@claudelaw/taichu 0.6.0

package/packages/server/src/routes/audit.js

@@ -0,0 +1,222 @@
+/**
+ * Audit & Pipeline API Routes
+ *
+ * GET  /api/audit          — Query audit logs
+ * GET  /api/audit/stats    — Audit statistics
+ * GET  /api/pipelines      — List pipeline templates
+ * POST /api/pipelines/run  — Execute a pipeline
+ * GET  /api/site-settings  — Get site settings (ICP, analytics, etc.)
+ * PUT  /api/site-settings  — Update site settings
+ */
+
+import { requireAuth } from '../middleware/auth.js';
+import { query as queryAudit, cleanupOldLogs } from '../audit.js';
+import { getStore } from '../context.js';
+
+export async function auditRoutes(ctx) {
+  const { pathname } = ctx.url;
+  const method = ctx.req.method;
+
+  // GET /api/audit
+  if (pathname === '/api/audit' && method === 'GET') {
+    const authResult = await requireAuth(ctx);
+    if (!authResult.authenticated) {
+      ctx.res.writeHead(authResult.status, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: authResult.error, message: authResult.message }));
+      return;
+    }
+
+    const entries = await queryAudit(Object.fromEntries(ctx.url.searchParams));
+    ctx.res.writeHead(200, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify({ entries, total: entries.length }));
+    return;
+  }
+
+  // GET /api/audit/stats
+  if (pathname === '/api/audit/stats' && method === 'GET') {
+    const authResult = await requireAuth(ctx);
+    if (!authResult.authenticated) {
+      ctx.res.writeHead(authResult.status, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: authResult.error, message: authResult.message }));
+      return;
+    }
+
+    const entries = await queryAudit({ limit: 1000 });
+    const byAction = {};
+    const byActor = {};
+    for (const e of entries) {
+      byAction[e.action] = (byAction[e.action] || 0) + 1;
+      const key = `${e.actorType}:${e.actorId.substring(0, 8)}`;
+      byActor[key] = (byActor[key] || 0) + 1;
+    }
+
+    ctx.res.writeHead(200, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify({ total: entries.length, byAction, byActor }));
+    return;
+  }
+
+  // GET/PUT /api/site-settings
+  if (pathname === '/api/site-settings') {
+    const store = getStore();
+
+    if (method === 'GET') {
+      const docs = await store.list({ type: 'site_settings', limit: 1 });
+      const settings = docs[0]?.data || getDefaultSettings();
+      ctx.res.writeHead(200, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify(settings));
+      return;
+    }
+
+    if (method === 'PUT') {
+      const authResult = await requireAuth(ctx);
+      if (!authResult.authenticated) {
+        ctx.res.writeHead(authResult.status, { 'Content-Type': 'application/json' });
+        ctx.res.end(JSON.stringify({ error: authResult.error, message: authResult.message }));
+        return;
+      }
+
+      const docs = await store.list({ type: 'site_settings', limit: 1 });
+      const existing = docs[0];
+
+      if (existing) {
+        const merged = { ...existing.data, ...ctx.body };
+        await store.update(existing.id, { data: merged });
+      } else {
+        await store.create({ type: 'site_settings', data: { ...getDefaultSettings(), ...ctx.body } });
+      }
+
+      ctx.res.writeHead(200, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ success: true }));
+      return;
+    }
+  }
+
+  // GET /api/pipelines
+  if (pathname === '/api/pipelines' && method === 'GET') {
+    const { PipelineEngine } = await import('../pipeline.js');
+    const store = getStore();
+    const hooks = (await import('../context.js')).getHooks();
+    const engine = new PipelineEngine(store, hooks);
+    ctx.res.writeHead(200, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify({ templates: engine.listTemplates() }));
+    return;
+  }
+
+  ctx.res.writeHead(404, { 'Content-Type': 'application/json' });
+  ctx.res.end(JSON.stringify({ error: 'NOT_FOUND' }));
+}
+
+// ── Revision Routes (also used by API) ────────────────────
+
+import { getRevisions, diffObjects, restoreRevision } from '../revisions.js';
+
+/**
+ * Handle revision routes.
+ * GET  /api/content/:type/:id/revisions
+ * GET  /api/content/:type/:id/revisions/diff?from=revId1&to=revId2
+ * POST /api/content/:type/:id/revisions/:revId/restore
+ */
+export async function revisionRoutes(ctx, type, id) {
+  const { pathname } = ctx.url;
+  const method = ctx.req.method;
+
+  const authResult = await requireAuth(ctx);
+  if (!authResult.authenticated) {
+    ctx.res.writeHead(authResult.status, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify({ error: authResult.error, message: authResult.message }));
+    return;
+  }
+
+  // GET revisions diff between two versions
+  const diffMatch = pathname.match(/\/revisions\/diff$/);
+  if (diffMatch && method === 'GET') {
+    const fromId = ctx.url.searchParams.get('from');
+    const toId = ctx.url.searchParams.get('to');
+
+    if (!fromId || !toId) {
+      ctx.res.writeHead(400, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: 'VALIDATION_ERROR', message: 'Both "from" and "to" revision IDs are required' }));
+      return;
+    }
+
+    const store = getStore();
+    const fromRev = await store.get(fromId);
+    const toRev = await store.get(toId);
+
+    if (!fromRev || fromRev.type !== 'revision' || fromRev.data.docId !== id) {
+      ctx.res.writeHead(404, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: 'NOT_FOUND', message: 'Source revision not found' }));
+      return;
+    }
+    if (!toRev || toRev.type !== 'revision' || toRev.data.docId !== id) {
+      ctx.res.writeHead(404, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: 'NOT_FOUND', message: 'Target revision not found' }));
+      return;
+    }
+
+    const dataDiff = diffObjects(fromRev.data.data, toRev.data.data);
+    const statusChanged = fromRev.data.status !== toRev.data.status;
+
+    ctx.res.writeHead(200, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify({
+      from: {
+        id: fromRev.id,
+        timestamp: fromRev.data.timestamp || fromRev.createdAt,
+        status: fromRev.data.status,
+        author: fromRev.data.author
+      },
+      to: {
+        id: toRev.id,
+        timestamp: toRev.data.timestamp || toRev.createdAt,
+        status: toRev.data.status,
+        author: toRev.data.author
+      },
+      statusChanged,
+      statusDiff: statusChanged ? { from: fromRev.data.status, to: toRev.data.status } : null,
+      fieldsChanged: dataDiff.length,
+      diff: dataDiff
+    }));
+    return;
+  }
+
+  // GET revisions list
+  if (pathname.endsWith('/revisions') && method === 'GET') {
+    const revs = await getRevisions(id);
+    const result = revs.map((r, i, arr) => ({
+      ...r,
+      diff: i < arr.length - 1 ? diffObjects(arr[i + 1].data, r.data) : []
+    }));
+    ctx.res.writeHead(200, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify({ revisions: result, total: result.length }));
+    return;
+  }
+
+  // POST restore
+  const restoreMatch = pathname.match(/\/revisions\/([\w-]+)\/restore$/);
+  if (restoreMatch && method === 'POST') {
+    const doc = await restoreRevision(id, restoreMatch[1]);
+    if (!doc) {
+      ctx.res.writeHead(404, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: 'NOT_FOUND' }));
+      return;
+    }
+    ctx.res.writeHead(200, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify({ success: true, doc }));
+    return;
+  }
+
+  ctx.res.writeHead(404, { 'Content-Type': 'application/json' });
+  ctx.res.end(JSON.stringify({ error: 'NOT_FOUND' }));
+}
+
+function getDefaultSettings() {
+  return {
+    siteName: 'Taichu CMS',
+    siteDescription: '',
+    icpNumber: '',
+    gonganNumber: '',
+    analyticsId: '',
+    language: 'zh-CN',
+    timezone: 'Asia/Shanghai'
+  };
+}

package/packages/server/src/routes/auth.js

@@ -0,0 +1,205 @@
+/**
+ * Auth Routes — 注册、登录、API Key 管理
+ *
+ * POST /api/auth/register   — 注册新用户
+ * POST /api/auth/login      — 用户登录，返回 JWT
+ * POST /api/auth/apikeys    — 生成新 API Key（需认证）
+ * GET  /api/auth/apikeys    — 列出所有 API Key（需认证）
+ * DELETE /api/auth/apikeys/:prefix — 删除 API Key（需认证）
+ */
+
+import { hashPassword, verifyPassword, signJWT, generateAPIKey } from '../../../core/src/auth.js';
+import { ValidationError, UnauthorizedError } from '../../../core/src/errors.js';
+import { requireAuth, getJwtSecret } from '../middleware/auth.js';
+import { getStore } from '../context.js';
+
+export async function authRoutes(ctx) {
+  const { pathname } = ctx.url;
+  const method = ctx.req.method;
+
+  // POST /api/auth/register
+  if (pathname === '/api/auth/register' && method === 'POST') {
+    const { username, email, password } = ctx.body || {};
+
+    if (!username || !password) {
+      ctx.res.writeHead(400, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: 'VALIDATION_ERROR', message: 'Username and password are required' }));
+      return;
+    }
+
+    if (typeof username !== 'string' || username.length < 2 || username.length > 50) {
+      ctx.res.writeHead(400, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: 'VALIDATION_ERROR', message: 'Username must be 2-50 characters' }));
+      return;
+    }
+
+    if (password.length < 6) {
+      ctx.res.writeHead(400, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: 'VALIDATION_ERROR', message: 'Password must be at least 6 characters' }));
+      return;
+    }
+
+    // Check if username exists
+    const existing = await ctx.store.list({ type: 'user', search: username });
+    const userExists = existing.some(u => u.data.username === username);
+
+    if (userExists) {
+      ctx.res.writeHead(409, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: 'CONFLICT', message: 'Username already taken' }));
+      return;
+    }
+
+    const hashedPw = hashPassword(password);
+
+    const user = await ctx.store.create({
+      type: 'user',
+      data: { username, email: email || '', password: hashedPw },
+      status: 'active'
+    });
+
+    // Issue JWT immediately after registration
+    const secret = getJwtSecret();
+    const token = signJWT(
+      { sub: user.id, username: user.data.username, role: 'author' },
+      secret,
+      { expiresIn: '7d' }
+    );
+
+    ctx.res.writeHead(201, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify({
+      user: { id: user.id, username: user.data.username, email: user.data.email },
+      token
+    }));
+    return;
+  }
+
+  // POST /api/auth/login
+  if (pathname === '/api/auth/login' && method === 'POST') {
+    const { username, password } = ctx.body || {};
+
+    if (!username || !password) {
+      ctx.res.writeHead(400, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: 'VALIDATION_ERROR', message: 'Username and password are required' }));
+      return;
+    }
+
+    const users = await ctx.store.list({ type: 'user', status: 'active' });
+    const user = users.find(u => u.data.username === username);
+
+    if (!user || !verifyPassword(password, user.data.password)) {
+      ctx.res.writeHead(401, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: 'UNAUTHORIZED', message: 'Invalid username or password' }));
+      return;
+    }
+
+    const secret = getJwtSecret();
+    const token = signJWT(
+      { sub: user.id, username: user.data.username, role: user.data.role || 'author' },
+      secret,
+      { expiresIn: '7d' }
+    );
+
+    ctx.res.writeHead(200, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify({
+      user: { id: user.id, username: user.data.username, email: user.data.email, role: user.data.role || 'author' },
+      token
+    }));
+    return;
+  }
+
+  // POST /api/auth/apikeys — Generate new API Key (requires auth)
+  if (pathname === '/api/auth/apikeys' && method === 'POST') {
+    const authResult = await requireAuth(ctx);
+    if (!authResult.authenticated) {
+      ctx.res.writeHead(authResult.status, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: authResult.error, message: authResult.message }));
+      return;
+    }
+    ctx.actor = authResult.actor;
+
+    const { label, scopes } = ctx.body || {};
+    const apiKey = generateAPIKey(label || 'Default');
+
+    // Store the hash with scopes (default: read-only for all types)
+    const keyScopes = (Array.isArray(scopes) && scopes.length > 0) ? scopes : ['*:read'];
+
+    await ctx.store.create({
+      type: 'api_key',
+      data: {
+        prefix: apiKey.prefix,
+        hash: apiKey.hash,
+        label: apiKey.label,
+        ownerId: ctx.actor.id,
+        scopes: keyScopes
+      },
+      status: 'active'
+    });
+
+    ctx.res.writeHead(201, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify({
+      key: apiKey.key,
+      prefix: apiKey.prefix,
+      label: apiKey.label,
+      scopes: keyScopes,
+      message: 'Save this key — it will not be shown again'
+    }));
+    return;
+  }
+
+  // GET /api/auth/apikeys — List API Keys (requires auth)
+  if (pathname === '/api/auth/apikeys' && method === 'GET') {
+    const authResult = await requireAuth(ctx);
+    if (!authResult.authenticated) {
+      ctx.res.writeHead(authResult.status, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: authResult.error, message: authResult.message }));
+      return;
+    }
+    ctx.actor = authResult.actor;
+
+    const keys = await ctx.store.list({ type: 'api_key', status: 'active' });
+    const myKeys = keys
+      .filter(k => k.data.ownerId === ctx.actor.id)
+      .map(k => ({
+        prefix: k.data.prefix,
+        label: k.data.label,
+        scopes: k.data.scopes || ['*:*'],
+        createdAt: k.createdAt
+      }));
+
+    ctx.res.writeHead(200, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify({ keys: myKeys }));
+    return;
+  }
+
+  // DELETE /api/auth/apikeys/:prefix — Revoke API Key (requires auth)
+  const keyMatch = pathname.match(/^\/api\/auth\/apikeys\/(taichu_[a-f0-9]+)$/);
+  if (keyMatch && method === 'DELETE') {
+    const authResult = await requireAuth(ctx);
+    if (!authResult.authenticated) {
+      ctx.res.writeHead(authResult.status, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: authResult.error, message: authResult.message }));
+      return;
+    }
+    ctx.actor = authResult.actor;
+
+    const prefix = keyMatch[1];
+    const keys = await ctx.store.list({ type: 'api_key', status: 'active' });
+    const myKey = keys.find(k => k.data.prefix === prefix && k.data.ownerId === ctx.actor.id);
+
+    if (!myKey) {
+      ctx.res.writeHead(404, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: 'NOT_FOUND', message: 'API key not found' }));
+      return;
+    }
+
+    await ctx.store.update(myKey.id, { status: 'revoked' });
+
+    ctx.res.writeHead(200, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify({ message: `API key ${prefix.substring(0, 11)}... revoked` }));
+    return;
+  }
+
+  // 404
+  ctx.res.writeHead(404, { 'Content-Type': 'application/json' });
+  ctx.res.end(JSON.stringify({ error: 'NOT_FOUND', message: `Auth route not found: ${method} ${pathname}` }));
+}

package/packages/server/src/routes/collab.js

@@ -0,0 +1,90 @@
+/**
+ * Collaboration & WebSocket Routes
+ *
+ * POST /api/collab/sessions/:docId   — Acquire editing session
+ * DELETE /api/collab/sessions/:docId  — Release editing session
+ * GET  /api/collab/sessions            — List active sessions
+ * GET  /api/ws                        — WebSocket connection info
+ */
+
+import { requireAuth } from '../middleware/auth.js';
+import { getCollab } from '../collab.js';
+import { getWSS } from '../websocket.js';
+
+/**
+ * @param {import('../context.js').Context} ctx
+ */
+export async function collabRoutes(ctx) {
+  const { pathname } = ctx.url;
+  const method = ctx.req.method;
+
+  // WebSocket info + stats
+  if (pathname === '/api/ws' && method === 'GET') {
+    const wss = getWSS();
+    ctx.res.writeHead(200, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify({
+      protocol: 'ws',
+      endpoint: `ws://localhost:${ctx.config.port || 3120}`,
+      stats: wss.getStats(),
+      usage: 'Connect via WebSocket, then send: {"type":"subscribe","channel":"article"}'
+    }));
+    return;
+  }
+
+  // GET /api/collab/sessions — list active sessions
+  if (pathname === '/api/collab/sessions' && method === 'GET') {
+    const authResult = await requireAuth(ctx);
+    if (!authResult.authenticated) {
+      ctx.res.writeHead(authResult.status, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: authResult.error, message: authResult.message }));
+      return;
+    }
+    const collab = getCollab();
+    ctx.res.writeHead(200, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify({ sessions: collab.listSessions() }));
+    return;
+  }
+
+  // POST /api/collab/sessions/:docId — acquire
+  const acquireMatch = pathname.match(/^\/api\/collab\/sessions\/([\w-]+)$/);
+  if (acquireMatch && method === 'POST') {
+    const authResult = await requireAuth(ctx);
+    if (!authResult.authenticated) {
+      ctx.res.writeHead(authResult.status, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: authResult.error, message: authResult.message }));
+      return;
+    }
+    const docId = acquireMatch[1];
+    const collab = getCollab();
+    const result = collab.acquire(docId, {
+      id: authResult.actor.id,
+      type: authResult.actor.type,
+      username: authResult.actor.username,
+      label: authResult.actor.label
+    });
+
+    ctx.res.writeHead(result.acquired ? 200 : 409, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify(result));
+    return;
+  }
+
+  // DELETE /api/collab/sessions/:docId — release
+  if (acquireMatch && method === 'DELETE') {
+    const authResult = await requireAuth(ctx);
+    if (!authResult.authenticated) {
+      ctx.res.writeHead(authResult.status, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: authResult.error, message: authResult.message }));
+      return;
+    }
+    const docId = acquireMatch[1];
+    const collab = getCollab();
+    const released = collab.release(docId, authResult.actor.id);
+
+    ctx.res.writeHead(released ? 200 : 404, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify({ released }));
+    return;
+  }
+
+  ctx.res.writeHead(404, { 'Content-Type': 'application/json' });
+  ctx.res.end(JSON.stringify({ error: 'NOT_FOUND' }));
+}

package/packages/server/src/routes/export.js

@@ -0,0 +1,77 @@
+/**
+ * Content Export — 内容导出（JSON / Markdown / CSV）
+ *
+ * GET /api/export/:type?format=json|md|csv
+ */
+
+import { requireAuth } from '../middleware/auth.js';
+import { getStore } from '../context.js';
+
+export async function exportRoutes(ctx) {
+  const { pathname } = ctx.url;
+  const method = ctx.req.method;
+
+  const match = pathname.match(/^\/api\/export\/([a-z][a-z0-9_]*)$/);
+  if (!match || method !== 'GET') return false;
+
+  const authResult = await requireAuth(ctx);
+  if (!authResult.authenticated) {
+    ctx.res.writeHead(authResult.status, { 'Content-Type': 'application/json' });
+    ctx.res.end(JSON.stringify({ error: authResult.error }));
+    return true;
+  }
+
+  const type = match[1];
+  const format = ctx.url.searchParams.get('format') || 'json';
+  const status = ctx.url.searchParams.get('status') || 'published';
+
+  const store = getStore();
+  const docs = await store.list({ type, status, limit: 10000 });
+
+  switch (format) {
+    case 'json':
+      ctx.res.writeHead(200, { 'Content-Type': 'application/json', 'Content-Disposition': `attachment; filename="${type}-export.json"` });
+      ctx.res.end(JSON.stringify({ exported: new Date().toISOString(), type, total: docs.length, docs }, null, 2));
+      break;
+
+    case 'md':
+    case 'markdown': {
+      const md = docs.map(d => {
+        const title = d.data?.title || 'Untitled';
+        const body = typeof d.data?.body === 'string' ? d.data.body : JSON.stringify(d.data?.body || {});
+        return `# ${title}\n\n${body}\n\n---\n`;
+      }).join('\n');
+      ctx.res.writeHead(200, { 'Content-Type': 'text/markdown; charset=utf-8', 'Content-Disposition': `attachment; filename="${type}-export.md"` });
+      ctx.res.end(md);
+      break;
+    }
+
+    case 'csv': {
+      const headers = ['id', 'title', 'status', 'createdAt', 'updatedAt'];
+      const rows = [headers.join(',')];
+      for (const d of docs) {
+        rows.push([
+          csvEscape(d.id),
+          csvEscape(d.data?.title || ''),
+          csvEscape(d.status),
+          csvEscape(d.createdAt),
+          csvEscape(d.updatedAt)
+        ].join(','));
+      }
+      ctx.res.writeHead(200, { 'Content-Type': 'text/csv; charset=utf-8', 'Content-Disposition': `attachment; filename="${type}-export.csv"` });
+      ctx.res.end('\uFEFF' + rows.join('\n'));
+      break;
+    }
+
+    default:
+      ctx.res.writeHead(400, { 'Content-Type': 'application/json' });
+      ctx.res.end(JSON.stringify({ error: 'Invalid format. Use: json, md, csv' }));
+  }
+
+  return true;
+}
+
+function csvEscape(s) {
+  const str = String(s || '').replace(/"/g, '""');
+  return `"${str}"`;
+}