Add batch management APIs, API security, rate limiting, and optimizations

- Batch device CRUD: POST /api/devices/batch (create 500), PUT /api/devices/batch (update 500), POST /api/devices/batch-delete (delete 100) with WHERE IN bulk queries - Batch command: POST /api/commands/batch with model_validator mutual exclusion - API key auth (X-API-Key header, secrets.compare_digest timing-safe) - Rate limiting via SlowAPIMiddleware (60/min default, 30/min writes) - Real client IP extraction (X-Forwarded-For / CF-Connecting-IP) - Global exception handler (no stack trace leaks, passes HTTPException through) - CORS with auto-disable credentials on wildcard origins - Schema validation: IMEI pattern, lat/lon ranges, Literal enums, MAC/UUID patterns - Heartbeats router, per-ID endpoints for locations/attendance/bluetooth - Input dedup in batch create, result ordering preserved - Baidu reverse geocoding, Gaode map tiles with WGS84→GCJ02 conversion - Device detail panel with feature toggles and command controls - Side panel for location/beacon pages with auto-select active device via [HAPI](https://hapi.run) Co-Authored-By: HAPI <noreply@hapi.run>
2026-03-20 09:18:43 +00:00
parent 1bdbe4fa19
commit 7d6040af41
23 changed files with 1564 additions and 294 deletions
--- a/app/tcp_server.py
+++ b/app/tcp_server.py
@@ -60,6 +60,7 @@ from app.protocol.constants import (
    PROTO_ONLINE_CMD_REPLY,
    PROTO_TIME_SYNC,
    PROTO_TIME_SYNC_2,
+    PROTO_ADDRESS_REPLY_EN,
    PROTO_WIFI,
    PROTO_WIFI_4G,
    START_MARKER_LONG,
@@ -718,6 +719,11 @@ class TCPManager:
            logger.warning("Heartbeat received before login")
            return

+        # Ensure device is tracked in active connections (e.g. after server restart)
+        if imei not in self.connections:
+            self.connections[imei] = (reader, writer, conn_info)
+            logger.info("Device IMEI=%s re-registered via heartbeat", imei)
+
        terminal_info: int = 0
        battery_level: Optional[int] = None
        gsm_signal: Optional[int] = None
@@ -752,11 +758,12 @@ class TCPManager:
                        logger.warning("Heartbeat for unknown IMEI=%s", imei)
                        return

-                    # Update device record
+                    # Update device record (also ensure status=online if heartbeat is coming in)
                    await session.execute(
                        update(Device)
                        .where(Device.id == device_id)
                        .values(
+                            status="online",
                            battery_level=battery_level,
                            gsm_signal=gsm_signal,
                            last_heartbeat=now,