@undefineds.co/xpod 0.2.14 → 0.2.15

package/dist/api/handlers/ProvisionHandler.js

@@ -61,6 +61,7 @@ function registerProvisionRoutes(server, options) {
                 publicUrl: body.publicUrl,
                 displayName: body.displayName,
                 nodeId: body.nodeId,
+                nodeToken: body.nodeToken,
                 serviceToken: body.serviceToken,
             });
             const subdomainPrefix = baseStorageDomain

package/dist/api/handlers/ProvisionHandler.js.map

@@ -1 +1 @@
-{"version":3,"file":"ProvisionHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/ProvisionHandler.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AAyBH,0DAwHC;AAwID,oEA+BC;AArTD,iEAAqD;AAKrD,2EAAwE;AAcxE,eAAe;AACf,MAAM,WAAW,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAEjC,SAAgB,uBAAuB,CACrC,MAAiB,EACjB,OAAgC;IAEhC,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,kBAAkB,CAAC,CAAC;IAChD,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,iBAAiB,EAAE,GAAG,OAAO,CAAC;IAC3D,MAAM,GAAG,GAAG,OAAO,CAAC,gBAAgB,IAAI,WAAW,CAAC;IACpD,MAAM,KAAK,GAAG,IAAI,uCAAkB,CAAC,OAAO,CAAC,CAAC;IAE9C;;;;;;;;;;OAUG;IACH,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE;QAC1D,IAAI,IAOH,CAAC;QACF,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAQ,IAAI,EAAE,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YACxD,OAAO;QACT,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;YAC/D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC;gBAC7C,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,YAAY,EAAE,IAAI,CAAC,YAAY;aAChC,CAAC,CAAC;YAEH,MAAM,eAAe,GAAG,iBAAiB;gBACvC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBACrG,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,QAAQ,GAAG,eAAe;gBAC9B,CAAC,CAAC,GAAG,eAAe,IAAI,iBAAiB,EAAE;gBAC3C,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,WAAW,GAAG,MAAM,wBAAwB,CAAC;gBACjD,UAAU;gBACV,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,eAAe;gBACf,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,cAAc,EAAE,OAAO,CAAC,cAAc;gBACtC,iBAAiB;aAClB,CAAC,CAAC;YAEH,IAAI,IAAI,CAAC,IAAI,IAAI,eAAe,EAAE,CAAC;gBACjC,MAAM,UAAU,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,EAAE;oBAC7C,UAAU,EAAE,WAAW,EAAE,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ;oBAC/D,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,SAAS,EAAE,eAAe;iBAC3B,CAAC,CAAC;YACL,CAAC;YAED,gDAAgD;YAChD,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC;gBACjC,KAAK,EAAE,IAAI,CAAC,SAAS;gBACrB,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,QAAQ;gBACR,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG;aACzC,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,sBAAsB,MAAM,CAAC,MAAM,OAAO,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,eAAe,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAEpH,MAAM,YAAY,GAA4B;gBAC5C,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,aAAa;aACd,CAAC;YACF,IAAI,QAAQ,EAAE,CAAC;gBACb,YAAY,CAAC,QAAQ,GAAG,QAAQ,CAAC;YACnC,CAAC;YACD,IAAI,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC;gBAC3C,YAAY,CAAC,WAAW,GAAG,WAAW,CAAC,YAAY,CAAC,WAAW,CAAC;YAClE,CAAC;YACD,IAAI,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;gBACxC,YAAY,CAAC,cAAc,GAAG,WAAW,CAAC,YAAY,CAAC,QAAQ,CAAC;YAClE,CAAC;YACD,IAAI,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;gBACxC,YAAY,CAAC,cAAc,GAAG,WAAW,CAAC,YAAY,CAAC,QAAQ,CAAC;YAClE,CAAC;YAED,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,+BAA+B,KAAK,EAAE,CAAC,CAAC;YACrD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;AAC7C,CAAC;AAOD,KAAK,UAAU,wBAAwB,CAAC,OAUvC;IACC,MAAM,EACJ,UAAU,EACV,QAAQ,EACR,cAAc,EACd,MAAM,EACN,eAAe,EACf,iBAAiB,EACjB,SAAS,EACT,SAAS,EACT,IAAI,GACL,GAAG,OAAO,CAAC;IAEZ,IAAI,CAAC,eAAe,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC3C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,IAAI,GAAwB,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;IAE7D,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAC3D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,QAAQ,CAAC,iBAAiB,CAAC;gBAC/B,SAAS,EAAE,eAAe;gBAC1B,MAAM,EAAE,iBAAiB;gBACzB,MAAM;gBACN,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,IAAI,KAAK,QAAQ,IAAI,CAAC,cAAc,IAAI,CAAC,SAAS,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;QACzE,OAAO,EAAE,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,cAAc,EAAE,QAA0C,CAAC;IAC5E,MAAM,cAAc,GAAG,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IACzD,IAAI,cAAc,IAAI,cAAc,CAAC,SAAS,KAAK,eAAe,IAAI,cAAc,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QAC7G,OAAO;YACL,IAAI;YACJ,YAAY,EAAE,cAAc,CAAC,MAAM;SACpC,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC;QAC9C,SAAS,EAAE,eAAe;QAC1B,SAAS;KACV,CAAC,CAAC;IAEH,MAAM,UAAU,CAAC,iBAAiB,CAAC,MAAM,EAAE;QACzC,aAAa,EAAE;YACb,QAAQ,EAAE,YAAY,CAAC,QAAQ;YAC/B,QAAQ,EAAE,YAAY,CAAC,QAAQ;YAC/B,WAAW,EAAE,YAAY,CAAC,WAAW;YACrC,QAAQ,EAAE,YAAY,CAAC,QAAQ;YAC/B,SAAS,EAAE,eAAe;YAC1B,SAAS;YACT,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACvC;QACD,aAAa,EAAE,YAAY,CAAC,QAAQ,IAAI,SAAS;KAClD,CAAC,CAAC;IAEH,OAAO;QACL,IAAI;QACJ,YAAY;KACb,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB,CAAC,QAAwC;IACvE,MAAM,GAAG,GAAG,QAAQ,EAAE,aAAa,CAAC;IACpC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,KAAK,GAAG,GAA8B,CAAC;IAC7C,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IAChC,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,CAAC;IACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IAChC,MAAM,SAAS,GAAG,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IACpF,MAAM,SAAS,GAAG,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IAEpF,IACE,CAAC,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,KAAK,IAAI,QAAQ,KAAK,YAAY,CAAC;WAC3E,OAAO,QAAQ,KAAK,QAAQ,EAC/B,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO;QACL,SAAS;QACT,SAAS;QACT,MAAM,EAAE;YACN,QAAQ;YACR,SAAS,EAAE,SAAS,IAAI,OAAO;YAC/B,QAAQ;YACR,QAAQ,EAAE,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;YAC7D,WAAW,EAAE,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;SACvE;KACF,CAAC;AACJ,CAAC;AAkBD,SAAgB,4BAA4B,CAC1C,MAAiB,EACjB,OAA+B;IAE/B,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,wBAAwB,CAAC,CAAC;IAEtD,MAAM,CAAC,GAAG,CAAC,mBAAmB,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE;QAC3D,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC;QAE/D,MAAM,IAAI,GAA4B;YACpC,UAAU;SACX,CAAC;QAEF,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;YACjC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAC7B,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;YACnC,CAAC;YACD,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;gBACzB,MAAM,YAAY,GAAG,OAAO,CAAC,aAAa;oBACxC,CAAC,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,4BAA4B,kBAAkB,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;oBACnH,CAAC,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC;gBAC3D,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;YACnC,CAAC;QACH,CAAC;QAED,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,OAAwB;IAClD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,SAAS,CAAC,CAAC;gBACnB,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC","sourcesContent":["/**\n * Provision Handler\n *\n * Cloud 端的 SP 注册 API\n *\n * POST /provision/nodes  - SP 注册（公开，无需认证）\n *   返回 nodeId、nodeToken、serviceToken、provisionCode（自包含 JWT）\n *\n * provisionCode 是自包含 token，编码了 SP 的 publicUrl 和 serviceToken。\n * CSS 侧的 ProvisionPodCreator 解码后直接回调 SP，不需要查数据库。\n *\n * GET /provision/status  - Local 端 SP 状态查询（公开）\n *   返回 SP 配置状态，供 Linx 查询\n */\n\nimport type { ServerResponse, IncomingMessage } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { ApiServer } from '../ApiServer';\nimport type { EdgeNodeRepository } from '../../identity/drizzle/EdgeNodeRepository';\nimport type { DdnsRepository } from '../../identity/drizzle/DdnsRepository';\nimport type { TunnelProvider, TunnelConfig } from '../../tunnel/TunnelProvider';\nimport { ProvisionCodeCodec } from '../../provision/ProvisionCodeCodec';\n\nexport interface ProvisionHandlerOptions {\n  repository: EdgeNodeRepository;\n  ddnsRepo?: DdnsRepository;\n  tunnelProvider?: TunnelProvider;\n  /** Cloud baseUrl，用于派生 provisionCode 签名密钥 */\n  baseUrl: string;\n  /** 节点域名根域名，如 \"undefineds.site\" */\n  baseStorageDomain?: string;\n  /** provisionCode 有效期（秒），默认 24 小时 */\n  provisionCodeTtl?: number;\n}\n\n/** 默认 24 小时 */\nconst DEFAULT_TTL = 24 * 60 * 60;\n\nexport function registerProvisionRoutes(\n  server: ApiServer,\n  options: ProvisionHandlerOptions,\n): void {\n  const logger = getLoggerFor('ProvisionHandler');\n  const { repository, baseUrl, baseStorageDomain } = options;\n  const ttl = options.provisionCodeTtl ?? DEFAULT_TTL;\n  const codec = new ProvisionCodeCodec(baseUrl);\n\n  /**\n   * POST /provision/nodes\n   *\n   * SP 注册端点（公开，SP 启动时调用，此时用户可能还没有 Cloud 账号）\n   *\n   * Request:\n   *   { publicUrl: string, nodeId?: string, displayName?: string, ipv4?: string, serviceToken?: string }\n   *\n   * Response 201:\n   *   { nodeId, nodeToken, serviceToken, provisionCode, spDomain? }\n   */\n  server.post('/provision/nodes', async (request, response) => {\n    let body: {\n      publicUrl?: string;\n      nodeId?: string;\n      displayName?: string;\n      ipv4?: string;\n      serviceToken?: string;\n      localPort?: number;\n    };\n    try {\n      body = await readJsonBody(request) as any ?? {};\n    } catch {\n      sendJson(response, 400, { error: 'Invalid JSON body' });\n      return;\n    }\n\n    if (!body.publicUrl) {\n      sendJson(response, 400, { error: 'publicUrl is required' });\n      return;\n    }\n\n    try {\n      new URL(body.publicUrl);\n    } catch {\n      sendJson(response, 400, { error: 'Invalid publicUrl format' });\n      return;\n    }\n\n    try {\n      const result = await repository.registerSpNode({\n        publicUrl: body.publicUrl,\n        displayName: body.displayName,\n        nodeId: body.nodeId,\n        serviceToken: body.serviceToken,\n      });\n\n      const subdomainPrefix = baseStorageDomain\n        ? result.nodeId.replace(/[^a-z0-9-]/gi, '').toLowerCase().slice(0, 63) || result.nodeId.split('-')[0]\n        : undefined;\n      const spDomain = subdomainPrefix\n        ? `${subdomainPrefix}.${baseStorageDomain}`\n        : undefined;\n      const tunnelState = await ensureManagedTunnelState({\n        repository,\n        nodeId: result.nodeId,\n        subdomainPrefix,\n        publicUrl: body.publicUrl,\n        localPort: body.localPort,\n        ipv4: body.ipv4,\n        ddnsRepo: options.ddnsRepo,\n        tunnelProvider: options.tunnelProvider,\n        baseStorageDomain,\n      });\n\n      if (body.ipv4 || subdomainPrefix) {\n        await repository.updateNodeMode(result.nodeId, {\n          accessMode: tunnelState?.mode === 'tunnel' ? 'proxy' : 'direct',\n          ipv4: body.ipv4,\n          subdomain: subdomainPrefix,\n        });\n      }\n\n      // 生成自包含 provisionCode（编码了 SP 信息，CSS 解码后直接回调 SP）\n      const provisionCode = codec.encode({\n        spUrl: body.publicUrl,\n        serviceToken: result.serviceToken,\n        nodeId: result.nodeId,\n        spDomain,\n        exp: Math.floor(Date.now() / 1000) + ttl,\n      });\n\n      logger.info(`Registered SP node ${result.nodeId} at ${body.publicUrl}${spDomain ? `, spDomain: ${spDomain}` : ''}`);\n\n      const responseBody: Record<string, unknown> = {\n        nodeId: result.nodeId,\n        nodeToken: result.nodeToken,\n        serviceToken: result.serviceToken,\n        provisionCode,\n      };\n      if (spDomain) {\n        responseBody.spDomain = spDomain;\n      }\n      if (tunnelState?.tunnelConfig?.tunnelToken) {\n        responseBody.tunnelToken = tunnelState.tunnelConfig.tunnelToken;\n      }\n      if (tunnelState?.tunnelConfig?.provider) {\n        responseBody.tunnelProvider = tunnelState.tunnelConfig.provider;\n      }\n      if (tunnelState?.tunnelConfig?.endpoint) {\n        responseBody.tunnelEndpoint = tunnelState.tunnelConfig.endpoint;\n      }\n\n      sendJson(response, 201, responseBody);\n    } catch (error) {\n      logger.error(`Failed to register SP node: ${error}`);\n      sendJson(response, 500, { error: 'Failed to register SP node' });\n    }\n  }, { public: true });\n\n  logger.info('Provision routes registered');\n}\n\ninterface ManagedTunnelState {\n  mode: 'direct' | 'tunnel';\n  tunnelConfig?: TunnelConfig;\n}\n\nasync function ensureManagedTunnelState(options: {\n  repository: EdgeNodeRepository;\n  ddnsRepo?: DdnsRepository;\n  tunnelProvider?: TunnelProvider;\n  nodeId: string;\n  subdomainPrefix?: string;\n  baseStorageDomain?: string;\n  publicUrl: string;\n  localPort?: number;\n  ipv4?: string;\n}): Promise<ManagedTunnelState | undefined> {\n  const {\n    repository,\n    ddnsRepo,\n    tunnelProvider,\n    nodeId,\n    subdomainPrefix,\n    baseStorageDomain,\n    publicUrl,\n    localPort,\n    ipv4,\n  } = options;\n\n  if (!subdomainPrefix || !baseStorageDomain) {\n    return undefined;\n  }\n\n  const mode: 'direct' | 'tunnel' = ipv4 ? 'direct' : 'tunnel';\n\n  if (ddnsRepo) {\n    const existing = await ddnsRepo.getRecord(subdomainPrefix);\n    if (!existing) {\n      await ddnsRepo.allocateSubdomain({\n        subdomain: subdomainPrefix,\n        domain: baseStorageDomain,\n        nodeId,\n        ipAddress: ipv4,\n      });\n    }\n  }\n\n  if (mode === 'direct' || !tunnelProvider || !localPort || localPort <= 0) {\n    return { mode };\n  }\n\n  const metadataRecord = await repository.getNodeMetadata(nodeId);\n  const metadata = metadataRecord?.metadata as Record<string, unknown> | null;\n  const existingTunnel = readManagedTunnelConfig(metadata);\n  if (existingTunnel && existingTunnel.subdomain === subdomainPrefix && existingTunnel.localPort === localPort) {\n    return {\n      mode,\n      tunnelConfig: existingTunnel.config,\n    };\n  }\n\n  const tunnelConfig = await tunnelProvider.setup({\n    subdomain: subdomainPrefix,\n    localPort,\n  });\n\n  await repository.mergeNodeMetadata(nodeId, {\n    managedTunnel: {\n      provider: tunnelConfig.provider,\n      tunnelId: tunnelConfig.tunnelId,\n      tunnelToken: tunnelConfig.tunnelToken,\n      endpoint: tunnelConfig.endpoint,\n      subdomain: subdomainPrefix,\n      localPort,\n      configuredAt: new Date().toISOString(),\n    },\n    publicAddress: tunnelConfig.endpoint || publicUrl,\n  });\n\n  return {\n    mode,\n    tunnelConfig,\n  };\n}\n\nfunction readManagedTunnelConfig(metadata: Record<string, unknown> | null): { subdomain?: string; localPort?: number; config: TunnelConfig } | undefined {\n  const raw = metadata?.managedTunnel;\n  if (!raw || typeof raw !== 'object') {\n    return undefined;\n  }\n\n  const value = raw as Record<string, unknown>;\n  const provider = value.provider;\n  const endpoint = value.endpoint;\n  const tunnelToken = value.tunnelToken;\n  const tunnelId = value.tunnelId;\n  const subdomain = typeof value.subdomain === 'string' ? value.subdomain : undefined;\n  const localPort = typeof value.localPort === 'number' ? value.localPort : undefined;\n\n  if (\n    (provider !== 'cloudflare' && provider !== 'frp' && provider !== 'sakura-frp')\n    || typeof endpoint !== 'string'\n  ) {\n    return undefined;\n  }\n\n  return {\n    subdomain,\n    localPort,\n    config: {\n      provider,\n      subdomain: subdomain ?? 'local',\n      endpoint,\n      tunnelId: typeof tunnelId === 'string' ? tunnelId : undefined,\n      tunnelToken: typeof tunnelToken === 'string' ? tunnelToken : undefined,\n    },\n  };\n}\n\n/**\n * Local 端 SP 状态查询路由\n */\nexport interface ProvisionStatusOptions {\n  /** Cloud API 端点 */\n  cloudUrl?: string;\n  /** 节点 ID */\n  nodeId?: string;\n  /** SP 子域名 */\n  spDomain?: string;\n  /** Cloud baseUrl，用于拼 provisionUrl */\n  cloudBaseUrl?: string;\n  /** provisionCode（可选，由环境变量传入） */\n  provisionCode?: string;\n}\n\nexport function registerProvisionStatusRoute(\n  server: ApiServer,\n  options: ProvisionStatusOptions,\n): void {\n  const logger = getLoggerFor('ProvisionStatusHandler');\n\n  server.get('/provision/status', async (_request, response) => {\n    const registered = Boolean(options.nodeId && options.cloudUrl);\n\n    const body: Record<string, unknown> = {\n      registered,\n    };\n\n    if (registered) {\n      body.cloudUrl = options.cloudUrl;\n      body.nodeId = options.nodeId;\n      if (options.spDomain) {\n        body.spDomain = options.spDomain;\n      }\n      if (options.cloudBaseUrl) {\n        const provisionUrl = options.provisionCode\n          ? `${options.cloudBaseUrl.replace(/\\/$/, '')}/.account/?provisionCode=${encodeURIComponent(options.provisionCode)}`\n          : `${options.cloudBaseUrl.replace(/\\/$/, '')}/.account/`;\n        body.provisionUrl = provisionUrl;\n      }\n    }\n\n    sendJson(response, 200, body);\n  }, { public: true });\n\n  logger.info('Provision status route registered');\n}\n\nasync function readJsonBody(request: IncomingMessage): Promise<unknown> {\n  return new Promise((resolve, reject) => {\n    let data = '';\n    request.setEncoding('utf8');\n    request.on('data', (chunk: string) => {\n      data += chunk;\n    });\n    request.on('end', () => {\n      if (!data) {\n        resolve(undefined);\n        return;\n      }\n      try {\n        resolve(JSON.parse(data));\n      } catch (error) {\n        reject(error);\n      }\n    });\n    request.on('error', reject);\n  });\n}\n\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n  response.statusCode = status;\n  response.setHeader('Content-Type', 'application/json');\n  response.end(JSON.stringify(data));\n}\n"]}
+{"version":3,"file":"ProvisionHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/ProvisionHandler.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AAyBH,0DA0HC;AAwID,oEA+BC;AAvTD,iEAAqD;AAKrD,2EAAwE;AAcxE,eAAe;AACf,MAAM,WAAW,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAEjC,SAAgB,uBAAuB,CACrC,MAAiB,EACjB,OAAgC;IAEhC,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,kBAAkB,CAAC,CAAC;IAChD,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,iBAAiB,EAAE,GAAG,OAAO,CAAC;IAC3D,MAAM,GAAG,GAAG,OAAO,CAAC,gBAAgB,IAAI,WAAW,CAAC;IACpD,MAAM,KAAK,GAAG,IAAI,uCAAkB,CAAC,OAAO,CAAC,CAAC;IAE9C;;;;;;;;;;OAUG;IACH,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE;QAC1D,IAAI,IAQH,CAAC;QACF,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAQ,IAAI,EAAE,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YACxD,OAAO;QACT,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;YAC/D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC;gBAC7C,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,YAAY,EAAE,IAAI,CAAC,YAAY;aAChC,CAAC,CAAC;YAEH,MAAM,eAAe,GAAG,iBAAiB;gBACvC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBACrG,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,QAAQ,GAAG,eAAe;gBAC9B,CAAC,CAAC,GAAG,eAAe,IAAI,iBAAiB,EAAE;gBAC3C,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,WAAW,GAAG,MAAM,wBAAwB,CAAC;gBACjD,UAAU;gBACV,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,eAAe;gBACf,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,cAAc,EAAE,OAAO,CAAC,cAAc;gBACtC,iBAAiB;aAClB,CAAC,CAAC;YAEH,IAAI,IAAI,CAAC,IAAI,IAAI,eAAe,EAAE,CAAC;gBACjC,MAAM,UAAU,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,EAAE;oBAC7C,UAAU,EAAE,WAAW,EAAE,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ;oBAC/D,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,SAAS,EAAE,eAAe;iBAC3B,CAAC,CAAC;YACL,CAAC;YAED,gDAAgD;YAChD,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC;gBACjC,KAAK,EAAE,IAAI,CAAC,SAAS;gBACrB,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,QAAQ;gBACR,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG;aACzC,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,sBAAsB,MAAM,CAAC,MAAM,OAAO,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,eAAe,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAEpH,MAAM,YAAY,GAA4B;gBAC5C,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,aAAa;aACd,CAAC;YACF,IAAI,QAAQ,EAAE,CAAC;gBACb,YAAY,CAAC,QAAQ,GAAG,QAAQ,CAAC;YACnC,CAAC;YACD,IAAI,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC;gBAC3C,YAAY,CAAC,WAAW,GAAG,WAAW,CAAC,YAAY,CAAC,WAAW,CAAC;YAClE,CAAC;YACD,IAAI,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;gBACxC,YAAY,CAAC,cAAc,GAAG,WAAW,CAAC,YAAY,CAAC,QAAQ,CAAC;YAClE,CAAC;YACD,IAAI,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;gBACxC,YAAY,CAAC,cAAc,GAAG,WAAW,CAAC,YAAY,CAAC,QAAQ,CAAC;YAClE,CAAC;YAED,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,+BAA+B,KAAK,EAAE,CAAC,CAAC;YACrD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;AAC7C,CAAC;AAOD,KAAK,UAAU,wBAAwB,CAAC,OAUvC;IACC,MAAM,EACJ,UAAU,EACV,QAAQ,EACR,cAAc,EACd,MAAM,EACN,eAAe,EACf,iBAAiB,EACjB,SAAS,EACT,SAAS,EACT,IAAI,GACL,GAAG,OAAO,CAAC;IAEZ,IAAI,CAAC,eAAe,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC3C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,IAAI,GAAwB,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;IAE7D,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAC3D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,QAAQ,CAAC,iBAAiB,CAAC;gBAC/B,SAAS,EAAE,eAAe;gBAC1B,MAAM,EAAE,iBAAiB;gBACzB,MAAM;gBACN,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,IAAI,KAAK,QAAQ,IAAI,CAAC,cAAc,IAAI,CAAC,SAAS,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;QACzE,OAAO,EAAE,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,cAAc,EAAE,QAA0C,CAAC;IAC5E,MAAM,cAAc,GAAG,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IACzD,IAAI,cAAc,IAAI,cAAc,CAAC,SAAS,KAAK,eAAe,IAAI,cAAc,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QAC7G,OAAO;YACL,IAAI;YACJ,YAAY,EAAE,cAAc,CAAC,MAAM;SACpC,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC;QAC9C,SAAS,EAAE,eAAe;QAC1B,SAAS;KACV,CAAC,CAAC;IAEH,MAAM,UAAU,CAAC,iBAAiB,CAAC,MAAM,EAAE;QACzC,aAAa,EAAE;YACb,QAAQ,EAAE,YAAY,CAAC,QAAQ;YAC/B,QAAQ,EAAE,YAAY,CAAC,QAAQ;YAC/B,WAAW,EAAE,YAAY,CAAC,WAAW;YACrC,QAAQ,EAAE,YAAY,CAAC,QAAQ;YAC/B,SAAS,EAAE,eAAe;YAC1B,SAAS;YACT,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACvC;QACD,aAAa,EAAE,YAAY,CAAC,QAAQ,IAAI,SAAS;KAClD,CAAC,CAAC;IAEH,OAAO;QACL,IAAI;QACJ,YAAY;KACb,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB,CAAC,QAAwC;IACvE,MAAM,GAAG,GAAG,QAAQ,EAAE,aAAa,CAAC;IACpC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,KAAK,GAAG,GAA8B,CAAC;IAC7C,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IAChC,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,CAAC;IACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IAChC,MAAM,SAAS,GAAG,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IACpF,MAAM,SAAS,GAAG,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IAEpF,IACE,CAAC,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,KAAK,IAAI,QAAQ,KAAK,YAAY,CAAC;WAC3E,OAAO,QAAQ,KAAK,QAAQ,EAC/B,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO;QACL,SAAS;QACT,SAAS;QACT,MAAM,EAAE;YACN,QAAQ;YACR,SAAS,EAAE,SAAS,IAAI,OAAO;YAC/B,QAAQ;YACR,QAAQ,EAAE,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;YAC7D,WAAW,EAAE,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;SACvE;KACF,CAAC;AACJ,CAAC;AAkBD,SAAgB,4BAA4B,CAC1C,MAAiB,EACjB,OAA+B;IAE/B,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,wBAAwB,CAAC,CAAC;IAEtD,MAAM,CAAC,GAAG,CAAC,mBAAmB,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE;QAC3D,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC;QAE/D,MAAM,IAAI,GAA4B;YACpC,UAAU;SACX,CAAC;QAEF,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;YACjC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAC7B,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;YACnC,CAAC;YACD,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;gBACzB,MAAM,YAAY,GAAG,OAAO,CAAC,aAAa;oBACxC,CAAC,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,4BAA4B,kBAAkB,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;oBACnH,CAAC,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC;gBAC3D,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;YACnC,CAAC;QACH,CAAC;QAED,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,OAAwB;IAClD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,SAAS,CAAC,CAAC;gBACnB,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC","sourcesContent":["/**\n * Provision Handler\n *\n * Cloud 端的 SP 注册 API\n *\n * POST /provision/nodes  - SP 注册（公开，无需认证）\n *   返回 nodeId、nodeToken、serviceToken、provisionCode（自包含 JWT）\n *\n * provisionCode 是自包含 token，编码了 SP 的 publicUrl 和 serviceToken。\n * CSS 侧的 ProvisionPodCreator 解码后直接回调 SP，不需要查数据库。\n *\n * GET /provision/status  - Local 端 SP 状态查询（公开）\n *   返回 SP 配置状态，供 Linx 查询\n */\n\nimport type { ServerResponse, IncomingMessage } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { ApiServer } from '../ApiServer';\nimport type { EdgeNodeRepository } from '../../identity/drizzle/EdgeNodeRepository';\nimport type { DdnsRepository } from '../../identity/drizzle/DdnsRepository';\nimport type { TunnelProvider, TunnelConfig } from '../../tunnel/TunnelProvider';\nimport { ProvisionCodeCodec } from '../../provision/ProvisionCodeCodec';\n\nexport interface ProvisionHandlerOptions {\n  repository: EdgeNodeRepository;\n  ddnsRepo?: DdnsRepository;\n  tunnelProvider?: TunnelProvider;\n  /** Cloud baseUrl，用于派生 provisionCode 签名密钥 */\n  baseUrl: string;\n  /** 节点域名根域名，如 \"undefineds.site\" */\n  baseStorageDomain?: string;\n  /** provisionCode 有效期（秒），默认 24 小时 */\n  provisionCodeTtl?: number;\n}\n\n/** 默认 24 小时 */\nconst DEFAULT_TTL = 24 * 60 * 60;\n\nexport function registerProvisionRoutes(\n  server: ApiServer,\n  options: ProvisionHandlerOptions,\n): void {\n  const logger = getLoggerFor('ProvisionHandler');\n  const { repository, baseUrl, baseStorageDomain } = options;\n  const ttl = options.provisionCodeTtl ?? DEFAULT_TTL;\n  const codec = new ProvisionCodeCodec(baseUrl);\n\n  /**\n   * POST /provision/nodes\n   *\n   * SP 注册端点（公开，SP 启动时调用，此时用户可能还没有 Cloud 账号）\n   *\n   * Request:\n   *   { publicUrl: string, nodeId?: string, displayName?: string, ipv4?: string, serviceToken?: string }\n   *\n   * Response 201:\n   *   { nodeId, nodeToken, serviceToken, provisionCode, spDomain? }\n   */\n  server.post('/provision/nodes', async (request, response) => {\n    let body: {\n      publicUrl?: string;\n      nodeId?: string;\n      nodeToken?: string;\n      displayName?: string;\n      ipv4?: string;\n      serviceToken?: string;\n      localPort?: number;\n    };\n    try {\n      body = await readJsonBody(request) as any ?? {};\n    } catch {\n      sendJson(response, 400, { error: 'Invalid JSON body' });\n      return;\n    }\n\n    if (!body.publicUrl) {\n      sendJson(response, 400, { error: 'publicUrl is required' });\n      return;\n    }\n\n    try {\n      new URL(body.publicUrl);\n    } catch {\n      sendJson(response, 400, { error: 'Invalid publicUrl format' });\n      return;\n    }\n\n    try {\n      const result = await repository.registerSpNode({\n        publicUrl: body.publicUrl,\n        displayName: body.displayName,\n        nodeId: body.nodeId,\n        nodeToken: body.nodeToken,\n        serviceToken: body.serviceToken,\n      });\n\n      const subdomainPrefix = baseStorageDomain\n        ? result.nodeId.replace(/[^a-z0-9-]/gi, '').toLowerCase().slice(0, 63) || result.nodeId.split('-')[0]\n        : undefined;\n      const spDomain = subdomainPrefix\n        ? `${subdomainPrefix}.${baseStorageDomain}`\n        : undefined;\n      const tunnelState = await ensureManagedTunnelState({\n        repository,\n        nodeId: result.nodeId,\n        subdomainPrefix,\n        publicUrl: body.publicUrl,\n        localPort: body.localPort,\n        ipv4: body.ipv4,\n        ddnsRepo: options.ddnsRepo,\n        tunnelProvider: options.tunnelProvider,\n        baseStorageDomain,\n      });\n\n      if (body.ipv4 || subdomainPrefix) {\n        await repository.updateNodeMode(result.nodeId, {\n          accessMode: tunnelState?.mode === 'tunnel' ? 'proxy' : 'direct',\n          ipv4: body.ipv4,\n          subdomain: subdomainPrefix,\n        });\n      }\n\n      // 生成自包含 provisionCode（编码了 SP 信息，CSS 解码后直接回调 SP）\n      const provisionCode = codec.encode({\n        spUrl: body.publicUrl,\n        serviceToken: result.serviceToken,\n        nodeId: result.nodeId,\n        spDomain,\n        exp: Math.floor(Date.now() / 1000) + ttl,\n      });\n\n      logger.info(`Registered SP node ${result.nodeId} at ${body.publicUrl}${spDomain ? `, spDomain: ${spDomain}` : ''}`);\n\n      const responseBody: Record<string, unknown> = {\n        nodeId: result.nodeId,\n        nodeToken: result.nodeToken,\n        serviceToken: result.serviceToken,\n        provisionCode,\n      };\n      if (spDomain) {\n        responseBody.spDomain = spDomain;\n      }\n      if (tunnelState?.tunnelConfig?.tunnelToken) {\n        responseBody.tunnelToken = tunnelState.tunnelConfig.tunnelToken;\n      }\n      if (tunnelState?.tunnelConfig?.provider) {\n        responseBody.tunnelProvider = tunnelState.tunnelConfig.provider;\n      }\n      if (tunnelState?.tunnelConfig?.endpoint) {\n        responseBody.tunnelEndpoint = tunnelState.tunnelConfig.endpoint;\n      }\n\n      sendJson(response, 201, responseBody);\n    } catch (error) {\n      logger.error(`Failed to register SP node: ${error}`);\n      sendJson(response, 500, { error: 'Failed to register SP node' });\n    }\n  }, { public: true });\n\n  logger.info('Provision routes registered');\n}\n\ninterface ManagedTunnelState {\n  mode: 'direct' | 'tunnel';\n  tunnelConfig?: TunnelConfig;\n}\n\nasync function ensureManagedTunnelState(options: {\n  repository: EdgeNodeRepository;\n  ddnsRepo?: DdnsRepository;\n  tunnelProvider?: TunnelProvider;\n  nodeId: string;\n  subdomainPrefix?: string;\n  baseStorageDomain?: string;\n  publicUrl: string;\n  localPort?: number;\n  ipv4?: string;\n}): Promise<ManagedTunnelState | undefined> {\n  const {\n    repository,\n    ddnsRepo,\n    tunnelProvider,\n    nodeId,\n    subdomainPrefix,\n    baseStorageDomain,\n    publicUrl,\n    localPort,\n    ipv4,\n  } = options;\n\n  if (!subdomainPrefix || !baseStorageDomain) {\n    return undefined;\n  }\n\n  const mode: 'direct' | 'tunnel' = ipv4 ? 'direct' : 'tunnel';\n\n  if (ddnsRepo) {\n    const existing = await ddnsRepo.getRecord(subdomainPrefix);\n    if (!existing) {\n      await ddnsRepo.allocateSubdomain({\n        subdomain: subdomainPrefix,\n        domain: baseStorageDomain,\n        nodeId,\n        ipAddress: ipv4,\n      });\n    }\n  }\n\n  if (mode === 'direct' || !tunnelProvider || !localPort || localPort <= 0) {\n    return { mode };\n  }\n\n  const metadataRecord = await repository.getNodeMetadata(nodeId);\n  const metadata = metadataRecord?.metadata as Record<string, unknown> | null;\n  const existingTunnel = readManagedTunnelConfig(metadata);\n  if (existingTunnel && existingTunnel.subdomain === subdomainPrefix && existingTunnel.localPort === localPort) {\n    return {\n      mode,\n      tunnelConfig: existingTunnel.config,\n    };\n  }\n\n  const tunnelConfig = await tunnelProvider.setup({\n    subdomain: subdomainPrefix,\n    localPort,\n  });\n\n  await repository.mergeNodeMetadata(nodeId, {\n    managedTunnel: {\n      provider: tunnelConfig.provider,\n      tunnelId: tunnelConfig.tunnelId,\n      tunnelToken: tunnelConfig.tunnelToken,\n      endpoint: tunnelConfig.endpoint,\n      subdomain: subdomainPrefix,\n      localPort,\n      configuredAt: new Date().toISOString(),\n    },\n    publicAddress: tunnelConfig.endpoint || publicUrl,\n  });\n\n  return {\n    mode,\n    tunnelConfig,\n  };\n}\n\nfunction readManagedTunnelConfig(metadata: Record<string, unknown> | null): { subdomain?: string; localPort?: number; config: TunnelConfig } | undefined {\n  const raw = metadata?.managedTunnel;\n  if (!raw || typeof raw !== 'object') {\n    return undefined;\n  }\n\n  const value = raw as Record<string, unknown>;\n  const provider = value.provider;\n  const endpoint = value.endpoint;\n  const tunnelToken = value.tunnelToken;\n  const tunnelId = value.tunnelId;\n  const subdomain = typeof value.subdomain === 'string' ? value.subdomain : undefined;\n  const localPort = typeof value.localPort === 'number' ? value.localPort : undefined;\n\n  if (\n    (provider !== 'cloudflare' && provider !== 'frp' && provider !== 'sakura-frp')\n    || typeof endpoint !== 'string'\n  ) {\n    return undefined;\n  }\n\n  return {\n    subdomain,\n    localPort,\n    config: {\n      provider,\n      subdomain: subdomain ?? 'local',\n      endpoint,\n      tunnelId: typeof tunnelId === 'string' ? tunnelId : undefined,\n      tunnelToken: typeof tunnelToken === 'string' ? tunnelToken : undefined,\n    },\n  };\n}\n\n/**\n * Local 端 SP 状态查询路由\n */\nexport interface ProvisionStatusOptions {\n  /** Cloud API 端点 */\n  cloudUrl?: string;\n  /** 节点 ID */\n  nodeId?: string;\n  /** SP 子域名 */\n  spDomain?: string;\n  /** Cloud baseUrl，用于拼 provisionUrl */\n  cloudBaseUrl?: string;\n  /** provisionCode（可选，由环境变量传入） */\n  provisionCode?: string;\n}\n\nexport function registerProvisionStatusRoute(\n  server: ApiServer,\n  options: ProvisionStatusOptions,\n): void {\n  const logger = getLoggerFor('ProvisionStatusHandler');\n\n  server.get('/provision/status', async (_request, response) => {\n    const registered = Boolean(options.nodeId && options.cloudUrl);\n\n    const body: Record<string, unknown> = {\n      registered,\n    };\n\n    if (registered) {\n      body.cloudUrl = options.cloudUrl;\n      body.nodeId = options.nodeId;\n      if (options.spDomain) {\n        body.spDomain = options.spDomain;\n      }\n      if (options.cloudBaseUrl) {\n        const provisionUrl = options.provisionCode\n          ? `${options.cloudBaseUrl.replace(/\\/$/, '')}/.account/?provisionCode=${encodeURIComponent(options.provisionCode)}`\n          : `${options.cloudBaseUrl.replace(/\\/$/, '')}/.account/`;\n        body.provisionUrl = provisionUrl;\n      }\n    }\n\n    sendJson(response, 200, body);\n  }, { public: true });\n\n  logger.info('Provision status route registered');\n}\n\nasync function readJsonBody(request: IncomingMessage): Promise<unknown> {\n  return new Promise((resolve, reject) => {\n    let data = '';\n    request.setEncoding('utf8');\n    request.on('data', (chunk: string) => {\n      data += chunk;\n    });\n    request.on('end', () => {\n      if (!data) {\n        resolve(undefined);\n        return;\n      }\n      try {\n        resolve(JSON.parse(data));\n      } catch (error) {\n        reject(error);\n      }\n    });\n    request.on('error', reject);\n  });\n}\n\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n  response.statusCode = status;\n  response.setHeader('Content-Type', 'application/json');\n  response.end(JSON.stringify(data));\n}\n"]}

package/dist/identity/drizzle/EdgeNodeRepository.d.ts

@@ -177,6 +177,8 @@ export declare class EdgeNodeRepository {
         displayName?: string;
         /** SP 提供的设备 ID，作为 nodeId（不传则随机生成） */
         nodeId?: string;
+        /** SP 已保存的 nodeToken，重复注册时用于保留旧凭证 */
+        nodeToken?: string;
         /** SP 提供的 serviceToken，不传则随机生成 */
         serviceToken?: string;
     }): Promise<CreateSpNodeResult>;

package/dist/identity/drizzle/EdgeNodeRepository.js

@@ -464,7 +464,7 @@ class EdgeNodeRepository {
      */
     async registerSpNode(options) {
         const nodeId = options.nodeId || (0, node_crypto_1.randomUUID)();
-        const nodeToken = (0, node_crypto_1.randomBytes)(32).toString('base64url');
+        const nodeToken = options.nodeToken || (0, node_crypto_1.randomBytes)(32).toString('base64url');
         const nodeTokenHash = (0, node_crypto_1.createHash)('sha256').update(nodeToken).digest('hex');
         const serviceToken = options.serviceToken || (0, node_crypto_1.randomBytes)(32).toString('base64url');
         const now = new Date();

package/dist/identity/drizzle/EdgeNodeRepository.js.map

@@ -1 +1 @@
-{"version":3,"file":"EdgeNodeRepository.js","sourceRoot":"","sources":["../../../src/identity/drizzle/EdgeNodeRepository.ts"],"names":[],"mappings":";;;AAAA,6CAAmF;AACnF,6CAAsC;AAEtC,6BAAsF;AACtF,qCAAqC;AAmDrC,MAAa,kBAAkB;IAC7B,YAAoC,EAAoB;QAApB,OAAE,GAAF,EAAE,CAAkB;IAAG,CAAC;IAErD,KAAK,CAAC,SAAS;QACpB,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;;;;;;;;;;;;;;KAgB7C,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAmB,EAAE;YACnD,MAAM,SAAS,GAAG,IAAA,oBAAe,EAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,IAAA,oBAAe,EAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAClD,MAAM,QAAQ,GAAG,IAAA,oBAAe,EAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAChD,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtB,WAAW,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC;gBAC5E,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAA6B;gBACjH,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,CAAC;gBACpC,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE;gBACnC,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE;gBACnC,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE;gBACjC,QAAQ,EAAE,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,IAAI,IAAI,CAAC;aAC/F,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,WAAoB,EAAE,UAAmB;QAC/D,MAAM,MAAM,GAAG,IAAA,wBAAU,GAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,IAAA,kBAAa,EAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QAEvC,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;gBAEvB,MAAM,KAAK,WAAW,IAAI,IAAI,KAAK,SAAS,KAAK,EAAE,KAAK,EAAE;KACrE,CAAC,CAAC;QAEH,OAAO;YACL,MAAM;YACN,KAAK;YACL,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE;SAC7B,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,YAAY,CAAC,OAAe;QACvC,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,MAAc;QACvC,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;mBAG/B,MAAM;;KAEpB,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,WAAW,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC;YAC5E,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;YACvC,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAA6B;YACjH,QAAQ,EAAE,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,IAAI,IAAI,CAAC;SAC/F,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,MAAc,EAAE,QAAwC,EAAE,SAAe;QACxG,MAAM,OAAO,GAAG,QAAQ,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACnE,MAAM,EAAE,GAAG,IAAA,kBAAa,EAAC,IAAI,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;QAE7C,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;uBAEhB,OAAO;wBACN,EAAE;yBACD,EAAE;mBACR,MAAM;KACpB,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,OAO3C;QACC,MAAM,mBAAmB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC/F,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,IAAA,kBAAa,EAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QAEvC,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;0BAEb,OAAO,CAAC,UAAU;mBACzB,OAAO,CAAC,IAAI,IAAI,IAAI;0BACb,OAAO,CAAC,UAAU,IAAI,IAAI;wBAC5B,OAAO,CAAC,SAAS,IAAI,IAAI;kCACf,OAAO,CAAC,kBAAkB,IAAI,SAAS;2BAC9C,mBAAmB;sCACR,EAAE;yBACf,EAAE;mBACR,MAAM;KACpB,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAAC,MAAc;QASjD,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;;mBAI/B,MAAM;;KAEpB,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,UAAU,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;YACjE,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;YAC7C,UAAU,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;YACjE,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;YAC5D,kBAAkB,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,SAAS;YACzF,qBAAqB,EAAE,IAAA,oBAAe,EAAC,GAAG,CAAC,uBAAuB,CAAC;SACpE,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,iBAAiB,CAAC,MAAc,EAAE,KAA8B;QAC3E,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,QAAQ,MAAM,YAAY,CAAC,CAAC;QAC9C,CAAC;QAED,6BAA6B;QAC7B,MAAM,MAAM,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,GAAG,KAAK,EAAE,CAAC;QACzD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,EAAE,GAAG,IAAA,kBAAa,EAAC,IAAI,CAAC,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;QAE9C,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;uBAEhB,OAAO;yBACL,EAAE;mBACR,MAAM;KACpB,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,MAAc;QACzC,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;mBAG/B,MAAM;;KAEpB,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,QAAQ,EAAE,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,IAAI,IAAI,CAAC;YAC9F,QAAQ,EAAE,IAAA,oBAAe,EAAC,GAAG,CAAC,SAAS,CAAC;SACzC,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,MAAc,EAAE,IAAc;QACzD,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,EAAoB,EAAE,EAAE;YACvD,MAAM,EAAE,CAAC,OAAO,CAAC,IAAA,iBAAG,EAAA,sDAAsD,MAAM,EAAE,CAAC,CAAC;YACpF,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,iBAAG,EAAA,IAAI,MAAM,KAAK,OAAO,GAAG,CAAC,CAAC;gBACnE,MAAM,EAAE,CAAC,OAAO,CAAC,IAAA,iBAAG,EAAA;;mBAET,iBAAG,CAAC,IAAI,CAAC,MAAM,EAAE,IAAA,iBAAG,EAAA,IAAI,CAAC;;SAEnC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,sBAAsB,CAAC,IAAY;QAC9C,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;;;;;cAOpC,IAAI;;;KAGb,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;YAC7B,UAAU,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;YACjE,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,IAAI;SAC/B,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,QAAgB;QAC/C,MAAM,UAAU,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACjD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;0BAGxB,UAAU;;KAE/B,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,UAAU,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;YACjE,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,IAAI;YAC9B,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;SAC7D,CAAC;IACJ,CAAC;IAEM,YAAY,CAAC,SAAiB,EAAE,KAAa;QAClD,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YAChD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;YAC3D,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;gBACtC,OAAO,KAAK,CAAC;YACf,CAAC;YACD,OAAO,IAAA,6BAAe,EAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,mBAAmB,CAAC,MAAc;QAQ7C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE;aACtB,MAAM,CAAC;YACN,EAAE,EAAE,kBAAS,CAAC,EAAE;YAChB,YAAY,EAAE,kBAAS,CAAC,YAAY;YACpC,QAAQ,EAAE,kBAAS,CAAC,QAAQ;YAC5B,UAAU,EAAE,kBAAS,CAAC,UAAU;YAChC,QAAQ,EAAE,kBAAS,CAAC,QAAQ;YAC5B,kBAAkB,EAAE,kBAAS,CAAC,kBAAkB;SACjD,CAAC;aACD,IAAI,CAAC,kBAAS,CAAC;aACf,KAAK,CAAC,IAAA,gBAAE,EAAC,kBAAS,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;aAC/B,KAAK,CAAC,CAAC,CAAC,CAAC;QAEZ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACpB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAA0C,CAAC;QAEjE,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,YAAY,EAAE,IAAI,CAAC,YAA8C;YACjE,kBAAkB,EAAE,QAAQ,EAAE,YAAwB,IAAI,IAAI;YAC9D,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;SAC5C,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,oBAAoB;QAQ/B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE;aACvB,MAAM,CAAC;YACN,EAAE,EAAE,kBAAS,CAAC,EAAE;YAChB,YAAY,EAAE,kBAAS,CAAC,YAAY;YACpC,QAAQ,EAAE,kBAAS,CAAC,QAAQ;YAC5B,UAAU,EAAE,kBAAS,CAAC,UAAU;YAChC,QAAQ,EAAE,kBAAS,CAAC,QAAQ;YAC5B,kBAAkB,EAAE,kBAAS,CAAC,kBAAkB;SACjD,CAAC;aACD,IAAI,CAAC,kBAAS,CAAC;aACf,OAAO,CAAC,kBAAS,CAAC,QAAQ,CAAC,CAAC;QAE/B,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAmB,EAAE,EAAE;YACtC,MAAM,QAAQ,GAAG,GAAG,CAAC,QAA0C,CAAC;YAEhE,OAAO;gBACL,MAAM,EAAE,GAAG,CAAC,EAAE;gBACd,YAAY,EAAE,GAAG,CAAC,YAA8C;gBAChE,kBAAkB,EAAE,QAAQ,EAAE,YAAwB,IAAI,IAAI;gBAC9D,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,kBAAkB,EAAE,GAAG,CAAC,kBAAkB;aAC3C,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,gDAAgD;IAEhD;;;OAGG;IACI,KAAK,CAAC,kBAAkB,CAAC,OAK/B;QACC,MAAM,KAAK,GAAG,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,0CAA0C;QAErF,oDAAoD;QACpD,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;;;;UAM7B,OAAO,CAAC,MAAM,KAAK,OAAO,CAAC,WAAW,IAAI,IAAI,KAAK,SAAS;UAC5D,OAAO,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,gBAAgB,GAAG,KAAK,GAAG,KAAK,GAAG;;;;;;;;KAQnF,CAAC,CAAC;QAEH,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC;IAC3C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,yBAAyB,CACpC,MAAc,EACd,UAAkB,EAClB,YAAoB,EACpB,SAAe;QAEf,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,0CAA0C;QAC7F,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;0BAEb,UAAU;4BACR,YAAY;wBAChB,EAAE;yBACD,EAAE;;mBAER,MAAM;KACpB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,eAAe;QAC1B,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;;;KAK7C,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAkB,EAAE,CAAC,CAAC;YACpD,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,WAAW,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC;YAC5E,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;YACzC,YAAY,EAAE,MAAM,CAAC,GAAG,CAAC,aAAa,IAAI,CAAC,CAAC;YAC5C,kBAAkB,EAAE,CAAC,GAAG,CAAC,mBAAmB,IAAI,SAAS,CAA4C;YACrG,QAAQ,EAAE,IAAA,oBAAe,EAAC,GAAG,CAAC,SAAS,CAAC;SACzC,CAAC,CAAC,CAAC;IACN,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa,CAAC,MAAc;QACvC,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;mBAG/B,MAAM;;KAEpB,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,WAAW,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC;YAC5E,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;YACzC,YAAY,EAAE,MAAM,CAAC,GAAG,CAAC,aAAa,IAAI,CAAC,CAAC;YAC5C,kBAAkB,EAAE,CAAC,GAAG,CAAC,mBAAmB,IAAI,SAAS,CAA4C;YACrG,QAAQ,EAAE,IAAA,oBAAe,EAAC,GAAG,CAAC,SAAS,CAAC;SACzC,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,wBAAwB,CAAC,UAAkB,EAAE,YAAoB;QAC5E,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;qDAGG,UAAU,wBAAwB,YAAY;;KAE9F,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,WAAW,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC;YAC5E,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;YACzC,YAAY,EAAE,MAAM,CAAC,GAAG,CAAC,aAAa,IAAI,CAAC,CAAC;YAC5C,kBAAkB,EAAE,CAAC,GAAG,CAAC,mBAAmB,IAAI,SAAS,CAA4C;YACrG,QAAQ,EAAE,IAAA,oBAAe,EAAC,GAAG,CAAC,SAAS,CAAC;SACzC,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,yBAAyB,CAAC,MAAc;QACnD,MAAM,EAAE,GAAG,IAAA,kBAAa,EAAC,IAAI,CAAC,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;QAC9C,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;yBAGd,EAAE;mBACR,MAAM;KACpB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,gBAAgB,CAAC,MAAc;QAC1C,4FAA4F;QAC5F,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;mBAEpB,MAAM;KACpB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uDAAuD;IAEvD;;OAEG;IACI,KAAK,CAAC,kBAAkB,CAAC,SAAiB;QAS/C,KAAK,SAAS,CAAC;QACf,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,UAAU,CAAC,MAAc;QACpC,+BAA+B;QAC/B,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;2DACoB,MAAM;KAC5D,CAAC,CAAC;QAEH,uBAAuB;QACvB,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;mBAE/B,MAAM;;KAEpB,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;IAChC,CAAC;IAED,+DAA+D;IAE/D;;;;;;OAMG;IACI,KAAK,CAAC,cAAc,CAAC,OAO3B;QACC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAA,wBAAU,GAAE,CAAC;QAC9C,MAAM,SAAS,GAAG,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACxD,MAAM,aAAa,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC3E,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACnF,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,IAAA,kBAAa,EAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QAEvC,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;;;;;UAO7B,MAAM,KAAK,OAAO,CAAC,WAAW,IAAI,IAAI,KAAK,aAAa,KAAK,YAAY;gBACnE,OAAO,CAAC,SAAS,gBAAgB,EAAE,KAAK,EAAE;;;;;;;;KAQrD,CAAC,CAAC;QAEH,OAAO;YACL,MAAM;YACN,SAAS;YACT,YAAY;YACZ,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE;SAC7B,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,SAAS,CAAC,MAAc;QACnC,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;mBAG/B,MAAM;;KAEpB,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,WAAW,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC;YAC5E,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;YACvC,gBAAgB,EAAE,MAAM,CAAC,GAAG,CAAC,kBAAkB,IAAI,EAAE,CAAC;YACtD,QAAQ,EAAE,IAAA,oBAAe,EAAC,GAAG,CAAC,SAAS,CAAC;SACzC,CAAC;IACJ,CAAC;CACF;AAzmBD,gDAymBC","sourcesContent":["import { randomBytes, randomUUID, createHash, timingSafeEqual } from 'node:crypto';\nimport { sql, eq } from 'drizzle-orm';\nimport type { IdentityDatabase } from './db';\nimport { executeStatement, executeQuery, toDbTimestamp, fromDbTimestamp } from './db';\nimport { edgeNodes } from './schema';\n\nexport interface EdgeNodeSummary {\n  nodeId: string;\n  displayName?: string;\n  nodeType: 'center' | 'edge' | 'sp';\n  podCount: number;\n  createdAt?: string;\n  updatedAt?: string;\n  lastSeen?: string;\n  metadata?: Record<string, unknown> | null;\n}\n\nexport interface CreateEdgeNodeResult {\n  nodeId: string;\n  token: string;\n  createdAt: string;\n}\n\nexport interface EdgeNodeSecret {\n  nodeId: string;\n  displayName?: string;\n  tokenHash: string;\n  nodeType: 'center' | 'edge' | 'sp';\n  metadata?: Record<string, unknown> | null;\n}\n\nexport interface CenterNodeInfo {\n  nodeId: string;\n  displayName?: string;\n  internalIp: string;\n  internalPort: number;\n  connectivityStatus: 'unknown' | 'reachable' | 'unreachable';\n  lastSeen?: Date;\n}\n\nexport interface CreateSpNodeResult {\n  nodeId: string;\n  nodeToken: string;\n  serviceToken: string;\n  createdAt: string;\n}\n\nexport interface SpNodeInfo {\n  nodeId: string;\n  displayName?: string;\n  publicUrl: string;\n  serviceTokenHash: string;\n  lastSeen?: Date;\n}\n\nexport class EdgeNodeRepository {\n  public constructor(private readonly db: IdentityDatabase) {}\n\n  public async listNodes(): Promise<EdgeNodeSummary[]> {\n    const result = await executeQuery(this.db, sql`\n      SELECT en.id,\n             en.display_name,\n             en.node_type,\n             en.created_at,\n             en.updated_at,\n             en.last_seen,\n             en.metadata,\n             COALESCE(pods.count, 0) AS pod_count\n      FROM identity_edge_node en\n      LEFT JOIN (\n        SELECT node_id, COUNT(*) AS count\n        FROM identity_edge_node_pod\n        GROUP BY node_id\n      ) pods ON pods.node_id = en.id\n      ORDER BY en.created_at ASC\n    `);\n\n    return result.rows.map((row: any): EdgeNodeSummary => {\n      const createdAt = fromDbTimestamp(row.created_at);\n      const updatedAt = fromDbTimestamp(row.updated_at);\n      const lastSeen = fromDbTimestamp(row.last_seen);\n      return {\n        nodeId: String(row.id),\n        displayName: row.display_name == null ? undefined : String(row.display_name),\n        nodeType: (['center', 'edge', 'sp'].includes(row.node_type) ? row.node_type : 'edge') as 'center' | 'edge' | 'sp',\n        podCount: Number(row.pod_count ?? 0),\n        createdAt: createdAt?.toISOString(),\n        updatedAt: updatedAt?.toISOString(),\n        lastSeen: lastSeen?.toISOString(),\n        metadata: typeof row.metadata === 'string' ? JSON.parse(row.metadata) : (row.metadata ?? null),\n      };\n    });\n  }\n\n  public async createNode(displayName?: string, _accountId?: string): Promise<CreateEdgeNodeResult> {\n    const nodeId = randomUUID();\n    const token = randomBytes(32).toString('base64url');\n    const tokenHash = createHash('sha256').update(token).digest('hex');\n    const now = new Date();\n    const ts = toDbTimestamp(this.db, now);\n\n    await executeStatement(this.db, sql`\n      INSERT INTO identity_edge_node (id, display_name, token_hash, created_at, updated_at)\n      VALUES (${nodeId}, ${displayName ?? null}, ${tokenHash}, ${ts}, ${ts})\n    `);\n\n    return {\n      nodeId,\n      token,\n      createdAt: now.toISOString(),\n    };\n  }\n\n  /**\n   * Node/account 关系待产品化后单独建模；当前阶段不再在节点表上持久化账号归属。\n   */\n  public async getNodeOwner(_nodeId: string): Promise<string | undefined> {\n    return undefined;\n  }\n\n  public async getNodeSecret(nodeId: string): Promise<EdgeNodeSecret | undefined> {\n    const result = await executeQuery(this.db, sql`\n      SELECT id, display_name, token_hash, node_type, metadata\n      FROM identity_edge_node\n      WHERE id = ${nodeId}\n      LIMIT 1\n    `);\n    if (result.rows.length === 0) {\n      return undefined;\n    }\n    const row = result.rows[0] as any;\n    return {\n      nodeId: String(row.id),\n      displayName: row.display_name == null ? undefined : String(row.display_name),\n      tokenHash: String(row.token_hash ?? ''),\n      nodeType: (['center', 'edge', 'sp'].includes(row.node_type) ? row.node_type : 'edge') as 'center' | 'edge' | 'sp',\n      metadata: typeof row.metadata === 'string' ? JSON.parse(row.metadata) : (row.metadata ?? null),\n    };\n  }\n\n  public async updateNodeHeartbeat(nodeId: string, metadata: Record<string, unknown> | null, timestamp: Date): Promise<void> {\n    const payload = metadata == null ? null : JSON.stringify(metadata);\n    const ts = toDbTimestamp(this.db, timestamp);\n\n    await executeStatement(this.db, sql`\n      UPDATE identity_edge_node\n      SET metadata = ${payload},\n          last_seen = ${ts},\n          updated_at = ${ts}\n      WHERE id = ${nodeId}\n    `);\n  }\n\n  public async updateNodeMode(nodeId: string, options: {\n    accessMode: 'direct' | 'proxy';\n    ipv4?: string;\n    publicPort?: number;\n    subdomain?: string;\n    connectivityStatus?: 'unknown' | 'reachable' | 'unreachable';\n    capabilities?: Record<string, unknown>;\n  }): Promise<void> {\n    const capabilitiesPayload = options.capabilities ? JSON.stringify(options.capabilities) : null;\n    const now = new Date();\n    const ts = toDbTimestamp(this.db, now);\n\n    await executeStatement(this.db, sql`\n      UPDATE identity_edge_node\n      SET access_mode = ${options.accessMode},\n          ipv4 = ${options.ipv4 ?? null},\n          public_port = ${options.publicPort ?? null},\n          subdomain = ${options.subdomain ?? null},\n          connectivity_status = ${options.connectivityStatus ?? 'unknown'},\n          capabilities = ${capabilitiesPayload},\n          last_connectivity_check = ${ts},\n          updated_at = ${ts}\n      WHERE id = ${nodeId}\n    `);\n  }\n\n  public async getNodeConnectivityInfo(nodeId: string): Promise<{\n    nodeId: string;\n    accessMode?: string;\n    ipv4?: string;\n    publicPort?: number;\n    subdomain?: string;\n    connectivityStatus?: string;\n    lastConnectivityCheck?: Date;\n  } | undefined> {\n    const result = await executeQuery(this.db, sql`\n      SELECT id, access_mode, ipv4, public_port, subdomain,\n             connectivity_status, last_connectivity_check\n      FROM identity_edge_node\n      WHERE id = ${nodeId}\n      LIMIT 1\n    `);\n\n    if (result.rows.length === 0) {\n      return undefined;\n    }\n\n    const row = result.rows[0] as any;\n    return {\n      nodeId: String(row.id),\n      accessMode: row.access_mode ? String(row.access_mode) : undefined,\n      ipv4: row.ipv4 ? String(row.ipv4) : undefined,\n      publicPort: row.public_port ? Number(row.public_port) : undefined,\n      subdomain: row.subdomain ? String(row.subdomain) : undefined,\n      connectivityStatus: row.connectivity_status ? String(row.connectivity_status) : undefined,\n      lastConnectivityCheck: fromDbTimestamp(row.last_connectivity_check),\n    };\n  }\n\n  public async mergeNodeMetadata(nodeId: string, patch: Record<string, unknown>): Promise<void> {\n    // Read current metadata\n    const current = await this.getNodeMetadata(nodeId);\n    if (!current) {\n      throw new Error(`Node ${nodeId} not found`);\n    }\n\n    // Merge in application layer\n    const merged = { ...(current.metadata ?? {}), ...patch };\n    const payload = JSON.stringify(merged);\n    const ts = toDbTimestamp(this.db, new Date());\n\n    await executeStatement(this.db, sql`\n      UPDATE identity_edge_node\n      SET metadata = ${payload},\n          updated_at = ${ts}\n      WHERE id = ${nodeId}\n    `);\n  }\n\n  public async getNodeMetadata(nodeId: string): Promise<{ nodeId: string; metadata: Record<string, unknown> | null; lastSeen?: Date } | undefined> {\n    const result = await executeQuery(this.db, sql`\n      SELECT id, metadata, last_seen\n      FROM identity_edge_node\n      WHERE id = ${nodeId}\n      LIMIT 1\n    `);\n    if (result.rows.length === 0) {\n      return undefined;\n    }\n    const row = result.rows[0] as any;\n    return {\n      nodeId: String(row.id),\n      metadata: typeof row.metadata === 'string' ? JSON.parse(row.metadata) : (row.metadata ?? null),\n      lastSeen: fromDbTimestamp(row.last_seen),\n    };\n  }\n\n  public async replaceNodePods(nodeId: string, pods: string[]): Promise<void> {\n    await this.db.transaction(async (tx: IdentityDatabase) => {\n      await tx.execute(sql`DELETE FROM identity_edge_node_pod WHERE node_id = ${nodeId}`);\n      if (pods.length > 0) {\n        const values = pods.map((baseUrl) => sql`(${nodeId}, ${baseUrl})`);\n        await tx.execute(sql`\n          INSERT INTO identity_edge_node_pod (node_id, base_url)\n          VALUES ${sql.join(values, sql`, `)}\n          ON CONFLICT DO NOTHING\n        `);\n      }\n    });\n  }\n\n  public async findNodeByResourcePath(path: string): Promise<{ nodeId: string; baseUrl: string; accessMode?: string; metadata?: Record<string, unknown> | null } | undefined> {\n    const result = await executeQuery(this.db, sql`\n      SELECT en.id,\n             en.access_mode,\n             en.metadata,\n             pods.base_url\n      FROM identity_edge_node_pod pods\n      JOIN identity_edge_node en ON en.id = pods.node_id\n      WHERE ${path} LIKE pods.base_url || '%'\n      ORDER BY length(pods.base_url) DESC\n      LIMIT 1\n    `);\n    if (result.rows.length === 0) {\n      return undefined;\n    }\n    const row = result.rows[0] as any;\n    return {\n      nodeId: String(row.id),\n      baseUrl: String(row.base_url),\n      accessMode: row.access_mode ? String(row.access_mode) : undefined,\n      metadata: row.metadata ?? null,\n    };\n  }\n\n  public async findNodeBySubdomain(hostname: string): Promise<{ nodeId: string; accessMode?: string; metadata?: Record<string, unknown> | null; subdomain?: string } | undefined> {\n    const normalized = hostname.trim().toLowerCase();\n    if (normalized.length === 0) {\n      return undefined;\n    }\n    const result = await executeQuery(this.db, sql`\n      SELECT id, access_mode, metadata, subdomain\n      FROM identity_edge_node\n      WHERE subdomain = ${normalized}\n      LIMIT 1\n    `);\n    if (result.rows.length === 0) {\n      return undefined;\n    }\n    const row = result.rows[0] as any;\n    return {\n      nodeId: String(row.id),\n      accessMode: row.access_mode ? String(row.access_mode) : undefined,\n      metadata: row.metadata ?? null,\n      subdomain: row.subdomain ? String(row.subdomain) : undefined,\n    };\n  }\n\n  public matchesToken(tokenHash: string, token: string): boolean {\n    if (!tokenHash || typeof tokenHash !== 'string') {\n      return false;\n    }\n    try {\n      const expected = Buffer.from(tokenHash, 'hex');\n      const actual = createHash('sha256').update(token).digest();\n      if (expected.length !== actual.length) {\n        return false;\n      }\n      return timingSafeEqual(expected, actual);\n    } catch {\n      return false;\n    }\n  }\n\n  /**\n   * Get node capabilities and related information for admin queries\n   */\n  public async getNodeCapabilities(nodeId: string): Promise<{\n    nodeId: string;\n    capabilities: Record<string, unknown> | null;\n    stringCapabilities: string[] | null;\n    accessMode: string | null;\n    lastSeen: Date | null;\n    connectivityStatus: string | null;\n  } | undefined> {\n    const row = await this.db\n      .select({\n        id: edgeNodes.id,\n        capabilities: edgeNodes.capabilities,\n        metadata: edgeNodes.metadata,\n        accessMode: edgeNodes.accessMode,\n        lastSeen: edgeNodes.lastSeen,\n        connectivityStatus: edgeNodes.connectivityStatus,\n      })\n      .from(edgeNodes)\n      .where(eq(edgeNodes.id, nodeId))\n      .limit(1);\n\n    if (row.length === 0) {\n      return undefined;\n    }\n\n    const node = row[0];\n    const metadata = node.metadata as Record<string, unknown> | null;\n    \n    return {\n      nodeId: node.id,\n      capabilities: node.capabilities as Record<string, unknown> | null,\n      stringCapabilities: metadata?.capabilities as string[] ?? null,\n      accessMode: node.accessMode,\n      lastSeen: node.lastSeen,\n      connectivityStatus: node.connectivityStatus,\n    };\n  }\n\n  /**\n   * List all nodes with their capability information\n   */\n  public async listNodeCapabilities(): Promise<Array<{\n    nodeId: string;\n    capabilities: Record<string, unknown> | null;\n    stringCapabilities: string[] | null;\n    accessMode: string | null;\n    lastSeen: Date | null;\n    connectivityStatus: string | null;\n  }>> {\n    const rows = await this.db\n      .select({\n        id: edgeNodes.id,\n        capabilities: edgeNodes.capabilities,\n        metadata: edgeNodes.metadata,\n        accessMode: edgeNodes.accessMode,\n        lastSeen: edgeNodes.lastSeen,\n        connectivityStatus: edgeNodes.connectivityStatus,\n      })\n      .from(edgeNodes)\n      .orderBy(edgeNodes.lastSeen);\n\n    return rows.map((row: typeof rows[0]) => {\n      const metadata = row.metadata as Record<string, unknown> | null;\n      \n      return {\n        nodeId: row.id,\n        capabilities: row.capabilities as Record<string, unknown> | null,\n        stringCapabilities: metadata?.capabilities as string[] ?? null,\n        accessMode: row.accessMode,\n        lastSeen: row.lastSeen,\n        connectivityStatus: row.connectivityStatus,\n      };\n    });\n  }\n\n  // ============ Center Node Methods ============\n\n  /**\n   * Register or update a center node in the cluster.\n   * Center nodes use the same table as edge nodes but with nodeType='center'.\n   */\n  public async registerCenterNode(options: {\n    nodeId: string;\n    displayName?: string;\n    internalIp: string;\n    internalPort: number;\n  }): Promise<{ nodeId: string; token: string }> {\n    const token = randomBytes(32).toString('base64url');\n    const tokenHash = createHash('sha256').update(token).digest('hex');\n    const now = Math.floor(Date.now() / 1000); // Unix timestamp for SQLite compatibility\n\n    // Use upsert pattern: INSERT ... ON CONFLICT UPDATE\n    await executeStatement(this.db, sql`\n      INSERT INTO identity_edge_node (\n        id, display_name, token_hash, node_type, internal_ip, internal_port,\n        connectivity_status, created_at, updated_at, last_seen\n      )\n      VALUES (\n        ${options.nodeId}, ${options.displayName ?? null}, ${tokenHash}, 'center',\n        ${options.internalIp}, ${options.internalPort}, 'unknown', ${now}, ${now}, ${now}\n      )\n      ON CONFLICT (id) DO UPDATE SET\n        display_name = EXCLUDED.display_name,\n        internal_ip = EXCLUDED.internal_ip,\n        internal_port = EXCLUDED.internal_port,\n        updated_at = EXCLUDED.updated_at,\n        last_seen = EXCLUDED.last_seen\n    `);\n\n    return { nodeId: options.nodeId, token };\n  }\n\n  /**\n   * Update center node heartbeat with internal endpoint info.\n   */\n  public async updateCenterNodeHeartbeat(\n    nodeId: string,\n    internalIp: string,\n    internalPort: number,\n    timestamp: Date,\n  ): Promise<void> {\n    const ts = Math.floor(timestamp.getTime() / 1000); // Unix timestamp for SQLite compatibility\n    await executeStatement(this.db, sql`\n      UPDATE identity_edge_node\n      SET internal_ip = ${internalIp},\n          internal_port = ${internalPort},\n          last_seen = ${ts},\n          updated_at = ${ts},\n          connectivity_status = 'reachable'\n      WHERE id = ${nodeId} AND node_type = 'center'\n    `);\n  }\n\n  /**\n   * List all center nodes in the cluster.\n   */\n  public async listCenterNodes(): Promise<CenterNodeInfo[]> {\n    const result = await executeQuery(this.db, sql`\n      SELECT id, display_name, internal_ip, internal_port, connectivity_status, last_seen\n      FROM identity_edge_node\n      WHERE node_type = 'center'\n      ORDER BY created_at ASC\n    `);\n\n    return result.rows.map((row: any): CenterNodeInfo => ({\n      nodeId: String(row.id),\n      displayName: row.display_name == null ? undefined : String(row.display_name),\n      internalIp: String(row.internal_ip ?? ''),\n      internalPort: Number(row.internal_port ?? 0),\n      connectivityStatus: (row.connectivity_status ?? 'unknown') as 'unknown' | 'reachable' | 'unreachable',\n      lastSeen: fromDbTimestamp(row.last_seen),\n    }));\n  }\n\n  /**\n   * Get a specific center node by ID.\n   */\n  public async getCenterNode(nodeId: string): Promise<CenterNodeInfo | undefined> {\n    const result = await executeQuery(this.db, sql`\n      SELECT id, display_name, internal_ip, internal_port, connectivity_status, last_seen\n      FROM identity_edge_node\n      WHERE id = ${nodeId} AND node_type = 'center'\n      LIMIT 1\n    `);\n\n    if (result.rows.length === 0) {\n      return undefined;\n    }\n\n    const row = result.rows[0] as any;\n    return {\n      nodeId: String(row.id),\n      displayName: row.display_name == null ? undefined : String(row.display_name),\n      internalIp: String(row.internal_ip ?? ''),\n      internalPort: Number(row.internal_port ?? 0),\n      connectivityStatus: (row.connectivity_status ?? 'unknown') as 'unknown' | 'reachable' | 'unreachable',\n      lastSeen: fromDbTimestamp(row.last_seen),\n    };\n  }\n\n  /**\n   * Find a center node by its internal endpoint (for routing).\n   */\n  public async findCenterNodeByEndpoint(internalIp: string, internalPort: number): Promise<CenterNodeInfo | undefined> {\n    const result = await executeQuery(this.db, sql`\n      SELECT id, display_name, internal_ip, internal_port, connectivity_status, last_seen\n      FROM identity_edge_node\n      WHERE node_type = 'center' AND internal_ip = ${internalIp} AND internal_port = ${internalPort}\n      LIMIT 1\n    `);\n\n    if (result.rows.length === 0) {\n      return undefined;\n    }\n\n    const row = result.rows[0] as any;\n    return {\n      nodeId: String(row.id),\n      displayName: row.display_name == null ? undefined : String(row.display_name),\n      internalIp: String(row.internal_ip ?? ''),\n      internalPort: Number(row.internal_port ?? 0),\n      connectivityStatus: (row.connectivity_status ?? 'unknown') as 'unknown' | 'reachable' | 'unreachable',\n      lastSeen: fromDbTimestamp(row.last_seen),\n    };\n  }\n\n  /**\n   * Mark a center node as unreachable (for health checks).\n   */\n  public async markCenterNodeUnreachable(nodeId: string): Promise<void> {\n    const ts = toDbTimestamp(this.db, new Date());\n    await executeStatement(this.db, sql`\n      UPDATE identity_edge_node\n      SET connectivity_status = 'unreachable',\n          updated_at = ${ts}\n      WHERE id = ${nodeId} AND node_type = 'center'\n    `);\n  }\n\n  /**\n   * Remove a center node from the cluster.\n   */\n  public async removeCenterNode(nodeId: string): Promise<boolean> {\n    // Note: For SQLite, we can't easily get affected row count, so just execute and return true\n    await executeStatement(this.db, sql`\n      DELETE FROM identity_edge_node\n      WHERE id = ${nodeId} AND node_type = 'center'\n    `);\n    return true;\n  }\n\n  // ============ Account-based Node Methods ============\n\n  /**\n   * List nodes owned by a specific account\n   */\n  public async listNodesByAccount(accountId: string): Promise<Array<{\n    nodeId: string;\n    displayName?: string;\n    capabilities: Record<string, unknown> | null;\n    stringCapabilities: string[] | null;\n    accessMode: string | null;\n    lastSeen: Date | null;\n    connectivityStatus: string | null;\n  }>> {\n    void accountId;\n    return [];\n  }\n\n  /**\n   * Delete a node\n   */\n  public async deleteNode(nodeId: string): Promise<boolean> {\n    // First delete associated pods\n    await executeStatement(this.db, sql`\n      DELETE FROM identity_edge_node_pod WHERE node_id = ${nodeId}\n    `);\n\n    // Then delete the node\n    const result = await executeQuery(this.db, sql`\n      DELETE FROM identity_edge_node\n      WHERE id = ${nodeId}\n      RETURNING id\n    `);\n\n    return result.rows.length > 0;\n  }\n\n  // ============ SP (Storage Provider) Node Methods ============\n\n  /**\n   * Register or update an SP node (UPSERT by nodeId).\n   *\n   * SP 本地生成 deviceId 作为 nodeId，注册时带上来。\n   * 同一 nodeId 重复注册时更新 publicUrl、token 等，保留原记录。\n   * 不传 nodeId 则 Cloud 随机分配。\n   */\n  public async registerSpNode(options: {\n    publicUrl: string;\n    displayName?: string;\n    /** SP 提供的设备 ID，作为 nodeId（不传则随机生成） */\n    nodeId?: string;\n    /** SP 提供的 serviceToken，不传则随机生成 */\n    serviceToken?: string;\n  }): Promise<CreateSpNodeResult> {\n    const nodeId = options.nodeId || randomUUID();\n    const nodeToken = randomBytes(32).toString('base64url');\n    const nodeTokenHash = createHash('sha256').update(nodeToken).digest('hex');\n    const serviceToken = options.serviceToken || randomBytes(32).toString('base64url');\n    const now = new Date();\n    const ts = toDbTimestamp(this.db, now);\n\n    await executeStatement(this.db, sql`\n      INSERT INTO identity_edge_node (\n        id, display_name, token_hash, service_token_hash,\n        node_type, public_url,\n        connectivity_status, created_at, updated_at\n      )\n      VALUES (\n        ${nodeId}, ${options.displayName ?? null}, ${nodeTokenHash}, ${serviceToken},\n        'sp', ${options.publicUrl}, 'unknown', ${ts}, ${ts}\n      )\n      ON CONFLICT (id) DO UPDATE SET\n        display_name = EXCLUDED.display_name,\n        token_hash = EXCLUDED.token_hash,\n        service_token_hash = EXCLUDED.service_token_hash,\n        public_url = EXCLUDED.public_url,\n        updated_at = EXCLUDED.updated_at\n    `);\n\n    return {\n      nodeId,\n      nodeToken,\n      serviceToken,\n      createdAt: now.toISOString(),\n    };\n  }\n\n  /**\n   * Get SP node info by nodeId.\n   */\n  public async getSpNode(nodeId: string): Promise<SpNodeInfo | undefined> {\n    const result = await executeQuery(this.db, sql`\n      SELECT id, display_name, public_url, service_token_hash, last_seen\n      FROM identity_edge_node\n      WHERE id = ${nodeId} AND node_type = 'sp'\n      LIMIT 1\n    `);\n\n    if (result.rows.length === 0) {\n      return undefined;\n    }\n\n    const row = result.rows[0] as any;\n    return {\n      nodeId: String(row.id),\n      displayName: row.display_name == null ? undefined : String(row.display_name),\n      publicUrl: String(row.public_url ?? ''),\n      serviceTokenHash: String(row.service_token_hash ?? ''),\n      lastSeen: fromDbTimestamp(row.last_seen),\n    };\n  }\n}\n"]}
+{"version":3,"file":"EdgeNodeRepository.js","sourceRoot":"","sources":["../../../src/identity/drizzle/EdgeNodeRepository.ts"],"names":[],"mappings":";;;AAAA,6CAAmF;AACnF,6CAAsC;AAEtC,6BAAsF;AACtF,qCAAqC;AAmDrC,MAAa,kBAAkB;IAC7B,YAAoC,EAAoB;QAApB,OAAE,GAAF,EAAE,CAAkB;IAAG,CAAC;IAErD,KAAK,CAAC,SAAS;QACpB,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;;;;;;;;;;;;;;KAgB7C,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAmB,EAAE;YACnD,MAAM,SAAS,GAAG,IAAA,oBAAe,EAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,IAAA,oBAAe,EAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAClD,MAAM,QAAQ,GAAG,IAAA,oBAAe,EAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAChD,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtB,WAAW,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC;gBAC5E,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAA6B;gBACjH,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,CAAC;gBACpC,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE;gBACnC,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE;gBACnC,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE;gBACjC,QAAQ,EAAE,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,IAAI,IAAI,CAAC;aAC/F,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,WAAoB,EAAE,UAAmB;QAC/D,MAAM,MAAM,GAAG,IAAA,wBAAU,GAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,IAAA,kBAAa,EAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QAEvC,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;gBAEvB,MAAM,KAAK,WAAW,IAAI,IAAI,KAAK,SAAS,KAAK,EAAE,KAAK,EAAE;KACrE,CAAC,CAAC;QAEH,OAAO;YACL,MAAM;YACN,KAAK;YACL,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE;SAC7B,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,YAAY,CAAC,OAAe;QACvC,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,MAAc;QACvC,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;mBAG/B,MAAM;;KAEpB,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,WAAW,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC;YAC5E,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;YACvC,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAA6B;YACjH,QAAQ,EAAE,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,IAAI,IAAI,CAAC;SAC/F,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,MAAc,EAAE,QAAwC,EAAE,SAAe;QACxG,MAAM,OAAO,GAAG,QAAQ,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACnE,MAAM,EAAE,GAAG,IAAA,kBAAa,EAAC,IAAI,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;QAE7C,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;uBAEhB,OAAO;wBACN,EAAE;yBACD,EAAE;mBACR,MAAM;KACpB,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,OAO3C;QACC,MAAM,mBAAmB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC/F,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,IAAA,kBAAa,EAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QAEvC,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;0BAEb,OAAO,CAAC,UAAU;mBACzB,OAAO,CAAC,IAAI,IAAI,IAAI;0BACb,OAAO,CAAC,UAAU,IAAI,IAAI;wBAC5B,OAAO,CAAC,SAAS,IAAI,IAAI;kCACf,OAAO,CAAC,kBAAkB,IAAI,SAAS;2BAC9C,mBAAmB;sCACR,EAAE;yBACf,EAAE;mBACR,MAAM;KACpB,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAAC,MAAc;QASjD,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;;mBAI/B,MAAM;;KAEpB,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,UAAU,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;YACjE,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;YAC7C,UAAU,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;YACjE,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;YAC5D,kBAAkB,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,SAAS;YACzF,qBAAqB,EAAE,IAAA,oBAAe,EAAC,GAAG,CAAC,uBAAuB,CAAC;SACpE,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,iBAAiB,CAAC,MAAc,EAAE,KAA8B;QAC3E,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,QAAQ,MAAM,YAAY,CAAC,CAAC;QAC9C,CAAC;QAED,6BAA6B;QAC7B,MAAM,MAAM,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,GAAG,KAAK,EAAE,CAAC;QACzD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,EAAE,GAAG,IAAA,kBAAa,EAAC,IAAI,CAAC,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;QAE9C,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;uBAEhB,OAAO;yBACL,EAAE;mBACR,MAAM;KACpB,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,MAAc;QACzC,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;mBAG/B,MAAM;;KAEpB,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,QAAQ,EAAE,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,IAAI,IAAI,CAAC;YAC9F,QAAQ,EAAE,IAAA,oBAAe,EAAC,GAAG,CAAC,SAAS,CAAC;SACzC,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,MAAc,EAAE,IAAc;QACzD,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,EAAoB,EAAE,EAAE;YACvD,MAAM,EAAE,CAAC,OAAO,CAAC,IAAA,iBAAG,EAAA,sDAAsD,MAAM,EAAE,CAAC,CAAC;YACpF,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,iBAAG,EAAA,IAAI,MAAM,KAAK,OAAO,GAAG,CAAC,CAAC;gBACnE,MAAM,EAAE,CAAC,OAAO,CAAC,IAAA,iBAAG,EAAA;;mBAET,iBAAG,CAAC,IAAI,CAAC,MAAM,EAAE,IAAA,iBAAG,EAAA,IAAI,CAAC;;SAEnC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,sBAAsB,CAAC,IAAY;QAC9C,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;;;;;cAOpC,IAAI;;;KAGb,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;YAC7B,UAAU,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;YACjE,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,IAAI;SAC/B,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,QAAgB;QAC/C,MAAM,UAAU,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACjD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;0BAGxB,UAAU;;KAE/B,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,UAAU,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;YACjE,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,IAAI;YAC9B,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;SAC7D,CAAC;IACJ,CAAC;IAEM,YAAY,CAAC,SAAiB,EAAE,KAAa;QAClD,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YAChD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;YAC3D,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;gBACtC,OAAO,KAAK,CAAC;YACf,CAAC;YACD,OAAO,IAAA,6BAAe,EAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,mBAAmB,CAAC,MAAc;QAQ7C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE;aACtB,MAAM,CAAC;YACN,EAAE,EAAE,kBAAS,CAAC,EAAE;YAChB,YAAY,EAAE,kBAAS,CAAC,YAAY;YACpC,QAAQ,EAAE,kBAAS,CAAC,QAAQ;YAC5B,UAAU,EAAE,kBAAS,CAAC,UAAU;YAChC,QAAQ,EAAE,kBAAS,CAAC,QAAQ;YAC5B,kBAAkB,EAAE,kBAAS,CAAC,kBAAkB;SACjD,CAAC;aACD,IAAI,CAAC,kBAAS,CAAC;aACf,KAAK,CAAC,IAAA,gBAAE,EAAC,kBAAS,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;aAC/B,KAAK,CAAC,CAAC,CAAC,CAAC;QAEZ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACpB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAA0C,CAAC;QAEjE,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,YAAY,EAAE,IAAI,CAAC,YAA8C;YACjE,kBAAkB,EAAE,QAAQ,EAAE,YAAwB,IAAI,IAAI;YAC9D,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;SAC5C,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,oBAAoB;QAQ/B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE;aACvB,MAAM,CAAC;YACN,EAAE,EAAE,kBAAS,CAAC,EAAE;YAChB,YAAY,EAAE,kBAAS,CAAC,YAAY;YACpC,QAAQ,EAAE,kBAAS,CAAC,QAAQ;YAC5B,UAAU,EAAE,kBAAS,CAAC,UAAU;YAChC,QAAQ,EAAE,kBAAS,CAAC,QAAQ;YAC5B,kBAAkB,EAAE,kBAAS,CAAC,kBAAkB;SACjD,CAAC;aACD,IAAI,CAAC,kBAAS,CAAC;aACf,OAAO,CAAC,kBAAS,CAAC,QAAQ,CAAC,CAAC;QAE/B,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAmB,EAAE,EAAE;YACtC,MAAM,QAAQ,GAAG,GAAG,CAAC,QAA0C,CAAC;YAEhE,OAAO;gBACL,MAAM,EAAE,GAAG,CAAC,EAAE;gBACd,YAAY,EAAE,GAAG,CAAC,YAA8C;gBAChE,kBAAkB,EAAE,QAAQ,EAAE,YAAwB,IAAI,IAAI;gBAC9D,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,kBAAkB,EAAE,GAAG,CAAC,kBAAkB;aAC3C,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,gDAAgD;IAEhD;;;OAGG;IACI,KAAK,CAAC,kBAAkB,CAAC,OAK/B;QACC,MAAM,KAAK,GAAG,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,0CAA0C;QAErF,oDAAoD;QACpD,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;;;;UAM7B,OAAO,CAAC,MAAM,KAAK,OAAO,CAAC,WAAW,IAAI,IAAI,KAAK,SAAS;UAC5D,OAAO,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,gBAAgB,GAAG,KAAK,GAAG,KAAK,GAAG;;;;;;;;KAQnF,CAAC,CAAC;QAEH,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC;IAC3C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,yBAAyB,CACpC,MAAc,EACd,UAAkB,EAClB,YAAoB,EACpB,SAAe;QAEf,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,0CAA0C;QAC7F,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;0BAEb,UAAU;4BACR,YAAY;wBAChB,EAAE;yBACD,EAAE;;mBAER,MAAM;KACpB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,eAAe;QAC1B,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;;;KAK7C,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAkB,EAAE,CAAC,CAAC;YACpD,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,WAAW,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC;YAC5E,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;YACzC,YAAY,EAAE,MAAM,CAAC,GAAG,CAAC,aAAa,IAAI,CAAC,CAAC;YAC5C,kBAAkB,EAAE,CAAC,GAAG,CAAC,mBAAmB,IAAI,SAAS,CAA4C;YACrG,QAAQ,EAAE,IAAA,oBAAe,EAAC,GAAG,CAAC,SAAS,CAAC;SACzC,CAAC,CAAC,CAAC;IACN,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa,CAAC,MAAc;QACvC,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;mBAG/B,MAAM;;KAEpB,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,WAAW,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC;YAC5E,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;YACzC,YAAY,EAAE,MAAM,CAAC,GAAG,CAAC,aAAa,IAAI,CAAC,CAAC;YAC5C,kBAAkB,EAAE,CAAC,GAAG,CAAC,mBAAmB,IAAI,SAAS,CAA4C;YACrG,QAAQ,EAAE,IAAA,oBAAe,EAAC,GAAG,CAAC,SAAS,CAAC;SACzC,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,wBAAwB,CAAC,UAAkB,EAAE,YAAoB;QAC5E,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;qDAGG,UAAU,wBAAwB,YAAY;;KAE9F,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,WAAW,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC;YAC5E,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;YACzC,YAAY,EAAE,MAAM,CAAC,GAAG,CAAC,aAAa,IAAI,CAAC,CAAC;YAC5C,kBAAkB,EAAE,CAAC,GAAG,CAAC,mBAAmB,IAAI,SAAS,CAA4C;YACrG,QAAQ,EAAE,IAAA,oBAAe,EAAC,GAAG,CAAC,SAAS,CAAC;SACzC,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,yBAAyB,CAAC,MAAc;QACnD,MAAM,EAAE,GAAG,IAAA,kBAAa,EAAC,IAAI,CAAC,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;QAC9C,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;yBAGd,EAAE;mBACR,MAAM;KACpB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,gBAAgB,CAAC,MAAc;QAC1C,4FAA4F;QAC5F,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;mBAEpB,MAAM;KACpB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uDAAuD;IAEvD;;OAEG;IACI,KAAK,CAAC,kBAAkB,CAAC,SAAiB;QAS/C,KAAK,SAAS,CAAC;QACf,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,UAAU,CAAC,MAAc;QACpC,+BAA+B;QAC/B,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;2DACoB,MAAM;KAC5D,CAAC,CAAC;QAEH,uBAAuB;QACvB,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;mBAE/B,MAAM;;KAEpB,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;IAChC,CAAC;IAED,+DAA+D;IAE/D;;;;;;OAMG;IACI,KAAK,CAAC,cAAc,CAAC,OAS3B;QACC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAA,wBAAU,GAAE,CAAC;QAC9C,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC7E,MAAM,aAAa,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC3E,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACnF,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,IAAA,kBAAa,EAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QAEvC,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;;;;;UAO7B,MAAM,KAAK,OAAO,CAAC,WAAW,IAAI,IAAI,KAAK,aAAa,KAAK,YAAY;gBACnE,OAAO,CAAC,SAAS,gBAAgB,EAAE,KAAK,EAAE;;;;;;;;KAQrD,CAAC,CAAC;QAEH,OAAO;YACL,MAAM;YACN,SAAS;YACT,YAAY;YACZ,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE;SAC7B,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,SAAS,CAAC,MAAc;QACnC,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;mBAG/B,MAAM;;KAEpB,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,WAAW,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC;YAC5E,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;YACvC,gBAAgB,EAAE,MAAM,CAAC,GAAG,CAAC,kBAAkB,IAAI,EAAE,CAAC;YACtD,QAAQ,EAAE,IAAA,oBAAe,EAAC,GAAG,CAAC,SAAS,CAAC;SACzC,CAAC;IACJ,CAAC;CACF;AA3mBD,gDA2mBC","sourcesContent":["import { randomBytes, randomUUID, createHash, timingSafeEqual } from 'node:crypto';\nimport { sql, eq } from 'drizzle-orm';\nimport type { IdentityDatabase } from './db';\nimport { executeStatement, executeQuery, toDbTimestamp, fromDbTimestamp } from './db';\nimport { edgeNodes } from './schema';\n\nexport interface EdgeNodeSummary {\n  nodeId: string;\n  displayName?: string;\n  nodeType: 'center' | 'edge' | 'sp';\n  podCount: number;\n  createdAt?: string;\n  updatedAt?: string;\n  lastSeen?: string;\n  metadata?: Record<string, unknown> | null;\n}\n\nexport interface CreateEdgeNodeResult {\n  nodeId: string;\n  token: string;\n  createdAt: string;\n}\n\nexport interface EdgeNodeSecret {\n  nodeId: string;\n  displayName?: string;\n  tokenHash: string;\n  nodeType: 'center' | 'edge' | 'sp';\n  metadata?: Record<string, unknown> | null;\n}\n\nexport interface CenterNodeInfo {\n  nodeId: string;\n  displayName?: string;\n  internalIp: string;\n  internalPort: number;\n  connectivityStatus: 'unknown' | 'reachable' | 'unreachable';\n  lastSeen?: Date;\n}\n\nexport interface CreateSpNodeResult {\n  nodeId: string;\n  nodeToken: string;\n  serviceToken: string;\n  createdAt: string;\n}\n\nexport interface SpNodeInfo {\n  nodeId: string;\n  displayName?: string;\n  publicUrl: string;\n  serviceTokenHash: string;\n  lastSeen?: Date;\n}\n\nexport class EdgeNodeRepository {\n  public constructor(private readonly db: IdentityDatabase) {}\n\n  public async listNodes(): Promise<EdgeNodeSummary[]> {\n    const result = await executeQuery(this.db, sql`\n      SELECT en.id,\n             en.display_name,\n             en.node_type,\n             en.created_at,\n             en.updated_at,\n             en.last_seen,\n             en.metadata,\n             COALESCE(pods.count, 0) AS pod_count\n      FROM identity_edge_node en\n      LEFT JOIN (\n        SELECT node_id, COUNT(*) AS count\n        FROM identity_edge_node_pod\n        GROUP BY node_id\n      ) pods ON pods.node_id = en.id\n      ORDER BY en.created_at ASC\n    `);\n\n    return result.rows.map((row: any): EdgeNodeSummary => {\n      const createdAt = fromDbTimestamp(row.created_at);\n      const updatedAt = fromDbTimestamp(row.updated_at);\n      const lastSeen = fromDbTimestamp(row.last_seen);\n      return {\n        nodeId: String(row.id),\n        displayName: row.display_name == null ? undefined : String(row.display_name),\n        nodeType: (['center', 'edge', 'sp'].includes(row.node_type) ? row.node_type : 'edge') as 'center' | 'edge' | 'sp',\n        podCount: Number(row.pod_count ?? 0),\n        createdAt: createdAt?.toISOString(),\n        updatedAt: updatedAt?.toISOString(),\n        lastSeen: lastSeen?.toISOString(),\n        metadata: typeof row.metadata === 'string' ? JSON.parse(row.metadata) : (row.metadata ?? null),\n      };\n    });\n  }\n\n  public async createNode(displayName?: string, _accountId?: string): Promise<CreateEdgeNodeResult> {\n    const nodeId = randomUUID();\n    const token = randomBytes(32).toString('base64url');\n    const tokenHash = createHash('sha256').update(token).digest('hex');\n    const now = new Date();\n    const ts = toDbTimestamp(this.db, now);\n\n    await executeStatement(this.db, sql`\n      INSERT INTO identity_edge_node (id, display_name, token_hash, created_at, updated_at)\n      VALUES (${nodeId}, ${displayName ?? null}, ${tokenHash}, ${ts}, ${ts})\n    `);\n\n    return {\n      nodeId,\n      token,\n      createdAt: now.toISOString(),\n    };\n  }\n\n  /**\n   * Node/account 关系待产品化后单独建模；当前阶段不再在节点表上持久化账号归属。\n   */\n  public async getNodeOwner(_nodeId: string): Promise<string | undefined> {\n    return undefined;\n  }\n\n  public async getNodeSecret(nodeId: string): Promise<EdgeNodeSecret | undefined> {\n    const result = await executeQuery(this.db, sql`\n      SELECT id, display_name, token_hash, node_type, metadata\n      FROM identity_edge_node\n      WHERE id = ${nodeId}\n      LIMIT 1\n    `);\n    if (result.rows.length === 0) {\n      return undefined;\n    }\n    const row = result.rows[0] as any;\n    return {\n      nodeId: String(row.id),\n      displayName: row.display_name == null ? undefined : String(row.display_name),\n      tokenHash: String(row.token_hash ?? ''),\n      nodeType: (['center', 'edge', 'sp'].includes(row.node_type) ? row.node_type : 'edge') as 'center' | 'edge' | 'sp',\n      metadata: typeof row.metadata === 'string' ? JSON.parse(row.metadata) : (row.metadata ?? null),\n    };\n  }\n\n  public async updateNodeHeartbeat(nodeId: string, metadata: Record<string, unknown> | null, timestamp: Date): Promise<void> {\n    const payload = metadata == null ? null : JSON.stringify(metadata);\n    const ts = toDbTimestamp(this.db, timestamp);\n\n    await executeStatement(this.db, sql`\n      UPDATE identity_edge_node\n      SET metadata = ${payload},\n          last_seen = ${ts},\n          updated_at = ${ts}\n      WHERE id = ${nodeId}\n    `);\n  }\n\n  public async updateNodeMode(nodeId: string, options: {\n    accessMode: 'direct' | 'proxy';\n    ipv4?: string;\n    publicPort?: number;\n    subdomain?: string;\n    connectivityStatus?: 'unknown' | 'reachable' | 'unreachable';\n    capabilities?: Record<string, unknown>;\n  }): Promise<void> {\n    const capabilitiesPayload = options.capabilities ? JSON.stringify(options.capabilities) : null;\n    const now = new Date();\n    const ts = toDbTimestamp(this.db, now);\n\n    await executeStatement(this.db, sql`\n      UPDATE identity_edge_node\n      SET access_mode = ${options.accessMode},\n          ipv4 = ${options.ipv4 ?? null},\n          public_port = ${options.publicPort ?? null},\n          subdomain = ${options.subdomain ?? null},\n          connectivity_status = ${options.connectivityStatus ?? 'unknown'},\n          capabilities = ${capabilitiesPayload},\n          last_connectivity_check = ${ts},\n          updated_at = ${ts}\n      WHERE id = ${nodeId}\n    `);\n  }\n\n  public async getNodeConnectivityInfo(nodeId: string): Promise<{\n    nodeId: string;\n    accessMode?: string;\n    ipv4?: string;\n    publicPort?: number;\n    subdomain?: string;\n    connectivityStatus?: string;\n    lastConnectivityCheck?: Date;\n  } | undefined> {\n    const result = await executeQuery(this.db, sql`\n      SELECT id, access_mode, ipv4, public_port, subdomain,\n             connectivity_status, last_connectivity_check\n      FROM identity_edge_node\n      WHERE id = ${nodeId}\n      LIMIT 1\n    `);\n\n    if (result.rows.length === 0) {\n      return undefined;\n    }\n\n    const row = result.rows[0] as any;\n    return {\n      nodeId: String(row.id),\n      accessMode: row.access_mode ? String(row.access_mode) : undefined,\n      ipv4: row.ipv4 ? String(row.ipv4) : undefined,\n      publicPort: row.public_port ? Number(row.public_port) : undefined,\n      subdomain: row.subdomain ? String(row.subdomain) : undefined,\n      connectivityStatus: row.connectivity_status ? String(row.connectivity_status) : undefined,\n      lastConnectivityCheck: fromDbTimestamp(row.last_connectivity_check),\n    };\n  }\n\n  public async mergeNodeMetadata(nodeId: string, patch: Record<string, unknown>): Promise<void> {\n    // Read current metadata\n    const current = await this.getNodeMetadata(nodeId);\n    if (!current) {\n      throw new Error(`Node ${nodeId} not found`);\n    }\n\n    // Merge in application layer\n    const merged = { ...(current.metadata ?? {}), ...patch };\n    const payload = JSON.stringify(merged);\n    const ts = toDbTimestamp(this.db, new Date());\n\n    await executeStatement(this.db, sql`\n      UPDATE identity_edge_node\n      SET metadata = ${payload},\n          updated_at = ${ts}\n      WHERE id = ${nodeId}\n    `);\n  }\n\n  public async getNodeMetadata(nodeId: string): Promise<{ nodeId: string; metadata: Record<string, unknown> | null; lastSeen?: Date } | undefined> {\n    const result = await executeQuery(this.db, sql`\n      SELECT id, metadata, last_seen\n      FROM identity_edge_node\n      WHERE id = ${nodeId}\n      LIMIT 1\n    `);\n    if (result.rows.length === 0) {\n      return undefined;\n    }\n    const row = result.rows[0] as any;\n    return {\n      nodeId: String(row.id),\n      metadata: typeof row.metadata === 'string' ? JSON.parse(row.metadata) : (row.metadata ?? null),\n      lastSeen: fromDbTimestamp(row.last_seen),\n    };\n  }\n\n  public async replaceNodePods(nodeId: string, pods: string[]): Promise<void> {\n    await this.db.transaction(async (tx: IdentityDatabase) => {\n      await tx.execute(sql`DELETE FROM identity_edge_node_pod WHERE node_id = ${nodeId}`);\n      if (pods.length > 0) {\n        const values = pods.map((baseUrl) => sql`(${nodeId}, ${baseUrl})`);\n        await tx.execute(sql`\n          INSERT INTO identity_edge_node_pod (node_id, base_url)\n          VALUES ${sql.join(values, sql`, `)}\n          ON CONFLICT DO NOTHING\n        `);\n      }\n    });\n  }\n\n  public async findNodeByResourcePath(path: string): Promise<{ nodeId: string; baseUrl: string; accessMode?: string; metadata?: Record<string, unknown> | null } | undefined> {\n    const result = await executeQuery(this.db, sql`\n      SELECT en.id,\n             en.access_mode,\n             en.metadata,\n             pods.base_url\n      FROM identity_edge_node_pod pods\n      JOIN identity_edge_node en ON en.id = pods.node_id\n      WHERE ${path} LIKE pods.base_url || '%'\n      ORDER BY length(pods.base_url) DESC\n      LIMIT 1\n    `);\n    if (result.rows.length === 0) {\n      return undefined;\n    }\n    const row = result.rows[0] as any;\n    return {\n      nodeId: String(row.id),\n      baseUrl: String(row.base_url),\n      accessMode: row.access_mode ? String(row.access_mode) : undefined,\n      metadata: row.metadata ?? null,\n    };\n  }\n\n  public async findNodeBySubdomain(hostname: string): Promise<{ nodeId: string; accessMode?: string; metadata?: Record<string, unknown> | null; subdomain?: string } | undefined> {\n    const normalized = hostname.trim().toLowerCase();\n    if (normalized.length === 0) {\n      return undefined;\n    }\n    const result = await executeQuery(this.db, sql`\n      SELECT id, access_mode, metadata, subdomain\n      FROM identity_edge_node\n      WHERE subdomain = ${normalized}\n      LIMIT 1\n    `);\n    if (result.rows.length === 0) {\n      return undefined;\n    }\n    const row = result.rows[0] as any;\n    return {\n      nodeId: String(row.id),\n      accessMode: row.access_mode ? String(row.access_mode) : undefined,\n      metadata: row.metadata ?? null,\n      subdomain: row.subdomain ? String(row.subdomain) : undefined,\n    };\n  }\n\n  public matchesToken(tokenHash: string, token: string): boolean {\n    if (!tokenHash || typeof tokenHash !== 'string') {\n      return false;\n    }\n    try {\n      const expected = Buffer.from(tokenHash, 'hex');\n      const actual = createHash('sha256').update(token).digest();\n      if (expected.length !== actual.length) {\n        return false;\n      }\n      return timingSafeEqual(expected, actual);\n    } catch {\n      return false;\n    }\n  }\n\n  /**\n   * Get node capabilities and related information for admin queries\n   */\n  public async getNodeCapabilities(nodeId: string): Promise<{\n    nodeId: string;\n    capabilities: Record<string, unknown> | null;\n    stringCapabilities: string[] | null;\n    accessMode: string | null;\n    lastSeen: Date | null;\n    connectivityStatus: string | null;\n  } | undefined> {\n    const row = await this.db\n      .select({\n        id: edgeNodes.id,\n        capabilities: edgeNodes.capabilities,\n        metadata: edgeNodes.metadata,\n        accessMode: edgeNodes.accessMode,\n        lastSeen: edgeNodes.lastSeen,\n        connectivityStatus: edgeNodes.connectivityStatus,\n      })\n      .from(edgeNodes)\n      .where(eq(edgeNodes.id, nodeId))\n      .limit(1);\n\n    if (row.length === 0) {\n      return undefined;\n    }\n\n    const node = row[0];\n    const metadata = node.metadata as Record<string, unknown> | null;\n    \n    return {\n      nodeId: node.id,\n      capabilities: node.capabilities as Record<string, unknown> | null,\n      stringCapabilities: metadata?.capabilities as string[] ?? null,\n      accessMode: node.accessMode,\n      lastSeen: node.lastSeen,\n      connectivityStatus: node.connectivityStatus,\n    };\n  }\n\n  /**\n   * List all nodes with their capability information\n   */\n  public async listNodeCapabilities(): Promise<Array<{\n    nodeId: string;\n    capabilities: Record<string, unknown> | null;\n    stringCapabilities: string[] | null;\n    accessMode: string | null;\n    lastSeen: Date | null;\n    connectivityStatus: string | null;\n  }>> {\n    const rows = await this.db\n      .select({\n        id: edgeNodes.id,\n        capabilities: edgeNodes.capabilities,\n        metadata: edgeNodes.metadata,\n        accessMode: edgeNodes.accessMode,\n        lastSeen: edgeNodes.lastSeen,\n        connectivityStatus: edgeNodes.connectivityStatus,\n      })\n      .from(edgeNodes)\n      .orderBy(edgeNodes.lastSeen);\n\n    return rows.map((row: typeof rows[0]) => {\n      const metadata = row.metadata as Record<string, unknown> | null;\n      \n      return {\n        nodeId: row.id,\n        capabilities: row.capabilities as Record<string, unknown> | null,\n        stringCapabilities: metadata?.capabilities as string[] ?? null,\n        accessMode: row.accessMode,\n        lastSeen: row.lastSeen,\n        connectivityStatus: row.connectivityStatus,\n      };\n    });\n  }\n\n  // ============ Center Node Methods ============\n\n  /**\n   * Register or update a center node in the cluster.\n   * Center nodes use the same table as edge nodes but with nodeType='center'.\n   */\n  public async registerCenterNode(options: {\n    nodeId: string;\n    displayName?: string;\n    internalIp: string;\n    internalPort: number;\n  }): Promise<{ nodeId: string; token: string }> {\n    const token = randomBytes(32).toString('base64url');\n    const tokenHash = createHash('sha256').update(token).digest('hex');\n    const now = Math.floor(Date.now() / 1000); // Unix timestamp for SQLite compatibility\n\n    // Use upsert pattern: INSERT ... ON CONFLICT UPDATE\n    await executeStatement(this.db, sql`\n      INSERT INTO identity_edge_node (\n        id, display_name, token_hash, node_type, internal_ip, internal_port,\n        connectivity_status, created_at, updated_at, last_seen\n      )\n      VALUES (\n        ${options.nodeId}, ${options.displayName ?? null}, ${tokenHash}, 'center',\n        ${options.internalIp}, ${options.internalPort}, 'unknown', ${now}, ${now}, ${now}\n      )\n      ON CONFLICT (id) DO UPDATE SET\n        display_name = EXCLUDED.display_name,\n        internal_ip = EXCLUDED.internal_ip,\n        internal_port = EXCLUDED.internal_port,\n        updated_at = EXCLUDED.updated_at,\n        last_seen = EXCLUDED.last_seen\n    `);\n\n    return { nodeId: options.nodeId, token };\n  }\n\n  /**\n   * Update center node heartbeat with internal endpoint info.\n   */\n  public async updateCenterNodeHeartbeat(\n    nodeId: string,\n    internalIp: string,\n    internalPort: number,\n    timestamp: Date,\n  ): Promise<void> {\n    const ts = Math.floor(timestamp.getTime() / 1000); // Unix timestamp for SQLite compatibility\n    await executeStatement(this.db, sql`\n      UPDATE identity_edge_node\n      SET internal_ip = ${internalIp},\n          internal_port = ${internalPort},\n          last_seen = ${ts},\n          updated_at = ${ts},\n          connectivity_status = 'reachable'\n      WHERE id = ${nodeId} AND node_type = 'center'\n    `);\n  }\n\n  /**\n   * List all center nodes in the cluster.\n   */\n  public async listCenterNodes(): Promise<CenterNodeInfo[]> {\n    const result = await executeQuery(this.db, sql`\n      SELECT id, display_name, internal_ip, internal_port, connectivity_status, last_seen\n      FROM identity_edge_node\n      WHERE node_type = 'center'\n      ORDER BY created_at ASC\n    `);\n\n    return result.rows.map((row: any): CenterNodeInfo => ({\n      nodeId: String(row.id),\n      displayName: row.display_name == null ? undefined : String(row.display_name),\n      internalIp: String(row.internal_ip ?? ''),\n      internalPort: Number(row.internal_port ?? 0),\n      connectivityStatus: (row.connectivity_status ?? 'unknown') as 'unknown' | 'reachable' | 'unreachable',\n      lastSeen: fromDbTimestamp(row.last_seen),\n    }));\n  }\n\n  /**\n   * Get a specific center node by ID.\n   */\n  public async getCenterNode(nodeId: string): Promise<CenterNodeInfo | undefined> {\n    const result = await executeQuery(this.db, sql`\n      SELECT id, display_name, internal_ip, internal_port, connectivity_status, last_seen\n      FROM identity_edge_node\n      WHERE id = ${nodeId} AND node_type = 'center'\n      LIMIT 1\n    `);\n\n    if (result.rows.length === 0) {\n      return undefined;\n    }\n\n    const row = result.rows[0] as any;\n    return {\n      nodeId: String(row.id),\n      displayName: row.display_name == null ? undefined : String(row.display_name),\n      internalIp: String(row.internal_ip ?? ''),\n      internalPort: Number(row.internal_port ?? 0),\n      connectivityStatus: (row.connectivity_status ?? 'unknown') as 'unknown' | 'reachable' | 'unreachable',\n      lastSeen: fromDbTimestamp(row.last_seen),\n    };\n  }\n\n  /**\n   * Find a center node by its internal endpoint (for routing).\n   */\n  public async findCenterNodeByEndpoint(internalIp: string, internalPort: number): Promise<CenterNodeInfo | undefined> {\n    const result = await executeQuery(this.db, sql`\n      SELECT id, display_name, internal_ip, internal_port, connectivity_status, last_seen\n      FROM identity_edge_node\n      WHERE node_type = 'center' AND internal_ip = ${internalIp} AND internal_port = ${internalPort}\n      LIMIT 1\n    `);\n\n    if (result.rows.length === 0) {\n      return undefined;\n    }\n\n    const row = result.rows[0] as any;\n    return {\n      nodeId: String(row.id),\n      displayName: row.display_name == null ? undefined : String(row.display_name),\n      internalIp: String(row.internal_ip ?? ''),\n      internalPort: Number(row.internal_port ?? 0),\n      connectivityStatus: (row.connectivity_status ?? 'unknown') as 'unknown' | 'reachable' | 'unreachable',\n      lastSeen: fromDbTimestamp(row.last_seen),\n    };\n  }\n\n  /**\n   * Mark a center node as unreachable (for health checks).\n   */\n  public async markCenterNodeUnreachable(nodeId: string): Promise<void> {\n    const ts = toDbTimestamp(this.db, new Date());\n    await executeStatement(this.db, sql`\n      UPDATE identity_edge_node\n      SET connectivity_status = 'unreachable',\n          updated_at = ${ts}\n      WHERE id = ${nodeId} AND node_type = 'center'\n    `);\n  }\n\n  /**\n   * Remove a center node from the cluster.\n   */\n  public async removeCenterNode(nodeId: string): Promise<boolean> {\n    // Note: For SQLite, we can't easily get affected row count, so just execute and return true\n    await executeStatement(this.db, sql`\n      DELETE FROM identity_edge_node\n      WHERE id = ${nodeId} AND node_type = 'center'\n    `);\n    return true;\n  }\n\n  // ============ Account-based Node Methods ============\n\n  /**\n   * List nodes owned by a specific account\n   */\n  public async listNodesByAccount(accountId: string): Promise<Array<{\n    nodeId: string;\n    displayName?: string;\n    capabilities: Record<string, unknown> | null;\n    stringCapabilities: string[] | null;\n    accessMode: string | null;\n    lastSeen: Date | null;\n    connectivityStatus: string | null;\n  }>> {\n    void accountId;\n    return [];\n  }\n\n  /**\n   * Delete a node\n   */\n  public async deleteNode(nodeId: string): Promise<boolean> {\n    // First delete associated pods\n    await executeStatement(this.db, sql`\n      DELETE FROM identity_edge_node_pod WHERE node_id = ${nodeId}\n    `);\n\n    // Then delete the node\n    const result = await executeQuery(this.db, sql`\n      DELETE FROM identity_edge_node\n      WHERE id = ${nodeId}\n      RETURNING id\n    `);\n\n    return result.rows.length > 0;\n  }\n\n  // ============ SP (Storage Provider) Node Methods ============\n\n  /**\n   * Register or update an SP node (UPSERT by nodeId).\n   *\n   * SP 本地生成 deviceId 作为 nodeId，注册时带上来。\n   * 同一 nodeId 重复注册时更新 publicUrl、token 等，保留原记录。\n   * 不传 nodeId 则 Cloud 随机分配。\n   */\n  public async registerSpNode(options: {\n    publicUrl: string;\n    displayName?: string;\n    /** SP 提供的设备 ID，作为 nodeId（不传则随机生成） */\n    nodeId?: string;\n    /** SP 已保存的 nodeToken，重复注册时用于保留旧凭证 */\n    nodeToken?: string;\n    /** SP 提供的 serviceToken，不传则随机生成 */\n    serviceToken?: string;\n  }): Promise<CreateSpNodeResult> {\n    const nodeId = options.nodeId || randomUUID();\n    const nodeToken = options.nodeToken || randomBytes(32).toString('base64url');\n    const nodeTokenHash = createHash('sha256').update(nodeToken).digest('hex');\n    const serviceToken = options.serviceToken || randomBytes(32).toString('base64url');\n    const now = new Date();\n    const ts = toDbTimestamp(this.db, now);\n\n    await executeStatement(this.db, sql`\n      INSERT INTO identity_edge_node (\n        id, display_name, token_hash, service_token_hash,\n        node_type, public_url,\n        connectivity_status, created_at, updated_at\n      )\n      VALUES (\n        ${nodeId}, ${options.displayName ?? null}, ${nodeTokenHash}, ${serviceToken},\n        'sp', ${options.publicUrl}, 'unknown', ${ts}, ${ts}\n      )\n      ON CONFLICT (id) DO UPDATE SET\n        display_name = EXCLUDED.display_name,\n        token_hash = EXCLUDED.token_hash,\n        service_token_hash = EXCLUDED.service_token_hash,\n        public_url = EXCLUDED.public_url,\n        updated_at = EXCLUDED.updated_at\n    `);\n\n    return {\n      nodeId,\n      nodeToken,\n      serviceToken,\n      createdAt: now.toISOString(),\n    };\n  }\n\n  /**\n   * Get SP node info by nodeId.\n   */\n  public async getSpNode(nodeId: string): Promise<SpNodeInfo | undefined> {\n    const result = await executeQuery(this.db, sql`\n      SELECT id, display_name, public_url, service_token_hash, last_seen\n      FROM identity_edge_node\n      WHERE id = ${nodeId} AND node_type = 'sp'\n      LIMIT 1\n    `);\n\n    if (result.rows.length === 0) {\n      return undefined;\n    }\n\n    const row = result.rows[0] as any;\n    return {\n      nodeId: String(row.id),\n      displayName: row.display_name == null ? undefined : String(row.display_name),\n      publicUrl: String(row.public_url ?? ''),\n      serviceTokenHash: String(row.service_token_hash ?? ''),\n      lastSeen: fromDbTimestamp(row.last_seen),\n    };\n  }\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@undefineds.co/xpod",
-  "version": "0.2.14",
+  "version": "0.2.15",
   "description": "Xpod is an extended Community Solid Server, offering rich-feature, production-level Solid Pod and identity management.",
   "repository": "https://github.com/undefinedsco/xpod",
   "author": "developer@undefineds.co",