feat(web): 条目列表页 /entries 与总条数统计

- 新增受会话保护的 GET /entries，仅展示 entries 非敏感列 - search: list_entries、count_entries 共享筛选条件；分页与计数不读 secrets - 侧边栏在 dashboard/audit 增加「条目」入口 - secrets-mcp 0.3.4（tag 尚未存在） Made-with: Cursor
2026-04-02 11:26:51 +08:00
parent 1b11f7e976
commit 87a29af82d
7 changed files with 353 additions and 48 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1968,7 +1968,7 @@ dependencies = [

 [[package]]
 name = "secrets-mcp"
-version = "0.3.3"
+version = "0.3.4"
 dependencies = [
 "anyhow",
 "askama",
--- a/crates/secrets-core/src/service/search.rs
+++ b/crates/secrets-core/src/service/search.rs
@@ -27,49 +27,46 @@ pub struct SearchResult {
    pub secret_schemas: HashMap<Uuid, Vec<SecretField>>,
 }

-pub async fn run(pool: &PgPool, params: SearchParams<'_>) -> Result<SearchResult> {
-    let entries = fetch_entries_paged(pool, &params).await?;
-    let entry_ids: Vec<Uuid> = entries.iter().map(|e| e.id).collect();
-    let secret_schemas = if !entry_ids.is_empty() {
-        fetch_secret_schemas(pool, &entry_ids).await?
-    } else {
-        HashMap::new()
-    };
-    Ok(SearchResult {
-        entries,
-        secret_schemas,
-    })
-}
-
-/// Fetch entries matching the given filters — returns all matching entries up to FETCH_ALL_LIMIT.
-pub async fn fetch_entries(
-    pool: &PgPool,
-    folder: Option<&str>,
-    entry_type: Option<&str>,
-    name: Option<&str>,
-    tags: &[String],
-    query: Option<&str>,
-    user_id: Option<Uuid>,
-) -> Result<Vec<Entry>> {
-    let params = SearchParams {
-        folder,
-        entry_type,
-        name,
-        tags,
-        query,
-        sort: "name",
-        limit: FETCH_ALL_LIMIT,
-        offset: 0,
-        user_id,
-    };
+/// List `entries` rows matching params (paged, ordered per `params.sort`).
+/// Does not read the `secrets` table.
+pub async fn list_entries(pool: &PgPool, params: SearchParams<'_>) -> Result<Vec<Entry>> {
    fetch_entries_paged(pool, &params).await
 }

-async fn fetch_entries_paged(pool: &PgPool, a: &SearchParams<'_>) -> Result<Vec<Entry>> {
+/// Count `entries` rows matching the same filters as [`list_entries`] (ignores `sort` / `limit` / `offset`).
+/// Does not read the `secrets` table.
+pub async fn count_entries(pool: &PgPool, a: &SearchParams<'_>) -> Result<i64> {
+    let (where_clause, _) = entry_where_clause_and_next_idx(a);
+    let sql = format!("SELECT COUNT(*)::bigint FROM entries {where_clause}");
+    let mut q = sqlx::query_scalar::<_, i64>(&sql);
+    if let Some(uid) = a.user_id {
+        q = q.bind(uid);
+    }
+    if let Some(v) = a.folder {
+        q = q.bind(v);
+    }
+    if let Some(v) = a.entry_type {
+        q = q.bind(v);
+    }
+    if let Some(v) = a.name {
+        q = q.bind(v);
+    }
+    for tag in a.tags {
+        q = q.bind(tag);
+    }
+    if let Some(v) = a.query {
+        let pattern = format!("%{}%", v.replace('%', "\\%").replace('_', "\\_"));
+        q = q.bind(pattern);
+    }
+    let n = q.fetch_one(pool).await?;
+    Ok(n)
+}
+
+/// Shared WHERE clause and the next `$n` index (for LIMIT/OFFSET in paged queries).
+fn entry_where_clause_and_next_idx(a: &SearchParams<'_>) -> (String, i32) {
    let mut conditions: Vec<String> = Vec::new();
    let mut idx: i32 = 1;

-    // user_id filtering — always comes first when present
    if a.user_id.is_some() {
        conditions.push(format!("user_id = ${}", idx));
        idx += 1;
@@ -115,6 +112,55 @@ async fn fetch_entries_paged(pool: &PgPool, a: &SearchParams<'_>) -> Result<Vec<
        idx += 1;
    }

+    let where_clause = if conditions.is_empty() {
+        String::new()
+    } else {
+        format!("WHERE {}", conditions.join(" AND "))
+    };
+    (where_clause, idx)
+}
+
+pub async fn run(pool: &PgPool, params: SearchParams<'_>) -> Result<SearchResult> {
+    let entries = fetch_entries_paged(pool, &params).await?;
+    let entry_ids: Vec<Uuid> = entries.iter().map(|e| e.id).collect();
+    let secret_schemas = if !entry_ids.is_empty() {
+        fetch_secret_schemas(pool, &entry_ids).await?
+    } else {
+        HashMap::new()
+    };
+    Ok(SearchResult {
+        entries,
+        secret_schemas,
+    })
+}
+
+/// Fetch entries matching the given filters — returns all matching entries up to FETCH_ALL_LIMIT.
+pub async fn fetch_entries(
+    pool: &PgPool,
+    folder: Option<&str>,
+    entry_type: Option<&str>,
+    name: Option<&str>,
+    tags: &[String],
+    query: Option<&str>,
+    user_id: Option<Uuid>,
+) -> Result<Vec<Entry>> {
+    let params = SearchParams {
+        folder,
+        entry_type,
+        name,
+        tags,
+        query,
+        sort: "name",
+        limit: FETCH_ALL_LIMIT,
+        offset: 0,
+        user_id,
+    };
+    list_entries(pool, params).await
+}
+
+async fn fetch_entries_paged(pool: &PgPool, a: &SearchParams<'_>) -> Result<Vec<Entry>> {
+    let (where_clause, idx) = entry_where_clause_and_next_idx(a);
+
    let order = match a.sort {
        "updated" => "updated_at DESC",
        "created" => "created_at DESC",
@@ -122,14 +168,7 @@ async fn fetch_entries_paged(pool: &PgPool, a: &SearchParams<'_>) -> Result<Vec<
    };

    let limit_idx = idx;
-    idx += 1;
-    let offset_idx = idx;
-
-    let where_clause = if conditions.is_empty() {
-        String::new()
-    } else {
-        format!("WHERE {}", conditions.join(" AND "))
-    };
+    let offset_idx = idx + 1;

    let sql = format!(
        "SELECT id, user_id, folder, type, name, notes, tags, metadata, version, \
@@ -138,7 +177,6 @@ async fn fetch_entries_paged(pool: &PgPool, a: &SearchParams<'_>) -> Result<Vec<
    );

    let mut q = sqlx::query_as::<_, EntryRaw>(&sql);
-
    if let Some(uid) = a.user_id {
        q = q.bind(uid);
    }
--- a/crates/secrets-mcp/Cargo.toml
+++ b/crates/secrets-mcp/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "secrets-mcp"
-version = "0.3.3"
+version = "0.3.4"
 edition.workspace = true

 [[bin]]
--- a/crates/secrets-mcp/src/web.rs
+++ b/crates/secrets-mcp/src/web.rs
@@ -19,6 +19,7 @@ use secrets_core::crypto::hex;
 use secrets_core::service::{
    api_key::{ensure_api_key, regenerate_api_key},
    audit_log::list_for_user,
+    search::{SearchParams, count_entries, list_entries},
    user::{
        OAuthProfile, bind_oauth_account, find_or_create_user, get_user_by_id,
        unbind_oauth_account, update_user_key_setup,
@@ -78,6 +79,33 @@ struct AuditEntryView {
    detail: String,
 }

+#[derive(Template)]
+#[template(path = "entries.html")]
+struct EntriesPageTemplate {
+    user_name: String,
+    user_email: String,
+    entries: Vec<EntryListItemView>,
+    total_count: i64,
+    shown_count: usize,
+    limit: u32,
+    version: &'static str,
+}
+
+/// Non-sensitive fields only (no `secrets` / ciphertext).
+struct EntryListItemView {
+    folder: String,
+    entry_type: String,
+    name: String,
+    notes: String,
+    tags: String,
+    metadata: String,
+    /// RFC3339 UTC for `<time datetime>`; localized in entries.html.
+    updated_at_iso: String,
+}
+
+/// Cap for HTML list (avoids loading unbounded rows into memory).
+const ENTRIES_PAGE_LIMIT: u32 = 5_000;
+
 // ── App state helpers ─────────────────────────────────────────────────────────

 fn google_cfg(state: &AppState) -> Option<&OAuthConfig> {
@@ -149,6 +177,7 @@ pub fn web_router() -> Router<AppState> {
        .route("/auth/google/callback", get(auth_google_callback))
        .route("/auth/logout", post(auth_logout))
        .route("/dashboard", get(dashboard))
+        .route("/entries", get(entries_page))
        .route("/audit", get(audit_page))
        .route("/account/bind/google", get(account_bind_google))
        .route(
@@ -478,6 +507,72 @@ async fn dashboard(
    render_template(tmpl)
 }

+async fn entries_page(
+    State(state): State<AppState>,
+    session: Session,
+) -> Result<Response, StatusCode> {
+    let Some(user_id) = current_user_id(&session).await else {
+        return Ok(Redirect::to("/login").into_response());
+    };
+
+    let user = match get_user_by_id(&state.pool, user_id).await.map_err(|e| {
+        tracing::error!(error = %e, %user_id, "failed to load user for entries page");
+        StatusCode::INTERNAL_SERVER_ERROR
+    })? {
+        Some(u) => u,
+        None => return Ok(Redirect::to("/login").into_response()),
+    };
+
+    let params = SearchParams {
+        folder: None,
+        entry_type: None,
+        name: None,
+        tags: &[],
+        query: None,
+        sort: "updated",
+        limit: ENTRIES_PAGE_LIMIT,
+        offset: 0,
+        user_id: Some(user_id),
+    };
+
+    let total_count = count_entries(&state.pool, &params).await.map_err(|e| {
+        tracing::error!(error = %e, "failed to count entries for web");
+        StatusCode::INTERNAL_SERVER_ERROR
+    })?;
+
+    let rows = list_entries(&state.pool, params).await.map_err(|e| {
+        tracing::error!(error = %e, "failed to load entries list for web");
+        StatusCode::INTERNAL_SERVER_ERROR
+    })?;
+    let shown_count = rows.len();
+
+    let entries = rows
+        .into_iter()
+        .map(|e| EntryListItemView {
+            folder: e.folder,
+            entry_type: e.entry_type,
+            name: e.name,
+            notes: e.notes,
+            tags: e.tags.join(", "),
+            metadata: serde_json::to_string_pretty(&e.metadata)
+                .unwrap_or_else(|_| "{}".to_string()),
+            updated_at_iso: e.updated_at.to_rfc3339_opts(SecondsFormat::Secs, true),
+        })
+        .collect();
+
+    let tmpl = EntriesPageTemplate {
+        user_name: user.name.clone(),
+        user_email: user.email.clone().unwrap_or_default(),
+        entries,
+        total_count,
+        shown_count,
+        limit: ENTRIES_PAGE_LIMIT,
+        version: env!("CARGO_PKG_VERSION"),
+    };
+
+    render_template(tmpl)
+}
+
 async fn audit_page(
    State(state): State<AppState>,
    session: Session,
--- a/crates/secrets-mcp/templates/audit.html
+++ b/crates/secrets-mcp/templates/audit.html
@@ -92,6 +92,7 @@
    <a href="/dashboard" class="sidebar-logo"><span>secrets</span></a>
    <nav class="sidebar-menu">
        <a href="/dashboard" class="sidebar-link">MCP</a>
+        <a href="/entries" class="sidebar-link">条目</a>
        <a href="/audit" class="sidebar-link active">审计</a>
    </nav>
 </aside>
--- a/crates/secrets-mcp/templates/dashboard.html
+++ b/crates/secrets-mcp/templates/dashboard.html
@@ -174,6 +174,7 @@
    <a href="/dashboard" class="sidebar-logo"><span>secrets</span></a>
    <nav class="sidebar-menu">
        <a href="/dashboard" class="sidebar-link active">MCP</a>
+        <a href="/entries" class="sidebar-link">条目</a>
        <a href="/audit" class="sidebar-link">审计</a>
    </nav>
 </aside>
--- a/crates/secrets-mcp/templates/entries.html
+++ b/crates/secrets-mcp/templates/entries.html
@@ -0,0 +1,170 @@
+<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <link rel="icon" href="/favicon.svg?v={{ version }}" type="image/svg+xml">
+    <title>Secrets — 条目</title>
+    <style>
+        *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+        @import url('https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;600&family=Inter:wght@400;500;600&display=swap');
+        :root {
+            --bg: #0d1117; --surface: #161b22; --surface2: #21262d;
+            --border: #30363d; --text: #e6edf3; --text-muted: #8b949e;
+            --accent: #58a6ff; --accent-hover: #79b8ff;
+        }
+        body { background: var(--bg); color: var(--text); font-family: 'Inter', sans-serif; min-height: 100vh; }
+        .layout { display: flex; min-height: 100vh; }
+        .sidebar {
+            width: 220px; flex-shrink: 0; background: var(--surface); border-right: 1px solid var(--border);
+            padding: 24px 16px; display: flex; flex-direction: column; gap: 20px;
+        }
+        .sidebar-logo { font-family: 'JetBrains Mono', monospace; font-size: 16px; font-weight: 600;
+                        color: var(--text); text-decoration: none; padding: 0 10px; }
+        .sidebar-logo span { color: var(--accent); }
+        .sidebar-menu { display: flex; flex-direction: column; gap: 6px; }
+        .sidebar-link {
+            padding: 10px 12px; border-radius: 8px; color: var(--text-muted); text-decoration: none;
+            border: 1px solid transparent; font-size: 13px; font-weight: 500;
+        }
+        .sidebar-link:hover { background: var(--surface2); color: var(--text); }
+        .sidebar-link.active {
+            background: rgba(88,166,255,0.12); color: var(--text); border-color: rgba(88,166,255,0.35);
+        }
+        .content-shell { flex: 1; min-width: 0; display: flex; flex-direction: column; }
+        .topbar {
+            background: var(--surface); border-bottom: 1px solid var(--border); padding: 0 24px;
+            display: flex; align-items: center; gap: 12px; min-height: 52px;
+        }
+        .topbar-spacer { flex: 1; }
+        .nav-user { font-size: 13px; color: var(--text-muted); }
+        .btn-sign-out {
+            padding: 5px 12px; border-radius: 6px; border: 1px solid var(--border);
+            background: none; color: var(--text); font-size: 12px; text-decoration: none; cursor: pointer;
+        }
+        .btn-sign-out:hover { background: var(--surface2); }
+        .main { padding: 32px 24px 40px; flex: 1; }
+        .card { background: var(--surface); border: 1px solid var(--border); border-radius: 12px;
+                padding: 24px; width: 100%; max-width: 1280px; margin: 0 auto; }
+        .card-title { font-size: 20px; font-weight: 600; margin-bottom: 8px; }
+        .card-subtitle { color: var(--text-muted); font-size: 13px; margin-bottom: 20px; }
+        .empty { color: var(--text-muted); font-size: 14px; padding: 20px 0; }
+        .table-wrap { overflow-x: auto; }
+        table { width: 100%; border-collapse: collapse; min-width: 720px; }
+        th, td { text-align: left; vertical-align: top; padding: 12px 10px; border-top: 1px solid var(--border); }
+        th { color: var(--text-muted); font-size: 12px; font-weight: 600; white-space: nowrap; }
+        td { font-size: 13px; }
+        .mono { font-family: 'JetBrains Mono', monospace; }
+        .cell-notes, .cell-meta {
+            max-width: 280px; word-break: break-word;
+        }
+        .detail {
+            background: var(--bg); border: 1px solid var(--border); border-radius: 8px;
+            padding: 10px; white-space: pre-wrap; word-break: break-word; font-size: 12px;
+            max-width: 320px; max-height: 160px; overflow: auto;
+        }
+        @media (max-width: 900px) {
+            .layout { flex-direction: column; }
+            .sidebar {
+                width: 100%; border-right: none; border-bottom: 1px solid var(--border);
+                padding: 16px; gap: 14px;
+            }
+            .sidebar-menu { flex-direction: row; flex-wrap: wrap; }
+            .sidebar-link { flex: 1; text-align: center; min-width: 72px; }
+            .main { padding: 20px 12px 28px; }
+            .card { padding: 16px; }
+            .topbar { padding: 12px 16px; flex-wrap: wrap; }
+            table, thead, tbody, th, td, tr { display: block; }
+            thead { display: none; }
+            tr { border-top: 1px solid var(--border); padding: 12px 0; }
+            td { border-top: none; padding: 6px 0; max-width: none; }
+            td::before {
+                display: block; color: var(--text-muted); font-size: 11px;
+                margin-bottom: 4px; text-transform: uppercase;
+            }
+            td.col-updated::before { content: "更新"; }
+            td.col-folder::before { content: "Folder"; }
+            td.col-type::before { content: "Type"; }
+            td.col-name::before { content: "Name"; }
+            td.col-notes::before { content: "Notes"; }
+            td.col-tags::before { content: "Tags"; }
+            td.col-meta::before { content: "Metadata"; }
+            .detail { max-width: none; }
+        }
+    </style>
+</head>
+<body>
+<div class="layout">
+<aside class="sidebar">
+    <a href="/dashboard" class="sidebar-logo"><span>secrets</span></a>
+    <nav class="sidebar-menu">
+        <a href="/dashboard" class="sidebar-link">MCP</a>
+        <a href="/entries" class="sidebar-link active">条目</a>
+        <a href="/audit" class="sidebar-link">审计</a>
+    </nav>
+</aside>
+
+<div class="content-shell">
+<div class="topbar">
+    <span class="topbar-spacer"></span>
+    <span class="nav-user">{{ user_name }}{% if !user_email.is_empty() %} · {{ user_email }}{% endif %}</span>
+    <form action="/auth/logout" method="post" style="display:inline">
+        <button type="submit" class="btn-sign-out">退出</button>
+    </form>
+</div>
+
+<main class="main">
+    <section class="card">
+        <div class="card-title">我的条目</div>
+        <div class="card-subtitle">共 <strong>{{ total_count }}</strong> 条记录；当前列表显示 <strong>{{ shown_count }}</strong> 条（按更新时间降序，单页最多 {{ limit }} 条）。不含密文字段。时间为浏览器本地时区。</div>
+
+        {% if entries.is_empty() %}
+        <div class="empty">暂无条目。</div>
+        {% else %}
+        <div class="table-wrap">
+        <table>
+            <thead>
+                <tr>
+                    <th>更新</th>
+                    <th>Folder</th>
+                    <th>Type</th>
+                    <th>Name</th>
+                    <th>Notes</th>
+                    <th>Tags</th>
+                    <th>Metadata</th>
+                </tr>
+            </thead>
+            <tbody>
+                {% for entry in entries %}
+                <tr>
+                    <td class="col-updated mono"><time class="entry-local-time" datetime="{{ entry.updated_at_iso }}">{{ entry.updated_at_iso }}</time></td>
+                    <td class="col-folder mono">{{ entry.folder }}</td>
+                    <td class="col-type mono">{{ entry.entry_type }}</td>
+                    <td class="col-name mono">{{ entry.name }}</td>
+                    <td class="col-notes cell-notes">{{ entry.notes }}</td>
+                    <td class="col-tags mono">{{ entry.tags }}</td>
+                    <td class="col-meta cell-meta"><pre class="detail">{{ entry.metadata }}</pre></td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        </div>
+        {% endif %}
+    </section>
+</main>
+</div>
+</div>
+<script>
+(function () {
+  document.querySelectorAll('time.entry-local-time[datetime]').forEach(function (el) {
+    var raw = el.getAttribute('datetime');
+    var d = raw ? new Date(raw) : null;
+    if (d && !isNaN(d.getTime())) {
+      el.textContent = d.toLocaleString(undefined, { dateStyle: 'medium', timeStyle: 'medium' });
+      el.title = raw + ' (UTC)';
+    }
+  });
+})();
+</script>
+</body>
+</html>