@zhang_libo/resource-hub 1.0.2

package/dist/routes/users.js

@@ -0,0 +1,181 @@
+import bcrypt from 'bcryptjs';
+import { v4 as uuidv4 } from 'uuid';
+import { db } from '../db/index.js';
+import { users, resources, emailConfig } from '../db/schema.js';
+import { eq, ne, and } from 'drizzle-orm';
+import { deliverMail } from '../services/mail.js';
+import { getAdminResetPasswordMail, getRequestLocale, localizeFields, localizeText, } from '../i18n.js';
+function sendError(reply, locale, status, error, code, fields) {
+    const body = { success: false, error: localizeText(locale, error), code };
+    if (fields)
+        body.fields = localizeFields(locale, fields);
+    reply.code(status).send(body);
+}
+function validateUsername(v) {
+    return /^[a-zA-Z_][a-zA-Z0-9_]{2,19}$/.test(v);
+}
+function validatePassword(v) {
+    return v.length >= 8 && v.length <= 64 && /[a-zA-Z]/.test(v) && /[0-9]/.test(v);
+}
+function validateEmail(v) {
+    return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(v);
+}
+function validateDisplayName(v) {
+    return typeof v === 'string' && v.trim().length >= 1 && v.trim().length <= 30;
+}
+function generateTempPassword() {
+    const upper = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    const digits = '0123456789';
+    const lower = 'abcdefghijklmnopqrstuvwxyz';
+    const rand = (chars, n) => Array.from({ length: n }, () => chars[Math.floor(Math.random() * chars.length)]).join('');
+    return rand(upper, 4) + rand(digits, 4) + rand(lower, 4);
+}
+function formatUser(u) {
+    return {
+        id: u.id,
+        username: u.username,
+        displayName: u.displayName,
+        email: u.email,
+        role: u.role,
+        status: u.status,
+        createdAt: u.createdAt,
+    };
+}
+function getEmailRow() {
+    return db.select().from(emailConfig).where(eq(emailConfig.id, 'default')).get();
+}
+const usersRoutes = async (fastify) => {
+    // GET / — admin: list all users (no passwordHash)
+    fastify.get('/', { preHandler: fastify.requireAdmin }, async (_req, reply) => {
+        const rows = db.select({
+            id: users.id,
+            username: users.username,
+            displayName: users.displayName,
+            email: users.email,
+            role: users.role,
+            status: users.status,
+            createdAt: users.createdAt,
+        }).from(users).all();
+        reply.send({ success: true, data: rows });
+    });
+    // POST / — admin: create user directly with provided password, no email sent
+    fastify.post('/', { preHandler: fastify.requireAdmin }, async (req, reply) => {
+        const locale = getRequestLocale(req);
+        const { username, displayName, email, password, role } = req.body;
+        const fields = {};
+        if (!username || !validateUsername(username))
+            fields.username = '用户名格式不正确（3-20字符，字母/数字/下划线，不能以数字开头）';
+        if (!displayName || !validateDisplayName(displayName))
+            fields.displayName = '显示名称须为1-30字符';
+        if (!email || !validateEmail(email))
+            fields.email = '邮箱格式不正确';
+        if (!password || !validatePassword(password))
+            fields.password = '密码须为8-64字符，且同时包含字母和数字';
+        if (Object.keys(fields).length > 0) {
+            return sendError(reply, locale, 422, '请求参数校验失败', 'VALIDATION_ERROR', fields);
+        }
+        const existingUsername = db.select().from(users).where(eq(users.username, username)).get();
+        if (existingUsername)
+            return sendError(reply, locale, 422, '用户名已被占用', 'USERNAME_TAKEN');
+        const existingEmail = db.select().from(users).where(eq(users.email, email)).get();
+        if (existingEmail)
+            return sendError(reply, locale, 422, '邮箱已被注册', 'EMAIL_TAKEN');
+        const passwordHash = await bcrypt.hash(password, 10);
+        const now = Math.floor(Date.now() / 1000);
+        const id = uuidv4();
+        db.insert(users).values({
+            id,
+            username,
+            displayName,
+            email,
+            role: role === 'admin' ? 'admin' : 'user',
+            status: 'active',
+            passwordHash,
+            createdAt: now,
+        }).run();
+        const newUser = db.select().from(users).where(eq(users.id, id)).get();
+        reply.code(201).send({ success: true, data: formatUser(newUser) });
+    });
+    // PUT /:id — admin: edit user fields
+    fastify.put('/:id', { preHandler: fastify.requireAdmin }, async (req, reply) => {
+        const locale = getRequestLocale(req);
+        const { id } = req.params;
+        const user = db.select().from(users).where(eq(users.id, id)).get();
+        if (!user)
+            return sendError(reply, locale, 404, '用户不存在', 'USER_NOT_FOUND');
+        const { displayName, email, role, status } = req.body;
+        const updates = {};
+        if (displayName !== undefined) {
+            if (!validateDisplayName(displayName)) {
+                return sendError(reply, locale, 422, '请求参数校验失败', 'VALIDATION_ERROR', { displayName: '显示名称须为1-30字符' });
+            }
+            updates.displayName = displayName;
+        }
+        if (email !== undefined) {
+            if (!validateEmail(email)) {
+                return sendError(reply, locale, 422, '请求参数校验失败', 'VALIDATION_ERROR', { email: '邮箱格式不正确' });
+            }
+            const dup = db.select().from(users)
+                .where(and(eq(users.email, email), ne(users.id, id)))
+                .get();
+            if (dup)
+                return sendError(reply, locale, 422, '邮箱已被注册', 'EMAIL_TAKEN');
+            updates.email = email;
+        }
+        if (role !== undefined)
+            updates.role = role;
+        if (status !== undefined)
+            updates.status = status;
+        if (Object.keys(updates).length > 0) {
+            db.update(users).set(updates).where(eq(users.id, id)).run();
+        }
+        const updated = db.select().from(users).where(eq(users.id, id)).get();
+        reply.send({ success: true, data: formatUser(updated) });
+    });
+    // DELETE /:id — admin: transfer resources to admin then delete user
+    fastify.delete('/:id', { preHandler: fastify.requireAdmin }, async (req, reply) => {
+        const locale = getRequestLocale(req);
+        const { id } = req.params;
+        if (id === req.user.userId) {
+            return sendError(reply, locale, 422, '不能删除自身账号', 'CANNOT_DELETE_SELF');
+        }
+        const user = db.select().from(users).where(eq(users.id, id)).get();
+        if (!user)
+            return sendError(reply, locale, 404, '用户不存在', 'USER_NOT_FOUND');
+        // Transfer user's resources to the performing admin to avoid FK constraint
+        db.update(resources).set({ ownerId: req.user.userId }).where(eq(resources.ownerId, id)).run();
+        db.delete(users).where(eq(users.id, id)).run();
+        reply.send({ success: true, data: { message: localizeText(locale, '删除成功') } });
+    });
+    // POST /:id/reset-password — admin: auto-generate and send new password
+    fastify.post('/:id/reset-password', { preHandler: fastify.requireAdmin }, async (req, reply) => {
+        const locale = getRequestLocale(req);
+        const { id } = req.params;
+        const user = db.select().from(users).where(eq(users.id, id)).get();
+        if (!user)
+            return sendError(reply, locale, 404, '用户不存在', 'USER_NOT_FOUND');
+        const newPassword = generateTempPassword();
+        const passwordHash = await bcrypt.hash(newPassword, 10);
+        db.update(users).set({ passwordHash }).where(eq(users.id, id)).run();
+        const mailConfig = getEmailRow();
+        const { subject, body } = getAdminResetPasswordMail(locale, user.displayName, newPassword);
+        const preview = await deliverMail(user.email, subject, body, {
+            smtpHost: mailConfig?.smtpHost ?? '',
+            smtpPort: mailConfig?.smtpPort ?? 465,
+            encryption: mailConfig?.encryption ?? 'ssl',
+            fromEmail: mailConfig?.fromEmail ?? '',
+            fromName: mailConfig?.fromName ?? '资源导航系统',
+            smtpUser: mailConfig?.smtpUser ?? '',
+            smtpPassword: mailConfig?.smtpPassword ?? '',
+        });
+        const response = {
+            success: true,
+            data: { message: localizeText(locale, '密码已重置') },
+        };
+        if (preview)
+            response.emailPreview = preview;
+        reply.send(response);
+    });
+};
+export default usersRoutes;
+//# sourceMappingURL=users.js.map

package/dist/routes/users.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"users.js","sourceRoot":"","sources":["../../src/routes/users.ts"],"names":[],"mappings":"AACA,OAAO,MAAM,MAAM,UAAU,CAAA;AAC7B,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAA;AACnC,OAAO,EAAE,EAAE,EAAE,MAAM,gBAAgB,CAAA;AACnC,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAA;AAC/D,OAAO,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AACjD,OAAO,EACL,yBAAyB,EACzB,gBAAgB,EAChB,cAAc,EACd,YAAY,GACb,MAAM,YAAY,CAAA;AAEnB,SAAS,SAAS,CAChB,KAAmB,EACnB,MAA2C,EAC3C,MAAc,EACd,KAAa,EACb,IAAY,EACZ,MAA+B;IAE/B,MAAM,IAAI,GAA4B,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,IAAI,EAAE,CAAA;IAClG,IAAI,MAAM;QAAE,IAAI,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACxD,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAC/B,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAS;IACjC,OAAO,+BAA+B,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AAChD,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAS;IACjC,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,IAAI,EAAE,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjF,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,OAAO,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AAC7C,CAAC;AAED,SAAS,mBAAmB,CAAC,CAAS;IACpC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,IAAI,EAAE,CAAA;AAC/E,CAAC;AAED,SAAS,oBAAoB;IAC3B,MAAM,KAAK,GAAG,4BAA4B,CAAA;IAC1C,MAAM,MAAM,GAAG,YAAY,CAAA;IAC3B,MAAM,KAAK,GAAG,4BAA4B,CAAA;IAC1C,MAAM,IAAI,GAAG,CAAC,KAAa,EAAE,CAAS,EAAE,EAAE,CACxC,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAC3F,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;AAC1D,CAAC;AAED,SAAS,UAAU,CAAC,CAA4B;IAC9C,OAAO;QACL,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,SAAS,EAAE,CAAC,CAAC,SAAS;KACvB,CAAA;AACH,CAAC;AAED,SAAS,WAAW;IAClB,OAAO,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;AACjF,CAAC;AAED,MAAM,WAAW,GAAuB,KAAK,EAAE,OAAO,EAAE,EAAE;IAExD,kDAAkD;IAClD,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE;QAC3E,MAAM,IAAI,GAAG,EAAE,CAAC,MAAM,CAAC;YACrB,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,SAAS,EAAE,KAAK,CAAC,SAAS;SAC3B,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAA;QACpB,KAAK,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;IAC3C,CAAC,CAAC,CAAA;IAEF,6EAA6E;IAC7E,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE;QAC3E,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAA;QACpC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,IAM5D,CAAA;QAED,MAAM,MAAM,GAA2B,EAAE,CAAA;QACzC,IAAI,CAAC,QAAQ,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC;YAAE,MAAM,CAAC,QAAQ,GAAG,oCAAoC,CAAA;QACpG,IAAI,CAAC,WAAW,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC;YAAE,MAAM,CAAC,WAAW,GAAG,cAAc,CAAA;QAC1F,IAAI,CAAC,KAAK,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;YAAE,MAAM,CAAC,KAAK,GAAG,SAAS,CAAA;QAC7D,IAAI,CAAC,QAAQ,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC;YAAE,MAAM,CAAC,QAAQ,GAAG,uBAAuB,CAAA;QACvF,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnC,OAAO,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,CAAC,CAAA;QAC9E,CAAC;QAED,MAAM,gBAAgB,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;QAC1F,IAAI,gBAAgB;YAAE,OAAO,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAA;QAEvF,MAAM,aAAa,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;QACjF,IAAI,aAAa;YAAE,OAAO,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAA;QAEhF,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;QACzC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAA;QACnB,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;YACtB,EAAE;YACF,QAAQ;YACR,WAAW;YACX,KAAK;YACL,IAAI,EAAE,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM;YACzC,MAAM,EAAE,QAAQ;YAChB,YAAY;YACZ,SAAS,EAAE,GAAG;SACf,CAAC,CAAC,GAAG,EAAE,CAAA;QAER,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAG,CAAA;QACtE,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;IACpE,CAAC,CAAC,CAAA;IAEF,qCAAqC;IACrC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE;QAC7E,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAA;QACpC,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC,MAAwB,CAAA;QAC3C,MAAM,IAAI,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;QAClE,IAAI,CAAC,IAAI;YAAE,OAAO,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAA;QAE1E,MAAM,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,IAKhD,CAAA;QAED,MAAM,OAAO,GAAuC,EAAE,CAAA;QAEtD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC,EAAE,CAAC;gBACtC,OAAO,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,kBAAkB,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE,CAAC,CAAA;YACvG,CAAC;YACD,OAAO,CAAC,WAAW,GAAG,WAAW,CAAA;QACnC,CAAC;QAED,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1B,OAAO,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,kBAAkB,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAA;YAC5F,CAAC;YACD,MAAM,GAAG,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC;iBAChC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;iBACpD,GAAG,EAAE,CAAA;YACR,IAAI,GAAG;gBAAE,OAAO,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAA;YACtE,OAAO,CAAC,KAAK,GAAG,KAAK,CAAA;QACvB,CAAC;QAED,IAAI,IAAI,KAAK,SAAS;YAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;QAC3C,IAAI,MAAM,KAAK,SAAS;YAAE,OAAO,CAAC,MAAM,GAAG,MAAM,CAAA;QAEjD,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;QAC7D,CAAC;QAED,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAG,CAAA;QACtE,KAAK,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;IAC1D,CAAC,CAAC,CAAA;IAEF,oEAAoE;IACpE,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE;QAChF,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAA;QACpC,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC,MAAwB,CAAA;QAE3C,IAAI,EAAE,KAAK,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YAC3B,OAAO,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,oBAAoB,CAAC,CAAA;QACxE,CAAC;QAED,MAAM,IAAI,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;QAClE,IAAI,CAAC,IAAI;YAAE,OAAO,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAA;QAE1E,2EAA2E;QAC3E,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;QAC7F,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;QAE9C,KAAK,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,CAAA;IAChF,CAAC,CAAC,CAAA;IAEF,wEAAwE;IACxE,OAAO,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE;QAC7F,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAA;QACpC,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC,MAAwB,CAAA;QAC3C,MAAM,IAAI,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;QAClE,IAAI,CAAC,IAAI;YAAE,OAAO,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAA;QAE1E,MAAM,WAAW,GAAG,oBAAoB,EAAE,CAAA;QAC1C,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC,CAAA;QACvD,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;QAEpE,MAAM,UAAU,GAAG,WAAW,EAAE,CAAA;QAChC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,yBAAyB,CAAC,MAAM,EAAE,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAA;QAC1F,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE;YAC3D,QAAQ,EAAE,UAAU,EAAE,QAAQ,IAAI,EAAE;YACpC,QAAQ,EAAE,UAAU,EAAE,QAAQ,IAAI,GAAG;YACrC,UAAU,EAAE,UAAU,EAAE,UAAU,IAAI,KAAK;YAC3C,SAAS,EAAE,UAAU,EAAE,SAAS,IAAI,EAAE;YACtC,QAAQ,EAAE,UAAU,EAAE,QAAQ,IAAI,QAAQ;YAC1C,QAAQ,EAAE,UAAU,EAAE,QAAQ,IAAI,EAAE;YACpC,YAAY,EAAE,UAAU,EAAE,YAAY,IAAI,EAAE;SAC7C,CAAC,CAAA;QAEF,MAAM,QAAQ,GAA4B;YACxC,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,EAAE,OAAO,EAAE,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE;SACjD,CAAA;QACD,IAAI,OAAO;YAAE,QAAQ,CAAC,YAAY,GAAG,OAAO,CAAA;QAC5C,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACtB,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA;AAED,eAAe,WAAW,CAAA"}

package/dist/services/crypto.js

@@ -0,0 +1,49 @@
+import { constants, createPrivateKey, createPublicKey, generateKeyPairSync, privateDecrypt } from 'crypto';
+let privateKey;
+let publicKeyPem;
+function initRsaKeyPair() {
+    const pem = process.env.RSA_PRIVATE_KEY_PEM;
+    if (pem && typeof pem === 'string' && pem.trim().length > 0) {
+        privateKey = createPrivateKey({ key: pem.trim(), format: 'pem' });
+        const pubKey = createPublicKey(privateKey);
+        publicKeyPem = pubKey.export({ type: 'spki', format: 'pem' });
+        return;
+    }
+    const { privateKey: priv, publicKey: pub } = generateKeyPairSync('rsa', {
+        modulusLength: 2048,
+        publicKeyEncoding: { type: 'spki', format: 'pem' },
+        privateKeyEncoding: { type: 'pkcs1', format: 'pem' },
+    });
+    privateKey = createPrivateKey(priv);
+    publicKeyPem = pub;
+}
+initRsaKeyPair();
+export function getPublicKeyPem() {
+    return publicKeyPem;
+}
+/**
+ * Decrypt RSA-OAEP ciphertext (Base64) to UTF-8 plaintext.
+ * Returns null if decryption fails (invalid base64 or bad ciphertext).
+ */
+export function decryptPassword(ciphertextBase64) {
+    if (typeof ciphertextBase64 !== 'string' || !ciphertextBase64.trim()) {
+        return null;
+    }
+    let buf;
+    try {
+        buf = Buffer.from(ciphertextBase64.trim(), 'base64');
+    }
+    catch {
+        return null;
+    }
+    if (buf.length === 0)
+        return null;
+    try {
+        const decrypted = privateDecrypt({ key: privateKey, padding: constants.RSA_PKCS1_OAEP_PADDING }, buf);
+        return decrypted.toString('utf8');
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=crypto.js.map

package/dist/services/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/services/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,eAAe,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAA;AAE1G,IAAI,UAA+C,CAAA;AACnD,IAAI,YAAoB,CAAA;AAExB,SAAS,cAAc;IACrB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAA;IAC3C,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5D,UAAU,GAAG,gBAAgB,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAA;QACjE,MAAM,MAAM,GAAG,eAAe,CAAC,UAAU,CAAC,CAAA;QAC1C,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAW,CAAA;QACvE,OAAM;IACR,CAAC;IACD,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,mBAAmB,CAAC,KAAK,EAAE;QACtE,aAAa,EAAE,IAAI;QACnB,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE;QAClD,kBAAkB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE;KACrD,CAAC,CAAA;IACF,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAA;IACnC,YAAY,GAAG,GAAG,CAAA;AACpB,CAAC;AAED,cAAc,EAAE,CAAA;AAEhB,MAAM,UAAU,eAAe;IAC7B,OAAO,YAAY,CAAA;AACrB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,gBAAwB;IACtD,IAAI,OAAO,gBAAgB,KAAK,QAAQ,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,EAAE,CAAC;QACrE,OAAO,IAAI,CAAA;IACb,CAAC;IACD,IAAI,GAAW,CAAA;IACf,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,EAAE,QAAQ,CAAC,CAAA;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACjC,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,cAAc,CAC9B,EAAE,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,CAAC,sBAAsB,EAAE,EAC9D,GAAG,CACJ,CAAA;QACD,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC"}

package/dist/services/mail.d.ts

@@ -0,0 +1,16 @@
+import type { EmailPreview } from '../types.js';
+interface MailConfig {
+    smtpHost: string | null;
+    smtpPort: number | null;
+    encryption: string | null;
+    fromEmail: string | null;
+    fromName: string | null;
+    smtpUser: string | null;
+    smtpPassword: string | null;
+}
+/**
+ * Deliver an email. Returns EmailPreview if in mock mode (smtpHost empty), null otherwise.
+ */
+export declare function deliverMail(to: string, subject: string, body: string, config: MailConfig): Promise<EmailPreview | null>;
+export {};
+//# sourceMappingURL=mail.d.ts.map

package/dist/services/mail.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mail.d.ts","sourceRoot":"","sources":["../../src/services/mail.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAE/C,UAAU,UAAU;IAClB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAA;CAC5B;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,EAAE,EAAE,MAAM,EACV,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CA8B9B"}

package/dist/services/mail.js

@@ -0,0 +1,33 @@
+import nodemailer from 'nodemailer';
+/**
+ * Deliver an email. Returns EmailPreview if in mock mode (smtpHost empty), null otherwise.
+ */
+export async function deliverMail(to, subject, body, config) {
+    const isMock = !config.smtpHost || config.smtpHost.trim() === '';
+    if (isMock) {
+        console.log('\n[Mock Email]');
+        console.log(`  To: ${to}`);
+        console.log(`  Subject: ${subject}`);
+        console.log(`  Body:\n${body}`);
+        return { to, subject, body };
+    }
+    const secure = config.encryption === 'ssl';
+    const transportOpts = {
+        host: config.smtpHost,
+        port: config.smtpPort ?? 465,
+        secure,
+        auth: {
+            user: config.smtpUser ?? '',
+            pass: config.smtpPassword ?? '',
+        },
+    };
+    const transporter = nodemailer.createTransport(transportOpts);
+    await transporter.sendMail({
+        from: `"${config.fromName ?? '资源导航系统'}" <${config.fromEmail ?? config.smtpUser}>`,
+        to,
+        subject,
+        text: body,
+    });
+    return null;
+}
+//# sourceMappingURL=mail.js.map

package/dist/services/mail.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mail.js","sourceRoot":"","sources":["../../src/services/mail.ts"],"names":[],"mappings":"AAAA,OAAO,UAAU,MAAM,YAAY,CAAA;AAanC;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,EAAU,EACV,OAAe,EACf,IAAY,EACZ,MAAkB;IAElB,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,CAAA;IAEhE,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAA;QAC7B,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;QAC1B,OAAO,CAAC,GAAG,CAAC,cAAc,OAAO,EAAE,CAAC,CAAA;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAA;QAC/B,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;IAC9B,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,KAAK,KAAK,CAAA;IAC1C,MAAM,aAAa,GAAG;QACpB,IAAI,EAAE,MAAM,CAAC,QAAS;QACtB,IAAI,EAAE,MAAM,CAAC,QAAQ,IAAI,GAAG;QAC5B,MAAM;QACN,IAAI,EAAE;YACJ,IAAI,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;YAC3B,IAAI,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;SAChC;KACF,CAAA;IACD,MAAM,WAAW,GAAG,UAAU,CAAC,eAAe,CAAC,aAAa,CAAC,CAAA;IAE7D,MAAM,WAAW,CAAC,QAAQ,CAAC;QACzB,IAAI,EAAE,IAAI,MAAM,CAAC,QAAQ,IAAI,QAAQ,MAAM,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,QAAQ,GAAG;QACjF,EAAE;QACF,OAAO;QACP,IAAI,EAAE,IAAI;KACX,CAAC,CAAA;IAEF,OAAO,IAAI,CAAA;AACb,CAAC"}

package/dist/services/rsa.js

@@ -0,0 +1,49 @@
+import { generateKeyPairSync, privateDecrypt, constants } from 'crypto';
+import { db } from '../db/index.js';
+import { rsaKeys } from '../db/schema.js';
+import { eq } from 'drizzle-orm';
+function nowSeconds() {
+    return Math.floor(Date.now() / 1000);
+}
+export function getOrCreateKeyPair() {
+    const existing = db.select().from(rsaKeys).where(eq(rsaKeys.id, 'current')).get();
+    if (existing)
+        return existing;
+    const { publicKey, privateKey } = generateKeyPairSync('rsa', {
+        modulusLength: 2048,
+        publicKeyEncoding: {
+            type: 'spki',
+            format: 'pem',
+        },
+        privateKeyEncoding: {
+            type: 'pkcs8',
+            format: 'pem',
+        },
+    });
+    const row = {
+        id: 'current',
+        publicKey,
+        privateKey,
+        createdAt: nowSeconds(),
+    };
+    db.insert(rsaKeys).values(row).run();
+    return row;
+}
+export function ensureRsaKeyPair() {
+    getOrCreateKeyPair();
+}
+export function getPublicKey() {
+    const row = getOrCreateKeyPair();
+    return row.publicKey;
+}
+export function decryptWithPrivateKey(ciphertextBase64) {
+    const row = getOrCreateKeyPair();
+    const buffer = Buffer.from(ciphertextBase64, 'base64');
+    const decrypted = privateDecrypt({
+        key: row.privateKey,
+        padding: constants.RSA_PKCS1_OAEP_PADDING,
+        oaepHash: 'sha256',
+    }, buffer);
+    return decrypted.toString('utf8');
+}
+//# sourceMappingURL=rsa.js.map

package/dist/services/rsa.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rsa.js","sourceRoot":"","sources":["../../src/services/rsa.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAA;AACvE,OAAO,EAAE,EAAE,EAAE,MAAM,gBAAgB,CAAA;AACnC,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AACzC,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAA;AAIhC,SAAS,UAAU;IACjB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;AACtC,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,MAAM,QAAQ,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;IACjF,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAA;IAE7B,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,KAAK,EAAE;QAC3D,aAAa,EAAE,IAAI;QACnB,iBAAiB,EAAE;YACjB,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,KAAK;SACd;QACD,kBAAkB,EAAE;YAClB,IAAI,EAAE,OAAO;YACb,MAAM,EAAE,KAAK;SACd;KACF,CAAC,CAAA;IAEF,MAAM,GAAG,GAAc;QACrB,EAAE,EAAE,SAAS;QACb,SAAS;QACT,UAAU;QACV,SAAS,EAAE,UAAU,EAAE;KACxB,CAAA;IAED,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;IACpC,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,kBAAkB,EAAE,CAAA;AACtB,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,MAAM,GAAG,GAAG,kBAAkB,EAAE,CAAA;IAChC,OAAO,GAAG,CAAC,SAAS,CAAA;AACtB,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,gBAAwB;IAC5D,MAAM,GAAG,GAAG,kBAAkB,EAAE,CAAA;IAChC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAA;IAEtD,MAAM,SAAS,GAAG,cAAc,CAC9B;QACE,GAAG,EAAE,GAAG,CAAC,UAAU;QACnB,OAAO,EAAE,SAAS,CAAC,sBAAsB;QACzC,QAAQ,EAAE,QAAQ;KACnB,EACD,MAAM,CACP,CAAA;IAED,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;AACnC,CAAC"}

package/dist/services/token.d.ts

@@ -0,0 +1,9 @@
+export declare function generateResetToken(): string;
+export declare function createResetToken(email: string): string;
+export declare function validateResetToken(token: string): {
+    valid: boolean;
+    error?: string;
+    email?: string;
+};
+export declare function markTokenUsed(token: string): void;
+//# sourceMappingURL=token.d.ts.map

package/dist/services/token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../src/services/token.ts"],"names":[],"mappings":"AAKA,wBAAgB,kBAAkB,IAAI,MAAM,CAE3C;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAQtD;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAMpG;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAEjD"}

package/dist/services/token.js

@@ -0,0 +1,29 @@
+import { randomBytes } from 'crypto';
+import { db } from '../db/index.js';
+import { resetTokens, systemConfig } from '../db/schema.js';
+import { eq } from 'drizzle-orm';
+export function generateResetToken() {
+    return randomBytes(32).toString('hex');
+}
+export function createResetToken(email) {
+    const config = db.select().from(systemConfig).where(eq(systemConfig.id, 'default')).get();
+    const expiryMinutes = config?.resetTokenExpiry ?? 60;
+    const expiresAt = Math.floor(Date.now() / 1000) + expiryMinutes * 60;
+    const token = generateResetToken();
+    db.insert(resetTokens).values({ token, email, expiresAt, used: false }).run();
+    return token;
+}
+export function validateResetToken(token) {
+    const row = db.select().from(resetTokens).where(eq(resetTokens.token, token)).get();
+    if (!row)
+        return { valid: false, error: 'RESET_TOKEN_INVALID' };
+    if (row.used)
+        return { valid: false, error: 'RESET_TOKEN_USED' };
+    if (row.expiresAt <= Math.floor(Date.now() / 1000))
+        return { valid: false, error: 'RESET_TOKEN_EXPIRED' };
+    return { valid: true, email: row.email };
+}
+export function markTokenUsed(token) {
+    db.update(resetTokens).set({ used: true }).where(eq(resetTokens.token, token)).run();
+}
+//# sourceMappingURL=token.js.map

package/dist/services/token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.js","sourceRoot":"","sources":["../../src/services/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAA;AACpC,OAAO,EAAE,EAAE,EAAE,MAAM,gBAAgB,CAAA;AACnC,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAA;AAEhC,MAAM,UAAU,kBAAkB;IAChC,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;AACxC,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,KAAa;IAC5C,MAAM,MAAM,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;IACzF,MAAM,aAAa,GAAG,MAAM,EAAE,gBAAgB,IAAI,EAAE,CAAA;IACpD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,aAAa,GAAG,EAAE,CAAA;IACpE,MAAM,KAAK,GAAG,kBAAkB,EAAE,CAAA;IAElC,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;IAC7E,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAa;IAC9C,MAAM,GAAG,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;IACnF,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAA;IAC/D,IAAI,GAAG,CAAC,IAAI;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAA;IAChE,IAAI,GAAG,CAAC,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAA;IACzG,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAA;AAC1C,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;AACtF,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,80 @@
+export interface JwtPayload {
+    userId: string;
+    role: 'admin' | 'user';
+}
+export interface User {
+    id: string;
+    username: string;
+    displayName: string;
+    email: string;
+    role: 'admin' | 'user';
+    isActive: boolean;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface Resource {
+    id: string;
+    title: string;
+    url: string;
+    description: string | null;
+    icon: string | null;
+    categoryId: string | null;
+    authorId: string;
+    isPublic: boolean;
+    isEnabled: boolean;
+    sortOrder: number;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface Category {
+    id: string;
+    name: string;
+    icon: string | null;
+    sortOrder: number;
+    createdAt: string;
+}
+export interface Tag {
+    id: string;
+    name: string;
+    createdAt: string;
+}
+export interface SystemConfig {
+    id: number;
+    siteName: string;
+    siteDesc: string | null;
+    enableRegister: boolean;
+    tokenExpiry: number;
+    updatedAt: string;
+}
+export interface EmailConfig {
+    id: number;
+    smtpHost: string;
+    smtpPort: number;
+    smtpUser: string;
+    smtpPass: string;
+    smtpFrom: string;
+    updatedAt: string;
+}
+export interface EmailPreview {
+    to: string;
+    subject: string;
+    body: string;
+}
+export interface ResetToken {
+    id: string;
+    userId: string;
+    token: string;
+    expiresAt: string;
+    used: boolean;
+    createdAt: string;
+}
+declare module 'fastify' {
+    interface FastifyRequest {
+        user: JwtPayload;
+    }
+    interface FastifyInstance {
+        authenticate: (request: import('fastify').FastifyRequest, reply: import('fastify').FastifyReply) => Promise<void>;
+        requireAdmin: (request: import('fastify').FastifyRequest, reply: import('fastify').FastifyReply) => Promise<void>;
+    }
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,OAAO,GAAG,MAAM,CAAA;CACvB;AAED,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,EAAE,OAAO,GAAG,MAAM,CAAA;IACtB,QAAQ,EAAE,OAAO,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAA;IACV,KAAK,EAAE,MAAM,CAAA;IACb,GAAG,EAAE,MAAM,CAAA;IACX,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,OAAO,CAAA;IACjB,SAAS,EAAE,OAAO,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;IACnB,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,GAAG;IAClB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,cAAc,EAAE,OAAO,CAAA;IACvB,WAAW,EAAE,MAAM,CAAA;IACnB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAA;IACV,OAAO,EAAE,MAAM,CAAA;IACf,IAAI,EAAE,MAAM,CAAA;CACb;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAA;IACV,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,MAAM,CAAA;IACjB,IAAI,EAAE,OAAO,CAAA;IACb,SAAS,EAAE,MAAM,CAAA;CAClB;AAGD,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAU,cAAc;QACtB,IAAI,EAAE,UAAU,CAAA;KACjB;IACD,UAAU,eAAe;QACvB,YAAY,EAAE,CAAC,OAAO,EAAE,OAAO,SAAS,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,SAAS,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;QACjH,YAAY,EAAE,CAAC,OAAO,EAAE,OAAO,SAAS,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,SAAS,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;KAClH;CACF"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,73 @@
+{
+    "name": "@zhang_libo/resource-hub",
+    "version": "1.0.2",
+    "description": "资源导航系统 - 集中整理与维护站点、工具、知识库与链接，支持用户登录、收藏、访问历史与后台管理",
+    "keywords": [
+        "resource",
+        "management",
+        "system",
+        "hub",
+        "resource-hub",
+        "资源",
+        "导航",
+        "资源管理",
+        "链接管理",
+        "收藏",
+        "后台管理"
+    ],
+    "type": "module",
+    "license": "MIT",
+    "author": "Libo Zhang",
+    "email": "zhanglibo610@gmail.com",
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/my-bad-idea/ResourceHub.git"
+    },
+    "homepage": "https://github.com/my-bad-idea/ResourceHub#readme",
+    "main": "dist/app.js",
+    "bin": {
+        "resource-hub": "bin/cli.js"
+    },
+    "engines": {
+        "node": ">=18.0.0"
+    },
+    "files": [
+        "dist",
+        "public",
+        "bin"
+    ],
+    "scripts": {
+        "dev": "tsx watch src/app.ts",
+        "build": "tsc",
+        "start": "node dist/app.js",
+        "test:smoke": "node test/smoke.mjs",
+        "test:browser": "node test/browser-acceptance.mjs",
+        "check": "npm run build && npm run test:smoke",
+        "// release:patch": "补丁版本发布",
+        "release:patch": "npm run build && npm version patch && npm publish --access=public",
+        "// release:minor": "次版本发布",
+        "release:minor": "npm run build && npm version minor && npm publish --access=public",
+        "// release:major": "主版本发布",
+        "release:major": "npm run build && npm version major && npm publish --access=public"
+    },
+    "dependencies": {
+        "@fastify/cors": "^9",
+        "@fastify/jwt": "^8",
+        "@fastify/static": "^7",
+        "bcryptjs": "^3.0.3",
+        "better-sqlite3": "^12",
+        "drizzle-orm": "^0.30",
+        "fastify": "^4",
+        "fastify-plugin": "^4",
+        "nodemailer": "^6",
+        "uuid": "^9"
+    },
+    "devDependencies": {
+        "@types/better-sqlite3": "^7.6.13",
+        "@types/node": "^20",
+        "@types/nodemailer": "^6",
+        "@types/uuid": "^9",
+        "tsx": "^4",
+        "typescript": "^5"
+    }
+}