update api key manage

backend/app/Controller/api/v1/AdminApiKeyController.php

@@ -0,0 +1,232 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Controller\Api\V1;
+
+use App\Controller\AbstractController;
+use App\Middleware\AuthMiddleware;
+use App\Middleware\PermissionMiddleware;
+use App\Model\ApiKey;
+use Hyperf\HttpServer\Annotation\Controller;
+use Psr\Http\Message\ResponseInterface;
+use Hyperf\HttpServer\Annotation\Middleware;
+use Hyperf\HttpServer\Annotation\RequestMapping;
+use OpenApi\Attributes as OA;
+
+#[OA\Tag(name: 'Admin API Keys', description: '管理员 API Key 管理')]
+#[Controller(prefix: "/api/v1/admin/api-keys")]
+class AdminApiKeyController extends AbstractController
+{
+    /**
+     * 管理员列出所有 API Keys
+     *
+     * 支持按 user_id、enabled 筛选，关联用户信息
+     */
+    #[OA\Get(
+        path: '/admin/api-keys',
+        summary: '管理员列出所有 API Keys',
+        description: '分页列出所有用户的 API Keys，支持按 user_id、enabled 筛选，关联用户基本信息',
+        security: [['bearerAuth' => []]],
+        tags: ['Admin API Keys'],
+        parameters: [
+            new OA\Parameter(name: 'page', in: 'query', required: false, description: '页码，默认 1', schema: new OA\Schema(type: 'integer', default: 1)),
+            new OA\Parameter(name: 'per_page', in: 'query', required: false, description: '每页条数，默认 15，最大 100', schema: new OA\Schema(type: 'integer', default: 15)),
+            new OA\Parameter(name: 'user_id', in: 'query', required: false, description: '按用户 ID 筛选', schema: new OA\Schema(type: 'integer')),
+            new OA\Parameter(name: 'enabled', in: 'query', required: false, description: '按启用状态筛选（0/1）', schema: new OA\Schema(type: 'integer', enum: [0, 1])),
+        ],
+        responses: [
+            new OA\Response(
+                response: 200,
+                description: '获取成功',
+                content: new OA\JsonContent(properties: [
+                    new OA\Property(property: 'code', type: 'integer', example: 0),
+                    new OA\Property(property: 'message', type: 'string', example: '获取成功'),
+                    new OA\Property(property: 'data', properties: [
+                        new OA\Property(property: 'items', type: 'array', items: new OA\Items(properties: [
+                            new OA\Property(property: 'id', type: 'integer'),
+                            new OA\Property(property: 'user_id', type: 'integer'),
+                            new OA\Property(property: 'name', type: 'string'),
+                            new OA\Property(property: 'key_prefix', type: 'string'),
+                            new OA\Property(property: 'last_used_at', type: 'string', format: 'date-time', nullable: true),
+                            new OA\Property(property: 'expires_at', type: 'string', format: 'date-time', nullable: true),
+                            new OA\Property(property: 'enabled', type: 'boolean'),
+                            new OA\Property(property: 'created_at', type: 'string', format: 'date-time'),
+                            new OA\Property(property: 'user', properties: [
+                                new OA\Property(property: 'id', type: 'integer'),
+                                new OA\Property(property: 'username', type: 'string'),
+                                new OA\Property(property: 'api_key_enabled', type: 'boolean'),
+                            ], type: 'object'),
+                        ])),
+                        new OA\Property(property: 'total', type: 'integer'),
+                        new OA\Property(property: 'page', type: 'integer'),
+                        new OA\Property(property: 'per_page', type: 'integer'),
+                    ], type: 'object'),
+                ])
+            ),
+            new OA\Response(response: 401, description: '未认证', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
+            new OA\Response(response: 403, description: '无权限', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
+        ]
+    )]
+    #[RequestMapping(path: "", methods: "GET")]
+    #[Middleware(AuthMiddleware::class)]
+    #[Middleware(PermissionMiddleware::class)]
+    public function index(): array
+    {
+        $page = (int) $this->request->input('page', 1);
+        $per_page = min((int) $this->request->input('per_page', 15), 100);
+
+        $query = ApiKey::query()->with('user:id,username,api_key_enabled');
+
+        // 按用户 ID 筛选
+        $user_id = $this->request->input('user_id');
+        if ($user_id !== null && $user_id !== '') {
+            $query->where('user_id', (int) $user_id);
+        }
+
+        // 按启用状态筛选
+        $enabled = $this->request->input('enabled');
+        if ($enabled !== null && $enabled !== '') {
+            $query->where('enabled', (bool) (int) $enabled);
+        }
+
+        $total = $query->count();
+        $items = $query->orderBy('created_at', 'desc')
+            ->offset(($page - 1) * $per_page)
+            ->limit($per_page)
+            ->get();
+
+        return [
+            'code' => 0,
+            'message' => '获取成功',
+            'data' => [
+                'items' => $items,
+                'total' => $total,
+                'page' => $page,
+                'per_page' => $per_page,
+            ],
+        ];
+    }
+
+    /**
+     * 管理员启用/禁用指定 API Key
+     */
+    #[OA\Patch(
+        path: '/admin/api-keys/{id}/toggle',
+        summary: '启用/禁用指定 API Key',
+        description: '管理员切换任意 API Key 的启用状态',
+        security: [['bearerAuth' => []]],
+        tags: ['Admin API Keys'],
+        parameters: [
+            new OA\Parameter(name: 'id', in: 'path', required: true, description: 'API Key ID', schema: new OA\Schema(type: 'integer')),
+        ],
+        requestBody: new OA\RequestBody(
+            required: true,
+            content: new OA\JsonContent(
+                required: ['enabled'],
+                properties: [
+                    new OA\Property(property: 'enabled', type: 'boolean', description: '是否启用'),
+                ]
+            )
+        ),
+        responses: [
+            new OA\Response(
+                response: 200,
+                description: '状态更新成功',
+                content: new OA\JsonContent(properties: [
+                    new OA\Property(property: 'code', type: 'integer', example: 0),
+                    new OA\Property(property: 'message', type: 'string', example: '状态更新成功'),
+                    new OA\Property(property: 'data', properties: [
+                        new OA\Property(property: 'id', type: 'integer'),
+                        new OA\Property(property: 'name', type: 'string'),
+                        new OA\Property(property: 'key_prefix', type: 'string'),
+                        new OA\Property(property: 'enabled', type: 'boolean'),
+                        new OA\Property(property: 'user_id', type: 'integer'),
+                    ], type: 'object'),
+                ])
+            ),
+            new OA\Response(response: 401, description: '未认证', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
+            new OA\Response(response: 403, description: '无权限', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
+            new OA\Response(response: 404, description: 'API Key 不存在', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
+        ]
+    )]
+    #[RequestMapping(path: "{id}/toggle", methods: "PATCH")]
+    #[Middleware(AuthMiddleware::class)]
+    #[Middleware(PermissionMiddleware::class)]
+    public function toggle(int $id): ResponseInterface|array
+    {
+        $api_key = ApiKey::query()->find($id);
+
+        if (!$api_key) {
+            return $this->response->json([
+                'code' => 404,
+                'message' => 'API Key 不存在',
+            ])->withStatus(404);
+        }
+
+        $enabled = filter_var($this->request->input('enabled'), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
+        if ($enabled === null) {
+            return $this->response->json([
+                'code' => 400,
+                'message' => 'enabled 参数不能为空或格式不正确',
+            ])->withStatus(400);
+        }
+
+        $api_key->enabled = $enabled;
+        $api_key->save();
+
+        return [
+            'code' => 0,
+            'message' => '状态更新成功',
+            'data' => $api_key,
+        ];
+    }
+
+    /**
+     * 管理员删除指定 API Key
+     */
+    #[OA\Delete(
+        path: '/admin/api-keys/{id}',
+        summary: '删除指定 API Key',
+        description: '管理员删除任意 API Key（硬删除，不可恢复）',
+        security: [['bearerAuth' => []]],
+        tags: ['Admin API Keys'],
+        parameters: [
+            new OA\Parameter(name: 'id', in: 'path', required: true, description: 'API Key ID', schema: new OA\Schema(type: 'integer')),
+        ],
+        responses: [
+            new OA\Response(
+                response: 200,
+                description: '删除成功',
+                content: new OA\JsonContent(properties: [
+                    new OA\Property(property: 'code', type: 'integer', example: 0),
+                    new OA\Property(property: 'message', type: 'string', example: '删除成功'),
+                ])
+            ),
+            new OA\Response(response: 401, description: '未认证', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
+            new OA\Response(response: 403, description: '无权限', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
+            new OA\Response(response: 404, description: 'API Key 不存在', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
+        ]
+    )]
+    #[RequestMapping(path: "{id}", methods: "DELETE")]
+    #[Middleware(AuthMiddleware::class)]
+    #[Middleware(PermissionMiddleware::class)]
+    public function destroy(int $id): ResponseInterface|array
+    {
+        $api_key = ApiKey::query()->find($id);
+
+        if (!$api_key) {
+            return $this->response->json([
+                'code' => 404,
+                'message' => 'API Key 不存在',
+            ])->withStatus(404);
+        }
+
+        $api_key->delete();
+
+        return [
+            'code' => 0,
+            'message' => '删除成功',
+        ];
+    }
+}

backend/app/Controller/api/v1/ApiKeyController.php

@@ -102,6 +102,27 @@ class ApiKeyController extends AbstractController
             ])->withStatus(400);
         }
 
+        // 同用户内 Key 名称唯一
+        $name_exists = ApiKey::query()
+            ->where('user_id', $user->id)
+            ->where('name', $name)
+            ->exists();
+        if ($name_exists) {
+            return $this->response->json([
+                'code' => 400,
+                'message' => '已存在同名的 API Key，请使用不同的名称',
+            ])->withStatus(400);
+        }
+
+        // 每用户最多 10 个 Key
+        $key_count = ApiKey::query()->where('user_id', $user->id)->count();
+        if ($key_count >= 10) {
+            return $this->response->json([
+                'code' => 400,
+                'message' => '每个用户最多创建 10 个 API Key',
+            ])->withStatus(400);
+        }
+
         // 校验过期时间格式
         if ($expires_at !== null && $expires_at !== '') {
             try {
@@ -241,4 +262,91 @@ class ApiKeyController extends AbstractController
             'message' => '删除成功',
         ];
     }
+
+    /**
+     * 启用/禁用自己的 API Key
+     */
+    #[OA\Patch(
+        path: '/me/api-keys/{id}/toggle',
+        summary: '启用/禁用自己的 API Key',
+        description: '用户切换自己 API Key 的启用状态',
+        security: [['bearerAuth' => []]],
+        tags: ['API Keys'],
+        parameters: [
+            new OA\Parameter(name: 'id', in: 'path', required: true, description: 'API Key ID', schema: new OA\Schema(type: 'integer')),
+        ],
+        requestBody: new OA\RequestBody(
+            required: true,
+            content: new OA\JsonContent(
+                required: ['enabled'],
+                properties: [
+                    new OA\Property(property: 'enabled', type: 'boolean', description: '是否启用'),
+                ]
+            )
+        ),
+        responses: [
+            new OA\Response(
+                response: 200,
+                description: '状态更新成功',
+                content: new OA\JsonContent(properties: [
+                    new OA\Property(property: 'code', type: 'integer', example: 0),
+                    new OA\Property(property: 'message', type: 'string', example: '状态更新成功'),
+                    new OA\Property(property: 'data', properties: [
+                        new OA\Property(property: 'id', type: 'integer'),
+                        new OA\Property(property: 'name', type: 'string'),
+                        new OA\Property(property: 'key_prefix', type: 'string'),
+                        new OA\Property(property: 'enabled', type: 'boolean'),
+                        new OA\Property(property: 'last_used_at', type: 'string', format: 'date-time', nullable: true),
+                        new OA\Property(property: 'expires_at', type: 'string', format: 'date-time', nullable: true),
+                        new OA\Property(property: 'created_at', type: 'string', format: 'date-time'),
+                    ], type: 'object'),
+                ])
+            ),
+            new OA\Response(response: 400, description: '参数错误', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
+            new OA\Response(response: 401, description: '未认证', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
+            new OA\Response(response: 404, description: 'API Key 不存在', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
+        ]
+    )]
+    #[RequestMapping(path: "{id}/toggle", methods: "PATCH")]
+    #[Middleware(AuthMiddleware::class)]
+    public function toggle(int $id, AuthManager $auth): \Psr\Http\Message\ResponseInterface|array
+    {
+        $user = $auth->guard('jwt')->user();
+
+        if (!$user instanceof User) {
+            return $this->response->json([
+                'code' => 401,
+                'message' => '未授权',
+            ])->withStatus(401);
+        }
+
+        $api_key = ApiKey::query()
+            ->where('id', $id)
+            ->where('user_id', $user->id)
+            ->first();
+
+        if (!$api_key) {
+            return $this->response->json([
+                'code' => 404,
+                'message' => 'API Key 不存在',
+            ])->withStatus(404);
+        }
+
+        $enabled = filter_var($this->request->input('enabled'), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
+        if ($enabled === null) {
+            return $this->response->json([
+                'code' => 400,
+                'message' => 'enabled 参数不能为空或格式不正确',
+            ])->withStatus(400);
+        }
+
+        $api_key->enabled = $enabled;
+        $api_key->save();
+
+        return [
+            'code' => 0,
+            'message' => '状态更新成功',
+            'data' => $api_key,
+        ];
+    }
 }

backend/app/Controller/api/v1/AuthController.php

@@ -396,6 +396,7 @@ class AuthController extends AbstractController
                         new OA\Property(property: 'username', type: 'string', example: 'admin'),
                         new OA\Property(property: 'email', type: 'string', example: 'admin@example.com'),
                         new OA\Property(property: 'status', type: 'integer', example: 1),
+                        new OA\Property(property: 'api_key_enabled', type: 'boolean', example: true, description: 'API Key 功能是否启用'),
                         new OA\Property(property: 'ext', type: 'object', nullable: true),
                         new OA\Property(property: 'created_at', type: 'string', format: 'date-time'),
                     ], type: 'object'),
@@ -428,6 +429,7 @@ class AuthController extends AbstractController
                 'email' => $user->email,
                 'role' => $user->role?->name ?? 'accessor',
                 'status' => $user->status,
+                'api_key_enabled' => $user->api_key_enabled,
                 'ext' => $user->ext,
                 'created_at' => $user->created_at->toDateTimeString(),
             ],

backend/app/Controller/api/v1/UserController.php

@@ -554,4 +554,81 @@ class UserController extends AbstractController
             'data' => $user,
         ];
     }
+
+    /**
+     * 管理员切换用户 API Key 权限
+     */
+    #[OA\Patch(
+        path: '/users/{id}/api-key-enabled',
+        summary: '切换用户 API Key 权限',
+        description: '管理员切换指定用户的 api_key_enabled 全局开关。关闭后该用户所有 Key 无法认证，重新开启后自动恢复',
+        security: [['bearerAuth' => []]],
+        tags: ['Users'],
+        parameters: [
+            new OA\Parameter(name: 'id', in: 'path', required: true, description: '用户 ID', schema: new OA\Schema(type: 'integer')),
+        ],
+        requestBody: new OA\RequestBody(
+            required: true,
+            content: new OA\JsonContent(
+                required: ['api_key_enabled'],
+                properties: [
+                    new OA\Property(property: 'api_key_enabled', type: 'boolean', description: '是否启用 API Key 功能'),
+                ]
+            )
+        ),
+        responses: [
+            new OA\Response(
+                response: 200,
+                description: 'API Key 权限更新成功',
+                content: new OA\JsonContent(properties: [
+                    new OA\Property(property: 'code', type: 'integer', example: 0),
+                    new OA\Property(property: 'message', type: 'string', example: 'API Key 权限更新成功'),
+                    new OA\Property(property: 'data', properties: [
+                        new OA\Property(property: 'id', type: 'integer'),
+                        new OA\Property(property: 'username', type: 'string'),
+                        new OA\Property(property: 'api_key_enabled', type: 'boolean'),
+                    ], type: 'object'),
+                ])
+            ),
+            new OA\Response(response: 400, description: '参数错误', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
+            new OA\Response(response: 401, description: '未认证', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
+            new OA\Response(response: 403, description: '无权限', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
+            new OA\Response(response: 404, description: '用户不存在', content: new OA\JsonContent(ref: '#/components/schemas/ErrorResponse')),
+        ]
+    )]
+    #[RequestMapping(path: "{id}/api-key-enabled", methods: "PATCH")]
+    #[Middleware(AuthMiddleware::class)]
+    #[Middleware(PermissionMiddleware::class)]
+    public function updateApiKeyEnabled(int $id): \Psr\Http\Message\ResponseInterface|array
+    {
+        $user = User::query()->find($id);
+
+        if (!$user) {
+            return $this->response->json([
+                'code' => 404,
+                'message' => '用户不存在',
+            ])->withStatus(404);
+        }
+
+        $api_key_enabled = filter_var($this->request->input('api_key_enabled'), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
+        if ($api_key_enabled === null) {
+            return $this->response->json([
+                'code' => 400,
+                'message' => 'api_key_enabled 参数不能为空或格式不正确',
+            ])->withStatus(400);
+        }
+
+        $user->api_key_enabled = $api_key_enabled;
+        $user->save();
+
+        return [
+            'code' => 0,
+            'message' => 'API Key 权限更新成功',
+            'data' => [
+                'id' => $user->id,
+                'username' => $user->username,
+                'api_key_enabled' => $user->api_key_enabled,
+            ],
+        ];
+    }
 }