collabdocchat 1.2.12 → 2.0.0

package/server/routes/audit.js

@@ -1,210 +1,245 @@
-import express from 'express';
-import { authenticate, isAdmin } from '../middleware/auth.js';
-import { 
-  queryAuditLogs, 
-  getUserActivityStats, 
-  getDocumentEditHistory 
-} from '../utils/auditLogger.js';
-
-const router = express.Router();
-
-// 获取审计日志列表（仅管理员）
-router.get('/', authenticate, isAdmin, async (req, res) => {
-  try {
-    const {
-      page = 1,
-      limit = 50,
-      userId,
-      resourceId,
-      resourceType,
-      action,
-      groupId,
-      startDate,
-      endDate,
-      sortBy = 'createdAt',
-      sortOrder = -1
-    } = req.query;
-
-    const filters = {};
-    if (userId) filters.userId = userId;
-    if (resourceId) filters.resourceId = resourceId;
-    if (resourceType) filters.resourceType = resourceType;
-    if (action) filters.action = action;
-    if (groupId) filters.groupId = groupId;
-    if (startDate) filters.startDate = startDate;
-    if (endDate) filters.endDate = endDate;
-
-    const options = {
-      page: parseInt(page),
-      limit: parseInt(limit),
-      sortBy,
-      sortOrder: parseInt(sortOrder)
-    };
-
-    const result = await queryAuditLogs(filters, options);
-    
-    res.json({
-      message: '获取审计日志成功',
-      ...result
-    });
-  } catch (error) {
-    console.error('获取审计日志失败:', error);
-    res.status(500).json({ 
-      message: '获取审计日志失败', 
-      error: error.message 
-    });
-  }
-});
-
-// 获取特定用户的活动统计（仅管理员）
-router.get('/user-stats/:userId', authenticate, isAdmin, async (req, res) => {
-  try {
-    const { userId } = req.params;
-    const { startDate, endDate } = req.query;
-    
-    const timeRange = {};
-    if (startDate) timeRange.startDate = startDate;
-    if (endDate) timeRange.endDate = endDate;
-    
-    const stats = await getUserActivityStats(userId, timeRange);
-    
-    res.json({
-      message: '获取用户活动统计成功',
-      stats
-    });
-  } catch (error) {
-    console.error('获取用户活动统计失败:', error);
-    res.status(500).json({ 
-      message: '获取用户活动统计失败', 
-      error: error.message 
-    });
-  }
-});
-
-// 获取文档编辑历史（仅管理员）
-router.get('/document-history/:documentId', authenticate, isAdmin, async (req, res) => {
-  try {
-    const { documentId } = req.params;
-    const { limit = 20 } = req.query;
-    
-    const history = await getDocumentEditHistory(documentId, parseInt(limit));
-    
-    res.json({
-      message: '获取文档编辑历史成功',
-      history
-    });
-  } catch (error) {
-    console.error('获取文档编辑历史失败:', error);
-    res.status(500).json({ 
-      message: '获取文档编辑历史失败', 
-      error: error.message 
-    });
-  }
-});
-
-// 获取群组活动日志（仅管理员）
-router.get('/group/:groupId', authenticate, isAdmin, async (req, res) => {
-  try {
-    const { groupId } = req.params;
-    const {
-      page = 1,
-      limit = 50,
-      action,
-      userId,
-      startDate,
-      endDate
-    } = req.query;
-
-    const filters = { groupId };
-    if (action) filters.action = action;
-    if (userId) filters.userId = userId;
-    if (startDate) filters.startDate = startDate;
-    if (endDate) filters.endDate = endDate;
-
-    const options = {
-      page: parseInt(page),
-      limit: parseInt(limit),
-      sortBy: 'createdAt',
-      sortOrder: -1
-    };
-
-    const result = await queryAuditLogs(filters, options);
-    
-    res.json({
-      message: '获取群组活动日志成功',
-      ...result
-    });
-  } catch (error) {
-    console.error('获取群组活动日志失败:', error);
-    res.status(500).json({ 
-      message: '获取群组活动日志失败', 
-      error: error.message 
-    });
-  }
-});
-
-// 获取审计日志统计信息（仅管理员）
-router.get('/stats/summary', authenticate, isAdmin, async (req, res) => {
-  try {
-    const { startDate, endDate, groupId } = req.query;
-    
-    const filters = {};
-    if (groupId) filters.groupId = groupId;
-    if (startDate || endDate) {
-      filters.startDate = startDate;
-      filters.endDate = endDate;
-    }
-
-    // 获取总体统计
-    const result = await queryAuditLogs(filters, { limit: 1 });
-    const totalLogs = result.pagination.total;
-
-    // 获取按操作类型统计
-    const actionStats = await queryAuditLogs(filters, { limit: totalLogs });
-    const actionBreakdown = {};
-    
-    actionStats.logs.forEach(log => {
-      actionBreakdown[log.action] = (actionBreakdown[log.action] || 0) + 1;
-    });
-
-    // 获取最活跃用户
-    const userActivity = {};
-    actionStats.logs.forEach(log => {
-      const userId = log.user._id.toString();
-      if (!userActivity[userId]) {
-        userActivity[userId] = {
-          user: log.user,
-          count: 0
-        };
-      }
-      userActivity[userId].count++;
-    });
-
-    const topUsers = Object.values(userActivity)
-      .sort((a, b) => b.count - a.count)
-      .slice(0, 10);
-
-    res.json({
-      message: '获取统计信息成功',
-      summary: {
-        totalLogs,
-        actionBreakdown,
-        topUsers,
-        timeRange: { startDate, endDate }
-      }
-    });
-  } catch (error) {
-    console.error('获取统计信息失败:', error);
-    res.status(500).json({ 
-      message: '获取统计信息失败', 
-      error: error.message 
-    });
-  }
-});
-
-export default router;
-
-
-
-
-
+import express from 'express';
+import { authenticate, isAdmin } from '../middleware/auth.js';
+import { 
+  queryAuditLogs, 
+  getUserActivityStats, 
+  getDocumentEditHistory 
+} from '../utils/auditLogger.js';
+import AuditLog from '../models/AuditLog.js';
+
+const router = express.Router();
+
+// 注意：路由顺序很重要！具体路由必须在通用路由之前
+
+// 获取审计日志统计信息（仅管理员）
+router.get('/stats/summary', authenticate, isAdmin, async (req, res) => {
+  try {
+    const { startDate, endDate, groupId } = req.query;
+    
+    const filters = {};
+    if (groupId) filters.groupId = groupId;
+    if (startDate || endDate) {
+      filters.startDate = startDate;
+      filters.endDate = endDate;
+    }
+
+    // 获取总体统计
+    const result = await queryAuditLogs(filters, { limit: 1 });
+    const totalLogs = result.pagination.total;
+
+    // 获取按操作类型统计
+    const actionStats = await queryAuditLogs(filters, { limit: totalLogs });
+    const actionBreakdown = {};
+    
+    actionStats.logs.forEach(log => {
+      actionBreakdown[log.action] = (actionBreakdown[log.action] || 0) + 1;
+    });
+
+    // 获取最活跃用户
+    const userActivity = {};
+    actionStats.logs.forEach(log => {
+      const userId = log.user._id.toString();
+      if (!userActivity[userId]) {
+        userActivity[userId] = {
+          user: log.user,
+          count: 0
+        };
+      }
+      userActivity[userId].count++;
+    });
+
+    const topUsers = Object.values(userActivity)
+      .sort((a, b) => b.count - a.count)
+      .slice(0, 10);
+
+    res.json({
+      message: '获取统计信息成功',
+      summary: {
+        totalLogs,
+        actionBreakdown,
+        topUsers,
+        timeRange: { startDate, endDate }
+      }
+    });
+  } catch (error) {
+    console.error('获取统计信息失败:', error);
+    res.status(500).json({ 
+      message: '获取统计信息失败', 
+      error: error.message 
+    });
+  }
+});
+
+// 获取特定用户的活动统计（仅管理员）
+router.get('/user-stats/:userId', authenticate, isAdmin, async (req, res) => {
+  try {
+    const { userId } = req.params;
+    const { startDate, endDate } = req.query;
+    
+    const timeRange = {};
+    if (startDate) timeRange.startDate = startDate;
+    if (endDate) timeRange.endDate = endDate;
+    
+    const stats = await getUserActivityStats(userId, timeRange);
+    
+    res.json({
+      message: '获取用户活动统计成功',
+      stats
+    });
+  } catch (error) {
+    console.error('获取用户活动统计失败:', error);
+    res.status(500).json({ 
+      message: '获取用户活动统计失败', 
+      error: error.message 
+    });
+  }
+});
+
+// 获取文档编辑历史（仅管理员）
+router.get('/document-history/:documentId', authenticate, isAdmin, async (req, res) => {
+  try {
+    const { documentId } = req.params;
+    const { limit = 20 } = req.query;
+    
+    const history = await getDocumentEditHistory(documentId, parseInt(limit));
+    
+    res.json({
+      message: '获取文档编辑历史成功',
+      history
+    });
+  } catch (error) {
+    console.error('获取文档编辑历史失败:', error);
+    res.status(500).json({ 
+      message: '获取文档编辑历史失败', 
+      error: error.message 
+    });
+  }
+});
+
+// 获取群组活动日志（仅管理员）
+router.get('/group/:groupId', authenticate, isAdmin, async (req, res) => {
+  try {
+    const { groupId } = req.params;
+    const {
+      page = 1,
+      limit = 50,
+      action,
+      userId,
+      startDate,
+      endDate
+    } = req.query;
+
+    const filters = { groupId };
+    if (action) filters.action = action;
+    if (userId) filters.userId = userId;
+    if (startDate) filters.startDate = startDate;
+    if (endDate) filters.endDate = endDate;
+
+    const options = {
+      page: parseInt(page),
+      limit: parseInt(limit),
+      sortBy: 'createdAt',
+      sortOrder: -1
+    };
+
+    const result = await queryAuditLogs(filters, options);
+    
+    res.json({
+      message: '获取群组活动日志成功',
+      ...result
+    });
+  } catch (error) {
+    console.error('获取群组活动日志失败:', error);
+    res.status(500).json({ 
+      message: '获取群组活动日志失败', 
+      error: error.message 
+    });
+  }
+});
+
+// 获取单个审计日志详情（仅管理员）- 必须在 / 之前
+router.get('/:logId', authenticate, isAdmin, async (req, res) => {
+  try {
+    const { logId } = req.params;
+    
+    // 验证 ObjectId 格式
+    if (!logId.match(/^[0-9a-fA-F]{24}$/)) {
+      return res.status(400).json({ message: '无效的日志ID格式' });
+    }
+    
+    const log = await AuditLog.findById(logId)
+      .populate('user', 'username email role')
+      .populate('metadata.groupId', 'name description')
+      .lean();
+    
+    if (!log) {
+      return res.status(404).json({ message: '审计日志不存在' });
+    }
+    
+    res.json({
+      message: '获取审计日志详情成功',
+      log
+    });
+  } catch (error) {
+    console.error('获取审计日志详情失败:', error);
+    res.status(500).json({ 
+      message: '获取审计日志详情失败', 
+      error: error.message 
+    });
+  }
+});
+
+// 获取审计日志列表（仅管理员）- 必须在最后
+router.get('/', authenticate, isAdmin, async (req, res) => {
+  try {
+    const {
+      page = 1,
+      limit = 50,
+      userId,
+      resourceId,
+      resourceType,
+      action,
+      groupId,
+      startDate,
+      endDate,
+      sortBy = 'createdAt',
+      sortOrder = -1
+    } = req.query;
+
+    const filters = {};
+    if (userId) filters.userId = userId;
+    if (resourceId) filters.resourceId = resourceId;
+    if (resourceType) filters.resourceType = resourceType;
+    if (action) filters.action = action;
+    if (groupId) filters.groupId = groupId;
+    if (startDate) filters.startDate = startDate;
+    if (endDate) filters.endDate = endDate;
+
+    const options = {
+      page: parseInt(page),
+      limit: parseInt(limit),
+      sortBy,
+      sortOrder: parseInt(sortOrder)
+    };
+
+    const result = await queryAuditLogs(filters, options);
+    
+    res.json({
+      message: '获取审计日志成功',
+      ...result
+    });
+  } catch (error) {
+    console.error('获取审计日志失败:', error);
+    res.status(500).json({ 
+      message: '获取审计日志失败', 
+      error: error.message 
+    });
+  }
+});
+
+export default router;
+
+
+
+
+

package/server/routes/backup.js

@@ -0,0 +1,108 @@
+import express from 'express';
+import backupService from '../utils/backup.js';
+import { authenticate, isAdmin } from '../middleware/auth.js';
+import { asyncHandler, ValidationError } from '../middleware/errorHandler.js';
+
+const router = express.Router();
+
+// 创建备份（仅管理员）
+router.post('/create', authenticate, isAdmin, asyncHandler(async (req, res) => {
+  const { description } = req.body;
+
+  const result = await backupService.createBackup('manual', description || '');
+
+  res.json({
+    success: true,
+    message: '备份创建成功',
+    data: result
+  });
+}));
+
+// 获取备份列表（仅管理员）
+router.get('/list', authenticate, isAdmin, asyncHandler(async (req, res) => {
+  const backups = backupService.getBackupList();
+
+  res.json({
+    success: true,
+    data: {
+      backups: backups.map(b => ({
+        name: b.name,
+        filename: b.filename,
+        size: backupService.formatSize(b.size),
+        sizeBytes: b.size,
+        createdAt: b.createdAt
+      })),
+      total: backups.length
+    }
+  });
+}));
+
+// 恢复备份（仅管理员）
+router.post('/restore/:backupName', authenticate, isAdmin, asyncHandler(async (req, res) => {
+  const { backupName } = req.params;
+
+  if (!backupName) {
+    throw new ValidationError('备份名称不能为空');
+  }
+
+  const result = await backupService.restoreBackup(backupName);
+
+  res.json({
+    success: true,
+    message: '备份恢复成功',
+    data: result
+  });
+}));
+
+// 删除备份（仅管理员）
+router.delete('/:backupName', authenticate, isAdmin, asyncHandler(async (req, res) => {
+  const { backupName } = req.params;
+
+  if (!backupName) {
+    throw new ValidationError('备份名称不能为空');
+  }
+
+  const result = backupService.deleteBackup(backupName);
+
+  res.json({
+    success: true,
+    message: '备份删除成功',
+    data: result
+  });
+}));
+
+// 下载备份文件（仅管理员）
+router.get('/download/:backupName', authenticate, isAdmin, asyncHandler(async (req, res) => {
+  const { backupName } = req.params;
+  const backups = backupService.getBackupList();
+  const backup = backups.find(b => b.name === backupName);
+
+  if (!backup) {
+    throw new ValidationError('备份文件不存在');
+  }
+
+  res.download(backup.path, backup.filename);
+}));
+
+// 获取备份统计信息（仅管理员）
+router.get('/stats', authenticate, isAdmin, asyncHandler(async (req, res) => {
+  const backups = backupService.getBackupList();
+  const totalSize = backups.reduce((sum, b) => sum + b.size, 0);
+
+  const stats = {
+    totalBackups: backups.length,
+    totalSize: backupService.formatSize(totalSize),
+    totalSizeBytes: totalSize,
+    oldestBackup: backups.length > 0 ? backups[backups.length - 1].createdAt : null,
+    newestBackup: backups.length > 0 ? backups[0].createdAt : null,
+    maxBackups: backupService.maxBackups
+  };
+
+  res.json({
+    success: true,
+    data: stats
+  });
+}));
+
+export default router;
+