Refactor and enhance OAuth2.0 implementation; update models and routes

- Refactored AdminSummaryData and AdminSummaryResponse classes for better clarity.
- Added OAUTH type to SettingsType enum.
- Cleaned up imports in webdav.py.
- Updated admin router to improve summary data retrieval and response handling.
- Enhanced file management routes with better condition handling and user storage updates.
- Improved group management routes by optimizing data retrieval.
- Refined task management routes for better condition handling.
- Updated user management routes to streamline access token retrieval.
- Implemented a new captcha verification structure with abstract base class.
- Removed deprecated env.md file and replaced with a new structured version.
- Introduced a unified OAuth2.0 client base class for GitHub and QQ integrations.
- Enhanced password management with improved hashing strategies.
- Added detailed comments and documentation throughout the codebase for clarity.

routers/api/v1/admin/__init__.py

@@ -2,14 +2,12 @@ from datetime import datetime, timedelta
 
 from fastapi import APIRouter, Depends
 from loguru import logger as l
-from sqlalchemy import and_
 
 from middleware.auth import admin_required
 from middleware.dependencies import SessionDep
 from models import (
     User, ResponseBase,
     Setting, Object, ObjectType, Share, AdminSummaryResponse, MetricsSummary, LicenseInfo, VersionInfo,
-    AdminSummaryData,
 )
 from models.base import SQLModelBase
 from models.setting import (
@@ -75,8 +73,8 @@ async def router_admin_get_summary(session: SessionDep) -> AdminSummaryResponse:
     Returns:
         AdminSummaryResponse: 包含站点概况信息的响应模型。
     """
-    # 统计最近 12 天的数据
-    days_count = 12
+    # 统计最近 14 天的数据
+    days_count = 14
     now = datetime.now()
     today_start = now.replace(hour=0, minute=0, second=0, microsecond=0)
 
@@ -135,7 +133,7 @@ async def router_admin_get_summary(session: SessionDep) -> AdminSummaryResponse:
     site_urls: list[str] = []
     site_url_setting = await Setting.get(
         session,
-        and_(Setting.type == SettingsType.BASIC, Setting.name == "siteURL"),
+        (Setting.type == SettingsType.BASIC) & (Setting.name == "siteURL"),
     )
     if site_url_setting and site_url_setting.value:
         site_urls.append(site_url_setting.value)
@@ -156,15 +154,13 @@ async def router_admin_get_summary(session: SessionDep) -> AdminSummaryResponse:
         commit="dev",
     )
 
-    data = AdminSummaryData(
+    return AdminSummaryResponse(
         metrics_summary=metrics_summary,
         site_urls=site_urls,
         license=license_info,
         version=version_info,
     )
 
-    return AdminSummaryResponse(data=data)
-
 @admin_router.get(
     path='/news',
     summary='获取社区新闻',
@@ -203,7 +199,7 @@ async def router_admin_update_settings(
     for item in request.settings:
         existing = await Setting.get(
             session,
-            and_(Setting.type == item.type, Setting.name == item.name)
+            (Setting.type == item.type) & (Setting.name == item.name)
         )
 
         if existing:
@@ -245,7 +241,12 @@ async def router_admin_get_settings(
     if name:
         conditions.append(Setting.name == name)
 
-    condition = and_(*conditions) if conditions else None
+    if conditions:
+        condition = conditions[0]
+        for c in conditions[1:]:
+            condition = condition & c
+    else:
+        condition = None
 
     settings = await Setting.get(session, condition, fetch_mode="all")
 

routers/api/v1/admin/file/__init__.py

@@ -5,7 +5,6 @@ from uuid import UUID
 from fastapi import APIRouter, Depends, HTTPException
 from fastapi.responses import FileResponse
 from loguru import logger as l
-from sqlalchemy import and_
 
 from middleware.auth import admin_required
 from middleware.dependencies import SessionDep, TableViewRequestDep
@@ -51,7 +50,12 @@ async def router_admin_get_file_list(
     if keyword:
         conditions.append(Object.name.ilike(f"%{keyword}%"))
 
-    condition = and_(*conditions) if len(conditions) > 1 else conditions[0]
+    if len(conditions) > 1:
+        condition = conditions[0]
+        for c in conditions[1:]:
+            condition = condition & c
+    else:
+        condition = conditions[0]
     result = await Object.get_with_count(session, condition, table_view=table_view, load=Object.owner)
 
     # 构建响应
@@ -197,13 +201,15 @@ async def router_admin_delete_file(
                 except Exception as e:
                     l.warning(f"删除物理文件失败: {e}")
 
-    # 更新用户存储量
-    owner = await User.get(session, User.id == owner_id)
-    if owner:
-        owner.storage = max(0, owner.storage - file_size)
-        await owner.save(session)
+    # 更新用户存储量（使用 SQL UPDATE 直接更新，无需加载实例）
+    from sqlmodel import update as sql_update
+    stmt = sql_update(User).where(User.id == owner_id).values(
+        storage=max(0, User.storage - file_size)
+    )
+    await session.exec(stmt)
 
-    await Object.delete(session, file_obj)
+    # 使用条件删除
+    await Object.delete(session, condition=Object.id == file_obj.id)
 
     l.info(f"管理员删除了文件: {file_name}")
     return ResponseBase(data={"deleted": True})

routers/api/v1/admin/group/__init__.py

@@ -63,12 +63,13 @@ async def router_admin_get_group(
     :param group_id: 用户组UUID
     :return: 用户组详情
     """
-    group = await Group.get(session, Group.id == group_id, load=Group.options)
+    group = await Group.get(session, Group.id == group_id, load=[Group.options, Group.policies])
 
     if not group:
         raise HTTPException(status_code=404, detail="用户组不存在")
 
-    policies = await group.awaitable_attrs.policies
+    # 直接访问已加载的关系，无需额外查询
+    policies = group.policies
     user_count = await User.count(session, User.group_id == group_id)
     response = GroupDetailResponse.from_group(group, user_count, policies)
 

routers/api/v1/admin/task/__init__.py

@@ -2,7 +2,6 @@ from uuid import UUID
 
 from fastapi import APIRouter, Depends, HTTPException
 from loguru import logger as l
-from sqlalchemy import and_
 
 from middleware.auth import admin_required
 from middleware.dependencies import SessionDep, TableViewRequestDep
@@ -43,7 +42,12 @@ async def router_admin_get_task_list(
     if status:
         conditions.append(Task.status == status)
 
-    condition = and_(*conditions) if conditions else None
+    if conditions:
+        condition = conditions[0]
+        for c in conditions[1:]:
+            condition = condition & c
+    else:
+        condition = None
     result = await Task.get_with_count(session, condition, table_view=table_view, load=Task.user)
 
     items: list[TaskSummary] = []

routers/api/v1/admin/user/__init__.py

@@ -2,7 +2,7 @@ from uuid import UUID
 
 from fastapi import APIRouter, Depends, HTTPException
 from loguru import logger as l
-from sqlalchemy import func, and_
+from sqlalchemy import func
 
 from middleware.auth import admin_required
 from middleware.dependencies import SessionDep, TableViewRequestDep
@@ -198,7 +198,7 @@ async def router_admin_calibrate_storage(
     from sqlmodel import select
     result = await session.execute(
         select(func.sum(Object.size), func.count(Object.id)).where(
-            and_(Object.owner_id == user_id, Object.type == ObjectType.FILE)
+            (Object.owner_id == user_id) & (Object.type == ObjectType.FILE)
         )
     )
     row = result.one()