MINIOpenSource
diff --git a/‎APIDocument.md‎
Lines changed: 244 additions & 212 deletions b/‎APIDocument.md‎
Lines changed: 244 additions & 212 deletions
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 1 addition & 1 deletion b/‎CONTRIBUTING.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎DEVELOPMENT.md‎
Lines changed: 1 addition & 1 deletion b/‎DEVELOPMENT.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎NewAPI.md‎
Lines changed: 0 additions & 137 deletions b/‎NewAPI.md‎
Lines changed: 0 additions & 137 deletions
diff --git a/‎app/api/admin/approval_routes.py‎
Lines changed: 1 addition & 1 deletion b/‎app/api/admin/approval_routes.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/api/admin/settings.py‎
Lines changed: 5 additions & 4 deletions b/‎app/api/admin/settings.py‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎app/api/admin/totp_routes.py‎
Lines changed: 1 addition & 1 deletion b/‎app/api/admin/totp_routes.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/api/admin/user_delete.py‎
Lines changed: 25 additions & 1 deletion b/‎app/api/admin/user_delete.py‎
Lines changed: 25 additions & 1 deletion
diff --git a/‎app/api/admin/user_password.py‎
Lines changed: 20 additions & 0 deletions b/‎app/api/admin/user_password.py‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎app/api/admin/user_routes.py‎
Lines changed: 2 additions & 2 deletions b/‎app/api/admin/user_routes.py‎
Lines changed: 2 additions & 2 deletions
@@ -128,7 +128,7 @@ class YourModel(Base):
 
 ```bash
 uv run python -m grpc_tools.protoc \
-  -I. \
+  -Iapi/ \
   --python_out=app/grpc \
   --grpc_python_out=app/grpc \
   --pyi_out=app/grpc \
 
@@ -114,7 +114,7 @@ uv run cims
 
 ```bash
 uv run python -m grpc_tools.protoc \
-  -I. \
+  -Iapi/ \
   --python_out=app/grpc \
   --grpc_python_out=app/grpc \
   --pyi_out=app/grpc \
 
@@ -21,7 +21,7 @@
 _sa = require_role(100)
 
 
-@router.post("/list", response_model=list[UserOut])
+@router.get("/list", response_model=list[UserOut])
 async def get_pending_users(
     offset: int = 0,
     limit: int = 50,
 
@@ -1,18 +1,19 @@
 """系统设置路由。
 
 提供平台级系统设置的读取和修改。
+仅允许白名单内的配置项写入。
 """
 
 from datetime import datetime, timezone
 
 from fastapi import APIRouter, Depends, HTTPException
-from pydantic import BaseModel
 from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession
 
 from app.core.auth.dependencies import require_role
 from app.models.session import get_db
 from app.models.system_config import SystemConfig
+from app.api.schemas.settings import SettingsUpdate
 
 router = APIRouter()
 _sa = require_role(100)
@@ -30,13 +31,13 @@ async def get_settings(
 
 @router.post("")
 async def update_settings(
-    body: dict,
+    body: SettingsUpdate,
     db: AsyncSession = Depends(get_db),
     _user=Depends(_sa),
 ):
-    """修改系统设置（键值对）。"""
+    """修改系统设置（仅白名单键）。"""
     now = datetime.now(timezone.utc)
-    for key, value in body.items():
+    for key, value in body.items.items():
         stmt = select(SystemConfig).where(SystemConfig.key == key)
         cfg = (await db.execute(stmt)).scalar_one_or_none()
         if cfg:
 
@@ -5,4 +5,4 @@
 
 from fastapi import APIRouter
 
-router = APIRouter(prefix="/auth/2fa", tags=["2fa"])
+router = APIRouter(tags=["2fa"])
@@ -13,7 +13,12 @@
 _sa = require_role(100)
 
 
-@router.post("/{user_id}/delete")
+class RenameRequest(BaseModel):
+    """重命名请求体。"""
+    name: str = Field(..., min_length=1, max_length=64)
+
+
+@router.delete("/{user_id}")
 async def delete_user(
     user_id: str,
     db: AsyncSession = Depends(get_db),
@@ -28,3 +33,22 @@ async def delete_user(
     await db.delete(user)
     await db.commit()
     return {"message": "用户已删除"}
+
+
+@router.post("/{user_id}/rename")
+async def rename_user(
+    user_id: str,
+    body: RenameRequest,
+    db: AsyncSession = Depends(get_db),
+    _user=Depends(_sa),
+):
+    """重命名用户。"""
+    user = (
+        await db.execute(select(User).where(User.id == user_id))
+    ).scalar_one_or_none()
+    if not user:
+        raise HTTPException(status_code=404, detail="用户不存在")
+    user.username = body.name
+    await db.commit()
+    return {"message": "已重命名"}
+
@@ -30,3 +30,23 @@ async def reset_password(
     user.hashed_password = hash_password(body.new_password)
     await db.commit()
     return {"message": "密码已重置"}
+
+
+@router.post("/{user_id}/password/change")
+async def change_password(
+    user_id: str,
+    body: PasswordChange,
+    db: AsyncSession = Depends(get_db),
+    _user=Depends(_sa),
+):
+    """超管修改用户密码（需验证旧密码）。"""
+    user = (
+        await db.execute(select(User).where(User.id == user_id))
+    ).scalar_one_or_none()
+    if not user:
+        raise HTTPException(404, "用户不存在")
+    if not verify_password(body.old_password, user.hashed_password):
+        raise HTTPException(400, "旧密码错误")
+    user.hashed_password = hash_password(body.new_password)
+    await db.commit()
+    return {"message": "密码已修改"}
@@ -17,7 +17,7 @@
 _sa = require_role(100)
 
 
-@router.post("/list", response_model=list[UserOut])
+@router.get("/list", response_model=list[UserOut])
 async def list_all_users(
     offset: int = 0,
     limit: int = 20,
@@ -29,7 +29,7 @@ async def list_all_users(
     return [_to_out(u) for u in users]
 
 
-@router.post("/search", response_model=list[UserOut])
+@router.get("/search", response_model=list[UserOut])
 async def search_users(
     q: str = "",
     db: AsyncSession = Depends(get_db),
Original file line number	Diff line number	Diff line change
`@@ -5,4 +5,4 @@`
`5`	`5`
`6`	`6`	`from fastapi import APIRouter`
`7`	`7`
`8`		`-router = APIRouter(prefix="/auth/2fa", tags=["2fa"])`
	`8`	`+router = APIRouter(tags=["2fa"])`