优化存储结构

[zy84338719]

No description provided.

[Copilot]

Pull Request Overview

This PR implements a comprehensive storage structure optimization for the FileCodeBox system, transitioning from a database-driven configuration approach to a YAML-first configuration management system. The changes improve maintainability, performance, and user experience.

Key Changes:

• Migration from database key-value configuration to YAML-first configuration management
• Enhanced folder upload functionality with ZIP compression support
• Improved authentication system supporting both session-based JWT and admin credentials
• Optimized frontend UI with better file/folder selection and upload progress tracking

Reviewed Changes

Copilot reviewed 119 out of 125 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
main.go	Restructured application lifecycle with delayed database initialization and dynamic route registration
internal/config/*	Complete overhaul of configuration system from database-driven to YAML-first approach
themes/2025/setup.html	Enhanced setup UI with username/email fields, password confirmation, and local storage configuration
themes/2025/js/upload.js	Added comprehensive folder upload support with JSZip compression
themes/2025/js/dashboard.js	Improved error handling, user authentication flow, and folder upload capabilities
internal/handlers/*	Streamlined request validation using utility functions and improved authentication
internal/services/admin/*	Simplified configuration management with direct struct updates instead of DTO mapping
internal/repository/*	Removed KeyValue DAO and simplified user update methods
internal/models/*	Cleaned up DTO models and consolidated type aliases

[Copilot]

The hidden admin token field with name='password' could cause confusion. Consider either removing this field entirely or using a more descriptive name like name='deprecated_admin_token' to avoid potential conflicts with the actual password field.

Suggested change

	<input type="text" id="adminToken" name="password" class="form-control"
	<input type="text" id="adminToken" name="deprecated_admin_token" class="form-control"

[Copilot]

The error message suggests refreshing the page as a solution, but this may not resolve the JSZip loading issue. Consider a more specific message like '文件夹上传功能需要JSZip库，请检查网络连接或联系管理员' or implement a fallback loading mechanism.

Suggested change

	throw new Error('文件夹上传功能需要加载JSZip库，请刷新页面重试');
	throw new Error('文件夹上传功能需要JSZip库，请检查网络连接或联系管理员');

[Copilot]

The opacity validation only checks op > 0, but valid CSS opacity values range from 0 to 1. An opacity of 0 is valid and should be applied. Change the condition to op >= 0 && op <= 1 to properly handle the full range of valid opacity values.

Suggested change

	if (!isNaN(op) && op > 0) {
	if (!isNaN(op) && op >= 0 && op <= 1) {

[Copilot]

The method signature changed from accepting individual parameters to a single User struct, but there's no validation that the User.ID field is set. Consider adding validation: if user.ID == 0 { return errors.New('user ID is required') } to prevent updating all users accidentally.

Suggested change

	if user.ID == 0 {
	return errors.New("user ID is required")
	}

[Copilot]

The function uses syscall.Statfs which is Unix-specific and will fail on Windows. Consider adding build tags (//go:build !windows) or implementing a Windows-compatible version using appropriate system calls to ensure cross-platform compatibility.

[Copilot]

The delete button now uses file.code instead of file.id. Ensure that the backend DeleteFile method has been updated to accept and handle file codes instead of IDs, as this represents a breaking change in the API contract.

[chatgpt-codex-connector]

Codex Review: Here are some suggestions.

Reply with @codex fix comments to fix any unresolved comments.

About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you open a pull request for review, mark a draft as ready, or comment "@codex review". If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex fix this CI failure" or "@codex address that feedback".

[chatgpt-codex-connector]

[P0] Protect shared limiter map from concurrent access

The new rate limiter stores per‑IP limiters in a plain map and both GetLimiter and the cleanup goroutine mutate that map without any synchronization. Because RateLimit is installed as a Gin middleware, multiple requests will call GetLimiter concurrently and the cleanup goroutine also deletes entries while handlers may read/write. Go maps are not safe for concurrent use, so under concurrent traffic the process can panic with fatal error: concurrent map read and map write, effectively taking down the server.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

[P1] YAML upload/error rate settings never applied

LoadFromYAML only copies nested modules and the three simple fields handled by mergeSimpleFields, but it never transfers the top‑level UploadMinute, UploadCount, ErrorMinute, ErrorCount, or ExpireStyle values read from the YAML file into the live manager. As a result these settings stay at their zero defaults (or whatever was compiled in) regardless of the configuration file, which means administrators cannot change rate limits via config.yaml and the limiter middleware runs with unintended defaults (currently unlimited).

Useful? React with 👍 / 👎.