Merge branch 'ling-drag0n:main' into main

Author: Ai686Leo

Api-doc.md

@@ -1390,7 +1390,7 @@ X-Custom-Auth-Key: <api_key>
 ### 统一存储链接解析
 
 - `POST /api/proxy/link`
-  - 描述：统一存储链接解析接口（OpenList Proxy 风格）
+  - 描述：统一存储链接解析接口
   - 授权：支持管理员令牌、API 密钥或匿名访问
   - 请求体：
     ```json

backend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cloudpaste-api",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "description": "CloudPaste API基于Cloudflare Workers和D1数据库",
   "main": "workers.js",
   "scripts": {

backend/schema.sql

@@ -225,6 +225,61 @@ CREATE INDEX idx_storage_mounts_is_active ON storage_mounts(is_active);
 CREATE INDEX idx_storage_mounts_sort_order ON storage_mounts(sort_order);
 
 
+-- 通用上传会话表：管理各存储驱动的前端分片/断点续传会话
+CREATE TABLE upload_sessions (
+  id TEXT PRIMARY KEY,                   -- 内部会话ID（例如 upl_xxx），供前后端统一引用
+
+  -- 主体与目标信息
+  user_id TEXT NOT NULL,                 -- 用户或 API Key 标识
+  user_type TEXT NOT NULL,               -- 'admin' | 'apikey' | 其他
+  storage_type TEXT NOT NULL,            -- 存储类型：S3 / ONEDRIVE / WEBDAV / LOCAL 等
+  storage_config_id TEXT NOT NULL,       -- 关联的存储配置 ID（storage_configs.id）
+  mount_id TEXT,                         -- 关联挂载 ID（storage_mounts.id，可为空）
+  fs_path TEXT NOT NULL,                 -- FS 视图路径，如 /onedrive/path/file.ext 或 /s3/bucket/key
+  source TEXT NOT NULL,                  -- 会话来源：FS / SHARE / OTHER
+
+  -- 文件级元数据
+  file_name TEXT NOT NULL,               -- 文件名
+  file_size INTEGER NOT NULL,            -- 总大小（字节）
+  mime_type TEXT,                        -- MIME 类型（可选）
+  checksum TEXT,                         -- 校验和（可选，例如 SHA-256）
+
+  -- 文件指纹（用于跨驱动/跨会话识别同一逻辑文件）
+  fingerprint_algo TEXT,                 -- 指纹算法标识，例如 meta-v1 / sha256 等
+  fingerprint_value TEXT,                -- 指纹值（算法自定义，可为元数据拼接或哈希）
+
+  -- 策略与进度
+  strategy TEXT NOT NULL,                -- 分片策略：per_part_url / single_session / ...
+  part_size INTEGER NOT NULL,            -- 分片大小（字节）
+  total_parts INTEGER NOT NULL,          -- 预估分片总数
+  bytes_uploaded INTEGER NOT NULL DEFAULT 0,  -- 已上传字节数（对于 single_session 可由 nextExpectedRanges 推导）
+  uploaded_parts INTEGER NOT NULL DEFAULT 0,  -- 已确认的分片数量（对于 per_part_url 有意义）
+  next_expected_range TEXT,              -- 对于 single_session：Graph nextExpectedRanges[0]，如 \"5242880-35799947\"
+
+  -- provider 会话信息（驱动私有）
+  provider_upload_id TEXT,               -- 例如 S3 UploadId / 其他云 provider upload id
+  provider_upload_url TEXT,              -- 例如 OneDrive uploadSession.uploadUrl
+  provider_meta TEXT,                    -- JSON 扩展字段（驱动私有）
+
+  -- 会话状态与错误
+  status TEXT NOT NULL,                  -- active / completed / aborted / expired / error
+  error_code TEXT,
+  error_message TEXT,
+
+  -- 生命周期
+  created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  expires_at DATETIME                    -- 会话过期时间（例如 Graph expirationDateTime）
+);
+
+CREATE INDEX idx_upload_sessions_user ON upload_sessions(user_id, user_type);
+CREATE INDEX idx_upload_sessions_storage ON upload_sessions(storage_type, storage_config_id);
+CREATE INDEX idx_upload_sessions_mount_path ON upload_sessions(mount_id, fs_path);
+CREATE INDEX idx_upload_sessions_status ON upload_sessions(status, updated_at DESC);
+CREATE INDEX idx_upload_sessions_source ON upload_sessions(source);
+CREATE INDEX idx_upload_sessions_fingerprint ON upload_sessions(fingerprint_value);
+
+
 CREATE TABLE tasks (
   -- 核心标识
   task_id TEXT PRIMARY KEY,

backend/src/constants/index.js

@@ -17,6 +17,7 @@ export const DbTables = {
   STORAGE_MOUNTS: "storage_mounts", // 存储挂载表
   FS_META: "fs_meta", // 目录 Meta 配置表
   TASKS: "tasks", // 任务编排表
+  UPLOAD_SESSIONS: "upload_sessions", // 通用上传会话表（前端分片/断点续传）
 };
 
 // 默认的最大上传大小（MB）
@@ -36,7 +37,7 @@ export const ApiStatus = {
   INTERNAL_ERROR: 500,
 };
 
-// alist风格的文件类型常量
+//文件类型常量
 export const FILE_TYPES = {
   UNKNOWN: 0, // 未知文件
   FOLDER: 1, // 文件夹

backend/src/repositories/StorageConfigRepository.js

@@ -7,60 +7,14 @@
  */
 import { BaseRepository } from "./BaseRepository.js";
 import { DbTables } from "../constants/index.js";
+import { StorageFactory } from "../storage/factory/StorageFactory.js";
 
 export class StorageConfigRepository extends BaseRepository {
   /**
-   * 展开 S3 专用字段
-   * @private
-   * @param {object} cfg - config_json 解析后的对象
-   * @param {object} merged - 合并目标对象
-   * @param {object} options - 选项
-   */
-  _inflateS3Fields(cfg, merged, { withSecrets = false }) {
-    merged.provider_type = cfg?.provider_type;
-    merged.endpoint_url = cfg?.endpoint_url;
-    merged.bucket_name = cfg?.bucket_name;
-    merged.region = cfg?.region;
-    merged.path_style = cfg?.path_style;
-    if (withSecrets) {
-      merged.access_key_id = cfg?.access_key_id;
-      merged.secret_access_key = cfg?.secret_access_key;
-    }
-  }
-
-  /**
-   * 展开 WebDAV 专用字段
-   * @private
-   * @param {object} cfg - config_json 解析后的对象
-   * @param {object} merged - 合并目标对象
-   * @param {object} options - 选项
-   */
-  _inflateWebDavFields(cfg, merged, { withSecrets = false }) {
-    merged.endpoint_url = cfg?.endpoint_url;
-    merged.username = cfg?.username;
-    merged.tls_insecure_skip_verify = cfg?.tls_insecure_skip_verify;
-    if (withSecrets) {
-      merged.password = cfg?.password;
-    }
-  }
-
-  /**
-   * 展开 LOCAL 专用字段
-   * @private
-   * @param {object} cfg - config_json 解析后的对象
-   * @param {object} merged - 合并目标对象
-   */
-  _inflateLocalFields(cfg, merged) {
-    merged.root_path = cfg?.root_path;
-    merged.auto_create_root = cfg?.auto_create_root;
-    merged.readonly = cfg?.readonly;
-    merged.trash_path = cfg?.trash_path;
-    merged.dir_permission = cfg?.dir_permission;
-  }
-
-  /**
-   * 通用展开方法（策略模式）
-   * 根据 storage_type 自动选择对应的字段展开策略
+   * 通用展开方法
+   * - 解析 config_json
+   * - 委托 StorageFactory.projectConfig 完成类型特定的配置投影
+   * - 将投影结果与行对象合并，并保留 __config_json__ 供上层复用
    * @param {object} row - 数据库原始行
    * @param {object} options - 选项
    * @returns {object|null} 展开后的配置对象
@@ -69,31 +23,19 @@ export class StorageConfigRepository extends BaseRepository {
     if (!row) return null;
     try {
       if (row.config_json) {
-        const cfg = JSON.parse(row.config_json);
+        const raw = row.config_json;
+        const cfg = typeof raw === "string" ? JSON.parse(raw) : raw || {};
+
+        const projected = StorageFactory.projectConfig(row.storage_type, cfg, {
+          withSecrets,
+          row,
+        });
+
         const merged = {
           ...row,
-          // 通用字段（所有存储类型共享）
-          default_folder: cfg?.default_folder,
-          custom_host: cfg?.custom_host,
-          signature_expires_in: cfg?.signature_expires_in,
-          total_storage_bytes: cfg?.total_storage_bytes,
+          ...(projected && typeof projected === "object" ? projected : {}),
         };
 
-        // 根据存储类型展开专用字段
-        switch (row.storage_type) {
-          case "S3":
-            this._inflateS3Fields(cfg, merged, { withSecrets });
-            break;
-          case "WEBDAV":
-            this._inflateWebDavFields(cfg, merged, { withSecrets });
-            break;
-          case "LOCAL":
-            this._inflateLocalFields(cfg, merged);
-            break;
-          default:
-            console.warn(`Unknown storage_type: ${row.storage_type}`);
-        }
-
         // 保留原始 config_json 对象（非枚举属性，避免对外暴露）
         Object.defineProperty(merged, "__config_json__", {
           value: cfg,

backend/src/routes/fs/multipart.js

@@ -172,15 +172,19 @@ export const registerMultipartRoutes = (router, helpers) => {
 
     const fileId = generateFileId();
 
-  return jsonOk(c, {
+    return jsonOk(
+      c,
+      {
         presignedUrl: result.uploadUrl,
         fileId,
         storagePath: result.storagePath,
         publicUrl: result.publicUrl || null,
         mountId: mount.id,
         storageConfigId: mount.storage_config_id,
+        storageType: mount.storage_type || null,
         targetPath,
         contentType: result.contentType,
+        headers: result.headers || undefined,
       },
       { success: true },
     );

backend/src/routes/proxyLinkRoutes.js

@@ -1,5 +1,5 @@
 /**
- * 统一存储链接解析接口（OpenList Proxy 风格）
+ * 统一存储链接解析接口
  * POST /api/proxy/link
  *
  * - Origin（CloudPaste）只负责权限与“如何访问源”的决策

backend/src/routes/storageConfigRoutes.js

@@ -12,9 +12,8 @@ import {
   deleteStorageConfig,
   setDefaultStorageConfig,
   testStorageConnection,
-  getStorageConfigsWithUsage,
 } from "../services/storageConfigService.js";
-import { ApiStatus, UserType } from "../constants/index.js";
+import { UserType } from "../constants/index.js";
 import { getPagination, jsonOk, jsonCreated } from "../utils/common.js";
 import { getEncryptionSecret } from "../utils/environmentUtils.js";
 import { usePolicy } from "../security/policies/policies.js";
@@ -178,7 +177,19 @@ storageConfigRoutes.post("/api/storage/:id/test", requireAdmin, async (c) => {
   const requestOrigin = c.req.header("origin");
   const repositoryFactory = useRepositories(c);
   const testResult = await testStorageConnection(db, id, adminId, encryptionSecret, requestOrigin, repositoryFactory);
-  return jsonOk(c, { success: testResult.success, result: testResult.result }, testResult.message);
+  
+  // 根据测试结果返回正确的响应
+  if (testResult.success) {
+    return jsonOk(c, testResult, testResult.message);
+  } else {
+    // 测试失败时返回 200 状态码但 success: false（前端会根据 success 字段判断）
+    return c.json({
+      success: false,
+      code: "TEST_FAILED",
+      message: testResult.message,
+      data: testResult
+    }, 200);
+  }
 });
 
 export default storageConfigRoutes;

backend/src/routes/systemRoutes.js

@@ -97,7 +97,7 @@ systemRoutes.get("/api/version", async (c) => {
   const isDocker = runtimeEnv === "docker";
 
   // 统一的默认版本配置
-  const DEFAULT_VERSION = "1.2.0";
+  const DEFAULT_VERSION = "1.3.0";
   const DEFAULT_NAME = "cloudpaste-api";
 
   let version = DEFAULT_VERSION;

backend/src/services/ProxySignatureService.js

@@ -3,7 +3,9 @@ import { ensureRepositoryFactory } from "../utils/repositories.js";
 
 /**
  * 代理签名服务
- * 支持两层签名策略：全局签名所有 + 存储级签名
+ * 支持两层签名策略：
+ * - 全局签名所有：proxy_sign_all = true 时，所有代理流量都启用签名（与挂载配置无关）
+ * - 挂载级签名：enable_sign = true 且挂载开启 web_proxy 时，对该挂载下的代理流量启用签名
  */
 export class ProxySignatureService {
   constructor(db, encryptionSecret, repositoryFactory = null) {
@@ -32,7 +34,28 @@ export class ProxySignatureService {
       };
     }
 
-    // 2. 检查存储级别的签名设置
+    // 2. 挂载信息缺失时，不启用挂载级签名（仅全局策略生效）
+    if (!mount || typeof mount !== "object") {
+      return {
+        required: false,
+        reason: "mount_not_provided",
+        level: "none",
+        description: "未提供挂载配置，仅全局签名策略有效",
+      };
+    }
+
+    // 3. 仅在挂载开启 web_proxy 时才允许挂载级签名生效
+    const webProxyEnabled = mount.web_proxy === 1 || mount.web_proxy === true;
+    if (!webProxyEnabled) {
+      return {
+        required: false,
+        reason: "web_proxy_disabled",
+        level: "none",
+        description: "挂载未开启 web_proxy，忽略挂载级签名配置",
+      };
+    }
+
+    // 4. 检查挂载级别的签名设置
     if (mount.enable_sign === 1 || mount.enable_sign === true) {
       return {
         required: true,
@@ -42,7 +65,7 @@ export class ProxySignatureService {
       };
     }
 
-    // 3. 不需要签名
+    // 5. 不需要签名
     return {
       required: false,
       reason: "no_sign_required",