First commit

backend/internal/handler/admin/subscription_handler.go

+package admin
+
+import (
+	"strconv"
+
+	"sub2api/internal/model"
+	"sub2api/internal/pkg/response"
+	"sub2api/internal/repository"
+	"sub2api/internal/service"
+
+	"github.com/gin-gonic/gin"
+)
+
+// toResponsePagination converts repository.PaginationResult to response.PaginationResult
+func toResponsePagination(p *repository.PaginationResult) *response.PaginationResult {
+	if p == nil {
+		return nil
+	}
+	return &response.PaginationResult{
+		Total:    p.Total,
+		Page:     p.Page,
+		PageSize: p.PageSize,
+		Pages:    p.Pages,
+	}
+}
+
+// SubscriptionHandler handles admin subscription management
+type SubscriptionHandler struct {
+	subscriptionService *service.SubscriptionService
+}
+
+// NewSubscriptionHandler creates a new admin subscription handler
+func NewSubscriptionHandler(subscriptionService *service.SubscriptionService) *SubscriptionHandler {
+	return &SubscriptionHandler{
+		subscriptionService: subscriptionService,
+	}
+}
+
+// AssignSubscriptionRequest represents assign subscription request
+type AssignSubscriptionRequest struct {
+	UserID       int64  `json:"user_id" binding:"required"`
+	GroupID      int64  `json:"group_id" binding:"required"`
+	ValidityDays int    `json:"validity_days"`
+	Notes        string `json:"notes"`
+}
+
+// BulkAssignSubscriptionRequest represents bulk assign subscription request
+type BulkAssignSubscriptionRequest struct {
+	UserIDs      []int64 `json:"user_ids" binding:"required,min=1"`
+	GroupID      int64   `json:"group_id" binding:"required"`
+	ValidityDays int     `json:"validity_days"`
+	Notes        string  `json:"notes"`
+}
+
+// ExtendSubscriptionRequest represents extend subscription request
+type ExtendSubscriptionRequest struct {
+	Days int `json:"days" binding:"required,min=1"`
+}
+
+// List handles listing all subscriptions with pagination and filters
+// GET /api/v1/admin/subscriptions
+func (h *SubscriptionHandler) List(c *gin.Context) {
+	page, pageSize := response.ParsePagination(c)
+
+	// Parse optional filters
+	var userID, groupID *int64
+	if userIDStr := c.Query("user_id"); userIDStr != "" {
+		if id, err := strconv.ParseInt(userIDStr, 10, 64); err == nil {
+			userID = &id
+		}
+	}
+	if groupIDStr := c.Query("group_id"); groupIDStr != "" {
+		if id, err := strconv.ParseInt(groupIDStr, 10, 64); err == nil {
+			groupID = &id
+		}
+	}
+	status := c.Query("status")
+
+	subscriptions, pagination, err := h.subscriptionService.List(c.Request.Context(), page, pageSize, userID, groupID, status)
+	if err != nil {
+		response.InternalError(c, "Failed to list subscriptions: "+err.Error())
+		return
+	}
+
+	response.PaginatedWithResult(c, subscriptions, toResponsePagination(pagination))
+}
+
+// GetByID handles getting a subscription by ID
+// GET /api/v1/admin/subscriptions/:id
+func (h *SubscriptionHandler) GetByID(c *gin.Context) {
+	subscriptionID, err := strconv.ParseInt(c.Param("id"), 10, 64)
+	if err != nil {
+		response.BadRequest(c, "Invalid subscription ID")
+		return
+	}
+
+	subscription, err := h.subscriptionService.GetByID(c.Request.Context(), subscriptionID)
+	if err != nil {
+		response.NotFound(c, "Subscription not found")
+		return
+	}
+
+	response.Success(c, subscription)
+}
+
+// GetProgress handles getting subscription usage progress
+// GET /api/v1/admin/subscriptions/:id/progress
+func (h *SubscriptionHandler) GetProgress(c *gin.Context) {
+	subscriptionID, err := strconv.ParseInt(c.Param("id"), 10, 64)
+	if err != nil {
+		response.BadRequest(c, "Invalid subscription ID")
+		return
+	}
+
+	progress, err := h.subscriptionService.GetSubscriptionProgress(c.Request.Context(), subscriptionID)
+	if err != nil {
+		response.NotFound(c, "Subscription not found")
+		return
+	}
+
+	response.Success(c, progress)
+}
+
+// Assign handles assigning a subscription to a user
+// POST /api/v1/admin/subscriptions/assign
+func (h *SubscriptionHandler) Assign(c *gin.Context) {
+	var req AssignSubscriptionRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		response.BadRequest(c, "Invalid request: "+err.Error())
+		return
+	}
+
+	// Get admin user ID from context
+	adminID := getAdminIDFromContext(c)
+
+	subscription, err := h.subscriptionService.AssignSubscription(c.Request.Context(), &service.AssignSubscriptionInput{
+		UserID:       req.UserID,
+		GroupID:      req.GroupID,
+		ValidityDays: req.ValidityDays,
+		AssignedBy:   adminID,
+		Notes:        req.Notes,
+	})
+	if err != nil {
+		response.BadRequest(c, "Failed to assign subscription: "+err.Error())
+		return
+	}
+
+	response.Success(c, subscription)
+}
+
+// BulkAssign handles bulk assigning subscriptions to multiple users
+// POST /api/v1/admin/subscriptions/bulk-assign
+func (h *SubscriptionHandler) BulkAssign(c *gin.Context) {
+	var req BulkAssignSubscriptionRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		response.BadRequest(c, "Invalid request: "+err.Error())
+		return
+	}
+
+	// Get admin user ID from context
+	adminID := getAdminIDFromContext(c)
+
+	result, err := h.subscriptionService.BulkAssignSubscription(c.Request.Context(), &service.BulkAssignSubscriptionInput{
+		UserIDs:      req.UserIDs,
+		GroupID:      req.GroupID,
+		ValidityDays: req.ValidityDays,
+		AssignedBy:   adminID,
+		Notes:        req.Notes,
+	})
+	if err != nil {
+		response.InternalError(c, "Failed to bulk assign subscriptions: "+err.Error())
+		return
+	}
+
+	response.Success(c, result)
+}
+
+// Extend handles extending a subscription
+// POST /api/v1/admin/subscriptions/:id/extend
+func (h *SubscriptionHandler) Extend(c *gin.Context) {
+	subscriptionID, err := strconv.ParseInt(c.Param("id"), 10, 64)
+	if err != nil {
+		response.BadRequest(c, "Invalid subscription ID")
+		return
+	}
+
+	var req ExtendSubscriptionRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		response.BadRequest(c, "Invalid request: "+err.Error())
+		return
+	}
+
+	subscription, err := h.subscriptionService.ExtendSubscription(c.Request.Context(), subscriptionID, req.Days)
+	if err != nil {
+		response.InternalError(c, "Failed to extend subscription: "+err.Error())
+		return
+	}
+
+	response.Success(c, subscription)
+}
+
+// Revoke handles revoking a subscription
+// DELETE /api/v1/admin/subscriptions/:id
+func (h *SubscriptionHandler) Revoke(c *gin.Context) {
+	subscriptionID, err := strconv.ParseInt(c.Param("id"), 10, 64)
+	if err != nil {
+		response.BadRequest(c, "Invalid subscription ID")
+		return
+	}
+
+	err = h.subscriptionService.RevokeSubscription(c.Request.Context(), subscriptionID)
+	if err != nil {
+		response.InternalError(c, "Failed to revoke subscription: "+err.Error())
+		return
+	}
+
+	response.Success(c, gin.H{"message": "Subscription revoked successfully"})
+}
+
+// ListByGroup handles listing subscriptions for a specific group
+// GET /api/v1/admin/groups/:id/subscriptions
+func (h *SubscriptionHandler) ListByGroup(c *gin.Context) {
+	groupID, err := strconv.ParseInt(c.Param("id"), 10, 64)
+	if err != nil {
+		response.BadRequest(c, "Invalid group ID")
+		return
+	}
+
+	page, pageSize := response.ParsePagination(c)
+
+	subscriptions, pagination, err := h.subscriptionService.ListGroupSubscriptions(c.Request.Context(), groupID, page, pageSize)
+	if err != nil {
+		response.InternalError(c, "Failed to list group subscriptions: "+err.Error())
+		return
+	}
+
+	response.PaginatedWithResult(c, subscriptions, toResponsePagination(pagination))
+}
+
+// ListByUser handles listing subscriptions for a specific user
+// GET /api/v1/admin/users/:id/subscriptions
+func (h *SubscriptionHandler) ListByUser(c *gin.Context) {
+	userID, err := strconv.ParseInt(c.Param("id"), 10, 64)
+	if err != nil {
+		response.BadRequest(c, "Invalid user ID")
+		return
+	}
+
+	subscriptions, err := h.subscriptionService.ListUserSubscriptions(c.Request.Context(), userID)
+	if err != nil {
+		response.InternalError(c, "Failed to list user subscriptions: "+err.Error())
+		return
+	}
+
+	response.Success(c, subscriptions)
+}
+
+// Helper function to get admin ID from context
+func getAdminIDFromContext(c *gin.Context) int64 {
+	if user, exists := c.Get("user"); exists {
+		if u, ok := user.(*model.User); ok && u != nil {
+			return u.ID
+		}
+	}
+	return 0
+}

backend/internal/handler/admin/system_handler.go

+package admin
+
+import (
+	"net/http"
+
+	"sub2api/internal/pkg/response"
+	"sub2api/internal/service"
+
+	"github.com/gin-gonic/gin"
+	"github.com/redis/go-redis/v9"
+)
+
+// SystemHandler handles system-related operations
+type SystemHandler struct {
+	updateSvc *service.UpdateService
+}
+
+// NewSystemHandler creates a new SystemHandler
+func NewSystemHandler(rdb *redis.Client, version, buildType string) *SystemHandler {
+	return &SystemHandler{
+		updateSvc: service.NewUpdateService(rdb, version, buildType),
+	}
+}
+
+// GetVersion returns the current version
+// GET /api/v1/admin/system/version
+func (h *SystemHandler) GetVersion(c *gin.Context) {
+	info, _ := h.updateSvc.CheckUpdate(c.Request.Context(), false)
+	response.Success(c, gin.H{
+		"version": info.CurrentVersion,
+	})
+}
+
+// CheckUpdates checks for available updates
+// GET /api/v1/admin/system/check-updates
+func (h *SystemHandler) CheckUpdates(c *gin.Context) {
+	force := c.Query("force") == "true"
+	info, err := h.updateSvc.CheckUpdate(c.Request.Context(), force)
+	if err != nil {
+		response.Error(c, http.StatusInternalServerError, err.Error())
+		return
+	}
+	response.Success(c, info)
+}
+
+// PerformUpdate downloads and applies the update
+// POST /api/v1/admin/system/update
+func (h *SystemHandler) PerformUpdate(c *gin.Context) {
+	if err := h.updateSvc.PerformUpdate(c.Request.Context()); err != nil {
+		response.Error(c, http.StatusInternalServerError, err.Error())
+		return
+	}
+	response.Success(c, gin.H{
+		"message":      "Update completed. Please restart the service.",
+		"need_restart": true,
+	})
+}
+
+// Rollback restores the previous version
+// POST /api/v1/admin/system/rollback
+func (h *SystemHandler) Rollback(c *gin.Context) {
+	if err := h.updateSvc.Rollback(); err != nil {
+		response.Error(c, http.StatusInternalServerError, err.Error())
+		return
+	}
+	response.Success(c, gin.H{
+		"message":      "Rollback completed. Please restart the service.",
+		"need_restart": true,
+	})
+}
+
+// RestartService restarts the systemd service
+// POST /api/v1/admin/system/restart
+func (h *SystemHandler) RestartService(c *gin.Context) {
+	if err := h.updateSvc.RestartService(); err != nil {
+		response.Error(c, http.StatusInternalServerError, err.Error())
+		return
+	}
+	response.Success(c, gin.H{
+		"message": "Service restart initiated",
+	})
+}

backend/internal/handler/admin/usage_handler.go

+package admin
+
+import (
+	"strconv"
+	"time"
+
+	"sub2api/internal/pkg/response"
+	"sub2api/internal/pkg/timezone"
+	"sub2api/internal/repository"
+	"sub2api/internal/service"
+
+	"github.com/gin-gonic/gin"
+)
+
+// UsageHandler handles admin usage-related requests
+type UsageHandler struct {
+	usageRepo     *repository.UsageLogRepository
+	apiKeyRepo    *repository.ApiKeyRepository
+	usageService  *service.UsageService
+	adminService  service.AdminService
+}
+
+// NewUsageHandler creates a new admin usage handler
+func NewUsageHandler(
+	usageRepo *repository.UsageLogRepository,
+	apiKeyRepo *repository.ApiKeyRepository,
+	usageService *service.UsageService,
+	adminService service.AdminService,
+) *UsageHandler {
+	return &UsageHandler{
+		usageRepo:    usageRepo,
+		apiKeyRepo:   apiKeyRepo,
+		usageService: usageService,
+		adminService: adminService,
+	}
+}
+
+// List handles listing all usage records with filters
+// GET /api/v1/admin/usage
+func (h *UsageHandler) List(c *gin.Context) {
+	page, pageSize := response.ParsePagination(c)
+
+	// Parse filters
+	var userID, apiKeyID int64
+	if userIDStr := c.Query("user_id"); userIDStr != "" {
+		id, err := strconv.ParseInt(userIDStr, 10, 64)
+		if err != nil {
+			response.BadRequest(c, "Invalid user_id")
+			return
+		}
+		userID = id
+	}
+
+	if apiKeyIDStr := c.Query("api_key_id"); apiKeyIDStr != "" {
+		id, err := strconv.ParseInt(apiKeyIDStr, 10, 64)
+		if err != nil {
+			response.BadRequest(c, "Invalid api_key_id")
+			return
+		}
+		apiKeyID = id
+	}
+
+	// Parse date range
+	var startTime, endTime *time.Time
+	if startDateStr := c.Query("start_date"); startDateStr != "" {
+		t, err := timezone.ParseInLocation("2006-01-02", startDateStr)
+		if err != nil {
+			response.BadRequest(c, "Invalid start_date format, use YYYY-MM-DD")
+			return
+		}
+		startTime = &t
+	}
+
+	if endDateStr := c.Query("end_date"); endDateStr != "" {
+		t, err := timezone.ParseInLocation("2006-01-02", endDateStr)
+		if err != nil {
+			response.BadRequest(c, "Invalid end_date format, use YYYY-MM-DD")
+			return
+		}
+		// Set end time to end of day
+		t = t.Add(24*time.Hour - time.Nanosecond)
+		endTime = &t
+	}
+
+	params := repository.PaginationParams{Page: page, PageSize: pageSize}
+	filters := repository.UsageLogFilters{
+		UserID:    userID,
+		ApiKeyID:  apiKeyID,
+		StartTime: startTime,
+		EndTime:   endTime,
+	}
+
+	records, result, err := h.usageRepo.ListWithFilters(c.Request.Context(), params, filters)
+	if err != nil {
+		response.InternalError(c, "Failed to list usage records: "+err.Error())
+		return
+	}
+
+	response.Paginated(c, records, result.Total, page, pageSize)
+}
+
+// Stats handles getting usage statistics with filters
+// GET /api/v1/admin/usage/stats
+func (h *UsageHandler) Stats(c *gin.Context) {
+	// Parse filters
+	var userID, apiKeyID int64
+	if userIDStr := c.Query("user_id"); userIDStr != "" {
+		id, err := strconv.ParseInt(userIDStr, 10, 64)
+		if err != nil {
+			response.BadRequest(c, "Invalid user_id")
+			return
+		}
+		userID = id
+	}
+
+	if apiKeyIDStr := c.Query("api_key_id"); apiKeyIDStr != "" {
+		id, err := strconv.ParseInt(apiKeyIDStr, 10, 64)
+		if err != nil {
+			response.BadRequest(c, "Invalid api_key_id")
+			return
+		}
+		apiKeyID = id
+	}
+
+	// Parse date range
+	now := timezone.Now()
+	var startTime, endTime time.Time
+
+	startDateStr := c.Query("start_date")
+	endDateStr := c.Query("end_date")
+
+	if startDateStr != "" && endDateStr != "" {
+		var err error
+		startTime, err = timezone.ParseInLocation("2006-01-02", startDateStr)
+		if err != nil {
+			response.BadRequest(c, "Invalid start_date format, use YYYY-MM-DD")
+			return
+		}
+		endTime, err = timezone.ParseInLocation("2006-01-02", endDateStr)
+		if err != nil {
+			response.BadRequest(c, "Invalid end_date format, use YYYY-MM-DD")
+			return
+		}
+		endTime = endTime.Add(24*time.Hour - time.Nanosecond)
+	} else {
+		period := c.DefaultQuery("period", "today")
+		switch period {
+		case "today":
+			startTime = timezone.StartOfDay(now)
+		case "week":
+			startTime = now.AddDate(0, 0, -7)
+		case "month":
+			startTime = now.AddDate(0, -1, 0)
+		default:
+			startTime = timezone.StartOfDay(now)
+		}
+		endTime = now
+	}
+
+	if apiKeyID > 0 {
+		stats, err := h.usageService.GetStatsByApiKey(c.Request.Context(), apiKeyID, startTime, endTime)
+		if err != nil {
+			response.InternalError(c, "Failed to get usage statistics: "+err.Error())
+			return
+		}
+		response.Success(c, stats)
+		return
+	}
+
+	if userID > 0 {
+		stats, err := h.usageService.GetStatsByUser(c.Request.Context(), userID, startTime, endTime)
+		if err != nil {
+			response.InternalError(c, "Failed to get usage statistics: "+err.Error())
+			return
+		}
+		response.Success(c, stats)
+		return
+	}
+
+	// Get global stats
+	stats, err := h.usageRepo.GetGlobalStats(c.Request.Context(), startTime, endTime)
+	if err != nil {
+		response.InternalError(c, "Failed to get usage statistics: "+err.Error())
+		return
+	}
+
+	response.Success(c, stats)
+}
+
+// SearchUsers handles searching users by email keyword
+// GET /api/v1/admin/usage/search-users
+func (h *UsageHandler) SearchUsers(c *gin.Context) {
+	keyword := c.Query("q")
+	if keyword == "" {
+		response.Success(c, []interface{}{})
+		return
+	}
+
+	// Limit to 30 results
+	users, _, err := h.adminService.ListUsers(c.Request.Context(), 1, 30, "", "", keyword)
+	if err != nil {
+		response.InternalError(c, "Failed to search users: "+err.Error())
+		return
+	}
+
+	// Return simplified user list (only id and email)
+	type SimpleUser struct {
+		ID    int64  `json:"id"`
+		Email string `json:"email"`
+	}
+
+	result := make([]SimpleUser, len(users))
+	for i, u := range users {
+		result[i] = SimpleUser{
+			ID:    u.ID,
+			Email: u.Email,
+		}
+	}
+
+	response.Success(c, result)
+}
+
+// SearchApiKeys handles searching API keys by user
+// GET /api/v1/admin/usage/search-api-keys
+func (h *UsageHandler) SearchApiKeys(c *gin.Context) {
+	userIDStr := c.Query("user_id")
+	keyword := c.Query("q")
+
+	var userID int64
+	if userIDStr != "" {
+		id, err := strconv.ParseInt(userIDStr, 10, 64)
+		if err != nil {
+			response.BadRequest(c, "Invalid user_id")
+			return
+		}
+		userID = id
+	}
+
+	keys, err := h.apiKeyRepo.SearchApiKeys(c.Request.Context(), userID, keyword, 30)
+	if err != nil {
+		response.InternalError(c, "Failed to search API keys: "+err.Error())
+		return
+	}
+
+	// Return simplified API key list (only id and name)
+	type SimpleApiKey struct {
+		ID     int64  `json:"id"`
+		Name   string `json:"name"`
+		UserID int64  `json:"user_id"`
+	}
+
+	result := make([]SimpleApiKey, len(keys))
+	for i, k := range keys {
+		result[i] = SimpleApiKey{
+			ID:     k.ID,
+			Name:   k.Name,
+			UserID: k.UserID,
+		}
+	}
+
+	response.Success(c, result)
+}

backend/internal/handler/admin/user_handler.go

+package admin
+
+import (
+	"strconv"
+
+	"sub2api/internal/pkg/response"
+	"sub2api/internal/service"
+
+	"github.com/gin-gonic/gin"
+)
+
+// UserHandler handles admin user management
+type UserHandler struct {
+	adminService service.AdminService
+}
+
+// NewUserHandler creates a new admin user handler
+func NewUserHandler(adminService service.AdminService) *UserHandler {
+	return &UserHandler{
+		adminService: adminService,
+	}
+}
+
+// CreateUserRequest represents admin create user request
+type CreateUserRequest struct {
+	Email         string  `json:"email" binding:"required,email"`
+	Password      string  `json:"password" binding:"required,min=6"`
+	Balance       float64 `json:"balance"`
+	Concurrency   int     `json:"concurrency"`
+	AllowedGroups []int64 `json:"allowed_groups"`
+}
+
+// UpdateUserRequest represents admin update user request
+// 使用指针类型来区分"未提供"和"设置为0"
+type UpdateUserRequest struct {
+	Email         string   `json:"email" binding:"omitempty,email"`
+	Password      string   `json:"password" binding:"omitempty,min=6"`
+	Balance       *float64 `json:"balance"`
+	Concurrency   *int     `json:"concurrency"`
+	Status        string   `json:"status" binding:"omitempty,oneof=active disabled"`
+	AllowedGroups *[]int64 `json:"allowed_groups"`
+}
+
+// UpdateBalanceRequest represents balance update request
+type UpdateBalanceRequest struct {
+	Balance   float64 `json:"balance" binding:"required"`
+	Operation string  `json:"operation" binding:"required,oneof=set add subtract"`
+}
+
+// List handles listing all users with pagination
+// GET /api/v1/admin/users
+func (h *UserHandler) List(c *gin.Context) {
+	page, pageSize := response.ParsePagination(c)
+	status := c.Query("status")
+	role := c.Query("role")
+	search := c.Query("search")
+
+	users, total, err := h.adminService.ListUsers(c.Request.Context(), page, pageSize, status, role, search)
+	if err != nil {
+		response.InternalError(c, "Failed to list users: "+err.Error())
+		return
+	}
+
+	response.Paginated(c, users, total, page, pageSize)
+}
+
+// GetByID handles getting a user by ID
+// GET /api/v1/admin/users/:id
+func (h *UserHandler) GetByID(c *gin.Context) {
+	userID, err := strconv.ParseInt(c.Param("id"), 10, 64)
+	if err != nil {
+		response.BadRequest(c, "Invalid user ID")
+		return
+	}
+
+	user, err := h.adminService.GetUser(c.Request.Context(), userID)
+	if err != nil {
+		response.NotFound(c, "User not found")
+		return
+	}
+
+	response.Success(c, user)
+}
+
+// Create handles creating a new user
+// POST /api/v1/admin/users
+func (h *UserHandler) Create(c *gin.Context) {
+	var req CreateUserRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		response.BadRequest(c, "Invalid request: "+err.Error())
+		return
+	}
+
+	user, err := h.adminService.CreateUser(c.Request.Context(), &service.CreateUserInput{
+		Email:         req.Email,
+		Password:      req.Password,
+		Balance:       req.Balance,
+		Concurrency:   req.Concurrency,
+		AllowedGroups: req.AllowedGroups,
+	})
+	if err != nil {
+		response.BadRequest(c, "Failed to create user: "+err.Error())
+		return
+	}
+
+	response.Success(c, user)
+}
+
+// Update handles updating a user
+// PUT /api/v1/admin/users/:id
+func (h *UserHandler) Update(c *gin.Context) {
+	userID, err := strconv.ParseInt(c.Param("id"), 10, 64)
+	if err != nil {
+		response.BadRequest(c, "Invalid user ID")
+		return
+	}
+
+	var req UpdateUserRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		response.BadRequest(c, "Invalid request: "+err.Error())
+		return
+	}
+
+	// 使用指针类型直接传递，nil 表示未提供该字段
+	user, err := h.adminService.UpdateUser(c.Request.Context(), userID, &service.UpdateUserInput{
+		Email:         req.Email,
+		Password:      req.Password,
+		Balance:       req.Balance,
+		Concurrency:   req.Concurrency,
+		Status:        req.Status,
+		AllowedGroups: req.AllowedGroups,
+	})
+	if err != nil {
+		response.InternalError(c, "Failed to update user: "+err.Error())
+		return
+	}
+
+	response.Success(c, user)
+}
+
+// Delete handles deleting a user
+// DELETE /api/v1/admin/users/:id
+func (h *UserHandler) Delete(c *gin.Context) {
+	userID, err := strconv.ParseInt(c.Param("id"), 10, 64)
+	if err != nil {
+		response.BadRequest(c, "Invalid user ID")
+		return
+	}
+
+	err = h.adminService.DeleteUser(c.Request.Context(), userID)
+	if err != nil {
+		response.InternalError(c, "Failed to delete user: "+err.Error())
+		return
+	}
+
+	response.Success(c, gin.H{"message": "User deleted successfully"})
+}
+
+// UpdateBalance handles updating user balance
+// POST /api/v1/admin/users/:id/balance
+func (h *UserHandler) UpdateBalance(c *gin.Context) {
+	userID, err := strconv.ParseInt(c.Param("id"), 10, 64)
+	if err != nil {
+		response.BadRequest(c, "Invalid user ID")
+		return
+	}
+
+	var req UpdateBalanceRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		response.BadRequest(c, "Invalid request: "+err.Error())
+		return
+	}
+
+	user, err := h.adminService.UpdateUserBalance(c.Request.Context(), userID, req.Balance, req.Operation)
+	if err != nil {
+		response.InternalError(c, "Failed to update balance: "+err.Error())
+		return
+	}
+
+	response.Success(c, user)
+}
+
+// GetUserAPIKeys handles getting user's API keys
+// GET /api/v1/admin/users/:id/api-keys
+func (h *UserHandler) GetUserAPIKeys(c *gin.Context) {
+	userID, err := strconv.ParseInt(c.Param("id"), 10, 64)
+	if err != nil {
+		response.BadRequest(c, "Invalid user ID")
+		return
+	}
+
+	page, pageSize := response.ParsePagination(c)
+
+	keys, total, err := h.adminService.GetUserAPIKeys(c.Request.Context(), userID, page, pageSize)
+	if err != nil {
+		response.InternalError(c, "Failed to get user API keys: "+err.Error())
+		return
+	}
+
+	response.Paginated(c, keys, total, page, pageSize)
+}
+
+// GetUserUsage handles getting user's usage statistics
+// GET /api/v1/admin/users/:id/usage
+func (h *UserHandler) GetUserUsage(c *gin.Context) {
+	userID, err := strconv.ParseInt(c.Param("id"), 10, 64)
+	if err != nil {
+		response.BadRequest(c, "Invalid user ID")
+		return
+	}
+
+	period := c.DefaultQuery("period", "month")
+
+	stats, err := h.adminService.GetUserUsageStats(c.Request.Context(), userID, period)
+	if err != nil {
+		response.InternalError(c, "Failed to get user usage: "+err.Error())
+		return
+	}
+
+	response.Success(c, stats)
+}

backend/internal/handler/auth_handler.go

+package handler
+
+import (
+	"sub2api/internal/model"
+	"sub2api/internal/pkg/response"
+	"sub2api/internal/service"
+
+	"github.com/gin-gonic/gin"
+)
+
+// AuthHandler handles authentication-related requests
+type AuthHandler struct {
+	authService *service.AuthService
+}
+
+// NewAuthHandler creates a new AuthHandler
+func NewAuthHandler(authService *service.AuthService) *AuthHandler {
+	return &AuthHandler{
+		authService: authService,
+	}
+}
+
+// RegisterRequest represents the registration request payload
+type RegisterRequest struct {
+	Email          string `json:"email" binding:"required,email"`
+	Password       string `json:"password" binding:"required,min=6"`
+	VerifyCode     string `json:"verify_code"`
+	TurnstileToken string `json:"turnstile_token"`
+}
+
+// SendVerifyCodeRequest 发送验证码请求
+type SendVerifyCodeRequest struct {
+	Email          string `json:"email" binding:"required,email"`
+	TurnstileToken string `json:"turnstile_token"`
+}
+
+// SendVerifyCodeResponse 发送验证码响应
+type SendVerifyCodeResponse struct {
+	Message   string `json:"message"`
+	Countdown int    `json:"countdown"` // 倒计时秒数
+}
+
+// LoginRequest represents the login request payload
+type LoginRequest struct {
+	Email          string `json:"email" binding:"required,email"`
+	Password       string `json:"password" binding:"required"`
+	TurnstileToken string `json:"turnstile_token"`
+}
+
+// AuthResponse 认证响应格式（匹配前端期望）
+type AuthResponse struct {
+	AccessToken string      `json:"access_token"`
+	TokenType   string      `json:"token_type"`
+	User        *model.User `json:"user"`
+}
+
+// Register handles user registration
+// POST /api/v1/auth/register
+func (h *AuthHandler) Register(c *gin.Context) {
+	var req RegisterRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		response.BadRequest(c, "Invalid request: "+err.Error())
+		return
+	}
+
+	// Turnstile 验证（当提供了邮箱验证码时跳过，因为发送验证码时已验证过）
+	if req.VerifyCode == "" {
+		if err := h.authService.VerifyTurnstile(c.Request.Context(), req.TurnstileToken, c.ClientIP()); err != nil {
+			response.BadRequest(c, "Turnstile verification failed: "+err.Error())
+			return
+		}
+	}
+
+	token, user, err := h.authService.RegisterWithVerification(c.Request.Context(), req.Email, req.Password, req.VerifyCode)
+	if err != nil {
+		response.BadRequest(c, "Registration failed: "+err.Error())
+		return
+	}
+
+	response.Success(c, AuthResponse{
+		AccessToken: token,
+		TokenType:   "Bearer",
+		User:        user,
+	})
+}
+
+// SendVerifyCode 发送邮箱验证码
+// POST /api/v1/auth/send-verify-code
+func (h *AuthHandler) SendVerifyCode(c *gin.Context) {
+	var req SendVerifyCodeRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		response.BadRequest(c, "Invalid request: "+err.Error())
+		return
+	}
+
+	// Turnstile 验证
+	if err := h.authService.VerifyTurnstile(c.Request.Context(), req.TurnstileToken, c.ClientIP()); err != nil {
+		response.BadRequest(c, "Turnstile verification failed: "+err.Error())
+		return
+	}
+
+	result, err := h.authService.SendVerifyCodeAsync(c.Request.Context(), req.Email)
+	if err != nil {
+		response.BadRequest(c, "Failed to send verification code: "+err.Error())
+		return
+	}
+
+	response.Success(c, SendVerifyCodeResponse{
+		Message:   "Verification code sent successfully",
+		Countdown: result.Countdown,
+	})
+}
+
+// Login handles user login
+// POST /api/v1/auth/login
+func (h *AuthHandler) Login(c *gin.Context) {
+	var req LoginRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		response.BadRequest(c, "Invalid request: "+err.Error())
+		return
+	}
+
+	// Turnstile 验证
+	if err := h.authService.VerifyTurnstile(c.Request.Context(), req.TurnstileToken, c.ClientIP()); err != nil {
+		response.BadRequest(c, "Turnstile verification failed: "+err.Error())
+		return
+	}
+
+	token, user, err := h.authService.Login(c.Request.Context(), req.Email, req.Password)
+	if err != nil {
+		response.Unauthorized(c, "Login failed: "+err.Error())
+		return
+	}
+
+	response.Success(c, AuthResponse{
+		AccessToken: token,
+		TokenType:   "Bearer",
+		User:        user,
+	})
+}
+
+// GetCurrentUser handles getting current authenticated user
+// GET /api/v1/auth/me
+func (h *AuthHandler) GetCurrentUser(c *gin.Context) {
+	userValue, exists := c.Get("user")
+	if !exists {
+		response.Unauthorized(c, "User not authenticated")
+		return
+	}
+
+	user, ok := userValue.(*model.User)
+	if !ok {
+		response.InternalError(c, "Invalid user context")
+		return
+	}
+
+	response.Success(c, user)
+}

backend/internal/middleware/admin_only.go

+package middleware
+
+import (
+	"sub2api/internal/model"
+
+	"github.com/gin-gonic/gin"
+)
+
+// AdminOnly 管理员权限中间件
+// 必须在JWTAuth中间件之后使用
+func AdminOnly() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// 从上下文获取用户
+		user, exists := GetUserFromContext(c)
+		if !exists {
+			AbortWithError(c, 401, "UNAUTHORIZED", "User not found in context")
+			return
+		}
+
+		// 检查是否为管理员
+		if user.Role != model.RoleAdmin {
+			AbortWithError(c, 403, "FORBIDDEN", "Admin access required")
+			return
+		}
+
+		c.Next()
+	}
+}