@tacoreai/web-sdk 1.0.12 → 1.3.0

package/database/core/apps/AppsAuthManager.js

@@ -0,0 +1,336 @@
+import { isBrowser, isBackend } from "../../../utils/index.js";
+import { BaseAppsClient } from "./BaseAppsClient.js";
+
+/**
+ * AI应用 Token 管理工具类
+ */
+class AppsTokenManager {
+  static setAccessToken(token) {
+    if (isBrowser) {
+      localStorage.setItem("tacoreai_apps_access_token", token);
+    }
+  }
+
+  static getAccessToken() {
+    if (isBrowser) {
+      return localStorage.getItem("tacoreai_apps_access_token");
+    }
+    return null;
+  }
+
+  static clearAccessToken() {
+    if (isBrowser) {
+      localStorage.removeItem("tacoreai_apps_access_token");
+    }
+  }
+}
+
+/**
+ * AI应用认证管理器
+ * 负责AI应用的用户认证、会话管理
+ * 所有认证操作通过后端 /apps/auth API 完成
+ */
+export class AppsAuthManager extends BaseAppsClient {
+  constructor(appId, config = {}) {
+    super(appId, config);
+
+    if (isBackend && !this.config.tacoreServerInteropAppServerApiKey) {
+      throw new Error("tacoreServerInteropAppServerApiKey is required for backend environment. Provide it in config or via TACORE_SERVER_INTEROP_APP_SERVER_API_KEY env var.");
+    }
+    
+    // 自动检测 URL 中的 token (用于小程序 WebView 静默登录)
+    if (isBrowser) {
+      this._checkUrlToken();
+    }
+  }
+
+  /**
+   * 定义策略适配器映射
+   * 将 invoke 的对象参数转换为老方法的位置参数
+   */
+  get adapters() {
+    return {
+      'signUp': ({ email, password, profile }) => this.signUp(email, password, profile),
+      'verifyRegistration': ({ email, token }) => this.verifyRegistration(email, token),
+      'loginWithPassword': ({ email, password }) => this.loginWithPassword(email, password),
+      'loginWithWechatH5': ({ code, scope }) => this.loginWithWechatH5(code, scope),
+      'forgotPassword': ({ email, redirectTo }) => this.forgotPassword(email, redirectTo),
+      'updatePassword': ({ accessToken, newPassword }) => this.updatePassword(accessToken, newPassword),
+      'logout': () => this.logout(),
+      'getCurrentUser': () => this.getCurrentUser(),
+      'getSession': () => this.getSession(),
+      'isAuthenticated': () => this.isAuthenticated(),
+    };
+  }
+  
+  /**
+   * 检查 URL 中是否有 token 参数，如果有则保存并清除 URL 参数
+   */
+  _checkUrlToken() {
+    try {
+      const urlParams = new URLSearchParams(window.location.search);
+      // 更新：从小程序传递的特定参数名获取 Token
+      const token = urlParams.get('tacoreai_mp_access_token');
+      
+      if (token) {
+        console.log('[AppsAuthManager] Found token in URL, performing silent login...');
+        AppsTokenManager.setAccessToken(token);
+        
+        // 清除 URL 中的 token 参数，避免分享泄露
+        const newUrl = window.location.protocol + "//" + window.location.host + window.location.pathname;
+        // 保留其他参数
+        urlParams.delete('tacoreai_mp_access_token');
+        const remainingParams = urlParams.toString();
+        const finalUrl = remainingParams ? `${newUrl}?${remainingParams}` : newUrl;
+        
+        window.history.replaceState({ path: finalUrl }, '', finalUrl);
+      }
+    } catch (e) {
+      console.error('[AppsAuthManager] Failed to parse URL token:', e);
+    }
+  }
+
+  /**
+   * 重写基类方法，提供 Token
+   */
+  _getAccessToken() {
+    return AppsTokenManager.getAccessToken();
+  }
+
+  /**
+   * AI应用用户注册 (第一步: 请求发送验证码)
+   * @param {string} email
+   * @param {string} password
+   * @param {Object} profile - 用户资料
+   * @returns {Promise<Object>}
+   */
+  async signUp(email, password, profile = {}) {
+    // 此方法现在只负责启动注册流程并发送验证码
+    // 它不再返回会话信息
+    const result = await this._apiRequest("/apps/auth/register", {
+      method: "POST",
+      body: JSON.stringify({ email, password, appId: this.appId, profile }),
+    });
+    return result; // 应包含成功消息
+  }
+
+  /**
+   * AI应用用户注册 (第二步: 验证验证码并完成注册)
+   * @param {string} email
+   * @param {string} token - 从邮件收到的OTP验证码
+   * @returns {Promise<Object>}
+   */
+  async verifyRegistration(email, token) {
+    const result = await this._apiRequest("/apps/auth/verify-registration", {
+      method: "POST",
+      body: JSON.stringify({ email, token, appId: this.appId }),
+    });
+
+    // 成功验证后，后端会返回会话信息
+    if (result.accessToken) {
+      AppsTokenManager.setAccessToken(result.accessToken);
+    }
+
+    return result;
+  }
+
+  /**
+   * AI应用用户登录
+   * @param {string} email
+   * @param {string} password
+   * @returns {Promise<Object>}
+   */
+  async loginWithPassword(email, password) {
+    console.log({ email, password, appId: this.appId }, this);
+    const result = await this._apiRequest("/apps/auth/login", {
+      method: "POST",
+      body: JSON.stringify({ email, password, appId: this.appId }),
+    });
+
+    if (result.accessToken) {
+      AppsTokenManager.setAccessToken(result.accessToken);
+    }
+
+    return result;
+  }
+
+  /**
+   * 微信 H5 登录
+   * @param {string} code - 微信授权回调的 code
+   * @param {string} scope - 授权作用域 ('snsapi_base' | 'snsapi_userinfo')
+   * @returns {Promise<Object>}
+   */
+  async loginWithWechatH5(code, scope = 'snsapi_base') {
+    const result = await this._apiRequest("/apps/auth/wechat/h5/login", {
+      method: "POST",
+      body: JSON.stringify({ code, appId: this.appId, scope }),
+    });
+
+    if (result.accessToken) {
+      AppsTokenManager.setAccessToken(result.accessToken);
+    }
+
+    return result;
+  }
+
+  /**
+   * 请求发送密码重置邮件
+   * @param {string} email - 用户的邮箱
+   * @param {string} redirectTo - 用户点击邮件链接后重定向到的前端页面URL
+   * @returns {Promise<Object>}
+   */
+  async forgotPassword(email, redirectTo) {
+    if (!email || !redirectTo) {
+      throw new Error("Email and redirectTo URL are required.");
+    }
+    return this._apiRequest("/apps/auth/forgot-password", {
+      method: "POST",
+      body: JSON.stringify({ email, redirectTo }),
+    });
+  }
+
+  /**
+   * 使用令牌更新用户密码
+   * @param {string} accessToken - 从重定向URL中获取的访问令牌
+   * @param {string} newPassword - 用户输入的新密码
+   * @returns {Promise<Object>}
+   */
+  async updatePassword(accessToken, newPassword) {
+    if (!accessToken || !newPassword) {
+      throw new Error("Access token and new password are required.");
+    }
+    return this._apiRequest("/apps/auth/update-password", {
+      method: "POST",
+      body: JSON.stringify({ accessToken, newPassword }),
+    });
+  }
+
+  /**
+   * AI应用用户登出
+   * @returns {Promise<void>}
+   */
+  async logout() {
+    try {
+      await this._apiRequest("/apps/auth/logout", {
+        method: "POST",
+      });
+    } finally {
+      AppsTokenManager.clearAccessToken();
+    }
+  }
+
+  /**
+   * 获取当前登录的AI应用用户信息
+   * @returns {Promise<Object|null>}
+   */
+  async getCurrentUser() {
+    try {
+      const result = await this._apiRequest(`/apps/auth/profile?appId=${this.appId}`);
+      return result.user;
+    } catch (error) {
+      return null;
+    }
+  }
+
+  /**
+   * 获取当前AI应用会话信息
+   * @returns {Promise<Object|null>}
+   */
+  async getSession() {
+    const token = AppsTokenManager.getAccessToken();
+    if (!token) {
+      return null;
+    }
+
+    try {
+      const result = await this._apiRequest(`/apps/auth/profile?appId=${this.appId}`);
+      return {
+        access_token: token,
+        user: result.user,
+      };
+    } catch (error) {
+      return null;
+    }
+  }
+
+  /**
+   * 检查AI应用用户是否已认证
+   * @returns {Promise<boolean>}
+   */
+  async isAuthenticated() {
+    const token = AppsTokenManager.getAccessToken();
+    if (!token) return false;
+
+    try {
+      await this.getCurrentUser();
+      return true;
+    } catch (error) {
+      AppsTokenManager.clearAccessToken();
+      return false;
+    }
+  }
+
+  /**
+   * 监听AI应用认证状态变化（简化版本）
+   * @param {function} callback
+   * @returns {function} unsubscribe function
+   */
+  onAuthStateChange(callback) {
+    // 简化版本：立即检查当前状态
+    this.isAuthenticated().then((isAuth) => {
+      callback(isAuth ? "SIGNED_IN" : "SIGNED_OUT", {
+        access_token: AppsTokenManager.getAccessToken(),
+      });
+    });
+
+    // 返回空的取消订阅函数
+    return () => {};
+  }
+
+  /**
+   * 自动认证（用于AI应用初始化）
+   * @returns {Promise<Object>}
+   */
+  async autoAuth() {
+    try {
+      const isAuth = await this.isAuthenticated();
+      if (isAuth) {
+        const user = await this.getCurrentUser();
+        return {
+          isAuthenticated: true,
+          user: user,
+          appId: this.appId,
+        };
+      } else {
+        return {
+          isAuthenticated: false,
+          user: null,
+          appId: this.appId,
+        };
+      }
+    } catch (error) {
+      console.error("AI应用自动认证失败:", error);
+      return {
+        isAuthenticated: false,
+        user: null,
+        appId: this.appId,
+        error: error.message,
+      };
+    }
+  }
+
+  /**
+   * 获取访问令牌
+   * @returns {string|null}
+   */
+  getAccessToken() {
+    return AppsTokenManager.getAccessToken();
+  }
+
+  /**
+   * 清除访问令牌
+   */
+  clearAccessToken() {
+    AppsTokenManager.clearAccessToken();
+  }
+}

package/database/core/apps/AppsClient.AI.js

@@ -0,0 +1,229 @@
+export const appsClientAiMethods = {
+  // ==================== AI 能力 ====================
+
+  async streamCompletion(options = {}) {
+    try {
+      if (!options.messages || !Array.isArray(options.messages)) {
+        throw new Error("messages array is required for AI completion.");
+      }
+
+      if (!options.onChunk || typeof options.onChunk !== "function") {
+        throw new Error("onChunk callback is required for streaming.");
+      }
+
+      const requestData = {
+        appId: this.appId,
+        model: options.model || "agent:tacore-1.2",
+        messages: options.messages,
+        temperature: options.temperature,
+        max_tokens: options.max_tokens,
+        stream: true,
+        system: options.system,
+        // 透传 Vertex AI Search Data Store ID
+        vertexAiSearchDatastore: options.vertexAiSearchDatastore,
+        // [新增] 透传 tools 配置对象到后端
+        tools: options.tools,
+      };
+
+      const url = `${this.config.apiBaseUrl}/apps/agent/completions`;
+      const headers = this._getRequestHeaders();
+
+      const response = await fetch(url, {
+        method: "POST",
+        headers,
+        body: JSON.stringify(requestData),
+        signal: options.signal,
+      });
+
+      if (!response.ok) {
+        const errorData = await response.json().catch(() => ({ error: "Network error" }));
+        throw new Error(errorData.error || `HTTP ${response.status}: ${response.statusText}`);
+      }
+
+      const reader = response.body?.getReader();
+      if (!reader) {
+        throw new Error("Response body is not readable");
+      }
+
+      const decoder = new TextDecoder();
+      let buffer = "";
+
+      try {
+        while (true) {
+          const { done, value } = await reader.read();
+          if (done) break;
+
+          buffer += decoder.decode(value, { stream: true });
+
+          while (true) {
+            const lineEnd = buffer.indexOf("\n");
+            if (lineEnd === -1) break;
+
+            const line = buffer.slice(0, lineEnd).trim();
+            buffer = buffer.slice(lineEnd + 1);
+
+            if (!line || line.startsWith(":")) continue;
+
+            if (line.startsWith("data: ")) {
+              const data = line.slice(6);
+
+              if (data === "[DONE]") {
+                options.onComplete?.();
+                return;
+              }
+
+              try {
+                const parsed = JSON.parse(data);
+
+                if (parsed.choices && parsed.choices.length > 0) {
+                  const choice = parsed.choices[0];
+
+                  if (choice.error) {
+                    const error = new Error(choice.error.message || "AI service error");
+                    options.onError?.(error);
+                    return;
+                  }
+
+                  if (choice.delta && choice.delta.hasOwnProperty("content")) {
+                    const content = choice.delta.content || "";
+                    // 修复：直接透传 content，不进行后处理，避免丢失空格
+                    options.onChunk(content, parsed);
+                  }
+
+                  if (choice.finish_reason === "stop") {
+                    options.onComplete?.();
+                    return;
+                  }
+
+                  if (choice.finish_reason === "error") {
+                    const error = new Error("AI generation finished with error");
+                    options.onError?.(error);
+                    return;
+                  }
+                }
+              } catch (parseError) {
+                console.warn("Failed to parse SSE data:", parseError);
+              }
+            }
+          }
+        }
+
+        options.onComplete?.();
+      } finally {
+        reader.cancel();
+      }
+
+      console.log(`✅ [AppsClient] AI streaming completion finished for app: ${this.appId}`);
+    } catch (error) {
+      console.error(`AI流式对话失败 (app: ${this.appId}):`, error);
+
+      if (error.name === "AbortError") {
+        console.log("AI generation was aborted by user");
+        return;
+      }
+
+      options.onError?.(error);
+      throw error;
+    }
+  },
+
+  async generateImage(options = {}) {
+    try {
+      if (!options.prompt) {
+        throw new Error("prompt is required for image generation.");
+      }
+
+      // 构建与 database 核心库一致的请求体
+      const payload = {
+        appId: this.appId,
+        imageOptions: options,
+      };
+
+      // 关键变更：切换到与 database 核心库相同的接口
+      const result = await this._post("/apps/agent/generate-google-image", payload);
+
+      console.log(`✅ [AppsClient] Image generated successfully via Google Image for app: ${this.appId}`);
+
+      // 修改：保持传输透明性，直接返回后端响应
+      return result;
+    } catch (error) {
+      console.error(`生成图片失败 (app: ${this.appId}):`, error);
+      throw error;
+    }
+  },
+
+  /**
+   * 新增：图片编辑（单图编辑、双图融合、掩膜修复/扩展）
+   * 支持两种调用方式：
+   * 1) 直接传 messages（将被透传到后端）
+   * 2) 传 prompt + inputs（SDK 自动构造 messages）
+   *
+   * @param {Object} options
+   *  - model?: string = 'gemini-3-pro-image-preview'
+   *  - temperature?: number
+   *  - size?: string
+   *  - provider?: string ('google' | 'volcengine')
+   *  - messages?: Array<{ role: string, content: any[] }>
+   *  - prompt?: string
+   *  - inputs?: Array<{ type:'uploaded_file', fileUri?: string, mimeType?: string, uploaded_file?: {fileUri:string, mimeType:string} }>
+   * @returns {Promise<Object>} 后端响应对象
+   */
+  async editImage(options = {}) {
+    try {
+      if (!options || typeof options !== "object") {
+        throw new Error("options are required for image editing.");
+      }
+
+      const model = options.model || "gemini-3-pro-image-preview";
+      let messages = options.messages;
+
+      // 如果没有传 messages，则由 prompt + inputs 构造
+      if (!messages) {
+        const prompt = options.prompt;
+        const inputs = options.inputs || [];
+        if (!prompt || inputs.length === 0) {
+          throw new Error("Either 'messages' or ('prompt' + 'inputs') is required for image editing.");
+        }
+
+        const content = [{ type: "text", text: prompt }];
+
+        inputs.forEach(input => {
+          if (!input || input.type !== "uploaded_file") return;
+          let uploaded_file = null;
+          if (input.uploaded_file) {
+            uploaded_file = input.uploaded_file;
+          } else if (input.fileUri && input.mimeType) {
+            uploaded_file = { fileUri: input.fileUri, mimeType: input.mimeType };
+          }
+          if (uploaded_file?.fileUri && uploaded_file?.mimeType) {
+            content.push({
+              type: "uploaded_file",
+              uploaded_file,
+            });
+          }
+        });
+
+        messages = [{ role: "user", content }];
+      }
+
+      const payload = {
+        appId: this.appId,
+        imageEditOptions: {
+          model,
+          messages,
+          temperature: options.temperature,
+          size: options.size,
+          provider: options.provider, // 透传 provider 参数
+        },
+      };
+      const result = await this._post("/apps/agent/generate-google-image-edit", payload);
+      console.log(`✅ [AppsClient] Image edited successfully via Google Image Edit for app: ${this.appId}`);
+
+      // 修改：保持传输透明性，直接返回后端响应
+      return result;
+    } catch (error) {
+      console.error(`编辑图片失败 (app: ${this.appId}):`, error);
+      throw error;
+    }
+  },
+};

package/database/core/apps/AppsClient.AppServer.js

@@ -0,0 +1,92 @@
+import { env, isDevelopmentBrowser, isProductionBrowser, isBackend } from "../../../utils/index.js";
+
+const appServerAPIMap = new Map();
+
+/**
+ * 注册一个 App Server API。
+ * - 在开发态浏览器中：有效，用于本地调用。
+ * - 在生产态浏览器中：无效，为空操作。
+ * - 在后端云函数中：有效，用于加载服务。
+ * @param {string} appServerAPIName - API名称。
+ * @param {Function} appServerAPIHandler - 服务的处理函数，接收一个 payload 参数。
+ */
+const registerAppServerAPI = (appServerAPIName, appServerAPIHandler) => {
+  if (isDevelopmentBrowser || isBackend) {
+    appServerAPIMap.set(appServerAPIName, appServerAPIHandler);
+  }
+  // 在生产态浏览器中，这是一个空操作。
+};
+
+/**
+ * 调用一个 App Server API。
+ * - 在开发态浏览器中：本地执行。
+ * - 在生产态浏览器中：统一走平台转发（/apps/invokeAppServerAPI）。
+ * - 在后端云函数中：本地执行 (由云函数入口调用)。
+ * - 跨应用调用：仅后端场景可直连目标 AppServer（需 appServerBaseUrl + appServerApiKey）。
+ * @param {string} appServerAPIName - 要调用的服务名称。
+ * @param {Object} payload - 传递给服务的负载数据。
+ * @returns {Promise<any>} 服务处理后的结果。
+ */
+const invokeAppServerAPI = async function(appServerAPIName, payload) {
+  console.log(`[AppServer][${this.appId}] Invoking "${appServerAPIName}" with payload:`, payload);
+  // 场景零：跨应用调用，在源应用的 appserver 云函数调用目标应用的 appserver 云函数
+  if (isBackend && this.config.appServerBaseUrl && this.config.appServerApiKey) {
+    const endpoint = `${this.config.appServerBaseUrl}/invokeAppServerAPI?apiName=${appServerAPIName}`;
+    try {
+      const response = await fetch(endpoint, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-API-Key': this.config.appServerApiKey,
+        },
+        body: JSON.stringify(payload),
+      });
+
+      console.log(`App server request id: ${response.headers.get('x-scf-request-id')}`)
+
+      const res = await response.json();
+      if (!response.ok) {
+        // 抛出网络层面的错误
+        throw new Error(`[AppServer-CrossApp] error! status: ${response.status}, statusText: ${response.statusText}, requestId: ${response.headers.get('x-scf-request-id')}, body: ${JSON.stringify(res)}`);
+      }
+
+      if (res.success) {
+        return res.data;
+      }
+      // 抛出业务层面的错误
+      throw new Error(res.error || 'Cross-application server invocation failed at the business level.');
+    } catch (error) {
+      console.error(`[AppServer-CrossApp] Failed to invoke "${appServerAPIName}" via cross-app call:`, error);
+      throw error;
+    }
+  }
+
+  // 场景一：生产环境的浏览器，必须发起网络请求
+  if (isProductionBrowser) {
+    // 浏览器端统一走平台转发，由平台负责组织/应用上下文与内部鉴权链路
+    const endpoint = `/apps/invokeAppServerAPI?appId=${encodeURIComponent(this.appId)}&apiName=${encodeURIComponent(appServerAPIName)}`;
+
+    try {
+      const res = await this._post(endpoint, payload);
+      if (res.success) {
+        return res.data;
+      }
+      throw new Error(res.error || res.message || `AppServer invocation failed: ${res.code || "UNKNOWN_ERROR"}`);
+    } catch (error) {
+      console.error(`[AppServer-Prod] Failed to invoke "${appServerAPIName}" via appsClient:`, error);
+      throw error;
+    }
+  }
+
+  // 场景二：开发环境的浏览器 或 后端云函数环境，都从本地 Map 执行
+  const appServerAPIHandler = appServerAPIMap.get(appServerAPIName);
+  if (!appServerAPIHandler) {
+    throw new Error(`[AppServer-${env}] AppServer "${appServerAPIName}" not found or not registered.`);
+  }
+  return await appServerAPIHandler(payload, { appsClient: this });
+};
+
+export const appsClientAppServerMethods = {
+  registerAppServerAPI,
+  invokeAppServerAPI,
+};