126 lines
2.7 KiB
JavaScript
126 lines
2.7 KiB
JavaScript
import express from 'express';
|
|
import {
|
|
verifyAdminPassword,
|
|
getAllPasswords,
|
|
addPassword,
|
|
deletePassword
|
|
} from '../database.js';
|
|
import { generateAdminToken } from '../utils/jwt.js';
|
|
import { requireAdminAuth } from '../middleware/auth.js';
|
|
import { loginLimiter } from '../middleware/rateLimit.js';
|
|
|
|
const router = express.Router();
|
|
|
|
/**
|
|
* 管理员登录
|
|
* POST /api/admin/login
|
|
* Body: { username: string, password: string }
|
|
*/
|
|
router.post('/login', loginLimiter, (req, res) => {
|
|
const { username, password } = req.body;
|
|
|
|
if (!username || !password) {
|
|
return res.status(400).json({ error: '请提供用户名和密码' });
|
|
}
|
|
|
|
const isValid = verifyAdminPassword(username, password);
|
|
|
|
if (!isValid) {
|
|
return res.status(401).json({ error: '用户名或密码错误' });
|
|
}
|
|
|
|
const token = generateAdminToken(username);
|
|
|
|
res.json({
|
|
success: true,
|
|
token,
|
|
message: '登录成功'
|
|
});
|
|
});
|
|
|
|
/**
|
|
* 获取所有访问密码
|
|
* GET /api/admin/passwords
|
|
* 需要管理员认证
|
|
*/
|
|
router.get('/passwords', requireAdminAuth, (req, res) => {
|
|
const passwords = getAllPasswords();
|
|
res.json({
|
|
success: true,
|
|
passwords
|
|
});
|
|
});
|
|
|
|
/**
|
|
* 添加新的访问密码
|
|
* POST /api/admin/passwords
|
|
* Body: { name: string, password: string }
|
|
* 需要管理员认证
|
|
*/
|
|
router.post('/passwords', requireAdminAuth, (req, res) => {
|
|
const { name, password } = req.body;
|
|
|
|
if (!name || !password) {
|
|
return res.status(400).json({ error: '请提供密码名称和密码' });
|
|
}
|
|
|
|
if (name.length < 1 || name.length > 50) {
|
|
return res.status(400).json({ error: '密码名称长度应在 1-50 个字符之间' });
|
|
}
|
|
|
|
if (password.length < 4) {
|
|
return res.status(400).json({ error: '密码长度至少 4 个字符' });
|
|
}
|
|
|
|
const result = addPassword(name, password);
|
|
|
|
if (!result.success) {
|
|
return res.status(400).json({ error: result.error });
|
|
}
|
|
|
|
res.json({
|
|
success: true,
|
|
id: result.id,
|
|
message: '密码添加成功'
|
|
});
|
|
});
|
|
|
|
/**
|
|
* 删除访问密码
|
|
* DELETE /api/admin/passwords/:id
|
|
* 需要管理员认证
|
|
*/
|
|
router.delete('/passwords/:id', requireAdminAuth, (req, res) => {
|
|
const id = parseInt(req.params.id, 10);
|
|
|
|
if (isNaN(id)) {
|
|
return res.status(400).json({ error: '无效的密码 ID' });
|
|
}
|
|
|
|
const success = deletePassword(id);
|
|
|
|
if (!success) {
|
|
return res.status(404).json({ error: '密码不存在' });
|
|
}
|
|
|
|
res.json({
|
|
success: true,
|
|
message: '密码删除成功'
|
|
});
|
|
});
|
|
|
|
/**
|
|
* 验证管理员 token
|
|
* GET /api/admin/verify-token
|
|
*/
|
|
router.get('/verify-token', requireAdminAuth, (req, res) => {
|
|
res.json({
|
|
valid: true,
|
|
admin: {
|
|
username: req.admin.username
|
|
}
|
|
});
|
|
});
|
|
|
|
export default router;
|