237899745/vue-driven-cloud-storage
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: 237899745:12859cbb20d4d63dcd254ee676f6645f4ca87489
Branches Tags
237899745:master 237899745:main 237899745:feature/initial
..
compare: 237899745:master
Branches Tags
237899745:master 237899745:main 237899745:feature/initial

79 Commits
12859cbb20 ... master

Author SHA1 Message Date
yuyx
d8cd7fd514 fix: improve app relaunch after update and release 0.1.28 2026-02-20 23:53:02 +08:00
yuyx
b161a3e3e7 feat: improve sync workspace and updater stability in 0.1.27 2026-02-20 23:44:26 +08:00
yuyx
b179cae14e fix: make silent updater produce logs reliably and release 0.1.26 2026-02-20 22:55:20 +08:00
yuyx
c8f63d6fc9 feat: verify updater package and harden client reliability in 0.1.25 2026-02-20 22:15:28 +08:00
yuyx
fe544efc91 fix: harden silent updater flow and release 0.1.24 2026-02-20 20:34:02 +08:00
yuyx
01384a2215 feat: improve upload resilience and release 0.1.23 2026-02-20 20:21:42 +08:00
yuyx
6618de1aed fix: correct mobile web layout for client download button 2026-02-20 16:15:54 +08:00
yuyx
e2318ac42e feat: add web entry to download desktop client 2026-02-19 21:49:32 +08:00
yuyx
cdfe45b3a2 fix: stabilize silent updater and release 0.1.22 2026-02-19 21:41:44 +08:00
yuyx
7563664733 chore: bump desktop update channel to 0.1.21 2026-02-19 21:04:12 +08:00
yuyx
77799ef819 feat: tighten file card borders on web and desktop with 0.1.10 release 2026-02-19 20:57:24 +08:00
yuyx
374238d15f feat: restyle desktop file grid to baidu-style icon layout 2026-02-19 20:46:31 +08:00
yuyx
099ba3e3e0 feat: release desktop 0.1.9 with device dedupe and new branding 2026-02-19 20:33:54 +08:00
yuyx
71a19e9e87 feat: adjust confirm button order and improve file name wrapping 2026-02-19 20:09:05 +08:00
yuyx
9c3ced5c44 chore: release desktop client 0.1.7 2026-02-19 19:44:15 +08:00
yuyx
5082a5ed04 fix: unify client confirmations and inline rename UX 2026-02-19 19:36:52 +08:00
yuyx
d604b8dc7b chore: bump desktop client version to 0.1.6 2026-02-19 19:14:35 +08:00
yuyx
50d41cb7ae fix: restore login by defining getClientIp helper 2026-02-19 19:08:12 +08:00
yuyx
19f53875c9 feat: add online device management and desktop settings integration 2026-02-19 17:34:41 +08:00
yuyx
365ada1a4a feat(desktop): remember login in sqlite and streamline update flow 2026-02-19 00:12:33 +08:00
yuyx
3329ff10cf chore(release): bump desktop client to 0.1.4 2026-02-18 22:55:52 +08:00
yuyx
9d600a2d5c fix(desktop): require in-app confirmation before deleting shares 2026-02-18 22:53:53 +08:00
yuyx
bb8a4ea386 fix(frontend): replace share delete confirm with in-app modal 2026-02-18 22:48:31 +08:00
yuyx
fd236e6949 chore(release): bump desktop client to 0.1.3 2026-02-18 22:27:20 +08:00
yuyx
b931f36bde feat(desktop): stream download progress and auto-launch installer 2026-02-18 22:24:41 +08:00
yuyx
e4098bfda9 docs(desktop): rewrite README in Chinese with integration and build guide 2026-02-18 22:16:20 +08:00
yuyx
fec2bd37a4 feat(update): auto-clean old desktop installer packages 2026-02-18 22:14:26 +08:00
yuyx
af51d74a9f feat(share): reuse existing share and direct links per file 2026-02-18 22:13:14 +08:00
yuyx
ada7986669 fix(frontend): use native confirm for share/direct-link deletion 2026-02-18 22:11:55 +08:00
yuyx
74032fe497 chore(release): publish desktop 0.1.2 with manual update checks 2026-02-18 22:02:34 +08:00
yuyx
f96a9ccaa9 feat(security): shorten download signed URLs to 30s and remove update polling 2026-02-18 21:59:14 +08:00
yuyx
c83d9304ea chore(release): sync tauri cargo lock to 0.1.1 2026-02-18 21:25:47 +08:00
yuyx
4b3a113285 chore(release): bump desktop client to 0.1.1 2026-02-18 21:23:05 +08:00
yuyx
c81b5395ac feat(desktop): implement startup and scheduled auto update flow 2026-02-18 21:11:59 +08:00
yuyx
5f91fd925d fix(desktop-ui): stabilize files toolbar layout 2026-02-18 21:08:18 +08:00
yuyx
5c484e33a6 chore(desktop): align update panel copy with one-click installer flow 2026-02-18 20:28:08 +08:00
yuyx
c668c88f7f feat(desktop): align requested 4/5/6/8 with resume queue batch and one-click update 2026-02-18 20:26:16 +08:00
yuyx
32a66e6c77 feat(desktop): add sort/filter, update center, and local sync workspace 2026-02-18 20:07:21 +08:00
yuyx
d4818a78d3 perf(desktop): stream drag-upload and improve transfer status UX 2026-02-18 19:50:34 +08:00
yuyx
09043e8059 feat(desktop): add drag-and-drop upload for file view 2026-02-18 19:46:11 +08:00
yuyx
2b36275c4a style(desktop): improve alignment and spacing across file/share views 2026-02-18 19:33:39 +08:00
yuyx
8736a127a5 fix(desktop): enforce square file cards and icon tiles 2026-02-18 19:29:25 +08:00
yuyx
24ac734503 feat(desktop): native download and working context menu actions 2026-02-18 19:25:52 +08:00
yuyx
9da90f38cc feat(desktop): square file cards and context-menu file actions 2026-02-18 18:30:53 +08:00
yuyx
3c483d2093 feat(desktop): implement share management and hide endpoint settings 2026-02-18 17:17:49 +08:00
yuyx
e343f6ac2a feat(desktop): add tauri desktop client for cs.workyai.cn 2026-02-18 16:53:22 +08:00
yuyx
3ea17db971 fix: correct local datetime display and remove false devtools detection 2026-02-18 11:23:34 +08:00
yuyx
751428a29a fix: keep expired reservations reconcilable for delayed OSS logs 2026-02-18 10:49:58 +08:00
yuyx
5eab1de03e fix: ingest oss traffic logs without file extensions 2026-02-18 10:24:00 +08:00
yuyx
7ee727bd3a fix: bump app.js cache busting version 2026-02-18 10:08:11 +08:00
yuyx
96ff46aa4a feat: add configurable stealth download security policies 2026-02-18 09:48:14 +08:00
yuyx
8956270a60 fix: improve reservation cleanup and share popup handling 2026-02-17 23:55:31 +08:00
yuyx
1a1c64c0e7 feat: add share security, resumable upload, global search and reservation ops panel 2026-02-17 23:36:30 +08:00
yuyx
3c75986566 fix: bump app.js cache-busting version 2026-02-17 22:56:49 +08:00
yuyx
aad1202d5e ui: show file names instead of full paths in shares 2026-02-17 22:54:12 +08:00
yuyx
5f7599bd0d style: align share and direct-link table layout 2026-02-17 22:42:11 +08:00
yuyx
b261d2750c fix: unify share/direct link click and copy actions 2026-02-17 22:39:19 +08:00
yuyx
e909d9917a fix: normalize traffic range buttons layout in settings 2026-02-17 22:14:40 +08:00
yuyx
6242622f1a feat: add independent direct-link sharing flow 2026-02-17 21:57:38 +08:00
yuyx
d236a790a1 test: update admin/share edge scripts for cookie+csrf auth 2026-02-17 21:32:07 +08:00
yuyx
aed5dfdcb2 feat: add server-side admin user pagination and align traffic report accounting 2026-02-17 20:30:02 +08:00
yuyx
1eae645bfd feat: improve admin user management with filters and pagination 2026-02-17 20:13:32 +08:00
yuyx
c506cf83be feat: improve media preview UX with caching and loading states 2026-02-17 20:03:02 +08:00
yuyx
0885195cb5 fix: remove preview content-type override for aliyun oss compatibility 2026-02-17 19:51:01 +08:00
yuyx
f0e7381c1d fix: use preview-mode signed URLs and graceful media preview fallback 2026-02-17 19:36:49 +08:00
yuyx
2b700978ad fix: precheck local downloads to avoid JSON file download on quota errors 2026-02-17 19:32:48 +08:00
yuyx
dd6c439eb3 fix: fallback to file icon when thumbnail load fails 2026-02-17 19:29:42 +08:00
yuyx
978ae545e1 feat: make zero download quota block downloads and use -1 for unlimited 2026-02-17 19:25:39 +08:00
yuyx
53e77ebf4e fix: precheck local share download quota at download-url stage 2026-02-17 19:08:47 +08:00
yuyx
3ab92d672d chore: properly ignore runtime storage and data directories 2026-02-17 19:07:11 +08:00
yuyx
19d3f29f6b fix: move share quota block to download and add 3s download alert 2026-02-17 19:05:12 +08:00
yuyx
10a3f09952 feat: switch OSS download quota to reservation plus log reconcile 2026-02-17 18:12:33 +08:00
yuyx
b171b41599 fix: force OSS direct download even when traffic quota is enabled 2026-02-17 17:40:55 +08:00
yuyx
3a22b88f23 feat: add user download traffic reports and restore OSS direct downloads 2026-02-17 17:36:26 +08:00
yuyx
7687397954 feat: enhance download traffic quota lifecycle controls 2026-02-17 17:19:25 +08:00
yuyx
2629237f9e feat(quota): add downloadable traffic quota with local/OSS/share metering 2026-02-17 16:52:26 +08:00
yuyx
b0e89df5c4 fix(security): harden CORS/cookie policy and share path validation 2026-02-12 21:39:01 +08:00
yuyx
a3932747e3 fix(ui): apply true large-screen scaling and mobile overflow safeguards 2026-02-12 20:33:36 +08:00
yuyx
8193101566 fix(frontend): improve 2k/4k scaling and mobile overflow responsiveness 2026-02-12 20:28:08 +08:00
90 changed files with 26260 additions and 1081 deletions
Expand all files Collapse all files

6
.gitignore vendored
View File

@@ -15,9 +15,11 @@ __pycache__/
# 临时文件 # 临时文件
backend/uploads/ backend/uploads/
backend/storage/ # 本地存储数据 # 本地存储数据目录(保留 .gitkeep
backend/storage/*
!backend/storage/.gitkeep !backend/storage/.gitkeep
backend/data/ # 数据库目录 # 数据库目录(保留 .gitkeep
backend/data/*
!backend/data/.gitkeep !backend/data/.gitkeep
*.log *.log
.DS_Store .DS_Store

91
backend/auth.js
View File

@@ -1,6 +1,6 @@
const jwt = require('jsonwebtoken'); const jwt = require('jsonwebtoken');
const crypto = require('crypto'); const crypto = require('crypto');
const { UserDB } = require('./database'); const { UserDB, DeviceSessionDB } = require('./database');
const { decryptSecret } = require('./utils/encryption'); const { decryptSecret } = require('./utils/encryption');
const DEFAULT_LOCAL_STORAGE_QUOTA_BYTES = 1024 * 1024 * 1024; // 1GB const DEFAULT_LOCAL_STORAGE_QUOTA_BYTES = 1024 * 1024 * 1024; // 1GB
const DEFAULT_OSS_STORAGE_QUOTA_BYTES = 1024 * 1024 * 1024; // 1GB const DEFAULT_OSS_STORAGE_QUOTA_BYTES = 1024 * 1024 * 1024; // 1GB
@@ -64,13 +64,16 @@ if (JWT_SECRET.length < 32) {
console.log('[安全] ✓ JWT密钥验证通过'); console.log('[安全] ✓ JWT密钥验证通过');
// 生成Access Token短期 // 生成Access Token短期
function generateToken(user) { function generateToken(user, sessionId = null) {
const safeSessionId = typeof sessionId === 'string' && sessionId.trim() ? sessionId.trim() : null;
return jwt.sign( return jwt.sign(
{ {
id: user.id, id: user.id,
username: user.username, username: user.username,
is_admin: user.is_admin, is_admin: user.is_admin,
type: 'access' type: 'access',
sid: safeSessionId,
jti: crypto.randomBytes(12).toString('hex')
}, },
JWT_SECRET, JWT_SECRET,
{ expiresIn: ACCESS_TOKEN_EXPIRES } { expiresIn: ACCESS_TOKEN_EXPIRES }
@@ -78,11 +81,13 @@ function generateToken(user) {
} }
// 生成Refresh Token长期 // 生成Refresh Token长期
function generateRefreshToken(user) { function generateRefreshToken(user, sessionId = null) {
const safeSessionId = typeof sessionId === 'string' && sessionId.trim() ? sessionId.trim() : null;
return jwt.sign( return jwt.sign(
{ {
id: user.id, id: user.id,
type: 'refresh', type: 'refresh',
sid: safeSessionId,
// 添加随机标识使每次生成的refresh token不同 // 添加随机标识使每次生成的refresh token不同
jti: crypto.randomBytes(16).toString('hex') jti: crypto.randomBytes(16).toString('hex')
}, },
@@ -91,8 +96,26 @@ function generateRefreshToken(user) {
); );
} }
function decodeAccessToken(token) {
if (!token || typeof token !== 'string') return null;
try {
return jwt.verify(token, JWT_SECRET);
} catch {
return null;
}
}
function decodeRefreshToken(token) {
if (!token || typeof token !== 'string') return null;
try {
return jwt.verify(token, REFRESH_SECRET);
} catch {
return null;
}
}
// 验证Refresh Token并返回新的Access Token // 验证Refresh Token并返回新的Access Token
function refreshAccessToken(refreshToken) { function refreshAccessToken(refreshToken, context = {}) {
try { try {
const decoded = jwt.verify(refreshToken, REFRESH_SECRET); const decoded = jwt.verify(refreshToken, REFRESH_SECRET);
@@ -100,6 +123,18 @@ function refreshAccessToken(refreshToken) {
return { success: false, message: '无效的刷新令牌类型' }; return { success: false, message: '无效的刷新令牌类型' };
} }
const sessionId = typeof decoded.sid === 'string' ? decoded.sid.trim() : '';
if (sessionId) {
const activeSession = DeviceSessionDB.findActiveBySessionId(sessionId);
if (!activeSession || Number(activeSession.user_id) !== Number(decoded.id)) {
return { success: false, message: '当前设备会话已失效,请重新登录' };
}
DeviceSessionDB.touch(sessionId, {
ipAddress: context.ipAddress,
userAgent: context.userAgent
});
}
const user = UserDB.findById(decoded.id); const user = UserDB.findById(decoded.id);
if (!user) { if (!user) {
@@ -115,11 +150,12 @@ function refreshAccessToken(refreshToken) {
} }
// 生成新的access token // 生成新的access token
const newAccessToken = generateToken(user); const newAccessToken = generateToken(user, sessionId || null);
return { return {
success: true, success: true,
token: newAccessToken, token: newAccessToken,
sessionId: sessionId || null,
user: { user: {
id: user.id, id: user.id,
username: user.username, username: user.username,
@@ -148,6 +184,29 @@ function authMiddleware(req, res, next) {
try { try {
const decoded = jwt.verify(token, JWT_SECRET); const decoded = jwt.verify(token, JWT_SECRET);
if (decoded.type !== 'access') {
return res.status(401).json({
success: false,
message: '无效的令牌类型'
});
}
const sessionId = typeof decoded.sid === 'string' ? decoded.sid.trim() : '';
if (sessionId) {
const activeSession = DeviceSessionDB.findActiveBySessionId(sessionId);
if (!activeSession || Number(activeSession.user_id) !== Number(decoded.id)) {
return res.status(401).json({
success: false,
message: '当前设备已下线,请重新登录'
});
}
DeviceSessionDB.touch(sessionId, {
ipAddress: req.ip || req.socket?.remoteAddress || '',
userAgent: req.get('user-agent') || ''
});
}
const user = UserDB.findById(decoded.id); const user = UserDB.findById(decoded.id);
if (!user) { if (!user) {
@@ -175,6 +234,17 @@ function authMiddleware(req, res, next) {
const effectiveOssQuota = Number.isFinite(rawOssQuota) && rawOssQuota > 0 const effectiveOssQuota = Number.isFinite(rawOssQuota) && rawOssQuota > 0
? rawOssQuota ? rawOssQuota
: DEFAULT_OSS_STORAGE_QUOTA_BYTES; : DEFAULT_OSS_STORAGE_QUOTA_BYTES;
const rawDownloadTrafficQuota = Number(user.download_traffic_quota);
const effectiveDownloadTrafficQuota = Number.isFinite(rawDownloadTrafficQuota) && rawDownloadTrafficQuota > 0
? Math.floor(rawDownloadTrafficQuota)
: 0; // 0 表示不限流量
const rawDownloadTrafficUsed = Number(user.download_traffic_used);
const normalizedDownloadTrafficUsed = Number.isFinite(rawDownloadTrafficUsed) && rawDownloadTrafficUsed > 0
? Math.floor(rawDownloadTrafficUsed)
: 0;
const cappedDownloadTrafficUsed = effectiveDownloadTrafficQuota > 0
? Math.min(normalizedDownloadTrafficUsed, effectiveDownloadTrafficQuota)
: normalizedDownloadTrafficUsed;
// 将用户信息附加到请求对象(包含所有存储相关字段) // 将用户信息附加到请求对象(包含所有存储相关字段)
req.user = { req.user = {
@@ -198,9 +268,16 @@ function authMiddleware(req, res, next) {
local_storage_used: user.local_storage_used || 0, local_storage_used: user.local_storage_used || 0,
oss_storage_quota: effectiveOssQuota, oss_storage_quota: effectiveOssQuota,
storage_used: user.storage_used || 0, storage_used: user.storage_used || 0,
download_traffic_quota: effectiveDownloadTrafficQuota,
download_traffic_used: cappedDownloadTrafficUsed,
download_traffic_quota_expires_at: user.download_traffic_quota_expires_at || null,
download_traffic_reset_cycle: user.download_traffic_reset_cycle || 'none',
download_traffic_last_reset_at: user.download_traffic_last_reset_at || null,
// 主题偏好 // 主题偏好
theme_preference: user.theme_preference || null theme_preference: user.theme_preference || null
}; };
req.authSessionId = sessionId || null;
req.authTokenJti = typeof decoded.jti === 'string' ? decoded.jti : null;
next(); next();
} catch (error) { } catch (error) {
@@ -313,6 +390,8 @@ module.exports = {
JWT_SECRET, JWT_SECRET,
generateToken, generateToken,
generateRefreshToken, generateRefreshToken,
decodeAccessToken,
decodeRefreshToken,
refreshAccessToken, refreshAccessToken,
authMiddleware, authMiddleware,
adminMiddleware, adminMiddleware,

1751
backend/database.js
View File

File diff suppressed because it is too large Load Diff

5217
backend/server.js
View File

File diff suppressed because it is too large Load Diff

156
backend/storage.js
View File

@@ -1,4 +1,16 @@
const { S3Client, PutObjectCommand, GetObjectCommand, DeleteObjectsCommand, ListObjectsV2Command, HeadObjectCommand, CopyObjectCommand } = require('@aws-sdk/client-s3'); const {
S3Client,
PutObjectCommand,
GetObjectCommand,
DeleteObjectsCommand,
ListObjectsV2Command,
HeadObjectCommand,
CopyObjectCommand,
CreateMultipartUploadCommand,
UploadPartCommand,
CompleteMultipartUploadCommand,
AbortMultipartUploadCommand
} = require('@aws-sdk/client-s3');
const { getSignedUrl } = require('@aws-sdk/s3-request-presigner'); const { getSignedUrl } = require('@aws-sdk/s3-request-presigner');
const fs = require('fs'); const fs = require('fs');
const path = require('path'); const path = require('path');
@@ -18,6 +30,25 @@ function formatFileSize(bytes) {
return Math.round(bytes / Math.pow(k, i) * 100) / 100 + ' ' + sizes[i]; return Math.round(bytes / Math.pow(k, i) * 100) / 100 + ' ' + sizes[i];
} }
function parsePositiveInteger(value, fallback) {
const parsed = Number(value);
if (!Number.isFinite(parsed) || parsed <= 0) {
return fallback;
}
return Math.floor(parsed);
}
const OSS_MULTIPART_MAX_PARTS = 10000;
const OSS_MULTIPART_MIN_PART_SIZE = 5 * 1024 * 1024; // S3 协议要求最小 5MB最后一片除外
const OSS_MULTIPART_DEFAULT_PART_SIZE = Math.max(
OSS_MULTIPART_MIN_PART_SIZE,
parsePositiveInteger(process.env.OSS_MULTIPART_PART_SIZE_BYTES, 16 * 1024 * 1024)
);
const OSS_SINGLE_UPLOAD_THRESHOLD = Math.max(
OSS_MULTIPART_MIN_PART_SIZE,
parsePositiveInteger(process.env.OSS_SINGLE_UPLOAD_THRESHOLD_BYTES, 64 * 1024 * 1024)
);
/** /**
* 将 OSS/网络错误转换为友好的错误信息 * 将 OSS/网络错误转换为友好的错误信息
* @param {Error} error - 原始错误 * @param {Error} error - 原始错误
@@ -1090,9 +1121,13 @@ class OssStorageClient {
* @param {string} remotePath - 远程文件路径 * @param {string} remotePath - 远程文件路径
*/ */
async put(localPath, remotePath) { async put(localPath, remotePath) {
let bucket = '';
let key = '';
let uploadId = null;
let fileHandle = null;
try { try {
const key = this.getObjectKey(remotePath); key = this.getObjectKey(remotePath);
const bucket = this.getBucket(); bucket = this.getBucket();
// 检查本地文件是否存在 // 检查本地文件是否存在
if (!fs.existsSync(localPath)) { if (!fs.existsSync(localPath)) {
@@ -1102,30 +1137,107 @@ class OssStorageClient {
const fileStats = fs.statSync(localPath); const fileStats = fs.statSync(localPath);
const fileSize = fileStats.size; const fileSize = fileStats.size;
// 检查文件大小AWS S3 单次上传最大 5GB if (fileSize <= OSS_SINGLE_UPLOAD_THRESHOLD) {
const MAX_SINGLE_UPLOAD_SIZE = 5 * 1024 * 1024 * 1024; // 5GB // 小文件保持单请求上传,兼容性更高。
if (fileSize > MAX_SINGLE_UPLOAD_SIZE) { const fileContent = fs.readFileSync(localPath);
throw new Error(`文件过大 (${formatFileSize(fileSize)}),单次上传最大支持 5GB请使用分片上传`); const command = new PutObjectCommand({
Bucket: bucket,
Key: key,
Body: fileContent,
ContentLength: fileSize,
ChecksumAlgorithm: undefined
});
await this.s3Client.send(command);
console.log(`[OSS存储] 上传成功: ${key} (${formatFileSize(fileSize)})`);
return;
} }
// 使用Buffer上传而非流式上传避免AWS SDK使用aws-chunked编码 // 大文件自动切换到分片上传,避免整文件读入内存和 5GB 单请求上限。
// 这样可以确保与阿里云OSS的兼容性 const minPartSizeByCount = Math.ceil(fileSize / OSS_MULTIPART_MAX_PARTS);
const fileContent = fs.readFileSync(localPath); const alignedMinPartSize = Math.ceil(
Math.max(minPartSizeByCount, OSS_MULTIPART_MIN_PART_SIZE) / (1024 * 1024)
) * 1024 * 1024;
const partSize = Math.max(OSS_MULTIPART_DEFAULT_PART_SIZE, alignedMinPartSize);
const estimatedParts = Math.ceil(fileSize / partSize);
if (estimatedParts > OSS_MULTIPART_MAX_PARTS) {
throw new Error(`文件过大,分片数量超限 (${estimatedParts}/${OSS_MULTIPART_MAX_PARTS})`);
}
// 直接上传 const createResp = await this.s3Client.send(new CreateMultipartUploadCommand({
const command = new PutObjectCommand({ Bucket: bucket,
Key: key
}));
uploadId = createResp?.UploadId || null;
if (!uploadId) {
throw new Error('创建分片上传会话失败:缺少 UploadId');
}
const uploadedParts = [];
let offset = 0;
let partNumber = 1;
fileHandle = await fs.promises.open(localPath, 'r');
while (offset < fileSize) {
const remaining = fileSize - offset;
const currentPartSize = Math.min(partSize, remaining);
const buffer = Buffer.allocUnsafe(currentPartSize);
const { bytesRead } = await fileHandle.read(buffer, 0, currentPartSize, offset);
if (bytesRead <= 0) {
throw new Error('读取本地文件失败,分片上传中断');
}
const body = bytesRead === currentPartSize ? buffer : buffer.subarray(0, bytesRead);
const partResp = await this.s3Client.send(new UploadPartCommand({
Bucket: bucket,
Key: key,
UploadId: uploadId,
PartNumber: partNumber,
Body: body,
ContentLength: bytesRead
}));
if (!partResp?.ETag) {
throw new Error(`分片 ${partNumber} 上传失败:服务端未返回 ETag`);
}
uploadedParts.push({
ETag: partResp.ETag,
PartNumber: partNumber
});
offset += bytesRead;
if (partNumber === 1 || partNumber % 10 === 0 || offset >= fileSize) {
console.log(
`[OSS存储] 上传分片进度: ${key} ${partNumber}/${estimatedParts} (${formatFileSize(offset)}/${formatFileSize(fileSize)})`
);
}
partNumber += 1;
}
await this.s3Client.send(new CompleteMultipartUploadCommand({
Bucket: bucket, Bucket: bucket,
Key: key, Key: key,
Body: fileContent, UploadId: uploadId,
ContentLength: fileSize, // 明确指定内容长度,避免某些服务端问题 MultipartUpload: { Parts: uploadedParts }
// 禁用checksum算法阿里云OSS不完全支持AWS的x-amz-content-sha256头 }));
ChecksumAlgorithm: undefined uploadId = null;
}); console.log(
`[OSS存储] 分片上传完成: ${key} (${formatFileSize(fileSize)}, ${uploadedParts.length} 片)`
await this.s3Client.send(command); );
console.log(`[OSS存储] 上传成功: ${key} (${formatFileSize(fileSize)})`);
} catch (error) { } catch (error) {
if (uploadId && bucket && key) {
try {
await this.s3Client.send(new AbortMultipartUploadCommand({
Bucket: bucket,
Key: key,
UploadId: uploadId
}));
console.warn(`[OSS存储] 已中止失败的分片上传: ${key}`);
} catch (abortError) {
console.error(`[OSS存储] 中止分片上传失败: ${key}`, abortError.message);
}
}
console.error(`[OSS存储] 上传失败: ${remotePath}`, error.message); console.error(`[OSS存储] 上传失败: ${remotePath}`, error.message);
// 判断错误类型并给出友好的错误信息 // 判断错误类型并给出友好的错误信息
@@ -1139,6 +1251,10 @@ class OssStorageClient {
throw new Error(`本地文件不存在: ${localPath}`); throw new Error(`本地文件不存在: ${localPath}`);
} }
throw new Error(`文件上传失败: ${error.message}`); throw new Error(`文件上传失败: ${error.message}`);
} finally {
if (fileHandle) {
await fileHandle.close().catch(() => {});
}
} }
} }

750
backend/test_admin.js
View File

@@ -1,69 +1,163 @@
/** /**
* 管理员功能完整性测试脚本 * 管理员功能完整性测试脚本Cookie + CSRF 认证模型)
* 测试范围: *
* 1. 用户管理 - 用户列表、搜索、封禁/解封、删除、修改存储权限、查看用户文件 * 覆盖范围:
* 2. 系统设置 - SMTP邮件配置、存储配置、注册开关、主题设置 * 1. 鉴权与权限校验
* 3. 分享管理 - 查看所有分享、删除分享 * 2. 用户管理(列表、封禁/删除自保护、存储权限)
* 4. 系统监控 - 健康检查、存储统计、操作日志 * 3. 系统设置(获取/更新/参数校验)
* 5. 安全检查 - 管理员权限验证、敏感操作确认 * 4. 分享管理
* 5. 系统监控(健康、存储、日志)
* 6. 上传工具接口
*/ */
const http = require('http'); const http = require('http');
const https = require('https');
const { UserDB } = require('./database');
const BASE_URL = 'http://localhost:40001'; const BASE_URL = process.env.TEST_BASE_URL || 'http://127.0.0.1:40001';
let adminToken = '';
let testUserId = null; const state = {
let testShareId = null; adminSession: {
cookies: {},
csrfToken: ''
},
adminUserId: null,
testUserId: null,
latestSettings: null
};
// 测试结果收集
const testResults = { const testResults = {
passed: [], passed: [],
failed: [], failed: [],
warnings: [] warnings: []
}; };
// 辅助函数发送HTTP请求 function makeCookieHeader(cookies) {
function request(method, path, data = null, token = null) { return Object.entries(cookies || {})
.map(([k, v]) => `${k}=${v}`)
.join('; ');
}
function storeSetCookies(session, setCookieHeader) {
if (!session || !setCookieHeader) return;
const list = Array.isArray(setCookieHeader) ? setCookieHeader : [setCookieHeader];
for (const raw of list) {
const first = String(raw || '').split(';')[0];
const idx = first.indexOf('=');
if (idx <= 0) continue;
const key = first.slice(0, idx).trim();
const value = first.slice(idx + 1).trim();
session.cookies[key] = value;
if (key === 'csrf_token') {
session.csrfToken = value;
}
}
}
function isSafeMethod(method) {
const upper = String(method || '').toUpperCase();
return upper === 'GET' || upper === 'HEAD' || upper === 'OPTIONS';
}
function request(method, path, options = {}) {
const {
data = null,
session = null,
headers = {},
requireCsrf = true
} = options;
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
const url = new URL(path, BASE_URL); const url = new URL(path, BASE_URL);
const options = { const transport = url.protocol === 'https:' ? https : http;
hostname: url.hostname,
port: url.port,
path: url.pathname + url.search,
method: method,
headers: {
'Content-Type': 'application/json'
}
};
if (token) { const requestHeaders = { ...headers };
options.headers['Authorization'] = `Bearer ${token}`; if (session) {
const cookieHeader = makeCookieHeader(session.cookies);
if (cookieHeader) {
requestHeaders.Cookie = cookieHeader;
}
if (requireCsrf && !isSafeMethod(method)) {
const csrfToken = session.csrfToken || session.cookies.csrf_token;
if (csrfToken) {
requestHeaders['X-CSRF-Token'] = csrfToken;
}
}
} }
const req = http.request(options, (res) => { let payload = null;
if (data !== null && data !== undefined) {
payload = JSON.stringify(data);
requestHeaders['Content-Type'] = 'application/json';
requestHeaders['Content-Length'] = Buffer.byteLength(payload);
}
const req = transport.request({
protocol: url.protocol,
hostname: url.hostname,
port: url.port || (url.protocol === 'https:' ? 443 : 80),
path: url.pathname + url.search,
method,
headers: requestHeaders
}, (res) => {
let body = ''; let body = '';
res.on('data', chunk => body += chunk); res.on('data', chunk => {
body += chunk;
});
res.on('end', () => { res.on('end', () => {
try { if (session) {
const json = JSON.parse(body); storeSetCookies(session, res.headers['set-cookie']);
resolve({ status: res.statusCode, data: json });
} catch (e) {
resolve({ status: res.statusCode, data: body });
} }
let parsed = body;
try {
parsed = body ? JSON.parse(body) : {};
} catch (e) {
// keep raw text
}
resolve({
status: res.statusCode,
data: parsed,
headers: res.headers
});
}); });
}); });
req.on('error', reject); req.on('error', reject);
if (data) { if (payload) {
req.write(JSON.stringify(data)); req.write(payload);
} }
req.end(); req.end();
}); });
} }
// 测试函数包装器 async function initCsrf(session) {
const res = await request('GET', '/api/csrf-token', {
session,
requireCsrf: false
});
if (res.status === 200 && res.data && res.data.csrfToken) {
session.csrfToken = res.data.csrfToken;
}
return res;
}
function assert(condition, message) {
if (!condition) {
throw new Error(message);
}
}
function warn(message) {
testResults.warnings.push(message);
console.log(`[WARN] ${message}`);
}
async function test(name, fn) { async function test(name, fn) {
try { try {
await fn(); await fn();
@@ -75,432 +169,355 @@ async function test(name, fn) {
} }
} }
// 警告记录 function ensureTestUser() {
function warn(message) { if (state.testUserId) {
testResults.warnings.push(message); return;
console.log(`[WARN] ${message}`); }
const suffix = Date.now();
const username = `admin_test_user_${suffix}`;
const email = `${username}@test.local`;
const password = `AdminTest#${suffix}`;
const id = UserDB.create({
username,
email,
password,
is_verified: 1
});
UserDB.update(id, {
is_active: 1,
is_banned: 0,
storage_permission: 'user_choice',
current_storage_type: 'oss'
});
state.testUserId = id;
} }
// 断言函数 function cleanupTestUser() {
function assert(condition, message) { if (!state.testUserId) return;
if (!condition) { try {
throw new Error(message); UserDB.delete(state.testUserId);
} catch (error) {
warn(`清理测试用户失败: ${error.message}`);
} finally {
state.testUserId = null;
} }
} }
// ============ 测试用例 ============
// 1. 安全检查:未认证访问应被拒绝 // 1. 安全检查:未认证访问应被拒绝
async function testUnauthorizedAccess() { async function testUnauthorizedAccess() {
const res = await request('GET', '/api/admin/users'); const res = await request('GET', '/api/admin/users');
assert(res.status === 401, `未认证访问应返回401实际返回: ${res.status}`); assert(res.status === 401, `未认证访问应返回401实际返回: ${res.status}`);
} }
// 2. 管理员登录 // 2. 安全检查:无效 Token 应被拒绝
async function testAdminLogin() { async function testInvalidTokenAccess() {
const res = await request('POST', '/api/login', { const res = await request('GET', '/api/admin/users', {
username: 'admin', headers: {
password: 'admin123', Authorization: 'Bearer invalid-token'
captcha: '' // 开发环境可能不需要验证码
});
// 登录可能因为验证码失败,这是预期的
if (res.status === 400 && res.data.message && res.data.message.includes('验证码')) {
warn('登录需要验证码跳过登录测试使用模拟token');
// 使用JWT库生成一个测试token需要知道JWT_SECRET
// 或者直接查询数据库
return;
}
if (res.data.success) {
adminToken = res.data.token;
console.log(' - 获取到管理员token');
} else {
throw new Error(`登录失败: ${res.data.message}`);
}
}
// 3. 用户列表获取
async function testGetUsers() {
if (!adminToken) {
warn('无admin token跳过用户列表测试');
return;
}
const res = await request('GET', '/api/admin/users', null, adminToken);
assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data.success === true, '应返回success: true');
assert(Array.isArray(res.data.users), 'users应为数组');
// 记录测试用户ID
if (res.data.users.length > 1) {
const nonAdminUser = res.data.users.find(u => !u.is_admin);
if (nonAdminUser) {
testUserId = nonAdminUser.id;
} }
} });
}
// 4. 系统设置获取
async function testGetSettings() {
if (!adminToken) {
warn('无admin token跳过系统设置测试');
return;
}
const res = await request('GET', '/api/admin/settings', null, adminToken);
assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data.success === true, '应返回success: true');
assert(res.data.settings !== undefined, '应包含settings对象');
assert(res.data.settings.smtp !== undefined, '应包含smtp配置');
assert(res.data.settings.global_theme !== undefined, '应包含全局主题设置');
}
// 5. 更新系统设置
async function testUpdateSettings() {
if (!adminToken) {
warn('无admin token跳过更新系统设置测试');
return;
}
const res = await request('POST', '/api/admin/settings', {
global_theme: 'dark',
max_upload_size: 10737418240
}, adminToken);
assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data.success === true, '应返回success: true');
}
// 6. 健康检查
async function testHealthCheck() {
if (!adminToken) {
warn('无admin token跳过健康检查测试');
return;
}
const res = await request('GET', '/api/admin/health-check', null, adminToken);
assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data.success === true, '应返回success: true');
assert(res.data.checks !== undefined, '应包含checks数组');
assert(res.data.overallStatus !== undefined, '应包含overallStatus');
assert(res.data.summary !== undefined, '应包含summary');
// 检查各项检测项目
const checkNames = res.data.checks.map(c => c.name);
assert(checkNames.includes('JWT密钥'), '应包含JWT密钥检查');
assert(checkNames.includes('数据库连接'), '应包含数据库连接检查');
assert(checkNames.includes('存储目录'), '应包含存储目录检查');
}
// 7. 存储统计
async function testStorageStats() {
if (!adminToken) {
warn('无admin token跳过存储统计测试');
return;
}
const res = await request('GET', '/api/admin/storage-stats', null, adminToken);
assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data.success === true, '应返回success: true');
assert(res.data.stats !== undefined, '应包含stats对象');
assert(typeof res.data.stats.totalDisk === 'number', 'totalDisk应为数字');
}
// 8. 系统日志获取
async function testGetLogs() {
if (!adminToken) {
warn('无admin token跳过系统日志测试');
return;
}
const res = await request('GET', '/api/admin/logs?page=1&pageSize=10', null, adminToken);
assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data.success === true, '应返回success: true');
assert(Array.isArray(res.data.logs), 'logs应为数组');
assert(typeof res.data.total === 'number', 'total应为数字');
}
// 9. 日志统计
async function testLogStats() {
if (!adminToken) {
warn('无admin token跳过日志统计测试');
return;
}
const res = await request('GET', '/api/admin/logs/stats', null, adminToken);
assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data.success === true, '应返回success: true');
assert(res.data.stats !== undefined, '应包含stats对象');
}
// 10. 分享列表获取
async function testGetShares() {
if (!adminToken) {
warn('无admin token跳过分享列表测试');
return;
}
const res = await request('GET', '/api/admin/shares', null, adminToken);
assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data.success === true, '应返回success: true');
assert(Array.isArray(res.data.shares), 'shares应为数组');
// 记录测试分享ID
if (res.data.shares.length > 0) {
testShareId = res.data.shares[0].id;
}
}
// 11. 安全检查普通用户不能访问管理员API
async function testNonAdminAccess() {
// 使用一个无效的token模拟普通用户
const fakeToken = 'invalid-token';
const res = await request('GET', '/api/admin/users', null, fakeToken);
assert(res.status === 401, `无效token应返回401实际: ${res.status}`); assert(res.status === 401, `无效token应返回401实际: ${res.status}`);
} }
// 12. 安全检查:不能封禁自己 // 3. 管理员登录(基于 Cookie
async function testCannotBanSelf() { async function testAdminLogin() {
if (!adminToken) { await initCsrf(state.adminSession);
warn('无admin token跳过封禁自己测试');
return;
}
// 获取当前管理员ID const res = await request('POST', '/api/login', {
const usersRes = await request('GET', '/api/admin/users', null, adminToken); data: {
const adminUser = usersRes.data.users.find(u => u.is_admin); username: 'admin',
password: 'admin123'
},
session: state.adminSession,
requireCsrf: false
});
if (!adminUser) { assert(res.status === 200, `登录应返回200实际: ${res.status}`);
warn('未找到管理员用户'); assert(res.data && res.data.success === true, `登录失败: ${res.data?.message || 'unknown'}`);
return; assert(!!state.adminSession.cookies.token, '登录后应写入 token Cookie');
}
const res = await request('POST', `/api/admin/users/${adminUser.id}/ban`, { await initCsrf(state.adminSession);
banned: true
}, adminToken);
assert(res.status === 400, `封禁自己应返回400实际: ${res.status}`); const profileRes = await request('GET', '/api/user/profile', {
assert(res.data.message.includes('不能封禁自己'), '应提示不能封禁自己'); session: state.adminSession
});
assert(profileRes.status === 200, `读取profile应返回200实际: ${profileRes.status}`);
assert(profileRes.data?.success === true, '读取profile应成功');
assert(profileRes.data?.user?.is_admin === 1, '登录账号应为管理员');
state.adminUserId = profileRes.data.user.id;
assert(Number.isInteger(state.adminUserId) && state.adminUserId > 0, '应获取管理员ID');
} }
// 13. 安全检查:不能删除自己 // 4. 用户列表获取(分页)
async function testGetUsers() {
const res = await request('GET', '/api/admin/users?paged=1&page=1&pageSize=20&sort=created_desc', {
session: state.adminSession
});
assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data?.success === true, '应返回success: true');
assert(Array.isArray(res.data?.users), 'users应为数组');
assert(!!res.data?.pagination, '分页模式应返回pagination');
}
// 5. 系统设置获取
async function testGetSettings() {
const res = await request('GET', '/api/admin/settings', {
session: state.adminSession
});
assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data?.success === true, '应返回success: true');
assert(res.data?.settings && typeof res.data.settings === 'object', '应包含settings对象');
assert(res.data?.settings?.smtp && typeof res.data.settings.smtp === 'object', '应包含smtp配置');
assert(res.data?.settings?.global_theme !== undefined, '应包含全局主题设置');
state.latestSettings = res.data.settings;
}
// 6. 更新系统设置(写回当前值,避免影响测试环境)
async function testUpdateSettings() {
const current = state.latestSettings || {};
const payload = {
global_theme: current.global_theme || 'dark',
max_upload_size: Number(current.max_upload_size || 10737418240)
};
const res = await request('POST', '/api/admin/settings', {
data: payload,
session: state.adminSession
});
assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data?.success === true, '应返回success: true');
}
// 7. 健康检查
async function testHealthCheck() {
const res = await request('GET', '/api/admin/health-check', {
session: state.adminSession
});
assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data?.success === true, '应返回success: true');
assert(Array.isArray(res.data?.checks), '应包含checks数组');
assert(res.data?.summary && typeof res.data.summary === 'object', '应包含summary');
}
// 8. 存储统计
async function testStorageStats() {
const res = await request('GET', '/api/admin/storage-stats', {
session: state.adminSession
});
assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data?.success === true, '应返回success: true');
assert(res.data?.stats && typeof res.data.stats === 'object', '应包含stats对象');
}
// 9. 系统日志获取
async function testGetLogs() {
const res = await request('GET', '/api/admin/logs?page=1&pageSize=10', {
session: state.adminSession
});
assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data?.success === true, '应返回success: true');
assert(Array.isArray(res.data?.logs), 'logs应为数组');
}
// 10. 日志统计
async function testLogStats() {
const res = await request('GET', '/api/admin/logs/stats', {
session: state.adminSession
});
assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data?.success === true, '应返回success: true');
assert(res.data?.stats && typeof res.data.stats === 'object', '应包含stats对象');
}
// 11. 分享列表获取
async function testGetShares() {
const res = await request('GET', '/api/admin/shares', {
session: state.adminSession
});
assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data?.success === true, '应返回success: true');
assert(Array.isArray(res.data?.shares), 'shares应为数组');
}
// 12. 不能封禁自己
async function testCannotBanSelf() {
assert(state.adminUserId, '管理员ID未初始化');
const res = await request('POST', `/api/admin/users/${state.adminUserId}/ban`, {
data: { banned: true },
session: state.adminSession
});
assert(res.status === 400, `封禁自己应返回400实际: ${res.status}`);
assert(String(res.data?.message || '').includes('不能封禁自己'), '应提示不能封禁自己');
}
// 13. 不能删除自己
async function testCannotDeleteSelf() { async function testCannotDeleteSelf() {
if (!adminToken) { assert(state.adminUserId, '管理员ID未初始化');
warn('无admin token跳过删除自己测试');
return;
}
const usersRes = await request('GET', '/api/admin/users', null, adminToken); const res = await request('DELETE', `/api/admin/users/${state.adminUserId}`, {
const adminUser = usersRes.data.users.find(u => u.is_admin); session: state.adminSession
});
if (!adminUser) {
warn('未找到管理员用户');
return;
}
const res = await request('DELETE', `/api/admin/users/${adminUser.id}`, null, adminToken);
assert(res.status === 400, `删除自己应返回400实际: ${res.status}`); assert(res.status === 400, `删除自己应返回400实际: ${res.status}`);
assert(res.data.message.includes('不能删除自己'), '应提示不能删除自己'); assert(String(res.data?.message || '').includes('不能删除自己'), '应提示不能删除自己');
} }
// 14. 参数验证无效用户ID // 14. 参数验证无效用户ID
async function testInvalidUserId() { async function testInvalidUserId() {
if (!adminToken) {
warn('无admin token跳过无效用户ID测试');
return;
}
const res = await request('POST', '/api/admin/users/invalid/ban', { const res = await request('POST', '/api/admin/users/invalid/ban', {
banned: true data: { banned: true },
}, adminToken); session: state.adminSession
});
assert(res.status === 400, `无效用户ID应返回400实际: ${res.status}`); assert(res.status === 400, `无效用户ID应返回400实际: ${res.status}`);
} }
// 15. 参数验证无效分享ID // 15. 参数验证无效分享ID
async function testInvalidShareId() { async function testInvalidShareId() {
if (!adminToken) { const res = await request('DELETE', '/api/admin/shares/invalid', {
warn('无admin token跳过无效分享ID测试'); session: state.adminSession
return; });
}
const res = await request('DELETE', '/api/admin/shares/invalid', null, adminToken);
assert(res.status === 400, `无效分享ID应返回400实际: ${res.status}`); assert(res.status === 400, `无效分享ID应返回400实际: ${res.status}`);
} }
// 16. 存储权限设置 // 16. 存储权限设置
async function testSetStoragePermission() { async function testSetStoragePermission() {
if (!adminToken || !testUserId) { ensureTestUser();
warn('无admin token或测试用户跳过存储权限测试');
return;
}
const res = await request('POST', `/api/admin/users/${testUserId}/storage-permission`, { const res = await request('POST', `/api/admin/users/${state.testUserId}/storage-permission`, {
storage_permission: 'local_only', data: {
local_storage_quota: 2147483648 // 2GB storage_permission: 'local_only',
}, adminToken); local_storage_quota: 2147483648,
download_traffic_quota: 3221225472
},
session: state.adminSession
});
assert(res.status === 200, `应返回200实际: ${res.status}`); assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data.success === true, '应返回success: true'); assert(res.data?.success === true, '应返回success: true');
} }
// 17. 参数验证:无效的存储权限值 // 17. 参数验证:无效的存储权限值
async function testInvalidStoragePermission() { async function testInvalidStoragePermission() {
if (!adminToken || !testUserId) { ensureTestUser();
warn('无admin token或测试用户跳过无效存储权限测试');
return;
}
const res = await request('POST', `/api/admin/users/${testUserId}/storage-permission`, { const res = await request('POST', `/api/admin/users/${state.testUserId}/storage-permission`, {
storage_permission: 'invalid_permission' data: { storage_permission: 'invalid_permission' },
}, adminToken); session: state.adminSession
});
assert(res.status === 400, `无效存储权限应返回400实际: ${res.status}`); assert(res.status === 400, `无效存储权限应返回400实际: ${res.status}`);
} }
// 18. 主题设置验证 // 18. 主题设置验证
async function testInvalidTheme() { async function testInvalidTheme() {
if (!adminToken) {
warn('无admin token跳过无效主题测试');
return;
}
const res = await request('POST', '/api/admin/settings', { const res = await request('POST', '/api/admin/settings', {
global_theme: 'invalid_theme' data: { global_theme: 'invalid_theme' },
}, adminToken); session: state.adminSession
});
assert(res.status === 400, `无效主题应返回400实际: ${res.status}`); assert(res.status === 400, `无效主题应返回400实际: ${res.status}`);
} }
// 19. 日志清理测试 // 19. 日志清理测试
async function testLogCleanup() { async function testLogCleanup() {
if (!adminToken) {
warn('无admin token跳过日志清理测试');
return;
}
const res = await request('POST', '/api/admin/logs/cleanup', { const res = await request('POST', '/api/admin/logs/cleanup', {
keepDays: 90 data: { keepDays: 90 },
}, adminToken); session: state.adminSession
});
assert(res.status === 200, `应返回200实际: ${res.status}`); assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data.success === true, '应返回success: true'); assert(res.data?.success === true, '应返回success: true');
assert(typeof res.data.deletedCount === 'number', 'deletedCount应为数字'); assert(typeof res.data?.deletedCount === 'number', 'deletedCount应为数字');
} }
// 20. SMTP测试预期失败因为未配置) // 20. SMTP测试未配置时返回400配置后可能200/500
async function testSmtpTest() { async function testSmtpTest() {
if (!adminToken) {
warn('无admin token跳过SMTP测试');
return;
}
const res = await request('POST', '/api/admin/settings/test-smtp', { const res = await request('POST', '/api/admin/settings/test-smtp', {
to: 'test@example.com' data: { to: 'test@example.com' },
}, adminToken); session: state.adminSession
});
// SMTP未配置时应返回400 if (res.status === 400 && String(res.data?.message || '').includes('SMTP未配置')) {
if (res.status === 400 && res.data.message && res.data.message.includes('SMTP未配置')) {
console.log(' - SMTP未配置这是预期的'); console.log(' - SMTP未配置这是预期的');
return; return;
} }
// 如果SMTP已配置可能成功或失败
assert(res.status === 200 || res.status === 500, `应返回200或500实际: ${res.status}`); assert(res.status === 200 || res.status === 500, `应返回200或500实际: ${res.status}`);
} }
// 21. 上传工具检查 // 21. 上传工具配置生成(替代已移除的 /api/admin/check-upload-tool
async function testCheckUploadTool() { async function testGenerateUploadToolConfig() {
if (!adminToken) { const res = await request('POST', '/api/upload/generate-tool', {
warn('无admin token跳过上传工具检查测试'); data: {},
return; session: state.adminSession
} });
const res = await request('GET', '/api/admin/check-upload-tool', null, adminToken);
assert(res.status === 200, `应返回200实际: ${res.status}`); assert(res.status === 200, `应返回200实际: ${res.status}`);
assert(res.data.success === true, '应返回success: true'); assert(res.data?.success === true, '应返回success: true');
assert(typeof res.data.exists === 'boolean', 'exists应为布尔值'); assert(res.data?.config && typeof res.data.config === 'object', '应包含config对象');
assert(typeof res.data?.config?.api_key === 'string' && res.data.config.api_key.length > 0, '应返回有效api_key');
} }
// 22. 用户文件查看 - 无效用户ID验证 // 22. 用户文件查看 - 无效用户ID验证
async function testInvalidUserIdForFiles() { async function testInvalidUserIdForFiles() {
if (!adminToken) { const res = await request('GET', '/api/admin/users/invalid/files', {
warn('无admin token跳过用户文件查看无效ID测试'); session: state.adminSession
return; });
}
const res = await request('GET', '/api/admin/users/invalid/files', null, adminToken);
assert(res.status === 400, `无效用户ID应返回400实际: ${res.status}`); assert(res.status === 400, `无效用户ID应返回400实际: ${res.status}`);
} }
// 23. 删除用户 - 无效用户ID验证 // 23. 删除用户 - 无效用户ID验证
async function testInvalidUserIdForDelete() { async function testInvalidUserIdForDelete() {
if (!adminToken) { const res = await request('DELETE', '/api/admin/users/invalid', {
warn('无admin token跳过删除用户无效ID测试'); session: state.adminSession
return; });
}
const res = await request('DELETE', '/api/admin/users/invalid', null, adminToken);
assert(res.status === 400, `无效用户ID应返回400实际: ${res.status}`); assert(res.status === 400, `无效用户ID应返回400实际: ${res.status}`);
} }
// 24. 存储权限设置 - 无效用户ID验证 // 24. 存储权限设置 - 无效用户ID验证
async function testInvalidUserIdForPermission() { async function testInvalidUserIdForPermission() {
if (!adminToken) {
warn('无admin token跳过存储权限无效ID测试');
return;
}
const res = await request('POST', '/api/admin/users/invalid/storage-permission', { const res = await request('POST', '/api/admin/users/invalid/storage-permission', {
storage_permission: 'local_only' data: {
}, adminToken); storage_permission: 'local_only'
},
session: state.adminSession
});
assert(res.status === 400, `无效用户ID应返回400实际: ${res.status}`); assert(res.status === 400, `无效用户ID应返回400实际: ${res.status}`);
} }
// 主测试函数
async function runTests() { async function runTests() {
console.log('========================================'); console.log('========================================');
console.log('管理员功能完整性测试'); console.log('管理员功能完整性测试Cookie + CSRF');
console.log('========================================\n'); console.log('========================================\n');
// 先尝试直接使用数据库获取token
try {
const jwt = require('jsonwebtoken');
const { UserDB } = require('./database');
require('dotenv').config();
const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key-change-in-production';
const adminUser = UserDB.findByUsername('admin');
if (adminUser) {
adminToken = jwt.sign(
{
id: adminUser.id,
username: adminUser.username,
is_admin: adminUser.is_admin,
type: 'access'
},
JWT_SECRET,
{ expiresIn: '2h' }
);
console.log('[INFO] 已通过数据库直接生成管理员token\n');
}
} catch (e) {
console.log('[INFO] 无法直接生成token将尝试登录: ' + e.message + '\n');
}
// 安全检查测试
console.log('\n--- 安全检查 ---'); console.log('\n--- 安全检查 ---');
await test('未认证访问应被拒绝', testUnauthorizedAccess); await test('未认证访问应被拒绝', testUnauthorizedAccess);
await test('无效token应被拒绝', testNonAdminAccess); await test('无效token应被拒绝', testInvalidTokenAccess);
// 如果还没有token尝试登录 await test('管理员登录', testAdminLogin);
if (!adminToken) {
await test('管理员登录', testAdminLogin);
}
// 用户管理测试
console.log('\n--- 用户管理 ---'); console.log('\n--- 用户管理 ---');
await test('获取用户列表', testGetUsers); await test('获取用户列表', testGetUsers);
await test('不能封禁自己', testCannotBanSelf); await test('不能封禁自己', testCannotBanSelf);
@@ -509,19 +526,16 @@ async function runTests() {
await test('设置存储权限', testSetStoragePermission); await test('设置存储权限', testSetStoragePermission);
await test('无效存储权限验证', testInvalidStoragePermission); await test('无效存储权限验证', testInvalidStoragePermission);
// 系统设置测试
console.log('\n--- 系统设置 ---'); console.log('\n--- 系统设置 ---');
await test('获取系统设置', testGetSettings); await test('获取系统设置', testGetSettings);
await test('更新系统设置', testUpdateSettings); await test('更新系统设置', testUpdateSettings);
await test('无效主题验证', testInvalidTheme); await test('无效主题验证', testInvalidTheme);
await test('SMTP测试', testSmtpTest); await test('SMTP测试', testSmtpTest);
// 分享管理测试
console.log('\n--- 分享管理 ---'); console.log('\n--- 分享管理 ---');
await test('获取分享列表', testGetShares); await test('获取分享列表', testGetShares);
await test('无效分享ID验证', testInvalidShareId); await test('无效分享ID验证', testInvalidShareId);
// 系统监控测试
console.log('\n--- 系统监控 ---'); console.log('\n--- 系统监控 ---');
await test('健康检查', testHealthCheck); await test('健康检查', testHealthCheck);
await test('存储统计', testStorageStats); await test('存储统计', testStorageStats);
@@ -529,17 +543,16 @@ async function runTests() {
await test('日志统计', testLogStats); await test('日志统计', testLogStats);
await test('日志清理', testLogCleanup); await test('日志清理', testLogCleanup);
// 其他功能测试
console.log('\n--- 其他功能 ---'); console.log('\n--- 其他功能 ---');
await test('上传工具检查', testCheckUploadTool); await test('上传工具配置生成', testGenerateUploadToolConfig);
// 参数验证增强测试
console.log('\n--- 参数验证增强 ---'); console.log('\n--- 参数验证增强 ---');
await test('用户文件查看无效ID验证', testInvalidUserIdForFiles); await test('用户文件查看无效ID验证', testInvalidUserIdForFiles);
await test('删除用户无效ID验证', testInvalidUserIdForDelete); await test('删除用户无效ID验证', testInvalidUserIdForDelete);
await test('存储权限设置无效ID验证', testInvalidUserIdForPermission); await test('存储权限设置无效ID验证', testInvalidUserIdForPermission);
// 输出测试结果 cleanupTestUser();
console.log('\n========================================'); console.log('\n========================================');
console.log('测试结果汇总'); console.log('测试结果汇总');
console.log('========================================'); console.log('========================================');
@@ -549,26 +562,25 @@ async function runTests() {
if (testResults.failed.length > 0) { if (testResults.failed.length > 0) {
console.log('\n失败的测试:'); console.log('\n失败的测试:');
testResults.failed.forEach(f => { for (const f of testResults.failed) {
console.log(` - ${f.name}: ${f.error}`); console.log(` - ${f.name}: ${f.error}`);
}); }
} }
if (testResults.warnings.length > 0) { if (testResults.warnings.length > 0) {
console.log('\n警告:'); console.log('\n警告:');
testResults.warnings.forEach(w => { for (const w of testResults.warnings) {
console.log(` - ${w}`); console.log(` - ${w}`);
}); }
} }
console.log('\n========================================'); console.log('\n========================================');
// 返回退出码
process.exit(testResults.failed.length > 0 ? 1 : 0); process.exit(testResults.failed.length > 0 ? 1 : 0);
} }
// 运行测试 runTests().catch((error) => {
runTests().catch(err => { cleanupTestUser();
console.error('测试执行错误:', err); console.error('测试执行异常:', error);
process.exit(1); process.exit(1);
}); });

368
backend/test_share_edge_cases.js
View File

@@ -1,15 +1,21 @@
/** /**
* 分享功能边界条件深度测试 * 分享功能边界条件深度测试(兼容 Cookie + CSRF
* *
* 测试场景: * 测试场景
* 1. 已过期的分享 * 1. 已过期的分享
* 2. 分享者被删除 * 2. 分享文件不存在
* 3. 存储类型切换后的分享 * 3. 被封禁用户的分享
* 4. 路径遍历攻击 * 4. 路径遍历攻击
* 5. 并发访问限流 * 5. 特殊字符路径
* 6. 并发密码尝试
* 7. 分享统计
* 8. 分享码唯一性
* 9. 过期时间格式
*/ */
const http = require('http'); const http = require('http');
const https = require('https');
const bcrypt = require('bcryptjs');
const { db, ShareDB, UserDB } = require('./database'); const { db, ShareDB, UserDB } = require('./database');
const BASE_URL = process.env.TEST_BASE_URL || 'http://127.0.0.1:40001'; const BASE_URL = process.env.TEST_BASE_URL || 'http://127.0.0.1:40001';
@@ -20,45 +26,129 @@ const results = {
errors: [] errors: []
}; };
// HTTP 请求工具 const adminSession = {
function request(method, path, data = null, headers = {}) { cookies: {},
csrfToken: ''
};
let adminUserId = 1;
function makeCookieHeader(cookies) {
return Object.entries(cookies || {})
.map(([k, v]) => `${k}=${v}`)
.join('; ');
}
function storeSetCookies(session, setCookieHeader) {
if (!session || !setCookieHeader) return;
const list = Array.isArray(setCookieHeader) ? setCookieHeader : [setCookieHeader];
for (const raw of list) {
const first = String(raw || '').split(';')[0];
const idx = first.indexOf('=');
if (idx <= 0) continue;
const key = first.slice(0, idx).trim();
const value = first.slice(idx + 1).trim();
session.cookies[key] = value;
if (key === 'csrf_token') {
session.csrfToken = value;
}
}
}
function isSafeMethod(method) {
const upper = String(method || '').toUpperCase();
return upper === 'GET' || upper === 'HEAD' || upper === 'OPTIONS';
}
function request(method, path, options = {}) {
const {
data = null,
session = null,
headers = {},
requireCsrf = true
} = options;
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
const url = new URL(path, BASE_URL); const url = new URL(path, BASE_URL);
const port = url.port ? parseInt(url.port, 10) : 80; const transport = url.protocol === 'https:' ? https : http;
const options = { const requestHeaders = { ...headers };
hostname: url.hostname,
port: port, if (session) {
path: url.pathname + url.search, const cookieHeader = makeCookieHeader(session.cookies);
method: method, if (cookieHeader) {
headers: { requestHeaders.Cookie = cookieHeader;
'Content-Type': 'application/json',
...headers
} }
};
const req = http.request(options, (res) => { if (requireCsrf && !isSafeMethod(method)) {
let body = ''; const csrfToken = session.csrfToken || session.cookies.csrf_token;
res.on('data', chunk => body += chunk); if (csrfToken) {
res.on('end', () => { requestHeaders['X-CSRF-Token'] = csrfToken;
try {
const json = JSON.parse(body);
resolve({ status: res.statusCode, data: json, headers: res.headers });
} catch (e) {
resolve({ status: res.statusCode, data: body, headers: res.headers });
} }
}
}
let payload = null;
if (data !== null && data !== undefined) {
payload = JSON.stringify(data);
requestHeaders['Content-Type'] = 'application/json';
requestHeaders['Content-Length'] = Buffer.byteLength(payload);
}
const req = transport.request({
protocol: url.protocol,
hostname: url.hostname,
port: url.port || (url.protocol === 'https:' ? 443 : 80),
path: url.pathname + url.search,
method,
headers: requestHeaders
}, (res) => {
let body = '';
res.on('data', chunk => {
body += chunk;
});
res.on('end', () => {
if (session) {
storeSetCookies(session, res.headers['set-cookie']);
}
let parsed = body;
try {
parsed = body ? JSON.parse(body) : {};
} catch (e) {
// keep raw text
}
resolve({
status: res.statusCode,
data: parsed,
headers: res.headers
});
}); });
}); });
req.on('error', reject); req.on('error', reject);
if (data) { if (payload) {
req.write(JSON.stringify(data)); req.write(payload);
} }
req.end(); req.end();
}); });
} }
async function initCsrf(session) {
const res = await request('GET', '/api/csrf-token', {
session,
requireCsrf: false
});
if (res.status === 200 && res.data && res.data.csrfToken) {
session.csrfToken = res.data.csrfToken;
}
return res;
}
function assert(condition, message) { function assert(condition, message) {
if (condition) { if (condition) {
results.passed++; results.passed++;
@@ -70,41 +160,48 @@ function assert(condition, message) {
} }
} }
// ===== 测试用例 ===== function createValidShareCode(prefix = '') {
for (let i = 0; i < 20; i++) {
const generated = ShareDB.generateShareCode();
const code = (prefix + generated).replace(/[^A-Za-z0-9]/g, '').slice(0, 16);
if (!code || code.length < 6) continue;
const exists = db.prepare('SELECT 1 FROM shares WHERE share_code = ?').get(code);
if (!exists) return code;
}
return ShareDB.generateShareCode();
}
async function testExpiredShare() { async function testExpiredShare() {
console.log('\n[测试] 已过期的分享...'); console.log('\n[测试] 已过期的分享...');
// 直接在数据库中创建一个已过期的分享 const expiredShareCode = createValidShareCode('E');
const expiredShareCode = 'expired_' + Date.now();
try { try {
// 插入一个已过期的分享(过期时间设为昨天)
const yesterday = new Date(); const yesterday = new Date();
yesterday.setDate(yesterday.getDate() - 1); yesterday.setDate(yesterday.getDate() - 1);
const expiresAt = yesterday.toISOString().replace('T', ' ').substring(0, 19); const expiresAt = yesterday.toISOString().replace('T', ' ').substring(0, 19);
db.prepare(` db.prepare(`
INSERT INTO shares (user_id, share_code, share_path, share_type, expires_at) INSERT INTO shares (user_id, share_code, share_path, share_type, storage_type, expires_at)
VALUES (?, ?, ?, ?, ?) VALUES (?, ?, ?, ?, ?, ?)
`).run(1, expiredShareCode, '/expired-test.txt', 'file', expiresAt); `).run(adminUserId, expiredShareCode, '/expired-test.txt', 'file', 'local', expiresAt);
console.log(` 创建过期分享: ${expiredShareCode}, 过期时间: ${expiresAt}`); console.log(` 创建过期分享: ${expiredShareCode}, 过期时间: ${expiresAt}`);
// 尝试访问过期分享 const res = await request('POST', `/api/share/${expiredShareCode}/verify`, {
const res = await request('POST', `/api/share/${expiredShareCode}/verify`, {}); data: {},
requireCsrf: false
});
assert(res.status === 404, `过期分享应返回 404, 实际: ${res.status}`); assert(res.status === 404, `过期分享应返回 404, 实际: ${res.status}`);
assert(res.data.message === '分享不存在', '应提示分享不存在'); assert(res.data && res.data.message === '分享不存在', '应提示分享不存在');
// 清理测试数据
db.prepare('DELETE FROM shares WHERE share_code = ?').run(expiredShareCode); db.prepare('DELETE FROM shares WHERE share_code = ?').run(expiredShareCode);
return true; return true;
} catch (error) { } catch (error) {
console.log(` [ERROR] ${error.message}`); console.log(` [ERROR] ${error.message}`);
results.failed++; results.failed++;
// 清理
db.prepare('DELETE FROM shares WHERE share_code = ?').run(expiredShareCode); db.prepare('DELETE FROM shares WHERE share_code = ?').run(expiredShareCode);
return false; return false;
} }
@@ -113,32 +210,27 @@ async function testExpiredShare() {
async function testShareWithDeletedFile() { async function testShareWithDeletedFile() {
console.log('\n[测试] 分享的文件不存在...'); console.log('\n[测试] 分享的文件不存在...');
// 创建一个指向不存在文件的分享 const shareCode = createValidShareCode('N');
const shareCode = 'nofile_' + Date.now();
try { try {
db.prepare(` db.prepare(`
INSERT INTO shares (user_id, share_code, share_path, share_type, storage_type) INSERT INTO shares (user_id, share_code, share_path, share_type, storage_type)
VALUES (?, ?, ?, ?, ?) VALUES (?, ?, ?, ?, ?)
`).run(1, shareCode, '/non_existent_file_xyz.txt', 'file', 'local'); `).run(adminUserId, shareCode, '/non_existent_file_xyz.txt', 'file', 'local');
console.log(` 创建分享: ${shareCode}, 路径: /non_existent_file_xyz.txt`); console.log(` 创建分享: ${shareCode}, 路径: /non_existent_file_xyz.txt`);
// 访问分享 const res = await request('POST', `/api/share/${shareCode}/verify`, {
const res = await request('POST', `/api/share/${shareCode}/verify`, {}); data: {},
requireCsrf: false
});
// 应该返回错误(文件不存在) assert(res.status === 500 || res.status === 200, `应返回500或200实际: ${res.status}`);
// 注意verify 接口在缓存未命中时会查询存储
if (res.status === 500) { if (res.status === 500) {
assert(res.data.message && res.data.message.includes('不存在'), '应提示文件不存在'); assert(!!res.data?.message, '500时应返回错误消息');
} else if (res.status === 200) {
// 如果成功返回file 字段应该没有正确的文件信息
console.log(` [INFO] verify 返回 200检查文件信息`);
} }
// 清理
db.prepare('DELETE FROM shares WHERE share_code = ?').run(shareCode); db.prepare('DELETE FROM shares WHERE share_code = ?').run(shareCode);
return true; return true;
} catch (error) { } catch (error) {
console.log(` [ERROR] ${error.message}`); console.log(` [ERROR] ${error.message}`);
@@ -150,20 +242,17 @@ async function testShareWithDeletedFile() {
async function testShareByBannedUser() { async function testShareByBannedUser() {
console.log('\n[测试] 被封禁用户的分享...'); console.log('\n[测试] 被封禁用户的分享...');
// 创建测试用户
let testUserId = null; let testUserId = null;
const shareCode = 'banned_' + Date.now(); const shareCode = createValidShareCode('B');
try { try {
// 创建测试用户
testUserId = UserDB.create({ testUserId = UserDB.create({
username: 'test_banned_' + Date.now(), username: `test_banned_${Date.now()}`,
email: `test_banned_${Date.now()}@test.com`, email: `test_banned_${Date.now()}@test.com`,
password: 'test123', password: 'test123',
is_verified: 1 is_verified: 1
}); });
// 创建分享
db.prepare(` db.prepare(`
INSERT INTO shares (user_id, share_code, share_path, share_type, storage_type) INSERT INTO shares (user_id, share_code, share_path, share_type, storage_type)
VALUES (?, ?, ?, ?, ?) VALUES (?, ?, ?, ?, ?)
@@ -172,21 +261,16 @@ async function testShareByBannedUser() {
console.log(` 创建测试用户 ID: ${testUserId}`); console.log(` 创建测试用户 ID: ${testUserId}`);
console.log(` 创建分享: ${shareCode}`); console.log(` 创建分享: ${shareCode}`);
// 封禁用户
UserDB.setBanStatus(testUserId, true); UserDB.setBanStatus(testUserId, true);
console.log(` 封禁用户: ${testUserId}`); console.log(` 封禁用户: ${testUserId}`);
// 访问分享 const res = await request('POST', `/api/share/${shareCode}/verify`, {
const res = await request('POST', `/api/share/${shareCode}/verify`, {}); data: {},
requireCsrf: false
});
// 当前实现:被封禁用户的分享仍然可以访问
// 如果需要阻止,应该在 ShareDB.findByCode 中检查用户状态
console.log(` 被封禁用户分享访问状态码: ${res.status}`); console.log(` 被封禁用户分享访问状态码: ${res.status}`);
// 注意:这里可能是一个潜在的功能增强点
// 如果希望被封禁用户的分享也被禁止访问,需要修改代码
// 清理
db.prepare('DELETE FROM shares WHERE share_code = ?').run(shareCode); db.prepare('DELETE FROM shares WHERE share_code = ?').run(shareCode);
UserDB.delete(testUserId); UserDB.delete(testUserId);
@@ -203,16 +287,14 @@ async function testShareByBannedUser() {
async function testPathTraversalAttacks() { async function testPathTraversalAttacks() {
console.log('\n[测试] 路径遍历攻击防护...'); console.log('\n[测试] 路径遍历攻击防护...');
// 创建测试分享 const shareCode = createValidShareCode('T');
const shareCode = 'traverse_' + Date.now();
try { try {
db.prepare(` db.prepare(`
INSERT INTO shares (user_id, share_code, share_path, share_type, storage_type) INSERT INTO shares (user_id, share_code, share_path, share_type, storage_type)
VALUES (?, ?, ?, ?, ?) VALUES (?, ?, ?, ?, ?)
`).run(1, shareCode, '/allowed-folder', 'directory', 'local'); `).run(adminUserId, shareCode, '/allowed-folder', 'directory', 'local');
// 测试各种路径遍历攻击
const attackPaths = [ const attackPaths = [
'../../../etc/passwd', '../../../etc/passwd',
'..\\..\\..\\etc\\passwd', '..\\..\\..\\etc\\passwd',
@@ -225,7 +307,10 @@ async function testPathTraversalAttacks() {
let blocked = 0; let blocked = 0;
for (const attackPath of attackPaths) { for (const attackPath of attackPaths) {
const res = await request('POST', `/api/share/${shareCode}/download-url`, { path: attackPath }); const res = await request('POST', `/api/share/${shareCode}/download-url`, {
data: { path: attackPath },
requireCsrf: false
});
if (res.status === 403 || res.status === 400) { if (res.status === 403 || res.status === 400) {
blocked++; blocked++;
@@ -237,9 +322,7 @@ async function testPathTraversalAttacks() {
assert(blocked >= attackPaths.length - 1, `路径遍历攻击应被阻止 (${blocked}/${attackPaths.length})`); assert(blocked >= attackPaths.length - 1, `路径遍历攻击应被阻止 (${blocked}/${attackPaths.length})`);
// 清理
db.prepare('DELETE FROM shares WHERE share_code = ?').run(shareCode); db.prepare('DELETE FROM shares WHERE share_code = ?').run(shareCode);
return true; return true;
} catch (error) { } catch (error) {
console.log(` [ERROR] ${error.message}`); console.log(` [ERROR] ${error.message}`);
@@ -251,7 +334,12 @@ async function testPathTraversalAttacks() {
async function testSpecialCharactersInPath() { async function testSpecialCharactersInPath() {
console.log('\n[测试] 特殊字符路径处理...'); console.log('\n[测试] 特殊字符路径处理...');
// 测试创建包含特殊字符的分享 if (!adminSession.cookies.token) {
console.log(' [WARN] 未登录,跳过特殊字符路径测试');
assert(true, '未登录时跳过特殊字符路径测试');
return true;
}
const specialPaths = [ const specialPaths = [
'/文件夹/中文文件.txt', '/文件夹/中文文件.txt',
'/folder with spaces/file.txt', '/folder with spaces/file.txt',
@@ -262,28 +350,35 @@ async function testSpecialCharactersInPath() {
let handled = 0; let handled = 0;
for (const path of specialPaths) { for (const virtualPath of specialPaths) {
try { try {
const res = await request('POST', '/api/share/create', { const createRes = await request('POST', '/api/share/create', {
share_type: 'file', data: {
file_path: path share_type: 'file',
}, { Cookie: authCookie }); file_path: virtualPath
},
session: adminSession
});
if (res.status === 200 || res.status === 400) { if (createRes.status === 200 || createRes.status === 400) {
handled++; handled++;
console.log(` [OK] ${path.substring(0, 30)}... - 状态: ${res.status}`); console.log(` [OK] ${virtualPath.substring(0, 30)}... - 状态: ${createRes.status}`);
// 如果创建成功,清理 if (createRes.status === 200 && createRes.data?.share_code) {
if (res.data.share_code) { const mySharesRes = await request('GET', '/api/share/my', {
const myShares = await request('GET', '/api/share/my', null, { Cookie: authCookie }); session: adminSession
const share = myShares.data.shares?.find(s => s.share_code === res.data.share_code); });
const share = mySharesRes.data?.shares?.find(s => s.share_code === createRes.data.share_code);
if (share) { if (share) {
await request('DELETE', `/api/share/${share.id}`, null, { Cookie: authCookie }); await request('DELETE', `/api/share/${share.id}`, {
session: adminSession
});
} }
} }
} }
} catch (error) { } catch (error) {
console.log(` [ERROR] ${path}: ${error.message}`); console.log(` [ERROR] ${virtualPath}: ${error.message}`);
} }
} }
@@ -294,36 +389,33 @@ async function testSpecialCharactersInPath() {
async function testConcurrentPasswordAttempts() { async function testConcurrentPasswordAttempts() {
console.log('\n[测试] 并发密码尝试限流...'); console.log('\n[测试] 并发密码尝试限流...');
// 创建一个带密码的分享 const shareCode = createValidShareCode('C');
const shareCode = 'concurrent_' + Date.now();
try { try {
// 使用 bcrypt 哈希密码
const bcrypt = require('bcryptjs');
const hashedPassword = bcrypt.hashSync('correct123', 10); const hashedPassword = bcrypt.hashSync('correct123', 10);
db.prepare(` db.prepare(`
INSERT INTO shares (user_id, share_code, share_path, share_type, share_password, storage_type) INSERT INTO shares (user_id, share_code, share_path, share_type, share_password, storage_type)
VALUES (?, ?, ?, ?, ?, ?) VALUES (?, ?, ?, ?, ?, ?)
`).run(1, shareCode, '/test.txt', 'file', hashedPassword, 'local'); `).run(adminUserId, shareCode, '/test.txt', 'file', hashedPassword, 'local');
// 发送大量并发错误密码请求
const promises = []; const promises = [];
for (let i = 0; i < 20; i++) { for (let i = 0; i < 20; i++) {
promises.push(request('POST', `/api/share/${shareCode}/verify`, { promises.push(
password: 'wrong' + i request('POST', `/api/share/${shareCode}/verify`, {
})); data: { password: `wrong${i}` },
requireCsrf: false
})
);
} }
const results = await Promise.all(promises); const responses = await Promise.all(promises);
// 检查是否有请求被限流 const rateLimited = responses.filter(r => r.status === 429).length;
const rateLimited = results.filter(r => r.status === 429).length; const unauthorized = responses.filter(r => r.status === 401).length;
const unauthorized = results.filter(r => r.status === 401).length;
console.log(` 并发请求: 20, 限流: ${rateLimited}, 401错误: ${unauthorized}`); console.log(` 并发请求: 20, 限流: ${rateLimited}, 401错误: ${unauthorized}`);
// 注意:限流是否触发取决于配置
if (rateLimited > 0) { if (rateLimited > 0) {
assert(true, '限流机制生效'); assert(true, '限流机制生效');
} else { } else {
@@ -331,9 +423,7 @@ async function testConcurrentPasswordAttempts() {
assert(true, '并发测试完成'); assert(true, '并发测试完成');
} }
// 清理
db.prepare('DELETE FROM shares WHERE share_code = ?').run(shareCode); db.prepare('DELETE FROM shares WHERE share_code = ?').run(shareCode);
return true; return true;
} catch (error) { } catch (error) {
console.log(` [ERROR] ${error.message}`); console.log(` [ERROR] ${error.message}`);
@@ -345,25 +435,28 @@ async function testConcurrentPasswordAttempts() {
async function testShareStatistics() { async function testShareStatistics() {
console.log('\n[测试] 分享统计功能...'); console.log('\n[测试] 分享统计功能...');
const shareCode = 'stats_' + Date.now(); const shareCode = createValidShareCode('S');
try { try {
db.prepare(` db.prepare(`
INSERT INTO shares (user_id, share_code, share_path, share_type, storage_type, view_count, download_count) INSERT INTO shares (user_id, share_code, share_path, share_type, storage_type, view_count, download_count)
VALUES (?, ?, ?, ?, ?, ?, ?) VALUES (?, ?, ?, ?, ?, ?, ?)
`).run(1, shareCode, '/test.txt', 'file', 'local', 0, 0); `).run(adminUserId, shareCode, '/test.txt', 'file', 'local', 0, 0);
// 验证多次(增加查看次数)
for (let i = 0; i < 3; i++) { for (let i = 0; i < 3; i++) {
await request('POST', `/api/share/${shareCode}/verify`, {}); await request('POST', `/api/share/${shareCode}/verify`, {
data: {},
requireCsrf: false
});
} }
// 记录下载次数
for (let i = 0; i < 2; i++) { for (let i = 0; i < 2; i++) {
await request('POST', `/api/share/${shareCode}/download`, {}); await request('POST', `/api/share/${shareCode}/download`, {
data: {},
requireCsrf: false
});
} }
// 检查统计数据
const share = db.prepare('SELECT view_count, download_count FROM shares WHERE share_code = ?').get(shareCode); const share = db.prepare('SELECT view_count, download_count FROM shares WHERE share_code = ?').get(shareCode);
assert(share.view_count === 3, `查看次数应为 3, 实际: ${share.view_count}`); assert(share.view_count === 3, `查看次数应为 3, 实际: ${share.view_count}`);
@@ -371,9 +464,7 @@ async function testShareStatistics() {
console.log(` 查看次数: ${share.view_count}, 下载次数: ${share.download_count}`); console.log(` 查看次数: ${share.view_count}, 下载次数: ${share.download_count}`);
// 清理
db.prepare('DELETE FROM shares WHERE share_code = ?').run(shareCode); db.prepare('DELETE FROM shares WHERE share_code = ?').run(shareCode);
return true; return true;
} catch (error) { } catch (error) {
console.log(` [ERROR] ${error.message}`); console.log(` [ERROR] ${error.message}`);
@@ -386,12 +477,10 @@ async function testShareCodeUniqueness() {
console.log('\n[测试] 分享码唯一性...'); console.log('\n[测试] 分享码唯一性...');
try { try {
// 创建多个分享,检查分享码是否唯一
const codes = new Set(); const codes = new Set();
for (let i = 0; i < 10; i++) { for (let i = 0; i < 10; i++) {
const code = ShareDB.generateShareCode(); const code = ShareDB.generateShareCode();
if (codes.has(code)) { if (codes.has(code)) {
console.log(` [WARN] 发现重复分享码: ${code}`); console.log(` [WARN] 发现重复分享码: ${code}`);
} }
@@ -401,7 +490,6 @@ async function testShareCodeUniqueness() {
assert(codes.size === 10, `应生成 10 个唯一分享码, 实际: ${codes.size}`); assert(codes.size === 10, `应生成 10 个唯一分享码, 实际: ${codes.size}`);
console.log(` 生成了 ${codes.size} 个唯一分享码`); console.log(` 生成了 ${codes.size} 个唯一分享码`);
// 检查分享码长度和字符
const sampleCode = ShareDB.generateShareCode(); const sampleCode = ShareDB.generateShareCode();
assert(sampleCode.length === 8, `分享码长度应为 8, 实际: ${sampleCode.length}`); assert(sampleCode.length === 8, `分享码长度应为 8, 实际: ${sampleCode.length}`);
assert(/^[a-zA-Z0-9]+$/.test(sampleCode), '分享码应只包含字母数字'); assert(/^[a-zA-Z0-9]+$/.test(sampleCode), '分享码应只包含字母数字');
@@ -417,11 +505,10 @@ async function testExpiryTimeFormat() {
console.log('\n[测试] 过期时间格式...'); console.log('\n[测试] 过期时间格式...');
try { try {
// 测试不同的过期天数
const testDays = [1, 7, 30, 365]; const testDays = [1, 7, 30, 365];
for (const days of testDays) { for (const days of testDays) {
const result = ShareDB.create(1, { const result = ShareDB.create(adminUserId, {
share_type: 'file', share_type: 'file',
file_path: `/test_${days}_days.txt`, file_path: `/test_${days}_days.txt`,
expiry_days: days expiry_days: days
@@ -429,15 +516,12 @@ async function testExpiryTimeFormat() {
const share = db.prepare('SELECT expires_at FROM shares WHERE share_code = ?').get(result.share_code); const share = db.prepare('SELECT expires_at FROM shares WHERE share_code = ?').get(result.share_code);
// 验证过期时间格式
const expiresAt = new Date(share.expires_at); const expiresAt = new Date(share.expires_at);
const now = new Date(); const now = new Date();
const diffDays = Math.round((expiresAt - now) / (1000 * 60 * 60 * 24)); const diffDays = Math.round((expiresAt - now) / (1000 * 60 * 60 * 24));
// 允许1天的误差由于时区等因素
assert(Math.abs(diffDays - days) <= 1, `${days}天过期应正确设置, 实际差异: ${diffDays}`); assert(Math.abs(diffDays - days) <= 1, `${days}天过期应正确设置, 实际差异: ${diffDays}`);
// 清理
db.prepare('DELETE FROM shares WHERE share_code = ?').run(result.share_code); db.prepare('DELETE FROM shares WHERE share_code = ?').run(result.share_code);
} }
@@ -448,28 +532,37 @@ async function testExpiryTimeFormat() {
} }
} }
// 全局认证 Cookie
let authCookie = '';
async function login() { async function login() {
console.log('\n[准备] 登录获取认证...'); console.log('\n[准备] 登录获取认证...');
try { try {
await initCsrf(adminSession);
const res = await request('POST', '/api/login', { const res = await request('POST', '/api/login', {
username: 'admin', data: {
password: 'admin123' username: 'admin',
password: 'admin123'
},
session: adminSession,
requireCsrf: false
}); });
if (res.status === 200 && res.data.success) { if (res.status === 200 && res.data?.success && adminSession.cookies.token) {
const setCookie = res.headers['set-cookie']; await initCsrf(adminSession);
if (setCookie) {
authCookie = setCookie.map(c => c.split(';')[0]).join('; '); const profileRes = await request('GET', '/api/user/profile', {
console.log(' 认证成功'); session: adminSession
return true; });
if (profileRes.status === 200 && profileRes.data?.user?.id) {
adminUserId = profileRes.data.user.id;
} }
console.log(' 认证成功');
return true;
} }
console.log(' 认证失败'); console.log(` 认证失败: status=${res.status}, message=${res.data?.message || 'unknown'}`);
return false; return false;
} catch (error) { } catch (error) {
console.log(` [ERROR] ${error.message}`); console.log(` [ERROR] ${error.message}`);
@@ -477,20 +570,16 @@ async function login() {
} }
} }
// ===== 主测试流程 =====
async function runTests() { async function runTests() {
console.log('========================================'); console.log('========================================');
console.log(' 分享功能边界条件深度测试'); console.log(' 分享功能边界条件深度测试Cookie + CSRF');
console.log('========================================'); console.log('========================================');
// 登录
const loggedIn = await login(); const loggedIn = await login();
if (!loggedIn) { if (!loggedIn) {
console.log('\n[WARN] 登录失败,部分测试可能无法执行'); console.log('\n[WARN] 登录失败,部分测试可能无法执行');
} }
// 运行测试
await testExpiredShare(); await testExpiredShare();
await testShareWithDeletedFile(); await testShareWithDeletedFile();
await testShareByBannedUser(); await testShareByBannedUser();
@@ -501,7 +590,6 @@ async function runTests() {
await testShareCodeUniqueness(); await testShareCodeUniqueness();
await testExpiryTimeFormat(); await testExpiryTimeFormat();
// 结果统计
console.log('\n========================================'); console.log('\n========================================');
console.log(' 测试结果统计'); console.log(' 测试结果统计');
console.log('========================================'); console.log('========================================');

24
desktop-client/.gitignore vendored Normal file
View File

@@ -0,0 +1,24 @@
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
pnpm-debug.log*
lerna-debug.log*
node_modules
dist
dist-ssr
*.local
# Editor directories and files
.vscode/*
!.vscode/extensions.json
.idea
.DS_Store
*.suo
*.ntvs*
*.njsproj
*.sln
*.sw?

118
desktop-client/README.md Normal file
View File

@@ -0,0 +1,118 @@
# 玩玩云桌面客户端Tauri + Vue + TypeScript
这是玩玩云网盘的桌面端,基于 `Tauri 2 + Vue 3 + TypeScript` 开发。
默认对接地址:`https://cs.workyai.cn`
## 功能概览
- 账号登录(复用网页端账号体系)
- 文件列表浏览、目录切换、全局搜索
- 新建文件夹、重命名、删除
- 分享链接 / 直链创建与管理
- 下载(支持断点续传)
- 本地目录同步(手动/定时)
- 客户端版本检测与更新下载
## 环境要求
- Node.js 18+(建议 20 LTS
- Rust stable建议通过 `rustup` 安装)
- Tauri CLI项目已在 `package.json` 中声明)
可选Linux 交叉编译 Windows 时还需要:
- `mingw-w64`
- `nsis`
## 开发运行
```bash
cd desktop-client
npm install
npm run tauri dev
```
## 对接你的网盘后端
### 1. 修改 API 基础地址
当前默认地址在 `desktop-client/src/App.vue`
- `appConfig.baseUrl`(默认 `https://cs.workyai.cn`
改成你的服务地址后重新运行/打包。
### 2. 后端需提供的核心接口
桌面端通过现有 Web API 工作,至少需要这些接口:
- `POST /api/login`
- `POST /api/logout`
- `GET /api/user/profile`
- `GET /api/files`
- `GET /api/files/search`
- `POST /api/files/mkdir`
- `POST /api/files/rename`
- `POST /api/files/delete`
- `POST /api/share/create`
- `GET /api/share/my`
- `DELETE /api/share/:id`
- `POST /api/direct-link/create`
- `GET /api/client/desktop-update`
- 分片上传相关接口(客户端走 `api_upload_file_resumable`
### 3. 鉴权与跨域要求
- 使用 Cookie / Session 鉴权
- 服务端允许桌面端跨域并携带凭据credentials
- 建议启用 HTTPS
## 构建打包
```bash
cd desktop-client
npm install
npm run tauri build
```
构建产物示例:
- `desktop-client/src-tauri/target/release/bundle/nsis/*.exe`
## Linux 交叉编译 Windowsx64
```bash
cd desktop-client
rustup target add x86_64-pc-windows-gnu
npm run tauri build -- --target x86_64-pc-windows-gnu
```
如需生成安装包,请确保系统安装 `mingw-w64``nsis`
## 更新发布接入(与本项目后端配合)
1. 把新安装包上传到服务端下载目录(示例:`frontend/downloads/`)。
2. 在后台设置中更新:
- `desktop_update.latest_version`
- `desktop_update.installer_url`
- `desktop_update.release_notes`
3. 客户端会通过 `GET /api/client/desktop-update` 检查更新并下载新包。
## 常见问题
### Q1改了接口地址但还是连旧地址
确认修改的是 `desktop-client/src/App.vue` 中的 `appConfig.baseUrl`,并重新构建。
### Q2为什么更新接口返回有新版本但客户端不弹更新
检查:
- `latest_version` 是否确实大于客户端当前版本
- `installer_url` 是否可访问
- 客户端能否访问后端 `desktop-update` 接口
### Q3分享/直链重复创建问题
当前后端已支持“同一用户同一路径复用已有链接”。若要生成新链接,请先删除旧链接再创建。

14
desktop-client/index.html Normal file
View File

@@ -0,0 +1,14 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<link rel="icon" type="image/svg+xml" href="/vite.svg" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Tauri + Vue + Typescript App</title>
</head>
<body>
<div id="app"></div>
<script type="module" src="/src/main.ts"></script>
</body>
</html>

1753
desktop-client/package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

25
desktop-client/package.json Normal file
View File

@@ -0,0 +1,25 @@
{
"name": "desktop-client",
"private": true,
"version": "0.1.28",
"type": "module",
"scripts": {
"dev": "vite",
"build": "vue-tsc --noEmit && vite build",
"preview": "vite preview",
"tauri": "tauri"
},
"dependencies": {
"@tauri-apps/api": "^2",
"@tauri-apps/plugin-dialog": "^2.6.0",
"@tauri-apps/plugin-opener": "^2",
"vue": "^3.5.13"
},
"devDependencies": {
"@tauri-apps/cli": "^2",
"@vitejs/plugin-vue": "^5.2.1",
"typescript": "~5.6.2",
"vite": "^6.0.3",
"vue-tsc": "^2.1.10"
}
}

6
desktop-client/public/tauri.svg Normal file
View File

@@ -0,0 +1,6 @@
<svg width="206" height="231" viewBox="0 0 206 231" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M143.143 84C143.143 96.1503 133.293 106 121.143 106C108.992 106 99.1426 96.1503 99.1426 84C99.1426 71.8497 108.992 62 121.143 62C133.293 62 143.143 71.8497 143.143 84Z" fill="#FFC131"/>
<ellipse cx="84.1426" cy="147" rx="22" ry="22" transform="rotate(180 84.1426 147)" fill="#24C8DB"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M166.738 154.548C157.86 160.286 148.023 164.269 137.757 166.341C139.858 160.282 141 153.774 141 147C141 144.543 140.85 142.121 140.558 139.743C144.975 138.204 149.215 136.139 153.183 133.575C162.73 127.404 170.292 118.608 174.961 108.244C179.63 97.8797 181.207 86.3876 179.502 75.1487C177.798 63.9098 172.884 53.4021 165.352 44.8883C157.82 36.3744 147.99 30.2165 137.042 27.1546C126.095 24.0926 114.496 24.2568 103.64 27.6274C92.7839 30.998 83.1319 37.4317 75.8437 46.1553C74.9102 47.2727 74.0206 48.4216 73.176 49.5993C61.9292 50.8488 51.0363 54.0318 40.9629 58.9556C44.2417 48.4586 49.5653 38.6591 56.679 30.1442C67.0505 17.7298 80.7861 8.57426 96.2354 3.77762C111.685 -1.01901 128.19 -1.25267 143.769 3.10474C159.348 7.46215 173.337 16.2252 184.056 28.3411C194.775 40.457 201.767 55.4101 204.193 71.404C206.619 87.3978 204.374 103.752 197.73 118.501C191.086 133.25 180.324 145.767 166.738 154.548ZM41.9631 74.275L62.5557 76.8042C63.0459 72.813 63.9401 68.9018 65.2138 65.1274C57.0465 67.0016 49.2088 70.087 41.9631 74.275Z" fill="#FFC131"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M38.4045 76.4519C47.3493 70.6709 57.2677 66.6712 67.6171 64.6132C65.2774 70.9669 64 77.8343 64 85.0001C64 87.1434 64.1143 89.26 64.3371 91.3442C60.0093 92.8732 55.8533 94.9092 51.9599 97.4256C42.4128 103.596 34.8505 112.392 30.1816 122.756C25.5126 133.12 23.9357 144.612 25.6403 155.851C27.3449 167.09 32.2584 177.598 39.7906 186.112C47.3227 194.626 57.153 200.784 68.1003 203.846C79.0476 206.907 90.6462 206.743 101.502 203.373C112.359 200.002 122.011 193.568 129.299 184.845C130.237 183.722 131.131 182.567 131.979 181.383C143.235 180.114 154.132 176.91 164.205 171.962C160.929 182.49 155.596 192.319 148.464 200.856C138.092 213.27 124.357 222.426 108.907 227.222C93.458 232.019 76.9524 232.253 61.3736 227.895C45.7948 223.538 31.8055 214.775 21.0867 202.659C10.3679 190.543 3.37557 175.59 0.949823 159.596C-1.47592 143.602 0.768139 127.248 7.41237 112.499C14.0566 97.7497 24.8183 85.2327 38.4045 76.4519ZM163.062 156.711L163.062 156.711C162.954 156.773 162.846 156.835 162.738 156.897C162.846 156.835 162.954 156.773 163.062 156.711Z" fill="#24C8DB"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 2.5 KiB

1
desktop-client/public/vite.svg Normal file
View File

@@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="31.88" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 257"><defs><linearGradient id="IconifyId1813088fe1fbc01fb466" x1="-.828%" x2="57.636%" y1="7.652%" y2="78.411%"><stop offset="0%" stop-color="#41D1FF"></stop><stop offset="100%" stop-color="#BD34FE"></stop></linearGradient><linearGradient id="IconifyId1813088fe1fbc01fb467" x1="43.376%" x2="50.316%" y1="2.242%" y2="89.03%"><stop offset="0%" stop-color="#FFEA83"></stop><stop offset="8.333%" stop-color="#FFDD35"></stop><stop offset="100%" stop-color="#FFA800"></stop></linearGradient></defs><path fill="url(#IconifyId1813088fe1fbc01fb466)" d="M255.153 37.938L134.897 252.976c-2.483 4.44-8.862 4.466-11.382.048L.875 37.958c-2.746-4.814 1.371-10.646 6.827-9.67l120.385 21.517a6.537 6.537 0 0 0 2.322-.004l117.867-21.483c5.438-.991 9.574 4.796 6.877 9.62Z"></path><path fill="url(#IconifyId1813088fe1fbc01fb467)" d="M185.432.063L96.44 17.501a3.268 3.268 0 0 0-2.634 3.014l-5.474 92.456a3.268 3.268 0 0 0 3.997 3.378l24.777-5.718c2.318-.535 4.413 1.507 3.936 3.838l-7.361 36.047c-.495 2.426 1.782 4.5 4.151 3.78l15.304-4.649c2.372-.72 4.652 1.36 4.15 3.788l-11.698 56.621c-.732 3.542 3.979 5.473 5.943 2.437l1.313-2.028l72.516-144.72c1.215-2.423-.88-5.186-3.54-4.672l-25.505 4.922c-2.396.462-4.435-1.77-3.759-4.114l16.646-57.705c.677-2.35-1.37-4.583-3.769-4.113Z"></path></svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.5 KiB

7
desktop-client/src-tauri/.gitignore vendored Normal file
View File

@@ -0,0 +1,7 @@
# Generated by Cargo
# will have compiled files and executables
/target/
# Generated by Tauri
# will have schema files for capabilities auto-completion
/gen/schemas

5843
desktop-client/src-tauri/Cargo.lock generated Normal file
View File

File diff suppressed because it is too large Load Diff

34
desktop-client/src-tauri/Cargo.toml Normal file
View File

@@ -0,0 +1,34 @@
[package]
name = "desktop-client"
version = "0.1.28"
description = "A Tauri App"
authors = ["you"]
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[lib]
# The `_lib` suffix may seem redundant but it is necessary
# to make the lib name unique and wouldn't conflict with the bin name.
# This seems to be only an issue on Windows, see https://github.com/rust-lang/cargo/issues/8519
name = "desktop_client_lib"
crate-type = ["staticlib", "cdylib", "rlib"]
[build-dependencies]
tauri-build = { version = "2", features = [] }
[dependencies]
tauri = { version = "2", features = [] }
tauri-plugin-opener = "2"
tauri-plugin-dialog = "2"
serde = { version = "1", features = ["derive"] }
serde_json = "1"
sha2 = "0.10"
tokio = { version = "1", features = ["time"] }
reqwest = { version = "0.12", default-features = false, features = ["json", "cookies", "multipart", "stream", "rustls-tls"] }
urlencoding = "2.1"
walkdir = "2.5"
rusqlite = { version = "0.31", features = ["bundled"] }
[target.'cfg(target_os = "windows")'.dependencies]
windows-sys = { version = "0.59", features = ["Win32_Foundation", "Win32_Security_Cryptography"] }

3
desktop-client/src-tauri/build.rs Normal file
View File

@@ -0,0 +1,3 @@
fn main() {
tauri_build::build()
}

11
desktop-client/src-tauri/capabilities/default.json Normal file
View File

@@ -0,0 +1,11 @@
{
"$schema": "../gen/schemas/desktop-schema.json",
"identifier": "default",
"description": "Capability for the main window",
"windows": ["main"],
"permissions": [
"core:default",
"opener:default",
"dialog:default"
]
}

BIN
desktop-client/src-tauri/icons/128x128.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
desktop-client/src-tauri/icons/128x128@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 43 KiB

BIN
desktop-client/src-tauri/icons/32x32.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.5 KiB

BIN
desktop-client/src-tauri/icons/64x64.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.1 KiB

BIN
desktop-client/src-tauri/icons/Square107x107Logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
desktop-client/src-tauri/icons/Square142x142Logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

BIN
desktop-client/src-tauri/icons/Square150x150Logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

BIN
desktop-client/src-tauri/icons/Square284x284Logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 49 KiB

BIN
desktop-client/src-tauri/icons/Square30x30Logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.2 KiB

BIN
desktop-client/src-tauri/icons/Square310x310Logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
desktop-client/src-tauri/icons/Square44x44Logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.0 KiB

BIN
desktop-client/src-tauri/icons/Square71x71Logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.3 KiB

BIN
desktop-client/src-tauri/icons/Square89x89Logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
desktop-client/src-tauri/icons/StoreLogo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.0 KiB

5
desktop-client/src-tauri/icons/android/mipmap-anydpi-v26/ic_launcher.xml Normal file
View File

@@ -0,0 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">
<foreground android:drawable="@mipmap/ic_launcher_foreground"/>
<background android:drawable="@color/ic_launcher_background"/>
</adaptive-icon>

BIN
desktop-client/src-tauri/icons/android/mipmap-hdpi/ic_launcher.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.4 KiB

BIN
desktop-client/src-tauri/icons/android/mipmap-hdpi/ic_launcher_foreground.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
desktop-client/src-tauri/icons/android/mipmap-hdpi/ic_launcher_round.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.6 KiB

BIN
desktop-client/src-tauri/icons/android/mipmap-mdpi/ic_launcher.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.2 KiB

BIN
desktop-client/src-tauri/icons/android/mipmap-mdpi/ic_launcher_foreground.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
desktop-client/src-tauri/icons/android/mipmap-mdpi/ic_launcher_round.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.4 KiB

BIN
desktop-client/src-tauri/icons/android/mipmap-xhdpi/ic_launcher.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
desktop-client/src-tauri/icons/android/mipmap-xhdpi/ic_launcher_foreground.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 36 KiB

BIN
desktop-client/src-tauri/icons/android/mipmap-xhdpi/ic_launcher_round.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
desktop-client/src-tauri/icons/android/mipmap-xxhdpi/ic_launcher.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

BIN
desktop-client/src-tauri/icons/android/mipmap-xxhdpi/ic_launcher_foreground.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 57 KiB

BIN
desktop-client/src-tauri/icons/android/mipmap-xxhdpi/ic_launcher_round.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
desktop-client/src-tauri/icons/android/mipmap-xxxhdpi/ic_launcher.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 31 KiB

BIN
desktop-client/src-tauri/icons/android/mipmap-xxxhdpi/ic_launcher_foreground.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 79 KiB

BIN
desktop-client/src-tauri/icons/android/mipmap-xxxhdpi/ic_launcher_round.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 35 KiB

4
desktop-client/src-tauri/icons/android/values/ic_launcher_background.xml Normal file
View File

@@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<color name="ic_launcher_background">#fff</color>
</resources>

BIN
desktop-client/src-tauri/icons/icon.icns Normal file
View File

Binary file not shown.

BIN
desktop-client/src-tauri/icons/icon.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 60 KiB

BIN
desktop-client/src-tauri/icons/icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 92 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-20x20@1x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.0 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-20x20@2x-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.0 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-20x20@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.0 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-20x20@3x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.6 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-29x29@1x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.9 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-29x29@2x-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.4 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-29x29@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.4 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-29x29@3x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.7 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-40x40@1x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.0 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-40x40@2x-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.5 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-40x40@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.5 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-40x40@3x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-512@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 59 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-60x60@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-60x60@3x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-76x76@1x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.9 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-76x76@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

BIN
desktop-client/src-tauri/icons/ios/AppIcon-83.5x83.5@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

BIN
desktop-client/src-tauri/icons/wanwan-dog-source.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 83 KiB

2091
desktop-client/src-tauri/src/lib.rs Normal file
View File

File diff suppressed because it is too large Load Diff

6
desktop-client/src-tauri/src/main.rs Normal file
View File

@@ -0,0 +1,6 @@
// Prevents additional console window on Windows in release, DO NOT REMOVE!!
#![cfg_attr(not(debug_assertions), windows_subsystem = "windows")]
fn main() {
desktop_client_lib::run()
}

37
desktop-client/src-tauri/tauri.conf.json Normal file
View File

@@ -0,0 +1,37 @@
{
"$schema": "https://schema.tauri.app/config/2",
"productName": "玩玩云",
"version": "0.1.28",
"identifier": "cn.workyai.wanwancloud.desktop",
"build": {
"beforeDevCommand": "npm run dev",
"devUrl": "http://localhost:1420",
"beforeBuildCommand": "npm run build",
"frontendDist": "../dist"
},
"app": {
"windows": [
{
"title": "玩玩云",
"width": 1360,
"height": 860,
"minWidth": 1120,
"minHeight": 720
}
],
"security": {
"csp": null
}
},
"bundle": {
"active": true,
"targets": "all",
"icon": [
"icons/32x32.png",
"icons/128x128.png",
"icons/128x128@2x.png",
"icons/icon.icns",
"icons/icon.ico"
]
}
}

4682
desktop-client/src/App.vue Normal file
View File

File diff suppressed because it is too large Load Diff

1
desktop-client/src/assets/vue.svg Normal file
View File

@@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="37.07" height="36" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 198"><path fill="#41B883" d="M204.8 0H256L128 220.8L0 0h97.92L128 51.2L157.44 0h47.36Z"></path><path fill="#41B883" d="m0 0l128 220.8L256 0h-51.2L128 132.48L50.56 0H0Z"></path><path fill="#35495E" d="M50.56 0L128 133.12L204.8 0h-47.36L128 51.2L97.92 0H50.56Z"></path></svg>
Side by Side

After

Width:  |  Height:  |  Size: 496 B

4
desktop-client/src/main.ts Normal file
View File

@@ -0,0 +1,4 @@
import { createApp } from "vue";
import App from "./App.vue";
createApp(App).mount("#app");

7
desktop-client/src/vite-env.d.ts vendored Normal file
View File

@@ -0,0 +1,7 @@
/// <reference types="vite/client" />
declare module "*.vue" {
import type { DefineComponent } from "vue";
const component: DefineComponent<{}, {}, any>;
export default component;
}

25
desktop-client/tsconfig.json Normal file
View File

@@ -0,0 +1,25 @@
{
"compilerOptions": {
"target": "ES2020",
"useDefineForClassFields": true,
"module": "ESNext",
"lib": ["ES2020", "DOM", "DOM.Iterable"],
"skipLibCheck": true,
/* Bundler mode */
"moduleResolution": "bundler",
"allowImportingTsExtensions": true,
"resolveJsonModule": true,
"isolatedModules": true,
"noEmit": true,
"jsx": "preserve",
/* Linting */
"strict": true,
"noUnusedLocals": true,
"noUnusedParameters": true,
"noFallthroughCasesInSwitch": true
},
"include": ["src/**/*.ts", "src/**/*.d.ts", "src/**/*.tsx", "src/**/*.vue"],
"references": [{ "path": "./tsconfig.node.json" }]
}

10
desktop-client/tsconfig.node.json Normal file
View File

@@ -0,0 +1,10 @@
{
"compilerOptions": {
"composite": true,
"skipLibCheck": true,
"module": "ESNext",
"moduleResolution": "bundler",
"allowSyntheticDefaultImports": true
},
"include": ["vite.config.ts"]
}

32
desktop-client/vite.config.ts Normal file
View File

@@ -0,0 +1,32 @@
import { defineConfig } from "vite";
import vue from "@vitejs/plugin-vue";
// @ts-expect-error process is a nodejs global
const host = process.env.TAURI_DEV_HOST;
// https://vite.dev/config/
export default defineConfig(async () => ({
plugins: [vue()],
// Vite options tailored for Tauri development and only applied in `tauri dev` or `tauri build`
//
// 1. prevent Vite from obscuring rust errors
clearScreen: false,
// 2. tauri expects a fixed port, fail if that port is not available
server: {
port: 1420,
strictPort: true,
host: host || false,
hmr: host
? {
protocol: "ws",
host,
port: 1421,
}
: undefined,
watch: {
// 3. tell Vite to ignore watching `src-tauri`
ignored: ["**/src-tauri/**"],
},
},
}));

2059
frontend/app.html
View File

File diff suppressed because it is too large Load Diff

1753
frontend/app.js
View File

File diff suppressed because it is too large Load Diff

2
frontend/index.html
View File

@@ -16,7 +16,7 @@
})(); })();
</script> </script>
<link rel="stylesheet" href="libs/fontawesome/css/all.min.css"> <link rel="stylesheet" href="libs/fontawesome/css/all.min.css">
<link rel="stylesheet" href="landing.css?v=20260212006"> <link rel="stylesheet" href="landing.css?v=20260212008">
</head> </head>
<body> <body>
<div class="page"> <div class="page">

294
frontend/landing.css
View File

@@ -4,6 +4,17 @@
box-sizing: border-box; box-sizing: border-box;
} }
html, body {
overflow-x: hidden;
}
img,
video,
svg {
max-width: 100%;
height: auto;
}
:root { :root {
--bg-page: #f4f7fb; --bg-page: #f4f7fb;
--bg-card: #ffffff; --bg-card: #ffffff;
@@ -317,6 +328,12 @@ body.theme-dark .hero-tag {
.slide-row strong { .slide-row strong {
color: var(--text-main); color: var(--text-main);
font-weight: 700; font-weight: 700;
min-width: 0;
max-width: 65%;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
text-align: right;
} }
.slide-progress { .slide-progress {
@@ -641,6 +658,57 @@ body.theme-dark .cta-panel {
flex-wrap: wrap; flex-wrap: wrap;
} }
@media (min-width: 1920px) {
:root {
--max-width: 1480px;
}
body {
font-size: 16px;
}
.hero {
padding: 32px;
gap: 28px;
}
.hero-title {
font-size: clamp(38px, 3vw, 56px);
}
.section,
.page-banner {
padding: 24px;
}
.carousel {
min-height: 400px;
}
}
@media (min-width: 2560px) {
:root {
--max-width: 1760px;
}
body {
font-size: 17px;
}
.hero {
padding: 36px;
}
.carousel {
min-height: 430px;
}
.section,
.page-banner {
padding: 28px;
}
}
@media (max-width: 1060px) { @media (max-width: 1060px) {
.hero { .hero {
grid-template-columns: 1fr; grid-template-columns: 1fr;
@@ -713,6 +781,232 @@ body.theme-dark .cta-panel {
} }
} }
/* ===== True Large-Screen Proportional Scaling ===== */
@media (min-width: 1920px) {
:root {
--max-width: 1800px;
}
body {
font-size: 17px;
}
.container {
width: min(var(--max-width), calc(100% - 72px));
}
.site-header-inner {
min-height: 82px;
}
.brand {
font-size: 28px;
}
.top-nav {
font-size: 16px;
gap: 22px;
}
.btn {
font-size: 16px;
padding: 11px 18px;
}
.main {
padding: 42px 0 58px;
}
.hero {
min-height: 62vh;
padding: 38px;
gap: 34px;
align-items: stretch;
}
.hero-title {
font-size: clamp(50px, 3.6vw, 72px);
margin-bottom: 18px;
}
.hero-desc {
font-size: 18px;
max-width: 760px;
margin-bottom: 22px;
}
.hero-points {
font-size: 15px;
gap: 10px;
}
.carousel {
min-height: clamp(520px, 58vh, 820px);
}
.carousel-slide {
padding: 26px;
}
.slide-title {
font-size: 24px;
}
.slide-row {
font-size: 15px;
}
.section,
.page-banner {
padding: 28px;
}
.section-title {
font-size: 24px;
margin-bottom: 16px;
}
.feature-card,
.scene,
.matrix-card,
.step-item,
.kpi-card {
padding: 18px;
}
.feature-name,
.scene h3,
.matrix-card h3,
.step-content h3 {
font-size: 18px;
}
.feature-desc,
.scene p,
.matrix-card p,
.step-content p {
font-size: 15px;
}
.kpi-value {
font-size: 26px;
}
.footer {
font-size: 13px;
padding: 18px 0;
}
}
@media (min-width: 2560px) {
:root {
--max-width: 2200px;
}
body {
font-size: 19px;
}
.container {
width: min(var(--max-width), calc(100% - 96px));
}
.site-header-inner {
min-height: 94px;
}
.brand {
font-size: 32px;
}
.top-nav {
font-size: 18px;
gap: 26px;
}
.btn {
font-size: 18px;
padding: 12px 22px;
}
.main {
padding: 52px 0 72px;
}
.hero {
min-height: 66vh;
padding: 46px;
gap: 42px;
}
.hero-title {
font-size: clamp(64px, 3.6vw, 92px);
}
.hero-desc {
font-size: 21px;
max-width: 920px;
}
.hero-points {
font-size: 17px;
gap: 12px;
}
.carousel {
min-height: clamp(640px, 60vh, 960px);
}
.carousel-slide {
padding: 30px;
}
.slide-title {
font-size: 30px;
}
.slide-tag {
font-size: 14px;
}
.slide-row {
font-size: 18px;
}
.section,
.page-banner {
padding: 34px;
}
.section-title {
font-size: 30px;
}
.feature-name,
.scene h3,
.matrix-card h3,
.step-content h3 {
font-size: 22px;
}
.feature-desc,
.scene p,
.matrix-card p,
.step-content p {
font-size: 17px;
}
.kpi-value {
font-size: 34px;
}
.footer {
font-size: 15px;
padding: 22px 0;
}
}
@media (max-width: 480px) { @media (max-width: 480px) {
.brand { .brand {
font-size: 19px; font-size: 19px;

2
frontend/product.html
View File

@@ -5,7 +5,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>产品能力 - 玩玩云</title> <title>产品能力 - 玩玩云</title>
<link rel="stylesheet" href="libs/fontawesome/css/all.min.css"> <link rel="stylesheet" href="libs/fontawesome/css/all.min.css">
<link rel="stylesheet" href="landing.css?v=20260212006"> <link rel="stylesheet" href="landing.css?v=20260212008">
</head> </head>
<body> <body>
<div class="page"> <div class="page">

2
frontend/scenes.html
View File

@@ -5,7 +5,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>应用场景 - 玩玩云</title> <title>应用场景 - 玩玩云</title>
<link rel="stylesheet" href="libs/fontawesome/css/all.min.css"> <link rel="stylesheet" href="libs/fontawesome/css/all.min.css">
<link rel="stylesheet" href="landing.css?v=20260212006"> <link rel="stylesheet" href="landing.css?v=20260212008">
</head> </head>
<body> <body>
<div class="page"> <div class="page">

143
frontend/share.html
View File

@@ -791,6 +791,11 @@
color: #991b1b; color: #991b1b;
} }
body.enterprise-netdisk-share .download-alert {
margin-bottom: 12px;
animation: fadeInOut 0.2s ease;
}
body.enterprise-netdisk-share .view-controls { body.enterprise-netdisk-share .view-controls {
display: flex; display: flex;
gap: 8px; gap: 8px;
@@ -970,6 +975,17 @@
padding: 16px; padding: 16px;
} }
} }
@keyframes fadeInOut {
from {
opacity: 0;
transform: translateY(-4px);
}
to {
opacity: 1;
transform: translateY(0);
}
}
</style> </style>
</head> </head>
<body class="enterprise-netdisk-share"> <body class="enterprise-netdisk-share">
@@ -1016,6 +1032,7 @@
<!-- 文件列表 --> <!-- 文件列表 -->
<div v-else-if="verified"> <div v-else-if="verified">
<div v-if="downloadAlertMessage" class="alert alert-error download-alert">{{ downloadAlertMessage }}</div>
<p class="share-meta-bar"> <p class="share-meta-bar">
分享者: <strong style="color: var(--text-primary);">{{ shareInfo.username }}</strong> | 分享者: <strong style="color: var(--text-primary);">{{ shareInfo.username }}</strong> |
创建时间: {{ formatDate(shareInfo.created_at) }} 创建时间: {{ formatDate(shareInfo.created_at) }}
@@ -1111,6 +1128,8 @@
files: [], files: [],
loading: true, loading: true,
errorMessage: '', errorMessage: '',
downloadAlertMessage: '',
downloadAlertTimer: null,
viewMode: "grid", // 视图模式: grid 大图标, list 列表(默认大图标) viewMode: "grid", // 视图模式: grid 大图标, list 列表(默认大图标)
// 主题 // 主题
currentTheme: 'dark', currentTheme: 'dark',
@@ -1176,6 +1195,7 @@
async verifyShare() { async verifyShare() {
this.errorMessage = ''; this.errorMessage = '';
this.downloadAlertMessage = '';
this.loading = true; this.loading = true;
try { try {
@@ -1288,10 +1308,28 @@
} }
} catch (error) { } catch (error) {
console.error('[分享下载] 获取下载链接失败:', error); console.error('[分享下载] 获取下载链接失败:', error);
this.errorMessage = '获取下载链接失败: ' + (error.response?.data?.message || error.message); const message = error.response?.data?.message || '当前网络繁忙,请稍后再试';
this.showDownloadAlert(message);
} }
}, },
showDownloadAlert(message) {
const safeMessage = typeof message === 'string' && message.trim()
? message.trim()
: '当前网络繁忙,请稍后再试';
this.downloadAlertMessage = safeMessage;
if (this.downloadAlertTimer) {
clearTimeout(this.downloadAlertTimer);
this.downloadAlertTimer = null;
}
this.downloadAlertTimer = setTimeout(() => {
this.downloadAlertMessage = '';
this.downloadAlertTimer = null;
}, 3000);
},
// 触发下载使用隐藏的a标签避免页面闪动 // 触发下载使用隐藏的a标签避免页面闪动
triggerDownload(url, filename) { triggerDownload(url, filename) {
const link = document.createElement('a'); const link = document.createElement('a');
@@ -1331,17 +1369,36 @@
return 'color: #9E9E9E;'; return 'color: #9E9E9E;';
}, },
formatDate(dateString) { parseDateValue(value) {
if (!dateString) return ''; if (!value) return null;
if (value instanceof Date) {
// SQLite 返回的是 UTC 时间字符串,需要显式处理 return Number.isNaN(value.getTime()) ? null : value;
let dateStr = dateString;
if (!dateStr.includes('Z') && !dateStr.includes('+') && !dateStr.includes('T')) {
// SQLite 格式: "2025-11-13 16:37:19" -> ISO格式: "2025-11-13T16:37:19Z"
dateStr = dateStr.replace(' ', 'T') + 'Z';
} }
const date = new Date(dateStr); const raw = String(value).trim();
if (!raw) return null;
const localMatch = raw.match(/^(\d{4})-(\d{2})-(\d{2})(?:[ T](\d{2}):(\d{2})(?::(\d{2}))?)?$/);
if (localMatch) {
const year = Number(localMatch[1]);
const month = Number(localMatch[2]);
const day = Number(localMatch[3]);
const hour = Number(localMatch[4] || 0);
const minute = Number(localMatch[5] || 0);
const second = Number(localMatch[6] || 0);
const localDate = new Date(year, month - 1, day, hour, minute, second);
return Number.isNaN(localDate.getTime()) ? null : localDate;
}
const normalized = raw.includes('T') ? raw : raw.replace(' ', 'T');
const parsed = new Date(normalized);
return Number.isNaN(parsed.getTime()) ? null : parsed;
},
formatDate(dateString) {
if (!dateString) return '';
const date = this.parseDateValue(dateString);
if (!date) return String(dateString);
return date.toLocaleString('zh-CN', { return date.toLocaleString('zh-CN', {
year: 'numeric', year: 'numeric',
month: '2-digit', month: '2-digit',
@@ -1357,7 +1414,8 @@
formatExpireTime(expiresAt) { formatExpireTime(expiresAt) {
if (!expiresAt) return '永久有效'; if (!expiresAt) return '永久有效';
const expireDate = new Date(expiresAt); const expireDate = this.parseDateValue(expiresAt);
if (!expireDate) return String(expiresAt);
const now = new Date(); const now = new Date();
const diffMs = expireDate - now; const diffMs = expireDate - now;
const diffMinutes = Math.floor(diffMs / (1000 * 60)); const diffMinutes = Math.floor(diffMs / (1000 * 60));
@@ -1391,7 +1449,8 @@
// 判断是否即将过期3天内 // 判断是否即将过期3天内
isExpiringSoon(expiresAt) { isExpiringSoon(expiresAt) {
if (!expiresAt) return false; if (!expiresAt) return false;
const expireDate = new Date(expiresAt); const expireDate = this.parseDateValue(expiresAt);
if (!expireDate) return false;
const now = new Date(); const now = new Date();
const diffMs = expireDate - now; const diffMs = expireDate - now;
const diffDays = diffMs / (1000 * 60 * 60 * 24); const diffDays = diffMs / (1000 * 60 * 60 * 24);
@@ -1401,7 +1460,8 @@
// 判断是否已过期 // 判断是否已过期
isExpired(expiresAt) { isExpired(expiresAt) {
if (!expiresAt) return false; if (!expiresAt) return false;
const expireDate = new Date(expiresAt); const expireDate = this.parseDateValue(expiresAt);
if (!expireDate) return false;
const now = new Date(); const now = new Date();
return expireDate <= now; return expireDate <= now;
} }
@@ -1430,6 +1490,13 @@
} }
this.init(); this.init();
},
beforeUnmount() {
if (this.downloadAlertTimer) {
clearTimeout(this.downloadAlertTimer);
this.downloadAlertTimer = null;
}
} }
}).mount('#app'); }).mount('#app');
</script> </script>
@@ -1449,57 +1516,17 @@
// 禁用F12和常见开发者工具快捷键调试模式下不禁用 // 禁用F12和常见开发者工具快捷键调试模式下不禁用
if (!isDebugMode) { if (!isDebugMode) {
document.addEventListener('keydown', function(e) { document.addEventListener('keydown', function(e) {
// F12 const key = String(e.key || '').toLowerCase();
if (e.key === 'F12' || e.keyCode === 123) { const blocked = e.keyCode === 123
e.preventDefault(); || (e.ctrlKey && e.shiftKey && ['i', 'j', 'c'].includes(key))
return false; || (e.ctrlKey && key === 'u');
} if (blocked) {
// Ctrl+Shift+I (开发者工具)
if (e.ctrlKey && e.shiftKey && (e.key === 'I' || e.keyCode === 73)) {
e.preventDefault();
return false;
}
// Ctrl+Shift+J (控制台)
if (e.ctrlKey && e.shiftKey && (e.key === 'J' || e.keyCode === 74)) {
e.preventDefault();
return false;
}
// Ctrl+U (查看源代码)
if (e.ctrlKey && (e.key === 'U' || e.keyCode === 85)) {
e.preventDefault();
return false;
}
// Ctrl+Shift+C (元素选择器)
if (e.ctrlKey && e.shiftKey && (e.key === 'C' || e.keyCode === 67)) {
e.preventDefault(); e.preventDefault();
return false; return false;
} }
}); });
} }
// 检测开发者工具是否打开(调试模式下不检测)
if (!isDebugMode) {
(function() {
const threshold = 160;
let isDevToolsOpen = false;
setInterval(function() {
const widthThreshold = window.outerWidth - window.innerWidth > threshold;
const heightThreshold = window.outerHeight - window.innerHeight > threshold;
if (!(heightThreshold && widthThreshold) &&
((window.Firebug && window.Firebug.chrome && window.Firebug.chrome.isInitialized) || widthThreshold || heightThreshold)) {
if (!isDevToolsOpen) {
isDevToolsOpen = true;
console.clear();
}
} else {
isDevToolsOpen = false;
}
}, 500);
})();
}
// 禁用console输出调试模式下不禁用 // 禁用console输出调试模式下不禁用
if (!isDebugMode && window.location.hostname !== 'localhost' && window.location.hostname !== '127.0.0.1') { if (!isDebugMode && window.location.hostname !== 'localhost' && window.location.hostname !== '127.0.0.1') {
console.log = function() {}; console.log = function() {};

2
frontend/start.html
View File

@@ -5,7 +5,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>快速开始 - 玩玩云</title> <title>快速开始 - 玩玩云</title>
<link rel="stylesheet" href="libs/fontawesome/css/all.min.css"> <link rel="stylesheet" href="libs/fontawesome/css/all.min.css">
<link rel="stylesheet" href="landing.css?v=20260212006"> <link rel="stylesheet" href="landing.css?v=20260212008">
</head> </head>
<body> <body>
<div class="page"> <div class="page">