GithubBackup/moemail
1
0
Fork 0
mirror of https://github.com/beilunyang/moemail.git synced 2026-05-06 20:02:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: Implement OpenAPI with API Key authentication and role-based access control

Browse Source
This commit is contained in:
beilunyang
2025-02-10 11:25:25 +08:00
parent 1bc0369b83
commit 9ad3115833
28 changed files with 2339 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
README.md
View File

@@ -16,6 +16,7 @@
<a href="#邮箱域名配置">邮箱域名配置</a> •
<a href="#权限系统">权限系统</a> •
<a href="#Webhook 集成">Webhook 集成</a> •
<a href="#OpenAPI">OpenAPI</a> •
<a href="#环境变量">环境变量</a> •
<a href="#Github OAuth App 配置">Github OAuth App 配置</a> •
<a href="#贡献">贡献</a> •
@@ -47,6 +48,7 @@
- 🎉 **可爱的 UI**:简洁可爱萌萌哒 UI 界面
- 🔔 **Webhook 通知**:支持通过 webhook 接收新邮件通知
- 🛡️ **权限系统**:支持基于角色的权限控制系统
- 🔑 **OpenAPI**:支持通过 API Key 访问 OpenAPI
## 技术栈
@@ -276,48 +278,39 @@ pnpm deploy:cleanup
本项目采用基于角色的权限控制系统RBAC
### 权限配置
### 角色配置
新用户默认角色由皇帝在个人中心的网站设置中配置:
- 公爵新用户将获得临时邮箱、Webhook 配置权限以及 API Key 管理权限
- 骑士:新用户将获得临时邮箱和 Webhook 配置权限
- 平民:新用户无任何权限,需要等待皇帝册封为骑士
### 角色管理
1. **册封骑士**
- 皇帝可以在个人中心的角色管理面板中册封骑士
- 通过用户邮箱查找并册封
- 平民被册封后将获得临时邮箱和 Webhook 配置权限
- 不能册封已经是骑士的用户
- 不能册封皇帝
2. **贬为平民**
- 皇帝可以将骑士贬为平民
- 被贬为平民后将失去所有权限
- 不能贬低已经是平民的用户
- 不能贬低皇帝
- 平民:新用户无任何权限,需要等待皇帝册封为骑士或公爵
### 角色等级
系统包含个角色等级:
系统包含个角色等级:
1. **皇帝Emperor**
- 网站所有者
- 拥有所有权限
- 可以配置新用户默认角色
- 可以册封骑士或将骑士贬为平民
- 每个站点仅允许一位皇帝
- 每个站点只能有一个皇帝
2. **骑士Knight**
2. **公爵Duke**
- 超级用户
- 可以使用临时邮箱功能
- 可以配置 Webhook
- 可以使用创建 API Key 调用 OpenAPI
- 可以被皇帝贬为骑士或平民
3. **骑士Knight**
- 高级用户
- 可以使用临时邮箱功能
- 可以配置 Webhook
- 可以被皇帝贬为平民
- 可以被皇帝贬为平民或册封为公爵
3. **平民Civilian**
- 普通用户
- 无任何权限
- 可以被皇帝册封为骑士
- 可以被皇帝册封为骑士或者公爵
### 角色升级
@@ -325,9 +318,16 @@ pnpm deploy:cleanup
- 第一个访问 `/api/roles/init-emperor` 接口的用户将成为皇帝,即网站所有者
- 站点已有皇帝后,无法再提升其他用户为皇帝
2. **成为骑士**
- 皇帝在个人中心页面对平民进行册封
- 或由皇帝设置新用户默认为骑士角色
2. **角色变更**
- 皇帝可以在个人中心页面将其他用户设为公爵、骑士或平民
### 权限说明
- **邮箱管理**:创建和管理临时邮箱
- **Webhook 管理**:配置邮件通知的 Webhook
- **API Key 管理**:创建和管理 API 访问密钥
- **用户管理**:升降用户角色
- **系统配置**:管理系统全局设置
## Webhook 集成
@@ -380,6 +380,90 @@ pnpx cloudflared tunnel --url http://localhost:3001
- Webhook 接口应在 10 秒内响应
- 非 2xx 响应码会触发重试
## OpenAPI
本项目提供了 OpenAPI 接口,支持通过 API Key 进行访问。API Key 可以在个人中心页面创建(需要是公爵或皇帝角色)。
### 使用 API Key
在请求头中添加 API Key
```http
X-API-Key: YOUR_API_KEY
```
### API 接口
#### 创建临时邮箱
```http
POST /api/emails/generate
Content-Type: application/json
{
"name": "test",
"expiryTime": 3600000,
"domain": "moemail.app"
}
```
参数说明:
- `name`: 邮箱前缀,可选
- `expiryTime`: 有效期毫秒可选值36000001小时、864000001天、6048000007天、0永久
- `domain`: 邮箱域名,可通过 `/api/emails/domains` 获取可用域名列表
#### 获取邮箱列表
```http
GET /api/emails?cursor=xxx&limit=10
```
参数说明:
- `cursor`: 分页游标,可选
- `limit`: 每页数量,默认 10
#### 获取单个邮箱
```http
GET /api/emails/{emailId}
```
#### 删除邮箱
```http
DELETE /api/emails/{emailId}
```
#### 获取邮件列表
```http
GET /api/emails/{emailId}/messages?cursor=xxx&limit=10
```
参数说明:
- `cursor`: 分页游标,可选
- `limit`: 每页数量,默认 10
#### 获取单封邮件
```http
GET /api/emails/{emailId}/messages/{messageId}
```
### 使用示例
使用 curl 创建临时邮箱:
```bash
curl -X POST https://your-domain.com/api/emails/generate \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "test",
"expiryTime": 3600000,
"domain": "moemail.app"
}'
```
使用 JavaScript 获取邮件列表:
```javascript
const res = await fetch('https://your-domain.com/api/emails/your-email-id/messages', {
headers: {
'X-API-Key': 'YOUR_API_KEY'
}
});
const data = await res.json();
```
## 环境变量
本项目使用以下环境变量:
@@ -414,9 +498,9 @@ pnpx cloudflared tunnel --url http://localhost:3001
本项目采用 [MIT](LICENSE) 许可证
## 交流群
<img src="https://pic.otaku.ren/20241224/AQADoMExG_K0WVd-.jpg" style="width: 400px;"/>
<img src="https://pic.otaku.ren/20250210/AQADOMUxG7BRUFV-.jpg" style="width: 400px;"/>
<br />
如二维码失效请添加我的个人微信hansenones并备注 MoeMail 加入微信交流群
如二维码失效请添加我的个人微信hansenones并备注 "MoeMail" 加入微信交流群
## 支持
@@ -428,4 +512,4 @@ pnpx cloudflared tunnel --url http://localhost:3001
<br />
<br />
<a href="https://www.buymeacoffee.com/beilunyang" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-blue.png" alt="Buy Me A Coffee" style="width: 400px;" ></a>
如二维码失效请添加我的个人微信hansenones并备注 “MoeMail” 加入微信交流群

12
app/api/admin-contact/route.ts Normal file
View File

@@ -0,0 +1,12 @@
import { getRequestContext } from "@cloudflare/next-on-pages"
export const runtime = "edge"
export async function GET() {
const env = getRequestContext().env
const adminContact = await env.SITE_CONFIG.get("ADMIN_CONTACT")
return Response.json({
adminContact: adminContact || ""
})
}

91
app/api/api-keys/[id]/route.ts Normal file
View File

@@ -0,0 +1,91 @@
import { auth } from "@/lib/auth"
import { createDb } from "@/lib/db"
import { apiKeys } from "@/lib/schema"
import { NextResponse } from "next/server"
import { checkPermission } from "@/lib/auth"
import { PERMISSIONS } from "@/lib/permissions"
import { eq, and } from "drizzle-orm"
export const runtime = "edge"
export async function DELETE(
_request: Request,
{ params }: { params: Promise<{ id: string }> }
) {
const hasPermission = await checkPermission(PERMISSIONS.MANAGE_API_KEY)
if (!hasPermission) {
return NextResponse.json({ error: "权限不足" }, { status: 403 })
}
try {
const db = createDb()
const session = await auth()
const { id } = await params
const result = await db.delete(apiKeys)
.where(
and(
eq(apiKeys.id, id),
eq(apiKeys.userId, session!.user.id!)
)
)
.returning()
if (!result.length) {
return NextResponse.json(
{ error: "API Key 不存在或无权删除" },
{ status: 404 }
)
}
return NextResponse.json({ success: true })
} catch (error) {
console.error("Failed to delete API key:", error)
return NextResponse.json(
{ error: "删除 API Key 失败" },
{ status: 500 }
)
}
}
export async function PATCH(
request: Request,
{ params }: { params: Promise<{ id: string }> }
) {
const hasPermission = await checkPermission(PERMISSIONS.MANAGE_API_KEY)
if (!hasPermission) {
return NextResponse.json({ error: "权限不足" }, { status: 403 })
}
try {
const session = await auth()
const { id } = await params
const { enabled } = await request.json() as { enabled: boolean }
const db = createDb()
const result = await db.update(apiKeys)
.set({ enabled })
.where(
and(
eq(apiKeys.id, id),
eq(apiKeys.userId, session!.user.id!)
)
)
.returning()
if (!result.length) {
return NextResponse.json(
{ error: "API Key 不存在或无权更新" },
{ status: 404 }
)
}
return NextResponse.json({ success: true })
} catch (error) {
console.error("Failed to update API key:", error)
return NextResponse.json(
{ error: "更新 API Key 失败" },
{ status: 500 }
)
}
}

75
app/api/api-keys/route.ts Normal file
View File

@@ -0,0 +1,75 @@
import { auth } from "@/lib/auth"
import { createDb } from "@/lib/db"
import { apiKeys } from "@/lib/schema"
import { nanoid } from "nanoid"
import { NextResponse } from "next/server"
import { checkPermission } from "@/lib/auth"
import { PERMISSIONS } from "@/lib/permissions"
import { desc, eq } from "drizzle-orm"
export const runtime = "edge"
export async function GET() {
const hasPermission = await checkPermission(PERMISSIONS.MANAGE_API_KEY)
if (!hasPermission) {
return NextResponse.json({ error: "权限不足" }, { status: 403 })
}
const session = await auth()
try {
const db = createDb()
const keys = await db.query.apiKeys.findMany({
where: eq(apiKeys.userId, session!.user.id!),
orderBy: desc(apiKeys.createdAt),
})
return NextResponse.json({
apiKeys: keys.map(key => ({
...key,
key: undefined
}))
})
} catch (error) {
console.error("Failed to fetch API keys:", error)
return NextResponse.json(
{ error: "获取 API Keys 失败" },
{ status: 500 }
)
}
}
export async function POST(request: Request) {
const hasPermission = await checkPermission(PERMISSIONS.MANAGE_API_KEY)
if (!hasPermission) {
return NextResponse.json({ error: "权限不足" }, { status: 403 })
}
const session = await auth()
try {
const { name } = await request.json() as { name: string }
if (!name?.trim()) {
return NextResponse.json(
{ error: "名称不能为空" },
{ status: 400 }
)
}
const key = `mk_${nanoid(32)}`
const db = createDb()
await db.insert(apiKeys).values({
name,
key,
userId: session!.user.id!,
expiresAt: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
})
return NextResponse.json({ key })
} catch (error) {
console.error("Failed to create API key:", error)
return NextResponse.json(
{ error: "创建 API Key 失败" },
{ status: 500 }
)
}
}

20
app/api/config/route.ts
View File

@@ -5,31 +5,35 @@ export const runtime = "edge"
export async function GET() {
const env = getRequestContext().env
const [defaultRole, emailDomains] = await Promise.all([
const [defaultRole, emailDomains, adminContact] = await Promise.all([
env.SITE_CONFIG.get("DEFAULT_ROLE"),
env.SITE_CONFIG.get("EMAIL_DOMAINS")
env.SITE_CONFIG.get("EMAIL_DOMAINS"),
env.SITE_CONFIG.get("ADMIN_CONTACT")
])
return Response.json({
return Response.json({
defaultRole: defaultRole || ROLES.CIVILIAN,
emailDomains: emailDomains || ""
emailDomains: emailDomains || "",
adminContact: adminContact || ""
})
}
export async function POST(request: Request) {
const { defaultRole, emailDomains } = await request.json() as {
const { defaultRole, emailDomains, adminContact } = await request.json() as {
defaultRole: Exclude<Role, typeof ROLES.EMPEROR>,
emailDomains: string
emailDomains: string,
adminContact: string
}
if (![ROLES.KNIGHT, ROLES.CIVILIAN].includes(defaultRole)) {
if (![ROLES.DUKE, ROLES.KNIGHT, ROLES.CIVILIAN].includes(defaultRole)) {
return Response.json({ error: "无效的角色" }, { status: 400 })
}
const env = getRequestContext().env
await Promise.all([
env.SITE_CONFIG.put("DEFAULT_ROLE", defaultRole),
env.SITE_CONFIG.put("EMAIL_DOMAINS", emailDomains)
env.SITE_CONFIG.put("EMAIL_DOMAINS", emailDomains),
env.SITE_CONFIG.put("ADMIN_CONTACT", adminContact)
])
return Response.json({ success: true })

22
app/api/emails/[id]/[messageId]/route.ts
View File

@@ -1,14 +1,30 @@
import { NextResponse } from "next/server"
import { createDb } from "@/lib/db"
import { messages } from "@/lib/schema"
import { messages, emails } from "@/lib/schema"
import { and, eq } from "drizzle-orm"
import { getUserId } from "@/lib/apiKey"
export const runtime = "edge"
export async function GET(request: Request, { params }: { params: Promise<{ id: string; messageId: string }> }) {
export async function GET(_request: Request, { params }: { params: Promise<{ id: string; messageId: string }> }) {
try {
const { id, messageId } = await params
const db = createDb()
const userId = await getUserId()
const email = await db.query.emails.findFirst({
where: and(
eq(emails.id, id),
eq(emails.userId, userId!)
)
})
if (!email) {
return NextResponse.json(
{ error: "无权限查看" },
{ status: 403 }
)
}
const message = await db.query.messages.findFirst({
where: and(
eq(messages.id, messageId),

25
app/api/emails/[id]/route.ts
View File

@@ -1,17 +1,16 @@
import { NextResponse } from "next/server"
import { auth } from "@/lib/auth"
import { createDb } from "@/lib/db"
import { emails, messages } from "@/lib/schema"
import { eq, and, lt, or, sql } from "drizzle-orm"
import { encodeCursor, decodeCursor } from "@/lib/cursor"
import { getUserId } from "@/lib/apiKey"
export const runtime = "edge"
export async function DELETE(
_request: Request,
request: Request,
{ params }: { params: Promise<{ id: string }> }
) {
const session = await auth()
const userId = await getUserId()
try {
const db = createDb()
@@ -19,7 +18,7 @@ export async function DELETE(
const email = await db.query.emails.findFirst({
where: and(
eq(emails.id, id),
eq(emails.userId, session!.user!.id!)
eq(emails.userId, userId!)
)
})
@@ -58,6 +57,22 @@ export async function GET(
const db = createDb()
const { id } = await params
const userId = await getUserId()
const email = await db.query.emails.findFirst({
where: and(
eq(emails.id, id),
eq(emails.userId, userId!)
)
})
if (!email) {
return NextResponse.json(
{ error: "无权限查看" },
{ status: 403 }
)
}
const baseConditions = eq(messages.emailId, id)
const totalResult = await db.select({ count: sql<number>`count(*)` })

10
app/api/emails/generate/route.ts
View File

@@ -1,18 +1,18 @@
import { NextResponse } from "next/server"
import { nanoid } from "nanoid"
import { auth } from "@/lib/auth"
import { createDb } from "@/lib/db"
import { emails } from "@/lib/schema"
import { eq, and, gt, sql } from "drizzle-orm"
import { EXPIRY_OPTIONS } from "@/types/email"
import { EMAIL_CONFIG } from "@/config"
import { getRequestContext } from "@cloudflare/next-on-pages"
import { getUserId } from "@/lib/apiKey"
export const runtime = "edge"
export async function POST(request: Request) {
const db = createDb()
const session = await auth()
const userId = await getUserId()
try {
const activeEmailsCount = await db
@@ -20,7 +20,7 @@ export async function POST(request: Request) {
.from(emails)
.where(
and(
eq(emails.userId, session!.user!.id!),
eq(emails.userId, userId!),
gt(emails.expiresAt, new Date())
)
)
@@ -76,7 +76,7 @@ export async function POST(request: Request) {
address,
createdAt: now,
expiresAt: expires,
userId: session!.user!.id
userId: userId!
}
const result = await db.insert(emails)

7
app/api/emails/route.ts
View File

@@ -1,16 +1,17 @@
import { auth } from "@/lib/auth"
import { createDb } from "@/lib/db"
import { and, eq, gt, lt, or, sql } from "drizzle-orm"
import { NextResponse } from "next/server"
import { emails } from "@/lib/schema"
import { encodeCursor, decodeCursor } from "@/lib/cursor"
import { getUserId } from "@/lib/apiKey"
export const runtime = "edge"
const PAGE_SIZE = 20
export async function GET(request: Request) {
const session = await auth()
const userId = await getUserId()
const { searchParams } = new URL(request.url)
const cursor = searchParams.get('cursor')
@@ -18,7 +19,7 @@ export async function GET(request: Request) {
try {
const baseConditions = and(
eq(emails.userId, session!.user!.id!),
eq(emails.userId, userId!),
gt(emails.expiresAt, new Date())
)

13
app/api/roles/promote/route.ts
View File

@@ -10,7 +10,7 @@ export async function POST(request: Request) {
try {
const { userId, roleName } = await request.json() as {
userId: string,
roleName: typeof ROLES.KNIGHT | typeof ROLES.CIVILIAN
roleName: typeof ROLES.DUKE | typeof ROLES.KNIGHT | typeof ROLES.CIVILIAN
};
if (!userId || !roleName) {
return Response.json(
@@ -19,7 +19,7 @@ export async function POST(request: Request) {
);
}
if (![ROLES.KNIGHT, ROLES.CIVILIAN].includes(roleName)) {
if (![ROLES.DUKE, ROLES.KNIGHT, ROLES.CIVILIAN].includes(roleName)) {
return Response.json(
{ error: "角色不合法" },
{ status: 400 }
@@ -47,9 +47,11 @@ export async function POST(request: Request) {
});
if (!targetRole) {
const description = roleName === ROLES.KNIGHT
? "级用户"
: "普通用户";
const description = {
[ROLES.DUKE]: "级用户",
[ROLES.KNIGHT]: "高级用户",
[ROLES.CIVILIAN]: "普通用户",
}[roleName];
const [newRole] = await db.insert(roles)
.values({
@@ -64,7 +66,6 @@ export async function POST(request: Request) {
return Response.json({
success: true,
message: roleName === ROLES.KNIGHT ? "册封成功" : "贬为平民"
});
} catch (error) {
console.error("Failed to change user role:", error);

10
app/components/no-permission-dialog.tsx
View File

@@ -2,9 +2,10 @@
import { Button } from "@/components/ui/button"
import { useRouter } from "next/navigation"
import { useAdminContact } from "@/hooks/use-admin-contact"
export function NoPermissionDialog() {
const router = useRouter()
const { adminContact } = useAdminContact()
return (
<div className="fixed inset-0 bg-background/50 backdrop-blur-sm z-50">
@@ -12,7 +13,12 @@ export function NoPermissionDialog() {
<div className="bg-background border-2 border-primary/20 rounded-lg p-6 md:p-12 shadow-lg">
<div className="text-center space-y-4">
<h1 className="text-xl md:text-2xl font-bold"></h1>
<p className="text-sm md:text-base text-muted-foreground">访</p>
<p className="text-sm md:text-base text-muted-foreground">访</p>
{
adminContact && (
<p className="text-sm md:text-base text-muted-foreground">{adminContact}</p>
)
}
<Button
onClick={() => router.push("/")}
className="mt-4 w-full md:w-auto"

432
app/components/profile/api-key-panel.tsx Normal file
View File

@@ -0,0 +1,432 @@
"use client"
import { useState, useEffect } from "react"
import { Button } from "@/components/ui/button"
import { Input } from "@/components/ui/input"
import { Key, Plus, Loader2, Copy, Trash2, ChevronDown, ChevronUp } from "lucide-react"
import { useToast } from "@/components/ui/use-toast"
import {
Dialog,
DialogContent,
DialogHeader,
DialogTitle,
DialogTrigger,
DialogFooter,
DialogDescription,
DialogClose,
} from "@/components/ui/dialog"
import { Switch } from "@/components/ui/switch"
import { Label } from "@/components/ui/label"
import { useCopy } from "@/hooks/use-copy"
import { useRolePermission } from "@/hooks/use-role-permission"
import { PERMISSIONS } from "@/lib/permissions"
import { useAdminContact } from "@/hooks/use-admin-contact"
type ApiKey = {
id: string
name: string
key: string
createdAt: string
expiresAt: string | null
enabled: boolean
}
export function ApiKeyPanel() {
const [apiKeys, setApiKeys] = useState<ApiKey[]>([])
const [loading, setLoading] = useState(false)
const [createDialogOpen, setCreateDialogOpen] = useState(false)
const [newKeyName, setNewKeyName] = useState("")
const [newKey, setNewKey] = useState<string | null>(null)
const { toast } = useToast()
const { copyToClipboard } = useCopy()
const [showExamples, setShowExamples] = useState(false)
const [isLoading, setIsLoading] = useState(true)
const { checkPermission } = useRolePermission()
const canManageApiKey = checkPermission(PERMISSIONS.MANAGE_API_KEY)
const fetchApiKeys = async () => {
try {
const res = await fetch("/api/api-keys")
if (!res.ok) throw new Error("获取 API Keys 失败")
const data = await res.json() as { apiKeys: ApiKey[] }
setApiKeys(data.apiKeys)
} catch (error) {
console.error(error)
toast({
title: "获取失败",
description: "获取 API Keys 列表失败",
variant: "destructive"
})
} finally {
setIsLoading(false)
}
}
useEffect(() => {
if (canManageApiKey) {
fetchApiKeys()
}
}, [canManageApiKey])
const { adminContact } = useAdminContact()
const createApiKey = async () => {
if (!newKeyName.trim()) return
setLoading(true)
try {
const res = await fetch("/api/api-keys", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ name: newKeyName })
})
if (!res.ok) throw new Error("创建 API Key 失败")
const data = await res.json() as { key: string }
setNewKey(data.key)
fetchApiKeys()
} catch (error) {
toast({
title: "创建失败",
description: error instanceof Error ? error.message : "请稍后重试",
variant: "destructive"
})
setCreateDialogOpen(false)
} finally {
setLoading(false)
}
}
const handleDialogClose = () => {
setCreateDialogOpen(false)
setNewKeyName("")
setNewKey(null)
}
const toggleApiKey = async (id: string, enabled: boolean) => {
try {
const res = await fetch(`/api/api-keys/${id}`, {
method: "PATCH",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ enabled })
})
if (!res.ok) throw new Error("更新失败")
setApiKeys(keys =>
keys.map(key =>
key.id === id ? { ...key, enabled } : key
)
)
} catch (error) {
toast({
title: "更新失败",
description: "更新 API Key 状态失败",
variant: "destructive"
})
}
}
const deleteApiKey = async (id: string) => {
try {
const res = await fetch(`/api/api-keys/${id}`, {
method: "DELETE"
})
if (!res.ok) throw new Error("删除失败")
setApiKeys(keys => keys.filter(key => key.id !== id))
toast({
title: "删除成功",
description: "API Key 已删除"
})
} catch (error) {
toast({
title: "删除失败",
description: "删除 API Key 失败",
variant: "destructive"
})
}
}
return (
<div className="bg-background rounded-lg border-2 border-primary/20 p-6 space-y-6">
<div className="flex items-center justify-between mb-6">
<div className="flex items-center gap-2">
<Key className="w-5 h-5 text-primary" />
<h2 className="text-lg font-semibold">API Keys</h2>
</div>
{
canManageApiKey && (
<Dialog open={createDialogOpen} onOpenChange={setCreateDialogOpen}>
<DialogTrigger asChild>
<Button className="gap-2" onClick={() => setCreateDialogOpen(true)}>
<Plus className="w-4 h-4" />
API Key
</Button>
</DialogTrigger>
<DialogContent>
<DialogHeader>
<DialogTitle>
{newKey ? "API Key 创建成功" : "创建新的 API Key"}
</DialogTitle>
{newKey && (
<DialogDescription className="text-destructive">
</DialogDescription>
)}
</DialogHeader>
{!newKey ? (
<div className="space-y-4 py-4">
<div className="space-y-2">
<Label></Label>
<Input
value={newKeyName}
onChange={(e) => setNewKeyName(e.target.value)}
placeholder="为你的 API Key 起个名字"
/>
</div>
</div>
) : (
<div className="space-y-4 py-4">
<div className="space-y-2">
<Label>API Key</Label>
<div className="flex gap-2">
<Input
value={newKey}
readOnly
className="font-mono text-sm"
/>
<Button
variant="outline"
size="icon"
onClick={() => copyToClipboard(newKey)}
>
<Copy className="w-4 h-4" />
</Button>
</div>
</div>
</div>
)}
<DialogFooter>
<DialogClose asChild>
<Button
variant="outline"
onClick={handleDialogClose}
disabled={loading}
>
{newKey ? "完成" : "取消"}
</Button>
</DialogClose>
{!newKey && (
<Button
onClick={createApiKey}
disabled={loading || !newKeyName.trim()}
>
{loading ? (
<Loader2 className="w-4 h-4 animate-spin" />
) : (
"创建"
)}
</Button>
)}
</DialogFooter>
</DialogContent>
</Dialog>
)
}
</div>
{
!canManageApiKey ? (
<div className="text-center text-muted-foreground py-8">
<p> API Key</p>
<p className="mt-2"></p>
{
adminContact && (
<p className="mt-2">{adminContact}</p>
)
}
</div>
) : (
<div className="space-y-4">
{isLoading ? (
<div className="text-center py-8 space-y-3">
<div className="w-12 h-12 rounded-full bg-primary/10 flex items-center justify-center mx-auto">
<Loader2 className="w-6 h-6 text-primary animate-spin" />
</div>
<div>
<p className="text-sm text-muted-foreground">...</p>
</div>
</div>
) : apiKeys.length === 0 ? (
<div className="text-center py-8 space-y-3">
<div className="w-12 h-12 rounded-full bg-primary/10 flex items-center justify-center mx-auto">
<Key className="w-6 h-6 text-primary" />
</div>
<div>
<h3 className="text-lg font-medium"> API Keys</h3>
<p className="text-sm text-muted-foreground mt-1">
"创建 API Key" API Key
</p>
</div>
</div>
) : (
<>
{apiKeys.map((key) => (
<div
key={key.id}
className="flex items-center justify-between p-4 rounded-lg border bg-card"
>
<div className="space-y-1">
<div className="font-medium">{key.name}</div>
<div className="text-sm text-muted-foreground">
{new Date(key.createdAt).toLocaleString()}
</div>
</div>
<div className="flex items-center gap-2">
<Switch
checked={key.enabled}
onCheckedChange={(checked) => toggleApiKey(key.id, checked)}
/>
<Button
variant="ghost"
size="icon"
onClick={() => deleteApiKey(key.id)}
>
<Trash2 className="w-4 h-4" />
</Button>
</div>
</div>
))}
<div className="mt-8 space-y-4">
<button
type="button"
className="flex items-center gap-1 text-sm text-muted-foreground hover:text-foreground transition-colors"
onClick={() => setShowExamples(!showExamples)}
>
{showExamples ? <ChevronUp className="w-4 h-4" /> : <ChevronDown className="w-4 h-4" />}
使
</button>
{showExamples && (
<div className="rounded-lg border bg-card p-4 space-y-4">
<div className="space-y-2">
<div className="flex items-center justify-between">
<div className="text-sm font-medium"></div>
<Button
variant="ghost"
size="icon"
onClick={() => copyToClipboard(
`curl -X POST https://${window.location.host}/api/emails/generate \\
-H "X-API-Key: YOUR_API_KEY" \\
-H "Content-Type: application/json" \\
-d '{
"name": "test",
"expiryTime": 3600000,
"domain": "moemail.app"
}'`
)}
>
<Copy className="w-4 h-4" />
</Button>
</div>
<pre className="text-xs bg-muted/50 rounded-lg p-4 overflow-x-auto">
{`curl -X POST https://${window.location.host}/api/emails/generate \\
-H "X-API-Key: YOUR_API_KEY" \\
-H "Content-Type: application/json" \\
-d '{
"name": "test",
"expiryTime": 3600000,
"domain": "moemail.app"
}'`}
</pre>
</div>
<div className="space-y-2">
<div className="flex items-center justify-between">
<div className="text-sm font-medium"></div>
<Button
variant="ghost"
size="icon"
onClick={() => copyToClipboard(
`curl https://${window.location.host}/api/emails?cursor=CURSOR \\
-H "X-API-Key: YOUR_API_KEY"`
)}
>
<Copy className="w-4 h-4" />
</Button>
</div>
<pre className="text-xs bg-muted/50 rounded-lg p-4 overflow-x-auto">
{`curl https://${window.location.host}/api/emails?cursor=CURSOR \\
-H "X-API-Key: YOUR_API_KEY"`}
</pre>
</div>
<div className="space-y-2">
<div className="flex items-center justify-between">
<div className="text-sm font-medium"></div>
<Button
variant="ghost"
size="icon"
onClick={() => copyToClipboard(
`curl https://${window.location.host}/api/emails/{emailId}/messages?cursor=CURSOR \\
-H "X-API-Key: YOUR_API_KEY"`
)}
>
<Copy className="w-4 h-4" />
</Button>
</div>
<pre className="text-xs bg-muted/50 rounded-lg p-4 overflow-x-auto">
{`curl https://${window.location.host}/api/emails/{emailId}/messages?cursor=CURSOR \\
-H "X-API-Key: YOUR_API_KEY"`}
</pre>
</div>
<div className="space-y-2">
<div className="flex items-center justify-between">
<div className="text-sm font-medium"></div>
<Button
variant="ghost"
size="icon"
onClick={() => copyToClipboard(
`curl https://${window.location.host}/api/emails/{emailId}/{messageId} \\
-H "X-API-Key: YOUR_API_KEY"`
)}
>
<Copy className="w-4 h-4" />
</Button>
</div>
<pre className="text-xs bg-muted/50 rounded-lg p-4 overflow-x-auto">
{`curl https://${window.location.host}/api/emails/{emailId}/{messageId} \\
-H "X-API-Key: YOUR_API_KEY"`}
</pre>
</div>
<div className="text-xs text-muted-foreground mt-4">
<p></p>
<ul className="list-disc list-inside space-y-1 mt-2">
<li> YOUR_API_KEY API Key</li>
<li>emailId </li>
<li>messageId </li>
<li>expiryTime 3600000186400000160480000070</li>
<li>domain /api/emails/domains </li>
<li>cursor nextCursor</li>
<li> X-API-Key </li>
</ul>
</div>
</div>
)}
</div>
</>
)}
</div>
)
}
</div>
)
}

20
app/components/profile/config-panel.tsx
View File

@@ -17,9 +17,11 @@ import {
export function ConfigPanel() {
const [defaultRole, setDefaultRole] = useState<string>("")
const [emailDomains, setEmailDomains] = useState<string>("")
const [adminContact, setAdminContact] = useState<string>("")
const [loading, setLoading] = useState(false)
const { toast } = useToast()
useEffect(() => {
fetchConfig()
}, [])
@@ -42,7 +44,11 @@ export function ConfigPanel() {
const res = await fetch("/api/config", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ defaultRole, emailDomains }),
body: JSON.stringify({
defaultRole,
emailDomains,
adminContact
}),
})
if (!res.ok) throw new Error("保存失败")
@@ -77,6 +83,7 @@ export function ConfigPanel() {
<SelectValue />
</SelectTrigger>
<SelectContent>
<SelectItem value={ROLES.DUKE}></SelectItem>
<SelectItem value={ROLES.KNIGHT}></SelectItem>
<SelectItem value={ROLES.CIVILIAN}></SelectItem>
</SelectContent>
@@ -94,6 +101,17 @@ export function ConfigPanel() {
</div>
</div>
<div className="flex items-center gap-4">
<span className="text-sm">:</span>
<div className="flex-1">
<Input
value={adminContact}
onChange={(e) => setAdminContact(e.target.value)}
placeholder="如: 微信号、邮箱等"
/>
</div>
</div>
<Button
onClick={handleSave}
disabled={loading}

5
app/components/profile/profile-card.tsx
View File

@@ -4,13 +4,14 @@ import { User } from "next-auth"
import Image from "next/image"
import { Button } from "@/components/ui/button"
import { signOut } from "next-auth/react"
import { Github, Mail, Settings, Crown, Sword, User2 } from "lucide-react"
import { Github, Mail, Settings, Crown, Sword, User2, Gem } from "lucide-react"
import { useRouter } from "next/navigation"
import { WebhookConfig } from "./webhook-config"
import { PromotePanel } from "./promote-panel"
import { useRolePermission } from "@/hooks/use-role-permission"
import { PERMISSIONS } from "@/lib/permissions"
import { ConfigPanel } from "./config-panel"
import { ApiKeyPanel } from "./api-key-panel"
interface ProfileCardProps {
user: User
@@ -18,6 +19,7 @@ interface ProfileCardProps {
const roleConfigs = {
emperor: { name: '皇帝', icon: Crown },
duke: { name: '公爵', icon: Gem },
knight: { name: '骑士', icon: Sword },
civilian: { name: '平民', icon: User2 },
} as const
@@ -96,6 +98,7 @@ export function ProfileCard({ user }: ProfileCardProps) {
{canManageConfig && <ConfigPanel />}
{canPromote && <PromotePanel />}
{canManageWebhook && <ApiKeyPanel />}
<div className="flex flex-col sm:flex-row gap-4 px-1">
<Button

163
app/components/profile/promote-panel.tsx
View File

@@ -1,16 +1,37 @@
"use client"
import { Button } from "@/components/ui/button"
import { Sword, Loader2, UserMinus } from "lucide-react"
import { Gem, Sword, User2, Loader2 } from "lucide-react"
import { Input } from "@/components/ui/input"
import { useState } from "react"
import { useToast } from "@/components/ui/use-toast"
import { ROLES } from "@/lib/permissions"
import { ROLES, Role } from "@/lib/permissions"
import {
Select,
SelectContent,
SelectItem,
SelectTrigger,
SelectValue,
} from "@/components/ui/select"
const roleIcons = {
[ROLES.DUKE]: Gem,
[ROLES.KNIGHT]: Sword,
[ROLES.CIVILIAN]: User2,
} as const
const roleNames = {
[ROLES.DUKE]: "公爵",
[ROLES.KNIGHT]: "骑士",
[ROLES.CIVILIAN]: "平民",
} as const
type RoleWithoutEmperor = Exclude<Role, typeof ROLES.EMPEROR>
export function PromotePanel() {
const [searchText, setSearchText] = useState("")
const [loading, setLoading] = useState(false)
const [action, setAction] = useState<"promote" | "demote">("promote")
const [targetRole, setTargetRole] = useState<RoleWithoutEmperor>(ROLES.KNIGHT)
const { toast } = useToast()
const handleAction = async () => {
@@ -23,15 +44,15 @@ export function PromotePanel() {
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ searchText })
})
const data = await res.json() as {
user?: {
const data = await res.json() as {
user?: {
id: string
name?: string
username?: string
email: string
role?: string
role?: string
}
error?: string
error?: string
}
if (!res.ok) throw new Error(data.error || "未知错误")
@@ -39,49 +60,42 @@ export function PromotePanel() {
if (!data.user) {
toast({
title: "未找到用户",
description: "请确认邮箱地址是否正确",
description: "请确认用户名或邮箱地址是否正确",
variant: "destructive"
})
return
}
if (action === "promote" && data.user.role === ROLES.KNIGHT) {
if (data.user.role === targetRole) {
toast({
title: "用户已是骑士",
description: "无需重复册封",
title: `用户已是${roleNames[targetRole]}`,
description: "无需重复设置",
})
return
}
if (action === "demote" && data.user.role === ROLES.CIVILIAN) {
toast({
title: "用户已是平民",
description: "无需重复贬为平民",
})
return
}
const promoteRes = await fetch('/api/roles/promote', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
const promoteRes = await fetch("/api/roles/promote", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
userId: data.user.id,
roleName: action === "promote" ? ROLES.KNIGHT : ROLES.CIVILIAN
roleName: targetRole
})
})
const result = await promoteRes.json() as { error: string }
if (!promoteRes.ok) throw new Error(result.error)
if (!promoteRes.ok) {
const error = await promoteRes.json() as { error: string }
throw new Error(error.error || "设置失败")
}
toast({
title: action === "promote" ? "册封成功" : "贬为平民",
description: `已将 ${data.user.email || data.user.username} ${action === "promote" ? "册封为骑士" : "贬为平民"}`
title: "设置成功",
description: `已将用户 ${data.user.username || data.user.email} 设为${roleNames[targetRole]}`,
})
setSearchText("")
} catch (error) {
toast({
title: "操作失败",
title: "设置失败",
description: error instanceof Error ? error.message : "请稍后重试",
variant: "destructive"
})
@@ -90,55 +104,62 @@ export function PromotePanel() {
}
}
const Icon = roleIcons[targetRole]
return (
<div className="bg-background rounded-lg border-2 border-primary/20 p-6">
<div className="flex items-center gap-2 mb-6">
<Sword className="w-5 h-5 text-primary" />
<Icon className="w-5 h-5 text-primary" />
<h2 className="text-lg font-semibold"></h2>
</div>
<div className="flex flex-col sm:flex-row gap-2">
<div className="flex-1">
<Input
placeholder="输入用户名或邮箱"
value={searchText}
onChange={(e) => setSearchText(e.target.value)}
disabled={loading}
/>
</div>
<div className="flex gap-2 sm:flex-shrink-0">
<Button
onClick={() => {
setAction("promote")
handleAction()
}}
disabled={!searchText || loading}
className="flex-1 sm:flex-initial gap-2"
>
{loading && action === "promote" ? (
<Loader2 className="w-4 h-4 animate-spin" />
) : (
<Sword className="w-4 h-4" />
)}
</Button>
<Button
onClick={() => {
setAction("demote")
handleAction()
}}
disabled={!searchText || loading}
variant="destructive"
className="flex-1 sm:flex-initial gap-2"
>
{loading && action === "demote" ? (
<Loader2 className="w-4 h-4 animate-spin" />
) : (
<UserMinus className="w-4 h-4" />
)}
</Button>
<div className="space-y-4">
<div className="flex gap-4">
<div className="flex-1">
<Input
value={searchText}
onChange={(e) => setSearchText(e.target.value)}
placeholder="输入用户名或邮箱"
/>
</div>
<Select value={targetRole} onValueChange={(value) => setTargetRole(value as RoleWithoutEmperor)}>
<SelectTrigger className="w-32">
<SelectValue />
</SelectTrigger>
<SelectContent>
<SelectItem value={ROLES.DUKE}>
<div className="flex items-center gap-2">
<Gem className="w-4 h-4" />
</div>
</SelectItem>
<SelectItem value={ROLES.KNIGHT}>
<div className="flex items-center gap-2">
<Sword className="w-4 h-4" />
</div>
</SelectItem>
<SelectItem value={ROLES.CIVILIAN}>
<div className="flex items-center gap-2">
<User2 className="w-4 h-4" />
</div>
</SelectItem>
</SelectContent>
</Select>
</div>
<Button
onClick={handleAction}
disabled={loading || !searchText.trim()}
className="w-full"
>
{loading ? (
<Loader2 className="w-4 h-4 animate-spin" />
) : (
`设为${roleNames[targetRole]}`
)}
</Button>
</div>
</div>
)

17
app/components/profile/webhook-config.tsx
View File

@@ -37,8 +37,13 @@ export function WebhookConfig() {
if (initialLoading) {
return (
<div className="flex justify-center py-8">
<Loader2 className="w-6 h-6 animate-spin text-muted-foreground" />
<div className="text-center">
<div className="w-12 h-12 rounded-full bg-primary/10 flex items-center justify-center mx-auto">
<Loader2 className="w-6 h-6 text-primary animate-spin" />
</div>
<div>
<p className="text-sm text-muted-foreground">...</p>
</div>
</div>
)
}
@@ -138,8 +143,8 @@ export function WebhookConfig() {
<TooltipProvider>
<Tooltip>
<TooltipTrigger asChild>
<Button
type="button"
<Button
type="button"
variant="outline"
onClick={handleTest}
disabled={testing || !url}
@@ -179,10 +184,10 @@ export function WebhookConfig() {
Content-Type: application/json{'\n'}
X-Webhook-Event: new_message
</pre>
<p>:</p>
<pre className="bg-background p-2 rounded text-xs overflow-auto">
{`{
{`{
"emailId": "email-uuid",
"messageId": "message-uuid",
"fromAddress": "sender@example.com",

33
app/components/ui/dialog.tsx
View File

@@ -2,6 +2,7 @@
import * as React from "react"
import * as DialogPrimitive from "@radix-ui/react-dialog"
import { X } from "lucide-react"
import { cn } from "@/lib/utils"
const Dialog = DialogPrimitive.Root
@@ -39,6 +40,10 @@ const DialogContent = React.forwardRef<
{...props}
>
{children}
<DialogPrimitive.Close className="absolute right-4 top-4 rounded-sm opacity-70 ring-offset-background transition-opacity hover:opacity-100 focus:outline-none focus:ring-2 focus:ring-ring focus:ring-offset-2 disabled:pointer-events-none data-[state=open]:bg-accent data-[state=open]:text-muted-foreground">
<X className="h-4 w-4" />
<span className="sr-only"></span>
</DialogPrimitive.Close>
</DialogPrimitive.Content>
</DialogPortal>
))
@@ -58,6 +63,20 @@ const DialogHeader = ({
)
DialogHeader.displayName = "DialogHeader"
const DialogFooter = ({
className,
...props
}: React.HTMLAttributes<HTMLDivElement>) => (
<div
className={cn(
"flex flex-col-reverse sm:flex-row sm:justify-end sm:space-x-2",
className
)}
{...props}
/>
)
DialogFooter.displayName = "DialogFooter"
const DialogTitle = React.forwardRef<
React.ElementRef<typeof DialogPrimitive.Title>,
React.ComponentPropsWithoutRef<typeof DialogPrimitive.Title>
@@ -73,11 +92,25 @@ const DialogTitle = React.forwardRef<
))
DialogTitle.displayName = DialogPrimitive.Title.displayName
const DialogDescription = React.forwardRef<
React.ElementRef<typeof DialogPrimitive.Description>,
React.ComponentPropsWithoutRef<typeof DialogPrimitive.Description>
>(({ className, ...props }, ref) => (
<DialogPrimitive.Description
ref={ref}
className={cn("text-sm text-muted-foreground", className)}
{...props}
/>
))
DialogDescription.displayName = DialogPrimitive.Description.displayName
export {
Dialog,
DialogTrigger,
DialogContent,
DialogHeader,
DialogFooter,
DialogTitle,
DialogClose,
DialogDescription,
}

38
app/hooks/use-admin-contact.ts Normal file
View File

@@ -0,0 +1,38 @@
"use client"
import { useState, useEffect } from "react"
import { useToast } from "@/components/ui/use-toast"
export function useAdminContact() {
const [adminContact, setAdminContact] = useState("")
const [loading, setLoading] = useState(true)
const { toast } = useToast()
const fetchAdminContact = async () => {
try {
const res = await fetch("/api/admin-contact")
if (!res.ok) throw new Error("获取管理员联系方式失败")
const data = await res.json() as { adminContact: string }
setAdminContact(data.adminContact)
} catch (error) {
console.error(error)
toast({
title: "获取失败",
description: "获取管理员联系方式失败",
variant: "destructive"
})
} finally {
setLoading(false)
}
}
useEffect(() => {
fetchAdminContact()
}, [])
return {
adminContact,
loading,
refreshAdminContact: fetchAdminContact
}
}

57
app/lib/apiKey.ts Normal file
View File

@@ -0,0 +1,57 @@
import { createDb } from "./db"
import { apiKeys } from "./schema"
import { eq, and, gt } from "drizzle-orm"
import { NextResponse } from "next/server"
import type { User } from "next-auth"
import { auth } from "./auth"
import { headers } from "next/headers"
async function getUserByApiKey(key: string): Promise<User | null> {
const db = createDb()
const apiKey = await db.query.apiKeys.findFirst({
where: and(
eq(apiKeys.key, key),
eq(apiKeys.enabled, true),
gt(apiKeys.expiresAt, new Date())
),
with: {
user: true
}
})
if (!apiKey) return null
return apiKey.user
}
export async function handleApiKeyAuth(apiKey: string, pathname: string) {
if (!pathname.startsWith('/api/emails')) {
return NextResponse.json(
{ error: "无权限查看" },
{ status: 403 }
)
}
const user = await getUserByApiKey(apiKey)
if (!user?.id) {
return NextResponse.json(
{ error: "无效的 API Key" },
{ status: 401 }
)
}
const response = NextResponse.next()
response.headers.set("X-User-Id", user.id)
return response
}
export const getUserId = async () => {
const headersList = await headers()
const userId = headersList.get("X-User-Id")
if (userId) return userId
const session = await auth()
return session?.user.id
}

1
app/lib/auth.ts
View File

@@ -13,6 +13,7 @@ import { generateAvatarUrl } from "./avatar"
const ROLE_DESCRIPTIONS: Record<Role, string> = {
[ROLES.EMPEROR]: "皇帝(网站所有者)",
[ROLES.DUKE]: "公爵(超级用户)",
[ROLES.KNIGHT]: "骑士(高级用户)",
[ROLES.CIVILIAN]: "平民(普通用户)",
}

7
app/lib/permissions.ts
View File

@@ -1,5 +1,6 @@
export const ROLES = {
EMPEROR: 'emperor',
DUKE: 'duke',
KNIGHT: 'knight',
CIVILIAN: 'civilian',
} as const;
@@ -11,12 +12,18 @@ export const PERMISSIONS = {
MANAGE_WEBHOOK: 'manage_webhook',
PROMOTE_USER: 'promote_user',
MANAGE_CONFIG: 'manage_config',
MANAGE_API_KEY: 'manage_api_key',
} as const;
export type Permission = typeof PERMISSIONS[keyof typeof PERMISSIONS];
export const ROLE_PERMISSIONS: Record<Role, Permission[]> = {
[ROLES.EMPEROR]: Object.values(PERMISSIONS),
[ROLES.DUKE]: [
PERMISSIONS.MANAGE_EMAIL,
PERMISSIONS.MANAGE_WEBHOOK,
PERMISSIONS.MANAGE_API_KEY,
],
[ROLES.KNIGHT]: [
PERMISSIONS.MANAGE_EMAIL,
PERMISSIONS.MANAGE_WEBHOOK,

20
app/lib/schema.ts
View File

@@ -93,6 +93,23 @@ export const userRoles = sqliteTable("user_role", {
pk: primaryKey({ columns: [table.userId, table.roleId] }),
}));
export const apiKeys = sqliteTable('api_keys', {
id: text('id').primaryKey().$defaultFn(() => crypto.randomUUID()),
userId: text('user_id').notNull().references(() => users.id),
name: text('name').notNull().unique(),
key: text('key').notNull().unique(),
createdAt: integer('created_at', { mode: 'timestamp' }).$defaultFn(() => new Date()),
expiresAt: integer('expires_at', { mode: 'timestamp' }),
enabled: integer('enabled', { mode: 'boolean' }).notNull().default(true),
});
export const apiKeysRelations = relations(apiKeys, ({ one }) => ({
user: one(users, {
fields: [apiKeys.userId],
references: [users.id],
}),
}));
export const userRolesRelations = relations(userRoles, ({ one }) => ({
user: one(users, {
fields: [userRoles.userId],
@@ -106,7 +123,8 @@ export const userRolesRelations = relations(userRoles, ({ one }) => ({
export const usersRelations = relations(users, ({ many }) => ({
userRoles: many(userRoles),
}));
apiKeys: many(apiKeys),
}));
export const rolesRelations = relations(roles, ({ many }) => ({
userRoles: many(userRoles),

13
drizzle/0009_overconfident_gateway.sql Normal file
View File

@@ -0,0 +1,13 @@
CREATE TABLE `api_keys` (
`id` text PRIMARY KEY NOT NULL,
`user_id` text NOT NULL,
`name` text NOT NULL,
`key` text NOT NULL,
`created_at` integer,
`expires_at` integer,
`last_used_at` integer,
`enabled` integer DEFAULT true NOT NULL,
FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action
);
--> statement-breakpoint
CREATE UNIQUE INDEX `api_keys_key_unique` ON `api_keys` (`key`);

2
drizzle/0010_brief_stellaris.sql Normal file
View File

@@ -0,0 +1,2 @@
CREATE UNIQUE INDEX `api_keys_name_unique` ON `api_keys` (`name`);--> statement-breakpoint
ALTER TABLE `api_keys` DROP COLUMN `last_used_at`;

608
drizzle/meta/0009_snapshot.json Normal file
View File

@@ -0,0 +1,608 @@
{
"version": "6",
"dialect": "sqlite",
"id": "30be4c36-0174-4fc0-ae3a-c1fa786a638d",
"prevId": "144530f0-42a9-450d-ab24-a419eb7b4f65",
"tables": {
"account": {
"name": "account",
"columns": {
"userId": {
"name": "userId",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"type": {
"name": "type",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"provider": {
"name": "provider",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"providerAccountId": {
"name": "providerAccountId",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"refresh_token": {
"name": "refresh_token",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"access_token": {
"name": "access_token",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"expires_at": {
"name": "expires_at",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"token_type": {
"name": "token_type",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"scope": {
"name": "scope",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"id_token": {
"name": "id_token",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"session_state": {
"name": "session_state",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {
"account_userId_user_id_fk": {
"name": "account_userId_user_id_fk",
"tableFrom": "account",
"tableTo": "user",
"columnsFrom": [
"userId"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {
"account_provider_providerAccountId_pk": {
"columns": [
"provider",
"providerAccountId"
],
"name": "account_provider_providerAccountId_pk"
}
},
"uniqueConstraints": {},
"checkConstraints": {}
},
"api_keys": {
"name": "api_keys",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"key": {
"name": "key",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"created_at": {
"name": "created_at",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"expires_at": {
"name": "expires_at",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"last_used_at": {
"name": "last_used_at",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"enabled": {
"name": "enabled",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": true
}
},
"indexes": {
"api_keys_key_unique": {
"name": "api_keys_key_unique",
"columns": [
"key"
],
"isUnique": true
}
},
"foreignKeys": {
"api_keys_user_id_user_id_fk": {
"name": "api_keys_user_id_user_id_fk",
"tableFrom": "api_keys",
"tableTo": "user",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "no action",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"email": {
"name": "email",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"address": {
"name": "address",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"userId": {
"name": "userId",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"created_at": {
"name": "created_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"expires_at": {
"name": "expires_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {
"email_address_unique": {
"name": "email_address_unique",
"columns": [
"address"
],
"isUnique": true
}
},
"foreignKeys": {
"email_userId_user_id_fk": {
"name": "email_userId_user_id_fk",
"tableFrom": "email",
"tableTo": "user",
"columnsFrom": [
"userId"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"message": {
"name": "message",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"emailId": {
"name": "emailId",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"from_address": {
"name": "from_address",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"subject": {
"name": "subject",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"content": {
"name": "content",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"html": {
"name": "html",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"received_at": {
"name": "received_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {
"message_emailId_email_id_fk": {
"name": "message_emailId_email_id_fk",
"tableFrom": "message",
"tableTo": "email",
"columnsFrom": [
"emailId"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"role": {
"name": "role",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"description": {
"name": "description",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"created_at": {
"name": "created_at",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"updated_at": {
"name": "updated_at",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"user_role": {
"name": "user_role",
"columns": {
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"role_id": {
"name": "role_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"created_at": {
"name": "created_at",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {
"user_role_user_id_user_id_fk": {
"name": "user_role_user_id_user_id_fk",
"tableFrom": "user_role",
"tableTo": "user",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
},
"user_role_role_id_role_id_fk": {
"name": "user_role_role_id_role_id_fk",
"tableFrom": "user_role",
"tableTo": "role",
"columnsFrom": [
"role_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {
"user_role_user_id_role_id_pk": {
"columns": [
"user_id",
"role_id"
],
"name": "user_role_user_id_role_id_pk"
}
},
"uniqueConstraints": {},
"checkConstraints": {}
},
"user": {
"name": "user",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"email": {
"name": "email",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"emailVerified": {
"name": "emailVerified",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"image": {
"name": "image",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"username": {
"name": "username",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"password": {
"name": "password",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"user_email_unique": {
"name": "user_email_unique",
"columns": [
"email"
],
"isUnique": true
},
"user_username_unique": {
"name": "user_username_unique",
"columns": [
"username"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"webhook": {
"name": "webhook",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"url": {
"name": "url",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"enabled": {
"name": "enabled",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": true
},
"created_at": {
"name": "created_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"updated_at": {
"name": "updated_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {
"webhook_user_id_user_id_fk": {
"name": "webhook_user_id_user_id_fk",
"tableFrom": "webhook",
"tableTo": "user",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
}
},
"views": {},
"enums": {},
"_meta": {
"schemas": {},
"tables": {},
"columns": {}
},
"internal": {
"indexes": {}
}
}

608
drizzle/meta/0010_snapshot.json Normal file
View File

@@ -0,0 +1,608 @@
{
"version": "6",
"dialect": "sqlite",
"id": "75ed0edc-e2f7-4782-b317-e16de23405f8",
"prevId": "30be4c36-0174-4fc0-ae3a-c1fa786a638d",
"tables": {
"account": {
"name": "account",
"columns": {
"userId": {
"name": "userId",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"type": {
"name": "type",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"provider": {
"name": "provider",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"providerAccountId": {
"name": "providerAccountId",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"refresh_token": {
"name": "refresh_token",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"access_token": {
"name": "access_token",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"expires_at": {
"name": "expires_at",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"token_type": {
"name": "token_type",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"scope": {
"name": "scope",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"id_token": {
"name": "id_token",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"session_state": {
"name": "session_state",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {
"account_userId_user_id_fk": {
"name": "account_userId_user_id_fk",
"tableFrom": "account",
"tableTo": "user",
"columnsFrom": [
"userId"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {
"account_provider_providerAccountId_pk": {
"columns": [
"provider",
"providerAccountId"
],
"name": "account_provider_providerAccountId_pk"
}
},
"uniqueConstraints": {},
"checkConstraints": {}
},
"api_keys": {
"name": "api_keys",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"key": {
"name": "key",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"created_at": {
"name": "created_at",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"expires_at": {
"name": "expires_at",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"enabled": {
"name": "enabled",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": true
}
},
"indexes": {
"api_keys_name_unique": {
"name": "api_keys_name_unique",
"columns": [
"name"
],
"isUnique": true
},
"api_keys_key_unique": {
"name": "api_keys_key_unique",
"columns": [
"key"
],
"isUnique": true
}
},
"foreignKeys": {
"api_keys_user_id_user_id_fk": {
"name": "api_keys_user_id_user_id_fk",
"tableFrom": "api_keys",
"tableTo": "user",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "no action",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"email": {
"name": "email",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"address": {
"name": "address",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"userId": {
"name": "userId",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"created_at": {
"name": "created_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"expires_at": {
"name": "expires_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {
"email_address_unique": {
"name": "email_address_unique",
"columns": [
"address"
],
"isUnique": true
}
},
"foreignKeys": {
"email_userId_user_id_fk": {
"name": "email_userId_user_id_fk",
"tableFrom": "email",
"tableTo": "user",
"columnsFrom": [
"userId"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"message": {
"name": "message",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"emailId": {
"name": "emailId",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"from_address": {
"name": "from_address",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"subject": {
"name": "subject",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"content": {
"name": "content",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"html": {
"name": "html",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"received_at": {
"name": "received_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {
"message_emailId_email_id_fk": {
"name": "message_emailId_email_id_fk",
"tableFrom": "message",
"tableTo": "email",
"columnsFrom": [
"emailId"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"role": {
"name": "role",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"description": {
"name": "description",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"created_at": {
"name": "created_at",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"updated_at": {
"name": "updated_at",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"user_role": {
"name": "user_role",
"columns": {
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"role_id": {
"name": "role_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"created_at": {
"name": "created_at",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {
"user_role_user_id_user_id_fk": {
"name": "user_role_user_id_user_id_fk",
"tableFrom": "user_role",
"tableTo": "user",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
},
"user_role_role_id_role_id_fk": {
"name": "user_role_role_id_role_id_fk",
"tableFrom": "user_role",
"tableTo": "role",
"columnsFrom": [
"role_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {
"user_role_user_id_role_id_pk": {
"columns": [
"user_id",
"role_id"
],
"name": "user_role_user_id_role_id_pk"
}
},
"uniqueConstraints": {},
"checkConstraints": {}
},
"user": {
"name": "user",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"email": {
"name": "email",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"emailVerified": {
"name": "emailVerified",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"image": {
"name": "image",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"username": {
"name": "username",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"password": {
"name": "password",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"user_email_unique": {
"name": "user_email_unique",
"columns": [
"email"
],
"isUnique": true
},
"user_username_unique": {
"name": "user_username_unique",
"columns": [
"username"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"webhook": {
"name": "webhook",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"url": {
"name": "url",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"enabled": {
"name": "enabled",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": true
},
"created_at": {
"name": "created_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"updated_at": {
"name": "updated_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {
"webhook_user_id_user_id_fk": {
"name": "webhook_user_id_user_id_fk",
"tableFrom": "webhook",
"tableTo": "user",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
}
},
"views": {},
"enums": {},
"_meta": {
"schemas": {},
"tables": {},
"columns": {}
},
"internal": {
"indexes": {}
}
}

14
drizzle/meta/_journal.json
View File

@@ -64,6 +64,20 @@
"when": 1736922488093,
"tag": "0008_cute_dormammu",
"breakpoints": true
},
{
"idx": 9,
"version": "6",
"when": 1739079086122,
"tag": "0009_overconfident_gateway",
"breakpoints": true
},
{
"idx": 10,
"version": "6",
"when": 1739157879946,
"tag": "0010_brief_stellaris",
"breakpoints": true
}
]
}

16
middleware.ts
View File

@@ -3,18 +3,28 @@ import { NextResponse } from "next/server"
import { PERMISSIONS } from "@/lib/permissions"
import { checkPermission } from "@/lib/auth"
import { Permission } from "@/lib/permissions"
import { handleApiKeyAuth } from "@/lib/apiKey"
const API_PERMISSIONS: Record<string, Permission> = {
'/api/emails': PERMISSIONS.MANAGE_EMAIL,
'/api/webhook': PERMISSIONS.MANAGE_WEBHOOK,
'/api/roles/promote': PERMISSIONS.PROMOTE_USER,
'/api/config': PERMISSIONS.MANAGE_CONFIG,
'/api/api-keys': PERMISSIONS.MANAGE_API_KEY,
}
export async function middleware(request: Request) {
const session = await auth()
const pathname = new URL(request.url).pathname
// API Key 认证
request.headers.delete("X-User-Id")
const apiKey = request.headers.get("X-API-Key")
if (apiKey) {
return handleApiKeyAuth(apiKey, pathname)
}
// Session 认证
const session = await auth()
if (!session?.user) {
return NextResponse.json(
{ error: "未授权" },
@@ -25,7 +35,7 @@ export async function middleware(request: Request) {
for (const [route, permission] of Object.entries(API_PERMISSIONS)) {
if (pathname.startsWith(route)) {
const hasAccess = await checkPermission(permission)
if (!hasAccess) {
return NextResponse.json(
{ error: "权限不足" },
@@ -45,5 +55,7 @@ export const config = {
'/api/webhook/:path*',
'/api/roles/:path*',
'/api/config/:path*',
'/api/api-keys/:path*',
'/api/admin-contact',
]
}