feat: add user api limit

2026-02-28 15:54:43 +08:00 · 2025-08-20 19:37:36 +08:00
parent 1b5685c1bb
commit 6fc590cca1
12 changed files with 322 additions and 46 deletions
--- a/src/app/api/admin/user/route.ts
+++ b/src/app/api/admin/user/route.ts
@@ -17,6 +17,7 @@ const ACTIONS = [
  'cancelAdmin',
  'changePassword',
  'deleteUser',
+  'updateUserApis',
 ] as const;

 export async function POST(request: NextRequest) {
@@ -60,6 +61,7 @@ export async function POST(request: NextRequest) {
    if (
      action !== 'changePassword' &&
      action !== 'deleteUser' &&
+      action !== 'updateUserApis' &&
      username === targetUsername
    ) {
      return NextResponse.json(
@@ -273,6 +275,38 @@ export async function POST(request: NextRequest) {

        break;
      }
+      case 'updateUserApis': {
+        if (!targetEntry) {
+          return NextResponse.json(
+            { error: '目标用户不存在' },
+            { status: 404 }
+          );
+        }
+
+        const { enabledApis } = body as { enabledApis?: string[] };
+
+        // 权限检查：站长可配置所有人的采集源，管理员可配置普通用户和自己的采集源
+        if (
+          isTargetAdmin &&
+          operatorRole !== 'owner' &&
+          username !== targetUsername
+        ) {
+          return NextResponse.json(
+            { error: '仅站长可配置其他管理员的采集源' },
+            { status: 401 }
+          );
+        }
+
+        // 更新用户的采集源权限
+        if (enabledApis && enabledApis.length > 0) {
+          targetEntry.enabledApis = enabledApis;
+        } else {
+          // 如果为空数组或未提供，则删除该字段，表示无限制
+          delete targetEntry.enabledApis;
+        }
+
+        break;
+      }
      default:
        return NextResponse.json({ error: '未知操作' }, { status: 400 });
    }