Compare commits
No commits in common. "main" and "0.0.1" have entirely different histories.
|
|
@ -1,32 +0,0 @@
|
|||
# 依赖 —— Dockerfile 内用 npm ci 安装
|
||||
node_modules
|
||||
|
||||
# 构建产物 —— Dockerfile 内用 npm run build 生成
|
||||
.next
|
||||
|
||||
# 运行时数据 —— volume 挂载
|
||||
data
|
||||
uploads
|
||||
db-backups
|
||||
|
||||
# 开发工具
|
||||
.claude
|
||||
.playwright-mcp
|
||||
.git
|
||||
.gitignore
|
||||
Dockerfile
|
||||
docker-compose.yml
|
||||
Caddyfile
|
||||
.env
|
||||
.env.*
|
||||
.DS_Store
|
||||
|
||||
# 文档
|
||||
*.md
|
||||
docs
|
||||
templates-docs
|
||||
CHANGELOG.md
|
||||
README.md
|
||||
|
||||
# 构建缓存
|
||||
tsconfig.tsbuildinfo
|
||||
|
|
@ -4,6 +4,6 @@ NODE_ENV=development
|
|||
|
||||
# issue-ai API 配置(用于故障历史功能)
|
||||
# NEXT_PUBLIC_ 前缀:构建时内嵌到客户端 JS,云上必须通过 deploy-ai.sh 设置
|
||||
# 本地开发:http://localhost:6176/tickets
|
||||
# 本地开发:http://localhost:5176/tickets
|
||||
# 云上生产:https://issue.tlyq.ai/tickets
|
||||
NEXT_PUBLIC_ISSUE_URL=http://localhost:6176/tickets
|
||||
NEXT_PUBLIC_ISSUE_URL=http://localhost:5176/tickets
|
||||
|
|
|
|||
66
CHANGELOG.md
66
CHANGELOG.md
|
|
@ -1,71 +1,5 @@
|
|||
# 变更日志
|
||||
|
||||
## 2026-05-18
|
||||
|
||||
- [新增] 用户详情页 — 点击用户名查看完整信息,支持编辑和键盘导航
|
||||
- [优化] 用户管理 UI 统一:Modal 支持键盘导航(ESC/←→/Enter)、TopBar/Button 样式与 issue-ai 对齐
|
||||
- [调整] 用户列表页去创建时间列,编辑功能移到详情页,仅保留删除按钮
|
||||
- [新增] LDAP 邮箱自动同步:密码登录/SSO 路径均从 LLDAP 同步 `mail` 到本地 `users.email`,增加 `/api/users/sync-emails` 批量同步接口
|
||||
- [新增] 编辑用户弹窗增加启用/禁用状态切换、新密码二次确认
|
||||
- [优化] 角色权限页面 UI 统一:删除改用 Modal 确认、按钮样式对齐
|
||||
- [优化] API Key 页面 UI 统一:增加副标题、状态可点击切换、创建弹窗增加错误提示和默认权限说明、成功提示颜色对齐
|
||||
- [优化] 全站字体大小和颜色统一:列表页/详情页 `text-sm` 一致、dark mode 颜色补全
|
||||
- [修复] 用户管理"最后登录"时间不动态更新:SSO 免登录、本地 JWT 会话验证路径现在也会更新 `last_login_at`
|
||||
|
||||
## 2026-05-15
|
||||
|
||||
- [修复] docker-compose.yml 缺少 `ALLOWED_API_KEYS` 环境变量传入,导致 P2 部署后中间件返回 401,issue-ai 调用 assets API 再次失效
|
||||
- [修复] middleware 移除 `better-sqlite3` 依赖,修复 Edge Runtime 不支持 Node.js 原生模块的编译报错(`The edge runtime does not support Node.js 'fs' module`)
|
||||
- [新增] deploy-ai.sh 部署后自动验证 assets→issue API 连通性,带重试机制(3次/10s间隔),与 issue→assets 方向对称
|
||||
|
||||
## 2026-05-14
|
||||
|
||||
- [新增] 权限细粒度拆分:`assets:write` → `assets:create`(新增设备)、`assets:import`(导入设备)、`assets:update`(编辑设备),支持独立授权
|
||||
- [新增] API 模板下载路由增加 `assets:import` 权限检查(原仅校验登录态)
|
||||
- [优化] 角色权限选择列表同步新增三个权限选项(新增资产/导入资产/编辑资产)
|
||||
- [修复] 资产列表页、详情页按钮无权限控制:导入、模板、新增设备、编辑、删除、批量编辑按钮现在由用户权限驱动显隐
|
||||
- [修复] 新增/导入/编辑资产页面无权限守卫:无权限用户直接访问会被重定向到资产列表
|
||||
- [修复] 资产列表页模板按钮链接指向 404(`/assets/template` → `/api/assets/template`)
|
||||
- [调整] editor/viewer 角色权限允许自定义编辑(`db-schema.ts` 仅强制同步 admin),三个内置角色均不可删除
|
||||
- [修复] issue-ai 调用 assets API 返回 401:云端 `api_keys` 表中注册了 issue-ai 使用的 API Key(统一 Key,此前只存在 issue-ai 的 ALLOWED_API_KEYS 环境变量中,assets-ai 的 api_keys 表缺失该记录)
|
||||
- [优化] 中间件 API Key 验证统一为 ALLOWED_API_KEYS(快速路径)→ api_keys 数据库表(回退)两级验证;无效 key 不再被放行,中间件层直接返回 401(安全加固,与 issue-ai 行为一致)
|
||||
|
||||
## 2026-05-12
|
||||
|
||||
- [部署] 云端 JWT 密钥统一为 oa-shared-jwt-secret-tlyq-2026,三站点密钥一致
|
||||
- [部署] docker-compose 移除 AUTHELIA_URL,添加 LDAP/COOKIE/INTERNAL_API_KEY 环境变量
|
||||
- [部署] LLDAP admin 密码更新为 3Vm!Y!@RCiPs
|
||||
- [部署] nginx 移除 auth_request,恢复纯反向代理;改为运行时 DNS 解析
|
||||
- [新增] `src/lib/db-schema.ts`:users 表新增 last_login_at / last_active_at 列
|
||||
- [新增] `src/lib/auth.ts`:getSession() 更新 last_active_at
|
||||
- [新增] `src/app/api/auth/login/route.ts`:登录时更新 last_login_at 和 last_active_at
|
||||
|
||||
## 2026-05-11
|
||||
|
||||
- [新增] `src/lib/ldap.ts`:`ldapUserExists()` 函数,检查 LLDAP 中用户是否存在(admin bind 搜索,不可达时容错放行)
|
||||
- [新增] `src/lib/jwt.ts`:共享 JWT 签发/验证(`tlyq_session` cookie,HS256,与 OA/issue 共用密钥)
|
||||
- [调整] `src/lib/auth.ts`:`getSession()` 优先 `tlyq_session`,加入 LLDAP 存在性检查,用户被删除后自动清除 cookie 踢出
|
||||
- [调整] `src/app/api/auth/login/route.ts`:LDAP 优先认证 + 本地密码缓存回退 + localadmin 应急用户直连
|
||||
- [调整] `src/app/api/auth/logout/route.ts`:同时清除 `session_assets` 和 `tlyq_session`
|
||||
- [调整] `src/app/api/auth/me/route.ts`:移除 SSO header 路径,改用 `getSession()` 统一获取
|
||||
- [调整] `src/middleware.ts`:优先 `tlyq_session` → 回退 `session_assets`,移除 SSO 代理路径,放行 `/api/internal/`
|
||||
- [调整] `src/app/(app)/layout.tsx`:移除 SSO header 路径,统一从 `session` cookie 读取用户
|
||||
- [新增] `src/app/api/internal/roles/route.ts`:内部 API,返回站点可用角色列表(INTERNAL_API_KEY 鉴权)
|
||||
- [新增] `src/app/api/users/[id]/route.ts`:admin/localadmin 用户禁止删除和修改角色
|
||||
- [调整] `src/app/(app)/settings/users/page.tsx`:admin/localadmin 用户隐藏删除按钮,编辑时角色字段显示为只读
|
||||
- [新增] `src/lib/db-schema.ts`:预置 localadmin 应急用户(admin 角色,纯本地 BCrypt 认证)
|
||||
|
||||
## 2026-05-07
|
||||
|
||||
- [新增] 导出功能区分"导出选中"和"导出全部"两种模式,有选中时工具栏显示两个按钮独立操作
|
||||
- [新增] 角色权限系统完整改造,支持新建角色、编辑角色权限(10 个细粒度权限复选框)
|
||||
- [新增] 用户管理页角色下拉从 API 动态获取,不再硬编码
|
||||
- [优化] 设备详情页空字段区块自动隐藏(如无数据盘 2 则不显示该卡片)
|
||||
- [优化] 导出权限拆分为 `assets:export:selected`(导出选中)和 `assets:export:all`(导出全部),按钮显隐由权限驱动
|
||||
- [优化] 内置角色权限自动同步到最新默认值,自定义角色旧权限自动迁移
|
||||
- [修复] 资产列表 API 和导出 API 的 filter 参数增加字段白名单校验
|
||||
- [修复] 导出文件名日期改用本地时间,避免 UTC+8 时区偏移
|
||||
|
||||
## 2026-04-30
|
||||
|
||||
- [新增] 创建 README 文档
|
||||
|
|
|
|||
48
CLAUDE.md
48
CLAUDE.md
|
|
@ -13,7 +13,7 @@ assets-ai 是基于 Next.js + SQLite 的 IT 设备资产管理系统(CMDB)
|
|||
| 站点域名 | `assets.tlyq.ai` |
|
||||
| 服务器 | txjp(IP: 43.133.38.210) |
|
||||
| 代码路径 | `/root/docker/assets-ai/` |
|
||||
| 本地端口 | 6177 |
|
||||
| 本地端口 | 5177 |
|
||||
| 容器名 | `assets-ai` |
|
||||
| 数据库 | SQLite:`data/assets.db` |
|
||||
| 默认账号 | `admin` / `admin123` |
|
||||
|
|
@ -86,16 +86,11 @@ npm run import # 导入设备数据
|
|||
|
||||
### 认证
|
||||
|
||||
登录逻辑(v2.1):LDAP 优先 + 本地密码缓存回退 + localadmin 应急用户。
|
||||
登录成功签发两个 cookie:`session_assets`(本地 JWT,24h)+ `tlyq_session`(共享 JWT,7 天,domain=.tlyq.ai)。
|
||||
中间件优先检查 `tlyq_session`,回退 `session_assets`。`getSession()` 每次验证时检查 LLDAP 用户是否存在(已删除则清除 cookie 踢出)。
|
||||
|
||||
| 方法 | 路径 | 说明 |
|
||||
|------|------|------|
|
||||
| POST | `/api/auth/login` | 登录(LDAP 优先 + 本地回退) |
|
||||
| POST | `/api/auth/logout` | 登出(清除两个 cookie) |
|
||||
| POST | `/api/auth/login` | 登录(username + password → JWT cookie,24h 有效) |
|
||||
| POST | `/api/auth/logout` | 登出 |
|
||||
| GET | `/api/auth/me` | 当前用户信息 |
|
||||
| GET | `/api/internal/roles` | 内部 API:返回角色列表(x-internal-key 鉴权) |
|
||||
|
||||
### 资产
|
||||
|
||||
|
|
@ -134,9 +129,8 @@ npm run import # 导入设备数据
|
|||
|
||||
## 认证机制
|
||||
|
||||
- **Web UI(v2.1)**:`middleware.ts` 优先检查 `tlyq_session`(共享 JWT,OA 统一签发)→ 回退 `session_assets`(本地 JWT)。`getSession()` 每次请求时检查 LLDAP 用户是否存在,已删除则清除 cookie 踢出
|
||||
- **localadmin**:纯本地 BCrypt 认证,不依赖 LLDAP,用于 LLDAP 故障时应急登录(DB 预置,admin 角色)
|
||||
- **API Key(v2.2)**:`middleware.ts` 检查 `ALLOWED_API_KEYS` 环境变量(逗号分隔明文 key),无效 key 在中间件层直接返回 401。注意:middleware 运行在 Edge Runtime,不能使用 `better-sqlite3`,DB 级别的 key 验证由 route handler 中的 `auth.ts verifyApiKey()` 进行(查 `api_keys` 表 SHA-256 hash,支持 `last_used_at` 追踪和 permissions 控制)。外部系统调用本系统 API 时,key 必须注册在 `ALLOWED_API_KEYS` 中
|
||||
- **Web UI**:`middleware.ts` 检查 cookie 中的 JWT token,payload 含 `{ userId, username, role, iat, exp }`
|
||||
- **API Key**:`Bearer ak_<32位十六进制>`,存储时 SHA-256 hash,验证时更新 `last_used_at`,权限由创建时指定的 `permissions` 数组控制
|
||||
|
||||
---
|
||||
|
||||
|
|
@ -146,9 +140,9 @@ npm run import # 导入设备数据
|
|||
|
||||
| 环境变量 | 本地开发 | 云服务器(txjp) | 说明 |
|
||||
|---------|---------|----------------|------|
|
||||
| `ISSUE_API_URL` | `http://localhost:6176/api` | `http://issue-ai:3000/api` | 调用 issue API 地址 |
|
||||
| `ISSUE_API_URL` | `http://localhost:5176/api` | `http://issue-ai:3000/api` | 调用 issue API 地址 |
|
||||
| `ISSUE_API_KEY` | 本地 issue-ai 生成 | 云上 issue-ai 生成 | **每个环境独立,不可跨环境使用** |
|
||||
| `NEXT_PUBLIC_ISSUE_URL` | `http://localhost:6176/tickets` | `https://issue.tlyq.ai` | 前端跳转链接(构建时内嵌) |
|
||||
| `NEXT_PUBLIC_ISSUE_URL` | `http://localhost:5176/tickets` | `https://issue.tlyq.ai` | 前端跳转链接(构建时内嵌) |
|
||||
| `ALLOWED_API_KEYS` | issue-ai 调用本系统时需要的 Key | 云上 issue-ai 生成的 Key | 仅 issue→assets 方向需要 |
|
||||
| `JWT_SECRET` | `dev-secret-key-local` | `${ASSETS_JWT_SECRET}` | 生产必须强密钥 |
|
||||
| `DATABASE_PATH` | `./data/assets.db` | `/app/data/assets.db` | Docker volume 挂载 |
|
||||
|
|
@ -160,9 +154,9 @@ npm run import # 导入设备数据
|
|||
DATABASE_PATH=./data/assets.db
|
||||
JWT_SECRET=dev-secret-key-local
|
||||
NODE_ENV=development
|
||||
ISSUE_API_URL=http://localhost:6176/api
|
||||
ISSUE_API_URL=http://localhost:5176/api
|
||||
ISSUE_API_KEY=ak_<32字节十六进制>
|
||||
NEXT_PUBLIC_ISSUE_URL=http://localhost:6176/tickets
|
||||
NEXT_PUBLIC_ISSUE_URL=http://localhost:5176/tickets
|
||||
```
|
||||
|
||||
---
|
||||
|
|
@ -218,30 +212,6 @@ NEXT_PUBLIC_ISSUE_URL=https://issue.tlyq.ai/tickets
|
|||
|
||||
---
|
||||
|
||||
---
|
||||
|
||||
## 开发规范
|
||||
|
||||
- **新增 API**:在 `src/app/api/` 下创建路由 → 顶部调用 `initDatabase()` → `getCurrentUser()` 验证
|
||||
- **新增页面**:在 `src/app/(app)/` 下创建 → 布局由 `(app)/layout.tsx` 提供
|
||||
- **日期处理(时区规范)**:整个系统统一使用 UTC+8(北京时间)。两处必须遵守:
|
||||
1. **JavaScript/TypeScript**:禁止使用 `Date.toISOString()` 格式化本地日期。`toISOString()` 返回 UTC 时间,在中国时区(UTC+8)下 `new Date('2026-04-01T00:00:00').toISOString()` 会返回 `"2026-03-31T16:00:00.000Z"`,日期偏移一天。应使用本地时间方法拼接:`${d.getFullYear()}-${String(d.getMonth()+1).padStart(2,'0')}-${String(d.getDate()).padStart(2,'0')}`
|
||||
2. **SQLite**:所有 `datetime('now')` 必须写成 `datetime('now', '+8 hours')`,包括 CREATE TABLE 的 DEFAULT 值、UPDATE/SET 语句、以及查询条件中的时间比较。禁止使用不含时区偏移的 `datetime('now')`。
|
||||
|
||||
---
|
||||
|
||||
## Git Tag 规范
|
||||
|
||||
使用日期版本号 `vYYYY.MM.DD`(如 `v2026.05.18`)。提交后打 tag 再推送:
|
||||
|
||||
```bash
|
||||
git tag v$(date +%Y.%m.%d) && git push origin main && git push origin v$(date +%Y.%m.%d)
|
||||
```
|
||||
|
||||
同一天多次提交只打一个 tag。详见根目录 `CLAUDE.md`。
|
||||
|
||||
---
|
||||
|
||||
## 故障排查
|
||||
|
||||
```bash
|
||||
|
|
|
|||
10
Dockerfile
10
Dockerfile
|
|
@ -8,15 +8,13 @@ RUN --mount=type=cache,target=/root/.npm,id=assets-npm \
|
|||
COPY . .
|
||||
RUN npm run build
|
||||
|
||||
# runner 阶段:使用 Debian(glibc),与 txjp 宿主机平台一致,避免原生模块 musl/glibc 不兼容
|
||||
FROM node:20-slim AS runner
|
||||
# runner 阶段:与 builder 保持一致(Alpine + musl),确保 better-sqlite3 等原生模块兼容
|
||||
FROM node:20-alpine AS runner
|
||||
RUN apk add --no-cache python3 make g++
|
||||
WORKDIR /app
|
||||
COPY --from=builder /app/package.json /app/package-lock.json ./
|
||||
RUN npm install --omit=dev
|
||||
COPY --from=builder /app/.next/standalone ./
|
||||
RUN npm install --omit=dev && \
|
||||
npm rebuild better-sqlite3 && \
|
||||
rm -rf node_modules/@img/sharp-linuxmusl-x64 node_modules/@img/sharp-libvips-linuxmusl-x64 \
|
||||
node_modules/@next/swc-linux-x64-musl
|
||||
COPY --from=builder /app/.next/static ./.next/static
|
||||
COPY --from=builder /app/public ./public
|
||||
RUN mkdir -p /app/data /app/uploads
|
||||
|
|
|
|||
56
README.md
56
README.md
|
|
@ -13,51 +13,39 @@
|
|||
|
||||
## 功能
|
||||
|
||||
- 设备 CRUD(创建、编辑、删除、搜索、列筛选、高级查询)
|
||||
- 设备状态管理(腾讯使用 / 图灵使用 / 闲置 / 备用 / 维修中 / 已下线)
|
||||
- 设备详情(含完整硬件信息、历史工单卡片)
|
||||
- 批量编辑(多选设备批量修改类型、位置、状态等)
|
||||
- Excel 导入/导出(模板下载、多选导出、全量导出权限控制)
|
||||
- 设备 CRUD(创建、编辑、删除、搜索、筛选)
|
||||
- 设备状态管理(腾讯使用 / 已回收(退役) / 备件 / 借用 / 故障)
|
||||
- 设备详情(含硬件信息、历史工单卡片)
|
||||
- 工单历史联动(调用 issue-ai API 获取同 IP 历史工单)
|
||||
- API Key 管理(支持服务间调用认证,细粒度权限控制)
|
||||
- 用户/角色权限管理(12 个细粒度权限,支持自定义角色)
|
||||
- 审计日志
|
||||
- API Key 管理(支持服务间调用认证)
|
||||
- 用户/角色权限管理
|
||||
- Excel 导出设备清单
|
||||
|
||||
## 设备字段
|
||||
|
||||
| 分类 | 字段 |
|
||||
| 字段 | 说明 |
|
||||
|------|------|
|
||||
| 设备标识 | node_name、serial_number、device_type、device_purpose、status |
|
||||
| 位置信息 | room、rack_position |
|
||||
| 网络 | business_ip、hdm_ip、NIC×3(型号/类型/速率/数量) |
|
||||
| 硬件规格 | manufacturer、device_model、warranty_date |
|
||||
| CPU/内存 | cpu_model、cpu_generation、cpu_cores、cpu_threads、memory_total 等 |
|
||||
| GPU | gpu_model、gpu_power、gpu_count |
|
||||
| 存储 | sys_disk、data_disk1/2(型号/规格/容量/类型/协议)、raid_model、raid_spec |
|
||||
| 电源 | psu1/2_model、psu1/2_power、psu_total_power |
|
||||
|
||||
完整 schema 含 68 列硬件字段,详见 `src/lib/db-schema.ts`。
|
||||
| node_name | 节点名称 |
|
||||
| serial_number | 序列号 |
|
||||
| device_type | 设备类型(GPU服务器 / 存储服务器) |
|
||||
| business_ip | 业务 IP |
|
||||
| hdm_ip | HDM 管理 IP |
|
||||
| manufacturer | 厂商 |
|
||||
| device_model | 设备型号 |
|
||||
| status | 设备状态 |
|
||||
| cabinet | 机柜 |
|
||||
| asset_number | 资产编号 |
|
||||
| remark | 备注 |
|
||||
|
||||
## API 路由
|
||||
|
||||
| 方法 | 路径 | 说明 |
|
||||
|------|------|------|
|
||||
| GET/POST | `/api/assets` | 设备列表(分页/搜索/列筛选/排序)/ 创建设备 |
|
||||
| GET/POST | `/api/assets` | 设备列表 / 创建设备 |
|
||||
| GET/PUT/DELETE | `/api/assets/[id]` | 单个设备操作 |
|
||||
| POST | `/api/assets/batch` | 批量修改设备 |
|
||||
| POST | `/api/assets/import` | Excel 导入 |
|
||||
| GET | `/api/assets/export` | Excel 导出 |
|
||||
| GET | `/api/assets/field-values` | 获取字段可选值(列筛选下拉) |
|
||||
| GET | `/api/stats` | 统计概览(按状态/类型/厂商/机房) |
|
||||
| GET/POST | `/api/api-keys` | API Key 列表 / 创建(仅显示一次) |
|
||||
| DELETE | `/api/api-keys/[id]` | 删除 Key |
|
||||
| GET/POST | `/api/users` | 用户列表 / 创建 |
|
||||
| GET/PUT/DELETE | `/api/users/[id]` | 单个用户操作 |
|
||||
| GET/POST | `/api/roles` | 角色列表 / 创建 |
|
||||
| PUT/DELETE | `/api/roles/[id]` | 更新角色权限 / 删除角色 |
|
||||
| POST | `/api/auth/login` | 登录 |
|
||||
| POST | `/api/auth/logout` | 登出 |
|
||||
| GET | `/api/auth/me` | 当前用户信息及权限 |
|
||||
| GET/POST | `/api/api-keys` | API Key 管理 |
|
||||
| GET/POST | `/api/users` | 用户管理 |
|
||||
| GET | `/api/stats` | 统计概览 |
|
||||
|
||||
……
|
||||
|
||||
|
|
|
|||
|
|
@ -3,31 +3,22 @@ services:
|
|||
build: .
|
||||
container_name: assets-ai
|
||||
ports:
|
||||
- "6177:3000"
|
||||
- "5177:3000"
|
||||
volumes:
|
||||
- assets-data:/app/data
|
||||
- assets-uploads:/app/uploads
|
||||
# .next 目录从主机挂载,主机上 npm run build 后直接生效
|
||||
- ./.next:/app/.next
|
||||
# 运行时从 LLDAP 容器动态读取 admin 密码
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
environment:
|
||||
- DATABASE_PATH=/app/data/assets.db
|
||||
- JWT_SECRET=oa-shared-jwt-secret-tlyq-2026
|
||||
- JWT_SECRET=${ASSETS_JWT_SECRET:-change-me-in-production}
|
||||
- ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin123}
|
||||
- NODE_ENV=production
|
||||
- COOKIE_DOMAIN=.tlyq.ai
|
||||
- TZ=Asia/Shanghai
|
||||
- AUTHELIA_URL=${AUTHELIA_URL:-https://sso.tlyq.ai}
|
||||
- LDAP_URL=ldap://lldap:3890
|
||||
- LDAP_BASE_DN=dc=tlyq,dc=ai
|
||||
- LDAP_ADMIN_DN=uid=admin,ou=people,dc=tlyq,dc=ai
|
||||
# issue-ai API 地址(容器内使用 issue-ai 服务名)
|
||||
- ISSUE_API_URL=http://issue-ai:3000/api
|
||||
# issue-ai API Key(用于服务间认证)
|
||||
- ISSUE_API_KEY=${ISSUE_API_KEY:-your-secret-api-key-change-in-production}
|
||||
# 允许调用本系统的 API Key,逗号分隔(中间件验证用)
|
||||
- ALLOWED_API_KEYS=${ALLOWED_API_KEYS}
|
||||
# 故障历史跳转的工单系统地址(客户端使用)
|
||||
- NEXT_PUBLIC_ISSUE_URL=https://issue.tlyq.ai/tickets
|
||||
restart: unless-stopped
|
||||
|
|
|
|||
|
|
@ -4,8 +4,6 @@ const nextConfig: NextConfig = {
|
|||
images: { unoptimized: true },
|
||||
eslint: { ignoreDuringBuilds: true },
|
||||
typescript: { ignoreBuildErrors: true },
|
||||
// better-sqlite3: 原生模块,必须 external
|
||||
// ldapts: SSO 自动创建用户依赖 LLDAP 验证,缺少则新用户无法免登录进入系统
|
||||
serverExternalPackages: ['better-sqlite3', 'ldapts'],
|
||||
serverExternalPackages: ['better-sqlite3'],
|
||||
}
|
||||
export default nextConfig
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@
|
|||
"bcryptjs": "^2.4.3",
|
||||
"better-sqlite3": "^11.7.0",
|
||||
"cookie": "^1.0.2",
|
||||
"ldapts": "^8.1.7",
|
||||
"lucide-react": "^1.8.0",
|
||||
"next": "^15.1.0",
|
||||
"react": "^19.0.0",
|
||||
|
|
@ -2862,18 +2861,6 @@
|
|||
"json-buffer": "3.0.1"
|
||||
}
|
||||
},
|
||||
"node_modules/ldapts": {
|
||||
"version": "8.1.7",
|
||||
"resolved": "https://registry.npmjs.org/ldapts/-/ldapts-8.1.7.tgz",
|
||||
"integrity": "sha512-TJl6T92eIwMf/OJ0hDfKVa6ISwzo+lqCWCI5Mf//ARlKa3LKQZaSrme/H2rCRBhW0DZCQlrsV+fgoW5YHRNLUw==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"strict-event-emitter-types": "2.0.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=20"
|
||||
}
|
||||
},
|
||||
"node_modules/levn": {
|
||||
"version": "0.4.1",
|
||||
"resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz",
|
||||
|
|
@ -3853,12 +3840,6 @@
|
|||
"node": ">=0.8"
|
||||
}
|
||||
},
|
||||
"node_modules/strict-event-emitter-types": {
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/strict-event-emitter-types/-/strict-event-emitter-types-2.0.0.tgz",
|
||||
"integrity": "sha512-Nk/brWYpD85WlOgzw5h173aci0Teyv8YdIAEtV+N88nDB0dLlazZyJMIsN6eo1/AR61l+p6CJTG1JIyFaoNEEA==",
|
||||
"license": "ISC"
|
||||
},
|
||||
"node_modules/string_decoder": {
|
||||
"version": "1.3.0",
|
||||
"resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz",
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
"version": "1.0.0",
|
||||
"private": true,
|
||||
"scripts": {
|
||||
"dev": "NODE_OPTIONS='--max-old-space-size=2048' next dev --port 6177",
|
||||
"dev": "NODE_OPTIONS='--max-old-space-size=2048' next dev --port 5177",
|
||||
"build": "next build",
|
||||
"start": "next start",
|
||||
"lint": "next lint",
|
||||
|
|
@ -14,7 +14,6 @@
|
|||
"bcryptjs": "^2.4.3",
|
||||
"better-sqlite3": "^11.7.0",
|
||||
"cookie": "^1.0.2",
|
||||
"ldapts": "^8.1.7",
|
||||
"lucide-react": "^1.8.0",
|
||||
"next": "^15.1.0",
|
||||
"react": "^19.0.0",
|
||||
|
|
|
|||
|
|
@ -13,15 +13,6 @@ export default function EditAssetPage() {
|
|||
const [asset, setAsset] = useState<Asset | null>(null)
|
||||
const [loading, setLoading] = useState(true)
|
||||
const [saving, setSaving] = useState(false)
|
||||
const [authorized, setAuthorized] = useState(false)
|
||||
|
||||
useEffect(() => {
|
||||
fetch('/api/auth/me').then(r => r.json()).then(d => {
|
||||
const perms: string[] = d.user?.permissions || []
|
||||
if (!perms.includes('*') && !perms.includes('assets:update')) router.replace('/assets')
|
||||
else setAuthorized(true)
|
||||
}).catch(() => router.replace('/assets'))
|
||||
}, [router])
|
||||
|
||||
useEffect(() => {
|
||||
async function load() {
|
||||
|
|
@ -44,7 +35,6 @@ export default function EditAssetPage() {
|
|||
} finally { setSaving(false) }
|
||||
}
|
||||
|
||||
if (!authorized) return <div className="py-20 text-center text-slate-500 dark:text-slate-400">验证权限中...</div>
|
||||
if (loading) return <div className="py-20 text-center text-slate-500 dark:text-slate-400">加载中...</div>
|
||||
if (!asset) return null
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,6 @@ export default function AssetDetailPage() {
|
|||
const [loading, setLoading] = useState(true)
|
||||
const [showDelete, setShowDelete] = useState(false)
|
||||
const [deleting, setDeleting] = useState(false)
|
||||
const [permissions, setPermissions] = useState<string[]>([])
|
||||
|
||||
useEffect(() => {
|
||||
async function load() {
|
||||
|
|
@ -27,12 +26,6 @@ export default function AssetDetailPage() {
|
|||
load().finally(() => setLoading(false))
|
||||
}, [params.id, router])
|
||||
|
||||
useEffect(() => {
|
||||
fetch('/api/auth/me').then(r => r.json()).then(d => {
|
||||
if (d.user?.permissions) setPermissions(d.user.permissions)
|
||||
}).catch(() => {})
|
||||
}, [])
|
||||
|
||||
async function handleDelete() {
|
||||
setDeleting(true)
|
||||
try {
|
||||
|
|
@ -55,12 +48,8 @@ export default function AssetDetailPage() {
|
|||
</div>
|
||||
</div>
|
||||
<div className="flex items-center gap-2">
|
||||
{(permissions.includes('*') || permissions.includes('assets:update')) && (
|
||||
<Link href={`/assets/${asset.id}/edit`}><Button variant="secondary" size="sm"><Edit size={16} />编辑</Button></Link>
|
||||
)}
|
||||
{(permissions.includes('*') || permissions.includes('assets:delete')) && (
|
||||
<Button variant="danger" size="sm" onClick={() => setShowDelete(true)}><Trash2 size={16} />删除</Button>
|
||||
)}
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
|
|
|||
|
|
@ -1,24 +1,9 @@
|
|||
'use client'
|
||||
import { useState, useEffect } from 'react'
|
||||
import { useRouter } from 'next/navigation'
|
||||
import Link from 'next/link'
|
||||
import AssetImport from '@/components/assets/AssetImport'
|
||||
import { ArrowLeft } from 'lucide-react'
|
||||
|
||||
export default function ImportPage() {
|
||||
const router = useRouter()
|
||||
const [authorized, setAuthorized] = useState(false)
|
||||
|
||||
useEffect(() => {
|
||||
fetch('/api/auth/me').then(r => r.json()).then(d => {
|
||||
const perms: string[] = d.user?.permissions || []
|
||||
if (!perms.includes('*') && !perms.includes('assets:import')) router.replace('/assets')
|
||||
else setAuthorized(true)
|
||||
}).catch(() => router.replace('/assets'))
|
||||
}, [router])
|
||||
|
||||
if (!authorized) return <div className="py-20 text-center text-slate-500 dark:text-slate-400">验证权限中...</div>
|
||||
|
||||
async function handleImport(file: File) {
|
||||
const formData = new FormData()
|
||||
formData.append('file', file)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
'use client'
|
||||
import { useState, useEffect } from 'react'
|
||||
import { useState } from 'react'
|
||||
import { useRouter } from 'next/navigation'
|
||||
import Link from 'next/link'
|
||||
import AssetForm from '@/components/assets/AssetForm'
|
||||
|
|
@ -8,15 +8,6 @@ import { ArrowLeft } from 'lucide-react'
|
|||
export default function NewAssetPage() {
|
||||
const router = useRouter()
|
||||
const [saving, setSaving] = useState(false)
|
||||
const [authorized, setAuthorized] = useState(false)
|
||||
|
||||
useEffect(() => {
|
||||
fetch('/api/auth/me').then(r => r.json()).then(d => {
|
||||
const perms: string[] = d.user?.permissions || []
|
||||
if (!perms.includes('*') && !perms.includes('assets:create')) router.replace('/assets')
|
||||
else setAuthorized(true)
|
||||
}).catch(() => router.replace('/assets'))
|
||||
}, [router])
|
||||
|
||||
async function handleSubmit(data: Record<string, unknown>) {
|
||||
setSaving(true)
|
||||
|
|
@ -31,8 +22,6 @@ export default function NewAssetPage() {
|
|||
} finally { setSaving(false) }
|
||||
}
|
||||
|
||||
if (!authorized) return <div className="py-20 text-center text-slate-500 dark:text-slate-400">验证权限中...</div>
|
||||
|
||||
return (
|
||||
<div className="space-y-4">
|
||||
<div className="flex items-center gap-3">
|
||||
|
|
|
|||
|
|
@ -19,10 +19,10 @@ const statusColor: Record<string, 'blue' | 'green' | 'yellow' | 'red' | 'gray'>
|
|||
}
|
||||
|
||||
const COLUMNS = [
|
||||
{ key: 'device_type', label: '设备类型', sortable: true },
|
||||
{ key: 'node_name', label: '节点名称', sortable: true },
|
||||
{ key: 'business_ip', label: '业务IP', sortable: true },
|
||||
{ key: 'hdm_ip', label: 'HDM IP', sortable: true },
|
||||
{ key: 'device_type', label: '设备类型', sortable: true },
|
||||
{ key: 'manufacturer', label: '厂商', sortable: true },
|
||||
{ key: 'device_model', label: '设备型号', sortable: true },
|
||||
{ key: 'serial_number', label: '序列号', sortable: true },
|
||||
|
|
@ -36,14 +36,12 @@ export default function AssetsPage() {
|
|||
const [search, setSearch] = useState('')
|
||||
const [page, setPage] = useState(1)
|
||||
const [pageSize, setPageSize] = useState(20)
|
||||
const [sortKey, setSortKey] = useState('node_name')
|
||||
const [sortKey, setSortKey] = useState('device_type')
|
||||
const [sortOrder, setSortOrder] = useState<'asc' | 'desc'>('asc')
|
||||
const [selectedIds, setSelectedIds] = useState<Set<number>>(new Set())
|
||||
const [deleteTarget, setDeleteTarget] = useState<number | null>(null)
|
||||
const [deleting, setDeleting] = useState(false)
|
||||
const [exportModalOpen, setExportModalOpen] = useState(false)
|
||||
const [exportMode, setExportMode] = useState<'all' | 'selected'>('all')
|
||||
const [permissions, setPermissions] = useState<string[]>([])
|
||||
|
||||
// 列头筛选相关状态
|
||||
const [tableMode, setTableMode] = useState<'sort' | 'filter'>('sort')
|
||||
|
|
@ -285,12 +283,6 @@ export default function AssetsPage() {
|
|||
}
|
||||
}
|
||||
|
||||
useEffect(() => {
|
||||
fetch('/api/auth/me').then(r => r.json()).then(d => {
|
||||
if (d.user?.permissions) setPermissions(d.user.permissions)
|
||||
}).catch(() => {})
|
||||
}, [])
|
||||
|
||||
const fetchAssets = useCallback(async () => {
|
||||
setLoading(true)
|
||||
try {
|
||||
|
|
@ -317,7 +309,7 @@ export default function AssetsPage() {
|
|||
setSearch(q); setPage(1)
|
||||
}
|
||||
|
||||
function handlePageChange(p: number) { setPage(p); setSelectedIds(new Set()) }
|
||||
function handlePageChange(p: number) { setPage(p) }
|
||||
function handlePageSizeChange(s: number) { setPageSize(s); setPage(1) }
|
||||
|
||||
function toggleSelect(id: number) {
|
||||
|
|
@ -345,16 +337,12 @@ export default function AssetsPage() {
|
|||
|
||||
function handleExportConfirm() {
|
||||
const params = new URLSearchParams()
|
||||
if (exportMode === 'selected' && selectedIds.size > 0) {
|
||||
params.set('ids', [...selectedIds].join(','))
|
||||
} else {
|
||||
if (search) params.set('search', search)
|
||||
for (const [field, values] of Object.entries(columnFilterValues)) {
|
||||
for (const v of values) {
|
||||
params.append(`filter_${field}`, v)
|
||||
}
|
||||
}
|
||||
}
|
||||
setExportModalOpen(false)
|
||||
window.open(`/api/assets/export?${params}`, '_blank')
|
||||
}
|
||||
|
|
@ -365,14 +353,6 @@ export default function AssetsPage() {
|
|||
// 是否有任何列筛选激活
|
||||
const hasActiveColumnFilters = Object.values(columnFilterValues).some(v => v.length > 0)
|
||||
|
||||
const hasWildcard = permissions.includes('*')
|
||||
const canExportAll = hasWildcard || permissions.includes('assets:export:all')
|
||||
const canExportSelected = hasWildcard || permissions.includes('assets:export:selected')
|
||||
const canCreate = hasWildcard || permissions.includes('assets:create')
|
||||
const canImport = hasWildcard || permissions.includes('assets:import')
|
||||
const canUpdate = hasWildcard || permissions.includes('assets:update')
|
||||
const canDelete = hasWildcard || permissions.includes('assets:delete')
|
||||
|
||||
return (
|
||||
<div>
|
||||
<div className="flex items-center justify-between mb-6">
|
||||
|
|
@ -384,26 +364,15 @@ export default function AssetsPage() {
|
|||
</p>
|
||||
</div>
|
||||
<div className="flex items-center gap-2">
|
||||
{canUpdate && selectedIds.size > 0 && (
|
||||
{selectedIds.size > 0 && (
|
||||
<Link href={`/assets/batch-edit?ids=${[...selectedIds].join(',')}`}>
|
||||
<Button variant="secondary" size="sm">批量编辑 {selectedIds.size} 台</Button>
|
||||
</Link>
|
||||
)}
|
||||
{canImport && (
|
||||
<Link href="/assets/import"><Button variant="secondary" size="sm"><Upload size={14} />导入</Button></Link>
|
||||
)}
|
||||
{canImport && (
|
||||
<a href="/api/assets/template" download><Button variant="secondary" size="sm"><Download size={14} />模板</Button></a>
|
||||
)}
|
||||
{canExportSelected && selectedIds.size > 0 && (
|
||||
<Button variant="secondary" size="sm" onClick={() => { setExportMode('selected'); setExportModalOpen(true) }}><Download size={14} />导出选中({selectedIds.size})</Button>
|
||||
)}
|
||||
{canExportAll && (
|
||||
<Button variant="secondary" size="sm" onClick={() => { setExportMode('all'); setExportModalOpen(true) }}><Download size={14} />{selectedIds.size > 0 ? '导出全部' : '导出'}</Button>
|
||||
)}
|
||||
{canCreate && (
|
||||
<Link href="/assets/template"><Button variant="secondary" size="sm"><Download size={14} />模板</Button></Link>
|
||||
<Button variant="secondary" size="sm" onClick={() => setExportModalOpen(true)}><Download size={14} />导出</Button>
|
||||
<Link href="/assets/new"><Button size="sm"><Plus size={14} />新增设备</Button></Link>
|
||||
)}
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
|
@ -550,12 +519,12 @@ export default function AssetsPage() {
|
|||
<input type="checkbox" checked={selectedIds.has(row.id)} onChange={() => toggleSelect(row.id)}
|
||||
className="rounded border-slate-300 dark:border-slate-600" />
|
||||
</td>
|
||||
<td className="px-4 py-3 text-slate-700 dark:text-slate-300 text-center break-all">{row.device_type}</td>
|
||||
<td className="px-4 py-3 font-medium text-center break-all">
|
||||
<Link href={`/assets/${row.id}`} className="text-blue-600 dark:text-blue-400 hover:underline">{row.node_name || '-'}</Link>
|
||||
</td>
|
||||
<td className="px-4 py-3 text-slate-700 dark:text-slate-300 text-center break-all">{row.business_ip || '-'}</td>
|
||||
<td className="px-4 py-3 text-slate-700 dark:text-slate-300 text-center break-all">{row.hdm_ip ? <a href={`http://${row.hdm_ip}`} target="_blank" rel="noopener noreferrer" className="text-blue-600 dark:text-blue-400 hover:underline">{row.hdm_ip}</a> : '-'}</td>
|
||||
<td className="px-4 py-3 text-slate-700 dark:text-slate-300 text-center break-all">{row.device_type}</td>
|
||||
<td className="px-4 py-3 text-slate-700 dark:text-slate-300 text-center break-all">{row.manufacturer || '-'}</td>
|
||||
<td className="px-4 py-3 text-slate-700 dark:text-slate-300 text-center break-all">{row.device_model || '-'}</td>
|
||||
<td className="px-4 py-3 text-slate-700 dark:text-slate-300 text-center break-all">{row.serial_number || '-'}</td>
|
||||
|
|
@ -566,18 +535,14 @@ export default function AssetsPage() {
|
|||
className="p-1.5 rounded-lg text-slate-500 hover:text-blue-500 hover:bg-slate-100 dark:hover:bg-slate-800 transition-colors">
|
||||
<Eye size={16} />
|
||||
</Link>
|
||||
{canUpdate && (
|
||||
<Link href={`/assets/${row.id}/edit`}
|
||||
className="p-1.5 rounded-lg text-slate-500 hover:text-green-500 hover:bg-slate-100 dark:hover:bg-slate-800 transition-colors">
|
||||
<Edit size={16} />
|
||||
</Link>
|
||||
)}
|
||||
{canDelete && (
|
||||
<button onClick={() => setDeleteTarget(row.id)}
|
||||
className="p-1.5 rounded-lg text-slate-500 hover:text-red-500 hover:bg-slate-100 dark:hover:bg-slate-800 transition-colors">
|
||||
<Trash2 size={16} />
|
||||
</button>
|
||||
)}
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
|
|
@ -601,21 +566,13 @@ export default function AssetsPage() {
|
|||
</Modal>
|
||||
|
||||
{/* 导出确认 */}
|
||||
<Modal open={exportModalOpen} onClose={() => setExportModalOpen(false)} title={exportMode === 'selected' ? '导出选中设备' : '导出全部设备'}>
|
||||
{exportMode === 'selected' ? (
|
||||
<p className="text-slate-700 dark:text-slate-300 mb-3">
|
||||
即将导出已选中的 <span className="font-medium">{selectedIds.size}</span> 台设备的资产数据。
|
||||
</p>
|
||||
) : (
|
||||
<>
|
||||
<Modal open={exportModalOpen} onClose={() => setExportModalOpen(false)} title="确认导出">
|
||||
<p className="text-slate-700 dark:text-slate-300 mb-3">
|
||||
即将导出 <span className="font-medium">{total}</span> 台设备的资产数据。
|
||||
</p>
|
||||
{(Object.keys(columnFilterValues).length > 0 || search) && (
|
||||
<p className="text-sm text-slate-500 dark:text-slate-400">当前筛选条件将一并应用,仅导出匹配的数据。</p>
|
||||
)}
|
||||
</>
|
||||
)}
|
||||
<div className="flex justify-end gap-3 mt-4">
|
||||
<Button variant="secondary" onClick={() => setExportModalOpen(false)}>取消</Button>
|
||||
<Button onClick={handleExportConfirm}><Download size={14} />确认导出</Button>
|
||||
|
|
|
|||
|
|
@ -1,27 +1,22 @@
|
|||
export const dynamic = 'force-dynamic'
|
||||
|
||||
import { cookies } from 'next/headers'
|
||||
import { cookies, headers } from 'next/headers'
|
||||
import { redirect } from 'next/navigation'
|
||||
import db from '@/lib/db'
|
||||
import { verifyJwt } from '@/lib/auth'
|
||||
import AppShell from '@/components/layout/AppShell'
|
||||
|
||||
export default async function AppLayout({ children }: { children: React.ReactNode }) {
|
||||
const cookieStore = await cookies()
|
||||
const headersList = await headers()
|
||||
const originalPath = headersList.get('x-original-pathname') || ''
|
||||
const loginUrl = '/login' + (originalPath ? `?redirect=${encodeURIComponent(originalPath)}` : '')
|
||||
|
||||
// 从 middleware 设置的 session cookie 获取用户名
|
||||
const sessionCookie = cookieStore.get('session')?.value
|
||||
let username = ''
|
||||
if (sessionCookie) {
|
||||
try { username = JSON.parse(sessionCookie).username || '' } catch { }
|
||||
}
|
||||
if (!username) redirect('/login')
|
||||
|
||||
// 从数据库获取用户完整信息
|
||||
const user = db.prepare(
|
||||
'SELECT id, username, display_name, role FROM users WHERE username = ? AND is_active = 1'
|
||||
).get(username) as { id: number; username: string; display_name: string; role: string } | undefined
|
||||
|
||||
if (!user) redirect('/login')
|
||||
|
||||
return <AppShell user={{ display_name: user.display_name, role: user.role }}>{children}</AppShell>
|
||||
const token = cookieStore.get('session_assets')?.value
|
||||
if (!token) redirect(loginUrl)
|
||||
const payload = verifyJwt(token)
|
||||
if (!payload) redirect(loginUrl)
|
||||
const user = db.prepare('SELECT display_name, role FROM users WHERE id = ? AND is_active = 1').get(payload.userId) as { display_name: string; role: string } | undefined
|
||||
if (!user) redirect(loginUrl)
|
||||
return <AppShell user={user}>{children}</AppShell>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@ export default function ApiKeysPage() {
|
|||
const [newKey, setNewKey] = useState<string | null>(null)
|
||||
const [deleteTarget, setDeleteTarget] = useState<ApiKeyItem | null>(null)
|
||||
const [copied, setCopied] = useState(false)
|
||||
const [error, setError] = useState('')
|
||||
|
||||
async function fetchKeys() {
|
||||
const res = await fetch('/api/api-keys')
|
||||
|
|
@ -32,28 +31,20 @@ export default function ApiKeysPage() {
|
|||
|
||||
async function handleCreate() {
|
||||
if (!name.trim()) return
|
||||
setSaving(true); setError('')
|
||||
setSaving(true)
|
||||
try {
|
||||
const res = await fetch('/api/api-keys', {
|
||||
method: 'POST', headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({ name: name.trim() }),
|
||||
})
|
||||
if (res.ok) {
|
||||
const data = await res.json()
|
||||
if (!res.ok) { setError(data.error || '创建失败'); return }
|
||||
setNewKey(data.key)
|
||||
setCreateOpen(false)
|
||||
setName('')
|
||||
fetchKeys()
|
||||
} catch { setError('创建失败') }
|
||||
finally { setSaving(false) }
|
||||
}
|
||||
|
||||
async function toggleActive(k: ApiKeyItem) {
|
||||
await fetch(`/api/api-keys/${k.id}`, {
|
||||
method: 'PUT', headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({ is_active: k.is_active ? 0 : 1 }),
|
||||
})
|
||||
fetchKeys()
|
||||
} finally { setSaving(false) }
|
||||
}
|
||||
|
||||
async function handleDelete() {
|
||||
|
|
@ -76,22 +67,19 @@ export default function ApiKeysPage() {
|
|||
const perms: string[] = JSON.parse(r.permissions)
|
||||
return <div className="flex flex-wrap gap-1">{perms.map(p => <Badge key={p} color="gray">{p}</Badge>)}</div>
|
||||
}},
|
||||
{ key: 'is_active', title: '状态', render: (r) => <button onClick={() => toggleActive(r)}><Badge color={r.is_active ? 'green' : 'red'}>{r.is_active ? '启用' : '禁用'}</Badge></button> },
|
||||
{ key: 'is_active', title: '状态', render: (r) => <Badge color={r.is_active ? 'green' : 'red'}>{r.is_active ? '启用' : '禁用'}</Badge> },
|
||||
{ key: 'last_used_at', title: '最后使用', render: (r) => r.last_used_at || '从未使用' },
|
||||
{ key: 'expires_at', title: '过期时间', render: (r) => r.expires_at || '永不过期' },
|
||||
{ key: 'created_at', title: '创建时间' },
|
||||
{ key: 'actions', title: '操作', render: (r) => (
|
||||
<Button variant="ghost" size="sm" onClick={() => setDeleteTarget(r)}><Trash2 size={14} className="text-red-500" /></Button>
|
||||
<button onClick={() => setDeleteTarget(r)} className="p-1.5 rounded-lg text-slate-500 hover:text-red-500 hover:bg-slate-100 dark:hover:bg-slate-800 transition-colors"><Trash2 size={16} /></button>
|
||||
)},
|
||||
]
|
||||
|
||||
return (
|
||||
<div className="space-y-4">
|
||||
<div className="flex items-center justify-between">
|
||||
<div>
|
||||
<h1 className="text-2xl font-bold text-slate-900 dark:text-white">API Key 管理</h1>
|
||||
<p className="text-sm text-slate-500 dark:text-slate-400 mt-1">用于第三方系统调用资产系统 API</p>
|
||||
</div>
|
||||
<Button size="sm" onClick={() => setCreateOpen(true)}><Plus size={16} />创建 Key</Button>
|
||||
</div>
|
||||
|
||||
|
|
@ -113,20 +101,15 @@ export default function ApiKeysPage() {
|
|||
<Button onClick={handleCreate} loading={saving}>创建</Button>
|
||||
</>
|
||||
}>
|
||||
<div className="space-y-4">
|
||||
<Input label="名称" value={name} onChange={e => setName(e.target.value)} placeholder="例如:监控系统" />
|
||||
<p className="text-xs text-slate-500 dark:text-slate-400">默认权限:<Badge color="gray">assets:read</Badge>(仅读取资产数据)</p>
|
||||
{error && <p className="text-sm text-red-500">{error}</p>}
|
||||
</div>
|
||||
</Modal>
|
||||
|
||||
<Modal open={!!deleteTarget} onClose={() => setDeleteTarget(null)} title="确认删除" footer={
|
||||
<>
|
||||
<Modal open={!!deleteTarget} onClose={() => setDeleteTarget(null)} title="确认删除">
|
||||
<p className="text-sm text-slate-600 dark:text-slate-400">确定要删除 API Key「{deleteTarget?.name}」吗?使用该 Key 的应用将无法访问。</p>
|
||||
<div className="flex justify-end gap-3 mt-4">
|
||||
<Button variant="ghost" onClick={() => setDeleteTarget(null)}>取消</Button>
|
||||
<Button variant="danger" onClick={handleDelete}>删除</Button>
|
||||
</>
|
||||
}>
|
||||
<p className="text-sm text-slate-600 dark:text-slate-400">确定要删除 API Key「{deleteTarget?.name}」吗?使用该 Key 的应用将无法访问。</p>
|
||||
</div>
|
||||
</Modal>
|
||||
</div>
|
||||
)
|
||||
|
|
|
|||
|
|
@ -1,220 +1,46 @@
|
|||
'use client'
|
||||
import { useState, useEffect } from 'react'
|
||||
import Table, { Column } from '@/components/ui/Table'
|
||||
import Button from '@/components/ui/Button'
|
||||
import Input from '@/components/ui/Input'
|
||||
import Modal from '@/components/ui/Modal'
|
||||
import Card from '@/components/ui/Card'
|
||||
import Badge from '@/components/ui/Badge'
|
||||
import { Plus, Pencil, Trash2 } from 'lucide-react'
|
||||
|
||||
interface Role {
|
||||
id: number
|
||||
name: string
|
||||
display_name: string
|
||||
permissions: string
|
||||
created_at: string
|
||||
const permissionLabels: Record<string, string> = {
|
||||
'*': '所有权限',
|
||||
'assets:read': '资产读取',
|
||||
'assets:write': '资产写入',
|
||||
'assets:delete': '资产删除',
|
||||
'users:read': '用户读取',
|
||||
'users:write': '用户管理',
|
||||
'api-keys:read': 'API Key 读取',
|
||||
'api-keys:write': 'API Key 管理',
|
||||
}
|
||||
|
||||
const allPermissions = [
|
||||
{ key: 'assets:read', label: '查看资产' },
|
||||
{ key: 'assets:create', label: '新增资产' },
|
||||
{ key: 'assets:import', label: '导入资产' },
|
||||
{ key: 'assets:update', label: '编辑资产' },
|
||||
{ key: 'assets:delete', label: '删除资产' },
|
||||
{ key: 'assets:export:selected', label: '导出选中资产' },
|
||||
{ key: 'assets:export:all', label: '导出全部资产' },
|
||||
{ key: 'users:read', label: '查看用户' },
|
||||
{ key: 'users:write', label: '管理用户' },
|
||||
{ key: 'roles:read', label: '查看角色' },
|
||||
{ key: 'roles:write', label: '管理角色' },
|
||||
{ key: 'api-keys:read', label: '查看API Key' },
|
||||
{ key: 'api-keys:write', label: '管理API Key' },
|
||||
const defaultRoles = [
|
||||
{ name: 'admin', display_name: '管理员', permissions: ['*'], color: 'blue' as const },
|
||||
{ name: 'editor', display_name: '编辑者', permissions: ['assets:read', 'assets:write', 'assets:delete'], color: 'green' as const },
|
||||
{ name: 'viewer', display_name: '查看者', permissions: ['assets:read'], color: 'gray' as const },
|
||||
]
|
||||
|
||||
const BUILTIN_ROLES = ['admin', 'editor', 'viewer']
|
||||
|
||||
const roleColor: Record<string, 'blue' | 'green' | 'gray' | 'yellow'> = {
|
||||
admin: 'blue', editor: 'green', viewer: 'gray',
|
||||
}
|
||||
|
||||
function formatPermissions(permStr: string): string {
|
||||
try {
|
||||
const perms: string[] = JSON.parse(permStr)
|
||||
if (perms.includes('*')) return '全部权限'
|
||||
return perms.map(p => {
|
||||
const f = allPermissions.find(a => a.key === p)
|
||||
return f ? f.label : p
|
||||
}).join(', ') || '无权限'
|
||||
} catch { return '无权限' }
|
||||
}
|
||||
|
||||
export default function RolesPage() {
|
||||
const [roles, setRoles] = useState<Role[]>([])
|
||||
const [loading, setLoading] = useState(true)
|
||||
const [modalOpen, setModalOpen] = useState(false)
|
||||
const [editRole, setEditRole] = useState<Role | null>(null)
|
||||
const [form, setForm] = useState({ name: '', display_name: '', permissions: [] as string[] })
|
||||
const [error, setError] = useState('')
|
||||
const [saving, setSaving] = useState(false)
|
||||
const [deleteTarget, setDeleteTarget] = useState<Role | null>(null)
|
||||
|
||||
const fetchRoles = async () => {
|
||||
try {
|
||||
const res = await fetch('/api/roles')
|
||||
const d = await res.json()
|
||||
if (d.roles) setRoles(d.roles)
|
||||
} catch { /* ignore */ }
|
||||
setLoading(false)
|
||||
}
|
||||
|
||||
useEffect(() => { fetchRoles() }, [])
|
||||
|
||||
const openCreate = () => {
|
||||
setEditRole(null)
|
||||
setForm({ name: '', display_name: '', permissions: [] })
|
||||
setError('')
|
||||
setModalOpen(true)
|
||||
}
|
||||
|
||||
const openEdit = (r: Role) => {
|
||||
setEditRole(r)
|
||||
let perms: string[] = []
|
||||
try { perms = JSON.parse(r.permissions) } catch { /* ignore */ }
|
||||
setForm({ name: r.name, display_name: r.display_name, permissions: perms })
|
||||
setError('')
|
||||
setModalOpen(true)
|
||||
}
|
||||
|
||||
const togglePermission = (key: string) => {
|
||||
setForm(prev => ({
|
||||
...prev,
|
||||
permissions: prev.permissions.includes(key)
|
||||
? prev.permissions.filter(p => p !== key)
|
||||
: [...prev.permissions, key],
|
||||
}))
|
||||
}
|
||||
|
||||
const handleSave = async () => {
|
||||
setError('')
|
||||
setSaving(true)
|
||||
try {
|
||||
if (editRole) {
|
||||
const res = await fetch(`/api/roles/${editRole.id}`, {
|
||||
method: 'PUT',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({ display_name: form.display_name, permissions: form.permissions }),
|
||||
})
|
||||
if (!res.ok) { const d = await res.json(); setError(d.error || '更新失败'); return }
|
||||
} else {
|
||||
if (!form.name || !form.display_name) { setError('请填写必填项'); return }
|
||||
const res = await fetch('/api/roles', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify(form),
|
||||
})
|
||||
if (!res.ok) { const d = await res.json(); setError(d.error || '创建失败'); return }
|
||||
}
|
||||
setModalOpen(false)
|
||||
fetchRoles()
|
||||
} catch { setError('操作失败') }
|
||||
finally { setSaving(false) }
|
||||
}
|
||||
|
||||
const handleDelete = async () => {
|
||||
if (!deleteTarget) return
|
||||
const res = await fetch(`/api/roles/${deleteTarget.id}`, { method: 'DELETE' })
|
||||
if (res.ok) { setDeleteTarget(null); fetchRoles() }
|
||||
}
|
||||
|
||||
const columns: Column<Role>[] = [
|
||||
{ key: 'name', title: '角色名', render: (r) => (
|
||||
<span className="font-medium text-slate-900 dark:text-slate-100">{r.name}</span>
|
||||
)},
|
||||
{ key: 'display_name', title: '显示名称', render: (r) => (
|
||||
<div className="flex items-center gap-2">
|
||||
<span>{r.display_name}</span>
|
||||
{BUILTIN_ROLES.includes(r.name) && (
|
||||
<Badge color={roleColor[r.name] || 'gray'}>内置</Badge>
|
||||
)}
|
||||
</div>
|
||||
)},
|
||||
{ key: 'permissions', title: '权限', render: (r) => (
|
||||
<span className="text-sm text-slate-500 dark:text-slate-400">{formatPermissions(r.permissions)}</span>
|
||||
)},
|
||||
{ key: 'actions', title: '操作', width: '100px', render: (r) => (
|
||||
<div className="flex items-center gap-1">
|
||||
<Button variant="ghost" size="sm" onClick={() => openEdit(r)}><Pencil size={14} /></Button>
|
||||
{!BUILTIN_ROLES.includes(r.name) && (
|
||||
<Button variant="ghost" size="sm" onClick={() => setDeleteTarget(r)}><Trash2 size={14} className="text-red-500" /></Button>
|
||||
)}
|
||||
</div>
|
||||
)},
|
||||
]
|
||||
|
||||
return (
|
||||
<div className="space-y-4">
|
||||
<div className="flex items-center justify-between">
|
||||
<div>
|
||||
<h1 className="text-2xl font-bold text-slate-900 dark:text-white">角色权限</h1>
|
||||
<p className="text-sm text-slate-500 dark:text-slate-400 mt-1">管理系统角色与权限配置</p>
|
||||
<div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
|
||||
{defaultRoles.map(role => (
|
||||
<Card key={role.name} title={role.display_name}>
|
||||
<div className="space-y-3">
|
||||
<div className="flex items-center gap-2">
|
||||
<Badge color={role.color}>{role.name}</Badge>
|
||||
</div>
|
||||
<Button size="sm" onClick={openCreate}><Plus size={16} />新建角色</Button>
|
||||
</div>
|
||||
|
||||
{loading ? (
|
||||
<div className="py-12 text-center text-slate-500 dark:text-slate-400">加载中...</div>
|
||||
) : (
|
||||
<Table columns={columns as unknown as Column<Record<string, unknown>>[]} data={roles as unknown as Record<string, unknown>[]} rowKey={(r) => String(r.id)} />
|
||||
)}
|
||||
|
||||
<Modal open={modalOpen} onClose={() => setModalOpen(false)} title={editRole ? '编辑角色' : '新建角色'}>
|
||||
<div className="space-y-4">
|
||||
{!editRole && (
|
||||
<Input
|
||||
label="角色名(英文)"
|
||||
value={form.name}
|
||||
onChange={e => setForm(p => ({ ...p, name: e.target.value }))}
|
||||
placeholder="e.g. supervisor"
|
||||
/>
|
||||
)}
|
||||
<Input
|
||||
label="显示名称"
|
||||
value={form.display_name}
|
||||
onChange={e => setForm(p => ({ ...p, display_name: e.target.value }))}
|
||||
/>
|
||||
<div>
|
||||
<label className="block text-sm font-medium text-slate-700 dark:text-slate-300 mb-2">权限</label>
|
||||
<div className="space-y-2 max-h-64 overflow-y-auto">
|
||||
{allPermissions.map(p => (
|
||||
<label key={p.key} className="flex items-center gap-2 cursor-pointer py-1">
|
||||
<input
|
||||
type="checkbox"
|
||||
checked={form.permissions.includes(p.key) || form.permissions.includes('*')}
|
||||
onChange={() => togglePermission(p.key)}
|
||||
className="rounded border-slate-300 dark:border-slate-600"
|
||||
/>
|
||||
<span className="text-sm text-slate-700 dark:text-slate-300">{p.label}</span>
|
||||
<span className="text-xs text-slate-400">{p.key}</span>
|
||||
</label>
|
||||
<div className="flex flex-wrap gap-1.5">
|
||||
{role.permissions.map(p => (
|
||||
<span key={p} className="px-2 py-0.5 text-xs rounded bg-slate-100 dark:bg-slate-800 text-slate-600 dark:text-slate-400">
|
||||
{permissionLabels[p] || p}
|
||||
</span>
|
||||
))}
|
||||
</div>
|
||||
</div>
|
||||
{error && <p className="text-sm text-red-500">{error}</p>}
|
||||
<div className="flex gap-3">
|
||||
<Button onClick={handleSave} loading={saving}>{editRole ? '保存' : '创建'}</Button>
|
||||
<Button variant="secondary" onClick={() => setModalOpen(false)}>取消</Button>
|
||||
</Card>
|
||||
))}
|
||||
</div>
|
||||
</div>
|
||||
</Modal>
|
||||
|
||||
<Modal open={!!deleteTarget} onClose={() => setDeleteTarget(null)} title="确认删除" footer={
|
||||
<>
|
||||
<Button variant="ghost" onClick={() => setDeleteTarget(null)}>取消</Button>
|
||||
<Button variant="danger" onClick={handleDelete}>删除</Button>
|
||||
</>
|
||||
}>
|
||||
<p className="text-sm text-slate-600 dark:text-slate-400">确定要删除角色「{deleteTarget?.display_name}」吗?此操作不可撤销。</p>
|
||||
</Modal>
|
||||
</div>
|
||||
)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,126 +0,0 @@
|
|||
'use client'
|
||||
import { useState, useEffect } from 'react'
|
||||
import { useRouter, useParams } from 'next/navigation'
|
||||
import Button from '@/components/ui/Button'
|
||||
import Modal from '@/components/ui/Modal'
|
||||
import Input from '@/components/ui/Input'
|
||||
import Select from '@/components/ui/Select'
|
||||
import Badge from '@/components/ui/Badge'
|
||||
import { ArrowLeft, Edit } from 'lucide-react'
|
||||
|
||||
interface UserDetail {
|
||||
id: number; username: string; display_name: string; email: string | null
|
||||
role: string; is_active: number; created_at: string; updated_at: string
|
||||
last_login_at: string | null; is_online: number
|
||||
}
|
||||
|
||||
export default function UserDetailPage() {
|
||||
const { id } = useParams()
|
||||
const router = useRouter()
|
||||
const [user, setUser] = useState<UserDetail | null>(null)
|
||||
const [loading, setLoading] = useState(true)
|
||||
const [roleOptions, setRoleOptions] = useState<{ value: string; label: string }[]>([])
|
||||
const [editOpen, setEditOpen] = useState(false)
|
||||
const [form, setForm] = useState({ display_name: '', email: '', role: '', password: '', password_confirm: '', is_active: 1 })
|
||||
const [saving, setSaving] = useState(false)
|
||||
const [error, setError] = useState('')
|
||||
|
||||
async function fetchUser() {
|
||||
const res = await fetch(`/api/users/${id}`)
|
||||
if (res.ok) {
|
||||
const d = await res.json()
|
||||
setUser(d.user)
|
||||
setForm({ display_name: d.user.display_name, email: d.user.email || '', role: d.user.role, password: '', password_confirm: '', is_active: d.user.is_active })
|
||||
}
|
||||
setLoading(false)
|
||||
}
|
||||
|
||||
async function fetchRoles() {
|
||||
try {
|
||||
const res = await fetch('/api/roles')
|
||||
const d = await res.json()
|
||||
if (d.roles) setRoleOptions(d.roles.map((r: { name: string; display_name: string }) => ({ value: r.name, label: r.display_name })))
|
||||
} catch { /* ignore */ }
|
||||
}
|
||||
|
||||
useEffect(() => { Promise.all([fetchUser(), fetchRoles()]) }, [id])
|
||||
|
||||
function openEdit() { setError(''); setEditOpen(true) }
|
||||
|
||||
async function handleSave() {
|
||||
setSaving(true); setError('')
|
||||
try {
|
||||
if (form.password && form.password !== form.password_confirm) { setError('两次输入的密码不一致'); return }
|
||||
const body: Record<string, unknown> = { display_name: form.display_name, email: form.email, is_active: form.is_active }
|
||||
if (form.password) body.password = form.password
|
||||
if (user!.username !== 'admin' && user!.username !== 'localadmin') body.role = form.role
|
||||
const res = await fetch(`/api/users/${id}`, { method: 'PUT', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(body) })
|
||||
if (!res.ok) { const d = await res.json(); setError(d.error || '更新失败'); return }
|
||||
setEditOpen(false)
|
||||
fetchUser()
|
||||
} finally { setSaving(false) }
|
||||
}
|
||||
|
||||
if (loading) return <div className="py-20 text-center text-slate-500">加载中...</div>
|
||||
if (!user) return <div className="py-20 text-center text-slate-500">用户不存在</div>
|
||||
|
||||
const roleLabel = roleOptions.find(r => r.value === user.role)?.label || user.role
|
||||
|
||||
return (
|
||||
<div className="space-y-6">
|
||||
<button onClick={() => router.back()} className="inline-flex items-center gap-1 text-sm text-slate-500 hover:text-slate-700 dark:text-slate-400 dark:hover:text-slate-200 transition-colors">
|
||||
<ArrowLeft size={16} /> 返回用户列表
|
||||
</button>
|
||||
|
||||
<div className="flex items-center justify-between">
|
||||
<div>
|
||||
<h1 className="text-2xl font-bold text-slate-900 dark:text-white">用户详情 — {user.display_name}</h1>
|
||||
<p className="text-slate-500 dark:text-slate-400 mt-1">查看和管理用户信息</p>
|
||||
</div>
|
||||
<Button size="sm" onClick={openEdit}><Edit size={16} />编辑用户</Button>
|
||||
</div>
|
||||
|
||||
<div className="bg-white dark:bg-slate-900 rounded-xl border border-slate-200 dark:border-slate-700 divide-y divide-slate-200 dark:divide-slate-700">
|
||||
{[
|
||||
{ label: '用户名', value: user.username },
|
||||
{ label: '显示名称', value: user.display_name },
|
||||
{ label: '邮箱', value: user.email || '-' },
|
||||
{ label: '角色', value: <Badge color={user.role === 'admin' ? 'blue' : user.role === 'editor' ? 'green' : 'gray'}>{roleLabel}</Badge> },
|
||||
{ label: '状态', value: <Badge color={user.is_active ? 'green' : 'red'}>{user.is_active ? '启用' : '禁用'}</Badge> },
|
||||
{ label: '在线', value: <span className="inline-flex items-center gap-1.5"><span className={`inline-block w-2 h-2 rounded-full ${user.is_online ? 'bg-green-500' : 'bg-gray-300 dark:bg-gray-600'}`} /><span className="text-xs text-slate-500">{user.is_online ? '在线' : '离线'}</span></span> },
|
||||
{ label: '最后登录', value: user.last_login_at ? <span className="text-sm text-slate-500">{user.last_login_at}</span> : <span className="text-sm text-slate-400">从未登录</span> },
|
||||
{ label: '创建时间', value: <span className="text-sm text-slate-500">{user.created_at}</span> },
|
||||
].map(row => (
|
||||
<div key={row.label} className="flex items-center px-6 py-4">
|
||||
<span className="w-24 text-sm font-medium text-slate-600 dark:text-slate-400 shrink-0">{row.label}</span>
|
||||
<span className="text-sm text-slate-900 dark:text-slate-100">{row.value}</span>
|
||||
</div>
|
||||
))}
|
||||
</div>
|
||||
|
||||
<Modal open={editOpen} onClose={() => setEditOpen(false)} title="编辑用户" footer={
|
||||
<>
|
||||
<Button variant="ghost" onClick={() => setEditOpen(false)}>取消</Button>
|
||||
<Button onClick={handleSave} loading={saving}>保存</Button>
|
||||
</>
|
||||
}>
|
||||
{error && <div className="mb-4 p-3 rounded-lg bg-red-50 dark:bg-red-900/20 border border-red-200 dark:border-red-800 text-red-600 dark:text-red-400 text-sm">{error}</div>}
|
||||
<div className="space-y-4">
|
||||
<Input label="显示名称" value={form.display_name} onChange={e => setForm(p => ({ ...p, display_name: e.target.value }))} />
|
||||
<Input label="邮箱" type="email" value={form.email} onChange={e => setForm(p => ({ ...p, email: e.target.value }))} />
|
||||
<Select label="状态" value={String(form.is_active)} onChange={e => setForm(p => ({ ...p, is_active: parseInt(e.target.value) }))} options={[{ value: '1', label: '启用' }, { value: '0', label: '禁用' }]} />
|
||||
<Input label="新密码(留空不修改)" type="password" value={form.password} onChange={e => setForm(p => ({ ...p, password: e.target.value }))} />
|
||||
{form.password && <Input label="确认新密码" type="password" value={form.password_confirm} onChange={e => setForm(p => ({ ...p, password_confirm: e.target.value }))} />}
|
||||
{user.username === 'admin' || user.username === 'localadmin' ? (
|
||||
<div>
|
||||
<label className="block text-sm font-medium text-slate-700 dark:text-slate-300 mb-1">角色</label>
|
||||
<p className="text-sm text-slate-500 dark:text-slate-400 py-2">管理员(系统保留)</p>
|
||||
</div>
|
||||
) : (
|
||||
<Select label="角色" value={form.role} onChange={e => setForm(p => ({ ...p, role: e.target.value }))} options={roleOptions} />
|
||||
)}
|
||||
</div>
|
||||
</Modal>
|
||||
</div>
|
||||
)
|
||||
}
|
||||
|
|
@ -6,23 +6,27 @@ import Input from '@/components/ui/Input'
|
|||
import Select from '@/components/ui/Select'
|
||||
import Modal from '@/components/ui/Modal'
|
||||
import Badge from '@/components/ui/Badge'
|
||||
import { Plus, Trash2 } from 'lucide-react'
|
||||
import Link from 'next/link'
|
||||
import { Plus, Edit, Trash2 } from 'lucide-react'
|
||||
|
||||
interface UserItem {
|
||||
id: number; username: string; display_name: string; email: string | null;
|
||||
role: string; is_active: number; created_at: string; last_login_at: string | null;
|
||||
is_online: number;
|
||||
role: string; is_active: number; created_at: string
|
||||
}
|
||||
|
||||
const roles = [
|
||||
{ value: 'admin', label: '管理员' },
|
||||
{ value: 'editor', label: '编辑者' },
|
||||
{ value: 'viewer', label: '查看者' },
|
||||
]
|
||||
|
||||
export default function UsersPage() {
|
||||
const [users, setUsers] = useState<UserItem[]>([])
|
||||
const [loading, setLoading] = useState(true)
|
||||
const [roleOptions, setRoleOptions] = useState<{ value: string; label: string }[]>([])
|
||||
const [createOpen, setCreateOpen] = useState(false)
|
||||
const [createForm, setCreateForm] = useState({ username: '', password: '', display_name: '', email: '', role: 'viewer' })
|
||||
const [createError, setCreateError] = useState('')
|
||||
const [creating, setCreating] = useState(false)
|
||||
const [modalOpen, setModalOpen] = useState(false)
|
||||
const [editing, setEditing] = useState<UserItem | null>(null)
|
||||
const [form, setForm] = useState({ username: '', password: '', display_name: '', email: '', role: 'viewer' })
|
||||
const [error, setError] = useState('')
|
||||
const [saving, setSaving] = useState(false)
|
||||
const [deleteTarget, setDeleteTarget] = useState<UserItem | null>(null)
|
||||
|
||||
async function fetchUsers() {
|
||||
|
|
@ -30,39 +34,38 @@ export default function UsersPage() {
|
|||
if (res.ok) { const data = await res.json(); setUsers(data.users) }
|
||||
}
|
||||
|
||||
async function fetchRoles() {
|
||||
useEffect(() => { fetchUsers().finally(() => setLoading(false)) }, [])
|
||||
|
||||
function openCreate() {
|
||||
setEditing(null)
|
||||
setForm({ username: '', password: '', display_name: '', email: '', role: 'viewer' })
|
||||
setError('')
|
||||
setModalOpen(true)
|
||||
}
|
||||
|
||||
function openEdit(user: UserItem) {
|
||||
setEditing(user)
|
||||
setForm({ username: user.username, password: '', display_name: user.display_name, email: user.email || '', role: user.role })
|
||||
setError('')
|
||||
setModalOpen(true)
|
||||
}
|
||||
|
||||
async function handleSave() {
|
||||
setSaving(true); setError('')
|
||||
try {
|
||||
const res = await fetch('/api/roles')
|
||||
const d = await res.json()
|
||||
if (d.roles) {
|
||||
setRoleOptions(d.roles.map((r: { name: string; display_name: string }) => ({ value: r.name, label: r.display_name })))
|
||||
if (editing) {
|
||||
const body: Record<string, unknown> = { display_name: form.display_name, email: form.email, role: form.role }
|
||||
if (form.password) body.password = form.password
|
||||
const res = await fetch(`/api/users/${editing.id}`, { method: 'PUT', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(body) })
|
||||
if (!res.ok) { const d = await res.json(); setError(d.error); return }
|
||||
} else {
|
||||
if (!form.username || !form.password) { setError('用户名和密码不能为空'); return }
|
||||
const res = await fetch('/api/users', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(form) })
|
||||
if (!res.ok) { const d = await res.json(); setError(d.error); return }
|
||||
}
|
||||
} catch { /* ignore */ }
|
||||
}
|
||||
|
||||
useEffect(() => {
|
||||
Promise.all([fetchUsers(), fetchRoles()]).finally(() => setLoading(false))
|
||||
}, [])
|
||||
|
||||
async function handleCreate() {
|
||||
setCreating(true); setCreateError('')
|
||||
try {
|
||||
if (!createForm.username || !createForm.password) { setCreateError('用户名和密码不能为空'); return }
|
||||
const res = await fetch('/api/users', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify(createForm)
|
||||
})
|
||||
if (!res.ok) { const d = await res.json(); setCreateError(d.error); return }
|
||||
setCreateOpen(false)
|
||||
setCreateForm({ username: '', password: '', display_name: '', email: '', role: 'viewer' })
|
||||
fetchUsers()
|
||||
} finally { setCreating(false) }
|
||||
}
|
||||
|
||||
async function toggleActive(user: UserItem) {
|
||||
await fetch(`/api/users/${user.id}`, { method: 'PUT', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ is_active: user.is_active ? 0 : 1 }) })
|
||||
setModalOpen(false)
|
||||
fetchUsers()
|
||||
} finally { setSaving(false) }
|
||||
}
|
||||
|
||||
async function handleDelete() {
|
||||
|
|
@ -72,28 +75,16 @@ export default function UsersPage() {
|
|||
}
|
||||
|
||||
const columns: Column<UserItem>[] = [
|
||||
{ key: 'username', title: '用户名', render: (r) => (
|
||||
<Link href={`/settings/users/${r.id}`} className="text-blue-600 dark:text-blue-400 hover:underline font-medium">{r.username}</Link>
|
||||
)},
|
||||
{ key: 'username', title: '用户名' },
|
||||
{ key: 'display_name', title: '显示名称', render: (r) => <span className="text-slate-900 dark:text-white font-medium">{r.display_name}</span> },
|
||||
{ key: 'email', title: '邮箱', render: (r) => <span className="text-slate-500 dark:text-slate-400">{r.email || '-'}</span> },
|
||||
{ key: 'role', title: '角色', render: (r) => {
|
||||
const option = roleOptions.find(ro => ro.value === r.role)
|
||||
return <Badge color={r.role === 'admin' ? 'blue' : r.role === 'editor' ? 'green' : 'gray'}>{option?.label || r.role}</Badge>
|
||||
}},
|
||||
{ key: 'is_active', title: '状态', render: (r) => <button onClick={() => toggleActive(r)}><Badge color={r.is_active ? 'green' : 'red'}>{r.is_active ? '启用' : '禁用'}</Badge></button> },
|
||||
{ key: 'is_online', title: '在线', render: (r) => (
|
||||
<span className="inline-flex items-center gap-1.5">
|
||||
<span className={`inline-block w-2 h-2 rounded-full ${r.is_online ? 'bg-green-500' : 'bg-gray-300 dark:bg-gray-600'}`} />
|
||||
<span className="text-slate-500 dark:text-slate-400">{r.is_online ? '在线' : '离线'}</span>
|
||||
</span>
|
||||
)},
|
||||
{ key: 'last_login_at', title: '最后登录', render: (r) => r.last_login_at ? <span className="text-slate-500 dark:text-slate-400">{r.last_login_at}</span> : <span className="text-slate-400 dark:text-slate-500">从未登录</span> },
|
||||
{ key: 'email', title: '邮箱', render: (r) => r.email || '-' },
|
||||
{ key: 'role', title: '角色', render: (r) => <Badge color={r.role === 'admin' ? 'blue' : r.role === 'editor' ? 'green' : 'gray'}>{roles.find(ro => ro.value === r.role)?.label || r.role}</Badge> },
|
||||
{ key: 'is_active', title: '状态', render: (r) => <Badge color={r.is_active ? 'green' : 'red'}>{r.is_active ? '启用' : '禁用'}</Badge> },
|
||||
{ key: 'created_at', title: '创建时间' },
|
||||
{ key: 'actions', title: '操作', render: (r) => (
|
||||
<div className="flex items-center gap-1">
|
||||
{r.username !== 'admin' && r.username !== 'localadmin' && (
|
||||
<Button variant="ghost" size="sm" onClick={() => setDeleteTarget(r)}><Trash2 size={14} className="text-red-500" /></Button>
|
||||
)}
|
||||
<button onClick={() => openEdit(r)} className="p-1.5 rounded-lg text-slate-500 hover:text-blue-500 hover:bg-slate-100 dark:hover:bg-slate-800 transition-colors"><Edit size={16} /></button>
|
||||
<button onClick={() => setDeleteTarget(r)} className="p-1.5 rounded-lg text-slate-500 hover:text-red-500 hover:bg-slate-100 dark:hover:bg-slate-800 transition-colors"><Trash2 size={16} /></button>
|
||||
</div>
|
||||
)},
|
||||
]
|
||||
|
|
@ -101,38 +92,34 @@ export default function UsersPage() {
|
|||
return (
|
||||
<div className="space-y-4">
|
||||
<div className="flex items-center justify-between">
|
||||
<div>
|
||||
<h1 className="text-2xl font-bold text-slate-900 dark:text-white">用户管理</h1>
|
||||
<p className="text-slate-500 dark:text-slate-400 mt-1">系统用户与账号管理</p>
|
||||
</div>
|
||||
<Button size="sm" onClick={() => { setCreateError(''); setCreateOpen(true) }}><Plus size={16} />新建用户</Button>
|
||||
<Button size="sm" onClick={openCreate}><Plus size={16} />新建用户</Button>
|
||||
</div>
|
||||
|
||||
{loading ? <div className="py-20 text-center text-slate-500">加载中...</div> : <Table columns={columns} data={users} rowKey={r => r.id} />}
|
||||
|
||||
<Modal open={createOpen} onClose={() => setCreateOpen(false)} title="新建用户" footer={
|
||||
<Modal open={modalOpen} onClose={() => setModalOpen(false)} title={editing ? '编辑用户' : '新建用户'} footer={
|
||||
<>
|
||||
<Button variant="ghost" onClick={() => setCreateOpen(false)}>取消</Button>
|
||||
<Button onClick={handleCreate} loading={creating}>创建</Button>
|
||||
<Button variant="ghost" onClick={() => setModalOpen(false)}>取消</Button>
|
||||
<Button onClick={handleSave} loading={saving}>保存</Button>
|
||||
</>
|
||||
}>
|
||||
{createError && <div className="mb-4 p-3 rounded-lg bg-red-50 dark:bg-red-900/20 border border-red-200 dark:border-red-800 text-red-600 dark:text-red-400 text-sm">{createError}</div>}
|
||||
{error && <div className="mb-4 p-3 rounded-lg bg-red-50 dark:bg-red-900/20 border border-red-200 dark:border-red-800 text-red-600 dark:text-red-400 text-sm">{error}</div>}
|
||||
<div className="space-y-4">
|
||||
<Input label="用户名" value={createForm.username} onChange={e => setCreateForm(p => ({ ...p, username: e.target.value }))} />
|
||||
<Input label="显示名称" value={createForm.display_name} onChange={e => setCreateForm(p => ({ ...p, display_name: e.target.value }))} />
|
||||
<Input label="邮箱" type="email" value={createForm.email} onChange={e => setCreateForm(p => ({ ...p, email: e.target.value }))} />
|
||||
<Input label="密码" type="password" value={createForm.password} onChange={e => setCreateForm(p => ({ ...p, password: e.target.value }))} />
|
||||
<Select label="角色" value={createForm.role} onChange={e => setCreateForm(p => ({ ...p, role: e.target.value }))} options={roleOptions} />
|
||||
{!editing && <Input label="用户名" value={form.username} onChange={e => setForm(p => ({ ...p, username: e.target.value }))} />}
|
||||
<Input label="显示名称" value={form.display_name} onChange={e => setForm(p => ({ ...p, display_name: e.target.value }))} />
|
||||
<Input label="邮箱" type="email" value={form.email} onChange={e => setForm(p => ({ ...p, email: e.target.value }))} />
|
||||
<Input label={editing ? '新密码(留空不修改)' : '密码'} type="password" value={form.password} onChange={e => setForm(p => ({ ...p, password: e.target.value }))} />
|
||||
<Select label="角色" value={form.role} onChange={e => setForm(p => ({ ...p, role: e.target.value }))} options={roles} />
|
||||
</div>
|
||||
</Modal>
|
||||
|
||||
<Modal open={!!deleteTarget} onClose={() => setDeleteTarget(null)} title="确认删除" footer={
|
||||
<>
|
||||
<Modal open={!!deleteTarget} onClose={() => setDeleteTarget(null)} title="确认删除">
|
||||
<p className="text-sm text-slate-600 dark:text-slate-400">确定要删除用户「{deleteTarget?.display_name}」吗?</p>
|
||||
<div className="flex justify-end gap-3 mt-4">
|
||||
<Button variant="ghost" onClick={() => setDeleteTarget(null)}>取消</Button>
|
||||
<Button variant="danger" onClick={handleDelete}>删除</Button>
|
||||
</>
|
||||
}>
|
||||
<p className="text-sm text-slate-600 dark:text-slate-400">确定要删除用户「{deleteTarget?.display_name}」吗?此操作不可撤销。</p>
|
||||
</div>
|
||||
</Modal>
|
||||
</div>
|
||||
)
|
||||
|
|
|
|||
|
|
@ -1,10 +1,15 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import { cookies } from 'next/headers'
|
||||
import db from '@/lib/db'
|
||||
import { getSession } from '@/lib/auth'
|
||||
import { verifyJwt } from '@/lib/auth'
|
||||
import { checkPermission } from '@/lib/permissions'
|
||||
|
||||
|
||||
async function getSession() {
|
||||
const cookieStore = await cookies()
|
||||
const token = cookieStore.get('session_assets')?.value
|
||||
if (!token) return null
|
||||
return verifyJwt(token)
|
||||
}
|
||||
|
||||
export async function DELETE(_request: Request, { params }: { params: Promise<{ id: string }> }) {
|
||||
const session = await getSession()
|
||||
|
|
|
|||
|
|
@ -1,9 +1,15 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import { cookies } from 'next/headers'
|
||||
import db from '@/lib/db'
|
||||
import { getSession, generateApiKey, hashApiKey } from '@/lib/auth'
|
||||
import { verifyJwt, generateApiKey, hashApiKey } from '@/lib/auth'
|
||||
import { checkPermission } from '@/lib/permissions'
|
||||
|
||||
|
||||
async function getSession() {
|
||||
const cookieStore = await cookies()
|
||||
const token = cookieStore.get('session_assets')?.value
|
||||
if (!token) return null
|
||||
return verifyJwt(token)
|
||||
}
|
||||
|
||||
export async function GET() {
|
||||
const session = await getSession()
|
||||
|
|
|
|||
|
|
@ -1,9 +1,15 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import { cookies } from 'next/headers'
|
||||
import db from '@/lib/db'
|
||||
import { getSession, verifyApiKey } from '@/lib/auth'
|
||||
import { verifyJwt, verifyApiKey } from '@/lib/auth'
|
||||
import { checkPermission } from '@/lib/permissions'
|
||||
|
||||
|
||||
async function getSession() {
|
||||
const cookieStore = await cookies()
|
||||
const token = cookieStore.get('session_assets')?.value
|
||||
if (!token) return null
|
||||
return verifyJwt(token)
|
||||
}
|
||||
|
||||
function getApiKeyAuth(request: Request) {
|
||||
const auth = request.headers.get('Authorization') || ''
|
||||
|
|
@ -25,7 +31,7 @@ export async function GET(request: Request, { params }: { params: Promise<{ id:
|
|||
export async function PUT(request: Request, { params }: { params: Promise<{ id: string }> }) {
|
||||
const session = await getSession()
|
||||
if (!session) return NextResponse.json({ error: '未授权' }, { status: 401 })
|
||||
if (!checkPermission(session.role, 'assets:update')) {
|
||||
if (!checkPermission(session.role, 'assets:write')) {
|
||||
return NextResponse.json({ error: '权限不足' }, { status: 403 })
|
||||
}
|
||||
|
||||
|
|
@ -70,7 +76,7 @@ export async function PUT(request: Request, { params }: { params: Promise<{ id:
|
|||
return NextResponse.json({ error: '没有要更新的字段' }, { status: 400 })
|
||||
}
|
||||
|
||||
updates.push("updated_at = datetime('now', '+8 hours')")
|
||||
updates.push("updated_at = datetime('now')")
|
||||
values.push(id)
|
||||
|
||||
db.prepare(`UPDATE assets SET ${updates.join(', ')} WHERE id = ?`).run(...values)
|
||||
|
|
|
|||
|
|
@ -1,10 +1,15 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import { cookies } from 'next/headers'
|
||||
import db from '@/lib/db'
|
||||
import { getSession } from '@/lib/auth'
|
||||
import { verifyJwt } from '@/lib/auth'
|
||||
import { checkPermission } from '@/lib/permissions'
|
||||
|
||||
|
||||
async function getSession() {
|
||||
const cookieStore = await cookies()
|
||||
const token = cookieStore.get('session_assets')?.value
|
||||
if (!token) return null
|
||||
return verifyJwt(token)
|
||||
}
|
||||
|
||||
const UPDATABLE_FIELDS = [
|
||||
'device_type', 'device_purpose', 'room', 'rack_position', 'status',
|
||||
|
|
@ -14,7 +19,7 @@ const UPDATABLE_FIELDS = [
|
|||
export async function POST(request: Request) {
|
||||
const session = await getSession()
|
||||
if (!session) return NextResponse.json({ error: '未授权' }, { status: 401 })
|
||||
if (!checkPermission(session.role, 'assets:update')) {
|
||||
if (!checkPermission(session.role, 'assets:write')) {
|
||||
return NextResponse.json({ error: '权限不足' }, { status: 403 })
|
||||
}
|
||||
|
||||
|
|
@ -41,7 +46,7 @@ export async function POST(request: Request) {
|
|||
return NextResponse.json({ error: '没有可更新的有效字段' }, { status: 400 })
|
||||
}
|
||||
|
||||
updates.push("updated_at = datetime('now', '+8 hours')")
|
||||
updates.push("updated_at = datetime('now')")
|
||||
|
||||
const placeholders = ids.map(() => '?').join(', ')
|
||||
const stmt = db.prepare(`UPDATE assets SET ${updates.join(', ')} WHERE id IN (${placeholders})`)
|
||||
|
|
|
|||
|
|
@ -1,8 +1,7 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import { cookies } from 'next/headers'
|
||||
import db from '@/lib/db'
|
||||
import { getSession } from '@/lib/auth'
|
||||
import { checkPermission } from '@/lib/permissions'
|
||||
import { verifyJwt } from '@/lib/auth'
|
||||
import { exportAssetsToBuffer } from '@/lib/excel'
|
||||
|
||||
const FILTERABLE_FIELDS = new Set([
|
||||
|
|
@ -30,38 +29,15 @@ export async function GET(request: Request) {
|
|||
const cookieStore = await cookies()
|
||||
const token = cookieStore.get('session_assets')?.value
|
||||
if (!token) return NextResponse.json({ error: '未授权' }, { status: 401 })
|
||||
const payload = await getSession()
|
||||
const payload = verifyJwt(token)
|
||||
if (!payload) return NextResponse.json({ error: '会话已过期' }, { status: 401 })
|
||||
if (!payload.role) return NextResponse.json({ error: '会话数据异常,请重新登录' }, { status: 401 })
|
||||
|
||||
const { searchParams } = new URL(request.url)
|
||||
const search = searchParams.get('search') || ''
|
||||
const idsParam = searchParams.get('ids') || ''
|
||||
const ids = idsParam ? idsParam.split(',').map(Number).filter(n => !isNaN(n)) : []
|
||||
|
||||
// 权限控制
|
||||
if (ids.length > 0) {
|
||||
if (!checkPermission(payload.role, 'assets:export:selected')) {
|
||||
return NextResponse.json({ error: '无导出选中资产权限' }, { status: 403 })
|
||||
}
|
||||
} else {
|
||||
if (!checkPermission(payload.role, 'assets:export:all')) {
|
||||
if (!checkPermission(payload.role, 'assets:export:selected')) {
|
||||
return NextResponse.json({ error: '无导出权限' }, { status: 403 })
|
||||
}
|
||||
return NextResponse.json({ error: '无全量导出权限,请先多选设备后再导出' }, { status: 403 })
|
||||
}
|
||||
}
|
||||
|
||||
const conditions: string[] = []
|
||||
const params: unknown[] = []
|
||||
|
||||
// 按选中 ID 导出时,直接使用 ID 列表,忽略搜索/筛选条件
|
||||
if (ids.length > 0) {
|
||||
const placeholders = ids.map(() => '?').join(', ')
|
||||
conditions.push(`id IN (${placeholders})`)
|
||||
params.push(...ids)
|
||||
} else {
|
||||
if (search) {
|
||||
conditions.push(`(serial_number LIKE ? OR node_name LIKE ? OR business_ip LIKE ? OR device_model LIKE ? OR manufacturer LIKE ?)`)
|
||||
const s = `%${search}%`
|
||||
|
|
@ -72,7 +48,6 @@ export async function GET(request: Request) {
|
|||
const filterKeys = [...searchParams.keys()].filter(k => k.startsWith('filter_'))
|
||||
for (const key of filterKeys) {
|
||||
const field = key.replace('filter_', '')
|
||||
if (!FILTERABLE_FIELDS.has(field)) continue
|
||||
const allValues = searchParams.getAll(key)
|
||||
if (allValues.length === 0) continue
|
||||
if (allValues.length === 1) {
|
||||
|
|
@ -109,18 +84,15 @@ export async function GET(request: Request) {
|
|||
}
|
||||
} catch { /* ignore */ }
|
||||
}
|
||||
}
|
||||
|
||||
const where = conditions.length > 0 ? `WHERE ${conditions.join(' AND ')}` : ''
|
||||
const assets = db.prepare(`SELECT * FROM assets ${where} ORDER BY id DESC`).all(...params) as Record<string, unknown>[]
|
||||
|
||||
const buffer = exportAssetsToBuffer(assets)
|
||||
const today = new Date()
|
||||
const dateStr = `${today.getFullYear()}-${String(today.getMonth()+1).padStart(2,'0')}-${String(today.getDate()).padStart(2,'0')}`
|
||||
return new NextResponse(new Uint8Array(buffer), {
|
||||
headers: {
|
||||
'Content-Type': 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
|
||||
'Content-Disposition': `attachment; filename="assets_export_${dateStr}.xlsx"`,
|
||||
'Content-Disposition': `attachment; filename="assets_export_${new Date().toISOString().slice(0, 10)}.xlsx"`,
|
||||
},
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import { cookies } from 'next/headers'
|
||||
import db from '@/lib/db'
|
||||
import { getSession } from '@/lib/auth'
|
||||
import { verifyJwt } from '@/lib/auth'
|
||||
|
||||
const ALLOWED_FIELDS = new Set([
|
||||
'device_type', 'device_purpose', 'room', 'rack_position', 'node_name',
|
||||
|
|
@ -24,7 +24,7 @@ export async function GET(request: Request) {
|
|||
const cookieStore = await cookies()
|
||||
const token = cookieStore.get('session_assets')?.value
|
||||
if (!token) return NextResponse.json({ error: '未授权' }, { status: 401 })
|
||||
const payload = await getSession()
|
||||
const payload = verifyJwt(token)
|
||||
if (!payload) return NextResponse.json({ error: '会话已过期' }, { status: 401 })
|
||||
|
||||
const { searchParams } = new URL(request.url)
|
||||
|
|
|
|||
|
|
@ -1,16 +1,21 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import { cookies } from 'next/headers'
|
||||
import db from '@/lib/db'
|
||||
import { getSession } from '@/lib/auth'
|
||||
import { verifyJwt } from '@/lib/auth'
|
||||
import { checkPermission } from '@/lib/permissions'
|
||||
import { parseImportBuffer } from '@/lib/excel'
|
||||
|
||||
|
||||
async function getSession() {
|
||||
const cookieStore = await cookies()
|
||||
const token = cookieStore.get('session_assets')?.value
|
||||
if (!token) return null
|
||||
return verifyJwt(token)
|
||||
}
|
||||
|
||||
export async function POST(request: Request) {
|
||||
const session = await getSession()
|
||||
if (!session) return NextResponse.json({ error: '未授权' }, { status: 401 })
|
||||
if (!checkPermission(session.role, 'assets:import')) {
|
||||
if (!checkPermission(session.role, 'assets:write')) {
|
||||
return NextResponse.json({ error: '权限不足' }, { status: 403 })
|
||||
}
|
||||
|
||||
|
|
@ -65,7 +70,7 @@ export async function POST(request: Request) {
|
|||
}
|
||||
}
|
||||
if (updates.length > 0) {
|
||||
updates.push("updated_at = datetime('now', '+8 hours')")
|
||||
updates.push("updated_at = datetime('now')")
|
||||
values.push(existing.id)
|
||||
db.prepare(`UPDATE assets SET ${updates.join(', ')} WHERE id = ?`).run(...values)
|
||||
updated++
|
||||
|
|
|
|||
|
|
@ -1,9 +1,19 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import { cookies } from 'next/headers'
|
||||
import db from '@/lib/db'
|
||||
import { getSession, verifyApiKey } from '@/lib/auth'
|
||||
import { verifyJwt, verifyApiKey } from '@/lib/auth'
|
||||
import { checkPermission } from '@/lib/permissions'
|
||||
|
||||
function getUserFromCookie() {
|
||||
return null as { userId: number; username: string; role: string } | null
|
||||
}
|
||||
|
||||
async function getSession() {
|
||||
const cookieStore = await cookies()
|
||||
const token = cookieStore.get('session_assets')?.value
|
||||
if (!token) return null
|
||||
return verifyJwt(token)
|
||||
}
|
||||
|
||||
function getApiKeyAuth(request: Request) {
|
||||
const auth = request.headers.get('Authorization') || ''
|
||||
|
|
@ -42,14 +52,14 @@ export async function GET(request: Request) {
|
|||
const page = Math.max(1, parseInt(searchParams.get('page') || '1'))
|
||||
const pageSize = Math.min(100, Math.max(1, parseInt(searchParams.get('pageSize') || '20')))
|
||||
const search = searchParams.get('search') || ''
|
||||
const sortKey = searchParams.get('sortKey') || 'node_name'
|
||||
const sortOrder = searchParams.get('sortOrder') || 'asc'
|
||||
const sortKey = searchParams.get('sortKey') || 'id'
|
||||
const sortOrder = searchParams.get('sortOrder') || 'desc'
|
||||
|
||||
const allowedSortKeys = new Set([
|
||||
'id', 'serial_number', 'device_type', 'device_purpose', 'node_name',
|
||||
'business_ip', 'hdm_ip', 'manufacturer', 'device_model', 'status', 'created_at', 'updated_at'
|
||||
'business_ip', 'manufacturer', 'device_model', 'status', 'created_at', 'updated_at'
|
||||
])
|
||||
const safeSortKey = allowedSortKeys.has(sortKey) ? sortKey : 'node_name'
|
||||
const safeSortKey = allowedSortKeys.has(sortKey) ? sortKey : 'id'
|
||||
const safeSortOrder = sortOrder === 'asc' ? 'ASC' : 'DESC'
|
||||
|
||||
const conditions: string[] = []
|
||||
|
|
@ -65,7 +75,6 @@ export async function GET(request: Request) {
|
|||
const filterKeys = [...searchParams.keys()].filter(k => k.startsWith('filter_'))
|
||||
for (const key of filterKeys) {
|
||||
const field = key.replace('filter_', '')
|
||||
if (!FILTERABLE_FIELDS.has(field)) continue
|
||||
const allValues = searchParams.getAll(key)
|
||||
if (allValues.length === 0) continue
|
||||
if (allValues.length === 1) {
|
||||
|
|
@ -128,7 +137,7 @@ export async function GET(request: Request) {
|
|||
export async function POST(request: Request) {
|
||||
const session = await getSession()
|
||||
if (!session) return NextResponse.json({ error: '未授权' }, { status: 401 })
|
||||
if (!checkPermission(session.role, 'assets:create')) {
|
||||
if (!checkPermission(session.role, 'assets:write')) {
|
||||
return NextResponse.json({ error: '权限不足' }, { status: 403 })
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,14 +1,14 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import { getSession } from '@/lib/auth'
|
||||
import { checkPermission } from '@/lib/permissions'
|
||||
import { cookies } from 'next/headers'
|
||||
import { verifyJwt } from '@/lib/auth'
|
||||
import { generateTemplateBuffer } from '@/lib/excel'
|
||||
|
||||
export async function GET() {
|
||||
const payload = await getSession()
|
||||
const cookieStore = await cookies()
|
||||
const token = cookieStore.get('session_assets')?.value
|
||||
if (!token) return NextResponse.json({ error: '未授权' }, { status: 401 })
|
||||
const payload = verifyJwt(token)
|
||||
if (!payload) return NextResponse.json({ error: '会话已过期' }, { status: 401 })
|
||||
if (!checkPermission(payload.role, 'assets:import')) {
|
||||
return NextResponse.json({ error: '权限不足' }, { status: 403 })
|
||||
}
|
||||
|
||||
const buffer = generateTemplateBuffer()
|
||||
return new NextResponse(buffer, {
|
||||
|
|
|
|||
|
|
@ -1,97 +1,18 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import { cookies } from 'next/headers'
|
||||
import db from '@/lib/db'
|
||||
import { verifyPassword, signJwt, hashPassword } from '@/lib/auth'
|
||||
import { signSharedJwt, sharedCookieConfig } from '@/lib/jwt'
|
||||
import { ldapAuth } from '@/lib/ldap'
|
||||
import { verifyPassword, signJwt } from '@/lib/auth'
|
||||
import type { User } from '@/types'
|
||||
|
||||
export async function POST(request: Request) {
|
||||
try {
|
||||
const { username, password } = await request.json()
|
||||
if (!username || !password) return NextResponse.json({ error: '请输入用户名和密码' }, { status: 400 })
|
||||
|
||||
let userId: number
|
||||
let role: string
|
||||
let displayName: string
|
||||
|
||||
// 1. localadmin:纯本地 BCrypt,不依赖 LLDAP
|
||||
if (username === 'localadmin') {
|
||||
const localUser = db.prepare(
|
||||
'SELECT * FROM users WHERE username = ? AND is_active = 1'
|
||||
).get(username) as User | undefined
|
||||
if (!localUser || !verifyPassword(password, localUser.password_hash)) {
|
||||
return NextResponse.json({ error: '用户名或密码错误' }, { status: 401 })
|
||||
}
|
||||
userId = localUser.id
|
||||
role = localUser.role
|
||||
displayName = localUser.display_name || username
|
||||
} else {
|
||||
// 2. 其他用户:LLDAP 优先
|
||||
const ldapResult = await ldapAuth(username, password)
|
||||
|
||||
if (ldapResult.success) {
|
||||
// LDAP 认证成功 → 更新本地密码缓存 + 自动创建用户
|
||||
displayName = ldapResult.displayName || username
|
||||
const pwHash = hashPassword(password)
|
||||
const existing = db.prepare(
|
||||
'SELECT id, role FROM users WHERE username = ? AND is_active = 1'
|
||||
).get(username) as { id: number; role: string } | undefined
|
||||
|
||||
if (existing) {
|
||||
db.prepare('UPDATE users SET password_hash = ?, display_name = ?, email = ? WHERE id = ?')
|
||||
.run(pwHash, displayName, ldapResult.email || null, existing.id)
|
||||
userId = existing.id
|
||||
role = existing.role
|
||||
} else {
|
||||
db.prepare(
|
||||
"INSERT INTO users (username, password_hash, display_name, email, role, is_active, created_at, updated_at) VALUES (?, ?, ?, ?, 'viewer', 1, datetime('now', '+8 hours'), datetime('now', '+8 hours'))"
|
||||
).run(username, pwHash, displayName, ldapResult.email || null)
|
||||
const created = db.prepare(
|
||||
'SELECT id, role FROM users WHERE username = ?'
|
||||
).get(username) as { id: number; role: string } | undefined
|
||||
if (!created) return NextResponse.json({ error: '用户创建失败' }, { status: 500 })
|
||||
userId = created.id
|
||||
role = created.role
|
||||
}
|
||||
} else if (ldapResult.unreachable) {
|
||||
// LLDAP 不可达 → 回退本地密码缓存
|
||||
const localUser = db.prepare(
|
||||
'SELECT * FROM users WHERE username = ? AND is_active = 1'
|
||||
).get(username) as User | undefined
|
||||
if (!localUser || !verifyPassword(password, localUser.password_hash)) {
|
||||
return NextResponse.json({ error: '认证服务不可用,且本地密码不匹配' }, { status: 401 })
|
||||
}
|
||||
userId = localUser.id
|
||||
role = localUser.role
|
||||
displayName = localUser.display_name || username
|
||||
} else {
|
||||
return NextResponse.json({ error: '用户名或密码错误' }, { status: 401 })
|
||||
}
|
||||
}
|
||||
|
||||
// 3. 更新最后登录时间和活跃时间
|
||||
db.prepare("UPDATE users SET last_login_at = datetime('now', '+8 hours'), last_active_at = datetime('now', '+8 hours') WHERE id = ?").run(userId)
|
||||
|
||||
// 4. 签发两个 cookie
|
||||
const localToken = signJwt({ userId, username, role })
|
||||
const sharedToken = signSharedJwt({ username, displayName })
|
||||
const sharedCfg = sharedCookieConfig()
|
||||
const user = db.prepare('SELECT * FROM users WHERE username = ? AND is_active = 1').get(username) as User | undefined
|
||||
if (!user || !verifyPassword(password, user.password_hash)) return NextResponse.json({ error: '用户名或密码错误' }, { status: 401 })
|
||||
const token = signJwt({ userId: user.id, username: user.username, role: user.role })
|
||||
const cookieStore = await cookies()
|
||||
|
||||
cookieStore.set('session_assets', localToken, {
|
||||
httpOnly: true,
|
||||
secure: process.env.NODE_ENV === 'production',
|
||||
sameSite: 'lax',
|
||||
maxAge: 86400,
|
||||
path: '/',
|
||||
})
|
||||
cookieStore.set(sharedCfg.name, sharedToken, sharedCfg)
|
||||
|
||||
return NextResponse.json({
|
||||
user: { id: userId, username, display_name: displayName, role },
|
||||
})
|
||||
} catch {
|
||||
return NextResponse.json({ error: '登录失败' }, { status: 500 })
|
||||
}
|
||||
cookieStore.set('session_assets', token, { httpOnly: true, secure: process.env.NODE_ENV === 'production', sameSite: 'lax', maxAge: 86400, path: '/' })
|
||||
return NextResponse.json({ user: { id: user.id, username: user.username, display_name: user.display_name, role: user.role } })
|
||||
} catch { return NextResponse.json({ error: '登录失败' }, { status: 500 }) }
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,10 +1,7 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import { cookies } from 'next/headers'
|
||||
|
||||
export async function POST() {
|
||||
const cookieStore = await cookies()
|
||||
cookieStore.set('session_assets', '', { maxAge: 0, path: '/' })
|
||||
cookieStore.set('tlyq_session', '', { maxAge: 0, path: '/' })
|
||||
|
||||
return NextResponse.json({ success: true })
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,24 +1,17 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import { cookies } from 'next/headers'
|
||||
import db from '@/lib/db'
|
||||
import { getSession } from '@/lib/auth'
|
||||
import { verifyJwt } from '@/lib/auth'
|
||||
|
||||
export async function GET() {
|
||||
try {
|
||||
const session = await getSession()
|
||||
if (!session) return NextResponse.json({ error: '未授权' }, { status: 401 })
|
||||
|
||||
const user = db.prepare(
|
||||
'SELECT id, username, display_name, email, role FROM users WHERE id = ? AND is_active = 1'
|
||||
).get(session.userId) as Record<string, unknown> | undefined
|
||||
const cookieStore = await cookies()
|
||||
const token = cookieStore.get('session_assets')?.value
|
||||
if (!token) return NextResponse.json({ error: '未授权' }, { status: 401 })
|
||||
const payload = verifyJwt(token)
|
||||
if (!payload) return NextResponse.json({ error: '会话已过期' }, { status: 401 })
|
||||
const user = db.prepare('SELECT id, username, display_name, email, role FROM users WHERE id = ? AND is_active = 1').get(payload.userId)
|
||||
if (!user) return NextResponse.json({ error: '用户不存在' }, { status: 401 })
|
||||
|
||||
const roleRow = db.prepare(
|
||||
'SELECT permissions FROM roles WHERE name = ?'
|
||||
).get(user.role) as { permissions: string } | undefined
|
||||
const permissions: string[] = roleRow ? JSON.parse(roleRow.permissions) : []
|
||||
|
||||
return NextResponse.json({ user: { ...user, permissions } })
|
||||
} catch {
|
||||
return NextResponse.json({ error: '获取用户信息失败' }, { status: 500 })
|
||||
}
|
||||
return NextResponse.json({ user })
|
||||
} catch { return NextResponse.json({ error: '获取用户信息失败' }, { status: 500 }) }
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,12 +0,0 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import db from '@/lib/db'
|
||||
|
||||
const INTERNAL_KEY = process.env.INTERNAL_API_KEY || 'oa-internal-key-tlyq-2026'
|
||||
|
||||
export async function GET(request: Request) {
|
||||
const key = request.headers.get('x-internal-key')
|
||||
if (key !== INTERNAL_KEY) return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
|
||||
|
||||
const roles = db.prepare('SELECT name, display_name FROM roles ORDER BY name').all() as { name: string; display_name: string }[]
|
||||
return NextResponse.json({ roles })
|
||||
}
|
||||
|
|
@ -1,57 +0,0 @@
|
|||
import { NextRequest, NextResponse } from 'next/server'
|
||||
import db from '@/lib/db'
|
||||
import { getSession } from '@/lib/auth'
|
||||
import { checkPermission } from '@/lib/permissions'
|
||||
import { initDatabase } from '@/lib/db-schema'
|
||||
|
||||
const BUILTIN_ROLES = ['admin', 'editor', 'viewer']
|
||||
|
||||
export async function PUT(
|
||||
request: NextRequest,
|
||||
{ params }: { params: Promise<{ id: string }> }
|
||||
) {
|
||||
initDatabase()
|
||||
const session = await getSession()
|
||||
if (!session) return NextResponse.json({ error: '未登录' }, { status: 401 })
|
||||
if (!checkPermission(session.role, 'roles:write')) return NextResponse.json({ error: '权限不足' }, { status: 403 })
|
||||
|
||||
const { id } = await params
|
||||
const body = await request.json()
|
||||
|
||||
const existing = db.prepare('SELECT * FROM roles WHERE id = ?').get(id) as Record<string, unknown> | undefined
|
||||
if (!existing) return NextResponse.json({ error: '角色不存在' }, { status: 404 })
|
||||
|
||||
const fields: string[] = []
|
||||
const values: unknown[] = []
|
||||
|
||||
if (body.display_name) { fields.push('display_name = ?'); values.push(body.display_name) }
|
||||
if (body.permissions) { fields.push('permissions = ?'); values.push(JSON.stringify(body.permissions)) }
|
||||
|
||||
if (fields.length > 0) {
|
||||
values.push(id)
|
||||
db.prepare(`UPDATE roles SET ${fields.join(', ')} WHERE id = ?`).run(...values)
|
||||
}
|
||||
|
||||
const role = db.prepare('SELECT * FROM roles WHERE id = ?').get(id)
|
||||
return NextResponse.json({ role })
|
||||
}
|
||||
|
||||
export async function DELETE(
|
||||
_request: NextRequest,
|
||||
{ params }: { params: Promise<{ id: string }> }
|
||||
) {
|
||||
initDatabase()
|
||||
const session = await getSession()
|
||||
if (!session) return NextResponse.json({ error: '未登录' }, { status: 401 })
|
||||
if (!checkPermission(session.role, 'roles:write')) return NextResponse.json({ error: '权限不足' }, { status: 403 })
|
||||
|
||||
const { id } = await params
|
||||
const existing = db.prepare('SELECT * FROM roles WHERE id = ?').get(id) as Record<string, unknown> | undefined
|
||||
if (!existing) return NextResponse.json({ error: '角色不存在' }, { status: 404 })
|
||||
if (BUILTIN_ROLES.includes(existing.name as string)) {
|
||||
return NextResponse.json({ error: '系统内置角色不能删除' }, { status: 400 })
|
||||
}
|
||||
|
||||
db.prepare('DELETE FROM roles WHERE id = ?').run(id)
|
||||
return NextResponse.json({ success: true })
|
||||
}
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
import { NextRequest, NextResponse } from 'next/server'
|
||||
import db from '@/lib/db'
|
||||
import { getSession } from '@/lib/auth'
|
||||
import { checkPermission } from '@/lib/permissions'
|
||||
import { initDatabase } from '@/lib/db-schema'
|
||||
|
||||
export async function GET() {
|
||||
initDatabase()
|
||||
const session = await getSession()
|
||||
if (!session) return NextResponse.json({ error: '未登录' }, { status: 401 })
|
||||
|
||||
const roles = db.prepare('SELECT * FROM roles ORDER BY id').all()
|
||||
return NextResponse.json({ roles })
|
||||
}
|
||||
|
||||
export async function POST(request: NextRequest) {
|
||||
initDatabase()
|
||||
const session = await getSession()
|
||||
if (!session) return NextResponse.json({ error: '未登录' }, { status: 401 })
|
||||
if (!checkPermission(session.role, 'roles:write')) return NextResponse.json({ error: '权限不足' }, { status: 403 })
|
||||
|
||||
const body = await request.json()
|
||||
const { name, display_name, permissions } = body
|
||||
|
||||
if (!name || !display_name) {
|
||||
return NextResponse.json({ error: '角色名称和显示名称为必填项' }, { status: 400 })
|
||||
}
|
||||
|
||||
const existing = db.prepare('SELECT id FROM roles WHERE name = ?').get(name)
|
||||
if (existing) return NextResponse.json({ error: '角色名已存在' }, { status: 400 })
|
||||
|
||||
const result = db.prepare('INSERT INTO roles (name, display_name, permissions) VALUES (?, ?, ?)').run(
|
||||
name, display_name, JSON.stringify(permissions || [])
|
||||
)
|
||||
const role = db.prepare('SELECT * FROM roles WHERE id = ?').get(result.lastInsertRowid)
|
||||
return NextResponse.json({ role }, { status: 201 })
|
||||
}
|
||||
|
|
@ -1,6 +1,14 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import { cookies } from 'next/headers'
|
||||
import db from '@/lib/db'
|
||||
import { getSession } from '@/lib/auth'
|
||||
import { verifyJwt } from '@/lib/auth'
|
||||
|
||||
async function getSession() {
|
||||
const cookieStore = await cookies()
|
||||
const token = cookieStore.get('session_assets')?.value
|
||||
if (!token) return null
|
||||
return verifyJwt(token)
|
||||
}
|
||||
|
||||
export async function GET() {
|
||||
const session = await getSession()
|
||||
|
|
|
|||
|
|
@ -1,23 +1,14 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import { cookies } from 'next/headers'
|
||||
import db from '@/lib/db'
|
||||
import { getSession, hashPassword } from '@/lib/auth'
|
||||
import { verifyJwt, hashPassword } from '@/lib/auth'
|
||||
import { checkPermission } from '@/lib/permissions'
|
||||
|
||||
|
||||
|
||||
export async function GET(_request: Request, { params }: { params: Promise<{ id: string }> }) {
|
||||
const session = await getSession()
|
||||
if (!session) return NextResponse.json({ error: '未授权' }, { status: 401 })
|
||||
|
||||
const { id } = await params
|
||||
const user = db.prepare(`
|
||||
SELECT id, username, display_name, email, role, is_active, created_at, updated_at,
|
||||
last_login_at,
|
||||
CASE WHEN last_active_at IS NOT NULL AND datetime(last_active_at, '+5 minutes') > datetime('now', '+8 hours') THEN 1 ELSE 0 END AS is_online
|
||||
FROM users WHERE id = ?
|
||||
`).get(id) as Record<string, unknown> | undefined
|
||||
if (!user) return NextResponse.json({ error: '用户不存在' }, { status: 404 })
|
||||
return NextResponse.json({ user })
|
||||
async function getSession() {
|
||||
const cookieStore = await cookies()
|
||||
const token = cookieStore.get('session_assets')?.value
|
||||
if (!token) return null
|
||||
return verifyJwt(token)
|
||||
}
|
||||
|
||||
export async function PUT(request: Request, { params }: { params: Promise<{ id: string }> }) {
|
||||
|
|
@ -28,17 +19,11 @@ export async function PUT(request: Request, { params }: { params: Promise<{ id:
|
|||
}
|
||||
|
||||
const { id } = await params
|
||||
const existing = db.prepare('SELECT id, username FROM users WHERE id = ?').get(id) as { id: number; username: string } | undefined
|
||||
const existing = db.prepare('SELECT id FROM users WHERE id = ?').get(id)
|
||||
if (!existing) return NextResponse.json({ error: '用户不存在' }, { status: 404 })
|
||||
|
||||
try {
|
||||
const body = await request.json()
|
||||
|
||||
// 禁止修改系统保留用户的角色
|
||||
if (body.role && (existing.username === 'admin' || existing.username === 'localadmin')) {
|
||||
return NextResponse.json({ error: '不能修改系统保留用户的角色' }, { status: 400 })
|
||||
}
|
||||
|
||||
const updates: string[] = []
|
||||
const values: unknown[] = []
|
||||
|
||||
|
|
@ -52,14 +37,11 @@ export async function PUT(request: Request, { params }: { params: Promise<{ id:
|
|||
return NextResponse.json({ error: '没有要更新的字段' }, { status: 400 })
|
||||
}
|
||||
|
||||
updates.push("updated_at = datetime('now', '+8 hours')")
|
||||
updates.push("updated_at = datetime('now')")
|
||||
values.push(id)
|
||||
|
||||
db.prepare(`UPDATE users SET ${updates.join(', ')} WHERE id = ?`).run(...values)
|
||||
const user = db.prepare(`SELECT id, username, display_name, email, role, is_active, created_at, updated_at,
|
||||
last_login_at,
|
||||
CASE WHEN last_active_at IS NOT NULL AND datetime(last_active_at, '+5 minutes') > datetime('now', '+8 hours') THEN 1 ELSE 0 END AS is_online
|
||||
FROM users WHERE id = ?`).get(id)
|
||||
const user = db.prepare('SELECT id, username, display_name, email, role, is_active, created_at, updated_at FROM users WHERE id = ?').get(id)
|
||||
return NextResponse.json({ user })
|
||||
} catch (e) {
|
||||
const msg = e instanceof Error ? e.message : '更新用户失败'
|
||||
|
|
@ -79,11 +61,8 @@ export async function DELETE(_request: Request, { params }: { params: Promise<{
|
|||
return NextResponse.json({ error: '不能删除当前登录用户' }, { status: 400 })
|
||||
}
|
||||
|
||||
const existing = db.prepare('SELECT id, username FROM users WHERE id = ?').get(id) as { id: number; username: string } | undefined
|
||||
const existing = db.prepare('SELECT id FROM users WHERE id = ?').get(id)
|
||||
if (!existing) return NextResponse.json({ error: '用户不存在' }, { status: 404 })
|
||||
if (existing.username === 'admin' || existing.username === 'localadmin') {
|
||||
return NextResponse.json({ error: '不能删除系统保留用户' }, { status: 400 })
|
||||
}
|
||||
|
||||
db.prepare('DELETE FROM users WHERE id = ?').run(id)
|
||||
return NextResponse.json({ success: true })
|
||||
|
|
|
|||
|
|
@ -1,9 +1,15 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import { cookies } from 'next/headers'
|
||||
import db from '@/lib/db'
|
||||
import { getSession, hashPassword } from '@/lib/auth'
|
||||
import { verifyJwt, hashPassword } from '@/lib/auth'
|
||||
import { checkPermission } from '@/lib/permissions'
|
||||
|
||||
|
||||
async function getSession() {
|
||||
const cookieStore = await cookies()
|
||||
const token = cookieStore.get('session_assets')?.value
|
||||
if (!token) return null
|
||||
return verifyJwt(token)
|
||||
}
|
||||
|
||||
export async function GET() {
|
||||
const session = await getSession()
|
||||
|
|
@ -12,10 +18,7 @@ export async function GET() {
|
|||
return NextResponse.json({ error: '权限不足' }, { status: 403 })
|
||||
}
|
||||
|
||||
const users = db.prepare(`SELECT id, username, display_name, email, role, is_active, created_at, updated_at,
|
||||
last_login_at,
|
||||
CASE WHEN last_active_at IS NOT NULL AND datetime(last_active_at, '+5 minutes') > datetime('now', '+8 hours') THEN 1 ELSE 0 END AS is_online
|
||||
FROM users ORDER BY id`).all()
|
||||
const users = db.prepare('SELECT id, username, display_name, email, role, is_active, created_at, updated_at FROM users ORDER BY id').all()
|
||||
return NextResponse.json({ users })
|
||||
}
|
||||
|
||||
|
|
@ -39,7 +42,7 @@ export async function POST(request: Request) {
|
|||
}
|
||||
|
||||
const passwordHash = hashPassword(password)
|
||||
const result = db.prepare("INSERT INTO users (username, password_hash, display_name, email, role, created_at, updated_at) VALUES (?, ?, ?, ?, ?, datetime('now', '+8 hours'), datetime('now', '+8 hours'))")
|
||||
const result = db.prepare('INSERT INTO users (username, password_hash, display_name, email, role) VALUES (?, ?, ?, ?, ?)')
|
||||
.run(username, passwordHash, display_name, email || null, role || 'viewer')
|
||||
|
||||
const user = db.prepare('SELECT id, username, display_name, email, role, is_active, created_at FROM users WHERE id = ?').get(result.lastInsertRowid)
|
||||
|
|
|
|||
|
|
@ -1,32 +0,0 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import db from '@/lib/db'
|
||||
import { getSession } from '@/lib/auth'
|
||||
import { checkPermission } from '@/lib/permissions'
|
||||
import { ldapGetUserInfo } from '@/lib/ldap'
|
||||
|
||||
export async function POST() {
|
||||
const session = await getSession()
|
||||
if (!session) return NextResponse.json({ error: '未授权' }, { status: 401 })
|
||||
if (!checkPermission(session.role, 'users:write')) {
|
||||
return NextResponse.json({ error: '权限不足' }, { status: 403 })
|
||||
}
|
||||
|
||||
const users = db.prepare(
|
||||
'SELECT id, username FROM users WHERE email IS NULL OR email = \'\''
|
||||
).all() as { id: number; username: string }[]
|
||||
|
||||
let synced = 0
|
||||
let failed = 0
|
||||
|
||||
for (const u of users) {
|
||||
const info = await ldapGetUserInfo(u.username)
|
||||
if (info?.email) {
|
||||
db.prepare('UPDATE users SET email = ? WHERE id = ?').run(info.email, u.id)
|
||||
synced++
|
||||
} else {
|
||||
failed++
|
||||
}
|
||||
}
|
||||
|
||||
return NextResponse.json({ synced, failed, total: users.length })
|
||||
}
|
||||
|
|
@ -19,35 +19,16 @@ function Field({ label, value }: { label: string; value: React.ReactNode }) {
|
|||
}
|
||||
|
||||
function Section({ title, children }: { title: string; children: React.ReactNode }) {
|
||||
const items = Array.isArray(children) ? children.filter(Boolean) : children
|
||||
return (
|
||||
<div className="bg-white dark:bg-slate-900 rounded-lg border border-slate-200 dark:border-slate-700 p-5">
|
||||
<h3 className="text-base font-semibold text-slate-900 dark:text-white mb-3">{title}</h3>
|
||||
<div className="space-y-0">{children}</div>
|
||||
<div className="space-y-0">{items}</div>
|
||||
</div>
|
||||
)
|
||||
}
|
||||
|
||||
function hasAny(a: Asset, keys: (keyof Asset)[]): boolean {
|
||||
return keys.some(k => {
|
||||
const v = a[k]
|
||||
return v != null && v !== ''
|
||||
})
|
||||
}
|
||||
|
||||
export default function AssetDetail({ asset: a }: AssetDetailProps) {
|
||||
const cpuKeys = ['cpu_model', 'cpu_generation', 'cpu_cores', 'cpu_threads', 'cpu_count', 'cpu_spec'] as (keyof Asset)[]
|
||||
const memKeys = ['memory_model', 'memory_frequency', 'memory_unit_capacity', 'memory_count', 'memory_total'] as (keyof Asset)[]
|
||||
const gpuKeys = ['gpu_model', 'gpu_power', 'gpu_count'] as (keyof Asset)[]
|
||||
const nic1Keys = ['nic1_model', 'nic1_type', 'nic1_speed', 'nic1_count'] as (keyof Asset)[]
|
||||
const nic2Keys = ['nic2_model', 'nic2_type', 'nic2_speed', 'nic2_count'] as (keyof Asset)[]
|
||||
const nic3Keys = ['nic3_model', 'nic3_type', 'nic3_speed', 'nic3_count'] as (keyof Asset)[]
|
||||
const sysDiskKeys = ['sys_disk_model', 'sys_disk_spec', 'sys_disk_capacity', 'sys_disk_type', 'sys_disk_protocol', 'sys_disk_speed', 'sys_disk_count'] as (keyof Asset)[]
|
||||
const dataDisk1Keys = ['data_disk1_model', 'data_disk1_spec', 'data_disk1_capacity', 'data_disk1_type', 'data_disk1_protocol', 'data_disk1_speed', 'data_disk1_count'] as (keyof Asset)[]
|
||||
const dataDisk2Keys = ['data_disk2_model', 'data_disk2_spec', 'data_disk2_capacity', 'data_disk2_type', 'data_disk2_protocol', 'data_disk2_speed', 'data_disk2_count'] as (keyof Asset)[]
|
||||
const raidKeys = ['data_disk_total_space', 'raid_model', 'raid_spec', 'raid_count'] as (keyof Asset)[]
|
||||
const psuKeys = ['psu1_model', 'psu1_power', 'psu1_count', 'psu2_model', 'psu2_power', 'psu2_count', 'psu_total_power'] as (keyof Asset)[]
|
||||
const boardKeys = ['board_model', 'board_count'] as (keyof Asset)[]
|
||||
|
||||
return (
|
||||
<div className="space-y-4">
|
||||
<div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
|
||||
|
|
@ -69,7 +50,6 @@ export default function AssetDetail({ asset: a }: AssetDetailProps) {
|
|||
<Field label="保修到期日" value={a.warranty_date} />
|
||||
</Section>
|
||||
|
||||
{hasAny(a, cpuKeys) && (
|
||||
<Section title="CPU">
|
||||
<Field label="型号" value={a.cpu_model} />
|
||||
<Field label="代数" value={a.cpu_generation} />
|
||||
|
|
@ -78,9 +58,7 @@ export default function AssetDetail({ asset: a }: AssetDetailProps) {
|
|||
<Field label="数量" value={a.cpu_count} />
|
||||
<Field label="规格" value={a.cpu_spec} />
|
||||
</Section>
|
||||
)}
|
||||
|
||||
{hasAny(a, memKeys) && (
|
||||
<Section title="内存">
|
||||
<Field label="型号" value={a.memory_model} />
|
||||
<Field label="频率" value={a.memory_frequency} />
|
||||
|
|
@ -88,44 +66,34 @@ export default function AssetDetail({ asset: a }: AssetDetailProps) {
|
|||
<Field label="条数" value={a.memory_count} />
|
||||
<Field label="总量" value={a.memory_total} />
|
||||
</Section>
|
||||
)}
|
||||
|
||||
{hasAny(a, gpuKeys) && (
|
||||
<Section title="GPU">
|
||||
<Field label="型号" value={a.gpu_model} />
|
||||
<Field label="功耗" value={a.gpu_power} />
|
||||
<Field label="数量" value={a.gpu_count} />
|
||||
</Section>
|
||||
)}
|
||||
|
||||
{hasAny(a, nic1Keys) && (
|
||||
<Section title="网卡 1">
|
||||
<Field label="型号" value={a.nic1_model} />
|
||||
<Field label="类型" value={a.nic1_type} />
|
||||
<Field label="速率" value={a.nic1_speed} />
|
||||
<Field label="数量" value={a.nic1_count} />
|
||||
</Section>
|
||||
)}
|
||||
|
||||
{hasAny(a, nic2Keys) && (
|
||||
<Section title="网卡 2">
|
||||
<Field label="型号" value={a.nic2_model} />
|
||||
<Field label="类型" value={a.nic2_type} />
|
||||
<Field label="速率" value={a.nic2_speed} />
|
||||
<Field label="数量" value={a.nic2_count} />
|
||||
</Section>
|
||||
)}
|
||||
|
||||
{hasAny(a, nic3Keys) && (
|
||||
<Section title="网卡 3">
|
||||
<Field label="型号" value={a.nic3_model} />
|
||||
<Field label="类型" value={a.nic3_type} />
|
||||
<Field label="速率" value={a.nic3_speed} />
|
||||
<Field label="数量" value={a.nic3_count} />
|
||||
</Section>
|
||||
)}
|
||||
|
||||
{hasAny(a, sysDiskKeys) && (
|
||||
<Section title="系统盘">
|
||||
<Field label="型号" value={a.sys_disk_model} />
|
||||
<Field label="规格" value={a.sys_disk_spec} />
|
||||
|
|
@ -135,9 +103,7 @@ export default function AssetDetail({ asset: a }: AssetDetailProps) {
|
|||
<Field label="速率" value={a.sys_disk_speed} />
|
||||
<Field label="数量" value={a.sys_disk_count} />
|
||||
</Section>
|
||||
)}
|
||||
|
||||
{hasAny(a, dataDisk1Keys) && (
|
||||
<Section title="数据盘 1">
|
||||
<Field label="型号" value={a.data_disk1_model} />
|
||||
<Field label="规格" value={a.data_disk1_spec} />
|
||||
|
|
@ -147,9 +113,7 @@ export default function AssetDetail({ asset: a }: AssetDetailProps) {
|
|||
<Field label="速率" value={a.data_disk1_speed} />
|
||||
<Field label="数量" value={a.data_disk1_count} />
|
||||
</Section>
|
||||
)}
|
||||
|
||||
{hasAny(a, dataDisk2Keys) && (
|
||||
<Section title="数据盘 2">
|
||||
<Field label="型号" value={a.data_disk2_model} />
|
||||
<Field label="规格" value={a.data_disk2_spec} />
|
||||
|
|
@ -159,18 +123,14 @@ export default function AssetDetail({ asset: a }: AssetDetailProps) {
|
|||
<Field label="速率" value={a.data_disk2_speed} />
|
||||
<Field label="数量" value={a.data_disk2_count} />
|
||||
</Section>
|
||||
)}
|
||||
|
||||
{hasAny(a, raidKeys) && (
|
||||
<Section title="RAID / 存储">
|
||||
<Field label="数据盘总空间" value={a.data_disk_total_space} />
|
||||
<Field label="RAID型号" value={a.raid_model} />
|
||||
<Field label="RAID规格" value={a.raid_spec} />
|
||||
<Field label="RAID数量" value={a.raid_count} />
|
||||
</Section>
|
||||
)}
|
||||
|
||||
{hasAny(a, psuKeys) && (
|
||||
<Section title="电源">
|
||||
<Field label="电源1型号" value={a.psu1_model} />
|
||||
<Field label="电源1功率" value={a.psu1_power} />
|
||||
|
|
@ -180,14 +140,11 @@ export default function AssetDetail({ asset: a }: AssetDetailProps) {
|
|||
<Field label="电源2数量" value={a.psu2_count} />
|
||||
<Field label="总功率" value={a.psu_total_power} />
|
||||
</Section>
|
||||
)}
|
||||
|
||||
{hasAny(a, boardKeys) && (
|
||||
<Section title="主板">
|
||||
<Field label="型号" value={a.board_model} />
|
||||
<Field label="数量" value={a.board_count} />
|
||||
</Section>
|
||||
)}
|
||||
</div>
|
||||
</div>
|
||||
)
|
||||
|
|
|
|||
|
|
@ -21,9 +21,9 @@ interface AssetListProps {
|
|||
}
|
||||
|
||||
const COLUMNS = [
|
||||
{ key: 'device_type', label: '设备类型', sortable: true, filterable: true },
|
||||
{ key: 'node_name', label: '节点名称', sortable: true, filterable: true },
|
||||
{ key: 'business_ip', label: '业务IP', sortable: true, filterable: true },
|
||||
{ key: 'device_type', label: '设备类型', sortable: true, filterable: true },
|
||||
{ key: 'manufacturer', label: '厂商', sortable: true, filterable: true },
|
||||
{ key: 'device_model', label: '设备型号', sortable: true, filterable: true },
|
||||
{ key: 'serial_number', label: '序列号', sortable: true, filterable: true },
|
||||
|
|
@ -212,11 +212,11 @@ export default function AssetList({
|
|||
<input type="checkbox" checked={selectedIds.has(row.id)} onChange={() => onToggleSelect(row.id)}
|
||||
className="rounded border-slate-300 dark:border-slate-600" />
|
||||
</td>
|
||||
<td className="px-4 py-3 text-slate-700 dark:text-slate-300">{row.device_type}</td>
|
||||
<td className="px-4 py-3 font-medium">
|
||||
<Link href={`/assets/${row.id}`} className="text-blue-600 dark:text-blue-400 hover:underline">{row.node_name || '-'}</Link>
|
||||
</td>
|
||||
<td className="px-4 py-3 text-slate-700 dark:text-slate-300">{row.business_ip || '-'}</td>
|
||||
<td className="px-4 py-3 text-slate-700 dark:text-slate-300">{row.device_type}</td>
|
||||
<td className="px-4 py-3 text-slate-700 dark:text-slate-300">{row.manufacturer || '-'}</td>
|
||||
<td className="px-4 py-3 text-slate-700 dark:text-slate-300">{row.device_model || '-'}</td>
|
||||
<td className="px-4 py-3 text-slate-700 dark:text-slate-300">{row.serial_number || '-'}</td>
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ interface AppShellProps { children: ReactNode; user?: { display_name: string; ro
|
|||
export default function AppShell({ children, user }: AppShellProps) {
|
||||
return (
|
||||
<ThemeProvider>
|
||||
<Sidebar role={user?.role} />
|
||||
<Sidebar />
|
||||
<TopBar user={user} />
|
||||
<main className="ml-60 pt-14 min-h-screen bg-slate-50 dark:bg-slate-950">
|
||||
<div className="p-6">{children}</div>
|
||||
|
|
|
|||
|
|
@ -15,9 +15,8 @@ const settingsItems = [
|
|||
{ href: '/settings/api-keys', label: 'API Key', icon: Key },
|
||||
]
|
||||
|
||||
export default function Sidebar({ role }: { role?: string }) {
|
||||
export default function Sidebar() {
|
||||
const pathname = usePathname()
|
||||
const isAdmin = role === 'admin'
|
||||
return (
|
||||
<aside className="fixed left-0 top-0 bottom-0 w-60 bg-white dark:bg-slate-900 border-r border-slate-200 dark:border-slate-800 flex flex-col z-40">
|
||||
<div className="h-14 flex items-center px-5 border-b border-slate-200 dark:border-slate-800">
|
||||
|
|
@ -29,7 +28,6 @@ export default function Sidebar({ role }: { role?: string }) {
|
|||
const Icon = item.icon
|
||||
return (<Link key={item.href} href={item.href} className={`flex items-center gap-3 px-3 py-2.5 rounded-lg text-sm font-medium transition-all duration-200 ${isActive ? 'bg-blue-50 text-blue-700 dark:bg-blue-500/10 dark:text-blue-400' : 'text-slate-600 hover:bg-slate-50 dark:text-slate-400 dark:hover:bg-slate-800'}`}><Icon size={18} />{item.label}</Link>)
|
||||
})}
|
||||
{isAdmin && (
|
||||
<div className="pt-3 border-t border-slate-200 dark:border-slate-800 mt-3">
|
||||
<div className="flex items-center gap-3 px-3 py-2 text-xs font-semibold text-slate-400 dark:text-slate-500 uppercase tracking-wider">
|
||||
<Settings size={14} />系统设置
|
||||
|
|
@ -40,7 +38,6 @@ export default function Sidebar({ role }: { role?: string }) {
|
|||
return (<Link key={item.href} href={item.href} className={`flex items-center gap-3 px-3 py-2.5 rounded-lg text-sm font-medium transition-all duration-200 ${isActive ? 'bg-blue-50 text-blue-700 dark:bg-blue-500/10 dark:text-blue-400' : 'text-slate-600 hover:bg-slate-50 dark:text-slate-400 dark:hover:bg-slate-800'}`}><Icon size={18} />{item.label}</Link>)
|
||||
})}
|
||||
</div>
|
||||
)}
|
||||
</nav>
|
||||
</aside>
|
||||
)
|
||||
|
|
|
|||
|
|
@ -10,23 +10,22 @@ export default function TopBar({ user }: TopBarProps) {
|
|||
const { theme, toggleTheme } = useTheme()
|
||||
async function handleLogout() {
|
||||
await fetch('/api/auth/logout', { method: 'POST' })
|
||||
// 清除所有 cookies 后跳转登录页,下次请求将触发 SSO 重新认证
|
||||
router.push('/login'); router.refresh()
|
||||
}
|
||||
return (
|
||||
<header className="fixed top-0 left-60 right-0 h-14 bg-white dark:bg-slate-900 border-b border-slate-200 dark:border-slate-800 flex items-center justify-between px-6 z-30">
|
||||
<div />
|
||||
<div className="flex items-center gap-4">
|
||||
<button onClick={toggleTheme} className="p-2 rounded-lg text-slate-500 hover:bg-slate-100 dark:text-slate-400 dark:hover:bg-slate-800 transition-colors" title={theme === 'dark' ? '切换到亮色模式' : '切换到暗色模式'}>
|
||||
<button onClick={toggleTheme} className="p-2 rounded-lg hover:bg-slate-100 dark:hover:bg-slate-800 transition-colors" title={theme === 'dark' ? '切换到亮色模式' : '切换到暗色模式'}>
|
||||
{theme === 'dark' ? <Sun size={18} /> : <Moon size={18} />}
|
||||
</button>
|
||||
{user && (
|
||||
<div className="flex items-center gap-3">
|
||||
<div className="flex items-center gap-2 text-sm text-slate-600 dark:text-slate-300">
|
||||
<div className="flex items-center gap-2 text-sm">
|
||||
<User size={16} />
|
||||
<span>{user.display_name}</span>
|
||||
</div>
|
||||
<button onClick={handleLogout} className="p-2 rounded-lg text-slate-500 hover:bg-slate-100 dark:text-slate-400 dark:hover:bg-slate-800 transition-colors" title="退出登录">
|
||||
<button onClick={handleLogout} className="p-2 rounded-lg hover:bg-slate-100 dark:hover:bg-slate-800 transition-colors" title="退出登录">
|
||||
<LogOut size={18} />
|
||||
</button>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -1,41 +1,8 @@
|
|||
'use client'
|
||||
import { ReactNode, useEffect, useRef } from 'react'
|
||||
import { ReactNode, useEffect } from 'react'
|
||||
interface ModalProps { open: boolean; onClose: () => void; title?: string; children: ReactNode; footer?: ReactNode }
|
||||
export default function Modal({ open, onClose, title, children, footer }: ModalProps) {
|
||||
const footerRef = useRef<HTMLDivElement>(null)
|
||||
|
||||
useEffect(() => {
|
||||
document.body.style.overflow = open ? 'hidden' : ''
|
||||
return () => { document.body.style.overflow = '' }
|
||||
}, [open])
|
||||
|
||||
useEffect(() => {
|
||||
if (!open) return
|
||||
function handleKeyDown(e: KeyboardEvent) {
|
||||
if (e.key === 'Escape') { onClose(); return }
|
||||
if (!footerRef.current) return
|
||||
const buttons = footerRef.current.querySelectorAll('button:not([disabled])')
|
||||
if (buttons.length === 0) return
|
||||
const currentIdx = Array.from(buttons).indexOf(document.activeElement as HTMLButtonElement)
|
||||
if (e.key === 'ArrowLeft' || e.key === 'ArrowRight') {
|
||||
e.preventDefault()
|
||||
const next = e.key === 'ArrowRight'
|
||||
? (currentIdx + 1) % buttons.length
|
||||
: (currentIdx - 1 + buttons.length) % buttons.length
|
||||
;(buttons[next] as HTMLButtonElement).focus()
|
||||
} else if (e.key === 'Enter' && currentIdx >= 0) {
|
||||
e.preventDefault()
|
||||
;(document.activeElement as HTMLButtonElement).click()
|
||||
}
|
||||
}
|
||||
document.addEventListener('keydown', handleKeyDown)
|
||||
const t = setTimeout(() => {
|
||||
const btn = footerRef.current?.querySelector('button:not([disabled])')
|
||||
if (btn) (btn as HTMLButtonElement).focus()
|
||||
}, 100)
|
||||
return () => { document.removeEventListener('keydown', handleKeyDown); clearTimeout(t) }
|
||||
}, [open, onClose])
|
||||
|
||||
useEffect(() => { document.body.style.overflow = open ? 'hidden' : ''; return () => { document.body.style.overflow = '' } }, [open])
|
||||
if (!open) return null
|
||||
return (
|
||||
<div className="fixed inset-0 z-50 flex items-center justify-center">
|
||||
|
|
@ -48,9 +15,7 @@ export default function Modal({ open, onClose, title, children, footer }: ModalP
|
|||
</div>
|
||||
)}
|
||||
<div className="p-6">{children}</div>
|
||||
{footer && (
|
||||
<div ref={footerRef} className="flex items-center justify-end gap-3 px-6 py-4 border-t border-slate-200 dark:border-slate-800">{footer}</div>
|
||||
)}
|
||||
{footer && <div className="flex items-center justify-end gap-3 px-6 py-4 border-t border-slate-200 dark:border-slate-800">{footer}</div>}
|
||||
</div>
|
||||
</div>
|
||||
)
|
||||
|
|
|
|||
|
|
@ -37,64 +37,6 @@ export function hashApiKey(key: string): string { return crypto.createHash('sha2
|
|||
export function generateApiKey(): string { return `ak_${crypto.randomBytes(32).toString('hex')}` }
|
||||
export function verifySession(token: string): SessionPayload | null { return verifyJwt(token) }
|
||||
|
||||
// 统一获取当前会话:优先 tlyq_session(共享 JWT),回退 session_assets(本地 JWT)
|
||||
import { cookies } from 'next/headers'
|
||||
import { verifySharedJwt } from '@/lib/jwt'
|
||||
import { ldapUserExists, ldapGetUserInfo } from '@/lib/ldap'
|
||||
|
||||
export async function getSession(): Promise<SessionPayload | null> {
|
||||
const cookieStore = await cookies()
|
||||
|
||||
// 1. tlyq_session(共享 JWT,LDAP 用户)
|
||||
const sharedToken = cookieStore.get('tlyq_session')?.value
|
||||
if (sharedToken) {
|
||||
const sharedPayload = verifySharedJwt(sharedToken)
|
||||
if (sharedPayload) {
|
||||
// Q1: 检查 LLDAP 中用户是否仍存在(已删除则强制退出)
|
||||
if (!(await ldapUserExists(sharedPayload.username))) {
|
||||
cookieStore.set('tlyq_session', '', { maxAge: 0, path: '/' })
|
||||
cookieStore.set('session_assets', '', { maxAge: 0, path: '/' })
|
||||
return null
|
||||
}
|
||||
const row = db.prepare(
|
||||
'SELECT id, username, role, email FROM users WHERE username = ? AND is_active = 1'
|
||||
).get(sharedPayload.username) as { id: number; username: string; role: string; email: string | null } | undefined
|
||||
if (row) {
|
||||
if (!row.email) {
|
||||
const info = await ldapGetUserInfo(sharedPayload.username)
|
||||
if (info?.email) db.prepare('UPDATE users SET email = ? WHERE id = ?').run(info.email, row.id)
|
||||
}
|
||||
db.prepare("UPDATE users SET last_login_at = datetime('now', '+8 hours'), last_active_at = datetime('now', '+8 hours') WHERE id = ?").run(row.id)
|
||||
return { userId: row.id, username: row.username, role: row.role }
|
||||
}
|
||||
// SSO 免登录:LLDAP 验证通过但本地无记录 → 自动创建(viewer 角色)
|
||||
const ldapInfo = await ldapGetUserInfo(sharedPayload.username)
|
||||
const displayName = ldapInfo?.displayName || sharedPayload.displayName
|
||||
const email = ldapInfo?.email ?? null
|
||||
db.prepare(
|
||||
"INSERT OR IGNORE INTO users (username, display_name, email, role, is_active, created_at, updated_at) VALUES (?, ?, ?, 'viewer', 1, datetime('now', '+8 hours'), datetime('now', '+8 hours'))"
|
||||
).run(sharedPayload.username, displayName, email)
|
||||
const newRow = db.prepare(
|
||||
'SELECT id, username, role FROM users WHERE username = ? AND is_active = 1'
|
||||
).get(sharedPayload.username) as { id: number; username: string; role: string } | undefined
|
||||
if (newRow) {
|
||||
return { userId: newRow.id, username: newRow.username, role: newRow.role }
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 2. session_assets(本地 JWT,admin 账号或紧急绕过)
|
||||
const token = cookieStore.get('session_assets')?.value
|
||||
if (token) {
|
||||
const payload = verifyJwt(token)
|
||||
if (payload) {
|
||||
db.prepare("UPDATE users SET last_login_at = datetime('now', '+8 hours'), last_active_at = datetime('now', '+8 hours') WHERE id = ?").run(payload.userId)
|
||||
return payload
|
||||
}
|
||||
}
|
||||
return null
|
||||
}
|
||||
|
||||
export function verifyApiKey(key: string): { id: number; name: string; permissions: string[] } | null {
|
||||
if (!key.startsWith('ak_')) return null
|
||||
const keyHash = hashApiKey(key)
|
||||
|
|
@ -102,6 +44,6 @@ export function verifyApiKey(key: string): { id: number; name: string; permissio
|
|||
.get(keyHash) as { id: number; name: string; permissions: string } | undefined
|
||||
if (!row) return null
|
||||
if (row.expires_at && new Date(row.expires_at) < new Date()) return null
|
||||
db.prepare("UPDATE api_keys SET last_used_at = datetime('now', '+8 hours') WHERE id = ?").run(row.id)
|
||||
db.prepare("UPDATE api_keys SET last_used_at = datetime('now') WHERE id = ?").run(row.id)
|
||||
return { id: row.id, name: row.name, permissions: JSON.parse(row.permissions) }
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,21 +11,21 @@ export function initDatabase() {
|
|||
email TEXT,
|
||||
role TEXT NOT NULL DEFAULT 'viewer',
|
||||
is_active INTEGER NOT NULL DEFAULT 1,
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now', '+8 hours')),
|
||||
updated_at TEXT NOT NULL DEFAULT (datetime('now', '+8 hours'))
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now')),
|
||||
updated_at TEXT NOT NULL DEFAULT (datetime('now'))
|
||||
);
|
||||
CREATE TABLE IF NOT EXISTS roles (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
name TEXT NOT NULL UNIQUE,
|
||||
display_name TEXT NOT NULL,
|
||||
permissions TEXT NOT NULL DEFAULT '[]',
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now', '+8 hours'))
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now'))
|
||||
);
|
||||
CREATE TABLE IF NOT EXISTS sessions (
|
||||
id TEXT PRIMARY KEY,
|
||||
user_id INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
|
||||
expires_at TEXT NOT NULL,
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now', '+8 hours'))
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now'))
|
||||
);
|
||||
CREATE TABLE IF NOT EXISTS api_keys (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
|
|
@ -36,7 +36,7 @@ export function initDatabase() {
|
|||
expires_at TEXT,
|
||||
is_active INTEGER NOT NULL DEFAULT 1,
|
||||
created_by INTEGER REFERENCES users(id),
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now', '+8 hours'))
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now'))
|
||||
);
|
||||
CREATE TABLE IF NOT EXISTS assets (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
|
|
@ -73,8 +73,8 @@ export function initDatabase() {
|
|||
psu_total_power TEXT,
|
||||
board_model TEXT, board_count INTEGER,
|
||||
raw_data TEXT,
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now', '+8 hours')),
|
||||
updated_at TEXT NOT NULL DEFAULT (datetime('now', '+8 hours'))
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now')),
|
||||
updated_at TEXT NOT NULL DEFAULT (datetime('now'))
|
||||
);
|
||||
CREATE TABLE IF NOT EXISTS audit_logs (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
|
|
@ -85,7 +85,7 @@ export function initDatabase() {
|
|||
entity_id INTEGER,
|
||||
details TEXT,
|
||||
ip_address TEXT,
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now', '+8 hours'))
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now'))
|
||||
);
|
||||
CREATE INDEX IF NOT EXISTS idx_assets_node_name ON assets(node_name);
|
||||
CREATE INDEX IF NOT EXISTS idx_assets_business_ip ON assets(business_ip);
|
||||
|
|
@ -93,53 +93,22 @@ export function initDatabase() {
|
|||
CREATE INDEX IF NOT EXISTS idx_assets_status ON assets(status);
|
||||
`)
|
||||
|
||||
// 迁移:添加 last_login_at 和 last_active_at 列
|
||||
try { db.exec('ALTER TABLE users ADD COLUMN last_login_at TEXT') } catch { /* 列已存在 */ }
|
||||
try { db.exec('ALTER TABLE users ADD COLUMN last_active_at TEXT') } catch { /* 列已存在 */ }
|
||||
|
||||
const existingAdmin = db.prepare('SELECT id FROM users WHERE username = ?').get('admin')
|
||||
if (!existingAdmin) {
|
||||
const passwordHash = bcrypt.hashSync(process.env.ADMIN_PASSWORD || 'admin123', 10)
|
||||
db.prepare("INSERT INTO users (username, password_hash, display_name, role, created_at, updated_at) VALUES (?, ?, ?, ?, datetime('now', '+8 hours'), datetime('now', '+8 hours'))")
|
||||
db.prepare('INSERT INTO users (username, password_hash, display_name, role) VALUES (?, ?, ?, ?)')
|
||||
.run('admin', passwordHash, '管理员', 'admin')
|
||||
}
|
||||
const existingLocalAdmin = db.prepare('SELECT id FROM users WHERE username = ?').get('localadmin')
|
||||
if (!existingLocalAdmin) {
|
||||
const localPasswordHash = bcrypt.hashSync(process.env.LOCALADMIN_PASSWORD || 'admin123', 10)
|
||||
db.prepare("INSERT INTO users (username, password_hash, display_name, role, created_at, updated_at) VALUES (?, ?, ?, ?, datetime('now', '+8 hours'), datetime('now', '+8 hours'))")
|
||||
.run('localadmin', localPasswordHash, '本地管理员', 'admin')
|
||||
}
|
||||
const defaultRoles = [
|
||||
{ name: 'admin', display_name: '管理员', permissions: '["*"]' },
|
||||
{ name: 'editor', display_name: '编辑者', permissions: '["assets:read","assets:create","assets:import","assets:update","assets:delete","assets:export:selected"]' },
|
||||
{ name: 'editor', display_name: '编辑者', permissions: '["assets:read","assets:write","assets:delete"]' },
|
||||
{ name: 'viewer', display_name: '查看者', permissions: '["assets:read"]' },
|
||||
]
|
||||
const builtinNames = new Set(defaultRoles.map(r => r.name))
|
||||
for (const role of defaultRoles) {
|
||||
const existing = db.prepare('SELECT id FROM roles WHERE name = ?').get(role.name)
|
||||
if (!existing) {
|
||||
db.prepare('INSERT INTO roles (name, display_name, permissions) VALUES (?, ?, ?)')
|
||||
.run(role.name, role.display_name, role.permissions)
|
||||
} else if (role.name === 'admin') {
|
||||
// 仅 admin 角色始终同步到最新默认权限,editor/viewer 允许用户自定义
|
||||
db.prepare('UPDATE roles SET permissions = ? WHERE name = ?').run(role.permissions, role.name)
|
||||
}
|
||||
}
|
||||
|
||||
// 迁移旧权限(所有角色,包括内置角色)
|
||||
const allRoles = db.prepare('SELECT id, name, permissions FROM roles').all() as { id: number; name: string; permissions: string }[]
|
||||
for (const r of allRoles) {
|
||||
const perms: string[] = JSON.parse(r.permissions)
|
||||
if (perms.includes('assets:export')) {
|
||||
const upgraded = perms.filter(p => p !== 'assets:export')
|
||||
upgraded.push('assets:export:selected')
|
||||
if (perms.includes('*')) upgraded.push('assets:export:all')
|
||||
db.prepare('UPDATE roles SET permissions = ? WHERE id = ?').run(JSON.stringify(upgraded), r.id)
|
||||
}
|
||||
if (perms.includes('assets:write')) {
|
||||
const upgraded = perms.filter(p => p !== 'assets:write')
|
||||
upgraded.push('assets:create', 'assets:import', 'assets:update')
|
||||
db.prepare('UPDATE roles SET permissions = ? WHERE id = ?').run(JSON.stringify(upgraded), r.id)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,11 +3,11 @@
|
|||
* 封装对 issue-ai 工单系统的 API 调用
|
||||
*
|
||||
* 环境变量:
|
||||
* ISSUE_API_URL — issue-ai API 地址(默认 http://localhost:6176/api,云上必须设 http://issue-ai:3000/api)
|
||||
* ISSUE_API_URL — issue-ai API 地址(默认 http://localhost:5176/api,云上必须设 http://issue-ai:3000/api)
|
||||
* ISSUE_API_KEY — API 密钥(可选,如不设置则需要 Cookie 认证)
|
||||
*/
|
||||
|
||||
const API_BASE = process.env.ISSUE_API_URL || 'http://localhost:6176/api'
|
||||
const API_BASE = process.env.ISSUE_API_URL || 'http://localhost:5176/api'
|
||||
const API_KEY = process.env.ISSUE_API_KEY || ''
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -1,61 +0,0 @@
|
|||
import crypto from 'crypto'
|
||||
|
||||
const JWT_SECRET = process.env.JWT_SECRET || 'change-me-same-across-all-sites'
|
||||
const COOKIE_DOMAIN = process.env.COOKIE_DOMAIN || ''
|
||||
|
||||
export interface SharedSession {
|
||||
username: string
|
||||
displayName: string
|
||||
iat: number
|
||||
exp: number
|
||||
}
|
||||
|
||||
function base64url(str: string): string {
|
||||
return Buffer.from(str).toString('base64url')
|
||||
}
|
||||
|
||||
export function signSharedJwt(
|
||||
payload: { username: string; displayName: string },
|
||||
expiresIn: number = 7 * 24 * 60 * 60
|
||||
): string {
|
||||
const header = { alg: 'HS256', typ: 'JWT' }
|
||||
const now = Math.floor(Date.now() / 1000)
|
||||
const body = { ...payload, iat: now, exp: now + expiresIn }
|
||||
const segments = [base64url(JSON.stringify(header)), base64url(JSON.stringify(body))]
|
||||
const signingInput = segments.join('.')
|
||||
segments.push(
|
||||
crypto.createHmac('sha256', JWT_SECRET).update(signingInput).digest('base64url')
|
||||
)
|
||||
return segments.join('.')
|
||||
}
|
||||
|
||||
export function verifySharedJwt(token: string): SharedSession | null {
|
||||
try {
|
||||
const parts = token.split('.')
|
||||
if (parts.length !== 3) return null
|
||||
const signingInput = parts.slice(0, 2).join('.')
|
||||
const expectedSig = crypto.createHmac('sha256', JWT_SECRET)
|
||||
.update(signingInput).digest('base64url')
|
||||
if (parts[2] !== expectedSig) return null
|
||||
const payload = JSON.parse(Buffer.from(parts[1], 'base64url').toString())
|
||||
if (payload.exp && payload.exp < Math.floor(Date.now() / 1000)) return null
|
||||
return {
|
||||
username: payload.username,
|
||||
displayName: payload.displayName,
|
||||
iat: payload.iat,
|
||||
exp: payload.exp,
|
||||
}
|
||||
} catch { return null }
|
||||
}
|
||||
|
||||
export function sharedCookieConfig(maxAge: number = 7 * 24 * 60 * 60) {
|
||||
return {
|
||||
name: 'tlyq_session',
|
||||
httpOnly: true,
|
||||
secure: process.env.NODE_ENV === 'production',
|
||||
sameSite: 'lax' as const,
|
||||
domain: COOKIE_DOMAIN,
|
||||
path: '/',
|
||||
maxAge,
|
||||
}
|
||||
}
|
||||
|
|
@ -1,90 +0,0 @@
|
|||
import { Client, InvalidCredentialsError } from 'ldapts'
|
||||
import { execFileSync } from 'child_process'
|
||||
|
||||
const LDAP_URL = process.env.LDAP_URL || 'ldap://localhost:3890'
|
||||
const LDAP_BASE_DN = process.env.LDAP_BASE_DN || 'dc=tlyq,dc=ai'
|
||||
|
||||
// 运行时从 LLDAP 容器动态获取 admin 密码,避免明文存于多个 .env
|
||||
// 需要容器挂载 /var/run/docker.sock
|
||||
function getLdapAdminPassword(): string {
|
||||
try {
|
||||
return execFileSync('docker', ['exec', 'lldap', 'printenv', 'LLDAP_ADMIN_PASSWORD'],
|
||||
{ timeout: 3000 }).toString().trim()
|
||||
} catch { return 'admin123' }
|
||||
}
|
||||
|
||||
export interface LdapResult {
|
||||
success: boolean
|
||||
unreachable: boolean
|
||||
username?: string
|
||||
displayName?: string
|
||||
email?: string
|
||||
}
|
||||
|
||||
export async function ldapAuth(
|
||||
username: string,
|
||||
password: string
|
||||
): Promise<LdapResult> {
|
||||
const userDn = `uid=${username},ou=people,${LDAP_BASE_DN}`
|
||||
const client = new Client({ url: LDAP_URL, timeout: 5000 })
|
||||
|
||||
try {
|
||||
await client.bind(userDn, password)
|
||||
try {
|
||||
const { searchEntries } = await client.search(LDAP_BASE_DN, {
|
||||
scope: 'sub',
|
||||
filter: `(uid=${username})`,
|
||||
attributes: ['displayName', 'mail'],
|
||||
timeLimit: 3,
|
||||
})
|
||||
const entry = searchEntries[0] as any
|
||||
const displayName = entry?.displayName || username
|
||||
const email = entry?.mail || null
|
||||
return { success: true, unreachable: false, username, displayName, email }
|
||||
} catch {
|
||||
return { success: true, unreachable: false, username, displayName: username }
|
||||
}
|
||||
} catch (err) {
|
||||
if (err instanceof InvalidCredentialsError) {
|
||||
return { success: false, unreachable: false }
|
||||
}
|
||||
return { success: false, unreachable: true }
|
||||
} finally {
|
||||
await client.unbind()
|
||||
}
|
||||
}
|
||||
|
||||
// 从 LLDAP 获取用户信息(displayName + email),不可达返回 null
|
||||
export async function ldapGetUserInfo(username: string): Promise<{ displayName: string; email: string | null } | null> {
|
||||
const adminDn = process.env.LDAP_ADMIN_DN || 'uid=admin,ou=people,dc=tlyq,dc=ai'
|
||||
const adminPass = getLdapAdminPassword()
|
||||
const client = new Client({ url: LDAP_URL, timeout: 5000 })
|
||||
try {
|
||||
await client.bind(adminDn, adminPass)
|
||||
const { searchEntries } = await client.search(LDAP_BASE_DN, {
|
||||
scope: 'sub', filter: `(uid=${username})`, attributes: ['displayName', 'mail'], timeLimit: 3,
|
||||
})
|
||||
const entry = searchEntries[0] as any
|
||||
return entry ? { displayName: entry.displayName || username, email: entry.mail || null } : null
|
||||
} catch { return null }
|
||||
finally { await client.unbind() }
|
||||
}
|
||||
|
||||
// Q1: 检查 LLDAP 中用户是否存在(用 admin bind 搜索,不在/不可达均返回 true 保证容错)
|
||||
export async function ldapUserExists(username: string): Promise<boolean> {
|
||||
const adminDn = process.env.LDAP_ADMIN_DN || 'uid=admin,ou=people,dc=tlyq,dc=ai'
|
||||
const adminPass = getLdapAdminPassword()
|
||||
const client = new Client({ url: LDAP_URL, timeout: 5000 })
|
||||
|
||||
try {
|
||||
await client.bind(adminDn, adminPass)
|
||||
const { searchEntries } = await client.search(LDAP_BASE_DN, {
|
||||
scope: 'sub', filter: `(uid=${username})`, timeLimit: 3,
|
||||
})
|
||||
return searchEntries.length > 0
|
||||
} catch {
|
||||
return true // LLDAP 不可达 → 不阻断,容错放行
|
||||
} finally {
|
||||
await client.unbind()
|
||||
}
|
||||
}
|
||||
|
|
@ -1,16 +1,6 @@
|
|||
import { NextResponse } from 'next/server'
|
||||
import type { NextRequest } from 'next/server'
|
||||
|
||||
// API Key 验证:检查 ALLOWED_API_KEYS 环境变量(逗号分隔明文 key)
|
||||
// 注意:middleware 运行在 Edge Runtime,不能使用 better-sqlite3 等 Node.js 原生模块
|
||||
// DB 级别的 key 验证在 route handler 中进行(auth.ts verifyApiKey)
|
||||
function verifyApiKey(key: string): boolean {
|
||||
if (!key.startsWith('ak_')) return false
|
||||
const allowedKeys = process.env.ALLOWED_API_KEYS || ''
|
||||
if (!allowedKeys) return false
|
||||
return allowedKeys.split(',').map(k => k.trim()).includes(key)
|
||||
}
|
||||
|
||||
function decodeJwtPayload(token: string): Record<string, unknown> | null {
|
||||
try {
|
||||
const parts = token.split('.')
|
||||
|
|
@ -21,72 +11,36 @@ function decodeJwtPayload(token: string): Record<string, unknown> | null {
|
|||
} catch { return null }
|
||||
}
|
||||
|
||||
function isValidPayload(payload: Record<string, unknown> | null): boolean {
|
||||
if (!payload) return false
|
||||
return !(payload.exp && (payload.exp as number) < Math.floor(Date.now() / 1000))
|
||||
}
|
||||
|
||||
export function middleware(request: NextRequest) {
|
||||
const { pathname } = request.nextUrl
|
||||
if (pathname === '/login' || pathname.startsWith('/api/auth/login')) return NextResponse.next()
|
||||
|
||||
// 登录/退出路径 + 内部 API 放行(自有 key 认证)
|
||||
if (pathname === '/login' || pathname.startsWith('/api/auth/login') || pathname === '/api/auth/logout' || pathname.startsWith('/api/internal/')) {
|
||||
if (pathname.startsWith('/api/')) {
|
||||
const authHeader = request.headers.get('authorization')
|
||||
if (authHeader?.startsWith('Bearer ak_')) return NextResponse.next()
|
||||
const token = request.cookies.get('session_assets')?.value
|
||||
const payload = token ? decodeJwtPayload(token) : null
|
||||
if (!payload?.userId) {
|
||||
return NextResponse.json({ error: '未授权' }, { status: 401 })
|
||||
}
|
||||
return NextResponse.next()
|
||||
}
|
||||
|
||||
// API 路由:检查 Bearer API Key 或 session cookie
|
||||
if (pathname.startsWith('/api/')) {
|
||||
const authHeader = request.headers.get('authorization')
|
||||
if (authHeader?.startsWith('Bearer ak_')) {
|
||||
if (verifyApiKey(authHeader.slice(7))) return NextResponse.next()
|
||||
return NextResponse.json({ error: '未授权' }, { status: 401 })
|
||||
}
|
||||
const token = request.cookies.get('session_assets')?.value
|
||||
const payload = token ? decodeJwtPayload(token) : null
|
||||
const isValidToken = payload?.userId != null
|
||||
|
||||
const sharedToken = request.cookies.get('tlyq_session')?.value
|
||||
const sharedPayload = sharedToken ? decodeJwtPayload(sharedToken) : null
|
||||
if (isValidPayload(sharedPayload)) return NextResponse.next()
|
||||
|
||||
const localToken = request.cookies.get('session_assets')?.value
|
||||
const localPayload = localToken ? decodeJwtPayload(localToken) : null
|
||||
if (isValidPayload(localPayload)) return NextResponse.next()
|
||||
|
||||
return NextResponse.json({ error: '未授权' }, { status: 401 })
|
||||
}
|
||||
|
||||
// 页面路由:优先检查 tlyq_session(共享 JWT),回退 session_assets(本地 JWT)
|
||||
const sharedToken = request.cookies.get('tlyq_session')?.value
|
||||
const sharedPayload = sharedToken ? decodeJwtPayload(sharedToken) : null
|
||||
|
||||
if (isValidPayload(sharedPayload)) {
|
||||
const response = NextResponse.next()
|
||||
response.cookies.set('session', JSON.stringify({ username: sharedPayload.username }), {
|
||||
httpOnly: true,
|
||||
sameSite: 'lax',
|
||||
path: '/',
|
||||
})
|
||||
return response
|
||||
}
|
||||
|
||||
const localToken = request.cookies.get('session_assets')?.value
|
||||
const localPayload = localToken ? decodeJwtPayload(localToken) : null
|
||||
|
||||
if (isValidPayload(localPayload)) {
|
||||
const response = NextResponse.next()
|
||||
response.cookies.set('session', JSON.stringify({ username: localPayload.username }), {
|
||||
httpOnly: true,
|
||||
sameSite: 'lax',
|
||||
path: '/',
|
||||
})
|
||||
return response
|
||||
}
|
||||
|
||||
// 未认证 → 重定向登录页
|
||||
if (!isValidToken) {
|
||||
const loginUrl = new URL('/login', request.url)
|
||||
const dest = pathname + (request.nextUrl.search || '')
|
||||
loginUrl.searchParams.set('redirect', dest)
|
||||
const response = NextResponse.redirect(loginUrl)
|
||||
if (sharedToken) response.cookies.delete('tlyq_session')
|
||||
if (localToken) response.cookies.delete('session_assets')
|
||||
if (token) response.cookies.delete('session_assets')
|
||||
return response
|
||||
}
|
||||
|
||||
const response = NextResponse.next()
|
||||
response.headers.set('x-original-pathname', pathname + (request.nextUrl.search || ''))
|
||||
return response
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue