@claudelaw/taichu 0.6.0

package/packages/server/src/config.js

@@ -0,0 +1,136 @@
+/**
+ * Config — 集中式配置管理
+ *
+ * 替代散落的 process.env.TAICHU_* 读取，提供：
+ *   - Schema 验证（类型、必填、默认值、枚举）
+ *   - 启动时一次性校验，拒绝无效配置
+ *   - 不可变配置对象
+ */
+
+const schema = [
+  // Server
+  { key: 'port',          env: 'TAICHU_PORT',          type: 'number',  default: 3120,  min: 1, max: 65535 },
+  { key: 'host',          env: 'TAICHU_HOST',          type: 'string',  default: '0.0.0.0' },
+  { key: 'version',       env: 'TAICHU_VERSION',       type: 'string',  default: '0.6.0' },
+
+  // Storage
+  { key: 'storage',       env: 'TAICHU_STORAGE',       type: 'enum',    default: 'memory',  values: ['memory', 'sqlite'] },
+  { key: 'dataDir',       env: 'TAICHU_DATA_DIR',       type: 'string',  default: null },
+  { key: 'sqliteFlushMs', env: 'TAICHU_SQLITE_FLUSH_MS',type: 'number', default: 5000, min: 1000, max: 60000 },
+
+  // Auth
+  { key: 'jwtSecret',     env: 'TAICHU_JWT_SECRET',    type: 'string',  default: '__AUTO__' },
+  { key: 'jwtExpiresIn',  env: 'TAICHU_JWT_EXPIRES_IN',type: 'string',  default: '7d' },
+
+  // Security
+  { key: 'publicRead',    env: 'TAICHU_PUBLIC_READ',   type: 'boolean', default: false },
+  { key: 'maxBodySize',   env: 'TAICHU_MAX_BODY_SIZE', type: 'number',  default: 5 * 1024 * 1024, min: 1024 },
+  { key: 'maxFileSize',   env: 'TAICHU_MAX_FILE_SIZE', type: 'number',  default: 50 * 1024 * 1024, min: 1024 },
+
+  // Uploads
+  { key: 'uploadDir',     env: 'TAICHU_UPLOAD_DIR',    type: 'string',  default: null },
+
+  // Logging
+  { key: 'logLevel',      env: 'TAICHU_LOG_LEVEL',     type: 'enum',    default: 'info',    values: ['debug', 'info', 'warn', 'error'] },
+  { key: 'logFormat',     env: 'TAICHU_LOG_FORMAT',    type: 'enum',    default: 'pretty',  values: ['pretty', 'json'] },
+
+  // Environment
+  { key: 'nodeEnv',       env: 'NODE_ENV',           type: 'enum',    default: 'development', values: ['development', 'production', 'test'] },
+];
+
+/**
+ * @typedef {object} TaichuConfig
+ */
+
+let _config = null;
+let _warnings = [];
+
+/**
+ * Load and validate configuration.
+ * Call once at startup. Returns frozen config object.
+ *
+ * @returns {TaichuConfig}
+ */
+export function loadConfig() {
+  if (_config) return _config;
+
+  const config = {};
+  const issues = [];
+
+  for (const field of schema) {
+    let value = process.env[field.env];
+
+    if (value === undefined || value === '') {
+      value = field.default;
+    }
+
+    // Type coercion & validation
+    switch (field.type) {
+      case 'number': {
+        const num = parseInt(value, 10);
+        if (isNaN(num)) {
+          issues.push(`${field.env}: "${value}" is not a valid number, using default ${field.default}`);
+          value = field.default;
+        } else if (field.min !== undefined && num < field.min) {
+          issues.push(`${field.env}: ${num} < min ${field.min}, using ${field.min}`);
+          value = field.min;
+        } else if (field.max !== undefined && num > field.max) {
+          issues.push(`${field.env}: ${num} > max ${field.max}, using ${field.max}`);
+          value = field.max;
+        } else {
+          value = num;
+        }
+        break;
+      }
+      case 'boolean': {
+        value = value === '1' || value === 'true' || value === 'yes';
+        break;
+      }
+      case 'enum': {
+        if (!field.values.includes(value)) {
+          issues.push(`${field.env}: "${value}" not in [${field.values.join(', ')}], using default "${field.default}"`);
+          value = field.default;
+        }
+        break;
+      }
+      default:
+        value = String(value);
+    }
+
+    config[field.key] = value;
+  }
+
+  _warnings = issues;
+  _config = Object.freeze(config);
+
+  return _config;
+}
+
+/**
+ * Get warnings from config loading (for logging on startup).
+ */
+export function getConfigWarnings() {
+  return _warnings;
+}
+
+/**
+ * Get current config (must call loadConfig() first).
+ */
+export function getConfig() {
+  if (!_config) throw new Error('Config not loaded. Call loadConfig() first.');
+  return _config;
+}
+
+/**
+ * Print config summary for startup banner.
+ */
+export function configSummary() {
+  const c = getConfig();
+  return [
+    `  Storage:   ${c.storage === 'sqlite' ? `sqlite (${c.dataDir || '.taichu/data/taichu.db'})` : 'memory'}`,
+    `  Log:       ${c.logLevel} / ${c.logFormat}`,
+    `  Public:    ${c.publicRead ? 'read enabled' : 'auth required'}`,
+    `  Uploads:   ${c.maxFileSize / 1024 / 1024}MB max`,
+    ''
+  ].join('\n');
+}

package/packages/server/src/context.js

@@ -0,0 +1,86 @@
+/**
+ * Context — 请求上下文
+ *
+ * 贯穿整个请求生命周期的上下文对象。
+ * 包含：
+ *   - req/res — 原始 Node.js 请求/响应对象
+ *   - url — 解析后的 URL 对象
+ *   - body — 解析后的请求体
+ *   - config — 全局配置
+ *   - state — 中间件/路由之间传递数据
+ *   - tenantId — 租户 ID（默认 'default'，可通过 API Key 或 X-Taichu-Tenant 头覆盖）
+ *   - multiTenant — 是否启用多租户模式
+ */
+
+import { createStore as createCoreStore, createHookSystem } from '../../core/src/index.js';
+
+let _store = null;
+let _storePromise = null;
+let _hooks = null;
+
+/** Check if multi-tenant mode is enabled */
+const MULTI_TENANT = process.env.TAICHU_MULTI_TENANT === '1';
+
+/**
+ * Ensure the store singleton is initialized (async-safe).
+ * @param {object} config
+ */
+async function ensureStore(config) {
+  if (_store) return _store;
+  if (_storePromise) return _storePromise;
+
+  _storePromise = createCoreStore({ engine: config.storage || 'memory', dataDir: config.dataDir });
+  _store = await _storePromise;
+  return _store;
+}
+
+/**
+ * Extract tenant ID from request context.
+ * Priority: API Key scope > X-Taichu-Tenant header > default
+ */
+function extractTenantId(req) {
+  if (!MULTI_TENANT) return 'default';
+
+  // Check X-Taichu-Tenant header (admin override)
+  const header = req.headers['x-taichu-tenant'];
+  if (header && typeof header === 'string') return header;
+
+  // Default tenant
+  return 'default';
+}
+
+/**
+ * @param {object} params
+ * @returns {Promise<Context>}
+ */
+export async function createContext({ req, res, url, body, config = {} }) {
+  if (!_store) {
+    await ensureStore(config);
+  }
+  if (!_hooks) {
+    _hooks = createHookSystem();
+  }
+
+  const tenantId = extractTenantId(req);
+
+  return {
+    req,
+    res,
+    url,
+    body,
+    config,
+    store: _store,
+    hooks: _hooks,
+    state: {},
+    /** @type {object|null} authenticated actor (human user or agent) */
+    actor: null,
+    /** Tenant ID for multi-tenant isolation */
+    tenantId,
+    /** Whether multi-tenant mode is active */
+    multiTenant: MULTI_TENANT
+  };
+}
+
+export function getStore() { return _store; }
+export function getHooks() { return _hooks; }
+export function isMultiTenant() { return MULTI_TENANT; }

package/packages/server/src/email.js

@@ -0,0 +1,317 @@
+/**
+ * Email Notification — 邮件通知渠道
+ *
+ * 零外部依赖 SMTP 客户端（基于 node:net + node:tls + node:crypto）。
+ * 环境变量：
+ *   TAICHU_SMTP_HOST     — SMTP 服务器地址
+ *   TAICHU_SMTP_PORT     — 端口（默认 587 STARTTLS, 465 SMTPS）
+ *   TAICHU_SMTP_USER     — 认证用户名
+ *   TAICHU_SMTP_PASS     — 认证密码
+ *   TAICHU_SMTP_FROM     — 发件人地址
+ *   TAICHU_SMTP_TO       — 收件人（逗号分隔）
+ *   TAICHU_SMTP_CC       — 抄送（可选，逗号分隔）
+ *   TAICHU_SMTP_BCC      — 密送（可选，逗号分隔）
+ *   TAICHU_SMTP_SECURE   — 设为 '1' 强制 TLS 直连（端口 465 模式）
+ *   TAICHU_SMTP_TLS_REJECT_UNAUTHORIZED — 设为 '0' 跳过证书验证（仅开发）
+ */
+
+import { createConnection } from 'node:net';
+import { connect } from 'node:tls';
+import { randomBytes } from 'node:crypto';
+import { createLogger } from './logger.js';
+
+const log = createLogger('email');
+
+const CONNECT_TIMEOUT = 15000;
+
+/**
+ * Send an HTML email via SMTP.
+ * @param {object} opts
+ * @param {string} opts.to       — recipient(s), comma-separated
+ * @param {string} opts.subject  — email subject
+ * @param {string} opts.html     — HTML body
+ * @param {string} [opts.cc]     — CC recipient(s)
+ * @param {string} [opts.bcc]    — BCC recipient(s)
+ * @returns {Promise<{success: boolean, messageId?: string, error?: string}>}
+ */
+export async function sendEmail(opts) {
+  const host = process.env.TAICHU_SMTP_HOST;
+  const port = parseInt(process.env.TAICHU_SMTP_PORT) || 587;
+  const user = process.env.TAICHU_SMTP_USER;
+  const pass = process.env.TAICHU_SMTP_PASS;
+  const from = process.env.TAICHU_SMTP_FROM;
+
+  if (!host || !user || !pass || !from) {
+    return { success: false, error: 'SMTP not configured (missing TAICHU_SMTP_HOST/USER/PASS/FROM)' };
+  }
+
+  const to = opts.to || process.env.TAICHU_SMTP_TO;
+  if (!to) {
+    return { success: false, error: 'No recipients' };
+  }
+
+  const cc = opts.cc || process.env.TAICHU_SMTP_CC || '';
+  const bcc = opts.bcc || process.env.TAICHU_SMTP_BCC || '';
+  const useTLS = process.env.TAICHU_SMTP_SECURE === '1' || port === 465;
+  const rejectUnauthorized = process.env.TAICHU_SMTP_TLS_REJECT_UNAUTHORIZED !== '0';
+
+  try {
+    const messageId = await smtpSend({
+      host, port, user, pass, from, to, cc, bcc,
+      subject: opts.subject, html: opts.html,
+      useTLS, rejectUnauthorized
+    });
+    return { success: true, messageId };
+  } catch (err) {
+    log.error(`Email send failed: ${err.message}`);
+    return { success: false, error: err.message };
+  }
+}
+
+/**
+ * Low-level SMTP transaction.
+ */
+function smtpSend(cfg) {
+  return new Promise((resolve, reject) => {
+    const socket = cfg.useTLS
+      ? connect({ host: cfg.host, port: cfg.port, rejectUnauthorized: cfg.rejectUnauthorized, timeout: CONNECT_TIMEOUT })
+      : createConnection({ host: cfg.host, port: cfg.port, timeout: CONNECT_TIMEOUT });
+
+    let buffer = '';
+    let authMethod = null;
+
+    socket.setEncoding('utf8');
+
+    const readResponse = () => {
+      return new Promise((res) => {
+        const check = () => {
+          const idx = buffer.indexOf('\r\n');
+          if (idx >= 0) {
+            const line = buffer.substring(0, idx);
+            buffer = buffer.substring(idx + 2);
+            const code = parseInt(line.substring(0, 3));
+            res({ code, line, continued: line[3] === '-' });
+          } else {
+            socket.once('data', () => check());
+          }
+        };
+        check();
+      });
+    };
+
+    const send = (cmd) => {
+      socket.write(cmd + '\r\n');
+    };
+
+    const multiLine = async () => {
+      const lines = [];
+      let resp = await readResponse();
+      lines.push(resp.line);
+      while (resp.continued) {
+        resp = await readResponse();
+        lines.push(resp.line);
+      }
+      if (resp.code >= 400) throw new Error(`SMTP ${resp.code}: ${resp.line}`);
+      return { code: resp.code, lines };
+    };
+
+    socket.on('data', (data) => {
+      buffer += data;
+    });
+
+    socket.on('timeout', () => {
+      socket.destroy();
+      reject(new Error('SMTP connection timeout'));
+    });
+
+    socket.on('error', reject);
+
+    (async () => {
+      try {
+        // 1. Read banner
+        let resp = await multiLine();
+
+        // 2. EHLO
+        const hostname = 'taichu.local';
+        send(`EHLO ${hostname}`);
+        resp = await multiLine();
+
+        const capabilities = resp.lines.map(l => l.substring(4)).join(' ');
+
+        // 3. STARTTLS (if not already secure)
+        if (!cfg.useTLS && capabilities.includes('STARTTLS')) {
+          send('STARTTLS');
+          resp = await readResponse();
+          if (resp.code !== 220) throw new Error(`STARTTLS rejected: ${resp.line}`);
+
+          // Upgrade socket to TLS
+          const tlsSocket = connect({
+            socket,
+            host: cfg.host,
+            rejectUnauthorized: cfg.rejectUnauthorized,
+            timeout: CONNECT_TIMEOUT
+          });
+          // Replace socket refs
+          tlsSocket.setEncoding('utf8');
+          tlsSocket.on('data', (d) => { buffer += d; });
+          tlsSocket.on('timeout', () => { tlsSocket.destroy(); reject(new Error('TLS timeout')); });
+          tlsSocket.on('error', reject);
+
+          // Re-EHLO over TLS
+          send(`EHLO ${hostname}`);
+          resp = await multiLine();
+          const tlsCapabilities = resp.lines.map(l => l.substring(4)).join(' ');
+          authMethod = detectAuth(tlsCapabilities);
+        } else {
+          authMethod = detectAuth(capabilities);
+        }
+
+        // 4. AUTH LOGIN
+        if (authMethod === 'LOGIN') {
+          send('AUTH LOGIN');
+          resp = await readResponse();
+          if (resp.code !== 334) throw new Error(`AUTH LOGIN not accepted: ${resp.line}`);
+
+          send(Buffer.from(cfg.user).toString('base64'));
+          resp = await readResponse();
+          if (resp.code !== 334) throw new Error(`Username rejected: ${resp.line}`);
+
+          send(Buffer.from(cfg.pass).toString('base64'));
+          resp = await readResponse();
+          if (resp.code !== 235) throw new Error(`Password rejected: ${resp.line}`);
+        } else if (authMethod === 'PLAIN') {
+          const token = Buffer.from(`\0${cfg.user}\0${cfg.pass}`).toString('base64');
+          send('AUTH PLAIN ' + token);
+          resp = await readResponse();
+          if (resp.code !== 235) throw new Error(`AUTH PLAIN rejected: ${resp.line}`);
+        } else {
+          throw new Error('No supported AUTH method (need LOGIN or PLAIN)');
+        }
+
+        // 5. MAIL FROM
+        send(`MAIL FROM:<${cfg.from}>`);
+        resp = await readResponse();
+        if (resp.code !== 250) throw new Error(`MAIL FROM rejected: ${resp.line}`);
+
+        // 6. RCPT TO
+        const allRecipients = [
+          ...cfg.to.split(',').map(s => s.trim()).filter(Boolean),
+          ...cfg.cc.split(',').map(s => s.trim()).filter(Boolean),
+          ...cfg.bcc.split(',').map(s => s.trim()).filter(Boolean)
+        ];
+        for (const rcpt of allRecipients) {
+          send(`RCPT TO:<${rcpt}>`);
+          resp = await readResponse();
+          if (resp.code >= 400) log.warn(`RCPT TO ${rcpt} rejected: ${resp.line}`);
+        }
+
+        // 7. DATA
+        send('DATA');
+        resp = await readResponse();
+        if (resp.code !== 354) throw new Error(`DATA not accepted: ${resp.line}`);
+
+        const messageId = `<${Date.now()}.${randomBytes(6).toString('hex')}@taichu>`;
+        const date = new Date().toUTCString();
+        const boundary = `--_Taichu_${randomBytes(12).toString('hex')}`;
+
+        const rawEmail = [
+          `From: ${cfg.from}`,
+          `To: ${cfg.to}`,
+          cfg.cc ? `Cc: ${cfg.cc}` : '',
+          `Date: ${date}`,
+          `Message-ID: ${messageId}`,
+          `Subject: =?UTF-8?B?${Buffer.from(cfg.subject).toString('base64')}?=`,
+          'MIME-Version: 1.0',
+          `Content-Type: multipart/alternative; boundary="${boundary}"`,
+          '',
+          `--${boundary}`,
+          'Content-Type: text/plain; charset=UTF-8',
+          'Content-Transfer-Encoding: base64',
+          '',
+          Buffer.from(stripHtml(cfg.html)).toString('base64'),
+          '',
+          `--${boundary}`,
+          'Content-Type: text/html; charset=UTF-8',
+          'Content-Transfer-Encoding: base64',
+          '',
+          Buffer.from(cfg.html).toString('base64'),
+          '',
+          `--${boundary}--`,
+          '.'
+        ].filter(l => l !== '').join('\r\n');
+
+        send(rawEmail);
+        resp = await readResponse();
+        if (resp.code !== 250) throw new Error(`Message rejected: ${resp.line}`);
+
+        // 8. QUIT
+        send('QUIT');
+        socket.end();
+
+        resolve(messageId);
+      } catch (err) {
+        try { send('QUIT'); socket.end(); } catch (_) {}
+        reject(err);
+      }
+    })();
+  });
+}
+
+function detectAuth(capabilities) {
+  if (capabilities.includes('AUTH LOGIN')) return 'LOGIN';
+  if (capabilities.includes('AUTH PLAIN')) return 'PLAIN';
+  return null;
+}
+
+function stripHtml(html) {
+  return html.replace(/<[^>]+>/g, '').replace(/\s+/g, ' ').trim();
+}
+
+/**
+ * Build notification email HTML.
+ */
+export function buildEmailHtml(event, data) {
+  const { title, url, actor, summary } = normalizeEmailData(data);
+  return `
+<!DOCTYPE html>
+<html><head><meta charset="utf-8"></head>
+<body style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; max-width: 600px; margin: 0 auto; padding: 24px; color: #1E1B4B;">
+  <div style="background: linear-gradient(135deg, #1E1B4B, #312E81); color: white; padding: 24px; border-radius: 12px 12px 0 0;">
+    <h2 style="margin: 0; font-size: 18px;">Taichu CMS ${eventLabelEmail(event)}</h2>
+  </div>
+  <div style="border: 1px solid #E5E7EB; border-top: 0; border-radius: 0 0 12px 12px; padding: 24px;">
+    <h3 style="margin: 0 0 12px; color: #1E1B4B;">${escapeHtml(title)}</h3>
+    <p style="color: #6B7280; line-height: 1.6;">${escapeHtml(summary)}</p>
+    <p style="color: #9CA3AF; font-size: 13px;">${escapeHtml(actor)} · ${new Date().toLocaleString('zh-CN')}</p>
+    ${url ? `<a href="${url}" style="display: inline-block; margin-top: 16px; background: #1E1B4B; color: white; padding: 10px 20px; border-radius: 8px; text-decoration: none;">查看详情</a>` : ''}
+  </div>
+  <p style="color: #D1D5DB; font-size: 12px; text-align: center; margin-top: 16px;">
+    Taichu CMS Notification · <a href="https://github.com/Caludelaw/Taichu" style="color: #9CA3AF;">github.com/Caludelaw/Taichu</a>
+  </p>
+</body></html>`;
+}
+
+function normalizeEmailData(data) {
+  return {
+    title: data.doc?.data?.title || data.doc?.id || 'Untitled',
+    url: data.url || '',
+    actor: data.actor || 'System',
+    summary: typeof data.doc?.data?.body === 'string'
+      ? data.doc.data.body.substring(0, 200)
+      : (data.summary || '')
+  };
+}
+
+function eventLabelEmail(e) {
+  const map = {
+    content_created: '📝 内容创建', content_updated: '✏️ 内容更新',
+    content_deleted: '🗑️ 内容删除', content_published: '🚀 内容发布',
+    content_scheduled: '⏰ 定时发布', review_requested: '👀 请求审核',
+    agent_action: '🤖 Agent 操作'
+  };
+  return map[e] || '📌 通知';
+}
+
+function escapeHtml(s) {
+  return String(s).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+}