import json import re from datetime import datetime from flask import Blueprint, jsonify, request from sqlalchemy import desc, or_ # 引入 jwt 相关函数 from flask_jwt_extended import create_access_token, jwt_required, get_jwt_identity from extensions import db from models import Device, DeviceHistory, MaintenanceLog, User, UserDevicePermission # 尝试导入爬虫模块 (如果没有则跳过,防止报错) try: from services.core import execute_monitor_task except ImportError: execute_monitor_task = None api_bp = Blueprint('api', __name__, url_prefix='/api') # ======================= # 🔧 辅助函数 (权限核心) # ======================= def is_admin(user_id): """ 判断是否为超级管理员 (Root权限) 逻辑: 1. ID 为 '0' (硬编码后门) -> 通过 2. 数据库中角色为 'admin' -> 通过 """ if str(user_id) == '0': return True if not user_id: return False try: u = User.query.get(int(user_id)) return u and u.role == 'admin' except: return False def is_manager(user_id): """ 判断是否为管理者 (Admin OR Engineer) 用于:修改地点、切换维修模式、写日志 """ if is_admin(user_id): return True try: u = User.query.get(int(user_id)) return u and u.role == 'engineer' except: return False def calculate_offset(latest_time_str): """计算时间滞后天数""" if not latest_time_str or latest_time_str == "N/A": return "从未同步" try: clean = str(latest_time_str).split()[0].replace('_', '-') target = datetime.strptime(clean, "%Y-%m-%d").date() diff = (datetime.now().date() - target).days return "当天已同步" if diff == 0 else f"滞后 {diff} 天" except: return "时间解析失败" # ======================= # 0. 认证接口 # ======================= @api_bp.route('/login', methods=['POST']) def login(): data = request.get_json() username = data.get('username') password = data.get('password') # 1. 后门判定 if username == 'admin' and password == 'licahk': token = create_access_token(identity='0', additional_claims={'role': 'admin'}) return jsonify({ 'code': 200, 'message': 'Root后门登录', 'token': token, 'role': 'admin', 'user_id': 0, 'username': 'admin' }) # 2. 正常查库登录 user = User.query.filter_by(username=username).first() if user and user.check_password(password): token = create_access_token(identity=str(user.id), additional_claims={'role': user.role}) return jsonify({ 'code': 200, 'message': '登录成功', 'token': token, 'role': user.role, 'user_id': user.id, 'username': user.username }) return jsonify({'code': 401, 'message': '用户名或密码错误'}), 401 # ======================= # 1. 设备接口 # ======================= @api_bp.route('/devices_overview', methods=['GET']) @jwt_required() def devices_overview(): try: user_id = get_jwt_identity() if is_admin(user_id): target_devices = Device.query.all() else: perms = UserDevicePermission.query.filter_by(user_id=int(user_id)).all() allowed_ids = [p.device_id for p in perms] target_devices = Device.query.filter(Device.id.in_(allowed_ids)).all() if allowed_ids else [] return jsonify({'code': 200, 'data': [d.to_dict() for d in target_devices]}) except Exception as e: return jsonify({'code': 500, 'message': str(e)}) @api_bp.route('/device_data_by_date', methods=['GET']) @jwt_required(optional=True) def device_data_by_date(): name = request.args.get('name') date_str = request.args.get('date') if not name or not date_str: return jsonify({'code': 400}), 400 device = Device.query.filter_by(name=name).first() if not device: return jsonify({'code': 404}), 404 hist = DeviceHistory.query.filter(DeviceHistory.device_id == device.id, DeviceHistory.data_time.like(f"{date_str}%")).order_by(desc(DeviceHistory.id)).first() content = hist.json_data if hist else (device.json_data if device.latest_time and str(device.latest_time).startswith(date_str) else None) if content: if isinstance(content, str): try: content = json.loads(content) except: pass return jsonify({'code': 200, 'name': device.name, 'source': device.source, 'content': content}) return jsonify({'code': 404, 'message': '无数据'}), 404 # ======================= # 2. 用户管理 (Admin Only) # ======================= @api_bp.route('/admin/users', methods=['GET']) @jwt_required() def admin_get_users(): if not is_admin(get_jwt_identity()): return jsonify({'code': 403}), 403 users = User.query.order_by(desc(User.created_at)).all() result = [] for u in users: if str(u.id) == str(get_jwt_identity()): continue perms = UserDevicePermission.query.filter_by(user_id=u.id).all() result.append({ "id": u.id, "username": u.username, "role": u.role, "created_at": u.created_at, "allowed_device_ids": [p.device_id for p in perms] }) return jsonify({'code': 200, 'data': result}) @api_bp.route('/admin/create_user', methods=['POST']) @jwt_required() def admin_create_user(): if not is_admin(get_jwt_identity()): return jsonify({'code': 403}), 403 data = request.get_json() if User.query.filter_by(username=data.get('username')).first(): return jsonify({'code': 400, 'msg': '用户名已存在'}), 400 u = User(username=data.get('username'), role=data.get('role', 'client')) u.set_password(data.get('password')) db.session.add(u) db.session.commit() return jsonify({'code': 200, 'msg': '创建成功'}) @api_bp.route('/admin/delete_user', methods=['POST']) @jwt_required() def admin_delete_user(): curr = get_jwt_identity() if not is_admin(curr): return jsonify({'code': 403}), 403 uid = request.get_json().get('user_id') if str(uid) == str(curr): return jsonify({'code': 400, 'msg': '无法删除自己'}), 400 user = User.query.get(uid) if user: UserDevicePermission.query.filter_by(user_id=user.id).delete() db.session.delete(user) db.session.commit() return jsonify({'code': 200, 'msg': '删除成功'}) @api_bp.route('/admin/assign_devices', methods=['POST']) @jwt_required() def admin_assign_devices(): if not is_admin(get_jwt_identity()): return jsonify({'code': 403}), 403 data = request.get_json() UserDevicePermission.query.filter_by(user_id=data.get('user_id')).delete() for did in data.get('device_ids', []): db.session.add(UserDevicePermission(user_id=data.get('user_id'), device_id=did)) db.session.commit() return jsonify({'code': 200, 'msg': '权限已保存'}) # ======================= # 3. 日志与工具 (权限隔离) # ======================= @api_bp.route('/logs/list', methods=['GET']) @jwt_required() def get_logs(): """ 获取日志列表 权限逻辑更新: - Admin: 可以看所有 - Engineer/Client: 只能看自己名下设备的日志 (严格过滤) """ user_id = get_jwt_identity() keyword = request.args.get('keyword', '') start_date = request.args.get('start_date') end_date = request.args.get('end_date') query = MaintenanceLog.query # 🛡️ 权限隔离 if not is_admin(user_id): perms = UserDevicePermission.query.filter_by(user_id=int(user_id)).all() if not perms: return jsonify({'code': 200, 'data': []}) allowed_names = [d.name for d in Device.query.filter(Device.id.in_([p.device_id for p in perms])).all()] query = query.filter(MaintenanceLog.device_name.in_(allowed_names)) if keyword: kw = f"%{keyword}%" query = query.filter(or_( MaintenanceLog.device_name.like(kw), MaintenanceLog.engineer.like(kw), MaintenanceLog.location.like(kw), MaintenanceLog.content.like(kw) )) if start_date and end_date: try: s = datetime.strptime(start_date, '%Y-%m-%d') e = datetime.strptime(end_date, '%Y-%m-%d').replace(hour=23, minute=59, second=59) query = query.filter(MaintenanceLog.timestamp.between(s, e)) except: pass logs = query.order_by(desc(MaintenanceLog.timestamp)).all() return jsonify({'code': 200, 'data': [l.to_dict() for l in logs]}) @api_bp.route('/logs/add', methods=['POST']) @jwt_required() def add_log(): if not is_manager(get_jwt_identity()): return jsonify({'code': 403}), 403 data = request.get_json() # 后端安全校验:如果是工程师,建议再次校验 engineer 字段是否匹配其 username db.session.add(MaintenanceLog( device_name=data.get('device_name'), engineer=data.get('engineer'), location=data.get('location'), content=data.get('content') )) db.session.commit() return jsonify({'code': 200}) @api_bp.route('/logs/update', methods=['POST']) @jwt_required() def update_log(): if not is_manager(get_jwt_identity()): return jsonify({'code': 403}), 403 data = request.get_json() log = MaintenanceLog.query.get(data.get('id')) if not log: return jsonify({'code': 404}), 404 log.engineer = data.get('engineer') log.location = data.get('location') log.content = data.get('content') db.session.commit() return jsonify({'code': 200, 'msg': '更新成功'}) @api_bp.route('/logs/delete', methods=['POST']) @jwt_required() def delete_log(): if not is_admin(get_jwt_identity()): return jsonify({'code': 403}), 403 log = MaintenanceLog.query.get(request.get_json().get('id')) if log: db.session.delete(log) db.session.commit() return jsonify({'code': 200}) return jsonify({'code': 404}) # ======================= # 4. 系统检测与控制 (原有功能完整保留) # ======================= @api_bp.route('/run_monitor', methods=['POST']) @jwt_required() def run_monitor(): if not is_admin(get_jwt_identity()): return jsonify({'code': 403}), 403 if not execute_monitor_task: return jsonify({'code': 500, 'msg': '爬虫模块未加载'}) try: task_result = execute_monitor_task() if not task_result: return jsonify({'code': 200, 'msg': '无任务'}) scraped_list = task_result.get('device_list', []) now_str = datetime.now().strftime("%Y-%m-%d %H:%M:%S") count = 0 for item in scraped_list: d_name = item.get('name') if not d_name: continue d_raw = item.get('raw_json', {}) target_time = item.get('target_time') source = item.get('source', '') # 针对 106 源码进行特殊路径解析 if '106' in str(source): try: path_str = d_raw.get('path', '') match = re.search(r'/Data/(\d{4}_\d{2}_\d{2})/\w+_(\d{2}_\d{2}_\d{2})\.csv', path_str) if match: target_time = f"{match.group(1).replace('_', '-')} {match.group(2).replace('_', ':')}" except: pass json_str = json.dumps(d_raw, ensure_ascii=False) device = Device.query.filter_by(name=d_name).first() if not device: device = Device(name=d_name, source=source) db.session.add(device) db.session.flush() device.status = item.get('status') device.current_value = item.get('value') device.latest_time = target_time device.check_time = now_str device.json_data = json_str device.offset = calculate_offset(target_time) db.session.add(DeviceHistory( device_id=device.id, status=device.status, result_data=device.current_value, data_time=target_time, json_data=json_str )) count += 1 db.session.commit() return jsonify({'code': 200, 'message': f'更新 {count} 台设备'}) except Exception as e: db.session.rollback() return jsonify({'code': 500, 'message': str(e)}) @api_bp.route('/update_site', methods=['POST']) @jwt_required() def update_site(): if not is_manager(get_jwt_identity()): return jsonify({'code': 403}), 403 d = Device.query.filter_by(name=request.get_json().get('name')).first() if d: d.install_site = request.get_json().get('site') db.session.commit() return jsonify({'code': 200}) return jsonify({'code': 404}) @api_bp.route('/toggle_maintenance', methods=['POST']) @jwt_required() def toggle_maintenance(): if not is_manager(get_jwt_identity()): return jsonify({'code': 403}), 403 d = Device.query.filter_by(name=request.get_json().get('name')).first() if d: d.is_maintaining = request.get_json().get('is_maintaining') db.session.commit() return jsonify({'code': 200}) return jsonify({'code': 404}) @api_bp.route('/toggle_hidden', methods=['POST']) @jwt_required() def toggle_hidden(): if not is_admin(get_jwt_identity()): return jsonify({'code': 403}), 403 d = Device.query.filter_by(name=request.get_json().get('name')).first() if d: d.is_hidden = request.get_json().get('is_hidden') db.session.commit() return jsonify({'code': 200}) return jsonify({'code': 404})