@undefineds.co/xpod 0.1.7 → 0.2.0-preview.2

package/dist/api/handlers/EdgeNodeSignalHandler.js

@@ -0,0 +1,171 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerEdgeNodeSignalRoutes = registerEdgeNodeSignalRoutes;
+const global_logger_factory_1 = require("global-logger-factory");
+const AuthContext_1 = require("../auth/AuthContext");
+/**
+ * Handler for edge node signaling API
+ *
+ * POST /v1/signal - Edge node heartbeat/signal
+ *
+ * Requires API authentication and a nodeId in the request body.
+ */
+function registerEdgeNodeSignalRoutes(server, options) {
+    const logger = (0, global_logger_factory_1.getLoggerFor)('EdgeNodeSignalHandler');
+    const repo = options.repository;
+    const { dnsCoordinator, healthProbeService } = options;
+    // POST /v1/signal - authenticated via nodeToken, API key, or Solid token
+    server.post('/v1/signal', async (request, response, _params) => {
+        const auth = request.auth;
+        if (!auth) {
+            sendJson(response, 401, { error: 'Authentication required' });
+            return;
+        }
+        const body = await readJsonBody(request);
+        if (!body || typeof body !== 'object') {
+            sendJson(response, 400, { error: 'Request body must be a JSON object' });
+            return;
+        }
+        const payload = body;
+        // Resolve nodeId based on auth type
+        let nodeId;
+        if ((0, AuthContext_1.isNodeAuth)(auth)) {
+            // nodeToken 认证：nodeId 来自认证结果，无需 owner 检查
+            nodeId = (0, AuthContext_1.getNodeId)(auth);
+        }
+        else {
+            // WebID 认证：从 body 读 nodeId，检查 owner
+            const webId = (0, AuthContext_1.getWebId)(auth);
+            if (!webId) {
+                sendJson(response, 400, { error: 'Cannot determine user' });
+                return;
+            }
+            nodeId = typeof payload.nodeId === 'string' ? payload.nodeId.trim() : '';
+            if (!nodeId) {
+                sendJson(response, 400, { error: 'nodeId is required' });
+                return;
+            }
+            try {
+                const owner = await repo.getNodeOwner(nodeId);
+                if (!owner) {
+                    sendJson(response, 404, { error: 'Node not found' });
+                    return;
+                }
+                if (owner !== webId) {
+                    sendJson(response, 403, { error: 'Access denied' });
+                    return;
+                }
+            }
+            catch (error) {
+                logger.error(`Failed to validate node access: ${error}`);
+                sendJson(response, 500, { error: 'Failed to validate node access' });
+                return;
+            }
+        }
+        const now = new Date();
+        try {
+            // Get current metadata to merge
+            const existing = await repo.getNodeMetadata(nodeId);
+            let metadata = mergeMetadata(existing?.metadata ?? {}, payload, now);
+            // 从 DB connectivity 列注入 subdomain/ipv4，供 dnsCoordinator 使用
+            const connectivityInfo = await repo.getNodeConnectivityInfo(nodeId);
+            if (connectivityInfo) {
+                if (connectivityInfo.subdomain && !metadata.subdomain) {
+                    metadata.subdomain = connectivityInfo.subdomain;
+                }
+                if (connectivityInfo.ipv4 && !metadata.ipv4) {
+                    metadata.ipv4 = connectivityInfo.ipv4;
+                }
+                if (connectivityInfo.connectivityStatus && !metadata.connectivityStatus) {
+                    metadata.connectivityStatus = connectivityInfo.connectivityStatus;
+                }
+            }
+            // Update heartbeat
+            await repo.updateNodeHeartbeat(nodeId, metadata, now);
+            // Update pods if provided
+            if (Array.isArray(payload.pods)) {
+                await repo.replaceNodePods(nodeId, payload.pods);
+            }
+            // 健康检查 → DNS 同步
+            if (healthProbeService) {
+                await healthProbeService.probeNode(nodeId);
+                // 健康检查结果写入了 DB metadata，重新读取
+                const freshMeta = await repo.getNodeMetadata(nodeId);
+                if (freshMeta?.metadata) {
+                    const reachability = freshMeta.metadata.reachability;
+                    if (reachability) {
+                        metadata.reachability = reachability;
+                        const status = reachability.status;
+                        if (typeof status === 'string') {
+                            metadata.connectivityStatus = status === 'unreachable' ? 'unreachable' : 'reachable';
+                        }
+                    }
+                }
+            }
+            if (dnsCoordinator) {
+                await dnsCoordinator.synchronize(nodeId, metadata);
+            }
+            logger.debug(`Signal received from node ${nodeId}`);
+            sendJson(response, 200, {
+                status: 'ok',
+                nodeId,
+                lastSeen: now.toISOString(),
+                metadata,
+            });
+        }
+        catch (error) {
+            logger.error(`Signal handling error for node ${nodeId}:`, error);
+            if (error instanceof Error) {
+                logger.error(`Stack trace: ${error.stack}`);
+            }
+            sendJson(response, 500, { error: 'Failed to process signal' });
+        }
+    });
+}
+function mergeMetadata(previous, payload, now) {
+    const next = { ...previous };
+    next.lastHeartbeatAt = now.toISOString();
+    const copyIfPresent = (key) => {
+        if (payload[key] !== undefined) {
+            next[key] = payload[key];
+        }
+    };
+    copyIfPresent('baseUrl');
+    copyIfPresent('publicAddress');
+    copyIfPresent('hostname');
+    copyIfPresent('ipv4');
+    copyIfPresent('ipv6');
+    copyIfPresent('version');
+    copyIfPresent('status');
+    copyIfPresent('capabilities');
+    copyIfPresent('metrics');
+    return next;
+}
+async function readJsonBody(request) {
+    return new Promise((resolve, reject) => {
+        let data = '';
+        request.setEncoding('utf8');
+        request.on('data', (chunk) => {
+            data += chunk;
+        });
+        request.on('end', () => {
+            if (!data) {
+                resolve(undefined);
+                return;
+            }
+            try {
+                resolve(JSON.parse(data));
+            }
+            catch {
+                resolve(undefined);
+            }
+        });
+        request.on('error', reject);
+    });
+}
+function sendJson(response, status, data) {
+    response.statusCode = status;
+    response.setHeader('Content-Type', 'application/json');
+    response.end(JSON.stringify(data));
+}
+//# sourceMappingURL=EdgeNodeSignalHandler.js.map

package/dist/api/handlers/EdgeNodeSignalHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"EdgeNodeSignalHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/EdgeNodeSignalHandler.ts"],"names":[],"mappings":";;AAsBA,oEAyHC;AA9ID,iEAAqD;AAMrD,qDAAsE;AAQtE;;;;;;GAMG;AACH,SAAgB,4BAA4B,CAAC,MAAiB,EAAE,OAAqC;IACnG,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,uBAAuB,CAAC,CAAC;IACrD,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC;IAChC,MAAM,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC;IAEvD,yEAAyE;IACzE,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE;QAC7D,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAC1B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;YAC9D,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC,CAAC;YACzE,OAAO;QACT,CAAC;QACD,MAAM,OAAO,GAAG,IAA+B,CAAC;QAEhD,oCAAoC;QACpC,IAAI,MAAc,CAAC;QAEnB,IAAI,IAAA,wBAAU,EAAC,IAAI,CAAC,EAAE,CAAC;YACrB,yCAAyC;YACzC,MAAM,GAAG,IAAA,uBAAS,EAAC,IAAI,CAAE,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,oCAAoC;YACpC,MAAM,KAAK,GAAG,IAAA,sBAAQ,EAAC,IAAI,CAAC,CAAC;YAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;gBAC5D,OAAO;YACT,CAAC;YACD,MAAM,GAAG,OAAO,OAAO,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACzE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,CAAC;gBACzD,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;gBAC9C,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;oBACrD,OAAO;gBACT,CAAC;gBACD,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;oBACpB,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;oBACpD,OAAO;gBACT,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,mCAAmC,KAAK,EAAE,CAAC,CAAC;gBACzD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,gCAAgC,EAAE,CAAC,CAAC;gBACrE,OAAO;YACT,CAAC;QACH,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QAEvB,IAAI,CAAC;YACH,gCAAgC;YAChC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;YACpD,IAAI,QAAQ,GAAG,aAAa,CAAC,QAAQ,EAAE,QAAQ,IAAI,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;YAErE,2DAA2D;YAC3D,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;YACpE,IAAI,gBAAgB,EAAE,CAAC;gBACrB,IAAI,gBAAgB,CAAC,SAAS,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;oBACtD,QAAQ,CAAC,SAAS,GAAG,gBAAgB,CAAC,SAAS,CAAC;gBAClD,CAAC;gBACD,IAAI,gBAAgB,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;oBAC5C,QAAQ,CAAC,IAAI,GAAG,gBAAgB,CAAC,IAAI,CAAC;gBACxC,CAAC;gBACD,IAAI,gBAAgB,CAAC,kBAAkB,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,CAAC;oBACxE,QAAQ,CAAC,kBAAkB,GAAG,gBAAgB,CAAC,kBAAkB,CAAC;gBACpE,CAAC;YACH,CAAC;YAED,mBAAmB;YACnB,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;YAEtD,0BAA0B;YAC1B,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,IAAgB,CAAC,CAAC;YAC/D,CAAC;YAED,gBAAgB;YAChB,IAAI,kBAAkB,EAAE,CAAC;gBACvB,MAAM,kBAAkB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;gBAC3C,6BAA6B;gBAC7B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;gBACrD,IAAI,SAAS,EAAE,QAAQ,EAAE,CAAC;oBACxB,MAAM,YAAY,GAAI,SAAS,CAAC,QAAoC,CAAC,YAAY,CAAC;oBAClF,IAAI,YAAY,EAAE,CAAC;wBACjB,QAAQ,CAAC,YAAY,GAAG,YAAY,CAAC;wBACrC,MAAM,MAAM,GAAI,YAAwC,CAAC,MAAM,CAAC;wBAChE,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;4BAC/B,QAAQ,CAAC,kBAAkB,GAAG,MAAM,KAAK,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC;wBACvF,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,cAAc,EAAE,CAAC;gBACnB,MAAM,cAAc,CAAC,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACrD,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,6BAA6B,MAAM,EAAE,CAAC,CAAC;YAEpD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,MAAM,EAAE,IAAI;gBACZ,MAAM;gBACN,QAAQ,EAAE,GAAG,CAAC,WAAW,EAAE;gBAC3B,QAAQ;aACT,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,kCAAkC,MAAM,GAAG,EAAE,KAAK,CAAC,CAAC;YACjE,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC3B,MAAM,CAAC,KAAK,CAAC,gBAAgB,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;YAC9C,CAAC;YACD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;QACjE,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,aAAa,CACpB,QAAiC,EACjC,OAAgC,EAChC,GAAS;IAET,MAAM,IAAI,GAA4B,EAAE,GAAG,QAAQ,EAAE,CAAC;IACtD,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAEzC,MAAM,aAAa,GAAG,CAAC,GAAW,EAAE,EAAE;QACpC,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;YAC/B,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC,CAAC;IAEF,aAAa,CAAC,SAAS,CAAC,CAAC;IACzB,aAAa,CAAC,eAAe,CAAC,CAAC;IAC/B,aAAa,CAAC,UAAU,CAAC,CAAC;IAC1B,aAAa,CAAC,MAAM,CAAC,CAAC;IACtB,aAAa,CAAC,MAAM,CAAC,CAAC;IACtB,aAAa,CAAC,SAAS,CAAC,CAAC;IACzB,aAAa,CAAC,QAAQ,CAAC,CAAC;IACxB,aAAa,CAAC,cAAc,CAAC,CAAC;IAC9B,aAAa,CAAC,SAAS,CAAC,CAAC;IAEzB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,OAA6B;IACvD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,SAAS,CAAC,CAAC;gBACnB,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,SAAS,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC","sourcesContent":["import type { ServerResponse } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { AuthenticatedRequest } from '../middleware/AuthMiddleware';\nimport type { ApiServer } from '../ApiServer';\nimport type { EdgeNodeRepository } from '../../identity/drizzle/EdgeNodeRepository';\nimport type { EdgeNodeDnsCoordinator } from '../../edge/EdgeNodeDnsCoordinator';\nimport type { EdgeNodeHealthProbeService } from '../../edge/EdgeNodeHealthProbeService';\nimport { isNodeAuth, getNodeId, getWebId } from '../auth/AuthContext';\n\nexport interface EdgeNodeSignalHandlerOptions {\n  repository: EdgeNodeRepository;\n  dnsCoordinator?: EdgeNodeDnsCoordinator;\n  healthProbeService?: EdgeNodeHealthProbeService;\n}\n\n/**\n * Handler for edge node signaling API\n *\n * POST /v1/signal - Edge node heartbeat/signal\n *\n * Requires API authentication and a nodeId in the request body.\n */\nexport function registerEdgeNodeSignalRoutes(server: ApiServer, options: EdgeNodeSignalHandlerOptions): void {\n  const logger = getLoggerFor('EdgeNodeSignalHandler');\n  const repo = options.repository;\n  const { dnsCoordinator, healthProbeService } = options;\n\n  // POST /v1/signal - authenticated via nodeToken, API key, or Solid token\n  server.post('/v1/signal', async (request, response, _params) => {\n    const auth = request.auth;\n    if (!auth) {\n      sendJson(response, 401, { error: 'Authentication required' });\n      return;\n    }\n\n    const body = await readJsonBody(request);\n    if (!body || typeof body !== 'object') {\n      sendJson(response, 400, { error: 'Request body must be a JSON object' });\n      return;\n    }\n    const payload = body as Record<string, unknown>;\n\n    // Resolve nodeId based on auth type\n    let nodeId: string;\n\n    if (isNodeAuth(auth)) {\n      // nodeToken 认证：nodeId 来自认证结果，无需 owner 检查\n      nodeId = getNodeId(auth)!;\n    } else {\n      // WebID 认证：从 body 读 nodeId，检查 owner\n      const webId = getWebId(auth);\n      if (!webId) {\n        sendJson(response, 400, { error: 'Cannot determine user' });\n        return;\n      }\n      nodeId = typeof payload.nodeId === 'string' ? payload.nodeId.trim() : '';\n      if (!nodeId) {\n        sendJson(response, 400, { error: 'nodeId is required' });\n        return;\n      }\n      try {\n        const owner = await repo.getNodeOwner(nodeId);\n        if (!owner) {\n          sendJson(response, 404, { error: 'Node not found' });\n          return;\n        }\n        if (owner !== webId) {\n          sendJson(response, 403, { error: 'Access denied' });\n          return;\n        }\n      } catch (error) {\n        logger.error(`Failed to validate node access: ${error}`);\n        sendJson(response, 500, { error: 'Failed to validate node access' });\n        return;\n      }\n    }\n\n    const now = new Date();\n\n    try {\n      // Get current metadata to merge\n      const existing = await repo.getNodeMetadata(nodeId);\n      let metadata = mergeMetadata(existing?.metadata ?? {}, payload, now);\n\n      // 从 DB connectivity 列注入 subdomain/ipv4，供 dnsCoordinator 使用\n      const connectivityInfo = await repo.getNodeConnectivityInfo(nodeId);\n      if (connectivityInfo) {\n        if (connectivityInfo.subdomain && !metadata.subdomain) {\n          metadata.subdomain = connectivityInfo.subdomain;\n        }\n        if (connectivityInfo.ipv4 && !metadata.ipv4) {\n          metadata.ipv4 = connectivityInfo.ipv4;\n        }\n        if (connectivityInfo.connectivityStatus && !metadata.connectivityStatus) {\n          metadata.connectivityStatus = connectivityInfo.connectivityStatus;\n        }\n      }\n\n      // Update heartbeat\n      await repo.updateNodeHeartbeat(nodeId, metadata, now);\n\n      // Update pods if provided\n      if (Array.isArray(payload.pods)) {\n        await repo.replaceNodePods(nodeId, payload.pods as string[]);\n      }\n\n      // 健康检查 → DNS 同步\n      if (healthProbeService) {\n        await healthProbeService.probeNode(nodeId);\n        // 健康检查结果写入了 DB metadata，重新读取\n        const freshMeta = await repo.getNodeMetadata(nodeId);\n        if (freshMeta?.metadata) {\n          const reachability = (freshMeta.metadata as Record<string, unknown>).reachability;\n          if (reachability) {\n            metadata.reachability = reachability;\n            const status = (reachability as Record<string, unknown>).status;\n            if (typeof status === 'string') {\n              metadata.connectivityStatus = status === 'unreachable' ? 'unreachable' : 'reachable';\n            }\n          }\n        }\n      }\n\n      if (dnsCoordinator) {\n        await dnsCoordinator.synchronize(nodeId, metadata);\n      }\n\n      logger.debug(`Signal received from node ${nodeId}`);\n\n      sendJson(response, 200, {\n        status: 'ok',\n        nodeId,\n        lastSeen: now.toISOString(),\n        metadata,\n      });\n    } catch (error) {\n      logger.error(`Signal handling error for node ${nodeId}:`, error);\n      if (error instanceof Error) {\n        logger.error(`Stack trace: ${error.stack}`);\n      }\n      sendJson(response, 500, { error: 'Failed to process signal' });\n    }\n  });\n}\n\nfunction mergeMetadata(\n  previous: Record<string, unknown>,\n  payload: Record<string, unknown>,\n  now: Date,\n): Record<string, unknown> {\n  const next: Record<string, unknown> = { ...previous };\n  next.lastHeartbeatAt = now.toISOString();\n\n  const copyIfPresent = (key: string) => {\n    if (payload[key] !== undefined) {\n      next[key] = payload[key];\n    }\n  };\n\n  copyIfPresent('baseUrl');\n  copyIfPresent('publicAddress');\n  copyIfPresent('hostname');\n  copyIfPresent('ipv4');\n  copyIfPresent('ipv6');\n  copyIfPresent('version');\n  copyIfPresent('status');\n  copyIfPresent('capabilities');\n  copyIfPresent('metrics');\n\n  return next;\n}\n\nasync function readJsonBody(request: AuthenticatedRequest): Promise<unknown> {\n  return new Promise((resolve, reject) => {\n    let data = '';\n    request.setEncoding('utf8');\n    request.on('data', (chunk: string) => {\n      data += chunk;\n    });\n    request.on('end', () => {\n      if (!data) {\n        resolve(undefined);\n        return;\n      }\n      try {\n        resolve(JSON.parse(data));\n      } catch {\n        resolve(undefined);\n      }\n    });\n    request.on('error', reject);\n  });\n}\n\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n  response.statusCode = status;\n  response.setHeader('Content-Type', 'application/json');\n  response.end(JSON.stringify(data));\n}\n"]}

package/dist/api/handlers/PodManagementHandler.d.ts

@@ -26,11 +26,12 @@ export interface DeletePodResponse {
  * Pod Management Handler
  *
  * SP (Storage Provider) 端供 IdP 调用的 API。
- * 用于创建/删除 Pod 目录。
+ * 用于创建/删除/查询 Pod 目录。
  *
- * 端点:
- * - POST /api/v1/pods - 创建 Pod
- * - DELETE /api/v1/pods/:podName - 删除 Pod
+ * 端点 (Solid Storage Provision Protocol):
+ * - POST   /provision/pods           - 创建 Pod
+ * - GET    /provision/pods/:podName  - 查询 Pod
+ * - DELETE /provision/pods/:podName  - 删除 Pod
  *
  * 认证:
  * - 使用 IdP service token (Bearer)

package/dist/api/handlers/PodManagementHandler.js

@@ -29,11 +29,12 @@ const global_logger_factory_1 = require("global-logger-factory");
  * Pod Management Handler
  *
  * SP (Storage Provider) 端供 IdP 调用的 API。
- * 用于创建/删除 Pod 目录。
+ * 用于创建/删除/查询 Pod 目录。
  *
- * 端点:
- * - POST /api/v1/pods - 创建 Pod
- * - DELETE /api/v1/pods/:podName - 删除 Pod
+ * 端点 (Solid Storage Provision Protocol):
+ * - POST   /provision/pods           - 创建 Pod
+ * - GET    /provision/pods/:podName  - 查询 Pod
+ * - DELETE /provision/pods/:podName  - 删除 Pod
  *
  * 认证:
  * - 使用 IdP service token (Bearer)
@@ -63,7 +64,7 @@ function registerPodManagementRoutes(server, options) {
         return podNameRegex.test(podName);
     }
     /**
-     * POST /api/v1/pods
+     * POST /provision/pods
      *
      * 创建 Pod 目录
      *
@@ -78,7 +79,7 @@ function registerPodManagementRoutes(server, options) {
      *   401: { error: "Unauthorized" }
      *   409: { error: "Pod already exists" }
      */
-    server.post('/api/v1/pods', async (request, response) => {
+    server.post('/provision/pods', async (request, response) => {
         // 1. 认证
         if (!await authenticate(request)) {
             sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });
@@ -135,7 +136,7 @@ function registerPodManagementRoutes(server, options) {
         }
     }, { public: true }); // Service token auth handled internally
     /**
-     * DELETE /api/v1/pods/:podName
+     * DELETE /provision/pods/:podName
      *
      * 删除 Pod 目录
      *
@@ -147,7 +148,7 @@ function registerPodManagementRoutes(server, options) {
      *   401: { error: "Unauthorized" }
      *   404: { error: "Pod not found" }
      */
-    server.delete('/api/v1/pods/:podName', async (request, response, params) => {
+    server.delete('/provision/pods/:podName', async (request, response, params) => {
         // 1. 认证
         if (!await authenticate(request)) {
             sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });
@@ -188,11 +189,11 @@ function registerPodManagementRoutes(server, options) {
         }
     }, { public: true });
     /**
-     * GET /api/v1/pods/:podName
+     * GET /provision/pods/:podName
      *
      * 获取 Pod 信息（存在性检查）
      */
-    server.get('/api/v1/pods/:podName', async (request, response, params) => {
+    server.get('/provision/pods/:podName', async (request, response, params) => {
         // 1. 认证
         if (!await authenticate(request)) {
             sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });

package/dist/api/handlers/PodManagementHandler.js.map

@@ -1 +1 @@
-{"version":3,"file":"PodManagementHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/PodManagementHandler.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,kEAyMC;AArPD,iEAAqD;AA8BrD;;;;;;;;;;;;;GAaG;AACH,SAAgB,2BAA2B,CACzC,MAAiB,EACjB,OAAoC;IAEpC,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,sBAAsB,CAAC,CAAC;IACpD,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,YAAY,GAAG,kBAAkB,EAAE,GAAG,OAAO,CAAC;IAEnF;;OAEG;IACH,KAAK,UAAU,YAAY,CAAC,OAAwB;QAClD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QACjD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAClC,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,SAAS,eAAe,CAAC,OAAe;QACtC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC1D,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE;QACtD,QAAQ;QACR,IAAI,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAC;YAChG,OAAO;QACT,CAAC;QAED,WAAW;QACX,IAAI,IAAsB,CAAC;QAC3B,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAqB,CAAC;QACzD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;YAChF,OAAO;QACT,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,IAAI,CAAC;QAE3C,eAAe;QACf,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,KAAK,EAAE,aAAa;gBACpB,OAAO,EAAE,qBAAqB,OAAO,gBAAgB,YAAY,CAAC,QAAQ,EAAE,EAAE;aAC/E,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,aAAa;QACb,MAAM,OAAO,GAAG,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;QACxC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,MAAM,EAAE,CAAC;gBACX,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,OAAO,iBAAiB,EAAE,CAAC,CAAC;gBACzF,OAAO;YACT,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,iCAAkC,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC,CAAC;YACtG,OAAO;QACT,CAAC;QAED,eAAe;QACf,IAAI,CAAC;YACH,MAAM,kBAAkB,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YACpD,MAAM,CAAC,IAAI,CAAC,gBAAgB,OAAO,OAAO,OAAO,EAAE,CAAC,CAAC;YAErD,0BAA0B;YAC1B,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,CAAC;YACjD,MAAM,MAAM,GAAG,WAAW,IAAI,IAAI,OAAO,GAAG,CAAC;YAE7C,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,OAAO,EAAE,IAAI;gBACb,MAAM;gBACN,OAAO,EAAE,OAAO,OAAO,uBAAuB;aAC/C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yBAA0B,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAClE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,wCAAwC;IAE9D;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,MAAM,CAAC,uBAAuB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACzE,QAAQ;QACR,IAAI,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAC;YAChG,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnD,eAAe;QACf,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,qBAAqB,OAAO,EAAE,EAAE,CAAC,CAAC;YAC3F,OAAO;QACT,CAAC;QAED,YAAY;QACZ,MAAM,OAAO,GAAG,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;QACxC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,OAAO,YAAY,EAAE,CAAC,CAAC;gBACrF,OAAO;YACT,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,iCAAkC,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC,CAAC;YACtG,OAAO;QACT,CAAC;QAED,eAAe;QACf,IAAI,CAAC;YACH,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,gBAAgB,OAAO,EAAE,CAAC,CAAC;YAEvC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,OAAO,OAAO,uBAAuB;aAC/C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yBAA0B,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAClE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB;;;;OAIG;IACH,MAAM,CAAC,GAAG,CAAC,uBAAuB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACtE,QAAQ;QACR,IAAI,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAC;YAChG,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;QAExC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,OAAO,YAAY,EAAE,CAAC,CAAC;gBACrF,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,CAAC;YACjD,MAAM,MAAM,GAAG,WAAW,IAAI,IAAI,OAAO,GAAG,CAAC;YAE7C,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,MAAM,EAAE,IAAI;gBACZ,OAAO;gBACP,MAAM;gBACN,WAAW,EAAE,OAAO;aACrB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,2BAA4B,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YACpE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;QACjG,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB,MAAM,CAAC,IAAI,CAAC,kDAAkD,OAAO,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,YAAY,CAAC,OAAwB;IAClD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,EAAE,CAAC,CAAC;gBACZ,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,UAAU,CAAC,IAAY;IACpC,MAAM,EAAE,IAAI,EAAE,GAAG,wDAAa,kBAAkB,GAAC,CAAC;IAClD,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAC/B,OAAe,EACf,gBAAyC;IAEzC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,wDAAa,kBAAkB,GAAC,CAAC;IAC9D,MAAM,EAAE,IAAI,EAAE,GAAG,wDAAa,WAAW,GAAC,CAAC;IAE3C,OAAO;IACP,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,SAAS;IACT,IAAI,gBAAgB,EAAE,CAAC;QACrB,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACzC,MAAM,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAAC,OAAe;IAC/C,MAAM,EAAE,EAAE,EAAE,GAAG,wDAAa,kBAAkB,GAAC,CAAC;IAChD,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AACtD,CAAC","sourcesContent":["import type { ServerResponse, IncomingMessage } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { ApiServer } from '../ApiServer';\n\nexport interface PodManagementHandlerOptions {\n  /** Pod 存储根目录 */\n  rootDir: string;\n  /** 验证 IdP service token */\n  verifyServiceToken: (token: string) => Promise<boolean>;\n  /** 可选：限制允许的 pod 名称正则 */\n  podNameRegex?: RegExp;\n}\n\nexport interface CreatePodRequest {\n  /** Pod 名称（通常是用户名） */\n  podName: string;\n  /** 可选：初始资源 */\n  initialResources?: Record<string, string>;\n}\n\nexport interface CreatePodResponse {\n  success: boolean;\n  podUrl: string;\n  message: string;\n}\n\nexport interface DeletePodResponse {\n  success: boolean;\n  message: string;\n}\n\n/**\n * Pod Management Handler\n *\n * SP (Storage Provider) 端供 IdP 调用的 API。\n * 用于创建/删除 Pod 目录。\n *\n * 端点:\n * - POST /api/v1/pods - 创建 Pod\n * - DELETE /api/v1/pods/:podName - 删除 Pod\n *\n * 认证:\n * - 使用 IdP service token (Bearer)\n * - 验证 token 是否来自信任的 IdP\n */\nexport function registerPodManagementRoutes(\n  server: ApiServer,\n  options: PodManagementHandlerOptions\n): void {\n  const logger = getLoggerFor('PodManagementHandler');\n  const { rootDir, verifyServiceToken, podNameRegex = /^[a-zA-Z0-9_-]+$/ } = options;\n\n  /**\n   * 验证 service token\n   */\n  async function authenticate(request: IncomingMessage): Promise<boolean> {\n    const authHeader = request.headers.authorization;\n    if (!authHeader || !authHeader.startsWith('Bearer ')) {\n      return false;\n    }\n    const token = authHeader.slice(7);\n    return verifyServiceToken(token);\n  }\n\n  /**\n   * 验证 pod 名称\n   */\n  function validatePodName(podName: string): boolean {\n    if (!podName || podName.length < 1 || podName.length > 64) {\n      return false;\n    }\n    return podNameRegex.test(podName);\n  }\n\n  /**\n   * POST /api/v1/pods\n   *\n   * 创建 Pod 目录\n   *\n   * Request:\n   *   Authorization: Bearer {service_token}\n   *   Content-Type: application/json\n   *   Body: { podName: \"alice\", initialResources?: {...} }\n   *\n   * Response:\n   *   201: { success: true, podUrl: \"https://node1.pods.site/alice/\" }\n   *   400: { error: \"Invalid pod name\" }\n   *   401: { error: \"Unauthorized\" }\n   *   409: { error: \"Pod already exists\" }\n   */\n  server.post('/api/v1/pods', async (request, response) => {\n    // 1. 认证\n    if (!await authenticate(request)) {\n      sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });\n      return;\n    }\n\n    // 2. 解析请求体\n    let body: CreatePodRequest;\n    try {\n      body = await readJsonBody(request) as CreatePodRequest;\n    } catch (error) {\n      sendJson(response, 400, { error: 'Bad Request', message: 'Invalid JSON body' });\n      return;\n    }\n\n    const { podName, initialResources } = body;\n\n    // 3. 验证 pod 名称\n    if (!validatePodName(podName)) {\n      sendJson(response, 400, {\n        error: 'Bad Request',\n        message: `Invalid pod name: ${podName}. Must match ${podNameRegex.toString()}`\n      });\n      return;\n    }\n\n    // 4. 检查是否已存在\n    const podPath = `${rootDir}/${podName}`;\n    try {\n      const exists = await fileExists(podPath);\n      if (exists) {\n        sendJson(response, 409, { error: 'Conflict', message: `Pod ${podName} already exists` });\n        return;\n      }\n    } catch (error) {\n      logger.error(`Error checking pod existence: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to check pod existence' });\n      return;\n    }\n\n    // 5. 创建 Pod 目录\n    try {\n      await createPodDirectory(podPath, initialResources);\n      logger.info(`Created pod: ${podName} at ${podPath}`);\n\n      // 构建 pod URL (基于请求的 host)\n      const host = request.headers.host || 'localhost';\n      const podUrl = `https://${host}/${podName}/`;\n\n      sendJson(response, 201, {\n        success: true,\n        podUrl,\n        message: `Pod ${podName} created successfully`\n      });\n    } catch (error) {\n      logger.error(`Failed to create pod: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to create pod' });\n    }\n  }, { public: true }); // Service token auth handled internally\n\n  /**\n   * DELETE /api/v1/pods/:podName\n   *\n   * 删除 Pod 目录\n   *\n   * Request:\n   *   Authorization: Bearer {service_token}\n   *\n   * Response:\n   *   200: { success: true }\n   *   401: { error: \"Unauthorized\" }\n   *   404: { error: \"Pod not found\" }\n   */\n  server.delete('/api/v1/pods/:podName', async (request, response, params) => {\n    // 1. 认证\n    if (!await authenticate(request)) {\n      sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });\n      return;\n    }\n\n    const podName = decodeURIComponent(params.podName);\n\n    // 2. 验证 pod 名称\n    if (!validatePodName(podName)) {\n      sendJson(response, 400, { error: 'Bad Request', message: `Invalid pod name: ${podName}` });\n      return;\n    }\n\n    // 3. 检查是否存在\n    const podPath = `${rootDir}/${podName}`;\n    try {\n      const exists = await fileExists(podPath);\n      if (!exists) {\n        sendJson(response, 404, { error: 'Not Found', message: `Pod ${podName} not found` });\n        return;\n      }\n    } catch (error) {\n      logger.error(`Error checking pod existence: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to check pod existence' });\n      return;\n    }\n\n    // 4. 删除 Pod 目录\n    try {\n      await deletePodDirectory(podPath);\n      logger.info(`Deleted pod: ${podName}`);\n\n      sendJson(response, 200, {\n        success: true,\n        message: `Pod ${podName} deleted successfully`\n      });\n    } catch (error) {\n      logger.error(`Failed to delete pod: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to delete pod' });\n    }\n  }, { public: true });\n\n  /**\n   * GET /api/v1/pods/:podName\n   *\n   * 获取 Pod 信息（存在性检查）\n   */\n  server.get('/api/v1/pods/:podName', async (request, response, params) => {\n    // 1. 认证\n    if (!await authenticate(request)) {\n      sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });\n      return;\n    }\n\n    const podName = decodeURIComponent(params.podName);\n    const podPath = `${rootDir}/${podName}`;\n\n    try {\n      const exists = await fileExists(podPath);\n      if (!exists) {\n        sendJson(response, 404, { error: 'Not Found', message: `Pod ${podName} not found` });\n        return;\n      }\n\n      const host = request.headers.host || 'localhost';\n      const podUrl = `https://${host}/${podName}/`;\n\n      sendJson(response, 200, {\n        exists: true,\n        podName,\n        podUrl,\n        storagePath: podPath\n      });\n    } catch (error) {\n      logger.error(`Error getting pod info: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to get pod info' });\n    }\n  }, { public: true });\n\n  logger.info(`Pod management routes registered with rootDir: ${rootDir}`);\n}\n\n/**\n * 读取 JSON 请求体\n */\nasync function readJsonBody(request: IncomingMessage): Promise<unknown> {\n  return new Promise((resolve, reject) => {\n    let data = '';\n    request.setEncoding('utf8');\n    request.on('data', (chunk: string) => {\n      data += chunk;\n    });\n    request.on('end', () => {\n      if (!data) {\n        resolve({});\n        return;\n      }\n      try {\n        resolve(JSON.parse(data));\n      } catch (error) {\n        reject(error);\n      }\n    });\n    request.on('error', reject);\n  });\n}\n\n/**\n * 发送 JSON 响应\n */\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n  response.statusCode = status;\n  response.setHeader('Content-Type', 'application/json');\n  response.end(JSON.stringify(data));\n}\n\n/**\n * 检查文件/目录是否存在\n */\nasync function fileExists(path: string): Promise<boolean> {\n  const { stat } = await import('node:fs/promises');\n  try {\n    await stat(path);\n    return true;\n  } catch {\n    return false;\n  }\n}\n\n/**\n * 创建 Pod 目录\n */\nasync function createPodDirectory(\n  podPath: string,\n  initialResources?: Record<string, string>\n): Promise<void> {\n  const { mkdir, writeFile } = await import('node:fs/promises');\n  const { join } = await import('node:path');\n\n  // 创建目录\n  await mkdir(podPath, { recursive: true });\n\n  // 创建初始资源\n  if (initialResources) {\n    for (const [filename, content] of Object.entries(initialResources)) {\n      const filePath = join(podPath, filename);\n      await writeFile(filePath, content, 'utf8');\n    }\n  }\n}\n\n/**\n * 删除 Pod 目录\n */\nasync function deletePodDirectory(podPath: string): Promise<void> {\n  const { rm } = await import('node:fs/promises');\n  await rm(podPath, { recursive: true, force: true });\n}\n"]}
+{"version":3,"file":"PodManagementHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/PodManagementHandler.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AA8CA,kEAyMC;AAtPD,iEAAqD;AA8BrD;;;;;;;;;;;;;;GAcG;AACH,SAAgB,2BAA2B,CACzC,MAAiB,EACjB,OAAoC;IAEpC,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,sBAAsB,CAAC,CAAC;IACpD,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,YAAY,GAAG,kBAAkB,EAAE,GAAG,OAAO,CAAC;IAEnF;;OAEG;IACH,KAAK,UAAU,YAAY,CAAC,OAAwB;QAClD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QACjD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAClC,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,SAAS,eAAe,CAAC,OAAe;QACtC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC1D,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE;QACzD,QAAQ;QACR,IAAI,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAC;YAChG,OAAO;QACT,CAAC;QAED,WAAW;QACX,IAAI,IAAsB,CAAC;QAC3B,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAqB,CAAC;QACzD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;YAChF,OAAO;QACT,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,IAAI,CAAC;QAE3C,eAAe;QACf,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,KAAK,EAAE,aAAa;gBACpB,OAAO,EAAE,qBAAqB,OAAO,gBAAgB,YAAY,CAAC,QAAQ,EAAE,EAAE;aAC/E,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,aAAa;QACb,MAAM,OAAO,GAAG,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;QACxC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,MAAM,EAAE,CAAC;gBACX,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,OAAO,iBAAiB,EAAE,CAAC,CAAC;gBACzF,OAAO;YACT,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,iCAAkC,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC,CAAC;YACtG,OAAO;QACT,CAAC;QAED,eAAe;QACf,IAAI,CAAC;YACH,MAAM,kBAAkB,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YACpD,MAAM,CAAC,IAAI,CAAC,gBAAgB,OAAO,OAAO,OAAO,EAAE,CAAC,CAAC;YAErD,0BAA0B;YAC1B,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,CAAC;YACjD,MAAM,MAAM,GAAG,WAAW,IAAI,IAAI,OAAO,GAAG,CAAC;YAE7C,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,OAAO,EAAE,IAAI;gBACb,MAAM;gBACN,OAAO,EAAE,OAAO,OAAO,uBAAuB;aAC/C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yBAA0B,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAClE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,wCAAwC;IAE9D;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,MAAM,CAAC,0BAA0B,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QAC5E,QAAQ;QACR,IAAI,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAC;YAChG,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnD,eAAe;QACf,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,qBAAqB,OAAO,EAAE,EAAE,CAAC,CAAC;YAC3F,OAAO;QACT,CAAC;QAED,YAAY;QACZ,MAAM,OAAO,GAAG,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;QACxC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,OAAO,YAAY,EAAE,CAAC,CAAC;gBACrF,OAAO;YACT,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,iCAAkC,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC,CAAC;YACtG,OAAO;QACT,CAAC;QAED,eAAe;QACf,IAAI,CAAC;YACH,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,gBAAgB,OAAO,EAAE,CAAC,CAAC;YAEvC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,OAAO,OAAO,uBAAuB;aAC/C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yBAA0B,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAClE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB;;;;OAIG;IACH,MAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACzE,QAAQ;QACR,IAAI,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAC;YAChG,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;QAExC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,OAAO,YAAY,EAAE,CAAC,CAAC;gBACrF,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,CAAC;YACjD,MAAM,MAAM,GAAG,WAAW,IAAI,IAAI,OAAO,GAAG,CAAC;YAE7C,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,MAAM,EAAE,IAAI;gBACZ,OAAO;gBACP,MAAM;gBACN,WAAW,EAAE,OAAO;aACrB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,2BAA4B,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YACpE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;QACjG,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB,MAAM,CAAC,IAAI,CAAC,kDAAkD,OAAO,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,YAAY,CAAC,OAAwB;IAClD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,EAAE,CAAC,CAAC;gBACZ,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,UAAU,CAAC,IAAY;IACpC,MAAM,EAAE,IAAI,EAAE,GAAG,wDAAa,kBAAkB,GAAC,CAAC;IAClD,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAC/B,OAAe,EACf,gBAAyC;IAEzC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,wDAAa,kBAAkB,GAAC,CAAC;IAC9D,MAAM,EAAE,IAAI,EAAE,GAAG,wDAAa,WAAW,GAAC,CAAC;IAE3C,OAAO;IACP,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,SAAS;IACT,IAAI,gBAAgB,EAAE,CAAC;QACrB,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACzC,MAAM,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAAC,OAAe;IAC/C,MAAM,EAAE,EAAE,EAAE,GAAG,wDAAa,kBAAkB,GAAC,CAAC;IAChD,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AACtD,CAAC","sourcesContent":["import type { ServerResponse, IncomingMessage } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { ApiServer } from '../ApiServer';\n\nexport interface PodManagementHandlerOptions {\n  /** Pod 存储根目录 */\n  rootDir: string;\n  /** 验证 IdP service token */\n  verifyServiceToken: (token: string) => Promise<boolean>;\n  /** 可选：限制允许的 pod 名称正则 */\n  podNameRegex?: RegExp;\n}\n\nexport interface CreatePodRequest {\n  /** Pod 名称（通常是用户名） */\n  podName: string;\n  /** 可选：初始资源 */\n  initialResources?: Record<string, string>;\n}\n\nexport interface CreatePodResponse {\n  success: boolean;\n  podUrl: string;\n  message: string;\n}\n\nexport interface DeletePodResponse {\n  success: boolean;\n  message: string;\n}\n\n/**\n * Pod Management Handler\n *\n * SP (Storage Provider) 端供 IdP 调用的 API。\n * 用于创建/删除/查询 Pod 目录。\n *\n * 端点 (Solid Storage Provision Protocol):\n * - POST   /provision/pods           - 创建 Pod\n * - GET    /provision/pods/:podName  - 查询 Pod\n * - DELETE /provision/pods/:podName  - 删除 Pod\n *\n * 认证:\n * - 使用 IdP service token (Bearer)\n * - 验证 token 是否来自信任的 IdP\n */\nexport function registerPodManagementRoutes(\n  server: ApiServer,\n  options: PodManagementHandlerOptions\n): void {\n  const logger = getLoggerFor('PodManagementHandler');\n  const { rootDir, verifyServiceToken, podNameRegex = /^[a-zA-Z0-9_-]+$/ } = options;\n\n  /**\n   * 验证 service token\n   */\n  async function authenticate(request: IncomingMessage): Promise<boolean> {\n    const authHeader = request.headers.authorization;\n    if (!authHeader || !authHeader.startsWith('Bearer ')) {\n      return false;\n    }\n    const token = authHeader.slice(7);\n    return verifyServiceToken(token);\n  }\n\n  /**\n   * 验证 pod 名称\n   */\n  function validatePodName(podName: string): boolean {\n    if (!podName || podName.length < 1 || podName.length > 64) {\n      return false;\n    }\n    return podNameRegex.test(podName);\n  }\n\n  /**\n   * POST /provision/pods\n   *\n   * 创建 Pod 目录\n   *\n   * Request:\n   *   Authorization: Bearer {service_token}\n   *   Content-Type: application/json\n   *   Body: { podName: \"alice\", initialResources?: {...} }\n   *\n   * Response:\n   *   201: { success: true, podUrl: \"https://node1.pods.site/alice/\" }\n   *   400: { error: \"Invalid pod name\" }\n   *   401: { error: \"Unauthorized\" }\n   *   409: { error: \"Pod already exists\" }\n   */\n  server.post('/provision/pods', async (request, response) => {\n    // 1. 认证\n    if (!await authenticate(request)) {\n      sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });\n      return;\n    }\n\n    // 2. 解析请求体\n    let body: CreatePodRequest;\n    try {\n      body = await readJsonBody(request) as CreatePodRequest;\n    } catch (error) {\n      sendJson(response, 400, { error: 'Bad Request', message: 'Invalid JSON body' });\n      return;\n    }\n\n    const { podName, initialResources } = body;\n\n    // 3. 验证 pod 名称\n    if (!validatePodName(podName)) {\n      sendJson(response, 400, {\n        error: 'Bad Request',\n        message: `Invalid pod name: ${podName}. Must match ${podNameRegex.toString()}`\n      });\n      return;\n    }\n\n    // 4. 检查是否已存在\n    const podPath = `${rootDir}/${podName}`;\n    try {\n      const exists = await fileExists(podPath);\n      if (exists) {\n        sendJson(response, 409, { error: 'Conflict', message: `Pod ${podName} already exists` });\n        return;\n      }\n    } catch (error) {\n      logger.error(`Error checking pod existence: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to check pod existence' });\n      return;\n    }\n\n    // 5. 创建 Pod 目录\n    try {\n      await createPodDirectory(podPath, initialResources);\n      logger.info(`Created pod: ${podName} at ${podPath}`);\n\n      // 构建 pod URL (基于请求的 host)\n      const host = request.headers.host || 'localhost';\n      const podUrl = `https://${host}/${podName}/`;\n\n      sendJson(response, 201, {\n        success: true,\n        podUrl,\n        message: `Pod ${podName} created successfully`\n      });\n    } catch (error) {\n      logger.error(`Failed to create pod: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to create pod' });\n    }\n  }, { public: true }); // Service token auth handled internally\n\n  /**\n   * DELETE /provision/pods/:podName\n   *\n   * 删除 Pod 目录\n   *\n   * Request:\n   *   Authorization: Bearer {service_token}\n   *\n   * Response:\n   *   200: { success: true }\n   *   401: { error: \"Unauthorized\" }\n   *   404: { error: \"Pod not found\" }\n   */\n  server.delete('/provision/pods/:podName', async (request, response, params) => {\n    // 1. 认证\n    if (!await authenticate(request)) {\n      sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });\n      return;\n    }\n\n    const podName = decodeURIComponent(params.podName);\n\n    // 2. 验证 pod 名称\n    if (!validatePodName(podName)) {\n      sendJson(response, 400, { error: 'Bad Request', message: `Invalid pod name: ${podName}` });\n      return;\n    }\n\n    // 3. 检查是否存在\n    const podPath = `${rootDir}/${podName}`;\n    try {\n      const exists = await fileExists(podPath);\n      if (!exists) {\n        sendJson(response, 404, { error: 'Not Found', message: `Pod ${podName} not found` });\n        return;\n      }\n    } catch (error) {\n      logger.error(`Error checking pod existence: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to check pod existence' });\n      return;\n    }\n\n    // 4. 删除 Pod 目录\n    try {\n      await deletePodDirectory(podPath);\n      logger.info(`Deleted pod: ${podName}`);\n\n      sendJson(response, 200, {\n        success: true,\n        message: `Pod ${podName} deleted successfully`\n      });\n    } catch (error) {\n      logger.error(`Failed to delete pod: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to delete pod' });\n    }\n  }, { public: true });\n\n  /**\n   * GET /provision/pods/:podName\n   *\n   * 获取 Pod 信息（存在性检查）\n   */\n  server.get('/provision/pods/:podName', async (request, response, params) => {\n    // 1. 认证\n    if (!await authenticate(request)) {\n      sendJson(response, 401, { error: 'Unauthorized', message: 'Invalid or missing service token' });\n      return;\n    }\n\n    const podName = decodeURIComponent(params.podName);\n    const podPath = `${rootDir}/${podName}`;\n\n    try {\n      const exists = await fileExists(podPath);\n      if (!exists) {\n        sendJson(response, 404, { error: 'Not Found', message: `Pod ${podName} not found` });\n        return;\n      }\n\n      const host = request.headers.host || 'localhost';\n      const podUrl = `https://${host}/${podName}/`;\n\n      sendJson(response, 200, {\n        exists: true,\n        podName,\n        podUrl,\n        storagePath: podPath\n      });\n    } catch (error) {\n      logger.error(`Error getting pod info: ${(error as Error).message}`);\n      sendJson(response, 500, { error: 'Internal Server Error', message: 'Failed to get pod info' });\n    }\n  }, { public: true });\n\n  logger.info(`Pod management routes registered with rootDir: ${rootDir}`);\n}\n\n/**\n * 读取 JSON 请求体\n */\nasync function readJsonBody(request: IncomingMessage): Promise<unknown> {\n  return new Promise((resolve, reject) => {\n    let data = '';\n    request.setEncoding('utf8');\n    request.on('data', (chunk: string) => {\n      data += chunk;\n    });\n    request.on('end', () => {\n      if (!data) {\n        resolve({});\n        return;\n      }\n      try {\n        resolve(JSON.parse(data));\n      } catch (error) {\n        reject(error);\n      }\n    });\n    request.on('error', reject);\n  });\n}\n\n/**\n * 发送 JSON 响应\n */\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n  response.statusCode = status;\n  response.setHeader('Content-Type', 'application/json');\n  response.end(JSON.stringify(data));\n}\n\n/**\n * 检查文件/目录是否存在\n */\nasync function fileExists(path: string): Promise<boolean> {\n  const { stat } = await import('node:fs/promises');\n  try {\n    await stat(path);\n    return true;\n  } catch {\n    return false;\n  }\n}\n\n/**\n * 创建 Pod 目录\n */\nasync function createPodDirectory(\n  podPath: string,\n  initialResources?: Record<string, string>\n): Promise<void> {\n  const { mkdir, writeFile } = await import('node:fs/promises');\n  const { join } = await import('node:path');\n\n  // 创建目录\n  await mkdir(podPath, { recursive: true });\n\n  // 创建初始资源\n  if (initialResources) {\n    for (const [filename, content] of Object.entries(initialResources)) {\n      const filePath = join(podPath, filename);\n      await writeFile(filePath, content, 'utf8');\n    }\n  }\n}\n\n/**\n * 删除 Pod 目录\n */\nasync function deletePodDirectory(podPath: string): Promise<void> {\n  const { rm } = await import('node:fs/promises');\n  await rm(podPath, { recursive: true, force: true });\n}\n"]}

package/dist/api/handlers/ProvisionHandler.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Provision Handler
+ *
+ * Cloud 端的 SP 注册 API
+ *
+ * POST /provision/nodes  - SP 注册（公开，无需认证）
+ *   返回 nodeId、nodeToken、serviceToken、provisionCode（自包含 JWT）
+ *
+ * provisionCode 是自包含 token，编码了 SP 的 publicUrl 和 serviceToken。
+ * CSS 侧的 ProvisionPodCreator 解码后直接回调 SP，不需要查数据库。
+ *
+ * GET /provision/status  - Local 端 SP 状态查询（公开）
+ *   返回 SP 配置状态，供 Linx 查询
+ */
+import type { ApiServer } from '../ApiServer';
+import type { EdgeNodeRepository } from '../../identity/drizzle/EdgeNodeRepository';
+export interface ProvisionHandlerOptions {
+    repository: EdgeNodeRepository;
+    /** Cloud baseUrl，用于派生 provisionCode 签名密钥 */
+    baseUrl: string;
+    /** 节点域名根域名，如 "undefineds.site" */
+    baseStorageDomain?: string;
+    /** provisionCode 有效期（秒），默认 24 小时 */
+    provisionCodeTtl?: number;
+}
+export declare function registerProvisionRoutes(server: ApiServer, options: ProvisionHandlerOptions): void;
+/**
+ * Local 端 SP 状态查询路由
+ */
+export interface ProvisionStatusOptions {
+    /** Cloud API 端点 */
+    cloudUrl?: string;
+    /** 节点 ID */
+    nodeId?: string;
+    /** SP 子域名 */
+    spDomain?: string;
+    /** Cloud baseUrl，用于拼 provisionUrl */
+    cloudBaseUrl?: string;
+    /** provisionCode（可选，由环境变量传入） */
+    provisionCode?: string;
+}
+export declare function registerProvisionStatusRoute(server: ApiServer, options: ProvisionStatusOptions): void;

package/dist/api/handlers/ProvisionHandler.js

@@ -0,0 +1,161 @@
+"use strict";
+/**
+ * Provision Handler
+ *
+ * Cloud 端的 SP 注册 API
+ *
+ * POST /provision/nodes  - SP 注册（公开，无需认证）
+ *   返回 nodeId、nodeToken、serviceToken、provisionCode（自包含 JWT）
+ *
+ * provisionCode 是自包含 token，编码了 SP 的 publicUrl 和 serviceToken。
+ * CSS 侧的 ProvisionPodCreator 解码后直接回调 SP，不需要查数据库。
+ *
+ * GET /provision/status  - Local 端 SP 状态查询（公开）
+ *   返回 SP 配置状态，供 Linx 查询
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerProvisionRoutes = registerProvisionRoutes;
+exports.registerProvisionStatusRoute = registerProvisionStatusRoute;
+const global_logger_factory_1 = require("global-logger-factory");
+const ProvisionCodeCodec_1 = require("../../provision/ProvisionCodeCodec");
+/** 默认 24 小时 */
+const DEFAULT_TTL = 24 * 60 * 60;
+function registerProvisionRoutes(server, options) {
+    const logger = (0, global_logger_factory_1.getLoggerFor)('ProvisionHandler');
+    const { repository, baseUrl, baseStorageDomain } = options;
+    const ttl = options.provisionCodeTtl ?? DEFAULT_TTL;
+    const codec = new ProvisionCodeCodec_1.ProvisionCodeCodec(baseUrl);
+    /**
+     * POST /provision/nodes
+     *
+     * SP 注册端点（公开，SP 启动时调用，此时用户可能还没有 Cloud 账号）
+     *
+     * Request:
+     *   { publicUrl: string, nodeId?: string, displayName?: string, ipv4?: string, serviceToken?: string }
+     *
+     * Response 201:
+     *   { nodeId, nodeToken, serviceToken, provisionCode, spDomain? }
+     */
+    server.post('/provision/nodes', async (request, response) => {
+        let body;
+        try {
+            body = await readJsonBody(request) ?? {};
+        }
+        catch {
+            sendJson(response, 400, { error: 'Invalid JSON body' });
+            return;
+        }
+        if (!body.publicUrl) {
+            sendJson(response, 400, { error: 'publicUrl is required' });
+            return;
+        }
+        try {
+            new URL(body.publicUrl);
+        }
+        catch {
+            sendJson(response, 400, { error: 'Invalid publicUrl format' });
+            return;
+        }
+        try {
+            const result = await repository.registerSpNode({
+                publicUrl: body.publicUrl,
+                displayName: body.displayName,
+                nodeId: body.nodeId,
+                serviceToken: body.serviceToken,
+            });
+            // 预分配子域名前缀（不创建 DNS 记录，延迟到心跳健康检查通过后）
+            // DB 只存前缀，完整 FQDN 由 DnsCoordinator 的 rootDomain 拼接
+            // 用 nodeId sanitize 后做前缀（去掉非 DNS 字符，截断到 63 字符）
+            const subdomainPrefix = baseStorageDomain
+                ? result.nodeId.replace(/[^a-z0-9-]/gi, '').toLowerCase().slice(0, 63) || result.nodeId.split('-')[0]
+                : undefined;
+            const spDomain = subdomainPrefix
+                ? `${subdomainPrefix}.${baseStorageDomain}`
+                : undefined;
+            // 如果提供了 ipv4，存入节点信息（供后续健康检查使用）
+            if (body.ipv4 || subdomainPrefix) {
+                await repository.updateNodeMode(result.nodeId, {
+                    accessMode: 'direct',
+                    ipv4: body.ipv4,
+                    subdomain: subdomainPrefix,
+                });
+            }
+            // 生成自包含 provisionCode（编码了 SP 信息，CSS 解码后直接回调 SP）
+            const provisionCode = codec.encode({
+                spUrl: body.publicUrl,
+                serviceToken: result.serviceToken,
+                nodeId: result.nodeId,
+                spDomain,
+                exp: Math.floor(Date.now() / 1000) + ttl,
+            });
+            logger.info(`Registered SP node ${result.nodeId} at ${body.publicUrl}${spDomain ? `, spDomain: ${spDomain}` : ''}`);
+            const responseBody = {
+                nodeId: result.nodeId,
+                nodeToken: result.nodeToken,
+                serviceToken: result.serviceToken,
+                provisionCode,
+            };
+            if (spDomain) {
+                responseBody.spDomain = spDomain;
+            }
+            sendJson(response, 201, responseBody);
+        }
+        catch (error) {
+            logger.error(`Failed to register SP node: ${error}`);
+            sendJson(response, 500, { error: 'Failed to register SP node' });
+        }
+    }, { public: true });
+    logger.info('Provision routes registered');
+}
+function registerProvisionStatusRoute(server, options) {
+    const logger = (0, global_logger_factory_1.getLoggerFor)('ProvisionStatusHandler');
+    server.get('/provision/status', async (_request, response) => {
+        const registered = Boolean(options.nodeId && options.cloudUrl);
+        const body = {
+            registered,
+        };
+        if (registered) {
+            body.cloudUrl = options.cloudUrl;
+            body.nodeId = options.nodeId;
+            if (options.spDomain) {
+                body.spDomain = options.spDomain;
+            }
+            if (options.cloudBaseUrl) {
+                const provisionUrl = options.provisionCode
+                    ? `${options.cloudBaseUrl.replace(/\/$/, '')}/.account/?provisionCode=${encodeURIComponent(options.provisionCode)}`
+                    : `${options.cloudBaseUrl.replace(/\/$/, '')}/.account/`;
+                body.provisionUrl = provisionUrl;
+            }
+        }
+        sendJson(response, 200, body);
+    }, { public: true });
+    logger.info('Provision status route registered');
+}
+async function readJsonBody(request) {
+    return new Promise((resolve, reject) => {
+        let data = '';
+        request.setEncoding('utf8');
+        request.on('data', (chunk) => {
+            data += chunk;
+        });
+        request.on('end', () => {
+            if (!data) {
+                resolve(undefined);
+                return;
+            }
+            try {
+                resolve(JSON.parse(data));
+            }
+            catch (error) {
+                reject(error);
+            }
+        });
+        request.on('error', reject);
+    });
+}
+function sendJson(response, status, data) {
+    response.statusCode = status;
+    response.setHeader('Content-Type', 'application/json');
+    response.end(JSON.stringify(data));
+}
+//# sourceMappingURL=ProvisionHandler.js.map

package/dist/api/handlers/ProvisionHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProvisionHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/ProvisionHandler.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AAqBH,0DAiGC;AAkBD,oEA+BC;AApKD,iEAAqD;AAGrD,2EAAwE;AAYxE,eAAe;AACf,MAAM,WAAW,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAEjC,SAAgB,uBAAuB,CACrC,MAAiB,EACjB,OAAgC;IAEhC,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,kBAAkB,CAAC,CAAC;IAChD,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,iBAAiB,EAAE,GAAG,OAAO,CAAC;IAC3D,MAAM,GAAG,GAAG,OAAO,CAAC,gBAAgB,IAAI,WAAW,CAAC;IACpD,MAAM,KAAK,GAAG,IAAI,uCAAkB,CAAC,OAAO,CAAC,CAAC;IAE9C;;;;;;;;;;OAUG;IACH,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE;QAC1D,IAAI,IAAyG,CAAC;QAC9G,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAQ,IAAI,EAAE,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YACxD,OAAO;QACT,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;YAC/D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC;gBAC7C,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,YAAY,EAAE,IAAI,CAAC,YAAY;aAChC,CAAC,CAAC;YAEH,oCAAoC;YACpC,mDAAmD;YACnD,+CAA+C;YAC/C,MAAM,eAAe,GAAG,iBAAiB;gBACvC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBACrG,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,QAAQ,GAAG,eAAe;gBAC9B,CAAC,CAAC,GAAG,eAAe,IAAI,iBAAiB,EAAE;gBAC3C,CAAC,CAAC,SAAS,CAAC;YAEd,+BAA+B;YAC/B,IAAI,IAAI,CAAC,IAAI,IAAI,eAAe,EAAE,CAAC;gBACjC,MAAM,UAAU,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,EAAE;oBAC7C,UAAU,EAAE,QAAQ;oBACpB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,SAAS,EAAE,eAAe;iBAC3B,CAAC,CAAC;YACL,CAAC;YAED,gDAAgD;YAChD,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC;gBACjC,KAAK,EAAE,IAAI,CAAC,SAAS;gBACrB,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,QAAQ;gBACR,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG;aACzC,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,sBAAsB,MAAM,CAAC,MAAM,OAAO,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,eAAe,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAEpH,MAAM,YAAY,GAA4B;gBAC5C,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,aAAa;aACd,CAAC;YACF,IAAI,QAAQ,EAAE,CAAC;gBACb,YAAY,CAAC,QAAQ,GAAG,QAAQ,CAAC;YACnC,CAAC;YAED,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,+BAA+B,KAAK,EAAE,CAAC,CAAC;YACrD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;AAC7C,CAAC;AAkBD,SAAgB,4BAA4B,CAC1C,MAAiB,EACjB,OAA+B;IAE/B,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,wBAAwB,CAAC,CAAC;IAEtD,MAAM,CAAC,GAAG,CAAC,mBAAmB,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE;QAC3D,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC;QAE/D,MAAM,IAAI,GAA4B;YACpC,UAAU;SACX,CAAC;QAEF,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;YACjC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAC7B,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;YACnC,CAAC;YACD,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;gBACzB,MAAM,YAAY,GAAG,OAAO,CAAC,aAAa;oBACxC,CAAC,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,4BAA4B,kBAAkB,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;oBACnH,CAAC,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC;gBAC3D,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;YACnC,CAAC;QACH,CAAC;QAED,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,OAAwB;IAClD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,SAAS,CAAC,CAAC;gBACnB,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC","sourcesContent":["/**\n * Provision Handler\n *\n * Cloud 端的 SP 注册 API\n *\n * POST /provision/nodes  - SP 注册（公开，无需认证）\n *   返回 nodeId、nodeToken、serviceToken、provisionCode（自包含 JWT）\n *\n * provisionCode 是自包含 token，编码了 SP 的 publicUrl 和 serviceToken。\n * CSS 侧的 ProvisionPodCreator 解码后直接回调 SP，不需要查数据库。\n *\n * GET /provision/status  - Local 端 SP 状态查询（公开）\n *   返回 SP 配置状态，供 Linx 查询\n */\n\nimport type { ServerResponse, IncomingMessage } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { ApiServer } from '../ApiServer';\nimport type { EdgeNodeRepository } from '../../identity/drizzle/EdgeNodeRepository';\nimport { ProvisionCodeCodec } from '../../provision/ProvisionCodeCodec';\n\nexport interface ProvisionHandlerOptions {\n  repository: EdgeNodeRepository;\n  /** Cloud baseUrl，用于派生 provisionCode 签名密钥 */\n  baseUrl: string;\n  /** 节点域名根域名，如 \"undefineds.site\" */\n  baseStorageDomain?: string;\n  /** provisionCode 有效期（秒），默认 24 小时 */\n  provisionCodeTtl?: number;\n}\n\n/** 默认 24 小时 */\nconst DEFAULT_TTL = 24 * 60 * 60;\n\nexport function registerProvisionRoutes(\n  server: ApiServer,\n  options: ProvisionHandlerOptions,\n): void {\n  const logger = getLoggerFor('ProvisionHandler');\n  const { repository, baseUrl, baseStorageDomain } = options;\n  const ttl = options.provisionCodeTtl ?? DEFAULT_TTL;\n  const codec = new ProvisionCodeCodec(baseUrl);\n\n  /**\n   * POST /provision/nodes\n   *\n   * SP 注册端点（公开，SP 启动时调用，此时用户可能还没有 Cloud 账号）\n   *\n   * Request:\n   *   { publicUrl: string, nodeId?: string, displayName?: string, ipv4?: string, serviceToken?: string }\n   *\n   * Response 201:\n   *   { nodeId, nodeToken, serviceToken, provisionCode, spDomain? }\n   */\n  server.post('/provision/nodes', async (request, response) => {\n    let body: { publicUrl?: string; nodeId?: string; displayName?: string; ipv4?: string; serviceToken?: string };\n    try {\n      body = await readJsonBody(request) as any ?? {};\n    } catch {\n      sendJson(response, 400, { error: 'Invalid JSON body' });\n      return;\n    }\n\n    if (!body.publicUrl) {\n      sendJson(response, 400, { error: 'publicUrl is required' });\n      return;\n    }\n\n    try {\n      new URL(body.publicUrl);\n    } catch {\n      sendJson(response, 400, { error: 'Invalid publicUrl format' });\n      return;\n    }\n\n    try {\n      const result = await repository.registerSpNode({\n        publicUrl: body.publicUrl,\n        displayName: body.displayName,\n        nodeId: body.nodeId,\n        serviceToken: body.serviceToken,\n      });\n\n      // 预分配子域名前缀（不创建 DNS 记录，延迟到心跳健康检查通过后）\n      // DB 只存前缀，完整 FQDN 由 DnsCoordinator 的 rootDomain 拼接\n      // 用 nodeId sanitize 后做前缀（去掉非 DNS 字符，截断到 63 字符）\n      const subdomainPrefix = baseStorageDomain\n        ? result.nodeId.replace(/[^a-z0-9-]/gi, '').toLowerCase().slice(0, 63) || result.nodeId.split('-')[0]\n        : undefined;\n      const spDomain = subdomainPrefix\n        ? `${subdomainPrefix}.${baseStorageDomain}`\n        : undefined;\n\n      // 如果提供了 ipv4，存入节点信息（供后续健康检查使用）\n      if (body.ipv4 || subdomainPrefix) {\n        await repository.updateNodeMode(result.nodeId, {\n          accessMode: 'direct',\n          ipv4: body.ipv4,\n          subdomain: subdomainPrefix,\n        });\n      }\n\n      // 生成自包含 provisionCode（编码了 SP 信息，CSS 解码后直接回调 SP）\n      const provisionCode = codec.encode({\n        spUrl: body.publicUrl,\n        serviceToken: result.serviceToken,\n        nodeId: result.nodeId,\n        spDomain,\n        exp: Math.floor(Date.now() / 1000) + ttl,\n      });\n\n      logger.info(`Registered SP node ${result.nodeId} at ${body.publicUrl}${spDomain ? `, spDomain: ${spDomain}` : ''}`);\n\n      const responseBody: Record<string, unknown> = {\n        nodeId: result.nodeId,\n        nodeToken: result.nodeToken,\n        serviceToken: result.serviceToken,\n        provisionCode,\n      };\n      if (spDomain) {\n        responseBody.spDomain = spDomain;\n      }\n\n      sendJson(response, 201, responseBody);\n    } catch (error) {\n      logger.error(`Failed to register SP node: ${error}`);\n      sendJson(response, 500, { error: 'Failed to register SP node' });\n    }\n  }, { public: true });\n\n  logger.info('Provision routes registered');\n}\n\n/**\n * Local 端 SP 状态查询路由\n */\nexport interface ProvisionStatusOptions {\n  /** Cloud API 端点 */\n  cloudUrl?: string;\n  /** 节点 ID */\n  nodeId?: string;\n  /** SP 子域名 */\n  spDomain?: string;\n  /** Cloud baseUrl，用于拼 provisionUrl */\n  cloudBaseUrl?: string;\n  /** provisionCode（可选，由环境变量传入） */\n  provisionCode?: string;\n}\n\nexport function registerProvisionStatusRoute(\n  server: ApiServer,\n  options: ProvisionStatusOptions,\n): void {\n  const logger = getLoggerFor('ProvisionStatusHandler');\n\n  server.get('/provision/status', async (_request, response) => {\n    const registered = Boolean(options.nodeId && options.cloudUrl);\n\n    const body: Record<string, unknown> = {\n      registered,\n    };\n\n    if (registered) {\n      body.cloudUrl = options.cloudUrl;\n      body.nodeId = options.nodeId;\n      if (options.spDomain) {\n        body.spDomain = options.spDomain;\n      }\n      if (options.cloudBaseUrl) {\n        const provisionUrl = options.provisionCode\n          ? `${options.cloudBaseUrl.replace(/\\/$/, '')}/.account/?provisionCode=${encodeURIComponent(options.provisionCode)}`\n          : `${options.cloudBaseUrl.replace(/\\/$/, '')}/.account/`;\n        body.provisionUrl = provisionUrl;\n      }\n    }\n\n    sendJson(response, 200, body);\n  }, { public: true });\n\n  logger.info('Provision status route registered');\n}\n\nasync function readJsonBody(request: IncomingMessage): Promise<unknown> {\n  return new Promise((resolve, reject) => {\n    let data = '';\n    request.setEncoding('utf8');\n    request.on('data', (chunk: string) => {\n      data += chunk;\n    });\n    request.on('end', () => {\n      if (!data) {\n        resolve(undefined);\n        return;\n      }\n      try {\n        resolve(JSON.parse(data));\n      } catch (error) {\n        reject(error);\n      }\n    });\n    request.on('error', reject);\n  });\n}\n\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n  response.statusCode = status;\n  response.setHeader('Content-Type', 'application/json');\n  response.end(JSON.stringify(data));\n}\n"]}

package/dist/api/handlers/QuotaHandler.d.ts

@@ -1,20 +1,20 @@
 import type { ApiServer } from '../ApiServer';
 import type { QuotaService } from '../../quota/QuotaService';
-import type { AccountRepository } from '../../identity/drizzle/AccountRepository';
+import type { UsageRepository } from '../../storage/quota/UsageRepository';
 export interface QuotaHandlerOptions {
     quotaService: QuotaService;
-    accountRepo: AccountRepository;
+    usageRepo: UsageRepository;
 }
 /**
  * Handler for quota management API
  *
- * These endpoints are for internal billing system use.
- * They require authentication via client credentials.
+ * Supports four resource types: storage, bandwidth, compute, token.
+ * Requires ServiceAuthContext with 'quota:write' scope for mutations.
  *
- * GET    /v1/quota/accounts/:accountId - Get account quota
+ * GET    /v1/quota/accounts/:accountId - Get account quota + usage
  * PUT    /v1/quota/accounts/:accountId - Set account quota
- * DELETE /v1/quota/accounts/:accountId - Clear account quota
- * GET    /v1/quota/pods/:podId - Get pod quota
+ * DELETE /v1/quota/accounts/:accountId - Clear account quota (revert to defaults)
+ * GET    /v1/quota/pods/:podId - Get pod quota + usage
  * PUT    /v1/quota/pods/:podId - Set pod quota
  * DELETE /v1/quota/pods/:podId - Clear pod quota
  */