45bd9ac705
* fix(ops): 修复运维监控系统的关键安全和稳定性问题
## 修复内容
### P0 严重问题
1. **DNS Rebinding防护** (ops_alert_service.go)
- 实现IP钉住机制防止验证后的DNS rebinding攻击
- 自定义Transport.DialContext强制只允许拨号到验证过的公网IP
- 扩展IP黑名单,包括云metadata地址(169.254.169.254)
- 添加完整的单元测试覆盖
2. **OpsAlertService生命周期管理** (wire.go)
- 在ProvideOpsMetricsCollector中添加opsAlertService.Start()调用
- 确保stopCtx正确初始化,避免nil指针问题
- 实现防御式启动,保证服务启动顺序
3. **数据库查询排序** (ops_repo.go)
- 在ListRecentSystemMetrics中添加显式ORDER BY updated_at DESC, id DESC
- 在GetLatestSystemMetric中添加排序保证
- 避免数据库返回顺序不确定导致告警误判
### P1 重要问题
4. **并发安全** (ops_metrics_collector.go)
- 为lastGCPauseTotal字段添加sync.Mutex保护
- 防止数据竞争
5. **Goroutine泄漏** (ops_error_logger.go)
- 实现worker pool模式限制并发goroutine数量
- 使用256容量缓冲队列和10个固定worker
- 非阻塞投递,队列满时丢弃任务
6. **生命周期控制** (ops_alert_service.go)
- 添加Start/Stop方法实现优雅关闭
- 使用context控制goroutine生命周期
- 实现WaitGroup等待后台任务完成
7. **Webhook URL验证** (ops_alert_service.go)
- 防止SSRF攻击:验证scheme、禁止内网IP
- DNS解析验证,拒绝解析到私有IP的域名
- 添加8个单元测试覆盖各种攻击场景
8. **资源泄漏** (ops_repo.go)
- 修复多处defer rows.Close()问题
- 简化冗余的defer func()包装
9. **HTTP超时控制** (ops_alert_service.go)
- 创建带10秒超时的http.Client
- 添加buildWebhookHTTPClient辅助函数
- 防止HTTP请求无限期挂起
10. **数据库查询优化** (ops_repo.go)
- 将GetWindowStats的4次独立查询合并为1次CTE查询
- 减少网络往返和表扫描次数
- 显著提升性能
11. **重试机制** (ops_alert_service.go)
- 实现邮件发送重试:最多3次,指数退避(1s/2s/4s)
- 添加webhook备用通道
- 实现完整的错误处理和日志记录
12. **魔法数字** (ops_repo.go, ops_metrics_collector.go)
- 提取硬编码数字为有意义的常量
- 提高代码可读性和可维护性
## 测试验证
- ✅ go test ./internal/service -tags opsalert_unit 通过
- ✅ 所有webhook验证测试通过
- ✅ 重试机制测试通过
## 影响范围
- 运维监控系统安全性显著提升
- 系统稳定性和性能优化
- 无破坏性变更,向后兼容
* feat(ops): 运维监控系统V2 - 完整实现
## 核心功能
- 运维监控仪表盘V2(实时监控、历史趋势、告警管理)
- WebSocket实时QPS/TPS监控(30s心跳,自动重连)
- 系统指标采集(CPU、内存、延迟、错误率等)
- 多维度统计分析(按provider、model、user等维度)
- 告警规则管理(阈值配置、通知渠道)
- 错误日志追踪(详细错误信息、堆栈跟踪)
## 数据库Schema (Migration 025)
### 扩展现有表
- ops_system_metrics: 新增RED指标、错误分类、延迟指标、资源指标、业务指标
- ops_alert_rules: 新增JSONB字段(dimension_filters, notify_channels, notify_config)
### 新增表
- ops_dimension_stats: 多维度统计数据
- ops_data_retention_config: 数据保留策略配置
### 新增视图和函数
- ops_latest_metrics: 最新1分钟窗口指标(已修复字段名和window过滤)
- ops_active_alerts: 当前活跃告警(已修复字段名和状态值)
- calculate_health_score: 健康分数计算函数
## 一致性修复(98/100分)
### P0级别(阻塞Migration)
- ✅ 修复ops_latest_metrics视图字段名(latency_p99→p99_latency_ms, cpu_usage→cpu_usage_percent)
- ✅ 修复ops_active_alerts视图字段名(metric→metric_type, triggered_at→fired_at, trigger_value→metric_value, threshold→threshold_value)
- ✅ 统一告警历史表名(删除ops_alert_history,使用ops_alert_events)
- ✅ 统一API参数限制(ListMetricsHistory和ListErrorLogs的limit改为5000)
### P1级别(功能完整性)
- ✅ 修复ops_latest_metrics视图未过滤window_minutes(添加WHERE m.window_minutes = 1)
- ✅ 修复数据回填UPDATE逻辑(QPS计算改为request_count/(window_minutes*60.0))
- ✅ 添加ops_alert_rules JSONB字段后端支持(Go结构体+序列化)
### P2级别(优化)
- ✅ 前端WebSocket自动重连(指数退避1s→2s→4s→8s→16s,最大5次)
- ✅ 后端WebSocket心跳检测(30s ping,60s pong超时)
## 技术实现
### 后端 (Go)
- Handler层: ops_handler.go(REST API), ops_ws_handler.go(WebSocket)
- Service层: ops_service.go(核心逻辑), ops_cache.go(缓存), ops_alerts.go(告警)
- Repository层: ops_repo.go(数据访问), ops.go(模型定义)
- 路由: admin.go(新增ops相关路由)
- 依赖注入: wire_gen.go(自动生成)
### 前端 (Vue3 + TypeScript)
- 组件: OpsDashboardV2.vue(仪表盘主组件)
- API: ops.ts(REST API + WebSocket封装)
- 路由: index.ts(新增/admin/ops路由)
- 国际化: en.ts, zh.ts(中英文支持)
## 测试验证
- ✅ 所有Go测试通过
- ✅ Migration可正常执行
- ✅ WebSocket连接稳定
- ✅ 前后端数据结构对齐
* refactor: 代码清理和测试优化
## 测试文件优化
- 简化integration test fixtures和断言
- 优化test helper函数
- 统一测试数据格式
## 代码清理
- 移除未使用的代码和注释
- 简化concurrency_cache实现
- 优化middleware错误处理
## 小修复
- 修复gateway_handler和openai_gateway_handler的小问题
- 统一代码风格和格式
变更统计: 27个文件,292行新增,322行删除(净减少30行)
* fix(ops): 运维监控系统安全加固和功能优化
## 安全增强
- feat(security): WebSocket日志脱敏机制,防止token/api_key泄露
- feat(security): X-Forwarded-Host白名单验证,防止CSRF绕过
- feat(security): Origin策略配置化,支持strict/permissive模式
- feat(auth): WebSocket认证支持query参数传递token
## 配置优化
- feat(config): 支持环境变量配置代理信任和Origin策略
- OPS_WS_TRUST_PROXY
- OPS_WS_TRUSTED_PROXIES
- OPS_WS_ORIGIN_POLICY
- fix(ops): 错误日志查询限流从5000降至500,优化内存使用
## 架构改进
- refactor(ops): 告警服务解耦,独立运行评估定时器
- refactor(ops): OpsDashboard统一版本,移除V2分离
## 测试和文档
- test(ops): 添加WebSocket安全验证单元测试(8个测试用例)
- test(ops): 添加告警服务集成测试
- docs(api): 更新API文档,标注限流变更
- docs: 添加CHANGELOG记录breaking changes
## 修复文件
Backend:
- backend/internal/server/middleware/logger.go
- backend/internal/handler/admin/ops_handler.go
- backend/internal/handler/admin/ops_ws_handler.go
- backend/internal/server/middleware/admin_auth.go
- backend/internal/service/ops_alert_service.go
- backend/internal/service/ops_metrics_collector.go
- backend/internal/service/wire.go
Frontend:
- frontend/src/views/admin/ops/OpsDashboard.vue
- frontend/src/router/index.ts
- frontend/src/api/admin/ops.ts
Tests:
- backend/internal/handler/admin/ops_ws_handler_test.go (新增)
- backend/internal/service/ops_alert_service_integration_test.go (新增)
Docs:
- CHANGELOG.md (新增)
- docs/API-运维监控中心2.0.md (更新)
* fix(migrations): 修复calculate_health_score函数类型匹配问题
在ops_latest_metrics视图中添加显式类型转换,确保参数类型与函数签名匹配
* fix(lint): 修复golangci-lint检查发现的所有问题
- 将Redis依赖从service层移到repository层
- 添加错误检查(WebSocket连接和读取超时)
- 运行gofmt格式化代码
- 添加nil指针检查
- 删除未使用的alertService字段
修复问题:
- depguard: 3个(service层不应直接import redis)
- errcheck: 3个(未检查错误返回值)
- gofmt: 2个(代码格式问题)
- staticcheck: 4个(nil指针解引用)
- unused: 1个(未使用字段)
代码统计:
- 修改文件:11个
- 删除代码:490行
- 新增代码:105行
- 净减少:385行
375 lines
12 KiB
Go
375 lines
12 KiB
Go
package admin
|
|
|
|
import (
|
|
"github.com/Wei-Shaw/sub2api/internal/handler/dto"
|
|
"github.com/Wei-Shaw/sub2api/internal/pkg/response"
|
|
"github.com/Wei-Shaw/sub2api/internal/service"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
// SettingHandler 系统设置处理器
|
|
type SettingHandler struct {
|
|
settingService *service.SettingService
|
|
emailService *service.EmailService
|
|
turnstileService *service.TurnstileService
|
|
}
|
|
|
|
// NewSettingHandler 创建系统设置处理器
|
|
func NewSettingHandler(settingService *service.SettingService, emailService *service.EmailService, turnstileService *service.TurnstileService) *SettingHandler {
|
|
return &SettingHandler{
|
|
settingService: settingService,
|
|
emailService: emailService,
|
|
turnstileService: turnstileService,
|
|
}
|
|
}
|
|
|
|
// GetSettings 获取所有系统设置
|
|
// GET /api/v1/admin/settings
|
|
func (h *SettingHandler) GetSettings(c *gin.Context) {
|
|
settings, err := h.settingService.GetAllSettings(c.Request.Context())
|
|
if err != nil {
|
|
response.ErrorFrom(c, err)
|
|
return
|
|
}
|
|
|
|
response.Success(c, dto.SystemSettings{
|
|
RegistrationEnabled: settings.RegistrationEnabled,
|
|
EmailVerifyEnabled: settings.EmailVerifyEnabled,
|
|
SMTPHost: settings.SMTPHost,
|
|
SMTPPort: settings.SMTPPort,
|
|
SMTPUsername: settings.SMTPUsername,
|
|
SMTPPassword: settings.SMTPPassword,
|
|
SMTPFrom: settings.SMTPFrom,
|
|
SMTPFromName: settings.SMTPFromName,
|
|
SMTPUseTLS: settings.SMTPUseTLS,
|
|
TurnstileEnabled: settings.TurnstileEnabled,
|
|
TurnstileSiteKey: settings.TurnstileSiteKey,
|
|
TurnstileSecretKey: settings.TurnstileSecretKey,
|
|
SiteName: settings.SiteName,
|
|
SiteLogo: settings.SiteLogo,
|
|
SiteSubtitle: settings.SiteSubtitle,
|
|
APIBaseURL: settings.APIBaseURL,
|
|
ContactInfo: settings.ContactInfo,
|
|
DocURL: settings.DocURL,
|
|
DefaultConcurrency: settings.DefaultConcurrency,
|
|
DefaultBalance: settings.DefaultBalance,
|
|
})
|
|
}
|
|
|
|
// UpdateSettingsRequest 更新设置请求
|
|
type UpdateSettingsRequest struct {
|
|
// 注册设置
|
|
RegistrationEnabled bool `json:"registration_enabled"`
|
|
EmailVerifyEnabled bool `json:"email_verify_enabled"`
|
|
|
|
// 邮件服务设置
|
|
SMTPHost string `json:"smtp_host"`
|
|
SMTPPort int `json:"smtp_port"`
|
|
SMTPUsername string `json:"smtp_username"`
|
|
SMTPPassword string `json:"smtp_password"`
|
|
SMTPFrom string `json:"smtp_from_email"`
|
|
SMTPFromName string `json:"smtp_from_name"`
|
|
SMTPUseTLS bool `json:"smtp_use_tls"`
|
|
|
|
// Cloudflare Turnstile 设置
|
|
TurnstileEnabled bool `json:"turnstile_enabled"`
|
|
TurnstileSiteKey string `json:"turnstile_site_key"`
|
|
TurnstileSecretKey string `json:"turnstile_secret_key"`
|
|
|
|
// OEM设置
|
|
SiteName string `json:"site_name"`
|
|
SiteLogo string `json:"site_logo"`
|
|
SiteSubtitle string `json:"site_subtitle"`
|
|
APIBaseURL string `json:"api_base_url"`
|
|
ContactInfo string `json:"contact_info"`
|
|
DocURL string `json:"doc_url"`
|
|
|
|
// 默认配置
|
|
DefaultConcurrency int `json:"default_concurrency"`
|
|
DefaultBalance float64 `json:"default_balance"`
|
|
}
|
|
|
|
// UpdateSettings 更新系统设置
|
|
// PUT /api/v1/admin/settings
|
|
func (h *SettingHandler) UpdateSettings(c *gin.Context) {
|
|
var req UpdateSettingsRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
response.BadRequest(c, "Invalid request: "+err.Error())
|
|
return
|
|
}
|
|
|
|
// 验证参数
|
|
if req.DefaultConcurrency < 1 {
|
|
req.DefaultConcurrency = 1
|
|
}
|
|
if req.DefaultBalance < 0 {
|
|
req.DefaultBalance = 0
|
|
}
|
|
if req.SMTPPort <= 0 {
|
|
req.SMTPPort = 587
|
|
}
|
|
|
|
// Turnstile 参数验证
|
|
if req.TurnstileEnabled {
|
|
// 检查必填字段
|
|
if req.TurnstileSiteKey == "" {
|
|
response.BadRequest(c, "Turnstile Site Key is required when enabled")
|
|
return
|
|
}
|
|
if req.TurnstileSecretKey == "" {
|
|
response.BadRequest(c, "Turnstile Secret Key is required when enabled")
|
|
return
|
|
}
|
|
|
|
// 获取当前设置,检查参数是否有变化
|
|
currentSettings, err := h.settingService.GetAllSettings(c.Request.Context())
|
|
if err != nil {
|
|
response.ErrorFrom(c, err)
|
|
return
|
|
}
|
|
|
|
// 当 site_key 或 secret_key 任一变化时验证(避免配置错误导致无法登录)
|
|
siteKeyChanged := currentSettings.TurnstileSiteKey != req.TurnstileSiteKey
|
|
secretKeyChanged := currentSettings.TurnstileSecretKey != req.TurnstileSecretKey
|
|
if siteKeyChanged || secretKeyChanged {
|
|
if err := h.turnstileService.ValidateSecretKey(c.Request.Context(), req.TurnstileSecretKey); err != nil {
|
|
response.ErrorFrom(c, err)
|
|
return
|
|
}
|
|
}
|
|
}
|
|
|
|
settings := &service.SystemSettings{
|
|
RegistrationEnabled: req.RegistrationEnabled,
|
|
EmailVerifyEnabled: req.EmailVerifyEnabled,
|
|
SMTPHost: req.SMTPHost,
|
|
SMTPPort: req.SMTPPort,
|
|
SMTPUsername: req.SMTPUsername,
|
|
SMTPPassword: req.SMTPPassword,
|
|
SMTPFrom: req.SMTPFrom,
|
|
SMTPFromName: req.SMTPFromName,
|
|
SMTPUseTLS: req.SMTPUseTLS,
|
|
TurnstileEnabled: req.TurnstileEnabled,
|
|
TurnstileSiteKey: req.TurnstileSiteKey,
|
|
TurnstileSecretKey: req.TurnstileSecretKey,
|
|
SiteName: req.SiteName,
|
|
SiteLogo: req.SiteLogo,
|
|
SiteSubtitle: req.SiteSubtitle,
|
|
APIBaseURL: req.APIBaseURL,
|
|
ContactInfo: req.ContactInfo,
|
|
DocURL: req.DocURL,
|
|
DefaultConcurrency: req.DefaultConcurrency,
|
|
DefaultBalance: req.DefaultBalance,
|
|
}
|
|
|
|
if err := h.settingService.UpdateSettings(c.Request.Context(), settings); err != nil {
|
|
response.ErrorFrom(c, err)
|
|
return
|
|
}
|
|
|
|
// 重新获取设置返回
|
|
updatedSettings, err := h.settingService.GetAllSettings(c.Request.Context())
|
|
if err != nil {
|
|
response.ErrorFrom(c, err)
|
|
return
|
|
}
|
|
|
|
response.Success(c, dto.SystemSettings{
|
|
RegistrationEnabled: updatedSettings.RegistrationEnabled,
|
|
EmailVerifyEnabled: updatedSettings.EmailVerifyEnabled,
|
|
SMTPHost: updatedSettings.SMTPHost,
|
|
SMTPPort: updatedSettings.SMTPPort,
|
|
SMTPUsername: updatedSettings.SMTPUsername,
|
|
SMTPPassword: updatedSettings.SMTPPassword,
|
|
SMTPFrom: updatedSettings.SMTPFrom,
|
|
SMTPFromName: updatedSettings.SMTPFromName,
|
|
SMTPUseTLS: updatedSettings.SMTPUseTLS,
|
|
TurnstileEnabled: updatedSettings.TurnstileEnabled,
|
|
TurnstileSiteKey: updatedSettings.TurnstileSiteKey,
|
|
TurnstileSecretKey: updatedSettings.TurnstileSecretKey,
|
|
SiteName: updatedSettings.SiteName,
|
|
SiteLogo: updatedSettings.SiteLogo,
|
|
SiteSubtitle: updatedSettings.SiteSubtitle,
|
|
APIBaseURL: updatedSettings.APIBaseURL,
|
|
ContactInfo: updatedSettings.ContactInfo,
|
|
DocURL: updatedSettings.DocURL,
|
|
DefaultConcurrency: updatedSettings.DefaultConcurrency,
|
|
DefaultBalance: updatedSettings.DefaultBalance,
|
|
})
|
|
}
|
|
|
|
// TestSMTPRequest 测试SMTP连接请求
|
|
type TestSMTPRequest struct {
|
|
SMTPHost string `json:"smtp_host" binding:"required"`
|
|
SMTPPort int `json:"smtp_port"`
|
|
SMTPUsername string `json:"smtp_username"`
|
|
SMTPPassword string `json:"smtp_password"`
|
|
SMTPUseTLS bool `json:"smtp_use_tls"`
|
|
}
|
|
|
|
// TestSMTPConnection 测试SMTP连接
|
|
// POST /api/v1/admin/settings/test-smtp
|
|
func (h *SettingHandler) TestSMTPConnection(c *gin.Context) {
|
|
var req TestSMTPRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
response.BadRequest(c, "Invalid request: "+err.Error())
|
|
return
|
|
}
|
|
|
|
if req.SMTPPort <= 0 {
|
|
req.SMTPPort = 587
|
|
}
|
|
|
|
// 如果未提供密码,从数据库获取已保存的密码
|
|
password := req.SMTPPassword
|
|
if password == "" {
|
|
savedConfig, err := h.emailService.GetSMTPConfig(c.Request.Context())
|
|
if err == nil && savedConfig != nil {
|
|
password = savedConfig.Password
|
|
}
|
|
}
|
|
|
|
config := &service.SMTPConfig{
|
|
Host: req.SMTPHost,
|
|
Port: req.SMTPPort,
|
|
Username: req.SMTPUsername,
|
|
Password: password,
|
|
UseTLS: req.SMTPUseTLS,
|
|
}
|
|
|
|
err := h.emailService.TestSMTPConnectionWithConfig(config)
|
|
if err != nil {
|
|
response.ErrorFrom(c, err)
|
|
return
|
|
}
|
|
|
|
response.Success(c, gin.H{"message": "SMTP connection successful"})
|
|
}
|
|
|
|
// SendTestEmailRequest 发送测试邮件请求
|
|
type SendTestEmailRequest struct {
|
|
Email string `json:"email" binding:"required,email"`
|
|
SMTPHost string `json:"smtp_host" binding:"required"`
|
|
SMTPPort int `json:"smtp_port"`
|
|
SMTPUsername string `json:"smtp_username"`
|
|
SMTPPassword string `json:"smtp_password"`
|
|
SMTPFrom string `json:"smtp_from_email"`
|
|
SMTPFromName string `json:"smtp_from_name"`
|
|
SMTPUseTLS bool `json:"smtp_use_tls"`
|
|
}
|
|
|
|
// SendTestEmail 发送测试邮件
|
|
// POST /api/v1/admin/settings/send-test-email
|
|
func (h *SettingHandler) SendTestEmail(c *gin.Context) {
|
|
var req SendTestEmailRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
response.BadRequest(c, "Invalid request: "+err.Error())
|
|
return
|
|
}
|
|
|
|
if req.SMTPPort <= 0 {
|
|
req.SMTPPort = 587
|
|
}
|
|
|
|
// 如果未提供密码,从数据库获取已保存的密码
|
|
password := req.SMTPPassword
|
|
if password == "" {
|
|
savedConfig, err := h.emailService.GetSMTPConfig(c.Request.Context())
|
|
if err == nil && savedConfig != nil {
|
|
password = savedConfig.Password
|
|
}
|
|
}
|
|
|
|
config := &service.SMTPConfig{
|
|
Host: req.SMTPHost,
|
|
Port: req.SMTPPort,
|
|
Username: req.SMTPUsername,
|
|
Password: password,
|
|
From: req.SMTPFrom,
|
|
FromName: req.SMTPFromName,
|
|
UseTLS: req.SMTPUseTLS,
|
|
}
|
|
|
|
siteName := h.settingService.GetSiteName(c.Request.Context())
|
|
subject := "[" + siteName + "] Test Email"
|
|
body := `
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<style>
|
|
body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background-color: #f5f5f5; margin: 0; padding: 20px; }
|
|
.container { max-width: 600px; margin: 0 auto; background-color: #ffffff; border-radius: 8px; overflow: hidden; box-shadow: 0 2px 8px rgba(0,0,0,0.1); }
|
|
.header { background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; padding: 30px; text-align: center; }
|
|
.content { padding: 40px 30px; text-align: center; }
|
|
.success { color: #10b981; font-size: 48px; margin-bottom: 20px; }
|
|
.footer { background-color: #f8f9fa; padding: 20px; text-align: center; color: #999; font-size: 12px; }
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<div class="container">
|
|
<div class="header">
|
|
<h1>` + siteName + `</h1>
|
|
</div>
|
|
<div class="content">
|
|
<div class="success">✓</div>
|
|
<h2>Email Configuration Successful!</h2>
|
|
<p>This is a test email to verify your SMTP settings are working correctly.</p>
|
|
</div>
|
|
<div class="footer">
|
|
<p>This is an automated test message.</p>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html>
|
|
`
|
|
|
|
if err := h.emailService.SendEmailWithConfig(config, req.Email, subject, body); err != nil {
|
|
response.ErrorFrom(c, err)
|
|
return
|
|
}
|
|
|
|
response.Success(c, gin.H{"message": "Test email sent successfully"})
|
|
}
|
|
|
|
// GetAdminAPIKey 获取管理员 API Key 状态
|
|
// GET /api/v1/admin/settings/admin-api-key
|
|
func (h *SettingHandler) GetAdminAPIKey(c *gin.Context) {
|
|
maskedKey, exists, err := h.settingService.GetAdminAPIKeyStatus(c.Request.Context())
|
|
if err != nil {
|
|
response.ErrorFrom(c, err)
|
|
return
|
|
}
|
|
|
|
response.Success(c, gin.H{
|
|
"exists": exists,
|
|
"masked_key": maskedKey,
|
|
})
|
|
}
|
|
|
|
// RegenerateAdminAPIKey 生成/重新生成管理员 API Key
|
|
// POST /api/v1/admin/settings/admin-api-key/regenerate
|
|
func (h *SettingHandler) RegenerateAdminAPIKey(c *gin.Context) {
|
|
key, err := h.settingService.GenerateAdminAPIKey(c.Request.Context())
|
|
if err != nil {
|
|
response.ErrorFrom(c, err)
|
|
return
|
|
}
|
|
|
|
response.Success(c, gin.H{
|
|
"key": key, // 完整 key 只在生成时返回一次
|
|
})
|
|
}
|
|
|
|
// DeleteAdminAPIKey 删除管理员 API Key
|
|
// DELETE /api/v1/admin/settings/admin-api-key
|
|
func (h *SettingHandler) DeleteAdminAPIKey(c *gin.Context) {
|
|
if err := h.settingService.DeleteAdminAPIKey(c.Request.Context()); err != nil {
|
|
response.ErrorFrom(c, err)
|
|
return
|
|
}
|
|
|
|
response.Success(c, gin.H{"message": "Admin API key deleted"})
|
|
}
|