Hugging Face's logo

Spaces:
AZILS
/
new-api
Paused

App Files Community
new-api / controller /user.go
liuzhao521
Deploy New API v0.9.25+ (commit b47cf4ef) to HuggingFace Spaces
4674012
raw
history blame contribute delete
31.3 kB
package controller
import (
 "encoding/json"
 "fmt"
 "net/http"
 "net/url"
 "strconv"
 "strings"
 "sync"
"github.com/QuantumNous/new-api/common"
 "github.com/QuantumNous/new-api/dto"
 "github.com/QuantumNous/new-api/logger"
 "github.com/QuantumNous/new-api/model"
 "github.com/QuantumNous/new-api/service"
 "github.com/QuantumNous/new-api/setting"
"github.com/QuantumNous/new-api/constant"
"github.com/gin-contrib/sessions"
 "github.com/gin-gonic/gin"
)
type LoginRequest struct {
 Username string `json:"username"`
 Password string `json:"password"`
}
func Login(c *gin.Context) {
 if !common.PasswordLoginEnabled {
 c.JSON(http.StatusOK, gin.H{
 "message": "管理员关闭了密码登录",
 "success": false,
 })
 return
 }
 var loginRequest LoginRequest
 err := json.NewDecoder(c.Request.Body).Decode(&loginRequest)
 if err != nil {
 c.JSON(http.StatusOK, gin.H{
 "message": "无效的参数",
 "success": false,
 })
 return
 }
 username := loginRequest.Username
 password := loginRequest.Password
 if username == "" || password == "" {
 c.JSON(http.StatusOK, gin.H{
 "message": "无效的参数",
 "success": false,
 })
 return
 }
 user := model.User{
 Username: username,
 Password: password,
 }
 err = user.ValidateAndFill()
 if err != nil {
 c.JSON(http.StatusOK, gin.H{
 "message": err.Error(),
 "success": false,
 })
 return
 }
// 检查是否启用2FA
 if model.IsTwoFAEnabled(user.Id) {
 // 设置pending session,等待2FA验证
 session := sessions.Default(c)
 session.Set("pending_username", user.Username)
 session.Set("pending_user_id", user.Id)
 err := session.Save()
 if err != nil {
 c.JSON(http.StatusOK, gin.H{
 "message": "无法保存会话信息,请重试",
 "success": false,
 })
 return
 }
c.JSON(http.StatusOK, gin.H{
 "message": "请输入两步验证码",
 "success": true,
 "data": map[string]interface{}{
 "require_2fa": true,
 },
 })
 return
 }
setupLogin(&user, c)
}
// setup session & cookies and then return user info
func setupLogin(user *model.User, c *gin.Context) {
 session := sessions.Default(c)
 session.Set("id", user.Id)
 session.Set("username", user.Username)
 session.Set("role", user.Role)
 session.Set("status", user.Status)
 session.Set("group", user.Group)
 err := session.Save()
 if err != nil {
 c.JSON(http.StatusOK, gin.H{
 "message": "无法保存会话信息,请重试",
 "success": false,
 })
 return
 }
 cleanUser := model.User{
 Id: user.Id,
 Username: user.Username,
 DisplayName: user.DisplayName,
 Role: user.Role,
 Status: user.Status,
 Group: user.Group,
 }
 c.JSON(http.StatusOK, gin.H{
 "message": "",
 "success": true,
 "data": cleanUser,
 })
}
func Logout(c *gin.Context) {
 session := sessions.Default(c)
 session.Clear()
 err := session.Save()
 if err != nil {
 c.JSON(http.StatusOK, gin.H{
 "message": err.Error(),
 "success": false,
 })
 return
 }
 c.JSON(http.StatusOK, gin.H{
 "message": "",
 "success": true,
 })
}
func Register(c *gin.Context) {
 if !common.RegisterEnabled {
 c.JSON(http.StatusOK, gin.H{
 "message": "管理员关闭了新用户注册",
 "success": false,
 })
 return
 }
 if !common.PasswordRegisterEnabled {
 c.JSON(http.StatusOK, gin.H{
 "message": "管理员关闭了通过密码进行注册,请使用第三方账户验证的形式进行注册",
 "success": false,
 })
 return
 }
 var user model.User
 err := json.NewDecoder(c.Request.Body).Decode(&user)
 if err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无效的参数",
 })
 return
 }
 if err := common.Validate.Struct(&user); err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "输入不合法 " + err.Error(),
 })
 return
 }
 if common.EmailVerificationEnabled {
 if user.Email == "" || user.VerificationCode == "" {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "管理员开启了邮箱验证,请输入邮箱地址和验证码",
 })
 return
 }
 if !common.VerifyCodeWithKey(user.Email, user.VerificationCode, common.EmailVerificationPurpose) {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "验证码错误或已过期",
 })
 return
 }
 }
 exist, err := model.CheckUserExistOrDeleted(user.Username, user.Email)
 if err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "数据库错误,请稍后重试",
 })
 common.SysLog(fmt.Sprintf("CheckUserExistOrDeleted error: %v", err))
 return
 }
 if exist {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "用户名已存在,或已注销",
 })
 return
 }
 affCode := user.AffCode // this code is the inviter's code, not the user's own code
 inviterId, _ := model.GetUserIdByAffCode(affCode)
 cleanUser := model.User{
 Username: user.Username,
 Password: user.Password,
 DisplayName: user.Username,
 InviterId: inviterId,
 Role: common.RoleCommonUser, // 明确设置角色为普通用户
 }
 if common.EmailVerificationEnabled {
 cleanUser.Email = user.Email
 }
 if err := cleanUser.Insert(inviterId); err != nil {
 common.ApiError(c, err)
 return
 }
// 获取插入后的用户ID
 var insertedUser model.User
 if err := model.DB.Where("username = ?", cleanUser.Username).First(&insertedUser).Error; err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "用户注册失败或用户ID获取失败",
 })
 return
 }
 // 生成默认令牌
 if constant.GenerateDefaultToken {
 key, err := common.GenerateKey()
 if err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "生成默认令牌失败",
 })
 common.SysLog("failed to generate token key: " + err.Error())
 return
 }
 // 生成默认令牌
 token := model.Token{
 UserId: insertedUser.Id, // 使用插入后的用户ID
 Name: cleanUser.Username + "的初始令牌",
 Key: key,
 CreatedTime: common.GetTimestamp(),
 AccessedTime: common.GetTimestamp(),
 ExpiredTime: -1, // 永不过期
 RemainQuota: 500000, // 示例额度
 UnlimitedQuota: true,
 ModelLimitsEnabled: false,
 }
 if setting.DefaultUseAutoGroup {
 token.Group = "auto"
 }
 if err := token.Insert(); err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "创建默认令牌失败",
 })
 return
 }
 }
c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "",
 })
 return
}
func GetAllUsers(c *gin.Context) {
 pageInfo := common.GetPageQuery(c)
 users, total, err := model.GetAllUsers(pageInfo)
 if err != nil {
 common.ApiError(c, err)
 return
 }
pageInfo.SetTotal(int(total))
 pageInfo.SetItems(users)
common.ApiSuccess(c, pageInfo)
 return
}
func SearchUsers(c *gin.Context) {
 keyword := c.Query("keyword")
 group := c.Query("group")
 pageInfo := common.GetPageQuery(c)
 users, total, err := model.SearchUsers(keyword, group, pageInfo.GetStartIdx(), pageInfo.GetPageSize())
 if err != nil {
 common.ApiError(c, err)
 return
 }
pageInfo.SetTotal(int(total))
 pageInfo.SetItems(users)
 common.ApiSuccess(c, pageInfo)
 return
}
func GetUser(c *gin.Context) {
 id, err := strconv.Atoi(c.Param("id"))
 if err != nil {
 common.ApiError(c, err)
 return
 }
 user, err := model.GetUserById(id, false)
 if err != nil {
 common.ApiError(c, err)
 return
 }
 myRole := c.GetInt("role")
 if myRole <= user.Role && myRole != common.RoleRootUser {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无权获取同级或更高等级用户的信息",
 })
 return
 }
 c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "",
 "data": user,
 })
 return
}
func GenerateAccessToken(c *gin.Context) {
 id := c.GetInt("id")
 user, err := model.GetUserById(id, true)
 if err != nil {
 common.ApiError(c, err)
 return
 }
 // get rand int 28-32
 randI := common.GetRandomInt(4)
 key, err := common.GenerateRandomKey(29 + randI)
 if err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "生成失败",
 })
 common.SysLog("failed to generate key: " + err.Error())
 return
 }
 user.SetAccessToken(key)
if model.DB.Where("access_token = ?", user.AccessToken).First(user).RowsAffected != 0 {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "请重试,系统生成的 UUID 竟然重复了!",
 })
 return
 }
if err := user.Update(false); err != nil {
 common.ApiError(c, err)
 return
 }
c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "",
 "data": user.AccessToken,
 })
 return
}
type TransferAffQuotaRequest struct {
 Quota int `json:"quota" binding:"required"`
}
func TransferAffQuota(c *gin.Context) {
 id := c.GetInt("id")
 user, err := model.GetUserById(id, true)
 if err != nil {
 common.ApiError(c, err)
 return
 }
 tran := TransferAffQuotaRequest{}
 if err := c.ShouldBindJSON(&tran); err != nil {
 common.ApiError(c, err)
 return
 }
 err = user.TransferAffQuotaToQuota(tran.Quota)
 if err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "划转失败 " + err.Error(),
 })
 return
 }
 c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "划转成功",
 })
}
func GetAffCode(c *gin.Context) {
 id := c.GetInt("id")
 user, err := model.GetUserById(id, true)
 if err != nil {
 common.ApiError(c, err)
 return
 }
 if user.AffCode == "" {
 user.AffCode = common.GetRandomString(4)
 if err := user.Update(false); err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": err.Error(),
 })
 return
 }
 }
 c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "",
 "data": user.AffCode,
 })
 return
}
func GetSelf(c *gin.Context) {
 id := c.GetInt("id")
 userRole := c.GetInt("role")
 user, err := model.GetUserById(id, false)
 if err != nil {
 common.ApiError(c, err)
 return
 }
 // Hide admin remarks: set to empty to trigger omitempty tag, ensuring the remark field is not included in JSON returned to regular users
 user.Remark = ""
// 计算用户权限信息
 permissions := calculateUserPermissions(userRole)
// 获取用户设置并提取sidebar_modules
 userSetting := user.GetSetting()
// 构建响应数据,包含用户信息和权限
 responseData := map[string]interface{}{
 "id": user.Id,
 "username": user.Username,
 "display_name": user.DisplayName,
 "role": user.Role,
 "status": user.Status,
 "email": user.Email,
 "github_id": user.GitHubId,
 "discord_id": user.DiscordId,
 "oidc_id": user.OidcId,
 "wechat_id": user.WeChatId,
 "telegram_id": user.TelegramId,
 "group": user.Group,
 "quota": user.Quota,
 "used_quota": user.UsedQuota,
 "request_count": user.RequestCount,
 "aff_code": user.AffCode,
 "aff_count": user.AffCount,
 "aff_quota": user.AffQuota,
 "aff_history_quota": user.AffHistoryQuota,
 "inviter_id": user.InviterId,
 "linux_do_id": user.LinuxDOId,
 "setting": user.Setting,
 "stripe_customer": user.StripeCustomer,
 "sidebar_modules": userSetting.SidebarModules, // 正确提取sidebar_modules字段
 "permissions": permissions, // 新增权限字段
 }
c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "",
 "data": responseData,
 })
 return
}
// 计算用户权限的辅助函数
func calculateUserPermissions(userRole int) map[string]interface{} {
 permissions := map[string]interface{}{}
// 根据用户角色计算权限
 if userRole == common.RoleRootUser {
 // 超级管理员不需要边栏设置功能
 permissions["sidebar_settings"] = false
 permissions["sidebar_modules"] = map[string]interface{}{}
 } else if userRole == common.RoleAdminUser {
 // 管理员可以设置边栏,但不包含系统设置功能
 permissions["sidebar_settings"] = true
 permissions["sidebar_modules"] = map[string]interface{}{
 "admin": map[string]interface{}{
 "setting": false, // 管理员不能访问系统设置
 },
 }
 } else {
 // 普通用户只能设置个人功能,不包含管理员区域
 permissions["sidebar_settings"] = true
 permissions["sidebar_modules"] = map[string]interface{}{
 "admin": false, // 普通用户不能访问管理员区域
 }
 }
return permissions
}
// 根据用户角色生成默认的边栏配置
func generateDefaultSidebarConfig(userRole int) string {
 defaultConfig := map[string]interface{}{}
// 聊天区域 - 所有用户都可以访问
 defaultConfig["chat"] = map[string]interface{}{
 "enabled": true,
 "playground": true,
 "chat": true,
 }
// 控制台区域 - 所有用户都可以访问
 defaultConfig["console"] = map[string]interface{}{
 "enabled": true,
 "detail": true,
 "token": true,
 "log": true,
 "midjourney": true,
 "task": true,
 }
// 个人中心区域 - 所有用户都可以访问
 defaultConfig["personal"] = map[string]interface{}{
 "enabled": true,
 "topup": true,
 "personal": true,
 }
// 管理员区域 - 根据角色决定
 if userRole == common.RoleAdminUser {
 // 管理员可以访问管理员区域,但不能访问系统设置
 defaultConfig["admin"] = map[string]interface{}{
 "enabled": true,
 "channel": true,
 "models": true,
 "redemption": true,
 "user": true,
 "setting": false, // 管理员不能访问系统设置
 }
 } else if userRole == common.RoleRootUser {
 // 超级管理员可以访问所有功能
 defaultConfig["admin"] = map[string]interface{}{
 "enabled": true,
 "channel": true,
 "models": true,
 "redemption": true,
 "user": true,
 "setting": true,
 }
 }
 // 普通用户不包含admin区域
// 转换为JSON字符串
 configBytes, err := json.Marshal(defaultConfig)
 if err != nil {
 common.SysLog("生成默认边栏配置失败: " + err.Error())
 return ""
 }
return string(configBytes)
}
func GetUserModels(c *gin.Context) {
 id, err := strconv.Atoi(c.Param("id"))
 if err != nil {
 id = c.GetInt("id")
 }
 user, err := model.GetUserCache(id)
 if err != nil {
 common.ApiError(c, err)
 return
 }
 groups := service.GetUserUsableGroups(user.Group)
 var models []string
 for group := range groups {
 for _, g := range model.GetGroupEnabledModels(group) {
 if !common.StringsContains(models, g) {
 models = append(models, g)
 }
 }
 }
 c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "",
 "data": models,
 })
 return
}
func UpdateUser(c *gin.Context) {
 var updatedUser model.User
 err := json.NewDecoder(c.Request.Body).Decode(&updatedUser)
 if err != nil || updatedUser.Id == 0 {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无效的参数",
 })
 return
 }
 if updatedUser.Password == "" {
 updatedUser.Password = "$I_LOVE_U" // make Validator happy :)
 }
 if err := common.Validate.Struct(&updatedUser); err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "输入不合法 " + err.Error(),
 })
 return
 }
 originUser, err := model.GetUserById(updatedUser.Id, false)
 if err != nil {
 common.ApiError(c, err)
 return
 }
 myRole := c.GetInt("role")
 if myRole <= originUser.Role && myRole != common.RoleRootUser {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无权更新同权限等级或更高权限等级的用户信息",
 })
 return
 }
 if myRole <= updatedUser.Role && myRole != common.RoleRootUser {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无权将其他用户权限等级提升到大于等于自己的权限等级",
 })
 return
 }
 if updatedUser.Password == "$I_LOVE_U" {
 updatedUser.Password = "" // rollback to what it should be
 }
 updatePassword := updatedUser.Password != ""
 if err := updatedUser.Edit(updatePassword); err != nil {
 common.ApiError(c, err)
 return
 }
 if originUser.Quota != updatedUser.Quota {
 model.RecordLog(originUser.Id, model.LogTypeManage, fmt.Sprintf("管理员将用户额度从 %s修改为 %s", logger.LogQuota(originUser.Quota), logger.LogQuota(updatedUser.Quota)))
 }
 c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "",
 })
 return
}
func UpdateSelf(c *gin.Context) {
 var requestData map[string]interface{}
 err := json.NewDecoder(c.Request.Body).Decode(&requestData)
 if err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无效的参数",
 })
 return
 }
// 检查是否是sidebar_modules更新请求
 if sidebarModules, exists := requestData["sidebar_modules"]; exists {
 userId := c.GetInt("id")
 user, err := model.GetUserById(userId, false)
 if err != nil {
 common.ApiError(c, err)
 return
 }
// 获取当前用户设置
 currentSetting := user.GetSetting()
// 更新sidebar_modules字段
 if sidebarModulesStr, ok := sidebarModules.(string); ok {
 currentSetting.SidebarModules = sidebarModulesStr
 }
// 保存更新后的设置
 user.SetSetting(currentSetting)
 if err := user.Update(false); err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "更新设置失败: " + err.Error(),
 })
 return
 }
c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "设置更新成功",
 })
 return
 }
// 原有的用户信息更新逻辑
 var user model.User
 requestDataBytes, err := json.Marshal(requestData)
 if err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无效的参数",
 })
 return
 }
 err = json.Unmarshal(requestDataBytes, &user)
 if err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无效的参数",
 })
 return
 }
if user.Password == "" {
 user.Password = "$I_LOVE_U" // make Validator happy :)
 }
 if err := common.Validate.Struct(&user); err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "输入不合法 " + err.Error(),
 })
 return
 }
cleanUser := model.User{
 Id: c.GetInt("id"),
 Username: user.Username,
 Password: user.Password,
 DisplayName: user.DisplayName,
 }
 if user.Password == "$I_LOVE_U" {
 user.Password = "" // rollback to what it should be
 cleanUser.Password = ""
 }
 updatePassword, err := checkUpdatePassword(user.OriginalPassword, user.Password, cleanUser.Id)
 if err != nil {
 common.ApiError(c, err)
 return
 }
 if err := cleanUser.Update(updatePassword); err != nil {
 common.ApiError(c, err)
 return
 }
c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "",
 })
 return
}
func checkUpdatePassword(originalPassword string, newPassword string, userId int) (updatePassword bool, err error) {
 var currentUser *model.User
 currentUser, err = model.GetUserById(userId, true)
 if err != nil {
 return
 }
 if !common.ValidatePasswordAndHash(originalPassword, currentUser.Password) {
 err = fmt.Errorf("原密码错误")
 return
 }
 if newPassword == "" {
 return
 }
 updatePassword = true
 return
}
func DeleteUser(c *gin.Context) {
 id, err := strconv.Atoi(c.Param("id"))
 if err != nil {
 common.ApiError(c, err)
 return
 }
 originUser, err := model.GetUserById(id, false)
 if err != nil {
 common.ApiError(c, err)
 return
 }
 myRole := c.GetInt("role")
 if myRole <= originUser.Role {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无权删除同权限等级或更高权限等级的用户",
 })
 return
 }
 err = model.HardDeleteUserById(id)
 if err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "",
 })
 return
 }
}
func DeleteSelf(c *gin.Context) {
 id := c.GetInt("id")
 user, _ := model.GetUserById(id, false)
if user.Role == common.RoleRootUser {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "不能删除超级管理员账户",
 })
 return
 }
err := model.DeleteUserById(id)
 if err != nil {
 common.ApiError(c, err)
 return
 }
 c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "",
 })
 return
}
func CreateUser(c *gin.Context) {
 var user model.User
 err := json.NewDecoder(c.Request.Body).Decode(&user)
 user.Username = strings.TrimSpace(user.Username)
 if err != nil || user.Username == "" || user.Password == "" {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无效的参数",
 })
 return
 }
 if err := common.Validate.Struct(&user); err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "输入不合法 " + err.Error(),
 })
 return
 }
 if user.DisplayName == "" {
 user.DisplayName = user.Username
 }
 myRole := c.GetInt("role")
 if user.Role >= myRole {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无法创建权限大于等于自己的用户",
 })
 return
 }
 // Even for admin users, we cannot fully trust them!
 cleanUser := model.User{
 Username: user.Username,
 Password: user.Password,
 DisplayName: user.DisplayName,
 Role: user.Role, // 保持管理员设置的角色
 }
 if err := cleanUser.Insert(0); err != nil {
 common.ApiError(c, err)
 return
 }
c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "",
 })
 return
}
type ManageRequest struct {
 Id int `json:"id"`
 Action string `json:"action"`
}
// ManageUser Only admin user can do this
func ManageUser(c *gin.Context) {
 var req ManageRequest
 err := json.NewDecoder(c.Request.Body).Decode(&req)
if err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无效的参数",
 })
 return
 }
 user := model.User{
 Id: req.Id,
 }
 // Fill attributes
 model.DB.Unscoped().Where(&user).First(&user)
 if user.Id == 0 {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "用户不存在",
 })
 return
 }
 myRole := c.GetInt("role")
 if myRole <= user.Role && myRole != common.RoleRootUser {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无权更新同权限等级或更高权限等级的用户信息",
 })
 return
 }
 switch req.Action {
 case "disable":
 user.Status = common.UserStatusDisabled
 if user.Role == common.RoleRootUser {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无法禁用超级管理员用户",
 })
 return
 }
 case "enable":
 user.Status = common.UserStatusEnabled
 case "delete":
 if user.Role == common.RoleRootUser {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无法删除超级管理员用户",
 })
 return
 }
 if err := user.Delete(); err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": err.Error(),
 })
 return
 }
 case "promote":
 if myRole != common.RoleRootUser {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "普通管理员用户无法提升其他用户为管理员",
 })
 return
 }
 if user.Role >= common.RoleAdminUser {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "该用户已经是管理员",
 })
 return
 }
 user.Role = common.RoleAdminUser
 case "demote":
 if user.Role == common.RoleRootUser {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无法降级超级管理员用户",
 })
 return
 }
 if user.Role == common.RoleCommonUser {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "该用户已经是普通用户",
 })
 return
 }
 user.Role = common.RoleCommonUser
 }
if err := user.Update(false); err != nil {
 common.ApiError(c, err)
 return
 }
 clearUser := model.User{
 Role: user.Role,
 Status: user.Status,
 }
 c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "",
 "data": clearUser,
 })
 return
}
func EmailBind(c *gin.Context) {
 email := c.Query("email")
 code := c.Query("code")
 if !common.VerifyCodeWithKey(email, code, common.EmailVerificationPurpose) {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "验证码错误或已过期",
 })
 return
 }
 session := sessions.Default(c)
 id := session.Get("id")
 user := model.User{
 Id: id.(int),
 }
 err := user.FillUserById()
 if err != nil {
 common.ApiError(c, err)
 return
 }
 user.Email = email
 // no need to check if this email already taken, because we have used verification code to check it
 err = user.Update(false)
 if err != nil {
 common.ApiError(c, err)
 return
 }
 c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "",
 })
 return
}
type topUpRequest struct {
 Key string `json:"key"`
}
var topUpLocks sync.Map
var topUpCreateLock sync.Mutex
type topUpTryLock struct {
 ch chan struct{}
}
func newTopUpTryLock() *topUpTryLock {
 return &topUpTryLock{ch: make(chan struct{}, 1)}
}
func (l *topUpTryLock) TryLock() bool {
 select {
 case l.ch <- struct{}{}:
 return true
 default:
 return false
 }
}
func (l *topUpTryLock) Unlock() {
 select {
 case <-l.ch:
 default:
 }
}
func getTopUpLock(userID int) *topUpTryLock {
 if v, ok := topUpLocks.Load(userID); ok {
 return v.(*topUpTryLock)
 }
 topUpCreateLock.Lock()
 defer topUpCreateLock.Unlock()
 if v, ok := topUpLocks.Load(userID); ok {
 return v.(*topUpTryLock)
 }
 l := newTopUpTryLock()
 topUpLocks.Store(userID, l)
 return l
}
func TopUp(c *gin.Context) {
 id := c.GetInt("id")
 lock := getTopUpLock(id)
 if !lock.TryLock() {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "充值处理中,请稍后重试",
 })
 return
 }
 defer lock.Unlock()
 req := topUpRequest{}
 err := c.ShouldBindJSON(&req)
 if err != nil {
 common.ApiError(c, err)
 return
 }
 quota, err := model.Redeem(req.Key, id)
 if err != nil {
 common.ApiError(c, err)
 return
 }
 c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "",
 "data": quota,
 })
}
type UpdateUserSettingRequest struct {
 QuotaWarningType string `json:"notify_type"`
 QuotaWarningThreshold float64 `json:"quota_warning_threshold"`
 WebhookUrl string `json:"webhook_url,omitempty"`
 WebhookSecret string `json:"webhook_secret,omitempty"`
 NotificationEmail string `json:"notification_email,omitempty"`
 BarkUrl string `json:"bark_url,omitempty"`
 GotifyUrl string `json:"gotify_url,omitempty"`
 GotifyToken string `json:"gotify_token,omitempty"`
 GotifyPriority int `json:"gotify_priority,omitempty"`
 AcceptUnsetModelRatioModel bool `json:"accept_unset_model_ratio_model"`
 RecordIpLog bool `json:"record_ip_log"`
}
func UpdateUserSetting(c *gin.Context) {
 var req UpdateUserSettingRequest
 if err := c.ShouldBindJSON(&req); err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无效的参数",
 })
 return
 }
// 验证预警类型
 if req.QuotaWarningType != dto.NotifyTypeEmail && req.QuotaWarningType != dto.NotifyTypeWebhook && req.QuotaWarningType != dto.NotifyTypeBark && req.QuotaWarningType != dto.NotifyTypeGotify {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无效的预警类型",
 })
 return
 }
// 验证预警阈值
 if req.QuotaWarningThreshold <= 0 {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "预警阈值必须大于0",
 })
 return
 }
// 如果是webhook类型,验证webhook地址
 if req.QuotaWarningType == dto.NotifyTypeWebhook {
 if req.WebhookUrl == "" {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "Webhook地址不能为空",
 })
 return
 }
 // 验证URL格式
 if _, err := url.ParseRequestURI(req.WebhookUrl); err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无效的Webhook地址",
 })
 return
 }
 }
// 如果是邮件类型,验证邮箱地址
 if req.QuotaWarningType == dto.NotifyTypeEmail && req.NotificationEmail != "" {
 // 验证邮箱格式
 if !strings.Contains(req.NotificationEmail, "@") {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无效的邮箱地址",
 })
 return
 }
 }
// 如果是Bark类型,验证Bark URL
 if req.QuotaWarningType == dto.NotifyTypeBark {
 if req.BarkUrl == "" {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "Bark推送URL不能为空",
 })
 return
 }
 // 验证URL格式
 if _, err := url.ParseRequestURI(req.BarkUrl); err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无效的Bark推送URL",
 })
 return
 }
 // 检查是否是HTTP或HTTPS
 if !strings.HasPrefix(req.BarkUrl, "https://") && !strings.HasPrefix(req.BarkUrl, "http://") {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "Bark推送URL必须以http://或https://开头",
 })
 return
 }
 }
// 如果是Gotify类型,验证Gotify URL和Token
 if req.QuotaWarningType == dto.NotifyTypeGotify {
 if req.GotifyUrl == "" {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "Gotify服务器地址不能为空",
 })
 return
 }
 if req.GotifyToken == "" {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "Gotify令牌不能为空",
 })
 return
 }
 // 验证URL格式
 if _, err := url.ParseRequestURI(req.GotifyUrl); err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "无效的Gotify服务器地址",
 })
 return
 }
 // 检查是否是HTTP或HTTPS
 if !strings.HasPrefix(req.GotifyUrl, "https://") && !strings.HasPrefix(req.GotifyUrl, "http://") {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "Gotify服务器地址必须以http://或https://开头",
 })
 return
 }
 }
userId := c.GetInt("id")
 user, err := model.GetUserById(userId, true)
 if err != nil {
 common.ApiError(c, err)
 return
 }
// 构建设置
 settings := dto.UserSetting{
 NotifyType: req.QuotaWarningType,
 QuotaWarningThreshold: req.QuotaWarningThreshold,
 AcceptUnsetRatioModel: req.AcceptUnsetModelRatioModel,
 RecordIpLog: req.RecordIpLog,
 }
// 如果是webhook类型,添加webhook相关设置
 if req.QuotaWarningType == dto.NotifyTypeWebhook {
 settings.WebhookUrl = req.WebhookUrl
 if req.WebhookSecret != "" {
 settings.WebhookSecret = req.WebhookSecret
 }
 }
// 如果提供了通知邮箱,添加到设置中
 if req.QuotaWarningType == dto.NotifyTypeEmail && req.NotificationEmail != "" {
 settings.NotificationEmail = req.NotificationEmail
 }
// 如果是Bark类型,添加Bark URL到设置中
 if req.QuotaWarningType == dto.NotifyTypeBark {
 settings.BarkUrl = req.BarkUrl
 }
// 如果是Gotify类型,添加Gotify配置到设置中
 if req.QuotaWarningType == dto.NotifyTypeGotify {
 settings.GotifyUrl = req.GotifyUrl
 settings.GotifyToken = req.GotifyToken
 // Gotify优先级范围0-10,超出范围则使用默认值5
 if req.GotifyPriority < 0 || req.GotifyPriority > 10 {
 settings.GotifyPriority = 5
 } else {
 settings.GotifyPriority = req.GotifyPriority
 }
 }
// 更新用户设置
 user.SetSetting(settings)
 if err := user.Update(false); err != nil {
 c.JSON(http.StatusOK, gin.H{
 "success": false,
 "message": "更新设置失败: " + err.Error(),
 })
 return
 }
c.JSON(http.StatusOK, gin.H{
 "success": true,
 "message": "设置已更新",
 })
}