feat: 完善架构优化性能

- 调整音视频架构，提升 RKMPP 编码 MJPEG-->H264 性能，同时解决丢帧马赛克问题； - 删除多用户逻辑，只保留单用户，支持设置 web 单会话； - 修复删除体验不好的的回退逻辑，前端页面菜单位置微调； - 增加 OTG USB 设备动态调整功能； - 修复 mdns 问题，webrtc 视频切换更顺畅。
2026-02-03 11:31:53 +08:00 · 2026-01-25 16:04:29 +08:00
parent 01e01430da
commit 1786b7689d
66 changed files with 4225 additions and 2936 deletions
--- a/src/auth/middleware.rs
+++ b/src/auth/middleware.rs
@@ -2,20 +2,18 @@ use axum::{
    extract::{Request, State},
    http::StatusCode,
    middleware::Next,
-    response::Response,
+    response::{IntoResponse, Response},
+    Json,
 };
 use axum_extra::extract::CookieJar;
 use std::sync::Arc;

+use crate::error::ErrorResponse;
 use crate::state::AppState;

 /// Session cookie name
 pub const SESSION_COOKIE: &str = "one_kvm_session";

-/// Auth layer for extracting session from request
-#[derive(Clone)]
-pub struct AuthLayer;
-
 /// Extract session ID from request
 pub fn extract_session_id(cookies: &CookieJar, headers: &axum::http::HeaderMap) -> Option<String> {
    // First try cookie
@@ -69,9 +67,24 @@ pub async fn auth_middleware(
            request.extensions_mut().insert(session);
            return Ok(next.run(request).await);
        }
+
+        let message = if state.is_session_revoked(&session_id).await {
+            "Logged in elsewhere"
+        } else {
+            "Session expired"
+        };
+        return Ok(unauthorized_response(message));
    }

-    Err(StatusCode::UNAUTHORIZED)
+    Ok(unauthorized_response("Not authenticated"))
+}
+
+fn unauthorized_response(message: &str) -> Response {
+    let body = ErrorResponse {
+        success: false,
+        message: message.to_string(),
+    };
+    (StatusCode::UNAUTHORIZED, Json(body)).into_response()
 }

 /// Check if endpoint is public (no auth required)
@@ -99,47 +112,3 @@ fn is_public_endpoint(path: &str) -> bool {
        || path.ends_with(".png")
        || path.ends_with(".svg")
 }
-
-/// Require authentication - returns 401 if not authenticated
-pub async fn require_auth(
-    State(state): State<Arc<AppState>>,
-    cookies: CookieJar,
-    request: Request,
-    next: Next,
-) -> Result<Response, StatusCode> {
-    let session_id = extract_session_id(&cookies, request.headers());
-
-    if let Some(session_id) = session_id {
-        if let Ok(Some(_session)) = state.sessions.get(&session_id).await {
-            return Ok(next.run(request).await);
-        }
-    }
-
-    Err(StatusCode::UNAUTHORIZED)
-}
-
-/// Require admin privileges - returns 403 if not admin
-pub async fn require_admin(
-    State(state): State<Arc<AppState>>,
-    cookies: CookieJar,
-    request: Request,
-    next: Next,
-) -> Result<Response, StatusCode> {
-    let session_id = extract_session_id(&cookies, request.headers());
-
-    if let Some(session_id) = session_id {
-        if let Ok(Some(session)) = state.sessions.get(&session_id).await {
-            // Get user and check admin status
-            if let Ok(Some(user)) = state.users.get(&session.user_id).await {
-                if user.is_admin {
-                    return Ok(next.run(request).await);
-                }
-                // User is authenticated but not admin
-                return Err(StatusCode::FORBIDDEN);
-            }
-        }
-    }
-
-    // Not authenticated at all
-    Err(StatusCode::UNAUTHORIZED)
-}
--- a/src/auth/mod.rs
+++ b/src/auth/mod.rs
@@ -3,7 +3,7 @@ mod password;
 mod session;
 mod user;

-pub use middleware::{auth_middleware, require_admin, AuthLayer, SESSION_COOKIE};
+pub use middleware::{auth_middleware, SESSION_COOKIE};
 pub use password::{hash_password, verify_password};
 pub use session::{Session, SessionStore};
 pub use user::{User, UserStore};
--- a/src/auth/session.rs
+++ b/src/auth/session.rs
@@ -116,6 +116,22 @@ impl SessionStore {
        Ok(result.rows_affected())
    }

+    /// Delete all sessions
+    pub async fn delete_all(&self) -> Result<u64> {
+        let result = sqlx::query("DELETE FROM sessions")
+            .execute(&self.pool)
+            .await?;
+        Ok(result.rows_affected())
+    }
+
+    /// List all session IDs
+    pub async fn list_ids(&self) -> Result<Vec<String>> {
+        let rows: Vec<(String,)> = sqlx::query_as("SELECT id FROM sessions")
+            .fetch_all(&self.pool)
+            .await?;
+        Ok(rows.into_iter().map(|(id,)| id).collect())
+    }
+
    /// Extend session expiration
    pub async fn extend(&self, session_id: &str) -> Result<()> {
        let new_expires = Utc::now() + self.default_ttl;
--- a/src/auth/user.rs
+++ b/src/auth/user.rs
@@ -149,6 +149,33 @@ impl UserStore {
        Ok(())
    }

+    /// Update username
+    pub async fn update_username(&self, user_id: &str, new_username: &str) -> Result<()> {
+        if let Some(existing) = self.get_by_username(new_username).await? {
+            if existing.id != user_id {
+                return Err(AppError::BadRequest(format!(
+                    "Username '{}' already exists",
+                    new_username
+                )));
+            }
+        }
+
+        let now = Utc::now();
+        let result =
+            sqlx::query("UPDATE users SET username = ?1, updated_at = ?2 WHERE id = ?3")
+                .bind(new_username)
+                .bind(now.to_rfc3339())
+                .bind(user_id)
+                .execute(&self.pool)
+                .await?;
+
+        if result.rows_affected() == 0 {
+            return Err(AppError::NotFound("User not found".to_string()));
+        }
+
+        Ok(())
+    }
+
    /// List all users
    pub async fn list(&self) -> Result<Vec<User>> {
        let rows: Vec<UserRow> = sqlx::query_as(