collabdocchat 1.0.0

package/server/routes/auth.js

@@ -0,0 +1,125 @@
+import express from 'express';
+import jwt from 'jsonwebtoken';
+import User from '../models/User.js';
+
+const router = express.Router();
+
+// 注册
+router.post('/register', async (req, res) => {
+  try {
+    const { username, password } = req.body;
+    
+    const existingUser = await User.findOne({ username });
+    if (existingUser) {
+      return res.status(400).json({ message: '用户名已存在' });
+    }
+
+    // 生成默认邮箱（保持数据库结构兼容性）
+    const email = `${username}@local.system`;
+    // 强制角色为普通用户，不允许注册管理员
+    const user = new User({ username, email, password, role: 'user' });
+    await user.save();
+
+    const token = jwt.sign(
+      { userId: user._id, role: user.role },
+      process.env.JWT_SECRET,
+      { expiresIn: '7d' }
+    );
+
+    res.status(201).json({
+      message: '注册成功',
+      token,
+      user: {
+        id: user._id,
+        username: user.username,
+        role: user.role
+      }
+    });
+  } catch (error) {
+    res.status(500).json({ message: '注册失败', error: error.message });
+  }
+});
+
+// 登录
+router.post('/login', async (req, res) => {
+  try {
+    const { username, password } = req.body;
+
+    const user = await User.findOne({ username });
+    if (!user) {
+      return res.status(401).json({ message: '用户名或密码错误' });
+    }
+
+    const isMatch = await user.comparePassword(password);
+    if (!isMatch) {
+      return res.status(401).json({ message: '用户名或密码错误' });
+    }
+
+    user.isOnline = true;
+    user.lastSeen = new Date();
+    await user.save();
+
+    const token = jwt.sign(
+      { userId: user._id, role: user.role },
+      process.env.JWT_SECRET,
+      { expiresIn: '7d' }
+    );
+
+    res.json({
+      message: '登录成功',
+      token,
+      user: {
+        id: user._id,
+        username: user.username,
+        role: user.role,
+        avatar: user.avatar
+      }
+    });
+  } catch (error) {
+    res.status(500).json({ message: '登录失败', error: error.message });
+  }
+});
+
+// 获取所有用户（仅管理员）
+router.get('/users', async (req, res) => {
+  try {
+    const token = req.headers.authorization?.split(' ')[1];
+    if (!token) {
+      return res.status(401).json({ message: '未授权' });
+    }
+
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    if (decoded.role !== 'admin') {
+      return res.status(403).json({ message: '权限不足' });
+    }
+
+    const users = await User.find({}).select('-password');
+    res.json({ users });
+  } catch (error) {
+    res.status(500).json({ message: '获取用户列表失败', error: error.message });
+  }
+});
+
+// 获取当前用户信息
+router.get('/me', async (req, res) => {
+  try {
+    const token = req.headers.authorization?.split(' ')[1];
+    if (!token) {
+      return res.status(401).json({ message: '未授权' });
+    }
+
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    const user = await User.findById(decoded.userId).select('-password');
+    
+    if (!user) {
+      return res.status(404).json({ message: '用户不存在' });
+    }
+
+    res.json({ user });
+  } catch (error) {
+    res.status(401).json({ message: '无效的令牌' });
+  }
+});
+
+export default router;
+

package/server/routes/documents.js

@@ -0,0 +1,254 @@
+import express from 'express';
+import Document from '../models/Document.js';
+import Group from '../models/Group.js';
+import { authenticate, isAdmin } from '../middleware/auth.js';
+import { logAuditAction } from '../utils/auditLogger.js';
+
+const router = express.Router();
+
+// 创建文档
+router.post('/', authenticate, async (req, res) => {
+  try {
+    const { title, content, groupId, permission } = req.body;
+    
+    const document = new Document({
+      title,
+      content,
+      group: groupId,
+      creator: req.user.userId,
+      permission: permission || 'editable'
+    });
+    
+    await document.save();
+    
+    // 更新群组的文档列表
+    await Group.findByIdAndUpdate(groupId, { $push: { documents: document._id } });
+
+    // 记录审计日志
+    await logAuditAction({
+      action: 'document_create',
+      userId: req.user.userId,
+      resourceType: 'document',
+      resourceId: document._id,
+      resourceTitle: document.title,
+      groupId: groupId,
+      description: `创建了文档 "${document.title}"`
+    }, req);
+
+    res.status(201).json({ message: '文档创建成功', document });
+  } catch (error) {
+    res.status(500).json({ message: '创建文档失败', error: error.message });
+  }
+});
+
+// 获取群组的所有文档
+router.get('/group/:groupId', authenticate, async (req, res) => {
+  try {
+    const documents = await Document.find({ group: req.params.groupId })
+      .populate('creator', 'username avatar')
+      .populate('editors.user', 'username avatar')
+      .sort({ updatedAt: -1 });
+    
+    res.json({ documents });
+  } catch (error) {
+    res.status(500).json({ message: '获取文档失败', error: error.message });
+  }
+});
+
+// 获取文档详情
+router.get('/:id', authenticate, async (req, res) => {
+  try {
+    const document = await Document.findById(req.params.id)
+      .populate('creator', 'username avatar')
+      .populate('editors.user', 'username avatar');
+    
+    if (!document) {
+      return res.status(404).json({ message: '文档不存在' });
+    }
+
+    res.json({ document });
+  } catch (error) {
+    res.status(500).json({ message: '获取文档详情失败', error: error.message });
+  }
+});
+
+// 更新文档内容
+router.patch('/:id', authenticate, async (req, res) => {
+  try {
+    const { content, title } = req.body;
+    const document = await Document.findById(req.params.id);
+    
+    if (!document) {
+      return res.status(404).json({ message: '文档不存在' });
+    }
+
+    if (document.permission === 'readonly') {
+      return res.status(403).json({ message: '文档为只读模式' });
+    }
+
+    const oldContent = document.content;
+    const oldTitle = document.title;
+    
+    // 保存版本历史
+    document.versions.push({
+      content: oldContent,
+      editor: req.user.userId,
+      timestamp: new Date()
+    });
+
+    // 更新内容
+    if (content !== undefined) {
+      document.content = content;
+    }
+    
+    // 更新标题
+    if (title !== undefined) {
+      document.title = title;
+    }
+    
+    // 更新编辑者列表
+    const editorIndex = document.editors.findIndex(
+      e => e.user.toString() === req.user.userId
+    );
+    
+    if (editorIndex === -1) {
+      document.editors.push({ user: req.user.userId, lastEdit: new Date() });
+    } else {
+      document.editors[editorIndex].lastEdit = new Date();
+    }
+    
+    await document.save();
+
+    // 记录审计日志
+    if (content !== undefined && content !== oldContent) {
+      await logAuditAction({
+        action: 'content_edit',
+        userId: req.user.userId,
+        resourceType: 'document',
+        resourceId: document._id,
+        resourceTitle: document.title,
+        groupId: document.group,
+        oldValue: oldContent,
+        newValue: content,
+        field: 'content',
+        description: `修改了文档 "${document.title}" 的内容`
+      }, req);
+    }
+    
+    if (title !== undefined && title !== oldTitle) {
+      await logAuditAction({
+        action: 'title_edit',
+        userId: req.user.userId,
+        resourceType: 'document',
+        resourceId: document._id,
+        resourceTitle: document.title,
+        groupId: document.group,
+        oldValue: oldTitle,
+        newValue: title,
+        field: 'title',
+        description: `将文档标题从 "${oldTitle}" 修改为 "${title}"`
+      }, req);
+    }
+
+    res.json({ message: '文档更新成功', document });
+  } catch (error) {
+    res.status(500).json({ message: '更新文档失败', error: error.message });
+  }
+});
+
+// 获取文档版本历史
+router.get('/:id/versions', authenticate, async (req, res) => {
+  try {
+    const document = await Document.findById(req.params.id)
+      .populate('versions.editor', 'username avatar');
+    
+    if (!document) {
+      return res.status(404).json({ message: '文档不存在' });
+    }
+
+    res.json({ versions: document.versions });
+  } catch (error) {
+    res.status(500).json({ message: '获取版本历史失败', error: error.message });
+  }
+});
+
+// 更新文档权限（仅管理员）
+router.patch('/:id/permission', authenticate, isAdmin, async (req, res) => {
+  try {
+    const { permission } = req.body;
+    const oldDocument = await Document.findById(req.params.id);
+    
+    if (!oldDocument) {
+      return res.status(404).json({ message: '文档不存在' });
+    }
+
+    const oldPermission = oldDocument.permission;
+    
+    const document = await Document.findByIdAndUpdate(
+      req.params.id,
+      { permission },
+      { new: true }
+    );
+
+    // 记录审计日志
+    await logAuditAction({
+      action: 'document_permission_change',
+      userId: req.user.userId,
+      resourceType: 'document',
+      resourceId: document._id,
+      resourceTitle: document.title,
+      groupId: document.group,
+      oldValue: oldPermission,
+      newValue: permission,
+      field: 'permission',
+      description: `将文档 "${document.title}" 的权限从 "${oldPermission === 'readonly' ? '只读' : '可编辑'}" 修改为 "${permission === 'readonly' ? '只读' : '可编辑'}"`
+    }, req);
+
+    res.json({ message: '权限更新成功', document });
+  } catch (error) {
+    res.status(500).json({ message: '更新权限失败', error: error.message });
+  }
+});
+
+// 删除文档（仅管理员）
+router.delete('/:id', authenticate, isAdmin, async (req, res) => {
+  try {
+    const document = await Document.findById(req.params.id);
+    
+    if (!document) {
+      return res.status(404).json({ message: '文档不存在' });
+    }
+
+    // 记录删除前的信息用于审计日志
+    const documentInfo = {
+      title: document.title,
+      group: document.group,
+      content: document.content
+    };
+
+    await Document.findByIdAndDelete(req.params.id);
+
+    // 从群组的文档列表中移除
+    await Group.findByIdAndUpdate(document.group, { $pull: { documents: document._id } });
+
+    // 记录审计日志
+    await logAuditAction({
+      action: 'document_delete',
+      userId: req.user.userId,
+      resourceType: 'document',
+      resourceId: document._id,
+      resourceTitle: documentInfo.title,
+      groupId: documentInfo.group,
+      oldValue: documentInfo.content,
+      description: `删除了文档 "${documentInfo.title}"`
+    }, req);
+
+    res.json({ message: '文档删除成功' });
+  } catch (error) {
+    res.status(500).json({ message: '删除文档失败', error: error.message });
+  }
+});
+
+export default router;
+
+

package/server/routes/files.js

@@ -0,0 +1,218 @@
+import express from 'express';
+import multer from 'multer';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import { dirname } from 'path';
+import fs from 'fs';
+import File from '../models/File.js';
+import Group from '../models/Group.js';
+import { authenticate } from '../middleware/auth.js';
+import { logAuditAction } from '../utils/auditLogger.js';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+const router = express.Router();
+
+// 确保上传目录存在
+const uploadsDir = path.join(__dirname, '../../uploads');
+if (!fs.existsSync(uploadsDir)) {
+  fs.mkdirSync(uploadsDir, { recursive: true });
+}
+
+// 配置 multer
+const storage = multer.diskStorage({
+  destination: (req, file, cb) => {
+    cb(null, uploadsDir);
+  },
+  filename: (req, file, cb) => {
+    const uniqueSuffix = Date.now() + '-' + Math.round(Math.random() * 1E9);
+    cb(null, uniqueSuffix + path.extname(file.originalname));
+  }
+});
+
+// 文件类型过滤
+const fileFilter = (req, file, cb) => {
+  const allowedTypes = [
+    'image/jpeg', 'image/png', 'image/gif', 'image/webp',
+    'application/pdf',
+    'application/msword',
+    'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+    'application/vnd.ms-excel',
+    'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+    'text/plain',
+    'application/zip',
+    'application/x-zip-compressed'
+  ];
+  
+  if (allowedTypes.includes(file.mimetype)) {
+    cb(null, true);
+  } else {
+    cb(new Error('不支持的文件类型'), false);
+  }
+};
+
+const upload = multer({
+  storage: storage,
+  limits: {
+    fileSize: 10 * 1024 * 1024 // 10MB
+  },
+  fileFilter: fileFilter
+});
+
+// 上传文件
+router.post('/upload', authenticate, upload.single('file'), async (req, res) => {
+  try {
+    if (!req.file) {
+      return res.status(400).json({ message: '请选择要上传的文件' });
+    }
+
+    const { groupId, description } = req.body;
+
+    if (!groupId) {
+      // 删除已上传的文件
+      fs.unlinkSync(req.file.path);
+      return res.status(400).json({ message: '请指定群组' });
+    }
+
+    // 检查用户是否在群组中
+    const group = await Group.findById(groupId);
+    if (!group) {
+      fs.unlinkSync(req.file.path);
+      return res.status(404).json({ message: '群组不存在' });
+    }
+
+    const file = new File({
+      filename: req.file.filename,
+      originalName: req.file.originalname,
+      path: req.file.path,
+      mimetype: req.file.mimetype,
+      size: req.file.size,
+      group: groupId,
+      uploader: req.user.userId,
+      description: description || ''
+    });
+
+    await file.save();
+
+    // 更新群组的文件列表
+    await Group.findByIdAndUpdate(groupId, { $push: { files: file._id } });
+
+    // 记录审计日志
+    await logAuditAction({
+      action: 'file_upload',
+      userId: req.user.userId,
+      resourceType: 'file',
+      resourceId: file._id,
+      resourceTitle: file.originalName,
+      groupId: groupId,
+      description: `上传了文件 "${file.originalName}"`
+    }, req);
+
+    res.status(201).json({ message: '文件上传成功', file });
+  } catch (error) {
+    if (req.file) {
+      fs.unlinkSync(req.file.path);
+    }
+    res.status(500).json({ message: '文件上传失败', error: error.message });
+  }
+});
+
+// 获取群组文件列表
+router.get('/group/:groupId', authenticate, async (req, res) => {
+  try {
+    const files = await File.find({ group: req.params.groupId })
+      .populate('uploader', 'username avatar')
+      .sort({ createdAt: -1 });
+    
+    res.json({ files });
+  } catch (error) {
+    res.status(500).json({ message: '获取文件列表失败', error: error.message });
+  }
+});
+
+// 下载文件
+router.get('/:id/download', authenticate, async (req, res) => {
+  try {
+    const file = await File.findById(req.params.id);
+    
+    if (!file) {
+      return res.status(404).json({ message: '文件不存在' });
+    }
+
+    // 检查文件是否存在
+    if (!fs.existsSync(file.path)) {
+      return res.status(404).json({ message: '文件已被删除' });
+    }
+
+    res.download(file.path, file.originalName, (err) => {
+      if (err) {
+        console.error('文件下载错误:', err);
+        res.status(500).json({ message: '文件下载失败' });
+      }
+    });
+  } catch (error) {
+    res.status(500).json({ message: '文件下载失败', error: error.message });
+  }
+});
+
+// 删除文件
+router.delete('/:id', authenticate, async (req, res) => {
+  try {
+    const file = await File.findById(req.params.id);
+    
+    if (!file) {
+      return res.status(404).json({ message: '文件不存在' });
+    }
+
+    // 检查权限：只有上传者或管理员可以删除
+    if (file.uploader.toString() !== req.user.userId && req.user.role !== 'admin') {
+      return res.status(403).json({ message: '无权删除此文件' });
+    }
+
+    // 删除物理文件
+    if (fs.existsSync(file.path)) {
+      fs.unlinkSync(file.path);
+    }
+
+    // 从群组中移除文件引用
+    await Group.findByIdAndUpdate(file.group, { $pull: { files: file._id } });
+
+    // 删除数据库记录
+    await File.findByIdAndDelete(req.params.id);
+
+    // 记录审计日志
+    await logAuditAction({
+      action: 'file_delete',
+      userId: req.user.userId,
+      resourceType: 'file',
+      resourceId: file._id,
+      resourceTitle: file.originalName,
+      groupId: file.group,
+      description: `删除了文件 "${file.originalName}"`
+    }, req);
+
+    res.json({ message: '文件删除成功' });
+  } catch (error) {
+    res.status(500).json({ message: '删除文件失败', error: error.message });
+  }
+});
+
+// 获取文件信息
+router.get('/:id', authenticate, async (req, res) => {
+  try {
+    const file = await File.findById(req.params.id)
+      .populate('uploader', 'username avatar');
+    
+    if (!file) {
+      return res.status(404).json({ message: '文件不存在' });
+    }
+
+    res.json({ file });
+  } catch (error) {
+    res.status(500).json({ message: '获取文件信息失败', error: error.message });
+  }
+});
+
+export default router;
+