feat: 添加安全模块 + Dockerfile添加curl支持健康检查

主要更新: - 新增 security/ 安全模块 (风险评估、威胁检测、蜜罐等) - Dockerfile 添加 curl 以支持 Docker 健康检查 - 前端页面更新 (管理后台、用户端) - 数据库迁移和 schema 更新 - 新增 kdocs 上传服务 - 添加安全相关测试用例 Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-08 17:48:33 +08:00
parent e3b0c35da6
commit 53c78e8e3c
76 changed files with 8563 additions and 4709 deletions
--- a/routes/api_user.py
+++ b/routes/api_user.py
@@ -35,6 +35,7 @@ def get_active_announcement():
                "id": announcement.get("id"),
                "title": announcement.get("title", ""),
                "content": announcement.get("content", ""),
+                "image_url": announcement.get("image_url") or "",
                "created_at": announcement.get("created_at"),
            }
        }
@@ -147,6 +148,50 @@ def get_user_email():
    return jsonify({"email": user.get("email", ""), "email_verified": user.get("email_verified", False)})


+@api_user_bp.route("/api/user/kdocs", methods=["GET"])
+@login_required
+def get_user_kdocs_settings():
+    """获取当前用户的金山文档设置"""
+    settings = database.get_user_kdocs_settings(current_user.id)
+    if not settings:
+        return jsonify({"kdocs_unit": "", "kdocs_auto_upload": 0})
+    return jsonify(settings)
+
+
+@api_user_bp.route("/api/user/kdocs", methods=["POST"])
+@login_required
+def update_user_kdocs_settings():
+    """更新当前用户的金山文档设置"""
+    data = request.get_json() or {}
+    kdocs_unit = data.get("kdocs_unit")
+    kdocs_auto_upload = data.get("kdocs_auto_upload")
+
+    if kdocs_unit is not None:
+        kdocs_unit = str(kdocs_unit or "").strip()
+        if len(kdocs_unit) > 50:
+            return jsonify({"error": "县区长度不能超过50"}), 400
+
+    if kdocs_auto_upload is not None:
+        if isinstance(kdocs_auto_upload, bool):
+            kdocs_auto_upload = 1 if kdocs_auto_upload else 0
+        try:
+            kdocs_auto_upload = int(kdocs_auto_upload)
+        except Exception:
+            return jsonify({"error": "自动上传开关必须是0或1"}), 400
+        if kdocs_auto_upload not in (0, 1):
+            return jsonify({"error": "自动上传开关必须是0或1"}), 400
+
+    if not database.update_user_kdocs_settings(
+        current_user.id,
+        kdocs_unit=kdocs_unit,
+        kdocs_auto_upload=kdocs_auto_upload,
+    ):
+        return jsonify({"error": "更新失败"}), 400
+
+    settings = database.get_user_kdocs_settings(current_user.id) or {"kdocs_unit": "", "kdocs_auto_upload": 0}
+    return jsonify({"success": True, "settings": settings})
+
+
@api_user_bp.route("/api/user/bind-email", methods=["POST"])
@login_required
@require_ip_not_locked
@@ -303,3 +348,37 @@ def get_run_stats():
            "today_attachments": stats.get("total_attachments", 0),
        }
    )
+
+
+@api_user_bp.route("/api/kdocs/status", methods=["GET"])
+@login_required
+def get_kdocs_status_for_user():
+    """获取金山文档在线状态（用户端简化版）"""
+    try:
+        # 检查系统是否启用了金山文档功能
+        cfg = database.get_system_config() or {}
+        kdocs_enabled = int(cfg.get("kdocs_enabled") or 0)
+
+        if not kdocs_enabled:
+            return jsonify({"enabled": False, "online": False, "message": "未启用"})
+
+        # 获取金山文档状态
+        from services.kdocs_uploader import get_kdocs_uploader
+
+        kdocs = get_kdocs_uploader()
+        status = kdocs.get_status()
+
+        login_required_flag = status.get("login_required", False)
+        last_login_ok = status.get("last_login_ok")
+
+        # 判断是否在线
+        is_online = not login_required_flag and last_login_ok is True
+
+        return jsonify({
+            "enabled": True,
+            "online": is_online,
+            "message": "就绪" if is_online else "离线"
+        })
+    except Exception as e:
+        logger.error(f"获取金山文档状态失败: {e}")
+        return jsonify({"enabled": False, "online": False, "message": "获取失败"})