feat: Airwallex 发卡管理后台完整实现

- 后端: FastAPI + SQLAlchemy + SQLite, JWT认证, 代理支持的AirwallexClient - 前端: React 18 + Vite + Ant Design 5, 中文界面 - 功能: 卡片管理, 持卡人管理, 交易记录, API令牌, 系统设置, 审计日志 - 第三方API: X-API-Key认证, 权限控制 - Docker部署: docker-compose编排前后端
2026-03-15 23:05:08 +08:00
commit 4f53889a8e
98 changed files with 10847 additions and 0 deletions
--- a/backend/app/routers/external_api.py
+++ b/backend/app/routers/external_api.py
@@ -0,0 +1,152 @@
+"""External API endpoints for third-party access via X-API-Key."""
+import json
+from datetime import datetime, timezone
+from typing import Optional
+
+from fastapi import APIRouter, Depends, HTTPException, Header, Query, Request
+from sqlalchemy.orm import Session
+
+from app.database import get_db
+from app.models.db_models import ApiToken
+from app.services import airwallex_service
+from app.services.audit_log import create_card_log, create_audit_log
+
+router = APIRouter(prefix="/api/v1", tags=["external"])
+
+
+def verify_api_key(
+    x_api_key: str = Header(..., alias="X-API-Key"),
+    db: Session = Depends(get_db),
+) -> ApiToken:
+    """Verify API key and return token record."""
+    token = db.query(ApiToken).filter(ApiToken.token == x_api_key, ApiToken.is_active == True).first()
+    if not token:
+        raise HTTPException(status_code=401, detail="Invalid or inactive API key")
+
+    # Check expiry
+    if token.expires_at and token.expires_at < datetime.now(timezone.utc):
+        raise HTTPException(status_code=401, detail="API key has expired")
+
+    # Update last used
+    token.last_used_at = datetime.now(timezone.utc)
+    db.commit()
+    return token
+
+
+def check_permission(token: ApiToken, required: str):
+    """Check if token has a required permission."""
+    permissions = json.loads(token.permissions) if token.permissions else []
+    if required not in permissions and "*" not in permissions:
+        raise HTTPException(status_code=403, detail=f"Token lacks permission: {required}")
+
+
+@router.post("/cards/create")
+def external_create_card(
+    card_data: dict,
+    request: Request,
+    db: Session = Depends(get_db),
+    token: ApiToken = Depends(verify_api_key),
+):
+    """Create a new card (external API)."""
+    check_permission(token, "create_cards")
+    try:
+        result = airwallex_service.create_card(db, card_data)
+        create_card_log(
+            db,
+            action="create_card",
+            status="success",
+            operator=f"api:{token.name}",
+            card_id=result.get("card_id", result.get("id", "")),
+            cardholder_id=card_data.get("cardholder_id", ""),
+            request_data=json.dumps(card_data),
+            response_data=json.dumps(result, default=str),
+        )
+        return result
+    except Exception as e:
+        create_card_log(
+            db,
+            action="create_card",
+            status="failed",
+            operator=f"api:{token.name}",
+            cardholder_id=card_data.get("cardholder_id", ""),
+            request_data=json.dumps(card_data),
+            response_data=str(e),
+        )
+        raise HTTPException(status_code=400, detail=str(e))
+
+
+@router.get("/cards")
+def external_list_cards(
+    page_num: int = Query(0, ge=0),
+    page_size: int = Query(20, ge=1, le=100),
+    status: Optional[str] = None,
+    db: Session = Depends(get_db),
+    token: ApiToken = Depends(verify_api_key),
+):
+    """List cards (external API)."""
+    check_permission(token, "read_cards")
+    return airwallex_service.list_cards(db, page_num, page_size, status=status)
+
+
+@router.get("/cards/{card_id}")
+def external_get_card(
+    card_id: str,
+    db: Session = Depends(get_db),
+    token: ApiToken = Depends(verify_api_key),
+):
+    """Get card details (external API)."""
+    check_permission(token, "read_cards")
+    try:
+        return airwallex_service.get_card(db, card_id)
+    except Exception as e:
+        raise HTTPException(status_code=404, detail=str(e))
+
+
+@router.post("/cards/{card_id}/freeze")
+def external_freeze_card(
+    card_id: str,
+    request: Request,
+    db: Session = Depends(get_db),
+    token: ApiToken = Depends(verify_api_key),
+):
+    """Freeze a card (external API)."""
+    check_permission(token, "create_cards")
+    try:
+        result = airwallex_service.update_card(db, card_id, {"status": "SUSPENDED"})
+        create_audit_log(
+            db,
+            action="freeze_card",
+            resource_type="card",
+            resource_id=card_id,
+            operator=f"api:{token.name}",
+            ip_address=request.client.host if request.client else "",
+        )
+        return result
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+
+@router.get("/transactions")
+def external_list_transactions(
+    page_num: int = Query(0, ge=0),
+    page_size: int = Query(20, ge=1, le=100),
+    card_id: Optional[str] = None,
+    db: Session = Depends(get_db),
+    token: ApiToken = Depends(verify_api_key),
+):
+    """List transactions (external API)."""
+    check_permission(token, "read_transactions")
+    return airwallex_service.list_transactions(db, page_num, page_size, card_id)
+
+
+@router.get("/balance")
+def external_get_balance(
+    db: Session = Depends(get_db),
+    token: ApiToken = Depends(verify_api_key),
+):
+    """Get account balance (external API)."""
+    check_permission(token, "read_balance")
+    balance = airwallex_service.get_balance(db)
+    if balance is None:
+        raise HTTPException(status_code=503, detail="Unable to fetch balance")
+    return balance