diff --git a/.env.example b/.env.example index b69ee64e..62f7fcfb 100644 --- a/.env.example +++ b/.env.example @@ -96,4 +96,5 @@ LDAP_USER_ATTR_LAST_NAME=sn USER_MANAGEMENT_ENABLED=false DEFAULT_USER_ROLE=user USER_SESSION_TIMEOUT=86400000 -MAX_API_KEYS_PER_USER=5 +MAX_API_KEYS_PER_USER=1 +ALLOW_USER_DELETE_API_KEYS=false diff --git a/config/config.example.js b/config/config.example.js index 5b8786b6..433ecd1f 100644 --- a/config/config.example.js +++ b/config/config.example.js @@ -175,7 +175,8 @@ const config = { enabled: process.env.USER_MANAGEMENT_ENABLED === 'true', defaultUserRole: process.env.DEFAULT_USER_ROLE || 'user', userSessionTimeout: parseInt(process.env.USER_SESSION_TIMEOUT) || 86400000, // 24小时 - maxApiKeysPerUser: parseInt(process.env.MAX_API_KEYS_PER_USER) || 5 + maxApiKeysPerUser: parseInt(process.env.MAX_API_KEYS_PER_USER) || 1, + allowUserDeleteApiKeys: process.env.ALLOW_USER_DELETE_API_KEYS === 'true' // 默认不允许用户删除自己的API Keys }, // 📢 Webhook通知配置 diff --git a/src/routes/userRoutes.js b/src/routes/userRoutes.js index 653e3c9e..f4f995c1 100644 --- a/src/routes/userRoutes.js +++ b/src/routes/userRoutes.js @@ -208,7 +208,8 @@ router.get('/profile', authenticateUser, async (req, res) => { totalUsage: user.totalUsage }, config: { - maxApiKeysPerUser: config.userManagement.maxApiKeysPerUser + maxApiKeysPerUser: config.userManagement.maxApiKeysPerUser, + allowUserDeleteApiKeys: config.userManagement.allowUserDeleteApiKeys } }) } catch (error) { @@ -352,6 +353,15 @@ router.delete('/api-keys/:keyId', authenticateUser, async (req, res) => { try { const { keyId } = req.params + // 检查是否允许用户删除自己的API Keys + if (!config.userManagement.allowUserDeleteApiKeys) { + return res.status(403).json({ + error: 'Operation not allowed', + message: + 'Users are not allowed to delete their own API keys. Please contact an administrator.' + }) + } + // 检查API Key是否属于当前用户 const existingKey = await apiKeyService.getApiKeyById(keyId) if (!existingKey || existingKey.userId !== req.user.id) { diff --git a/src/services/userService.js b/src/services/userService.js index 80649283..00f0665f 100644 --- a/src/services/userService.js +++ b/src/services/userService.js @@ -534,9 +534,15 @@ class UserService { // 构建匹配字符串数组(只考虑displayName、username、email,去除空值和重复值) const matchStrings = new Set() - if (displayName) matchStrings.add(displayName.toLowerCase().trim()) - if (username) matchStrings.add(username.toLowerCase().trim()) - if (email) matchStrings.add(email.toLowerCase().trim()) + if (displayName) { + matchStrings.add(displayName.toLowerCase().trim()) + } + if (username) { + matchStrings.add(username.toLowerCase().trim()) + } + if (email) { + matchStrings.add(email.toLowerCase().trim()) + } const matchingKeys = [] diff --git a/web/admin-spa/src/components/user/UserApiKeysManager.vue b/web/admin-spa/src/components/user/UserApiKeysManager.vue index 8100cd88..aab75a5f 100644 --- a/web/admin-spa/src/components/user/UserApiKeysManager.vue +++ b/web/admin-spa/src/components/user/UserApiKeysManager.vue @@ -159,7 +159,11 @@