Add batch management APIs, API security, rate limiting, and optimizations

- Batch device CRUD: POST /api/devices/batch (create 500), PUT /api/devices/batch (update 500), POST /api/devices/batch-delete (delete 100) with WHERE IN bulk queries - Batch command: POST /api/commands/batch with model_validator mutual exclusion - API key auth (X-API-Key header, secrets.compare_digest timing-safe) - Rate limiting via SlowAPIMiddleware (60/min default, 30/min writes) - Real client IP extraction (X-Forwarded-For / CF-Connecting-IP) - Global exception handler (no stack trace leaks, passes HTTPException through) - CORS with auto-disable credentials on wildcard origins - Schema validation: IMEI pattern, lat/lon ranges, Literal enums, MAC/UUID patterns - Heartbeats router, per-ID endpoints for locations/attendance/bluetooth - Input dedup in batch create, result ordering preserved - Baidu reverse geocoding, Gaode map tiles with WGS84→GCJ02 conversion - Device detail panel with feature toggles and command controls - Side panel for location/beacon pages with auto-select active device via [HAPI](https://hapi.run) Co-Authored-By: HAPI <noreply@hapi.run>
2026-03-20 09:18:43 +00:00
parent 1bdbe4fa19
commit 7d6040af41
23 changed files with 1564 additions and 294 deletions
--- a/app/routers/bluetooth.py
+++ b/app/routers/bluetooth.py
@@ -88,15 +88,14 @@ async def device_bluetooth_records(
    record_type: str | None = Query(default=None, description="记录类型 / Record type (punch/location)"),
    start_time: datetime | None = Query(default=None, description="开始时间 / Start time"),
    end_time: datetime | None = Query(default=None, description="结束时间 / End time"),
-    page: int = Query(default=1, ge=1, description="页码 / Page number"),
-    page_size: int = Query(default=20, ge=1, le=100, description="每页数量 / Items per page"),
+    page: int = Query(default=1, ge=1, description="页码"),
+    page_size: int = Query(default=20, ge=1, le=100, description="每页数量"),
    db: AsyncSession = Depends(get_db),
 ):
    """
    获取指定设备的蓝牙数据记录。
    Get Bluetooth records for a specific device.
    """
-    # Verify device exists
    device = await device_service.get_device(db, device_id)
    if device is None:
        raise HTTPException(status_code=404, detail=f"Device {device_id} not found / 未找到设备{device_id}")
@@ -133,3 +132,20 @@ async def device_bluetooth_records(
            total_pages=math.ceil(total / page_size) if total else 0,
        )
    )
+
+
+# NOTE: /{record_id} must be after /device/{device_id} to avoid route conflicts
+@router.get(
+    "/{record_id}",
+    response_model=APIResponse[BluetoothRecordResponse],
+    summary="获取蓝牙记录详情 / Get bluetooth record",
+)
+async def get_bluetooth_record(record_id: int, db: AsyncSession = Depends(get_db)):
+    """按ID获取蓝牙记录详情 / Get bluetooth record details by ID."""
+    result = await db.execute(
+        select(BluetoothRecord).where(BluetoothRecord.id == record_id)
+    )
+    record = result.scalar_one_or_none()
+    if record is None:
+        raise HTTPException(status_code=404, detail=f"Bluetooth record {record_id} not found")
+    return APIResponse(data=BluetoothRecordResponse.model_validate(record))