* feat(auth): Improved device session management logic
- Replaced the `userID` parameter with the `user` object to support operations with more user attributes.
- Introduced `SessionTTL` and `MaxDevices` properties in the `Handle` and `EnsureActiveOnLogin` functions to support user-defined settings.
- Adjusted the session creation and verification logic in `session.go` to support user-defined device count and session duration.
- Added help documentation in `setting.go` to explain the configuration purposes of `MaxDevices` and `DeviceSessionTTL`.
- Added optional `MaxDevices` and `SessionTTL` properties to the user entity in `user.go` and persisted these settings across user updates.
- Modified the device handling logic in `webdav.go` to adapt to the new user object parameters.
* feat(session): Added session cleanup functionality
- Added the `/clean` route to the route for session cleanup
- Added the `DeleteInactiveSessions` method to support deleting inactive sessions by user ID
- Added the `DeleteSessionByID` method to delete a specific session by session ID
- Defined the `CleanSessionsReq` request structure to support passing a user ID or session ID
- Implemented the `CleanSessions` interface logic to perform corresponding session cleanup operations based on the request parameters
* feat(session): Added session list functionality with usernames
- Added the `SessionWithUser` structure, which includes `Session` and `Username` fields.
- Added the `ListSessionsWithUser` function, which queries and returns a list of sessions with usernames.
- Used a `JOIN` operation to join the session and user tables to retrieve the username associated with each session.
- Changed `ListSessions` to `ListSessionsWithUser` to ensure that the username is retrieved.
* feat(webdav): Enhanced WebDAV authentication logic
- Added logic for generating device keys based on the Client-Id, prioritizing those obtained from the request header.
- If the Client-Id is missing, attempts to obtain it from the cookie. If that still doesn't exist, generates a random suffix for the client IP address as an identifier.
- Stores the generated Client-Id in a cookie to ensure consistency across subsequent requests.
- Use the device.EnsureActiveOnLogin method instead of the original Handle method to reactivate inactive sessions.
* feat(auth): Added device session management
- Added the `handleSession` function to manage user device sessions and verify client identity
- Updated `auth.go` to call `handleSession` for device handling when a user logs in
- Added the `Session` model to database migrations
- Added `device.go` and `session.go` files to handle device session logic
- Updated `settings.go` to add device-related configuration items, such as the maximum number of devices, device eviction policy, and session TTL
* feat(session): Adds session management features
- Added `SessionInactive` error type in `device.go`
- Added session-related APIs in `router.go` to support listing and evicting sessions
- Added `ListSessionsByUser`, `ListSessions`, and `MarkInactive` methods in `session.go`
- Returns an appropriate error when the session state is `SessionInactive`
* feat(auth): Marks the device session as invalid.
- Import the `session` package into the `auth` module to handle device session status.
- Add a check in the login logic. If `device_key` is obtained, call `session.MarkInactive` to mark the device session as invalid.
- Store the invalid status in the context variable `session_inactive` for subsequent middleware checks.
- Add a check in the session refresh logic to abort the process if the current session has been marked invalid.
* feat(auth, session): Added device information processing and session management changes
- Updated device handling logic in `auth.go` to pass user agent and IP information
- Adjusted database queries in `session.go` to optimize session query fields and add `user_agent` and `ip` fields
- Modified the `Handle` method to add `ua` and `ip` parameters to store the user agent and IP address
- Added the `SessionResp` structure to return a session response containing `user_agent` and `ip`
- Updated the `/admin/user/create` and `/webdav` endpoints to pass the user agent and IP address to the device handler
* fix(setting): ensure DefaultRole stores role ID while exposing role name in APIs
- Simplified initial settings to use `model.GUEST` as the default role ID instead of querying roles at startup.
- Updated `GetSetting`, `ListSettings` handlers to:
- Convert stored role ID into the corresponding role name when returning data.
- Preserve dynamic role options for selection.
- Removed unused `strings` import and role preloading logic from `InitialSettings`.
- This change avoids DB dependency during initialization while keeping consistent role display for frontend clients.
* fix(setting): ensure DefaultRole stores role ID while exposing role
name in APIs (fix/settings-get-role)
- Simplify initial settings to use `model.GUEST` as the default role ID
instead of querying roles at startup.
- Update `GetSetting`, `ListSettings` handlers to:
- Convert stored role ID into the corresponding role name when
returning data.
- Preserve dynamic role options for selection.
- Remove unused `strings` import and role preloading logic from
`InitialSettings`.
- Avoid DB dependency during initialization while keeping consistent
role display for frontend clients.
* feat(setting): add role-based default and registration settings (closed #feat/register-and-statistics)
- Added `AllowRegister` and `DefaultRole` settings to site configuration.
- Integrated dynamic role options for `DefaultRole` using `op.GetRoles`.
- Updated `setting.go` handlers to manage `DefaultRole` options dynamically.
- Modified `const.go` to include new site settings constants.
- Updated dependencies in `go.mod` and `go.sum` to support new functionality.
* feat(register-and-statistics): add user registration endpoint
- Added `POST /auth/register` endpoint to support user registration.
- Implemented registration logic in `auth.go` with dynamic role assignment.
- Integrated settings `AllowRegister` and `DefaultRole` for registration flow.
- Updated imports to include new modules: `conf`, `setting`.
- Adjusted user creation logic to use `DefaultRole` setting dynamically.
* feat(register-and-statistics): add user registration endpoint (#register-and-statistics)
- Added `POST /auth/register` endpoint to support user registration.
- Implemented registration logic in `auth.go` with dynamic role assignment.
- Integrated `AllowRegister` and `DefaultRole` settings for registration flow.
- Updated imports to include new modules: `conf`, `setting`.
- Adjusted user creation logic to use `DefaultRole` dynamically.
* feat(register-and-statistics): enhance role management logic (#register-and-statistics)
- Refactored CreateRole and UpdateRole functions to handle default role.
- Added dynamic role assignment logic in 'role.go' using conf settings.
- Improved request handling in 'handles/role.go' with structured data.
- Implemented default role logic in 'db/role.go' to update non-default roles.
- Modified 'model/role.go' to include a 'Default' field for role management.
* feat(register-and-statistics): enhance role management logic
- Refactor CreateRole and UpdateRole to handle default roles.
- Add dynamic role assignment using conf settings in 'role.go'.
- Improve request handling with structured data in 'handles/role.go'.
- Implement default role logic in 'db/role.go' for non-default roles.
- Modify 'model/role.go' to include 'Default' field for role management.
* feat(register-and-statistics): improve role handling logic
- Switch from role names to role IDs for better consistency.
- Update logic to prioritize "guest" for default role ID.
- Adjust `DefaultRole` setting to use role IDs.
- Refactor `getRoleOptions` to return role IDs as a comma-separated string.
* feat(register-and-statistics): improve role handling logic
* fix: potential XSS vulnerabilities
* feat: support filter and render for readme.md
* chore: set ReadMeAutoRender to true
* fix attachFileName undefined
---------
Co-authored-by: Andy Hsu <i@nn.ci>
* feat: support webauthn login
* manually merge
* fix: clear user cache after updating authn
* decrease db size of Authn
* change authn type to text
* simplify code structure
---------
Co-authored-by: Andy Hsu <i@nn.ci>
* feat(qbittorrent): authorization and logging in support
* feat(qbittorrent/client): support `AddFromLink`
* refactor(qbittorrent/client): check authorization when getting a new client
* feat(qbittorrent/client): support `GetInfo`
* test(qbittorrent/client): update test cases
* feat(qbittorrent): init qbittorrent client on bootstrap
* feat(qbittorrent): support setting webui url via gin
* feat(qbittorrent/client): support deleting
* feat(qbittorrent/client): parse `TorrentStatus` enum when unmarshalling json in `GetInfo()`
* feat(qbittorrent/client): support getting files by id
* feat(qbittorrent): support adding qbittorrent tasks via gin
* refactor(qbittorrent/client): return a `Client` interface in `New()` instead of `*client`
* refactor: task handle
* chore: fix typo
* chore: change path
---------
Co-authored-by: Andy Hsu <i@nn.ci>
千石