@undefineds.co/xpod 0.1.6 → 0.2.0-preview.2

package/dist/api/handlers/ApiKeyHandler.js

@@ -70,21 +70,15 @@ function registerApiKeyRoutes(server, options) {
         const payload = body;
         // These come from CSS client credentials creation
         const clientId = payload.clientId;
-        const clientSecret = payload.clientSecret;
         const displayName = typeof payload.displayName === 'string' ? payload.displayName : undefined;
         if (typeof clientId !== 'string' || !clientId.trim()) {
             sendJson(response, 400, { error: 'clientId is required' });
             return;
         }
-        if (typeof clientSecret !== 'string' || !clientSecret.trim()) {
-            sendJson(response, 400, { error: 'clientSecret is required' });
-            return;
-        }
         try {
             // Use webId as account identifier
             await store.store({
                 clientId,
-                clientSecret,
                 webId,
                 accountId: webId,
                 displayName,

package/dist/api/handlers/ApiKeyHandler.js.map

@@ -1 +1 @@
-{"version":3,"file":"ApiKeyHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/ApiKeyHandler.ts"],"names":[],"mappings":";;AAoBA,oDAmIC;AAtJD,iEAAqD;AAIrD,qDAA4D;AAM5D;;;;;;;;GAQG;AACH,SAAgB,oBAAoB,CAAC,MAAiB,EAAE,OAA6B;IACnF,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,eAAe,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAE5B,MAAM,YAAY,GAAG,CAAC,OAA6B,EAAE,QAAwB,EAAW,EAAE;QACxF,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAC1B,IAAI,IAAI,IAAI,IAAA,yBAAW,EAAC,IAAI,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAChD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,0CAA0C,EAAE,CAAC,CAAC;YAC/E,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IAEF,sCAAsC;IACtC,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE;QAC1D,IAAI,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;YACpC,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAK,CAAC;QAC3B,MAAM,KAAK,GAAG,IAAA,sBAAQ,EAAC,IAAI,CAAC,CAAC;QAE7B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,kCAAkC;YAClC,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;YAC9C,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACrB,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,KAAK,EAAE,CAAC,CAAC,KAAK;oBACd,WAAW,EAAE,CAAC,CAAC,WAAW;oBAC1B,SAAS,EAAE,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE;iBACrC,CAAC,CAAC;aACJ,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;YAClD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,wFAAwF;IACxF,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE;QAC3D,IAAI,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;YACpC,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAK,CAAC;QAC3B,MAAM,KAAK,GAAG,IAAA,sBAAQ,EAAC,IAAI,CAAC,CAAC;QAE7B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC,CAAC;YACzE,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,IAA+B,CAAC;QAEhD,kDAAkD;QAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QAC1C,MAAM,WAAW,GAAG,OAAO,OAAO,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;QAE9F,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC;YACrD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC,CAAC;YAC3D,OAAO;QACT,CAAC;QAED,IAAI,OAAO,YAAY,KAAK,QAAQ,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;YAC7D,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;YAC/D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,kCAAkC;YAClC,MAAM,KAAK,CAAC,KAAK,CAAC;gBAChB,QAAQ;gBACR,YAAY;gBACZ,KAAK;gBACL,SAAS,EAAE,KAAK;gBAChB,WAAW;aACZ,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,kBAAkB,QAAQ,aAAa,KAAK,EAAE,CAAC,CAAC;YAE5D,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,QAAQ;gBACR,WAAW;gBACX,OAAO,EAAE,8BAA8B;aACxC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;YAClD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,gDAAgD;IAChD,MAAM,CAAC,MAAM,CAAC,oBAAoB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACtE,IAAI,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;YACpC,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAK,CAAC;QAC3B,MAAM,KAAK,GAAG,IAAA,sBAAQ,EAAC,IAAI,CAAC,CAAC;QAC7B,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAErD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,8CAA8C;YAC9C,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YACpD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,gCAAgC,EAAE,CAAC,CAAC;gBACrE,OAAO;YACT,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,mBAAmB,QAAQ,EAAE,CAAC,CAAC;YAC3C,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC3D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,KAAK,EAAE,CAAC,CAAC;YACnD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,OAA6B;IACvD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,SAAS,CAAC,CAAC;gBACnB,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,SAAS,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC","sourcesContent":["import type { ServerResponse } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { AuthenticatedRequest } from '../middleware/AuthMiddleware';\nimport type { ApiServer } from '../ApiServer';\nimport type { DrizzleClientCredentialsStore } from '../store/DrizzleClientCredentialsStore';\nimport { getWebId, isSolidAuth } from '../auth/AuthContext';\n\nexport interface ApiKeyHandlerOptions {\n  store: DrizzleClientCredentialsStore;\n}\n\n/**\n * Handler for API Key management\n * \n * GET    /v1/keys - List user's API keys\n * POST   /v1/keys - Store a new API key (after creating in CSS)\n * DELETE /v1/keys/:clientId - Delete an API key\n * \n * All endpoints require Solid Token (only frontend can manage keys)\n */\nexport function registerApiKeyRoutes(server: ApiServer, options: ApiKeyHandlerOptions): void {\n  const logger = getLoggerFor('ApiKeyHandler');\n  const store = options.store;\n\n  const rejectApiKey = (request: AuthenticatedRequest, response: ServerResponse): boolean => {\n    const auth = request.auth;\n    if (auth && isSolidAuth(auth) && auth.viaApiKey) {\n      sendJson(response, 403, { error: 'API key is not allowed for this endpoint' });\n      return true;\n    }\n    return false;\n  };\n\n  // GET /v1/keys - List user's API keys\n  server.get('/v1/keys', async (request, response, _params) => {\n    if (rejectApiKey(request, response)) {\n      return;\n    }\n    const auth = request.auth!;\n    const webId = getWebId(auth);\n\n    if (!webId) {\n      sendJson(response, 400, { error: 'Cannot determine user' });\n      return;\n    }\n\n    try {\n      // Use webId as account identifier\n      const keys = await store.listByAccount(webId);\n      sendJson(response, 200, {\n        keys: keys.map((k) => ({\n          clientId: k.clientId,\n          webId: k.webId,\n          displayName: k.displayName,\n          createdAt: k.createdAt.toISOString(),\n        })),\n      });\n    } catch (error) {\n      logger.error(`Failed to list API keys: ${error}`);\n      sendJson(response, 500, { error: 'Failed to list keys' });\n    }\n  });\n\n  // POST /v1/keys - Store API key (frontend calls this after creating credentials in CSS)\n  server.post('/v1/keys', async (request, response, _params) => {\n    if (rejectApiKey(request, response)) {\n      return;\n    }\n    const auth = request.auth!;\n    const webId = getWebId(auth);\n\n    if (!webId) {\n      sendJson(response, 400, { error: 'Cannot determine user' });\n      return;\n    }\n\n    const body = await readJsonBody(request);\n    if (!body || typeof body !== 'object') {\n      sendJson(response, 400, { error: 'Request body must be a JSON object' });\n      return;\n    }\n\n    const payload = body as Record<string, unknown>;\n\n    // These come from CSS client credentials creation\n    const clientId = payload.clientId;\n    const clientSecret = payload.clientSecret;\n    const displayName = typeof payload.displayName === 'string' ? payload.displayName : undefined;\n\n    if (typeof clientId !== 'string' || !clientId.trim()) {\n      sendJson(response, 400, { error: 'clientId is required' });\n      return;\n    }\n\n    if (typeof clientSecret !== 'string' || !clientSecret.trim()) {\n      sendJson(response, 400, { error: 'clientSecret is required' });\n      return;\n    }\n\n    try {\n      // Use webId as account identifier\n      await store.store({\n        clientId,\n        clientSecret,\n        webId,\n        accountId: webId,\n        displayName,\n      });\n\n      logger.info(`Stored API key ${clientId} for user ${webId}`);\n\n      sendJson(response, 201, {\n        clientId,\n        displayName,\n        message: 'API key stored successfully.',\n      });\n    } catch (error) {\n      logger.error(`Failed to store API key: ${error}`);\n      sendJson(response, 500, { error: 'Failed to store key' });\n    }\n  });\n\n  // DELETE /v1/keys/:clientId - Delete an API key\n  server.delete('/v1/keys/:clientId', async (request, response, params) => {\n    if (rejectApiKey(request, response)) {\n      return;\n    }\n    const auth = request.auth!;\n    const webId = getWebId(auth);\n    const clientId = decodeURIComponent(params.clientId);\n\n    if (!webId) {\n      sendJson(response, 400, { error: 'Cannot determine user' });\n      return;\n    }\n\n    try {\n      // Delete with webId check to ensure ownership\n      const deleted = await store.delete(clientId, webId);\n      if (!deleted) {\n        sendJson(response, 404, { error: 'Key not found or access denied' });\n        return;\n      }\n\n      logger.info(`Deleted API key ${clientId}`);\n      sendJson(response, 200, { status: 'deleted', clientId });\n    } catch (error) {\n      logger.error(`Failed to delete API key: ${error}`);\n      sendJson(response, 500, { error: 'Failed to delete key' });\n    }\n  });\n}\n\nasync function readJsonBody(request: AuthenticatedRequest): Promise<unknown> {\n  return new Promise((resolve, reject) => {\n    let data = '';\n    request.setEncoding('utf8');\n    request.on('data', (chunk: string) => {\n      data += chunk;\n    });\n    request.on('end', () => {\n      if (!data) {\n        resolve(undefined);\n        return;\n      }\n      try {\n        resolve(JSON.parse(data));\n      } catch {\n        resolve(undefined);\n      }\n    });\n    request.on('error', reject);\n  });\n}\n\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n  response.statusCode = status;\n  response.setHeader('Content-Type', 'application/json');\n  response.end(JSON.stringify(data));\n}"]}
+{"version":3,"file":"ApiKeyHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/ApiKeyHandler.ts"],"names":[],"mappings":";;AAoBA,oDA4HC;AA/ID,iEAAqD;AAIrD,qDAA4D;AAM5D;;;;;;;;GAQG;AACH,SAAgB,oBAAoB,CAAC,MAAiB,EAAE,OAA6B;IACnF,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,eAAe,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAE5B,MAAM,YAAY,GAAG,CAAC,OAA6B,EAAE,QAAwB,EAAW,EAAE;QACxF,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAC1B,IAAI,IAAI,IAAI,IAAA,yBAAW,EAAC,IAAI,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAChD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,0CAA0C,EAAE,CAAC,CAAC;YAC/E,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IAEF,sCAAsC;IACtC,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE;QAC1D,IAAI,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;YACpC,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAK,CAAC;QAC3B,MAAM,KAAK,GAAG,IAAA,sBAAQ,EAAC,IAAI,CAAC,CAAC;QAE7B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,kCAAkC;YAClC,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;YAC9C,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACrB,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,KAAK,EAAE,CAAC,CAAC,KAAK;oBACd,WAAW,EAAE,CAAC,CAAC,WAAW;oBAC1B,SAAS,EAAE,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE;iBACrC,CAAC,CAAC;aACJ,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;YAClD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,wFAAwF;IACxF,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE;QAC3D,IAAI,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;YACpC,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAK,CAAC;QAC3B,MAAM,KAAK,GAAG,IAAA,sBAAQ,EAAC,IAAI,CAAC,CAAC;QAE7B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC,CAAC;YACzE,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,IAA+B,CAAC;QAEhD,kDAAkD;QAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,MAAM,WAAW,GAAG,OAAO,OAAO,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;QAE9F,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC;YACrD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC,CAAC;YAC3D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,kCAAkC;YAClC,MAAM,KAAK,CAAC,KAAK,CAAC;gBAChB,QAAQ;gBACR,KAAK;gBACL,SAAS,EAAE,KAAK;gBAChB,WAAW;aACZ,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,kBAAkB,QAAQ,aAAa,KAAK,EAAE,CAAC,CAAC;YAE5D,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,QAAQ;gBACR,WAAW;gBACX,OAAO,EAAE,8BAA8B;aACxC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;YAClD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,gDAAgD;IAChD,MAAM,CAAC,MAAM,CAAC,oBAAoB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACtE,IAAI,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;YACpC,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAK,CAAC;QAC3B,MAAM,KAAK,GAAG,IAAA,sBAAQ,EAAC,IAAI,CAAC,CAAC;QAC7B,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAErD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,8CAA8C;YAC9C,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YACpD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,gCAAgC,EAAE,CAAC,CAAC;gBACrE,OAAO;YACT,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,mBAAmB,QAAQ,EAAE,CAAC,CAAC;YAC3C,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC3D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,KAAK,EAAE,CAAC,CAAC;YACnD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,OAA6B;IACvD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,SAAS,CAAC,CAAC;gBACnB,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,SAAS,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC","sourcesContent":["import type { ServerResponse } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { AuthenticatedRequest } from '../middleware/AuthMiddleware';\nimport type { ApiServer } from '../ApiServer';\nimport type { DrizzleClientCredentialsStore } from '../store/DrizzleClientCredentialsStore';\nimport { getWebId, isSolidAuth } from '../auth/AuthContext';\n\nexport interface ApiKeyHandlerOptions {\n  store: DrizzleClientCredentialsStore;\n}\n\n/**\n * Handler for API Key management\n * \n * GET    /v1/keys - List user's API keys\n * POST   /v1/keys - Store a new API key (after creating in CSS)\n * DELETE /v1/keys/:clientId - Delete an API key\n * \n * All endpoints require Solid Token (only frontend can manage keys)\n */\nexport function registerApiKeyRoutes(server: ApiServer, options: ApiKeyHandlerOptions): void {\n  const logger = getLoggerFor('ApiKeyHandler');\n  const store = options.store;\n\n  const rejectApiKey = (request: AuthenticatedRequest, response: ServerResponse): boolean => {\n    const auth = request.auth;\n    if (auth && isSolidAuth(auth) && auth.viaApiKey) {\n      sendJson(response, 403, { error: 'API key is not allowed for this endpoint' });\n      return true;\n    }\n    return false;\n  };\n\n  // GET /v1/keys - List user's API keys\n  server.get('/v1/keys', async (request, response, _params) => {\n    if (rejectApiKey(request, response)) {\n      return;\n    }\n    const auth = request.auth!;\n    const webId = getWebId(auth);\n\n    if (!webId) {\n      sendJson(response, 400, { error: 'Cannot determine user' });\n      return;\n    }\n\n    try {\n      // Use webId as account identifier\n      const keys = await store.listByAccount(webId);\n      sendJson(response, 200, {\n        keys: keys.map((k) => ({\n          clientId: k.clientId,\n          webId: k.webId,\n          displayName: k.displayName,\n          createdAt: k.createdAt.toISOString(),\n        })),\n      });\n    } catch (error) {\n      logger.error(`Failed to list API keys: ${error}`);\n      sendJson(response, 500, { error: 'Failed to list keys' });\n    }\n  });\n\n  // POST /v1/keys - Store API key (frontend calls this after creating credentials in CSS)\n  server.post('/v1/keys', async (request, response, _params) => {\n    if (rejectApiKey(request, response)) {\n      return;\n    }\n    const auth = request.auth!;\n    const webId = getWebId(auth);\n\n    if (!webId) {\n      sendJson(response, 400, { error: 'Cannot determine user' });\n      return;\n    }\n\n    const body = await readJsonBody(request);\n    if (!body || typeof body !== 'object') {\n      sendJson(response, 400, { error: 'Request body must be a JSON object' });\n      return;\n    }\n\n    const payload = body as Record<string, unknown>;\n\n    // These come from CSS client credentials creation\n    const clientId = payload.clientId;\n    const displayName = typeof payload.displayName === 'string' ? payload.displayName : undefined;\n\n    if (typeof clientId !== 'string' || !clientId.trim()) {\n      sendJson(response, 400, { error: 'clientId is required' });\n      return;\n    }\n\n    try {\n      // Use webId as account identifier\n      await store.store({\n        clientId,\n        webId,\n        accountId: webId,\n        displayName,\n      });\n\n      logger.info(`Stored API key ${clientId} for user ${webId}`);\n\n      sendJson(response, 201, {\n        clientId,\n        displayName,\n        message: 'API key stored successfully.',\n      });\n    } catch (error) {\n      logger.error(`Failed to store API key: ${error}`);\n      sendJson(response, 500, { error: 'Failed to store key' });\n    }\n  });\n\n  // DELETE /v1/keys/:clientId - Delete an API key\n  server.delete('/v1/keys/:clientId', async (request, response, params) => {\n    if (rejectApiKey(request, response)) {\n      return;\n    }\n    const auth = request.auth!;\n    const webId = getWebId(auth);\n    const clientId = decodeURIComponent(params.clientId);\n\n    if (!webId) {\n      sendJson(response, 400, { error: 'Cannot determine user' });\n      return;\n    }\n\n    try {\n      // Delete with webId check to ensure ownership\n      const deleted = await store.delete(clientId, webId);\n      if (!deleted) {\n        sendJson(response, 404, { error: 'Key not found or access denied' });\n        return;\n      }\n\n      logger.info(`Deleted API key ${clientId}`);\n      sendJson(response, 200, { status: 'deleted', clientId });\n    } catch (error) {\n      logger.error(`Failed to delete API key: ${error}`);\n      sendJson(response, 500, { error: 'Failed to delete key' });\n    }\n  });\n}\n\nasync function readJsonBody(request: AuthenticatedRequest): Promise<unknown> {\n  return new Promise((resolve, reject) => {\n    let data = '';\n    request.setEncoding('utf8');\n    request.on('data', (chunk: string) => {\n      data += chunk;\n    });\n    request.on('end', () => {\n      if (!data) {\n        resolve(undefined);\n        return;\n      }\n      try {\n        resolve(JSON.parse(data));\n      } catch {\n        resolve(undefined);\n      }\n    });\n    request.on('error', reject);\n  });\n}\n\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n  response.statusCode = status;\n  response.setHeader('Content-Type', 'application/json');\n  response.end(JSON.stringify(data));\n}"]}

package/dist/api/handlers/EdgeNodeSignalHandler.d.ts

@@ -0,0 +1,17 @@
+import type { ApiServer } from '../ApiServer';
+import type { EdgeNodeRepository } from '../../identity/drizzle/EdgeNodeRepository';
+import type { EdgeNodeDnsCoordinator } from '../../edge/EdgeNodeDnsCoordinator';
+import type { EdgeNodeHealthProbeService } from '../../edge/EdgeNodeHealthProbeService';
+export interface EdgeNodeSignalHandlerOptions {
+    repository: EdgeNodeRepository;
+    dnsCoordinator?: EdgeNodeDnsCoordinator;
+    healthProbeService?: EdgeNodeHealthProbeService;
+}
+/**
+ * Handler for edge node signaling API
+ *
+ * POST /v1/signal - Edge node heartbeat/signal
+ *
+ * Requires API authentication and a nodeId in the request body.
+ */
+export declare function registerEdgeNodeSignalRoutes(server: ApiServer, options: EdgeNodeSignalHandlerOptions): void;

package/dist/api/handlers/EdgeNodeSignalHandler.js

@@ -0,0 +1,171 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerEdgeNodeSignalRoutes = registerEdgeNodeSignalRoutes;
+const global_logger_factory_1 = require("global-logger-factory");
+const AuthContext_1 = require("../auth/AuthContext");
+/**
+ * Handler for edge node signaling API
+ *
+ * POST /v1/signal - Edge node heartbeat/signal
+ *
+ * Requires API authentication and a nodeId in the request body.
+ */
+function registerEdgeNodeSignalRoutes(server, options) {
+    const logger = (0, global_logger_factory_1.getLoggerFor)('EdgeNodeSignalHandler');
+    const repo = options.repository;
+    const { dnsCoordinator, healthProbeService } = options;
+    // POST /v1/signal - authenticated via nodeToken, API key, or Solid token
+    server.post('/v1/signal', async (request, response, _params) => {
+        const auth = request.auth;
+        if (!auth) {
+            sendJson(response, 401, { error: 'Authentication required' });
+            return;
+        }
+        const body = await readJsonBody(request);
+        if (!body || typeof body !== 'object') {
+            sendJson(response, 400, { error: 'Request body must be a JSON object' });
+            return;
+        }
+        const payload = body;
+        // Resolve nodeId based on auth type
+        let nodeId;
+        if ((0, AuthContext_1.isNodeAuth)(auth)) {
+            // nodeToken 认证：nodeId 来自认证结果，无需 owner 检查
+            nodeId = (0, AuthContext_1.getNodeId)(auth);
+        }
+        else {
+            // WebID 认证：从 body 读 nodeId，检查 owner
+            const webId = (0, AuthContext_1.getWebId)(auth);
+            if (!webId) {
+                sendJson(response, 400, { error: 'Cannot determine user' });
+                return;
+            }
+            nodeId = typeof payload.nodeId === 'string' ? payload.nodeId.trim() : '';
+            if (!nodeId) {
+                sendJson(response, 400, { error: 'nodeId is required' });
+                return;
+            }
+            try {
+                const owner = await repo.getNodeOwner(nodeId);
+                if (!owner) {
+                    sendJson(response, 404, { error: 'Node not found' });
+                    return;
+                }
+                if (owner !== webId) {
+                    sendJson(response, 403, { error: 'Access denied' });
+                    return;
+                }
+            }
+            catch (error) {
+                logger.error(`Failed to validate node access: ${error}`);
+                sendJson(response, 500, { error: 'Failed to validate node access' });
+                return;
+            }
+        }
+        const now = new Date();
+        try {
+            // Get current metadata to merge
+            const existing = await repo.getNodeMetadata(nodeId);
+            let metadata = mergeMetadata(existing?.metadata ?? {}, payload, now);
+            // 从 DB connectivity 列注入 subdomain/ipv4，供 dnsCoordinator 使用
+            const connectivityInfo = await repo.getNodeConnectivityInfo(nodeId);
+            if (connectivityInfo) {
+                if (connectivityInfo.subdomain && !metadata.subdomain) {
+                    metadata.subdomain = connectivityInfo.subdomain;
+                }
+                if (connectivityInfo.ipv4 && !metadata.ipv4) {
+                    metadata.ipv4 = connectivityInfo.ipv4;
+                }
+                if (connectivityInfo.connectivityStatus && !metadata.connectivityStatus) {
+                    metadata.connectivityStatus = connectivityInfo.connectivityStatus;
+                }
+            }
+            // Update heartbeat
+            await repo.updateNodeHeartbeat(nodeId, metadata, now);
+            // Update pods if provided
+            if (Array.isArray(payload.pods)) {
+                await repo.replaceNodePods(nodeId, payload.pods);
+            }
+            // 健康检查 → DNS 同步
+            if (healthProbeService) {
+                await healthProbeService.probeNode(nodeId);
+                // 健康检查结果写入了 DB metadata，重新读取
+                const freshMeta = await repo.getNodeMetadata(nodeId);
+                if (freshMeta?.metadata) {
+                    const reachability = freshMeta.metadata.reachability;
+                    if (reachability) {
+                        metadata.reachability = reachability;
+                        const status = reachability.status;
+                        if (typeof status === 'string') {
+                            metadata.connectivityStatus = status === 'unreachable' ? 'unreachable' : 'reachable';
+                        }
+                    }
+                }
+            }
+            if (dnsCoordinator) {
+                await dnsCoordinator.synchronize(nodeId, metadata);
+            }
+            logger.debug(`Signal received from node ${nodeId}`);
+            sendJson(response, 200, {
+                status: 'ok',
+                nodeId,
+                lastSeen: now.toISOString(),
+                metadata,
+            });
+        }
+        catch (error) {
+            logger.error(`Signal handling error for node ${nodeId}:`, error);
+            if (error instanceof Error) {
+                logger.error(`Stack trace: ${error.stack}`);
+            }
+            sendJson(response, 500, { error: 'Failed to process signal' });
+        }
+    });
+}
+function mergeMetadata(previous, payload, now) {
+    const next = { ...previous };
+    next.lastHeartbeatAt = now.toISOString();
+    const copyIfPresent = (key) => {
+        if (payload[key] !== undefined) {
+            next[key] = payload[key];
+        }
+    };
+    copyIfPresent('baseUrl');
+    copyIfPresent('publicAddress');
+    copyIfPresent('hostname');
+    copyIfPresent('ipv4');
+    copyIfPresent('ipv6');
+    copyIfPresent('version');
+    copyIfPresent('status');
+    copyIfPresent('capabilities');
+    copyIfPresent('metrics');
+    return next;
+}
+async function readJsonBody(request) {
+    return new Promise((resolve, reject) => {
+        let data = '';
+        request.setEncoding('utf8');
+        request.on('data', (chunk) => {
+            data += chunk;
+        });
+        request.on('end', () => {
+            if (!data) {
+                resolve(undefined);
+                return;
+            }
+            try {
+                resolve(JSON.parse(data));
+            }
+            catch {
+                resolve(undefined);
+            }
+        });
+        request.on('error', reject);
+    });
+}
+function sendJson(response, status, data) {
+    response.statusCode = status;
+    response.setHeader('Content-Type', 'application/json');
+    response.end(JSON.stringify(data));
+}
+//# sourceMappingURL=EdgeNodeSignalHandler.js.map

package/dist/api/handlers/EdgeNodeSignalHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"EdgeNodeSignalHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/EdgeNodeSignalHandler.ts"],"names":[],"mappings":";;AAsBA,oEAyHC;AA9ID,iEAAqD;AAMrD,qDAAsE;AAQtE;;;;;;GAMG;AACH,SAAgB,4BAA4B,CAAC,MAAiB,EAAE,OAAqC;IACnG,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,uBAAuB,CAAC,CAAC;IACrD,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC;IAChC,MAAM,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC;IAEvD,yEAAyE;IACzE,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE;QAC7D,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAC1B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;YAC9D,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC,CAAC;YACzE,OAAO;QACT,CAAC;QACD,MAAM,OAAO,GAAG,IAA+B,CAAC;QAEhD,oCAAoC;QACpC,IAAI,MAAc,CAAC;QAEnB,IAAI,IAAA,wBAAU,EAAC,IAAI,CAAC,EAAE,CAAC;YACrB,yCAAyC;YACzC,MAAM,GAAG,IAAA,uBAAS,EAAC,IAAI,CAAE,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,oCAAoC;YACpC,MAAM,KAAK,GAAG,IAAA,sBAAQ,EAAC,IAAI,CAAC,CAAC;YAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;gBAC5D,OAAO;YACT,CAAC;YACD,MAAM,GAAG,OAAO,OAAO,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACzE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,CAAC;gBACzD,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;gBAC9C,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;oBACrD,OAAO;gBACT,CAAC;gBACD,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;oBACpB,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;oBACpD,OAAO;gBACT,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,mCAAmC,KAAK,EAAE,CAAC,CAAC;gBACzD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,gCAAgC,EAAE,CAAC,CAAC;gBACrE,OAAO;YACT,CAAC;QACH,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QAEvB,IAAI,CAAC;YACH,gCAAgC;YAChC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;YACpD,IAAI,QAAQ,GAAG,aAAa,CAAC,QAAQ,EAAE,QAAQ,IAAI,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;YAErE,2DAA2D;YAC3D,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;YACpE,IAAI,gBAAgB,EAAE,CAAC;gBACrB,IAAI,gBAAgB,CAAC,SAAS,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;oBACtD,QAAQ,CAAC,SAAS,GAAG,gBAAgB,CAAC,SAAS,CAAC;gBAClD,CAAC;gBACD,IAAI,gBAAgB,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;oBAC5C,QAAQ,CAAC,IAAI,GAAG,gBAAgB,CAAC,IAAI,CAAC;gBACxC,CAAC;gBACD,IAAI,gBAAgB,CAAC,kBAAkB,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,CAAC;oBACxE,QAAQ,CAAC,kBAAkB,GAAG,gBAAgB,CAAC,kBAAkB,CAAC;gBACpE,CAAC;YACH,CAAC;YAED,mBAAmB;YACnB,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;YAEtD,0BAA0B;YAC1B,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,IAAgB,CAAC,CAAC;YAC/D,CAAC;YAED,gBAAgB;YAChB,IAAI,kBAAkB,EAAE,CAAC;gBACvB,MAAM,kBAAkB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;gBAC3C,6BAA6B;gBAC7B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;gBACrD,IAAI,SAAS,EAAE,QAAQ,EAAE,CAAC;oBACxB,MAAM,YAAY,GAAI,SAAS,CAAC,QAAoC,CAAC,YAAY,CAAC;oBAClF,IAAI,YAAY,EAAE,CAAC;wBACjB,QAAQ,CAAC,YAAY,GAAG,YAAY,CAAC;wBACrC,MAAM,MAAM,GAAI,YAAwC,CAAC,MAAM,CAAC;wBAChE,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;4BAC/B,QAAQ,CAAC,kBAAkB,GAAG,MAAM,KAAK,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC;wBACvF,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,cAAc,EAAE,CAAC;gBACnB,MAAM,cAAc,CAAC,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACrD,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,6BAA6B,MAAM,EAAE,CAAC,CAAC;YAEpD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,MAAM,EAAE,IAAI;gBACZ,MAAM;gBACN,QAAQ,EAAE,GAAG,CAAC,WAAW,EAAE;gBAC3B,QAAQ;aACT,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,kCAAkC,MAAM,GAAG,EAAE,KAAK,CAAC,CAAC;YACjE,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC3B,MAAM,CAAC,KAAK,CAAC,gBAAgB,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;YAC9C,CAAC;YACD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;QACjE,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,aAAa,CACpB,QAAiC,EACjC,OAAgC,EAChC,GAAS;IAET,MAAM,IAAI,GAA4B,EAAE,GAAG,QAAQ,EAAE,CAAC;IACtD,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAEzC,MAAM,aAAa,GAAG,CAAC,GAAW,EAAE,EAAE;QACpC,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;YAC/B,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC,CAAC;IAEF,aAAa,CAAC,SAAS,CAAC,CAAC;IACzB,aAAa,CAAC,eAAe,CAAC,CAAC;IAC/B,aAAa,CAAC,UAAU,CAAC,CAAC;IAC1B,aAAa,CAAC,MAAM,CAAC,CAAC;IACtB,aAAa,CAAC,MAAM,CAAC,CAAC;IACtB,aAAa,CAAC,SAAS,CAAC,CAAC;IACzB,aAAa,CAAC,QAAQ,CAAC,CAAC;IACxB,aAAa,CAAC,cAAc,CAAC,CAAC;IAC9B,aAAa,CAAC,SAAS,CAAC,CAAC;IAEzB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,OAA6B;IACvD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,SAAS,CAAC,CAAC;gBACnB,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,SAAS,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC","sourcesContent":["import type { ServerResponse } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { AuthenticatedRequest } from '../middleware/AuthMiddleware';\nimport type { ApiServer } from '../ApiServer';\nimport type { EdgeNodeRepository } from '../../identity/drizzle/EdgeNodeRepository';\nimport type { EdgeNodeDnsCoordinator } from '../../edge/EdgeNodeDnsCoordinator';\nimport type { EdgeNodeHealthProbeService } from '../../edge/EdgeNodeHealthProbeService';\nimport { isNodeAuth, getNodeId, getWebId } from '../auth/AuthContext';\n\nexport interface EdgeNodeSignalHandlerOptions {\n  repository: EdgeNodeRepository;\n  dnsCoordinator?: EdgeNodeDnsCoordinator;\n  healthProbeService?: EdgeNodeHealthProbeService;\n}\n\n/**\n * Handler for edge node signaling API\n *\n * POST /v1/signal - Edge node heartbeat/signal\n *\n * Requires API authentication and a nodeId in the request body.\n */\nexport function registerEdgeNodeSignalRoutes(server: ApiServer, options: EdgeNodeSignalHandlerOptions): void {\n  const logger = getLoggerFor('EdgeNodeSignalHandler');\n  const repo = options.repository;\n  const { dnsCoordinator, healthProbeService } = options;\n\n  // POST /v1/signal - authenticated via nodeToken, API key, or Solid token\n  server.post('/v1/signal', async (request, response, _params) => {\n    const auth = request.auth;\n    if (!auth) {\n      sendJson(response, 401, { error: 'Authentication required' });\n      return;\n    }\n\n    const body = await readJsonBody(request);\n    if (!body || typeof body !== 'object') {\n      sendJson(response, 400, { error: 'Request body must be a JSON object' });\n      return;\n    }\n    const payload = body as Record<string, unknown>;\n\n    // Resolve nodeId based on auth type\n    let nodeId: string;\n\n    if (isNodeAuth(auth)) {\n      // nodeToken 认证：nodeId 来自认证结果，无需 owner 检查\n      nodeId = getNodeId(auth)!;\n    } else {\n      // WebID 认证：从 body 读 nodeId，检查 owner\n      const webId = getWebId(auth);\n      if (!webId) {\n        sendJson(response, 400, { error: 'Cannot determine user' });\n        return;\n      }\n      nodeId = typeof payload.nodeId === 'string' ? payload.nodeId.trim() : '';\n      if (!nodeId) {\n        sendJson(response, 400, { error: 'nodeId is required' });\n        return;\n      }\n      try {\n        const owner = await repo.getNodeOwner(nodeId);\n        if (!owner) {\n          sendJson(response, 404, { error: 'Node not found' });\n          return;\n        }\n        if (owner !== webId) {\n          sendJson(response, 403, { error: 'Access denied' });\n          return;\n        }\n      } catch (error) {\n        logger.error(`Failed to validate node access: ${error}`);\n        sendJson(response, 500, { error: 'Failed to validate node access' });\n        return;\n      }\n    }\n\n    const now = new Date();\n\n    try {\n      // Get current metadata to merge\n      const existing = await repo.getNodeMetadata(nodeId);\n      let metadata = mergeMetadata(existing?.metadata ?? {}, payload, now);\n\n      // 从 DB connectivity 列注入 subdomain/ipv4，供 dnsCoordinator 使用\n      const connectivityInfo = await repo.getNodeConnectivityInfo(nodeId);\n      if (connectivityInfo) {\n        if (connectivityInfo.subdomain && !metadata.subdomain) {\n          metadata.subdomain = connectivityInfo.subdomain;\n        }\n        if (connectivityInfo.ipv4 && !metadata.ipv4) {\n          metadata.ipv4 = connectivityInfo.ipv4;\n        }\n        if (connectivityInfo.connectivityStatus && !metadata.connectivityStatus) {\n          metadata.connectivityStatus = connectivityInfo.connectivityStatus;\n        }\n      }\n\n      // Update heartbeat\n      await repo.updateNodeHeartbeat(nodeId, metadata, now);\n\n      // Update pods if provided\n      if (Array.isArray(payload.pods)) {\n        await repo.replaceNodePods(nodeId, payload.pods as string[]);\n      }\n\n      // 健康检查 → DNS 同步\n      if (healthProbeService) {\n        await healthProbeService.probeNode(nodeId);\n        // 健康检查结果写入了 DB metadata，重新读取\n        const freshMeta = await repo.getNodeMetadata(nodeId);\n        if (freshMeta?.metadata) {\n          const reachability = (freshMeta.metadata as Record<string, unknown>).reachability;\n          if (reachability) {\n            metadata.reachability = reachability;\n            const status = (reachability as Record<string, unknown>).status;\n            if (typeof status === 'string') {\n              metadata.connectivityStatus = status === 'unreachable' ? 'unreachable' : 'reachable';\n            }\n          }\n        }\n      }\n\n      if (dnsCoordinator) {\n        await dnsCoordinator.synchronize(nodeId, metadata);\n      }\n\n      logger.debug(`Signal received from node ${nodeId}`);\n\n      sendJson(response, 200, {\n        status: 'ok',\n        nodeId,\n        lastSeen: now.toISOString(),\n        metadata,\n      });\n    } catch (error) {\n      logger.error(`Signal handling error for node ${nodeId}:`, error);\n      if (error instanceof Error) {\n        logger.error(`Stack trace: ${error.stack}`);\n      }\n      sendJson(response, 500, { error: 'Failed to process signal' });\n    }\n  });\n}\n\nfunction mergeMetadata(\n  previous: Record<string, unknown>,\n  payload: Record<string, unknown>,\n  now: Date,\n): Record<string, unknown> {\n  const next: Record<string, unknown> = { ...previous };\n  next.lastHeartbeatAt = now.toISOString();\n\n  const copyIfPresent = (key: string) => {\n    if (payload[key] !== undefined) {\n      next[key] = payload[key];\n    }\n  };\n\n  copyIfPresent('baseUrl');\n  copyIfPresent('publicAddress');\n  copyIfPresent('hostname');\n  copyIfPresent('ipv4');\n  copyIfPresent('ipv6');\n  copyIfPresent('version');\n  copyIfPresent('status');\n  copyIfPresent('capabilities');\n  copyIfPresent('metrics');\n\n  return next;\n}\n\nasync function readJsonBody(request: AuthenticatedRequest): Promise<unknown> {\n  return new Promise((resolve, reject) => {\n    let data = '';\n    request.setEncoding('utf8');\n    request.on('data', (chunk: string) => {\n      data += chunk;\n    });\n    request.on('end', () => {\n      if (!data) {\n        resolve(undefined);\n        return;\n      }\n      try {\n        resolve(JSON.parse(data));\n      } catch {\n        resolve(undefined);\n      }\n    });\n    request.on('error', reject);\n  });\n}\n\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n  response.statusCode = status;\n  response.setHeader('Content-Type', 'application/json');\n  response.end(JSON.stringify(data));\n}\n"]}

package/dist/api/handlers/PodManagementHandler.d.ts

@@ -26,11 +26,12 @@ export interface DeletePodResponse {
  * Pod Management Handler
  *
  * SP (Storage Provider) 端供 IdP 调用的 API。
- * 用于创建/删除 Pod 目录。
+ * 用于创建/删除/查询 Pod 目录。
  *
- * 端点:
- * - POST /api/v1/pods - 创建 Pod
- * - DELETE /api/v1/pods/:podName - 删除 Pod
+ * 端点 (Solid Storage Provision Protocol):
+ * - POST   /provision/pods           - 创建 Pod
+ * - GET    /provision/pods/:podName  - 查询 Pod
+ * - DELETE /provision/pods/:podName  - 删除 Pod
  *
  * 认证:
  * - 使用 IdP service token (Bearer)

package/dist/api/handlers/PodManagementHandler.js

@@ -29,11 +29,12 @@ const global_logger_factory_1 = require("global-logger-factory");
  * Pod Management Handler
  *
  * SP (Storage Provider) 端供 IdP 调用的 API。
- * 用于创建/删除 Pod 目录。
+ * 用于创建/删除/查询 Pod 目录。
  *
- * 端点:
- * - POST /api/v1/pods - 创建 Pod
- * - DELETE /api/v1/pods/:podName - 删除 Pod
+ * 端点 (Solid Storage Provision Protocol):
+ * - POST   /provision/pods           - 创建 Pod
+ * - GET    /provision/pods/:podName  - 查询 Pod
+ * - DELETE /provision/pods/:podName  - 删除 Pod
  *
  * 认证:
  * - 使用 IdP service token (Bearer)
@@ -63,7 +64,7 @@ function registerPodManagementRoutes(server, options) {
         return podNameRegex.test(podName);
     }
     /**
-     * POST /api/v1/pods
+     * POST /provision/pods
      *
      * 创建 Pod 目录
      *
@@ -78,7 +79,7 @@ function registerPodManagementRoutes(server, options) {
      *   401: { error: "Unauthorized" }
      *   409: { error: "Pod already exists" }
      */
-    server.post('/api/v1/pods', async (request, response) => {
+    server.post('/provision/pods', async (request, response) => {
         // 1. 认证
         if (!await authenticate(request)) {
             sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });
@@ -135,7 +136,7 @@ function registerPodManagementRoutes(server, options) {
         }
     }, { public: true }); // Service token auth handled internally
     /**
-     * DELETE /api/v1/pods/:podName
+     * DELETE /provision/pods/:podName
      *
      * 删除 Pod 目录
      *
@@ -147,7 +148,7 @@ function registerPodManagementRoutes(server, options) {
      *   401: { error: "Unauthorized" }
      *   404: { error: "Pod not found" }
      */
-    server.delete('/api/v1/pods/:podName', async (request, response, params) => {
+    server.delete('/provision/pods/:podName', async (request, response, params) => {
         // 1. 认证
         if (!await authenticate(request)) {
             sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });
@@ -188,11 +189,11 @@ function registerPodManagementRoutes(server, options) {
         }
     }, { public: true });
     /**
-     * GET /api/v1/pods/:podName
+     * GET /provision/pods/:podName
      *
      * 获取 Pod 信息（存在性检查）
      */
-    server.get('/api/v1/pods/:podName', async (request, response, params) => {
+    server.get('/provision/pods/:podName', async (request, response, params) => {
         // 1. 认证
         if (!await authenticate(request)) {
             sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });

package/dist/api/handlers/PodManagementHandler.js.map

@@ -1 +1 @@
-{"version":3,"file":"PodManagementHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/PodManagementHandler.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,kEAyMC;AArPD,iEAAqD;AA8BrD;;;;;;;;;;;;;GAaG;AACH,SAAgB,2BAA2B,CACzC,MAAiB,EACjB,OAAoC;IAEpC,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,sBAAsB,CAAC,CAAC;IACpD,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,YAAY,GAAG,kBAAkB,EAAE,GAAG,OAAO,CAAC;IAEnF;;OAEG;IACH,KAAK,UAAU,YAAY,CAAC,OAAwB;QAClD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QACjD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAClC,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,SAAS,eAAe,CAAC,OAAe;QACtC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC1D,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE;QACtD,QAAQ;QACR,IAAI,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAC;YAChG,OAAO;QACT,CAAC;QAED,WAAW;QACX,IAAI,IAAsB,CAAC;QAC3B,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAqB,CAAC;QACzD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;YAChF,OAAO;QACT,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,IAAI,CAAC;QAE3C,eAAe;QACf,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,KAAK,EAAE,aAAa;gBACpB,OAAO,EAAE,qBAAqB,OAAO,gBAAgB,YAAY,CAAC,QAAQ,EAAE,EAAE;aAC/E,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,aAAa;QACb,MAAM,OAAO,GAAG,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;QACxC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,MAAM,EAAE,CAAC;gBACX,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,OAAO,iBAAiB,EAAE,CAAC,CAAC;gBACzF,OAAO;YACT,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,iCAAkC,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC,CAAC;YACtG,OAAO;QACT,CAAC;QAED,eAAe;QACf,IAAI,CAAC;YACH,MAAM,kBAAkB,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YACpD,MAAM,CAAC,IAAI,CAAC,gBAAgB,OAAO,OAAO,OAAO,EAAE,CAAC,CAAC;YAErD,0BAA0B;YAC1B,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,CAAC;YACjD,MAAM,MAAM,GAAG,WAAW,IAAI,IAAI,OAAO,GAAG,CAAC;YAE7C,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,OAAO,EAAE,IAAI;gBACb,MAAM;gBACN,OAAO,EAAE,OAAO,OAAO,uBAAuB;aAC/C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yBAA0B,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAClE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,wCAAwC;IAE9D;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,MAAM,CAAC,uBAAuB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACzE,QAAQ;QACR,IAAI,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAC;YAChG,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnD,eAAe;QACf,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,qBAAqB,OAAO,EAAE,EAAE,CAAC,CAAC;YAC3F,OAAO;QACT,CAAC;QAED,YAAY;QACZ,MAAM,OAAO,GAAG,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;QACxC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,OAAO,YAAY,EAAE,CAAC,CAAC;gBACrF,OAAO;YACT,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,iCAAkC,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC,CAAC;YACtG,OAAO;QACT,CAAC;QAED,eAAe;QACf,IAAI,CAAC;YACH,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,gBAAgB,OAAO,EAAE,CAAC,CAAC;YAEvC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,OAAO,OAAO,uBAAuB;aAC/C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yBAA0B,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAClE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB;;;;OAIG;IACH,MAAM,CAAC,GAAG,CAAC,uBAAuB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACtE,QAAQ;QACR,IAAI,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAC;YAChG,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;QAExC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,OAAO,YAAY,EAAE,CAAC,CAAC;gBACrF,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,CAAC;YACjD,MAAM,MAAM,GAAG,WAAW,IAAI,IAAI,OAAO,GAAG,CAAC;YAE7C,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,MAAM,EAAE,IAAI;gBACZ,OAAO;gBACP,MAAM;gBACN,WAAW,EAAE,OAAO;aACrB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,2BAA4B,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YACpE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;QACjG,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB,MAAM,CAAC,IAAI,CAAC,kDAAkD,OAAO,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,YAAY,CAAC,OAAwB;IAClD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,EAAE,CAAC,CAAC;gBACZ,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,UAAU,CAAC,IAAY;IACpC,MAAM,EAAE,IAAI,EAAE,GAAG,wDAAa,kBAAkB,GAAC,CAAC;IAClD,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAC/B,OAAe,EACf,gBAAyC;IAEzC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,wDAAa,kBAAkB,GAAC,CAAC;IAC9D,MAAM,EAAE,IAAI,EAAE,GAAG,wDAAa,WAAW,GAAC,CAAC;IAE3C,OAAO;IACP,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,SAAS;IACT,IAAI,gBAAgB,EAAE,CAAC;QACrB,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACzC,MAAM,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAAC,OAAe;IAC/C,MAAM,EAAE,EAAE,EAAE,GAAG,wDAAa,kBAAkB,GAAC,CAAC;IAChD,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AACtD,CAAC","sourcesContent":["import type { ServerResponse, IncomingMessage } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { ApiServer } from '../ApiServer';\n\nexport interface PodManagementHandlerOptions {\n  /** Pod 存储根目录 */\n  rootDir: string;\n  /** 验证 IdP service token */\n  verifyServiceToken: (token: string) => Promise<boolean>;\n  /** 可选：限制允许的 pod 名称正则 */\n  podNameRegex?: RegExp;\n}\n\nexport interface CreatePodRequest {\n  /** Pod 名称（通常是用户名） */\n  podName: string;\n  /** 可选：初始资源 */\n  initialResources?: Record<string, string>;\n}\n\nexport interface CreatePodResponse {\n  success: boolean;\n  podUrl: string;\n  message: string;\n}\n\nexport interface DeletePodResponse {\n  success: boolean;\n  message: string;\n}\n\n/**\n * Pod Management Handler\n *\n * SP (Storage Provider) 端供 IdP 调用的 API。\n * 用于创建/删除 Pod 目录。\n *\n * 端点:\n * - POST /api/v1/pods - 创建 Pod\n * - DELETE /api/v1/pods/:podName - 删除 Pod\n *\n * 认证:\n * - 使用 IdP service token (Bearer)\n * - 验证 token 是否来自信任的 IdP\n */\nexport function registerPodManagementRoutes(\n  server: ApiServer,\n  options: PodManagementHandlerOptions\n): void {\n  const logger = getLoggerFor('PodManagementHandler');\n  const { rootDir, verifyServiceToken, podNameRegex = /^[a-zA-Z0-9_-]+$/ } = options;\n\n  /**\n   * 验证 service token\n   */\n  async function authenticate(request: IncomingMessage): Promise<boolean> {\n    const authHeader = request.headers.authorization;\n    if (!authHeader || !authHeader.startsWith('Bearer ')) {\n      return false;\n    }\n    const token = authHeader.slice(7);\n    return verifyServiceToken(token);\n  }\n\n  /**\n   * 验证 pod 名称\n   */\n  function validatePodName(podName: string): boolean {\n    if (!podName || podName.length < 1 || podName.length > 64) {\n      return false;\n    }\n    return podNameRegex.test(podName);\n  }\n\n  /**\n   * POST /api/v1/pods\n   *\n   * 创建 Pod 目录\n   *\n   * Request:\n   *   Authorization: Bearer {service_token}\n   *   Content-Type: application/json\n   *   Body: { podName: \"alice\", initialResources?: {...} }\n   *\n   * Response:\n   *   201: { success: true, podUrl: \"https://node1.pods.site/alice/\" }\n   *   400: { error: \"Invalid pod name\" }\n   *   401: { error: \"Unauthorized\" }\n   *   409: { error: \"Pod already exists\" }\n   */\n  server.post('/api/v1/pods', async (request, response) => {\n    // 1. 认证\n    if (!await authenticate(request)) {\n      sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });\n      return;\n    }\n\n    // 2. 解析请求体\n    let body: CreatePodRequest;\n    try {\n      body = await readJsonBody(request) as CreatePodRequest;\n    } catch (error) {\n      sendJson(response, 400, { error: 'Bad Request', message: 'Invalid JSON body' });\n      return;\n    }\n\n    const { podName, initialResources } = body;\n\n    // 3. 验证 pod 名称\n    if (!validatePodName(podName)) {\n      sendJson(response, 400, {\n        error: 'Bad Request',\n        message: `Invalid pod name: ${podName}. Must match ${podNameRegex.toString()}`\n      });\n      return;\n    }\n\n    // 4. 检查是否已存在\n    const podPath = `${rootDir}/${podName}`;\n    try {\n      const exists = await fileExists(podPath);\n      if (exists) {\n        sendJson(response, 409, { error: 'Conflict', message: `Pod ${podName} already exists` });\n        return;\n      }\n    } catch (error) {\n      logger.error(`Error checking pod existence: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to check pod existence' });\n      return;\n    }\n\n    // 5. 创建 Pod 目录\n    try {\n      await createPodDirectory(podPath, initialResources);\n      logger.info(`Created pod: ${podName} at ${podPath}`);\n\n      // 构建 pod URL (基于请求的 host)\n      const host = request.headers.host || 'localhost';\n      const podUrl = `https://${host}/${podName}/`;\n\n      sendJson(response, 201, {\n        success: true,\n        podUrl,\n        message: `Pod ${podName} created successfully`\n      });\n    } catch (error) {\n      logger.error(`Failed to create pod: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to create pod' });\n    }\n  }, { public: true }); // Service token auth handled internally\n\n  /**\n   * DELETE /api/v1/pods/:podName\n   *\n   * 删除 Pod 目录\n   *\n   * Request:\n   *   Authorization: Bearer {service_token}\n   *\n   * Response:\n   *   200: { success: true }\n   *   401: { error: \"Unauthorized\" }\n   *   404: { error: \"Pod not found\" }\n   */\n  server.delete('/api/v1/pods/:podName', async (request, response, params) => {\n    // 1. 认证\n    if (!await authenticate(request)) {\n      sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });\n      return;\n    }\n\n    const podName = decodeURIComponent(params.podName);\n\n    // 2. 验证 pod 名称\n    if (!validatePodName(podName)) {\n      sendJson(response, 400, { error: 'Bad Request', message: `Invalid pod name: ${podName}` });\n      return;\n    }\n\n    // 3. 检查是否存在\n    const podPath = `${rootDir}/${podName}`;\n    try {\n      const exists = await fileExists(podPath);\n      if (!exists) {\n        sendJson(response, 404, { error: 'Not Found', message: `Pod ${podName} not found` });\n        return;\n      }\n    } catch (error) {\n      logger.error(`Error checking pod existence: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to check pod existence' });\n      return;\n    }\n\n    // 4. 删除 Pod 目录\n    try {\n      await deletePodDirectory(podPath);\n      logger.info(`Deleted pod: ${podName}`);\n\n      sendJson(response, 200, {\n        success: true,\n        message: `Pod ${podName} deleted successfully`\n      });\n    } catch (error) {\n      logger.error(`Failed to delete pod: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to delete pod' });\n    }\n  }, { public: true });\n\n  /**\n   * GET /api/v1/pods/:podName\n   *\n   * 获取 Pod 信息（存在性检查）\n   */\n  server.get('/api/v1/pods/:podName', async (request, response, params) => {\n    // 1. 认证\n    if (!await authenticate(request)) {\n      sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });\n      return;\n    }\n\n    const podName = decodeURIComponent(params.podName);\n    const podPath = `${rootDir}/${podName}`;\n\n    try {\n      const exists = await fileExists(podPath);\n      if (!exists) {\n        sendJson(response, 404, { error: 'Not Found', message: `Pod ${podName} not found` });\n        return;\n      }\n\n      const host = request.headers.host || 'localhost';\n      const podUrl = `https://${host}/${podName}/`;\n\n      sendJson(response, 200, {\n        exists: true,\n        podName,\n        podUrl,\n        storagePath: podPath\n      });\n    } catch (error) {\n      logger.error(`Error getting pod info: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to get pod info' });\n    }\n  }, { public: true });\n\n  logger.info(`Pod management routes registered with rootDir: ${rootDir}`);\n}\n\n/**\n * 读取 JSON 请求体\n */\nasync function readJsonBody(request: IncomingMessage): Promise<unknown> {\n  return new Promise((resolve, reject) => {\n    let data = '';\n    request.setEncoding('utf8');\n    request.on('data', (chunk: string) => {\n      data += chunk;\n    });\n    request.on('end', () => {\n      if (!data) {\n        resolve({});\n        return;\n      }\n      try {\n        resolve(JSON.parse(data));\n      } catch (error) {\n        reject(error);\n      }\n    });\n    request.on('error', reject);\n  });\n}\n\n/**\n * 发送 JSON 响应\n */\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n  response.statusCode = status;\n  response.setHeader('Content-Type', 'application/json');\n  response.end(JSON.stringify(data));\n}\n\n/**\n * 检查文件/目录是否存在\n */\nasync function fileExists(path: string): Promise<boolean> {\n  const { stat } = await import('node:fs/promises');\n  try {\n    await stat(path);\n    return true;\n  } catch {\n    return false;\n  }\n}\n\n/**\n * 创建 Pod 目录\n */\nasync function createPodDirectory(\n  podPath: string,\n  initialResources?: Record<string, string>\n): Promise<void> {\n  const { mkdir, writeFile } = await import('node:fs/promises');\n  const { join } = await import('node:path');\n\n  // 创建目录\n  await mkdir(podPath, { recursive: true });\n\n  // 创建初始资源\n  if (initialResources) {\n    for (const [filename, content] of Object.entries(initialResources)) {\n      const filePath = join(podPath, filename);\n      await writeFile(filePath, content, 'utf8');\n    }\n  }\n}\n\n/**\n * 删除 Pod 目录\n */\nasync function deletePodDirectory(podPath: string): Promise<void> {\n  const { rm } = await import('node:fs/promises');\n  await rm(podPath, { recursive: true, force: true });\n}\n"]}
+{"version":3,"file":"PodManagementHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/PodManagementHandler.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AA8CA,kEAyMC;AAtPD,iEAAqD;AA8BrD;;;;;;;;;;;;;;GAcG;AACH,SAAgB,2BAA2B,CACzC,MAAiB,EACjB,OAAoC;IAEpC,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,sBAAsB,CAAC,CAAC;IACpD,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,YAAY,GAAG,kBAAkB,EAAE,GAAG,OAAO,CAAC;IAEnF;;OAEG;IACH,KAAK,UAAU,YAAY,CAAC,OAAwB;QAClD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QACjD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAClC,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,SAAS,eAAe,CAAC,OAAe;QACtC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC1D,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE;QACzD,QAAQ;QACR,IAAI,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAC;YAChG,OAAO;QACT,CAAC;QAED,WAAW;QACX,IAAI,IAAsB,CAAC;QAC3B,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAqB,CAAC;QACzD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;YAChF,OAAO;QACT,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,IAAI,CAAC;QAE3C,eAAe;QACf,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,KAAK,EAAE,aAAa;gBACpB,OAAO,EAAE,qBAAqB,OAAO,gBAAgB,YAAY,CAAC,QAAQ,EAAE,EAAE;aAC/E,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,aAAa;QACb,MAAM,OAAO,GAAG,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;QACxC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,MAAM,EAAE,CAAC;gBACX,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,OAAO,iBAAiB,EAAE,CAAC,CAAC;gBACzF,OAAO;YACT,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,iCAAkC,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC,CAAC;YACtG,OAAO;QACT,CAAC;QAED,eAAe;QACf,IAAI,CAAC;YACH,MAAM,kBAAkB,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YACpD,MAAM,CAAC,IAAI,CAAC,gBAAgB,OAAO,OAAO,OAAO,EAAE,CAAC,CAAC;YAErD,0BAA0B;YAC1B,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,CAAC;YACjD,MAAM,MAAM,GAAG,WAAW,IAAI,IAAI,OAAO,GAAG,CAAC;YAE7C,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,OAAO,EAAE,IAAI;gBACb,MAAM;gBACN,OAAO,EAAE,OAAO,OAAO,uBAAuB;aAC/C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yBAA0B,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAClE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,wCAAwC;IAE9D;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,MAAM,CAAC,0BAA0B,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QAC5E,QAAQ;QACR,IAAI,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAC;YAChG,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnD,eAAe;QACf,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,qBAAqB,OAAO,EAAE,EAAE,CAAC,CAAC;YAC3F,OAAO;QACT,CAAC;QAED,YAAY;QACZ,MAAM,OAAO,GAAG,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;QACxC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,OAAO,YAAY,EAAE,CAAC,CAAC;gBACrF,OAAO;YACT,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,iCAAkC,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC,CAAC;YACtG,OAAO;QACT,CAAC;QAED,eAAe;QACf,IAAI,CAAC;YACH,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,gBAAgB,OAAO,EAAE,CAAC,CAAC;YAEvC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,OAAO,OAAO,uBAAuB;aAC/C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yBAA0B,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAClE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB;;;;OAIG;IACH,MAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACzE,QAAQ;QACR,IAAI,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAC;YAChG,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;QAExC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,OAAO,YAAY,EAAE,CAAC,CAAC;gBACrF,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,CAAC;YACjD,MAAM,MAAM,GAAG,WAAW,IAAI,IAAI,OAAO,GAAG,CAAC;YAE7C,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,MAAM,EAAE,IAAI;gBACZ,OAAO;gBACP,MAAM;gBACN,WAAW,EAAE,OAAO;aACrB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,2BAA4B,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YACpE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;QACjG,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB,MAAM,CAAC,IAAI,CAAC,kDAAkD,OAAO,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,YAAY,CAAC,OAAwB;IAClD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,EAAE,CAAC,CAAC;gBACZ,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,UAAU,CAAC,IAAY;IACpC,MAAM,EAAE,IAAI,EAAE,GAAG,wDAAa,kBAAkB,GAAC,CAAC;IAClD,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAC/B,OAAe,EACf,gBAAyC;IAEzC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,wDAAa,kBAAkB,GAAC,CAAC;IAC9D,MAAM,EAAE,IAAI,EAAE,GAAG,wDAAa,WAAW,GAAC,CAAC;IAE3C,OAAO;IACP,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,SAAS;IACT,IAAI,gBAAgB,EAAE,CAAC;QACrB,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACzC,MAAM,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAAC,OAAe;IAC/C,MAAM,EAAE,EAAE,EAAE,GAAG,wDAAa,kBAAkB,GAAC,CAAC;IAChD,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AACtD,CAAC","sourcesContent":["import type { ServerResponse, IncomingMessage } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { ApiServer } from '../ApiServer';\n\nexport interface PodManagementHandlerOptions {\n  /** Pod 存储根目录 */\n  rootDir: string;\n  /** 验证 IdP service token */\n  verifyServiceToken: (token: string) => Promise<boolean>;\n  /** 可选：限制允许的 pod 名称正则 */\n  podNameRegex?: RegExp;\n}\n\nexport interface CreatePodRequest {\n  /** Pod 名称（通常是用户名） */\n  podName: string;\n  /** 可选：初始资源 */\n  initialResources?: Record<string, string>;\n}\n\nexport interface CreatePodResponse {\n  success: boolean;\n  podUrl: string;\n  message: string;\n}\n\nexport interface DeletePodResponse {\n  success: boolean;\n  message: string;\n}\n\n/**\n * Pod Management Handler\n *\n * SP (Storage Provider) 端供 IdP 调用的 API。\n * 用于创建/删除/查询 Pod 目录。\n *\n * 端点 (Solid Storage Provision Protocol):\n * - POST   /provision/pods           - 创建 Pod\n * - GET    /provision/pods/:podName  - 查询 Pod\n * - DELETE /provision/pods/:podName  - 删除 Pod\n *\n * 认证:\n * - 使用 IdP service token (Bearer)\n * - 验证 token 是否来自信任的 IdP\n */\nexport function registerPodManagementRoutes(\n  server: ApiServer,\n  options: PodManagementHandlerOptions\n): void {\n  const logger = getLoggerFor('PodManagementHandler');\n  const { rootDir, verifyServiceToken, podNameRegex = /^[a-zA-Z0-9_-]+$/ } = options;\n\n  /**\n   * 验证 service token\n   */\n  async function authenticate(request: IncomingMessage): Promise<boolean> {\n    const authHeader = request.headers.authorization;\n    if (!authHeader || !authHeader.startsWith('Bearer ')) {\n      return false;\n    }\n    const token = authHeader.slice(7);\n    return verifyServiceToken(token);\n  }\n\n  /**\n   * 验证 pod 名称\n   */\n  function validatePodName(podName: string): boolean {\n    if (!podName || podName.length < 1 || podName.length > 64) {\n      return false;\n    }\n    return podNameRegex.test(podName);\n  }\n\n  /**\n   * POST /provision/pods\n   *\n   * 创建 Pod 目录\n   *\n   * Request:\n   *   Authorization: Bearer {service_token}\n   *   Content-Type: application/json\n   *   Body: { podName: \"alice\", initialResources?: {...} }\n   *\n   * Response:\n   *   201: { success: true, podUrl: \"https://node1.pods.site/alice/\" }\n   *   400: { error: \"Invalid pod name\" }\n   *   401: { error: \"Unauthorized\" }\n   *   409: { error: \"Pod already exists\" }\n   */\n  server.post('/provision/pods', async (request, response) => {\n    // 1. 认证\n    if (!await authenticate(request)) {\n      sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });\n      return;\n    }\n\n    // 2. 解析请求体\n    let body: CreatePodRequest;\n    try {\n      body = await readJsonBody(request) as CreatePodRequest;\n    } catch (error) {\n      sendJson(response, 400, { error: 'Bad Request', message: 'Invalid JSON body' });\n      return;\n    }\n\n    const { podName, initialResources } = body;\n\n    // 3. 验证 pod 名称\n    if (!validatePodName(podName)) {\n      sendJson(response, 400, {\n        error: 'Bad Request',\n        message: `Invalid pod name: ${podName}. Must match ${podNameRegex.toString()}`\n      });\n      return;\n    }\n\n    // 4. 检查是否已存在\n    const podPath = `${rootDir}/${podName}`;\n    try {\n      const exists = await fileExists(podPath);\n      if (exists) {\n        sendJson(response, 409, { error: 'Conflict', message: `Pod ${podName} already exists` });\n        return;\n      }\n    } catch (error) {\n      logger.error(`Error checking pod existence: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to check pod existence' });\n      return;\n    }\n\n    // 5. 创建 Pod 目录\n    try {\n      await createPodDirectory(podPath, initialResources);\n      logger.info(`Created pod: ${podName} at ${podPath}`);\n\n      // 构建 pod URL (基于请求的 host)\n      const host = request.headers.host || 'localhost';\n      const podUrl = `https://${host}/${podName}/`;\n\n      sendJson(response, 201, {\n        success: true,\n        podUrl,\n        message: `Pod ${podName} created successfully`\n      });\n    } catch (error) {\n      logger.error(`Failed to create pod: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to create pod' });\n    }\n  }, { public: true }); // Service token auth handled internally\n\n  /**\n   * DELETE /provision/pods/:podName\n   *\n   * 删除 Pod 目录\n   *\n   * Request:\n   *   Authorization: Bearer {service_token}\n   *\n   * Response:\n   *   200: { success: true }\n   *   401: { error: \"Unauthorized\" }\n   *   404: { error: \"Pod not found\" }\n   */\n  server.delete('/provision/pods/:podName', async (request, response, params) => {\n    // 1. 认证\n    if (!await authenticate(request)) {\n      sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });\n      return;\n    }\n\n    const podName = decodeURIComponent(params.podName);\n\n    // 2. 验证 pod 名称\n    if (!validatePodName(podName)) {\n      sendJson(response, 400, { error: 'Bad Request', message: `Invalid pod name: ${podName}` });\n      return;\n    }\n\n    // 3. 检查是否存在\n    const podPath = `${rootDir}/${podName}`;\n    try {\n      const exists = await fileExists(podPath);\n      if (!exists) {\n        sendJson(response, 404, { error: 'Not Found', message: `Pod ${podName} not found` });\n        return;\n      }\n    } catch (error) {\n      logger.error(`Error checking pod existence: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to check pod existence' });\n      return;\n    }\n\n    // 4. 删除 Pod 目录\n    try {\n      await deletePodDirectory(podPath);\n      logger.info(`Deleted pod: ${podName}`);\n\n      sendJson(response, 200, {\n        success: true,\n        message: `Pod ${podName} deleted successfully`\n      });\n    } catch (error) {\n      logger.error(`Failed to delete pod: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to delete pod' });\n    }\n  }, { public: true });\n\n  /**\n   * GET /provision/pods/:podName\n   *\n   * 获取 Pod 信息（存在性检查）\n   */\n  server.get('/provision/pods/:podName', async (request, response, params) => {\n    // 1. 认证\n    if (!await authenticate(request)) {\n      sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });\n      return;\n    }\n\n    const podName = decodeURIComponent(params.podName);\n    const podPath = `${rootDir}/${podName}`;\n\n    try {\n      const exists = await fileExists(podPath);\n      if (!exists) {\n        sendJson(response, 404, { error: 'Not Found', message: `Pod ${podName} not found` });\n        return;\n      }\n\n      const host = request.headers.host || 'localhost';\n      const podUrl = `https://${host}/${podName}/`;\n\n      sendJson(response, 200, {\n        exists: true,\n        podName,\n        podUrl,\n        storagePath: podPath\n      });\n    } catch (error) {\n      logger.error(`Error getting pod info: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to get pod info' });\n    }\n  }, { public: true });\n\n  logger.info(`Pod management routes registered with rootDir: ${rootDir}`);\n}\n\n/**\n * 读取 JSON 请求体\n */\nasync function readJsonBody(request: IncomingMessage): Promise<unknown> {\n  return new Promise((resolve, reject) => {\n    let data = '';\n    request.setEncoding('utf8');\n    request.on('data', (chunk: string) => {\n      data += chunk;\n    });\n    request.on('end', () => {\n      if (!data) {\n        resolve({});\n        return;\n      }\n      try {\n        resolve(JSON.parse(data));\n      } catch (error) {\n        reject(error);\n      }\n    });\n    request.on('error', reject);\n  });\n}\n\n/**\n * 发送 JSON 响应\n */\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n  response.statusCode = status;\n  response.setHeader('Content-Type', 'application/json');\n  response.end(JSON.stringify(data));\n}\n\n/**\n * 检查文件/目录是否存在\n */\nasync function fileExists(path: string): Promise<boolean> {\n  const { stat } = await import('node:fs/promises');\n  try {\n    await stat(path);\n    return true;\n  } catch {\n    return false;\n  }\n}\n\n/**\n * 创建 Pod 目录\n */\nasync function createPodDirectory(\n  podPath: string,\n  initialResources?: Record<string, string>\n): Promise<void> {\n  const { mkdir, writeFile } = await import('node:fs/promises');\n  const { join } = await import('node:path');\n\n  // 创建目录\n  await mkdir(podPath, { recursive: true });\n\n  // 创建初始资源\n  if (initialResources) {\n    for (const [filename, content] of Object.entries(initialResources)) {\n      const filePath = join(podPath, filename);\n      await writeFile(filePath, content, 'utf8');\n    }\n  }\n}\n\n/**\n * 删除 Pod 目录\n */\nasync function deletePodDirectory(podPath: string): Promise<void> {\n  const { rm } = await import('node:fs/promises');\n  await rm(podPath, { recursive: true, force: true });\n}\n"]}

package/dist/api/handlers/ProvisionHandler.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Provision Handler
+ *
+ * Cloud 端的 SP 注册 API
+ *
+ * POST /provision/nodes  - SP 注册（公开，无需认证）
+ *   返回 nodeId、nodeToken、serviceToken、provisionCode（自包含 JWT）
+ *
+ * provisionCode 是自包含 token，编码了 SP 的 publicUrl 和 serviceToken。
+ * CSS 侧的 ProvisionPodCreator 解码后直接回调 SP，不需要查数据库。
+ *
+ * GET /provision/status  - Local 端 SP 状态查询（公开）
+ *   返回 SP 配置状态，供 Linx 查询
+ */
+import type { ApiServer } from '../ApiServer';
+import type { EdgeNodeRepository } from '../../identity/drizzle/EdgeNodeRepository';
+export interface ProvisionHandlerOptions {
+    repository: EdgeNodeRepository;
+    /** Cloud baseUrl，用于派生 provisionCode 签名密钥 */
+    baseUrl: string;
+    /** 节点域名根域名，如 "undefineds.site" */
+    baseStorageDomain?: string;
+    /** provisionCode 有效期（秒），默认 24 小时 */
+    provisionCodeTtl?: number;
+}
+export declare function registerProvisionRoutes(server: ApiServer, options: ProvisionHandlerOptions): void;
+/**
+ * Local 端 SP 状态查询路由
+ */
+export interface ProvisionStatusOptions {
+    /** Cloud API 端点 */
+    cloudUrl?: string;
+    /** 节点 ID */
+    nodeId?: string;
+    /** SP 子域名 */
+    spDomain?: string;
+    /** Cloud baseUrl，用于拼 provisionUrl */
+    cloudBaseUrl?: string;
+    /** provisionCode（可选，由环境变量传入） */
+    provisionCode?: string;
+}
+export declare function registerProvisionStatusRoute(server: ApiServer, options: ProvisionStatusOptions): void;