hikvision-server 1.0.0

package/src/index.ts

@@ -0,0 +1,1100 @@
+/**
+ * Hikvision Manager - Express API Server
+ * 
+ * 提供 HTTP API 接口，前端通过 Ajax 调用
+ * 内部调用 services 层与海康平台通信
+ */
+
+import express from 'express';
+import cors from 'cors';
+import dotenv from 'dotenv';
+import * as fs from 'fs';
+import * as path from 'path';
+import { fileURLToPath } from 'url';
+import { createHikvisionClient } from 'hikvision-core-node';
+import { HikvisionConfig } from 'hikvision-api-lib';
+
+dotenv.config();
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const app = express();
+
+// 配置优先级：环境变量 > config.json > 默认值
+function resolveValue(envKey: string, configValue?: string, defaultValue?: string): string {
+  // 1. 环境变量优先
+  if (process.env[envKey]) {
+    return process.env[envKey]!;
+  }
+  // 2. config.json 配置（支持环境变量引用）
+  if (configValue) {
+    // 支持 ${ENV_VAR} 语法引用环境变量
+    return configValue.replace(/\$\{([^}]+)\}/g, (_, envVar) => process.env[envVar] || '');
+  }
+  // 3. 默认值
+  return defaultValue || '';
+}
+
+// 加载 config.json
+const configPath = path.resolve(__dirname, '../config.json');
+let configData: any = {};
+if (fs.existsSync(configPath)) {
+  try {
+    configData = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+  } catch (e) {
+    console.warn('⚠️ 配置文件加载失败:', e);
+  }
+}
+
+// API Server 端口
+const PORT = parseInt(
+  process.env.API_SERVER_PORT || 
+  configData?.apiServer?.port?.toString() || 
+  '3000'
+);
+
+// Manager 服务地址（用于重启时转发）
+const MANAGER_URL = process.env.MANAGER_URL || 'http://localhost:3031';
+
+// 中间件 - 添加安全配置
+app.use(cors({
+  origin: process.env.CORS_ORIGIN?.split(',') || ['http://localhost:3030'],
+  credentials: true,
+}));
+app.use(express.json({ limit: '1mb' })); // 防止请求体过大攻击
+
+// API Key 认证
+const API_KEY = process.env.API_SERVER_API_KEY || configData?.auth?.apiKey || '';
+
+// 时序安全的密钥比较
+function safeCompare(a: string, b: string): boolean {
+  if (a.length !== b.length) return false;
+  try {
+    const crypto = require('crypto');
+    return crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b));
+  } catch {
+    let result = 0;
+    for (let i = 0; i < a.length; i++) {
+      result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    }
+    return result === 0;
+  }
+}
+
+// 公开路由（不需要认证）
+const PUBLIC_ROUTES = ['/api/health', '/api/config', '/api/config/test', '/api/service/status'];
+
+
+// 认证中间件
+function authMiddleware(req: any, res: any, next: any) {
+  if (PUBLIC_ROUTES.some(r => req.path.startsWith(r))) {
+    return next();
+  }
+  
+  if (!API_KEY) {
+    if (process.env.NODE_ENV === 'production') {
+      return res.status(503).json({ success: false, message: '服务配置不完整：API_SERVER_API_KEY 未设置' });
+    }
+    return next();
+  }
+
+  const apiKey = req.headers['x-api-key'];
+  if (!apiKey) {
+    return res.status(401).json({ success: false, message: '未授权：缺少 API Key，请从系统设置获取' });
+  }
+  if (!safeCompare(apiKey, API_KEY)) {
+    return res.status(401).json({ success: false, message: '未授权：无效的 API Key' });
+  }
+  next();
+}
+app.use(authMiddleware);
+
+// 海康平台配置
+const config: HikvisionConfig = {
+  host: resolveValue('HIK_HOST', configData?.hikvision?.host, '127.0.0.1:18443'),
+  appKey: resolveValue('HIK_APP_KEY', configData?.hikvision?.appKey, ''),
+  appSecret: resolveValue('HIK_APP_SECRET', configData?.hikvision?.appSecret, ''),
+};
+
+// 创建客户端
+const hikClient = createHikvisionClient(config);
+
+// 错误响应脱敏：生产环境不返回内部错误信息
+function safeErrorResponse(res: any, error: any, statusCode = 500) {
+  console.error('[API Error]', error.message);
+  if (process.env.NODE_ENV === 'production') {
+    res.status(statusCode).json({ success: false, message: '服务器内部错误' });
+  } else {
+    res.status(statusCode).json({ success: false, message: error.message });
+  }
+}
+
+// ========== 人员 API ==========
+
+/**
+ * 查询人员列表
+ */
+app.get('/api/persons', async (req, res) => {
+  try {
+    const pageNo = parseInt(req.query.pageNo as string) || 1;
+    const pageSize = parseInt(req.query.pageSize as string) || 20;
+    const orgIndexCode = req.query.orgIndexCode as string || undefined;
+    const personName = req.query.personName as string || undefined;
+    
+    const result = await hikClient.personService.list({ pageNo, pageSize, orgIndexCode, personName });
+    res.json({ success: true, data: result });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 按姓名查询人员
+ */
+app.get('/api/persons/search', async (req, res) => {
+  try {
+    const personName = req.query.name as string;
+    if (!personName) {
+      res.status(400).json({ success: false, message: '缺少 name 参数' });
+      return;
+    }
+    
+    const result = await hikClient.personService.list({ personName, pageNo: 1, pageSize: 50 });
+    res.json({ success: true, data: result });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 获取人员关联信息（卡片+车辆）
+ */
+app.get('/api/persons/:personId/bindings', async (req, res) => {
+  try {
+    const { personId } = req.params;
+    if (!personId) {
+      res.status(400).json({ success: false, message: '缺少 personId' });
+      return;
+    }
+    
+    // Fetch all cards (pageSize 100 should cover most cases)
+    const cardResult = await hikClient.cardService.list({ pageNo: 1, pageSize: 100 });
+    const cards = (cardResult.list || [])
+      .filter((c: any) => c.personId === personId)
+      .map((c: any) => ({
+        cardNo: c.cardNo,
+        cardType: c.cardType,
+        useStatus: c.useStatus,
+      }));
+    
+    // Fetch all vehicles for this person
+    const vehicleResult = await hikClient.vehicleService.list({ pageNo: 1, pageSize: 100, personId });
+    const vehicleList = vehicleResult.list || [];
+    // Fetch all groups once, then match
+    let groupMap: Record<string, string> = {};
+    try {
+      const groups = await hikClient.vehicleService.listGroups();
+      groupMap = Object.fromEntries(groups.map((g: any) => [g.groupId, g.groupName]));
+    } catch { /* ignore */ }
+    const vehicles = vehicleList.map((v: any) => ({
+      vehicleId: v.vehicleId,
+      plateNo: v.plateNo,
+      vehicleType: v.vehicleType,
+      groupId: v.vehicleGroup || v.categoryCode || v.groupId || '',
+      groupName: v.vehicleGroupName || v.categoryName || v.groupName || groupMap[v.vehicleGroup || v.groupId || ''] || '',
+    }));
+
+
+    res.json({ success: true, data: { cards, vehicles } });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 获取人员详情
+ */
+app.get('/api/persons/:personId', async (req, res) => {
+  try {
+    const person = await hikClient.personService.getById(req.params.personId);
+    res.json({ success: true, data: person });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 添加人员
+ */
+app.post('/api/persons', async (req, res) => {
+  try {
+    // 移除 DEBUG 日志，防止敏感信息泄露
+    const person = await hikClient.personService.create(req.body);
+    res.json({ success: true, data: person });
+  } catch (error: any) {
+    console.error('[API Error] POST /api/persons:', error.message);
+    res.status(500).json({ success: false, message: '服务器内部错误' });
+  }
+});
+
+/**
+ * 更新人员
+ */
+app.put('/api/persons/:personId', async (req, res) => {
+  try {
+    await hikClient.personService.update(req.params.personId, req.body);
+    res.json({ success: true, message: '更新成功' });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 删除人员
+ */
+app.delete('/api/persons/:personId', async (req, res) => {
+  try {
+    await hikClient.personService.delete(req.params.personId);
+    res.json({ success: true, message: '删除成功' });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 批量删除人员
+ */
+app.post('/api/persons/batch-delete', async (req, res) => {
+  try {
+    const { personIds } = req.body;
+    if (!personIds || !Array.isArray(personIds)) {
+      res.status(400).json({ success: false, message: '缺少 personIds 参数' });
+      return;
+    }
+    await hikClient.personService.batchDelete(personIds);
+    res.json({ success: true, message: `成功删除 ${personIds.length} 名人员` });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+// ========== 卡片 API ==========
+
+/**
+ * 查询卡片列表
+ */
+app.get('/api/cards', async (req, res) => {
+  try {
+    const pageNo = parseInt(req.query.pageNo as string) || 1;
+    const pageSize = parseInt(req.query.pageSize as string) || 20;
+    
+    const result = await hikClient.cardService.list({ pageNo, pageSize });
+    res.json({ success: true, data: result });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 开卡
+ */
+app.post('/api/cards/issue', async (req, res) => {
+  try {
+    const result = await hikClient.cardService.batchIssue(req.body);
+    res.json({ success: true, data: result });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 退卡
+ */
+app.post('/api/cards/unbind', async (req, res) => {
+  try {
+    const { cardNo, personId } = req.body;
+    await hikClient.cardService.unbind(cardNo, personId);
+    res.json({ success: true, message: '退卡成功' });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+// ========== 车辆 API ==========
+
+/**
+ * 查询车辆列表
+ */
+app.get('/api/vehicles', async (req, res) => {
+  try {
+    const pageNo = parseInt(req.query.pageNo as string) || 1;
+    const pageSize = parseInt(req.query.pageSize as string) || 20;
+    const plateNo = req.query.plateNo as string || '';
+    const personName = req.query.personName as string || '';
+    
+    const result = await hikClient.vehicleService.list({
+      pageNo,
+      pageSize,
+      plateNo: plateNo || undefined,
+      personName: personName || undefined,
+    });
+    
+    // Fetch all groups once, then match
+    let groupMap: Record<string, string> = {};
+    try {
+      const groups = await hikClient.vehicleService.listGroups();
+      groupMap = Object.fromEntries(groups.map((g: any) => [g.groupId, g.groupName]));
+    } catch { /* ignore */ }
+    
+    // Enrich with groupName
+    if (result.list) {
+      result.list = result.list.map((v: any) => ({
+        ...v,
+        groupId: v.vehicleGroup || v.categoryCode || v.groupId || '',
+        groupName: v.vehicleGroupName || v.categoryName || v.groupName || groupMap[v.vehicleGroup || v.groupId || ''] || '',
+      }));
+    }
+    
+    res.json({ success: true, data: result });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 获取车辆详情（含分组）
+ */
+app.get('/api/vehicles/:vehicleId', async (req, res) => {
+  try {
+    // Use list API with vehicleId filter (more reliable than getById which may return wrong data)
+    const result = await hikClient.vehicleService.list({
+      pageNo: 1,
+      pageSize: 500,
+      plateNo: undefined,
+      personName: undefined,
+    });
+    
+    const vehicle = (result.list || []).find((v: any) => v.vehicleId === req.params.vehicleId);
+    if (!vehicle) {
+      return res.status(404).json({ success: false, message: '车辆不存在' });
+    }
+    
+    // Enrich with groupName
+    let groupName = '';
+    if (vehicle.vehicleGroup) {
+      try {
+        const groups = await hikClient.vehicleService.listGroups();
+        const groupMap = Object.fromEntries(groups.map((g: any) => [g.groupId, g.groupName]));
+        groupName = groupMap[vehicle.vehicleGroup] || '';
+      } catch { /* ignore */ }
+    }
+    
+    res.json({ success: true, data: { ...vehicle, groupName } });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 添加车辆
+ */
+app.post('/api/vehicles', async (req, res) => {
+  try {
+    const vehicle = await hikClient.vehicleService.saveOrUpdate(req.body);
+    res.json({ success: true, data: vehicle });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 更新车辆
+ */
+app.put('/api/vehicles/:vehicleId', async (req, res) => {
+  try {
+    await hikClient.vehicleService.update(req.params.vehicleId, req.body);
+    res.json({ success: true, message: '更新成功' });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 删除车辆
+ */
+app.delete('/api/vehicles/:vehicleId', async (req, res) => {
+  try {
+    await hikClient.vehicleService.delete(req.params.vehicleId);
+    res.json({ success: true, message: '删除成功' });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+// ========== 组织 API ==========
+
+/**
+ * 获取组织列表
+ */
+app.get('/api/orgs', async (req, res) => {
+  try {
+    const result = await hikClient.personService.getOrganizations();
+    res.json({ success: true, data: result });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 获取组织详情
+ */
+app.get('/api/orgs/:orgIndexCode', async (req, res) => {
+  try {
+    const org = await hikClient.personService.getOrganization(req.params.orgIndexCode);
+    res.json({ success: true, data: org });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 获取根组织
+ */
+app.get('/api/orgs/root', async (req, res) => {
+  try {
+    const root = await hikClient.personService.getRootOrg();
+    res.json({ success: true, data: root });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 获取下级组织
+ */
+app.get('/api/orgs/:orgIndexCode/children', async (req, res) => {
+  try {
+    const children = await hikClient.personService.getChildOrgs(req.params.orgIndexCode);
+    res.json({ success: true, data: children });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 添加组织（批量）
+ */
+app.post('/api/orgs', async (req, res) => {
+  try {
+    const result = await hikClient.personService.batchAddOrgs(req.body);
+    res.json({ success: true, data: result });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 更新组织
+ */
+app.put('/api/orgs/:orgIndexCode', async (req, res) => {
+  try {
+    await hikClient.personService.updateOrg(req.params.orgIndexCode, req.body);
+    res.json({ success: true, message: '更新成功' });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 删除组织（批量）
+ */
+app.delete('/api/orgs', async (req, res) => {
+  try {
+    const orgIndexCodes = req.body.orgIndexCodes || [];
+    const result = await hikClient.personService.batchDeleteOrgs(orgIndexCodes);
+    res.json({ success: true, data: result });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 增量同步组织
+ */
+app.post('/api/orgs/sync', async (req, res) => {
+  try {
+    const { startTime, endTime } = req.body;
+    const result = await hikClient.personService.syncOrgsIncrement(startTime, endTime);
+    res.json({ success: true, data: result });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+// ========== 配置管理 API ==========
+
+/**
+ * 获取当前配置
+ */
+app.get('/api/config', (_req, res) => {
+  try {
+    const configPath = path.resolve(__dirname, '../config.json');
+    let configData: any = {};
+    if (fs.existsSync(configPath)) {
+      configData = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+    }
+    
+    // 脱敏显示：前2位 + **** + 后2位
+function maskSecret(value: string): string {
+  if (!value) return '';
+  if (value.length <= 4) return '****';
+  return value.slice(0, 2) + '****' + value.slice(-2);
+}
+
+// 返回实际生效的配置（环境变量优先）
+    // 注意：前端显示的从 fileConfig 读取，敏感信息脱敏
+    res.json({
+      success: true,
+      data: {
+        configPath,
+        // 返回实际配置值（前端会正确处理只保存修改的字段）
+        fileConfig: configData,
+        // 脱敏信息单独提供，用于日志和调试
+        maskedConfig: {
+          ...configData,
+          hikvision: configData?.hikvision ? {
+            ...configData.hikvision,
+            appKey: configData.hikvision.appKey ? maskSecret(configData.hikvision.appKey) : '',
+            appSecret: configData.hikvision.appSecret ? maskSecret(configData.hikvision.appSecret) : '',
+          } : undefined,
+        },
+        effectiveConfig: {
+          apiServer: {
+            port: parseInt(
+              process.env.API_SERVER_PORT || 
+              configData?.apiServer?.port?.toString() || 
+              '3000'
+            )
+          },
+          web: {
+            port: parseInt(
+              process.env.WEB_PORT || 
+              configData?.web?.port?.toString() || 
+              '3030'
+            )
+          },
+          hikvision: {
+            host: resolveValue('HIK_HOST', configData?.hikvision?.host, '127.0.0.1:18443'),
+            appKey: resolveValue('HIK_APP_KEY', configData?.hikvision?.appKey, '') ? '***' : '',
+            appSecret: resolveValue('HIK_APP_SECRET', configData?.hikvision?.appSecret, '') ? '***' : '',
+          }
+        },
+        envOverrides: {
+          API_SERVER_PORT: process.env.API_SERVER_PORT || null,
+          WEB_PORT: process.env.WEB_PORT || null,
+          HIK_HOST: process.env.HIK_HOST || null,
+          HIK_APP_KEY: process.env.HIK_APP_KEY ? '***' : null,
+          HIK_APP_SECRET: process.env.HIK_APP_SECRET ? '***' : null,
+        }
+      }
+    });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 更新配置
+ */
+app.post('/api/config', async (req, res) => {
+  try {
+    const configPath = path.resolve(__dirname, '../config.json');
+    const newConfig = req.body;
+    
+    // 读取现有配置
+    let existingConfig: any = {};
+    try {
+      if (fs.existsSync(configPath)) {
+        existingConfig = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+      }
+    } catch {}
+    
+    // 合并配置：保留 auth、manager.corsOrigins 等现有字段
+    // 如果新值为空，保留原有值
+    const mergedConfig = {
+      ...existingConfig,
+      ...newConfig,
+      // 强制保留 auth 字段不被覆盖
+      auth: existingConfig.auth,
+      // 合并 manager 配置，保留 corsOrigins
+      manager: {
+        ...(existingConfig.manager || {}),
+        ...(newConfig.manager || {}),
+        corsOrigins: existingConfig.manager?.corsOrigins,
+      },
+      // 保留 hikvision 敏感字段，如果新值为空则保留原有值
+      hikvision: {
+        ...(existingConfig.hikvision || {}),
+        ...(newConfig.hikvision || {}),
+        appKey: newConfig?.hikvision?.appKey || existingConfig?.hikvision?.appKey,
+        appSecret: newConfig?.hikvision?.appSecret || existingConfig?.hikvision?.appSecret,
+      },
+    };
+    
+    // 验证必填项（host 必填，appKey/appSecret 只在有变更时才验证）
+    if (!mergedConfig.hikvision?.host) {
+      return res.status(400).json({ 
+        success: false, 
+        message: 'hikvision.host 为必填项' 
+      });
+    }
+    
+    // 如果提交了 appKey 或 appSecret，则验证它们不能为空
+    if ((newConfig?.hikvision?.appKey || newConfig?.hikvision?.appSecret) && 
+        (!mergedConfig.hikvision?.appKey || !mergedConfig.hikvision?.appSecret)) {
+      return res.status(400).json({ 
+        success: false, 
+        message: 'appKey 和 appSecret 必须同时提供' 
+      });
+    }
+    
+    // 写入配置文件
+    fs.writeFileSync(configPath, JSON.stringify(mergedConfig, null, 2), 'utf-8');
+    
+    // 重新加载配置
+    configData = newConfig;
+    config.host = resolveValue('HIK_HOST', newConfig.hikvision?.host, '127.0.0.1:18443');
+    config.appKey = resolveValue('HIK_APP_KEY', newConfig.hikvision?.appKey, '');
+    config.appSecret = resolveValue('HIK_APP_SECRET', newConfig.hikvision?.appSecret, '');
+    
+    // 重新创建客户端
+    // 注意：这里需要重新初始化客户端，但由于 Express 应用是单例，
+    // 实际生效需要重启服务
+    
+    res.json({ 
+      success: true, 
+      message: '配置已更新，重启服务后生效',
+      configPath,
+      effectiveConfig: {
+        hikvision: {
+          host: config.host,
+          appKey: config.appKey ? '***' : '',
+          appSecret: config.appSecret ? '***' : '',
+        }
+      }
+    });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+// ========== 服务控制 API ==========
+
+/**
+ * 获取服务状态
+ */
+app.get('/api/service/status', (_req, res) => {
+  const pidPath = path.resolve(__dirname, '../.server.pid');
+  let pid: number | null = null;
+  let isRunning = false;
+  
+  if (fs.existsSync(pidPath)) {
+    try {
+      pid = parseInt(fs.readFileSync(pidPath, 'utf-8').trim());
+      // 检查进程是否存在
+      try {
+        process.kill(pid, 0);
+        isRunning = true;
+      } catch {
+        isRunning = false;
+        pid = null;
+      }
+    } catch {
+      pid = null;
+      isRunning = false;
+    }
+  }
+  
+  res.json({
+    success: true,
+    data: {
+      isRunning,
+      pid,
+      port: PORT,
+      host: `http://localhost:${PORT}`,
+      uptime: isRunning ? process.uptime() : 0
+    }
+  });
+});
+
+/**
+ * 停止服务
+ */
+app.post('/api/service/stop', async (req, res) => {
+  try {
+    const pidPath = path.resolve(__dirname, '../.server.pid');
+    
+    if (!fs.existsSync(pidPath)) {
+      return res.json({ success: true, message: '服务未运行（无 PID 文件）' });
+    }
+    
+    const pid = parseInt(fs.readFileSync(pidPath, 'utf-8').trim());
+    
+    try {
+      process.kill(pid, 'SIGTERM');
+      // 等待进程退出
+      await new Promise<void>((resolve) => {
+        const timeout = setTimeout(() => {
+          process.kill(pid, 'SIGKILL');
+          resolve();
+        }, 3000);
+        
+        const checkInterval = setInterval(() => {
+          try {
+            process.kill(pid, 0);
+          } catch {
+            clearInterval(checkInterval);
+            clearTimeout(timeout);
+            resolve();
+          }
+        }, 100);
+      });
+      
+      fs.unlinkSync(pidPath);
+      res.json({ success: true, message: `服务已停止 (PID: ${pid})` });
+    } catch (error: any) {
+      if (error.code === 'ESRCH') {
+        fs.unlinkSync(pidPath);
+        res.json({ success: true, message: '服务已停止（进程不存在）' });
+      } else {
+        res.status(500).json({ success: false, message: error.message });
+      }
+    }
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 重启服务（通过 Manager 服务重启 API Server）
+ */
+app.post('/api/service/restart', async (req, res) => {
+  try {
+    // 转发到 Manager 服务重启
+    const managerRes = await fetch(`${MANAGER_URL}/api/manager/restart`, { method: 'POST' });
+    const data = await managerRes.json();
+    
+    if (data.success) {
+      res.json({ success: true, message: '服务已重启', pid: data.pid });
+    } else {
+      res.status(500).json({ success: false, message: data.message || '重启失败' });
+    }
+  } catch (error: any) {
+    res.status(500).json({ success: false, message: `无法连接 Manager 服务: ${error.message}` });
+  }
+});
+
+// ========== 配置测试 API ==========
+
+/**
+ * 使用临时配置测试海康平台连接
+ */
+app.post('/api/config/test', async (req, res) => {
+  const { host, appKey, appSecret } = req.body;
+
+  // 基础校验
+  if (!host || !appKey || !appSecret) {
+    return res.json({
+      status: 'error',
+      timestamp: new Date().toISOString(),
+      message: '配置不完整，请检查平台地址、App Key 和 App Secret'
+    });
+  }
+
+  // 创建临时客户端测试连接
+  try {
+    const testClient = createHikvisionClient({
+      host,
+      appKey,
+      appSecret,
+    } as HikvisionConfig);
+
+    // 调用人员列表 API 验证连接
+    await testClient.personService.list({ pageNo: 1, pageSize: 1 });
+
+    res.json({
+      status: 'ok',
+      timestamp: new Date().toISOString(),
+      message: '连接测试成功',
+      config: {
+        host,
+        appKeyConfigured: true,
+        appSecretConfigured: true,
+      }
+    });
+  } catch (error: any) {
+    res.json({
+      status: 'error',
+      timestamp: new Date().toISOString(),
+      message: error.message || '连接海康平台失败，请检查配置',
+      config: {
+        host,
+        appKeyConfigured: true,
+        appSecretConfigured: true,
+      }
+    });
+  }
+});
+
+// ========== 统计 API ==========
+
+/**
+ * 获取系统统计信息
+ */
+app.get('/api/stats', async (_req, res) => {
+  try {
+    const [personResult, orgResult, vehicleResult, cardResult] = await Promise.all([
+      hikClient.personService.list({ pageNo: 1, pageSize: 1 }),
+      hikClient.personService.getOrganizations(),
+      hikClient.vehicleService.list({ pageNo: 1, pageSize: 1 }),
+      hikClient.cardService.list({ pageNo: 1, pageSize: 1 }),
+    ]);
+    
+    res.json({
+      success: true,
+      data: {
+        personCount: personResult.total,
+        orgCount: orgResult.length,
+        vehicleCount: vehicleResult.total,
+        cardCount: cardResult.total,
+      },
+    });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 获取各组织人员分布
+ */
+app.get('/api/stats/persons-by-org', async (_req, res) => {
+  try {
+    const orgs = await hikClient.personService.getOrganizations();
+    const orgCountMap: Record<string, number> = {};
+    const orgPathMap: Record<string, string> = {};
+    
+    // 批量获取每页 100 人，统计各组织人数并记录完整路径
+    let pageNo = 1;
+    const pageSize = 100;
+    let hasMore = true;
+    
+    while (hasMore) {
+      const result = await hikClient.personService.list({ pageNo, pageSize });
+      result.list.forEach((p: any) => {
+        const orgCode = p.orgIndexCode || 'unknown';
+        orgCountMap[orgCode] = (orgCountMap[orgCode] || 0) + 1;
+        // 记录完整路径（如果有人的话，取第一个人的路径）
+        if (!orgPathMap[orgCode] && p.orgPath) {
+          orgPathMap[orgCode] = p.orgPath;
+        }
+      });
+      hasMore = result.list.length === pageSize;
+      pageNo++;
+    }
+    
+    // 构建组织名称映射
+    const orgMap: Record<string, string> = {};
+    orgs.forEach((o: any) => {
+      orgMap[o.orgIndexCode] = o.orgName;
+    });
+    
+    // 转换为数组并排序
+    const breakdown = Object.entries(orgCountMap).map(([orgIndexCode, count]) => ({
+      orgIndexCode,
+      orgName: orgMap[orgIndexCode] || orgIndexCode,
+      orgPath: orgPathMap[orgIndexCode] || orgMap[orgIndexCode] || orgIndexCode,
+      personCount: count,
+    })).sort((a, b) => b.personCount - a.personCount);
+    
+    res.json({ success: true, data: breakdown });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 获取车辆绑定状态统计
+ */
+app.get('/api/stats/vehicles-by-status', async (_req, res) => {
+  try {
+    const result = await hikClient.vehicleService.list({ pageNo: 1, pageSize: 1000 });
+    const vehicles = result.list || [];
+    
+    const boundCount = vehicles.filter((v: any) => v.personId && v.personId.trim()).length;
+    const unboundCount = (result.total || 0) - boundCount;
+    
+    res.json({
+      success: true,
+      data: {
+        total: result.total,
+        boundCount,
+        unboundCount,
+        boundPercent: result.total > 0 ? Math.round(boundCount / result.total * 100) : 0,
+        unboundPercent: result.total > 0 ? Math.round(unboundCount / result.total * 100) : 0,
+      },
+    });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 获取卡片状态统计
+ */
+app.get('/api/stats/cards-by-status', async (_req, res) => {
+  try {
+    // 分页获取所有卡片，统计 useStatus
+    let pageNo = 1;
+    const pageSize = 100;
+    let totalActive = 0;
+    let totalInactive = 0;
+    let hasMore = true;
+    
+    while (hasMore) {
+      const result = await hikClient.cardService.list({ pageNo, pageSize });
+      const cards = result.list || [];
+      
+      totalActive += cards.filter((c: any) => c.useStatus === 1).length;
+      totalInactive += cards.filter((c: any) => c.useStatus !== 1).length;
+      
+      hasMore = cards.length === pageSize && result.total > pageNo * pageSize;
+      pageNo++;
+    }
+    
+    const total = totalActive + totalInactive;
+    
+    res.json({
+      success: true,
+      data: {
+        total,
+        activeCount: totalActive,
+        inactiveCount: totalInactive,
+        activePercent: total > 0 ? Math.round(totalActive / total * 100) : 0,
+        inactivePercent: total > 0 ? Math.round(totalInactive / total * 100) : 0,
+      },
+    });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+// ========== 健康检查 ==========
+
+/**
+ * 健康检查 - 真正调用海康平台 API
+ */
+app.get('/api/health', async (_req, res) => {
+  // 检查基础配置
+  if (!config.host || !config.appKey || !config.appSecret) {
+    return res.json({
+      status: 'error',
+      timestamp: new Date().toISOString(),
+      message: '配置不完整',
+      config: {
+        host: config.host || '(未配置)',
+        appKeyConfigured: !!config.appKey,
+        appSecretConfigured: !!config.appSecret,
+      }
+    });
+  }
+
+  // 真正调用海康平台 API
+  try {
+    const result = await hikClient.personService.list({ pageNo: 1, pageSize: 1 });
+    res.json({
+      status: 'ok',
+      timestamp: new Date().toISOString(),
+      message: '连接成功',
+      config: {
+        host: config.host,
+        appKeyConfigured: true,
+        appSecretConfigured: true,
+      }
+    });
+  } catch (error: any) {
+    res.json({
+      status: 'error',
+      timestamp: new Date().toISOString(),
+      message: error.message || '连接海康平台失败',
+      config: {
+        host: config.host,
+        appKeyConfigured: true,
+        appSecretConfigured: true,
+      }
+    });
+  }
+});
+
+// 启动服务器
+app.listen(PORT, () => {
+  console.log(`🚀 Hikvision Manager API Server running on http://localhost:${PORT}`);
+  console.log(`   Config: host=${config.host}, appKey=${config.appKey ? '***' : '(empty)'}`);
+  
+  // 保存 PID 文件
+  const pidPath = path.resolve(__dirname, '../.server.pid');
+  fs.writeFileSync(pidPath, String(process.pid), 'utf-8');
+});
+
+// ========== 绑定关系 API ==========
+
+/**
+ * 查询人员-卡片绑定列表
+ */
+app.get('/api/bindings/person-card', async (req, res) => {
+  try {
+    const pageNo = parseInt(req.query.pageNo as string) || 1;
+    const pageSize = parseInt(req.query.pageSize as string) || 50;
+    
+    const result: any = await hikClient.cardService.list({
+      pageNo,
+      pageSize,
+    });
+    
+    const cards = (result?.data?.list || result?.list || [])
+      .filter((c: any) => c.personId);
+    
+    res.json({ success: true, data: { list: cards, total: cards.length } });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+/**
+ * 查询人员-车辆绑定列表
+ */
+app.get('/api/bindings/person-vehicle', async (req, res) => {
+  try {
+    const personId = req.query.personId as string;
+    const pageNo = parseInt(req.query.pageNo as string) || 1;
+    const pageSize = parseInt(req.query.pageSize as string) || 50;
+    
+    const result: any = await hikClient.vehicleService.list({
+      pageNo,
+      pageSize,
+      personId, // 传递 personId 过滤
+    });
+
+    res.json({ success: true, data: result });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});
+
+// ========== 车辆群组 ==========
+app.get('/api/vehicle-groups', async (_req, res) => {
+  try {
+    const groups = await hikClient.vehicleService.listGroups();
+    res.json({ success: true, data: groups });
+  } catch (error: any) {
+    safeErrorResponse(res, error);
+  }
+});