fix: i18n && 界面样式 && api直传接口 bug

refactor: 统一存储接口抽象化

Author: 2512132839

backend/src/http/errors.js

@@ -115,6 +115,27 @@ export class S3DriverError extends DriverError {
   }
 }
 
+// 驱动契约错误：用于标记存储驱动在类型/能力/方法实现上的契约不一致
+export class DriverContractError extends DriverError {
+  /**
+   * @param {string} message
+   * @param {object|any} optionsOrDetails - 同 DriverError，可覆盖 status/code/expose/details
+   */
+  constructor(message = "存储驱动契约不符合规范", optionsOrDetails = null) {
+    const base = {
+      status: ApiStatus.INTERNAL_ERROR,
+      code: "DRIVER_ERROR.INVALID_CONTRACT",
+      expose: false,
+    };
+    const opts =
+      optionsOrDetails && typeof optionsOrDetails === "object" && ("status" in optionsOrDetails || "code" in optionsOrDetails || "expose" in optionsOrDetails || "details" in optionsOrDetails)
+        ? { ...base, ...optionsOrDetails }
+        : { ...base, details: optionsOrDetails };
+    super(message, opts);
+    this.name = "DriverContractError";
+  }
+}
+
 //  maskSensitiveValue 用于 mask 敏感信息
 export const maskSensitiveValue = (value) => {
   if (!value || typeof value !== "string") {

backend/src/routes/fileViewRoutes.js

@@ -58,7 +58,7 @@ app.get("/api/s/:slug", async (c) => {
 
   // 内容交付逻辑统一由 FileViewService 处理：
   // - 当 use_proxy = 1 时，通过 ObjectStore 代理流式返回
-  // - 当 use_proxy = 0 时，优先使用存储直链（custom_host / PRESIGNED），否则返回 501
+  // - 当 use_proxy = 0 时，优先使用存储直链（custom_host / DirectLink 能力），否则返回 501
   return handleFileDownload(slug, db, encryptionSecret, c.req.raw, forceDownload, repositoryFactory);
 });
 

backend/src/routes/shareUploadRoutes.js

@@ -5,6 +5,8 @@ import { usePolicy } from "../security/policies/policies.js";
 import { resolvePrincipal } from "../security/helpers/principal.js";
 import { getEncryptionSecret } from "../utils/environmentUtils.js";
 import { FileShareService } from "../services/fileShareService.js";
+import { LinkService } from "../storage/link/LinkService.js";
+import { getFileBySlug, getPublicFileInfo } from "../services/fileService.js";
 import { useRepositories } from "../utils/repositories.js";
 import { getQueryBool, getQueryInt, jsonOk } from "../utils/common.js";
 
@@ -54,7 +56,6 @@ router.put("/api/upload-direct/:filename", requireFilesCreate, async (c) => {
     expiresIn: getQueryInt(c, "expires_in", 0),
     maxViews: getQueryInt(c, "max_views", 0),
     override: getQueryBool(c, "override", false),
-    // 仅当显式提供 use_proxy 时才传递，否则交由记录层按系统默认处理
     useProxy: c.req.query("use_proxy") != null ? getQueryBool(c, "use_proxy", true) : undefined,
     originalFilename: getQueryBool(c, "original_filename", false),
     contentType: c.req.header("content-type") || undefined,
@@ -72,7 +73,49 @@ router.put("/api/upload-direct/:filename", requireFilesCreate, async (c) => {
     { ...shareParams, uploadId: uploadId || null }
   );
 
-  return jsonOk(c, result, "文件上传成功");
+  // 对齐 /api/public/files/:slug：统一返回公开文件信息（含 rawUrl/linkType/documentPreview），不再返回分享页 URL
+  // upload-direct 属于受信任调用场景：
+  // - 即使设置了密码，这里也视为“已通过校验”，始终返回 rawUrl，方便调用方直接使用
+  // - 对于代理模式（share 内容路由），自动在 rawUrl 上附加 password 查询参数，生成一条可直接使用的代理链接
+  try {
+    const file = await getFileBySlug(db, result.slug, encryptionSecret);
+    const hasPassword = !!file.password;
+    const linkService = new LinkService(db, encryptionSecret, repositoryFactory);
+    const link = await linkService.getLinkForShare(file, null);
+    const requestUrl = new URL(c.req.url);
+    const publicInfo = await getPublicFileInfo(
+      db,
+      file,
+      false,
+      link,
+      encryptionSecret,
+      { baseOrigin: requestUrl.origin },
+    );
+
+    // 如果是代理模式且本次上传提供了密码，为 rawUrl 附加 password 查询参数
+    let rawUrl = publicInfo.rawUrl || null;
+    const linkType = publicInfo.linkType || null;
+    const password = shareParams.password || null;
+    if (rawUrl && password && (linkType === "proxy" || file.use_proxy)) {
+      if (!rawUrl.includes("password=")) {
+        const separator = rawUrl.includes("?") ? "&" : "?";
+        rawUrl = `${rawUrl}${separator}password=${encodeURIComponent(password)}`;
+      }
+    }
+
+    const response = {
+      ...publicInfo,
+      rawUrl,
+      requires_password: hasPassword,
+    };
+
+    return jsonOk(c, response, "文件上传成功");
+  } catch (error) {
+    // 兜底：生成公开信息失败时，返回基础分享记录但移除 url 字段，避免泄露分享页 URL
+    console.warn("upload-direct: 生成公开文件信息失败，将返回基础分享记录：", error);
+    const { url, ...rest } = result || {};
+    return jsonOk(c, rest, "文件上传成功");
+  }
 });
 
 // 流式分享上传：通过 PUT /api/share/upload 使用原始 body 直传

backend/src/services/fileViewService.js

@@ -167,7 +167,7 @@ export class FileViewService {
         });
       }
 
-      // use_proxy != 1 时，尝试走直链：custom_host 优先，其次 PRESIGNED；不再“代理直链”
+      // use_proxy != 1 时，尝试走直链：custom_host 优先，其次直链能力（DirectLink，例如预签名 URL）；不再“代理直链”
       let directUrl = null;
       try {
         const objectStore = new ObjectStore(this.db, this.encryptionSecret, this.repositoryFactory);

backend/src/storage/drivers/s3/S3StorageDriver.js

@@ -10,8 +10,7 @@ import { createS3Client, generateCustomHostDirectUrl } from "./utils/s3Utils.js"
 import { DeleteObjectCommand } from "@aws-sdk/client-s3";
 import { normalizeS3SubPath, isCompleteFilePath } from "./utils/S3PathUtils.js";
 import { updateMountLastUsed, findMountPointByPath } from "../../fs/utils/MountResolver.js";
-import { buildFullProxyUrl, buildSignedProxyUrl } from "../../../constants/proxy.js";
-import { ProxySignatureService } from "../../../services/ProxySignatureService.js";
+import { buildFullProxyUrl } from "../../../constants/proxy.js";
 import { S3DriverError, AppError } from "../../../http/errors.js";
 
 // 导入各个操作模块
@@ -38,7 +37,7 @@ export class S3StorageDriver extends BaseDriver {
     this.capabilities = [
       CAPABILITIES.READER, // 读取能力：list, get, getInfo
       CAPABILITIES.WRITER, // 写入能力：put, mkdir, remove
-      CAPABILITIES.PRESIGNED, // 预签名URL能力：generatePresignedUrl
+      CAPABILITIES.DIRECT_LINK, // 直链能力（custom_host/预签名等）：generateDownloadUrl/generateUploadUrl
       CAPABILITIES.MULTIPART, // 分片上传能力：multipart upload
       CAPABILITIES.ATOMIC, // 原子操作能力：rename, copy
       CAPABILITIES.PROXY, // 代理能力：generateProxyUrl
@@ -437,15 +436,11 @@ export class S3StorageDriver extends BaseDriver {
   async generateDownloadUrl(path, options = {}) {
     this._ensureInitialized();
 
-    const { mount, subPath, db } = options;
+    const { subPath } = options;
     const s3SubPath = normalizeS3SubPath(subPath, false);
 
-    if (db && mount?.id) {
-      await updateMountLastUsed(db, mount.id);
-    }
-
     try {
-      const { expiresIn, forceDownload, userType, userId } = options;
+      const { expiresIn, forceDownload, userType, userId, mount } = options;
       return await this.fileOps.generateDownloadUrl(s3SubPath, {
         expiresIn,
         forceDownload,
@@ -467,13 +462,9 @@ export class S3StorageDriver extends BaseDriver {
   async generateWebDavProxyUrl(path, options = {}) {
     this._ensureInitialized();
 
-    const { mount, subPath, db } = options;
+    const { subPath } = options;
     const s3SubPath = normalizeS3SubPath(subPath, false);
 
-    if (db && mount?.id) {
-      await updateMountLastUsed(db, mount.id);
-    }
-
     if (!this.customHost) {
       return null;
     }
@@ -898,44 +889,15 @@ export class S3StorageDriver extends BaseDriver {
    * @returns {Promise<Object>} 代理URL对象
    */
   async generateProxyUrl(path, options = {}) {
-    const { mount, request, download = false, db } = options;
-
-    // 检查挂载点是否启用代理
-    if (!this.supportsProxyMode(mount)) {
-      throw new AppError("此挂载点未启用代理访问", { status: ApiStatus.FORBIDDEN, code: "FORBIDDEN", expose: true });
-    }
-
-    // 检查是否需要签名
-    const signatureService = new ProxySignatureService(db, this.encryptionSecret);
-    const signatureNeed = await signatureService.needsSignature(mount);
+    const { request, download = false, channel = "web" } = options;
 
-    let proxyUrl;
-    let signInfo = null;
-
-    if (signatureNeed.required) {
-      // 生成签名
-      signInfo = await signatureService.generateStorageSignature(path, mount);
-
-      // 生成带签名的代理URL
-      proxyUrl = buildSignedProxyUrl(request, path, {
-        download,
-        signature: signInfo.signature,
-        requestTimestamp: signInfo.requestTimestamp,
-        needsSignature: true,
-      });
-    } else {
-      // 生成普通代理URL
-      proxyUrl = buildFullProxyUrl(request, path, download);
-    }
+    // 驱动层仅负责根据路径构造基础代理URL，不再做签名与策略判断
+    const proxyUrl = buildFullProxyUrl(request, path, download);
 
     return {
       url: proxyUrl,
       type: "proxy",
-      signed: signatureNeed.required,
-      signatureLevel: signatureNeed.level,
-      expiresAt: signInfo?.expiresAt,
-      isTemporary: signInfo?.isTemporary,
-      policy: mount?.webdav_policy || "302_redirect",
+      channel,
     };
   }
 
@@ -944,19 +906,18 @@ export class S3StorageDriver extends BaseDriver {
    * @param {Object} mount - 挂载点信息
    * @returns {boolean} 是否支持代理模式
    */
-  supportsProxyMode(mount) {
-    return mount && !!mount.web_proxy;
+  supportsProxyMode() {
+    return true;
   }
 
   /**
    * 获取代理配置（ProxyCapable接口实现）
    * @param {Object} mount - 挂载点信息
    * @returns {Object} 代理配置对象
    */
-  getProxyConfig(mount) {
+  getProxyConfig() {
     return {
-      enabled: this.supportsProxyMode(mount),
-      webdavPolicy: mount?.webdav_policy || "302_redirect",
+      enabled: this.supportsProxyMode(),
     };
   }
 

backend/src/storage/drivers/s3/operations/S3FileOperations.js

@@ -286,7 +286,7 @@ export class S3FileOperations {
 
         // 统一在驱动层使用 canonical 字段 url，供上层 LinkStrategy/LinkService 消费
         const url = presignedUrl;
-        const type = this.config.custom_host ? "custom_host" : "presigned";
+        const type = this.config.custom_host ? "custom_host" : "native_direct";
 
         return {
           success: true,