Spaces:

kines9661
/

kioai

Sleeping

kioai / artifacts /api-server /src /routes /admin.ts

kinaiok

Initial deployment setup for Hugging Face Spaces

5ef6e9d 9 days ago

11.9 kB

	import { Router } from "express";
	import bcrypt from "bcryptjs";
	import { randomUUID } from "crypto";
	import { db, usersTable, imagesTable, apiKeysTable, configTable, creditTransactionsTable } from "@workspace/db";
	import { eq, count, desc, sql, inArray } from "drizzle-orm";
	import { requireJwtAuth } from "./auth";
	import { refreshAccessToken, encrypt, getStoredCredentials } from "./config";
	import multer from "multer";
	import { S3Client, PutObjectCommand } from "@aws-sdk/client-s3";

	const s3 = new S3Client({
	endpoint: process.env.S3_ENDPOINT \|\| "https://s3.hi168.com",
	region: "us-east-1",
	credentials: {
	accessKeyId: process.env.S3_ACCESS_KEY \|\| "",
	secretAccessKey: process.env.S3_SECRET_KEY \|\| "",
	},
	forcePathStyle: true,
	});
	const S3_BUCKET = process.env.DEFAULT_OBJECT_STORAGE_BUCKET_ID \|\| "hi168-25517-1756t1kf";
	const S3_PUBLIC_BASE = `${process.env.S3_ENDPOINT \|\| "https://s3.hi168.com"}/${S3_BUCKET}`;

	const upload = multer({ storage: multer.memoryStorage(), limits: { fileSize: 5 * 1024 * 1024 } });

	const OTP_KEY = "bookmarklet_otp";

	const router = Router();

	async function requireAdmin(req: any, res: any, next: any) {
	const user = await db
	.select({ isAdmin: usersTable.isAdmin })
	.from(usersTable)
	.where(eq(usersTable.id, req.jwtUserId))
	.limit(1);
	if (!user[0]?.isAdmin) {
	return res.status(403).json({ error: "Forbidden" });
	}
	next();
	}

	router.use(requireJwtAuth);
	router.use(requireAdmin);

	router.get("/stats", async (_req, res) => {
	const [userCount] = await db.select({ count: count() }).from(usersTable);
	const [imageCount] = await db.select({ count: count() }).from(imagesTable);
	const [apiKeyCount] = await db.select({ count: count() }).from(apiKeysTable);
	res.json({
	users: Number(userCount.count),
	images: Number(imageCount.count),
	apiKeys: Number(apiKeyCount.count),
	});
	});

	router.get("/users", async (_req, res) => {
	const users = await db
	.select({
	id: usersTable.id,
	email: usersTable.email,
	displayName: usersTable.displayName,
	isAdmin: usersTable.isAdmin,
	createdAt: usersTable.createdAt,
	})
	.from(usersTable)
	.orderBy(desc(usersTable.createdAt));
	res.json({ users });
	});

	router.put("/users/:id", async (req, res) => {
	const id = Number(req.params.id);
	const { displayName, isAdmin, password } = req.body as {
	displayName?: string;
	isAdmin?: boolean;
	password?: string;
	};

	const updates: Partial<typeof usersTable.$inferInsert> = {};
	if (typeof displayName !== "undefined") updates.displayName = displayName \|\| null;
	if (typeof isAdmin === "boolean") updates.isAdmin = isAdmin;
	if (password) {
	if (password.length < 6) return res.status(400).json({ error: "Password must be at least 6 characters" });
	updates.passwordHash = await bcrypt.hash(password, 12);
	}

	if (Object.keys(updates).length === 0) {
	return res.status(400).json({ error: "Nothing to update" });
	}

	const [updated] = await db
	.update(usersTable)
	.set(updates)
	.where(eq(usersTable.id, id))
	.returning({
	id: usersTable.id,
	email: usersTable.email,
	displayName: usersTable.displayName,
	isAdmin: usersTable.isAdmin,
	});

	if (!updated) return res.status(404).json({ error: "User not found" });
	res.json(updated);
	});

	router.delete("/users/:id", async (req, res) => {
	const id = Number(req.params.id);
	if (id === req.jwtUserId) {
	return res.status(400).json({ error: "Cannot delete yourself" });
	}
	await db.delete(apiKeysTable).where(eq(apiKeysTable.userId, String(id)));
	const deleted = await db.delete(usersTable).where(eq(usersTable.id, id)).returning({ id: usersTable.id });
	if (!deleted.length) return res.status(404).json({ error: "User not found" });
	res.json({ success: true });
	});

	router.get("/config", async (_req, res) => {
	const rows = await db.select().from(configTable).orderBy(configTable.key);
	res.json({ config: rows });
	});

	const CONFIG_KEY_MAP: Record<string, string> = {
	refresh_token: "geminigen_refresh_token",
	access_token: "geminigen_bearer_token",
	capsolver_api_key: "capsolver_api_key",
	playwright_solver_url: "playwright_solver_url",
	playwright_solver_secret: "playwright_solver_secret",
	yescaptcha_api_key: "yescaptcha_api_key",
	};

	router.put("/config", async (req, res) => {
	const { key, value } = req.body as { key?: string; value?: string };
	if (!key \|\| typeof value === "undefined") {
	return res.status(400).json({ error: "key and value are required" });
	}
	const dbKey = CONFIG_KEY_MAP[key];
	if (!dbKey) {
	return res.status(400).json({ error: "Invalid config key" });
	}
	await db
	.insert(configTable)
	.values({ key: dbKey, value, updatedAt: new Date() })
	.onConflictDoUpdate({ target: configTable.key, set: { value, updatedAt: new Date() } });
	res.json({ success: true });
	});

	router.get("/setup-status", async (_req, res) => {
	const row = await db
	.select({ key: configTable.key })
	.from(configTable)
	.where(eq(configTable.key, "geminigen_refresh_token"))
	.limit(1);
	res.json({ refreshTokenConfigured: row.length > 0 });
	});

	router.post("/setup", async (req, res) => {
	const { refreshToken } = req.body as { refreshToken?: string };
	if (!refreshToken?.trim()) {
	return res.status(400).json({ error: "refreshToken is required" });
	}
	const value = refreshToken.trim();
	if (value.length < 20) {
	return res.status(400).json({ error: "Token seems too short — please copy the full refresh_token value." });
	}
	await db
	.insert(configTable)
	.values({ key: "geminigen_refresh_token", value, updatedAt: new Date() })
	.onConflictDoUpdate({ target: configTable.key, set: { value, updatedAt: new Date() } });
	refreshAccessToken().catch(() => {});
	res.json({ success: true });
	});

	// Save geminigen.ai credentials for auto-renewal
	router.post("/credentials", requireJwtAuth, requireAdmin, async (req, res) => {
	const { username, password } = req.body as { username?: string; password?: string };
	if (!username?.trim() \|\| !password?.trim()) {
	return res.status(400).json({ error: "username and password are required" });
	}
	await db
	.insert(configTable)
	.values({ key: "geminigen_username", value: username.trim(), updatedAt: new Date() })
	.onConflictDoUpdate({ target: configTable.key, set: { value: username.trim(), updatedAt: new Date() } });
	const encPass = encrypt(password.trim());
	await db
	.insert(configTable)
	.values({ key: "geminigen_password_enc", value: encPass, updatedAt: new Date() })
	.onConflictDoUpdate({ target: configTable.key, set: { value: encPass, updatedAt: new Date() } });

	// Try to login with new credentials in background (may fail if Turnstile solver not configured)
	// Do NOT block saving credentials on login success — Turnstile may prevent immediate login
	refreshAccessToken().then((tok) => {
	if (tok) console.log("[admin] Credential login succeeded after save");
	else console.warn("[admin] Credential login failed after save (Turnstile may be required — token will refresh later)");
	}).catch(() => {});
	res.json({ success: true, note: "Credentials saved. Token will refresh automatically." });
	});

	// Check credential configuration status
	router.get("/credentials", requireJwtAuth, requireAdmin, async (_req, res) => {
	const creds = await getStoredCredentials();
	res.json({
	configured: !!creds,
	username: creds?.username ?? null,
	});
	});

	// Delete stored credentials
	router.delete("/credentials", requireJwtAuth, requireAdmin, async (_req, res) => {
	await db.delete(configTable).where(eq(configTable.key, "geminigen_username"));
	await db.delete(configTable).where(eq(configTable.key, "geminigen_password_enc"));
	res.json({ success: true });
	});

	// Generate a short-lived OTP for the bookmarklet token sync
	router.post("/bookmarklet-otp", async (_req, res) => {
	const otp = randomUUID();
	const expiresAt = Date.now() + 10 * 60 * 1000; // 10 minutes
	await db
	.insert(configTable)
	.values({ key: OTP_KEY, value: `${otp}:${expiresAt}`, updatedAt: new Date() })
	.onConflictDoUpdate({ target: configTable.key, set: { value: `${otp}:${expiresAt}`, updatedAt: new Date() } });
	res.json({ otp, expiresInSeconds: 600 });
	});

	// ── Site Config (logo, google ads, credits settings) ─────────────────────────
	const SITE_CONFIG_KEYS = [
	"logo_url", "site_name",
	"enable_credits", "image_gen_cost", "video_gen_cost", "signup_credits",
	"google_ads_enabled", "google_ads_client", "google_ads_slot",
	];

	router.get("/site-config", async (_req, res) => {
	const rows = await db
	.select()
	.from(configTable)
	.where(inArray(configTable.key, SITE_CONFIG_KEYS));
	const config: Record<string, string> = {};
	for (const row of rows) config[row.key] = row.value;
	res.json(config);
	});

	router.put("/site-config", async (req, res) => {
	const updates = req.body as Record<string, string>;
	for (const [key, value] of Object.entries(updates)) {
	if (!SITE_CONFIG_KEYS.includes(key)) continue;
	await db
	.insert(configTable)
	.values({ key, value: String(value), updatedAt: new Date() })
	.onConflictDoUpdate({ target: configTable.key, set: { value: String(value), updatedAt: new Date() } });
	}
	res.json({ success: true });
	});

	// ── Logo upload ───────────────────────────────────────────────────────────────
	router.post("/logo", upload.single("logo"), async (req, res) => {
	const file = (req as any).file as Express.Multer.File \| undefined;
	if (!file) return res.status(400).json({ error: "No file uploaded" });

	const ext = file.originalname.split(".").pop()?.toLowerCase() \|\| "png";
	const key = `logos/site-logo.${ext}`;

	await s3.send(new PutObjectCommand({
	Bucket: S3_BUCKET,
	Key: key,
	Body: file.buffer,
	ContentType: file.mimetype,
	ACL: "public-read",
	}));

	const url = `${S3_PUBLIC_BASE}/${key}?t=${Date.now()}`;
	await db
	.insert(configTable)
	.values({ key: "logo_url", value: url, updatedAt: new Date() })
	.onConflictDoUpdate({ target: configTable.key, set: { value: url, updatedAt: new Date() } });

	res.json({ success: true, url });
	});

	// ── Credits management ────────────────────────────────────────────────────────
	router.get("/credits", async (_req, res) => {
	const users = await db
	.select({
	id: usersTable.id,
	email: usersTable.email,
	displayName: usersTable.displayName,
	credits: usersTable.credits,
	isAdmin: usersTable.isAdmin,
	})
	.from(usersTable)
	.orderBy(desc(usersTable.createdAt));
	res.json({ users });
	});

	router.post("/credits/:userId/adjust", async (req, res) => {
	const userId = Number(req.params.userId);
	const { amount, description } = req.body as { amount?: number; description?: string };
	if (!amount \|\| isNaN(amount)) return res.status(400).json({ error: "amount is required" });

	const [user] = await db
	.update(usersTable)
	.set({ credits: sql`GREATEST(0, ${usersTable.credits} + ${amount})` })
	.where(eq(usersTable.id, userId))
	.returning({ credits: usersTable.credits });

	if (!user) return res.status(404).json({ error: "User not found" });

	await db.insert(creditTransactionsTable).values({
	userId,
	amount,
	type: amount > 0 ? "grant" : "deduct",
	description: description \|\| (amount > 0 ? "管理員手動增加" : "管理員手動扣除"),
	});

	res.json({ success: true, newBalance: user.credits });
	});

	export { OTP_KEY, requireAdmin, SITE_CONFIG_KEYS };
	export default router;