from __future__ import annotations from urllib.parse import quote import httpx from fastapi import APIRouter, Header, HTTPException, Request from fastapi.concurrency import run_in_threadpool from fastapi.responses import Response, StreamingResponse from pydantic import BaseModel, ConfigDict from api.support import require_admin, require_identity, resolve_image_base_url from services.backup_service import BackupError, backup_service from services.config import config from services.auth_service import auth_service from services.image_service import delete_images, download_images_zip, get_image_download_response, get_image_response, get_thumbnail_response, list_images from services.image_storage_service import ImageStorageError, image_storage_service from services.image_tags_service import delete_tag, get_all_tags, set_tags from services.log_service import log_service from services.proxy_service import test_proxy class SettingsUpdateRequest(BaseModel): model_config = ConfigDict(extra="allow") class WechatLoginRequest(BaseModel): code: str = "" class ProxyTestRequest(BaseModel): url: str = "" class ImageDeleteRequest(BaseModel): paths: list[str] = [] start_date: str = "" end_date: str = "" all_matching: bool = False class ImageDownloadRequest(BaseModel): paths: list[str] class ImageTagsRequest(BaseModel): path: str tags: list[str] class LogDeleteRequest(BaseModel): ids: list[str] = [] class BackupDeleteRequest(BaseModel): key: str = "" def create_router(app_version: str) -> APIRouter: router = APIRouter() @router.post("/auth/login") async def login(authorization: str | None = Header(default=None)): identity = require_identity(authorization) return { "ok": True, "version": app_version, "role": identity.get("role"), "subject_id": identity.get("id"), "name": identity.get("name"), "account_pool_enabled": bool(identity.get("role") == "admin" or identity.get("account_pool_enabled")), "login_session_duration_hours": config.login_session_duration_hours_for_role(identity.get("role")), } @router.get("/api/auth/wechat/status") async def wechat_login_status(): return { "enabled": config.wechat_login_enabled, "auto_register_enabled": config.wechat_auto_register_enabled, "login_session_duration_hours": config.normal_user_login_session_duration_hours, } @router.get("/api/branding") async def get_branding(): return {"branding": config.get_branding()} @router.post("/api/auth/wechat/login") async def wechat_login(body: WechatLoginRequest): if not config.wechat_login_enabled: raise HTTPException(status_code=403, detail={"error": "微信验证码登录已关闭,请使用登录密钥。"}) code = str(body.code or "").strip() if not code: raise HTTPException(status_code=400, detail={"error": "请输入微信验证码"}) try: async with httpx.AsyncClient(timeout=15.0) as client: response = await client.post("https://wx.z-l.top/api/auth/verify", json={"code": code}) except httpx.HTTPError as exc: raise HTTPException(status_code=502, detail={"error": "微信登录服务暂时不可用,请稍后再试"}) from exc try: payload = response.json() except ValueError as exc: raise HTTPException(status_code=502, detail={"error": "微信登录服务返回异常"}) from exc if not response.is_success or not payload.get("success"): message = str(payload.get("message") or "微信验证码无效或已过期") raise HTTPException(status_code=401, detail={"error": message}) user = payload.get("user") if isinstance(payload.get("user"), dict) else {} openid = str(user.get("openid") or "").strip() if not openid: raise HTTPException(status_code=502, detail={"error": "微信登录服务未返回 openid"}) try: item, raw_key, created = auth_service.get_or_create_wechat_normal_user( openid=openid, nickname=str(user.get("nickname") or "").strip(), avatar=str(user.get("avatar") or "").strip(), allow_create=config.wechat_auto_register_enabled, ) except ValueError as exc: raise HTTPException(status_code=403, detail={"error": str(exc)}) from exc except Exception as exc: print(f"[wechat-login] failed to save user: {exc}") raise HTTPException(status_code=503, detail={"error": f"微信登录已验证,但保存用户失败:{exc}"}) from exc return { "ok": True, "version": app_version, "role": "normal", "subject_id": item.get("id"), "name": item.get("name"), "account_pool_enabled": bool(item.get("account_pool_enabled")), "key": raw_key, "created": created, "login_session_duration_hours": config.normal_user_login_session_duration_hours, "credits": auth_service.credit_summary(item), "wechat": { "openid": openid, "nickname": item.get("wechat_nickname") or user.get("nickname") or "", "avatar": item.get("wechat_avatar") or user.get("avatar") or "", }, } @router.get("/version") async def get_version(): return {"version": app_version} @router.get("/api/settings") async def get_settings(authorization: str | None = Header(default=None)): require_admin(authorization) return {"config": config.get()} @router.get("/api/announcements") async def get_announcements(authorization: str | None = Header(default=None)): identity = require_identity(authorization) return {"items": config.get_announcements(role=str(identity.get("role") or ""))} @router.post("/api/settings") async def save_settings(body: SettingsUpdateRequest, authorization: str | None = Header(default=None)): require_admin(authorization) try: return {"config": config.update(body.model_dump(mode="python"))} except ValueError as exc: raise HTTPException(status_code=400, detail={"error": str(exc)}) from exc @router.get("/api/images") async def get_images(request: Request, start_date: str = "", end_date: str = "", authorization: str | None = Header(default=None)): require_admin(authorization) return list_images(resolve_image_base_url(request), start_date=start_date.strip(), end_date=end_date.strip()) @router.get("/images/{image_path:path}", include_in_schema=False) async def get_image(image_path: str): return get_image_response(image_path) @router.get("/image-thumbnails/{image_path:path}", include_in_schema=False) async def get_image_thumbnail(image_path: str): return get_thumbnail_response(image_path) @router.post("/api/images/delete") async def delete_images_endpoint(body: ImageDeleteRequest, authorization: str | None = Header(default=None)): require_admin(authorization) return delete_images(body.paths, start_date=body.start_date.strip(), end_date=body.end_date.strip(), all_matching=body.all_matching) @router.post("/api/images/download") async def download_images_endpoint(body: ImageDownloadRequest, authorization: str | None = Header(default=None)): require_admin(authorization) buf = download_images_zip(body.paths) return StreamingResponse( buf, media_type="application/zip", headers={"Content-Disposition": 'attachment; filename="images.zip"'}, ) @router.get("/api/images/download/{image_path:path}") async def download_single_image_endpoint(image_path: str, authorization: str | None = Header(default=None)): require_admin(authorization) return get_image_download_response(image_path) @router.get("/api/logs") async def get_logs(type: str = "", start_date: str = "", end_date: str = "", authorization: str | None = Header(default=None)): require_admin(authorization) return {"items": log_service.list(type=type.strip(), start_date=start_date.strip(), end_date=end_date.strip())} @router.post("/api/logs/delete") async def delete_logs(body: LogDeleteRequest, authorization: str | None = Header(default=None)): require_admin(authorization) return log_service.delete(body.ids) @router.post("/api/proxy/test") async def test_proxy_endpoint(body: ProxyTestRequest, authorization: str | None = Header(default=None)): require_admin(authorization) candidate = (body.url or "").strip() or config.get_proxy_settings() if not candidate: raise HTTPException(status_code=400, detail={"error": "proxy url is required"}) return {"result": await run_in_threadpool(test_proxy, candidate)} @router.get("/api/storage/info") async def get_storage_info(authorization: str | None = Header(default=None)): require_admin(authorization) storage = config.get_storage_backend() user_storage = config.get_user_storage_backend() account_pool_storage = config.get_account_pool_storage_backend() return { "backend": storage.get_backend_info(), "health": storage.health_check(), "user_backend": user_storage.get_backend_info(), "user_health": user_storage.health_check(), "account_pool_backend": account_pool_storage.get_backend_info(), "account_pool_health": account_pool_storage.health_check(), } @router.post("/api/backup/test") async def test_backup_connection(authorization: str | None = Header(default=None)): require_admin(authorization) try: return {"result": await run_in_threadpool(backup_service.test_connection)} except BackupError as exc: raise HTTPException(status_code=400, detail={"error": str(exc)}) from exc @router.post("/api/image-storage/test") async def test_image_storage_endpoint(authorization: str | None = Header(default=None)): require_admin(authorization) return {"result": await run_in_threadpool(image_storage_service.test_webdav)} @router.post("/api/image-storage/sync") async def sync_image_storage_endpoint(authorization: str | None = Header(default=None)): require_admin(authorization) try: return {"result": await run_in_threadpool(image_storage_service.sync_all)} except ImageStorageError as exc: raise HTTPException(status_code=400, detail={"error": str(exc)}) from exc @router.get("/api/backups") async def get_backups(authorization: str | None = Header(default=None)): require_admin(authorization) try: return { "items": await run_in_threadpool(backup_service.list_backups), "state": backup_service.get_status(), "settings": backup_service.get_settings(), } except BackupError as exc: raise HTTPException(status_code=400, detail={"error": str(exc)}) from exc @router.post("/api/backups/run") async def run_backup_endpoint(authorization: str | None = Header(default=None)): require_admin(authorization) try: return {"result": await run_in_threadpool(backup_service.run_backup)} except BackupError as exc: raise HTTPException(status_code=400, detail={"error": str(exc)}) from exc @router.post("/api/backups/delete") async def delete_backup_endpoint(body: BackupDeleteRequest, authorization: str | None = Header(default=None)): require_admin(authorization) try: await run_in_threadpool(backup_service.delete_backup, body.key) return {"ok": True} except BackupError as exc: raise HTTPException(status_code=400, detail={"error": str(exc)}) from exc @router.get("/api/backups/detail") async def get_backup_detail(key: str = "", authorization: str | None = Header(default=None)): require_admin(authorization) try: return {"item": await run_in_threadpool(backup_service.get_backup_detail, key)} except BackupError as exc: raise HTTPException(status_code=400, detail={"error": str(exc)}) from exc @router.get("/api/backups/download") async def download_backup_endpoint(key: str = "", authorization: str | None = Header(default=None)): require_admin(authorization) try: item = await run_in_threadpool(backup_service.download_backup, key) except BackupError as exc: raise HTTPException(status_code=400, detail={"error": str(exc)}) from exc filename = str(item.get("name") or "backup.bin") quoted = quote(filename) headers = { "Content-Disposition": f"attachment; filename*=UTF-8''{quoted}", "Content-Length": str(int(item.get("size") or 0)), } return Response( content=bytes(item.get("payload") or b""), media_type=str(item.get("content_type") or "application/octet-stream"), headers=headers, ) @router.get("/api/images/tags") async def list_image_tags(authorization: str | None = Header(default=None)): require_admin(authorization) return {"tags": get_all_tags()} @router.post("/api/images/tags") async def update_image_tags(body: ImageTagsRequest, authorization: str | None = Header(default=None)): require_admin(authorization) rel = body.path.strip().lstrip("/") if not rel: raise HTTPException(status_code=400, detail={"error": "path is required"}) tags = set_tags(rel, body.tags) return {"ok": True, "tags": tags} @router.delete("/api/images/tags/{tag}") async def delete_image_tag(tag: str, authorization: str | None = Header(default=None)): require_admin(authorization) count = delete_tag(tag) return {"ok": True, "removed_from": count} return router