const express = require('express'); const { auth } = require('../middleware/auth'); const { validateQuery, validate } = require('../middleware/validation'); const { logger } = require('../config/logger'); const { HTTP_STATUS } = require('../config/constants'); const { getDB } = require('../database'); const Joi = require('joi'); const router = express.Router(); /** * 系统设置验证规则 */ const systemSchemas = { // 更新系统设置 updateSettings: Joi.object({ basic: Joi.object({ siteName: Joi.string().max(100).allow(''), siteDescription: Joi.string().max(500).allow(''), siteKeywords: Joi.string().max(200).allow(''), siteLogo: Joi.string().allow(''), siteFavicon: Joi.string().allow(''), icp: Joi.string().max(100).allow('') }).optional(), features: Joi.object({ allowRegister: Joi.boolean(), allowTransfer: Joi.boolean(), allowExchange: Joi.boolean(), allowReview: Joi.boolean(), allowComment: Joi.boolean() }).optional(), security: Joi.object({ maxLoginAttempts: Joi.number().integer().min(1).max(100), lockoutDuration: Joi.number().integer().min(1).max(86400), ipWhitelist: Joi.string().allow('') }).optional() }) }; /** * 获取系统设置 (公开接口,不需要认证) * GET /api/system/settings */ router.get('/settings', async (req, res, next) => { try { const db = getDB(); // 获取系统设置 const [settings] = await db.execute( 'SELECT setting_key, setting_value FROM system_settings' ); // 组织设置数据 const settingsData = { basic: { siteName: '', siteDescription: '', siteKeywords: '', siteLogo: '', siteFavicon: '', icp: '' }, features: { allowRegister: true, allowTransfer: true, allowExchange: true, allowReview: true, allowComment: true }, security: { maxLoginAttempts: 5, lockoutDuration: 300, ipWhitelist: '' } }; // 填充数据库中的设置 settings.forEach(setting => { const keys = setting.setting_key.split('.'); if (keys.length === 2 && settingsData[keys[0]]) { try { // 尝试解析JSON值,如果失败则使用原始值 settingsData[keys[0]][keys[1]] = JSON.parse(setting.setting_value); } catch { settingsData[keys[0]][keys[1]] = setting.setting_value; } } }); logger.info('System settings retrieved', { settingsCount: settings.length }); res.json({ success: true, data: settingsData }); } catch (error) { next(error); } }); /** * 更新系统设置 * PUT /api/system/settings */ router.put('/settings', auth, validate(systemSchemas.updateSettings), async (req, res, next) => { try { // 检查管理员权限 if (req.user.role !== 'admin') { return res.status(HTTP_STATUS.FORBIDDEN).json({ success: false, message: '权限不足' }); } const db = getDB(); const settings = req.body; // 开始事务 await db.beginTransaction(); try { // 更新设置 for (const [category, categorySettings] of Object.entries(settings)) { for (const [key, value] of Object.entries(categorySettings)) { const settingKey = `${category}.${key}`; const settingValue = JSON.stringify(value); await db.execute( `INSERT INTO system_settings (setting_key, setting_value, updated_at) VALUES (?, ?, NOW()) ON DUPLICATE KEY UPDATE setting_value = VALUES(setting_value), updated_at = VALUES(updated_at)`, [settingKey, settingValue] ); } } await db.commit(); logger.info('System settings updated', { userId: req.user.id, categories: Object.keys(settings) }); res.json({ success: true, message: '系统设置更新成功' }); } catch (error) { await db.rollback(); throw error; } } catch (error) { next(error); } } ); /** * 获取系统信息 * GET /api/system/info */ router.get('/info', auth, async (req, res, next) => { try { // 检查管理员权限 if (req.user.role !== 'admin') { return res.status(HTTP_STATUS.FORBIDDEN).json({ success: false, message: '权限不足' }); } const systemInfo = { version: '1.0.0', nodeVersion: process.version, platform: process.platform, uptime: process.uptime(), memoryUsage: process.memoryUsage(), timestamp: new Date().toISOString() }; res.json({ success: true, data: systemInfo }); } catch (error) { next(error); } }); /** * 获取维护模式状态(公开接口) * GET /api/system/maintenance-status */ router.get('/maintenance-status', async (req, res, next) => { try { const db = getDB(); // 从系统设置表获取维护模式状态 const [rows] = await db.execute( 'SELECT setting_value FROM system_settings WHERE setting_key = ?', ['maintenance_mode'] ); const maintenanceMode = rows.length > 0 ? rows[0].setting_value === 'true' : false; res.json({ success: true, data: { maintenance_mode: maintenanceMode } }); } catch (error) { console.error('获取维护模式状态失败:', error); next(error); } }); /** * 获取维护模式状态(管理员接口) * GET /api/system/admin/maintenance-status */ router.get('/admin/maintenance-status', auth, async (req, res, next) => { try { // 检查管理员权限 if (req.user.role !== 'admin') { return res.status(403).json({ success: false, error: { code: 'FORBIDDEN', message: '权限不足' } }); } const db = getDB(); // 从系统设置表获取维护模式状态 const [rows] = await db.execute( 'SELECT setting_value FROM system_settings WHERE setting_key = ?', ['maintenance_mode'] ); const maintenanceMode = rows.length > 0 ? rows[0].setting_value === 'true' : false; res.json({ success: true, data: { maintenance_mode: maintenanceMode } }); } catch (error) { console.error('获取维护模式状态失败:', error); next(error); } }); /** * 切换维护模式 * POST /api/system/toggle-maintenance */ router.post('/toggle-maintenance', auth, async (req, res, next) => { try { // 检查管理员权限 if (req.user.role !== 'admin') { return res.status(403).json({ success: false, error: { code: 'FORBIDDEN', message: '权限不足' } }); } const { maintenance_mode } = req.body; const db = getDB(); // 更新或插入维护模式设置 await db.execute( `INSERT INTO system_settings (setting_key, setting_value, updated_at) VALUES ('maintenance_mode', ?, NOW()) ON DUPLICATE KEY UPDATE setting_value = VALUES(setting_value), updated_at = NOW()`, [maintenance_mode ? 'true' : 'false'] ); logger.info('Maintenance mode toggled', { userId: req.user.id, username: req.user.username, maintenanceMode: maintenance_mode }); res.json({ success: true, data: { maintenance_mode: maintenance_mode }, message: maintenance_mode ? '维护模式已开启' : '维护模式已关闭' }); } catch (error) { console.error('切换维护模式失败:', error); next(error); } }); module.exports = router;