feat: Docker部署与CI/CD集成, 搜索栏修复, 上传目录改为data

2025-11-28 18:42:30 +08:00
commit 8351d6bbfc
243 changed files with 13192 additions and 0 deletions
--- a/lib/auth.ts
+++ b/lib/auth.ts
@@ -0,0 +1,48 @@
+import bcrypt from 'bcrypt';
+import jwt from 'jsonwebtoken';
+
+const SALT_ROUNDS = 10;
+
+function getJwtSecret(): string {
+  const secret = process.env.JWT_SECRET;
+  if (!secret) {
+    throw new Error('JWT_SECRET is not set');
+  }
+  return secret;
+}
+
+/**
+ * Hash a password using bcrypt
+ */
+export async function hashPassword(password: string): Promise<string> {
+    return bcrypt.hash(password, SALT_ROUNDS);
+}
+
+/**
+ * Verify a password against a hash
+ */
+export async function verifyPassword(password: string, hash: string): Promise<boolean> {
+    return bcrypt.compare(password, hash);
+}
+
+/**
+ * Generate a JWT token for a user
+ */
+export function generateToken(userId: string): string {
+  return jwt.sign({ userId }, getJwtSecret(), {
+    expiresIn: '7d'
+  });
+}
+
+/**
+ * Verify and decode a JWT token
+ * Returns the user ID if valid, null otherwise
+ */
+export function verifyToken(token: string): { userId: string } | null {
+  try {
+    const decoded = jwt.verify(token, getJwtSecret()) as { userId: string };
+    return decoded;
+  } catch (error) {
+    return null;
+  }
+}
--- a/lib/db.ts
+++ b/lib/db.ts
@@ -0,0 +1,50 @@
+import mysql from 'mysql2/promise';
+import { SystemConfig } from '../types';
+
+// This is a singleton to reuse the connection pool in a server environment (Next.js)
+
+let pool: mysql.Pool | null = null;
+
+// Default config (fallback)
+const DEFAULT_CONFIG = {
+    host: process.env.DB_HOST || '127.0.0.1',
+    user: process.env.DB_USER || 'root',
+    password: process.env.DB_PASSWORD || 'password',
+    database: process.env.DB_NAME || 'nexus_db',
+    waitForConnections: true,
+    connectionLimit: 10,
+    queueLimit: 0
+};
+
+export const getDbConnection = async (configOverride?: SystemConfig) => {
+    if (pool) return pool;
+
+    const config = configOverride ? {
+        host: configOverride.dbHost,
+        port: parseInt(configOverride.dbPort),
+        user: configOverride.dbUser,
+        password: configOverride.dbPass,
+        database: configOverride.dbName,
+    } : DEFAULT_CONFIG;
+
+    try {
+        pool = mysql.createPool({
+            ...config,
+            waitForConnections: true,
+            connectionLimit: 10,
+            queueLimit: 0
+        });
+        
+        
+        return pool;
+    } catch (error) {
+        console.error('[MYSQL] Failed to initialize pool:', error);
+        throw error;
+    }
+};
+
+export const query = async (sql: string, params: any[]) => {
+    const db = await getDbConnection();
+    const [results] = await db.execute(sql, params);
+    return results;
+};
--- a/lib/middleware/adminMiddleware.ts
+++ b/lib/middleware/adminMiddleware.ts
@@ -0,0 +1,26 @@
+import { NextApiResponse } from 'next';
+import { AuthenticatedRequest, requireAuth } from './authMiddleware';
+import { UserRole } from '../../types';
+
+/**
+ * Middleware to require admin authentication
+ * Returns 403 if user is not an admin
+ */
+export async function requireAdmin(
+    req: AuthenticatedRequest,
+    res: NextApiResponse
+): Promise<boolean> {
+    // First check if user is authenticated
+    const isAuthenticated = await requireAuth(req, res);
+    if (!isAuthenticated) {
+        return false;
+    }
+
+    // Check if user has admin role
+    if (req.user?.role !== UserRole.ADMIN) {
+        res.status(403).json({ success: false, error: 'Admin access required' });
+        return false;
+    }
+
+    return true;
+}
--- a/lib/middleware/authMiddleware.ts
+++ b/lib/middleware/authMiddleware.ts
@@ -0,0 +1,89 @@
+import { NextApiRequest, NextApiResponse } from 'next';
+import { verifyToken } from '../auth';
+import { UserService } from '../../backend/services/userService';
+import { UserDTO } from '../../types';
+
+// Extend NextApiRequest to include user property
+export interface AuthenticatedRequest extends NextApiRequest {
+    user?: UserDTO;
+}
+
+/**
+ * Middleware to require authentication
+ * Returns 401 if no valid token is found
+ */
+export async function requireAuth(
+    req: AuthenticatedRequest,
+    res: NextApiResponse
+): Promise<boolean> {
+    const token = getTokenFromRequest(req);
+
+    if (!token) {
+        res.status(401).json({ success: false, error: 'Authentication required' });
+        return false;
+    }
+
+    const decoded = verifyToken(token);
+    if (!decoded) {
+        res.status(401).json({ success: false, error: 'Invalid or expired token' });
+        return false;
+    }
+
+    // Load user from database
+    const user = await UserService.getUserById(decoded.userId);
+    if (!user) {
+        res.status(401).json({ success: false, error: 'User not found' });
+        return false;
+    }
+
+    // Check if user is banned
+    if (user.status === 'BANNED') {
+        res.status(403).json({ success: false, error: 'Account has been banned' });
+        return false;
+    }
+
+    // Attach user to request
+    req.user = user;
+    return true;
+}
+
+/**
+ * Middleware for optional authentication
+ * Attaches user to request if valid token exists, but doesn't fail if not
+ */
+export async function optionalAuth(req: AuthenticatedRequest): Promise<void> {
+    const token = getTokenFromRequest(req);
+
+    if (!token) {
+        return;
+    }
+
+    const decoded = verifyToken(token);
+    if (!decoded) {
+        return;
+    }
+
+    const user = await UserService.getUserById(decoded.userId);
+    if (user && user.status !== 'BANNED') {
+        req.user = user;
+    }
+}
+
+/**
+ * Extract JWT token from request
+ * Checks both cookies and Authorization header
+ */
+function getTokenFromRequest(req: NextApiRequest): string | null {
+    // Check cookie first
+    if (req.cookies.token) {
+        return req.cookies.token;
+    }
+
+    // Check Authorization header
+    const authHeader = req.headers.authorization;
+    if (authHeader && authHeader.startsWith('Bearer ')) {
+        return authHeader.substring(7);
+    }
+
+    return null;
+}
--- a/lib/prisma.ts
+++ b/lib/prisma.ts
@@ -0,0 +1,36 @@
+import { PrismaClient } from '@prisma/client';
+import { getServerConfig } from './serverConfig';
+
+// PrismaClient is attached to the `global` object in development to prevent
+// exhausting your database connection limit.
+
+const getUrl = () => {
+  const cfg = getServerConfig();
+  const fromEnv = process.env.DATABASE_URL;
+  const fallback = `mysql://${cfg.dbUser}:${cfg.dbPass}@${cfg.dbHost}:${cfg.dbPort}/${cfg.dbName}`;
+  return fromEnv || fallback;
+};
+
+const prismaClientSingleton = () => {
+  const url = getUrl();
+  return new PrismaClient({ datasources: { db: { url } } });
+};
+
+type PrismaClientSingleton = ReturnType<typeof prismaClientSingleton>;
+
+const globalForPrisma = globalThis as unknown as {
+  prisma: PrismaClientSingleton | undefined;
+};
+
+export const prisma = globalForPrisma.prisma ?? prismaClientSingleton();
+
+if (process.env.NODE_ENV !== 'production') globalForPrisma.prisma = prisma;
+
+export default prisma;
+
+export const resetPrisma = () => {
+  const url = getUrl();
+  const client = new PrismaClient({ datasources: { db: { url } } });
+  globalForPrisma.prisma = client;
+  return client;
+};
--- a/lib/serverConfig.ts
+++ b/lib/serverConfig.ts
@@ -0,0 +1,54 @@
+export type ServerConfig = {
+  uploadMaxMB: number;
+  uploadDir: string;
+  dbHost: string;
+  dbPort: string;
+  dbUser: string;
+  dbPass: string;
+  dbName: string;
+};
+
+function parseDbFromEnv(): { host: string; port: string; user: string; pass: string; name: string } {
+  const url = process.env.DATABASE_URL || '';
+  try {
+    if (url) {
+      const u = new URL(url);
+      const host = u.hostname || '127.0.0.1';
+      const port = u.port || '3306';
+      const user = decodeURIComponent(u.username || 'root');
+      const pass = decodeURIComponent(u.password || '');
+      const name = (u.pathname || '/nexus_db').replace(/^\//, '') || 'nexus_db';
+      return { host, port, user, pass, name };
+    }
+  } catch {}
+  const host = process.env.DB_HOST || '127.0.0.1';
+  const port = process.env.DB_PORT || '3306';
+  const user = process.env.DB_USER || 'root';
+  const pass = process.env.DB_PASSWORD || '';
+  const name = process.env.DB_NAME || 'nexus_db';
+  return { host, port, user, pass, name };
+}
+
+const dbEnv = parseDbFromEnv();
+
+const config: ServerConfig = {
+  uploadMaxMB: parseInt(process.env.MAX_UPLOAD_MB || '') || 3,
+  uploadDir: process.env.UPLOAD_DIR || 'data',
+  dbHost: dbEnv.host,
+  dbPort: dbEnv.port,
+  dbUser: dbEnv.user,
+  dbPass: dbEnv.pass,
+  dbName: dbEnv.name,
+};
+
+export const getServerConfig = () => config;
+export const setServerConfig = (next: Partial<ServerConfig>) => {
+  if (typeof next.uploadMaxMB === 'number') config.uploadMaxMB = next.uploadMaxMB;
+  if (typeof next.uploadDir === 'string' && next.uploadDir.trim()) config.uploadDir = next.uploadDir.trim();
+  if (typeof next.dbHost === 'string') config.dbHost = next.dbHost;
+  if (typeof next.dbPort === 'string') config.dbPort = next.dbPort;
+  if (typeof next.dbUser === 'string') config.dbUser = next.dbUser;
+  if (typeof next.dbPass === 'string') config.dbPass = next.dbPass;
+  if (typeof next.dbName === 'string') config.dbName = next.dbName;
+  return config;
+};