(string); ok { | |
| currentSetting.SidebarModules = sidebarModulesStr | |
| } | |
| // 保存更新后的设置 | |
| user.SetSetting(currentSetting) | |
| if err := user.Update(false); err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "更新设置失败: " + err.Error(), | |
| }) | |
| return | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "设置更新成功", | |
| }) | |
| return | |
| } | |
| // 原有的用户信息更新逻辑 | |
| var user model.User | |
| requestDataBytes, err := json.Marshal(requestData) | |
| if err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无效的参数", | |
| }) | |
| return | |
| } | |
| err = json.Unmarshal(requestDataBytes, &user) | |
| if err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无效的参数", | |
| }) | |
| return | |
| } | |
| if user.Password == "" { | |
| user.Password = "$I_LOVE_U" // make Validator happy :) | |
| } | |
| if err := common.Validate.Struct(&user); err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "输入不合法 " + err.Error(), | |
| }) | |
| return | |
| } | |
| cleanUser := model.User{ | |
| Id: c.GetInt("id"), | |
| Username: user.Username, | |
| Password: user.Password, | |
| DisplayName: user.DisplayName, | |
| } | |
| if user.Password == "$I_LOVE_U" { | |
| user.Password = "" // rollback to what it should be | |
| cleanUser.Password = "" | |
| } | |
| updatePassword, err := checkUpdatePassword(user.OriginalPassword, user.Password, cleanUser.Id) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| if err := cleanUser.Update(updatePassword); err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "", | |
| }) | |
| return | |
| } | |
| func checkUpdatePassword(originalPassword string, newPassword string, userId int) (updatePassword bool, err error) { | |
| var currentUser *model.User | |
| currentUser, err = model.GetUserById(userId, true) | |
| if err != nil { | |
| return | |
| } | |
| if !common.ValidatePasswordAndHash(originalPassword, currentUser.Password) { | |
| err = fmt.Errorf("原密码错误") | |
| return | |
| } | |
| if newPassword == "" { | |
| return | |
| } | |
| updatePassword = true | |
| return | |
| } | |
| func DeleteUser(c *gin.Context) { | |
| id, err := strconv.Atoi(c.Param("id")) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| originUser, err := model.GetUserById(id, false) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| myRole := c.GetInt("role") | |
| if myRole <= originUser.Role { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无权删除同权限等级或更高权限等级的用户", | |
| }) | |
| return | |
| } | |
| err = model.HardDeleteUserById(id) | |
| if err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "", | |
| }) | |
| return | |
| } | |
| } | |
| func DeleteSelf(c *gin.Context) { | |
| id := c.GetInt("id") | |
| user, _ := model.GetUserById(id, false) | |
| if user.Role == common.RoleRootUser { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "不能删除超级管理员账户", | |
| }) | |
| return | |
| } | |
| err := model.DeleteUserById(id) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "", | |
| }) | |
| return | |
| } | |
| func CreateUser(c *gin.Context) { | |
| var user model.User | |
| err := json.NewDecoder(c.Request.Body).Decode(&user) | |
| user.Username = strings.TrimSpace(user.Username) | |
| if err != nil || user.Username == "" || user.Password == "" { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无效的参数", | |
| }) | |
| return | |
| } | |
| if err := common.Validate.Struct(&user); err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "输入不合法 " + err.Error(), | |
| }) | |
| return | |
| } | |
| if user.DisplayName == "" { | |
| user.DisplayName = user.Username | |
| } | |
| myRole := c.GetInt("role") | |
| if user.Role >= myRole { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无法创建权限大于等于自己的用户", | |
| }) | |
| return | |
| } | |
| // Even for admin users, we cannot fully trust them! | |
| cleanUser := model.User{ | |
| Username: user.Username, | |
| Password: user.Password, | |
| DisplayName: user.DisplayName, | |
| Role: user.Role, // 保持管理员设置的角色 | |
| } | |
| if err := cleanUser.Insert(0); err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "", | |
| }) | |
| return | |
| } | |
| type ManageRequest struct { | |
| Id int `json:"id"` | |
| Action string `json:"action"` | |
| } | |
| // ManageUser Only admin user can do this | |
| func ManageUser(c *gin.Context) { | |
| var req ManageRequest | |
| err := json.NewDecoder(c.Request.Body).Decode(&req) | |
| if err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无效的参数", | |
| }) | |
| return | |
| } | |
| user := model.User{ | |
| Id: req.Id, | |
| } | |
| // Fill attributes | |
| model.DB.Unscoped().Where(&user).First(&user) | |
| if user.Id == 0 { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "用户不存在", | |
| }) | |
| return | |
| } | |
| myRole := c.GetInt("role") | |
| if myRole <= user.Role && myRole != common.RoleRootUser { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无权更新同权限等级或更高权限等级的用户信息", | |
| }) | |
| return | |
| } | |
| switch req.Action { | |
| case "disable": | |
| user.Status = common.UserStatusDisabled | |
| if user.Role == common.RoleRootUser { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无法禁用超级管理员用户", | |
| }) | |
| return | |
| } | |
| case "enable": | |
| user.Status = common.UserStatusEnabled | |
| case "delete": | |
| if user.Role == common.RoleRootUser { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无法删除超级管理员用户", | |
| }) | |
| return | |
| } | |
| if err := user.Delete(); err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": err.Error(), | |
| }) | |
| return | |
| } | |
| case "promote": | |
| if myRole != common.RoleRootUser { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "普通管理员用户无法提升其他用户为管理员", | |
| }) | |
| return | |
| } | |
| if user.Role >= common.RoleAdminUser { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "该用户已经是管理员", | |
| }) | |
| return | |
| } | |
| user.Role = common.RoleAdminUser | |
| case "demote": | |
| if user.Role == common.RoleRootUser { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无法降级超级管理员用户", | |
| }) | |
| return | |
| } | |
| if user.Role == common.RoleCommonUser { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "该用户已经是普通用户", | |
| }) | |
| return | |
| } | |
| user.Role = common.RoleCommonUser | |
| } | |
| if err := user.Update(false); err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| clearUser := model.User{ | |
| Role: user.Role, | |
| Status: user.Status, | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "", | |
| "data": clearUser, | |
| }) | |
| return | |
| } | |
| func EmailBind(c *gin.Context) { | |
| email := c.Query("email") | |
| code := c.Query("code") | |
| if !common.VerifyCodeWithKey(email, code, common.EmailVerificationPurpose) { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "验证码错误或已过期", | |
| }) | |
| return | |
| } | |
| session := sessions.Default(c) | |
| id := session.Get("id") | |
| user := model.User{ | |
| Id: id.(int), | |
| } | |
| err := user.FillUserById() | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| user.Email = email | |
| // no need to check if this email already taken, because we have used verification code to check it | |
| err = user.Update(false) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "", | |
| }) | |
| return | |
| } | |
| type topUpRequest struct { | |
| Key string `json:"key"` | |
| } | |
| var topUpLocks sync.Map | |
| var topUpCreateLock sync.Mutex | |
| type topUpTryLock struct { | |
| ch chan struct{} | |
| } | |
| func newTopUpTryLock() *topUpTryLock { | |
| return &topUpTryLock{ch: make(chan struct{}, 1)} | |
| } | |
| func (l *topUpTryLock) TryLock() bool { | |
| select { | |
| case l.ch <- struct{}{}: | |
| return true | |
| default: | |
| return false | |
| } | |
| } | |
| func (l *topUpTryLock) Unlock() { | |
| select { | |
| case <-l.ch: | |
| default: | |
| } | |
| } | |
| func getTopUpLock(userID int) *topUpTryLock { | |
| if v, ok := topUpLocks.Load(userID); ok { | |
| return v.(*topUpTryLock) | |
| } | |
| topUpCreateLock.Lock() | |
| defer topUpCreateLock.Unlock() | |
| if v, ok := topUpLocks.Load(userID); ok { | |
| return v.(*topUpTryLock) | |
| } | |
| l := newTopUpTryLock() | |
| topUpLocks.Store(userID, l) | |
| return l | |
| } | |
| func TopUp(c *gin.Context) { | |
| id := c.GetInt("id") | |
| lock := getTopUpLock(id) | |
| if !lock.TryLock() { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "充值处理中,请稍后重试", | |
| }) | |
| return | |
| } | |
| defer lock.Unlock() | |
| req := topUpRequest{} | |
| err := c.ShouldBindJSON(&req) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| quota, err := model.Redeem(req.Key, id) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "", | |
| "data": quota, | |
| }) | |
| } | |
| type UpdateUserSettingRequest struct { | |
| QuotaWarningType string `json:"notify_type"` | |
| QuotaWarningThreshold float64 `json:"quota_warning_threshold"` | |
| WebhookUrl string `json:"webhook_url,omitempty"` | |
| WebhookSecret string `json:"webhook_secret,omitempty"` | |
| NotificationEmail string `json:"notification_email,omitempty"` | |
| BarkUrl string `json:"bark_url,omitempty"` | |
| AcceptUnsetModelRatioModel bool `json:"accept_unset_model_ratio_model"` | |
| RecordIpLog bool `json:"record_ip_log"` | |
| } | |
| func UpdateUserSetting(c *gin.Context) { | |
| var req UpdateUserSettingRequest | |
| if err := c.ShouldBindJSON(&req); err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无效的参数", | |
| }) | |
| return | |
| } | |
| // 验证预警类型 | |
| if req.QuotaWarningType != dto.NotifyTypeEmail && req.QuotaWarningType != dto.NotifyTypeWebhook && req.QuotaWarningType != dto.NotifyTypeBark { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无效的预警类型", | |
| }) | |
| return | |
| } | |
| // 验证预警阈值 | |
| if req.QuotaWarningThreshold <= 0 { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "预警阈值必须大于0", | |
| }) | |
| return | |
| } | |
| // 如果是webhook类型,验证webhook地址 | |
| if req.QuotaWarningType == dto.NotifyTypeWebhook { | |
| if req.WebhookUrl == "" { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "Webhook地址不能为空", | |
| }) | |
| return | |
| } | |
| // 验证URL格式 | |
| if _, err := url.ParseRequestURI(req.WebhookUrl); err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无效的Webhook地址", | |
| }) | |
| return | |
| } | |
| } | |
| // 如果是邮件类型,验证邮箱地址 | |
| if req.QuotaWarningType == dto.NotifyTypeEmail && req.NotificationEmail != "" { | |
| // 验证邮箱格式 | |
| if !strings.Contains(req.NotificationEmail, "@") { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无效的邮箱地址", | |
| }) | |
| return | |
| } | |
| } | |
| // 如果是Bark类型,验证Bark URL | |
| if req.QuotaWarningType == dto.NotifyTypeBark { | |
| if req.BarkUrl == "" { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "Bark推送URL不能为空", | |
| }) | |
| return | |
| } | |
| // 验证URL格式 | |
| if _, err := url.ParseRequestURI(req.BarkUrl); err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "无效的Bark推送URL", | |
| }) | |
| return | |
| } | |
| // 检查是否是HTTP或HTTPS | |
| if !strings.HasPrefix(req.BarkUrl, "https://") && !strings.HasPrefix(req.BarkUrl, "http://") { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "Bark推送URL必须以http://或https://开头", | |
| }) | |
| return | |
| } | |
| } | |
| userId := c.GetInt("id") | |
| user, err := model.GetUserById(userId, true) | |
| if err != nil { | |
| common.ApiError(c, err) | |
| return | |
| } | |
| // 构建设置 | |
| settings := dto.UserSetting{ | |
| NotifyType: req.QuotaWarningType, | |
| QuotaWarningThreshold: req.QuotaWarningThreshold, | |
| AcceptUnsetRatioModel: req.AcceptUnsetModelRatioModel, | |
| RecordIpLog: req.RecordIpLog, | |
| } | |
| // 如果是webhook类型,添加webhook相关设置 | |
| if req.QuotaWarningType == dto.NotifyTypeWebhook { | |
| settings.WebhookUrl = req.WebhookUrl | |
| if req.WebhookSecret != "" { | |
| settings.WebhookSecret = req.WebhookSecret | |
| } | |
| } | |
| // 如果提供了通知邮箱,添加到设置中 | |
| if req.QuotaWarningType == dto.NotifyTypeEmail && req.NotificationEmail != "" { | |
| settings.NotificationEmail = req.NotificationEmail | |
| } | |
| // 如果是Bark类型,添加Bark URL到设置中 | |
| if req.QuotaWarningType == dto.NotifyTypeBark { | |
| settings.BarkUrl = req.BarkUrl | |
| } | |
| // 更新用户设置 | |
| user.SetSetting(settings) | |
| if err := user.Update(false); err != nil { | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": false, | |
| "message": "更新设置失败: " + err.Error(), | |
| }) | |
| return | |
| } | |
| c.JSON(http.StatusOK, gin.H{ | |
| "success": true, | |
| "message": "设置已更新", | |
| }) | |
| } | |