e2037ad756
This commit introduces a major architectural refactoring to improve quota management, centralize logging, and streamline the relay handling logic. Key changes: - **Pre-consume Quota:** Implements a new mechanism to check and reserve user quota *before* making the request to the upstream provider. This ensures more accurate quota deduction and prevents users from exceeding their limits due to concurrent requests. - **Unified Relay Handlers:** Refactors the relay logic to use generic handlers (e.g., `ChatHandler`, `ImageHandler`) instead of provider-specific implementations. This significantly reduces code duplication and simplifies adding new channels. - **Centralized Logger:** A new dedicated `logger` package is introduced, and all system logging calls are migrated to use it, moving this responsibility out of the `common` package. - **Code Reorganization:** DTOs are generalized (e.g., `dalle.go` -> `openai_image.go`) and utility code is moved to more appropriate packages (e.g., `common/http.go` -> `service/http.go`) for better code structure.
984 lines
22 KiB
Go
984 lines
22 KiB
Go
package controller
|
||
|
||
import (
|
||
"encoding/json"
|
||
"fmt"
|
||
"net/http"
|
||
"net/url"
|
||
"one-api/common"
|
||
"one-api/dto"
|
||
"one-api/logger"
|
||
"one-api/model"
|
||
"one-api/setting"
|
||
"strconv"
|
||
"strings"
|
||
"sync"
|
||
|
||
"one-api/constant"
|
||
|
||
"github.com/gin-contrib/sessions"
|
||
"github.com/gin-gonic/gin"
|
||
)
|
||
|
||
type LoginRequest struct {
|
||
Username string `json:"username"`
|
||
Password string `json:"password"`
|
||
}
|
||
|
||
func Login(c *gin.Context) {
|
||
if !common.PasswordLoginEnabled {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"message": "管理员关闭了密码登录",
|
||
"success": false,
|
||
})
|
||
return
|
||
}
|
||
var loginRequest LoginRequest
|
||
err := json.NewDecoder(c.Request.Body).Decode(&loginRequest)
|
||
if err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"message": "无效的参数",
|
||
"success": false,
|
||
})
|
||
return
|
||
}
|
||
username := loginRequest.Username
|
||
password := loginRequest.Password
|
||
if username == "" || password == "" {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"message": "无效的参数",
|
||
"success": false,
|
||
})
|
||
return
|
||
}
|
||
user := model.User{
|
||
Username: username,
|
||
Password: password,
|
||
}
|
||
err = user.ValidateAndFill()
|
||
if err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"message": err.Error(),
|
||
"success": false,
|
||
})
|
||
return
|
||
}
|
||
|
||
// 检查是否启用2FA
|
||
if model.IsTwoFAEnabled(user.Id) {
|
||
// 设置pending session,等待2FA验证
|
||
session := sessions.Default(c)
|
||
session.Set("pending_username", user.Username)
|
||
session.Set("pending_user_id", user.Id)
|
||
err := session.Save()
|
||
if err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"message": "无法保存会话信息,请重试",
|
||
"success": false,
|
||
})
|
||
return
|
||
}
|
||
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"message": "请输入两步验证码",
|
||
"success": true,
|
||
"data": map[string]interface{}{
|
||
"require_2fa": true,
|
||
},
|
||
})
|
||
return
|
||
}
|
||
|
||
setupLogin(&user, c)
|
||
}
|
||
|
||
// setup session & cookies and then return user info
|
||
func setupLogin(user *model.User, c *gin.Context) {
|
||
session := sessions.Default(c)
|
||
session.Set("id", user.Id)
|
||
session.Set("username", user.Username)
|
||
session.Set("role", user.Role)
|
||
session.Set("status", user.Status)
|
||
session.Set("group", user.Group)
|
||
err := session.Save()
|
||
if err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"message": "无法保存会话信息,请重试",
|
||
"success": false,
|
||
})
|
||
return
|
||
}
|
||
cleanUser := model.User{
|
||
Id: user.Id,
|
||
Username: user.Username,
|
||
DisplayName: user.DisplayName,
|
||
Role: user.Role,
|
||
Status: user.Status,
|
||
Group: user.Group,
|
||
}
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"message": "",
|
||
"success": true,
|
||
"data": cleanUser,
|
||
})
|
||
}
|
||
|
||
func Logout(c *gin.Context) {
|
||
session := sessions.Default(c)
|
||
session.Clear()
|
||
err := session.Save()
|
||
if err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"message": err.Error(),
|
||
"success": false,
|
||
})
|
||
return
|
||
}
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"message": "",
|
||
"success": true,
|
||
})
|
||
}
|
||
|
||
func Register(c *gin.Context) {
|
||
if !common.RegisterEnabled {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"message": "管理员关闭了新用户注册",
|
||
"success": false,
|
||
})
|
||
return
|
||
}
|
||
if !common.PasswordRegisterEnabled {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"message": "管理员关闭了通过密码进行注册,请使用第三方账户验证的形式进行注册",
|
||
"success": false,
|
||
})
|
||
return
|
||
}
|
||
var user model.User
|
||
err := json.NewDecoder(c.Request.Body).Decode(&user)
|
||
if err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无效的参数",
|
||
})
|
||
return
|
||
}
|
||
if err := common.Validate.Struct(&user); err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "输入不合法 " + err.Error(),
|
||
})
|
||
return
|
||
}
|
||
if common.EmailVerificationEnabled {
|
||
if user.Email == "" || user.VerificationCode == "" {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "管理员开启了邮箱验证,请输入邮箱地址和验证码",
|
||
})
|
||
return
|
||
}
|
||
if !common.VerifyCodeWithKey(user.Email, user.VerificationCode, common.EmailVerificationPurpose) {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "验证码错误或已过期",
|
||
})
|
||
return
|
||
}
|
||
}
|
||
exist, err := model.CheckUserExistOrDeleted(user.Username, user.Email)
|
||
if err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "数据库错误,请稍后重试",
|
||
})
|
||
logger.SysError(fmt.Sprintf("CheckUserExistOrDeleted error: %v", err))
|
||
return
|
||
}
|
||
if exist {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "用户名已存在,或已注销",
|
||
})
|
||
return
|
||
}
|
||
affCode := user.AffCode // this code is the inviter's code, not the user's own code
|
||
inviterId, _ := model.GetUserIdByAffCode(affCode)
|
||
cleanUser := model.User{
|
||
Username: user.Username,
|
||
Password: user.Password,
|
||
DisplayName: user.Username,
|
||
InviterId: inviterId,
|
||
}
|
||
if common.EmailVerificationEnabled {
|
||
cleanUser.Email = user.Email
|
||
}
|
||
if err := cleanUser.Insert(inviterId); err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
|
||
// 获取插入后的用户ID
|
||
var insertedUser model.User
|
||
if err := model.DB.Where("username = ?", cleanUser.Username).First(&insertedUser).Error; err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "用户注册失败或用户ID获取失败",
|
||
})
|
||
return
|
||
}
|
||
// 生成默认令牌
|
||
if constant.GenerateDefaultToken {
|
||
key, err := common.GenerateKey()
|
||
if err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "生成默认令牌失败",
|
||
})
|
||
logger.SysError("failed to generate token key: " + err.Error())
|
||
return
|
||
}
|
||
// 生成默认令牌
|
||
token := model.Token{
|
||
UserId: insertedUser.Id, // 使用插入后的用户ID
|
||
Name: cleanUser.Username + "的初始令牌",
|
||
Key: key,
|
||
CreatedTime: common.GetTimestamp(),
|
||
AccessedTime: common.GetTimestamp(),
|
||
ExpiredTime: -1, // 永不过期
|
||
RemainQuota: 500000, // 示例额度
|
||
UnlimitedQuota: true,
|
||
ModelLimitsEnabled: false,
|
||
}
|
||
if setting.DefaultUseAutoGroup {
|
||
token.Group = "auto"
|
||
}
|
||
if err := token.Insert(); err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "创建默认令牌失败",
|
||
})
|
||
return
|
||
}
|
||
}
|
||
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": true,
|
||
"message": "",
|
||
})
|
||
return
|
||
}
|
||
|
||
func GetAllUsers(c *gin.Context) {
|
||
pageInfo := common.GetPageQuery(c)
|
||
users, total, err := model.GetAllUsers(pageInfo)
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
|
||
pageInfo.SetTotal(int(total))
|
||
pageInfo.SetItems(users)
|
||
|
||
common.ApiSuccess(c, pageInfo)
|
||
return
|
||
}
|
||
|
||
func SearchUsers(c *gin.Context) {
|
||
keyword := c.Query("keyword")
|
||
group := c.Query("group")
|
||
pageInfo := common.GetPageQuery(c)
|
||
users, total, err := model.SearchUsers(keyword, group, pageInfo.GetStartIdx(), pageInfo.GetPageSize())
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
|
||
pageInfo.SetTotal(int(total))
|
||
pageInfo.SetItems(users)
|
||
common.ApiSuccess(c, pageInfo)
|
||
return
|
||
}
|
||
|
||
func GetUser(c *gin.Context) {
|
||
id, err := strconv.Atoi(c.Param("id"))
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
user, err := model.GetUserById(id, false)
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
myRole := c.GetInt("role")
|
||
if myRole <= user.Role && myRole != common.RoleRootUser {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无权获取同级或更高等级用户的信息",
|
||
})
|
||
return
|
||
}
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": true,
|
||
"message": "",
|
||
"data": user,
|
||
})
|
||
return
|
||
}
|
||
|
||
func GenerateAccessToken(c *gin.Context) {
|
||
id := c.GetInt("id")
|
||
user, err := model.GetUserById(id, true)
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
// get rand int 28-32
|
||
randI := common.GetRandomInt(4)
|
||
key, err := common.GenerateRandomKey(29 + randI)
|
||
if err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "生成失败",
|
||
})
|
||
logger.SysError("failed to generate key: " + err.Error())
|
||
return
|
||
}
|
||
user.SetAccessToken(key)
|
||
|
||
if model.DB.Where("access_token = ?", user.AccessToken).First(user).RowsAffected != 0 {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "请重试,系统生成的 UUID 竟然重复了!",
|
||
})
|
||
return
|
||
}
|
||
|
||
if err := user.Update(false); err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": true,
|
||
"message": "",
|
||
"data": user.AccessToken,
|
||
})
|
||
return
|
||
}
|
||
|
||
type TransferAffQuotaRequest struct {
|
||
Quota int `json:"quota" binding:"required"`
|
||
}
|
||
|
||
func TransferAffQuota(c *gin.Context) {
|
||
id := c.GetInt("id")
|
||
user, err := model.GetUserById(id, true)
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
tran := TransferAffQuotaRequest{}
|
||
if err := c.ShouldBindJSON(&tran); err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
err = user.TransferAffQuotaToQuota(tran.Quota)
|
||
if err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "划转失败 " + err.Error(),
|
||
})
|
||
return
|
||
}
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": true,
|
||
"message": "划转成功",
|
||
})
|
||
}
|
||
|
||
func GetAffCode(c *gin.Context) {
|
||
id := c.GetInt("id")
|
||
user, err := model.GetUserById(id, true)
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
if user.AffCode == "" {
|
||
user.AffCode = common.GetRandomString(4)
|
||
if err := user.Update(false); err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": err.Error(),
|
||
})
|
||
return
|
||
}
|
||
}
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": true,
|
||
"message": "",
|
||
"data": user.AffCode,
|
||
})
|
||
return
|
||
}
|
||
|
||
func GetSelf(c *gin.Context) {
|
||
id := c.GetInt("id")
|
||
user, err := model.GetUserById(id, false)
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
// Hide admin remarks: set to empty to trigger omitempty tag, ensuring the remark field is not included in JSON returned to regular users
|
||
user.Remark = ""
|
||
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": true,
|
||
"message": "",
|
||
"data": user,
|
||
})
|
||
return
|
||
}
|
||
|
||
func GetUserModels(c *gin.Context) {
|
||
id, err := strconv.Atoi(c.Param("id"))
|
||
if err != nil {
|
||
id = c.GetInt("id")
|
||
}
|
||
user, err := model.GetUserCache(id)
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
groups := setting.GetUserUsableGroups(user.Group)
|
||
var models []string
|
||
for group := range groups {
|
||
for _, g := range model.GetGroupEnabledModels(group) {
|
||
if !common.StringsContains(models, g) {
|
||
models = append(models, g)
|
||
}
|
||
}
|
||
}
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": true,
|
||
"message": "",
|
||
"data": models,
|
||
})
|
||
return
|
||
}
|
||
|
||
func UpdateUser(c *gin.Context) {
|
||
var updatedUser model.User
|
||
err := json.NewDecoder(c.Request.Body).Decode(&updatedUser)
|
||
if err != nil || updatedUser.Id == 0 {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无效的参数",
|
||
})
|
||
return
|
||
}
|
||
if updatedUser.Password == "" {
|
||
updatedUser.Password = "$I_LOVE_U" // make Validator happy :)
|
||
}
|
||
if err := common.Validate.Struct(&updatedUser); err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "输入不合法 " + err.Error(),
|
||
})
|
||
return
|
||
}
|
||
originUser, err := model.GetUserById(updatedUser.Id, false)
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
myRole := c.GetInt("role")
|
||
if myRole <= originUser.Role && myRole != common.RoleRootUser {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无权更新同权限等级或更高权限等级的用户信息",
|
||
})
|
||
return
|
||
}
|
||
if myRole <= updatedUser.Role && myRole != common.RoleRootUser {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无权将其他用户权限等级提升到大于等于自己的权限等级",
|
||
})
|
||
return
|
||
}
|
||
if updatedUser.Password == "$I_LOVE_U" {
|
||
updatedUser.Password = "" // rollback to what it should be
|
||
}
|
||
updatePassword := updatedUser.Password != ""
|
||
if err := updatedUser.Edit(updatePassword); err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
if originUser.Quota != updatedUser.Quota {
|
||
model.RecordLog(originUser.Id, model.LogTypeManage, fmt.Sprintf("管理员将用户额度从 %s修改为 %s", logger.LogQuota(originUser.Quota), logger.LogQuota(updatedUser.Quota)))
|
||
}
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": true,
|
||
"message": "",
|
||
})
|
||
return
|
||
}
|
||
|
||
func UpdateSelf(c *gin.Context) {
|
||
var user model.User
|
||
err := json.NewDecoder(c.Request.Body).Decode(&user)
|
||
if err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无效的参数",
|
||
})
|
||
return
|
||
}
|
||
if user.Password == "" {
|
||
user.Password = "$I_LOVE_U" // make Validator happy :)
|
||
}
|
||
if err := common.Validate.Struct(&user); err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "输入不合法 " + err.Error(),
|
||
})
|
||
return
|
||
}
|
||
|
||
cleanUser := model.User{
|
||
Id: c.GetInt("id"),
|
||
Username: user.Username,
|
||
Password: user.Password,
|
||
DisplayName: user.DisplayName,
|
||
}
|
||
if user.Password == "$I_LOVE_U" {
|
||
user.Password = "" // rollback to what it should be
|
||
cleanUser.Password = ""
|
||
}
|
||
updatePassword, err := checkUpdatePassword(user.OriginalPassword, user.Password, cleanUser.Id)
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
if err := cleanUser.Update(updatePassword); err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": true,
|
||
"message": "",
|
||
})
|
||
return
|
||
}
|
||
|
||
func checkUpdatePassword(originalPassword string, newPassword string, userId int) (updatePassword bool, err error) {
|
||
var currentUser *model.User
|
||
currentUser, err = model.GetUserById(userId, true)
|
||
if err != nil {
|
||
return
|
||
}
|
||
if !common.ValidatePasswordAndHash(originalPassword, currentUser.Password) {
|
||
err = fmt.Errorf("原密码错误")
|
||
return
|
||
}
|
||
if newPassword == "" {
|
||
return
|
||
}
|
||
updatePassword = true
|
||
return
|
||
}
|
||
|
||
func DeleteUser(c *gin.Context) {
|
||
id, err := strconv.Atoi(c.Param("id"))
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
originUser, err := model.GetUserById(id, false)
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
myRole := c.GetInt("role")
|
||
if myRole <= originUser.Role {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无权删除同权限等级或更高权限等级的用户",
|
||
})
|
||
return
|
||
}
|
||
err = model.HardDeleteUserById(id)
|
||
if err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": true,
|
||
"message": "",
|
||
})
|
||
return
|
||
}
|
||
}
|
||
|
||
func DeleteSelf(c *gin.Context) {
|
||
id := c.GetInt("id")
|
||
user, _ := model.GetUserById(id, false)
|
||
|
||
if user.Role == common.RoleRootUser {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "不能删除超级管理员账户",
|
||
})
|
||
return
|
||
}
|
||
|
||
err := model.DeleteUserById(id)
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": true,
|
||
"message": "",
|
||
})
|
||
return
|
||
}
|
||
|
||
func CreateUser(c *gin.Context) {
|
||
var user model.User
|
||
err := json.NewDecoder(c.Request.Body).Decode(&user)
|
||
user.Username = strings.TrimSpace(user.Username)
|
||
if err != nil || user.Username == "" || user.Password == "" {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无效的参数",
|
||
})
|
||
return
|
||
}
|
||
if err := common.Validate.Struct(&user); err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "输入不合法 " + err.Error(),
|
||
})
|
||
return
|
||
}
|
||
if user.DisplayName == "" {
|
||
user.DisplayName = user.Username
|
||
}
|
||
myRole := c.GetInt("role")
|
||
if user.Role >= myRole {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无法创建权限大于等于自己的用户",
|
||
})
|
||
return
|
||
}
|
||
// Even for admin users, we cannot fully trust them!
|
||
cleanUser := model.User{
|
||
Username: user.Username,
|
||
Password: user.Password,
|
||
DisplayName: user.DisplayName,
|
||
}
|
||
if err := cleanUser.Insert(0); err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": true,
|
||
"message": "",
|
||
})
|
||
return
|
||
}
|
||
|
||
type ManageRequest struct {
|
||
Id int `json:"id"`
|
||
Action string `json:"action"`
|
||
}
|
||
|
||
// ManageUser Only admin user can do this
|
||
func ManageUser(c *gin.Context) {
|
||
var req ManageRequest
|
||
err := json.NewDecoder(c.Request.Body).Decode(&req)
|
||
|
||
if err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无效的参数",
|
||
})
|
||
return
|
||
}
|
||
user := model.User{
|
||
Id: req.Id,
|
||
}
|
||
// Fill attributes
|
||
model.DB.Unscoped().Where(&user).First(&user)
|
||
if user.Id == 0 {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "用户不存在",
|
||
})
|
||
return
|
||
}
|
||
myRole := c.GetInt("role")
|
||
if myRole <= user.Role && myRole != common.RoleRootUser {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无权更新同权限等级或更高权限等级的用户信息",
|
||
})
|
||
return
|
||
}
|
||
switch req.Action {
|
||
case "disable":
|
||
user.Status = common.UserStatusDisabled
|
||
if user.Role == common.RoleRootUser {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无法禁用超级管理员用户",
|
||
})
|
||
return
|
||
}
|
||
case "enable":
|
||
user.Status = common.UserStatusEnabled
|
||
case "delete":
|
||
if user.Role == common.RoleRootUser {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无法删除超级管理员用户",
|
||
})
|
||
return
|
||
}
|
||
if err := user.Delete(); err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": err.Error(),
|
||
})
|
||
return
|
||
}
|
||
case "promote":
|
||
if myRole != common.RoleRootUser {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "普通管理员用户无法提升其他用户为管理员",
|
||
})
|
||
return
|
||
}
|
||
if user.Role >= common.RoleAdminUser {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "该用户已经是管理员",
|
||
})
|
||
return
|
||
}
|
||
user.Role = common.RoleAdminUser
|
||
case "demote":
|
||
if user.Role == common.RoleRootUser {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无法降级超级管理员用户",
|
||
})
|
||
return
|
||
}
|
||
if user.Role == common.RoleCommonUser {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "该用户已经是普通用户",
|
||
})
|
||
return
|
||
}
|
||
user.Role = common.RoleCommonUser
|
||
}
|
||
|
||
if err := user.Update(false); err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
clearUser := model.User{
|
||
Role: user.Role,
|
||
Status: user.Status,
|
||
}
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": true,
|
||
"message": "",
|
||
"data": clearUser,
|
||
})
|
||
return
|
||
}
|
||
|
||
func EmailBind(c *gin.Context) {
|
||
email := c.Query("email")
|
||
code := c.Query("code")
|
||
if !common.VerifyCodeWithKey(email, code, common.EmailVerificationPurpose) {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "验证码错误或已过期",
|
||
})
|
||
return
|
||
}
|
||
session := sessions.Default(c)
|
||
id := session.Get("id")
|
||
user := model.User{
|
||
Id: id.(int),
|
||
}
|
||
err := user.FillUserById()
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
user.Email = email
|
||
// no need to check if this email already taken, because we have used verification code to check it
|
||
err = user.Update(false)
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": true,
|
||
"message": "",
|
||
})
|
||
return
|
||
}
|
||
|
||
type topUpRequest struct {
|
||
Key string `json:"key"`
|
||
}
|
||
|
||
var topUpLock = sync.Mutex{}
|
||
|
||
func TopUp(c *gin.Context) {
|
||
topUpLock.Lock()
|
||
defer topUpLock.Unlock()
|
||
req := topUpRequest{}
|
||
err := c.ShouldBindJSON(&req)
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
id := c.GetInt("id")
|
||
quota, err := model.Redeem(req.Key, id)
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": true,
|
||
"message": "",
|
||
"data": quota,
|
||
})
|
||
return
|
||
}
|
||
|
||
type UpdateUserSettingRequest struct {
|
||
QuotaWarningType string `json:"notify_type"`
|
||
QuotaWarningThreshold float64 `json:"quota_warning_threshold"`
|
||
WebhookUrl string `json:"webhook_url,omitempty"`
|
||
WebhookSecret string `json:"webhook_secret,omitempty"`
|
||
NotificationEmail string `json:"notification_email,omitempty"`
|
||
AcceptUnsetModelRatioModel bool `json:"accept_unset_model_ratio_model"`
|
||
RecordIpLog bool `json:"record_ip_log"`
|
||
}
|
||
|
||
func UpdateUserSetting(c *gin.Context) {
|
||
var req UpdateUserSettingRequest
|
||
if err := c.ShouldBindJSON(&req); err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无效的参数",
|
||
})
|
||
return
|
||
}
|
||
|
||
// 验证预警类型
|
||
if req.QuotaWarningType != dto.NotifyTypeEmail && req.QuotaWarningType != dto.NotifyTypeWebhook {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无效的预警类型",
|
||
})
|
||
return
|
||
}
|
||
|
||
// 验证预警阈值
|
||
if req.QuotaWarningThreshold <= 0 {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "预警阈值必须大于0",
|
||
})
|
||
return
|
||
}
|
||
|
||
// 如果是webhook类型,验证webhook地址
|
||
if req.QuotaWarningType == dto.NotifyTypeWebhook {
|
||
if req.WebhookUrl == "" {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "Webhook地址不能为空",
|
||
})
|
||
return
|
||
}
|
||
// 验证URL格式
|
||
if _, err := url.ParseRequestURI(req.WebhookUrl); err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无效的Webhook地址",
|
||
})
|
||
return
|
||
}
|
||
}
|
||
|
||
// 如果是邮件类型,验证邮箱地址
|
||
if req.QuotaWarningType == dto.NotifyTypeEmail && req.NotificationEmail != "" {
|
||
// 验证邮箱格式
|
||
if !strings.Contains(req.NotificationEmail, "@") {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "无效的邮箱地址",
|
||
})
|
||
return
|
||
}
|
||
}
|
||
|
||
userId := c.GetInt("id")
|
||
user, err := model.GetUserById(userId, true)
|
||
if err != nil {
|
||
common.ApiError(c, err)
|
||
return
|
||
}
|
||
|
||
// 构建设置
|
||
settings := dto.UserSetting{
|
||
NotifyType: req.QuotaWarningType,
|
||
QuotaWarningThreshold: req.QuotaWarningThreshold,
|
||
AcceptUnsetRatioModel: req.AcceptUnsetModelRatioModel,
|
||
RecordIpLog: req.RecordIpLog,
|
||
}
|
||
|
||
// 如果是webhook类型,添加webhook相关设置
|
||
if req.QuotaWarningType == dto.NotifyTypeWebhook {
|
||
settings.WebhookUrl = req.WebhookUrl
|
||
if req.WebhookSecret != "" {
|
||
settings.WebhookSecret = req.WebhookSecret
|
||
}
|
||
}
|
||
|
||
// 如果提供了通知邮箱,添加到设置中
|
||
if req.QuotaWarningType == dto.NotifyTypeEmail && req.NotificationEmail != "" {
|
||
settings.NotificationEmail = req.NotificationEmail
|
||
}
|
||
|
||
// 更新用户设置
|
||
user.SetSetting(settings)
|
||
if err := user.Update(false); err != nil {
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": false,
|
||
"message": "更新设置失败: " + err.Error(),
|
||
})
|
||
return
|
||
}
|
||
|
||
c.JSON(http.StatusOK, gin.H{
|
||
"success": true,
|
||
"message": "设置已更新",
|
||
})
|
||
}
|