@atomservice/config 0.1.5

package/package.json

@@ -0,0 +1,37 @@
+{
+  "name": "@atomservice/config",
+  "version": "0.1.5",
+  "description": "配置中心原子服务：基于 Bun 的高性能配置管理服务",
+  "type": "module",
+  "author": "openorson",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/openorson/atomservice.git",
+    "directory": "services/config"
+  },
+  "bugs": "https://github.com/openorson/atomservice/issues",
+  "homepage": "https://github.com/openorson/atomservice/tree/main/services/config#readme",
+  "keywords": [
+    "atomservice",
+    "config",
+    "self-hosted",
+    "podman",
+    "bun"
+  ],
+  "engines": {
+    "bun": ">=1.3.14"
+  },
+  "files": [
+    "src",
+    "server"
+  ],
+  "exports": {
+    ".": "./src/index.ts"
+  },
+  "dependencies": {
+    "@atomservice/gateway": "0.1.5"
+  },
+  "peerDependencies": {
+    "@atomservice/core": "0.1.5"
+  }
+}

package/server/.env

@@ -0,0 +1,3 @@
+CONFIG_ADMIN_NAME=admin
+CONFIG_ADMIN_EMAIL=admin@example.com
+CONFIG_ADMIN_PASSWORD=admin123

package/server/Containerfile

@@ -0,0 +1,50 @@
+# syntax=docker/dockerfile:1
+
+# ── Stage 1: Build standalone binary ─────────────────────────────────────────
+FROM oven/bun:1 AS builder
+WORKDIR /build
+
+# Install dependencies first (cache layer)
+COPY package.json ./
+RUN bun install
+
+# Copy source and compile
+COPY tsconfig.json ./
+COPY src/ ./src/
+RUN bun build --compile --minify --sourcemap --bytecode \
+    --target=bun-linux-x64 \
+    ./src/main.ts \
+    --outfile ./dist/config-server
+
+# ── Stage 2: Minimal runtime image ───────────────────────────────────────────
+FROM debian:bookworm-slim
+
+# Install curl for HEALTHCHECK (binary is ~100MB anyway, curl adds negligible overhead)
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends curl \
+    && rm -rf /var/lib/apt/lists/*
+
+# Create non-root user
+RUN groupadd --system --gid 1001 app \
+    && useradd --system --uid 1001 --gid app --no-create-home app
+
+WORKDIR /app
+
+# Copy compiled binary
+COPY --from=builder --chown=app:app /build/dist/config-server ./config-server
+
+# Prepare data directory (mount a volume here for persistence)
+RUN mkdir -p /data && chown app:app /data
+
+USER app
+
+# Default data path — compose will bind-mount host:${containerName}/data here
+ENV CONFIG_DB_PATH=/data/config.db
+VOLUME ["/data"]
+EXPOSE 4000
+
+# Health check against /v1/health; respects CONFIG_PORT if overridden
+HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
+    CMD curl -sf http://localhost:${CONFIG_PORT:-4000}/v1/health
+
+CMD ["./config-server"]

package/server/package.json

@@ -0,0 +1,18 @@
+{
+  "name": "@atomservice/config-server",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "dev": "bun --watch src/main.ts",
+    "start": "bun src/main.ts",
+    "build": "bun build --compile --minify --sourcemap --bytecode src/main.ts --outfile dist/config-server",
+    "build:linux-x64": "bun build --compile --minify --sourcemap --bytecode --target=bun-linux-x64 src/main.ts --outfile dist/config-server",
+    "build:linux-arm64": "bun build --compile --minify --sourcemap --bytecode --target=bun-linux-arm64 src/main.ts --outfile dist/config-server"
+  },
+  "dependencies": {
+    "typebox": "1.1.39"
+  },
+  "devDependencies": {
+    "typescript": "^6"
+  }
+}

package/server/src/db/client.ts

@@ -0,0 +1,49 @@
+import { Database } from "bun:sqlite"
+import { mkdirSync } from "node:fs"
+import path from "node:path"
+import { getEnv } from "../shared/env.ts"
+import { DB_PRAGMAS, MIGRATIONS_TABLE } from "./consts.ts"
+import { migrations } from "./migrations.ts"
+
+let database: Database | null = null
+
+export function openDb(): Database {
+  if (database) return database
+
+  const dbPath = getEnv().dbPath
+  mkdirSync(path.dirname(dbPath), { recursive: true })
+
+  database = new Database(dbPath, { create: true, strict: true })
+  for (const pragma of DB_PRAGMAS) database.run(pragma)
+
+  return database
+}
+
+export function getDb(): Database {
+  if (!database) throw new Error("database not opened, call openDb() first")
+  return database
+}
+
+export function closeDb(): void {
+  if (!database) return
+  database.close(false)
+  database = null
+}
+
+export function migrate(): void {
+  const db = getDb()
+  db.run(`CREATE TABLE IF NOT EXISTS ${MIGRATIONS_TABLE} (id TEXT PRIMARY KEY, applied_at INTEGER NOT NULL)`)
+
+  const rows = db.query(`SELECT id FROM ${MIGRATIONS_TABLE}`).all() as { id: string }[]
+  const applied = new Set(rows.map((r) => r.id))
+  const insert = db.query(`INSERT INTO ${MIGRATIONS_TABLE} (id, applied_at) VALUES (?, ?)`)
+
+  for (const m of migrations) {
+    if (applied.has(m.id)) continue
+    const apply = db.transaction(() => {
+      db.run(m.up)
+      insert.run(m.id, Date.now())
+    })
+    apply()
+  }
+}

package/server/src/db/consts.ts

@@ -0,0 +1,3 @@
+export const DB_PRAGMAS = ["PRAGMA journal_mode = WAL", "PRAGMA foreign_keys = ON", "PRAGMA busy_timeout = 5000"]
+
+export const MIGRATIONS_TABLE = "_migrations"

package/server/src/db/migrations.ts

@@ -0,0 +1,106 @@
+import type { Migration } from "./types.ts"
+
+export const migrations: Migration[] = [
+  {
+    id: "001_init",
+    up: `
+      CREATE TABLE "User" (
+        id            TEXT PRIMARY KEY,
+        email         TEXT NOT NULL UNIQUE,
+        name          TEXT NOT NULL,
+        passwordHash  TEXT NOT NULL,
+        isSuperAdmin  INTEGER NOT NULL DEFAULT 0,
+        createdAt     INTEGER NOT NULL DEFAULT (unixepoch()),
+        updatedAt     INTEGER NOT NULL DEFAULT (unixepoch())
+      );
+
+      CREATE TABLE "Token" (
+        id           TEXT PRIMARY KEY,
+        userId       TEXT NOT NULL REFERENCES "User"(id) ON DELETE CASCADE,
+        name         TEXT,
+        tokenHash    TEXT NOT NULL UNIQUE,
+        tokenPrefix  TEXT NOT NULL,
+        expiresAt    INTEGER,
+        lastUsedAt   INTEGER,
+        revoked      INTEGER NOT NULL DEFAULT 0,
+        createdAt    INTEGER NOT NULL DEFAULT (unixepoch())
+      );
+      CREATE INDEX tokenUserIdx ON "Token"(userId);
+
+      CREATE TABLE "Project" (
+        id          TEXT PRIMARY KEY,
+        slug        TEXT NOT NULL UNIQUE,
+        name        TEXT NOT NULL,
+        description TEXT,
+        createdBy   TEXT NOT NULL REFERENCES "User"(id),
+        createdAt   INTEGER NOT NULL DEFAULT (unixepoch()),
+        updatedAt   INTEGER NOT NULL DEFAULT (unixepoch())
+      );
+
+      CREATE TABLE "ProjectMember" (
+        projectId TEXT NOT NULL REFERENCES "Project"(id) ON DELETE CASCADE,
+        userId    TEXT NOT NULL REFERENCES "User"(id) ON DELETE CASCADE,
+        role      TEXT NOT NULL,
+        joinedAt  INTEGER NOT NULL DEFAULT (unixepoch()),
+        PRIMARY KEY (projectId, userId)
+      );
+
+      CREATE TABLE "Environment" (
+        id          TEXT PRIMARY KEY,
+        projectId   TEXT NOT NULL REFERENCES "Project"(id) ON DELETE CASCADE,
+        slug        TEXT NOT NULL,
+        name        TEXT NOT NULL,
+        description TEXT,
+        sortOrder   INTEGER NOT NULL DEFAULT 0,
+        sensitive   INTEGER NOT NULL DEFAULT 0,
+        createdBy   TEXT NOT NULL REFERENCES "User"(id),
+        createdAt   INTEGER NOT NULL DEFAULT (unixepoch()),
+        updatedAt   INTEGER NOT NULL DEFAULT (unixepoch()),
+        UNIQUE (projectId, slug)
+      );
+
+      CREATE TABLE "App" (
+        id          TEXT PRIMARY KEY,
+        projectId   TEXT NOT NULL REFERENCES "Project"(id) ON DELETE CASCADE,
+        slug        TEXT NOT NULL,
+        name        TEXT NOT NULL,
+        description TEXT,
+        schema      TEXT NOT NULL,
+        createdBy   TEXT NOT NULL REFERENCES "User"(id),
+        createdAt   INTEGER NOT NULL DEFAULT (unixepoch()),
+        updatedAt   INTEGER NOT NULL DEFAULT (unixepoch()),
+        UNIQUE (projectId, slug)
+      );
+
+      CREATE TABLE "Release" (
+        id              TEXT PRIMARY KEY,
+        appId           TEXT NOT NULL REFERENCES "App"(id) ON DELETE CASCADE,
+        environmentId   TEXT NOT NULL REFERENCES "Environment"(id) ON DELETE CASCADE,
+        semver          TEXT NOT NULL,
+        changeKind      TEXT NOT NULL,
+        status          TEXT NOT NULL DEFAULT 'unpublished',
+        notes           TEXT,
+        snapshot        TEXT NOT NULL,
+        schemaSnapshot  TEXT NOT NULL,
+        createdBy       TEXT NOT NULL REFERENCES "User"(id),
+        createdAt       INTEGER NOT NULL DEFAULT (unixepoch()),
+        UNIQUE (appId, environmentId, semver)
+      );
+      CREATE INDEX releaseLookupIdx ON "Release"(appId, environmentId, createdAt);
+
+      CREATE TABLE "AppToken" (
+        id            TEXT PRIMARY KEY,
+        appId         TEXT NOT NULL REFERENCES "App"(id) ON DELETE CASCADE,
+        environmentId TEXT NOT NULL REFERENCES "Environment"(id) ON DELETE CASCADE,
+        name          TEXT,
+        tokenHash     TEXT NOT NULL UNIQUE,
+        tokenPrefix   TEXT NOT NULL,
+        revoked       INTEGER NOT NULL DEFAULT 0,
+        lastUsedAt    INTEGER,
+        createdBy     TEXT NOT NULL REFERENCES "User"(id),
+        createdAt     INTEGER NOT NULL DEFAULT (unixepoch())
+      );
+      CREATE INDEX appTokenLookupIdx ON "AppToken"(appId, environmentId);
+    `,
+  },
+]

package/server/src/db/types.ts

@@ -0,0 +1,101 @@
+export interface Migration {
+  id: string
+  up: string
+}
+
+export type ProjectRole = "admin" | "collaborator" | "viewer"
+
+export type ChangeKind = "major" | "minor" | "patch"
+
+export type ReleaseStatus = "unpublished" | "published"
+
+export interface UserRow {
+  id: string
+  email: string
+  name: string
+  passwordHash: string
+  isSuperAdmin: number
+  createdAt: number
+  updatedAt: number
+}
+
+export interface TokenRow {
+  id: string
+  userId: string
+  name: string | null
+  tokenHash: string
+  tokenPrefix: string
+  expiresAt: number | null
+  lastUsedAt: number | null
+  revoked: number
+  createdAt: number
+}
+
+export interface ProjectRow {
+  id: string
+  slug: string
+  name: string
+  description: string | null
+  createdBy: string
+  createdAt: number
+  updatedAt: number
+}
+
+export interface ProjectMemberRow {
+  projectId: string
+  userId: string
+  role: ProjectRole
+  joinedAt: number
+}
+
+export interface EnvironmentRow {
+  id: string
+  projectId: string
+  slug: string
+  name: string
+  description: string | null
+  sortOrder: number
+  sensitive: number
+  createdBy: string
+  createdAt: number
+  updatedAt: number
+}
+
+export interface AppRow {
+  id: string
+  projectId: string
+  slug: string
+  name: string
+  description: string | null
+  schema: string
+  createdBy: string
+  createdAt: number
+  updatedAt: number
+}
+
+export interface ReleaseRow {
+  id: string
+  appId: string
+  environmentId: string
+  semver: string
+  changeKind: ChangeKind
+  status: ReleaseStatus
+  notes: string | null
+  snapshot: string
+  schemaSnapshot: string
+  createdBy: string
+  createdAt: number
+}
+
+export interface AppTokenRow {
+  id: string
+  appId: string
+  environmentId: string
+  name: string | null
+  tokenHash: string
+  tokenPrefix: string
+  revoked: number
+  lastUsedAt: number | null
+  createdBy: string
+  createdAt: number
+}

package/server/src/http/response.ts

@@ -0,0 +1,82 @@
+import type { Server } from "bun"
+
+export class HttpError extends Error {
+  statusCode: number
+  code: string
+
+  constructor(statusCode: number, code: string, message: string) {
+    super(message)
+    this.statusCode = statusCode
+    this.code = code
+  }
+}
+
+export function ok(data: unknown, status = 200): Response {
+  return Response.json(data, { status })
+}
+
+export function params(req: Request): Record<string, string> {
+  return (req as unknown as { params?: Record<string, string> }).params ?? {}
+}
+
+export function param(req: Request, key: string): string {
+  const value = params(req)[key]
+  if (value === undefined || value === "") throw new HttpError(404, "not_found", "缺少路径参数")
+  return value
+}
+
+export function fail(status: number, code: string, message: string): Response {
+  return Response.json({ error: { code, message } }, { status })
+}
+
+export function route(handler: (req: Request) => Response | Promise<Response>) {
+  return async (req: Request): Promise<Response> => {
+    try {
+      return await handler(req)
+    } catch (err) {
+      if (err instanceof HttpError) return fail(err.statusCode, err.code, err.message)
+      console.error(err)
+      return fail(500, "internal", "服务器内部错误")
+    }
+  }
+}
+
+export async function readBody(req: Request): Promise<Record<string, unknown>> {
+  let raw: unknown
+  try {
+    raw = await req.json()
+  } catch {
+    throw new HttpError(400, "invalid_json", "请求体不是合法的 JSON")
+  }
+  if (typeof raw !== "object" || raw === null || Array.isArray(raw)) {
+    throw new HttpError(400, "invalid_body", "请求体必须是 JSON 对象")
+  }
+  return raw as Record<string, unknown>
+}
+
+export function requireString(body: Record<string, unknown>, key: string, label: string): string {
+  const value = body[key]
+  if (typeof value !== "string" || value.trim() === "") {
+    throw new HttpError(400, "invalid_field", `缺少必填字段：${label}`)
+  }
+  return value.trim()
+}
+
+export function optionalString(body: Record<string, unknown>, key: string): string | undefined {
+  const value = body[key]
+  if (value === undefined || value === null) return undefined
+  if (typeof value !== "string") throw new HttpError(400, "invalid_field", `字段 ${key} 必须是字符串`)
+  return value.trim()
+}
+
+export function sseRoute(handler: (req: Request, server: Server<undefined>) => Response) {
+  return (req: Request, server: Server<undefined>): Response => {
+    try {
+      return handler(req, server)
+    } catch (err) {
+      if (err instanceof HttpError) return fail(err.statusCode, err.code, err.message)
+      console.error(err)
+      return fail(500, "internal", "服务器内部错误")
+    }
+  }
+}

package/server/src/http/router.ts

@@ -0,0 +1,27 @@
+import { getDb } from "../db/client.ts"
+import { appRoutes } from "../modules/app.ts"
+import { envRoutes } from "../modules/env.ts"
+import { inspectRoutes } from "../modules/inspect.ts"
+import { memberRoutes } from "../modules/member.ts"
+import { projectRoutes } from "../modules/project.ts"
+import { releaseRoutes } from "../modules/release.ts"
+import { tokenRoutes } from "../modules/token.ts"
+import { userRoutes } from "../modules/user.ts"
+import { ok, route } from "./response.ts"
+
+function health(): Response {
+  getDb().query(`SELECT 1`).get()
+  return ok({ status: "ok" })
+}
+
+export const routes = {
+  "/v1/health": { GET: route(health) },
+  ...userRoutes,
+  ...projectRoutes,
+  ...memberRoutes,
+  ...envRoutes,
+  ...appRoutes,
+  ...inspectRoutes,
+  ...releaseRoutes,
+  ...tokenRoutes,
+}

package/server/src/main.ts

@@ -0,0 +1,37 @@
+import { closeDb, migrate, openDb } from "./db/client.ts"
+import { routes } from "./http/router.ts"
+import { bootstrapAdmin } from "./shared/bootstrap.ts"
+import { getEnv, validateEnv } from "./shared/env.ts"
+
+async function main(): Promise<void> {
+  validateEnv()
+
+  openDb()
+
+  migrate()
+
+  await bootstrapAdmin()
+
+  const port = getEnv().port
+
+  const server = Bun.serve({
+    port,
+    routes,
+    fetch() {
+      return Response.json({ error: { code: "not_found", message: "未找到该接口" } }, { status: 404 })
+    },
+  })
+
+  console.log(`config-server 已启动 http://localhost:${server.port}`)
+
+  const shutdown = () => {
+    server.stop()
+    closeDb()
+    process.exit(0)
+  }
+
+  process.on("SIGTERM", shutdown)
+  process.on("SIGINT", shutdown)
+}
+
+main()

package/server/src/modules/app.ts

@@ -0,0 +1,100 @@
+import { getDb } from "../db/client.ts"
+import type { AppRow } from "../db/types.ts"
+import { HttpError, ok, optionalString, param, readBody, requireString, route } from "../http/response.ts"
+import { requireProjectRole, requireUser } from "../shared/auth.ts"
+import { SLUG_RE } from "../shared/consts.ts"
+import { findApp, findProject } from "../shared/resolve.ts"
+import { publicApp } from "../shared/serialize.ts"
+import { isPlainObject, newId, nowSec } from "../shared/utils.ts"
+
+function parseSchema(body: Record<string, unknown>): string {
+  if (body.schema === undefined || body.schema === null) return "{}"
+  if (!isPlainObject(body.schema)) throw new HttpError(400, "invalid_field", "schema 必须是 JSON Schema 对象")
+  return JSON.stringify(body.schema)
+}
+
+function requireSchema(body: Record<string, unknown>): string {
+  if (body.schema === undefined || body.schema === null)
+    throw new HttpError(400, "missing_field", "应用必须提供 schema")
+  if (!isPlainObject(body.schema)) throw new HttpError(400, "invalid_field", "schema 必须是 JSON Schema 对象")
+  return JSON.stringify(body.schema)
+}
+
+function listApps(req: Request): Response {
+  const user = requireUser(req)
+  const project = findProject(param(req, "project"))
+  requireProjectRole(user, project.id, "viewer")
+  const rows = getDb().query(`SELECT * FROM "App" WHERE projectId = ? ORDER BY createdAt`).all(project.id) as AppRow[]
+  return ok({ apps: rows.map(publicApp) })
+}
+
+async function createApp(req: Request): Promise<Response> {
+  const user = requireUser(req)
+  const project = findProject(param(req, "project"))
+  requireProjectRole(user, project.id, "admin")
+  const body = await readBody(req)
+  const slug = requireString(body, "slug", "应用标识")
+  const name = requireString(body, "name", "应用名称")
+  const description = optionalString(body, "description") ?? null
+  const schema = requireSchema(body)
+
+  if (!SLUG_RE.test(slug))
+    throw new HttpError(400, "invalid_field", "应用标识需以小写字母开头，仅含小写字母、数字、连字符")
+
+  const db = getDb()
+  if (db.query(`SELECT 1 FROM "App" WHERE projectId = ? AND slug = ?`).get(project.id, slug)) {
+    throw new HttpError(409, "conflict", "应用标识已存在")
+  }
+
+  const id = newId()
+  db.query(
+    `INSERT INTO "App" (id, projectId, slug, name, description, schema, createdBy) VALUES (?, ?, ?, ?, ?, ?, ?)`,
+  ).run(id, project.id, slug, name, description, schema, user.id)
+  const created = db.query(`SELECT * FROM "App" WHERE id = ?`).get(id) as AppRow
+  return ok({ app: publicApp(created) }, 201)
+}
+
+async function updateApp(req: Request): Promise<Response> {
+  const user = requireUser(req)
+  const project = findProject(param(req, "project"))
+  requireProjectRole(user, project.id, "admin")
+  const app = findApp(project.id, param(req, "app"))
+  const body = await readBody(req)
+  const name = optionalString(body, "name") ?? app.name
+  const description = body.description === undefined ? app.description : (optionalString(body, "description") ?? null)
+  const schema = body.schema === undefined ? app.schema : parseSchema(body)
+
+  const db = getDb()
+  db.query(`UPDATE "App" SET name = ?, description = ?, schema = ?, updatedAt = ? WHERE id = ?`).run(
+    name,
+    description,
+    schema,
+    nowSec(),
+    app.id,
+  )
+  const updated = db.query(`SELECT * FROM "App" WHERE id = ?`).get(app.id) as AppRow
+  return ok({ app: publicApp(updated) })
+}
+
+function deleteApp(req: Request): Response {
+  const user = requireUser(req)
+  const project = findProject(param(req, "project"))
+  requireProjectRole(user, project.id, "admin")
+  const app = findApp(project.id, param(req, "app"))
+  getDb().query(`DELETE FROM "App" WHERE id = ?`).run(app.id)
+  return ok({ deleted: true })
+}
+
+function getSchema(req: Request): Response {
+  const user = requireUser(req)
+  const project = findProject(param(req, "project"))
+  requireProjectRole(user, project.id, "viewer")
+  const app = findApp(project.id, param(req, "app"))
+  return ok({ schema: app.schema ? JSON.parse(app.schema) : null })
+}
+
+export const appRoutes = {
+  "/v1/projects/:project/apps": { GET: route(listApps), POST: route(createApp) },
+  "/v1/projects/:project/apps/:app": { PATCH: route(updateApp), DELETE: route(deleteApp) },
+  "/v1/projects/:project/apps/:app/schema": { GET: route(getSchema) },
+}