Feat:支持备份和恢复；支持APIToken鉴权；支持指定部分默认上传设置

2026-05-04 19:06:24 +00:00 · 2025-07-31 16:22:25 +08:00
parent bfc647b604
commit 0b2320fc3c
61 changed files with 704 additions and 103 deletions
--- a/functions/api/manage/apiTokens.js
+++ b/functions/api/manage/apiTokens.js
@@ -0,0 +1,224 @@
+export async function onRequest(context) {
+    // API Token管理，支持创建、删除、列出Token
+    const {
+      request,
+      env,
+      params,
+      waitUntil,
+      next,
+      data,
+    } = context;
+
+    const kv = env.img_url
+    const url = new URL(request.url)
+    const method = request.method
+
+    // GET - 获取所有Token列表
+    if (method === 'GET') {
+        const tokens = await getApiTokens(kv)
+        return new Response(JSON.stringify(tokens), {
+            headers: {
+                'content-type': 'application/json',
+            },
+        })
+    }
+
+    // POST - 创建新Token
+    if (method === 'POST') {
+        const body = await request.json()
+        const { name, permissions, owner } = body
+
+        if (!name || !permissions || !owner) {
+            return new Response(JSON.stringify({ error: '缺少必要参数' }), {
+                status: 400,
+                headers: {
+                    'content-type': 'application/json',
+                },
+            })
+        }
+
+        const token = await createApiToken(kv, name, permissions, owner)
+        return new Response(JSON.stringify(token), {
+            headers: {
+                'content-type': 'application/json',
+            },
+        })
+    }
+
+    // DELETE - 删除Token
+    if (method === 'DELETE') {
+        const tokenId = url.searchParams.get('id')
+        
+        if (!tokenId) {
+            return new Response(JSON.stringify({ error: '缺少Token ID' }), {
+                status: 400,
+                headers: {
+                    'content-type': 'application/json',
+                },
+            })
+        }
+
+        const result = await deleteApiToken(kv, tokenId)
+        return new Response(JSON.stringify(result), {
+            headers: {
+                'content-type': 'application/json',
+            },
+        })
+    }
+
+    // PUT - 更新Token权限
+    if (method === 'PUT') {
+        const body = await request.json()
+        const { tokenId, permissions } = body
+
+        if (!tokenId || !permissions) {
+            return new Response(JSON.stringify({ error: '缺少必要参数' }), {
+                status: 400,
+                headers: {
+                    'content-type': 'application/json',
+                },
+            })
+        }
+
+        const result = await updateApiToken(kv, tokenId, permissions)
+        return new Response(JSON.stringify(result), {
+            headers: {
+                'content-type': 'application/json',
+            },
+        })
+    }
+
+    return new Response('Method not allowed', { status: 405 })
+}
+
+// 获取所有API Token
+async function getApiTokens(kv) {
+    const settingsStr = await kv.get('manage@sysConfig@security')
+    const settings = settingsStr ? JSON.parse(settingsStr) : {}
+    const tokens = settings.apiTokens?.tokens || {}
+    
+    // 返回时不包含实际token值，只返回基本信息
+    const tokenList = Object.keys(tokens).map(id => {
+        const token = tokens[id]
+        return {
+            id,
+            name: token.name,
+            owner: token.owner,
+            permissions: token.permissions,
+            createdAt: token.createdAt,
+            updatedAt: token.updatedAt,
+            token: token.token.substr(0, 15) + '...' // 只显示前15位
+        }
+    })
+    
+    return { tokens: tokenList }
+}
+
+// 创建新的API Token
+async function createApiToken(kv, name, permissions, owner) {
+    const settingsStr = await kv.get('manage@sysConfig@security')
+    const settings = settingsStr ? JSON.parse(settingsStr) : {}
+    
+    if (!settings.apiTokens) {
+        settings.apiTokens = { tokens: {} }
+    }
+    
+    const tokenId = generateTokenId()
+    const token = generateApiToken()
+    const now = new Date().toISOString()
+    
+    const tokenData = {
+        id: tokenId,
+        name,
+        token,
+        owner,
+        permissions,
+        createdAt: now,
+        updatedAt: now
+    }
+    
+    settings.apiTokens.tokens[tokenId] = tokenData
+    
+    // 保存到KV
+    await kv.put('manage@sysConfig@security', JSON.stringify(settings))
+    
+    return {
+        id: tokenId,
+        name,
+        token,
+        owner,
+        permissions,
+        createdAt: now,
+        updatedAt: now
+    }
+}
+
+// 删除API Token
+async function deleteApiToken(kv, tokenId) {
+    const settingsStr = await kv.get('manage@sysConfig@security')
+    const settings = settingsStr ? JSON.parse(settingsStr) : {}
+    
+    if (!settings.apiTokens?.tokens?.[tokenId]) {
+        return { error: 'Token 不存在' }
+    }
+    
+    delete settings.apiTokens.tokens[tokenId]
+    
+    // 保存到KV
+    await kv.put('manage@sysConfig@security', JSON.stringify(settings))
+    
+    return { success: true, message: 'Token 已删除' }
+}
+
+// 更新API Token权限
+async function updateApiToken(kv, tokenId, permissions) {
+    const settingsStr = await kv.get('manage@sysConfig@security')
+    const settings = settingsStr ? JSON.parse(settingsStr) : {}
+    
+    if (!settings.apiTokens?.tokens?.[tokenId]) {
+        return { error: 'Token 不存在' }
+    }
+    
+    settings.apiTokens.tokens[tokenId].permissions = permissions
+    settings.apiTokens.tokens[tokenId].updatedAt = new Date().toISOString()
+    
+    // 保存到KV
+    await kv.put('manage@sysConfig@security', JSON.stringify(settings))
+    
+    return { 
+        success: true, 
+        message: 'Token 权限已更新',
+        token: settings.apiTokens.tokens[tokenId]
+    }
+}
+
+// 生成随机Token
+function generateApiToken() {
+    const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
+    let result = 'imgbed_'
+    for (let i = 0; i < 32; i++) {
+        result += chars.charAt(Math.floor(Math.random() * chars.length))
+    }
+    return result
+}
+
+// 生成Token ID
+function generateTokenId() {
+    return Date.now().toString(36) + Math.random().toString(36).substring(2)
+}
+
+// 根据Token获取权限（供其他API使用）
+export async function getTokenPermissions(kv, token) {
+    const settingsStr = await kv.get('manage@sysConfig@security')
+    const settings = settingsStr ? JSON.parse(settingsStr) : {}
+    const tokens = settings.apiTokens?.tokens || {}
+    
+    // 查找匹配的token
+    for (const tokenId in tokens) {
+        if (tokens[tokenId].token === token) {
+            return tokens[tokenId].permissions
+        }
+    }
+    
+    return null
+}