faba565c66
用 Go (Gin + GORM + SQLite) 重写整个后端: - 单二进制部署,不依赖 Python/pip/SDK - net/http 原生客户端,无 Cloudflare TLS 指纹问题 - 多阶段 Dockerfile:Node 构建前端 + Go 构建后端 + Alpine 运行 - 内存占用从 ~95MB 降至 ~3MB - 完整保留所有 API 路由、JWT 认证、API Key 权限、审计日志
144 lines
3.5 KiB
Go
144 lines
3.5 KiB
Go
package handlers
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
"airwallex-admin/models"
|
|
)
|
|
|
|
func ListTokens(c *gin.Context) {
|
|
var tokens []models.ApiToken
|
|
models.DB.Where("is_active = ?", true).Find(&tokens)
|
|
|
|
type tokenResponse struct {
|
|
ID uint `json:"id"`
|
|
Name string `json:"name"`
|
|
Token string `json:"token"`
|
|
Permissions string `json:"permissions"`
|
|
IsActive bool `json:"is_active"`
|
|
CreatedAt time.Time `json:"created_at"`
|
|
ExpiresAt *time.Time `json:"expires_at"`
|
|
LastUsedAt *time.Time `json:"last_used_at"`
|
|
}
|
|
|
|
var result []tokenResponse
|
|
for _, t := range tokens {
|
|
masked := t.Token
|
|
if len(masked) > 12 {
|
|
masked = masked[:8] + "..." + masked[len(masked)-4:]
|
|
}
|
|
result = append(result, tokenResponse{
|
|
ID: t.ID,
|
|
Name: t.Name,
|
|
Token: masked,
|
|
Permissions: t.Permissions,
|
|
IsActive: t.IsActive,
|
|
CreatedAt: t.CreatedAt,
|
|
ExpiresAt: t.ExpiresAt,
|
|
LastUsedAt: t.LastUsedAt,
|
|
})
|
|
}
|
|
|
|
if result == nil {
|
|
result = []tokenResponse{}
|
|
}
|
|
|
|
c.JSON(http.StatusOK, result)
|
|
}
|
|
|
|
type createTokenRequest struct {
|
|
Name string `json:"name" binding:"required"`
|
|
Permissions []string `json:"permissions"`
|
|
ExpiresInDays *int `json:"expires_in_days"`
|
|
}
|
|
|
|
func CreateToken(c *gin.Context) {
|
|
var req createTokenRequest
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"detail": "Invalid request body"})
|
|
return
|
|
}
|
|
|
|
// Generate random token
|
|
tokenBytes := make([]byte, 32)
|
|
if _, err := rand.Read(tokenBytes); err != nil {
|
|
c.JSON(http.StatusInternalServerError, gin.H{"detail": "Failed to generate token"})
|
|
return
|
|
}
|
|
rawToken := base64.RawURLEncoding.EncodeToString(tokenBytes)
|
|
|
|
// Permissions to JSON string
|
|
if req.Permissions == nil {
|
|
req.Permissions = []string{}
|
|
}
|
|
permJSON, _ := json.Marshal(req.Permissions)
|
|
|
|
token := models.ApiToken{
|
|
Name: req.Name,
|
|
Token: rawToken,
|
|
Permissions: string(permJSON),
|
|
IsActive: true,
|
|
}
|
|
|
|
if req.ExpiresInDays != nil && *req.ExpiresInDays > 0 {
|
|
expiresAt := time.Now().Add(time.Duration(*req.ExpiresInDays) * 24 * time.Hour)
|
|
token.ExpiresAt = &expiresAt
|
|
}
|
|
|
|
if result := models.DB.Create(&token); result.Error != nil {
|
|
c.JSON(http.StatusInternalServerError, gin.H{"detail": "Failed to create token"})
|
|
return
|
|
}
|
|
|
|
username := c.GetString("username")
|
|
models.DB.Create(&models.AuditLog{
|
|
Action: "create_token",
|
|
ResourceType: "api_token",
|
|
ResourceID: fmt.Sprintf("%d", token.ID),
|
|
Operator: username,
|
|
IPAddress: c.ClientIP(),
|
|
})
|
|
|
|
c.JSON(http.StatusOK, gin.H{
|
|
"id": token.ID,
|
|
"name": token.Name,
|
|
"token": rawToken,
|
|
"permissions": req.Permissions,
|
|
"is_active": token.IsActive,
|
|
"created_at": token.CreatedAt,
|
|
"expires_at": token.ExpiresAt,
|
|
})
|
|
}
|
|
|
|
func DeleteToken(c *gin.Context) {
|
|
tokenID := c.Param("id")
|
|
|
|
result := models.DB.Model(&models.ApiToken{}).Where("id = ?", tokenID).Update("is_active", false)
|
|
if result.Error != nil {
|
|
c.JSON(http.StatusInternalServerError, gin.H{"detail": "Failed to revoke token"})
|
|
return
|
|
}
|
|
if result.RowsAffected == 0 {
|
|
c.JSON(http.StatusNotFound, gin.H{"detail": "Token not found"})
|
|
return
|
|
}
|
|
|
|
username := c.GetString("username")
|
|
models.DB.Create(&models.AuditLog{
|
|
Action: "delete_token",
|
|
ResourceType: "api_token",
|
|
ResourceID: tokenID,
|
|
Operator: username,
|
|
IPAddress: c.ClientIP(),
|
|
})
|
|
|
|
c.JSON(http.StatusOK, gin.H{"detail": "Token revoked"})
|
|
}
|