Feat: Implement token tracking, soft delete, and Admin UI improvements

2026-02-10 01:00:26 +08:00
parent 6924e86b8d
commit 968eb173dd
14 changed files with 1763 additions and 180 deletions
--- a/app/api/deps.py
+++ b/app/api/deps.py
@@ -33,11 +33,35 @@ async def get_api_key(
    # 3. Check Database for Module key (Database round-trip)
    module = db.query(Module).filter(Module.secret_key == api_key_header, Module.is_active == True).first()
    if module:
-        # Save to cache for next time
-        auth_cache[api_key_header] = True
-        return api_key_header
+        # Save module ID to cache for next time
+        auth_cache[api_key_header] = module.id
+        return module

    raise HTTPException(
        status_code=status.HTTP_403_FORBIDDEN, 
        detail="Could not validate credentials or API Key is inactive"
    )
+
+async def get_current_module(
+    api_key_header: str = Security(api_key_header),
+    db: Session = Depends(get_db)
+):
+    # 1. Fallback to global static key (Admin) - No module tracking
+    if api_key_header == settings.API_KEY:
+        return None
+    
+    # 2. Check Cache
+    if api_key_header in auth_cache:
+        module_id = auth_cache[api_key_header]
+        return db.query(Module).filter(Module.id == module_id).first()
+        
+    # 3. DB Lookup
+    module = db.query(Module).filter(Module.secret_key == api_key_header, Module.is_active == True).first()
+    if module:
+        auth_cache[api_key_header] = module.id
+        return module
+        
+    raise HTTPException(
+        status_code=status.HTTP_403_FORBIDDEN, 
+        detail="Could not validate credentials"
+    )