npm - @tacoreai/web-sdk - Versions diffs - 1.24.1-beta.1 → 1.26.0 - Mend

@tacoreai/web-sdk 1.24.1-beta.1 → 1.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/database/core/apps/AppServerRuntime.js +133 -79
package/database/core/apps/AppsClient.AppServer.js +5 -17
package/package.json +1 -1

package/database/core/apps/AppServerRuntime.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import { AppsClient } from "./AppsClient.js";
+import { AppsAuthManager } from "./AppsAuthManager.js";
 export const APPSERVER_REQUEST_DATA_FIELD = "requestData";
@@ -7,7 +8,6 @@ const DEFAULT_FILE_SIZE_LIMIT = 100 * 1024 * 1024;
 const DEFAULT_MAX_FILES = 20;
 const isPreviewMode = () => process.env.TACORE_APPSERVER_PREVIEW_MODE === "true";
-const isLocalDeploymentMode = () => process.env.TACORE_APPSERVER_LOCAL_DEPLOYMENT_MODE === "true";
 const isValidInternalToken = (incomingValue, expectedValue) => {
   return Boolean(expectedValue) && Boolean(incomingValue) && incomingValue === expectedValue;
@@ -31,6 +31,43 @@ const getRequestSource = (isPlatformProxyRequest, isSchedulerRequest) => {
   return isPreviewMode() ? "preview-direct" : "external-direct";
 };
+const getAppServerServiceToken = (env) => (
+  env.tacoreAppServerServiceToken ||
+  process.env.TACORE_APP_SERVER_SERVICE_TOKEN ||
+  null
+);
+const getTacoreServerInteropAppServerApiKey = (env) => (
+  env.tacoreServerInteropAppServerApiKey ||
+  process.env.TACORE_SERVER_INTEROP_APP_SERVER_API_KEY ||
+  null
+);
+const hasAppServerServiceAuthCredential = (env) => (
+  Boolean(getTacoreServerInteropAppServerApiKey(env)) &&
+  Boolean(getAppServerServiceToken(env))
+);
+const shouldUseAppServerMachineAuth = ({
+  env,
+  isPlatformProxyRequest,
+  isSchedulerRequest,
+  isExternalApiKeyRequest,
+  accessToken,
+  appServerApiKey,
+  previewAppServerApiKey,
+}) => {
+  if (isExternalApiKeyRequest && accessToken) {
+    return false;
+  }
+  if (isPlatformProxyRequest || isSchedulerRequest) {
+    return hasAppServerServiceAuthCredential(env);
+  }
+  return Boolean(appServerApiKey) || Boolean(previewAppServerApiKey);
+};
 const createRequestScopedAppsClient = (env, options = {}) => {
   const {
     accessToken = null,
@@ -64,6 +101,35 @@ const createRequestScopedAppsClient = (env, options = {}) => {
   return new AppsClient(clientAppId, config);
 };
+const resolveCallerUser = async (env, accessToken) => {
+  if (!accessToken) {
+    return null;
+  }
+  try {
+    const authManager = new AppsAuthManager(env.dataSourceId || env.appId, {
+      ...env,
+      accessToken,
+    });
+    return await authManager.getCurrentUser();
+  } catch (error) {
+    console.warn("[AppServer] Failed to resolve caller user:", error?.message || error);
+    return null;
+  }
+};
+const createCallerAppsClient = (env, accessToken) => {
+  if (!accessToken) {
+    return null;
+  }
+  return createRequestScopedAppsClient(env, {
+    accessToken,
+    clientAppId: env.dataSourceId || env.appId,
+    enableAppServerServiceAuth: false,
+  });
+};
 const isPreviewApiKeyShapeValid = (apiKey) => {
   if (typeof apiKey !== "string") return false;
   const value = apiKey.trim();
@@ -79,15 +145,6 @@ const validateExternalApiKey = async (appsClient, appId, apiKey) => {
   return Boolean(result?.success && result?.data?.valid);
 };
-const validateLocalDeploymentAccessToken = async (env, accessToken) => {
-  const authClient = createRequestScopedAppsClient(env, {
-    accessToken,
-    clientAppId: env.appId,
-  });
-  const result = await authClient.getIamContext({});
-  return Boolean(result?.success);
-};
 const getPreviewGuidePayload = (req) => {
   const baseUrl = `${req.protocol}://${req.get("host")}`;
   const invokeUrl = `${baseUrl}/invokeAppServerAPI?apiName=YOUR_API_NAME`;
@@ -310,71 +367,51 @@ export const createAppServerRuntime = async (options = {}) => {
     if (!isPlatformProxyRequest && !isSchedulerRequest) {
       if (!requestApiKey) {
-        if (isLocalDeploymentMode() && requestAccessToken) {
-          try {
-            const isValidAccessToken = await validateLocalDeploymentAccessToken(env, requestAccessToken);
-            if (!isValidAccessToken) {
-              return res.status(401).json({
-                success: false,
-                code: "INVALID_ACCESS_TOKEN",
-                error: "Invalid Authorization token",
-              });
-            }
-          } catch (error) {
-            console.error("[AppServer] Failed to validate local deployment access token:", error);
-            return res.status(error.status || 401).json({
-              success: false,
-              code: "ACCESS_TOKEN_VALIDATION_FAILED",
-              error: error.message,
-            });
-          }
-        } else {
-          console.warn("[AppServer Auth] Missing X-API-Key. This request is treated as external call.");
-          return res.status(401).json({
-            success: false,
-            code: "MISSING_API_KEY",
-            error: "X-API-Key header is required",
-          });
-        }
-      } else {
-        if (!isPreviewApiKeyShapeValid(requestApiKey)) {
-          return res.status(400).json({
-            success: false,
-            code: "INVALID_API_KEY_FORMAT",
-            error: "X-API-Key format is invalid. Expected 8-128 chars: [A-Za-z0-9._-]",
-          });
-        }
-        let isValidApiKey = false;
-        try {
-          const authClient = createRequestScopedAppsClient(env, {
-            accessToken: requestAccessToken || null,
-            clientAppId: env.appId,
-          });
-          isValidApiKey = await validateExternalApiKey(authClient, env.appId, requestApiKey);
-        } catch (error) {
-          console.error("[AppServer] Failed to validate external API key:", error);
-          return res.status(500).json({
-            success: false,
-            code: "API_KEY_VALIDATION_FAILED",
-            error: error.message,
-          });
-        }
-        if (!isValidApiKey) {
-          return res.status(401).json({
-            success: false,
-            code: "INVALID_API_KEY",
-            error: "Invalid X-API-Key",
-          });
-        }
-        isExternalApiKeyRequest = true;
-        appServerApiKey = requestApiKey;
-        if (isPreviewMode() && !requestAccessToken) {
-          previewAppServerApiKey = requestApiKey;
-        }
+        console.warn("[AppServer Auth] Missing X-API-Key. This request is treated as external call.");
+        return res.status(401).json({
+          success: false,
+          code: "MISSING_API_KEY",
+          error: "X-API-Key header is required",
+        });
+      }
+      if (!isPreviewApiKeyShapeValid(requestApiKey)) {
+        return res.status(400).json({
+          success: false,
+          code: "INVALID_API_KEY_FORMAT",
+          error: "X-API-Key format is invalid. Expected 8-128 chars: [A-Za-z0-9._-]",
+        });
+      }
+      let isValidApiKey = false;
+      try {
+        const authClient = createRequestScopedAppsClient(env, {
+          accessToken: requestAccessToken || null,
+          clientAppId: env.appId,
+        });
+        isValidApiKey = await validateExternalApiKey(authClient, env.appId, requestApiKey);
+      } catch (error) {
+        console.error("[AppServer] Failed to validate external API key:", error);
+        return res.status(500).json({
+          success: false,
+          code: "API_KEY_VALIDATION_FAILED",
+          error: error.message,
+        });
+      }
+      if (!isValidApiKey) {
+        return res.status(401).json({
+          success: false,
+          code: "INVALID_API_KEY",
+          error: "Invalid X-API-Key",
+        });
+      }
+      isExternalApiKeyRequest = true;
+      appServerApiKey = requestApiKey;
+      if (isPreviewMode() && !requestAccessToken) {
+        previewAppServerApiKey = requestApiKey;
       }
     }
@@ -390,12 +427,23 @@ export const createAppServerRuntime = async (options = {}) => {
         willForwardPreviewAppServerApiKey: Boolean(previewAppServerApiKey),
       });
+      const useAppServerMachineAuth = shouldUseAppServerMachineAuth({
+        env,
+        isPlatformProxyRequest,
+        isSchedulerRequest,
+        isExternalApiKeyRequest,
+        accessToken: requestAccessToken,
+        appServerApiKey,
+        previewAppServerApiKey,
+      });
       const appsClient = createRequestScopedAppsClient(env, {
-        accessToken: requestAccessToken || null,
-        appServerApiKey: requestAccessToken ? null : appServerApiKey,
+        accessToken: useAppServerMachineAuth ? null : requestAccessToken || null,
+        appServerApiKey: useAppServerMachineAuth ? appServerApiKey : requestAccessToken ? null : appServerApiKey,
         previewAppServerApiKey,
-        enableAppServerServiceAuth: Boolean((isSchedulerRequest || isExternalApiKeyRequest) && !requestAccessToken),
+        enableAppServerServiceAuth: useAppServerMachineAuth,
       });
+      const callerUser = await resolveCallerUser(env, requestAccessToken);
+      const callerAppsClient = createCallerAppsClient(env, requestAccessToken);
       console.log(`[AppServer Debug] scoped AppsClient api="${apiName}"`, {
         hasAccessToken: Boolean(appsClient.getAccessToken()),
         hasAppServerApiKey: Boolean(appsClient.config.appServerApiKey),
@@ -403,13 +451,19 @@ export const createAppServerRuntime = async (options = {}) => {
         hasInteropKey: Boolean(appsClient.config.tacoreServerInteropAppServerApiKey),
         serviceAuthEnabled: appsClient.config.enableAppServerServiceAuth === true,
         hasServiceToken: Boolean(appsClient.config.tacoreAppServerServiceToken),
+        usesAppServerMachineAuth: useAppServerMachineAuth,
+        hasCallerUser: Boolean(callerUser?.id),
+        hasCallerAppsClient: Boolean(callerAppsClient),
       });
       const data = await appsClient.invokeAppServerAPI(apiName, payload, {
         appsClient,
+        callerAppsClient,
         req,
         res,
         files: normalizeUploadedFiles(req.files || []),
         requestSource,
+        callerAccessToken: requestAccessToken || null,
+        callerUser,
       });
       if (data && typeof data === "object" && !Buffer.isBuffer(data)) {
@@ -428,7 +482,7 @@ export const createAppServerRuntime = async (options = {}) => {
   const listen = (listenOptions = {}) => {
     const port = listenOptions.port || process.env.PORT || 9000;
-    const host = listenOptions.host || process.env.HOST || "";
+    const host = listenOptions.host;
     const callback = typeof listenOptions.onListen === "function"
       ? listenOptions.onListen
       : () => {

package/database/core/apps/AppsClient.AppServer.js CHANGED Viewed

@@ -432,26 +432,17 @@ const invokeByPreviewProxy = async function(appServerAPIName, payload, options =
 const invokeByCrossAppDirect = async function(appServerAPIName, payload, options = {}) {
   const endpoint = `${this.config.appServerBaseUrl}/invokeAppServerAPI?apiName=${encodeURIComponent(appServerAPIName)}`;
-  const extraHeaders = this.config.appServerApiKey
-    ? { "X-API-Key": this.config.appServerApiKey }
-    : {};
-  const requestInit = buildRemoteRequestInit.call(this, payload, options, extraHeaders);
+  const requestInit = buildRemoteRequestInit.call(this, payload, options, {
+    "X-API-Key": this.config.appServerApiKey,
+  });
   const response = await fetch(endpoint, requestInit);
   return await unwrapAppServerResponse(response, "[AppServer-CrossApp]");
 };
-const canUseBackendDirectAppServer = function() {
-  return Boolean(this.config.appServerBaseUrl && this.config.appServerApiKey);
-};
-const canUseProductionBrowserDirectAppServer = function() {
-  return Boolean(this.config.appServerBaseUrl);
-};
 /**
  * 调用一个 App Server API。
  * - 开发态浏览器：预览页走 CLI preview bridge，其他页面走平台转发。
- * - 生产态浏览器：配置了 appServerBaseUrl 时直连，使用当前用户 Authorization 鉴权。
+ * - 生产态浏览器：统一走平台转发。
  * - 后端跨应用：允许使用 appServerBaseUrl + appServerApiKey 直连目标 AppServer。
  * - 后端当前应用：从本地注册表执行。
  *
@@ -465,10 +456,7 @@ const invokeAppServerAPI = async function(appServerAPIName, payload, options = {
     throw new Error("appServerAPIName is required");
   }
-  if (
-    (isBackend && canUseBackendDirectAppServer.call(this)) ||
-    (isProductionBrowser && canUseProductionBrowserDirectAppServer.call(this))
-  ) {
+  if (isBackend && this.config.appServerBaseUrl && this.config.appServerApiKey) {
     return await invokeByCrossAppDirect.call(this, appServerAPIName, payload, options);
   }

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@tacoreai/web-sdk",
   "description": "This file is for app server package, not the real npm package",
-  "version": "1.24.1-beta.1",
+  "version": "1.26.0",
   "type": "module",
   "publishConfig": {
     "access": "public",