codex-endpoint-switcher 1.0.0 → 1.1.0

package/src/web/cloud-sync-server.js

@@ -0,0 +1,419 @@
+const fs = require("node:fs");
+const path = require("node:path");
+const os = require("node:os");
+const { randomBytes, scryptSync, timingSafeEqual } = require("node:crypto");
+const express = require("express");
+const { DatabaseSync } = require("node:sqlite");
+
+const defaultRoot = path.join(os.homedir(), ".codex-cloud-sync");
+const defaultDbPath = path.join(defaultRoot, "cloud-sync.db");
+const defaultHost = process.env.SYNC_SERVER_HOST || "127.0.0.1";
+const defaultPort = Number(process.env.SYNC_SERVER_PORT || 3190);
+const sessionTtlDays = Number(process.env.SYNC_SERVER_SESSION_DAYS || 30);
+
+function wrapAsync(handler) {
+  return async (req, res, next) => {
+    try {
+      const data = await handler(req, res);
+      res.json({ ok: true, data });
+    } catch (error) {
+      next(error);
+    }
+  };
+}
+
+function nowIso() {
+  return new Date().toISOString();
+}
+
+function addDaysToNow(days) {
+  return new Date(Date.now() + days * 24 * 60 * 60 * 1000).toISOString();
+}
+
+function normalizeUsername(value) {
+  const username = String(value || "").trim();
+  if (!username) {
+    throw new Error("账号不能为空。");
+  }
+
+  if (username.length < 3 || username.length > 64) {
+    throw new Error("账号长度需要在 3 到 64 个字符之间。");
+  }
+
+  if (/\s/.test(username)) {
+    throw new Error("账号不能包含空白字符。");
+  }
+
+  return username;
+}
+
+function normalizePassword(value) {
+  const password = String(value || "");
+  if (!password.trim()) {
+    throw new Error("密码不能为空。");
+  }
+
+  if (password.length < 6) {
+    throw new Error("密码至少需要 6 位。");
+  }
+
+  return password;
+}
+
+function hashPassword(password, salt) {
+  return scryptSync(password, salt, 64).toString("base64url");
+}
+
+function verifyPassword(password, salt, expectedHash) {
+  const actual = Buffer.from(hashPassword(password, salt), "base64url");
+  const expected = Buffer.from(String(expectedHash || ""), "base64url");
+
+  if (actual.length !== expected.length) {
+    return false;
+  }
+
+  return timingSafeEqual(actual, expected);
+}
+
+function ensureParentDir(filePath) {
+  fs.mkdirSync(path.dirname(filePath), { recursive: true });
+}
+
+function createDatabase(dbPath) {
+  ensureParentDir(dbPath);
+  const db = new DatabaseSync(dbPath);
+
+  db.exec(`
+    PRAGMA journal_mode = WAL;
+    PRAGMA foreign_keys = ON;
+
+    CREATE TABLE IF NOT EXISTS users (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      username TEXT NOT NULL UNIQUE,
+      password_salt TEXT NOT NULL,
+      password_hash TEXT NOT NULL,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    );
+
+    CREATE TABLE IF NOT EXISTS sessions (
+      token TEXT PRIMARY KEY,
+      user_id INTEGER NOT NULL,
+      expires_at TEXT NOT NULL,
+      created_at TEXT NOT NULL,
+      FOREIGN KEY(user_id) REFERENCES users(id) ON DELETE CASCADE
+    );
+
+    CREATE TABLE IF NOT EXISTS sync_profiles (
+      user_id INTEGER PRIMARY KEY,
+      sync_code TEXT NOT NULL,
+      endpoint_count INTEGER NOT NULL DEFAULT 0,
+      updated_at TEXT NOT NULL,
+      FOREIGN KEY(user_id) REFERENCES users(id) ON DELETE CASCADE
+    );
+  `);
+
+  return db;
+}
+
+function clearExpiredSessions(db) {
+  db.prepare("DELETE FROM sessions WHERE expires_at <= ?").run(nowIso());
+}
+
+function createSession(db, userId) {
+  clearExpiredSessions(db);
+  const token = randomBytes(32).toString("base64url");
+  const createdAt = nowIso();
+  const expiresAt = addDaysToNow(sessionTtlDays);
+
+  db.prepare(
+    `
+      INSERT INTO sessions (token, user_id, expires_at, created_at)
+      VALUES (?, ?, ?, ?)
+    `,
+  ).run(token, userId, expiresAt, createdAt);
+
+  return {
+    token,
+    expiresAt,
+  };
+}
+
+function getUserByUsername(db, username) {
+  return (
+    db
+      .prepare(
+        `
+          SELECT id, username, password_salt AS passwordSalt, password_hash AS passwordHash
+          FROM users
+          WHERE username = ?
+        `,
+      )
+      .get(username) || null
+  );
+}
+
+function getSessionWithUser(db, token) {
+  clearExpiredSessions(db);
+
+  return (
+    db
+      .prepare(
+        `
+          SELECT
+            sessions.token AS token,
+            sessions.expires_at AS expiresAt,
+            users.id AS userId,
+            users.username AS username
+          FROM sessions
+          JOIN users ON users.id = sessions.user_id
+          WHERE sessions.token = ? AND sessions.expires_at > ?
+        `,
+      )
+      .get(token, nowIso()) || null
+  );
+}
+
+function getSyncProfile(db, userId) {
+  return (
+    db
+      .prepare(
+        `
+          SELECT
+            sync_code AS syncCode,
+            endpoint_count AS endpointCount,
+            updated_at AS updatedAt
+          FROM sync_profiles
+          WHERE user_id = ?
+        `,
+      )
+      .get(userId) || null
+  );
+}
+
+function buildAuthMiddleware(db) {
+  return (req, _res, next) => {
+    const authorization = String(req.headers.authorization || "").trim();
+    const matched = authorization.match(/^Bearer\s+(.+)$/i);
+    if (!matched) {
+      const error = new Error("缺少登录令牌。");
+      error.statusCode = 401;
+      next(error);
+      return;
+    }
+
+    const session = getSessionWithUser(db, matched[1].trim());
+    if (!session) {
+      const error = new Error("登录令牌无效或已过期，请重新登录。");
+      error.statusCode = 401;
+      next(error);
+      return;
+    }
+
+    req.auth = session;
+    next();
+  };
+}
+
+function createCloudSyncApp(options = {}) {
+  const dbPath = path.resolve(options.dbPath || process.env.SYNC_SERVER_DB_PATH || defaultDbPath);
+  const host = options.host || defaultHost;
+  const port = Number(options.port || defaultPort);
+  const db = createDatabase(dbPath);
+  const authRequired = buildAuthMiddleware(db);
+  const app = express();
+
+  app.use(express.json({ limit: "2mb" }));
+
+  app.get("/api/health", (_req, res) => {
+    res.json({
+      ok: true,
+      data: {
+        status: "ok",
+        host,
+        port,
+        dbPath,
+      },
+    });
+  });
+
+  app.post(
+    "/api/auth/register",
+    wrapAsync(async (req) => {
+      const username = normalizeUsername(req.body.username);
+      const password = normalizePassword(req.body.password);
+      const existing = getUserByUsername(db, username);
+
+      if (existing) {
+        const error = new Error("这个账号已经存在，请直接登录。");
+        error.statusCode = 409;
+        throw error;
+      }
+
+      const salt = randomBytes(16).toString("base64url");
+      const createdAt = nowIso();
+      const inserted = db
+        .prepare(
+          `
+            INSERT INTO users (username, password_salt, password_hash, created_at, updated_at)
+            VALUES (?, ?, ?, ?, ?)
+          `,
+        )
+        .run(username, salt, hashPassword(password, salt), createdAt, createdAt);
+      const userId = Number(inserted.lastInsertRowid);
+      const session = createSession(db, userId);
+
+      return {
+        token: session.token,
+        expiresAt: session.expiresAt,
+        user: {
+          id: userId,
+          username,
+        },
+      };
+    }),
+  );
+
+  app.post(
+    "/api/auth/login",
+    wrapAsync(async (req) => {
+      const username = normalizeUsername(req.body.username);
+      const password = normalizePassword(req.body.password);
+      const user = getUserByUsername(db, username);
+
+      if (!user || !verifyPassword(password, user.passwordSalt, user.passwordHash)) {
+        const error = new Error("账号或密码不正确。");
+        error.statusCode = 401;
+        throw error;
+      }
+
+      const session = createSession(db, user.id);
+      return {
+        token: session.token,
+        expiresAt: session.expiresAt,
+        user: {
+          id: user.id,
+          username: user.username,
+        },
+      };
+    }),
+  );
+
+  app.post(
+    "/api/auth/logout",
+    authRequired,
+    wrapAsync(async (req) => {
+      db.prepare("DELETE FROM sessions WHERE token = ?").run(req.auth.token);
+      return {
+        loggedOut: true,
+      };
+    }),
+  );
+
+  app.get(
+    "/api/auth/me",
+    authRequired,
+    wrapAsync(async (req) => {
+      const profile = getSyncProfile(db, req.auth.userId);
+      return {
+        user: {
+          id: req.auth.userId,
+          username: req.auth.username,
+        },
+        session: {
+          expiresAt: req.auth.expiresAt,
+        },
+        syncProfileUpdatedAt: profile ? profile.updatedAt : "",
+      };
+    }),
+  );
+
+  app.put(
+    "/api/sync/config",
+    authRequired,
+    wrapAsync(async (req) => {
+      const syncCode = String(req.body.syncCode || "").trim();
+      const endpointCount = Math.max(0, Number(req.body.endpointCount || 0));
+
+      if (!syncCode) {
+        throw new Error("缺少要同步的配置数据。");
+      }
+
+      const updatedAt = nowIso();
+      db.prepare(
+        `
+          INSERT INTO sync_profiles (user_id, sync_code, endpoint_count, updated_at)
+          VALUES (?, ?, ?, ?)
+          ON CONFLICT(user_id) DO UPDATE SET
+            sync_code = excluded.sync_code,
+            endpoint_count = excluded.endpoint_count,
+            updated_at = excluded.updated_at
+        `,
+      ).run(req.auth.userId, syncCode, endpointCount, updatedAt);
+
+      return {
+        endpointCount,
+        updatedAt,
+      };
+    }),
+  );
+
+  app.get(
+    "/api/sync/config",
+    authRequired,
+    wrapAsync(async (req) => {
+      const profile = getSyncProfile(db, req.auth.userId);
+      if (!profile) {
+        const error = new Error("当前账号还没有保存过同步配置。");
+        error.statusCode = 404;
+        throw error;
+      }
+
+      return profile;
+    }),
+  );
+
+  app.use((error, _req, res, _next) => {
+    const statusCode = Number(error.statusCode || 400);
+    res.status(statusCode).json({
+      ok: false,
+      error: error instanceof Error ? error.message : String(error),
+    });
+  });
+
+  return {
+    app,
+    db,
+    dbPath,
+    host,
+    port,
+  };
+}
+
+function startCloudSyncServer(options = {}) {
+  const context = createCloudSyncApp(options);
+  const server = context.app.listen(context.port, context.host, () => {
+    console.log(`Codex 账号同步服务已启动：http://${context.host}:${context.port}`);
+    console.log(`SQLite 数据库：${context.dbPath}`);
+  });
+
+  return {
+    ...context,
+    server,
+    close(callback) {
+      server.close((error) => {
+        context.db.close();
+        callback(error);
+      });
+    },
+  };
+}
+
+if (require.main === module) {
+  startCloudSyncServer();
+}
+
+module.exports = {
+  createCloudSyncApp,
+  startCloudSyncServer,
+};

package/src/web/launcher.js

@@ -7,7 +7,9 @@ const projectRoot = path.resolve(__dirname, "../..");
 const runtimeDir = path.join(projectRoot, "runtime");
 const serverEntryPath = path.join(__dirname, "server.js");
 const port = Number(process.env.PORT || 3186);
+const proxyPort = 3187;
 const healthUrl = `http://127.0.0.1:${port}/api/health`;
+const proxyHealthUrl = `http://127.0.0.1:${proxyPort}/__switcher/health`;
 const consoleUrl = `http://localhost:${port}`;
 
 function ensureRuntimeDir() {
@@ -45,7 +47,8 @@ function requestJson(url, timeoutMs = 1200) {
 async function checkServerHealth() {
   try {
     const payload = await requestJson(healthUrl);
-    return Boolean(payload && payload.ok);
+    const proxyPayload = await requestJson(proxyHealthUrl);
+    return Boolean(payload && payload.ok && proxyPayload && proxyPayload.ok);
   } catch {
     return false;
   }
@@ -211,6 +214,7 @@ async function handleCommand(command) {
             running,
             url: consoleUrl,
             port,
+            proxyPort,
           },
           null,
           2,
@@ -245,4 +249,5 @@ module.exports = {
   runtimeDir,
   consoleUrl,
   port,
+  proxyPort,
 };

package/src/web/proxy-server.js

@@ -0,0 +1,69 @@
+const http = require("node:http");
+const https = require("node:https");
+const profileManager = require("../main/profile-manager");
+
+function createProxyServer() {
+  return http.createServer(async (req, res) => {
+    try {
+      if (req.url === "/__switcher/health") {
+        res.writeHead(200, { "Content-Type": "application/json; charset=utf-8" });
+        res.end(JSON.stringify({ ok: true, proxyBaseUrl: profileManager.proxyBaseUrl }));
+        return;
+      }
+
+      const target = await profileManager.getProxyTarget();
+      const upstreamBase = new URL(target.url);
+      const requestPath = req.url && req.url.startsWith("/") ? req.url : `/${req.url || ""}`;
+      const upstreamUrl = new URL(requestPath, upstreamBase);
+      const requestModule = upstreamUrl.protocol === "https:" ? https : http;
+      const headers = {
+        ...req.headers,
+        host: upstreamUrl.host,
+        authorization: `Bearer ${target.key}`,
+      };
+
+      delete headers.connection;
+
+      const upstreamRequest = requestModule.request(
+        upstreamUrl,
+        {
+          method: req.method,
+          headers,
+        },
+        (upstreamResponse) => {
+          res.writeHead(upstreamResponse.statusCode || 502, upstreamResponse.headers);
+          upstreamResponse.pipe(res);
+        },
+      );
+
+      upstreamRequest.on("error", (error) => {
+        if (!res.headersSent) {
+          res.writeHead(502, { "Content-Type": "application/json; charset=utf-8" });
+        }
+        res.end(
+          JSON.stringify({
+            ok: false,
+            error: `代理转发失败：${error.message}`,
+          }),
+        );
+      });
+
+      req.pipe(upstreamRequest);
+    } catch (error) {
+      if (!res.headersSent) {
+        res.writeHead(500, { "Content-Type": "application/json; charset=utf-8" });
+      }
+
+      res.end(
+        JSON.stringify({
+          ok: false,
+          error: error instanceof Error ? error.message : String(error),
+        }),
+      );
+    }
+  });
+}
+
+module.exports = {
+  createProxyServer,
+};

package/src/web/server.js

@@ -2,6 +2,8 @@ const path = require("node:path");
 const { exec } = require("node:child_process");
 const express = require("express");
 const profileManager = require("../main/profile-manager");
+const cloudSyncClient = require("../main/cloud-sync-client");
+const { createProxyServer } = require("./proxy-server");
 
 function wrapAsync(handler) {
   return async (req, res) => {
@@ -77,6 +79,69 @@ function createApp() {
     }),
   );
 
+  app.post(
+    "/api/proxy/enable",
+    wrapAsync(async () => {
+      return profileManager.enableProxyMode();
+    }),
+  );
+
+  app.get(
+    "/api/sync/export",
+    wrapAsync(async () => {
+      return profileManager.exportSyncPackage();
+    }),
+  );
+
+  app.post(
+    "/api/sync/import",
+    wrapAsync(async (req) => {
+      return profileManager.importSyncPackage(req.body.syncCode, req.body.mode);
+    }),
+  );
+
+  app.get(
+    "/api/cloud/status",
+    wrapAsync(async () => {
+      return cloudSyncClient.getCloudSyncStatus();
+    }),
+  );
+
+  app.post(
+    "/api/cloud/register",
+    wrapAsync(async (req) => {
+      return cloudSyncClient.registerAccount(req.body);
+    }),
+  );
+
+  app.post(
+    "/api/cloud/login",
+    wrapAsync(async (req) => {
+      return cloudSyncClient.loginAccount(req.body);
+    }),
+  );
+
+  app.post(
+    "/api/cloud/logout",
+    wrapAsync(async () => {
+      return cloudSyncClient.logoutAccount();
+    }),
+  );
+
+  app.post(
+    "/api/cloud/push",
+    wrapAsync(async () => {
+      return cloudSyncClient.pushCurrentConfig();
+    }),
+  );
+
+  app.post(
+    "/api/cloud/pull",
+    wrapAsync(async (req) => {
+      return cloudSyncClient.pullRemoteConfig(req.body.mode);
+    }),
+  );
+
   app.post(
     "/api/open-path",
     wrapAsync(async (req) => {
@@ -110,16 +175,49 @@ function createApp() {
 function startServer(options = {}) {
   const port = Number(options.port || process.env.PORT || 3186);
   const app = createApp();
-  const server = app.listen(port, () => {
+  const proxyServer = createProxyServer();
+  const proxyPort = profileManager.proxyPort;
+  const webServer = app.listen(port, () => {
     const url = `http://localhost:${port}`;
     console.log(`Codex 网页控制台已启动：${url}`);
+    console.log(`Codex 热更新代理已启动：${profileManager.proxyBaseUrl}`);
 
     if (options.autoOpen !== false && process.env.AUTO_OPEN_BROWSER !== "false") {
       exec(`cmd /c start "" "${url}"`);
     }
   });
 
-  return server;
+  proxyServer.listen(proxyPort);
+
+  return {
+    webServer,
+    proxyServer,
+    close(callback) {
+      let pending = 2;
+      let closed = false;
+
+      function done(error) {
+        if (closed) {
+          return;
+        }
+
+        if (error) {
+          closed = true;
+          callback(error);
+          return;
+        }
+
+        pending -= 1;
+        if (pending === 0) {
+          closed = true;
+          callback();
+        }
+      }
+
+      webServer.close((error) => done(error));
+      proxyServer.close((error) => done(error));
+    },
+  };
 }
 
 if (require.main === module) {