6fe04f4893
feat: 添加 Admin 管理后台
...
- 数据库新增 Role 枚举、disabled 字段和 McpCallLog 调用日志表
- 后端新增 requireAdmin 中间件和 /api/admin/* 管理接口(统计、用户、项目、日志)
- MCP 工具调用自动记录详细日志(耗时、参数、响应大小、客户端IP、token估算)
- 前端新增 /admin 路由区域:仪表盘、用户管理、项目管理、调用日志四个页面
- JWT 携带 role 字段,登录/OAuth 增加禁用账号检查
- nginx 配置补充 X-Forwarded-For 透传真实客户端 IP
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-04-04 13:04:44 +08:00
f3fbd3876a
refactor: OpenAPI URL 抓取改为前端执行 + 服务端 CORS 代理
...
- 前端直接 fetch URL 支持 localhost/内网地址
- CORS 失败自动回退到服务端代理 /api/fetch-spec
- 添加 js-yaml 支持 YAML 格式解析
- 服务端移除 specUrl 参数,只接收已解析的 spec 对象
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-04-03 19:28:53 +08:00
49ca1f6e1f
feat: OAuth 登录后返回来源页 + 登录页清理
...
- OAuth 流程透传 redirect 参数,登录后回到触发页面而非固定跳 Dashboard
- 服务端校验 redirect 为相对路径,防止 Open Redirect 攻击
- 隐藏 Apple 登录按钮和邮箱注册入口
- Dark Mode 切换改为下拉菜单样式
- 提取 useClickOutside hook 消除重复代码
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-04-03 17:56:57 +08:00
5e6efdaf59
fix: Docker 构建改用 npm 替代 pnpm + 补全 OAuth/Redis 环境变量
...
- Dockerfile 全部改为 npm install + 全局 tsc,解决 pnpm 符号链接问题
- docker-compose 添加 Redis 服务、OAuth 环境变量透传、web 端口改为可配置
- MCP URL 改用 window.location.origin 适配反向代理
- tsconfig 添加 paths 映射解决 Docker 内模块引用
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-04-03 17:24:52 +08:00
9733b82c9c
feat: 支持 OAuth 无密码用户设置密码和查看 API Key
...
- 新增 POST /auth/set-password 端点(仅限无密码用户)
- /auth/me 返回 hasPassword 字段
- SettingsDialog:无密码用户显示"设置密码"表单(无需当前密码)
- API Key reveal/copy:无密码时引导用户先设置密码
- 中英双语 i18n 支持
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-03 13:39:46 +08:00
eacaa5be05
refactor: simplify OAuth routes, add type safety, deduplicate UI components
...
- Extract handleOAuthCallback to eliminate GET/POST duplication in oauth.ts
- Add P2002 race condition handling in findOrCreateUser
- Add .unref() to stateStore cleanup timer to not block process exit
- Use Provider union type instead of bare strings throughout OAuth code
- Export API_BASE from api.ts, reuse in OAuthButtons
- Extract MobileBranding component to deduplicate Login/Register mobile brand
- Extract shared Logo component in AuthBranding
- Remove unnecessary WHAT comments
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-03 13:25:50 +08:00
9316795e4f
feat: add OAuth routes for Google, GitHub, and Apple login
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-03 13:16:06 +08:00
2d07ac6cd4
feat: add OAuth provider configuration and token exchange utilities
2026-04-03 13:13:21 +08:00
35511eb877
feat: opt web ux
2026-04-02 22:10:24 +08:00
143b1e8c4b
feat: optimize web ui
2026-04-02 18:22:14 +08:00
afd8b444c7
fix: pre-fetch URL spec then bundle+dereference to handle self-referencing $ref
2026-04-02 15:00:32 +08:00
6aaba810d8
fix: fetch OpenAPI doc from browser to avoid Docker network isolation, add Swagger 2.0 support
2026-04-02 14:51:43 +08:00
a191a4db00
feat: add project CRUD, OpenAPI import/parsing, module and endpoint management routes
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-02 11:48:06 +08:00
2ed957762c
feat: add JWT authentication with register, login, refresh, and me endpoints
...
Adds bcrypt password hashing, JWT access/refresh token generation, requireAuth middleware, and /api/auth routes (POST /register, POST /login, POST /refresh, GET /me).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-02 11:42:11 +08:00
f644dc2dfd
feat: initialize monorepo with shared, server, mcp, and web packages
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-02 11:28:59 +08:00
