feat: 添加 Admin 管理后台

- 数据库新增 Role 枚举、disabled 字段和 McpCallLog 调用日志表 - 后端新增 requireAdmin 中间件和 /api/admin/* 管理接口（统计、用户、项目、日志） - MCP 工具调用自动记录详细日志（耗时、参数、响应大小、客户端IP、token估算） - 前端新增 /admin 路由区域：仪表盘、用户管理、项目管理、调用日志四个页面 - JWT 携带 role 字段，登录/OAuth 增加禁用账号检查 - nginx 配置补充 X-Forwarded-For 透传真实客户端 IP Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-04 13:04:44 +08:00
parent d45cc45815
commit 6fe04f4893
25 changed files with 1847 additions and 20 deletions
--- a/prisma/migrations/20260404120000_add_admin_role_and_call_logs/migration.sql
+++ b/prisma/migrations/20260404120000_add_admin_role_and_call_logs/migration.sql
@@ -0,0 +1,34 @@
+-- CreateEnum
+CREATE TYPE "Role" AS ENUM ('USER', 'ADMIN');
+
+-- AlterTable
+ALTER TABLE "User" ADD COLUMN "role" "Role" NOT NULL DEFAULT 'USER';
+ALTER TABLE "User" ADD COLUMN "disabled" BOOLEAN NOT NULL DEFAULT false;
+
+-- CreateTable
+CREATE TABLE "McpCallLog" (
+    "id" TEXT NOT NULL,
+    "projectId" TEXT NOT NULL,
+    "toolName" TEXT NOT NULL,
+    "calledAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "durationMs" INTEGER NOT NULL,
+    "success" BOOLEAN NOT NULL,
+    "requestParams" JSONB NOT NULL DEFAULT '{}',
+    "responseSize" INTEGER NOT NULL DEFAULT 0,
+    "clientIp" TEXT NOT NULL DEFAULT '',
+    "estimatedTokens" INTEGER,
+
+    CONSTRAINT "McpCallLog_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE INDEX "McpCallLog_projectId_idx" ON "McpCallLog"("projectId");
+
+-- CreateIndex
+CREATE INDEX "McpCallLog_calledAt_idx" ON "McpCallLog"("calledAt");
+
+-- CreateIndex
+CREATE INDEX "McpCallLog_toolName_idx" ON "McpCallLog"("toolName");
+
+-- AddForeignKey
+ALTER TABLE "McpCallLog" ADD CONSTRAINT "McpCallLog_projectId_fkey" FOREIGN KEY ("projectId") REFERENCES "Project"("id") ON DELETE CASCADE ON UPDATE CASCADE;
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -7,12 +7,19 @@ datasource db {
  url      = env("DATABASE_URL")
 }

+enum Role {
+  USER
+  ADMIN
+}
+
 model User {
  id              String         @id @default(uuid())
  email           String         @unique
  passwordHash    String?
  name            String
  avatarUrl       String?
+  role            Role           @default(USER)
+  disabled        Boolean        @default(false)
  apiKeyHash      String?
  apiKeyEncrypted String?
  apiKeyPrefix    String?
@@ -33,8 +40,26 @@ model OAuthAccount {
  @@unique([provider, providerAccountId])
 }

+model McpCallLog {
+  id              String   @id @default(uuid())
+  projectId       String
+  toolName        String
+  calledAt        DateTime @default(now())
+  durationMs      Int
+  success         Boolean
+  requestParams   Json     @default("{}")
+  responseSize    Int      @default(0)
+  clientIp        String   @default("")
+  estimatedTokens Int?
+  project         Project  @relation(fields: [projectId], references: [id], onDelete: Cascade)
+
+  @@index([projectId])
+  @@index([calledAt])
+  @@index([toolName])
+}
+
 model Project {
-  id             String     @id @default(uuid())
+  id             String       @id @default(uuid())
  userId         String
  name           String
  description    String?
@@ -43,9 +68,10 @@ model Project {
  openApiVersion String
  createdAt      DateTime   @default(now())
  updatedAt      DateTime   @updatedAt
-  user           User       @relation(fields: [userId], references: [id], onDelete: Cascade)
+  user           User         @relation(fields: [userId], references: [id], onDelete: Cascade)
  modules        Module[]
  endpoints      Endpoint[]
+  mcpCallLogs    McpCallLog[]
 }

 enum ModuleSource {