aios-management-web 0.1.0

package/server/src/services/portal-service.js

@@ -0,0 +1,555 @@
+import AdmZip from "adm-zip";
+
+import { jsonParse, jsonStringify, newAccessToken } from "../db/index.js";
+import { badRequest, conflict, notFound } from "../utils/errors.js";
+import { hashPassword } from "../utils/security.js";
+
+const SLUG_PATTERN = /^[a-z0-9]+(?:-[a-z0-9]+)*$/;
+
+function ensureZipContains(buffer, requiredName) {
+  const zip = new AdmZip(buffer);
+  const names = zip
+    .getEntries()
+    .filter((entry) => !entry.isDirectory)
+    .map((entry) => entry.entryName.replace(/^\/+/, ""));
+
+  if (!names.includes(requiredName)) {
+    throw badRequest(`Zip 包中必须包含顶层文件 ${requiredName}`);
+  }
+}
+
+function parseJsonOrFallback(value, fallback = null) {
+  if (value === undefined || value === null || value === "") {
+    return fallback;
+  }
+
+  return jsonParse(value, fallback);
+}
+
+function getDurationMs(startedAt, completedAt) {
+  if (!startedAt || !completedAt) {
+    return null;
+  }
+
+  const started = new Date(startedAt);
+  const completed = new Date(completedAt);
+  if (Number.isNaN(started.getTime()) || Number.isNaN(completed.getTime())) {
+    return null;
+  }
+
+  return Math.max(0, completed.getTime() - started.getTime());
+}
+
+function validateSlug(value, label) {
+  const normalized = String(value || "").trim();
+  if (!normalized) {
+    throw badRequest(`${label}不能为空`);
+  }
+  if (!SLUG_PATTERN.test(normalized)) {
+    throw badRequest(`${label}需符合 slug 规则：仅允许小写字母、数字和中划线，且不能以中划线开头或结尾`);
+  }
+  return normalized;
+}
+
+function validateUbuntuDirName(value, label) {
+  const normalized = String(value || "").trim();
+  if (!normalized) {
+    throw badRequest(`${label}不能为空`);
+  }
+  if (!SLUG_PATTERN.test(normalized)) {
+    throw badRequest(`${label}需符合 Ubuntu 目录名规则：仅允许小写字母、数字和中划线，且不能以中划线开头或结尾`);
+  }
+  return normalized;
+}
+
+function normalizeUserStatus(value) {
+  const status = String(value || "active").trim();
+  if (status !== "active" && status !== "disabled") {
+    throw badRequest("用户状态只能是 active 或 disabled");
+  }
+  return status;
+}
+
+export class PortalService {
+  constructor({ db, objectStorage, rpcClient, authService }) {
+    this.db = db;
+    this.objectStorage = objectStorage;
+    this.rpcClient = rpcClient;
+    this.authService = authService;
+  }
+
+  getSettings() {
+    return this.db.prepare("SELECT * FROM settings WHERE id = 1").get();
+  }
+
+  listAccessTokens() {
+    return this.db.prepare(`
+      SELECT token, created_at, updated_at
+      FROM access_tokens
+      ORDER BY created_at DESC, token DESC
+    `).all();
+  }
+
+  hasAccessToken(token) {
+    if (!token) {
+      return false;
+    }
+
+    const row = this.db.prepare("SELECT token FROM access_tokens WHERE token = ?").get(token);
+    return Boolean(row);
+  }
+
+  createAccessToken() {
+    const now = new Date().toISOString();
+    let token = "";
+
+    do {
+      token = newAccessToken();
+    } while (this.hasAccessToken(token));
+
+    this.db.prepare(`
+      INSERT INTO access_tokens (
+        token, created_at, updated_at
+      ) VALUES (?, ?, ?)
+    `).run(token, now, now);
+
+    return this.db.prepare(`
+      SELECT token, created_at, updated_at
+      FROM access_tokens
+      WHERE token = ?
+    `).get(token);
+  }
+
+  deleteAccessToken(token) {
+    const normalizedToken = String(token || "").trim();
+    if (!normalizedToken) {
+      throw badRequest("缺少访问令牌");
+    }
+
+    const current = this.db.prepare("SELECT token FROM access_tokens WHERE token = ?").get(normalizedToken);
+    if (!current) {
+      throw notFound("访问令牌不存在");
+    }
+
+    const count = Number(this.db.prepare("SELECT COUNT(*) AS count FROM access_tokens").get()?.count || 0);
+    if (count <= 1) {
+      throw conflict("至少需要保留一个访问令牌");
+    }
+
+    this.db.prepare("DELETE FROM access_tokens WHERE token = ?").run(normalizedToken);
+    return { ok: true };
+  }
+
+  updateSettings(payload) {
+    const current = this.getSettings();
+    const next = {
+      ...current,
+      ...payload,
+      updated_at: new Date().toISOString()
+    };
+    this.db.prepare(`
+      UPDATE settings
+      SET portal_name = ?, brand_subtitle = ?, theme_color = ?, updated_at = ?
+      WHERE id = 1
+    `).run(
+      next.portal_name,
+      next.brand_subtitle,
+      next.theme_color,
+      next.updated_at
+    );
+    return this.getSettings();
+  }
+
+  listManagementRequests({ page = 1, pageSize = 50 } = {}) {
+    const safePage = Math.max(1, Number(page) || 1);
+    const safePageSize = Math.max(1, Math.min(200, Number(pageSize) || 50));
+    const offset = (safePage - 1) * safePageSize;
+    const total = Number(
+      this.db.prepare("SELECT COUNT(*) AS count FROM management_requests").get()?.count || 0
+    );
+    const items = this.db.prepare(`
+      SELECT *
+      FROM management_requests
+      ORDER BY created_at DESC, id DESC
+      LIMIT ? OFFSET ?
+    `).all(safePageSize, offset).map((row) => ({
+      ...row,
+      ok: row.ok === null || row.ok === undefined ? null : Boolean(row.ok),
+      params: parseJsonOrFallback(row.params_json, {}),
+      result: parseJsonOrFallback(row.result_json, null),
+      error: parseJsonOrFallback(row.error_json, null),
+      response_time_ms: getDurationMs(row.created_at, row.completed_at)
+    }));
+
+    return {
+      items,
+      total,
+      page: safePage,
+      pageSize: safePageSize
+    };
+  }
+
+  listUsers(role) {
+    const rows = role
+      ? this.db.prepare("SELECT * FROM users WHERE role = ? ORDER BY updated_at DESC").all(role)
+      : this.db.prepare("SELECT * FROM users ORDER BY role, updated_at DESC").all();
+    return rows.map((row) => this.authService.mapUser(row));
+  }
+
+  assertUserEditable(row) {
+    if (row.is_builtin || row.username === "aios") {
+      throw conflict("默认管理员不支持编辑");
+    }
+  }
+
+  createUser(payload) {
+    if (!payload.username || !payload.display_name || !payload.role) {
+      throw badRequest("缺少必要字段：用户名、显示名或角色");
+    }
+
+    const passwordHash = payload.role === "aios-admin" ? hashPassword(payload.password || "123456") : "";
+    const now = new Date().toISOString();
+    const result = this.db.prepare(`
+      INSERT INTO users (
+        role, username, display_name, status, password_hash,
+        must_change_password, is_builtin, tags_json, created_at, updated_at
+      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `).run(
+      payload.role,
+      payload.username,
+      payload.display_name,
+      normalizeUserStatus(payload.status),
+      passwordHash,
+      payload.role === "aios-admin" ? 1 : 0,
+      0,
+      jsonStringify(payload.tags),
+      now,
+      now
+    );
+    return this.authService.mapUser(
+      this.db.prepare("SELECT * FROM users WHERE id = ?").get(result.lastInsertRowid)
+    );
+  }
+
+  updateUser(userId, payload) {
+    const current = this.db.prepare("SELECT * FROM users WHERE id = ?").get(userId);
+    if (!current) {
+      throw notFound("用户不存在");
+    }
+    this.assertUserEditable(current);
+
+    const next = {
+      ...current,
+      ...payload,
+      status: normalizeUserStatus(payload.status ?? current.status),
+      tags_json: jsonStringify(payload.tags ?? jsonParse(current.tags_json)),
+      updated_at: new Date().toISOString()
+    };
+    this.db.prepare(`
+      UPDATE users
+      SET display_name = ?, status = ?, tags_json = ?, updated_at = ?
+      WHERE id = ?
+    `).run(
+      next.display_name,
+      next.status,
+      next.tags_json,
+      next.updated_at,
+      userId
+    );
+    return this.authService.mapUser(this.db.prepare("SELECT * FROM users WHERE id = ?").get(userId));
+  }
+
+  deleteUser(userId, operatorUserId) {
+    const current = this.db.prepare("SELECT * FROM users WHERE id = ?").get(userId);
+    if (!current) {
+      throw notFound("用户不存在");
+    }
+
+    if (Number(userId) === Number(operatorUserId)) {
+      throw conflict("不允许删除当前登录用户");
+    }
+
+    if (current.is_builtin || current.username === "aios") {
+      throw conflict("默认管理员不支持删除");
+    }
+
+    this.db.prepare("DELETE FROM users WHERE id = ?").run(userId);
+  }
+
+  async persistArtifact({ kind, file, createdBy }) {
+    const upload = await this.objectStorage.uploadAdminArtifact({ kind, file });
+    const result = this.db.prepare(`
+      INSERT INTO artifacts (
+        kind, bucket, object_key, original_name, mime_type, byte_size, created_by, created_at
+      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+    `).run(
+      kind,
+      upload.bucket,
+      upload.objectKey,
+      file.originalname,
+      file.mimetype || "application/octet-stream",
+      file.size,
+      createdBy,
+      new Date().toISOString()
+    );
+    return {
+      id: result.lastInsertRowid,
+      ...upload
+    };
+  }
+
+  listTemplates() {
+    return this.db.prepare(`
+      SELECT
+        t.*,
+        a.original_name AS artifact_name
+      FROM agent_templates t
+      JOIN artifacts a ON a.id = t.artifact_id
+      ORDER BY t.updated_at DESC
+    `).all().map((row) => ({
+      ...row,
+      is_builtin: Boolean(row.is_builtin),
+      agent_slugs: this.db.prepare(`
+        SELECT slug
+        FROM agents
+        WHERE template_name = ?
+        ORDER BY slug
+      `).all(row.template_name).map((item) => item.slug),
+      remote_result: jsonParse(row.remote_result_json, {})
+    }));
+  }
+
+  async createTemplate({ templateName, description, file, createdBy }) {
+    templateName = validateUbuntuDirName(templateName, "模板名称");
+    if (!file) {
+      throw badRequest("模板名称和模板文件不能为空");
+    }
+
+    ensureZipContains(file.buffer, "AGENTS.md");
+    const artifact = await this.persistArtifact({ kind: "template", file, createdBy });
+    const remoteResult = await this.rpcClient.call("agent.template.create", {
+      templateName,
+      bucket: artifact.bucket,
+      objectKey: artifact.objectKey,
+      replace: true
+    });
+    const now = new Date().toISOString();
+    this.db.prepare(`
+      INSERT INTO agent_templates (
+        template_name, description, artifact_id, remote_status, remote_result_json, created_at, updated_at
+      ) VALUES (?, ?, ?, ?, ?, ?, ?)
+      ON CONFLICT(template_name) DO UPDATE SET
+        description = excluded.description,
+        artifact_id = excluded.artifact_id,
+        remote_status = excluded.remote_status,
+        remote_result_json = excluded.remote_result_json,
+        updated_at = excluded.updated_at
+    `).run(
+      templateName,
+      description || "",
+      artifact.id,
+      "ready",
+      JSON.stringify(remoteResult ?? {}),
+      now,
+      now
+    );
+    return this.listTemplates().find((item) => item.template_name === templateName);
+  }
+
+  async deleteTemplate(templateName) {
+    const existing = this.db.prepare("SELECT * FROM agent_templates WHERE template_name = ?").get(templateName);
+    if (!existing) {
+      throw notFound("模板不存在");
+    }
+
+    if (existing.is_builtin) {
+      throw conflict("内置模板不允许删除");
+    }
+
+    const usageCount = Number(this.db.prepare(`
+      SELECT COUNT(*) AS count
+      FROM agents
+      WHERE template_name = ?
+    `).get(templateName)?.count || 0);
+    if (usageCount > 0) {
+      throw conflict("模板仍被数字员工使用，无法删除");
+    }
+
+    await this.rpcClient.call("agent.template.delete", { templateName });
+    this.db.prepare("DELETE FROM agent_templates WHERE template_name = ?").run(templateName);
+    return { ok: true };
+  }
+
+  listSkills() {
+    return this.db.prepare(`
+      SELECT
+        s.*,
+        a.original_name AS artifact_name
+      FROM skills s
+      LEFT JOIN artifacts a ON a.id = s.artifact_id
+      ORDER BY s.updated_at DESC
+    `).all().map((row) => ({
+      ...row,
+      is_builtin: Boolean(row.is_builtin),
+      agent_slugs: this.db.prepare(`
+        SELECT ag.slug
+        FROM agent_skill_bindings b
+        JOIN agents ag ON ag.id = b.agent_id
+        WHERE b.skill_id = ?
+        ORDER BY ag.slug
+      `).all(row.id).map((item) => item.slug)
+    }));
+  }
+
+  async createSkill({ payload, file, createdBy }) {
+    const slug = validateSlug(payload.slug, "技能ID");
+    if (!file) {
+      throw badRequest("请上传技能 zip 文件");
+    }
+
+    ensureZipContains(file.buffer, "SKILL.md");
+    const artifact = await this.persistArtifact({ kind: "skill", file, createdBy });
+
+    await this.rpcClient.call("skills.global.install.local", {
+      slug,
+      bucket: artifact.bucket,
+      objectKey: artifact.objectKey,
+      force: false
+    });
+    const remoteStatus = "installed";
+
+    const now = new Date().toISOString();
+    const result = this.db.prepare(`
+      INSERT INTO skills (
+        slug, description, artifact_id, remote_status, created_at, updated_at
+      ) VALUES (?, ?, ?, ?, ?, ?)
+    `).run(
+      slug,
+      payload.description || "",
+      artifact.id,
+      remoteStatus,
+      now,
+      now
+    );
+
+    const skillId = result.lastInsertRowid;
+    return this.listSkills().find((item) => item.id === skillId);
+  }
+
+  async updateSkill(skillId, { payload, file, createdBy }) {
+    const current = this.db.prepare("SELECT * FROM skills WHERE id = ?").get(skillId);
+    if (!current) {
+      throw notFound("技能不存在");
+    }
+    const slug = validateSlug(current.slug, "技能ID");
+    if (!file) {
+      throw badRequest("请上传技能 zip 文件");
+    }
+
+    ensureZipContains(file.buffer, "SKILL.md");
+    const artifact = await this.persistArtifact({ kind: "skill", file, createdBy });
+
+    const next = {
+      ...current,
+      ...payload,
+      artifact_id: artifact.id,
+      updated_at: new Date().toISOString()
+    };
+
+    await this.rpcClient.call("skills.global.install.local", {
+      slug,
+      bucket: artifact.bucket,
+      objectKey: artifact.objectKey,
+      force: true
+    });
+    const remoteStatus = "installed";
+
+    this.db.prepare(`
+      UPDATE skills
+      SET description = ?, artifact_id = ?, remote_status = ?, updated_at = ?
+      WHERE id = ?
+    `).run(
+      next.description ?? current.description,
+      next.artifact_id,
+      remoteStatus,
+      next.updated_at,
+      skillId
+    );
+    return this.listSkills().find((item) => item.id === skillId);
+  }
+
+  replaceSkillBindings(skillId, agentSlugs) {
+    this.db.prepare("DELETE FROM agent_skill_bindings WHERE skill_id = ?").run(skillId);
+    const insert = this.db.prepare(`
+      INSERT INTO agent_skill_bindings (agent_id, skill_id)
+      VALUES (?, ?)
+    `);
+    for (const slug of agentSlugs) {
+      const agent = this.db.prepare("SELECT id FROM agents WHERE slug = ?").get(slug);
+      if (agent) {
+        insert.run(agent.id, skillId);
+      }
+    }
+  }
+
+  async deleteSkill(skillId) {
+    const current = this.db.prepare("SELECT * FROM skills WHERE id = ?").get(skillId);
+    if (!current) {
+      throw notFound("技能不存在");
+    }
+
+    if (current.is_builtin) {
+      throw conflict("内置技能不允许删除");
+    }
+
+    if (current.remote_status === "installed") {
+      await this.rpcClient.call("skills.global.delete", { slug: current.slug });
+    }
+
+    this.db.prepare("DELETE FROM skills WHERE id = ?").run(skillId);
+    return { ok: true };
+  }
+
+  getDashboard() {
+    const agentSyncState = this.db.prepare(`
+      SELECT status, last_success_at
+      FROM agent_sync_state
+      WHERE id = 1
+    `).get();
+    const usageRefreshState = this.db.prepare(`
+      SELECT status, last_success_at
+      FROM usage_refresh_state
+      WHERE id = 1
+    `).get();
+    const agentStatsReady = Boolean(agentSyncState?.last_success_at) && agentSyncState?.status === "success";
+    const usageStatsReady = Boolean(usageRefreshState?.last_success_at) && usageRefreshState?.status === "success";
+    const agentCount = this.db.prepare("SELECT COUNT(*) AS count FROM agents").get().count;
+    const templateCount = this.db.prepare("SELECT COUNT(*) AS count FROM agent_templates").get().count;
+    const skillCount = this.db.prepare("SELECT COUNT(*) AS count FROM skills").get().count;
+    const systemCount = this.db.prepare("SELECT COUNT(*) AS count FROM business_systems").get().count;
+    const totalTokenUsage = Number(this.db.prepare(`
+      SELECT COALESCE(SUM(COALESCE(json_extract(usage_snapshot_json, '$.usage.daily'), 0)), 0) AS total
+      FROM agents
+    `).get()?.total || 0);
+    const recentInvocations = this.db.prepare(`
+      SELECT * FROM system_invocation_logs
+      ORDER BY created_at DESC
+      LIMIT 8
+    `).all().map((row) => ({
+      ...row,
+      request_payload: jsonParse(row.request_payload_json, {}),
+      response_payload: jsonParse(row.response_payload_json, {})
+    }));
+
+    return {
+      stats: {
+        agents: agentStatsReady ? agentCount : null,
+        templates: templateCount,
+        skills: skillCount,
+        systems: systemCount,
+        today_tokens: usageStatsReady ? totalTokenUsage : null
+      },
+      recentInvocations
+    };
+  }
+}