blockmine 1.18.3 → 1.19.0

package/backend/src/api/routes/bots.js

@@ -13,6 +13,7 @@ const { randomUUID } = require('crypto');
 const eventGraphsRouter = require('./eventGraphs');
 const pluginIdeRouter = require('./pluginIde');
 const { deepMergeSettings } = require('../../core/utils/settingsMerger');
+const { checkBotAccess } = require('../middleware/botAccess');
 
 const multer = require('multer');
 const archiver = require('archiver');
@@ -23,6 +24,8 @@ const upload = multer({ storage: multer.memoryStorage() });
 
 const router = express.Router();
 
+router.use('/:botId(\\d+)/*', authenticate, (req, res, next) => checkBotAccess(req, res, next));
+
 const conditionalRestartAuth = (req, res, next) => {
     if (process.env.DEBUG === 'true' || process.env.NODE_ENV === 'development') {
         console.log('[Debug] Роут перезапуска бота доступен без проверки прав');
@@ -60,18 +63,16 @@ const conditionalStartStopAuth = (req, res, next) => {
 };
 
 const conditionalListAuth = (req, res, next) => {
-    if (process.env.DEBUG === 'true' || process.env.NODE_ENV === 'development') {
-        console.log('[Debug] Роут списка ботов/состояния доступен без проверки прав');
-        return next();
-    }
-    
     return authenticate(req, res, (err) => {
         if (err) return next(err);
+        if (process.env.DEBUG === 'true' || process.env.NODE_ENV === 'development') {
+            return next();
+        }
         return authorize('bot:list')(req, res, next);
     });
 };
 
-router.post('/:id/restart', conditionalRestartAuth, async (req, res) => {
+router.post('/:id/restart', conditionalRestartAuth, authenticate, checkBotAccess, async (req, res) => {
     try {
         const botId = parseInt(req.params.id, 10);
         botManager.stopBot(botId);
@@ -89,7 +90,7 @@ router.post('/:id/restart', conditionalRestartAuth, async (req, res) => {
     }
 });
 
-router.post('/:id/chat', conditionalChatAuth, (req, res) => {
+router.post('/:id/chat', conditionalChatAuth, authenticate, checkBotAccess, (req, res) => {
     try {
         const botId = parseInt(req.params.id, 10);
         const { message } = req.body;
@@ -100,7 +101,7 @@ router.post('/:id/chat', conditionalChatAuth, (req, res) => {
     } catch (error) { res.status(500).json({ error: 'Внутренняя ошибка сервера: ' + error.message }); }
 });
 
-router.post('/:id/start', conditionalStartStopAuth, async (req, res) => {
+router.post('/:id/start', conditionalStartStopAuth, authenticate, checkBotAccess, async (req, res) => {
     try {
         const botId = parseInt(req.params.id, 10);
         const botConfig = await prisma.bot.findUnique({ where: { id: botId }, include: { server: true } });
@@ -115,7 +116,7 @@ router.post('/:id/start', conditionalStartStopAuth, async (req, res) => {
     }
 });
 
-router.post('/:id/stop', conditionalStartStopAuth, (req, res) => {
+router.post('/:id/stop', conditionalStartStopAuth, authenticate, checkBotAccess, (req, res) => {
     try {
         const botId = parseInt(req.params.id, 10);
         botManager.stopBot(botId);
@@ -142,8 +143,21 @@ router.get('/', conditionalListAuth, async (req, res) => {
                 });
             }
         }
+
+        let whereFilter = {};
+        if (req.user && typeof req.user.userId === 'number') {
+            const panelUser = await prisma.panelUser.findUnique({
+                where: { id: req.user.userId },
+                include: { botAccess: { select: { botId: true } } }
+            });
+            if (panelUser && panelUser.allBots === false) {
+                const allowedIds = panelUser.botAccess.map(a => a.botId);
+                whereFilter = { id: { in: allowedIds.length ? allowedIds : [-1] } };
+            }
+        }
         
         const bots = await prisma.bot.findMany({ 
+            where: whereFilter,
             include: { server: true }, 
             orderBy: { sortOrder: 'asc' } 
         });
@@ -161,7 +175,119 @@ router.get('/state', conditionalListAuth, (req, res) => {
     } catch (error) { res.status(500).json({ error: 'Не удалось получить состояние ботов' }); }
 });
 
-router.get('/:id/logs', conditionalListAuth, (req, res) => {
+router.put('/bulk-proxy-update', authenticate, authorize('bot:update'), async (req, res) => {
+    try {
+        const { botIds, proxySettings } = req.body;
+        
+        if (!Array.isArray(botIds) || botIds.length === 0) {
+            return res.status(400).json({ error: 'Bot IDs array is required and cannot be empty' });
+        }
+        
+        if (!proxySettings || !proxySettings.proxyHost || !proxySettings.proxyPort) {
+            return res.status(400).json({ error: 'Proxy host and port are required' });
+        }
+        
+        if (proxySettings.proxyPort < 1 || proxySettings.proxyPort > 65535) {
+            return res.status(400).json({ error: 'Proxy port must be between 1 and 65535' });
+        }
+        
+        const accessibleBots = [];
+        const inaccessibleBots = [];
+        
+        for (const botId of botIds) {
+            try {
+                const userId = req.user?.userId;
+                if (!userId) {
+                    inaccessibleBots.push(botId);
+                    continue;
+                }
+
+                const botIdInt = parseInt(botId, 10);
+                if (isNaN(botIdInt)) {
+                    inaccessibleBots.push(botId);
+                    continue;
+                }
+
+                const user = await prisma.panelUser.findUnique({
+                    where: { id: userId },
+                    include: { botAccess: { select: { botId: true } } }
+                });
+                
+                if (!user) {
+                    inaccessibleBots.push(botId);
+                    continue;
+                }
+
+                if (user.allBots !== false || user.botAccess.some((a) => a.botId === botIdInt)) {
+                    accessibleBots.push(botIdInt);
+                } else {
+                    inaccessibleBots.push(botId);
+                }
+            } catch (error) {
+                console.error(`Error checking access for bot ${botId}:`, error);
+                inaccessibleBots.push(botId);
+            }
+        }
+        
+        if (accessibleBots.length === 0) {
+            return res.status(403).json({ error: 'No accessible bots in the provided list' });
+        }
+        
+        const encryptedSettings = {
+            proxyHost: proxySettings.proxyHost.trim(),
+            proxyPort: parseInt(proxySettings.proxyPort),
+            proxyUsername: proxySettings.proxyUsername ? encrypt(proxySettings.proxyUsername.trim()) : null,
+            proxyPassword: proxySettings.proxyPassword ? encrypt(proxySettings.proxyPassword) : null
+        };
+        
+        const updatedBots = await prisma.$transaction(
+            accessibleBots.map(botId => 
+                prisma.bot.update({
+                    where: { id: parseInt(botId) },
+                    data: encryptedSettings,
+                    include: {
+                        server: {
+                            select: {
+                                id: true,
+                                name: true,
+                                host: true,
+                                port: true,
+                                version: true
+                            }
+                        }
+                    }
+                })
+            )
+        );
+        
+        if (req.io) {
+            req.io.emit('bots-updated', updatedBots);
+        }
+        
+        res.json({
+            success: true,
+            message: `Proxy settings updated for ${updatedBots.length} bot(s)`,
+            updatedBots: updatedBots.map(bot => ({
+                id: bot.id,
+                username: bot.username,
+                proxyHost: bot.proxyHost,
+                proxyPort: bot.proxyPort,
+                server: bot.server
+            })),
+            inaccessibleBots: inaccessibleBots,
+            errors: inaccessibleBots.length > 0 ? [`Access denied to ${inaccessibleBots.length} bot(s)`] : []
+        });
+        
+    } catch (error) {
+        console.error('Bulk proxy update error:', error);
+        res.status(500).json({ 
+            error: 'Failed to update proxy settings',
+            details: error.message 
+        });
+    }
+});
+
+router.get('/:id/logs', conditionalListAuth, authenticate, checkBotAccess, (req, res) => {
     try {
         const botId = parseInt(req.params.id, 10);
         const { limit = 50, offset = 0 } = req.query;
@@ -264,7 +390,7 @@ router.post('/', authorize('bot:create'), async (req, res) => {
     }
 });
 
-router.put('/:id', authorize('bot:update'), async (req, res) => {
+router.put('/:id', authenticate, checkBotAccess, authorize('bot:update'), async (req, res) => {
     try {
         const { 
             username, password, prefix, serverId, note, owners,
@@ -337,7 +463,7 @@ router.put('/:id', authorize('bot:update'), async (req, res) => {
     }
 });
 
-router.put('/:id/sort-order', authorize('bot:update'), async (req, res) => {
+router.put('/:id/sort-order', authenticate, checkBotAccess, authorize('bot:update'), async (req, res) => {
     try {
         const { newPosition } = req.body;
         const botId = parseInt(req.params.id, 10);
@@ -414,7 +540,7 @@ router.put('/:id/sort-order', authorize('bot:update'), async (req, res) => {
     }
 });
 
-router.delete('/:id', authorize('bot:delete'), async (req, res) => {
+router.delete('/:id', authenticate, checkBotAccess, authorize('bot:delete'), async (req, res) => {
     try {
         const botId = parseInt(req.params.id, 10);
         if (botManager.bots.has(botId)) return res.status(400).json({ error: 'Нельзя удалить запущенного бота' });
@@ -433,7 +559,7 @@ router.get('/servers', authorize('bot:list'), async (req, res) => {
     }
 });
 
-router.get('/:botId/plugins', authorize('plugin:list'), async (req, res) => {
+router.get('/:botId/plugins', authenticate, checkBotAccess, authorize('plugin:list'), async (req, res) => {
     try {
         const botId = parseInt(req.params.botId);
         const plugins = await prisma.installedPlugin.findMany({ where: { botId } });
@@ -441,7 +567,7 @@ router.get('/:botId/plugins', authorize('plugin:list'), async (req, res) => {
     } catch (error) { res.status(500).json({ error: 'Не удалось получить плагины бота' }); }
 });
 
-router.post('/:botId/plugins/install/github', authorize('plugin:install'), async (req, res) => {
+router.post('/:botId/plugins/install/github', authenticate, checkBotAccess, authorize('plugin:install'), async (req, res) => {
     const { botId } = req.params;
     const { repoUrl } = req.body;
     try {
@@ -452,7 +578,7 @@ router.post('/:botId/plugins/install/github', authorize('plugin:install'), async
     }
 });
 
-router.post('/:botId/plugins/install/local', authorize('plugin:install'), async (req, res) => {
+router.post('/:botId/plugins/install/local', authenticate, checkBotAccess, authorize('plugin:install'), async (req, res) => {
     const { botId } = req.params;
     const { path } = req.body;
     try {
@@ -463,7 +589,7 @@ router.post('/:botId/plugins/install/local', authorize('plugin:install'), async
     }
 });
 
-router.delete('/:botId/plugins/:pluginId', authorize('plugin:delete'), async (req, res) => {
+router.delete('/:botId/plugins/:pluginId', authenticate, checkBotAccess, authorize('plugin:delete'), async (req, res) => {
     const { pluginId } = req.params;
     try {
         await pluginManager.deletePlugin(parseInt(pluginId));
@@ -473,65 +599,152 @@ router.delete('/:botId/plugins/:pluginId', authorize('plugin:delete'), async (re
     }
 });
 
-router.get('/:botId/plugins/:pluginId/settings', authorize('plugin:settings:view'), async (req, res) => {
+router.get('/:botId/plugins/:pluginId/settings', authenticate, checkBotAccess, authorize('plugin:settings:view'), async (req, res) => {
+	try {
+		const pluginId = parseInt(req.params.pluginId);
+		const plugin = await prisma.installedPlugin.findUnique({ where: { id: pluginId } });
+		if (!plugin) return res.status(404).json({ error: 'Установленный плагин не найден' });
+
+		const savedSettings = plugin.settings ? JSON.parse(plugin.settings) : {};
+		const defaultSettings = {};
+		const manifest = plugin.manifest ? JSON.parse(plugin.manifest) : {};
+		const manifestSettings = manifest.settings || {};
+
+
+		const firstSettingValue = Object.values(manifestSettings)[0];
+		const isGrouped = firstSettingValue && typeof firstSettingValue === 'object' && !firstSettingValue.type && firstSettingValue.label;
+
+		const processSetting = async (settingKey, config) => {
+			if (!config || !config.type) return;
+
+			if (config.type === 'json_file' && config.defaultPath) {
+				const configFilePath = path.join(plugin.path, config.defaultPath);
+				try {
+					const fileContent = await fs.readFile(configFilePath, 'utf-8');
+					defaultSettings[settingKey] = JSON.parse(fileContent);
+				} catch (e) {
+					console.error(`[API Settings] Не удалось прочитать defaultPath ${config.defaultPath} для плагина ${plugin.name}: ${e.message}`);
+					defaultSettings[settingKey] = {};
+				}
+			} else if (config.default !== undefined) {
+				try {
+					defaultSettings[settingKey] = JSON.parse(config.default);
+				} catch {
+					defaultSettings[settingKey] = config.default;
+				}
+			}
+		};
+
+		if (isGrouped) {
+			for (const categoryKey in manifestSettings) {
+				const categoryConfig = manifestSettings[categoryKey];
+				for (const settingKey in categoryConfig) {
+					if (settingKey === 'label') continue;
+					await processSetting(settingKey, categoryConfig[settingKey]);
+				}
+			}
+		} else {
+			for (const settingKey in manifestSettings) {
+				await processSetting(settingKey, manifestSettings[settingKey]);
+			}
+		}
+
+		const finalSettings = deepMergeSettings(defaultSettings, savedSettings);
+		res.json(finalSettings);
+	} catch (error) {
+		console.error("[API Error] /settings GET:", error);
+		res.status(500).json({ error: 'Не удалось получить настройки плагина' });
+	}
+});
+
+router.get('/:botId/plugins/:pluginId/data', authenticate, checkBotAccess, authorize('plugin:settings:view'), async (req, res) => {
     try {
         const pluginId = parseInt(req.params.pluginId);
         const plugin = await prisma.installedPlugin.findUnique({ where: { id: pluginId } });
         if (!plugin) return res.status(404).json({ error: 'Установленный плагин не найден' });
 
-        const savedSettings = plugin.settings ? JSON.parse(plugin.settings) : {};
-        const defaultSettings = {};
-        const manifest = plugin.manifest ? JSON.parse(plugin.manifest) : {};
-        const manifestSettings = manifest.settings || {};
-
+        const rows = await prisma.pluginDataStore.findMany({
+            where: { botId: plugin.botId, pluginName: plugin.name },
+            orderBy: { updatedAt: 'desc' }
+        });
 
-        const firstSettingValue = Object.values(manifestSettings)[0];
-        const isGrouped = firstSettingValue && typeof firstSettingValue === 'object' && !firstSettingValue.type && firstSettingValue.label;
+        const result = rows.map(r => {
+            let value;
+            try { value = JSON.parse(r.value); } catch { value = r.value; }
+            return { key: r.key, value, createdAt: r.createdAt, updatedAt: r.updatedAt };
+        });
+        res.json(result);
+    } catch (error) { res.status(500).json({ error: 'Не удалось получить данные плагина' }); }
+});
 
-        const processSetting = async (settingKey, config) => {
-            if (!config || !config.type) return;
+router.get('/:botId/plugins/:pluginId/data/:key', authenticate, checkBotAccess, authorize('plugin:settings:view'), async (req, res) => {
+    try {
+        const pluginId = parseInt(req.params.pluginId);
+        const { key } = req.params;
+        const plugin = await prisma.installedPlugin.findUnique({ where: { id: pluginId } });
+        if (!plugin) return res.status(404).json({ error: 'Установленный плагин не найден' });
 
-            if (config.type === 'json_file' && config.defaultPath) {
-                const configFilePath = path.join(plugin.path, config.defaultPath);
-                try {
-                    const fileContent = await fs.readFile(configFilePath, 'utf-8');
-                    defaultSettings[settingKey] = JSON.parse(fileContent);
-                } catch (e) {
-                    console.error(`[API Settings] Не удалось прочитать defaultPath ${config.defaultPath} для плагина ${plugin.name}: ${e.message}`);
-                    defaultSettings[settingKey] = {};
-                }
-            } else if (config.default !== undefined) {
-                try {
-                    defaultSettings[settingKey] = JSON.parse(config.default);
-                } catch {
-                    defaultSettings[settingKey] = config.default;
+        const row = await prisma.pluginDataStore.findUnique({
+            where: {
+                pluginName_botId_key: {
+                    pluginName: plugin.name,
+                    botId: plugin.botId,
+                    key
                 }
             }
-        };
+        });
+        if (!row) return res.status(404).json({ error: 'Ключ не найден' });
+        let value; try { value = JSON.parse(row.value); } catch { value = row.value; }
+        res.json({ key: row.key, value, createdAt: row.createdAt, updatedAt: row.updatedAt });
+    } catch (error) { res.status(500).json({ error: 'Не удалось получить значение по ключу' }); }
+});
+
+router.put('/:botId/plugins/:pluginId/data/:key', authenticate, checkBotAccess, authorize('plugin:settings:edit'), async (req, res) => {
+    try {
+        const pluginId = parseInt(req.params.pluginId);
+        const { key } = req.params;
+        const { value } = req.body;
+        const plugin = await prisma.installedPlugin.findUnique({ where: { id: pluginId } });
+        if (!plugin) return res.status(404).json({ error: 'Установленный плагин не найден' });
 
-        if (isGrouped) {
-            for (const categoryKey in manifestSettings) {
-                const categoryConfig = manifestSettings[categoryKey];
-                for (const settingKey in categoryConfig) {
-                    if (settingKey === 'label') continue;
-                    await processSetting(settingKey, categoryConfig[settingKey]);
+        const jsonValue = JSON.stringify(value ?? null);
+        const upserted = await prisma.pluginDataStore.upsert({
+            where: {
+                pluginName_botId_key: {
+                    pluginName: plugin.name,
+                    botId: plugin.botId,
+                    key
                 }
-            }
-        } else {
-            for (const settingKey in manifestSettings) {
-                await processSetting(settingKey, manifestSettings[settingKey]);
-            }
-        }
+            },
+            update: { value: jsonValue },
+            create: { pluginName: plugin.name, botId: plugin.botId, key, value: jsonValue }
+        });
+        let parsed; try { parsed = JSON.parse(upserted.value); } catch { parsed = upserted.value; }
+        res.json({ key: upserted.key, value: parsed, createdAt: upserted.createdAt, updatedAt: upserted.updatedAt });
+    } catch (error) { res.status(500).json({ error: 'Не удалось сохранить значение' }); }
+});
 
-        const finalSettings = deepMergeSettings(defaultSettings, savedSettings);
-        res.json(finalSettings);
-    } catch (error) {
-        console.error("[API Error] /settings GET:", error);
-        res.status(500).json({ error: 'Не удалось получить настройки плагина' });
-    }
+router.delete('/:botId/plugins/:pluginId/data/:key', authenticate, checkBotAccess, authorize('plugin:settings:edit'), async (req, res) => {
+    try {
+        const pluginId = parseInt(req.params.pluginId);
+        const { key } = req.params;
+        const plugin = await prisma.installedPlugin.findUnique({ where: { id: pluginId } });
+        if (!plugin) return res.status(404).json({ error: 'Установленный плагин не найден' });
+
+        await prisma.pluginDataStore.delete({
+            where: {
+                pluginName_botId_key: {
+                    pluginName: plugin.name,
+                    botId: plugin.botId,
+                    key
+                }
+            }
+        });
+        res.status(204).send();
+    } catch (error) { res.status(500).json({ error: 'Не удалось удалить значение' }); }
 });
 
-router.put('/:botId/plugins/:pluginId', authorize('plugin:settings:edit'), async (req, res) => {
+router.put('/:botId/plugins/:pluginId', authenticate, checkBotAccess, authorize('plugin:settings:edit'), async (req, res) => {
     try {
         const pluginId = parseInt(req.params.pluginId);
         const { isEnabled, settings } = req.body;
@@ -544,7 +757,7 @@ router.put('/:botId/plugins/:pluginId', authorize('plugin:settings:edit'), async
     } catch (error) { res.status(500).json({ error: 'Не удалось обновить плагин' }); }
 });
 
-router.get('/:botId/management-data', authorize('management:view'), async (req, res) => {
+router.get('/:botId/management-data', authenticate, checkBotAccess, authorize('management:view'), async (req, res) => {
     try {
         const botId = parseInt(req.params.botId, 10);
         if (isNaN(botId)) return res.status(400).json({ error: 'Неверный ID бота' });
@@ -907,7 +1120,7 @@ router.post('/stop-all', authorize('bot:start_stop'), (req, res) => {
     }
 });
 
-router.get('/:id/settings/all', authorize('bot:update'), async (req, res) => {
+router.get('/:id/settings/all', authenticate, checkBotAccess, authorize('bot:update'), async (req, res) => {
     try {
         const botId = parseInt(req.params.id, 10);
 
@@ -986,7 +1199,7 @@ router.get('/:id/settings/all', authorize('bot:update'), async (req, res) => {
 
 const nodeRegistry = require('../../core/NodeRegistry'); 
 
-router.get('/:botId/visual-editor/nodes', authorize('management:view'), (req, res) => {
+router.get('/:botId/visual-editor/nodes', authenticate, checkBotAccess, authorize('management:view'), (req, res) => {
     try {
         const { graphType } = req.query;
         const nodesByCategory = nodeRegistry.getNodesByCategory(graphType);
@@ -997,7 +1210,7 @@ router.get('/:botId/visual-editor/nodes', authorize('management:view'), (req, re
     }
 });
 
-router.get('/:botId/visual-editor/node-config', authorize('management:view'), (req, res) => {
+router.get('/:botId/visual-editor/node-config', authenticate, checkBotAccess, authorize('management:view'), (req, res) => {
     try {
         const { types } = req.query;
         if (!types) {
@@ -1012,7 +1225,7 @@ router.get('/:botId/visual-editor/node-config', authorize('management:view'), (r
     }
 });
 
-router.get('/:botId/visual-editor/permissions', authorize('management:view'), async (req, res) => {
+router.get('/:botId/visual-editor/permissions', authenticate, checkBotAccess, authorize('management:view'), async (req, res) => {
     try {
         const botId = parseInt(req.params.botId, 10);
         const permissions = await prisma.permission.findMany({ 
@@ -1633,7 +1846,7 @@ router.post('/:botId/plugins/:pluginName/action', authorize('plugin:list'), asyn
 });
 
 
-router.get('/:botId/export', authorize('bot:export'), async (req, res) => {
+router.get('/:botId/export', authenticate, checkBotAccess, authorize('bot:export'), async (req, res) => {
     try {
         const botId = parseInt(req.params.botId, 10);
         const {
@@ -1864,7 +2077,18 @@ router.post('/import', authorize('bot:create'), upload.single('file'), async (re
                     }
                 }
                 
-                const newPlugin = await prisma.installedPlugin.create({ data: pluginData });
+                try {
+                    await pluginManager._installDependencies(newPluginPath);
+                } catch (e) {
+                    console.warn(`[Import] Не удалось установить зависимости для плагина ${pluginName}: ${e.message}`);
+                }
+                
+                let newPlugin;
+                try {
+                    newPlugin = await pluginManager.registerPlugin(newBot.id, newPluginPath, 'LOCAL', newPluginPath);
+                } catch (e) {
+                    newPlugin = await prisma.installedPlugin.create({ data: pluginData });
+                }
                 pluginMap.set(oldPluginId, newPlugin.id);
             }
         }