0a4641c24e
* feat(api-key): add IP whitelist/blacklist restriction and usage log IP tracking - Add IP restriction feature for API keys (whitelist/blacklist with CIDR support) - Add IP address logging to usage logs (admin-only visibility) - Remove billing_type column from usage logs UI (redundant) - Use generic "Access denied" error message for security Backend: - New ip package with IP/CIDR validation and matching utilities - Database migrations for ip_whitelist, ip_blacklist (api_keys) and ip_address (usage_logs) - Middleware IP restriction check after API key validation - Input validation for IP/CIDR patterns on create/update Frontend: - API key form with enable toggle for IP restriction - Shield icon indicator in table for keys with IP restriction - Removed billing_type filter and column from usage views * fix: update API contract tests for ip_whitelist/ip_blacklist fields Add ip_whitelist and ip_blacklist fields to expected JSON responses in API contract tests to match the new API key schema.
82 lines
1.7 KiB
Go
82 lines
1.7 KiB
Go
package schema
|
|
|
|
import (
|
|
"github.com/Wei-Shaw/sub2api/ent/schema/mixins"
|
|
"github.com/Wei-Shaw/sub2api/internal/service"
|
|
|
|
"entgo.io/ent"
|
|
"entgo.io/ent/dialect/entsql"
|
|
"entgo.io/ent/schema"
|
|
"entgo.io/ent/schema/edge"
|
|
"entgo.io/ent/schema/field"
|
|
"entgo.io/ent/schema/index"
|
|
)
|
|
|
|
// APIKey holds the schema definition for the APIKey entity.
|
|
type APIKey struct {
|
|
ent.Schema
|
|
}
|
|
|
|
func (APIKey) Annotations() []schema.Annotation {
|
|
return []schema.Annotation{
|
|
entsql.Annotation{Table: "api_keys"},
|
|
}
|
|
}
|
|
|
|
func (APIKey) Mixin() []ent.Mixin {
|
|
return []ent.Mixin{
|
|
mixins.TimeMixin{},
|
|
mixins.SoftDeleteMixin{},
|
|
}
|
|
}
|
|
|
|
func (APIKey) Fields() []ent.Field {
|
|
return []ent.Field{
|
|
field.Int64("user_id"),
|
|
field.String("key").
|
|
MaxLen(128).
|
|
NotEmpty().
|
|
Unique(),
|
|
field.String("name").
|
|
MaxLen(100).
|
|
NotEmpty(),
|
|
field.Int64("group_id").
|
|
Optional().
|
|
Nillable(),
|
|
field.String("status").
|
|
MaxLen(20).
|
|
Default(service.StatusActive),
|
|
field.JSON("ip_whitelist", []string{}).
|
|
Optional().
|
|
Comment("Allowed IPs/CIDRs, e.g. [\"192.168.1.100\", \"10.0.0.0/8\"]"),
|
|
field.JSON("ip_blacklist", []string{}).
|
|
Optional().
|
|
Comment("Blocked IPs/CIDRs"),
|
|
}
|
|
}
|
|
|
|
func (APIKey) Edges() []ent.Edge {
|
|
return []ent.Edge{
|
|
edge.From("user", User.Type).
|
|
Ref("api_keys").
|
|
Field("user_id").
|
|
Unique().
|
|
Required(),
|
|
edge.From("group", Group.Type).
|
|
Ref("api_keys").
|
|
Field("group_id").
|
|
Unique(),
|
|
edge.To("usage_logs", UsageLog.Type),
|
|
}
|
|
}
|
|
|
|
func (APIKey) Indexes() []ent.Index {
|
|
return []ent.Index{
|
|
// key 字段已在 Fields() 中声明 Unique(),无需重复索引
|
|
index.Fields("user_id"),
|
|
index.Fields("group_id"),
|
|
index.Fields("status"),
|
|
index.Fields("deleted_at"),
|
|
}
|
|
}
|