wangxuming/NianAIGC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add authenticated login and SSO protection

Browse Source
This commit is contained in:
inman
2026-05-29 15:54:13 +08:00
parent e36f28a668
commit 0648874801
50 changed files with 1853 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/api/assets/[id]/download/route.ts
View File

@@ -1,14 +1,16 @@
import { getAsset } from "@/lib/server/data-store";
import { jsonError } from "@/lib/server/api";
import { requireAppUser } from "@/lib/server/auth/current-user";
import { readAssetForDownload } from "@/lib/server/storage";
export const runtime = "nodejs";
export async function GET(_request: Request, context: { params: Promise<{ id: string }> }) {
try {
const user = await requireAppUser();
const { id } = await context.params;
const asset = await getAsset(id);
if (!asset) return jsonError("资产不存在", 404);
if (!asset || asset.ownerId !== user.id) return jsonError("资产不存在", 404);
const file = await readAssetForDownload(asset);
if (!file) return jsonError("资产文件不可下载", 404);
return new Response(new Uint8Array(file.bytes), {

5
app/api/assets/[id]/inpaint/route.ts
View File

@@ -1,5 +1,6 @@
import { getAsset } from "@/lib/server/data-store";
import { jsonError, jsonOk, readJsonBody } from "@/lib/server/api";
import { requireAppUser } from "@/lib/server/auth/current-user";
import { requestOrigin } from "@/lib/server/runtime";
import { saveMaskDataUrl } from "@/lib/server/storage";
import { submitImageJob } from "@/lib/server/generation-service";
@@ -8,9 +9,10 @@ export const runtime = "nodejs";
export async function POST(request: Request, context: { params: Promise<{ id: string }> }) {
try {
const user = await requireAppUser();
const { id } = await context.params;
const asset = await getAsset(id);
if (!asset) return jsonError(new Error("Asset not found."), 404);
if (!asset || asset.ownerId !== user.id) return jsonError(new Error("Asset not found."), 404);
const body = await readJsonBody<{
prompt?: string;
maskDataUrl?: string;
@@ -31,6 +33,7 @@ export async function POST(request: Request, context: { params: Promise<{ id: st
}
if (!maskUrl) throw new Error("maskDataUrl or maskUrl is required for inpainting.");
const job = await submitImageJob({
ownerId: user.id,
capability: "image.inpaint",
prompt: body.prompt || "删除",
imageUrls: [asset.url, maskUrl],

4
app/api/assets/[id]/route.ts
View File

@@ -1,14 +1,16 @@
import { deleteAsset, getAsset } from "@/lib/server/data-store";
import { jsonError, jsonOk } from "@/lib/server/api";
import { requireAppUser } from "@/lib/server/auth/current-user";
import { deleteStoredAsset } from "@/lib/server/storage";
export const runtime = "nodejs";
export async function DELETE(_request: Request, context: { params: Promise<{ id: string }> }) {
try {
const user = await requireAppUser();
const { id } = await context.params;
const asset = await getAsset(id);
if (!asset) return jsonError("资产不存在", 404);
if (!asset || asset.ownerId !== user.id) return jsonError("资产不存在", 404);
await deleteStoredAsset(asset);
await deleteAsset(id);
return jsonOk({ ok: true, deletedAssetId: id });

5
app/api/assets/[id]/upscale/route.ts
View File

@@ -1,5 +1,6 @@
import { getAsset } from "@/lib/server/data-store";
import { jsonError, jsonOk, readJsonBody } from "@/lib/server/api";
import { requireAppUser } from "@/lib/server/auth/current-user";
import { requestOrigin } from "@/lib/server/runtime";
import { submitImageJob } from "@/lib/server/generation-service";
@@ -7,14 +8,16 @@ export const runtime = "nodejs";
export async function POST(request: Request, context: { params: Promise<{ id: string }> }) {
try {
const user = await requireAppUser();
const { id } = await context.params;
const asset = await getAsset(id);
if (!asset) return jsonError(new Error("Asset not found."), 404);
if (!asset || asset.ownerId !== user.id) return jsonError(new Error("Asset not found."), 404);
const body = await readJsonBody<{
resolution?: "4k" | "8k";
scale?: number;
}>(request);
const job = await submitImageJob({
ownerId: user.id,
capability: "image.upscale",
imageUrls: [asset.url],
inputAssetIds: [asset.id],

8
app/api/assets/route.ts
View File

@@ -1,13 +1,14 @@
import { createAsset, listAssets } from "@/lib/server/data-store";
import { jsonError, jsonOk, readJsonBody } from "@/lib/server/api";
import { DEFAULT_OWNER_ID } from "@/lib/server/runtime";
import { requireAppUser } from "@/lib/server/auth/current-user";
import type { AssetKind } from "@/lib/types";
export const runtime = "nodejs";
export async function GET() {
try {
return jsonOk({ assets: await listAssets(DEFAULT_OWNER_ID) });
const user = await requireAppUser();
return jsonOk({ assets: await listAssets(user.id) });
} catch (error) {
return jsonError(error, 500);
}
@@ -22,9 +23,10 @@ export async function POST(request: Request) {
tags?: string[];
source?: "upload" | "generated" | "edited" | "upscaled" | "external" | "seed";
}>(request);
const user = await requireAppUser();
if (!body.url) throw new Error("url is required");
const asset = await createAsset({
ownerId: DEFAULT_OWNER_ID,
ownerId: user.id,
kind: body.kind || "image",
name: body.name || "外部图片",
url: body.url,

6
app/api/assets/upload/route.ts
View File

@@ -1,17 +1,19 @@
import { jsonError, jsonOk } from "@/lib/server/api";
import { DEFAULT_OWNER_ID, requestOrigin } from "@/lib/server/runtime";
import { requireAppUser } from "@/lib/server/auth/current-user";
import { requestOrigin } from "@/lib/server/runtime";
import { saveUploadAsset } from "@/lib/server/storage";
export const runtime = "nodejs";
export async function POST(request: Request) {
try {
const user = await requireAppUser();
const form = await request.formData();
const files = form.getAll("files").filter((item): item is File => item instanceof File);
if (!files.length) throw new Error("No files uploaded.");
const assets = await Promise.all(files.map(async (file) => {
return saveUploadAsset({
ownerId: DEFAULT_OWNER_ID,
ownerId: user.id,
bytes: Buffer.from(await file.arrayBuffer()),
fileName: file.name,
contentType: file.type || "application/octet-stream",