refactor(api): remove internal metadata from image upload responses

Omit entity details, original filename, MIME type, and file size from payloads Update backend SQL queries and frontend interfaces to align with design specs
2026-05-03 15:24:27 +08:00
parent 960898c858
commit 7aa80430d9
3 changed files with 5 additions and 32 deletions
--- a/DESIGN.md
+++ b/DESIGN.md
@@ -279,7 +279,7 @@
  - `created_by_user_id`
  - `created_at`
 - 实体表只保存当前显示图片的相对路径；历史上传记录不会因为切换当前图片而删除。
- API 对外返回图片展示所需字段：`path`、`url`、上传时间和上传者必要署名；不返回服务器绝对文件路径或内部存储元数据。
+- 公共 API 对外返回图片上传历史只包含：`id`、`path`、`url`、`uploadedAt` 和上传者必要署名 `uploadedBy`；不返回 `entity_name`、原始文件名、MIME、文件大小、服务器绝对文件路径或内部存储元数据。若编辑接口确需实体关联，只能在受保护编辑接口返回 `entityId`。
 - 图片上传本身不直接改变实体内容；用户仍需保存实体编辑表单后，当前图片选择才成为实体行为并写入现有编辑审计。
 - Docker 运行时上传目录必须使用 volume 持久化，避免重新 build 后丢失用户上传图片。

--- a/backend/src/uploads.ts
+++ b/backend/src/uploads.ts
@@ -9,27 +9,15 @@ export type UploadEntityType = 'pokemon' | 'items' | 'habitats';

 export type EntityImageUpload = {
  id: number;
-  entityType: UploadEntityType;
-  entityId: number | null;
-  entityName: string;
  path: string;
  url: string;
-  originalFilename: string;
-  mimeType: string;
-  byteSize: number;
  uploadedAt: Date;
  uploadedBy: { id: number; displayName: string } | null;
 };

 type UploadRow = {
  id: number;
-  entityType: UploadEntityType;
-  entityId: number | null;
-  entityName: string;
  path: string;
-  originalFilename: string;
-  mimeType: string;
-  byteSize: number;
  uploadedAt: Date;
  uploadedBy: { id: number; displayName: string } | null;
 };
@@ -164,7 +152,10 @@ function hasValidImageSignature(mimeType: string, buffer: Buffer): boolean {

 function mapUploadRow(row: UploadRow): EntityImageUpload {
  return {
-    ...row,
+    id: row.id,
+    path: row.path,
+    uploadedAt: row.uploadedAt,
+    uploadedBy: row.uploadedBy,
    url: uploadImageUrl(row.path)
  };
 }
@@ -213,13 +204,7 @@ export async function saveEntityImageUpload(
      VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
      RETURNING
        id,
-        entity_type AS "entityType",
-        entity_id AS "entityId",
-        entity_name AS "entityName",
        path,
-        original_filename AS "originalFilename",
-        mime_type AS "mimeType",
-        byte_size AS "byteSize",
        created_at AS "uploadedAt",
        json_build_object('id', $8::integer, 'displayName', $9::text) AS "uploadedBy"
    `,
@@ -238,13 +223,7 @@ export async function listEntityImageUploads(entityType: UploadEntityType, entit
    `
      SELECT
        upload.id,
-        upload.entity_type AS "entityType",
-        upload.entity_id AS "entityId",
-        upload.entity_name AS "entityName",
        upload.path,
-        upload.original_filename AS "originalFilename",
-        upload.mime_type AS "mimeType",
-        upload.byte_size AS "byteSize",
        upload.created_at AS "uploadedAt",
        CASE
          WHEN u.id IS NULL THEN NULL
--- a/frontend/src/services/api.ts
+++ b/frontend/src/services/api.ts
@@ -62,12 +62,6 @@ export interface EntityImage {

 export interface EntityImageUpload extends EntityImage {
  id: number;
-  entityType: ImageUploadEntityType;
-  entityId: number | null;
-  entityName: string;
-  originalFilename: string;
-  mimeType: string;
-  byteSize: number;
  uploadedAt: string;
  uploadedBy: UserSummary | null;
 }