From 7aa80430d95f1269817df080bcc4ae7f3b70e637 Mon Sep 17 00:00:00 2001
From: xiaomai <xsbugh@gmail.com>
Date: Sun, 3 May 2026 15:24:27 +0800
Subject: [PATCH] refactor(api): remove internal metadata from image upload
 responses

Omit entity details, original filename, MIME type, and file size from payloads
Update backend SQL queries and frontend interfaces to align with design specs
---
 DESIGN.md                    |  2 +-
 backend/src/uploads.ts       | 29 ++++-------------------------
 frontend/src/services/api.ts |  6 ------
 3 files changed, 5 insertions(+), 32 deletions(-)

diff --git a/DESIGN.md b/DESIGN.md
index 18223e3..e0f6fde 100644
--- a/DESIGN.md
+++ b/DESIGN.md
@@ -279,7 +279,7 @@
   - `created_by_user_id`
   - `created_at`
 - 实体表只保存当前显示图片的相对路径；历史上传记录不会因为切换当前图片而删除。
-- API 对外返回图片展示所需字段：`path`、`url`、上传时间和上传者必要署名；不返回服务器绝对文件路径或内部存储元数据。
+- 公共 API 对外返回图片上传历史只包含：`id`、`path`、`url`、`uploadedAt` 和上传者必要署名 `uploadedBy`；不返回 `entity_name`、原始文件名、MIME、文件大小、服务器绝对文件路径或内部存储元数据。若编辑接口确需实体关联，只能在受保护编辑接口返回 `entityId`。
 - 图片上传本身不直接改变实体内容；用户仍需保存实体编辑表单后，当前图片选择才成为实体行为并写入现有编辑审计。
 - Docker 运行时上传目录必须使用 volume 持久化，避免重新 build 后丢失用户上传图片。
 
diff --git a/backend/src/uploads.ts b/backend/src/uploads.ts
index 32b9590..4a826ae 100644
--- a/backend/src/uploads.ts
+++ b/backend/src/uploads.ts
@@ -9,27 +9,15 @@ export type UploadEntityType = 'pokemon' | 'items' | 'habitats';
 
 export type EntityImageUpload = {
   id: number;
-  entityType: UploadEntityType;
-  entityId: number | null;
-  entityName: string;
   path: string;
   url: string;
-  originalFilename: string;
-  mimeType: string;
-  byteSize: number;
   uploadedAt: Date;
   uploadedBy: { id: number; displayName: string } | null;
 };
 
 type UploadRow = {
   id: number;
-  entityType: UploadEntityType;
-  entityId: number | null;
-  entityName: string;
   path: string;
-  originalFilename: string;
-  mimeType: string;
-  byteSize: number;
   uploadedAt: Date;
   uploadedBy: { id: number; displayName: string } | null;
 };
@@ -164,7 +152,10 @@ function hasValidImageSignature(mimeType: string, buffer: Buffer): boolean {
 
 function mapUploadRow(row: UploadRow): EntityImageUpload {
   return {
-    ...row,
+    id: row.id,
+    path: row.path,
+    uploadedAt: row.uploadedAt,
+    uploadedBy: row.uploadedBy,
     url: uploadImageUrl(row.path)
   };
 }
@@ -213,13 +204,7 @@ export async function saveEntityImageUpload(
       VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
       RETURNING
         id,
-        entity_type AS "entityType",
-        entity_id AS "entityId",
-        entity_name AS "entityName",
         path,
-        original_filename AS "originalFilename",
-        mime_type AS "mimeType",
-        byte_size AS "byteSize",
         created_at AS "uploadedAt",
         json_build_object('id', $8::integer, 'displayName', $9::text) AS "uploadedBy"
     `,
@@ -238,13 +223,7 @@ export async function listEntityImageUploads(entityType: UploadEntityType, entit
     `
       SELECT
         upload.id,
-        upload.entity_type AS "entityType",
-        upload.entity_id AS "entityId",
-        upload.entity_name AS "entityName",
         upload.path,
-        upload.original_filename AS "originalFilename",
-        upload.mime_type AS "mimeType",
-        upload.byte_size AS "byteSize",
         upload.created_at AS "uploadedAt",
         CASE
           WHEN u.id IS NULL THEN NULL
diff --git a/frontend/src/services/api.ts b/frontend/src/services/api.ts
index eaaf4d1..7d510a4 100644
--- a/frontend/src/services/api.ts
+++ b/frontend/src/services/api.ts
@@ -62,12 +62,6 @@ export interface EntityImage {
 
 export interface EntityImageUpload extends EntityImage {
   id: number;
-  entityType: ImageUploadEntityType;
-  entityId: number | null;
-  entityName: string;
-  originalFilename: string;
-  mimeType: string;
-  byteSize: number;
   uploadedAt: string;
   uploadedBy: UserSummary | null;
 }