feat(运维监控): 增强监控功能和健康评分系统

后端改进： - 新增健康评分计算服务（ops_health_score.go） - 添加分布式锁支持（ops_advisory_lock.go） - 优化指标采集和聚合逻辑 - 新增运维指标采集间隔配置（60-3600秒） - 移除未使用的WebSocket查询token认证中间件 - 改进清理服务和告警评估逻辑前端改进： - 简化OpsDashboard组件结构 - 完善国际化文本（中英文） - 新增运维监控相关API类型定义 - 添加运维指标采集间隔设置界面 - 优化错误详情模态框测试： - 添加健康评分单元测试 - 更新API契约测试
2026-01-10 01:38:47 +08:00
parent 8ae75e7f6e
commit 585257d340
25 changed files with 570 additions and 385 deletions
--- a/backend/internal/server/middleware/ws_query_token_auth.go
+++ b/backend/internal/server/middleware/ws_query_token_auth.go
@@ -1,54 +0,0 @@
-package middleware
-
-import (
-	"net/http"
-	"strings"
-
-	"github.com/gin-gonic/gin"
-)
-
-// InjectBearerTokenFromQueryForWebSocket copies `?token=` into the Authorization header
-// for WebSocket handshake requests on a small allow-list of endpoints.
-//
-// Why: browsers can't set custom headers on WebSocket handshake, but our admin routes
-// are protected by header-based auth. This keeps the token support scoped to WS only.
-func InjectBearerTokenFromQueryForWebSocket() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		if c == nil || c.Request == nil {
-			if c != nil {
-				c.Next()
-			}
-			return
-		}
-
-		// Only GET websocket upgrades.
-		if c.Request.Method != http.MethodGet {
-			c.Next()
-			return
-		}
-		if !strings.EqualFold(strings.TrimSpace(c.GetHeader("Upgrade")), "websocket") {
-			c.Next()
-			return
-		}
-
-		// If caller already supplied auth headers, don't override.
-		if strings.TrimSpace(c.GetHeader("Authorization")) != "" || strings.TrimSpace(c.GetHeader("x-api-key")) != "" {
-			c.Next()
-			return
-		}
-
-		// Allow-list ops websocket endpoints.
-		path := strings.TrimSpace(c.Request.URL.Path)
-		if !strings.HasPrefix(path, "/api/v1/admin/ops/ws/") {
-			c.Next()
-			return
-		}
-
-		token := strings.TrimSpace(c.Query("token"))
-		if token != "" {
-			c.Request.Header.Set("Authorization", "Bearer "+token)
-		}
-
-		c.Next()
-	}
-}