Merge pull request #9 from zy84338719/feature/login-gates

feat(admin): add transfer log tab and polish storage ui

Author: zy84338719

.github/copilot-instructions.md

@@ -1,3 +1,55 @@
+# Copilot / AI Agent Instructions for FileCodeBox
+
+Short, actionable guidance so an AI agent can be productive immediately in this repo.
+
+1) Big picture
+- Layered architecture: `routes -> handlers -> services -> repository -> database/storage`.
+- Key directories: `internal/routes/`, `internal/handlers/`, `internal/services/`, `internal/repository/`, `internal/storage/`, `internal/config/`, `internal/mcp/`, `docs/`.
+- Main entry: `main.go` initializes `ConfigManager`, `StorageManager`, and starts the HTTP server via `routes.CreateAndStartServer()`; DB initialization is deferred and can be triggered via `/setup/initialize`.
+
+2) Typical data & control flow
+- HTTP requests handled by `routes` -> call `handlers` -> call `services` -> use `repository` -> talk to DB/storage.
+- Storage is abstracted by `storage.NewStorageManager(manager)` and concrete implementations under `internal/storage/` (local, s3, webdav, onedrive).
+- MCP subsystem lives under `internal/mcp/` and is conditionally started when `manager.MCP.EnableMCPServer == 1`.
+
+3) Configuration & runtime
+- Config is centralized in `internal/config/manager.go` (use `config.InitManager()` to obtain `ConfigManager`).
+- Environment variables override config; `manager.SetDB(db)` is used to inject DB connection after initialization.
+- Common env vars: `PORT`, `DATA_PATH`, `ENABLE_MCP_SERVER`.
+
+4) Versioning & release patterns
+- Project version stored in the top-level `VERSION` file and echoed in `internal/models/service/system.go` (`Version` variable) and swagger docs under `docs/`.
+- Releases are created by updating those files and tagging the commit (e.g., `v1.8.2`). Avoid editing `go.sum` manually.
+
+5) Build, test, and release commands
+- Build: `make build` or `go build ./...`.
+- Tests: `make test` or `go test ./...` (many packages have no tests; run targeted packages if needed).
+- Docker: `./scripts/build-docker.sh` and `docker-compose.yml` present.
+
+6) Project-specific conventions
+- Handler constructors follow: `NewXxxHandler(service *services.XxxService, config *config.ConfigManager) *XxxHandler`.
+- Services are created with dependency injection in `routes` during server start: e.g., `services.NewUserService(daoManager, manager)`.
+- Repositories live under `internal/repository/` and expose `RepositoryManager` for DAOs (use `dmgr *repository.RepositoryManager`).
+- Error responses use helper functions in `internal/common/` (`common.SuccessResponse`, `common.ErrorResponse`, `common.BadRequestResponse`).
+
+7) Integration points to inspect when editing code
+- `internal/config/manager.go` — config lifecycle, hot reload hooks.
+- `internal/routes/setup.go` — server and route wiring, DI order.
+- `internal/mcp/manager.go` — MCP lifecycle and tools registration.
+- `internal/storage/*` — adding new storage backends: implement `storage.StorageInterface` and register in `storage.NewStorageManager`.
+
+8) Useful file examples to copy patterns from
+- `internal/services/*` shows DI, error wrapping and transaction handling (e.g., `internal/services/admin/*`).
+- `internal/routes/*` shows route grouping and middleware usage, look at `internal/routes/admin.go` for admin auth patterns.
+
+9) CSS / Frontend notes
+- Frontend themes under `themes/2025/`. Admin UI assets are served via protected routes — modifying admin CSS may require rebuilding or restarting server to pick static changes when not using hot reload.
+
+10) Safety & version control
+- Do not alter `go.sum` manually.
+- When creating tags, prefer not to overwrite remote tags; create a new semver or `-local.<sha>` tag if necessary.
+
+If any section is unclear or you want examples added (e.g., sample PR description, changelog generation command), tell me which part to expand. After your feedback I'll iterate.
 # FileCodeBox AI Coding Agent Instructions
 
 ## Project Overview

.github/workflows/build.yml

@@ -2,11 +2,11 @@ name: Build and Release
 
 on:
   push:
+    # Only trigger the heavy multi-platform build on version tag pushes (e.g. v1.9.1)
     tags:
       - 'v*'
-    branches: [ main ]
-  pull_request:
-    branches: [ main ]
+  # Allow manual dispatch for ad-hoc builds from the UI
+  workflow_dispatch:
 
 permissions:
   contents: read

.github/workflows/ci.yml

@@ -5,6 +5,8 @@ on:
     branches: [ main, develop ]
   pull_request:
     branches: [ main, develop ]
+  # Allow manual runs
+  workflow_dispatch:
 
 jobs:
   test:
@@ -102,7 +104,14 @@ jobs:
     name: Docker Test
     runs-on: ubuntu-latest
     needs: test
-    if: github.event_name == 'push'
+    # Run Docker Test only when explicitly requested via commit message flag
+    # (e.g., include [docker-test] in the commit message) or when running on tags/branches on CI
+    # Run when explicitly requested by commit message, PR label, tag push, or manual dispatch
+    if: |
+      contains(github.event.head_commit.message, '[docker-test]') ||
+      startsWith(github.ref, 'refs/tags/') ||
+      github.event_name == 'workflow_dispatch' ||
+      (github.event_name == 'pull_request' && contains(join(github.event.pull_request.labels.*.name, ','), 'run-full-ci'))
     
     steps:
     - name: Checkout code
@@ -148,7 +157,13 @@ jobs:
   security:
     name: Security Scan
     runs-on: ubuntu-latest
-    if: github.event_name == 'push'
+    # Run Security Scan only when explicitly requested via commit message flag
+    # (e.g., include [security-scan] in the commit message) or when running manually
+    # Run when explicitly requested by commit message, PR label, or manual dispatch
+    if: |
+      contains(github.event.head_commit.message, '[security-scan]') ||
+      github.event_name == 'workflow_dispatch' ||
+      (github.event_name == 'pull_request' && contains(join(github.event.pull_request.labels.*.name, ','), 'run-security'))
     
     steps:
     - name: Checkout code

CONTRIBUTING.md

@@ -0,0 +1,69 @@
+## Contributing and CI guidelines
+
+This document explains how our GitHub Actions are gated and how to trigger heavier CI jobs (cross-platform builds, Docker tests, security scans) intentionally.
+
+### CI design principles
+- Lightweight checks (unit tests, linters) run on `push` / `pull_request` for `main` and `develop` branches.
+- Heavy tasks (cross-platform builds, Docker image builds & push, release packaging) only run on tag pushes (e.g. `v1.9.1`) or when explicitly requested.
+
+This reduces wasted CI minutes and avoids building/publishing artifacts for every code merge.
+
+### How to trigger heavy CI jobs
+There are multiple intentional ways to trigger full/heavy workflows:
+
+- Push a semantic version tag (recommended for releases):
+  ```bash
+  git tag v1.9.1
+  git push origin v1.9.1
+  ```
+  Tag pushes trigger the `build.yml` / `release.yml` flows which do cross-platform builds and create the Release.
+
+- Use commit message flags for ad-hoc full CI when pushing branches:
+  - `[docker-test]` — triggers Docker Test job
+  - `[security-scan]` — triggers Security Scan job
+  Example:
+  ```bash
+  git commit -m "feat: add X [docker-test]"
+  git push origin feature/xxx
+  ```
+
+- Use PR labels to request full CI for a pull request (team members with label permissions can add labels):
+  - `run-full-ci` — triggers Docker Test
+  - `run-security` — triggers Security Scan
+
+- Manual dispatch from GitHub Actions UI (`workflow_dispatch`) — allowed for `build.yml` and can be used to run ad-hoc full builds.
+
+### Release flow (recommended)
+1. Finish work on a branch, open PR and get reviews.
+2. Merge to `main` when ready (this runs lightweight CI only).
+3. Create a version tag on the merge commit and push the tag:
+   ```bash
+   git tag vX.Y.Z
+   git push origin vX.Y.Z
+   ```
+4. The tag push will run the release pipeline (build artifacts, create release, push Docker images).
+
+### Generated files and embeds
+- Some files under `uploads/` or other `generated/` directories may be produced by code generation tools. Do not commit generated artifacts unless they are intentionally tracked.
+- If a file uses `//go:embed` to include generated assets, ensure the assets exist in the repository or exclude the embed file from normal builds (recommended: keep generated assets out of VCS and generate them in CI when needed).
+
+Recommended `.gitignore` additions for generated assets (add if appropriate):
+```
+# generated embed or build artifacts
+uploads/
+dist/
+build/
+```
+
+### Debugging CI triggers
+- To see why a job ran, open the Actions page, find the workflow run and view the `Event` and `Jobs` details. The `Event` will indicate whether it was a `push`, `pull_request`, `workflow_dispatch`, or `tag` event.
+- If you expected a heavy job but it didn't run, verify:
+  - You pushed a tag (tags trigger build/release flows).
+  - The commit message includes the required token (e.g., `[docker-test]`).
+  - A PR contains the appropriate label (`run-full-ci` or `run-security`).
+
+### Contact / ownership
+- CI workflow files are located under `.github/workflows/`. If you want to change gating logic, please open a PR and tag the maintainers.
+
+---
+Thank you for contributing — keeping heavy CI runs intentional saves time and cost for the whole team.

VERSION

@@ -1 +1 @@
-1.8.2
+1.9.1

config.yaml

@@ -1,5 +1,5 @@
 base:
-    name: FileCodeBox
+    name: 站点
     description: 开箱即用的文件快传系统
     keywords: FileCodeBox, 文件快递柜, 口令传送箱, 匿名口令分享文本, 文件
     port: 12345
@@ -18,13 +18,15 @@ transfer:
     upload:
         openupload: 1
         uploadsize: 10485760
-        enablechunk: 0
+        enablechunk: 1
         chunksize: 2097152
         maxsaveseconds: 0
+        requirelogin: 1
     download:
         enableconcurrentdownload: 1
         maxconcurrentdownloads: 10
         downloadtimeout: 300
+        requirelogin: 0
 storage:
     type: ""
     storagepath: ""

docs/config.new.yaml

@@ -17,10 +17,12 @@ transfer:
     enable_chunk: 1
     chunk_size: 2097152
     max_save_seconds: 0
+    require_login: 0
   download:
     enable_concurrent_download: 1
     max_concurrent_downloads: 10
     download_timeout: 300
+    require_login: 0
 
 user:
   allow_user_registration: 1

docs/swagger-enhanced.yaml

@@ -2,7 +2,7 @@ swagger: "2.0"
 info:
   title: "FileCodeBox API"
   description: "FileCodeBox 是一个用于文件分享和代码片段管理的 Web 应用程序"
-  version: "1.8.2"
+  version: "1.9.1"
   termsOfService: "http://swagger.io/terms/"
   contact:
     name: "API Support"
@@ -69,7 +69,7 @@ paths:
                 example: "2025-09-11T10:00:00Z"
               version:
                 type: "string"
-                example: "1.8.2"
+                example: "1.9.1"
               uptime:
                 type: "string"
                 example: "2h30m15s"

docs/swagger.json

@@ -13,7 +13,7 @@
             "name": "MIT",
             "url": "https://github.com/zy84338719/filecodebox/blob/main/LICENSE"
         },
-    "version": "1.8.2"
+    "version": "1.9.1"
     },
     "host": "localhost:12345",
     "basePath": "/",
@@ -553,7 +553,7 @@
                 },
                 "version": {
                     "type": "string",
-                    "example": "1.8.2"
+                    "example": "1.9.1"
                 }
             }
         },

docs/swagger.yaml

@@ -12,7 +12,7 @@ definitions:
         example: 2h30m15s
         type: string
       version:
-  example: 1.8.2
+  example: 1.9.1
         type: string
     type: object
   handlers.SystemConfig:
@@ -57,7 +57,7 @@ info:
     url: https://github.com/zy84338719/filecodebox/blob/main/LICENSE
   termsOfService: http://swagger.io/terms/
   title: FileCodeBox API
-  version: "1.8.2"
+  version: "1.9.1"
 paths:
   /api/config:
     get: