Add batch management APIs, API security, rate limiting, and optimizations

- Batch device CRUD: POST /api/devices/batch (create 500), PUT /api/devices/batch (update 500), POST /api/devices/batch-delete (delete 100) with WHERE IN bulk queries - Batch command: POST /api/commands/batch with model_validator mutual exclusion - API key auth (X-API-Key header, secrets.compare_digest timing-safe) - Rate limiting via SlowAPIMiddleware (60/min default, 30/min writes) - Real client IP extraction (X-Forwarded-For / CF-Connecting-IP) - Global exception handler (no stack trace leaks, passes HTTPException through) - CORS with auto-disable credentials on wildcard origins - Schema validation: IMEI pattern, lat/lon ranges, Literal enums, MAC/UUID patterns - Heartbeats router, per-ID endpoints for locations/attendance/bluetooth - Input dedup in batch create, result ordering preserved - Baidu reverse geocoding, Gaode map tiles with WGS84→GCJ02 conversion - Device detail panel with feature toggles and command controls - Side panel for location/beacon pages with auto-select active device via [HAPI](https://hapi.run) Co-Authored-By: HAPI <noreply@hapi.run>
2026-03-20 09:18:43 +00:00
parent 1bdbe4fa19
commit 7d6040af41
23 changed files with 1564 additions and 294 deletions
--- a/app/routers/locations.py
+++ b/app/routers/locations.py
@@ -7,9 +7,11 @@ import math
 from datetime import datetime

 from fastapi import APIRouter, Depends, HTTPException, Query
+from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession

 from app.database import get_db
+from app.models import LocationRecord
 from app.schemas import (
    APIResponse,
    LocationRecordResponse,
@@ -92,6 +94,7 @@ async def device_track(
    device_id: int,
    start_time: datetime = Query(..., description="开始时间 / Start time (ISO 8601)"),
    end_time: datetime = Query(..., description="结束时间 / End time (ISO 8601)"),
+    max_points: int = Query(default=10000, ge=1, le=50000, description="最大轨迹点数 / Max track points"),
    db: AsyncSession = Depends(get_db),
 ):
    """
@@ -109,7 +112,23 @@ async def device_track(
            detail="start_time must be before end_time / 开始时间必须早于结束时间",
        )

-    records = await location_service.get_device_track(db, device_id, start_time, end_time)
+    records = await location_service.get_device_track(db, device_id, start_time, end_time, max_points=max_points)
    return APIResponse(
        data=[LocationRecordResponse.model_validate(r) for r in records]
    )
+
+
+@router.get(
+    "/{location_id}",
+    response_model=APIResponse[LocationRecordResponse],
+    summary="获取位置记录详情 / Get location record",
+)
+async def get_location(location_id: int, db: AsyncSession = Depends(get_db)):
+    """按ID获取位置记录详情 / Get location record details by ID."""
+    result = await db.execute(
+        select(LocationRecord).where(LocationRecord.id == location_id)
+    )
+    record = result.scalar_one_or_none()
+    if record is None:
+        raise HTTPException(status_code=404, detail=f"Location {location_id} not found")
+    return APIResponse(data=LocationRecordResponse.model_validate(record))