npm - @undefineds.co/xpod - Versions diffs - 0.3.31 → 0.3.33 - Mend

@undefineds.co/xpod 0.3.31 → 0.3.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (218) hide show

package/dist/api/handlers/ProvisionHandler.js CHANGED Viewed

@@ -13,13 +13,41 @@
  * GET /provision/status  - Local 端 SP 状态查询（公开）
  *   返回 SP 配置状态，供 Linx 查询
  */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.registerProvisionRoutes = registerProvisionRoutes;
 exports.registerProvisionStatusRoute = registerProvisionStatusRoute;
+exports.createLocalSetupProvisionStateWriter = createLocalSetupProvisionStateWriter;
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+const node_crypto_1 = require("node:crypto");
 const global_logger_factory_1 = require("global-logger-factory");
 const ProvisionCodeCodec_1 = require("../../provision/ProvisionCodeCodec");
 /** 默认 24 小时 */
 const DEFAULT_TTL = 24 * 60 * 60;
+const PROVISION_STATUS_REFRESH_GRACE_SECONDS = 5 * 60;
 function registerProvisionRoutes(server, options) {
     const logger = (0, global_logger_factory_1.getLoggerFor)('ProvisionHandler');
     const { repository, baseUrl, baseStorageDomain } = options;
@@ -32,7 +60,7 @@ function registerProvisionRoutes(server, options) {
      *
      * Request:
      *   {
-     *     publicUrl: string,
+     *     publicUrl?: string,
      *     nodeId?: string,
      *     displayName?: string,
      *     ipv4?: string,
@@ -55,41 +83,70 @@ function registerProvisionRoutes(server, options) {
             sendJson(response, 400, { error: 'Invalid JSON body' });
             return;
         }
-        if (!body.publicUrl) {
-            sendJson(response, 400, { error: 'publicUrl is required' });
-            return;
-        }
-        try {
-            new URL(body.publicUrl);
-        }
-        catch {
-            sendJson(response, 400, { error: 'Invalid publicUrl format' });
-            return;
-        }
         try {
+            const domainMode = body.domainMode === 'self-managed' ? 'self-managed' : 'managed';
+            const requestedManagedDomain = normalizeRequestedManagedDomain(body.spDomain, baseStorageDomain);
+            const shouldAllocateManagedPublicUrl = !body.publicUrl && domainMode === 'managed' && Boolean(baseStorageDomain);
+            const preallocatedNodeId = shouldAllocateManagedPublicUrl
+                ? (body.nodeId ?? (0, node_crypto_1.randomUUID)())
+                : undefined;
+            const preallocatedSubdomainPrefix = preallocatedNodeId
+                ? resolveManagedSubdomainPrefix({
+                    domainMode,
+                    baseStorageDomain,
+                    requestedManagedDomain,
+                    nodeId: preallocatedNodeId,
+                })
+                : undefined;
+            const preallocatedSpDomain = preallocatedSubdomainPrefix
+                ? `${preallocatedSubdomainPrefix}.${baseStorageDomain}`
+                : undefined;
+            const effectivePublicUrl = body.publicUrl ?? derivePublicUrlFromSpDomain(preallocatedSpDomain);
+            if (!effectivePublicUrl) {
+                sendJson(response, 400, { error: 'publicUrl is required' });
+                return;
+            }
+            if (preallocatedSubdomainPrefix && baseStorageDomain && options.ddnsRepo) {
+                const existing = await options.ddnsRepo.getRecord(preallocatedSubdomainPrefix);
+                if (existing?.nodeId && existing.nodeId !== preallocatedNodeId) {
+                    sendJson(response, 409, {
+                        error: 'spDomain already allocated',
+                        spDomain: preallocatedSpDomain,
+                    });
+                    return;
+                }
+            }
+            try {
+                new URL(effectivePublicUrl);
+            }
+            catch {
+                sendJson(response, 400, { error: 'Invalid publicUrl format' });
+                return;
+            }
             const result = await repository.registerSpNode({
-                publicUrl: body.publicUrl,
+                publicUrl: effectivePublicUrl,
                 displayName: body.displayName,
-                nodeId: body.nodeId,
+                nodeId: preallocatedNodeId ?? body.nodeId,
                 nodeToken: body.nodeToken,
                 serviceToken: body.serviceToken,
             });
-            const domainMode = body.domainMode === 'self-managed' ? 'self-managed' : 'managed';
-            const requestedManagedDomain = normalizeRequestedManagedDomain(body.spDomain, baseStorageDomain);
-            const subdomainPrefix = resolveManagedSubdomainPrefix({
-                domainMode,
-                baseStorageDomain,
-                requestedManagedDomain,
-                nodeId: result.nodeId,
-            });
+            const subdomainPrefix = preallocatedSubdomainPrefix
+                ?? resolveManagedSubdomainPrefix({
+                    domainMode,
+                    baseStorageDomain,
+                    requestedManagedDomain,
+                    nodeId: result.nodeId,
+                });
             const spDomain = subdomainPrefix
                 ? `${subdomainPrefix}.${baseStorageDomain}`
                 : undefined;
+            const managedPublicUrl = derivePublicUrlFromSpDomain(spDomain);
+            const provisionSpUrl = body.publicUrl ?? managedPublicUrl ?? effectivePublicUrl;
             const tunnelState = await ensureManagedTunnelState({
                 repository,
                 nodeId: result.nodeId,
                 subdomainPrefix,
-                publicUrl: body.publicUrl,
+                publicUrl: provisionSpUrl,
                 localPort: body.localPort,
                 ipv4: body.ipv4,
                 tunnelToken: body.tunnelToken,
@@ -107,19 +164,22 @@ function registerProvisionRoutes(server, options) {
             }
             // 生成自包含 provisionCode（编码了 SP 信息，CSS 解码后直接回调 SP）
             const provisionCode = codec.encode({
-                spUrl: body.publicUrl,
+                spUrl: provisionSpUrl,
                 serviceToken: result.serviceToken,
                 nodeId: result.nodeId,
                 spDomain,
                 exp: Math.floor(Date.now() / 1000) + ttl,
             });
-            logger.info(`Registered SP node ${result.nodeId} at ${body.publicUrl}${spDomain ? `, spDomain: ${spDomain}` : ''}`);
+            logger.info(`Registered SP node ${result.nodeId} at ${provisionSpUrl}${spDomain ? `, spDomain: ${spDomain}` : ''}`);
             const responseBody = {
                 nodeId: result.nodeId,
                 nodeToken: result.nodeToken,
                 serviceToken: result.serviceToken,
                 provisionCode,
             };
+            if (managedPublicUrl) {
+                responseBody.publicUrl = managedPublicUrl;
+            }
             if (spDomain) {
                 responseBody.spDomain = spDomain;
             }
@@ -222,7 +282,6 @@ async function ensureManagedTunnelState(options) {
             localPort,
             configuredAt: new Date().toISOString(),
         },
-        publicAddress: tunnelConfig.endpoint || publicUrl,
     });
     return {
         mode,
@@ -285,7 +344,6 @@ async function ensureManagedTokenTunnelState(options) {
             configuredAt: new Date().toISOString(),
             source: 'client-token',
         },
-        publicAddress: endpoint || publicUrl,
     });
     return config;
 }
@@ -344,20 +402,79 @@ function readManagedTunnelConfig(metadata) {
 }
 function registerProvisionStatusRoute(server, options) {
     const logger = (0, global_logger_factory_1.getLoggerFor)('ProvisionStatusHandler');
+    const fetchImpl = options.fetchImpl ?? fetch;
+    const now = options.now ?? (() => Date.now());
+    const refreshGraceSeconds = options.refreshGraceSeconds ?? PROVISION_STATUS_REFRESH_GRACE_SECONDS;
+    const state = {
+        provisionCode: options.provisionCode,
+        nodeId: options.nodeId,
+        nodeToken: options.nodeToken,
+        serviceToken: options.serviceToken,
+        publicUrl: normalizeUrl(options.publicUrl),
+        spDomain: options.spDomain,
+    };
+    let refreshPromise;
     server.get('/provision/status', async (_request, response) => {
         const registered = Boolean(options.nodeId && options.cloudUrl);
         const body = {
             registered,
         };
         if (registered) {
+            const canRefresh = canRefreshProvisionStatus(options, state);
+            const currentNow = now();
+            const fresh = isProvisionCodeFresh(state.provisionCode, currentNow, refreshGraceSeconds);
+            const codeState = inspectProvisionCodeExpiration(state.provisionCode);
+            if (!canRefresh && codeState.kind !== 'missing' && !isProvisionCodeUsable(state.provisionCode, currentNow)) {
+                sendJson(response, 503, {
+                    registered: true,
+                    error: 'provision_refresh_unavailable',
+                    message: 'Local provision state is expired and cannot be refreshed. Please restart Local or try again.',
+                });
+                return;
+            }
+            if (canRefresh && !fresh) {
+                let didRefresh = false;
+                refreshPromise ??= refreshProvisionStatus({
+                    options,
+                    state,
+                    fetchImpl,
+                    logger,
+                }).finally(() => {
+                    refreshPromise = undefined;
+                });
+                try {
+                    await refreshPromise;
+                    didRefresh = true;
+                }
+                catch (error) {
+                    logger.warn(`Failed to refresh provisionCode for ${state.nodeId}: ${error}`);
+                    if (!isProvisionCodeUsable(state.provisionCode, now())) {
+                        sendJson(response, 503, {
+                            registered: true,
+                            error: 'provision_refresh_failed',
+                            message: 'Local provision state could not be refreshed. Please restart Local or try again.',
+                        });
+                        return;
+                    }
+                }
+                if (didRefresh) {
+                    await persistProvisionStatusState(options, state, logger);
+                }
+            }
             body.cloudUrl = options.cloudUrl;
-            body.nodeId = options.nodeId;
-            if (options.spDomain) {
-                body.spDomain = options.spDomain;
+            body.nodeId = state.nodeId ?? options.nodeId;
+            if (state.spDomain) {
+                body.spDomain = state.spDomain;
+            }
+            if (state.publicUrl) {
+                body.publicUrl = state.publicUrl;
+            }
+            if (state.provisionCode) {
+                body.provisionCode = state.provisionCode;
             }
             if (options.cloudBaseUrl) {
-                const provisionUrl = options.provisionCode
-                    ? `${options.cloudBaseUrl.replace(/\/$/, '')}/.account/?provisionCode=${encodeURIComponent(options.provisionCode)}`
+                const provisionUrl = state.provisionCode
+                    ? `${options.cloudBaseUrl.replace(/\/$/, '')}/.account/?provisionCode=${encodeURIComponent(state.provisionCode)}`
                     : `${options.cloudBaseUrl.replace(/\/$/, '')}/.account/`;
                 body.provisionUrl = provisionUrl;
             }
@@ -366,6 +483,193 @@ function registerProvisionStatusRoute(server, options) {
     }, { public: true });
     logger.info('Provision status route registered');
 }
+function createLocalSetupProvisionStateWriter(setupPath, providerId) {
+    if (!setupPath?.trim() || !providerId?.trim()) {
+        return undefined;
+    }
+    const targetPath = path.resolve(setupPath);
+    const targetProviderId = providerId.trim();
+    return async (state) => {
+        upsertLocalSetupFile(targetPath, targetProviderId, state);
+    };
+}
+async function persistProvisionStatusState(options, state, logger) {
+    if (!options.persistState || !state.nodeId || !state.nodeToken || !state.serviceToken || !state.provisionCode) {
+        return;
+    }
+    try {
+        await options.persistState({
+            nodeId: state.nodeId,
+            nodeToken: state.nodeToken,
+            serviceToken: state.serviceToken,
+            provisionCode: state.provisionCode,
+            publicUrl: state.publicUrl,
+            spDomain: state.spDomain,
+            cloudUrl: options.cloudUrl,
+            cloudBaseUrl: options.cloudBaseUrl,
+        });
+    }
+    catch (error) {
+        logger.warn(`Failed to persist refreshed local provision state: ${error}`);
+    }
+}
+function upsertLocalSetupFile(filePath, providerId, state) {
+    const existing = readJsonObjectFile(filePath);
+    const previous = readJsonObject(existing[providerId]);
+    const cloudIdentityUrl = normalizeUrl(state.cloudBaseUrl);
+    const cloudApiUrl = normalizeUrl(state.cloudUrl);
+    const provisionUrl = cloudIdentityUrl
+        ? `${cloudIdentityUrl.replace(/\/+$/u, '')}/.account/?provisionCode=${encodeURIComponent(state.provisionCode)}`
+        : readString(previous.provisionUrl);
+    existing[providerId] = {
+        ...previous,
+        nodeId: state.nodeId,
+        nodeToken: state.nodeToken,
+        serviceToken: state.serviceToken,
+        provisionCode: state.provisionCode,
+        publicUrl: normalizeUrl(state.publicUrl),
+        spDomain: readString(state.spDomain),
+        provisionUrl,
+        cloudIdentityUrl,
+        cloudApiUrl,
+        registeredAt: typeof previous.registeredAt === 'number' && Number.isFinite(previous.registeredAt)
+            ? previous.registeredAt
+            : Date.now(),
+    };
+    fs.mkdirSync(path.dirname(filePath), { recursive: true });
+    fs.writeFileSync(filePath, `${JSON.stringify(existing, null, 2)}\n`, { encoding: 'utf8', mode: 0o600 });
+    try {
+        fs.chmodSync(filePath, 0o600);
+    }
+    catch {
+        // Some filesystems do not support chmod; the local runtime can still proceed.
+    }
+}
+function readJsonObjectFile(filePath) {
+    try {
+        if (!fs.existsSync(filePath)) {
+            return {};
+        }
+        return readJsonObject(JSON.parse(fs.readFileSync(filePath, 'utf8')));
+    }
+    catch {
+        return {};
+    }
+}
+function readJsonObject(value) {
+    return value && typeof value === 'object' && !Array.isArray(value)
+        ? value
+        : {};
+}
+function readString(value) {
+    return typeof value === 'string' && value.trim() ? value.trim() : undefined;
+}
+function canRefreshProvisionStatus(options, state) {
+    return Boolean(options.cloudUrl
+        && state.nodeId
+        && state.nodeToken
+        && state.serviceToken
+        && state.publicUrl);
+}
+async function refreshProvisionStatus(options) {
+    const { options: statusOptions, state, fetchImpl, logger } = options;
+    const endpoint = new URL('/provision/nodes', ensureTrailingSlash(statusOptions.cloudUrl)).toString();
+    const requestBody = {
+        publicUrl: state.publicUrl,
+        nodeId: state.nodeId,
+        nodeToken: state.nodeToken,
+        serviceToken: state.serviceToken,
+        domainMode: state.spDomain ? 'managed' : 'self-managed',
+        spDomain: state.spDomain,
+    };
+    if (statusOptions.localPort && statusOptions.localPort > 0) {
+        requestBody.localPort = statusOptions.localPort;
+    }
+    if (statusOptions.tunnelToken) {
+        requestBody.tunnelToken = statusOptions.tunnelToken;
+        requestBody.tunnelMode = 'client';
+    }
+    const result = await fetchImpl(endpoint, {
+        method: 'POST',
+        headers: {
+            Accept: 'application/json',
+            'Content-Type': 'application/json',
+        },
+        body: JSON.stringify(requestBody),
+    });
+    if (!result.ok) {
+        const detail = await result.text().catch(() => '');
+        throw new Error(detail || `HTTP ${result.status}`);
+    }
+    const payload = await result.json().catch(() => undefined);
+    if (!payload
+        || typeof payload.nodeId !== 'string'
+        || typeof payload.nodeToken !== 'string'
+        || typeof payload.serviceToken !== 'string'
+        || typeof payload.provisionCode !== 'string') {
+        throw new Error('Cloud returned an incomplete provision refresh response.');
+    }
+    state.nodeId = payload.nodeId;
+    state.nodeToken = payload.nodeToken;
+    state.serviceToken = payload.serviceToken;
+    state.provisionCode = payload.provisionCode;
+    state.publicUrl = normalizeUrl(payload.publicUrl) ?? state.publicUrl;
+    state.spDomain = typeof payload.spDomain === 'string' ? payload.spDomain : state.spDomain;
+    process.env.XPOD_NODE_ID = state.nodeId;
+    process.env.XPOD_NODE_TOKEN = state.nodeToken;
+    process.env.XPOD_SERVICE_TOKEN = state.serviceToken;
+    process.env.XPOD_PROVISION_CODE = state.provisionCode;
+    if (statusOptions.cloudBaseUrl) {
+        process.env.XPOD_PROVISION_URL = `${statusOptions.cloudBaseUrl.replace(/\/$/u, '')}/.account/?provisionCode=${encodeURIComponent(state.provisionCode)}`;
+    }
+    if (state.spDomain) {
+        process.env.XPOD_SP_DOMAIN = state.spDomain;
+    }
+    logger.info(`Refreshed provisionCode for ${state.nodeId}`);
+}
+function isProvisionCodeFresh(code, nowMs, graceSeconds) {
+    const state = inspectProvisionCodeExpiration(code);
+    return state.kind === 'self-contained' && state.expiresAt > Math.floor(nowMs / 1000) + graceSeconds;
+}
+function isProvisionCodeUsable(code, nowMs) {
+    const state = inspectProvisionCodeExpiration(code);
+    if (state.kind === 'legacy') {
+        return true;
+    }
+    return state.kind === 'self-contained' && state.expiresAt > Math.floor(nowMs / 1000);
+}
+function inspectProvisionCodeExpiration(code) {
+    if (!code) {
+        return { kind: 'missing' };
+    }
+    const dotIndex = code.indexOf('.');
+    if (dotIndex <= 0) {
+        return { kind: 'legacy' };
+    }
+    try {
+        const payload = JSON.parse(Buffer.from(code.slice(0, dotIndex), 'base64url').toString('utf8'));
+        return typeof payload.exp === 'number' && Number.isFinite(payload.exp)
+            ? { kind: 'self-contained', expiresAt: payload.exp }
+            : { kind: 'invalid' };
+    }
+    catch {
+        return { kind: 'invalid' };
+    }
+}
+function ensureTrailingSlash(value) {
+    return value.endsWith('/') ? value : `${value}/`;
+}
+function normalizeUrl(value) {
+    if (!value?.trim()) {
+        return undefined;
+    }
+    try {
+        return new URL(value.trim()).toString().replace(/\/+$/u, '') + '/';
+    }
+    catch {
+        return value.trim().replace(/\/+$/u, '') + '/';
+    }
+}
 async function readJsonBody(request) {
     return new Promise((resolve, reject) => {
         let data = '';
@@ -393,6 +697,9 @@ function sendJson(response, status, data) {
     response.setHeader('Content-Type', 'application/json');
     response.end(JSON.stringify(data));
 }
+function derivePublicUrlFromSpDomain(spDomain) {
+    return spDomain ? `https://${spDomain}/` : undefined;
+}
 function normalizeRequestedManagedDomain(value, baseStorageDomain) {
     if (!value || !baseStorageDomain) {
         return undefined;