restore new ui files

2025-11-07 09:43:43 +08:00 · 2024-03-15 11:13:02 +08:00
parent 1b206c3640 c60276fc9f
commit 72c6bd3f77
344 changed files with 56769 additions and 887 deletions
--- a/api/handler/admin/admin_handler.go
+++ b/api/handler/admin/admin_handler.go
@@ -95,7 +95,31 @@ func (h *ManagerHandler) Login(c *gin.Context) {
 	manager.LastLoginAt = time.Now().Unix()
 	h.db.Model(&manager).Updates(manager)

-	resp.SUCCESS(c, tokenString)
+	permissions := h.GetAdminSlugs(manager.Id)
+	var result = struct {
+		IsSuperAdmin bool     `json:"is_super_admin"`
+		Token        string   `json:"token"`
+		Permissions  []string `json:"permissions"`
+	}{
+		IsSuperAdmin: manager.Id == 1,
+		Token:        tokenString,
+		Permissions:  permissions,
+	}
+
+	resp.SUCCESS(c, result)
+}
+
+func (h *ManagerHandler) GetAdminSlugs(userId uint) []string {
+	var permissions []string
+	err := h.db.Raw("SELECT distinct p.slug "+
+		"FROM chatgpt_admin_user_roles as ur "+
+		"LEFT JOIN chatgpt_admin_role_permissions as rp ON ur.role_id = rp.role_id "+
+		"LEFT JOIN chatgpt_admin_permissions as p ON rp.permission_id = p.id "+
+		"WHERE ur.admin_id = ?", userId).Scan(&permissions)
+	if err.Error == nil {
+		return []string{}
+	}
+	return permissions
 }

 // Logout 注销
--- a/api/handler/admin/admin_permission_handler.go
+++ b/api/handler/admin/admin_permission_handler.go
@@ -0,0 +1,132 @@
+package admin
+
+import (
+	"chatplus/core"
+	"chatplus/core/types"
+	"chatplus/handler"
+	"chatplus/store/model"
+	"chatplus/store/vo"
+	"chatplus/utils"
+	"chatplus/utils/resp"
+	"fmt"
+	"github.com/gin-gonic/gin"
+	"gorm.io/gorm"
+)
+
+type SysPermissionHandler struct {
+	handler.BaseHandler
+	db *gorm.DB
+}
+
+func NewSysPermissionHandler(app *core.AppServer, db *gorm.DB) *SysPermissionHandler {
+	h := SysPermissionHandler{db: db}
+	h.App = app
+	return &h
+}
+
+func (h *SysPermissionHandler) List(c *gin.Context) {
+	if err := utils.CheckPermission(c, h.db); err != nil {
+		resp.NotPermission(c)
+		return
+	}
+
+	var items []model.AdminPermission
+	var data = make([]vo.AdminPermission, 0)
+	res := h.db.Find(&items)
+	if res.Error != nil {
+		resp.ERROR(c, "暂无数据")
+		return
+	}
+	for _, item := range items {
+		adminPermissionVo := vo.AdminPermission{}
+		_ = utils.CopyObject(item, &adminPermissionVo)
+		data = append(data, adminPermissionVo)
+	}
+
+	data = ArrayToTree(data)
+	resp.SUCCESS(c, data)
+}
+
+func ArrayToTree(dates []vo.AdminPermission) []vo.AdminPermission {
+	group := make(map[int][]vo.AdminPermission, 0)
+	for _, node := range dates {
+		group[node.Pid] = append(group[node.Pid], node)
+	}
+	// 初始化递归，从根节点开始构建树
+	result := FindSiblings(group[0], group)
+
+	return result
+}
+
+func FindSiblings(siblings []vo.AdminPermission, group map[int][]vo.AdminPermission) []vo.AdminPermission {
+	result := make([]vo.AdminPermission, 0)
+	for _, sibling := range siblings {
+		children, ok := group[sibling.Id]
+		if ok {
+			sibling.Children = FindSiblings(children, group)
+		}
+
+		result = append(result, sibling)
+	}
+	return result
+}
+
+func (h *SysPermissionHandler) Save(c *gin.Context) {
+	var data struct {
+		Id   int    `json:"id"`
+		Name string `json:"name"`
+		Slug string `json:"slug"`
+		Sort int    `json:"sort"`
+		Pid  int    `json:"pid"`
+	}
+	if err := c.ShouldBindJSON(&data); err != nil {
+		resp.ERROR(c, types.InvalidArgs)
+		return
+	}
+
+	var permission = model.AdminPermission{}
+	var res *gorm.DB
+	if data.Id > 0 { // 更新
+		permission.Id = data.Id
+		// 此处需要用 map 更新，用结构体无法更新 0 值
+		res = h.db.Model(&permission).Updates(map[string]interface{}{
+			"name": data.Name,
+			"slug": data.Slug,
+			"sort": data.Sort,
+			"pid":  data.Pid,
+		})
+	} else {
+		p := model.AdminPermission{
+			Name: data.Name,
+			Slug: data.Slug,
+			Sort: data.Sort,
+			Pid:  data.Pid,
+		}
+		res = h.db.Create(&p)
+	}
+	if res.Error != nil {
+		fmt.Println(res.Error)
+		resp.ERROR(c, "更新数据库失败")
+		return
+	}
+	resp.SUCCESS(c)
+}
+
+func (h *SysPermissionHandler) Remove(c *gin.Context) {
+	var data struct {
+		Id int
+	}
+	if err := c.ShouldBindJSON(&data); err != nil {
+		resp.ERROR(c, types.InvalidArgs)
+		return
+	}
+
+	if data.Id > 0 {
+		res := h.db.Where("id = ?", data.Id).Delete(&model.AdminPermission{})
+		if res.Error != nil {
+			resp.ERROR(c, "删除失败")
+			return
+		}
+	}
+	resp.SUCCESS(c)
+}
--- a/api/handler/admin/admin_role_handler.go
+++ b/api/handler/admin/admin_role_handler.go
@@ -0,0 +1,166 @@
+package admin
+
+import (
+	"chatplus/core"
+	"chatplus/core/types"
+	"chatplus/handler"
+	"chatplus/store/model"
+	"chatplus/store/vo"
+	"chatplus/utils"
+	"chatplus/utils/resp"
+	"github.com/gin-gonic/gin"
+	"gorm.io/gorm"
+)
+
+type SysRoleHandler struct {
+	handler.BaseHandler
+	db *gorm.DB
+}
+
+func NewSysRoleHandler(app *core.AppServer, db *gorm.DB) *SysRoleHandler {
+	h := SysRoleHandler{db: db}
+	h.App = app
+	return &h
+}
+
+type permission struct {
+	Id   int    `json:"id"`
+	Name string `json:"name"`
+	Slug string `json:"slug"`
+}
+
+func (h *SysRoleHandler) List(c *gin.Context) {
+	if err := utils.CheckPermission(c, h.db); err != nil {
+		resp.NotPermission(c)
+		return
+	}
+
+	page := h.GetInt(c, "page", 1)
+	pageSize := h.GetInt(c, "page_size", 20)
+	name := h.GetTrim(c, "name")
+
+	offset := (page - 1) * pageSize
+	var items []model.AdminRole
+	var data = make([]vo.AdminRole, 0)
+	var total int64
+
+	session := h.db.Session(&gorm.Session{})
+	if name != "" {
+		session = session.Where("name LIKE ?", "%"+name+"%")
+	}
+
+	session.Model(&model.AdminRole{}).Count(&total)
+	res := session.Offset(offset).Limit(pageSize).Find(&items)
+	if res.Error != nil {
+		resp.ERROR(c, "暂无数据")
+		return
+	}
+	for _, item := range items {
+		adminRoleVo := vo.AdminRole{}
+		err := utils.CopyObject(item, &adminRoleVo)
+		if err == nil {
+			var permissions []permission
+			h.db.Raw("SELECT p.id,p.name,p.slug "+
+				"FROM chatgpt_admin_role_permissions as rp "+
+				"LEFT JOIN chatgpt_admin_permissions as p ON rp.permission_id = p.id "+
+				"WHERE rp.role_id = ?", item.Id).Scan(&permissions)
+
+			adminRoleVo.Permissions = permissions
+			adminRoleVo.CreatedAt = item.CreatedAt.Format("2006-01-02 15:04:05")
+			data = append(data, adminRoleVo)
+		}
+	}
+	pageVo := vo.NewPage(total, page, pageSize, data)
+	resp.SUCCESS(c, pageVo)
+}
+
+func (h *SysRoleHandler) Save(c *gin.Context) {
+	var data struct {
+		Id          int
+		Name        string
+		Description string
+		Permissions []int
+	}
+	if err := c.ShouldBindJSON(&data); err != nil {
+		resp.ERROR(c, types.InvalidArgs)
+		return
+	}
+
+	var role = model.AdminRole{}
+	var res *gorm.DB
+	tx := h.db.Begin()
+	if data.Id > 0 { // 更新
+		role.Id = data.Id
+		//删除角色对应的权限
+		err := tx.Where("role_id = ?", role.Id).Delete(model.AdminRolePermission{})
+		if err.Error != nil {
+			tx.Rollback()
+			resp.ERROR(c, "更新数据库失败")
+			return
+		}
+		//更新角色名
+		res = tx.Model(&role).Updates(map[string]interface{}{
+			"name":        data.Name,
+			"description": data.Description,
+		})
+	} else {
+		//新建角色
+		role.Name = data.Name
+		role.Description = data.Description
+		res = tx.Create(&role)
+	}
+
+	if res.Error != nil {
+		tx.Rollback()
+		resp.ERROR(c, "更新数据库失败")
+		return
+	}
+
+	rp := make([]model.AdminRolePermission, 0)
+	if len(data.Permissions) > 0 {
+		for _, per := range data.Permissions {
+			rp = append(rp, model.AdminRolePermission{
+				RoleId:       role.Id,
+				PermissionId: per,
+			})
+		}
+		res2 := tx.CreateInBatches(rp, len(rp))
+		if res2.Error != nil {
+			tx.Rollback()
+			resp.ERROR(c, "更新数据库失败")
+			return
+		}
+	}
+
+	tx.Commit()
+
+	resp.SUCCESS(c)
+}
+
+func (h *SysRoleHandler) Remove(c *gin.Context) {
+	var data struct {
+		Id int
+	}
+	if err := c.ShouldBindJSON(&data); err != nil {
+		resp.ERROR(c, types.InvalidArgs)
+		return
+	}
+
+	if data.Id > 0 {
+		tx := h.db.Begin()
+		res := tx.Where("id = ?", data.Id).Delete(&model.AdminRole{})
+		if res.Error != nil {
+			tx.Rollback()
+			resp.ERROR(c, "删除失败")
+			return
+		}
+		res = tx.Where("role_id = ?", data.Id).Delete(&model.AdminRolePermission{})
+		if res.Error != nil {
+			tx.Rollback()
+			resp.ERROR(c, "删除失败")
+			return
+		}
+		tx.Commit()
+	}
+	resp.SUCCESS(c)
+}
--- a/api/handler/admin/admin_user_handler.go
+++ b/api/handler/admin/admin_user_handler.go
@@ -23,8 +23,18 @@ func NewSysUserHandler(app *core.AppServer, db *gorm.DB) *SysUserHandler {
 	return &h
 }

+type role struct {
+	Id   int    `json:"id"`
+	Name string `json:"name"`
+}
+
 // List 用户列表
 func (h *SysUserHandler) List(c *gin.Context) {
+	if err := utils.CheckPermission(c, h.db); err != nil {
+		resp.NotPermission(c)
+		return
+	}
+
 	page := h.GetInt(c, "page", 1)
 	pageSize := h.GetInt(c, "page_size", 20)
 	username := h.GetTrim(c, "username")
@@ -48,9 +58,16 @@ func (h *SysUserHandler) List(c *gin.Context) {
 			var userVo vo.AdminUser
 			err := utils.CopyObject(item, &userVo)
 			if err == nil {
+				var roles []role
+				h.db.Raw("SELECT r.id,r.name "+
+					"FROM chatgpt_admin_user_roles as ur "+
+					"LEFT JOIN chatgpt_admin_roles as r ON ur.role_id = r.id "+
+					"WHERE ur.admin_id = ?", item.Id).Scan(&roles)
+
 				userVo.Id = item.Id
 				userVo.CreatedAt = item.CreatedAt.Unix()
 				userVo.UpdatedAt = item.UpdatedAt.Unix()
+				userVo.RoleIds = roles
 				users = append(users, userVo)
 			} else {
 				logger.Error(err)
@@ -68,6 +85,7 @@ func (h *SysUserHandler) Save(c *gin.Context) {
 		Password string `json:"password"`
 		Username string `json:"username"`
 		Status   bool   `json:"status"`
+		RoleIds  []int  `json:"role_ids"`
 	}
 	if err := c.ShouldBindJSON(&data); err != nil {
 		resp.ERROR(c, types.InvalidArgs)
@@ -83,31 +101,58 @@ func (h *SysUserHandler) Save(c *gin.Context) {
 	var user = model.AdminUser{}
 	var res *gorm.DB
 	var userVo vo.AdminUser
+
+	tx := h.db.Begin()
+
 	if data.Id > 0 { // 更新
 		user.Id = data.Id
+		err := tx.Where("admin_id = ?", user.Id).Delete(&model.AdminUserRole{})
+		if err.Error != nil {
+			tx.Rollback()
+			resp.ERROR(c, "更新数据库失败")
+			return
+		}
 		// 此处需要用 map 更新，用结构体无法更新 0 值
-		res = h.db.Model(&user).Updates(map[string]interface{}{
+		res = tx.Model(&user).Updates(map[string]interface{}{
 			"username": data.Username,
 			"status":   data.Status,
 		})
 	} else {
 		salt := utils.RandString(8)
-		u := model.AdminUser{
-			Username: data.Username,
-			Password: utils.GenPassword(data.Password, salt),
-			Salt:     salt,
-			Status:   true,
-		}
-		res = h.db.Create(&u)
-		_ = utils.CopyObject(u, &userVo)
-		userVo.Id = u.Id
-		userVo.CreatedAt = u.CreatedAt.Unix()
-		userVo.UpdatedAt = u.UpdatedAt.Unix()
+
+		user.Username = data.Username
+		user.Password = utils.GenPassword(data.Password, salt)
+		user.Salt = salt
+		user.Status = true
+
+		res = tx.Create(&user)
+		_ = utils.CopyObject(user, &userVo)
+		userVo.Id = user.Id
+		userVo.CreatedAt = user.CreatedAt.Unix()
+		userVo.UpdatedAt = user.UpdatedAt.Unix()
 	}
 	if res.Error != nil {
+		tx.Rollback()
 		resp.ERROR(c, "更新数据库失败")
 		return
 	}
+	// 添加角色
+	userRole := make([]model.AdminUserRole, 0)
+	if len(data.RoleIds) > 0 {
+		for _, roleId := range data.RoleIds {
+			userRole = append(userRole, model.AdminUserRole{
+				AdminId: user.Id,
+				RoleId:  roleId,
+			})
+		}
+		err := tx.CreateInBatches(userRole, len(userRole))
+		if err.Error != nil {
+			tx.Rollback()
+			resp.ERROR(c, "更新数据库失败")
+			return
+		}
+	}
+	tx.Commit()

 	resp.SUCCESS(c, userVo)
 }
@@ -155,11 +200,20 @@ func (h *SysUserHandler) Remove(c *gin.Context) {
 		return
 	}
 	if data.Id > 0 {
-		res := h.db.Where("id = ?", data.Id).Delete(&model.AdminUser{})
+		tx := h.db.Begin()
+		res := tx.Where("id = ?", data.Id).Delete(&model.AdminUser{})
 		if res.Error != nil {
+			tx.Rollback()
 			resp.ERROR(c, "删除失败")
 			return
 		}
+		res2 := tx.Where("admin_id = ?", data.Id).Delete(&model.AdminUserRole{})
+		if res2.Error != nil {
+			tx.Rollback()
+			resp.ERROR(c, "删除失败")
+			return
+		}
+		tx.Commit()
 	}
 	resp.SUCCESS(c)
 }
--- a/api/handler/admin/api_key_handler.go
+++ b/api/handler/admin/api_key_handler.go
@@ -68,6 +68,11 @@ func (h *ApiKeyHandler) Save(c *gin.Context) {
 }

 func (h *ApiKeyHandler) List(c *gin.Context) {
+	if err := utils.CheckPermission(c, h.db); err != nil {
+		resp.NotPermission(c)
+		return
+	}
+
 	var items []model.ApiKey
 	var keys = make([]vo.ApiKey, 0)
 	res := h.db.Find(&items)
@@ -109,10 +114,15 @@ func (h *ApiKeyHandler) Set(c *gin.Context) {
 }

 func (h *ApiKeyHandler) Remove(c *gin.Context) {
-	id := h.GetInt(c, "id", 0)
-
-	if id > 0 {
-		res := h.db.Where("id = ?", id).Delete(&model.ApiKey{})
+	var data struct {
+		Id uint
+	}
+	if err := c.ShouldBindJSON(&data); err != nil {
+		resp.ERROR(c, types.InvalidArgs)
+		return
+	}
+	if data.Id > 0 {
+		res := h.db.Where("id = ?", data.Id).Delete(&model.ApiKey{})
 		if res.Error != nil {
 			resp.ERROR(c, "更新数据库失败！")
 			return
--- a/api/handler/admin/chat_handler.go
+++ b/api/handler/admin/chat_handler.go
@@ -35,6 +35,11 @@ type chatItemVo struct {
 }

 func (h *ChatHandler) List(c *gin.Context) {
+	if err := utils.CheckPermission(c, h.db); err != nil {
+		resp.NotPermission(c)
+		return
+	}
+
 	var data struct {
 		Title    string   `json:"title"`
 		UserId   uint     `json:"user_id"`
@@ -212,9 +217,14 @@ func (h *ChatHandler) History(c *gin.Context) {
 // RemoveChat 删除对话
 func (h *ChatHandler) RemoveChat(c *gin.Context) {
 	chatId := h.GetTrim(c, "chat_id")
+	if chatId == "" {
+		resp.ERROR(c, "请传入 ChatId")
+		return
+	}
+
 	tx := h.db.Begin()
 	// 删除聊天记录
-	res := tx.Unscoped().Where("chat_id = ?", chatId).Delete(&model.ChatMessage{})
+	res := tx.Unscoped().Debug().Where("chat_id = ?", chatId).Delete(&model.ChatMessage{})
 	if res.Error != nil {
 		resp.ERROR(c, "failed to remove chat message")
 		return
@@ -235,7 +245,7 @@ func (h *ChatHandler) RemoveChat(c *gin.Context) {
 // RemoveMessage 删除聊天记录
 func (h *ChatHandler) RemoveMessage(c *gin.Context) {
 	id := h.GetInt(c, "id", 0)
-	tx := h.db.Unscoped().Delete(&model.ChatMessage{}, id)
+	tx := h.db.Unscoped().Where("id = ?", id).Delete(&model.ChatMessage{})
 	if tx.Error != nil {
 		resp.ERROR(c, "更新数据库失败！")
 		return
--- a/api/handler/admin/chat_model_handler.go
+++ b/api/handler/admin/chat_model_handler.go
@@ -72,6 +72,11 @@ func (h *ChatModelHandler) Save(c *gin.Context) {

 // List 模型列表
 func (h *ChatModelHandler) List(c *gin.Context) {
+	if err := utils.CheckPermission(c, h.db); err != nil {
+		resp.NotPermission(c)
+		return
+	}
+
 	session := h.db.Session(&gorm.Session{})
 	enable := h.GetBool(c, "enable")
 	if enable {
@@ -140,10 +145,15 @@ func (h *ChatModelHandler) Sort(c *gin.Context) {
 }

 func (h *ChatModelHandler) Remove(c *gin.Context) {
-	id := h.GetInt(c, "id", 0)
-
-	if id > 0 {
-		res := h.db.Where("id = ?", id).Delete(&model.ChatModel{})
+	var data struct {
+		Id uint
+	}
+	if err := c.ShouldBindJSON(&data); err != nil {
+		resp.ERROR(c, types.InvalidArgs)
+		return
+	}
+	if data.Id > 0 {
+		res := h.db.Where("id = ?", data.Id).Delete(&model.ChatModel{})
 		if res.Error != nil {
 			resp.ERROR(c, "更新数据库失败！")
 			return
--- a/api/handler/admin/chat_role_handler.go
+++ b/api/handler/admin/chat_role_handler.go
@@ -53,6 +53,11 @@ func (h *ChatRoleHandler) Save(c *gin.Context) {
 }

 func (h *ChatRoleHandler) List(c *gin.Context) {
+	if err := utils.CheckPermission(c, h.db); err != nil {
+		resp.NotPermission(c)
+		return
+	}
+
 	var items []model.ChatRole
 	var roles = make([]vo.ChatRole, 0)
 	res := h.db.Order("sort_num ASC").Find(&items)
@@ -119,13 +124,18 @@ func (h *ChatRoleHandler) Set(c *gin.Context) {
 }

 func (h *ChatRoleHandler) Remove(c *gin.Context) {
-	id := h.GetInt(c, "id", 0)
-	if id <= 0 {
+	var data struct {
+		Id uint
+	}
+	if err := c.ShouldBindJSON(&data); err != nil {
 		resp.ERROR(c, types.InvalidArgs)
 		return
 	}
-
-	res := h.db.Where("id = ?", id).Delete(&model.ChatRole{})
+	if data.Id <= 0 {
+		resp.ERROR(c, types.InvalidArgs)
+		return
+	}
+	res := h.db.Where("id = ?", data.Id).Delete(&model.ChatRole{})
 	if res.Error != nil {
 		resp.ERROR(c, "删除失败！")
 		return
--- a/api/handler/admin/config_handler.go
+++ b/api/handler/admin/config_handler.go
@@ -71,6 +71,11 @@ func (h *ConfigHandler) Update(c *gin.Context) {

 // Get 获取指定的系统配置
 func (h *ConfigHandler) Get(c *gin.Context) {
+	if err := utils.CheckPermission(c, h.db); err != nil {
+		resp.NotPermission(c)
+		return
+	}
+
 	key := c.Query("key")
 	var config model.Config
 	res := h.db.Where("marker", key).First(&config)
--- a/api/handler/admin/function_handler.go
+++ b/api/handler/admin/function_handler.go
@@ -74,6 +74,11 @@ func (h *FunctionHandler) Set(c *gin.Context) {
 }

 func (h *FunctionHandler) List(c *gin.Context) {
+	if err := utils.CheckPermission(c, h.db); err != nil {
+		resp.NotPermission(c)
+		return
+	}
+
 	var items []model.Function
 	res := h.db.Find(&items)
 	if res.Error != nil {
--- a/api/handler/admin/order_handler.go
+++ b/api/handler/admin/order_handler.go
@@ -25,6 +25,11 @@ func NewOrderHandler(app *core.AppServer, db *gorm.DB) *OrderHandler {
 }

 func (h *OrderHandler) List(c *gin.Context) {
+	if err := utils.CheckPermission(c, h.db); err != nil {
+		resp.NotPermission(c)
+		return
+	}
+
 	var data struct {
 		OrderNo  string   `json:"order_no"`
 		Status   int      `json:"status"`
--- a/api/handler/admin/product_handler.go
+++ b/api/handler/admin/product_handler.go
@@ -70,6 +70,11 @@ func (h *ProductHandler) Save(c *gin.Context) {

 // List 模型列表
 func (h *ProductHandler) List(c *gin.Context) {
+	if err := utils.CheckPermission(c, h.db); err != nil {
+		resp.NotPermission(c)
+		return
+	}
+
 	session := h.db.Session(&gorm.Session{})
 	enable := h.GetBool(c, "enable")
 	if enable {
--- a/api/handler/admin/reward_handler.go
+++ b/api/handler/admin/reward_handler.go
@@ -2,6 +2,7 @@ package admin

 import (
 	"chatplus/core"
+	"chatplus/core/types"
 	"chatplus/handler"
 	"chatplus/store/model"
 	"chatplus/store/vo"
@@ -23,6 +24,11 @@ func NewRewardHandler(app *core.AppServer, db *gorm.DB) *RewardHandler {
 }

 func (h *RewardHandler) List(c *gin.Context) {
+	if err := utils.CheckPermission(c, h.db); err != nil {
+		resp.NotPermission(c)
+		return
+	}
+
 	var items []model.Reward
 	res := h.db.Order("id DESC").Find(&items)
 	var rewards = make([]vo.Reward, 0)
@@ -57,10 +63,15 @@ func (h *RewardHandler) List(c *gin.Context) {
 }

 func (h *RewardHandler) Remove(c *gin.Context) {
-	id := h.GetInt(c, "id", 0)
-
-	if id > 0 {
-		res := h.db.Where("id = ?", id).Delete(&model.Reward{})
+	var data struct {
+		Id uint
+	}
+	if err := c.ShouldBindJSON(&data); err != nil {
+		resp.ERROR(c, types.InvalidArgs)
+		return
+	}
+	if data.Id > 0 {
+		res := h.db.Where("id = ?", data.Id).Delete(&model.Reward{})
 		if res.Error != nil {
 			resp.ERROR(c, "更新数据库失败！")
 			return
--- a/api/handler/admin/user_handler.go
+++ b/api/handler/admin/user_handler.go
@@ -27,6 +27,11 @@ func NewUserHandler(app *core.AppServer, db *gorm.DB) *UserHandler {

 // List 用户列表
 func (h *UserHandler) List(c *gin.Context) {
+	if err := utils.CheckPermission(c, h.db); err != nil {
+		resp.NotPermission(c)
+		return
+	}
+
 	page := h.GetInt(c, "page", 1)
 	pageSize := h.GetInt(c, "page_size", 20)
 	username := h.GetTrim(c, "username")
@@ -154,30 +159,36 @@ func (h *UserHandler) ResetPass(c *gin.Context) {
 }

 func (h *UserHandler) Remove(c *gin.Context) {
-	id := h.GetInt(c, "id", 0)
-	if id > 0 {
+	var data struct {
+		Id uint
+	}
+	if err := c.ShouldBindJSON(&data); err != nil {
+		resp.ERROR(c, types.InvalidArgs)
+		return
+	}
+	if data.Id > 0 {
 		tx := h.db.Begin()
-		res := h.db.Where("id = ?", id).Delete(&model.User{})
+		res := h.db.Where("id = ?", data.Id).Delete(&model.User{})
 		if res.Error != nil {
 			resp.ERROR(c, "删除失败")
 			return
 		}
 		// 删除聊天记录
-		res = h.db.Where("user_id = ?", id).Delete(&model.ChatItem{})
+		res = h.db.Where("user_id = ?", data.Id).Delete(&model.ChatItem{})
 		if res.Error != nil {
 			tx.Rollback()
 			resp.ERROR(c, "删除失败")
 			return
 		}
 		// 删除聊天历史记录
-		res = h.db.Where("user_id = ?", id).Delete(&model.ChatMessage{})
+		res = h.db.Where("user_id = ?", data.Id).Delete(&model.ChatMessage{})
 		if res.Error != nil {
 			tx.Rollback()
 			resp.ERROR(c, "删除失败")
 			return
 		}
 		// 删除登录日志
-		res = h.db.Where("user_id = ?", id).Delete(&model.UserLoginLog{})
+		res = h.db.Where("user_id = ?", data.Id).Delete(&model.UserLoginLog{})
 		if res.Error != nil {
 			tx.Rollback()
 			resp.ERROR(c, "删除失败")
--- a/api/handler/config_handler.go
+++ b/api/handler/config_handler.go
@@ -0,0 +1,42 @@
+package handler
+
+import (
+	"chatplus/core"
+	"chatplus/store/model"
+	"chatplus/utils"
+	"chatplus/utils/resp"
+
+	"github.com/gin-gonic/gin"
+	"gorm.io/gorm"
+)
+
+type ConfigHandler struct {
+	BaseHandler
+	db *gorm.DB
+}
+
+func NewConfigHandler(app *core.AppServer, db *gorm.DB) *ConfigHandler {
+	h := ConfigHandler{db: db}
+	h.App = app
+	return &h
+}
+
+// Get 获取指定的系统配置
+func (h *ConfigHandler) Get(c *gin.Context) {
+	key := c.Query("key")
+	var config model.Config
+	res := h.db.Where("marker", key).First(&config)
+	if res.Error != nil {
+		resp.ERROR(c, res.Error.Error())
+		return
+	}
+
+	var value map[string]interface{}
+	err := utils.JsonDecode(config.Config, &value)
+	if err != nil {
+		resp.ERROR(c, err.Error())
+		return
+	}
+
+	resp.SUCCESS(c, value)
+}