feat: user manage api

internal/db/user.go

@@ -86,6 +86,9 @@ func DeleteUserById(id uint) error {
 	if err != nil {
 		return err
 	}
+	if old.IsAdmin() || old.IsGuest() {
+		return errors.WithStack(errs.DeleteAdminOrGuest)
+	}
 	userCache.Del(old.Username)
 	return errors.WithStack(db.Delete(&model.User{}, id).Error)
 }

internal/errs/user.go

@@ -6,4 +6,5 @@ var (
 	EmptyUsername      = errors.New("username is empty")
 	EmptyPassword      = errors.New("password is empty")
 	WrongPassword      = errors.New("password is incorrect")
+	DeleteAdminOrGuest = errors.New("cannot delete admin or guest")
 )

internal/model/user.go

@@ -13,7 +13,7 @@ const (
 
 type User struct {
 	ID       uint   `json:"id" gorm:"primaryKey"`                      // unique key
-	Username string `json:"username" gorm:"unique"` // username
+	Username string `json:"username" gorm:"unique" binding:"required"` // username
 	Password string `json:"password"`                                  // password
 	BasePath string `json:"base_path"`                                 // base path
 	ReadOnly bool   `json:"read_only"`                                 // read only

server/controllers/user.go

@@ -0,0 +1,81 @@
+package controllers
+
+import (
+	"github.com/alist-org/alist/v3/internal/db"
+	"github.com/alist-org/alist/v3/internal/model"
+	"github.com/alist-org/alist/v3/server/common"
+	"github.com/gin-gonic/gin"
+	log "github.com/sirupsen/logrus"
+	"strconv"
+)
+
+func ListUsers(c *gin.Context) {
+	var req common.PageReq
+	if err := c.ShouldBind(&req); err != nil {
+		common.ErrorResp(c, err, 400, true)
+		return
+	}
+	log.Debugf("%+v", req)
+	users, total, err := db.GetUsers(req.PageIndex, req.PageSize)
+	if err != nil {
+		common.ErrorResp(c, err, 500)
+		return
+	}
+	common.SuccessResp(c, common.PageResp{
+		Content: users,
+		Total:   total,
+	})
+}
+
+func CreateUser(c *gin.Context) {
+	var req model.User
+	if err := c.ShouldBind(&req); err != nil {
+		common.ErrorResp(c, err, 400, true)
+		return
+	}
+	if req.IsAdmin() || req.IsGuest() {
+		common.ErrorStrResp(c, "admin or guest user can not be created", 400, true)
+		return
+	}
+	if err := db.CreateUser(&req); err != nil {
+		common.ErrorResp(c, err, 500)
+	} else {
+		common.SuccessResp(c)
+	}
+}
+
+func UpdateUser(c *gin.Context) {
+	var req model.User
+	if err := c.ShouldBind(&req); err != nil {
+		common.ErrorResp(c, err, 400, true)
+		return
+	}
+	user, err := db.GetUserById(req.ID)
+	if err != nil {
+		common.ErrorResp(c, err, 500)
+		return
+	}
+	if user.Role != req.Role {
+		common.ErrorStrResp(c, "role can not be changed", 400, true)
+		return
+	}
+	if err := db.UpdateUser(&req); err != nil {
+		common.ErrorResp(c, err, 500)
+	} else {
+		common.SuccessResp(c)
+	}
+}
+
+func DeleteUser(c *gin.Context) {
+	idStr := c.Query("id")
+	id, err := strconv.Atoi(idStr)
+	if err != nil {
+		common.ErrorResp(c, err, 400, true)
+		return
+	}
+	if err := db.DeleteUserById(uint(id)); err != nil {
+		common.ErrorResp(c, err, 500)
+		return
+	}
+	common.SuccessResp(c)
+}

server/router.go

@@ -24,6 +24,12 @@ func Init(r *gin.Engine) {
 	meta.POST("/create", controllers.CreateMeta)
 	meta.POST("/update", controllers.UpdateMeta)
 	meta.POST("/delete", controllers.DeleteMeta)
+
+	user := admin.Group("/user")
+	user.GET("/list", controllers.ListUsers)
+	user.POST("/create", controllers.CreateUser)
+	user.POST("/update", controllers.UpdateUser)
+	user.POST("/delete", controllers.DeleteUser)
 }
 
 func Cors(r *gin.Engine) {