@lobehub/chat 1.82.10 → 1.83.1

package/apps/desktop/src/main/controllers/RemoteServerConfigCtr.ts

@@ -0,0 +1,335 @@
+import { DataSyncConfig } from '@lobechat/electron-client-ipc';
+import { safeStorage } from 'electron';
+import querystring from 'node:querystring';
+import { URL } from 'node:url';
+
+import { OFFICIAL_CLOUD_SERVER } from '@/const/env';
+import { createLogger } from '@/utils/logger';
+
+import { ControllerModule, ipcClientEvent } from './index';
+
+// Create logger
+const logger = createLogger('controllers:RemoteServerConfigCtr');
+
+/**
+ * Remote Server Configuration Controller
+ * Used to manage custom remote LobeChat server configuration
+ */
+export default class RemoteServerConfigCtr extends ControllerModule {
+  /**
+   * Key used to store encrypted tokens in electron-store.
+   */
+  private readonly encryptedTokensKey = 'encryptedTokens';
+
+  /**
+   * Get remote server configuration
+   */
+  @ipcClientEvent('getRemoteServerConfig')
+  async getRemoteServerConfig() {
+    logger.debug('Getting remote server configuration');
+    const { storeManager } = this.app;
+
+    const config: DataSyncConfig = storeManager.get('dataSyncConfig');
+
+    logger.debug(
+      `Remote server config: active=${config.active}, storageMode=${config.storageMode}, url=${config.remoteServerUrl}`,
+    );
+
+    return config;
+  }
+
+  /**
+   * Set remote server configuration
+   */
+  @ipcClientEvent('setRemoteServerConfig')
+  async setRemoteServerConfig(config: Partial<DataSyncConfig>) {
+    logger.info(
+      `Setting remote server storageMode: active=${config.active}, storageMode=${config.storageMode}, url=${config.remoteServerUrl}`,
+    );
+    const { storeManager } = this.app;
+    const prev: DataSyncConfig = storeManager.get('dataSyncConfig');
+
+    // Save configuration
+    storeManager.set('dataSyncConfig', { ...prev, ...config });
+
+    return true;
+  }
+
+  /**
+   * Clear remote server configuration
+   */
+  @ipcClientEvent('clearRemoteServerConfig')
+  async clearRemoteServerConfig() {
+    logger.info('Clearing remote server configuration');
+    const { storeManager } = this.app;
+
+    // Clear instance configuration
+    storeManager.set('dataSyncConfig', { storageMode: 'local' });
+
+    // Clear tokens (if any)
+    await this.clearTokens();
+
+    return true;
+  }
+
+  /**
+   * Encrypted tokens
+   * Stored in memory for quick access, loaded from persistent storage on init.
+   */
+  private encryptedAccessToken?: string;
+  private encryptedRefreshToken?: string;
+
+  /**
+   * Promise representing the ongoing token refresh operation.
+   * Used to prevent concurrent refreshes and allow callers to wait.
+   */
+  private refreshPromise: Promise<{ error?: string; success: boolean }> | null = null;
+
+  /**
+   * Encrypt and store tokens
+   * @param accessToken Access token
+   * @param refreshToken Refresh token
+   */
+  async saveTokens(accessToken: string, refreshToken: string) {
+    logger.info('Saving encrypted tokens');
+
+    // If platform doesn't support secure storage, store raw tokens
+    if (!safeStorage.isEncryptionAvailable()) {
+      logger.warn('Safe storage not available, storing tokens unencrypted');
+      this.encryptedAccessToken = accessToken;
+      this.encryptedRefreshToken = refreshToken;
+      // Persist unencrypted tokens (consider security implications)
+      this.app.storeManager.set(this.encryptedTokensKey, {
+        accessToken: this.encryptedAccessToken,
+        refreshToken: this.encryptedRefreshToken,
+      });
+      return;
+    }
+
+    // Encrypt tokens
+    logger.debug('Encrypting tokens using safe storage');
+    this.encryptedAccessToken = Buffer.from(safeStorage.encryptString(accessToken)).toString(
+      'base64',
+    );
+
+    this.encryptedRefreshToken = Buffer.from(safeStorage.encryptString(refreshToken)).toString(
+      'base64',
+    );
+
+    // Persist encrypted tokens
+    logger.debug(`Persisting encrypted tokens to store key: ${this.encryptedTokensKey}`);
+    this.app.storeManager.set(this.encryptedTokensKey, {
+      accessToken: this.encryptedAccessToken,
+      refreshToken: this.encryptedRefreshToken,
+    });
+  }
+
+  /**
+   * Get decrypted access token
+   */
+  async getAccessToken(): Promise<string | null> {
+    // Try loading from memory first
+    if (!this.encryptedAccessToken) {
+      logger.debug('Access token not in memory, trying to load from store...');
+      this.loadTokensFromStore(); // Attempt to load from persistent storage
+    }
+
+    if (!this.encryptedAccessToken) {
+      logger.debug('No access token found in memory or store.');
+      return null;
+    }
+
+    // If platform doesn't support secure storage, return stored token
+    if (!safeStorage.isEncryptionAvailable()) {
+      logger.debug(
+        'Safe storage not available, returning potentially unencrypted token from memory/store',
+      );
+      return this.encryptedAccessToken;
+    }
+
+    try {
+      // Decrypt token
+      logger.debug('Decrypting access token');
+      const encryptedData = Buffer.from(this.encryptedAccessToken, 'base64');
+      return safeStorage.decryptString(encryptedData);
+    } catch (error) {
+      logger.error('Failed to decrypt access token:', error);
+      return null;
+    }
+  }
+
+  /**
+   * Get decrypted refresh token
+   */
+  async getRefreshToken(): Promise<string | null> {
+    // Try loading from memory first
+    if (!this.encryptedRefreshToken) {
+      logger.debug('Refresh token not in memory, trying to load from store...');
+      this.loadTokensFromStore(); // Attempt to load from persistent storage
+    }
+
+    if (!this.encryptedRefreshToken) {
+      logger.debug('No refresh token found in memory or store.');
+      return null;
+    }
+
+    // If platform doesn't support secure storage, return stored token
+    if (!safeStorage.isEncryptionAvailable()) {
+      logger.debug(
+        'Safe storage not available, returning potentially unencrypted token from memory/store',
+      );
+      return this.encryptedRefreshToken;
+    }
+
+    try {
+      // Decrypt token
+      logger.debug('Decrypting refresh token');
+      const encryptedData = Buffer.from(this.encryptedRefreshToken, 'base64');
+      return safeStorage.decryptString(encryptedData);
+    } catch (error) {
+      logger.error('Failed to decrypt refresh token:', error);
+      return null;
+    }
+  }
+
+  /**
+   * Clear tokens
+   */
+  async clearTokens() {
+    logger.info('Clearing access and refresh tokens');
+    this.encryptedAccessToken = undefined;
+    this.encryptedRefreshToken = undefined;
+    // Also clear from persistent storage
+    logger.debug(`Deleting tokens from store key: ${this.encryptedTokensKey}`);
+    this.app.storeManager.delete(this.encryptedTokensKey);
+  }
+
+  /**
+   * 刷新访问令牌
+   * 使用存储的刷新令牌获取新的访问令牌
+   * Handles concurrent requests by returning the existing refresh promise if one is in progress.
+   */
+  @ipcClientEvent('refreshAccessToken')
+  async refreshAccessToken(): Promise<{ error?: string; success: boolean }> {
+    // If a refresh is already in progress, return the existing promise
+    if (this.refreshPromise) {
+      logger.debug('Token refresh already in progress, returning existing promise.');
+      return this.refreshPromise;
+    }
+
+    // Start a new refresh operation
+    logger.info('Initiating new token refresh operation.');
+    this.refreshPromise = this.performTokenRefresh();
+
+    // Return the promise so callers can wait
+    return this.refreshPromise;
+  }
+
+  /**
+   * Performs the actual token refresh logic.
+   * This method is called by refreshAccessToken and wrapped in a promise.
+   */
+  private async performTokenRefresh(): Promise<{ error?: string; success: boolean }> {
+    try {
+      // 获取配置信息
+      const config = await this.getRemoteServerConfig();
+
+      if (!config.remoteServerUrl || !config.active) {
+        logger.warn('Remote server not active or configured, skipping refresh.');
+        return { error: '远程服务器未激活或未配置', success: false };
+      }
+
+      // 获取刷新令牌
+      const refreshToken = await this.getRefreshToken();
+      if (!refreshToken) {
+        logger.error('No refresh token available for refresh operation.');
+        return { error: '没有可用的刷新令牌', success: false };
+      }
+
+      // 构造刷新请求
+      const remoteUrl = await this.getRemoteServerUrl(config);
+
+      const tokenUrl = new URL('/oidc/token', remoteUrl);
+
+      // 构造请求体
+      const body = querystring.stringify({
+        client_id: 'lobehub-desktop',
+        grant_type: 'refresh_token',
+        refresh_token: refreshToken,
+      });
+
+      logger.debug(`Sending token refresh request to ${tokenUrl.toString()}`);
+
+      // 发送请求
+      const response = await fetch(tokenUrl.toString(), {
+        body,
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        method: 'POST',
+      });
+
+      if (!response.ok) {
+        // 尝试解析错误响应
+        const errorData = await response.json().catch(() => ({}));
+        const errorMessage = `刷新令牌失败: ${response.status} ${response.statusText} ${
+          errorData.error_description || errorData.error || ''
+        }`.trim();
+        logger.error(errorMessage, errorData);
+        return { error: errorMessage, success: false };
+      }
+
+      // 解析响应
+      const data = await response.json();
+
+      // 检查响应中是否包含必要令牌
+      if (!data.access_token || !data.refresh_token) {
+        logger.error('Refresh response missing access_token or refresh_token', data);
+        return { error: '刷新响应中缺少令牌', success: false };
+      }
+
+      // 保存新令牌
+      logger.info('Token refresh successful, saving new tokens.');
+      await this.saveTokens(data.access_token, data.refresh_token);
+
+      return { success: true };
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      logger.error('Exception during token refresh operation:', errorMessage, error);
+      return { error: `刷新令牌时发生异常: ${errorMessage}`, success: false };
+    } finally {
+      // Ensure the promise reference is cleared once the operation completes
+      logger.debug('Clearing the refresh promise reference.');
+      this.refreshPromise = null;
+    }
+  }
+
+  /**
+   * Load encrypted tokens from persistent storage (electron-store) into memory.
+   * This should be called during initialization or if memory tokens are missing.
+   */
+  private loadTokensFromStore() {
+    logger.debug(`Attempting to load tokens from store key: ${this.encryptedTokensKey}`);
+    const storedTokens = this.app.storeManager.get(this.encryptedTokensKey);
+
+    if (storedTokens && storedTokens.accessToken && storedTokens.refreshToken) {
+      logger.info('Successfully loaded tokens from store into memory.');
+      this.encryptedAccessToken = storedTokens.accessToken;
+      this.encryptedRefreshToken = storedTokens.refreshToken;
+    } else {
+      logger.debug('No valid tokens found in store.');
+    }
+  }
+
+  // Initialize by loading tokens from store when the controller is ready
+  // We might need a dedicated lifecycle method if constructor is too early for storeManager
+  afterAppReady() {
+    this.loadTokensFromStore();
+  }
+
+  async getRemoteServerUrl(config?: DataSyncConfig) {
+    const dataConfig = config ? config : await this.getRemoteServerConfig();
+
+    return dataConfig.storageMode === 'cloud' ? OFFICIAL_CLOUD_SERVER : dataConfig.remoteServerUrl;
+  }
+}

package/apps/desktop/src/main/controllers/RemoteServerSyncCtr.ts

@@ -0,0 +1,321 @@
+import {
+  ProxyTRPCRequestParams,
+  ProxyTRPCRequestResult,
+} from '@lobechat/electron-client-ipc/src/types/proxyTRPCRequest';
+import { Buffer } from 'node:buffer';
+import http, { IncomingMessage, OutgoingHttpHeaders } from 'node:http';
+import https from 'node:https';
+import { URL } from 'node:url';
+
+import { createLogger } from '@/utils/logger';
+
+import RemoteServerConfigCtr from './RemoteServerConfigCtr';
+import { ControllerModule, ipcClientEvent } from './index';
+
+// Create logger
+const logger = createLogger('controllers:RemoteServerSyncCtr');
+
+/**
+ * Remote Server Sync Controller
+ * For handling data synchronization with remote servers via IPC.
+ */
+export default class RemoteServerSyncCtr extends ControllerModule {
+  /**
+   * Cached instance of RemoteServerConfigCtr
+   */
+  private _remoteServerConfigCtrInstance: RemoteServerConfigCtr | null = null;
+
+  /**
+   * Remote server configuration controller
+   */
+  private get remoteServerConfigCtr() {
+    if (!this._remoteServerConfigCtrInstance) {
+      this._remoteServerConfigCtrInstance = this.app.getController(RemoteServerConfigCtr);
+    }
+    return this._remoteServerConfigCtrInstance;
+  }
+
+  /**
+   * Controller initialization - No specific logic needed here now for request handling
+   */
+  afterAppReady() {
+    logger.info('RemoteServerSyncCtr initialized (IPC based)');
+    // No need to register protocol handler anymore
+  }
+
+  /**
+   * Helper function to perform the actual request forwarding to the remote server.
+   * Accepts arguments from IPC and returns response details.
+   */
+  private async forwardRequest(args: {
+    accessToken: string | null;
+    body?: string | ArrayBuffer;
+    headers: Record<string, string>;
+    method: string;
+    remoteServerUrl: string;
+    urlPath: string; // Pass the base URL
+  }): Promise<{
+    // Node headers type
+    body: Buffer;
+    headers: Record<string, string | string[] | undefined>;
+    status: number;
+    statusText: string; // Return body as Buffer
+  }> {
+    const {
+      urlPath,
+      method,
+      headers: originalHeaders,
+      body: requestBody,
+      accessToken,
+      remoteServerUrl,
+    } = args;
+
+    const logPrefix = `[ForwardRequest ${method} ${urlPath}]`; // Add prefix for easier correlation
+
+    if (!accessToken) {
+      logger.error(`${logPrefix} No access token provided`); // Enhanced log
+      return {
+        body: Buffer.from(''),
+        headers: {},
+        status: 401,
+        statusText: 'Authentication required, missing token',
+      };
+    }
+
+    // 1. Determine target URL and prepare request options
+    const targetUrl = new URL(urlPath, remoteServerUrl); // Combine base URL and path
+
+    logger.debug(`${logPrefix} Forwarding to ${targetUrl.toString()}`); // Enhanced log
+
+    // Prepare headers, cloning and adding Authorization
+    const requestHeaders: OutgoingHttpHeaders = { ...originalHeaders }; // Use OutgoingHttpHeaders
+    requestHeaders['Authorization'] = `Bearer ${accessToken}`;
+
+    // Let node handle Host, Content-Length etc. Remove potentially problematic headers
+    delete requestHeaders['host'];
+    delete requestHeaders['connection']; // Often causes issues
+    // delete requestHeaders['content-length']; // Let node handle it based on body
+
+    const requestOptions: https.RequestOptions | http.RequestOptions = {
+      // Use union type
+      headers: requestHeaders,
+      hostname: targetUrl.hostname,
+      method: method,
+      path: targetUrl.pathname + targetUrl.search,
+      port: targetUrl.port || (targetUrl.protocol === 'https:' ? 443 : 80),
+      protocol: targetUrl.protocol,
+      // agent: false, // Consider for keep-alive issues if they arise
+    };
+
+    const requester = targetUrl.protocol === 'https:' ? https : http;
+
+    // 2. Make the request and capture response
+    return new Promise((resolve) => {
+      const clientReq = requester.request(requestOptions, (clientRes: IncomingMessage) => {
+        const chunks: Buffer[] = [];
+        clientRes.on('data', (chunk) => {
+          chunks.push(chunk);
+        });
+
+        clientRes.on('end', () => {
+          const responseBody = Buffer.concat(chunks);
+          logger.debug(
+            `${logPrefix} Received response from ${targetUrl.toString()}: ${clientRes.statusCode}`,
+          ); // Enhanced log
+          resolve({
+            // These are IncomingHttpHeaders
+            body: responseBody,
+
+            headers: clientRes.headers,
+
+            status: clientRes.statusCode || 500,
+            statusText: clientRes.statusMessage || 'Unknown Status',
+          });
+        });
+
+        clientRes.on('error', (error) => {
+          // Error during response streaming
+          logger.error(
+            `${logPrefix} Error reading response stream from ${targetUrl.toString()}:`,
+            error,
+          ); // Enhanced log
+          // Rejecting might be better, but we need to resolve the outer promise for proxyTRPCRequest
+          resolve({
+            body: Buffer.from(`Error reading response stream: ${error.message}`),
+            headers: {},
+
+            status: 502,
+            // Bad Gateway
+            statusText: 'Error reading response stream',
+          });
+        });
+      });
+
+      clientReq.on('error', (error) => {
+        logger.error(`${logPrefix} Error forwarding request to ${targetUrl.toString()}:`, error); // Enhanced log
+        // Reject or resolve with error status for the outer promise
+        resolve({
+          body: Buffer.from(`Error forwarding request: ${error.message}`),
+          headers: {},
+
+          status: 502,
+          // Bad Gateway
+          statusText: 'Error forwarding request',
+        });
+      });
+
+      // 3. Send request body if present
+      if (requestBody) {
+        if (typeof requestBody === 'string') {
+          clientReq.write(requestBody, 'utf8'); // Specify encoding for strings
+        } else if (requestBody instanceof ArrayBuffer) {
+          clientReq.write(Buffer.from(requestBody)); // Convert ArrayBuffer to Buffer
+        } else {
+          // Should not happen based on type, but handle defensively
+          logger.warn(`${logPrefix} Unsupported request body type received:`, typeof requestBody); // Enhanced log
+        }
+      }
+
+      clientReq.end(); // Finalize the request
+    });
+  }
+
+  /**
+   * Handles the 'proxy-trpc-request' IPC call from the renderer process.
+   * This method should be invoked by the ipcMain.handle setup in your main process entry point.
+   */
+  @ipcClientEvent('proxyTRPCRequest')
+  public async proxyTRPCRequest(args: ProxyTRPCRequestParams): Promise<ProxyTRPCRequestResult> {
+    logger.debug('Received proxyTRPCRequest IPC call:', {
+      headers: args.headers,
+      method: args.method,
+      urlPath: args.urlPath, // Log headers too for context
+    });
+
+    const logPrefix = `[ProxyTRPC ${args.method} ${args.urlPath}]`; // Prefix for this specific request
+
+    try {
+      const config = await this.remoteServerConfigCtr.getRemoteServerConfig();
+      if (!config.active || (config.storageMode === 'selfHost' && !config.remoteServerUrl)) {
+        logger.warn(
+          `${logPrefix} Remote server sync not active or configured. Rejecting proxy request.`,
+        ); // Enhanced log
+        return {
+          body: Buffer.from('Remote server sync not active or configured').buffer,
+          headers: {},
+
+          status: 503,
+          // Service Unavailable
+          statusText: 'Remote server sync not active or configured', // Return ArrayBuffer
+        };
+      }
+      const remoteServerUrl = await this.remoteServerConfigCtr.getRemoteServerUrl();
+
+      // Get initial token
+      let token = await this.remoteServerConfigCtr.getAccessToken();
+      logger.debug(
+        `${logPrefix} Initial token check: ${token ? 'Token exists' : 'No token found'}`,
+      ); // Added log
+
+      logger.info(`${logPrefix} Attempting to forward request...`); // Added log
+      let response = await this.forwardRequest({ ...args, accessToken: token, remoteServerUrl });
+
+      // Handle 401: Refresh token and retry if necessary
+      if (response.status === 401) {
+        logger.info(`${logPrefix} Received 401 from forwarded request. Attempting token refresh.`); // Enhanced log
+        const refreshed = await this.refreshTokenIfNeeded(logPrefix); // Pass prefix for context
+
+        if (refreshed) {
+          const newToken = await this.remoteServerConfigCtr.getAccessToken();
+          if (newToken) {
+            logger.info(`${logPrefix} Token refreshed successfully, retrying the request.`); // Enhanced log
+            response = await this.forwardRequest({
+              ...args,
+              accessToken: newToken,
+              remoteServerUrl,
+            });
+          } else {
+            logger.error(
+              `${logPrefix} Token refresh reported success, but failed to retrieve new token. Keeping original 401 response.`,
+            ); // Enhanced log
+            // Keep the original 401 response
+          }
+        } else {
+          logger.error(`${logPrefix} Token refresh failed. Keeping original 401 response.`); // Enhanced log
+          // Keep the original 401 response
+        }
+      }
+
+      // Convert headers and body to format defined in IPC event
+      const responseHeaders: Record<string, string> = {};
+      for (const [key, value] of Object.entries(response.headers)) {
+        if (value !== undefined) {
+          responseHeaders[key.toLowerCase()] = Array.isArray(value) ? value.join(', ') : value;
+        }
+      }
+
+      // Return the final response, ensuring body is serializable (string or ArrayBuffer)
+      const responseBody = response.body; // Buffer
+
+      // IMPORTANT: Check IPC limits. Large bodies might fail. Consider chunking if needed.
+      // Convert Buffer to ArrayBuffer for IPC
+      const finalBody = responseBody.buffer.slice(
+        responseBody.byteOffset,
+        responseBody.byteOffset + responseBody.byteLength,
+      );
+
+      logger.debug(`${logPrefix} Forwarding successful. Status: ${response.status}`); // Added log
+      return {
+        body: finalBody as ArrayBuffer,
+        headers: responseHeaders,
+        status: response.status,
+        statusText: response.statusText, // Return ArrayBuffer
+      };
+    } catch (error) {
+      logger.error(`${logPrefix} Unhandled error processing proxyTRPCRequest:`, error); // Enhanced log
+      // Ensure a serializable error response is returned
+      return {
+        body: Buffer.from(
+          `Internal Server Error: ${error instanceof Error ? error.message : 'Unknown error'}`,
+        ).buffer,
+        headers: {},
+        status: 500,
+        statusText: 'Internal Server Error during proxy', // Return ArrayBuffer
+      };
+    }
+  }
+
+  /**
+   * Attempts to refresh the access token by calling the RemoteServerConfigCtr.
+   * @returns Whether token refresh was successful
+   */
+  private async refreshTokenIfNeeded(callerLogPrefix: string = '[RefreshToken]'): Promise<boolean> {
+    // Added prefix parameter
+    const logPrefix = `${callerLogPrefix} [RefreshTrigger]`; // Updated prefix
+    logger.debug(`${logPrefix} Entered refreshTokenIfNeeded.`);
+
+    try {
+      logger.info(`${logPrefix} Triggering refreshAccessToken in RemoteServerConfigCtr.`);
+      const result = await this.remoteServerConfigCtr.refreshAccessToken();
+
+      if (result.success) {
+        logger.info(`${logPrefix} refreshAccessToken call completed successfully.`);
+        return true;
+      } else {
+        logger.error(`${logPrefix} refreshAccessToken call failed: ${result.error}`);
+        return false;
+      }
+    } catch (error) {
+      logger.error(`${logPrefix} Exception occurred while calling refreshAccessToken:`, error);
+      return false;
+    }
+  }
+
+  /**
+   * Clean up resources - No protocol handler to unregister anymore
+   */
+  destroy() {
+    logger.info('Destroying RemoteServerSyncCtr');
+    // Nothing specific to clean up here regarding request handling now
+  }
+}

package/apps/desktop/src/main/controllers/ShortcutCtr.ts

@@ -0,0 +1,19 @@
+import { ControllerModule, ipcClientEvent } from '.';
+
+export default class ShortcutController extends ControllerModule {
+  /**
+   * 获取所有快捷键配置
+   */
+  @ipcClientEvent('getShortcutsConfig')
+  getShortcutsConfig() {
+    return this.app.shortcutManager.getShortcutsConfig();
+  }
+
+  /**
+   * 更新单个快捷键配置
+   */
+  @ipcClientEvent('updateShortcutConfig')
+  updateShortcutConfig(id: string, accelerator: string): boolean {
+    return this.app.shortcutManager.updateShortcutConfig(id, accelerator);
+  }
+}