li / api /system.py
xiaolongmr
Add configurable branding and login sessions
519f85d
Raw
History Blame Contribute Delete
14.4 kB
from __future__ import annotations
from urllib.parse import quote
import httpx
from fastapi import APIRouter, Header, HTTPException, Request
from fastapi.concurrency import run_in_threadpool
from fastapi.responses import Response, StreamingResponse
from pydantic import BaseModel, ConfigDict
from api.support import require_admin, require_identity, resolve_image_base_url
from services.backup_service import BackupError, backup_service
from services.config import config
from services.auth_service import auth_service
from services.image_service import delete_images, download_images_zip, get_image_download_response, get_image_response, get_thumbnail_response, list_images
from services.image_storage_service import ImageStorageError, image_storage_service
from services.image_tags_service import delete_tag, get_all_tags, set_tags
from services.log_service import log_service
from services.proxy_service import test_proxy
class SettingsUpdateRequest(BaseModel):
model_config = ConfigDict(extra="allow")
class WechatLoginRequest(BaseModel):
code: str = ""
class ProxyTestRequest(BaseModel):
url: str = ""
class ImageDeleteRequest(BaseModel):
paths: list[str] = []
start_date: str = ""
end_date: str = ""
all_matching: bool = False
class ImageDownloadRequest(BaseModel):
paths: list[str]
class ImageTagsRequest(BaseModel):
path: str
tags: list[str]
class LogDeleteRequest(BaseModel):
ids: list[str] = []
class BackupDeleteRequest(BaseModel):
key: str = ""
def create_router(app_version: str) -> APIRouter:
router = APIRouter()
@router.post("/auth/login")
async def login(authorization: str | None = Header(default=None)):
identity = require_identity(authorization)
return {
"ok": True,
"version": app_version,
"role": identity.get("role"),
"subject_id": identity.get("id"),
"name": identity.get("name"),
"account_pool_enabled": bool(identity.get("role") == "admin" or identity.get("account_pool_enabled")),
"login_session_duration_hours": config.login_session_duration_hours_for_role(identity.get("role")),
}
@router.get("/api/auth/wechat/status")
async def wechat_login_status():
return {
"enabled": config.wechat_login_enabled,
"auto_register_enabled": config.wechat_auto_register_enabled,
"login_session_duration_hours": config.normal_user_login_session_duration_hours,
}
@router.get("/api/branding")
async def get_branding():
return {"branding": config.get_branding()}
@router.post("/api/auth/wechat/login")
async def wechat_login(body: WechatLoginRequest):
if not config.wechat_login_enabled:
raise HTTPException(status_code=403, detail={"error": "微信验证码登录已关闭,请使用登录密钥。"})
code = str(body.code or "").strip()
if not code:
raise HTTPException(status_code=400, detail={"error": "请输入微信验证码"})
try:
async with httpx.AsyncClient(timeout=15.0) as client:
response = await client.post("https://wx.z-l.top/api/auth/verify", json={"code": code})
except httpx.HTTPError as exc:
raise HTTPException(status_code=502, detail={"error": "微信登录服务暂时不可用,请稍后再试"}) from exc
try:
payload = response.json()
except ValueError as exc:
raise HTTPException(status_code=502, detail={"error": "微信登录服务返回异常"}) from exc
if not response.is_success or not payload.get("success"):
message = str(payload.get("message") or "微信验证码无效或已过期")
raise HTTPException(status_code=401, detail={"error": message})
user = payload.get("user") if isinstance(payload.get("user"), dict) else {}
openid = str(user.get("openid") or "").strip()
if not openid:
raise HTTPException(status_code=502, detail={"error": "微信登录服务未返回 openid"})
try:
item, raw_key, created = auth_service.get_or_create_wechat_normal_user(
openid=openid,
nickname=str(user.get("nickname") or "").strip(),
avatar=str(user.get("avatar") or "").strip(),
allow_create=config.wechat_auto_register_enabled,
)
except ValueError as exc:
raise HTTPException(status_code=403, detail={"error": str(exc)}) from exc
except Exception as exc:
print(f"[wechat-login] failed to save user: {exc}")
raise HTTPException(status_code=503, detail={"error": f"微信登录已验证,但保存用户失败:{exc}"}) from exc
return {
"ok": True,
"version": app_version,
"role": "normal",
"subject_id": item.get("id"),
"name": item.get("name"),
"account_pool_enabled": bool(item.get("account_pool_enabled")),
"key": raw_key,
"created": created,
"login_session_duration_hours": config.normal_user_login_session_duration_hours,
"credits": auth_service.credit_summary(item),
"wechat": {
"openid": openid,
"nickname": item.get("wechat_nickname") or user.get("nickname") or "",
"avatar": item.get("wechat_avatar") or user.get("avatar") or "",
},
}
@router.get("/version")
async def get_version():
return {"version": app_version}
@router.get("/api/settings")
async def get_settings(authorization: str | None = Header(default=None)):
require_admin(authorization)
return {"config": config.get()}
@router.get("/api/announcements")
async def get_announcements(authorization: str | None = Header(default=None)):
identity = require_identity(authorization)
return {"items": config.get_announcements(role=str(identity.get("role") or ""))}
@router.post("/api/settings")
async def save_settings(body: SettingsUpdateRequest, authorization: str | None = Header(default=None)):
require_admin(authorization)
try:
return {"config": config.update(body.model_dump(mode="python"))}
except ValueError as exc:
raise HTTPException(status_code=400, detail={"error": str(exc)}) from exc
@router.get("/api/images")
async def get_images(request: Request, start_date: str = "", end_date: str = "", authorization: str | None = Header(default=None)):
require_admin(authorization)
return list_images(resolve_image_base_url(request), start_date=start_date.strip(), end_date=end_date.strip())
@router.get("/images/{image_path:path}", include_in_schema=False)
async def get_image(image_path: str):
return get_image_response(image_path)
@router.get("/image-thumbnails/{image_path:path}", include_in_schema=False)
async def get_image_thumbnail(image_path: str):
return get_thumbnail_response(image_path)
@router.post("/api/images/delete")
async def delete_images_endpoint(body: ImageDeleteRequest, authorization: str | None = Header(default=None)):
require_admin(authorization)
return delete_images(body.paths, start_date=body.start_date.strip(), end_date=body.end_date.strip(), all_matching=body.all_matching)
@router.post("/api/images/download")
async def download_images_endpoint(body: ImageDownloadRequest, authorization: str | None = Header(default=None)):
require_admin(authorization)
buf = download_images_zip(body.paths)
return StreamingResponse(
buf,
media_type="application/zip",
headers={"Content-Disposition": 'attachment; filename="images.zip"'},
)
@router.get("/api/images/download/{image_path:path}")
async def download_single_image_endpoint(image_path: str, authorization: str | None = Header(default=None)):
require_admin(authorization)
return get_image_download_response(image_path)
@router.get("/api/logs")
async def get_logs(type: str = "", start_date: str = "", end_date: str = "", authorization: str | None = Header(default=None)):
require_admin(authorization)
return {"items": log_service.list(type=type.strip(), start_date=start_date.strip(), end_date=end_date.strip())}
@router.post("/api/logs/delete")
async def delete_logs(body: LogDeleteRequest, authorization: str | None = Header(default=None)):
require_admin(authorization)
return log_service.delete(body.ids)
@router.post("/api/proxy/test")
async def test_proxy_endpoint(body: ProxyTestRequest, authorization: str | None = Header(default=None)):
require_admin(authorization)
candidate = (body.url or "").strip() or config.get_proxy_settings()
if not candidate:
raise HTTPException(status_code=400, detail={"error": "proxy url is required"})
return {"result": await run_in_threadpool(test_proxy, candidate)}
@router.get("/api/storage/info")
async def get_storage_info(authorization: str | None = Header(default=None)):
require_admin(authorization)
storage = config.get_storage_backend()
user_storage = config.get_user_storage_backend()
account_pool_storage = config.get_account_pool_storage_backend()
return {
"backend": storage.get_backend_info(),
"health": storage.health_check(),
"user_backend": user_storage.get_backend_info(),
"user_health": user_storage.health_check(),
"account_pool_backend": account_pool_storage.get_backend_info(),
"account_pool_health": account_pool_storage.health_check(),
}
@router.post("/api/backup/test")
async def test_backup_connection(authorization: str | None = Header(default=None)):
require_admin(authorization)
try:
return {"result": await run_in_threadpool(backup_service.test_connection)}
except BackupError as exc:
raise HTTPException(status_code=400, detail={"error": str(exc)}) from exc
@router.post("/api/image-storage/test")
async def test_image_storage_endpoint(authorization: str | None = Header(default=None)):
require_admin(authorization)
return {"result": await run_in_threadpool(image_storage_service.test_webdav)}
@router.post("/api/image-storage/sync")
async def sync_image_storage_endpoint(authorization: str | None = Header(default=None)):
require_admin(authorization)
try:
return {"result": await run_in_threadpool(image_storage_service.sync_all)}
except ImageStorageError as exc:
raise HTTPException(status_code=400, detail={"error": str(exc)}) from exc
@router.get("/api/backups")
async def get_backups(authorization: str | None = Header(default=None)):
require_admin(authorization)
try:
return {
"items": await run_in_threadpool(backup_service.list_backups),
"state": backup_service.get_status(),
"settings": backup_service.get_settings(),
}
except BackupError as exc:
raise HTTPException(status_code=400, detail={"error": str(exc)}) from exc
@router.post("/api/backups/run")
async def run_backup_endpoint(authorization: str | None = Header(default=None)):
require_admin(authorization)
try:
return {"result": await run_in_threadpool(backup_service.run_backup)}
except BackupError as exc:
raise HTTPException(status_code=400, detail={"error": str(exc)}) from exc
@router.post("/api/backups/delete")
async def delete_backup_endpoint(body: BackupDeleteRequest, authorization: str | None = Header(default=None)):
require_admin(authorization)
try:
await run_in_threadpool(backup_service.delete_backup, body.key)
return {"ok": True}
except BackupError as exc:
raise HTTPException(status_code=400, detail={"error": str(exc)}) from exc
@router.get("/api/backups/detail")
async def get_backup_detail(key: str = "", authorization: str | None = Header(default=None)):
require_admin(authorization)
try:
return {"item": await run_in_threadpool(backup_service.get_backup_detail, key)}
except BackupError as exc:
raise HTTPException(status_code=400, detail={"error": str(exc)}) from exc
@router.get("/api/backups/download")
async def download_backup_endpoint(key: str = "", authorization: str | None = Header(default=None)):
require_admin(authorization)
try:
item = await run_in_threadpool(backup_service.download_backup, key)
except BackupError as exc:
raise HTTPException(status_code=400, detail={"error": str(exc)}) from exc
filename = str(item.get("name") or "backup.bin")
quoted = quote(filename)
headers = {
"Content-Disposition": f"attachment; filename*=UTF-8''{quoted}",
"Content-Length": str(int(item.get("size") or 0)),
}
return Response(
content=bytes(item.get("payload") or b""),
media_type=str(item.get("content_type") or "application/octet-stream"),
headers=headers,
)
@router.get("/api/images/tags")
async def list_image_tags(authorization: str | None = Header(default=None)):
require_admin(authorization)
return {"tags": get_all_tags()}
@router.post("/api/images/tags")
async def update_image_tags(body: ImageTagsRequest, authorization: str | None = Header(default=None)):
require_admin(authorization)
rel = body.path.strip().lstrip("/")
if not rel:
raise HTTPException(status_code=400, detail={"error": "path is required"})
tags = set_tags(rel, body.tags)
return {"ok": True, "tags": tags}
@router.delete("/api/images/tags/{tag}")
async def delete_image_tag(tag: str, authorization: str | None = Header(default=None)):
require_admin(authorization)
count = delete_tag(tag)
return {"ok": True, "removed_from": count}
return router