feat: 完善AD域控用户系统，增加配置说明

- 完善用户API Key创建流程，移除名称编辑权限
- 清理硬编码敏感信息，改用环境变量配置
- 在README.md和.env.example中添加AD域控配置说明
- 修复ESLint no-shadow错误
- 删除测试文件test-fixed-auto-link.js

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

src/routes/ldapRoutes.js

@@ -196,8 +196,14 @@ router.get('/list-ous', async (req, res) => {
  */
 router.get('/verify-ou', async (req, res) => {
   try {
-    const { ou = '微店' } = req.query
-    const testDN = `OU=${ou},DC=corp,DC=weidian-inc,DC=com`
+    const defaultOU = process.env.LDAP_DEFAULT_OU || 'YourOU'
+    const { ou = defaultOU } = req.query
+    // 使用配置的baseDN来构建测试DN，而不是硬编码域名
+    const config = ldapService.getConfig()
+    // 从baseDN中提取域部分，替换OU部分
+    const baseDNParts = config.baseDN.split(',')
+    const domainParts = baseDNParts.filter((part) => part.trim().startsWith('DC='))
+    const testDN = `OU=${ou},${domainParts.join(',')}`
 
     logger.info(`Verifying OU exists: ${testDN}`)
 
@@ -461,7 +467,8 @@ router.get('/user/api-keys', authenticateUser, async (req, res) => {
 router.post('/user/api-keys', authenticateUser, async (req, res) => {
   try {
     const { username } = req.user
-    const { limit } = req.body
+    // 用户创建的API Key不需要任何输入参数，都使用默认值
+    // const { limit } = req.body // 不再从请求体获取limit
 
     // 检查用户是否已有API Key
     const redis = require('../models/redis')
@@ -492,8 +499,8 @@ router.post('/user/api-keys', authenticateUser, async (req, res) => {
     const defaultName = displayName || username
 
     const keyParams = {
-      name: defaultName, // 忽略用户输入的name，强制使用displayName
-      tokenLimit: limit || 0,
+      name: defaultName, // 使用displayName作为API Key名称
+      tokenLimit: 0, // 固定为无限制
       description: `AD用户${username}创建的API Key`,
       // AD用户创建的Key添加owner信息以区分用户归属
       owner: username,
@@ -521,7 +528,7 @@ router.post('/user/api-keys', authenticateUser, async (req, res) => {
         id: newKey.id,
         key: newKey.apiKey, // 返回完整的API Key
         name: newKey.name,
-        tokenLimit: newKey.tokenLimit || limit || 0,
+        tokenLimit: newKey.tokenLimit || 0,
         used: 0,
         createdAt: newKey.createdAt,
         isActive: true,
@@ -616,8 +623,8 @@ router.put('/user/api-keys/:keyId', authenticateUser, async (req, res) => {
       })
     }
 
-    // 限制用户只能修改特定字段
-    const allowedFields = ['name', 'description', 'isActive']
+    // 限制用户只能修改特定字段（不允许修改name）
+    const allowedFields = ['description', 'isActive']
     const filteredUpdates = {}
     for (const [key, value] of Object.entries(updates)) {
       if (allowedFields.includes(key)) {

src/services/ldapService.js

@@ -4,11 +4,22 @@ const logger = require('../utils/logger')
 class LDAPService {
   constructor() {
     this.client = null
+
+    // 检查必需的LDAP配置
+    if (
+      !process.env.LDAP_URL ||
+      !process.env.LDAP_BIND_DN ||
+      !process.env.LDAP_BIND_PASSWORD ||
+      !process.env.LDAP_BASE_DN
+    ) {
+      logger.warn('⚠️ LDAP配置不完整，请检查.env文件中的LDAP配置项')
+    }
+
     this.config = {
-      url: process.env.LDAP_URL || 'ldap://172.25.3.100:389',
-      bindDN: process.env.LDAP_BIND_DN || 'LDAP-Proxy-Read',
-      bindPassword: process.env.LDAP_BIND_PASSWORD || 'Y%77JsVK8W',
-      baseDN: process.env.LDAP_BASE_DN || 'OU=微店,DC=corp,DC=weidian-inc,DC=com',
+      url: process.env.LDAP_URL || '',
+      bindDN: process.env.LDAP_BIND_DN || '',
+      bindPassword: process.env.LDAP_BIND_PASSWORD || '',
+      baseDN: process.env.LDAP_BASE_DN || '',
       searchFilter: process.env.LDAP_SEARCH_FILTER || '(&(objectClass=user)(cn={username}))',
       timeout: parseInt(process.env.LDAP_TIMEOUT) || 10000,
       connectTimeout: parseInt(process.env.LDAP_CONNECT_TIMEOUT) || 10000