MQTTvue/mqtt-vue-dashboard/server/src/controllers/clientAclController.ts

import { Request, Response } from 'express';
import { ClientAclModel } from '../models/clientAcl';
import { toString } from '../utils/helpers';

export class ClientAclController {
  // 获取所有客户端授权规则
  static async getAllClientAcl(req: Request, res: Response): Promise<void> {
    try {
      const page = Number(req.query.page) || 1;
      const limit = Number(req.query.limit) || 20;
      const offset = (page - 1) * limit;
      
      const clientAcls = await ClientAclModel.getAll(limit, offset);
      const total = await ClientAclModel.getCount();
      
      res.status(200).json({
        success: true,
        data: clientAcls,
        pagination: {
          page,
          limit,
          total,
          pages: Math.ceil(total / limit)
        }
      });
    } catch (error) {
      console.error('获取客户端授权规则列表失败:', error);
      res.status(500).json({
        success: false,
        message: '获取客户端授权规则列表失败',
        error: error instanceof Error ? error.message : '未知错误'
      });
    }
  }

  // 根据ID获取客户端授权规则
  static async getClientAclById(req: Request, res: Response): Promise<void> {
    try {
      const { id } = req.params;
      
      if (!id || isNaN(Number(id))) {
        res.status(400).json({
          success: false,
          message: '无效的ID'
        });
        return;
      }
      
      const clientAcl = await ClientAclModel.getById(Number(id));
      
      if (!clientAcl) {
        res.status(404).json({
          success: false,
          message: '客户端授权规则不存在'
        });
        return;
      }
      
      res.status(200).json({
        success: true,
        data: clientAcl
      });
    } catch (error) {
      console.error('获取客户端授权规则失败:', error);
      res.status(500).json({
        success: false,
        message: '获取客户端授权规则失败',
        error: error instanceof Error ? error.message : '未知错误'
      });
    }
  }

  // 根据用户名获取授权规则
  static async getClientAclByUsername(req: Request, res: Response): Promise<void> {
    try {
      const { username } = req.params;
      
      const usernameStr = toString(username);
      
      if (!usernameStr) {
        res.status(400).json({
          success: false,
          message: '用户名不能为空'
        });
        return;
      }
      
      const clientAcls = await ClientAclModel.getByUsername(usernameStr);
      
      res.status(200).json({
        success: true,
        data: clientAcls
      });
    } catch (error) {
      console.error('根据用户名获取授权规则失败:', error);
      res.status(500).json({
        success: false,
        message: '根据用户名获取授权规则失败',
        error: error instanceof Error ? error.message : '未知错误'
      });
    }
  }

  // 根据主题获取授权规则
  static async getClientAclByTopic(req: Request, res: Response): Promise<void> {
    try {
      const { topic } = req.params;
      
      const topicStr = toString(topic);
      
      if (!topicStr) {
        res.status(400).json({
          success: false,
          message: '主题不能为空'
        });
        return;
      }
      
      const clientAcls = await ClientAclModel.getByTopic(topicStr);
      
      res.status(200).json({
        success: true,
        data: clientAcls
      });
    } catch (error) {
      console.error('根据主题获取授权规则失败:', error);
      res.status(500).json({
        success: false,
        message: '根据主题获取授权规则失败',
        error: error instanceof Error ? error.message : '未知错误'
      });
    }
  }

  // 创建客户端授权规则
  static async createClientAcl(req: Request, res: Response): Promise<void> {
    try {
      const { clientid, username, topic, action, permission, priority, description } = req.body;
      
      if (!username || !topic || !action || !permission) {
        res.status(400).json({
          success: false,
          message: '用户名、主题、操作和权限不能为空'
        });
        return;
      }
      
      // 验证action和permission的值
      if (!['publish', 'subscribe', 'pubsub'].includes(action)) {
        res.status(400).json({
          success: false,
          message: '操作必须是publish、subscribe或pubsub之一'
        });
        return;
      }
      
      if (!['allow', 'deny'].includes(permission)) {
        res.status(400).json({
          success: false,
          message: '权限必须是allow或deny之一'
        });
        return;
      }
      
      // 创建客户端授权规则
      const newClientAcl = await ClientAclModel.create({
        clientid: clientid || null,
        username,
        topic,
        action,
        permission,
        priority: priority || 0,
        description: description || null
      });
      
      res.status(201).json({
        success: true,
        data: newClientAcl,
        message: '客户端授权规则创建成功'
      });
    } catch (error) {
      console.error('创建客户端授权规则失败:', error);
      res.status(500).json({
        success: false,
        message: '创建客户端授权规则失败',
        error: error instanceof Error ? error.message : '未知错误'
      });
    }
  }

  // 更新客户端授权规则
  static async updateClientAcl(req: Request, res: Response): Promise<void> {
    try {
      const { id } = req.params;
      const { username, topic, action, permission, priority, description } = req.body;
      
      if (!id || isNaN(Number(id))) {
        res.status(400).json({
          success: false,
          message: '无效的ID'
        });
        return;
      }
      
      // 检查客户端授权规则是否存在
      const existingClientAcl = await ClientAclModel.getById(Number(id));
      if (!existingClientAcl) {
        res.status(404).json({
          success: false,
          message: '客户端授权规则不存在'
        });
        return;
      }
      
      // 验证action和permission的值
      if (action && !['publish', 'subscribe', 'pubsub'].includes(action)) {
        res.status(400).json({
          success: false,
          message: '操作必须是publish、subscribe或pubsub之一'
        });
        return;
      }
      
      if (permission && !['allow', 'deny'].includes(permission)) {
        res.status(400).json({
          success: false,
          message: '权限必须是allow或deny之一'
        });
        return;
      }
      
      // 更新客户端授权规则
      const updatedClientAcl = await ClientAclModel.update(Number(id), {
        username,
        topic,
        action,
        permission,
        priority,
        description
      });
      
      res.status(200).json({
        success: true,
        data: updatedClientAcl,
        message: '客户端授权规则更新成功'
      });
    } catch (error) {
      console.error('更新客户端授权规则失败:', error);
      res.status(500).json({
        success: false,
        message: '更新客户端授权规则失败',
        error: error instanceof Error ? error.message : '未知错误'
      });
    }
  }

  // 删除客户端授权规则
  static async deleteClientAcl(req: Request, res: Response): Promise<void> {
    try {
      const { id } = req.params;
      
      if (!id || isNaN(Number(id))) {
        res.status(400).json({
          success: false,
          message: '无效的ID'
        });
        return;
      }
      
      // 检查客户端授权规则是否存在
      const existingClientAcl = await ClientAclModel.getById(Number(id));
      if (!existingClientAcl) {
        res.status(404).json({
          success: false,
          message: '客户端授权规则不存在'
        });
        return;
      }
      
      // 删除客户端授权规则
      await ClientAclModel.delete(Number(id));
      
      res.status(200).json({
        success: true,
        message: '客户端授权规则删除成功'
      });
    } catch (error) {
      console.error('删除客户端授权规则失败:', error);
      res.status(500).json({
        success: false,
        message: '删除客户端授权规则失败',
        error: error instanceof Error ? error.message : '未知错误'
      });
    }
  }

  // 批量删除客户端授权规则
  static async deleteMultipleClientAcl(req: Request, res: Response): Promise<void> {
    try {
      const { ids } = req.body;
      
      if (!ids || !Array.isArray(ids) || ids.length === 0) {
        res.status(400).json({
          success: false,
          message: '请提供有效的ID列表'
        });
        return;
      }
      
      // 验证所有ID是否为数字
      const validIds = ids.filter(id => !isNaN(Number(id)));
      if (validIds.length !== ids.length) {
        res.status(400).json({
          success: false,
          message: 'ID列表包含无效的ID'
        });
        return;
      }
      
      // 批量删除客户端授权规则
      await ClientAclModel.deleteMultiple(validIds.map(id => Number(id)));
      
      res.status(200).json({
        success: true,
        message: `成功删除${validIds.length}条客户端授权规则`
      });
    } catch (error) {
      console.error('批量删除客户端授权规则失败:', error);
      res.status(500).json({
        success: false,
        message: '批量删除客户端授权规则失败',
        error: error instanceof Error ? error.message : '未知错误'
      });
    }
  }

  // 根据用户名和操作类型获取授权规则
  static async getClientAclByUsernameAndAction(req: Request, res: Response): Promise<void> {
    try {
      const { username, action } = req.params;
      
      const usernameStr = toString(username);
      const actionStr = toString(action);
      
      if (!usernameStr || !actionStr) {
        res.status(400).json({
          success: false,
          message: '用户名和操作类型不能为空'
        });
        return;
      }
      
      if (!['publish', 'subscribe', 'pubsub'].includes(actionStr)) {
        res.status(400).json({
          success: false,
          message: '操作必须是publish、subscribe或pubsub之一'
        });
        return;
      }
      
      const clientAcls = await ClientAclModel.getByUsernameAndAction(usernameStr, actionStr);
      
      res.status(200).json({
        success: true,
        data: clientAcls
      });
    } catch (error) {
      console.error('根据用户名和操作类型获取授权规则失败:', error);
      res.status(500).json({
        success: false,
        message: '根据用户名和操作类型获取授权规则失败',
        error: error instanceof Error ? error.message : '未知错误'
      });
    }
  }

  // 检查用户是否有权限访问特定主题
  static async checkUserPermission(req: Request, res: Response): Promise<void> {
    try {
      const { username, topic, action } = req.body;
      
      if (!username || !topic || !action) {
        res.status(400).json({
          success: false,
          message: '用户名、主题和操作类型不能为空'
        });
        return;
      }
      
      // 验证action的值
      if (!['publish', 'subscribe'].includes(action)) {
        res.status(400).json({
          success: false,
          message: '操作必须是publish或subscribe之一'
        });
        return;
      }
      
      // 检查用户权限
      const hasPermission = await ClientAclModel.checkPermission(username, topic, action);
      
      res.status(200).json({
        success: true,
        data: {
          username,
          topic,
          action,
          hasPermission
        },
        message: `用户${hasPermission ? '有' : '没有'}权限${action === 'publish' ? '发布到' : '订阅'}主题${topic}`
      });
    } catch (error) {
      console.error('检查用户权限失败:', error);
      res.status(500).json({
        success: false,
        message: '检查用户权限失败',
        error: error instanceof Error ? error.message : '未知错误'
      });
    }
  }

  // 获取客户端授权统计信息
  static async getClientAclStats(req: Request, res: Response): Promise<void> {
    try {
      const stats = await ClientAclModel.getPermissionStats();
      
      res.status(200).json({
        success: true,
        data: stats,
        message: '获取客户端授权统计信息成功'
      });
    } catch (error) {
      console.error('获取客户端授权统计信息失败:', error);
      res.status(500).json({
        success: false,
        message: '获取客户端授权统计信息失败',
        error: error instanceof Error ? error.message : '未知错误'
      });
    }
  }
}