loveuer/ushare
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

feat: add token-based API access (v0.6.0)
Some checks are pending
Release Binaries / Build and Release (.exe, amd64, windows, windows-amd64) (push) Waiting to run
Details
Release Binaries / Build and Release (amd64, darwin, darwin-amd64) (push) Waiting to run
Details
Release Binaries / Build and Release (amd64, linux, linux-amd64) (push) Waiting to run
Details
Release Binaries / Build and Release (arm64, darwin, darwin-arm64) (push) Waiting to run
Details
Release Binaries / Build and Release (arm64, linux, linux-arm64) (push) Waiting to run
Details

Browse Source 
- Add Token GORM model with UserID/Name/Token/LastUsedAt/ExpiresAt fields
- Add TokenManager controller: List/Create/Delete/Verify operations
- Add token HTTP handlers: list, create, revoke
- Update AuthVerify to support Bearer token auth; API tokens use "ust_" prefix to distinguish from session tokens
- Add one-step file upload endpoint: PUT /api/v1/upload/:filename (returns {"status":200,"data":{"code":"..."}})
- Add token management routes: GET/POST/DELETE /api/token
- Add /self page: personal center with account info, token management table, and curl usage guide
- Add "个人中心 / API Token" nav link for users with token_manage permission

🤖 Generated with [Qoder][https://qoder.com]
This commit is contained in:
loveuer
2026-02-28 01:32:08 -08:00
parent 6286332896
commit ef6347a8b4
11 changed files with 765 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
frontend/src/api/token.ts Normal file
View File

@@ -0,0 +1,53 @@
export interface ApiToken {
id: number;
user_id: number;
name: string;
created_at: string;
last_used_at: string | null;
expires_at: string | null;
}
export interface CreateTokenRes {
id: number;
name: string;
token: string;
created_at: string;
}
const jsonHeaders: HeadersInit = {'Content-Type': 'application/json'};
export const tokenApi = {
list: async (): Promise<ApiToken[]> => {
const res = await fetch('/api/token', {headers: jsonHeaders});
if (!res.ok) {
const json = await res.json().catch(() => ({}));
throw new Error(json.msg || '查询失败');
}
return (await res.json()).data;
},
create: async (name: string): Promise<CreateTokenRes> => {
const res = await fetch('/api/token', {
method: 'POST',
headers: jsonHeaders,
body: JSON.stringify({name}),
});
if (!res.ok) {
const json = await res.json().catch(() => ({}));
throw new Error(json.msg || '创建失败');
}
return (await res.json()).data;
},
delete: async (id: number): Promise<void> => {
const res = await fetch('/api/token', {
method: 'DELETE',
headers: jsonHeaders,
body: JSON.stringify({id}),
});
if (!res.ok) {
const json = await res.json().catch(() => ({}));
throw new Error(json.msg || '删除失败');
}
},
};

2
frontend/src/main.tsx
View File

@@ -7,6 +7,7 @@ import {FileSharing} from "./page/share/share.tsx";
import {LocalSharing} from "./page/local/local.tsx"; import {LocalSharing} from "./page/local/local.tsx";
import {TestPage} from "./page/test/test.tsx"; import {TestPage} from "./page/test/test.tsx";
import {AdminPage} from "./page/admin/admin.tsx"; import {AdminPage} from "./page/admin/admin.tsx";
import {SelfPage} from "./page/self/self.tsx";
const container = document.getElementById('root') const container = document.getElementById('root')
const root = createRoot(container!) const root = createRoot(container!)
@@ -14,6 +15,7 @@ const router = createBrowserRouter([
{path: "/login", element: <Login />}, {path: "/login", element: <Login />},
{path: "/share", element: <FileSharing />}, {path: "/share", element: <FileSharing />},
{path: "/admin", element: <AdminPage />}, {path: "/admin", element: <AdminPage />},
{path: "/self", element: <SelfPage />},
{path: "/test", element: <TestPage />}, {path: "/test", element: <TestPage />},
{path: "*", element: <LocalSharing />}, {path: "*", element: <LocalSharing />},
]) ])

429
frontend/src/page/self/self.tsx Normal file
View File

@@ -0,0 +1,429 @@
import React, {useEffect, useState} from 'react';
import {createUseStyles} from 'react-jss';
import {tokenApi, ApiToken, CreateTokenRes} from '../../api/token.ts';
import {message} from '../../hook/message/u-message.tsx';
import {UButton} from '../../component/button/u-button.tsx';
const useStyle = createUseStyles({
container: {
minHeight: '100vh',
backgroundColor: '#e3f2fd',
padding: '24px',
boxSizing: 'border-box',
fontFamily: "'Segoe UI', Arial, sans-serif",
},
header: {
display: 'flex',
alignItems: 'center',
gap: '16px',
marginBottom: '24px',
},
backBtn: {
background: 'transparent',
border: '2px solid #2c9678',
color: '#2c9678',
borderRadius: '6px',
padding: '6px 14px',
cursor: 'pointer',
fontSize: '14px',
transition: 'background-color 0.2s',
'&:hover': {backgroundColor: 'rgba(44,150,120,0.1)'},
},
title: {
color: '#2c9678',
margin: 0,
fontSize: '22px',
fontWeight: 600,
},
card: {
backgroundColor: '#C8E6C9',
boxShadow: 'inset 0 0 15px rgba(56, 142, 60, 0.15)',
borderRadius: '15px',
padding: '24px',
marginBottom: '24px',
},
cardTitle: {
color: '#2c9678',
marginTop: 0,
marginBottom: '16px',
fontSize: '16px',
fontWeight: 600,
},
table: {
width: '100%',
borderCollapse: 'collapse',
fontSize: '14px',
},
th: {
backgroundColor: 'rgba(44,150,120,0.15)',
padding: '10px 12px',
textAlign: 'left',
color: '#2c9678',
fontWeight: 600,
borderBottom: '2px solid rgba(44,150,120,0.3)',
},
td: {
padding: '10px 12px',
borderBottom: '1px solid rgba(44,150,120,0.2)',
color: '#333',
},
trHover: {
'&:hover': {backgroundColor: 'rgba(44,150,120,0.05)'},
},
emptyRow: {
textAlign: 'center',
color: '#888',
padding: '24px',
},
actionBtn: {
padding: '4px 12px',
borderRadius: '4px',
border: 'none',
cursor: 'pointer',
fontSize: '13px',
transition: 'opacity 0.2s',
'&:hover': {opacity: 0.8},
},
deleteBtn: {
backgroundColor: '#e53935',
color: 'white',
},
topBar: {
display: 'flex',
justifyContent: 'space-between',
alignItems: 'center',
marginBottom: '16px',
},
// Dialog overlay
overlay: {
position: 'fixed',
inset: 0,
backgroundColor: 'rgba(0,0,0,0.4)',
display: 'flex',
alignItems: 'center',
justifyContent: 'center',
zIndex: 1000,
},
dialog: {
backgroundColor: '#C8E6C9',
borderRadius: '15px',
padding: '28px',
width: '440px',
maxWidth: '90vw',
boxShadow: '0 8px 32px rgba(0,0,0,0.2)',
},
dialogTitle: {
color: '#2c9678',
marginTop: 0,
marginBottom: '20px',
fontSize: '16px',
fontWeight: 600,
},
label: {
display: 'block',
color: '#2c9678',
fontSize: '13px',
marginBottom: '6px',
fontWeight: 500,
},
input: {
width: '100%',
padding: '8px 12px',
borderRadius: '6px',
border: '1px solid rgba(44,150,120,0.4)',
fontSize: '14px',
marginBottom: '16px',
boxSizing: 'border-box',
backgroundColor: 'rgba(255,255,255,0.8)',
outline: 'none',
'&:focus': {borderColor: '#2c9678'},
},
dialogFooter: {
display: 'flex',
gap: '10px',
justifyContent: 'flex-end',
},
cancelBtn: {
padding: '8px 18px',
borderRadius: '6px',
border: '2px solid #2c9678',
background: 'transparent',
color: '#2c9678',
cursor: 'pointer',
fontSize: '14px',
'&:hover': {backgroundColor: 'rgba(44,150,120,0.1)'},
},
tokenValueBox: {
backgroundColor: 'rgba(255,255,255,0.9)',
borderRadius: '8px',
padding: '12px 14px',
fontFamily: 'monospace',
fontSize: '13px',
wordBreak: 'break-all',
marginBottom: '12px',
color: '#1a1a2e',
border: '1px solid rgba(44,150,120,0.4)',
},
warningText: {
color: '#e53935',
fontSize: '12px',
marginBottom: '16px',
},
copyBtn: {
padding: '8px 18px',
borderRadius: '6px',
border: 'none',
background: '#2c9678',
color: 'white',
cursor: 'pointer',
fontSize: '14px',
'&:hover': {backgroundColor: '#1f6d5a'},
},
usageCard: {
backgroundColor: 'rgba(255,255,255,0.5)',
borderRadius: '10px',
padding: '16px 20px',
},
usageTitle: {
color: '#2c9678',
margin: '0 0 10px',
fontSize: '14px',
fontWeight: 600,
},
pre: {
margin: '6px 0',
padding: '10px 14px',
backgroundColor: '#1a1a2e',
color: '#c3e88d',
borderRadius: '6px',
fontSize: '13px',
overflowX: 'auto',
fontFamily: 'monospace',
},
});
interface Session {
user_id: number;
username: string;
role_label: string;
permissions: string[];
}
export const SelfPage: React.FC = () => {
const style = useStyle();
const [session, setSession] = useState<Session | null>(null);
const [tokens, setTokens] = useState<ApiToken[]>([]);
const [loading, setLoading] = useState(true);
const [showCreate, setShowCreate] = useState(false);
const [newTokenName, setNewTokenName] = useState('');
const [creating, setCreating] = useState(false);
const [createdToken, setCreatedToken] = useState<CreateTokenRes | null>(null);
useEffect(() => {
fetch('/api/uauth/me')
.then(async res => {
if (!res.ok) {
window.location.href = '/login';
return;
}
const json = await res.json();
const s: Session = json.data;
setSession(s);
if (!s.permissions.includes('token_manage')) {
message.warning('无 Token 管理权限');
return;
}
return loadTokens();
})
.catch(() => {
window.location.href = '/login';
})
.finally(() => setLoading(false));
}, []);
async function loadTokens() {
try {
const list = await tokenApi.list();
setTokens(list ?? []);
} catch (e: unknown) {
message.error(e instanceof Error ? e.message : '加载失败');
}
}
async function handleCreate() {
if (!newTokenName.trim()) {
message.warning('请输入 Token 名称');
return;
}
setCreating(true);
try {
const res = await tokenApi.create(newTokenName.trim());
setCreatedToken(res);
setNewTokenName('');
setShowCreate(false);
await loadTokens();
} catch (e: unknown) {
message.error(e instanceof Error ? e.message : '创建失败');
} finally {
setCreating(false);
}
}
async function handleDelete(id: number, name: string) {
if (!confirm(`确认吊销 Token「${name}」?`)) return;
try {
await tokenApi.delete(id);
message.success('已吊销');
setTokens(prev => prev.filter(t => t.id !== id));
} catch (e: unknown) {
message.error(e instanceof Error ? e.message : '操作失败');
}
}
function handleCopyToken(val: string) {
navigator.clipboard.writeText(val)
.then(() => message.success('已复制到剪贴板'))
.catch(() => message.warning('复制失败,请手动复制'));
}
function formatDate(s: string | null) {
if (!s) return '-';
return new Date(s).toLocaleString();
}
const hasTokenPerm = session?.permissions.includes('token_manage') ?? false;
return (
<div className={style.container}>
<div className={style.header}>
<button className={style.backBtn} onClick={() => window.history.back()}> </button>
<h2 className={style.title}></h2>
</div>
{!loading && session && (
<>
{/* User info card */}
<div className={style.card}>
<h3 className={style.cardTitle}></h3>
<p style={{margin: '4px 0', color: '#333', fontSize: '14px'}}>
<strong>{session.username}</strong>
</p>
<p style={{margin: '4px 0', color: '#333', fontSize: '14px'}}>
<strong>{session.role_label}</strong>
</p>
</div>
{/* Token management card */}
{hasTokenPerm && (
<div className={style.card}>
<div className={style.topBar}>
<h3 className={style.cardTitle} style={{margin: 0}}>API Token</h3>
<UButton onClick={() => setShowCreate(true)}>+ Token</UButton>
</div>
<table className={style.table}>
<thead>
<tr>
<th className={style.th}></th>
<th className={style.th}></th>
<th className={style.th}>使</th>
<th className={style.th}></th>
</tr>
</thead>
<tbody>
{tokens.length === 0 ? (
<tr>
<td className={style.td} colSpan={4} style={{textAlign: 'center', color: '#888'}}>
Token Token
</td>
</tr>
) : (
tokens.map(t => (
<tr key={t.id} className={style.trHover}>
<td className={style.td}>{t.name}</td>
<td className={style.td}>{formatDate(t.created_at)}</td>
<td className={style.td}>{formatDate(t.last_used_at)}</td>
<td className={style.td}>
<button
className={`${style.actionBtn} ${style.deleteBtn}`}
onClick={() => handleDelete(t.id, t.name)}
>
</button>
</td>
</tr>
))
)}
</tbody>
</table>
{/* Usage guide */}
<div style={{marginTop: '20px'}}>
<div className={style.usageCard}>
<p className={style.usageTitle}>使curl </p>
<pre className={style.pre}>{`curl -H "Authorization: Bearer <your_token>" \\
-T <file_path> \\
https://<your_domain>/api/v1/upload/<filename>`}</pre>
<p style={{margin: '8px 0 4px', color: '#555', fontSize: '13px'}}></p>
<pre className={style.pre}>{`{"status":200,"data":{"code":"ABCD1234"}}`}</pre>
<p style={{margin: '8px 0 4px', color: '#555', fontSize: '13px'}}></p>
<pre className={style.pre}>{`https://<your_domain>/ushare/<code>`}</pre>
</div>
</div>
</div>
)}
{!hasTokenPerm && (
<div className={style.card}>
<p style={{color: '#888', margin: 0}}> Token </p>
</div>
)}
</>
)}
{/* Create token dialog */}
{showCreate && (
<div className={style.overlay} onClick={() => setShowCreate(false)}>
<div className={style.dialog} onClick={e => e.stopPropagation()}>
<h3 className={style.dialogTitle}> API Token</h3>
<label className={style.label}>Token </label>
<input
className={style.input}
placeholder="例:服务器上传脚本"
value={newTokenName}
onChange={e => setNewTokenName(e.target.value)}
onKeyDown={e => e.key === 'Enter' && handleCreate()}
autoFocus
/>
<div className={style.dialogFooter}>
<button className={style.cancelBtn} onClick={() => setShowCreate(false)}></button>
<UButton onClick={handleCreate} loading={creating} disabled={creating}>
</UButton>
</div>
</div>
</div>
)}
{/* Newly created token display - shown only once */}
{createdToken && (
<div className={style.overlay} onClick={() => setCreatedToken(null)}>
<div className={style.dialog} onClick={e => e.stopPropagation()}>
<h3 className={style.dialogTitle}>Token </h3>
<p className={style.warningText}>
Token
</p>
<label className={style.label}>Token {createdToken.name}</label>
<div className={style.tokenValueBox}>{createdToken.token}</div>
<div className={style.dialogFooter}>
<button className={style.cancelBtn} onClick={() => setCreatedToken(null)}></button>
<button className={style.copyBtn} onClick={() => handleCopyToken(createdToken.token)}>
Token
</button>
</div>
</div>
</div>
)}
</div>
);
};

11
frontend/src/page/share/component/panel-left.tsx
View File

@@ -70,6 +70,12 @@ const useUploadStyle = createUseStyles({
opacity: 0.8, opacity: 0.8,
'&:hover': {opacity: 1, textDecoration: 'underline'}, '&:hover': {opacity: 1, textDecoration: 'underline'},
}, },
navLinks: {
display: 'flex',
justifyContent: 'center',
gap: '16px',
marginTop: '16px',
},
}) })
const useShowStyle = createUseStyles({ const useShowStyle = createUseStyles({
@@ -190,6 +196,7 @@ const PanelLeftUpload: React.FC<{ set_code: (code:string) => void }> = ({set_cod
const {file, setFile} = useStore() const {file, setFile} = useStore()
const {uploadFile, progress, loading} = useFileUpload(); const {uploadFile, progress, loading} = useFileUpload();
const [isAdmin, setIsAdmin] = useState(false); const [isAdmin, setIsAdmin] = useState(false);
const [hasTokenPerm, setHasTokenPerm] = useState(false);
useEffect(() => { useEffect(() => {
fetch('/api/uauth/me').then(async res => { fetch('/api/uauth/me').then(async res => {
@@ -197,6 +204,7 @@ const PanelLeftUpload: React.FC<{ set_code: (code:string) => void }> = ({set_cod
const json = await res.json(); const json = await res.json();
const perms: string[] = json.data?.permissions ?? []; const perms: string[] = json.data?.permissions ?? [];
setIsAdmin(perms.includes('user_manage')); setIsAdmin(perms.includes('user_manage'));
setHasTokenPerm(perms.includes('token_manage'));
} }
}).catch(() => {}); }).catch(() => {});
}, []); }, []);
@@ -249,6 +257,9 @@ const PanelLeftUpload: React.FC<{ set_code: (code:string) => void }> = ({set_cod
{isAdmin && ( {isAdmin && (
<a href="/admin" className={style.adminLink}></a> <a href="/admin" className={style.adminLink}></a>
)} )}
{hasTokenPerm && (
<a href="/self" className={style.adminLink}> / API Token</a>
)}
</div> </div>
</div> </div>
} }

11
internal/api/api.go
View File

@@ -50,6 +50,17 @@ func Start(ctx context.Context) <-chan struct{} {
api.Get("/roles", handler.AuthVerify(), handler.AuthPermission(model.PermUserManage), handler.AdminListRoles()) api.Get("/roles", handler.AuthVerify(), handler.AuthPermission(model.PermUserManage), handler.AdminListRoles())
} }
// Token management
{
api := app.Group("/api/token")
api.Get("", handler.AuthVerify(), handler.AuthPermission(model.PermTokenManage), handler.TokenList())
api.Post("", handler.AuthVerify(), handler.AuthPermission(model.PermTokenManage), handler.TokenCreate())
api.Delete("", handler.AuthVerify(), handler.AuthPermission(model.PermTokenManage), handler.TokenDelete())
}
// API v1 - token-authenticated file upload
app.Put("/api/v1/upload/:filename", handler.AuthVerify(), handler.AuthPermission(model.PermUpload), handler.ShareAPIUpload())
// Frontend static files // Frontend static files
app.Use(handler.ServeFrontendMiddleware()) app.Use(handler.ServeFrontendMiddleware())

97
internal/controller/token.go Normal file
View File

@@ -0,0 +1,97 @@
package controller
import (
"strings"
"time"
"github.com/loveuer/ushare/internal/model"
"github.com/loveuer/ushare/internal/pkg/db"
"github.com/loveuer/ushare/internal/pkg/tool"
"github.com/pkg/errors"
)
type tokenManager struct{}
var TokenManager = &tokenManager{}
// List returns all tokens belonging to a user (token value is not exposed).
func (tm *tokenManager) List(userID uint) ([]model.Token, error) {
var tokens []model.Token
if err := db.Default.Session().Where("user_id = ?", userID).Order("created_at desc").Find(&tokens).Error; err != nil {
return nil, errors.Wrap(err, "list tokens failed")
}
return tokens, nil
}
// Create generates a new API token for the given user and returns the full token value (only shown once).
func (tm *tokenManager) Create(userID uint, name string) (*model.Token, string, error) {
name = strings.TrimSpace(name)
if name == "" {
return nil, "", errors.New("token 名称不能为空")
}
rawToken := model.TokenPrefix + tool.RandomString(32)
t := &model.Token{
UserID: userID,
Name: name,
Token: rawToken,
}
if err := db.Default.Session().Create(t).Error; err != nil {
return nil, "", errors.Wrap(err, "create token failed")
}
return t, rawToken, nil
}
// Delete removes a token by ID, only if it belongs to the given user.
func (tm *tokenManager) Delete(userID uint, tokenID uint) error {
result := db.Default.Session().
Where("id = ? AND user_id = ?", tokenID, userID).
Delete(&model.Token{})
if result.Error != nil {
return errors.Wrap(result.Error, "delete token failed")
}
if result.RowsAffected == 0 {
return errors.New("token 不存在或无权限删除")
}
return nil
}
// Verify looks up a DB API token and returns a Session if valid.
func (tm *tokenManager) Verify(rawToken string) (*model.Session, error) {
var t model.Token
err := db.Default.Session().
Where("token = ?", rawToken).
Preload("User").
Preload("User.Role").
First(&t).Error
if err != nil {
return nil, errors.New("无效的 API Token")
}
if t.ExpiresAt != nil && time.Now().After(*t.ExpiresAt) {
return nil, errors.New("API Token 已过期")
}
// Update last_used_at asynchronously
now := time.Now()
go db.Default.Session().Model(&t).Update("last_used_at", now) //nolint:errcheck
session := &model.Session{
UserID: t.User.ID,
Username: t.User.Username,
Role: t.User.Role.Name,
RoleLabel: t.User.Role.Label,
Permissions: t.User.Role.PermissionList(),
LoginAt: now.Unix(),
Token: rawToken,
}
return session, nil
}

22
internal/handler/auth.go
View File

@@ -3,6 +3,7 @@ package handler
import ( import (
"fmt" "fmt"
"net/http" "net/http"
"strings"
"github.com/loveuer/nf" "github.com/loveuer/nf"
"github.com/loveuer/ushare/internal/controller" "github.com/loveuer/ushare/internal/controller"
@@ -11,8 +12,12 @@ import (
func AuthVerify() nf.HandlerFunc { func AuthVerify() nf.HandlerFunc {
tokenFn := func(c *nf.Ctx) (token string) { tokenFn := func(c *nf.Ctx) (token string) {
if token = c.Get("Authorization"); token != "" { if raw := c.Get("Authorization"); raw != "" {
return // Strip "Bearer " prefix if present
if strings.HasPrefix(raw, "Bearer ") {
return strings.TrimPrefix(raw, "Bearer ")
}
return raw
} }
token = c.Cookies("ushare") token = c.Cookies("ushare")
return return
@@ -24,7 +29,18 @@ func AuthVerify() nf.HandlerFunc {
return c.Status(http.StatusUnauthorized).JSON(map[string]string{"error": "unauthorized"}) return c.Status(http.StatusUnauthorized).JSON(map[string]string{"error": "unauthorized"})
} }
session, err := controller.UserManager.Verify(token) var (
session *model.Session
err error
)
// API tokens have the "ust_" prefix; session tokens do not.
if strings.HasPrefix(token, model.TokenPrefix) {
session, err = controller.TokenManager.Verify(token)
} else {
session, err = controller.UserManager.Verify(token)
}
if err != nil { if err != nil {
return c.Status(http.StatusUnauthorized).JSON(map[string]string{"error": "unauthorized", "msg": err.Error()}) return c.Status(http.StatusUnauthorized).JSON(map[string]string{"error": "unauthorized", "msg": err.Error()})
} }

42
internal/handler/share.go
View File

@@ -2,6 +2,11 @@ package handler
import ( import (
"fmt" "fmt"
"net/http"
"os"
"regexp"
"strings"
"github.com/loveuer/nf" "github.com/loveuer/nf"
"github.com/loveuer/nf/nft/log" "github.com/loveuer/nf/nft/log"
"github.com/loveuer/ushare/internal/controller" "github.com/loveuer/ushare/internal/controller"
@@ -10,10 +15,6 @@ import (
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/spf13/cast" "github.com/spf13/cast"
"github.com/spf13/viper" "github.com/spf13/viper"
"net/http"
"os"
"regexp"
"strings"
) )
func Fetch() nf.HandlerFunc { func Fetch() nf.HandlerFunc {
@@ -116,3 +117,36 @@ func ShareUpload() nf.HandlerFunc {
return c.Status(http.StatusOK).JSON(map[string]any{"size": total, "cursor": cursor}) return c.Status(http.StatusOK).JSON(map[string]any{"size": total, "cursor": cursor})
} }
} }
// ShareAPIUpload handles one-step file upload via API token.
// PUT /api/v1/upload/:filename
// Accepts the raw file body and Content-Length header, returns the download code.
func ShareAPIUpload() nf.HandlerFunc {
return func(c *nf.Ctx) error {
filename := strings.TrimSpace(c.Param("filename"))
if filename == "" {
return c.Status(http.StatusBadRequest).JSON(map[string]string{"msg": "filename required"})
}
size, err := cast.ToInt64E(c.Request.ContentLength)
if err != nil || size <= 0 {
return c.Status(http.StatusBadRequest).JSON(map[string]string{"msg": "Content-Length header required"})
}
code, err := controller.MetaManager.New(size, filename, c.IP())
if err != nil {
return c.Status(http.StatusInternalServerError).JSON(map[string]string{"msg": "create upload failed"})
}
_, _, err = controller.MetaManager.Write(code, 0, size-1, c.Request.Body)
if err != nil {
log.Error("handler.ShareAPIUpload: write error: %s", err)
return c.Status(http.StatusInternalServerError).JSON(map[string]string{"msg": "upload failed"})
}
return c.Status(http.StatusOK).JSON(map[string]any{
"status": 200,
"data": map[string]string{"code": code},
})
}
}

85
internal/handler/token.go Normal file
View File

@@ -0,0 +1,85 @@
package handler
import (
"net/http"
"github.com/loveuer/nf"
"github.com/loveuer/ushare/internal/controller"
"github.com/loveuer/ushare/internal/model"
)
func TokenList() nf.HandlerFunc {
return func(c *nf.Ctx) error {
session, ok := c.Locals("user").(*model.Session)
if !ok || session == nil {
return c.Status(http.StatusUnauthorized).JSON(map[string]string{"error": "unauthorized"})
}
tokens, err := controller.TokenManager.List(session.UserID)
if err != nil {
return c.Status(http.StatusInternalServerError).JSON(map[string]string{"msg": err.Error()})
}
return c.Status(http.StatusOK).JSON(map[string]any{"data": tokens})
}
}
func TokenCreate() nf.HandlerFunc {
return func(c *nf.Ctx) error {
session, ok := c.Locals("user").(*model.Session)
if !ok || session == nil {
return c.Status(http.StatusUnauthorized).JSON(map[string]string{"error": "unauthorized"})
}
type Req struct {
Name string `json:"name"`
}
var req Req
if err := c.BodyParser(&req); err != nil {
return c.Status(http.StatusBadRequest).JSON(map[string]string{"msg": "请求格式错误"})
}
t, rawToken, err := controller.TokenManager.Create(session.UserID, req.Name)
if err != nil {
return c.Status(http.StatusBadRequest).JSON(map[string]string{"msg": err.Error()})
}
return c.Status(http.StatusOK).JSON(map[string]any{
"data": map[string]any{
"id": t.ID,
"name": t.Name,
"token": rawToken,
"created_at": t.CreatedAt,
},
})
}
}
func TokenDelete() nf.HandlerFunc {
return func(c *nf.Ctx) error {
session, ok := c.Locals("user").(*model.Session)
if !ok || session == nil {
return c.Status(http.StatusUnauthorized).JSON(map[string]string{"error": "unauthorized"})
}
type Req struct {
ID uint `json:"id"`
}
var req Req
if err := c.BodyParser(&req); err != nil {
return c.Status(http.StatusBadRequest).JSON(map[string]string{"msg": "请求格式错误"})
}
if req.ID == 0 {
return c.Status(http.StatusBadRequest).JSON(map[string]string{"msg": "token id 不能为空"})
}
if err := controller.TokenManager.Delete(session.UserID, req.ID); err != nil {
return c.Status(http.StatusBadRequest).JSON(map[string]string{"msg": err.Error()})
}
return c.Status(http.StatusOK).JSON(map[string]any{"data": "ok"})
}
}

19
internal/model/token.go Normal file
View File

@@ -0,0 +1,19 @@
package model
import "time"
// Token is a personal API token for programmatic file upload.
// Token values are prefixed with "ust_" to distinguish them from session tokens.
type Token struct {
ID uint `gorm:"primarykey" json:"id"`
UserID uint `gorm:"not null;index" json:"user_id"`
User User `gorm:"foreignKey:UserID" json:"-"`
Name string `gorm:"not null" json:"name"`
Token string `gorm:"uniqueIndex;not null" json:"-"`
CreatedAt time.Time `json:"created_at"`
LastUsedAt *time.Time `json:"last_used_at"`
ExpiresAt *time.Time `json:"expires_at"`
}
// TokenPrefix is the prefix for all API token values.
const TokenPrefix = "ust_"

2
main.go
View File

@@ -48,7 +48,7 @@ func main() {
} }
log.Debug("main: db initialized at %s", dbPath) log.Debug("main: db initialized at %s", dbPath)
if err := db.Default.Migrate(&model.Role{}, &model.User{}); err != nil { if err := db.Default.Migrate(&model.Role{}, &model.User{}, &model.Token{}); err != nil {
log.Fatal("main: db migrate failed: %s", err.Error()) log.Fatal("main: db migrate failed: %s", err.Error())
} }