feat: init project (123pan image host)

This commit is contained in:
RainySY
2026-04-09 03:24:27 +08:00
commit ec301b75d8
19 changed files with 2010 additions and 0 deletions

92
README.md Normal file
View File

@@ -0,0 +1,92 @@
# 123pan 私人图床系统
基于 **123云盘开放平台 API** 开发的轻量、高性能私人图床。采用 Go (Gin) 后端 + 原生 HTML/JS/CSS 前端构建,剥离繁重的外部框架前端,方便内网、软路由或云服务器跨平台部署。
## ✨ 核心特性
- **简易美观的控制台**:内嵌现代化响应式前端,支持暗黑模式和玻璃拟态 UI。
- **极速上传体验**:支持多文件拖拽、点击选择,以及原生兼容的**全局 Ctrl+V 剪贴板一键粘贴直传**。
- **高并发与流式防御**:基于 123pan 复杂多步骤 API 深层对接;动态计算文件 MD5抛弃无脑内存读取防止服务内存溢出宕机
- **全自动鉴权保活**:无需定时折腾 Token。提供 ClientID 和 Secret 后,系统会自动管理 `access_token` 并做提前无感更新。
- **最高级安全验证**:全部 API 支持 `api_token` 自定义密码保护。阻断防侧信道劫持,杜绝接口裸奔被陌生人滥用。
---
## ⚙️ 快速开始
### 1. 准备条件 (⚠️ 必看:平台鉴权机制收费前置)
- 本地或服务器已部署好 **Go 编译环境**
- **必须解锁 API 调度权限**:由于 123云盘架构政策重大调整目前开放平台的直链及 API 提取额度已全线转为付费高级属性。您 **必须** 首先前往 123云盘主站的 [开发者权益专区](https://www.123pan.com/member?source_page=img_center) 购买订阅对应的“开发者权益包”。
- 购买并激活底层接口权益后,才能前往 [123云盘开放平台控制台](https://platform.123pan.com/) 创建应用并拿到真正具备流转效力的 `Client ID``Client Secret`。(**注**:若未打通付费权限通道直接填入尝试调用,后台请求将被严防死守并无限提示 `获取列表异常: 无效的登录信息`。)
### 2. 补齐配置
进入项目的 `conf` 文件夹,修改 `config.yaml`(请确保该文件已创建并粘贴如下必要字段):
```yaml
# 服务器端口
port: 8080
# 123云盘开放平台应用配置 (必需)
client_id: "你的应用客户端ID"
client_secret: "你的应用客户端Secret"
# 123云盘专属存放目录的 ID (根目录可留空 "")
parent_file_id: "你的文件夹ID"
# 系统访问保护密码!如果挂至公网,强烈建议自行设置复杂的密码!
api_token: "替换成你设定的强密码"
```
### 3. 上线运行
`imagehost` 根目录控制台执行:
```bash
go mod tidy
go run cmd/main.go
```
### 4. 跨平台编译打包 (交叉编译指南)
得益于 Go 强大的跨平台支持以及本项目采用的 **完全内嵌静态打包 (`go:embed`)** 机制,你不再需要搬运 `static` 文件夹。将应用编译出体积极小、没有任何外部依赖的单一核心可执行文件(唯一需要同处一个目录的是配置文件 `conf/config.yaml` )。
以下是不同目标平台的编译命令(如果报错,请确保没有在命令中附带多余符号):
- **Windows 本地平台 (如您目前系统)**:
```bash
go build -o imagehost.exe ./cmd/main.go
```
- **Linux 服务器 / 软路由 (x86_64 常见架构)**:
```powershell
$env:GOOS="linux"; $env:GOARCH="amd64"; go build -o imagehost-linux ./cmd/main.go
```
*(注:如果是在纯 Linux/macOS 终端编译则为 `GOOS=linux GOARCH=amd64 go build -o imagehost-linux ./cmd/main.go`,下同)*
- **Linux 盒子 / 树莓派 (ARM64 轻量级结构)**:
```powershell
$env:GOOS="linux"; $env:GOARCH="arm64"; go build -o imagehost-linux-arm ./cmd/main.go
```
- **macOS (M1/M2/M3 Apple Silicon 原生架构)**:
```powershell
$env:GOOS="darwin"; $env:GOARCH="arm64"; go build -o imagehost-macos-arm ./cmd/main.go
```
- **macOS (老的 Intel 原生架构)**:
```powershell
$env:GOOS="darwin"; $env:GOARCH="amd64"; go build -o imagehost-macos ./cmd/main.go
```
启动成功后,浏览器中打卡 `http://localhost:8080/` 即可看到私有云图床台。若启用了 `api_token`,首页将要求输入验证。
---
## 🛠️ 第三方截图工具接入 (ShareX 等)
本图床严格遵守 `RESTful API` 规范,对第三方工具接入极为友好。以下使用 **ShareX** 为例进行配置:
1. 添加 **自定义上传者**
2. **请求 URL**`http://修改为你的IP或域名:8080/api/upload`
3. **HTTP 方法**`POST`
4. **请求主体配置**`Multipart/form-data`
5. **文件表单值 / 参数名**`file`
6. **请求标头 (Headers)**
- 增加一行 `Authorization`,值为 `Bearer 这里填你的api_token密码`
*(也可以简化为追加到 URL 后面:`?token=你的配置密码`)*
7. **获取 URL 响应路径**`$json:url$`
配置完毕后,即可享受一键截图瞬移至 123pan 并提取直链的极致体验!

65
cmd/main.go Normal file
View File

@@ -0,0 +1,65 @@
package main
import (
"flag"
"fmt"
"log"
"github.com/gin-gonic/gin"
"imagehost/internal/config"
"imagehost/internal/handler"
"imagehost/internal/pan123"
"imagehost/internal/service"
)
func main() {
var cfgFlag string
flag.StringVar(&cfgFlag, "c", "conf/config.yaml", "指定配置文件路径")
flag.Parse()
// 1. 初始化读取配置
config.InitConfig(cfgFlag)
// 2. 注入 123pan 客户端基础 SDK
client := pan123.NewClient(config.GlobalConfig.ClientID, config.GlobalConfig.ClientSecret)
// 3. 构造上层 Service 业务操作对象
uploadSvc := service.NewUploadService(client)
imageSvc := service.NewImageService(client)
// 4. 组装 Web Handler 层
uploadHandler := handler.NewUploadHandler(uploadSvc)
imageHandler := handler.NewImageHandler(imageSvc)
// 5. 启动 Gin 骨架
gin.SetMode(gin.ReleaseMode)
r := gin.Default()
// 【安全防护】:将单次 Multipart 表单承受的最高物理占用内存限制为 10MB
// 若超过此量则会被拒绝或直接下刷到临时文件盘,彻底免疫大发包引起的 OOM 宕机
r.MaxMultipartMemory = 10 << 20
// 提供一个基础版的跨域中间件(如果后续要在其他域名环境挂载 API 小组件的话会用到)
r.Use(func(c *gin.Context) {
c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE")
c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
if c.Request.Method == "OPTIONS" {
c.AbortWithStatus(204)
return
}
c.Next()
})
handler.ConfigureRoutes(r, imageHandler, uploadHandler)
addr := fmt.Sprintf(":%d", config.GlobalConfig.Port)
log.Printf("==============================")
log.Printf("123pan 私人图床服务已启动,并挂载高危防御盾牌!")
log.Printf("请访问 http://localhost%s 浏览!", addr)
log.Printf("==============================")
if err := r.Run(addr); err != nil {
log.Fatalf("Fatal: Web 服务启动暴毙了: %v", err)
}
}

19
conf/config.yaml Normal file
View File

@@ -0,0 +1,19 @@
# 123pan 私人图床配置文件
# 服务器端口
port: 8080
# 123云盘开放平台应用配置 (用来自动获取及刷新 access_token)
client_id: ""
client_secret: ""
# 123云盘图床专属存放目录的 ID (例如: yk6baz03t0l000...)
parent_file_id: ""
# --- 核心安全屏障与攻防配置 ---
# 全局防御性访问密钥 AuthToken (必填!防止公网暴露被任意上传或删除)
api_token: "PRIVATE_123_KEY"
# 自定义直链域名 (可选,用于前缀拼接,例如: https://img.example.com)
# 上传和获取文件列表时,如果填写了此项可以覆盖默认下发的防盗链 URL
custom_domain: ""

56
go.mod Normal file
View File

@@ -0,0 +1,56 @@
module imagehost
go 1.25.0
require (
github.com/gin-gonic/gin v1.12.0
github.com/spf13/viper v1.18.2
)
require (
github.com/bytedance/gopkg v0.1.3 // indirect
github.com/bytedance/sonic v1.15.0 // indirect
github.com/bytedance/sonic/loader v0.5.0 // indirect
github.com/cloudwego/base64x v0.1.6 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/gabriel-vasile/mimetype v1.4.12 // indirect
github.com/gin-contrib/sse v1.1.0 // indirect
github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect
github.com/go-playground/validator/v10 v10.30.1 // indirect
github.com/goccy/go-json v0.10.5 // indirect
github.com/goccy/go-yaml v1.19.2 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/cpuid/v2 v2.3.0 // indirect
github.com/leodido/go-urn v1.4.0 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
github.com/quic-go/qpack v0.6.0 // indirect
github.com/quic-go/quic-go v0.59.0 // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/cast v1.6.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
github.com/ugorji/go/codec v1.3.1 // indirect
go.mongodb.org/mongo-driver/v2 v2.5.0 // indirect
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.9.0 // indirect
golang.org/x/arch v0.23.0 // indirect
golang.org/x/crypto v0.48.0 // indirect
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
golang.org/x/net v0.51.0 // indirect
golang.org/x/sys v0.41.0 // indirect
golang.org/x/text v0.35.0 // indirect
google.golang.org/protobuf v1.36.10 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)

155
go.sum Normal file
View File

@@ -0,0 +1,155 @@
github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE=
github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
github.com/gabriel-vasile/mimetype v1.4.12 h1:e9hWvmLYvtp846tLHam2o++qitpguFiYCKbn0w9jyqw=
github.com/gabriel-vasile/mimetype v1.4.12/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
github.com/gin-gonic/gin v1.12.0 h1:b3YAbrZtnf8N//yjKeU2+MQsh2mY5htkZidOM7O0wG8=
github.com/gin-gonic/gin v1.12.0/go.mod h1:VxccKfsSllpKshkBWgVgRniFFAzFb9csfngsqANjnLc=
github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
github.com/go-playground/validator/v10 v10.30.1 h1:f3zDSN/zOma+w6+1Wswgd9fLkdwy06ntQJp0BBvFG0w=
github.com/go-playground/validator/v10 v10.30.1/go.mod h1:oSuBIQzuJxL//3MelwSLD5hc2Tu889bF0Idm9Dg26cM=
github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM=
github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
github.com/quic-go/quic-go v0.59.0 h1:OLJkp1Mlm/aS7dpKgTc6cnpynnD2Xg7C1pwL6vy/SAw=
github.com/quic-go/quic-go v0.59.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU=
github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
github.com/sagikazarmark/locafero v0.11.0 h1:1iurJgmM9G3PA/I+wWYIOw/5SyBtxapeHDcg+AAIFXc=
github.com/sagikazarmark/locafero v0.11.0/go.mod h1:nVIGvgyzw595SUSUE6tvCp3YYTeHs15MvlmU87WwIik=
github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 h1:+jumHNA0Wrelhe64i8F6HNlS8pkoyMv5sreGx2Ry5Rw=
github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8/go.mod h1:3n1Cwaq1E1/1lhQhtRK2ts/ZwZEhjcQeJQ1RuC6Q/8U=
github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY=
github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ=
github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk=
github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU=
github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
go.mongodb.org/mongo-driver/v2 v2.5.0 h1:yXUhImUjjAInNcpTcAlPHiT7bIXhshCTL3jVBkF3xaE=
go.mongodb.org/mongo-driver/v2 v2.5.0/go.mod h1:yOI9kBsufol30iFsl1slpdq1I0eHPzybRWdyYUs8K/0=
go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
golang.org/x/arch v0.22.0 h1:c/Zle32i5ttqRXjdLyyHZESLD/bB90DCU1g9l/0YBDI=
golang.org/x/arch v0.22.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
golang.org/x/arch v0.23.0 h1:lKF64A2jF6Zd8L0knGltUnegD62JMFBiCPBmQpToHhg=
golang.org/x/arch v0.23.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo=
golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

55
internal/config/config.go Normal file
View File

@@ -0,0 +1,55 @@
package config
import (
"log"
"strings"
"github.com/spf13/viper"
)
type Config struct {
Port int `mapstructure:"port"`
ClientID string `mapstructure:"client_id"`
ClientSecret string `mapstructure:"client_secret"`
ParentFileID string `mapstructure:"parent_file_id"`
CustomDomain string `mapstructure:"custom_domain"`
APIToken string `mapstructure:"api_token"`
}
var GlobalConfig Config
// InitConfig 读取并解析配置文件
func InitConfig(cfgFile string) {
viper.SetConfigFile(cfgFile)
viper.SetConfigType("yaml")
// 默认值
viper.SetDefault("port", 8080)
viper.SetDefault("custom_domain", "")
if err := viper.ReadInConfig(); err != nil {
log.Fatalf("配置文件读取失败: %v", err)
}
if err := viper.Unmarshal(&GlobalConfig); err != nil {
log.Fatalf("配置解码失败: %v", err)
}
// 【容错防御升级】很多时候我们从网页双击复制 Secret 时会带上首尾的隐形空格或者换行符
// 导致 123pan API 算出来的摘要完全错位并报出 “无效的登录信息”。
// 必须在此增加系统级别的修剪操作!
GlobalConfig.ClientID = strings.TrimSpace(GlobalConfig.ClientID)
GlobalConfig.ClientSecret = strings.TrimSpace(GlobalConfig.ClientSecret)
GlobalConfig.ParentFileID = strings.TrimSpace(GlobalConfig.ParentFileID)
GlobalConfig.APIToken = strings.TrimSpace(GlobalConfig.APIToken)
if GlobalConfig.ClientID == "" || GlobalConfig.ClientSecret == "" {
log.Fatalf("配置错误: client_id 和 client_secret 不能为空")
}
if GlobalConfig.APIToken == "" {
log.Println("【安全警告】您的 api_token 配置为空,图床接口处于裸奔危险状态!")
}
log.Println("成功加载配置文件,服务端口:", GlobalConfig.Port)
}

76
internal/handler/image.go Normal file
View File

@@ -0,0 +1,76 @@
package handler
import (
"log"
"net/http"
"strings"
"github.com/gin-gonic/gin"
"imagehost/internal/service"
)
type ImageHandler struct {
imageSvc *service.ImageService
}
func NewImageHandler(svc *service.ImageService) *ImageHandler {
return &ImageHandler{imageSvc: svc}
}
// HandleList 获取图床目录下所有图片
func (h *ImageHandler) HandleList(c *gin.Context) {
items, err := h.imageSvc.GetImageItems()
if err != nil {
log.Printf("查询图床列表失败: %v", err)
c.JSON(http.StatusInternalServerError, gin.H{
"code": 500,
"message": err.Error(),
})
return
}
// 仅返回是文件的信息 (过滤可能存在的子文件夹)
var images []interface{}
for _, it := range items {
// 123pan 中 type 通常 0是文件1是文件夹不过创建文件时type又传的1...这里我们只输出有 size 或文件形态的
images = append(images, gin.H{
"id": it.FileID,
"name": it.Filename,
"size": it.Size,
"url": it.UserSelfURL,
"origin_url": it.DownloadURL,
"created_at": it.CreateAt,
})
}
c.JSON(http.StatusOK, gin.H{
"code": 0,
"message": "success",
"data": images,
})
}
// HandleDelete 删除单个图床图片
func (h *ImageHandler) HandleDelete(c *gin.Context) {
id := c.Param("id") // 删除支持 逗号分割多选或者单个记录
if id == "" {
c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": "图片 ID 为空"})
return
}
ids := strings.Split(id, ",")
err := h.imageSvc.DeleteImages(ids)
if err != nil {
log.Printf("删除图片 %v 失败: %v", ids, err)
c.JSON(http.StatusInternalServerError, gin.H{
"code": 500,
"message": err.Error(),
})
return
}
c.JSON(http.StatusOK, gin.H{
"code": 0,
"message": "deleted",
})
}

View File

@@ -0,0 +1,72 @@
package handler
import (
"crypto/subtle"
"net/http"
"strings"
"github.com/gin-gonic/gin"
"imagehost/internal/config"
"imagehost/static"
)
// AuthMiddleware 核心 API 保护护卫
func AuthMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
tokenCfg := config.GlobalConfig.APIToken
// 如果配置文件放空了代表使用者放弃防御
if tokenCfg == "" {
c.Next()
return
}
// 适配支持 Header 注入 (WEB端拦截器) 或者 查询字符串 (简化图床软件推送提取)
authHeader := c.GetHeader("Authorization")
queryToken := c.Query("token")
var clientToken string
if strings.HasPrefix(authHeader, "Bearer ") {
clientToken = strings.TrimPrefix(authHeader, "Bearer ")
} else if authHeader != "" {
clientToken = authHeader
} else {
clientToken = queryToken
}
// 【防护高级演练】拦截网络侧信道 Timing 定时猜测攻击
// (通过将比较强行推至相同的微小汇编运行时间从而防止密钥逐字枚举)
if subtle.ConstantTimeCompare([]byte(clientToken), []byte(tokenCfg)) != 1 {
c.JSON(http.StatusForbidden, gin.H{
"code": 403,
"message": "未经授权访问:请提供正确的 api_token 以进行操作。",
})
c.Abort()
return
}
c.Next()
}
}
// ConfigureRoutes 注册所有的 API 路由和静态资源
func ConfigureRoutes(r *gin.Engine, imgHandler *ImageHandler, upHandler *UploadHandler) {
// API 分组进行统一下挂网门,使用中间件强权控制
api := r.Group("/api")
api.Use(AuthMiddleware()) // 全部保护!
{
api.POST("/upload", upHandler.HandleUpload) // 接收表单 file 字段传图
api.GET("/images", imgHandler.HandleList) // 瀑布流展示列表获取
api.DELETE("/images/:id", imgHandler.HandleDelete) // 删除图片
}
// 静态资源:图床首页前端,这部分无需密码即可被公网下载渲染 // 【全静态内嵌化架构升级】无须再依赖同目录下的 static 文件夹!
r.StaticFS("/static", http.FS(static.FS))
r.GET("/", func(c *gin.Context) {
htmlData, err := static.FS.ReadFile("index.html")
if err != nil {
c.String(http.StatusInternalServerError, "内置静态首页打包遗失")
return
}
c.Data(http.StatusOK, "text/html; charset=utf-8", htmlData)
})
}

View File

@@ -0,0 +1,75 @@
package handler
import (
"log"
"net/http"
"path/filepath"
"strings"
"github.com/gin-gonic/gin"
"imagehost/internal/service"
)
type UploadHandler struct {
uploadSvc *service.UploadService
}
func NewUploadHandler(svc *service.UploadService) *UploadHandler {
return &UploadHandler{uploadSvc: svc}
}
// HandleUpload 接受 /api/upload 的 POST 表单请求
func (h *UploadHandler) HandleUpload(c *gin.Context) {
// 'file' 是约定好的 form 表单 file 键值,支持 ShareX / PicGo 等
fileHeader, err := c.FormFile("file")
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"code": 400,
"message": "无法收到图片文件: " + err.Error(),
})
return
}
// 【安全防护1】强行判定后缀格式禁止脚本上传渗透
ext := strings.ToLower(filepath.Ext(fileHeader.Filename))
validExts := map[string]bool{
".jpg": true, ".jpeg": true, ".png": true,
".gif": true, ".webp": true, ".svg": true, ".bmp": true,
}
if !validExts[ext] {
c.JSON(http.StatusUnsupportedMediaType, gin.H{
"code": 415,
"message": "仅支持上传图片格式jpg/png/gif/webp/svg/bmp。",
})
return
}
contentType := fileHeader.Header.Get("Content-Type")
if !strings.HasPrefix(contentType, "image/") {
c.JSON(http.StatusUnsupportedMediaType, gin.H{
"code": 415,
"message": "不支持的 Content-Type 类型。",
})
return
}
log.Printf("准备上传文件: %s", fileHeader.Filename)
fileInfo, err := h.uploadSvc.UploadFile(fileHeader)
if err != nil {
log.Printf("上传业务失败: %v", err)
c.JSON(http.StatusInternalServerError, gin.H{
"code": 500,
"message": err.Error(),
})
return
}
// 适配外部图床响应。ShareX/PicGo 中可以通过 json_path 指定取 url
c.JSON(http.StatusOK, gin.H{
"code": 0,
"message": "success",
"data": fileInfo,
"url": fileInfo.UserSelfURL,
})
}

178
internal/pan123/client.go Normal file
View File

@@ -0,0 +1,178 @@
package pan123
import (
"bytes"
"encoding/json"
"fmt"
"io"
"net/http"
"sync"
"time"
)
const (
APIBaseURL = "https://open-api.123pan.com"
UploadBaseURL = "https://open-api.123pan.com"
PlatformName = "open_platform"
)
type Client struct {
httpClient *http.Client
clientID string
clientSecret string
mu sync.RWMutex
token string
expiredAt time.Time
}
// NewClient 初始化 123pan API 的定制化客户端
func NewClient(clientID, clientSecret string) *Client {
return &Client{
httpClient: &http.Client{
Timeout: 30 * time.Second, // 设置超时防阻塞
},
clientID: clientID,
clientSecret: clientSecret,
}
}
// getToken 安全获取当前有效的 token必要时自动刷新并缓存
func (c *Client) getToken() (string, error) {
c.mu.RLock()
// 提前 5 分钟刷新以防恰好在请求过程中过期
if c.token != "" && time.Now().Before(c.expiredAt.Add(-5*time.Minute)) {
t := c.token
c.mu.RUnlock()
return t, nil
}
c.mu.RUnlock()
c.mu.Lock()
defer c.mu.Unlock()
// 双重检查锁定
if c.token != "" && time.Now().Before(c.expiredAt.Add(-5*time.Minute)) {
return c.token, nil
}
reqBody := AccessTokenReq{
ClientID: c.clientID,
ClientSecret: c.clientSecret,
}
b, _ := json.Marshal(reqBody)
req, err := http.NewRequest("POST", APIBaseURL+"/api/v1/access_token", bytes.NewReader(b))
if err != nil {
return "", fmt.Errorf("create token request error: %w", err)
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Platform", PlatformName)
resp, err := c.httpClient.Do(req)
if err != nil {
return "", fmt.Errorf("http execute token request failed: %w", err)
}
defer resp.Body.Close()
var apiResp BaseResp
if err := json.NewDecoder(resp.Body).Decode(&apiResp); err != nil {
return "", fmt.Errorf("decode token response error: %w", err)
}
if apiResp.Code != 0 {
return "", fmt.Errorf("123pan API error (get token), code: %d, msg: %s", apiResp.Code, apiResp.Message)
}
var data AccessTokenRespData
if err := json.Unmarshal(apiResp.Data, &data); err != nil {
return "", fmt.Errorf("decode AccessTokenRespData error: %w", err)
}
exp, err := time.Parse(time.RFC3339, data.ExpiredAt)
if err != nil {
// 解析失败时给个保守过期时间
exp = time.Now().Add(2 * time.Hour)
}
c.token = data.AccessToken
c.expiredAt = exp
return c.token, nil
}
// DoJSONRequest 发起基于 JSON 的标准请求,并自动装配所需的三大件 Header
func (c *Client) DoJSONRequest(method, url string, body interface{}, target interface{}) error {
var bodyReader io.Reader
if body != nil {
b, err := json.Marshal(body)
if err != nil {
return fmt.Errorf("marshal request body error: %w", err)
}
bodyReader = bytes.NewReader(b)
}
req, err := http.NewRequest(method, url, bodyReader)
if err != nil {
return fmt.Errorf("create request error: %w", err)
}
token, err := c.getToken()
if err != nil {
return fmt.Errorf("获取 123pan AccessToken 失败: %w", err)
}
// 123pan 开放平台标准 Header 规范
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Platform", PlatformName)
req.Header.Set("Authorization", "Bearer "+token)
resp, err := c.httpClient.Do(req)
if err != nil {
return fmt.Errorf("http request failed: %w", err)
}
defer resp.Body.Close()
respBytes, err := io.ReadAll(resp.Body)
if err != nil {
return fmt.Errorf("read response body error: %w", err)
}
if resp.StatusCode < 200 || resp.StatusCode >= 300 {
return fmt.Errorf("http status code error %d, body: %s", resp.StatusCode, string(respBytes))
}
// 反序列化 123pan 返回的整体数据 (BaseResp 格式需在调用该处的人自己指定或由外包装封入)
if target != nil {
if err := json.Unmarshal(respBytes, target); err != nil {
return fmt.Errorf("unmarshal response error: %w, payload: %s", err, string(respBytes))
}
}
return nil
}
// DoRawPUT 对于实际的分片数据上传,需要剥离 Auth 头部并发起干净的 PUT 请求
func (c *Client) DoRawPUT(url string, data io.Reader, size int64) error {
req, err := http.NewRequest("PUT", url, data)
if err != nil {
return fmt.Errorf("create put request error: %w", err)
}
// 对于纯二进制上传必须准确标注 Content-Type 和 Length
req.Header.Set("Content-Type", "application/octet-stream")
req.ContentLength = size
// 文档强调: PUT请求的header中请不要携带Authorization、Platform参数
resp, err := c.httpClient.Do(req)
if err != nil {
return fmt.Errorf("http put execute error: %w", err)
}
defer resp.Body.Close()
if resp.StatusCode < 200 || resp.StatusCode >= 300 {
respBytes, _ := io.ReadAll(resp.Body)
return fmt.Errorf("http error code %d during PUT upload, body: %s", resp.StatusCode, string(respBytes))
}
return nil
}

54
internal/pan123/file.go Normal file
View File

@@ -0,0 +1,54 @@
package pan123
import (
"encoding/json"
"fmt"
)
// GetFileList 获取某个目录下面的(图片)文件列表
func (c *Client) GetFileList(parentFileID string, limit int, lastFileID string) ([]FileItem, string, error) {
reqBody := FileListReq{
ParentFileID: parentFileID,
Limit: limit,
LastFileID: lastFileID,
Type: 1,
}
var resp BaseResp
// 注意这里文档使用的是 APIBaseURL + /api/v1/oss/file/list
err := c.DoJSONRequest("POST", APIBaseURL+"/api/v1/oss/file/list", reqBody, &resp)
if err != nil {
return nil, "", err
}
if resp.Code != 0 {
return nil, "", fmt.Errorf("123pan API error (list files), code: %d, msg: %s", resp.Code, resp.Message)
}
var data FileListRespData
if err := json.Unmarshal(resp.Data, &data); err != nil {
return nil, "", fmt.Errorf("fail to decode file list data: %w", err)
}
return data.FileList, data.LastFileID, nil
}
// DeleteFiles 根据 FileIDs 数组批量/单点删除远程文件
func (c *Client) DeleteFiles(fileIDs []string) error {
reqBody := DeleteFileReq{
FileIDs: fileIDs,
}
var resp BaseResp
// 删除接口使用的是 /api/v1/oss/file/delete
err := c.DoJSONRequest("POST", APIBaseURL+"/api/v1/oss/file/delete", reqBody, &resp)
if err != nil {
return err
}
if resp.Code != 0 {
return fmt.Errorf("123pan API error (delete file), code: %d, msg: %s", resp.Code, resp.Message)
}
return nil
}

106
internal/pan123/model.go Normal file
View File

@@ -0,0 +1,106 @@
package pan123
import "encoding/json"
// BaseResp 123pan API 统一响应的包裹格式
type BaseResp struct {
Code int `json:"code"`
Message string `json:"message"`
Data json.RawMessage `json:"data"` // 延迟解析真实的业务数据
}
// ----------- 核心:图床上传五步相关 -----------
// CreateFileReq 步骤1创建文件申报
type CreateFileReq struct {
ParentFileID string `json:"parentFileID"` // 必填,填图床专属目录
Filename string `json:"filename"`
Etag string `json:"etag"` // 必须填文件内容的真实 MD5
Size int64 `json:"size"` // 文件大小
Type int `json:"type"` // 固定填 1
}
type CreateFileRespData struct {
FileID string `json:"fileID"`
Reuse bool `json:"reuse"` // 为 true 的话说明发生秒传,直接上传成功
PreuploadID string `json:"preuploadID"` // 若需上传分配的 ID
SliceSize int64 `json:"sliceSize"` // 要求分块的尺寸
}
// GetUploadURLReq 步骤2获取真正可以上传分片的直链 URL
type GetUploadURLReq struct {
PreuploadID string `json:"preuploadID"`
SliceNo int `json:"sliceNo"` // 从 1 开始一直自增
}
type GetUploadURLRespData struct {
PresignedURL string `json:"presignedURL"` // 这个 URL 需要通过纯 PUT 来访问
IsMultipart bool `json:"isMultipart"`
}
// UploadCompleteReq 步骤4文件所有切片 PUT 完成后,报告已传完
type UploadCompleteReq struct {
PreuploadID string `json:"preuploadID"`
}
type UploadCompleteRespData struct {
FileID string `json:"fileID"`
Async bool `json:"async"` // 如果是 true说明它需要排队处理我们得进行步骤5轮询
Completed bool `json:"completed"`
}
// UploadAsyncResultReq 步骤5轮询是否最终真正落盘完毕
type UploadAsyncResultReq struct {
PreuploadID string `json:"preuploadID"`
}
type UploadAsyncResultRespData struct {
Completed bool `json:"completed"`
FileID string `json:"fileID"`
}
// ----------- 图床查询与管理相关 -----------
// FileListReq 取文件列表
type FileListReq struct {
ParentFileID string `json:"parentFileId"`
Limit int `json:"limit"` // 最大不能超过 100
LastFileID string `json:"lastFileId,omitempty"` // 用于分页,如果是第一页直接留空
Type int `json:"type"` // 固定填 1
}
type FileItem struct {
FileID string `json:"fileId"`
Filename string `json:"filename"`
Size int64 `json:"size"`
Etag string `json:"etag"`
Status int `json:"status"`
CreateAt string `json:"createAt"`
DownloadURL string `json:"downloadURL"` // 防盗链 URL
UserSelfURL string `json:"userSelfURL"` // 自定义域名下发 URL
}
type FileListRespData struct {
LastFileID string `json:"lastFileId"` // 若为 -1 代表没有下一页
FileList []FileItem `json:"fileList"`
}
// DeleteFileReq 删除指定的文件(可以是批量)
type DeleteFileReq struct {
FileIDs []string `json:"fileIDs"` // 数组不能超过 100 长度限制
}
// ----------- 鉴权相关 -----------
// AccessTokenReq 获取凭证请求
type AccessTokenReq struct {
ClientID string `json:"clientID"`
ClientSecret string `json:"clientSecret"`
}
// AccessTokenRespData 获取凭证的回复 Data
type AccessTokenRespData struct {
AccessToken string `json:"accessToken"`
ExpiredAt string `json:"expiredAt"`
}

108
internal/pan123/upload.go Normal file
View File

@@ -0,0 +1,108 @@
package pan123
import (
"encoding/json"
"fmt"
)
// CreateFile 步骤1: 创建文件/发卷预申报。123pan 会下发预上传 IDpreuploadID或判定直接秒传。
func (c *Client) CreateFile(parentFileID, filename, etag string, size int64) (*CreateFileRespData, error) {
reqBody := CreateFileReq{
ParentFileID: parentFileID,
Filename: filename,
Etag: etag,
Size: size,
Type: 1,
}
var resp BaseResp
// 上传接口大部分挂在 UploadBaseURL + /upload/v1/xxx
err := c.DoJSONRequest("POST", UploadBaseURL+"/upload/v1/oss/file/create", reqBody, &resp)
if err != nil {
return nil, err
}
if resp.Code != 0 {
return nil, fmt.Errorf("123pan API error (create file), code: %d, msg: %s", resp.Code, resp.Message)
}
var data CreateFileRespData
if err := json.Unmarshal(resp.Data, &data); err != nil {
return nil, fmt.Errorf("decode create_file data error: %w", err)
}
return &data, nil
}
// GetUploadURL 步骤2: 凭借传入的 preuploadID 及 切片编号(对于整体直接设为1即可) 换取可以真正上传二进制的预签名 URL。
func (c *Client) GetUploadURL(preuploadID string, sliceNo int) (*GetUploadURLRespData, error) {
reqBody := GetUploadURLReq{
PreuploadID: preuploadID,
SliceNo: sliceNo,
}
var resp BaseResp
err := c.DoJSONRequest("POST", UploadBaseURL+"/upload/v1/oss/file/get_upload_url", reqBody, &resp)
if err != nil {
return nil, err
}
if resp.Code != 0 {
return nil, fmt.Errorf("123pan API error (get upload url), code: %d, msg: %s", resp.Code, resp.Message)
}
var data GetUploadURLRespData
if err := json.Unmarshal(resp.Data, &data); err != nil {
return nil, fmt.Errorf("decode get_upload_url data error: %w", err)
}
return &data, nil
}
// UploadComplete 步骤4 (由于步骤3是调用泛化的 DoRawPUT 进行的纯数据上传): 当步骤3全部走完时调用此 API 宣告物理上传完毕
func (c *Client) UploadComplete(preuploadID string) (*UploadCompleteRespData, error) {
reqBody := UploadCompleteReq{
PreuploadID: preuploadID,
}
var resp BaseResp
err := c.DoJSONRequest("POST", UploadBaseURL+"/upload/v1/oss/file/upload_complete", reqBody, &resp)
if err != nil {
return nil, err
}
if resp.Code != 0 {
return nil, fmt.Errorf("123pan API error (upload complete), code: %d, msg: %s", resp.Code, resp.Message)
}
var data UploadCompleteRespData
if err := json.Unmarshal(resp.Data, &data); err != nil {
return nil, fmt.Errorf("decode upload_complete data error: %w", err)
}
return &data, nil
}
// CheckAsyncResult 步骤5 (如需): 若上一步返回的数据指出 async == true 且 completed == false那么需轮询此 API
func (c *Client) CheckAsyncResult(preuploadID string) (*UploadAsyncResultRespData, error) {
reqBody := UploadAsyncResultReq{
PreuploadID: preuploadID,
}
var resp BaseResp
err := c.DoJSONRequest("POST", UploadBaseURL+"/upload/v1/oss/file/upload_async_result", reqBody, &resp)
if err != nil {
return nil, err
}
if resp.Code != 0 {
return nil, fmt.Errorf("123pan API error (async result query), code: %d, msg: %s", resp.Code, resp.Message)
}
var data UploadAsyncResultRespData
if err := json.Unmarshal(resp.Data, &data); err != nil {
return nil, fmt.Errorf("decode async_result data error: %w", err)
}
return &data, nil
}

View File

@@ -0,0 +1,47 @@
package service
import (
"fmt"
"strings"
"imagehost/internal/config"
"imagehost/internal/pan123"
)
type ImageService struct {
client *pan123.Client
}
func NewImageService(client *pan123.Client) *ImageService {
return &ImageService{client: client}
}
// GetImageItems 获取图床列表格式化信息
func (s *ImageService) GetImageItems() ([]pan123.FileItem, error) {
// 获取前 100 张即可
items, _, err := s.client.GetFileList(config.GlobalConfig.ParentFileID, 100, "")
if err != nil {
return nil, fmt.Errorf("获取列表异常: %w", err)
}
domain := strings.TrimRight(config.GlobalConfig.CustomDomain, "/")
// 格式化清理,如果有设置自定义解析,则将直链全部附魔为指定域名
for i := range items {
// 如果 123pan 源生返回了 userSelfURL可以优先。如果没有且我们配了 custom_domain尝试通过拼接提供后备访问链
if items[i].UserSelfURL == "" && domain != "" {
// 一些简易替换,具体规则需按你在 123pan 的直链白名单空间里设置来调整
items[i].UserSelfURL = fmt.Sprintf("%s/%s", domain, items[i].Filename)
}
}
return items, nil
}
// DeleteImages 删除单张或多张
func (s *ImageService) DeleteImages(ids []string) error {
if len(ids) == 0 {
return nil
}
return s.client.DeleteFiles(ids)
}

View File

@@ -0,0 +1,126 @@
package service
import (
"crypto/md5"
"fmt"
"io"
"log"
"mime/multipart"
"strings"
"time"
"imagehost/internal/config"
"imagehost/internal/pan123"
)
type UploadService struct {
client *pan123.Client
}
func NewUploadService(client *pan123.Client) *UploadService {
return &UploadService{client: client}
}
// UploadFile 处理单一文件的五步上传编排
func (s *UploadService) UploadFile(fileHeader *multipart.FileHeader) (pan123.FileItem, error) {
file, err := fileHeader.Open()
if err != nil {
return pan123.FileItem{}, fmt.Errorf("打开分段文件失败: %w", err)
}
defer file.Close()
// 【致命漏洞修复】使用流式处理替换无痛但高危的被动全量加载 (ReadAll)
h := md5.New()
if _, err := io.Copy(h, file); err != nil {
return pan123.FileItem{}, fmt.Errorf("动态计算文件 MD5 失败: %w", err)
}
etag := fmt.Sprintf("%x", h.Sum(nil))
size := fileHeader.Size
// 重置读取游标,准备让底层的 123pan.Client 直传该 file IO 节点
file.Seek(0, io.SeekStart)
fileName := fileHeader.Filename
var fileID string
// 步骤 1: 创建文件申报
createResp, err := s.client.CreateFile(config.GlobalConfig.ParentFileID, fileName, etag, size)
if err != nil {
return pan123.FileItem{}, fmt.Errorf("123pan 发送申报异常: %w", err)
}
if createResp.Reuse {
// 秒传命中
fileID = createResp.FileID
log.Printf("[上传] 文件 %s 命中服务器秒传!", fileName)
} else {
// 没有秒传,需要物理 PUT 上传切片
preuploadID := createResp.PreuploadID
// 步骤 2: 获取签发 URL
urlResp, err := s.client.GetUploadURL(preuploadID, 1)
if err != nil {
return pan123.FileItem{}, fmt.Errorf("123pan 获取直传地址失败: %w", err)
}
log.Printf("[上传] 开始推送 %s 到 123pan (大小: %d bytes)...", fileName, size)
// 步骤 3: 真正的二进制推送 (此处直接透传管道 file坚决不在 RAM 内过境缓存!)
err = s.client.DoRawPUT(urlResp.PresignedURL, file, size)
if err != nil {
return pan123.FileItem{}, fmt.Errorf("123pan 数据切片推送失败: %w", err)
}
// 步骤 4: 推送完毕申报
completeResp, err := s.client.UploadComplete(preuploadID)
if err != nil {
return pan123.FileItem{}, fmt.Errorf("123pan 汇报上传完结失败: %w", err)
}
// 判决处理策略
if completeResp.Completed {
fileID = completeResp.FileID
} else if completeResp.Async {
// 步骤 5: 异步轮询 (最大容忍 20s)
log.Printf("[上传] 123pan 正在后端异步处理合并 %s...", fileName)
for i := 0; i < 20; i++ {
time.Sleep(1 * time.Second)
asyncResp, err := s.client.CheckAsyncResult(preuploadID)
if err != nil {
log.Printf("轮询报错 (将继续尝试): %v", err)
continue
}
if asyncResp.Completed {
fileID = asyncResp.FileID
break
}
}
if fileID == "" {
return pan123.FileItem{}, fmt.Errorf("123pan 异步处理落盘超时")
}
} else {
return pan123.FileItem{}, fmt.Errorf("123pan 返回的完结状态不能被理解: %v", completeResp)
}
}
log.Printf("[上传] 文件 %s 整体保存完毕, ID: %s", fileName, fileID)
// 根据图床需求,组装格式化的信息,此时可返回。
// 这里通过自定义协议拼接URL假若没有详情API能立即获取。或者使用 FileID 查询)
downloadURL := ""
if config.GlobalConfig.CustomDomain != "" {
// 假设其静态资源访问域名形式为 domain/fileID/filename 或者是普通形式。
// 大部分直链空间只需: customDomain / fileName / file_id
// 作为通用兼容处理,如果直链域名未配特定的子径,先假设能直接根据路径拼接,具体的按实际调整。
domain := strings.TrimRight(config.GlobalConfig.CustomDomain, "/")
downloadURL = fmt.Sprintf("%s/%s", domain, fileName)
}
return pan123.FileItem{
FileID: fileID,
Filename: fileName,
Size: size,
Etag: etag,
DownloadURL: downloadURL,
UserSelfURL: downloadURL, // 我们以此值为向外暴露的主要直链URL
}, nil
}

407
static/css/style.css Normal file
View File

@@ -0,0 +1,407 @@
:root {
--bg-color: #0b0f19;
--primary-color: #8b5cf6;
--secondary-color: #3b82f6;
--text-main: #f8fafc;
--text-muted: #94a3b8;
--glass-bg: rgba(30, 41, 59, 0.4);
--glass-border: rgba(255, 255, 255, 0.08);
--danger-color: #ef4444;
}
* {
box-sizing: border-box;
margin: 0;
padding: 0;
}
body {
font-family: 'Inter', sans-serif;
background-color: var(--bg-color);
color: var(--text-main);
min-height: 100vh;
/* 精致优美的星云紫极晕背景特效 */
background-image:
radial-gradient(circle at 15% 50%, rgba(139, 92, 246, 0.15), transparent 25%),
radial-gradient(circle at 85% 30%, rgba(59, 130, 246, 0.15), transparent 25%);
}
.app-container {
max-width: 1200px;
margin: 0 auto;
padding: 2rem;
}
/* 现代化的拟态玻璃控制板基础抽离 */
.glass-panel {
background: var(--glass-bg);
backdrop-filter: blur(12px);
-webkit-backdrop-filter: blur(12px);
border: 1px solid var(--glass-border);
border-radius: 16px;
}
.glass-nav {
display: flex;
justify-content: space-between;
align-items: center;
padding: 1.5rem 2rem;
background: rgba(15, 23, 42, 0.6);
backdrop-filter: blur(16px);
border-radius: 20px;
border: 1px solid rgba(255, 255, 255, 0.05);
margin-bottom: 3rem;
box-shadow: 0 4px 30px rgba(0, 0, 0, 0.1);
}
.gradient-text {
background: linear-gradient(to right, var(--primary-color), var(--secondary-color));
-webkit-background-clip: text;
background-clip: text;
-webkit-text-fill-color: transparent;
font-weight: 700;
}
.logo {
font-size: 1.5rem;
font-weight: 600;
letter-spacing: -0.5px;
}
.stats {
font-size: 0.9rem;
color: var(--text-muted);
font-weight: 600;
background: rgba(255, 255, 255, 0.05);
padding: 0.5rem 1rem;
border-radius: 20px;
transition: all 0.2s;
}
.stats:hover {
background: rgba(255, 255, 255, 0.1);
}
/* === 上传拖拽交互区 === */
.upload-section {
margin-bottom: 4rem;
}
.drop-zone {
border: 2px dashed rgba(139, 92, 246, 0.4);
padding: 4rem 2rem;
text-align: center;
cursor: pointer;
transition: all 0.3s cubic-bezier(0.4, 0, 0.2, 1);
position: relative;
overflow: hidden;
}
.drop-zone:hover, .drop-zone.drag-over {
border-color: var(--primary-color);
background: rgba(139, 92, 246, 0.05);
transform: translateY(-2px);
box-shadow: 0 10px 40px rgba(139, 92, 246, 0.1);
}
.drop-content {
pointer-events: none;
}
.upload-icon {
width: 64px;
height: 64px;
margin-bottom: 1.5rem;
color: var(--primary-color);
transition: transform 0.3s ease;
}
.drop-zone:hover .upload-icon {
transform: translateY(-5px);
}
.drop-zone h3 {
font-size: 1.25rem;
margin-bottom: 0.5rem;
font-weight: 600;
}
.drop-zone p {
color: var(--text-muted);
}
.highlight {
color: var(--secondary-color);
font-weight: 600;
}
/* 任务列队管理器 */
.upload-queue {
margin-top: 1rem;
display: flex;
flex-direction: column;
gap: 0.5rem;
}
.queue-item {
background: rgba(255, 255, 255, 0.03);
border: 1px solid var(--glass-border);
padding: 1rem;
border-radius: 12px;
display: flex;
justify-content: space-between;
align-items: center;
font-size: 0.85rem;
animation: slideIn 0.3s ease;
}
@keyframes slideIn {
from { opacity: 0; transform: translateY(-10px); }
to { opacity: 1; transform: translateY(0); }
}
.loader {
width: 20px;
height: 20px;
border: 2px solid rgba(255,255,255,0.1);
border-left-color: var(--primary-color);
border-radius: 50%;
animation: spin 1s linear infinite;
}
@keyframes spin {
0% { transform: rotate(0deg); }
100% { transform: rotate(360deg); }
}
/* === 在线画廊瀑布流区 === */
.gallery-header {
display: flex;
justify-content: space-between;
align-items: center;
margin-bottom: 2rem;
}
.gallery-header h2 {
font-size: 1.5rem;
font-weight: 600;
}
.glass-btn {
background: rgba(255, 255, 255, 0.05);
color: white;
border: 1px solid var(--glass-border);
padding: 0.5rem 1.25rem;
border-radius: 8px;
cursor: pointer;
font-weight: 600;
font-family: inherit;
transition: all 0.2s ease;
}
.glass-btn:hover {
background: rgba(255, 255, 255, 0.1);
}
/* Grid 网格,支持自适应响应列数卡片缩放 */
.gallery-grid {
display: grid;
grid-template-columns: repeat(auto-fill, minmax(280px, 1fr));
gap: 1.5rem;
}
.img-card {
position: relative;
border-radius: 16px;
overflow: hidden;
aspect-ratio: 1;
background: var(--glass-bg);
border: 1px solid var(--glass-border);
box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
transition: transform 0.3s ease, box-shadow 0.3s ease;
animation: fadeIn 0.5s ease-out;
}
@keyframes fadeIn {
from { opacity: 0; transform: scale(0.95); }
to { opacity: 1; transform: scale(1); }
}
.img-card:hover {
transform: translateY(-5px);
box-shadow: 0 12px 24px rgba(0, 0, 0, 0.3);
}
.img-card img {
width: 100%;
height: 100%;
object-fit: cover;
transition: transform 0.5s ease;
}
.img-card:hover img {
transform: scale(1.05);
}
/* 动效遮罩层与动作拦截 */
.card-overlay {
position: absolute;
inset: 0;
background: linear-gradient(to top, rgba(0,0,0,0.8) 0%, rgba(0,0,0,0.2) 50%, rgba(0,0,0,0) 100%);
opacity: 0;
transition: opacity 0.3s ease;
display: flex;
flex-direction: column;
justify-content: flex-end;
padding: 1.5rem;
}
.img-card:hover .card-overlay {
opacity: 1;
}
.card-info {
font-size: 0.8rem;
margin-bottom: 1rem;
color: rgba(255, 255, 255, 0.8);
white-space: nowrap;
overflow: hidden;
text-overflow: ellipsis;
}
.card-actions {
display: flex;
gap: 0.5rem;
}
.btn-action {
flex: 1;
padding: 0.5rem;
border: none;
border-radius: 8px;
font-size: 0.8rem;
font-weight: 600;
cursor: pointer;
backdrop-filter: blur(4px);
transition: all 0.2s ease;
color: white;
}
.btn-copy {
background: rgba(59, 130, 246, 0.8);
}
.btn-copy:hover {
background: rgba(59, 130, 246, 1);
}
.btn-del {
background: rgba(239, 68, 68, 0.8);
}
.btn-del:hover {
background: rgba(239, 68, 68, 1);
}
/* === 全局系统 Toast 弹窗通知 === */
.toast-container {
position: fixed;
bottom: 2rem;
right: 2rem;
display: flex;
flex-direction: column;
gap: 0.5rem;
z-index: 9999;
}
.toast {
background: rgba(15, 23, 42, 0.9);
backdrop-filter: blur(8px);
border: 1px solid var(--glass-border);
border-left: 4px solid var(--secondary-color);
color: white;
padding: 1rem 1.5rem;
border-radius: 8px;
box-shadow: 0 10px 25px rgba(0,0,0,0.2);
animation: slideInRight 0.3s cubic-bezier(0.2, 0.8, 0.2, 1) forwards;
}
.toast.success { border-left-color: #10b981; }
.toast.error { border-left-color: var(--danger-color); }
@keyframes slideInRight {
from { opacity: 0; transform: translateX(50px); }
to { opacity: 1; transform: translateX(0); }
}
@keyframes slideOutRight {
from { opacity: 1; transform: translateX(0); }
to { opacity: 0; transform: translateX(50px); }
}
/* === 安全鉴权系统界面 === */
.auth-modal {
position: fixed;
inset: 0;
background: rgba(5, 7, 12, 0.9);
backdrop-filter: blur(20px);
-webkit-backdrop-filter: blur(20px);
z-index: 10000;
display: flex;
justify-content: center;
align-items: center;
animation: fadeIn 0.3s ease;
}
.auth-box {
padding: 3rem;
text-align: center;
max-width: 440px;
width: 90%;
border-top: 3px solid var(--primary-color);
box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.5), 0 0 40px rgba(139, 92, 246, 0.1);
}
.auth-box h2 {
margin-bottom: 1rem;
color: var(--primary-color);
}
.auth-box p {
color: var(--text-muted);
font-size: 0.95rem;
margin-bottom: 2rem;
line-height: 1.6;
}
.auth-box input {
width: 100%;
padding: 1rem 1.25rem;
margin-bottom: 1.5rem;
background: rgba(0, 0, 0, 0.4);
border: 1px solid var(--glass-border);
color: white;
border-radius: 8px;
font-size: 1rem;
outline: none;
transition: all 0.3s ease;
font-family: inherit;
text-align: center;
letter-spacing: 2px;
}
.auth-box input:focus {
border-color: var(--primary-color);
box-shadow: 0 0 15px rgba(139, 92, 246, 0.2);
}
.btn-primary {
background: var(--primary-color);
color: white;
width: 100%;
padding: 1rem;
font-size: 1rem;
margin-top: 0.5rem;
}
.btn-primary:hover {
background: #7c3aed;
box-shadow: 0 0 15px rgba(139, 92, 246, 0.4);
}

69
static/index.html Normal file
View File

@@ -0,0 +1,69 @@
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>123pan | 私人图床</title>
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;600;700&display=swap" rel="stylesheet">
<link rel="stylesheet" href="/static/css/style.css">
</head>
<body>
<div class="app-container">
<!-- 顶部控制台 -->
<header class="glass-nav">
<div class="logo">
<span class="gradient-text">123pan</span> 私人图床
</div>
<div class="stats" id="stats-counter" onclick="showAuthModal()" style="cursor: pointer" title="点击重新配置密钥">加载中...</div>
</header>
<main>
<!-- 上传交互区 -->
<section class="upload-section">
<div class="drop-zone glass-panel" id="drop-zone">
<input type="file" id="file-input" multiple accept=".jpg,.jpeg,.png,.gif,.webp,.svg,.bmp" hidden>
<div class="drop-content">
<svg class="upload-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
<path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"></path>
<polyline points="17 8 12 3 7 8"></polyline>
<line x1="12" y1="3" x2="12" y2="15"></line>
</svg>
<h3>拖拽图片至此处上传</h3>
<p>支持拖拽、<span class="highlight">Ctrl+V 粘贴</span> 或直接点击选择</p>
</div>
</div>
<!-- 进度状态管理 -->
<div id="upload-queue" class="upload-queue"></div>
</section>
<!-- 在线相册与直链瀑布流视图 -->
<section class="gallery-section">
<div class="gallery-header">
<h2>相册空间</h2>
<button class="btn-refresh glass-btn" onclick="loadImages()">
刷新列表
</button>
</div>
<div class="gallery-grid" id="gallery-grid">
<!-- 通过前端 JS 渲染 DOM 插入 -->
</div>
</section>
</main>
</div>
<!-- 优美的右下角弹窗 -->
<div id="toast-container" class="toast-container"></div>
<!-- 授权解锁终端 -->
<div id="auth-modal" class="auth-modal" style="display: none;">
<div class="auth-box glass-panel">
<h2>🔒 身份验证</h2>
<p>系统已开启安全保护。<br>请输入您在配置中设置的 api_token 以继续。</p>
<input type="password" id="auth-input" placeholder="请输入 API Token..." />
<button class="glass-btn btn-primary" onclick="saveAuth()">确认验证</button>
</div>
</div>
<script src="/static/js/main.js"></script>
</body>
</html>

244
static/js/main.js Normal file
View File

@@ -0,0 +1,244 @@
let apiToken = localStorage.getItem('pan_api_token') || '';
// 代理 fetch 请求注入凭证
const originalFetch = window.fetch;
window.fetch = async function () {
let [resource, config] = arguments;
if (!config) config = {};
if (!config.headers) config.headers = {};
if (apiToken) {
config.headers['Authorization'] = `Bearer ${apiToken}`;
}
const response = await originalFetch(resource, config);
if (response.status === 403) {
showAuthModal();
}
return response;
};
// 身份验证逻辑
function showAuthModal() {
document.getElementById('auth-modal').style.display = 'flex';
}
function saveAuth() {
const val = document.getElementById('auth-input').value;
if (val) {
localStorage.setItem('pan_api_token', val);
apiToken = val;
document.getElementById('auth-modal').style.display = 'none';
showToast('身份验证成功', 'success');
document.getElementById('auth-input').value = '';
loadImages();
} else {
showToast('Token 不能为空', 'error');
}
}
document.addEventListener('DOMContentLoaded', () => {
initDragAndDrop();
loadImages();
});
// Toast 全局提示
function showToast(message, type = 'info') {
const container = document.getElementById('toast-container');
const toast = document.createElement('div');
toast.className = `toast ${type}`;
toast.textContent = message;
container.appendChild(toast);
setTimeout(() => {
toast.style.animation = 'slideOutRight 0.3s ease forwards';
setTimeout(() => toast.remove(), 300);
}, 3000);
}
// 拖拽与剪贴板处理
function initDragAndDrop() {
const dropZone = document.getElementById('drop-zone');
const fileInput = document.getElementById('file-input');
dropZone.addEventListener('click', () => fileInput.click());
fileInput.addEventListener('change', (e) => {
handleFiles(e.target.files);
e.target.value = '';
});
['dragenter', 'dragover', 'dragleave', 'drop'].forEach(eventName => {
dropZone.addEventListener(eventName, preventDefaults, false);
});
['dragenter', 'dragover'].forEach(eventName => {
dropZone.addEventListener(eventName, () => dropZone.classList.add('drag-over'), false);
});
['dragleave', 'drop'].forEach(eventName => {
dropZone.addEventListener(eventName, () => dropZone.classList.remove('drag-over'), false);
});
dropZone.addEventListener('drop', (e) => {
const dt = e.dataTransfer;
const files = dt.files;
handleFiles(files);
}, false);
// 全局剪贴板监听
document.addEventListener('paste', (e) => {
if (e.target.tagName === 'INPUT' || e.target.tagName === 'TEXTAREA') return;
const files = (e.clipboardData || window.clipboardData).files;
if (files && files.length > 0) {
e.preventDefault();
handleFiles(files);
showToast('正在上传剪贴板图片...', 'info');
}
});
}
function preventDefaults(e) {
e.preventDefault();
e.stopPropagation();
}
function handleFiles(files) {
const validFiles = Array.from(files).filter(f => f.type.startsWith('image/'));
if (validFiles.length === 0) {
showToast('仅支持上传图片格式', 'error');
return;
}
validFiles.forEach(uploadFile);
}
// 执行上传流程
async function uploadFile(file) {
const queue = document.getElementById('upload-queue');
const item = document.createElement('div');
item.className = 'queue-item';
item.innerHTML = `
<span>正在上传: ${file.name}</span>
<div class="loader"></div>
`;
queue.appendChild(item);
const formData = new FormData();
formData.append('file', file);
try {
const response = await fetch('/api/upload', {
method: 'POST',
body: formData
});
const result = await response.json();
item.style.animation = 'slideOutRight 0.3s forwards';
setTimeout(() => item.remove(), 300);
if (result.code === 0 || result.code === 200) {
showToast(`上传成功: ${file.name}`, 'success');
loadImages();
} else {
showToast(`上传失败: ${result.message || '未知错误'}`, 'error');
}
} catch (err) {
item.remove();
showToast(`网络错误: ${err.message}`, 'error');
}
}
// 画廊视图获取
async function loadImages() {
try {
const response = await fetch('/api/images');
if (response.status !== 200) {
if (response.status === 403) {
document.getElementById('stats-counter').textContent = '未授权验证';
}
return;
}
const result = await response.json();
if (result.code === 0 || result.code === 200) {
renderGallery(result.data || []);
document.getElementById('stats-counter').textContent = `${(result.data || []).length} 张图片`;
} else {
showToast(`加载失败: ${result.message}`, 'error');
document.getElementById('stats-counter').textContent = '获取失败';
}
} catch (err) {
showToast('网络连接异常', 'error');
document.getElementById('stats-counter').textContent = '离线';
}
}
// 侧信道XSS安全防备渲染
function renderGallery(images) {
const grid = document.getElementById('gallery-grid');
grid.innerHTML = '';
if (images.length === 0) {
grid.innerHTML = '<span style="color:var(--text-muted); font-size:14px;">暂无图片</span>';
return;
}
images.forEach(img => {
const kbSize = (img.size / 1024).toFixed(1);
const card = document.createElement('div');
card.className = 'img-card';
const finalUrl = img.url || img.origin_url;
const safeName = (img.name || '').replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#039;');
card.innerHTML = `
<img src="${finalUrl}" alt="${safeName}" loading="lazy" onerror="this.src='data:image/svg+xml,%3Csvg xmlns=\\'http://www.w3.org/2000/svg\\' viewBox=\\'0 0 24 24\\' fill=\\'%23ef4444\\'%3E%3Cpath d=\\'M12 22C6.477 22 2 17.523 2 12S6.477 2 12 2s10 4.477 10 10-4.477 10-10 10zm-1-7v2h2v-2h-2zm0-8v6h2V7h-2z\\'/%3E%3C/svg%3E';">
<div class="card-overlay">
<div class="card-info">
<strong>${safeName}</strong> <br/>
${kbSize} KB • ${new Date(img.created_at).toLocaleDateString()}
</div>
<div class="card-actions">
<button class="btn-action btn-copy" onclick="copyUrl('${finalUrl}')">复制链接</button>
<button class="btn-action btn-del" onclick="deleteImage('${img.id}', '${safeName}')">删除</button>
</div>
</div>
`;
grid.appendChild(card);
});
}
function copyUrl(url) {
navigator.clipboard.writeText(url).then(() => {
showToast('直链已复制到剪贴板', 'success');
}).catch(err => {
showToast('复制失败,请手动选取', 'error');
});
}
async function deleteImage(id, name) {
if (!confirm(`确定要永久删除图片 [${name}] 吗?`)) return;
try {
const response = await fetch(`/api/images/${id}`, { method: 'DELETE' });
if (response.status !== 200) return;
const result = await response.json();
if (result.code === 0 || result.code === 200) {
showToast(`[${name}] 已删除`, 'success');
loadImages();
} else {
showToast(`删除失败: ${result.message}`, 'error');
}
} catch (err) {
showToast('删除网络请求失败', 'error');
}
}

6
static/static.go Normal file
View File

@@ -0,0 +1,6 @@
package static
import "embed"
//go:embed index.html css js
var FS embed.FS