@undefineds.co/xpod 0.1.0-local.202602081751

package/dist/api/handlers/WebIdProfileHandler.js

@@ -0,0 +1,204 @@
+"use strict";
+/**
+ * WebID Profile API Handler
+ *
+ * 提供 WebID Profile 托管服务的 HTTP API
+ *
+ * GET  /{username}/profile/card     - 获取 WebID Profile (Turtle 格式)
+ * POST /api/v1/identity/{username}/storage - 更新 storage 指针 (需认证)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerWebIdProfileRoutes = registerWebIdProfileRoutes;
+const global_logger_factory_1 = require("global-logger-factory");
+const logger = (0, global_logger_factory_1.getLoggerFor)('WebIdProfileHandler');
+function registerWebIdProfileRoutes(server, options) {
+    const { profileRepo } = options;
+    /**
+     * GET /{username}/profile/card
+     *
+     * 获取 WebID Profile (Turtle 格式)
+     * 这是 Solid 标准的 WebID 端点
+     */
+    server.get('/:username/profile/card', async (_request, response, params) => {
+        const username = decodeURIComponent(params.username);
+        try {
+            const profile = await profileRepo.get(username);
+            if (!profile) {
+                sendError(response, 404, 'Profile not found');
+                return;
+            }
+            // 返回 Turtle 格式
+            const turtle = profileRepo.generateProfileTurtle(profile);
+            response.statusCode = 200;
+            response.setHeader('Content-Type', 'text/turtle');
+            response.setHeader('Link', `<${profile.webidUrl}>; rel="describedby"`);
+            response.end(turtle);
+        }
+        catch (error) {
+            logger.error(`Failed to get profile for ${username}: ${error}`);
+            sendError(response, 500, 'Internal server error');
+        }
+    }, { public: true });
+    /**
+     * POST /api/v1/identity/{username}/storage
+     *
+     * 更新 storage 指针
+     * 用于 Local 节点更新其 storage URL
+     *
+     * Request body:
+     * {
+     *   "storageUrl": "https://alice.undefineds.xyz/"
+     * }
+     */
+    server.post('/api/v1/identity/:username/storage', async (request, response, params) => {
+        const username = decodeURIComponent(params.username);
+        try {
+            const body = await readJsonBody(request);
+            const payload = body;
+            if (!payload?.storageUrl) {
+                sendError(response, 400, 'storageUrl is required');
+                return;
+            }
+            // 验证 URL 格式
+            try {
+                new URL(payload.storageUrl);
+            }
+            catch {
+                sendError(response, 400, 'Invalid storageUrl format');
+                return;
+            }
+            const profile = await profileRepo.updateStorage(username, {
+                storageUrl: payload.storageUrl,
+                storageMode: payload.storageMode,
+            });
+            if (!profile) {
+                sendError(response, 404, 'Profile not found');
+                return;
+            }
+            logger.info(`Updated storage for ${username}: ${payload.storageUrl}`);
+            sendJson(response, 200, {
+                success: true,
+                username,
+                storageUrl: profile.storageUrl,
+                storageMode: profile.storageMode,
+                updatedAt: profile.updatedAt.toISOString(),
+            });
+        }
+        catch (error) {
+            logger.error(`Failed to update storage for ${username}: ${error}`);
+            sendError(response, 500, 'Internal server error');
+        }
+    });
+    /**
+     * GET /api/v1/identity/{username}
+     *
+     * 获取 WebID Profile 信息 (JSON 格式)
+     */
+    server.get('/api/v1/identity/:username', async (_request, response, params) => {
+        const username = decodeURIComponent(params.username);
+        try {
+            const profile = await profileRepo.get(username);
+            if (!profile) {
+                sendError(response, 404, 'Profile not found');
+                return;
+            }
+            sendJson(response, 200, {
+                username: profile.username,
+                webidUrl: profile.webidUrl,
+                storageUrl: profile.storageUrl,
+                storageMode: profile.storageMode,
+                oidcIssuer: profile.oidcIssuer,
+                createdAt: profile.createdAt.toISOString(),
+                updatedAt: profile.updatedAt.toISOString(),
+            });
+        }
+        catch (error) {
+            logger.error(`Failed to get profile for ${username}: ${error}`);
+            sendError(response, 500, 'Internal server error');
+        }
+    }, { public: true });
+    /**
+     * POST /api/v1/identity
+     *
+     * 创建 WebID Profile
+     *
+     * Request body:
+     * {
+     *   "username": "alice",
+     *   "storageMode": "local",  // optional, default: "cloud"
+     *   "storageUrl": "https://alice.undefineds.xyz/"  // optional
+     * }
+     */
+    server.post('/api/v1/identity', async (request, response, _params) => {
+        try {
+            const body = await readJsonBody(request);
+            const payload = body;
+            if (!payload?.username) {
+                sendError(response, 400, 'username is required');
+                return;
+            }
+            // 验证用户名格式
+            if (!/^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$/.test(payload.username)) {
+                sendError(response, 400, 'Invalid username format');
+                return;
+            }
+            // 检查是否已存在
+            const existing = await profileRepo.get(payload.username);
+            if (existing) {
+                sendError(response, 409, 'Username already taken');
+                return;
+            }
+            const profile = await profileRepo.create({
+                username: payload.username,
+                storageMode: payload.storageMode,
+                storageUrl: payload.storageUrl,
+                accountId: payload.accountId,
+            });
+            logger.info(`Created profile for ${payload.username}`);
+            sendJson(response, 201, {
+                success: true,
+                username: profile.username,
+                webidUrl: profile.webidUrl,
+                storageUrl: profile.storageUrl,
+                storageMode: profile.storageMode,
+                createdAt: profile.createdAt.toISOString(),
+            });
+        }
+        catch (error) {
+            logger.error(`Failed to create profile: ${error}`);
+            sendError(response, 500, 'Internal server error');
+        }
+    });
+    logger.info('WebID Profile routes registered');
+}
+async function readJsonBody(request) {
+    return new Promise((resolve, reject) => {
+        let data = '';
+        request.setEncoding('utf8');
+        request.on('data', (chunk) => {
+            data += chunk;
+        });
+        request.on('end', () => {
+            if (!data) {
+                resolve(undefined);
+                return;
+            }
+            try {
+                resolve(JSON.parse(data));
+            }
+            catch {
+                resolve(undefined);
+            }
+        });
+        request.on('error', reject);
+    });
+}
+function sendJson(response, status, data) {
+    response.statusCode = status;
+    response.setHeader('Content-Type', 'application/json');
+    response.end(JSON.stringify(data));
+}
+function sendError(response, status, message) {
+    sendJson(response, status, { error: message });
+}
+//# sourceMappingURL=WebIdProfileHandler.js.map

package/dist/api/handlers/WebIdProfileHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"WebIdProfileHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/WebIdProfileHandler.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAaH,gEA2LC;AArMD,iEAAqD;AAIrD,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,qBAAqB,CAAC,CAAC;AAMnD,SAAgB,0BAA0B,CACxC,MAAiB,EACjB,OAAmC;IAEnC,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IAEhC;;;;;OAKG;IACH,MAAM,CAAC,GAAG,CAAC,yBAAyB,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACzE,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAErD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAEhD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAmB,CAAC,CAAC;gBAC9C,OAAO;YACT,CAAC;YAED,eAAe;YACf,MAAM,MAAM,GAAG,WAAW,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;YAE1D,QAAQ,CAAC,UAAU,GAAG,GAAG,CAAC;YAC1B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;YAClD,QAAQ,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,OAAO,CAAC,QAAQ,sBAAsB,CAAC,CAAC;YACvE,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;YAChE,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB;;;;;;;;;;OAUG;IACH,MAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACpF,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAErD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;YACzC,MAAM,OAAO,GAAG,IAAiE,CAAC;YAElF,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC;gBACzB,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,wBAAwB,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YAED,YAAY;YACZ,IAAI,CAAC;gBACH,IAAI,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAC9B,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,2BAA2B,CAAC,CAAC;gBACtD,OAAO;YACT,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,QAAQ,EAAE;gBACxD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAuD;aAC7E,CAAC,CAAC;YAEH,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAmB,CAAC,CAAC;gBAC9C,OAAO;YACT,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,uBAAuB,QAAQ,KAAK,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;YAEtE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,OAAO,EAAE,IAAI;gBACb,QAAQ;gBACR,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE;aAC3C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,gCAAgC,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;YACnE,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH;;;;OAIG;IACH,MAAM,CAAC,GAAG,CAAC,4BAA4B,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QAC5E,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAErD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAEhD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAmB,CAAC,CAAC;gBAC9C,OAAO;YACT,CAAC;YAED,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE;gBAC1C,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE;aAC3C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;YAChE,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE;QACnE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;YACzC,MAAM,OAAO,GAAG,IAKH,CAAC;YAEd,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC;gBACvB,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,sBAAsB,CAAC,CAAC;gBACjD,OAAO;YACT,CAAC;YAED,UAAU;YACV,IAAI,CAAC,mCAAmC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChE,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,yBAAyB,CAAC,CAAC;gBACpD,OAAO;YACT,CAAC;YAED,UAAU;YACV,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACzD,IAAI,QAAQ,EAAE,CAAC;gBACb,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,wBAAwB,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC;gBACvC,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,WAAW,EAAE,OAAO,CAAC,WAAuD;gBAC5E,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;aAC7B,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,uBAAuB,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;YAEvD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE;aAC3C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,KAAK,EAAE,CAAC,CAAC;YACnD,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;AACjD,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,OAAwB;IAClD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,SAAS,CAAC,CAAC;gBACnB,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,SAAS,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,SAAS,CAAC,QAAwB,EAAE,MAAc,EAAE,OAAe;IAC1E,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;AACjD,CAAC","sourcesContent":["/**\n * WebID Profile API Handler\n *\n * 提供 WebID Profile 托管服务的 HTTP API\n *\n * GET  /{username}/profile/card     - 获取 WebID Profile (Turtle 格式)\n * POST /api/v1/identity/{username}/storage - 更新 storage 指针 (需认证)\n */\n\nimport type { ServerResponse, IncomingMessage } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { ApiServer } from '../ApiServer';\nimport type { WebIdProfileRepository } from '../../identity/drizzle/WebIdProfileRepository';\n\nconst logger = getLoggerFor('WebIdProfileHandler');\n\nexport interface WebIdProfileHandlerOptions {\n  profileRepo: WebIdProfileRepository;\n}\n\nexport function registerWebIdProfileRoutes(\n  server: ApiServer,\n  options: WebIdProfileHandlerOptions,\n): void {\n  const { profileRepo } = options;\n\n  /**\n   * GET /{username}/profile/card\n   *\n   * 获取 WebID Profile (Turtle 格式)\n   * 这是 Solid 标准的 WebID 端点\n   */\n  server.get('/:username/profile/card', async (_request, response, params) => {\n    const username = decodeURIComponent(params.username);\n\n    try {\n      const profile = await profileRepo.get(username);\n\n      if (!profile) {\n        sendError(response, 404, 'Profile not found');\n        return;\n      }\n\n      // 返回 Turtle 格式\n      const turtle = profileRepo.generateProfileTurtle(profile);\n\n      response.statusCode = 200;\n      response.setHeader('Content-Type', 'text/turtle');\n      response.setHeader('Link', `<${profile.webidUrl}>; rel=\"describedby\"`);\n      response.end(turtle);\n    } catch (error) {\n      logger.error(`Failed to get profile for ${username}: ${error}`);\n      sendError(response, 500, 'Internal server error');\n    }\n  }, { public: true });\n\n  /**\n   * POST /api/v1/identity/{username}/storage\n   *\n   * 更新 storage 指针\n   * 用于 Local 节点更新其 storage URL\n   *\n   * Request body:\n   * {\n   *   \"storageUrl\": \"https://alice.undefineds.xyz/\"\n   * }\n   */\n  server.post('/api/v1/identity/:username/storage', async (request, response, params) => {\n    const username = decodeURIComponent(params.username);\n\n    try {\n      const body = await readJsonBody(request);\n      const payload = body as { storageUrl?: string; storageMode?: string } | undefined;\n\n      if (!payload?.storageUrl) {\n        sendError(response, 400, 'storageUrl is required');\n        return;\n      }\n\n      // 验证 URL 格式\n      try {\n        new URL(payload.storageUrl);\n      } catch {\n        sendError(response, 400, 'Invalid storageUrl format');\n        return;\n      }\n\n      const profile = await profileRepo.updateStorage(username, {\n        storageUrl: payload.storageUrl,\n        storageMode: payload.storageMode as 'cloud' | 'local' | 'custom' | undefined,\n      });\n\n      if (!profile) {\n        sendError(response, 404, 'Profile not found');\n        return;\n      }\n\n      logger.info(`Updated storage for ${username}: ${payload.storageUrl}`);\n\n      sendJson(response, 200, {\n        success: true,\n        username,\n        storageUrl: profile.storageUrl,\n        storageMode: profile.storageMode,\n        updatedAt: profile.updatedAt.toISOString(),\n      });\n    } catch (error) {\n      logger.error(`Failed to update storage for ${username}: ${error}`);\n      sendError(response, 500, 'Internal server error');\n    }\n  });\n\n  /**\n   * GET /api/v1/identity/{username}\n   *\n   * 获取 WebID Profile 信息 (JSON 格式)\n   */\n  server.get('/api/v1/identity/:username', async (_request, response, params) => {\n    const username = decodeURIComponent(params.username);\n\n    try {\n      const profile = await profileRepo.get(username);\n\n      if (!profile) {\n        sendError(response, 404, 'Profile not found');\n        return;\n      }\n\n      sendJson(response, 200, {\n        username: profile.username,\n        webidUrl: profile.webidUrl,\n        storageUrl: profile.storageUrl,\n        storageMode: profile.storageMode,\n        oidcIssuer: profile.oidcIssuer,\n        createdAt: profile.createdAt.toISOString(),\n        updatedAt: profile.updatedAt.toISOString(),\n      });\n    } catch (error) {\n      logger.error(`Failed to get profile for ${username}: ${error}`);\n      sendError(response, 500, 'Internal server error');\n    }\n  }, { public: true });\n\n  /**\n   * POST /api/v1/identity\n   *\n   * 创建 WebID Profile\n   *\n   * Request body:\n   * {\n   *   \"username\": \"alice\",\n   *   \"storageMode\": \"local\",  // optional, default: \"cloud\"\n   *   \"storageUrl\": \"https://alice.undefineds.xyz/\"  // optional\n   * }\n   */\n  server.post('/api/v1/identity', async (request, response, _params) => {\n    try {\n      const body = await readJsonBody(request);\n      const payload = body as {\n        username?: string;\n        storageMode?: string;\n        storageUrl?: string;\n        accountId?: string;\n      } | undefined;\n\n      if (!payload?.username) {\n        sendError(response, 400, 'username is required');\n        return;\n      }\n\n      // 验证用户名格式\n      if (!/^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$/.test(payload.username)) {\n        sendError(response, 400, 'Invalid username format');\n        return;\n      }\n\n      // 检查是否已存在\n      const existing = await profileRepo.get(payload.username);\n      if (existing) {\n        sendError(response, 409, 'Username already taken');\n        return;\n      }\n\n      const profile = await profileRepo.create({\n        username: payload.username,\n        storageMode: payload.storageMode as 'cloud' | 'local' | 'custom' | undefined,\n        storageUrl: payload.storageUrl,\n        accountId: payload.accountId,\n      });\n\n      logger.info(`Created profile for ${payload.username}`);\n\n      sendJson(response, 201, {\n        success: true,\n        username: profile.username,\n        webidUrl: profile.webidUrl,\n        storageUrl: profile.storageUrl,\n        storageMode: profile.storageMode,\n        createdAt: profile.createdAt.toISOString(),\n      });\n    } catch (error) {\n      logger.error(`Failed to create profile: ${error}`);\n      sendError(response, 500, 'Internal server error');\n    }\n  });\n\n  logger.info('WebID Profile routes registered');\n}\n\nasync function readJsonBody(request: IncomingMessage): Promise<unknown> {\n  return new Promise((resolve, reject) => {\n    let data = '';\n    request.setEncoding('utf8');\n    request.on('data', (chunk: string) => {\n      data += chunk;\n    });\n    request.on('end', () => {\n      if (!data) {\n        resolve(undefined);\n        return;\n      }\n      try {\n        resolve(JSON.parse(data));\n      } catch {\n        resolve(undefined);\n      }\n    });\n    request.on('error', reject);\n  });\n}\n\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n  response.statusCode = status;\n  response.setHeader('Content-Type', 'application/json');\n  response.end(JSON.stringify(data));\n}\n\nfunction sendError(response: ServerResponse, status: number, message: string): void {\n  sendJson(response, status, { error: message });\n}\n"]}

package/dist/api/handlers/index.d.ts

@@ -0,0 +1,11 @@
+export * from './SignalHandler';
+export * from './QuotaHandler';
+export * from './NodeHandler';
+export * from './ChatHandler';
+export * from './VectorHandler';
+export * from './VectorStoreHandler';
+export * from './VectorStoreWebhookHandler';
+export * from './ApiKeyHandler';
+export * from './SubdomainHandler';
+export * from './SubdomainClientHandler';
+export * from './ChatKitHandler';

package/dist/api/handlers/index.js

@@ -0,0 +1,28 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./SignalHandler"), exports);
+__exportStar(require("./QuotaHandler"), exports);
+__exportStar(require("./NodeHandler"), exports);
+__exportStar(require("./ChatHandler"), exports);
+__exportStar(require("./VectorHandler"), exports);
+__exportStar(require("./VectorStoreHandler"), exports);
+__exportStar(require("./VectorStoreWebhookHandler"), exports);
+__exportStar(require("./ApiKeyHandler"), exports);
+__exportStar(require("./SubdomainHandler"), exports);
+__exportStar(require("./SubdomainClientHandler"), exports);
+__exportStar(require("./ChatKitHandler"), exports);
+//# sourceMappingURL=index.js.map

package/dist/api/handlers/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/api/handlers/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,kDAAgC;AAChC,iDAA+B;AAC/B,gDAA8B;AAC9B,gDAA8B;AAC9B,kDAAgC;AAChC,uDAAqC;AACrC,8DAA4C;AAC5C,kDAAgC;AAChC,qDAAmC;AACnC,2DAAyC;AACzC,mDAAiC","sourcesContent":["export * from './SignalHandler';\nexport * from './QuotaHandler';\nexport * from './NodeHandler';\nexport * from './ChatHandler';\nexport * from './VectorHandler';\nexport * from './VectorStoreHandler';\nexport * from './VectorStoreWebhookHandler';\nexport * from './ApiKeyHandler';\nexport * from './SubdomainHandler';\nexport * from './SubdomainClientHandler';\nexport * from './ChatKitHandler';\n"]}

package/dist/api/index.d.ts

@@ -0,0 +1,12 @@
+/**
+ * API Service - Standalone HTTP server for management APIs
+ *
+ * Separated from CSS main process for stability and security isolation.
+ * Supports multiple authentication methods:
+ * - Solid Token (DPoP) - for frontend users
+ * - Client Credentials (Basic Auth) - for third-party apps and internal services
+ */
+export * from './auth';
+export * from './middleware';
+export * from './handlers';
+export * from './ApiServer';

package/dist/api/index.js

@@ -0,0 +1,29 @@
+"use strict";
+/**
+ * API Service - Standalone HTTP server for management APIs
+ *
+ * Separated from CSS main process for stability and security isolation.
+ * Supports multiple authentication methods:
+ * - Solid Token (DPoP) - for frontend users
+ * - Client Credentials (Basic Auth) - for third-party apps and internal services
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./auth"), exports);
+__exportStar(require("./middleware"), exports);
+__exportStar(require("./handlers"), exports);
+__exportStar(require("./ApiServer"), exports);
+//# sourceMappingURL=index.js.map

package/dist/api/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/api/index.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;AAEH,yCAAuB;AACvB,+CAA6B;AAC7B,6CAA2B;AAC3B,8CAA4B","sourcesContent":["/**\n * API Service - Standalone HTTP server for management APIs\n *\n * Separated from CSS main process for stability and security isolation.\n * Supports multiple authentication methods:\n * - Solid Token (DPoP) - for frontend users\n * - Client Credentials (Basic Auth) - for third-party apps and internal services\n */\n\nexport * from './auth';\nexport * from './middleware';\nexport * from './handlers';\nexport * from './ApiServer';\n"]}

package/dist/api/main.d.ts

@@ -0,0 +1,14 @@
+#!/usr/bin/env node
+/**
+ * API Service Entry Point
+ *
+ * 使用 Awilix 依赖注入，根据 XPOD_EDITION 环境变量切换 cloud/local 模式
+ *
+ * - cloud: 持有 DNS/Tunnel 密钥，直接操作子域名，提供身份服务
+ * - local: 连接 Cloud 获取身份服务和 DDNS，或独立运行
+ *
+ * Authentication:
+ * - Solid DPoP Token: for browser/frontend users
+ * - Client Credentials (Basic Auth with client_id:client_secret): for edge nodes and third-party backends
+ */
+export {};

package/dist/api/main.js

@@ -0,0 +1,106 @@
+#!/usr/bin/env node
+"use strict";
+/**
+ * API Service Entry Point
+ *
+ * 使用 Awilix 依赖注入，根据 XPOD_EDITION 环境变量切换 cloud/local 模式
+ *
+ * - cloud: 持有 DNS/Tunnel 密钥，直接操作子域名，提供身份服务
+ * - local: 连接 Cloud 获取身份服务和 DDNS，或独立运行
+ *
+ * Authentication:
+ * - Solid DPoP Token: for browser/frontend users
+ * - Client Credentials (Basic Auth with client_id:client_secret): for edge nodes and third-party backends
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+const container_1 = require("./container");
+const routes_1 = require("./container/routes");
+const global_logger_factory_1 = require("global-logger-factory");
+const ConfigurableLoggerFactory_1 = require("../logging/ConfigurableLoggerFactory");
+async function main() {
+    // 从环境变量加载配置
+    const config = (0, container_1.loadConfigFromEnv)();
+    // 初始化全局统一日志工厂
+    const loggerFactory = new ConfigurableLoggerFactory_1.ConfigurableLoggerFactory(process.env.CSS_LOGGING_LEVEL || 'info', {
+        fileName: './logs/xpod-%DATE%.log',
+        showLocation: true,
+    });
+    (0, global_logger_factory_1.setGlobalLoggerFactory)(loggerFactory);
+    const logger = (0, global_logger_factory_1.getLoggerFor)('Main');
+    if (!config.databaseUrl) {
+        logger.error('CSS_IDENTITY_DB_URL or DATABASE_URL environment variable is required');
+        process.exit(1);
+    }
+    logger.info(`Starting API Service (edition: ${config.edition})...`);
+    // 创建 DI 容器
+    const container = (0, container_1.createApiContainer)(config);
+    // 注册路由
+    (0, routes_1.registerRoutes)(container);
+    // Start background maintenance (IPv6 DDNS / Tunnel Control)
+    try {
+        const localNetworkManager = container.resolve('localNetworkManager', { allowUnregistered: true });
+        if (localNetworkManager) {
+            localNetworkManager.start();
+        }
+    }
+    catch (error) {
+        logger.error(`Failed to initialize LocalNetworkManager: ${error}`);
+    }
+    // Start DDNS Manager (托管式 Local 模式)
+    try {
+        const ddnsManager = container.resolve('ddnsManager', { allowUnregistered: true });
+        if (ddnsManager) {
+            await ddnsManager.start();
+            logger.info('DDNS Manager started');
+        }
+    }
+    catch (error) {
+        logger.error(`Failed to initialize DdnsManager: ${error}`);
+    }
+    // Start Cloudflare Tunnel (独立式 Local 模式，没有 LocalNetworkManager 时直接启动)
+    try {
+        const localNetworkManager = container.resolve('localNetworkManager', { allowUnregistered: true });
+        const localTunnelProvider = container.resolve('localTunnelProvider', { allowUnregistered: true });
+        // 只有当没有 LocalNetworkManager（它会自动管理 Tunnel）且有 Tunnel Provider 时才手动启动
+        if (!localNetworkManager && localTunnelProvider) {
+            logger.info('Starting Cloudflare Tunnel (standalone mode)...');
+            await localTunnelProvider.start();
+            logger.info('Cloudflare Tunnel started');
+        }
+    }
+    catch (error) {
+        logger.error(`Failed to start Cloudflare Tunnel: ${error}`);
+    }
+    // Start the HTTP server
+    const server = container.resolve('apiServer');
+    await server.start();
+    logger.info(`API Service active on ${config.host}:${config.port}`);
+    // Graceful shutdown
+    const shutdown = async (signal) => {
+        logger.info(`Stopping API Service (${signal})...`);
+        try {
+            const ddnsManager = container.resolve('ddnsManager', { allowUnregistered: true });
+            ddnsManager?.stop();
+        }
+        catch { }
+        try {
+            const localNetworkManager = container.resolve('localNetworkManager', { allowUnregistered: true });
+            await localNetworkManager?.stop();
+        }
+        catch { }
+        try {
+            const localTunnelProvider = container.resolve('localTunnelProvider', { allowUnregistered: true });
+            await localTunnelProvider?.stop();
+        }
+        catch { }
+        await server.stop();
+        process.exit(0);
+    };
+    process.on('SIGTERM', () => shutdown('SIGTERM'));
+    process.on('SIGINT', () => shutdown('SIGINT'));
+}
+main().catch((error) => {
+    console.error(`Failed to start API Service: ${error}`);
+    process.exit(1);
+});
+//# sourceMappingURL=main.js.map

package/dist/api/main.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"main.js","sourceRoot":"","sources":["../../src/api/main.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;GAWG;;AAEH,2CAAoE;AACpE,+CAAoD;AACpD,iEAA6E;AAC7E,oFAAiF;AAEjF,KAAK,UAAU,IAAI;IACjB,YAAY;IACZ,MAAM,MAAM,GAAG,IAAA,6BAAiB,GAAE,CAAC;IAEnC,cAAc;IACd,MAAM,aAAa,GAAG,IAAI,qDAAyB,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,MAAM,EAAE;QAC3F,QAAQ,EAAE,wBAAwB;QAClC,YAAY,EAAE,IAAI;KACnB,CAAC,CAAC;IACH,IAAA,8CAAsB,EAAC,aAAa,CAAC,CAAC;IAEtC,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,MAAM,CAAC,CAAC;IAEpC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QACxB,MAAM,CAAC,KAAK,CAAC,sEAAsE,CAAC,CAAC;QACrF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,kCAAkC,MAAM,CAAC,OAAO,MAAM,CAAC,CAAC;IAEpE,WAAW;IACX,MAAM,SAAS,GAAG,IAAA,8BAAkB,EAAC,MAAM,CAAC,CAAC;IAE7C,OAAO;IACP,IAAA,uBAAc,EAAC,SAAS,CAAC,CAAC;IAE1B,4DAA4D;IAC5D,IAAI,CAAC;QACH,MAAM,mBAAmB,GAAG,SAAS,CAAC,OAAO,CAAC,qBAAqB,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,CAAQ,CAAC;QACzG,IAAI,mBAAmB,EAAE,CAAC;YACxB,mBAAmB,CAAC,KAAK,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,6CAA6C,KAAK,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,oCAAoC;IACpC,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,CAAQ,CAAC;QACzF,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;YAC1B,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,qCAAqC,KAAK,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,sEAAsE;IACtE,IAAI,CAAC;QACH,MAAM,mBAAmB,GAAG,SAAS,CAAC,OAAO,CAAC,qBAAqB,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,CAAC,CAAC;QAClG,MAAM,mBAAmB,GAAG,SAAS,CAAC,OAAO,CAAC,qBAAqB,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,CAAQ,CAAC;QAEzG,oEAAoE;QACpE,IAAI,CAAC,mBAAmB,IAAI,mBAAmB,EAAE,CAAC;YAChD,MAAM,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;YAC/D,MAAM,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,sCAAsC,KAAK,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED,wBAAwB;IACxB,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,WAAW,CAAQ,CAAC;IACrD,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACrB,MAAM,CAAC,IAAI,CAAC,yBAAyB,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IAEnE,oBAAoB;IACpB,MAAM,QAAQ,GAAG,KAAK,EAAE,MAAc,EAAiB,EAAE;QACvD,MAAM,CAAC,IAAI,CAAC,yBAAyB,MAAM,MAAM,CAAC,CAAC;QAEnD,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,CAAQ,CAAC;YACzF,WAAW,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QAEV,IAAI,CAAC;YACH,MAAM,mBAAmB,GAAG,SAAS,CAAC,OAAO,CAAC,qBAAqB,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,CAAC,CAAC;YAClG,MAAM,mBAAmB,EAAE,IAAI,EAAE,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QAEV,IAAI,CAAC;YACH,MAAM,mBAAmB,GAAG,SAAS,CAAC,OAAO,CAAC,qBAAqB,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,CAAQ,CAAC;YACzG,MAAM,mBAAmB,EAAE,IAAI,EAAE,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QAEV,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,gCAAgC,KAAK,EAAE,CAAC,CAAC;IACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC","sourcesContent":["#!/usr/bin/env node\n/**\n * API Service Entry Point\n *\n * 使用 Awilix 依赖注入，根据 XPOD_EDITION 环境变量切换 cloud/local 模式\n *\n * - cloud: 持有 DNS/Tunnel 密钥，直接操作子域名，提供身份服务\n * - local: 连接 Cloud 获取身份服务和 DDNS，或独立运行\n *\n * Authentication:\n * - Solid DPoP Token: for browser/frontend users\n * - Client Credentials (Basic Auth with client_id:client_secret): for edge nodes and third-party backends\n */\n\nimport { createApiContainer, loadConfigFromEnv } from './container';\nimport { registerRoutes } from './container/routes';\nimport { setGlobalLoggerFactory, getLoggerFor } from 'global-logger-factory';\nimport { ConfigurableLoggerFactory } from '../logging/ConfigurableLoggerFactory';\n\nasync function main(): Promise<void> {\n  // 从环境变量加载配置\n  const config = loadConfigFromEnv();\n\n  // 初始化全局统一日志工厂\n  const loggerFactory = new ConfigurableLoggerFactory(process.env.CSS_LOGGING_LEVEL || 'info', {\n    fileName: './logs/xpod-%DATE%.log',\n    showLocation: true,\n  });\n  setGlobalLoggerFactory(loggerFactory);\n\n  const logger = getLoggerFor('Main');\n\n  if (!config.databaseUrl) {\n    logger.error('CSS_IDENTITY_DB_URL or DATABASE_URL environment variable is required');\n    process.exit(1);\n  }\n\n  logger.info(`Starting API Service (edition: ${config.edition})...`);\n\n  // 创建 DI 容器\n  const container = createApiContainer(config);\n\n  // 注册路由\n  registerRoutes(container);\n\n  // Start background maintenance (IPv6 DDNS / Tunnel Control)\n  try {\n    const localNetworkManager = container.resolve('localNetworkManager', { allowUnregistered: true }) as any;\n    if (localNetworkManager) {\n      localNetworkManager.start();\n    }\n  } catch (error) {\n    logger.error(`Failed to initialize LocalNetworkManager: ${error}`);\n  }\n\n  // Start DDNS Manager (托管式 Local 模式)\n  try {\n    const ddnsManager = container.resolve('ddnsManager', { allowUnregistered: true }) as any;\n    if (ddnsManager) {\n      await ddnsManager.start();\n      logger.info('DDNS Manager started');\n    }\n  } catch (error) {\n    logger.error(`Failed to initialize DdnsManager: ${error}`);\n  }\n\n  // Start Cloudflare Tunnel (独立式 Local 模式，没有 LocalNetworkManager 时直接启动)\n  try {\n    const localNetworkManager = container.resolve('localNetworkManager', { allowUnregistered: true });\n    const localTunnelProvider = container.resolve('localTunnelProvider', { allowUnregistered: true }) as any;\n\n    // 只有当没有 LocalNetworkManager（它会自动管理 Tunnel）且有 Tunnel Provider 时才手动启动\n    if (!localNetworkManager && localTunnelProvider) {\n      logger.info('Starting Cloudflare Tunnel (standalone mode)...');\n      await localTunnelProvider.start();\n      logger.info('Cloudflare Tunnel started');\n    }\n  } catch (error) {\n    logger.error(`Failed to start Cloudflare Tunnel: ${error}`);\n  }\n\n  // Start the HTTP server\n  const server = container.resolve('apiServer') as any;\n  await server.start();\n  logger.info(`API Service active on ${config.host}:${config.port}`);\n\n  // Graceful shutdown\n  const shutdown = async (signal: string): Promise<void> => {\n    logger.info(`Stopping API Service (${signal})...`);\n\n    try {\n      const ddnsManager = container.resolve('ddnsManager', { allowUnregistered: true }) as any;\n      ddnsManager?.stop();\n    } catch {}\n\n    try {\n      const localNetworkManager = container.resolve('localNetworkManager', { allowUnregistered: true });\n      await localNetworkManager?.stop();\n    } catch {}\n\n    try {\n      const localTunnelProvider = container.resolve('localTunnelProvider', { allowUnregistered: true }) as any;\n      await localTunnelProvider?.stop();\n    } catch {}\n\n    await server.stop();\n    process.exit(0);\n  };\n\n  process.on('SIGTERM', () => shutdown('SIGTERM'));\n  process.on('SIGINT', () => shutdown('SIGINT'));\n}\n\nmain().catch((error) => {\n  console.error(`Failed to start API Service: ${error}`);\n  process.exit(1);\n});\n"]}

package/dist/api/middleware/AuthMiddleware.d.ts

@@ -0,0 +1,35 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import type { Authenticator } from '../auth/Authenticator';
+import type { AuthContext } from '../auth/AuthContext';
+/**
+ * Extended request with auth context
+ */
+export interface AuthenticatedRequest extends IncomingMessage {
+    auth?: AuthContext;
+}
+export interface AuthMiddlewareOptions {
+    authenticator: Authenticator;
+    /**
+     * Paths that do not require authentication
+     */
+    publicPaths?: string[];
+}
+/**
+ * Middleware that handles authentication for API requests
+ */
+export declare class AuthMiddleware {
+    private readonly logger;
+    private readonly authenticator;
+    private readonly publicPaths;
+    constructor(options: AuthMiddlewareOptions);
+    /**
+     * Check if a path is public (does not require authentication)
+     */
+    isPublicPath(path: string): boolean;
+    /**
+     * Process the request, adding auth context if authenticated
+     * Returns true if request should continue, false if response was sent
+     */
+    process(request: AuthenticatedRequest, response: ServerResponse): Promise<boolean>;
+    private sendUnauthorized;
+}

package/dist/api/middleware/AuthMiddleware.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthMiddleware = void 0;
+const global_logger_factory_1 = require("global-logger-factory");
+/**
+ * Middleware that handles authentication for API requests
+ */
+class AuthMiddleware {
+    constructor(options) {
+        this.logger = (0, global_logger_factory_1.getLoggerFor)(this);
+        this.authenticator = options.authenticator;
+        this.publicPaths = new Set(options.publicPaths ?? []);
+    }
+    /**
+     * Check if a path is public (does not require authentication)
+     */
+    isPublicPath(path) {
+        // Normalize path by removing query string
+        const normalizedPath = path.split('?')[0];
+        return this.publicPaths.has(normalizedPath);
+    }
+    /**
+     * Process the request, adding auth context if authenticated
+     * Returns true if request should continue, false if response was sent
+     */
+    async process(request, response) {
+        // Check for authorization header
+        if (!request.headers.authorization) {
+            this.sendUnauthorized(response, 'Authentication required');
+            return false;
+        }
+        // Attempt authentication
+        const result = await this.authenticator.authenticate(request);
+        console.log(`[AuthMiddleware] ${request.method} ${request.url} - success: ${result.success}, error: ${result.error}, context: ${JSON.stringify(result.context)}`);
+        if (!result.success) {
+            this.sendUnauthorized(response, result.error ?? 'Authentication failed');
+            return false;
+        }
+        // Attach auth context to request
+        request.auth = result.context;
+        return true;
+    }
+    sendUnauthorized(response, message) {
+        response.statusCode = 401;
+        response.setHeader('Content-Type', 'application/json');
+        response.setHeader('WWW-Authenticate', 'Bearer, DPoP');
+        response.end(JSON.stringify({ error: 'Unauthorized', message }));
+    }
+}
+exports.AuthMiddleware = AuthMiddleware;
+//# sourceMappingURL=AuthMiddleware.js.map

package/dist/api/middleware/AuthMiddleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthMiddleware.js","sourceRoot":"","sources":["../../../src/api/middleware/AuthMiddleware.ts"],"names":[],"mappings":";;;AACA,iEAAqD;AAmBrD;;GAEG;AACH,MAAa,cAAc;IAKzB,YAAmB,OAA8B;QAJhC,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QAK3C,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;IACxD,CAAC;IAED;;OAEG;IACI,YAAY,CAAC,IAAY;QAC9B,0CAA0C;QAC1C,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC9C,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,OAAO,CAAC,OAA6B,EAAE,QAAwB;QAC1E,iCAAiC;QACjC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YACnC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,yBAAyB,CAAC,CAAC;YAC3D,OAAO,KAAK,CAAC;QACf,CAAC;QAED,yBAAyB;QACzB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAE9D,OAAO,CAAC,GAAG,CAAC,oBAAoB,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,eAAe,MAAM,CAAC,OAAO,YAAY,MAAM,CAAC,KAAK,cAAc,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAElK,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,MAAM,CAAC,KAAK,IAAI,uBAAuB,CAAC,CAAC;YACzE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,iCAAiC;QACjC,OAAO,CAAC,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,gBAAgB,CAAC,QAAwB,EAAE,OAAe;QAChE,QAAQ,CAAC,UAAU,GAAG,GAAG,CAAC;QAC1B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;QACvD,QAAQ,CAAC,SAAS,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAC;QACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IACnE,CAAC;CACF;AAnDD,wCAmDC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { Authenticator } from '../auth/Authenticator';\nimport type { AuthContext } from '../auth/AuthContext';\n\n/**\n * Extended request with auth context\n */\nexport interface AuthenticatedRequest extends IncomingMessage {\n  auth?: AuthContext;\n}\n\nexport interface AuthMiddlewareOptions {\n  authenticator: Authenticator;\n  /**\n   * Paths that do not require authentication\n   */\n  publicPaths?: string[];\n}\n\n/**\n * Middleware that handles authentication for API requests\n */\nexport class AuthMiddleware {\n  private readonly logger = getLoggerFor(this);\n  private readonly authenticator: Authenticator;\n  private readonly publicPaths: Set<string>;\n\n  public constructor(options: AuthMiddlewareOptions) {\n    this.authenticator = options.authenticator;\n    this.publicPaths = new Set(options.publicPaths ?? []);\n  }\n\n  /**\n   * Check if a path is public (does not require authentication)\n   */\n  public isPublicPath(path: string): boolean {\n    // Normalize path by removing query string\n    const normalizedPath = path.split('?')[0];\n    return this.publicPaths.has(normalizedPath);\n  }\n\n  /**\n   * Process the request, adding auth context if authenticated\n   * Returns true if request should continue, false if response was sent\n   */\n  public async process(request: AuthenticatedRequest, response: ServerResponse): Promise<boolean> {\n    // Check for authorization header\n    if (!request.headers.authorization) {\n      this.sendUnauthorized(response, 'Authentication required');\n      return false;\n    }\n\n    // Attempt authentication\n    const result = await this.authenticator.authenticate(request);\n\n    console.log(`[AuthMiddleware] ${request.method} ${request.url} - success: ${result.success}, error: ${result.error}, context: ${JSON.stringify(result.context)}`);\n\n    if (!result.success) {\n      this.sendUnauthorized(response, result.error ?? 'Authentication failed');\n      return false;\n    }\n\n    // Attach auth context to request\n    request.auth = result.context;\n    return true;\n  }\n\n  private sendUnauthorized(response: ServerResponse, message: string): void {\n    response.statusCode = 401;\n    response.setHeader('Content-Type', 'application/json');\n    response.setHeader('WWW-Authenticate', 'Bearer, DPoP');\n    response.end(JSON.stringify({ error: 'Unauthorized', message }));\n  }\n}\n"]}

package/dist/api/middleware/index.d.ts

@@ -0,0 +1 @@
+export * from './AuthMiddleware';

package/dist/api/middleware/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./AuthMiddleware"), exports);
+//# sourceMappingURL=index.js.map

package/dist/api/middleware/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/api/middleware/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,mDAAiC","sourcesContent":["export * from './AuthMiddleware';\n"]}

package/dist/api/models/model-provider.schema.d.ts

@@ -0,0 +1,12 @@
+export declare const modelProviderTable: import("drizzle-solid/dist/core/schema").PodTableWithColumns<import("drizzle-solid/dist/core/schema").ResolvedColumns<{
+    id: import("drizzle-solid/dist/core/schema").ColumnBuilder<"string", null, true, false>;
+    enabled: import("drizzle-solid/dist/core/schema").ColumnBuilder<"boolean", null, false, true>;
+    apiKey: import("drizzle-solid/dist/core/schema").ColumnBuilder<"string", null, false, false>;
+    baseUrl: import("drizzle-solid/dist/core/schema").ColumnBuilder<"string", null, false, false>;
+    proxy: import("drizzle-solid/dist/core/schema").ColumnBuilder<"string", null, false, false>;
+    models: import("drizzle-solid/dist/core/schema").ColumnBuilder<"array", "object", false, false>;
+    updatedAt: import("drizzle-solid/dist/core/schema").ColumnBuilder<"datetime", null, true, true>;
+}>>;
+export type ModelProviderRow = typeof modelProviderTable.$inferSelect;
+export type ModelProviderInsert = typeof modelProviderTable.$inferInsert;
+export type ModelProviderUpdate = typeof modelProviderTable.$inferUpdate;

package/dist/api/models/model-provider.schema.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.modelProviderTable = void 0;
+const drizzle_solid_1 = require("drizzle-solid");
+const namespaces_1 = require("./namespaces");
+exports.modelProviderTable = (0, drizzle_solid_1.podTable)('modelProviders', {
+    id: (0, drizzle_solid_1.string)('id').primaryKey().predicate(namespaces_1.LINQ.provider).notNull(),
+    enabled: (0, drizzle_solid_1.boolean)('enabled').predicate(namespaces_1.LINQ.status).default(false),
+    apiKey: (0, drizzle_solid_1.string)('apiKey').predicate(namespaces_1.LINQ.apiKey),
+    baseUrl: (0, drizzle_solid_1.string)('baseUrl').predicate(namespaces_1.LINQ.baseUrl),
+    proxy: (0, drizzle_solid_1.string)('proxy').predicate(namespaces_1.LINQ.proxy),
+    models: (0, drizzle_solid_1.object)('models').array().predicate(namespaces_1.LINQ.aiModels),
+    updatedAt: (0, drizzle_solid_1.timestamp)('updatedAt').predicate(namespaces_1.DCTerms.modified).notNull().defaultNow(),
+}, {
+    base: '/.data/model-providers/',
+    sparqlEndpoint: '/.data/model-providers/-/sparql',
+    type: namespaces_1.LINQ.ModelProvider,
+    namespace: namespaces_1.LINQ,
+    subjectTemplate: '{id}.ttl',
+});
+//# sourceMappingURL=model-provider.schema.js.map

package/dist/api/models/model-provider.schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"model-provider.schema.js","sourceRoot":"","sources":["../../../src/api/models/model-provider.schema.ts"],"names":[],"mappings":";;;AAAA,iDAA4E;AAC5E,6CAA4C;AAE/B,QAAA,kBAAkB,GAAG,IAAA,wBAAQ,EAAC,gBAAgB,EAAE;IAC3D,EAAE,EAAE,IAAA,sBAAM,EAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,SAAS,CAAC,iBAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE;IAChE,OAAO,EAAE,IAAA,uBAAO,EAAC,SAAS,CAAC,CAAC,SAAS,CAAC,iBAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IACjE,MAAM,EAAE,IAAA,sBAAM,EAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,iBAAI,CAAC,MAAM,CAAC;IAC/C,OAAO,EAAE,IAAA,sBAAM,EAAC,SAAS,CAAC,CAAC,SAAS,CAAC,iBAAI,CAAC,OAAO,CAAC;IAClD,KAAK,EAAE,IAAA,sBAAM,EAAC,OAAO,CAAC,CAAC,SAAS,CAAC,iBAAI,CAAC,KAAK,CAAC;IAC5C,MAAM,EAAE,IAAA,sBAAM,EAAC,QAAQ,CAAC,CAAC,KAAK,EAAE,CAAC,SAAS,CAAC,iBAAI,CAAC,QAAQ,CAAC;IACzD,SAAS,EAAE,IAAA,yBAAS,EAAC,WAAW,CAAC,CAAC,SAAS,CAAC,oBAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC,UAAU,EAAE;CACrF,EAAE;IACD,IAAI,EAAE,yBAAyB;IAC/B,cAAc,EAAE,iCAAiC;IACjD,IAAI,EAAE,iBAAI,CAAC,aAAa;IACxB,SAAS,EAAE,iBAAI;IACf,eAAe,EAAE,UAAU;CAC5B,CAAC,CAAA","sourcesContent":["import { boolean, object, podTable, string, timestamp } from 'drizzle-solid'\nimport { LINQ, DCTerms } from './namespaces'\n\nexport const modelProviderTable = podTable('modelProviders', {\n  id: string('id').primaryKey().predicate(LINQ.provider).notNull(),\n  enabled: boolean('enabled').predicate(LINQ.status).default(false),\n  apiKey: string('apiKey').predicate(LINQ.apiKey),\n  baseUrl: string('baseUrl').predicate(LINQ.baseUrl),\n  proxy: string('proxy').predicate(LINQ.proxy),\n  models: object('models').array().predicate(LINQ.aiModels),\n  updatedAt: timestamp('updatedAt').predicate(DCTerms.modified).notNull().defaultNow(),\n}, {\n  base: '/.data/model-providers/',\n  sparqlEndpoint: '/.data/model-providers/-/sparql',\n  type: LINQ.ModelProvider,\n  namespace: LINQ,\n  subjectTemplate: '{id}.ttl',\n})\n\nexport type ModelProviderRow = typeof modelProviderTable.$inferSelect\nexport type ModelProviderInsert = typeof modelProviderTable.$inferInsert\nexport type ModelProviderUpdate = typeof modelProviderTable.$inferUpdate\n"]}