管理员也支持AccessKey，Rest API增加所有的服务

2026-02-22 04:45:37 +08:00 · 2021-06-20 19:22:24 +08:00
parent a1c141010f
commit f67ddad2a8
12 changed files with 617 additions and 113 deletions
--- a/internal/db/models/api_access_token_dao.go
+++ b/internal/db/models/api_access_token_dao.go
@@ -1,6 +1,7 @@
 package models

 import (
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
@@ -29,10 +30,23 @@ func init() {
 	})
 }

-// 生成AccessToken
-func (this *APIAccessTokenDAO) GenerateAccessToken(tx *dbs.Tx, userId int64) (token string, expiresAt int64, err error) {
+// GenerateAccessToken 生成AccessToken
+func (this *APIAccessTokenDAO) GenerateAccessToken(tx *dbs.Tx, adminId int64, userId int64) (token string, expiresAt int64, err error) {
+	if adminId <= 0 && userId <= 0 {
+		err = errors.New("either 'adminId' or 'userId' should not be zero")
+		return
+	}
+
+	if adminId > 0 {
+		userId = 0
+	}
+	if userId > 0 {
+		adminId = 0
+	}
+
 	// 查询以前的
 	accessToken, err := this.Query(tx).
+		Attr("adminId", adminId).
 		Attr("userId", userId).
 		Find()
 	if err != nil {
@@ -48,6 +62,7 @@ func (this *APIAccessTokenDAO) GenerateAccessToken(tx *dbs.Tx, userId int64) (to
 		op.Id = accessToken.(*APIAccessToken).Id
 	}

+	op.AdminId = adminId
 	op.UserId = userId
 	op.Token = token
 	op.CreatedAt = time.Now().Unix()
@@ -56,7 +71,7 @@ func (this *APIAccessTokenDAO) GenerateAccessToken(tx *dbs.Tx, userId int64) (to
 	return
 }

-// 查找AccessToken
+// FindAccessToken 查找AccessToken
 func (this *APIAccessTokenDAO) FindAccessToken(tx *dbs.Tx, token string) (*APIAccessToken, error) {
 	one, err := this.Query(tx).
 		Attr("token", token).
--- a/internal/db/models/api_access_token_model.go
+++ b/internal/db/models/api_access_token_model.go
@@ -1,9 +1,10 @@
 package models

-// API访问令牌
+// APIAccessToken API访问令牌
 type APIAccessToken struct {
 	Id        uint64 `field:"id"`        // ID
 	UserId    uint32 `field:"userId"`    // 用户ID
+	AdminId   uint32 `field:"adminId"`   // 管理员ID
 	Token     string `field:"token"`     // 令牌
 	CreatedAt uint64 `field:"createdAt"` // 创建时间
 	ExpiredAt uint64 `field:"expiredAt"` // 过期时间
@@ -12,6 +13,7 @@ type APIAccessToken struct {
 type APIAccessTokenOperator struct {
 	Id        interface{} // ID
 	UserId    interface{} // 用户ID
+	AdminId   interface{} // 管理员ID
 	Token     interface{} // 令牌
 	CreatedAt interface{} // 创建时间
 	ExpiredAt interface{} // 过期时间
--- a/internal/db/models/dns/dns_task_dao_test.go
+++ b/internal/db/models/dns/dns_task_dao_test.go
@@ -9,7 +9,7 @@ import (

 func TestDNSTaskDAO_CreateDNSTask(t *testing.T) {
 	dbs.NotifyReady()
-	err := SharedDNSTaskDAO.CreateDNSTask(nil, 1, 2, 3, "taskType")
+	err := SharedDNSTaskDAO.CreateDNSTask(nil, 1, 2, 3, 0, "taskType")
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/internal/db/models/user_access_key_dao.go
+++ b/internal/db/models/user_access_key_dao.go
@@ -66,11 +66,12 @@ func (this *UserAccessKeyDAO) FindEnabledUserAccessKey(tx *dbs.Tx, id int64) (*U
 }

 // CreateAccessKey 创建Key
-func (this *UserAccessKeyDAO) CreateAccessKey(tx *dbs.Tx, userId int64, description string) (int64, error) {
-	if userId <= 0 {
-		return 0, errors.New("invalid userId")
+func (this *UserAccessKeyDAO) CreateAccessKey(tx *dbs.Tx, adminId int64, userId int64, description string) (int64, error) {
+	if adminId <= 0 && userId <= 0 {
+		return 0, errors.New("invalid adminId or userId")
 	}
 	op := NewUserAccessKeyOperator()
+	op.AdminId = adminId
 	op.UserId = userId
 	op.Description = description
 	op.UniqueId = rands.String(16)
@@ -81,8 +82,9 @@ func (this *UserAccessKeyDAO) CreateAccessKey(tx *dbs.Tx, userId int64, descript
 }

 // FindAllEnabledAccessKeys 查找用户所有的Key
-func (this *UserAccessKeyDAO) FindAllEnabledAccessKeys(tx *dbs.Tx, userId int64) (result []*UserAccessKey, err error) {
+func (this *UserAccessKeyDAO) FindAllEnabledAccessKeys(tx *dbs.Tx, adminId int64, userId int64) (result []*UserAccessKey, err error) {
 	_, err = this.Query(tx).
+		Attr("adminId", adminId).
 		Attr("userId", userId).
 		State(UserAccessKeyStateEnabled).
 		DescPk().
@@ -92,10 +94,11 @@ func (this *UserAccessKeyDAO) FindAllEnabledAccessKeys(tx *dbs.Tx, userId int64)
 }

 // CheckUserAccessKey 检查用户的AccessKey
-func (this *UserAccessKeyDAO) CheckUserAccessKey(tx *dbs.Tx, userId int64, accessKeyId int64) (bool, error) {
+func (this *UserAccessKeyDAO) CheckUserAccessKey(tx *dbs.Tx, adminId int64, userId int64, accessKeyId int64) (bool, error) {
 	return this.Query(tx).
 		Pk(accessKeyId).
 		State(UserAccessKeyStateEnabled).
+		Attr("adminId", adminId).
 		Attr("userId", userId).
 		Exist()
 }
@@ -133,3 +136,12 @@ func (this *UserAccessKeyDAO) UpdateAccessKeyAccessedAt(tx *dbs.Tx, accessKeyId
 		Set("accessedAt", time.Now().Unix()).
 		UpdateQuickly()
 }
+
+// CountAllEnabledAccessKeys 计算可用AccessKey数量
+func (this *UserAccessKeyDAO) CountAllEnabledAccessKeys(tx *dbs.Tx, adminId int64, userId int64) (int64, error) {
+	return this.Query(tx).
+		Attr("adminId", adminId).
+		Attr("userId", userId).
+		State(UserAccessKeyStateEnabled).
+		Count()
+}
--- a/internal/db/models/user_access_key_model.go
+++ b/internal/db/models/user_access_key_model.go
@@ -3,6 +3,7 @@ package models
 // UserAccessKey AccessKey
 type UserAccessKey struct {
 	Id          uint32 `field:"id"`          // ID
+	AdminId     uint32 `field:"adminId"`     // 管理员ID
 	UserId      uint32 `field:"userId"`      // 用户ID
 	SubUserId   uint32 `field:"subUserId"`   // 子用户ID
 	IsOn        uint8  `field:"isOn"`        // 是否启用
@@ -15,6 +16,7 @@ type UserAccessKey struct {

 type UserAccessKeyOperator struct {
 	Id          interface{} // ID
+	AdminId     interface{} // 管理员ID
 	UserId      interface{} // 用户ID
 	SubUserId   interface{} // 子用户ID
 	IsOn        interface{} // 是否启用
--- a/internal/nodes/api_node.go
+++ b/internal/nodes/api_node.go
@@ -27,16 +27,21 @@ import (
 	"os/exec"
 	"regexp"
 	"strconv"
+	"sync"
 	"time"
 )

 var sharedAPIConfig *configs.APIConfig = nil

 type APINode struct {
+	serviceInstanceMap    map[string]interface{}
+	serviceInstanceLocker sync.Mutex
 }

 func NewAPINode() *APINode {
-	return &APINode{}
+	return &APINode{
+		serviceInstanceMap: map[string]interface{}{},
+	}
 }

 func (this *APINode) Start() {
--- a/internal/nodes/api_node_services.go
+++ b/internal/nodes/api_node_services.go
@@ -7,94 +7,483 @@ import (
 	"github.com/TeaOSLab/EdgeAPI/internal/rpc/services/nameservers"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"google.golang.org/grpc"
+	"reflect"
+	"strings"
 )

 // 注册服务
 func (this *APINode) registerServices(server *grpc.Server) {
-	pb.RegisterAdminServiceServer(server, &services.AdminService{})
-	pb.RegisterNodeGrantServiceServer(server, &services.NodeGrantService{})
-	pb.RegisterServerServiceServer(server, &services.ServerService{})
-	pb.RegisterNodeServiceServer(server, &services.NodeService{})
-	pb.RegisterNodeClusterServiceServer(server, &services.NodeClusterService{})
-	pb.RegisterNodeIPAddressServiceServer(server, &services.NodeIPAddressService{})
-	pb.RegisterAPINodeServiceServer(server, &services.APINodeService{})
-	pb.RegisterOriginServiceServer(server, &services.OriginService{})
-	pb.RegisterHTTPWebServiceServer(server, &services.HTTPWebService{})
-	pb.RegisterReverseProxyServiceServer(server, &services.ReverseProxyService{})
-	pb.RegisterHTTPGzipServiceServer(server, &services.HTTPGzipService{})
-	pb.RegisterHTTPHeaderPolicyServiceServer(server, &services.HTTPHeaderPolicyService{})
-	pb.RegisterHTTPHeaderServiceServer(server, &services.HTTPHeaderService{})
-	pb.RegisterHTTPPageServiceServer(server, &services.HTTPPageService{})
-	pb.RegisterHTTPAccessLogPolicyServiceServer(server, &services.HTTPAccessLogPolicyService{})
-	pb.RegisterHTTPCachePolicyServiceServer(server, &services.HTTPCachePolicyService{})
-	pb.RegisterHTTPFirewallPolicyServiceServer(server, &services.HTTPFirewallPolicyService{})
-	pb.RegisterHTTPLocationServiceServer(server, &services.HTTPLocationService{})
-	pb.RegisterHTTPWebsocketServiceServer(server, &services.HTTPWebsocketService{})
-	pb.RegisterHTTPRewriteRuleServiceServer(server, &services.HTTPRewriteRuleService{})
-	pb.RegisterSSLCertServiceServer(server, &services.SSLCertService{})
-	pb.RegisterSSLPolicyServiceServer(server, &services.SSLPolicyService{})
-	pb.RegisterSysSettingServiceServer(server, &services.SysSettingService{})
-	pb.RegisterHTTPFirewallRuleGroupServiceServer(server, &services.HTTPFirewallRuleGroupService{})
-	pb.RegisterHTTPFirewallRuleSetServiceServer(server, &services.HTTPFirewallRuleSetService{})
-	pb.RegisterDBNodeServiceServer(server, &services.DBNodeService{})
-	pb.RegisterNodeLogServiceServer(server, &services.NodeLogService{})
-	pb.RegisterHTTPAccessLogServiceServer(server, &services.HTTPAccessLogService{})
-	pb.RegisterMessageServiceServer(server, &services.MessageService{})
-	pb.RegisterMessageRecipientServiceServer(server, &services.MessageRecipientService{})
-	pb.RegisterMessageReceiverServiceServer(server, &services.MessageReceiverService{})
-	pb.RegisterMessageMediaServiceServer(server, &services.MessageMediaService{})
-	pb.RegisterMessageRecipientGroupServiceServer(server, &services.MessageRecipientGroupService{})
-	pb.RegisterMessageMediaInstanceServiceServer(server, &services.MessageMediaInstanceService{})
-	pb.RegisterMessageTaskServiceServer(server, &services.MessageTaskService{})
-	pb.RegisterMessageTaskLogServiceServer(server, &services.MessageTaskLogService{})
-	pb.RegisterNodeGroupServiceServer(server, &services.NodeGroupService{})
-	pb.RegisterNodeRegionServiceServer(server, &services.NodeRegionService{})
-	pb.RegisterNodePriceItemServiceServer(server, &services.NodePriceItemService{})
-	pb.RegisterServerGroupServiceServer(server, &services.ServerGroupService{})
-	pb.RegisterIPLibraryServiceServer(server, &services.IPLibraryService{})
-	pb.RegisterFileChunkServiceServer(server, &services.FileChunkService{})
-	pb.RegisterFileServiceServer(server, &services.FileService{})
-	pb.RegisterRegionCountryServiceServer(server, &services.RegionCountryService{})
-	pb.RegisterRegionProvinceServiceServer(server, &services.RegionProvinceService{})
-	pb.RegisterIPListServiceServer(server, &services.IPListService{})
-	pb.RegisterIPItemServiceServer(server, &services.IPItemService{})
-	pb.RegisterLogServiceServer(server, &services.LogService{})
-	pb.RegisterDNSProviderServiceServer(server, &services.DNSProviderService{})
-	pb.RegisterDNSDomainServiceServer(server, &services.DNSDomainService{})
-	pb.RegisterDNSServiceServer(server, &services.DNSService{})
-	pb.RegisterACMEUserServiceServer(server, &services.ACMEUserService{})
-	pb.RegisterACMETaskServiceServer(server, &services.ACMETaskService{})
-	pb.RegisterACMEAuthenticationServiceServer(server, &services.ACMEAuthenticationService{})
-	pb.RegisterUserServiceServer(server, &services.UserService{})
-	pb.RegisterServerDailyStatServiceServer(server, &services.ServerDailyStatService{})
-	pb.RegisterUserBillServiceServer(server, &services.UserBillService{})
-	pb.RegisterUserNodeServiceServer(server, &services.UserNodeService{})
-	pb.RegisterLoginServiceServer(server, &services.LoginService{})
-	pb.RegisterUserAccessKeyServiceServer(server, &services.UserAccessKeyService{})
-	pb.RegisterSysLockerServiceServer(server, &services.SysLockerService{})
-	pb.RegisterNodeTaskServiceServer(server, &services.NodeTaskService{})
-	pb.RegisterNodeValueServiceServer(server, &services.NodeValueService{})
-	pb.RegisterDBServiceServer(server, &services.DBService{})
-	pb.RegisterServerRegionCityMonthlyStatServiceServer(server, &services.ServerRegionCityMonthlyStatService{})
-	pb.RegisterServerRegionCountryMonthlyStatServiceServer(server, &services.ServerRegionCountryMonthlyStatService{})
-	pb.RegisterServerRegionProvinceMonthlyStatServiceServer(server, &services.ServerRegionProvinceMonthlyStatService{})
-	pb.RegisterServerRegionProviderMonthlyStatServiceServer(server, &services.ServerRegionProviderMonthlyStatService{})
-	pb.RegisterServerClientSystemMonthlyStatServiceServer(server, &services.ServerClientSystemMonthlyStatService{})
-	pb.RegisterServerClientBrowserMonthlyStatServiceServer(server, &services.ServerClientBrowserMonthlyStatService{})
-	pb.RegisterServerHTTPFirewallDailyStatServiceServer(server, &services.ServerHTTPFirewallDailyStatService{})
-	pb.RegisterDNSTaskServiceServer(server, &services.DNSTaskService{})
-	pb.RegisterNodeClusterFirewallActionServiceServer(server, &services.NodeClusterFirewallActionService{})
-	pb.RegisterMonitorNodeServiceServer(server, &services.MonitorNodeService{})
-	pb.RegisterAuthorityKeyServiceServer(server, &services.AuthorityKeyService{})
-	pb.RegisterAuthorityNodeServiceServer(server, &services.AuthorityNodeService{})
-	pb.RegisterLatestItemServiceServer(server, &services.LatestItemService{})
-	pb.RegisterNodeThresholdServiceServer(server, &services.NodeThresholdService{})
-	pb.RegisterHTTPFastcgiServiceServer(server, &services.HTTPFastcgiService{})
-	pb.RegisterNSClusterServiceServer(server, &nameservers.NSClusterService{})
-	pb.RegisterNSNodeServiceServer(server, &nameservers.NSNodeService{})
-	pb.RegisterNSDomainServiceServer(server, &nameservers.NSDomainService{})
-	pb.RegisterNSRecordServiceServer(server, &nameservers.NSRecordService{})
-	pb.RegisterNSRouteServiceServer(server, &nameservers.NSRouteService{})
-	pb.RegisterNSAccessLogServiceServer(server, &nameservers.NSAccessLogService{})
-	pb.RegisterHTTPAuthPolicyServiceServer(server, &services.HTTPAuthPolicyService{})
+	{
+		instance := this.serviceInstance(&services.AdminService{}).(*services.AdminService)
+		pb.RegisterAdminServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.NodeGrantService{}).(*services.NodeGrantService)
+		pb.RegisterNodeGrantServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.ServerService{}).(*services.ServerService)
+		pb.RegisterServerServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.NodeService{}).(*services.NodeService)
+		pb.RegisterNodeServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.NodeClusterService{}).(*services.NodeClusterService)
+		pb.RegisterNodeClusterServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.NodeIPAddressService{}).(*services.NodeIPAddressService)
+		pb.RegisterNodeIPAddressServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.APINodeService{}).(*services.APINodeService)
+		pb.RegisterAPINodeServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.OriginService{}).(*services.OriginService)
+		pb.RegisterOriginServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.HTTPWebService{}).(*services.HTTPWebService)
+		pb.RegisterHTTPWebServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.ReverseProxyService{}).(*services.ReverseProxyService)
+		pb.RegisterReverseProxyServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.HTTPGzipService{}).(*services.HTTPGzipService)
+		pb.RegisterHTTPGzipServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.HTTPHeaderPolicyService{}).(*services.HTTPHeaderPolicyService)
+		pb.RegisterHTTPHeaderPolicyServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.HTTPHeaderService{}).(*services.HTTPHeaderService)
+		pb.RegisterHTTPHeaderServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.HTTPPageService{}).(*services.HTTPPageService)
+		pb.RegisterHTTPPageServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.HTTPAccessLogPolicyService{}).(*services.HTTPAccessLogPolicyService)
+		pb.RegisterHTTPAccessLogPolicyServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.HTTPCachePolicyService{}).(*services.HTTPCachePolicyService)
+		pb.RegisterHTTPCachePolicyServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.HTTPFirewallPolicyService{}).(*services.HTTPFirewallPolicyService)
+		pb.RegisterHTTPFirewallPolicyServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.HTTPLocationService{}).(*services.HTTPLocationService)
+		pb.RegisterHTTPLocationServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.HTTPWebsocketService{}).(*services.HTTPWebsocketService)
+		pb.RegisterHTTPWebsocketServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.HTTPRewriteRuleService{}).(*services.HTTPRewriteRuleService)
+		pb.RegisterHTTPRewriteRuleServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.SSLCertService{}).(*services.SSLCertService)
+		pb.RegisterSSLCertServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.SSLPolicyService{}).(*services.SSLPolicyService)
+		pb.RegisterSSLPolicyServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.SysSettingService{}).(*services.SysSettingService)
+		pb.RegisterSysSettingServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.HTTPFirewallRuleGroupService{}).(*services.HTTPFirewallRuleGroupService)
+		pb.RegisterHTTPFirewallRuleGroupServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.HTTPFirewallRuleSetService{}).(*services.HTTPFirewallRuleSetService)
+		pb.RegisterHTTPFirewallRuleSetServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.DBNodeService{}).(*services.DBNodeService)
+		pb.RegisterDBNodeServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.NodeLogService{}).(*services.NodeLogService)
+		pb.RegisterNodeLogServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.HTTPAccessLogService{}).(*services.HTTPAccessLogService)
+		pb.RegisterHTTPAccessLogServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.MessageService{}).(*services.MessageService)
+		pb.RegisterMessageServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.MessageRecipientService{}).(*services.MessageRecipientService)
+		pb.RegisterMessageRecipientServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.MessageReceiverService{}).(*services.MessageReceiverService)
+		pb.RegisterMessageReceiverServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.MessageMediaService{}).(*services.MessageMediaService)
+		pb.RegisterMessageMediaServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.MessageRecipientGroupService{}).(*services.MessageRecipientGroupService)
+		pb.RegisterMessageRecipientGroupServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.MessageMediaInstanceService{}).(*services.MessageMediaInstanceService)
+		pb.RegisterMessageMediaInstanceServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.MessageTaskService{}).(*services.MessageTaskService)
+		pb.RegisterMessageTaskServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.MessageTaskLogService{}).(*services.MessageTaskLogService)
+		pb.RegisterMessageTaskLogServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.NodeGroupService{}).(*services.NodeGroupService)
+		pb.RegisterNodeGroupServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.NodeRegionService{}).(*services.NodeRegionService)
+		pb.RegisterNodeRegionServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.NodePriceItemService{}).(*services.NodePriceItemService)
+		pb.RegisterNodePriceItemServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.ServerGroupService{}).(*services.ServerGroupService)
+		pb.RegisterServerGroupServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.IPLibraryService{}).(*services.IPLibraryService)
+		pb.RegisterIPLibraryServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.FileChunkService{}).(*services.FileChunkService)
+		pb.RegisterFileChunkServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.FileService{}).(*services.FileService)
+		pb.RegisterFileServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.RegionCountryService{}).(*services.RegionCountryService)
+		pb.RegisterRegionCountryServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.RegionProvinceService{}).(*services.RegionProvinceService)
+		pb.RegisterRegionProvinceServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.IPListService{}).(*services.IPListService)
+		pb.RegisterIPListServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.IPItemService{}).(*services.IPItemService)
+		pb.RegisterIPItemServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.LogService{}).(*services.LogService)
+		pb.RegisterLogServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.DNSProviderService{}).(*services.DNSProviderService)
+		pb.RegisterDNSProviderServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.DNSDomainService{}).(*services.DNSDomainService)
+		pb.RegisterDNSDomainServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.DNSService{}).(*services.DNSService)
+		pb.RegisterDNSServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.ACMEUserService{}).(*services.ACMEUserService)
+		pb.RegisterACMEUserServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.ACMETaskService{}).(*services.ACMETaskService)
+		pb.RegisterACMETaskServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.ACMEAuthenticationService{}).(*services.ACMEAuthenticationService)
+		pb.RegisterACMEAuthenticationServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.UserService{}).(*services.UserService)
+		pb.RegisterUserServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.ServerDailyStatService{}).(*services.ServerDailyStatService)
+		pb.RegisterServerDailyStatServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.UserBillService{}).(*services.UserBillService)
+		pb.RegisterUserBillServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.UserNodeService{}).(*services.UserNodeService)
+		pb.RegisterUserNodeServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.LoginService{}).(*services.LoginService)
+		pb.RegisterLoginServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.UserAccessKeyService{}).(*services.UserAccessKeyService)
+		pb.RegisterUserAccessKeyServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.SysLockerService{}).(*services.SysLockerService)
+		pb.RegisterSysLockerServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.NodeTaskService{}).(*services.NodeTaskService)
+		pb.RegisterNodeTaskServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.NodeValueService{}).(*services.NodeValueService)
+		pb.RegisterNodeValueServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.DBService{}).(*services.DBService)
+		pb.RegisterDBServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.ServerRegionCityMonthlyStatService{}).(*services.ServerRegionCityMonthlyStatService)
+		pb.RegisterServerRegionCityMonthlyStatServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.ServerRegionCountryMonthlyStatService{}).(*services.ServerRegionCountryMonthlyStatService)
+		pb.RegisterServerRegionCountryMonthlyStatServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.ServerRegionProvinceMonthlyStatService{}).(*services.ServerRegionProvinceMonthlyStatService)
+		pb.RegisterServerRegionProvinceMonthlyStatServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.ServerRegionProviderMonthlyStatService{}).(*services.ServerRegionProviderMonthlyStatService)
+		pb.RegisterServerRegionProviderMonthlyStatServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.ServerClientSystemMonthlyStatService{}).(*services.ServerClientSystemMonthlyStatService)
+		pb.RegisterServerClientSystemMonthlyStatServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.ServerClientBrowserMonthlyStatService{}).(*services.ServerClientBrowserMonthlyStatService)
+		pb.RegisterServerClientBrowserMonthlyStatServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.ServerHTTPFirewallDailyStatService{}).(*services.ServerHTTPFirewallDailyStatService)
+		pb.RegisterServerHTTPFirewallDailyStatServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.DNSTaskService{}).(*services.DNSTaskService)
+		pb.RegisterDNSTaskServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.NodeClusterFirewallActionService{}).(*services.NodeClusterFirewallActionService)
+		pb.RegisterNodeClusterFirewallActionServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.MonitorNodeService{}).(*services.MonitorNodeService)
+		pb.RegisterMonitorNodeServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.AuthorityKeyService{}).(*services.AuthorityKeyService)
+		pb.RegisterAuthorityKeyServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.AuthorityNodeService{}).(*services.AuthorityNodeService)
+		pb.RegisterAuthorityNodeServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.LatestItemService{}).(*services.LatestItemService)
+		pb.RegisterLatestItemServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.NodeThresholdService{}).(*services.NodeThresholdService)
+		pb.RegisterNodeThresholdServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.HTTPFastcgiService{}).(*services.HTTPFastcgiService)
+		pb.RegisterHTTPFastcgiServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&nameservers.NSClusterService{}).(*nameservers.NSClusterService)
+		pb.RegisterNSClusterServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&nameservers.NSNodeService{}).(*nameservers.NSNodeService)
+		pb.RegisterNSNodeServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&nameservers.NSDomainService{}).(*nameservers.NSDomainService)
+		pb.RegisterNSDomainServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&nameservers.NSRecordService{}).(*nameservers.NSRecordService)
+		pb.RegisterNSRecordServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&nameservers.NSRouteService{}).(*nameservers.NSRouteService)
+		pb.RegisterNSRouteServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&nameservers.NSAccessLogService{}).(*nameservers.NSAccessLogService)
+		pb.RegisterNSAccessLogServiceServer(server, instance)
+		this.rest(instance)
+	}
+	{
+		instance := this.serviceInstance(&services.HTTPAuthPolicyService{}).(*services.HTTPAuthPolicyService)
+		pb.RegisterHTTPAuthPolicyServiceServer(server, instance)
+		this.rest(instance)
+	}
+
+	// TODO check service names
+	for serviceName := range server.GetServiceInfo() {
+		index := strings.LastIndex(serviceName, ".")
+		if index >= 0 {
+			serviceName = serviceName[index+1:]
+		}
+		_, ok := restServicesMap[serviceName]
+		if !ok {
+			panic("can not find service '" + serviceName + "' in rest")
+		}
+	}
+}
+
+func (this *APINode) rest(instance interface{}) {
+	this.serviceInstanceLocker.Lock()
+	defer this.serviceInstanceLocker.Unlock()
+
+	var name = reflect.TypeOf(instance).String()
+	index := strings.LastIndex(name, ".")
+	if index >= 0 {
+		name = name[index+1:]
+	}
+
+	_, ok := restServicesMap[name]
+	if ok {
+		return
+	}
+	restServicesMap[name] = reflect.ValueOf(instance)
+}
+
+func (this *APINode) serviceInstance(instance interface{}) interface{} {
+	this.serviceInstanceLocker.Lock()
+	defer this.serviceInstanceLocker.Unlock()
+
+	typeName := reflect.TypeOf(instance).String()
+	result, ok := this.serviceInstanceMap[typeName]
+	if ok {
+		return result
+	}
+
+	this.serviceInstanceMap[typeName] = instance
+	return instance
 }
--- a/internal/nodes/rest_server.go
+++ b/internal/nodes/rest_server.go
@@ -13,14 +13,13 @@ import (
 	"net/http"
 	"reflect"
 	"regexp"
+	"strings"
 	"time"
 )

 var servicePathReg = regexp.MustCompile(`^/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$`)
-var servicesMap = map[string]reflect.Value{
+var restServicesMap = map[string]reflect.Value{
 	"APIAccessTokenService": reflect.ValueOf(new(services.APIAccessTokenService)),
-	"HTTPAccessLogService":  reflect.ValueOf(new(services.HTTPAccessLogService)),
-	"IPItemService":         reflect.ValueOf(new(services.IPItemService)),
 }

 type RestServer struct{}
@@ -67,12 +66,19 @@ func (this *RestServer) handle(writer http.ResponseWriter, req *http.Request) {
 	serviceName := matches[1]
 	methodName := matches[2]

-	serviceType, ok := servicesMap[serviceName]
+	serviceType, ok := restServicesMap[serviceName]
 	if !ok {
 		writer.WriteHeader(http.StatusNotFound)
 		return
 	}

+	if len(methodName) == 0 {
+		writer.WriteHeader(http.StatusNotFound)
+		return
+	}
+
+	// 再次查找
+	methodName = strings.ToUpper(string(methodName[0])) + methodName[1:]
 	method := serviceType.MethodByName(methodName)
 	if !method.IsValid() {
 		writer.WriteHeader(http.StatusNotFound)
@@ -90,7 +96,7 @@ func (this *RestServer) handle(writer http.ResponseWriter, req *http.Request) {
 	// 上下文
 	ctx := context.Background()

-	if serviceName != "APIAccessTokenService" || methodName != "GetAPIAccessToken" {
+	if serviceName != "APIAccessTokenService" || (methodName != "GetAPIAccessToken" && methodName != "getAPIAccessToken") {
 		// 校验TOKEN
 		token := req.Header.Get("Edge-Access-Token")
 		if len(token) == 0 {
@@ -123,6 +129,8 @@ func (this *RestServer) handle(writer http.ResponseWriter, req *http.Request) {

 		if accessToken.UserId > 0 {
 			ctx = rpcutils.NewPlainContext("user", int64(accessToken.UserId))
+		} else if accessToken.AdminId > 0 {
+			ctx = rpcutils.NewPlainContext("admin", int64(accessToken.AdminId))
 		} else {
 			// TODO 支持更多类型的角色
 			this.writeJSON(writer, maps.Map{
--- a/internal/rpc/services/service_api_access_token.go
+++ b/internal/rpc/services/service_api_access_token.go
@@ -14,7 +14,7 @@ type APIAccessTokenService struct {

 // GetAPIAccessToken 获取AccessToken
 func (this *APIAccessTokenService) GetAPIAccessToken(ctx context.Context, req *pb.GetAPIAccessTokenRequest) (*pb.GetAPIAccessTokenResponse, error) {
-	if req.Type == "user" { // 用户
+	if req.Type == "user" || req.Type == "admin" { // 用户或管理员
 		tx := this.NullTx()

 		accessKey, err := models.SharedUserAccessKeyDAO.FindAccessKeyWithUniqueId(tx, req.AccessKeyId)
@@ -28,6 +28,18 @@ func (this *APIAccessTokenService) GetAPIAccessToken(ctx context.Context, req *p
 			return nil, errors.New("access key not found")
 		}

+		// 检查数据
+		switch req.Type {
+		case "user":
+			if accessKey.UserId == 0 {
+				return nil, errors.New("access key not found")
+			}
+		case "admin":
+			if accessKey.AdminId == 0 {
+				return nil, errors.New("access key not found")
+			}
+		}
+
 		// 更新AccessKey访问时间
 		err = models.SharedUserAccessKeyDAO.UpdateAccessKeyAccessedAt(tx, int64(accessKey.Id))
 		if err != nil {
@@ -35,7 +47,7 @@ func (this *APIAccessTokenService) GetAPIAccessToken(ctx context.Context, req *p
 		}

 		// 创建AccessToken
-		token, expiresAt, err := models.SharedAPIAccessTokenDAO.GenerateAccessToken(tx, int64(accessKey.UserId))
+		token, expiresAt, err := models.SharedAPIAccessTokenDAO.GenerateAccessToken(tx, int64(accessKey.AdminId), int64(accessKey.UserId))
 		if err != nil {
 			return nil, err
 		}
--- a/internal/rpc/services/service_user_access_key.go
+++ b/internal/rpc/services/service_user_access_key.go
@@ -20,7 +20,7 @@ func (this *UserAccessKeyService) CreateUserAccessKey(ctx context.Context, req *

 	tx := this.NullTx()

-	userAccessKeyId, err := models.SharedUserAccessKeyDAO.CreateAccessKey(tx, req.UserId, req.Description)
+	userAccessKeyId, err := models.SharedUserAccessKeyDAO.CreateAccessKey(tx, req.AdminId, req.UserId, req.Description)
 	if err != nil {
 		return nil, err
 	}
@@ -36,7 +36,7 @@ func (this *UserAccessKeyService) FindAllEnabledUserAccessKeys(ctx context.Conte

 	tx := this.NullTx()

-	accessKeys, err := models.SharedUserAccessKeyDAO.FindAllEnabledAccessKeys(tx, req.UserId)
+	accessKeys, err := models.SharedUserAccessKeyDAO.FindAllEnabledAccessKeys(tx, req.AdminId, req.UserId)
 	if err != nil {
 		return nil, err
 	}
@@ -68,7 +68,7 @@ func (this *UserAccessKeyService) DeleteUserAccessKey(ctx context.Context, req *
 	tx := this.NullTx()

 	if userId > 0 {
-		ok, err := models.SharedUserAccessKeyDAO.CheckUserAccessKey(tx, userId, req.UserAccessKeyId)
+		ok, err := models.SharedUserAccessKeyDAO.CheckUserAccessKey(tx, 0, userId, req.UserAccessKeyId)
 		if err != nil {
 			return nil, err
 		}
@@ -94,7 +94,7 @@ func (this *UserAccessKeyService) UpdateUserAccessKeyIsOn(ctx context.Context, r
 	tx := this.NullTx()

 	if userId > 0 {
-		ok, err := models.SharedUserAccessKeyDAO.CheckUserAccessKey(tx, userId, req.UserAccessKeyId)
+		ok, err := models.SharedUserAccessKeyDAO.CheckUserAccessKey(tx, 0, userId, req.UserAccessKeyId)
 		if err != nil {
 			return nil, err
 		}
@@ -109,3 +109,18 @@ func (this *UserAccessKeyService) UpdateUserAccessKeyIsOn(ctx context.Context, r
 	}
 	return this.Success()
 }
+
+// CountAllEnabledUserAccessKeys 计算AccessKey数量
+func (this *UserAccessKeyService) CountAllEnabledUserAccessKeys(ctx context.Context, req *pb.CountAllEnabledUserAccessKeysRequest) (*pb.RPCCountResponse, error) {
+	_, _, err := this.ValidateAdminAndUser(ctx, 0, req.UserId)
+	if err != nil {
+		return nil, err
+	}
+
+	tx := this.NullTx()
+	count, err := models.SharedUserAccessKeyDAO.CountAllEnabledAccessKeys(tx, req.AdminId, req.UserId)
+	if err != nil {
+		return nil, err
+	}
+	return this.SuccessCount(count)
+}