xiaoxiao-cvs
diff --git a/‎API.md‎
Lines changed: 558 additions & 77 deletions b/‎API.md‎
Lines changed: 558 additions & 77 deletions
diff --git a/‎README.md‎
Lines changed: 12 additions & 3 deletions b/‎README.md‎
Lines changed: 12 additions & 3 deletions
diff --git a/‎pom.xml‎
Lines changed: 1 addition & 1 deletion b/‎pom.xml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/com/xaoxiao/convenientaccess/ConvenientAccessPlugin.java‎
Lines changed: 73 additions & 0 deletions b/‎src/main/java/com/xaoxiao/convenientaccess/ConvenientAccessPlugin.java‎
Lines changed: 73 additions & 0 deletions
diff --git a/‎src/main/java/com/xaoxiao/convenientaccess/api/ApiRouter.java‎
Lines changed: 92 additions & 2 deletions b/‎src/main/java/com/xaoxiao/convenientaccess/api/ApiRouter.java‎
Lines changed: 92 additions & 2 deletions
diff --git a/‎src/main/java/com/xaoxiao/convenientaccess/api/WhitelistApiController.java‎
Lines changed: 30 additions & 36 deletions b/‎src/main/java/com/xaoxiao/convenientaccess/api/WhitelistApiController.java‎
Lines changed: 30 additions & 36 deletions
@@ -46,7 +46,7 @@
 
 ## 安装方法
 
-1. 下载最新版本的 `convenient-access-0.1.0.jar`
+1. 下载最新版本的 `convenient-access-0.5.0.jar`
 2. 将插件文件放入服务器的 `plugins` 目录
 3. 重启服务器或使用 `/reload` 命令
 4. 插件将自动：
@@ -294,7 +294,7 @@ curl -H "X-API-Key: your-api-key" \
 
 ## 开发信息
 
-- **版本**: 0.1.0
+- **版本**: 0.5.0
 - **作者**: xaoxiao
 - **许可证**: MIT
 - **最低 Java 版本**: 17
@@ -340,7 +340,16 @@ curl -H "X-API-Key: your-api-key" \
 
 ## 更新日志
 
-### v0.1.0 (2024-01-01)
+### v0.5.0 (2025-10-02) - WhitelistPlus设计集成
+- 🎯 **重大改进**：基于WhitelistPlus设计理念重构白名单系统
+- ✨ **简化API**：添加白名单现在只需玩家名，UUID可选
+- 🔄 **自动UUID补充**：玩家首次登录时自动补充UUID
+- 📊 **增强统计**：新增UUID待补充状态、来源分解等统计信息
+- 🔧 **批量操作**：支持批量添加和删除操作
+- 📁 **同步系统**：新增UUID更新同步任务类型
+- 🎮 **兼容性**：完美支持离线和正版服务器
+
+### v0.1.0 (2024-01-01) - 初始版本
 - ✅ **完整的白名单管理系统**
   - 数据库设计和CRUD操作
   - 批量操作和高级查询
 
@@ -6,7 +6,7 @@
 
     <groupId>com.xaoxiao</groupId>
     <artifactId>convenient-access</artifactId>
-    <version>0.1.0</version>
+    <version>0.5.0</version>
     <packaging>jar</packaging>
 
     <name>ConvenientAccess</name>
 
@@ -35,6 +35,9 @@ public void onEnable() {
             // 初始化配置管理器
             configManager = new ConfigManager(this);
 
+            // 自动生成管理员密码和API Token（仅首次启动）
+            initializeAuthConfig();
+            
             // 初始化现有组件
             cacheManager = new CacheManager(configManager);
             sparkIntegration = new SparkIntegration(this);
@@ -178,4 +181,74 @@ public void reload() {
             throw new RuntimeException("插件重载失败: " + e.getMessage());
         }
     }
+    
+    /**
+     * 初始化认证配置（自动生成密码和Token）
+     */
+    private void initializeAuthConfig() {
+        boolean configChanged = false;
+        
+        // 检查并生成管理员密码
+        String adminPassword = configManager.getAdminPassword();
+        if (adminPassword == null || adminPassword.trim().isEmpty()) {
+            // 生成12位随机密码
+            String newPassword = generateRandomPassword(12);
+            configManager.setAdminPassword(newPassword);
+            configChanged = true;
+            logger.info("已自动生成管理员密码: {}", newPassword);
+            logger.warn("请妥善保管管理员密码，用于生成注册令牌等管理操作");
+        } else {
+            logger.info("使用配置文件中的管理员密码");
+        }
+        
+        // 检查并生成API Token
+        String apiToken = configManager.getApiToken();
+        if (apiToken == null || apiToken.trim().isEmpty()) {
+            // 生成64位API Token（sk-开头）
+            String newToken = generateApiToken();
+            configManager.setApiToken(newToken);
+            configChanged = true;
+            logger.info("已自动生成API访问令牌: {}", newToken);
+            logger.warn("请妥善保管API令牌，用于API访问认证");
+        } else {
+            logger.info("使用配置文件中的API令牌");
+        }
+        
+        if (configChanged) {
+            logger.info("认证配置已更新并保存到配置文件");
+        }
+    }
+    
+    /**
+     * 生成随机密码
+     */
+    private String generateRandomPassword(int length) {
+        String chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+        StringBuilder sb = new StringBuilder();
+        java.util.Random random = new java.util.Random();
+        
+        for (int i = 0; i < length; i++) {
+            sb.append(chars.charAt(random.nextInt(chars.length())));
+        }
+        
+        return sb.toString();
+    }
+    
+    /**
+     * 生成API Token（sk-开头的64位token）
+     */
+    private String generateApiToken() {
+        String prefix = configManager.getTokenPrefix();
+        String tokenChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+        StringBuilder sb = new StringBuilder(prefix);
+        java.util.Random random = new java.util.Random();
+        
+        // 生成64位token（包含前缀）
+        int tokenLength = 64 - prefix.length();
+        for (int i = 0; i < tokenLength; i++) {
+            sb.append(tokenChars.charAt(random.nextInt(tokenChars.length())));
+        }
+        
+        return sb.toString();
+    }
 }
@@ -5,6 +5,8 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.xaoxiao.convenientaccess.config.ConfigManager;
+
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServlet;
 import jakarta.servlet.http.HttpServletRequest;
@@ -19,10 +21,80 @@ public class ApiRouter extends HttpServlet {
 
     private final WhitelistApiController whitelistController;
     private final UserApiController userController;
+    private final ConfigManager configManager;
 
-    public ApiRouter(WhitelistApiController whitelistController, UserApiController userController) {
+    public ApiRouter(WhitelistApiController whitelistController, UserApiController userController, ConfigManager configManager) {
         this.whitelistController = whitelistController;
         this.userController = userController;
+        this.configManager = configManager;
+    }
+    
+    /**
+     * 验证API请求的认证
+     */
+    private boolean isAuthenticated(HttpServletRequest request, String path) {
+        // 如果认证被禁用，直接通过
+        if (!configManager.isAuthEnabled()) {
+            return true;
+        }
+        
+        // 公开的端点不需要认证
+        if (isPublicEndpoint(path)) {
+            return true;
+        }
+        
+        // 检查API Token
+        String apiKey = request.getHeader("X-API-Key");
+        if (apiKey == null) {
+            apiKey = request.getHeader("Authorization");
+            if (apiKey != null && apiKey.startsWith("Bearer ")) {
+                apiKey = apiKey.substring(7);
+            }
+        }
+        
+        if (apiKey != null) {
+            String validToken = configManager.getApiToken();
+            if (validToken != null && validToken.equals(apiKey)) {
+                return true;
+            }
+        }
+        
+        // 对于管理员端点，检查管理员密码
+        if (isAdminEndpoint(path)) {
+            String adminPassword = request.getHeader("X-Admin-Password");
+            if (adminPassword != null) {
+                String validPassword = configManager.getAdminPassword();
+                return validPassword != null && validPassword.equals(adminPassword);
+            }
+        }
+        
+        return false;
+    }
+    
+    /**
+     * 判断是否为公开端点（不需要认证）
+     */
+    private boolean isPublicEndpoint(String path) {
+        return path.equals("/api/v1/register") || 
+               path.equals("/api/v1/admin/generate-token");
+    }
+    
+    /**
+     * 判断是否为管理员端点
+     */
+    private boolean isAdminEndpoint(String path) {
+        return path.startsWith("/api/v1/admin/");
+    }
+    
+    /**
+     * 发送认证失败响应
+     */
+    private void sendAuthFailedResponse(HttpServletResponse response) throws IOException {
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        response.setContentType("application/json");
+        response.setCharacterEncoding("UTF-8");
+        response.getWriter().write("{\"success\":false,\"error\":\"Unauthorized: Invalid API key or admin password\"}");
+        response.getWriter().flush();
     }
 
     @Override
@@ -51,6 +123,12 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
 
         logger.debug("GET request to: {}", path);
 
+        // 检查认证
+        if (!isAuthenticated(request, path)) {
+            sendAuthFailedResponse(response);
+            return;
+        }
+        
         try {
             // 白名单相关路由
             if (path.startsWith("/api/v1/whitelist")) {
@@ -83,6 +161,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
 
         logger.debug("POST request to: {}", path);
 
+        // 检查认证
+        if (!isAuthenticated(request, path)) {
+            sendAuthFailedResponse(response);
+            return;
+        }
+        
         try {
             // 白名单相关路由
              if (path.startsWith("/api/v1/whitelist")) {
@@ -124,6 +208,12 @@ protected void doDelete(HttpServletRequest request, HttpServletResponse response
 
         logger.debug("DELETE request to: {}", path);
 
+        // 检查认证
+        if (!isAuthenticated(request, path)) {
+            sendAuthFailedResponse(response);
+            return;
+        }
+        
         try {
              // 白名单删除路由
              if (path.startsWith("/api/v1/whitelist/")) {
@@ -145,7 +235,7 @@ protected void doOptions(HttpServletRequest request, HttpServletResponse respons
         // 设置CORS头
         response.setHeader("Access-Control-Allow-Origin", "*");
         response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
-        response.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Admin-Password");
+        response.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-API-Key, X-Admin-Password");
         response.setHeader("Access-Control-Max-Age", "3600");
         response.setStatus(HttpServletResponse.SC_OK);
     }
 
@@ -1,5 +1,15 @@
 package com.xaoxiao.convenientaccess.api;
 
+import java.io.IOException;
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.CompletableFuture;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 import com.google.gson.JsonArray;
@@ -10,23 +20,13 @@
 import com.google.gson.stream.JsonWriter;
 import com.xaoxiao.convenientaccess.sync.SyncTask;
 import com.xaoxiao.convenientaccess.sync.SyncTaskManager;
-import com.xaoxiao.convenientaccess.whitelist.BatchOperation;
 import com.xaoxiao.convenientaccess.utils.UuidUtils;
+import com.xaoxiao.convenientaccess.whitelist.BatchOperation;
 import com.xaoxiao.convenientaccess.whitelist.WhitelistEntry;
 import com.xaoxiao.convenientaccess.whitelist.WhitelistManager;
-import com.xaoxiao.convenientaccess.whitelist.WhitelistStats;
+
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.IOException;
-import java.time.LocalDateTime;
-import java.time.format.DateTimeFormatter;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Optional;
-import java.util.concurrent.CompletableFuture;
 
 /**
  * 白名单API控制器
@@ -113,16 +113,15 @@ public void handleAddPlayer(HttpServletRequest request, HttpServletResponse resp
             String requestBody = readRequestBody(request);
             JsonObject json = JsonParser.parseString(requestBody).getAsJsonObject();
 
-            // 参数验证 - 要求name、added_by_name、added_by_uuid、source，uuid变为可选
-            if (!json.has("name") || !json.has("added_by_name") || !json.has("added_by_uuid") || !json.has("source")) {
-                sendJsonResponse(response, 400, ApiResponse.badRequest("缺少必需参数: name, added_by_name, added_by_uuid, source"));
+            // 参数验证 - 只需要name、source，其他为可选
+            if (!json.has("name") || !json.has("source")) {
+                sendJsonResponse(response, 400, ApiResponse.badRequest("缺少必需参数: name, source"));
                 return;
             }
 
             String name = json.get("name").getAsString();
-            String providedUuid = json.has("uuid") ? json.get("uuid").getAsString() : null;
-            String addedByName = json.get("added_by_name").getAsString();
-            String addedByUuid = json.get("added_by_uuid").getAsString();
+            String addedByName = json.has("added_by_name") ? json.get("added_by_name").getAsString() : "API";
+            String addedByUuid = json.has("added_by_uuid") ? json.get("added_by_uuid").getAsString() : "00000000-0000-0000-0000-000000000000";
             String sourceStr = json.get("source").getAsString();
 
             // 处理时间戳 - 如果前端提供则使用，否则使用当前时间
@@ -145,15 +144,6 @@ public void handleAddPlayer(HttpServletRequest request, HttpServletResponse resp
                 return;
             }
 
-            // 生成或验证UUID
-            String uuid;
-            try {
-                uuid = UuidUtils.getOrGenerateUuid(name, providedUuid);
-            } catch (IllegalArgumentException e) {
-                sendJsonResponse(response, 400, ApiResponse.badRequest("玩家名不能为空"));
-                return;
-            }
-            
             WhitelistEntry.Source source;
             try {
                 source = WhitelistEntry.Source.fromString(sourceStr);
@@ -162,26 +152,30 @@ public void handleAddPlayer(HttpServletRequest request, HttpServletResponse resp
                 return;
             }
 
-            // 添加玩家
-            whitelistManager.addPlayer(name, uuid, addedByName, addedByUuid, source, addedAt)
-                .thenAccept(success -> {
+            // 新逻辑：只使用玩家名添加到白名单，UUID留空等玩家登录时补充
+            logger.info("添加玩家到白名单（仅用户名）: {}", name);
+            
+            CompletableFuture<Boolean> addFuture = whitelistManager.addPlayerByNameOnly(name, addedByName, addedByUuid, source, addedAt);
+            
+            // 处理添加结果
+            addFuture.thenAccept(success -> {
                     if (success) {
-                        // 创建同步任务
-                        syncTaskManager.scheduleAddPlayer(uuid, name);
+                        // 创建同步任务（使用玩家名）
+                        syncTaskManager.scheduleAddPlayer(null, name);
 
                         JsonObject result = new JsonObject();
-                        result.addProperty("uuid", uuid);
                         result.addProperty("name", name);
                         result.addProperty("added", true);
-                        result.addProperty("uuid_generated", providedUuid == null || providedUuid.trim().isEmpty());
+                        result.addProperty("uuid_pending", true); // 表示UUID将在玩家登录时补充
+                        result.addProperty("message", "玩家已添加到白名单，UUID将在首次登录时自动补充");
 
                         sendJsonResponse(response, 201, ApiResponse.success(result, "玩家添加成功"));
                     } else {
-                        sendJsonResponse(response, 400, ApiResponse.badRequest("添加玩家失败，可能已存在"));
+                        sendJsonResponse(response, 409, ApiResponse.error("玩家已在白名单中或添加失败"));
                     }
                 })
                 .exceptionally(throwable -> {
-                    logger.error("添加玩家失败: {} ({})", name, uuid, throwable);
+                    logger.error("添加玩家失败: {}", name, throwable);
                     sendJsonResponse(response, 500, ApiResponse.error("添加玩家失败"));
                     return null;
                 })