Initial commit

api/middleware.py

@@ -0,0 +1,46 @@
+import time
+from fastapi import Request, Response
+from starlette.middleware.base import BaseHTTPMiddleware, RequestResponseEndpoint
+from services.logging import LogService
+from models.database import UserAccount
+import jwt
+from jwt.exceptions import InvalidTokenError
+from services.auth import  ALGORITHM
+from services.config import ConfigCenter
+
+class LoggingMiddleware(BaseHTTPMiddleware):
+    async def dispatch(self, request: Request, call_next: RequestResponseEndpoint) -> Response:
+        start_time = time.time()
+        user_id = None
+        if "authorization" in request.headers:
+            token_str = request.headers.get("authorization")
+            try:
+                if token_str and token_str.startswith("Bearer "):
+                    token = token_str.split(" ")[1]
+                    payload = jwt.decode(token, ConfigCenter.get_secret_key("SECRET_KEY"), algorithms=[ALGORITHM])
+                    username = payload.get("sub")
+                    if username:
+                        user_account = await UserAccount.get_or_none(username=username)
+                        if user_account:
+                            user_id = user_account.id
+            except (InvalidTokenError, Exception):
+                pass
+
+        response = await call_next(request)
+        
+        process_time = (time.time() - start_time) * 1000
+        
+        details = {
+            "client_ip": request.client.host,
+            "method": request.method,
+            "path": request.url.path,
+            "headers": dict(request.headers),
+            "status_code": response.status_code,
+            "process_time_ms": round(process_time, 2)
+        }
+        
+        message = f"{request.method} {request.url.path} - {response.status_code}"
+        
+        await LogService.api(message, details, user_id)
+        
+        return response

api/response.py

@@ -0,0 +1,16 @@
+from typing import Any, Optional
+
+
+def success(data: Any = None, msg: str = "ok", code: int = 0):
+    """标准成功响应包装。"""
+    return {"code": code, "msg": msg, "data": data}
+
+
+def page(items: list[Any], total: int, page: int, page_size: int):
+    """统一分页数据结构。"""
+    pages = (total + page_size - 1) // page_size if page_size else 0
+    return {"items": items, "total": total, "page": page, "page_size": page_size, "pages": pages}
+
+
+def error(msg: str, code: int = 1, data: Optional[Any] = None):
+    return {"code": code, "msg": msg, "data": data}

api/routers.py

@@ -0,0 +1,18 @@
+from fastapi import FastAPI
+
+from .routes import adapters, virtual_fs, mounts, auth, config, processors, tasks, logs, share, backup, search
+
+
+def include_routers(app: FastAPI):
+    app.include_router(adapters.router)
+    app.include_router(virtual_fs.router)
+    app.include_router(search.router)
+    app.include_router(mounts.router)
+    app.include_router(auth.router)
+    app.include_router(config.router)
+    app.include_router(processors.router)
+    app.include_router(tasks.router)
+    app.include_router(logs.router)
+    app.include_router(share.router)
+    app.include_router(share.public_router)
+    app.include_router(backup.router)

api/routes/adapters.py

@@ -0,0 +1,179 @@
+from fastapi import APIRouter, HTTPException, Depends
+from tortoise.transactions import in_transaction
+from typing import Annotated
+
+from models import StorageAdapter, Mount
+from schemas import AdapterCreate, AdapterOut
+from services.auth import get_current_active_user, User
+from services.adapters.registry import runtime_registry, get_config_schemas
+from api.response import success
+from services.logging import LogService
+
+router = APIRouter(prefix="/api/adapters", tags=["adapters"])
+
+
+def validate_and_normalize_config(adapter_type: str, cfg):
+    schemas = get_config_schemas()
+    if not isinstance(cfg, dict):
+        raise HTTPException(400, detail="config 必须是对象")
+    schema = schemas.get(adapter_type)
+    if not schema:
+        raise HTTPException(400, detail=f"不支持的适配器类型: {adapter_type}")
+    out = {}
+    missing = []
+    for f in schema:
+        k = f["key"]
+        if k in cfg and cfg[k] not in (None, ""):
+            out[k] = cfg[k]
+        elif "default" in f:
+            out[k] = f["default"]
+        elif f.get("required"):
+            missing.append(k)
+    if missing:
+        raise HTTPException(400, detail="缺少必填配置字段: " + ", ".join(missing))
+    return out
+
+
+@router.post("")
+async def create_adapter(
+    data: AdapterCreate,
+    current_user: Annotated[User, Depends(get_current_active_user)]
+):
+    adapter_fields = {
+        "name": data.name,
+        "type": data.type,
+        "config": validate_and_normalize_config(data.type, data.config or {}),
+        "enabled": data.enabled,
+    }
+    norm_path = AdapterCreate.normalize_mount_path(data.mount_path)
+    exists = await Mount.get_or_none(path=norm_path)
+    if exists:
+        raise HTTPException(400, detail="Mount path already exists")
+    async with in_transaction():
+        rec = await StorageAdapter.create(**adapter_fields)
+        await Mount.create(
+            path=norm_path,
+            sub_path=data.sub_path,
+            adapter=rec,
+            enabled=True,
+        )
+    rec.mount_path = norm_path
+    rec.sub_path = data.sub_path
+    await runtime_registry.refresh()
+    await LogService.action(
+        "route:adapters",
+        f"Created adapter {rec.name}",
+        details=adapter_fields,
+        user_id=current_user.id if hasattr(current_user, "id") else None,
+    )
+    return success(rec)
+
+
+@router.get("")
+async def list_adapters(
+    current_user: Annotated[User, Depends(get_current_active_user)]
+):
+    adapters = await StorageAdapter.all().prefetch_related("mounts")
+    out = []
+    for a in adapters:
+        mount = a.mounts[0] if a.mounts else None
+        item = AdapterOut(
+            name=a.name,
+            type=a.type,
+            config=a.config,
+            enabled=a.enabled,
+            id=a.id,
+            mount_path=mount.path if mount else None,
+            sub_path=mount.sub_path if mount else None
+        )
+        out.append(item)
+    return success(out)
+
+
+@router.get("/available")
+async def available_adapter_types(
+    current_user: Annotated[User, Depends(get_current_active_user)]
+):
+    data = []
+    for t, fields in get_config_schemas().items():
+        data.append({
+            "type": t,
+            "name": "本地文件系统" if t == "local" else ("WebDAV" if t == "webdav" else t),
+            "config_schema": fields,
+        })
+    return success(data)
+
+
+@router.get("/{adapter_id}")
+async def get_adapter(
+    adapter_id: int,
+    current_user: Annotated[User, Depends(get_current_active_user)]
+):
+    rec = await StorageAdapter.get_or_none(id=adapter_id).prefetch_related("mounts")
+    if not rec:
+        raise HTTPException(404, detail="Not found")
+    mount = rec.mounts[0] if rec.mounts else None
+    rec.mount_path = mount.path if mount else None
+    rec.sub_path = mount.sub_path if mount else None
+    return success(rec)
+
+
+@router.put("/{adapter_id}")
+async def update_adapter(
+    adapter_id: int,
+    data: AdapterCreate,
+    current_user: Annotated[User, Depends(get_current_active_user)]
+):
+
+    rec = await StorageAdapter.get_or_none(id=adapter_id).prefetch_related("mounts")
+    if not rec:
+        raise HTTPException(404, detail="Not found")
+    norm_path = AdapterCreate.normalize_mount_path(data.mount_path)
+    existing = await Mount.get_or_none(path=norm_path)
+    mount = rec.mounts[0] if rec.mounts else None
+    if existing and (not mount or existing.id != mount.id):
+        raise HTTPException(400, detail="Mount path already exists")
+    rec.name = data.name
+    rec.type = data.type
+    rec.config = validate_and_normalize_config(data.type, data.config or {})
+    rec.enabled = data.enabled
+    await rec.save()
+    if mount:
+        mount.path = norm_path
+        mount.sub_path = data.sub_path
+        await mount.save()
+    else:
+        mount = await Mount.create(
+            path=norm_path,
+            sub_path=data.sub_path,
+            adapter=rec,
+            enabled=True,
+        )
+    rec.mount_path = mount.path
+    rec.sub_path = mount.sub_path
+    await runtime_registry.refresh()
+    await LogService.action(
+        "route:adapters",
+        f"Updated adapter {rec.name}",
+        details=data.model_dump(),
+        user_id=current_user.id if hasattr(current_user, "id") else None,
+    )
+    return success(rec)
+
+
+@router.delete("/{adapter_id}")
+async def delete_adapter(
+    adapter_id: int,
+    current_user: Annotated[User, Depends(get_current_active_user)]
+):
+    deleted = await StorageAdapter.filter(id=adapter_id).delete()
+    if not deleted:
+        raise HTTPException(404, detail="Not found")
+    await runtime_registry.refresh()
+    await LogService.action(
+        "route:adapters",
+        f"Deleted adapter {adapter_id}",
+        details={"adapter_id": adapter_id},
+        user_id=current_user.id if hasattr(current_user, "id") else None,
+    )
+    return success({"deleted": True})

api/routes/auth.py

@@ -0,0 +1,53 @@
+from typing import Annotated
+from fastapi import APIRouter, HTTPException, Depends, Form
+from fastapi.security import OAuth2PasswordRequestForm
+from services.auth import (
+    authenticate_user_db,
+    create_access_token,
+    ACCESS_TOKEN_EXPIRE_MINUTES,
+    register_user,
+    Token,
+)
+from pydantic import BaseModel
+from datetime import timedelta
+from api.response import success
+
+router = APIRouter(prefix="/api/auth", tags=["auth"])
+
+
+class RegisterRequest(BaseModel):
+    username: str
+    password: str
+    email: str | None = None
+    full_name: str | None = None
+
+@router.post("/register", summary="注册第一个管理员用户")
+async def register(data: RegisterRequest):
+    """
+    仅当系统中没有用户时，才允许注册。
+    """
+    user = await register_user(
+        username=data.username,
+        password=data.password,
+        email=data.email,
+        full_name=data.full_name,
+    )
+    return success({"username": user.username}, msg="初始用户注册成功")
+
+
+@router.post("/login")
+async def login_for_access_token(
+    form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
+) -> Token:
+    user = await authenticate_user_db(form_data.username, form_data.password)
+    if not user:
+        raise HTTPException(
+            status_code=401,
+            detail="用户名或密码错误",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+    access_token = await create_access_token(
+        data={"sub": user.username}, expires_delta=access_token_expires
+    )
+    return Token(access_token=access_token, token_type="bearer")

api/routes/backup.py

@@ -0,0 +1,50 @@
+from fastapi import APIRouter, Depends, UploadFile, File, HTTPException
+from fastapi.responses import JSONResponse
+from services.auth import get_current_active_user
+from services.backup import BackupService
+from models.database import UserAccount
+import json
+import datetime
+
+router = APIRouter(
+    prefix="/api/backup",
+    tags=["Backup & Restore"],
+    dependencies=[Depends(get_current_active_user)],
+)
+
+@router.get("/export", summary="导出全站数据")
+async def export_backup():
+    """
+    生成并下载一个包含所有关键数据的JSON文件。
+    """
+    try:
+        data = await BackupService.export_data()
+        timestamp = datetime.datetime.now().strftime("%Y-%m-%d_%H-%M-%S")
+        headers = {
+            "Content-Disposition": f"attachment; filename=foxel_backup_{timestamp}.json"
+        }
+        return JSONResponse(content=data, headers=headers)
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+@router.post("/import", summary="导入数据")
+async def import_backup(file: UploadFile = File(...)):
+    """
+    从上传的JSON文件恢复数据。
+    **警告**: 这将会覆盖所有现有数据！
+    """
+
+    if not file.filename.endswith(".json"):
+        raise HTTPException(status_code=400, detail="无效的文件类型, 请上传 .json 文件")
+
+    try:
+        contents = await file.read()
+        data = json.loads(contents)
+    except Exception:
+        raise HTTPException(status_code=400, detail="无法解析JSON文件")
+    
+    try:
+        await BackupService.import_data(data)
+        return {"message": "数据导入成功。"}
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"导入失败: {e}")

api/routes/config.py

@@ -0,0 +1,45 @@
+from fastapi import APIRouter, Depends, Form
+from typing import Annotated
+from services.config import ConfigCenter
+from services.auth import get_current_active_user, User, has_users
+from api.response import success
+
+router = APIRouter(prefix="/api/config", tags=["config"])
+
+
+@router.get("/")
+async def get_config(
+    current_user: Annotated[User, Depends(get_current_active_user)],
+    key: str
+):
+    value = await ConfigCenter.get(key)
+    return success({"key": key, "value": value})
+
+
+@router.post("/")
+async def set_config(
+    current_user: Annotated[User, Depends(get_current_active_user)],
+    key: str = Form(...),
+    value: str = Form(...)
+):
+    await ConfigCenter.set(key, value)
+    return success({"key": key, "value": value})
+
+
+@router.get("/all")
+async def get_all_config(
+    current_user: Annotated[User, Depends(get_current_active_user)]
+):
+    configs = await ConfigCenter.get_all()
+    return success(configs)
+
+
+@router.get("/status")
+async def get_system_status():
+    system_info = {
+        "version": "1.0.0",
+        "title":  await ConfigCenter.get("APP_NAME", "Foxel"),
+        "logo": await ConfigCenter.get("APP_LOGO", "/logo.svg"),
+        "is_initialized": await has_users()
+    }
+    return success(system_info)

api/routes/logs.py

@@ -0,0 +1,48 @@
+from typing import Optional
+from fastapi import APIRouter, Query
+from models.database import Log
+from api.response import page, success
+from tortoise.expressions import Q
+from datetime import datetime
+
+router = APIRouter(prefix="/api/logs", tags=["Logs"])
+
+@router.get("")
+async def get_logs(
+    page_num: int = Query(1, alias="page"),
+    page_size: int = Query(20, alias="page_size"),
+    level: Optional[str] = Query(None),
+    source: Optional[str] = Query(None),
+    start_time: Optional[datetime] = Query(None),
+    end_time: Optional[datetime] = Query(None),
+):
+    """获取日志列表，支持分页和筛选"""
+    query = Log.all()
+    if level:
+        query = query.filter(level=level)
+    if source:
+        query = query.filter(source__icontains=source)
+    if start_time:
+        query = query.filter(timestamp__gte=start_time)
+    if end_time:
+        query = query.filter(timestamp__lte=end_time)
+
+    total = await query.count()
+    logs = await query.order_by("-timestamp").offset((page_num - 1) * page_size).limit(page_size)
+
+    return success(page([log for log in logs], total, page_num, page_size))
+
+@router.delete("")
+async def clear_logs(
+    start_time: Optional[datetime] = Query(None),
+    end_time: Optional[datetime] = Query(None),
+):
+    """清理指定时间范围内的日志"""
+    query = Log.all()
+    if start_time:
+        query = query.filter(timestamp__gte=start_time)
+    if end_time:
+        query = query.filter(timestamp__lte=end_time)
+    
+    deleted_count = await query.delete()
+    return success({"deleted_count": deleted_count})

api/routes/mounts.py

@@ -0,0 +1,84 @@
+from fastapi import APIRouter, HTTPException, Depends
+from typing import Annotated
+
+from models import StorageAdapter, Mount
+from schemas import MountCreate, MountOut
+from api.response import success
+from services.auth import get_current_active_user, User
+from services.logging import LogService
+
+router = APIRouter(prefix="/api/mounts", tags=["mounts"])
+
+
+@router.post("")
+async def create_mount(
+    data: MountCreate,
+    current_user: Annotated[User, Depends(get_current_active_user)],
+):
+    adapter = await StorageAdapter.get_or_none(id=data.adapter_id)
+    if not adapter:
+        raise HTTPException(400, detail="Adapter not found")
+    rec = await Mount.create(
+        path=MountCreate.normalize(data.path),
+        adapter=adapter,
+        sub_path=data.sub_path,
+        enabled=data.enabled,
+    )
+    await LogService.action(
+        "route:mounts",
+        f"Created mount {rec.path}",
+        details=data.model_dump(),
+        user_id=current_user.id if hasattr(current_user, "id") else None,
+    )
+    return success(rec)
+
+
+@router.get("")
+async def list_mounts(
+    current_user: Annotated[User, Depends(get_current_active_user)],
+):
+    recs = await Mount.all()
+    return success(recs)
+
+
+@router.put("/{mount_id}")
+async def update_mount(
+    mount_id: int,
+    data: MountCreate,
+    current_user: Annotated[User, Depends(get_current_active_user)],
+):
+    rec = await Mount.get_or_none(id=mount_id)
+    if not rec:
+        raise HTTPException(404, detail="Not found")
+    adapter = await StorageAdapter.get_or_none(id=data.adapter_id)
+    if not adapter:
+        raise HTTPException(400, detail="Adapter not found")
+    rec.path = MountCreate.normalize(data.path)
+    rec.adapter = adapter
+    rec.sub_path = data.sub_path
+    rec.enabled = data.enabled
+    await rec.save()
+    await LogService.action(
+        "route:mounts",
+        f"Updated mount {rec.path}",
+        details=data.model_dump(),
+        user_id=current_user.id if hasattr(current_user, "id") else None,
+    )
+    return success(rec)
+
+
+@router.delete("/{mount_id}")
+async def delete_mount(
+    mount_id: int,
+    current_user: Annotated[User, Depends(get_current_active_user)],
+):
+    deleted = await Mount.filter(id=mount_id).delete()
+    if not deleted:
+        raise HTTPException(404, detail="Not found")
+    await LogService.action(
+        "route:mounts",
+        f"Deleted mount {mount_id}",
+        details={"mount_id": mount_id},
+        user_id=current_user.id if hasattr(current_user, "id") else None,
+    )
+    return success({"deleted": True})

api/routes/processors.py

@@ -0,0 +1,44 @@
+from fastapi import APIRouter, Depends, Body
+from typing import Annotated
+from services.processors.registry import get_config_schemas
+from services.virtual_fs import process_file
+from services.auth import get_current_active_user, User
+from api.response import success
+from pydantic import BaseModel
+
+router = APIRouter(prefix="/api/processors", tags=["processors"])
+
+
+@router.get("")
+async def list_processors(
+    current_user: Annotated[User, Depends(get_current_active_user)]
+):
+    schemas = get_config_schemas()
+    out = []
+    for t, meta in schemas.items():
+        out.append({
+            "type": meta["type"],
+            "name": meta["name"],
+            "supported_exts": meta.get("supported_exts", []),
+            "config_schema": meta["config_schema"],
+            "produces_file": meta.get("produces_file", False), 
+        })
+    return success(out)
+
+
+class ProcessRequest(BaseModel):
+    path: str
+    processor_type: str
+    config: dict
+    save_to: str | None = None
+    overwrite: bool = False
+
+
+@router.post("/process")
+async def process_file_with_processor(
+    current_user: Annotated[User, Depends(get_current_active_user)],
+    req: ProcessRequest = Body(...)
+):
+    save_to = req.path if req.overwrite else req.save_to
+    result = await process_file(req.path, req.processor_type, req.config, save_to)
+    return success(result)

api/routes/search.py

@@ -0,0 +1,41 @@
+from fastapi import APIRouter, Depends, Query
+from schemas.fs import SearchResultItem
+from services.auth import get_current_active_user, User
+from services.ai import get_text_embedding
+from services.vector_db import VectorDBService
+
+router = APIRouter(prefix="/api/search", tags=["search"])
+
+async def search_files_by_vector(q: str, top_k: int):
+    embedding = await get_text_embedding(q)
+    vector_db = VectorDBService()
+    results = vector_db.search_vectors("vector_collection", embedding, top_k)
+    items = [
+        SearchResultItem(id=res["id"], path=res["entity"]["path"], score=res["distance"])
+        for res in results[0]
+    ]
+    return {"items": items, "query": q}
+
+async def search_files_by_name(q: str, top_k: int):
+    vector_db = VectorDBService()
+    results = vector_db.search_by_path("vector_collection", q, top_k)
+    items = [
+        SearchResultItem(id=idx, path=res["entity"]["path"], score=res["distance"])
+        for idx, res in enumerate(results[0])
+    ]
+    return {"items": items, "query": q}
+
+
+@router.get("")
+async def search_files(
+    q: str = Query(..., description="搜索查询"),
+    top_k: int = Query(10, description="返回结果数量"),
+    mode: str = Query("vector", description="搜索模式: 'vector' 或 'filename'"),
+    user: User = Depends(get_current_active_user),
+):
+    if mode == "vector":
+        return await search_files_by_vector(q, top_k)
+    elif mode == "filename":
+        return await search_files_by_name(q, top_k)
+    else:
+        return {"items": [], "query": q, "error": "Invalid search mode"}

api/routes/share.py

@@ -0,0 +1,195 @@
+from typing import List, Optional
+from urllib.parse import quote
+from fastapi import APIRouter, Depends, HTTPException, Request
+from pydantic import BaseModel
+
+from api.response import success
+from services.auth import User, get_current_active_user
+from services.share import share_service
+from services.virtual_fs import stream_file, stat_file
+from models.database import ShareLink, UserAccount
+
+public_router = APIRouter(prefix="/api/s", tags=["Share - Public"])
+router = APIRouter(prefix="/api/shares", tags=["Share - Management"])
+
+class ShareCreate(BaseModel):
+    name: str
+    paths: List[str]
+    expires_in_days: Optional[int] = 7
+    access_type: str = "public"
+    password: Optional[str] = None
+
+
+class ShareInfo(BaseModel):
+    id: int
+    token: str
+    name: str
+    paths: List[str]
+    created_at: str
+    expires_at: Optional[str] = None
+    access_type: str
+    
+    @classmethod
+    def from_orm(cls, obj: ShareLink):
+        return cls(
+            id=obj.id,
+            token=obj.token,
+            name=obj.name,
+            paths=obj.paths,
+            created_at=obj.created_at.isoformat(),
+            expires_at=obj.expires_at.isoformat() if obj.expires_at else None,
+            access_type=obj.access_type,
+        )
+
+# --- Management Routes ---
+
+@router.post("", response_model=ShareInfo)
+async def create_share(
+    payload: ShareCreate,
+    current_user: User = Depends(get_current_active_user),
+):
+    """
+    创建一个新的分享链接。
+    """
+    user_account = await UserAccount.get(id=current_user.id)
+    share = await share_service.create_share_link(
+        user=user_account,
+        name=payload.name,
+        paths=payload.paths,
+        expires_in_days=payload.expires_in_days,
+        access_type=payload.access_type,
+        password=payload.password,
+    )
+    return ShareInfo.from_orm(share)
+
+
+@router.get("", response_model=List[ShareInfo])
+async def get_my_shares(current_user: User = Depends(get_current_active_user)):
+    """
+    获取当前用户的所有分享链接。
+    """
+    user_account = await UserAccount.get(id=current_user.id)
+    shares = await share_service.get_user_shares(user=user_account)
+    return [ShareInfo.from_orm(s) for s in shares]
+
+
+@router.delete("/{share_id}")
+async def delete_share(
+    share_id: int,
+    current_user: User = Depends(get_current_active_user),
+):
+    """
+    删除一个分享链接。
+    """
+    await share_service.delete_share_link(user=current_user, share_id=share_id)
+    return success(msg="分享已取消")
+
+
+# --- Public Routes ---
+
+class SharePassword(BaseModel):
+    password: str
+
+@public_router.post("/{token}/verify")
+async def verify_password(token: str, payload: SharePassword):
+    """
+    验证分享链接的密码。
+    """
+    share = await share_service.get_share_by_token(token)
+    if share.access_type != "password":
+        raise HTTPException(status_code=400, detail="此分享不需要密码")
+
+    if not share_service._verify_password(payload.password, share.hashed_password):
+        raise HTTPException(status_code=403, detail="密码错误")
+    
+    # 在这里可以考虑返回一个有时效性的token用于后续访问，但为了简单起见，
+    # 我们让前端在每次请求时都带上密码或一个会话标识。
+    # 简单起见，我们只返回成功状态。
+    return success(msg="验证成功")
+
+
+@public_router.get("/{token}/ls")
+async def list_share_content(token: str, path: str = "/", password: Optional[str] = None):
+    """
+    列出分享链接中的文件和目录。
+    """
+    share = await share_service.get_share_by_token(token)
+    
+    if share.access_type == "password":
+        if not password:
+            raise HTTPException(status_code=401, detail="需要密码")
+        if not share_service._verify_password(password, share.hashed_password):
+            raise HTTPException(status_code=403, detail="密码错误")
+
+    content = await share_service.get_shared_item_details(share, path)
+    return success({
+        "path": path,
+        "entries": content.get("items", []),
+        "pagination": {
+            "total": content.get("total", 0),
+            "page": content.get("page", 1),
+            "page_size": content.get("page_size", 1),
+            "pages": content.get("pages", 1),
+        }
+    })
+
+@public_router.get("/{token}")
+async def get_share_info(token: str):
+    """
+    获取分享链接的元数据信息。
+    """
+    share = await share_service.get_share_by_token(token)
+    return success(ShareInfo.from_orm(share))
+
+
+
+@public_router.get("/{token}/download")
+async def download_shared_file(token: str, path: str, request: Request, password: Optional[str] = None):
+    """
+    下载分享链接中的单个文件。
+    """
+    if not path or path == "/" or ".." in path.split('/'):
+        raise HTTPException(status_code=400, detail="无效的文件路径")
+
+    share = await share_service.get_share_by_token(token)
+    if share.access_type == "password":
+        if not password:
+            raise HTTPException(status_code=401, detail="需要密码")
+        if not share_service._verify_password(password, share.hashed_password):
+            raise HTTPException(status_code=403, detail="密码错误")
+    base_shared_path = share.paths[0]
+
+    # 判断分享的是文件还是目录
+    is_dir = False
+    try:
+        stat = await stat_file(base_shared_path)
+        if stat and stat.get("is_dir"):
+            is_dir = True
+    except HTTPException as e:
+        if "Path is a directory" in str(e.detail) or "Not a file" in str(e.detail):
+            is_dir = True
+        else:
+            # The shared path itself doesn't exist, which is an issue.
+            raise HTTPException(status_code=404, detail="分享的源文件不存在")
+
+    if is_dir:
+        # 目录分享：拼接路径
+        full_virtual_path = f"{base_shared_path.rstrip('/')}/{path.lstrip('/')}"
+        if not full_virtual_path.startswith(base_shared_path):
+            raise HTTPException(status_code=403, detail="无权访问此路径")
+    else:
+        # 文件分享：路径应为分享的根路径
+        shared_filename = base_shared_path.split('/')[-1]
+        request_filename = path.lstrip('/')
+        if shared_filename != request_filename:
+            raise HTTPException(status_code=403, detail="无权访问此路径")
+        full_virtual_path = base_shared_path
+
+    range_header = request.headers.get("Range")
+    response = await stream_file(full_virtual_path, range_header)
+
+    # 设置 Content-Disposition 头来强制下载
+    filename = full_virtual_path.split('/')[-1]
+    response.headers["Content-Disposition"] = f"attachment; filename*=UTF-8''{quote(filename)}"
+    
+    return response

api/routes/tasks.py

@@ -0,0 +1,84 @@
+from fastapi import APIRouter, Depends, HTTPException
+from typing import Annotated
+
+from models.database import AutomationTask
+from schemas.tasks import AutomationTaskCreate, AutomationTaskUpdate
+from api.response import success
+from services.auth import get_current_active_user, User
+from services.logging import LogService
+
+router = APIRouter(
+    prefix="/api/tasks",
+    tags=["Tasks"],
+    dependencies=[Depends(get_current_active_user)],
+    responses={404: {"description": "Not found"}},
+)
+
+
+@router.post("/")
+async def create_task(
+    task_in: AutomationTaskCreate,
+    user: User = Depends(get_current_active_user)
+):
+    task = await AutomationTask.create(**task_in.model_dump())
+    await LogService.action(
+        "route:tasks",
+        f"Created task {task.name}",
+        details=task_in.model_dump(),
+        user_id=user.id if hasattr(user, "id") else None,
+    )
+    return success(task)
+
+
+@router.get("/{task_id}")
+async def get_task(task_id: int):
+    task = await AutomationTask.get_or_none(id=task_id)
+    if not task:
+        raise HTTPException(
+            status_code=404, detail=f"Task {task_id} not found")
+    return success(task)
+
+
+@router.get("/")
+async def list_tasks():
+    tasks = await AutomationTask.all()
+    return success(tasks)
+
+
+@router.put("/{task_id}")
+async def update_task(
+        current_user: Annotated[User, Depends(get_current_active_user)],
+        task_id: int, task_in: AutomationTaskUpdate):
+    task = await AutomationTask.get_or_none(id=task_id)
+    if not task:
+        raise HTTPException(
+            status_code=404, detail=f"Task {task_id} not found")
+    update_data = task_in.model_dump(exclude_unset=True)
+    for key, value in update_data.items():
+        setattr(task, key, value)
+    await task.save()
+    await LogService.action(
+        "route:tasks",
+        f"Updated task {task.name}",
+        details=task_in.model_dump(),
+        user_id=current_user.id,
+    )
+    return success(task)
+
+
+@router.delete("/{task_id}")
+async def delete_task(
+    task_id: int,
+    user: User = Depends(get_current_active_user)
+):
+    deleted_count = await AutomationTask.filter(id=task_id).delete()
+    if not deleted_count:
+        raise HTTPException(
+            status_code=404, detail=f"Task {task_id} not found")
+    await LogService.action(
+        "route:tasks",
+        f"Deleted task {task_id}",
+        details={"task_id": task_id},
+        user_id=user.id if hasattr(user, "id") else None,
+    )
+    return success(msg="Task deleted")

api/routes/virtual_fs.py

@@ -0,0 +1,317 @@
+from fastapi import APIRouter, UploadFile, File, HTTPException, Response, Query, Request, Depends
+import mimetypes
+import re
+from typing import Annotated
+
+from services.auth import get_current_active_user, User
+from services.virtual_fs import (
+    list_virtual_dir,
+    read_file,
+    write_file,
+    make_dir,
+    delete_path,
+    move_path,
+    resolve_adapter_and_rel,
+    stream_file,
+    generate_temp_link_token,
+    verify_temp_link_token,
+)
+from services.thumbnail import is_image_filename, get_or_create_thumb
+from schemas import MkdirRequest, MoveRequest
+from api.response import success
+from services.ai import get_text_embedding
+from services.vector_db import VectorDBService
+
+router = APIRouter(prefix='/api/fs', tags=["virtual-fs"])
+
+
+@router.get("/file/{full_path:path}")
+async def get_file(
+    full_path: str,
+    request: Request,
+    current_user: Annotated[User, Depends(get_current_active_user)]
+):
+    full_path = '/' + full_path if not full_path.startswith('/') else full_path
+
+    try:
+        content = await read_file(full_path)
+    except FileNotFoundError:
+        raise HTTPException(404, detail="File not found")
+
+    if not isinstance(content, (bytes, bytearray)):
+        return Response(content=content, media_type="application/octet-stream")
+
+    content_length = len(content)
+    content_type = mimetypes.guess_type(
+        full_path)[0] or "application/octet-stream"
+
+    range_header = request.headers.get('Range')
+    if range_header:
+        range_match = re.match(r'bytes=(\d+)-(\d*)', range_header)
+        if range_match:
+            start = int(range_match.group(1))
+            end = int(range_match.group(2)) if range_match.group(
+                2) else content_length - 1
+
+            start = max(0, min(start, content_length - 1))
+            end = max(start, min(end, content_length - 1))
+
+            chunk = content[start:end + 1]
+            chunk_size = len(chunk)
+
+            headers = {
+                'Content-Range': f'bytes {start}-{end}/{content_length}',
+                'Accept-Ranges': 'bytes',
+                'Content-Length': str(chunk_size),
+                'Content-Type': content_type,
+            }
+
+            return Response(
+                content=chunk,
+                status_code=206,
+                headers=headers
+            )
+
+    headers = {
+        'Accept-Ranges': 'bytes',
+        'Content-Length': str(content_length),
+        'Content-Type': content_type,
+    }
+
+    if content_type.startswith('video/'):
+        headers['Cache-Control'] = 'public, max-age=3600'
+
+    return Response(content=content, headers=headers)
+
+
+@router.get("/thumb/{full_path:path}")
+async def get_thumb(
+    full_path: str,
+    w: int = Query(256, ge=8, le=1024),
+    h: int = Query(256, ge=8, le=1024),
+    fit: str = Query("cover"),
+):
+    full_path = '/' + full_path if not full_path.startswith('/') else full_path
+    if fit not in ("cover", "contain"):
+        raise HTTPException(400, detail="fit must be cover|contain")
+    adapter, mount, root, rel = await resolve_adapter_and_rel(full_path)
+    if not rel or rel.endswith('/'):
+        raise HTTPException(400, detail="Not a file")
+    if not is_image_filename(rel):
+        raise HTTPException(404, detail="Not an image")
+    # type: ignore
+    data, mime, key = await get_or_create_thumb(adapter, mount.adapter_id, root, rel, w, h, fit)
+    headers = {
+        'Cache-Control': 'public, max-age=3600',
+        'ETag': key,
+    }
+    return Response(content=data, media_type=mime, headers=headers)
+
+
+@router.get("/stream/{full_path:path}")
+async def stream_endpoint(
+    full_path: str,
+    request: Request,
+):
+    """支持 Range 的视频/大文件流式读取，优先使用底层适配器 Range 能力。"""
+    full_path = '/' + full_path if not full_path.startswith('/') else full_path
+    range_header = request.headers.get('Range')
+    try:
+        return await stream_file(full_path, range_header)
+    except HTTPException:
+        raise
+    except FileNotFoundError:
+        raise HTTPException(404, detail="File not found")
+    except Exception as e:
+        raise HTTPException(500, detail=f"Stream error: {e}")
+
+
+@router.get("/temp-link/{full_path:path}")
+async def get_temp_link(
+    full_path: str,
+    current_user: Annotated[User, Depends(get_current_active_user)]
+):
+    """获取文件的临时公开访问令牌"""
+    full_path = '/' + full_path if not full_path.startswith('/') else full_path
+    token = await generate_temp_link_token(full_path)
+    return success({"token": token, "path": full_path})
+
+
+@router.get("/public/{token}")
+async def access_public_file(
+    token: str,
+    request: Request,
+):
+    """通过令牌公开访问文件，支持 Range 请求"""
+    try:
+        path = await verify_temp_link_token(token)
+    except HTTPException as e:
+        raise e
+
+    range_header = request.headers.get('Range')
+    try:
+        return await stream_file(path, range_header)
+    except FileNotFoundError:
+        raise HTTPException(404, detail="File not found via token")
+    except Exception as e:
+        raise HTTPException(500, detail=f"File access error: {e}")
+
+
+@router.get("/stat/{full_path:path}")
+async def get_file_stat(
+    full_path: str,
+    current_user: Annotated[User, Depends(get_current_active_user)]
+):
+    full_path = '/' + full_path if not full_path.startswith('/') else full_path
+    from services.virtual_fs import stat_file
+    stat = await stat_file(full_path)
+    return success(stat)
+
+
+@router.post("/file/{full_path:path}")
+async def put_file(
+    current_user: Annotated[User, Depends(get_current_active_user)],
+    full_path: str,
+    file: UploadFile = File(...)
+):
+    full_path = '/' + full_path if not full_path.startswith('/') else full_path
+    data = await file.read()
+    await write_file(full_path, data)
+    return success({"written": True, "path": full_path, "size": len(data)})
+
+
+@router.post("/mkdir")
+async def api_mkdir(
+    current_user: Annotated[User, Depends(get_current_active_user)],
+    body: MkdirRequest
+):
+    path = body.path if body.path.startswith('/') else '/' + body.path
+    if not path or path == '/':
+        raise HTTPException(400, detail="Invalid path")
+    await make_dir(path)
+    return success({"created": True, "path": path})
+
+
+@router.post("/move")
+async def api_move(
+    current_user: Annotated[User, Depends(get_current_active_user)],
+    body: MoveRequest
+):
+    src = body.src if body.src.startswith('/') else '/' + body.src
+    dst = body.dst if body.dst.startswith('/') else '/' + body.dst
+    await move_path(src, dst)
+    return success({"moved": True, "src": src, "dst": dst})
+
+
+@router.post("/rename")
+async def api_rename(
+    current_user: Annotated[User, Depends(get_current_active_user)],
+    body: MoveRequest,
+    overwrite: bool = Query(False, description="是否允许覆盖已存在目标"),
+    debug: bool = Query(False, description="返回调试信息")
+):
+    src = body.src if body.src.startswith('/') else '/' + body.src
+    dst = body.dst if body.dst.startswith('/') else '/' + body.dst
+    from services.virtual_fs import rename_path
+    debug_info = await rename_path(src, dst, overwrite=overwrite, return_debug=debug)
+    return success({
+        "renamed": True,
+        "src": src,
+        "dst": dst,
+        "overwrite": overwrite,
+        **({"debug": debug_info} if debug else {})
+    })
+
+
+@router.post("/copy")
+async def api_copy(
+    current_user: Annotated[User, Depends(get_current_active_user)],
+    body: MoveRequest,
+    overwrite: bool = Query(False, description="是否覆盖已存在目标"),
+    debug: bool = Query(False, description="返回调试信息")
+):
+    from services.virtual_fs import copy_path
+    src = body.src if body.src.startswith('/') else '/' + body.src
+    dst = body.dst if body.dst.startswith('/') else '/' + body.dst
+    debug_info = await copy_path(src, dst, overwrite=overwrite, return_debug=debug)
+    return success({
+        "copied": True,
+        "src": src,
+        "dst": dst,
+        "overwrite": overwrite,
+        **({"debug": debug_info} if debug else {})
+    })
+
+
+@router.post("/upload/{full_path:path}")
+async def upload_stream(
+    current_user: Annotated[User, Depends(get_current_active_user)],
+    full_path: str,
+    file: UploadFile = File(...),
+    overwrite: bool = Query(True, description="是否覆盖已存在文件"),
+    chunk_size: int = Query(1024 * 1024, ge=8 * 1024,
+                            le=8 * 1024 * 1024, description="单次读取块大小")
+):
+    full_path = '/' + full_path if not full_path.startswith('/') else full_path
+    if full_path.endswith('/'):
+        raise HTTPException(400, detail="Path must be a file")
+    from services.virtual_fs import write_file_stream, resolve_adapter_and_rel
+    adapter, _m, root, rel = await resolve_adapter_and_rel(full_path)
+    exists_func = getattr(adapter, "exists", None)
+    if not overwrite and callable(exists_func):
+        try:
+            if await exists_func(root, rel):
+                raise HTTPException(409, detail="Destination exists")
+        except HTTPException:
+            raise
+        except Exception:
+            pass
+
+    async def gen():
+        while True:
+            chunk = await file.read(chunk_size)
+            if not chunk:
+                break
+            yield chunk
+    size = await write_file_stream(full_path, gen(), overwrite=overwrite)
+    return success({"uploaded": True, "path": full_path, "size": size, "overwrite": overwrite})
+
+
+@router.get("/{full_path:path}")
+async def browse_fs(
+    current_user: Annotated[User, Depends(get_current_active_user)],
+    full_path: str,
+    page_num: int = Query(1, alias="page", ge=1, description="页码"),
+    page_size: int = Query(50, ge=1, le=500, description="每页条数")
+):
+    full_path = '/' + full_path if not full_path.startswith('/') else full_path
+    result = await list_virtual_dir(full_path, page_num, page_size)
+    return success({
+        "path": full_path,
+        "entries": result["items"],
+        "pagination": {
+            "total": result["total"],
+            "page": result["page"],
+            "page_size": result["page_size"],
+            "pages": result["pages"]
+        }
+    })
+
+
+@router.delete("/{full_path:path}")
+async def api_delete(
+    current_user: Annotated[User, Depends(get_current_active_user)],
+    full_path: str
+):
+    full_path = '/' + full_path if not full_path.startswith('/') else full_path
+    await delete_path(full_path)
+    return success({"deleted": True, "path": full_path})
+
+
+@router.get("/")
+async def root_listing(
+    current_user: Annotated[User, Depends(get_current_active_user)],
+    page_num: int = Query(1, alias="page", ge=1, description="页码"),
+    page_size: int = Query(50, ge=1, le=500, description="每页条数")
+):
+    return await browse_fs("", page_num, page_size)