CalvinBackup/CyberStrikeAI
1
0
Fork 0
mirror of https://github.com/Ed1s0nZ/CyberStrikeAI.git synced 2026-05-16 13:19:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
公明
2026-01-27 20:56:20 +08:00
committed by GitHub
parent 42e9ad3bda
commit 6815e03842
11 changed files with 2141 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1
View File
@@ -495,6 +495,7 @@ See [CHANGELOG.md](CHANGELOG.md) for detailed version history and all changes.
### Recent Highlights
- **2026-01-27** OpenAPI documentation with interactive testing interface, supporting conversation management, message interaction, and result querying
- **2026-01-15** Skills system with 20+ predefined security testing skills
- **2026-01-11** Role-based testing with predefined security testing roles
- **2026-01-08** SSE transport mode support for external MCP servers
README_CN.md
+1
View File
@@ -494,6 +494,7 @@ CyberStrikeAI/
### 近期亮点
- **2026-01-27** 新增 OpenAPI 文档,提供交互式测试界面,支持对话管理、消息交互和结果查询
- **2026-01-15** 新增 Skills 技能系统,内置 20+ 预设安全测试技能
- **2026-01-11** – 新增角色化测试功能,支持预设安全测试角色
- **2026-01-08** 新增 SSE 传输模式支持,外部 MCP 联邦支持三种模式
internal/app/app.go
+17 -1
View File
@@ -309,7 +309,6 @@ func New(cfg *config.Config, log *logger.Logger) (*App, error) {
}
monitorHandler := handler.NewMonitorHandler(mcpServer, executor, db, log.Logger)
monitorHandler.SetExternalMCPManager(externalMCPMgr) // 设置外部MCP管理器,以便获取外部MCP执行记录
conversationHandler := handler.NewConversationHandler(db, log.Logger)
groupHandler := handler.NewGroupHandler(db, log.Logger)
authHandler := handler.NewAuthHandler(authManager, cfg, configPath, log.Logger)
attackChainHandler := handler.NewAttackChainHandler(db, &cfg.OpenAI, log.Logger)
@@ -323,6 +322,10 @@ func New(cfg *config.Config, log *logger.Logger) (*App, error) {
skillsHandler.SetDB(db) // 设置数据库连接以便获取调用统计
}
// 创建OpenAPI处理器
conversationHandler := handler.NewConversationHandler(db, log.Logger)
openAPIHandler := handler.NewOpenAPIHandler(db, log.Logger, resultStorage, conversationHandler, agentHandler)
// 创建 App 实例(部分字段稍后填充)
app := &App{
config: cfg,
@@ -414,6 +417,7 @@ func New(cfg *config.Config, log *logger.Logger) (*App, error) {
skillsHandler,
mcpServer,
authManager,
openAPIHandler,
)
return app, nil
@@ -476,6 +480,7 @@ func setupRoutes(
skillsHandler *handler.SkillsHandler,
mcpServer *mcp.Server,
authManager *security.AuthManager,
openAPIHandler *handler.OpenAPIHandler,
) {
// API路由
api := router.Group("/api")
@@ -722,8 +727,19 @@ func setupRoutes(
protected.POST("/mcp", func(c *gin.Context) {
mcpServer.HandleHTTP(c.Writer, c.Request)
})
// OpenAPI结果聚合端点(可选,用于获取对话的完整结果)
protected.GET("/conversations/:id/results", openAPIHandler.GetConversationResults)
}
// OpenAPI规范(需要认证,避免暴露API结构信息)
protected.GET("/openapi/spec", openAPIHandler.GetOpenAPISpec)
// API文档页面(公开访问,但需要登录后才能使用API)
router.GET("/api-docs", func(c *gin.Context) {
c.HTML(http.StatusOK, "api-docs.html", nil)
})
// 静态文件
router.Static("/static", "./web/static")
router.LoadHTMLGlob("web/templates/*")
internal/database/conversation.go
+20 -2
View File
@@ -223,12 +223,30 @@ func (db *DB) UpdateConversationTime(id string) error {
return nil
}
// DeleteConversation 删除对话
// DeleteConversation 删除对话及其所有相关数据
// 由于数据库外键约束设置了 ON DELETE CASCADE,删除对话时会自动删除:
// - messages(消息)
// - process_details(过程详情)
// - attack_chain_nodes(攻击链节点)
// - attack_chain_edges(攻击链边)
// - vulnerabilities(漏洞)
// - conversation_group_mappings(分组映射)
// 注意:knowledge_retrieval_logs 使用 ON DELETE SET NULL,记录会保留但 conversation_id 会被设为 NULL
func (db *DB) DeleteConversation(id string) error {
_, err := db.Exec("DELETE FROM conversations WHERE id = ?", id)
// 显式删除知识检索日志(虽然外键是SET NULL,但为了彻底清理,我们手动删除)
_, err := db.Exec("DELETE FROM knowledge_retrieval_logs WHERE conversation_id = ?", id)
if err != nil {
db.logger.Warn("删除知识检索日志失败", zap.String("conversationId", id), zap.Error(err))
// 不返回错误,继续删除对话
}
// 删除对话(外键CASCADE会自动删除其他相关数据)
_, err = db.Exec("DELETE FROM conversations WHERE id = ?", id)
if err != nil {
return fmt.Errorf("删除对话失败: %w", err)
}
db.logger.Info("对话及其所有相关数据已删除", zap.String("conversationId", id))
return nil
}
internal/handler/agent.go
+23 -4
View File
@@ -147,6 +147,14 @@ func (h *AgentHandler) AgentLoop(c *gin.Context) {
return
}
conversationID = conv.ID
} else {
// 验证对话是否存在
_, err := h.db.GetConversation(conversationID)
if err != nil {
h.logger.Error("对话不存在", zap.String("conversationId", conversationID), zap.Error(err))
c.JSON(http.StatusNotFound, gin.H{"error": "对话不存在"})
return
}
}
// 优先尝试从保存的ReAct数据恢复历史上下文
@@ -203,6 +211,8 @@ func (h *AgentHandler) AgentLoop(c *gin.Context) {
_, err = h.db.AddMessage(conversationID, "user", req.Message, nil)
if err != nil {
h.logger.Error("保存用户消息失败", zap.Error(err))
c.JSON(http.StatusInternalServerError, gin.H{"error": "保存用户消息失败: " + err.Error()})
return
}
// 执行Agent Loop,传入历史消息和对话ID(使用包含角色提示词的finalMessage和角色工具列表)
@@ -228,6 +238,8 @@ func (h *AgentHandler) AgentLoop(c *gin.Context) {
_, err = h.db.AddMessage(conversationID, "assistant", result.Response, result.MCPExecutionIDs)
if err != nil {
h.logger.Error("保存助手消息失败", zap.Error(err))
// 即使保存失败,也返回响应,但记录错误
// 因为AI已经生成了回复,用户应该能看到
}
// 保存最后一轮ReAct的输入和输出
@@ -479,12 +491,19 @@ func (h *AgentHandler) AgentLoopStream(c *gin.Context) {
return
}
conversationID = conv.ID
sendEvent("conversation", "会话已创建", map[string]interface{}{
"conversationId": conversationID,
})
} else {
// 验证对话是否存在
_, err := h.db.GetConversation(conversationID)
if err != nil {
h.logger.Error("对话不存在", zap.String("conversationId", conversationID), zap.Error(err))
sendEvent("error", "对话不存在", nil)
return
}
}
sendEvent("conversation", "会话已创建", map[string]interface{}{
"conversationId": conversationID,
})
// 优先尝试从保存的ReAct数据恢复历史上下文
agentHistoryMessages, err := h.loadHistoryFromReActData(conversationID)
if err != nil {
internal/handler/openapi.go
+647
View File
@@ -0,0 +1,647 @@
package handler
import (
"net/http"
"time"
"cyberstrike-ai/internal/database"
"cyberstrike-ai/internal/storage"
"github.com/gin-gonic/gin"
"go.uber.org/zap"
)
// OpenAPIHandler OpenAPI处理器
type OpenAPIHandler struct {
db *database.DB
logger *zap.Logger
resultStorage storage.ResultStorage
conversationHdlr *ConversationHandler
agentHdlr *AgentHandler
}
// NewOpenAPIHandler 创建新的OpenAPI处理器
func NewOpenAPIHandler(db *database.DB, logger *zap.Logger, resultStorage storage.ResultStorage, conversationHdlr *ConversationHandler, agentHdlr *AgentHandler) *OpenAPIHandler {
return &OpenAPIHandler{
db: db,
logger: logger,
resultStorage: resultStorage,
conversationHdlr: conversationHdlr,
agentHdlr: agentHdlr,
}
}
// GetOpenAPISpec 获取OpenAPI规范
func (h *OpenAPIHandler) GetOpenAPISpec(c *gin.Context) {
host := c.Request.Host
scheme := "http"
if c.Request.TLS != nil {
scheme = "https"
}
spec := map[string]interface{}{
"openapi": "3.0.0",
"info": map[string]interface{}{
"title": "CyberStrikeAI API",
"description": "AI驱动的自动化安全测试平台API文档",
"version": "1.0.0",
"contact": map[string]interface{}{
"name": "CyberStrikeAI",
},
},
"servers": []map[string]interface{}{
{
"url": scheme + "://" + host,
"description": "当前服务器",
},
},
"components": map[string]interface{}{
"securitySchemes": map[string]interface{}{
"bearerAuth": map[string]interface{}{
"type": "http",
"scheme": "bearer",
"bearerFormat": "JWT",
"description": "使用Bearer Token进行认证。Token通过 /api/auth/login 接口获取。",
},
},
"schemas": map[string]interface{}{
"CreateConversationRequest": map[string]interface{}{
"type": "object",
"properties": map[string]interface{}{
"title": map[string]interface{}{
"type": "string",
"description": "对话标题",
"example": "Web应用安全测试",
},
},
},
"Conversation": map[string]interface{}{
"type": "object",
"properties": map[string]interface{}{
"id": map[string]interface{}{
"type": "string",
"description": "对话ID",
"example": "550e8400-e29b-41d4-a716-446655440000",
},
"title": map[string]interface{}{
"type": "string",
"description": "对话标题",
"example": "Web应用安全测试",
},
"createdAt": map[string]interface{}{
"type": "string",
"format": "date-time",
"description": "创建时间",
},
"updatedAt": map[string]interface{}{
"type": "string",
"format": "date-time",
"description": "更新时间",
},
},
},
"ConversationDetail": map[string]interface{}{
"type": "object",
"properties": map[string]interface{}{
"id": map[string]interface{}{
"type": "string",
"description": "对话ID",
},
"title": map[string]interface{}{
"type": "string",
"description": "对话标题",
},
"status": map[string]interface{}{
"type": "string",
"description": "对话状态:active(进行中)、completed(已完成)、failed(失败)",
"enum": []string{"active", "completed", "failed"},
},
"createdAt": map[string]interface{}{
"type": "string",
"format": "date-time",
"description": "创建时间",
},
"updatedAt": map[string]interface{}{
"type": "string",
"format": "date-time",
"description": "更新时间",
},
"messages": map[string]interface{}{
"type": "array",
"description": "消息列表",
"items": map[string]interface{}{
"$ref": "#/components/schemas/Message",
},
},
"messageCount": map[string]interface{}{
"type": "integer",
"description": "消息数量",
},
},
},
"Message": map[string]interface{}{
"type": "object",
"properties": map[string]interface{}{
"id": map[string]interface{}{
"type": "string",
"description": "消息ID",
},
"conversationId": map[string]interface{}{
"type": "string",
"description": "对话ID",
},
"role": map[string]interface{}{
"type": "string",
"description": "消息角色:user(用户)、assistant(助手)",
"enum": []string{"user", "assistant"},
},
"content": map[string]interface{}{
"type": "string",
"description": "消息内容",
},
"createdAt": map[string]interface{}{
"type": "string",
"format": "date-time",
"description": "创建时间",
},
},
},
"ConversationResults": map[string]interface{}{
"type": "object",
"properties": map[string]interface{}{
"conversationId": map[string]interface{}{
"type": "string",
"description": "对话ID",
},
"messages": map[string]interface{}{
"type": "array",
"description": "消息列表",
"items": map[string]interface{}{
"$ref": "#/components/schemas/Message",
},
},
"vulnerabilities": map[string]interface{}{
"type": "array",
"description": "发现的漏洞列表",
"items": map[string]interface{}{
"$ref": "#/components/schemas/Vulnerability",
},
},
"executionResults": map[string]interface{}{
"type": "array",
"description": "执行结果列表",
"items": map[string]interface{}{
"$ref": "#/components/schemas/ExecutionResult",
},
},
},
},
"Vulnerability": map[string]interface{}{
"type": "object",
"properties": map[string]interface{}{
"id": map[string]interface{}{
"type": "string",
"description": "漏洞ID",
},
"title": map[string]interface{}{
"type": "string",
"description": "漏洞标题",
},
"description": map[string]interface{}{
"type": "string",
"description": "漏洞描述",
},
"severity": map[string]interface{}{
"type": "string",
"description": "严重程度",
"enum": []string{"critical", "high", "medium", "low", "info"},
},
"status": map[string]interface{}{
"type": "string",
"description": "状态",
"enum": []string{"open", "closed", "fixed"},
},
"target": map[string]interface{}{
"type": "string",
"description": "受影响的目标",
},
},
},
"ExecutionResult": map[string]interface{}{
"type": "object",
"properties": map[string]interface{}{
"id": map[string]interface{}{
"type": "string",
"description": "执行ID",
},
"toolName": map[string]interface{}{
"type": "string",
"description": "工具名称",
},
"status": map[string]interface{}{
"type": "string",
"description": "执行状态",
"enum": []string{"success", "failed", "running"},
},
"result": map[string]interface{}{
"type": "string",
"description": "执行结果",
},
"createdAt": map[string]interface{}{
"type": "string",
"format": "date-time",
"description": "创建时间",
},
},
},
"Error": map[string]interface{}{
"type": "object",
"properties": map[string]interface{}{
"error": map[string]interface{}{
"type": "string",
"description": "错误信息",
},
},
},
},
},
"security": []map[string]interface{}{
{
"bearerAuth": []string{},
},
},
"paths": map[string]interface{}{
"/api/conversations": map[string]interface{}{
"post": map[string]interface{}{
"tags": []string{"对话管理"},
"summary": "创建对话",
"description": "创建一个新的安全测试对话。\n\n**重要说明**:\n- ✅ 创建的对话会**立即保存到数据库**\n- ✅ 前端页面会**自动刷新**显示新对话\n- ✅ 与前端创建的对话**完全一致**\n\n**创建对话的两种方式**:\n\n**方式1(推荐):** 直接使用 `/api/agent-loop` 发送消息,**不提供** `conversationId` 参数,系统会自动创建新对话并发送消息。这是最简单的方式,一步完成创建和发送。\n\n**方式2:** 先调用此端点创建空对话,然后使用返回的 `conversationId` 调用 `/api/agent-loop` 发送消息。适用于需要先创建对话,稍后再发送消息的场景。\n\n**示例**\n```json\n{\n \"title\": \"Web应用安全测试\"\n}\n```",
"operationId": "createConversation",
"requestBody": map[string]interface{}{
"required": true,
"content": map[string]interface{}{
"application/json": map[string]interface{}{
"schema": map[string]interface{}{
"$ref": "#/components/schemas/CreateConversationRequest",
},
},
},
},
"responses": map[string]interface{}{
"200": map[string]interface{}{
"description": "对话创建成功",
"content": map[string]interface{}{
"application/json": map[string]interface{}{
"schema": map[string]interface{}{
"$ref": "#/components/schemas/Conversation",
},
},
},
},
"400": map[string]interface{}{
"description": "请求参数错误",
},
"401": map[string]interface{}{
"description": "未授权,需要有效的Token",
},
"500": map[string]interface{}{
"description": "服务器内部错误",
},
},
},
"get": map[string]interface{}{
"tags": []string{"对话管理"},
"summary": "列出对话",
"description": "获取对话列表,支持分页和搜索",
"operationId": "listConversations",
"parameters": []map[string]interface{}{
{
"name": "limit",
"in": "query",
"required": false,
"description": "返回数量限制",
"schema": map[string]interface{}{
"type": "integer",
"default": 50,
"minimum": 1,
"maximum": 100,
},
},
{
"name": "offset",
"in": "query",
"required": false,
"description": "偏移量",
"schema": map[string]interface{}{
"type": "integer",
"default": 0,
"minimum": 0,
},
},
{
"name": "search",
"in": "query",
"required": false,
"description": "搜索关键词",
"schema": map[string]interface{}{
"type": "string",
},
},
},
"responses": map[string]interface{}{
"200": map[string]interface{}{
"description": "获取成功",
"content": map[string]interface{}{
"application/json": map[string]interface{}{
"schema": map[string]interface{}{
"type": "array",
"items": map[string]interface{}{
"$ref": "#/components/schemas/Conversation",
},
},
},
},
},
"401": map[string]interface{}{
"description": "未授权,需要有效的Token",
},
},
},
},
"/api/conversations/{id}": map[string]interface{}{
"get": map[string]interface{}{
"tags": []string{"对话管理"},
"summary": "查看对话详情",
"description": "获取指定对话的详细信息,包括对话信息和消息列表",
"operationId": "getConversation",
"parameters": []map[string]interface{}{
{
"name": "id",
"in": "path",
"required": true,
"description": "对话ID",
"schema": map[string]interface{}{
"type": "string",
},
},
},
"responses": map[string]interface{}{
"200": map[string]interface{}{
"description": "获取成功",
"content": map[string]interface{}{
"application/json": map[string]interface{}{
"schema": map[string]interface{}{
"$ref": "#/components/schemas/ConversationDetail",
},
},
},
},
"404": map[string]interface{}{
"description": "对话不存在",
},
"401": map[string]interface{}{
"description": "未授权,需要有效的Token",
},
},
},
"delete": map[string]interface{}{
"tags": []string{"对话管理"},
"summary": "删除对话",
"description": "删除指定的对话及其所有相关数据(消息、漏洞等)。**此操作不可恢复**。",
"operationId": "deleteConversation",
"parameters": []map[string]interface{}{
{
"name": "id",
"in": "path",
"required": true,
"description": "对话ID",
"schema": map[string]interface{}{
"type": "string",
},
},
},
"responses": map[string]interface{}{
"200": map[string]interface{}{
"description": "删除成功",
"content": map[string]interface{}{
"application/json": map[string]interface{}{
"schema": map[string]interface{}{
"type": "object",
"properties": map[string]interface{}{
"message": map[string]interface{}{
"type": "string",
"description": "成功消息",
"example": "删除成功",
},
},
},
},
},
},
"404": map[string]interface{}{
"description": "对话不存在",
},
"401": map[string]interface{}{
"description": "未授权,需要有效的Token",
},
"500": map[string]interface{}{
"description": "服务器内部错误",
},
},
},
},
"/api/conversations/{id}/results": map[string]interface{}{
"get": map[string]interface{}{
"tags": []string{"结果查询"},
"summary": "获取对话结果",
"description": "获取指定对话的执行结果,包括消息、漏洞信息和执行结果",
"operationId": "getConversationResults",
"parameters": []map[string]interface{}{
{
"name": "id",
"in": "path",
"required": true,
"description": "对话ID",
"schema": map[string]interface{}{
"type": "string",
},
},
},
"responses": map[string]interface{}{
"200": map[string]interface{}{
"description": "获取成功",
"content": map[string]interface{}{
"application/json": map[string]interface{}{
"schema": map[string]interface{}{
"$ref": "#/components/schemas/ConversationResults",
},
},
},
},
"404": map[string]interface{}{
"description": "对话不存在或结果不存在",
},
"401": map[string]interface{}{
"description": "未授权,需要有效的Token",
},
},
},
},
"/api/agent-loop": map[string]interface{}{
"post": map[string]interface{}{
"tags": []string{"对话交互"},
"summary": "发送消息并获取AI回复(核心端点)",
"description": "向AI发送消息并获取回复。**这是与AI交互的核心端点**,与前端聊天功能完全一致。\n\n**重要说明**:\n- ✅ 通过此API创建/发送的消息会**立即保存到数据库**\n- ✅ 前端页面会**自动刷新**显示新创建的对话和消息\n- ✅ 所有操作都有**完整的交互痕迹**,就像在前端操作一样\n- ✅ 支持角色配置,可以指定使用哪个测试角色\n\n**推荐使用流程**:\n\n1. **先创建对话**:调用 `POST /api/conversations` 创建新对话,获取 `conversationId`\n2. **再发送消息**:使用返回的 `conversationId` 调用此端点发送消息\n\n**使用示例**:\n\n**步骤1 - 创建对话:**\n```json\nPOST /api/conversations\n{\n \"title\": \"Web应用安全测试\"\n}\n```\n\n**步骤2 - 发送消息:**\n```json\nPOST /api/agent-loop\n{\n \"conversationId\": \"返回的对话ID\",\n \"message\": \"扫描 http://example.com 的SQL注入漏洞\",\n \"role\": \"渗透测试\"\n}\n```\n\n**其他方式**\n\n如果不提供 `conversationId`,系统会自动创建新对话并发送消息。但**推荐先创建对话**,这样可以更好地管理对话列表。\n\n**响应**:返回AI的回复、对话ID和MCP执行ID列表。前端会自动刷新显示新消息。",
"operationId": "sendMessage",
"requestBody": map[string]interface{}{
"required": true,
"content": map[string]interface{}{
"application/json": map[string]interface{}{
"schema": map[string]interface{}{
"type": "object",
"properties": map[string]interface{}{
"message": map[string]interface{}{
"type": "string",
"description": "要发送的消息(必需)",
"example": "扫描 http://example.com 的SQL注入漏洞",
},
"conversationId": map[string]interface{}{
"type": "string",
"description": "对话ID(可选)。\n- **不提供**:自动创建新对话并发送消息(推荐)\n- **提供**:消息会添加到指定对话中(对话必须存在)",
"example": "550e8400-e29b-41d4-a716-446655440000",
},
"role": map[string]interface{}{
"type": "string",
"description": "角色名称(可选),如:默认、渗透测试、Web应用扫描等",
"example": "默认",
},
},
"required": []string{"message"},
},
},
},
},
"responses": map[string]interface{}{
"200": map[string]interface{}{
"description": "消息发送成功,返回AI回复",
"content": map[string]interface{}{
"application/json": map[string]interface{}{
"schema": map[string]interface{}{
"type": "object",
"properties": map[string]interface{}{
"response": map[string]interface{}{
"type": "string",
"description": "AI的回复内容",
},
"conversationId": map[string]interface{}{
"type": "string",
"description": "对话ID",
},
"mcpExecutionIds": map[string]interface{}{
"type": "array",
"description": "MCP执行ID列表",
"items": map[string]interface{}{
"type": "string",
},
},
"time": map[string]interface{}{
"type": "string",
"format": "date-time",
"description": "响应时间",
},
},
},
},
},
},
"400": map[string]interface{}{
"description": "请求参数错误",
},
"401": map[string]interface{}{
"description": "未授权,需要有效的Token",
},
"500": map[string]interface{}{
"description": "服务器内部错误",
},
},
},
},
},
}
c.JSON(http.StatusOK, spec)
}
// GetConversationResults 获取对话结果(OpenAPI端点)
// 注意:创建对话和获取对话详情直接使用标准的 /api/conversations 端点
// 这个端点只是为了提供结果聚合功能
func (h *OpenAPIHandler) GetConversationResults(c *gin.Context) {
conversationID := c.Param("id")
// 验证对话是否存在
conv, err := h.db.GetConversation(conversationID)
if err != nil {
h.logger.Error("获取对话失败", zap.Error(err))
c.JSON(http.StatusNotFound, gin.H{"error": "对话不存在"})
return
}
// 获取消息列表
messages, err := h.db.GetMessages(conversationID)
if err != nil {
h.logger.Error("获取消息失败", zap.Error(err))
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
// 获取漏洞列表
vulnList, err := h.db.ListVulnerabilities(1000, 0, "", conversationID, "", "")
if err != nil {
h.logger.Warn("获取漏洞列表失败", zap.Error(err))
vulnList = []*database.Vulnerability{}
}
vulnerabilities := make([]database.Vulnerability, len(vulnList))
for i, v := range vulnList {
vulnerabilities[i] = *v
}
// 获取执行结果(从MCP执行记录中获取)
executionResults := []map[string]interface{}{}
for _, msg := range messages {
if len(msg.MCPExecutionIDs) > 0 {
for _, execID := range msg.MCPExecutionIDs {
// 尝试从结果存储中获取执行结果
if h.resultStorage != nil {
result, err := h.resultStorage.GetResult(execID)
if err == nil && result != "" {
// 获取元数据以获取工具名称和创建时间
metadata, err := h.resultStorage.GetResultMetadata(execID)
toolName := "unknown"
createdAt := time.Now()
if err == nil && metadata != nil {
toolName = metadata.ToolName
createdAt = metadata.CreatedAt
}
executionResults = append(executionResults, map[string]interface{}{
"id": execID,
"toolName": toolName,
"status": "success",
"result": result,
"createdAt": createdAt.Format(time.RFC3339),
})
}
}
}
}
}
response := map[string]interface{}{
"conversationId": conv.ID,
"messages": messages,
"vulnerabilities": vulnerabilities,
"executionResults": executionResults,
}
c.JSON(http.StatusOK, response)
}
web/static/css/style.css
+72 -9
View File
@@ -538,6 +538,28 @@ header {
transform: translateY(-1px);
}
.openapi-doc-btn {
display: inline-flex;
align-items: center;
gap: 6px;
padding: 6px 12px;
border-radius: 6px;
border: 1px solid var(--border-color);
background: var(--bg-primary);
color: var(--text-primary);
cursor: pointer;
font-size: 0.8125rem;
font-weight: 400;
transition: all 0.2s ease;
}
.openapi-doc-btn:hover {
background: var(--bg-tertiary);
border-color: var(--accent-color);
color: var(--accent-color);
transform: translateY(-1px);
}
.monitor-btn {
color: var(--accent-color);
border-color: var(--border-color);
@@ -1619,35 +1641,76 @@ header {
.chat-input-container .send-btn {
display: flex;
align-items: center;
justify-content: center;
gap: 6px;
padding: 10px 18px;
padding: 10px 20px;
height: 40px;
background: var(--accent-color);
background: linear-gradient(135deg, var(--accent-color) 0%, #0052cc 100%);
color: white;
border: none;
border-radius: 12px;
cursor: pointer;
font-size: 0.9375rem;
font-weight: 500;
transition: all 0.2s;
font-weight: 600;
transition: all 0.3s cubic-bezier(0.4, 0, 0.2, 1);
white-space: nowrap;
flex-shrink: 0;
box-sizing: border-box;
position: relative;
overflow: hidden;
box-shadow: 0 2px 8px rgba(0, 102, 255, 0.2), 0 1px 3px rgba(0, 0, 0, 0.1);
}
/* 按钮光效动画 */
.chat-input-container .send-btn::before {
content: '';
position: absolute;
top: 0;
left: -100%;
width: 100%;
height: 100%;
background: linear-gradient(90deg, transparent, rgba(255, 255, 255, 0.2), transparent);
transition: left 0.5s;
}
.chat-input-container .send-btn:hover::before {
left: 100%;
}
.chat-input-container .send-btn:hover {
background: var(--accent-hover);
transform: translateY(-1px);
box-shadow: 0 2px 8px rgba(0, 102, 255, 0.25);
background: linear-gradient(135deg, #0052cc 0%, var(--accent-color) 100%);
transform: translateY(-2px) scale(1.02);
box-shadow: 0 4px 12px rgba(0, 102, 255, 0.35), 0 2px 6px rgba(0, 0, 0, 0.15);
}
.chat-input-container .send-btn:active {
transform: translateY(0);
box-shadow: 0 1px 4px rgba(0, 102, 255, 0.2);
transform: translateY(0) scale(0.98);
box-shadow: 0 2px 6px rgba(0, 102, 255, 0.25), 0 1px 3px rgba(0, 0, 0, 0.1);
transition: all 0.1s;
}
.chat-input-container .send-btn:disabled {
opacity: 0.6;
cursor: not-allowed;
transform: none;
}
.chat-input-container .send-btn svg {
flex-shrink: 0;
transition: transform 0.3s cubic-bezier(0.4, 0, 0.2, 1);
}
.chat-input-container .send-btn:hover svg {
transform: translateX(2px);
}
.chat-input-container .send-btn:active svg {
transform: translateX(4px);
}
.chat-input-container .send-btn span {
position: relative;
z-index: 1;
}
.mention-suggestions {
web/static/js/api-docs.js
+749
View File
@@ -0,0 +1,749 @@
// API文档页面JavaScript
let apiSpec = null;
let currentToken = null;
// 初始化
document.addEventListener('DOMContentLoaded', async () => {
await loadToken();
await loadAPISpec();
if (apiSpec) {
renderAPIDocs();
}
});
// 加载token
async function loadToken() {
try {
const authData = localStorage.getItem('cyberstrike-auth');
if (authData) {
const parsed = JSON.parse(authData);
if (parsed && parsed.token) {
const expiry = parsed.expiresAt ? new Date(parsed.expiresAt) : null;
if (!expiry || expiry.getTime() > Date.now()) {
currentToken = parsed.token;
return;
}
}
}
currentToken = localStorage.getItem('swagger_auth_token');
} catch (e) {
console.error('加载token失败:', e);
}
}
// 加载OpenAPI规范
async function loadAPISpec() {
try {
let url = '/api/openapi/spec';
if (currentToken) {
url += '?token=' + encodeURIComponent(currentToken);
}
const response = await fetch(url);
if (!response.ok) {
if (response.status === 401) {
showError('需要登录才能查看API文档。请先在前端页面登录,然后刷新此页面。');
return;
}
throw new Error('加载API规范失败: ' + response.status);
}
apiSpec = await response.json();
} catch (error) {
console.error('加载API规范失败:', error);
showError('加载API文档失败: ' + error.message);
}
}
// 显示错误
function showError(message) {
const main = document.getElementById('api-docs-main');
main.innerHTML = `
<div class="empty-state">
<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
<circle cx="12" cy="12" r="10"/>
<line x1="12" y1="8" x2="12" y2="12"/>
<line x1="12" y1="16" x2="12.01" y2="16"/>
</svg>
<h3>加载失败</h3>
<p>${message}</p>
<div style="margin-top: 16px;">
<a href="/" style="color: var(--accent-color); text-decoration: none;">返回首页登录</a>
</div>
</div>
`;
}
// 渲染API文档
function renderAPIDocs() {
if (!apiSpec || !apiSpec.paths) {
showError('API规范格式错误');
return;
}
// 显示认证说明
renderAuthInfo();
// 渲染侧边栏分组
renderSidebar();
// 渲染API端点
renderEndpoints();
}
// 渲染认证说明
function renderAuthInfo() {
const authSection = document.getElementById('auth-info-section');
if (!authSection) return;
// 显示认证说明部分
authSection.style.display = 'block';
// 检查是否有token
const tokenStatus = document.getElementById('token-status');
if (currentToken && tokenStatus) {
tokenStatus.style.display = 'block';
} else if (tokenStatus) {
// 如果没有token,显示提示
tokenStatus.style.display = 'block';
tokenStatus.style.background = 'rgba(255, 152, 0, 0.1)';
tokenStatus.style.borderLeftColor = '#ff9800';
tokenStatus.innerHTML = '<p style="margin: 0; font-size: 0.8125rem; color: #ff9800;"><strong>⚠ 未检测到 Token</strong> - 请先在前端页面登录,然后刷新此页面。测试接口时需要在请求头中添加 Authorization: Bearer token</p>';
}
}
// 渲染侧边栏
function renderSidebar() {
const groups = new Set();
Object.keys(apiSpec.paths).forEach(path => {
Object.keys(apiSpec.paths[path]).forEach(method => {
const endpoint = apiSpec.paths[path][method];
if (endpoint.tags && endpoint.tags.length > 0) {
endpoint.tags.forEach(tag => groups.add(tag));
}
});
});
const groupList = document.getElementById('api-group-list');
const allGroups = Array.from(groups).sort();
allGroups.forEach(group => {
const li = document.createElement('li');
li.className = 'api-group-item';
li.innerHTML = `<a href="#" class="api-group-link" data-group="${group}">${group}</a>`;
groupList.appendChild(li);
});
// 绑定点击事件
groupList.querySelectorAll('.api-group-link').forEach(link => {
link.addEventListener('click', (e) => {
e.preventDefault();
groupList.querySelectorAll('.api-group-link').forEach(l => l.classList.remove('active'));
link.classList.add('active');
const group = link.dataset.group;
renderEndpoints(group === 'all' ? null : group);
});
});
}
// 渲染API端点
function renderEndpoints(filterGroup = null) {
const main = document.getElementById('api-docs-main');
main.innerHTML = '';
const endpoints = [];
Object.keys(apiSpec.paths).forEach(path => {
Object.keys(apiSpec.paths[path]).forEach(method => {
const endpoint = apiSpec.paths[path][method];
const tags = endpoint.tags || [];
if (!filterGroup || filterGroup === 'all' || tags.includes(filterGroup)) {
endpoints.push({
path,
method,
...endpoint
});
}
});
});
// 按分组排序
endpoints.sort((a, b) => {
const tagA = a.tags && a.tags.length > 0 ? a.tags[0] : '';
const tagB = b.tags && b.tags.length > 0 ? b.tags[0] : '';
if (tagA !== tagB) return tagA.localeCompare(tagB);
return a.path.localeCompare(b.path);
});
if (endpoints.length === 0) {
main.innerHTML = '<div class="empty-state"><h3>暂无API</h3><p>该分组下没有API端点</p></div>';
return;
}
endpoints.forEach(endpoint => {
main.appendChild(createEndpointCard(endpoint));
});
}
// 创建API端点卡片
function createEndpointCard(endpoint) {
const card = document.createElement('div');
card.className = 'api-endpoint';
const methodClass = endpoint.method.toLowerCase();
const tags = endpoint.tags || [];
const tagHtml = tags.map(tag => `<span class="api-tag">${tag}</span>`).join('');
card.innerHTML = `
<div class="api-endpoint-header">
<div class="api-endpoint-title">
<span class="api-method ${methodClass}">${endpoint.method.toUpperCase()}</span>
<span class="api-path">${endpoint.path}</span>
${tagHtml}
</div>
</div>
<div class="api-endpoint-body">
<div class="api-section">
<div class="api-section-title">描述</div>
<div class="api-description">${endpoint.summary || endpoint.description || '无描述'}</div>
</div>
${renderParameters(endpoint)}
${renderRequestBody(endpoint)}
${renderResponses(endpoint)}
${renderTestSection(endpoint)}
</div>
`;
return card;
}
// 渲染参数
function renderParameters(endpoint) {
const params = endpoint.parameters || [];
if (params.length === 0) return '';
const rows = params.map(param => {
const required = param.required ? '<span class="api-param-required">必需</span>' : '<span style="color: var(--text-muted);">可选</span>';
return `
<tr>
<td><span class="api-param-name">${param.name}</span></td>
<td><span class="api-param-type">${param.schema?.type || 'string'}</span></td>
<td>${param.description || '-'}</td>
<td>${required}</td>
</tr>
`;
}).join('');
return `
<div class="api-section">
<div class="api-section-title">参数</div>
<table class="api-params-table">
<thead>
<tr>
<th>参数名</th>
<th>类型</th>
<th>描述</th>
<th>必需</th>
</tr>
</thead>
<tbody>
${rows}
</tbody>
</table>
</div>
`;
}
// 渲染请求体
function renderRequestBody(endpoint) {
if (!endpoint.requestBody) return '';
const content = endpoint.requestBody.content || {};
let schema = content['application/json']?.schema || {};
// 处理 $ref 引用
if (schema.$ref) {
const refPath = schema.$ref.split('/');
const refName = refPath[refPath.length - 1];
if (apiSpec.components && apiSpec.components.schemas && apiSpec.components.schemas[refName]) {
schema = apiSpec.components.schemas[refName];
}
}
// 渲染参数表格
let paramsTable = '';
if (schema.properties) {
const requiredFields = schema.required || [];
const rows = Object.keys(schema.properties).map(key => {
const prop = schema.properties[key];
const required = requiredFields.includes(key)
? '<span class="api-param-required">必需</span>'
: '<span style="color: var(--text-muted);">可选</span>';
// 处理嵌套类型
let typeDisplay = prop.type || 'object';
if (prop.type === 'array' && prop.items) {
typeDisplay = `array[${prop.items.type || 'object'}]`;
} else if (prop.$ref) {
const refPath = prop.$ref.split('/');
typeDisplay = refPath[refPath.length - 1];
}
// 处理枚举
if (prop.enum) {
typeDisplay += ` (${prop.enum.join(', ')})`;
}
return `
<tr>
<td><span class="api-param-name">${escapeHtml(key)}</span></td>
<td><span class="api-param-type">${escapeHtml(typeDisplay)}</span></td>
<td>${prop.description ? escapeHtml(prop.description) : '-'}</td>
<td>${required}</td>
<td>${prop.example !== undefined ? `<code>${escapeHtml(String(prop.example))}</code>` : '-'}</td>
</tr>
`;
}).join('');
if (rows) {
paramsTable = `
<table class="api-params-table" style="margin-top: 12px;">
<thead>
<tr>
<th>参数名</th>
<th>类型</th>
<th>描述</th>
<th>必需</th>
<th>示例</th>
</tr>
</thead>
<tbody>
${rows}
</tbody>
</table>
`;
}
}
// 生成示例JSON
let example = '';
if (schema.example) {
example = JSON.stringify(schema.example, null, 2);
} else if (schema.properties) {
const exampleObj = {};
Object.keys(schema.properties).forEach(key => {
const prop = schema.properties[key];
if (prop.example !== undefined) {
exampleObj[key] = prop.example;
} else {
// 根据类型生成默认示例
if (prop.type === 'string') {
exampleObj[key] = prop.description || 'string';
} else if (prop.type === 'number') {
exampleObj[key] = 0;
} else if (prop.type === 'boolean') {
exampleObj[key] = false;
} else if (prop.type === 'array') {
exampleObj[key] = [];
} else {
exampleObj[key] = null;
}
}
});
example = JSON.stringify(exampleObj, null, 2);
}
return `
<div class="api-section">
<div class="api-section-title">请求体</div>
${endpoint.requestBody.description ? `<div class="api-description">${endpoint.requestBody.description}</div>` : ''}
${paramsTable}
${example ? `
<div style="margin-top: 16px;">
<div style="font-weight: 500; margin-bottom: 8px; color: var(--text-primary);">示例JSON:</div>
<div class="api-response-example">
<pre>${escapeHtml(example)}</pre>
</div>
</div>
` : ''}
</div>
`;
}
// 渲染响应
function renderResponses(endpoint) {
const responses = endpoint.responses || {};
const responseItems = Object.keys(responses).map(status => {
const response = responses[status];
const schema = response.content?.['application/json']?.schema || {};
let example = '';
if (schema.example) {
example = JSON.stringify(schema.example, null, 2);
}
return `
<div style="margin-bottom: 16px;">
<strong style="color: ${status.startsWith('2') ? 'var(--success-color)' : status.startsWith('4') ? 'var(--error-color)' : 'var(--warning-color)'}">${status}</strong>
${response.description ? `<span style="color: var(--text-secondary); margin-left: 8px;">${response.description}</span>` : ''}
${example ? `
<div class="api-response-example" style="margin-top: 8px;">
<pre>${escapeHtml(example)}</pre>
</div>
` : ''}
</div>
`;
}).join('');
if (!responseItems) return '';
return `
<div class="api-section">
<div class="api-section-title">响应</div>
${responseItems}
</div>
`;
}
// 渲染测试区域
function renderTestSection(endpoint) {
const method = endpoint.method.toUpperCase();
const path = endpoint.path;
const hasBody = endpoint.requestBody && ['POST', 'PUT', 'PATCH'].includes(method);
let bodyInput = '';
if (hasBody) {
const schema = endpoint.requestBody.content?.['application/json']?.schema || {};
let defaultBody = '';
if (schema.example) {
defaultBody = JSON.stringify(schema.example, null, 2);
} else if (schema.properties) {
const exampleObj = {};
Object.keys(schema.properties).forEach(key => {
const prop = schema.properties[key];
exampleObj[key] = prop.example || (prop.type === 'string' ? '' : prop.type === 'number' ? 0 : prop.type === 'boolean' ? false : null);
});
defaultBody = JSON.stringify(exampleObj, null, 2);
}
const bodyInputId = `test-body-${escapeId(path)}-${method}`;
bodyInput = `
<div class="api-test-input-group">
<label>请求体 (JSON)</label>
<textarea id="${bodyInputId}" class="test-body-input" placeholder='请输入JSON格式的请求体'>${defaultBody}</textarea>
</div>
`;
}
// 处理路径参数
const pathParams = (endpoint.parameters || []).filter(p => p.in === 'path');
let pathParamsInput = '';
if (pathParams.length > 0) {
pathParamsInput = pathParams.map(param => {
const inputId = `test-param-${param.name}-${escapeId(path)}-${method}`;
return `
<div class="api-test-input-group">
<label>${param.name} <span style="color: var(--error-color);">*</span></label>
<input type="text" id="${inputId}" placeholder="${param.description || param.name}" required>
</div>
`;
}).join('');
}
// 处理查询参数
const queryParams = (endpoint.parameters || []).filter(p => p.in === 'query');
let queryParamsInput = '';
if (queryParams.length > 0) {
queryParamsInput = queryParams.map(param => {
const inputId = `test-query-${param.name}-${escapeId(path)}-${method}`;
const defaultValue = param.schema?.default !== undefined ? param.schema.default : '';
const placeholder = param.description || param.name;
const required = param.required ? '<span style="color: var(--error-color);">*</span>' : '<span style="color: var(--text-muted);">可选</span>';
return `
<div class="api-test-input-group">
<label>${param.name} ${required}</label>
<input type="${param.schema?.type === 'number' || param.schema?.type === 'integer' ? 'number' : 'text'}"
id="${inputId}"
placeholder="${placeholder}"
value="${defaultValue}"
${param.required ? 'required' : ''}>
</div>
`;
}).join('');
}
return `
<div class="api-test-section">
<div class="api-section-title">测试接口</div>
<div class="api-test-form">
${pathParamsInput}
${queryParamsInput ? `<div style="margin-top: 16px;"><div style="font-weight: 500; margin-bottom: 8px; color: var(--text-primary);">查询参数:</div>${queryParamsInput}</div>` : ''}
${bodyInput}
<div class="api-test-buttons">
<button class="api-test-btn primary" onclick="testAPI('${method}', '${escapeHtml(path)}', '${endpoint.operationId || ''}')">
<svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
<polygon points="5 3 19 12 5 21 5 3"/>
</svg>
发送请求
</button>
<button class="api-test-btn secondary" onclick="copyCurlCommand(event, '${method}', '${escapeHtml(path)}')" title="复制curl命令">
<svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
<rect x="9" y="9" width="13" height="13" rx="2" ry="2" stroke="currentColor" stroke-width="2"/>
<path d="M5 15H4a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h9a2 2 0 0 1 2 2v1" stroke="currentColor" stroke-width="2"/>
</svg>
复制curl
</button>
<button class="api-test-btn secondary" onclick="clearTestResult('${escapeId(path)}-${method}')">
清除结果
</button>
</div>
<div id="test-result-${escapeId(path)}-${method}" class="api-test-result" style="display: none;"></div>
</div>
</div>
`;
}
// 测试API
async function testAPI(method, path, operationId) {
const resultId = `test-result-${escapeId(path)}-${method}`;
const resultDiv = document.getElementById(resultId);
if (!resultDiv) return;
resultDiv.style.display = 'block';
resultDiv.className = 'api-test-result loading';
resultDiv.textContent = '发送请求中...';
try {
// 替换路径参数
let actualPath = path;
const pathParams = path.match(/\{([^}]+)\}/g) || [];
pathParams.forEach(param => {
const paramName = param.slice(1, -1);
const inputId = `test-param-${paramName}-${escapeId(path)}-${method}`;
const input = document.getElementById(inputId);
if (input && input.value) {
actualPath = actualPath.replace(param, encodeURIComponent(input.value));
} else {
throw new Error(`路径参数 ${paramName} 不能为空`);
}
});
// 确保路径以/api开头(如果OpenAPI规范中的路径不包含/api
if (!actualPath.startsWith('/api') && !actualPath.startsWith('http')) {
actualPath = '/api' + actualPath;
}
// 构建查询参数
const queryParams = [];
const endpointSpec = apiSpec.paths[path]?.[method.toLowerCase()];
if (endpointSpec && endpointSpec.parameters) {
endpointSpec.parameters.filter(p => p.in === 'query').forEach(param => {
const inputId = `test-query-${param.name}-${escapeId(path)}-${method}`;
const input = document.getElementById(inputId);
if (input && input.value !== '' && input.value !== null && input.value !== undefined) {
queryParams.push(`${encodeURIComponent(param.name)}=${encodeURIComponent(input.value)}`);
} else if (param.required) {
throw new Error(`查询参数 ${param.name} 不能为空`);
}
});
}
// 添加查询字符串
if (queryParams.length > 0) {
actualPath += (actualPath.includes('?') ? '&' : '?') + queryParams.join('&');
}
// 构建请求选项
const options = {
method: method,
headers: {
'Content-Type': 'application/json',
}
};
// 添加token
if (currentToken) {
options.headers['Authorization'] = 'Bearer ' + currentToken;
} else {
// 如果没有token,提示用户
throw new Error('未检测到 Token。请先在前端页面登录,然后刷新此页面。或者手动在请求头中添加 Authorization: Bearer your_token');
}
// 添加请求体
if (['POST', 'PUT', 'PATCH'].includes(method)) {
const bodyInputId = `test-body-${escapeId(path)}-${method}`;
const bodyInput = document.getElementById(bodyInputId);
if (bodyInput && bodyInput.value.trim()) {
try {
options.body = JSON.stringify(JSON.parse(bodyInput.value.trim()));
} catch (e) {
throw new Error('请求体JSON格式错误: ' + e.message);
}
}
}
// 发送请求
const response = await fetch(actualPath, options);
const responseText = await response.text();
let responseData;
try {
responseData = JSON.parse(responseText);
} catch {
responseData = responseText;
}
// 显示结果
resultDiv.className = response.ok ? 'api-test-result success' : 'api-test-result error';
resultDiv.textContent = `状态码: ${response.status} ${response.statusText}\n\n${typeof responseData === 'string' ? responseData : JSON.stringify(responseData, null, 2)}`;
} catch (error) {
resultDiv.className = 'api-test-result error';
resultDiv.textContent = '请求失败: ' + error.message;
}
}
// 清除测试结果
function clearTestResult(id) {
const resultDiv = document.getElementById(`test-result-${id}`);
if (resultDiv) {
resultDiv.style.display = 'none';
resultDiv.textContent = '';
}
}
// 复制curl命令
function copyCurlCommand(event, method, path) {
try {
// 替换路径参数
let actualPath = path;
const pathParams = path.match(/\{([^}]+)\}/g) || [];
pathParams.forEach(param => {
const paramName = param.slice(1, -1);
const inputId = `test-param-${paramName}-${escapeId(path)}-${method}`;
const input = document.getElementById(inputId);
if (input && input.value) {
actualPath = actualPath.replace(param, encodeURIComponent(input.value));
}
});
// 确保路径以/api开头
if (!actualPath.startsWith('/api') && !actualPath.startsWith('http')) {
actualPath = '/api' + actualPath;
}
// 构建查询参数
const queryParams = [];
const endpointSpec = apiSpec.paths[path]?.[method.toLowerCase()];
if (endpointSpec && endpointSpec.parameters) {
endpointSpec.parameters.filter(p => p.in === 'query').forEach(param => {
const inputId = `test-query-${param.name}-${escapeId(path)}-${method}`;
const input = document.getElementById(inputId);
if (input && input.value !== '' && input.value !== null && input.value !== undefined) {
queryParams.push(`${encodeURIComponent(param.name)}=${encodeURIComponent(input.value)}`);
}
});
}
// 添加查询字符串
if (queryParams.length > 0) {
actualPath += (actualPath.includes('?') ? '&' : '?') + queryParams.join('&');
}
// 构建完整的URL
const baseUrl = window.location.origin;
const fullUrl = baseUrl + actualPath;
// 构建curl命令
let curlCommand = `curl -X ${method.toUpperCase()} "${fullUrl}"`;
// 添加请求头
curlCommand += ` \\\n -H "Content-Type: application/json"`;
// 添加Authorization头
if (currentToken) {
curlCommand += ` \\\n -H "Authorization: Bearer ${currentToken}"`;
} else {
curlCommand += ` \\\n -H "Authorization: Bearer YOUR_TOKEN_HERE"`;
}
// 添加请求体(如果有)
if (['POST', 'PUT', 'PATCH'].includes(method.toUpperCase())) {
const bodyInputId = `test-body-${escapeId(path)}-${method}`;
const bodyInput = document.getElementById(bodyInputId);
if (bodyInput && bodyInput.value.trim()) {
try {
// 验证JSON格式并格式化
const jsonBody = JSON.parse(bodyInput.value.trim());
const jsonString = JSON.stringify(jsonBody);
// 在单引号内,只需要转义单引号本身
const escapedJson = jsonString.replace(/'/g, "'\\''");
curlCommand += ` \\\n -d '${escapedJson}'`;
} catch (e) {
// 如果不是有效JSON,直接使用原始值
const escapedBody = bodyInput.value.trim().replace(/'/g, "'\\''");
curlCommand += ` \\\n -d '${escapedBody}'`;
}
}
}
// 复制到剪贴板
const button = event ? event.target.closest('button') : null;
navigator.clipboard.writeText(curlCommand).then(() => {
// 显示成功提示
if (button) {
const originalText = button.innerHTML;
button.innerHTML = '<svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="20 6 9 17 4 12"/></svg>已复制';
button.style.color = 'var(--success-color)';
setTimeout(() => {
button.innerHTML = originalText;
button.style.color = '';
}, 2000);
} else {
alert('curl命令已复制到剪贴板!');
}
}).catch(err => {
console.error('复制失败:', err);
// 如果clipboard API失败,使用fallback方法
const textarea = document.createElement('textarea');
textarea.value = curlCommand;
textarea.style.position = 'fixed';
textarea.style.opacity = '0';
document.body.appendChild(textarea);
textarea.select();
try {
document.execCommand('copy');
if (button) {
const originalText = button.innerHTML;
button.innerHTML = '<svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="20 6 9 17 4 12"/></svg>已复制';
button.style.color = 'var(--success-color)';
setTimeout(() => {
button.innerHTML = originalText;
button.style.color = '';
}, 2000);
} else {
alert('curl命令已复制到剪贴板!');
}
} catch (e) {
alert('复制失败,请手动复制:\n\n' + curlCommand);
}
document.body.removeChild(textarea);
});
} catch (error) {
console.error('生成curl命令失败:', error);
alert('生成curl命令失败: ' + error.message);
}
}
// HTML转义
function escapeHtml(text) {
const div = document.createElement('div');
div.textContent = text;
return div.innerHTML;
}
// ID转义(用于HTML ID属性)
function escapeId(text) {
return text.replace(/[{}]/g, '').replace(/\//g, '-');
}
web/static/js/chat.js
+30
View File
@@ -5761,4 +5761,34 @@ document.addEventListener('DOMContentLoaded', async () => {
};
}
await loadConversationsWithGroups();
// 添加页面焦点时自动刷新对话列表的功能
// 这样当通过OpenAPI创建对话后,切换回页面时能自动看到新对话
let lastFocusTime = Date.now();
const CONVERSATION_REFRESH_INTERVAL = 30000; // 30秒内最多刷新一次,避免过于频繁
window.addEventListener('focus', () => {
const now = Date.now();
// 如果距离上次刷新超过30秒,才刷新对话列表
if (now - lastFocusTime > CONVERSATION_REFRESH_INTERVAL) {
lastFocusTime = now;
if (typeof loadConversationsWithGroups === 'function') {
loadConversationsWithGroups();
}
}
});
// 监听页面可见性变化(当用户切换标签页回来时)
document.addEventListener('visibilitychange', () => {
if (!document.hidden) {
// 页面变为可见时,检查是否需要刷新
const now = Date.now();
if (now - lastFocusTime > CONVERSATION_REFRESH_INTERVAL) {
lastFocusTime = now;
if (typeof loadConversationsWithGroups === 'function') {
loadConversationsWithGroups();
}
}
}
});
});
web/templates/api-docs.html
+578
View File
@@ -0,0 +1,578 @@
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>API 文档 - CyberStrikeAI</title>
<link rel="icon" type="image/png" href="/static/logo.png">
<link rel="stylesheet" href="/static/css/style.css">
<style>
/* 覆盖主CSS的overflow限制,允许API文档页面滚动 */
body {
overflow: auto !important;
height: auto !important;
}
.api-docs-container {
max-width: 1400px;
margin: 0 auto;
padding: 24px;
background: var(--bg-primary);
min-height: 100vh;
}
.api-docs-header {
margin-bottom: 32px;
padding-bottom: 24px;
border-bottom: 2px solid var(--border-color);
}
.api-docs-header h1 {
font-size: 2rem;
font-weight: 600;
color: var(--text-primary);
margin-bottom: 8px;
display: flex;
align-items: center;
gap: 12px;
}
.api-docs-header p {
color: var(--text-secondary);
font-size: 0.9375rem;
margin: 0;
}
.auth-info-section {
background: var(--bg-secondary);
border: 1px solid var(--border-color);
border-radius: 8px;
padding: 20px;
margin-bottom: 32px;
}
.auth-info-content {
max-width: 100%;
}
.auth-info-section pre {
margin: 0;
font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', 'Consolas', 'source-code-pro', monospace;
}
.auth-info-section code {
font-family: inherit;
font-size: inherit;
}
.auth-info-header {
padding: 4px 0;
}
.auth-info-header:hover {
opacity: 0.8;
}
.auth-info-arrow {
color: var(--text-secondary);
}
.auth-info-body {
animation: slideDown 0.2s ease;
}
@keyframes slideDown {
from {
opacity: 0;
transform: translateY(-10px);
}
to {
opacity: 1;
transform: translateY(0);
}
}
.api-docs-content {
display: grid;
grid-template-columns: 280px 1fr;
gap: 24px;
}
.api-docs-sidebar {
background: var(--bg-secondary);
border-radius: 8px;
padding: 16px;
height: fit-content;
max-height: calc(100vh - 100px);
position: sticky;
top: 24px;
overflow-y: auto;
}
.api-docs-sidebar h3 {
font-size: 0.875rem;
font-weight: 600;
color: var(--text-primary);
margin-bottom: 12px;
text-transform: uppercase;
letter-spacing: 0.5px;
}
.api-group-list {
list-style: none;
padding: 0;
margin: 0;
}
.api-group-item {
margin-bottom: 8px;
}
.api-group-link {
display: block;
padding: 8px 12px;
color: var(--text-secondary);
text-decoration: none;
border-radius: 6px;
font-size: 0.875rem;
transition: all 0.2s ease;
}
.api-group-link:hover {
background: var(--bg-tertiary);
color: var(--accent-color);
}
.api-group-link.active {
background: rgba(0, 102, 255, 0.1);
color: var(--accent-color);
font-weight: 500;
}
.api-docs-main {
background: var(--bg-primary);
}
.api-endpoint {
background: var(--bg-primary);
border: 1px solid var(--border-color);
border-radius: 8px;
margin-bottom: 24px;
overflow: hidden;
transition: all 0.2s ease;
}
.api-endpoint:hover {
box-shadow: var(--shadow-md);
}
.api-endpoint-header {
padding: 20px 24px;
background: var(--bg-secondary);
border-bottom: 1px solid var(--border-color);
display: flex;
align-items: center;
justify-content: space-between;
}
.api-endpoint-title {
display: flex;
align-items: center;
gap: 12px;
flex: 1;
}
.api-method {
display: inline-block;
padding: 4px 12px;
border-radius: 4px;
font-size: 0.75rem;
font-weight: 600;
text-transform: uppercase;
letter-spacing: 0.5px;
}
.api-method.post {
background: #49cc90;
color: white;
}
.api-method.get {
background: #61affe;
color: white;
}
.api-method.put {
background: #fca130;
color: white;
}
.api-method.delete {
background: #f93e3e;
color: white;
}
.api-path {
font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
font-size: 0.9375rem;
color: var(--text-primary);
font-weight: 500;
}
.api-summary {
color: var(--text-secondary);
font-size: 0.875rem;
margin-left: 8px;
}
.api-endpoint-body {
padding: 24px;
}
.api-section {
margin-bottom: 24px;
}
.api-section:last-child {
margin-bottom: 0;
}
.api-section-title {
font-size: 0.875rem;
font-weight: 600;
color: var(--text-primary);
margin-bottom: 12px;
text-transform: uppercase;
letter-spacing: 0.5px;
}
.api-description {
color: var(--text-secondary);
font-size: 0.9375rem;
line-height: 1.6;
margin-bottom: 16px;
}
.api-params-table {
width: 100%;
border-collapse: collapse;
font-size: 0.875rem;
}
.api-params-table th,
.api-params-table td {
padding: 12px;
text-align: left;
border-bottom: 1px solid var(--border-color);
}
.api-params-table th {
background: var(--bg-secondary);
font-weight: 600;
color: var(--text-primary);
}
.api-params-table td {
color: var(--text-secondary);
}
.api-param-name {
font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
color: var(--accent-color);
font-weight: 500;
}
.api-param-type {
color: var(--text-muted);
font-size: 0.8125rem;
}
.api-param-required {
color: var(--error-color);
font-size: 0.75rem;
font-weight: 600;
}
.api-test-section {
margin-top: 24px;
padding-top: 24px;
border-top: 1px solid var(--border-color);
}
.api-test-form {
background: var(--bg-secondary);
border-radius: 8px;
padding: 20px;
}
.api-test-input-group {
margin-bottom: 16px;
}
.api-test-input-group label {
display: block;
font-size: 0.875rem;
font-weight: 500;
color: var(--text-primary);
margin-bottom: 8px;
}
.api-test-input-group input,
.api-test-input-group textarea {
width: 100%;
padding: 10px 12px;
border: 1px solid var(--border-color);
border-radius: 6px;
font-size: 0.875rem;
font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
background: var(--bg-primary);
color: var(--text-primary);
transition: all 0.2s ease;
}
.api-test-input-group input:focus,
.api-test-input-group textarea:focus {
outline: none;
border-color: var(--accent-color);
box-shadow: 0 0 0 3px rgba(0, 102, 255, 0.1);
}
.api-test-input-group textarea {
min-height: 120px;
resize: vertical;
}
.api-test-buttons {
display: flex;
gap: 12px;
margin-top: 20px;
}
.api-test-btn {
padding: 10px 20px;
border: none;
border-radius: 6px;
font-size: 0.875rem;
font-weight: 500;
cursor: pointer;
transition: all 0.2s ease;
display: inline-flex;
align-items: center;
gap: 8px;
}
.api-test-btn.primary {
background: var(--accent-color);
color: white;
}
.api-test-btn.primary:hover {
background: var(--accent-hover);
}
.api-test-btn.secondary {
background: var(--bg-tertiary);
color: var(--text-primary);
border: 1px solid var(--border-color);
}
.api-test-btn.secondary:hover {
background: var(--bg-secondary);
}
.api-test-result {
margin-top: 20px;
padding: 16px;
border-radius: 8px;
font-size: 0.875rem;
font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
white-space: pre-wrap;
word-break: break-all;
max-height: 400px;
overflow-y: auto;
}
.api-test-result.success {
background: #d4edda;
color: #155724;
border: 1px solid #c3e6cb;
}
.api-test-result.error {
background: #f8d7da;
color: #721c24;
border: 1px solid #f5c6cb;
}
.api-test-result.loading {
background: var(--bg-secondary);
color: var(--text-secondary);
border: 1px solid var(--border-color);
}
.api-response-example {
background: var(--bg-secondary);
border-radius: 6px;
padding: 16px;
margin-top: 12px;
font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
font-size: 0.8125rem;
color: var(--text-secondary);
overflow-x: auto;
}
.api-response-example pre {
margin: 0;
white-space: pre-wrap;
word-break: break-all;
}
.api-tag {
display: inline-block;
padding: 4px 8px;
background: var(--bg-tertiary);
color: var(--text-secondary);
border-radius: 4px;
font-size: 0.75rem;
margin-left: 8px;
}
.loading-spinner {
display: inline-block;
width: 16px;
height: 16px;
border: 2px solid rgba(255, 255, 255, 0.3);
border-top-color: white;
border-radius: 50%;
animation: spin 0.6s linear infinite;
}
@keyframes spin {
to { transform: rotate(360deg); }
}
.empty-state {
text-align: center;
padding: 60px 20px;
color: var(--text-secondary);
}
.empty-state svg {
width: 64px;
height: 64px;
margin-bottom: 16px;
opacity: 0.5;
}
.empty-state h3 {
font-size: 1.125rem;
margin-bottom: 8px;
color: var(--text-primary);
}
.empty-state p {
font-size: 0.875rem;
}
</style>
</head>
<body>
<div class="api-docs-container">
<div class="api-docs-header">
<h1>
<svg width="32" height="32" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
<polyline points="14 2 14 8 20 8" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
<line x1="16" y1="13" x2="8" y2="13" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
<line x1="16" y1="17" x2="8" y2="17" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
API 文档
</h1>
<p>CyberStrikeAI 平台 API 接口文档,支持在线测试</p>
</div>
<div id="auth-info-section" class="auth-info-section" style="display: none;">
<div class="auth-info-content">
<div class="auth-info-header" onclick="toggleAuthInfo()" style="display: flex; align-items: center; justify-content: space-between; cursor: pointer; user-select: none;">
<div style="display: flex; align-items: center; gap: 8px;">
<svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
<rect x="3" y="11" width="18" height="11" rx="2" ry="2"/>
<path d="M7 11V7a5 5 0 0 1 10 0v4"/>
</svg>
<h3 style="margin: 0; font-size: 1rem; font-weight: 600; color: var(--text-primary);">API 认证说明</h3>
</div>
<svg id="auth-info-arrow" class="auth-info-arrow" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" style="transition: transform 0.2s ease;">
<polyline points="6 9 12 15 18 9"/>
</svg>
</div>
<div id="auth-info-body" class="auth-info-body" style="display: none; color: var(--text-secondary); font-size: 0.875rem; line-height: 1.6; margin-top: 16px;">
<p style="margin: 0 0 12px 0;"><strong>所有 API 接口都需要 Token 认证。</strong></p>
<div style="background: var(--bg-secondary); padding: 12px; border-radius: 6px; margin-bottom: 12px;">
<p style="margin: 0 0 8px 0; font-weight: 500;">1. 获取 Token</p>
<p style="margin: 0 0 8px 0;">在前端页面登录后,Token 会自动保存。您也可以通过以下方式获取:</p>
<pre style="background: var(--bg-primary); padding: 8px; border-radius: 4px; margin: 8px 0; overflow-x: auto; font-size: 0.8125rem;"><code>POST /api/auth/login
Content-Type: application/json
{
"password": "your_password"
}
响应: {
"token": "eyJhbGc...",
"expires_at": "2026-01-27T...",
"session_duration_hr": 24
}</code></pre>
</div>
<div style="background: var(--bg-secondary); padding: 12px; border-radius: 6px; margin-bottom: 12px;">
<p style="margin: 0 0 8px 0; font-weight: 500;">2. 使用 Token</p>
<p style="margin: 0 0 8px 0;">在请求头中添加 Authorization 字段:</p>
<pre style="background: var(--bg-primary); padding: 8px; border-radius: 4px; margin: 8px 0; overflow-x: auto; font-size: 0.8125rem;"><code>Authorization: Bearer your_token_here</code></pre>
<p style="margin: 8px 0 0 0; font-size: 0.8125rem; color: var(--text-muted);">💡 提示:本页面会自动使用您已登录的 Token,无需手动填写。</p>
</div>
<div id="token-status" style="display: none; background: rgba(0, 102, 255, 0.1); padding: 8px 12px; border-radius: 6px; border-left: 3px solid var(--accent-color);">
<p style="margin: 0; font-size: 0.8125rem; color: var(--accent-color);">
<strong>✓ 已检测到 Token</strong> - 您可以直接测试 API 接口
</p>
</div>
</div>
</div>
</div>
<script>
function toggleAuthInfo() {
const body = document.getElementById('auth-info-body');
const arrow = document.getElementById('auth-info-arrow');
if (body && arrow) {
const isExpanded = body.style.display !== 'none';
body.style.display = isExpanded ? 'none' : 'block';
arrow.style.transform = isExpanded ? 'rotate(0deg)' : 'rotate(180deg)';
}
}
</script>
<div class="api-docs-content">
<div class="api-docs-sidebar">
<h3>API 分组</h3>
<ul class="api-group-list" id="api-group-list">
<li class="api-group-item">
<a href="#" class="api-group-link active" data-group="all">全部接口</a>
</li>
</ul>
</div>
<div class="api-docs-main" id="api-docs-main">
<div class="empty-state">
<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
<circle cx="12" cy="12" r="10"/>
<line x1="12" y1="8" x2="12" y2="12"/>
<line x1="12" y1="16" x2="12.01" y2="16"/>
</svg>
<h3>加载中...</h3>
<p>正在加载 API 文档</p>
</div>
</div>
</div>
</div>
<script src="/static/js/api-docs.js"></script>
</body>
</html>
web/templates/index.html
+3
View File
@@ -36,6 +36,9 @@
<div class="header-right">
<p class="header-subtitle">AI 驱动的自动化安全测试平台</p>
<div class="header-actions">
<button class="openapi-doc-btn" onclick="window.open('/api-docs', '_blank')" title="OpenAPI 文档">
<span>API 文档</span>
</button>
<div class="user-menu-container">
<button class="user-avatar-btn" onclick="toggleUserMenu()" title="用户菜单">
<svg width="20" height="20" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">