1

2026-03-27 13:30:53 +08:00
parent 2f04459492
commit 1f4b39d576
7 changed files with 177 additions and 89 deletions
--- a/api/controller_custom/proxy_api.js
+++ b/api/controller_custom/proxy_api.js
@@ -0,0 +1,89 @@
+const swagger = require("../../_docs/swagger.json");
+const auth = require("../service/biz_auth_verify");
+const proxy = require("../service/biz_proxy_service");
+
+function getRequestBody(ctx) {
+  if (ctx.request && ctx.request.body && Object.keys(ctx.request.body).length > 0) {
+    return ctx.request.body;
+  }
+  if (typeof ctx.getBody === "function") {
+    return ctx.getBody() || {};
+  }
+  return {};
+}
+
+/**
+ * 从请求中提取 Token
+ * 支持 Authorization: Bearer xxx 和 query ?token=xxx
+ */
+function extractToken(ctx) {
+  const authHeader = ctx.get("Authorization") || "";
+  if (authHeader.startsWith("Bearer ")) {
+    return authHeader.slice(7).trim();
+  }
+  return ctx.query.token || "";
+}
+
+/**
+ * 提取 swagger tags 第一项作为 feature 名（用于套餐功能点校验）
+ */
+function pickFeature(spec) {
+  if (spec.tags && spec.tags.length > 0) {
+    return spec.tags[0];
+  }
+  return null;
+}
+
+/**
+ * 构建转发路由表（供 framework.addRoutes 注册）
+ */
+function buildProxyRoutes() {
+  const routes = {};
+
+  for (const [path, methods] of Object.entries(swagger.paths)) {
+    for (const [method, spec] of Object.entries(methods)) {
+      const routeKey = `${method.toUpperCase()} ${path}`;
+
+      routes[routeKey] = async (ctx) => {
+        // 1. 提取 Token
+        const token = extractToken(ctx);
+        if (!token) {
+          ctx.status = 401;
+          ctx.body = { ok: false, error_code: "TOKEN_MISSING", message: "缺少 Token" };
+          return;
+        }
+
+        // 2. 鉴权：Token + 用户 + 订阅 + 套餐功能点 + 接口权限 + 调用量
+        const feature = pickFeature(spec);
+        const authResult = await auth.verifyRequest({ token, feature, api_path: path });
+        if (!authResult.ok) {
+          ctx.status = 403;
+          ctx.body = authResult;
+          return;
+        }
+
+        // 3. 组装 query（去掉 token 参数，避免泄露）
+        const query = { ...ctx.query };
+        delete query.token;
+
+        // 4. 转发到上游
+        const result = await proxy.forwardRequest({
+          api_path: path,
+          method: method.toUpperCase(),
+          query,
+          body: getRequestBody(ctx),
+          headers: ctx.headers || {},
+          auth_ctx: authResult.context,
+        });
+
+        // 5. 原样返回上游响应
+        ctx.status = result.status;
+        ctx.body = result.data;
+      };
+    }
+  }
+
+  return routes;
+}
+
+module.exports = { buildProxyRoutes };
--- a/api/controller_front/proxy_api.js
+++ b/api/controller_front/proxy_api.js
@@ -1,85 +0,0 @@
-const swagger = require("../../_docs/swagger.json");
-const auth = require("../service/biz_auth_verify");
-const proxy = require("../service/biz_proxy_service");
-
-function getRequestBody(ctx) {
-  if (ctx.request && ctx.request.body && Object.keys(ctx.request.body).length > 0) {
-    return ctx.request.body;
-  }
-  if (typeof ctx.getBody === "function") {
-    return ctx.getBody() || {};
-  }
-  return {};
-}
-
-/**
- * 从请求中提取 Token
- * 支持 Authorization: Bearer xxx 和 query ?token=xxx
- */
-function extractToken(ctx) {
-  const authHeader = ctx.get("Authorization") || "";
-  if (authHeader.startsWith("Bearer ")) {
-    return authHeader.slice(7).trim();
-  }
-  return ctx.query.token || "";
-}
-
-/**
- * 提取 swagger tags 第一项作为 feature 名（用于套餐功能点校验）
- */
-function pickFeature(spec) {
-  if (spec.tags && spec.tags.length > 0) {
-    return spec.tags[0];
-  }
-  return null;
-}
-
-/**
- * 从 swagger.json 动态生成全部转发路由
- */
-const routes = {};
-
-for (const [path, methods] of Object.entries(swagger.paths)) {
-  for (const [method, spec] of Object.entries(methods)) {
-    const routeKey = `${method.toUpperCase()} ${path}`;
-
-    routes[routeKey] = async (ctx) => {
-      // 1. 提取 Token
-      const token = extractToken(ctx);
-      if (!token) {
-        ctx.status = 401;
-        ctx.body = { ok: false, error_code: "TOKEN_MISSING", message: "缺少 Token" };
-        return;
-      }
-
-      // 2. 鉴权：Token + 用户 + 订阅 + 套餐功能点
-      const feature = pickFeature(spec);
-      const authResult = await auth.verifyRequest({ token, feature });
-      if (!authResult.ok) {
-        ctx.status = 403;
-        ctx.body = authResult;
-        return;
-      }
-
-      // 3. 组装 query（去掉 token 参数，避免泄露）
-      const query = { ...ctx.query };
-      delete query.token;
-
-      // 4. 转发到上游
-      const result = await proxy.forwardRequest({
-        api_path: path,
-        method: method.toUpperCase(),
-        query,
-        body: getRequestBody(ctx),
-        headers: ctx.headers || {},
-        auth_ctx: authResult.context,
-      });
-
-      // 5. 原样返回上游响应
-      ctx.status = result.status;
-      ctx.body = result.data;
-    };
-  }
-}
-
-module.exports = routes;
--- a/api/model/biz_usage_monthly.js
+++ b/api/model/biz_usage_monthly.js
@@ -27,6 +27,12 @@ module.exports = (db) => {
      friend_count: { type: Sequelize.INTEGER, allowNull: false, defaultValue: 0 },
      sns_count: { type: Sequelize.INTEGER, allowNull: false, defaultValue: 0 },
      active_user_count: { type: Sequelize.INTEGER, allowNull: false, defaultValue: 0 },
+      api_call_count: {
+        type: Sequelize.INTEGER,
+        allowNull: false,
+        defaultValue: 0,
+        comment: "当月 API 转发总调用次数",
+      },
    },
    {
      tableName: "biz_usage_monthly",
--- a/api/service/biz_auth_verify.js
+++ b/api/service/biz_auth_verify.js
@@ -29,11 +29,11 @@ function hasPositiveDelta(delta) {
 }

 /**
- * 对外鉴权：Token + 用户 + 有效订阅 + 功能点 + 可选用量上报与额度
- * body: { token, feature?, usage_delta?: { msg?, mass?, ... } }
+ * 对外鉴权：Token + 用户 + 有效订阅 + 功能点 + 接口权限 + API调用量 + 可选用量上报
+ * body: { token, feature?, api_path?, usage_delta?: { msg?, mass?, ... } }
 */
 async function verifyRequest(body) {
-  const { token, feature } = body || {};
+  const { token, feature, api_path } = body || {};
  if (!token) {
    return { ok: false, error_code: "TOKEN_INVALID", message: "缺少 token" };
  }
@@ -71,9 +71,26 @@ async function verifyRequest(body) {
    return { ok: false, error_code: "FEATURE_NOT_ALLOWED", message: "功能未在套餐内" };
  }

+  // 接口路径级权限校验
+  if (api_path) {
+    const apiCheck = usageSvc.checkApiPathAllowed(plan, api_path);
+    if (!apiCheck.ok) {
+      return { ok: false, error_code: apiCheck.error_code, message: apiCheck.message };
+    }
+  }
+
  const statMonth = usageSvc.currentStatMonth();
  let usageRow = await usageSvc.getOrCreateUsage(row.user_id, sub.plan_id, statMonth);

+  // API 调用次数配额校验
+  if (api_path) {
+    const callCheck = usageSvc.checkApiCallQuota(plan, usageRow);
+    if (!callCheck.ok) {
+      return { ok: false, error_code: callCheck.error_code, message: callCheck.message };
+    }
+    usageRow = await usageSvc.incrementApiCallCount(row.user_id, sub.plan_id, statMonth);
+  }
+
  const delta = normalizeUsageDelta(body.usage_delta || body.usage_report);
  if (hasPositiveDelta(delta)) {
    const q = usageSvc.checkQuotaAfterDelta(plan, usageRow, delta);
@@ -99,6 +116,7 @@ async function verifyRequest(body) {
        friend_count: usageSvc.num(usageRow.friend_count),
        sns_count: usageSvc.num(usageRow.sns_count),
        active_user_count: usageSvc.num(usageRow.active_user_count),
+        api_call_count: usageSvc.num(usageRow.api_call_count),
      },
    },
  };
--- a/api/service/biz_usage_service.js
+++ b/api/service/biz_usage_service.js
@@ -35,6 +35,7 @@ async function getOrCreateUsage(userId, planId, statMonth) {
      friend_count: 0,
      sns_count: 0,
      active_user_count: 0,
+      api_call_count: 0,
    },
  });
  if (num(row.plan_id) !== num(planId)) {
@@ -100,11 +101,57 @@ async function ensureUsageRowsForCurrentMonth() {
  return n;
 }

+/**
+ * 校验 API 调用次数是否超限
+ * @param {object} plan - 套餐记录（含 api_call_quota）
+ * @param {object} usageRow - 当月用量记录（含 api_call_count）
+ * @returns {{ ok: boolean, error_code?: string, message?: string }}
+ */
+function checkApiCallQuota(plan, usageRow) {
+  const quota = num(plan.api_call_quota);
+  if (quota <= 0) return { ok: true };
+  const used = num(usageRow.api_call_count) + 1;
+  if (used > quota) {
+    return { ok: false, error_code: "API_CALL_QUOTA_EXCEEDED", message: `当月 API 调用次数已达上限(${quota})` };
+  }
+  return { ok: true };
+}
+
+/**
+ * API 调用次数 +1
+ */
+async function incrementApiCallCount(userId, planId, statMonth) {
+  const row = await getOrCreateUsage(userId, planId, statMonth);
+  await row.update({ api_call_count: num(row.api_call_count) + 1 });
+  return row.reload();
+}
+
+/**
+ * 校验接口路径是否在套餐允许范围内
+ * @param {object} plan - 套餐记录（含 allowed_apis）
+ * @param {string} apiPath - 当前请求的接口路径，如 /user/GetProfile
+ * @returns {{ ok: boolean, error_code?: string, message?: string }}
+ */
+function checkApiPathAllowed(plan, apiPath) {
+  const allowed = plan.allowed_apis;
+  if (allowed == null) return { ok: true };
+  let list = allowed;
+  if (typeof list === "string") {
+    try { list = JSON.parse(list); } catch { return { ok: true }; }
+  }
+  if (!Array.isArray(list) || list.length === 0) return { ok: true };
+  if (list.includes(apiPath)) return { ok: true };
+  return { ok: false, error_code: "API_NOT_ALLOWED", message: `当前套餐不支持该接口: ${apiPath}` };
+}
+
 module.exports = {
  currentStatMonth,
  getOrCreateUsage,
  applyDelta,
  checkQuotaAfterDelta,
  ensureUsageRowsForCurrentMonth,
+  checkApiCallQuota,
+  incrementApiCallCount,
+  checkApiPathAllowed,
  num,
 };