perf(core): implement efficient bulk user deletion

Revamps the entire user deletion process to resolve critical performance bottlenecks that caused the web panel and database to freeze when removing multiple users. - **Backend:** Core scripts (`kickuser.py`, `remove_user.py`) and the database layer are re-engineered to handle multiple users in a single, efficient batch operation using MongoDB's `delete_many`. - **API:** A new `POST /api/v1/users/bulk-delete` endpoint is introduced for batch removals. The existing single-user `DELETE` endpoint is fixed to align with the new bulk logic. - **Frontend:** The Users page now intelligently calls the bulk API when multiple users are selected, drastically improving UI responsiveness and reducing server load.
2025-09-13 16:15:41 +00:00
parent cb9804d71e
commit 949a12cea7
7 changed files with 90 additions and 46 deletions
--- a/core/scripts/webpanel/routers/api/v1/user.py
+++ b/core/scripts/webpanel/routers/api/v1/user.py
@ -111,6 +111,19 @@ async def show_multiple_user_uris_api(request: UsernamesRequest):
        raise HTTPException(status_code=400, detail=f'Unexpected error: {str(e)}')


+@router.post('/bulk-delete', response_model=DetailResponse)
+async def bulk_remove_users_api(body: UsernamesRequest):
+    if not body.usernames:
+        raise HTTPException(status_code=400, detail="No usernames provided.")
+    try:
+        cli_api.kick_users_by_name(body.usernames)
+        cli_api.traffic_status(display_output=False)
+        cli_api.remove_users(body.usernames)
+        return DetailResponse(detail=f'Users have been removed.')
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=f'Error: {str(e)}')
+
+
@router.get('/{username}', response_model=UserInfoResponse)
 async def get_user_api(username: str):
    """
@ -156,7 +169,7 @@ async def edit_user_api(username: str, body: EditUserInputBody):
        HTTPException: if an error occurs while editing the user.
    """
    try:
-        cli_api.kick_user_by_name(username)
+        cli_api.kick_users_by_name([username])
        cli_api.traffic_status(display_output=False)
        cli_api.edit_user(username, body.new_username, body.new_traffic_limit, body.new_expiration_days,
                          body.renew_password, body.renew_creation_date, body.blocked, body.unlimited_ip)
@ -184,12 +197,11 @@ async def remove_user_api(username: str):
        if not user:
            raise HTTPException(status_code=404, detail=f'User {username} not found.')
        
-        cli_api.kick_user_by_name(username)
+        cli_api.kick_users_by_name([username])
        cli_api.traffic_status(display_output=False)
-        cli_api.remove_user(username)
+        cli_api.remove_users([username])
        return DetailResponse(detail=f'User {username} has been removed.')
    except HTTPException:
-
        raise
    except Exception as e:
        raise HTTPException(status_code=400, detail=f'Error: {str(e)}')