juluo/CloudFlare-ImgBed
1
0
Fork 0
mirror of https://github.com/MarSeventh/CloudFlare-ImgBed.git synced 2026-01-31 09:03:19 +08:00
Code Issues Packages Projects Releases 1 Wiki Activity
Files
2589927def5186ae3474cda0b95f1c8c325c6327
CloudFlare-ImgBed/functions/api/manage/apiTokens.js

227 lines
6.3 KiB
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

import { getDatabase } from '../../utils/databaseAdapter.js';
export async function onRequest(context) {
// API Token管理支持创建、删除、列出Token
const {
request,
env,
params,
waitUntil,
next,
data,
} = context;
const db = getDatabase(env);
const url = new URL(request.url)
const method = request.method
// GET - 获取所有Token列表
if (method === 'GET') {
const tokens = await getApiTokens(db)
return new Response(JSON.stringify(tokens), {
headers: {
'content-type': 'application/json',
},
})
}
// POST - 创建新Token
if (method === 'POST') {
const body = await request.json()
const { name, permissions, owner } = body
if (!name || !permissions || !owner) {
return new Response(JSON.stringify({ error: '缺少必要参数' }), {
status: 400,
headers: {
'content-type': 'application/json',
},
})
}
const token = await createApiToken(db, name, permissions, owner)
return new Response(JSON.stringify(token), {
headers: {
'content-type': 'application/json',
},
})
}
// DELETE - 删除Token
if (method === 'DELETE') {
const tokenId = url.searchParams.get('id')
if (!tokenId) {
return new Response(JSON.stringify({ error: '缺少Token ID' }), {
status: 400,
headers: {
'content-type': 'application/json',
},
})
}
const result = await deleteApiToken(db, tokenId)
return new Response(JSON.stringify(result), {
headers: {
'content-type': 'application/json',
},
})
}
// PUT - 更新Token权限
if (method === 'PUT') {
const body = await request.json()
const { tokenId, permissions } = body
if (!tokenId || !permissions) {
return new Response(JSON.stringify({ error: '缺少必要参数' }), {
status: 400,
headers: {
'content-type': 'application/json',
},
})
}
const result = await updateApiToken(db, tokenId, permissions)
return new Response(JSON.stringify(result), {
headers: {
'content-type': 'application/json',
},
})
}
return new Response('Method not allowed', { status: 405 })
}
// 获取所有API Token
async function getApiTokens(db) {
const settingsStr = await db.get('manage@sysConfig@security')
const settings = settingsStr ? JSON.parse(settingsStr) : {}
const tokens = settings.apiTokens?.tokens || {}
// 返回时不包含实际token值只返回基本信息
const tokenList = Object.keys(tokens).map(id => {
const token = tokens[id]
return {
id,
name: token.name,
owner: token.owner,
permissions: token.permissions,
createdAt: token.createdAt,
updatedAt: token.updatedAt,
token: token.token.substr(0, 15) + '...' // 只显示前15位
}
})
return { tokens: tokenList }
}
// 创建新的API Token
async function createApiToken(db, name, permissions, owner) {
const settingsStr = await db.get('manage@sysConfig@security')
const settings = settingsStr ? JSON.parse(settingsStr) : {}
if (!settings.apiTokens) {
settings.apiTokens = { tokens: {} }
}
const tokenId = generateTokenId()
const token = generateApiToken()
const now = new Date().toISOString()
const tokenData = {
id: tokenId,
name,
token,
owner,
permissions,
createdAt: now,
updatedAt: now
}
settings.apiTokens.tokens[tokenId] = tokenData
// 保存到数据库
await db.put('manage@sysConfig@security', JSON.stringify(settings))
return {
id: tokenId,
name,
token,
owner,
permissions,
createdAt: now,
updatedAt: now
}
}
// 删除API Token
async function deleteApiToken(db, tokenId) {
const settingsStr = await db.get('manage@sysConfig@security')
const settings = settingsStr ? JSON.parse(settingsStr) : {}
if (!settings.apiTokens?.tokens?.[tokenId]) {
return { error: 'Token 不存在' }
}
delete settings.apiTokens.tokens[tokenId]
// 保存到数据库
await db.put('manage@sysConfig@security', JSON.stringify(settings))
return { success: true, message: 'Token 已删除' }
}
// 更新API Token权限
async function updateApiToken(db, tokenId, permissions) {
const settingsStr = await db.get('manage@sysConfig@security')
const settings = settingsStr ? JSON.parse(settingsStr) : {}
if (!settings.apiTokens?.tokens?.[tokenId]) {
return { error: 'Token 不存在' }
}
settings.apiTokens.tokens[tokenId].permissions = permissions
settings.apiTokens.tokens[tokenId].updatedAt = new Date().toISOString()
// 保存到数据库
await db.put('manage@sysConfig@security', JSON.stringify(settings))
return {
success: true,
message: 'Token 权限已更新',
token: settings.apiTokens.tokens[tokenId]
}
}
// 生成随机Token
function generateApiToken() {
const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
let result = 'imgbed_'
for (let i = 0; i < 32; i++) {
result += chars.charAt(Math.floor(Math.random() * chars.length))
}
return result
}
// 生成Token ID
function generateTokenId() {
return Date.now().toString(36) + Math.random().toString(36).substring(2)
}
// 根据Token获取权限供其他API使用
export async function getTokenPermissions(db, token) {
const settingsStr = await db.get('manage@sysConfig@security')
const settings = settingsStr ? JSON.parse(settingsStr) : {}
const tokens = settings.apiTokens?.tokens || {}
// 查找匹配的token
for (const tokenId in tokens) {
if (tokens[tokenId].token === token) {
return tokens[tokenId].permissions
}
}
return null
}
Reference in New Issue View Git Blame Copy Permalink