package controller import ( "encoding/json" "fmt" "net/http" "net/url" "one-api/common" "one-api/dto" "one-api/logger" "one-api/model" "one-api/setting" "strconv" "strings" "sync" "one-api/constant" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) type LoginRequest struct { Username string `json:"username"` Password string `json:"password"` } func Login(c *gin.Context) { if !common.PasswordLoginEnabled { c.JSON(http.StatusOK, gin.H{ "message": "管理员关闭了密码登录", "success": false, }) return } var loginRequest LoginRequest err := json.NewDecoder(c.Request.Body).Decode(&loginRequest) if err != nil { c.JSON(http.StatusOK, gin.H{ "message": "无效的参数", "success": false, }) return } username := loginRequest.Username password := loginRequest.Password if username == "" || password == "" { c.JSON(http.StatusOK, gin.H{ "message": "无效的参数", "success": false, }) return } user := model.User{ Username: username, Password: password, } err = user.ValidateAndFill() if err != nil { c.JSON(http.StatusOK, gin.H{ "message": err.Error(), "success": false, }) return } // 检查是否启用2FA if model.IsTwoFAEnabled(user.Id) { // 设置pending session,等待2FA验证 session := sessions.Default(c) session.Set("pending_username", user.Username) session.Set("pending_user_id", user.Id) err := session.Save() if err != nil { c.JSON(http.StatusOK, gin.H{ "message": "无法保存会话信息,请重试", "success": false, }) return } c.JSON(http.StatusOK, gin.H{ "message": "请输入两步验证码", "success": true, "data": map[string]interface{}{ "require_2fa": true, }, }) return } setupLogin(&user, c) } // setup session & cookies and then return user info func setupLogin(user *model.User, c *gin.Context) { session := sessions.Default(c) session.Set("id", user.Id) session.Set("username", user.Username) session.Set("role", user.Role) session.Set("status", user.Status) session.Set("group", user.Group) err := session.Save() if err != nil { c.JSON(http.StatusOK, gin.H{ "message": "无法保存会话信息,请重试", "success": false, }) return } cleanUser := model.User{ Id: user.Id, Username: user.Username, DisplayName: user.DisplayName, Role: user.Role, Status: user.Status, Group: user.Group, } c.JSON(http.StatusOK, gin.H{ "message": "", "success": true, "data": cleanUser, }) } func Logout(c *gin.Context) { session := sessions.Default(c) session.Clear() err := session.Save() if err != nil { c.JSON(http.StatusOK, gin.H{ "message": err.Error(), "success": false, }) return } c.JSON(http.StatusOK, gin.H{ "message": "", "success": true, }) } func Register(c *gin.Context) { if !common.RegisterEnabled { c.JSON(http.StatusOK, gin.H{ "message": "管理员关闭了新用户注册", "success": false, }) return } if !common.PasswordRegisterEnabled { c.JSON(http.StatusOK, gin.H{ "message": "管理员关闭了通过密码进行注册,请使用第三方账户验证的形式进行注册", "success": false, }) return } var user model.User err := json.NewDecoder(c.Request.Body).Decode(&user) if err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无效的参数", }) return } if err := common.Validate.Struct(&user); err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "输入不合法 " + err.Error(), }) return } if common.EmailVerificationEnabled { if user.Email == "" || user.VerificationCode == "" { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "管理员开启了邮箱验证,请输入邮箱地址和验证码", }) return } if !common.VerifyCodeWithKey(user.Email, user.VerificationCode, common.EmailVerificationPurpose) { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "验证码错误或已过期", }) return } } exist, err := model.CheckUserExistOrDeleted(user.Username, user.Email) if err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "数据库错误,请稍后重试", }) common.SysLog(fmt.Sprintf("CheckUserExistOrDeleted error: %v", err)) return } if exist { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "用户名已存在,或已注销", }) return } affCode := user.AffCode // this code is the inviter's code, not the user's own code inviterId, _ := model.GetUserIdByAffCode(affCode) cleanUser := model.User{ Username: user.Username, Password: user.Password, DisplayName: user.Username, InviterId: inviterId, Role: common.RoleCommonUser, // 明确设置角色为普通用户 } if common.EmailVerificationEnabled { cleanUser.Email = user.Email } if err := cleanUser.Insert(inviterId); err != nil { common.ApiError(c, err) return } // 获取插入后的用户ID var insertedUser model.User if err := model.DB.Where("username = ?", cleanUser.Username).First(&insertedUser).Error; err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "用户注册失败或用户ID获取失败", }) return } // 生成默认令牌 if constant.GenerateDefaultToken { key, err := common.GenerateKey() if err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "生成默认令牌失败", }) common.SysLog("failed to generate token key: " + err.Error()) return } // 生成默认令牌 token := model.Token{ UserId: insertedUser.Id, // 使用插入后的用户ID Name: cleanUser.Username + "的初始令牌", Key: key, CreatedTime: common.GetTimestamp(), AccessedTime: common.GetTimestamp(), ExpiredTime: -1, // 永不过期 RemainQuota: 500000, // 示例额度 UnlimitedQuota: true, ModelLimitsEnabled: false, } if setting.DefaultUseAutoGroup { token.Group = "auto" } if err := token.Insert(); err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "创建默认令牌失败", }) return } } c.JSON(http.StatusOK, gin.H{ "success": true, "message": "", }) return } func GetAllUsers(c *gin.Context) { pageInfo := common.GetPageQuery(c) users, total, err := model.GetAllUsers(pageInfo) if err != nil { common.ApiError(c, err) return } pageInfo.SetTotal(int(total)) pageInfo.SetItems(users) common.ApiSuccess(c, pageInfo) return } func SearchUsers(c *gin.Context) { keyword := c.Query("keyword") group := c.Query("group") pageInfo := common.GetPageQuery(c) users, total, err := model.SearchUsers(keyword, group, pageInfo.GetStartIdx(), pageInfo.GetPageSize()) if err != nil { common.ApiError(c, err) return } pageInfo.SetTotal(int(total)) pageInfo.SetItems(users) common.ApiSuccess(c, pageInfo) return } func GetUser(c *gin.Context) { id, err := strconv.Atoi(c.Param("id")) if err != nil { common.ApiError(c, err) return } user, err := model.GetUserById(id, false) if err != nil { common.ApiError(c, err) return } myRole := c.GetInt("role") if myRole <= user.Role && myRole != common.RoleRootUser { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无权获取同级或更高等级用户的信息", }) return } c.JSON(http.StatusOK, gin.H{ "success": true, "message": "", "data": user, }) return } func GenerateAccessToken(c *gin.Context) { id := c.GetInt("id") user, err := model.GetUserById(id, true) if err != nil { common.ApiError(c, err) return } // get rand int 28-32 randI := common.GetRandomInt(4) key, err := common.GenerateRandomKey(29 + randI) if err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "生成失败", }) common.SysLog("failed to generate key: " + err.Error()) return } user.SetAccessToken(key) if model.DB.Where("access_token = ?", user.AccessToken).First(user).RowsAffected != 0 { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "请重试,系统生成的 UUID 竟然重复了!", }) return } if err := user.Update(false); err != nil { common.ApiError(c, err) return } c.JSON(http.StatusOK, gin.H{ "success": true, "message": "", "data": user.AccessToken, }) return } type TransferAffQuotaRequest struct { Quota int `json:"quota" binding:"required"` } func TransferAffQuota(c *gin.Context) { id := c.GetInt("id") user, err := model.GetUserById(id, true) if err != nil { common.ApiError(c, err) return } tran := TransferAffQuotaRequest{} if err := c.ShouldBindJSON(&tran); err != nil { common.ApiError(c, err) return } err = user.TransferAffQuotaToQuota(tran.Quota) if err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "划转失败 " + err.Error(), }) return } c.JSON(http.StatusOK, gin.H{ "success": true, "message": "划转成功", }) } func GetAffCode(c *gin.Context) { id := c.GetInt("id") user, err := model.GetUserById(id, true) if err != nil { common.ApiError(c, err) return } if user.AffCode == "" { user.AffCode = common.GetRandomString(4) if err := user.Update(false); err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": err.Error(), }) return } } c.JSON(http.StatusOK, gin.H{ "success": true, "message": "", "data": user.AffCode, }) return } func GetSelf(c *gin.Context) { id := c.GetInt("id") userRole := c.GetInt("role") user, err := model.GetUserById(id, false) if err != nil { common.ApiError(c, err) return } // Hide admin remarks: set to empty to trigger omitempty tag, ensuring the remark field is not included in JSON returned to regular users user.Remark = "" // 计算用户权限信息 permissions := calculateUserPermissions(userRole) // 获取用户设置并提取sidebar_modules userSetting := user.GetSetting() // 构建响应数据,包含用户信息和权限 responseData := map[string]interface{}{ "id": user.Id, "username": user.Username, "display_name": user.DisplayName, "role": user.Role, "status": user.Status, "email": user.Email, "group": user.Group, "quota": user.Quota, "used_quota": user.UsedQuota, "request_count": user.RequestCount, "aff_code": user.AffCode, "aff_count": user.AffCount, "aff_quota": user.AffQuota, "aff_history_quota": user.AffHistoryQuota, "inviter_id": user.InviterId, "linux_do_id": user.LinuxDOId, "setting": user.Setting, "stripe_customer": user.StripeCustomer, "sidebar_modules": userSetting.SidebarModules, // 正确提取sidebar_modules字段 "permissions": permissions, // 新增权限字段 } c.JSON(http.StatusOK, gin.H{ "success": true, "message": "", "data": responseData, }) return } // 计算用户权限的辅助函数 func calculateUserPermissions(userRole int) map[string]interface{} { permissions := map[string]interface{}{} // 根据用户角色计算权限 if userRole == common.RoleRootUser { // 超级管理员不需要边栏设置功能 permissions["sidebar_settings"] = false permissions["sidebar_modules"] = map[string]interface{}{} } else if userRole == common.RoleAdminUser { // 管理员可以设置边栏,但不包含系统设置功能 permissions["sidebar_settings"] = true permissions["sidebar_modules"] = map[string]interface{}{ "admin": map[string]interface{}{ "setting": false, // 管理员不能访问系统设置 }, } } else { // 普通用户只能设置个人功能,不包含管理员区域 permissions["sidebar_settings"] = true permissions["sidebar_modules"] = map[string]interface{}{ "admin": false, // 普通用户不能访问管理员区域 } } return permissions } // 根据用户角色生成默认的边栏配置 func generateDefaultSidebarConfig(userRole int) string { defaultConfig := map[string]interface{}{} // 聊天区域 - 所有用户都可以访问 defaultConfig["chat"] = map[string]interface{}{ "enabled": true, "playground": true, "chat": true, } // 控制台区域 - 所有用户都可以访问 defaultConfig["console"] = map[string]interface{}{ "enabled": true, "detail": true, "token": true, "log": true, "midjourney": true, "task": true, } // 个人中心区域 - 所有用户都可以访问 defaultConfig["personal"] = map[string]interface{}{ "enabled": true, "topup": true, "personal": true, } // 管理员区域 - 根据角色决定 if userRole == common.RoleAdminUser { // 管理员可以访问管理员区域,但不能访问系统设置 defaultConfig["admin"] = map[string]interface{}{ "enabled": true, "channel": true, "models": true, "redemption": true, "user": true, "setting": false, // 管理员不能访问系统设置 } } else if userRole == common.RoleRootUser { // 超级管理员可以访问所有功能 defaultConfig["admin"] = map[string]interface{}{ "enabled": true, "channel": true, "models": true, "redemption": true, "user": true, "setting": true, } } // 普通用户不包含admin区域 // 转换为JSON字符串 configBytes, err := json.Marshal(defaultConfig) if err != nil { common.SysLog("生成默认边栏配置失败: " + err.Error()) return "" } return string(configBytes) } func GetUserModels(c *gin.Context) { id, err := strconv.Atoi(c.Param("id")) if err != nil { id = c.GetInt("id") } user, err := model.GetUserCache(id) if err != nil { common.ApiError(c, err) return } groups := setting.GetUserUsableGroups(user.Group) var models []string for group := range groups { for _, g := range model.GetGroupEnabledModels(group) { if !common.StringsContains(models, g) { models = append(models, g) } } } c.JSON(http.StatusOK, gin.H{ "success": true, "message": "", "data": models, }) return } func UpdateUser(c *gin.Context) { var updatedUser model.User err := json.NewDecoder(c.Request.Body).Decode(&updatedUser) if err != nil || updatedUser.Id == 0 { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无效的参数", }) return } if updatedUser.Password == "" { updatedUser.Password = "$I_LOVE_U" // make Validator happy :) } if err := common.Validate.Struct(&updatedUser); err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "输入不合法 " + err.Error(), }) return } originUser, err := model.GetUserById(updatedUser.Id, false) if err != nil { common.ApiError(c, err) return } myRole := c.GetInt("role") if myRole <= originUser.Role && myRole != common.RoleRootUser { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无权更新同权限等级或更高权限等级的用户信息", }) return } if myRole <= updatedUser.Role && myRole != common.RoleRootUser { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无权将其他用户权限等级提升到大于等于自己的权限等级", }) return } if updatedUser.Password == "$I_LOVE_U" { updatedUser.Password = "" // rollback to what it should be } updatePassword := updatedUser.Password != "" if err := updatedUser.Edit(updatePassword); err != nil { common.ApiError(c, err) return } if originUser.Quota != updatedUser.Quota { model.RecordLog(originUser.Id, model.LogTypeManage, fmt.Sprintf("管理员将用户额度从 %s修改为 %s", logger.LogQuota(originUser.Quota), logger.LogQuota(updatedUser.Quota))) } c.JSON(http.StatusOK, gin.H{ "success": true, "message": "", }) return } func UpdateSelf(c *gin.Context) { var requestData map[string]interface{} err := json.NewDecoder(c.Request.Body).Decode(&requestData) if err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无效的参数", }) return } // 检查是否是sidebar_modules更新请求 if sidebarModules, exists := requestData["sidebar_modules"]; exists { userId := c.GetInt("id") user, err := model.GetUserById(userId, false) if err != nil { common.ApiError(c, err) return } // 获取当前用户设置 currentSetting := user.GetSetting() // 更新sidebar_modules字段 if sidebarModulesStr, ok := sidebarModules.(string); ok { currentSetting.SidebarModules = sidebarModulesStr } // 保存更新后的设置 user.SetSetting(currentSetting) if err := user.Update(false); err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "更新设置失败: " + err.Error(), }) return } c.JSON(http.StatusOK, gin.H{ "success": true, "message": "设置更新成功", }) return } // 原有的用户信息更新逻辑 var user model.User requestDataBytes, err := json.Marshal(requestData) if err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无效的参数", }) return } err = json.Unmarshal(requestDataBytes, &user) if err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无效的参数", }) return } if user.Password == "" { user.Password = "$I_LOVE_U" // make Validator happy :) } if err := common.Validate.Struct(&user); err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "输入不合法 " + err.Error(), }) return } cleanUser := model.User{ Id: c.GetInt("id"), Username: user.Username, Password: user.Password, DisplayName: user.DisplayName, } if user.Password == "$I_LOVE_U" { user.Password = "" // rollback to what it should be cleanUser.Password = "" } updatePassword, err := checkUpdatePassword(user.OriginalPassword, user.Password, cleanUser.Id) if err != nil { common.ApiError(c, err) return } if err := cleanUser.Update(updatePassword); err != nil { common.ApiError(c, err) return } c.JSON(http.StatusOK, gin.H{ "success": true, "message": "", }) return } func checkUpdatePassword(originalPassword string, newPassword string, userId int) (updatePassword bool, err error) { var currentUser *model.User currentUser, err = model.GetUserById(userId, true) if err != nil { return } if !common.ValidatePasswordAndHash(originalPassword, currentUser.Password) { err = fmt.Errorf("原密码错误") return } if newPassword == "" { return } updatePassword = true return } func DeleteUser(c *gin.Context) { id, err := strconv.Atoi(c.Param("id")) if err != nil { common.ApiError(c, err) return } originUser, err := model.GetUserById(id, false) if err != nil { common.ApiError(c, err) return } myRole := c.GetInt("role") if myRole <= originUser.Role { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无权删除同权限等级或更高权限等级的用户", }) return } err = model.HardDeleteUserById(id) if err != nil { c.JSON(http.StatusOK, gin.H{ "success": true, "message": "", }) return } } func DeleteSelf(c *gin.Context) { id := c.GetInt("id") user, _ := model.GetUserById(id, false) if user.Role == common.RoleRootUser { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "不能删除超级管理员账户", }) return } err := model.DeleteUserById(id) if err != nil { common.ApiError(c, err) return } c.JSON(http.StatusOK, gin.H{ "success": true, "message": "", }) return } func CreateUser(c *gin.Context) { var user model.User err := json.NewDecoder(c.Request.Body).Decode(&user) user.Username = strings.TrimSpace(user.Username) if err != nil || user.Username == "" || user.Password == "" { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无效的参数", }) return } if err := common.Validate.Struct(&user); err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "输入不合法 " + err.Error(), }) return } if user.DisplayName == "" { user.DisplayName = user.Username } myRole := c.GetInt("role") if user.Role >= myRole { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无法创建权限大于等于自己的用户", }) return } // Even for admin users, we cannot fully trust them! cleanUser := model.User{ Username: user.Username, Password: user.Password, DisplayName: user.DisplayName, Role: user.Role, // 保持管理员设置的角色 } if err := cleanUser.Insert(0); err != nil { common.ApiError(c, err) return } c.JSON(http.StatusOK, gin.H{ "success": true, "message": "", }) return } type ManageRequest struct { Id int `json:"id"` Action string `json:"action"` } // ManageUser Only admin user can do this func ManageUser(c *gin.Context) { var req ManageRequest err := json.NewDecoder(c.Request.Body).Decode(&req) if err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无效的参数", }) return } user := model.User{ Id: req.Id, } // Fill attributes model.DB.Unscoped().Where(&user).First(&user) if user.Id == 0 { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "用户不存在", }) return } myRole := c.GetInt("role") if myRole <= user.Role && myRole != common.RoleRootUser { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无权更新同权限等级或更高权限等级的用户信息", }) return } switch req.Action { case "disable": user.Status = common.UserStatusDisabled if user.Role == common.RoleRootUser { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无法禁用超级管理员用户", }) return } case "enable": user.Status = common.UserStatusEnabled case "delete": if user.Role == common.RoleRootUser { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无法删除超级管理员用户", }) return } if err := user.Delete(); err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": err.Error(), }) return } case "promote": if myRole != common.RoleRootUser { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "普通管理员用户无法提升其他用户为管理员", }) return } if user.Role >= common.RoleAdminUser { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "该用户已经是管理员", }) return } user.Role = common.RoleAdminUser case "demote": if user.Role == common.RoleRootUser { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无法降级超级管理员用户", }) return } if user.Role == common.RoleCommonUser { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "该用户已经是普通用户", }) return } user.Role = common.RoleCommonUser } if err := user.Update(false); err != nil { common.ApiError(c, err) return } clearUser := model.User{ Role: user.Role, Status: user.Status, } c.JSON(http.StatusOK, gin.H{ "success": true, "message": "", "data": clearUser, }) return } func EmailBind(c *gin.Context) { email := c.Query("email") code := c.Query("code") if !common.VerifyCodeWithKey(email, code, common.EmailVerificationPurpose) { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "验证码错误或已过期", }) return } session := sessions.Default(c) id := session.Get("id") user := model.User{ Id: id.(int), } err := user.FillUserById() if err != nil { common.ApiError(c, err) return } user.Email = email // no need to check if this email already taken, because we have used verification code to check it err = user.Update(false) if err != nil { common.ApiError(c, err) return } c.JSON(http.StatusOK, gin.H{ "success": true, "message": "", }) return } type topUpRequest struct { Key string `json:"key"` } var topUpLocks sync.Map var topUpCreateLock sync.Mutex type topUpTryLock struct { ch chan struct{} } func newTopUpTryLock() *topUpTryLock { return &topUpTryLock{ch: make(chan struct{}, 1)} } func (l *topUpTryLock) TryLock() bool { select { case l.ch <- struct{}{}: return true default: return false } } func (l *topUpTryLock) Unlock() { select { case <-l.ch: default: } } func getTopUpLock(userID int) *topUpTryLock { if v, ok := topUpLocks.Load(userID); ok { return v.(*topUpTryLock) } topUpCreateLock.Lock() defer topUpCreateLock.Unlock() if v, ok := topUpLocks.Load(userID); ok { return v.(*topUpTryLock) } l := newTopUpTryLock() topUpLocks.Store(userID, l) return l } func TopUp(c *gin.Context) { id := c.GetInt("id") lock := getTopUpLock(id) if !lock.TryLock() { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "充值处理中,请稍后重试", }) return } defer lock.Unlock() req := topUpRequest{} err := c.ShouldBindJSON(&req) if err != nil { common.ApiError(c, err) return } quota, err := model.Redeem(req.Key, id) if err != nil { common.ApiError(c, err) return } c.JSON(http.StatusOK, gin.H{ "success": true, "message": "", "data": quota, }) } type UpdateUserSettingRequest struct { QuotaWarningType string `json:"notify_type"` QuotaWarningThreshold float64 `json:"quota_warning_threshold"` WebhookUrl string `json:"webhook_url,omitempty"` WebhookSecret string `json:"webhook_secret,omitempty"` NotificationEmail string `json:"notification_email,omitempty"` BarkUrl string `json:"bark_url,omitempty"` AcceptUnsetModelRatioModel bool `json:"accept_unset_model_ratio_model"` RecordIpLog bool `json:"record_ip_log"` } func UpdateUserSetting(c *gin.Context) { var req UpdateUserSettingRequest if err := c.ShouldBindJSON(&req); err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无效的参数", }) return } // 验证预警类型 if req.QuotaWarningType != dto.NotifyTypeEmail && req.QuotaWarningType != dto.NotifyTypeWebhook && req.QuotaWarningType != dto.NotifyTypeBark { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无效的预警类型", }) return } // 验证预警阈值 if req.QuotaWarningThreshold <= 0 { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "预警阈值必须大于0", }) return } // 如果是webhook类型,验证webhook地址 if req.QuotaWarningType == dto.NotifyTypeWebhook { if req.WebhookUrl == "" { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "Webhook地址不能为空", }) return } // 验证URL格式 if _, err := url.ParseRequestURI(req.WebhookUrl); err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无效的Webhook地址", }) return } } // 如果是邮件类型,验证邮箱地址 if req.QuotaWarningType == dto.NotifyTypeEmail && req.NotificationEmail != "" { // 验证邮箱格式 if !strings.Contains(req.NotificationEmail, "@") { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无效的邮箱地址", }) return } } // 如果是Bark类型,验证Bark URL if req.QuotaWarningType == dto.NotifyTypeBark { if req.BarkUrl == "" { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "Bark推送URL不能为空", }) return } // 验证URL格式 if _, err := url.ParseRequestURI(req.BarkUrl); err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "无效的Bark推送URL", }) return } // 检查是否是HTTP或HTTPS if !strings.HasPrefix(req.BarkUrl, "https://") && !strings.HasPrefix(req.BarkUrl, "http://") { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "Bark推送URL必须以http://或https://开头", }) return } } userId := c.GetInt("id") user, err := model.GetUserById(userId, true) if err != nil { common.ApiError(c, err) return } // 构建设置 settings := dto.UserSetting{ NotifyType: req.QuotaWarningType, QuotaWarningThreshold: req.QuotaWarningThreshold, AcceptUnsetRatioModel: req.AcceptUnsetModelRatioModel, RecordIpLog: req.RecordIpLog, } // 如果是webhook类型,添加webhook相关设置 if req.QuotaWarningType == dto.NotifyTypeWebhook { settings.WebhookUrl = req.WebhookUrl if req.WebhookSecret != "" { settings.WebhookSecret = req.WebhookSecret } } // 如果提供了通知邮箱,添加到设置中 if req.QuotaWarningType == dto.NotifyTypeEmail && req.NotificationEmail != "" { settings.NotificationEmail = req.NotificationEmail } // 如果是Bark类型,添加Bark URL到设置中 if req.QuotaWarningType == dto.NotifyTypeBark { settings.BarkUrl = req.BarkUrl } // 更新用户设置 user.SetSetting(settings) if err := user.Update(false); err != nil { c.JSON(http.StatusOK, gin.H{ "success": false, "message": "更新设置失败: " + err.Error(), }) return } c.JSON(http.StatusOK, gin.H{ "success": true, "message": "设置已更新", }) }