70c020a97c
- 将src/business/security模块迁移至src/core/security_core - 更新模块导入路径和依赖关系 - 统一安全相关组件的命名规范(content_type.middleware.ts) - 清理过时的配置文件和文档 - 更新架构文档以反映新的模块结构 此次重构符合业务功能模块化架构设计原则,将技术基础设施 服务统一放置在core层,提高代码组织的清晰度和可维护性。
185 lines
7.3 KiB
TypeScript
185 lines
7.3 KiB
TypeScript
/**
|
||
* 管理员控制器
|
||
*
|
||
* API端点:
|
||
* - POST /admin/auth/login 管理员登录
|
||
* - GET /admin/users 用户列表(需要管理员Token)
|
||
* - GET /admin/users/:id 用户详情(需要管理员Token)
|
||
* - POST /admin/users/:id/reset-password 重置指定用户密码(需要管理员Token)
|
||
* - GET /admin/logs/runtime 获取运行日志尾部(需要管理员Token)
|
||
*
|
||
* @author jianuo
|
||
* @version 1.0.0
|
||
* @since 2025-12-19
|
||
*/
|
||
|
||
import { Body, Controller, Get, HttpCode, HttpStatus, Param, Post, Query, UseGuards, ValidationPipe, UsePipes, Res, Logger } from '@nestjs/common';
|
||
import { ApiBearerAuth, ApiBody, ApiOperation, ApiParam, ApiProduces, ApiQuery, ApiResponse, ApiTags } from '@nestjs/swagger';
|
||
import { AdminGuard } from './guards/admin.guard';
|
||
import { AdminService } from './admin.service';
|
||
import { AdminLoginDto, AdminResetPasswordDto } from './dto/admin-login.dto';
|
||
import {
|
||
AdminLoginResponseDto,
|
||
AdminUsersResponseDto,
|
||
AdminCommonResponseDto,
|
||
AdminUserResponseDto,
|
||
AdminRuntimeLogsResponseDto
|
||
} from './dto/admin-response.dto';
|
||
import { Throttle, ThrottlePresets } from '../../core/security_core/decorators/throttle.decorator';
|
||
import type { Response } from 'express';
|
||
import * as fs from 'fs';
|
||
import * as path from 'path';
|
||
import { spawn } from 'child_process';
|
||
import { pipeline } from 'stream';
|
||
|
||
@ApiTags('admin')
|
||
@Controller('admin')
|
||
export class AdminController {
|
||
private readonly logger = new Logger(AdminController.name);
|
||
|
||
constructor(private readonly adminService: AdminService) {}
|
||
|
||
@ApiOperation({ summary: '管理员登录', description: '仅允许 role=9 的账户登录后台' })
|
||
@ApiBody({ type: AdminLoginDto })
|
||
@ApiResponse({ status: 200, description: '登录成功', type: AdminLoginResponseDto })
|
||
@ApiResponse({ status: 401, description: '登录失败' })
|
||
@ApiResponse({ status: 403, description: '权限不足或账户被禁用' })
|
||
@ApiResponse({ status: 429, description: '登录尝试过于频繁' })
|
||
@Throttle(ThrottlePresets.LOGIN)
|
||
@Post('auth/login')
|
||
@HttpCode(HttpStatus.OK)
|
||
@UsePipes(new ValidationPipe({ transform: true }))
|
||
async login(@Body() dto: AdminLoginDto) {
|
||
return await this.adminService.login(dto.identifier, dto.password);
|
||
}
|
||
|
||
@ApiBearerAuth('JWT-auth')
|
||
@ApiOperation({ summary: '获取用户列表', description: '后台用户管理:分页获取用户列表' })
|
||
@ApiQuery({ name: 'limit', required: false, description: '返回数量(默认100)' })
|
||
@ApiQuery({ name: 'offset', required: false, description: '偏移量(默认0)' })
|
||
@ApiResponse({ status: 200, description: '获取成功', type: AdminUsersResponseDto })
|
||
@UseGuards(AdminGuard)
|
||
@Get('users')
|
||
async listUsers(
|
||
@Query('limit') limit?: string,
|
||
@Query('offset') offset?: string,
|
||
) {
|
||
const parsedLimit = limit ? Number(limit) : 100;
|
||
const parsedOffset = offset ? Number(offset) : 0;
|
||
return await this.adminService.listUsers(parsedLimit, parsedOffset);
|
||
}
|
||
|
||
@ApiBearerAuth('JWT-auth')
|
||
@ApiOperation({ summary: '获取用户详情' })
|
||
@ApiParam({ name: 'id', description: '用户ID' })
|
||
@ApiResponse({ status: 200, description: '获取成功', type: AdminUserResponseDto })
|
||
@UseGuards(AdminGuard)
|
||
@Get('users/:id')
|
||
async getUser(@Param('id') id: string) {
|
||
return await this.adminService.getUser(BigInt(id));
|
||
}
|
||
|
||
@ApiBearerAuth('JWT-auth')
|
||
@ApiOperation({ summary: '重置用户密码', description: '管理员直接为用户设置新密码(需满足密码强度规则)' })
|
||
@ApiParam({ name: 'id', description: '用户ID' })
|
||
@ApiBody({ type: AdminResetPasswordDto })
|
||
@ApiResponse({ status: 200, description: '重置成功', type: AdminCommonResponseDto })
|
||
@ApiResponse({ status: 429, description: '操作过于频繁' })
|
||
@UseGuards(AdminGuard)
|
||
@Throttle(ThrottlePresets.ADMIN_OPERATION)
|
||
@Post('users/:id/reset-password')
|
||
@HttpCode(HttpStatus.OK)
|
||
@UsePipes(new ValidationPipe({ transform: true }))
|
||
async resetPassword(@Param('id') id: string, @Body() dto: AdminResetPasswordDto) {
|
||
return await this.adminService.resetPassword(BigInt(id), dto.new_password);
|
||
}
|
||
|
||
@ApiBearerAuth('JWT-auth')
|
||
@ApiOperation({ summary: '获取运行日志尾部', description: '从 logs/ 目录读取最近的日志行(默认200行)' })
|
||
@ApiQuery({ name: 'lines', required: false, description: '返回行数(默认200,最大2000)' })
|
||
@ApiResponse({ status: 200, description: '获取成功', type: AdminRuntimeLogsResponseDto })
|
||
@UseGuards(AdminGuard)
|
||
@Get('logs/runtime')
|
||
async getRuntimeLogs(@Query('lines') lines?: string) {
|
||
const parsedLines = lines ? Number(lines) : undefined;
|
||
return await this.adminService.getRuntimeLogs(parsedLines);
|
||
}
|
||
|
||
@ApiBearerAuth('JWT-auth')
|
||
@ApiOperation({ summary: '下载全部运行日志', description: '将 logs/ 目录打包为 tar.gz 并下载(需要管理员Token)' })
|
||
@ApiProduces('application/gzip')
|
||
@ApiResponse({ status: 200, description: '打包下载成功(tar.gz 二进制流)' })
|
||
@UseGuards(AdminGuard)
|
||
@Get('logs/archive')
|
||
async downloadLogsArchive(@Res() res: Response) {
|
||
const logDir = this.adminService.getLogDirAbsolutePath();
|
||
|
||
if (!fs.existsSync(logDir)) {
|
||
res.status(404).json({ success: false, message: '日志目录不存在' });
|
||
return;
|
||
}
|
||
|
||
const stats = fs.statSync(logDir);
|
||
if (!stats.isDirectory()) {
|
||
res.status(404).json({ success: false, message: '日志目录不可用' });
|
||
return;
|
||
}
|
||
|
||
const parentDir = path.dirname(logDir);
|
||
const baseName = path.basename(logDir);
|
||
const ts = new Date().toISOString().replace(/[:.]/g, '-');
|
||
const filename = `logs-${ts}.tar.gz`;
|
||
|
||
res.setHeader('Content-Type', 'application/gzip');
|
||
res.setHeader('Content-Disposition', `attachment; filename="${filename}"`);
|
||
res.setHeader('Cache-Control', 'no-store');
|
||
|
||
const tar = spawn('tar', ['-czf', '-', '-C', parentDir, baseName], {
|
||
stdio: ['ignore', 'pipe', 'pipe'],
|
||
});
|
||
|
||
tar.stderr.on('data', (chunk: Buffer) => {
|
||
const msg = chunk.toString('utf8').trim();
|
||
if (msg) {
|
||
this.logger.warn(`tar stderr: ${msg}`);
|
||
}
|
||
});
|
||
|
||
tar.on('error', (err: any) => {
|
||
this.logger.error('打包日志失败(tar 进程启动失败)', err?.stack || String(err));
|
||
if (!res.headersSent) {
|
||
const msg = err?.code === 'ENOENT' ? '服务器缺少 tar 命令,无法打包日志' : '日志打包失败';
|
||
res.status(500).json({ success: false, message: msg });
|
||
} else {
|
||
res.end();
|
||
}
|
||
});
|
||
|
||
const pipelinePromise = new Promise<void>((resolve, reject) => {
|
||
pipeline(tar.stdout, res, (err) => (err ? reject(err) : resolve()));
|
||
});
|
||
|
||
const exitPromise = new Promise<void>((resolve, reject) => {
|
||
tar.on('close', (code) => {
|
||
if (code === 0) {
|
||
resolve();
|
||
} else {
|
||
reject(new Error(`tar exited with code ${code ?? 'unknown'}`));
|
||
}
|
||
});
|
||
});
|
||
|
||
try {
|
||
await pipelinePromise;
|
||
await exitPromise;
|
||
} catch (err) {
|
||
this.logger.error('打包日志失败(tar 执行或输出失败)', err instanceof Error ? err.stack : String(err));
|
||
if (!res.headersSent) {
|
||
res.status(500).json({ success: false, message: '日志打包失败' });
|
||
} else {
|
||
res.end();
|
||
}
|
||
}
|
||
}
|
||
}
|