downcity 1.0.405 → 1.0.407
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/main/auth/AgentTokenService.d.ts.map +1 -0
- package/bin/main/auth/AgentTokenService.js +210 -0
- package/bin/main/auth/AgentTokenService.js.map +1 -0
- package/bin/main/auth/AuthEnv.d.ts.map +1 -0
- package/bin/main/auth/AuthEnv.js +75 -0
- package/bin/main/auth/AuthEnv.js.map +1 -0
- package/bin/main/auth/CliAuthStateStore.d.ts.map +1 -1
- package/bin/main/auth/CliAuthStateStore.js +14 -23
- package/bin/main/auth/CliAuthStateStore.js.map +1 -1
- package/bin/main/auth/RoutePolicy.d.ts.map +1 -1
- package/bin/main/auth/RoutePolicy.js +0 -6
- package/bin/main/auth/RoutePolicy.js.map +1 -1
- package/bin/main/commands/Run.d.ts.map +1 -1
- package/bin/main/commands/Run.js +51 -2
- package/bin/main/commands/Run.js.map +1 -1
- package/bin/main/daemon/Manager.d.ts.map +1 -1
- package/bin/main/daemon/Manager.js +13 -4
- package/bin/main/daemon/Manager.js.map +1 -1
- package/bin/main/plugin/Plugins.d.ts.map +1 -1
- package/bin/main/plugin/Plugins.js +3 -2
- package/bin/main/plugin/Plugins.js.map +1 -1
- package/bin/plugins/web/Dependency.d.ts.map +1 -0
- package/bin/plugins/web/Dependency.js +10 -0
- package/bin/plugins/web/Dependency.js.map +1 -0
- package/bin/plugins/web/PROMPT.agent-browser.txt +17 -0
- package/bin/plugins/web/PROMPT.txt +33 -0
- package/bin/plugins/web/PROMPT.web-access.txt +13 -0
- package/bin/plugins/web/Plugin.d.ts.map +1 -0
- package/bin/plugins/web/Plugin.js +458 -0
- package/bin/plugins/web/Plugin.js.map +1 -0
- package/bin/plugins/web/runtime/Config.d.ts.map +1 -0
- package/bin/plugins/web/runtime/Config.js +85 -0
- package/bin/plugins/web/runtime/Config.js.map +1 -0
- package/bin/plugins/web/runtime/Source.d.ts.map +1 -0
- package/bin/plugins/web/runtime/Source.js +217 -0
- package/bin/plugins/web/runtime/Source.js.map +1 -0
- package/bin/services/chat/runtime/ChatQueueWorker.d.ts.map +1 -1
- package/bin/services/chat/runtime/ChatQueueWorker.js +26 -0
- package/bin/services/chat/runtime/ChatQueueWorker.js.map +1 -1
- package/bin/services/shell/runtime/SessionStoreSupport.d.ts.map +1 -1
- package/bin/services/shell/runtime/SessionStoreSupport.js +5 -4
- package/bin/services/shell/runtime/SessionStoreSupport.js.map +1 -1
- package/bin/services/task/runtime/TaskRunnerRound.d.ts.map +1 -1
- package/bin/services/task/runtime/TaskRunnerRound.js +14 -6
- package/bin/services/task/runtime/TaskRunnerRound.js.map +1 -1
- package/bin/sessions/SessionCore.d.ts.map +1 -1
- package/bin/sessions/SessionCore.js +21 -1
- package/bin/sessions/SessionCore.js.map +1 -1
- package/bin/sessions/acp/AcpSessionRuntime.d.ts.map +1 -1
- package/bin/sessions/acp/AcpSessionRuntime.js +66 -6
- package/bin/sessions/acp/AcpSessionRuntime.js.map +1 -1
- package/bin/sessions/runtime/SessionCoreLoop.d.ts.map +1 -1
- package/bin/sessions/runtime/SessionCoreLoop.js +10 -0
- package/bin/sessions/runtime/SessionCoreLoop.js.map +1 -1
- package/bin/sessions/tools/shell/ShellHelpers.d.ts.map +1 -1
- package/bin/sessions/tools/shell/ShellHelpers.js +5 -4
- package/bin/sessions/tools/shell/ShellHelpers.js.map +1 -1
- package/bin/types/ExecutionContext.d.ts.map +1 -1
- package/bin/types/SessionCoreLoop.d.ts.map +1 -1
- package/bin/types/SessionRuntime.d.ts.map +1 -1
- package/bin/types/WebPlugin.d.ts.map +1 -0
- package/bin/types/WebPlugin.js +12 -0
- package/bin/types/WebPlugin.js.map +1 -0
- package/bin/utils/store/index.d.ts.map +1 -1
- package/bin/utils/store/index.js +26 -1
- package/bin/utils/store/index.js.map +1 -1
- package/package.json +1 -1
- package/public/app.js +1 -1
- package/src/plugins/web/PROMPT.agent-browser.txt +17 -0
- package/src/plugins/web/PROMPT.txt +33 -0
- package/src/plugins/web/PROMPT.web-access.txt +13 -0
- package/src/types/README.md +3 -0
- package/test/chat/chat-queue-worker-acp-cancel.test.mjs +194 -0
- package/test/core/session-core-loop.test.mjs +22 -1
- package/test/fixtures/acp-agent-fixture.mjs +26 -0
- package/test/main/agent-token-service.test.mjs +58 -0
- package/test/main/auth-env-injection.test.mjs +106 -0
- package/test/plugin/web-plugin.test.mjs +302 -0
- package/test/sessions/acp-session-runtime.test.mjs +23 -0
- package/bin/main/auth/InternalRuntimeAuth.d.ts.map +0 -1
- package/bin/main/auth/InternalRuntimeAuth.js +0 -59
- package/bin/main/auth/InternalRuntimeAuth.js.map +0 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AgentTokenService.d.ts","sourceRoot":"","sources":["../../../src/main/auth/AgentTokenService.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAqBH;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AA8CD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,cAAc,CA2BpE;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,WAAW,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI,CA6BnF;AA6BD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAqB7D;AAED;;GAEG;AACH,wBAAgB,eAAe,IAAI,KAAK,CAAC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB,CAAC,CAoBD"}
|
|
@@ -0,0 +1,210 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Agent 专用 Token 服务。
|
|
3
|
+
*
|
|
4
|
+
* 关键点(中文)
|
|
5
|
+
* - 为每个 Agent 项目签发独立的 service token,用于 shell 内调用 city 命令。
|
|
6
|
+
* - Token 关联到统一账户系统,但使用特殊的 "agent-service" 用户。
|
|
7
|
+
* - 支持追溯、吊销、权限控制、自动轮换。
|
|
8
|
+
*/
|
|
9
|
+
import { AuthStore } from "./AuthStore.js";
|
|
10
|
+
import { generateAccessToken, hashAccessToken } from "./TokenService.js";
|
|
11
|
+
const AGENT_SERVICE_USERNAME = "agent-service";
|
|
12
|
+
const AGENT_SERVICE_DISPLAY_NAME = "Agent Service Account";
|
|
13
|
+
/**
|
|
14
|
+
* Token 有效期配置(毫秒)
|
|
15
|
+
*/
|
|
16
|
+
const TOKEN_TTL_MS = 7 * 24 * 60 * 60 * 1000; // 7 天
|
|
17
|
+
/**
|
|
18
|
+
* 自动轮换阈值(毫秒)
|
|
19
|
+
* 当 token 剩余有效期小于此值时,自动创建新 token
|
|
20
|
+
*/
|
|
21
|
+
const ROTATION_THRESHOLD_MS = 24 * 60 * 60 * 1000; // 1 天
|
|
22
|
+
/**
|
|
23
|
+
* 确保 agent-service 用户存在。
|
|
24
|
+
*/
|
|
25
|
+
function ensureAgentServiceUser(store) {
|
|
26
|
+
const existing = store.findUserByUsername(AGENT_SERVICE_USERNAME);
|
|
27
|
+
if (existing) {
|
|
28
|
+
return { userId: existing.id, isNew: false };
|
|
29
|
+
}
|
|
30
|
+
// 创建 service 账户(无密码,不能登录)
|
|
31
|
+
const user = store.createUser({
|
|
32
|
+
username: AGENT_SERVICE_USERNAME,
|
|
33
|
+
passwordHash: "[service-account-no-password]",
|
|
34
|
+
displayName: AGENT_SERVICE_DISPLAY_NAME,
|
|
35
|
+
status: "active",
|
|
36
|
+
});
|
|
37
|
+
// 分配 admin 角色(或创建专门的 agent-service 角色)
|
|
38
|
+
store.assignRoleToUser({
|
|
39
|
+
userId: user.id,
|
|
40
|
+
roleName: "admin",
|
|
41
|
+
});
|
|
42
|
+
return { userId: user.id, isNew: true };
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* 计算 token 是否应该轮换。
|
|
46
|
+
*/
|
|
47
|
+
function shouldRotateToken(record) {
|
|
48
|
+
if (record.revokedAt)
|
|
49
|
+
return true;
|
|
50
|
+
if (!record.expiresAt)
|
|
51
|
+
return true;
|
|
52
|
+
const expiresAt = new Date(record.expiresAt).getTime();
|
|
53
|
+
const now = Date.now();
|
|
54
|
+
const remainingMs = expiresAt - now;
|
|
55
|
+
// 已过期或即将过期(少于阈值)
|
|
56
|
+
return remainingMs < ROTATION_THRESHOLD_MS;
|
|
57
|
+
}
|
|
58
|
+
/**
|
|
59
|
+
* 为指定 Agent 项目签发或轮换 token。
|
|
60
|
+
*
|
|
61
|
+
* 策略(中文)
|
|
62
|
+
* 1. 检查是否已有该项目的有效 token(未吊销、未过期、且不在轮换窗口期)
|
|
63
|
+
* 2. 如果 token 已过期或即将过期(< 1天),自动轮换(吊销旧 + 创建新)
|
|
64
|
+
* 3. 如果没有有效 token,创建新 token
|
|
65
|
+
*/
|
|
66
|
+
export function ensureAgentToken(projectRoot) {
|
|
67
|
+
const store = new AuthStore();
|
|
68
|
+
try {
|
|
69
|
+
const { userId } = ensureAgentServiceUser(store);
|
|
70
|
+
const tokenName = buildAgentTokenName(projectRoot);
|
|
71
|
+
// 查找该项目现有的有效 token
|
|
72
|
+
const existingTokens = store.listTokensByUserId(userId);
|
|
73
|
+
for (const record of existingTokens) {
|
|
74
|
+
if (record.name !== tokenName)
|
|
75
|
+
continue;
|
|
76
|
+
// 检查是否需要轮换
|
|
77
|
+
// 关键点(中文)
|
|
78
|
+
// - store 内只保存 token hash,无法恢复历史明文。
|
|
79
|
+
// - 启动链路必须把明文 token 注入进程环境,否则 agent 内部再调 `city ...`
|
|
80
|
+
// 会因为拿不到 Bearer Token 而失败。
|
|
81
|
+
// - 因此即使旧 token 仍然有效,只要这次需要“拿到明文”,也必须吊销旧 token 并重签。
|
|
82
|
+
store.revokeToken(record.id);
|
|
83
|
+
return createNewAgentToken(store, userId, projectRoot, tokenName);
|
|
84
|
+
}
|
|
85
|
+
// 创建新 token
|
|
86
|
+
return createNewAgentToken(store, userId, projectRoot, tokenName);
|
|
87
|
+
}
|
|
88
|
+
finally {
|
|
89
|
+
store.close();
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
/**
|
|
93
|
+
* 运行时检查并轮换 token。
|
|
94
|
+
*
|
|
95
|
+
* 使用场景:Agent 长期运行期间,定期检查 token 是否需要轮换
|
|
96
|
+
* 返回 null 表示无需轮换,返回 AgentTokenInfo 表示已完成轮换
|
|
97
|
+
*/
|
|
98
|
+
export function rotateAgentTokenIfNeeded(projectRoot) {
|
|
99
|
+
const store = new AuthStore();
|
|
100
|
+
try {
|
|
101
|
+
const user = store.findUserByUsername(AGENT_SERVICE_USERNAME);
|
|
102
|
+
if (!user)
|
|
103
|
+
return null;
|
|
104
|
+
const tokenName = buildAgentTokenName(projectRoot);
|
|
105
|
+
const existingTokens = store.listTokensByUserId(user.id);
|
|
106
|
+
for (const record of existingTokens) {
|
|
107
|
+
if (record.name !== tokenName)
|
|
108
|
+
continue;
|
|
109
|
+
// 检查是否需要轮换
|
|
110
|
+
if (!shouldRotateToken(record)) {
|
|
111
|
+
return null; // 无需轮换
|
|
112
|
+
}
|
|
113
|
+
// 执行轮换
|
|
114
|
+
store.revokeToken(record.id);
|
|
115
|
+
const newToken = createNewAgentToken(store, user.id, projectRoot, tokenName);
|
|
116
|
+
return { ...newToken, rotated: true };
|
|
117
|
+
}
|
|
118
|
+
// 没有找到现有 token,创建新的
|
|
119
|
+
const newToken = createNewAgentToken(store, user.id, projectRoot, tokenName);
|
|
120
|
+
return { ...newToken, rotated: true };
|
|
121
|
+
}
|
|
122
|
+
finally {
|
|
123
|
+
store.close();
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
/**
|
|
127
|
+
* 创建新的 Agent Token。
|
|
128
|
+
*/
|
|
129
|
+
function createNewAgentToken(store, userId, projectRoot, tokenName) {
|
|
130
|
+
const plainToken = generateAccessToken();
|
|
131
|
+
const expiresAt = new Date(Date.now() + TOKEN_TTL_MS).toISOString();
|
|
132
|
+
const record = store.createToken({
|
|
133
|
+
userId,
|
|
134
|
+
name: tokenName,
|
|
135
|
+
tokenHash: hashAccessToken(plainToken),
|
|
136
|
+
expiresAt,
|
|
137
|
+
});
|
|
138
|
+
return {
|
|
139
|
+
token: plainToken,
|
|
140
|
+
tokenId: record.id,
|
|
141
|
+
projectRoot,
|
|
142
|
+
expiresAt,
|
|
143
|
+
};
|
|
144
|
+
}
|
|
145
|
+
/**
|
|
146
|
+
* 吊销指定 Agent 项目的 token。
|
|
147
|
+
*/
|
|
148
|
+
export function revokeAgentToken(projectRoot) {
|
|
149
|
+
const store = new AuthStore();
|
|
150
|
+
try {
|
|
151
|
+
const user = store.findUserByUsername(AGENT_SERVICE_USERNAME);
|
|
152
|
+
if (!user)
|
|
153
|
+
return false;
|
|
154
|
+
const tokenName = buildAgentTokenName(projectRoot);
|
|
155
|
+
const tokens = store.listTokensByUserId(user.id);
|
|
156
|
+
let revoked = false;
|
|
157
|
+
for (const record of tokens) {
|
|
158
|
+
if (record.name === tokenName && !record.revokedAt) {
|
|
159
|
+
store.revokeToken(record.id);
|
|
160
|
+
revoked = true;
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
return revoked;
|
|
164
|
+
}
|
|
165
|
+
finally {
|
|
166
|
+
store.close();
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
/**
|
|
170
|
+
* 列出所有 Agent token。
|
|
171
|
+
*/
|
|
172
|
+
export function listAgentTokens() {
|
|
173
|
+
const store = new AuthStore();
|
|
174
|
+
try {
|
|
175
|
+
const user = store.findUserByUsername(AGENT_SERVICE_USERNAME);
|
|
176
|
+
if (!user)
|
|
177
|
+
return [];
|
|
178
|
+
const tokens = store.listTokensByUserId(user.id);
|
|
179
|
+
return tokens
|
|
180
|
+
.filter((t) => t.name.startsWith("agent:"))
|
|
181
|
+
.map((t) => ({
|
|
182
|
+
tokenId: t.id,
|
|
183
|
+
projectRoot: extractProjectRootFromTokenName(t.name),
|
|
184
|
+
createdAt: t.createdAt,
|
|
185
|
+
expiresAt: t.expiresAt,
|
|
186
|
+
revokedAt: t.revokedAt,
|
|
187
|
+
needsRotation: !t.revokedAt && shouldRotateToken(t),
|
|
188
|
+
}));
|
|
189
|
+
}
|
|
190
|
+
finally {
|
|
191
|
+
store.close();
|
|
192
|
+
}
|
|
193
|
+
}
|
|
194
|
+
/**
|
|
195
|
+
* 构建 agent token 名称。
|
|
196
|
+
*/
|
|
197
|
+
function buildAgentTokenName(projectRoot) {
|
|
198
|
+
// 使用项目路径的 hash 作为标识,避免路径过长
|
|
199
|
+
const normalized = projectRoot.replace(/\/+$/, "").replace(/\\/g, "/");
|
|
200
|
+
return `agent:${normalized}`;
|
|
201
|
+
}
|
|
202
|
+
/**
|
|
203
|
+
* 从 token 名称提取项目路径。
|
|
204
|
+
*/
|
|
205
|
+
function extractProjectRootFromTokenName(name) {
|
|
206
|
+
if (!name.startsWith("agent:"))
|
|
207
|
+
return "";
|
|
208
|
+
return name.slice(6); // 去掉 "agent:" 前缀
|
|
209
|
+
}
|
|
210
|
+
//# sourceMappingURL=AgentTokenService.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AgentTokenService.js","sourceRoot":"","sources":["../../../src/main/auth/AgentTokenService.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAGzE,MAAM,sBAAsB,GAAG,eAAe,CAAC;AAC/C,MAAM,0BAA0B,GAAG,uBAAuB,CAAC;AAE3D;;GAEG;AACH,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,MAAM;AAEpD;;;GAGG;AACH,MAAM,qBAAqB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,MAAM;AAazD;;GAEG;AACH,SAAS,sBAAsB,CAAC,KAAgB;IAC9C,MAAM,QAAQ,GAAG,KAAK,CAAC,kBAAkB,CAAC,sBAAsB,CAAC,CAAC;IAClE,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IAC/C,CAAC;IAED,0BAA0B;IAC1B,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC;QAC5B,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,+BAA+B;QAC7C,WAAW,EAAE,0BAA0B;QACvC,MAAM,EAAE,QAAQ;KACjB,CAAC,CAAC;IAEH,uCAAuC;IACvC,KAAK,CAAC,gBAAgB,CAAC;QACrB,MAAM,EAAE,IAAI,CAAC,EAAE;QACf,QAAQ,EAAE,OAAO;KAClB,CAAC,CAAC;IAEH,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,MAG1B;IACC,IAAI,MAAM,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAClC,IAAI,CAAC,MAAM,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAEnC,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;IACvD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,WAAW,GAAG,SAAS,GAAG,GAAG,CAAC;IAEpC,iBAAiB;IACjB,OAAO,WAAW,GAAG,qBAAqB,CAAC;AAC7C,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,WAAmB;IAClD,MAAM,KAAK,GAAG,IAAI,SAAS,EAAE,CAAC;IAC9B,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;QACjD,MAAM,SAAS,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;QAEnD,mBAAmB;QACnB,MAAM,cAAc,GAAG,KAAK,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAExD,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;YACpC,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS;gBAAE,SAAS;YAExC,WAAW;YACX,UAAU;YACV,oCAAoC;YACpC,oDAAoD;YACpD,6BAA6B;YAC7B,oDAAoD;YACpD,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC7B,OAAO,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;QACpE,CAAC;QAED,YAAY;QACZ,OAAO,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;IACpE,CAAC;YAAS,CAAC;QACT,KAAK,CAAC,KAAK,EAAE,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CAAC,WAAmB;IAC1D,MAAM,KAAK,GAAG,IAAI,SAAS,EAAE,CAAC;IAC9B,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,KAAK,CAAC,kBAAkB,CAAC,sBAAsB,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEvB,MAAM,SAAS,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;QACnD,MAAM,cAAc,GAAG,KAAK,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEzD,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;YACpC,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS;gBAAE,SAAS;YAExC,WAAW;YACX,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC/B,OAAO,IAAI,CAAC,CAAC,OAAO;YACtB,CAAC;YAED,OAAO;YACP,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC7B,MAAM,QAAQ,GAAG,mBAAmB,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;YAC7E,OAAO,EAAE,GAAG,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACxC,CAAC;QAED,oBAAoB;QACpB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;QAC7E,OAAO,EAAE,GAAG,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACxC,CAAC;YAAS,CAAC;QACT,KAAK,CAAC,KAAK,EAAE,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAC1B,KAAgB,EAChB,MAAc,EACd,WAAmB,EACnB,SAAiB;IAEjB,MAAM,UAAU,GAAG,mBAAmB,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;IAEpE,MAAM,MAAM,GAAG,KAAK,CAAC,WAAW,CAAC;QAC/B,MAAM;QACN,IAAI,EAAE,SAAS;QACf,SAAS,EAAE,eAAe,CAAC,UAAU,CAAC;QACtC,SAAS;KACV,CAAC,CAAC;IAEH,OAAO;QACL,KAAK,EAAE,UAAU;QACjB,OAAO,EAAE,MAAM,CAAC,EAAE;QAClB,WAAW;QACX,SAAS;KACV,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,WAAmB;IAClD,MAAM,KAAK,GAAG,IAAI,SAAS,EAAE,CAAC;IAC9B,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,KAAK,CAAC,kBAAkB,CAAC,sBAAsB,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QAExB,MAAM,SAAS,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,KAAK,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEjD,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;YAC5B,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBACnD,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAC7B,OAAO,GAAG,IAAI,CAAC;YACjB,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;YAAS,CAAC;QACT,KAAK,CAAC,KAAK,EAAE,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe;IAQ7B,MAAM,KAAK,GAAG,IAAI,SAAS,EAAE,CAAC;IAC9B,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,KAAK,CAAC,kBAAkB,CAAC,sBAAsB,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI;YAAE,OAAO,EAAE,CAAC;QAErB,MAAM,MAAM,GAAG,KAAK,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjD,OAAO,MAAM;aACV,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;aAC1C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACX,OAAO,EAAE,CAAC,CAAC,EAAE;YACb,WAAW,EAAE,+BAA+B,CAAC,CAAC,CAAC,IAAI,CAAC;YACpD,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,aAAa,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,iBAAiB,CAAC,CAAC,CAAC;SACpD,CAAC,CAAC,CAAC;IACR,CAAC;YAAS,CAAC;QACT,KAAK,CAAC,KAAK,EAAE,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,WAAmB;IAC9C,2BAA2B;IAC3B,MAAM,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACvE,OAAO,SAAS,UAAU,EAAE,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,SAAS,+BAA+B,CAAC,IAAY;IACnD,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,EAAE,CAAC;IAC1C,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,iBAAiB;AACzC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AuthEnv.d.ts","sourceRoot":"","sources":["../../../src/main/auth/AuthEnv.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;GAEG;AACH,eAAO,MAAM,sBAAsB,kBAAkB,CAAC;AAEtD;;GAEG;AACH,eAAO,MAAM,wBAAwB,mBAAmB,CAAC;AAEzD;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAMlE;AAED;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,GAAE;IAC7C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,MAAM,GAAG,SAAS,CAa1B;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE;IAC9C,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GAAG,IAAI,CAMP;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAG1F"}
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AuthEnv:统一认证环境变量与 token 解析辅助模块。
|
|
3
|
+
*
|
|
4
|
+
* 关键点(中文)
|
|
5
|
+
* - 收敛 `DC_AUTH_TOKEN` / `DC_AGENT_TOKEN` 的变量名与优先级定义。
|
|
6
|
+
* - 用户显式覆盖仍走 `DC_AUTH_TOKEN`;agent 内部传播统一走 `DC_AGENT_TOKEN`。
|
|
7
|
+
* - 所有 CLI / shell / ACP 子进程都复用同一份 token 归一化与 env 注入逻辑。
|
|
8
|
+
*/
|
|
9
|
+
/**
|
|
10
|
+
* 用户显式覆盖 Bearer Token 的环境变量名。
|
|
11
|
+
*/
|
|
12
|
+
export const CLI_AUTH_TOKEN_ENV_KEY = "DC_AUTH_TOKEN";
|
|
13
|
+
/**
|
|
14
|
+
* Agent 进程内部传播 Bearer Token 的环境变量名。
|
|
15
|
+
*/
|
|
16
|
+
export const AGENT_AUTH_TOKEN_ENV_KEY = "DC_AGENT_TOKEN";
|
|
17
|
+
/**
|
|
18
|
+
* 归一化 Bearer Token。
|
|
19
|
+
*
|
|
20
|
+
* 关键点(中文)
|
|
21
|
+
* - 允许传入纯 token 或 `Bearer xxx`。
|
|
22
|
+
* - 空字符串与无效值统一归一化为 `null`。
|
|
23
|
+
*/
|
|
24
|
+
export function normalizeBearerToken(value) {
|
|
25
|
+
const raw = String(value || "").trim();
|
|
26
|
+
if (!raw)
|
|
27
|
+
return null;
|
|
28
|
+
const bearerMatch = /^Bearer\s+(.+)$/i.exec(raw);
|
|
29
|
+
const token = bearerMatch?.[1]?.trim() || raw;
|
|
30
|
+
return token || null;
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* 解析本次调用应使用的 token。
|
|
34
|
+
*
|
|
35
|
+
* 优先级(中文)
|
|
36
|
+
* 1. 显式传入 token
|
|
37
|
+
* 2. 用户显式覆盖环境变量 `DC_AUTH_TOKEN`
|
|
38
|
+
* 3. Agent 内部传播环境变量 `DC_AGENT_TOKEN`
|
|
39
|
+
* 4. 调用方传入的本地存储 token
|
|
40
|
+
*/
|
|
41
|
+
export function resolveInvocationToken(params = {}) {
|
|
42
|
+
const explicitToken = normalizeBearerToken(params.explicitToken);
|
|
43
|
+
if (explicitToken)
|
|
44
|
+
return explicitToken;
|
|
45
|
+
const env = params.env || process.env;
|
|
46
|
+
const envAuthToken = normalizeBearerToken(env[CLI_AUTH_TOKEN_ENV_KEY]);
|
|
47
|
+
if (envAuthToken)
|
|
48
|
+
return envAuthToken;
|
|
49
|
+
const agentToken = normalizeBearerToken(env[AGENT_AUTH_TOKEN_ENV_KEY]);
|
|
50
|
+
if (agentToken)
|
|
51
|
+
return agentToken;
|
|
52
|
+
return normalizeBearerToken(params.storedToken) || undefined;
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* 向目标环境变量集中注入 Agent token。
|
|
56
|
+
*
|
|
57
|
+
* 关键点(中文)
|
|
58
|
+
* - 只传播 `DC_AGENT_TOKEN`,不再自动合成 `DC_AUTH_TOKEN`。
|
|
59
|
+
* - `DC_AUTH_TOKEN` 保留给用户显式覆盖,不作为内部隐式桥接变量。
|
|
60
|
+
*/
|
|
61
|
+
export function injectAgentTokenIntoEnv(params) {
|
|
62
|
+
const token = normalizeBearerToken(params.token) ||
|
|
63
|
+
normalizeBearerToken((params.sourceEnv || process.env)[AGENT_AUTH_TOKEN_ENV_KEY]);
|
|
64
|
+
if (!token)
|
|
65
|
+
return;
|
|
66
|
+
params.targetEnv[AGENT_AUTH_TOKEN_ENV_KEY] = token;
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* 生成标准 Authorization 头值。
|
|
70
|
+
*/
|
|
71
|
+
export function formatBearerHeaderValue(tokenInput) {
|
|
72
|
+
const token = normalizeBearerToken(tokenInput);
|
|
73
|
+
return token ? `Bearer ${token}` : undefined;
|
|
74
|
+
}
|
|
75
|
+
//# sourceMappingURL=AuthEnv.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AuthEnv.js","sourceRoot":"","sources":["../../../src/main/auth/AuthEnv.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,eAAe,CAAC;AAEtD;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC;AAEzD;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAc;IACjD,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC;IAC9C,OAAO,KAAK,IAAI,IAAI,CAAC;AACvB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,sBAAsB,CAAC,SAInC,EAAE;IACJ,MAAM,aAAa,GAAG,oBAAoB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IACjE,IAAI,aAAa;QAAE,OAAO,aAAa,CAAC;IAExC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IAEtC,MAAM,YAAY,GAAG,oBAAoB,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,CAAC;IACvE,IAAI,YAAY;QAAE,OAAO,YAAY,CAAC;IAEtC,MAAM,UAAU,GAAG,oBAAoB,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC,CAAC;IACvE,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAElC,OAAO,oBAAoB,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC;AAC/D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CAAC,MAIvC;IACC,MAAM,KAAK,GACT,oBAAoB,CAAC,MAAM,CAAC,KAAK,CAAC;QAClC,oBAAoB,CAAC,CAAC,MAAM,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC;IACpF,IAAI,CAAC,KAAK;QAAE,OAAO;IACnB,MAAM,CAAC,SAAS,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC;AACrD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,UAA8B;IACpE,MAAM,KAAK,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;IAC/C,OAAO,KAAK,CAAC,CAAC,CAAC,UAAU,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CliAuthStateStore.d.ts","sourceRoot":"","sources":["../../../src/main/auth/CliAuthStateStore.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;
|
|
1
|
+
{"version":3,"file":"CliAuthStateStore.d.ts","sourceRoot":"","sources":["../../../src/main/auth/CliAuthStateStore.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAgBjE;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AA0CD;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,GAAE,wBAA6B,GACrC,YAAY,GAAG,IAAI,CAqBrB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE;IACL,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,YAAY,CAAC,QAAQ,CAAC,CAAC;CACjC,EACD,OAAO,GAAE,wBAA6B,GACrC,YAAY,CAiBd;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,GAAE,wBAA6B,GACrC,IAAI,CAIN;AAED;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,GAAE;IAC1C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;CACZ,GAAG,MAAM,GAAG,SAAS,CAQ1B;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAE7F"}
|
|
@@ -4,25 +4,18 @@
|
|
|
4
4
|
* 关键点(中文)
|
|
5
5
|
* - 使用 console 级加密配置表保存 CLI 当前 Bearer Token。
|
|
6
6
|
* - 认证状态只代表“调用身份”,不承载 session/chat 执行上下文。
|
|
7
|
-
* - 统一提供 `--token > DC_AUTH_TOKEN > 本地存储` 的解析顺序。
|
|
7
|
+
* - 统一提供 `--token > DC_AUTH_TOKEN > DC_AGENT_TOKEN > 本地存储` 的解析顺序。
|
|
8
8
|
*/
|
|
9
9
|
import fs from "fs-extra";
|
|
10
10
|
import path from "node:path";
|
|
11
11
|
import Database from "better-sqlite3";
|
|
12
12
|
import { drizzle } from "drizzle-orm/better-sqlite3";
|
|
13
13
|
import { getConsoleShipDbPath } from "../../main/runtime/ConsolePaths.js";
|
|
14
|
+
import { formatBearerHeaderValue, normalizeBearerToken, resolveInvocationToken, } from "./AuthEnv.js";
|
|
14
15
|
import { ensureConsoleStoreSchema } from "../../utils/store/StoreSchema.js";
|
|
15
16
|
import { getSecureSettingJsonSync, removeSecureSetting, setSecureSettingJsonSync, } from "../../utils/store/StoreSecureSettings.js";
|
|
16
17
|
import { nowIso } from "../../utils/store/StoreShared.js";
|
|
17
18
|
const CLI_AUTH_STATE_KEY = "cli:auth:state";
|
|
18
|
-
function normalizeCliToken(value) {
|
|
19
|
-
const raw = String(value || "").trim();
|
|
20
|
-
if (!raw)
|
|
21
|
-
return null;
|
|
22
|
-
const bearerMatch = /^Bearer\s+(.+)$/i.exec(raw);
|
|
23
|
-
const token = bearerMatch?.[1]?.trim() || raw;
|
|
24
|
-
return token || null;
|
|
25
|
-
}
|
|
26
19
|
function withConsoleStore(options, callback) {
|
|
27
20
|
const dbPath = path.resolve(options.dbPath || getConsoleShipDbPath());
|
|
28
21
|
fs.ensureDirSync(path.dirname(dbPath));
|
|
@@ -66,7 +59,7 @@ export function readCliAuthState(options = {}) {
|
|
|
66
59
|
try {
|
|
67
60
|
return withConsoleStoreReadonly(options, (context) => {
|
|
68
61
|
const stored = getSecureSettingJsonSync(context, CLI_AUTH_STATE_KEY);
|
|
69
|
-
const token =
|
|
62
|
+
const token = normalizeBearerToken(stored?.token);
|
|
70
63
|
if (!token)
|
|
71
64
|
return null;
|
|
72
65
|
const username = String(stored?.username || "").trim();
|
|
@@ -90,7 +83,7 @@ export function readCliAuthState(options = {}) {
|
|
|
90
83
|
* 写入 CLI 本地认证状态。
|
|
91
84
|
*/
|
|
92
85
|
export function writeCliAuthState(input, options = {}) {
|
|
93
|
-
const token =
|
|
86
|
+
const token = normalizeBearerToken(input.token);
|
|
94
87
|
if (!token) {
|
|
95
88
|
throw new Error("CLI auth token cannot be empty");
|
|
96
89
|
}
|
|
@@ -121,24 +114,22 @@ export function clearCliAuthState(options = {}) {
|
|
|
121
114
|
* 优先级(中文)
|
|
122
115
|
* 1. 显式传入 token
|
|
123
116
|
* 2. 环境变量 `DC_AUTH_TOKEN`
|
|
124
|
-
* 3.
|
|
117
|
+
* 3. 环境变量 `DC_AGENT_TOKEN`(Agent 专用 token)
|
|
118
|
+
* 4. 本地加密存储中的 CLI 登录态
|
|
125
119
|
*/
|
|
126
120
|
export function resolveCliAuthToken(params = {}) {
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
dbPath: params.dbPath,
|
|
135
|
-
})?.token;
|
|
121
|
+
return resolveInvocationToken({
|
|
122
|
+
explicitToken: params.explicitToken,
|
|
123
|
+
env: params.env,
|
|
124
|
+
storedToken: readCliAuthState({
|
|
125
|
+
dbPath: params.dbPath,
|
|
126
|
+
})?.token,
|
|
127
|
+
});
|
|
136
128
|
}
|
|
137
129
|
/**
|
|
138
130
|
* 生成标准 Authorization 头值。
|
|
139
131
|
*/
|
|
140
132
|
export function formatCliBearerHeaderValue(tokenInput) {
|
|
141
|
-
|
|
142
|
-
return token ? `Bearer ${token}` : undefined;
|
|
133
|
+
return formatBearerHeaderValue(tokenInput);
|
|
143
134
|
}
|
|
144
135
|
//# sourceMappingURL=CliAuthStateStore.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CliAuthStateStore.js","sourceRoot":"","sources":["../../../src/main/auth/CliAuthStateStore.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,MAAM,UAAU,CAAC;AAC1B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAEtE,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EACL,wBAAwB,EACxB,mBAAmB,EACnB,wBAAwB,GACzB,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EAAE,MAAM,EAA4B,MAAM,8BAA8B,CAAC;AAEhF,MAAM,kBAAkB,GAAG,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"CliAuthStateStore.js","sourceRoot":"","sources":["../../../src/main/auth/CliAuthStateStore.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,MAAM,UAAU,CAAC;AAC1B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAEtE,OAAO,EACL,uBAAuB,EACvB,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EACL,wBAAwB,EACxB,mBAAmB,EACnB,wBAAwB,GACzB,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EAAE,MAAM,EAA4B,MAAM,8BAA8B,CAAC;AAEhF,MAAM,kBAAkB,GAAG,gBAAgB,CAAC;AAW5C,SAAS,gBAAgB,CACvB,OAAiC,EACjC,QAA6C;IAE7C,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,IAAI,oBAAoB,EAAE,CAAC,CAAC;IACtE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;IACvC,MAAM,MAAM,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IACpC,MAAM,OAAO,GAAwB;QACnC,MAAM;QACN,EAAE,EAAE,OAAO,CAAC,MAAM,CAAC;KACpB,CAAC;IACF,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAClC,IAAI,CAAC;QACH,OAAO,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;YAAS,CAAC;QACT,MAAM,CAAC,KAAK,EAAE,CAAC;IACjB,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB,CAC/B,OAAiC,EACjC,QAA6C;IAE7C,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,IAAI,oBAAoB,EAAE,CAAC,CAAC;IACtE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,MAAM,MAAM,GAAG,IAAI,QAAQ,CAAC,MAAM,EAAE;QAClC,QAAQ,EAAE,IAAI;QACd,aAAa,EAAE,IAAI;KACpB,CAAC,CAAC;IACH,MAAM,OAAO,GAAwB;QACnC,MAAM;QACN,EAAE,EAAE,OAAO,CAAC,MAAM,CAAC;KACpB,CAAC;IACF,IAAI,CAAC;QACH,OAAO,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;YAAS,CAAC;QACT,MAAM,CAAC,KAAK,EAAE,CAAC;IACjB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,UAAoC,EAAE;IAEtC,IAAI,CAAC;QACH,OAAO,wBAAwB,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,EAAE;YACnD,MAAM,MAAM,GAAG,wBAAwB,CAAwB,OAAO,EAAE,kBAAkB,CAAC,CAAC;YAC5F,MAAM,KAAK,GAAG,oBAAoB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAClD,IAAI,CAAC,KAAK;gBAAE,OAAO,IAAI,CAAC;YACxB,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,EAAE,QAAQ,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YACvD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YACnD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YACrE,OAAO;gBACL,KAAK;gBACL,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjC,GAAG,CAAC,MAAM,KAAK,WAAW,IAAI,MAAM,KAAK,OAAO,IAAI,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,SAAS;oBAC7F,CAAC,CAAC,EAAE,MAAM,EAAE;oBACZ,CAAC,CAAC,EAAE,CAAC;gBACP,SAAS;aACV,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAC/B,KAIC,EACD,UAAoC,EAAE;IAEtC,MAAM,KAAK,GAAG,oBAAoB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAChD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACrD,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;IAC5B,MAAM,SAAS,GAAiB;QAC9B,KAAK;QACL,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7B,SAAS,EAAE,MAAM,EAAE;KACpB,CAAC;IACF,gBAAgB,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,EAAE;QACpC,wBAAwB,CAAC,OAAO,EAAE,kBAAkB,EAAE,SAAS,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IACH,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAC/B,UAAoC,EAAE;IAEtC,gBAAgB,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,EAAE;QACpC,mBAAmB,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAAC,SAIhC,EAAE;IACJ,OAAO,sBAAsB,CAAC;QAC5B,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,WAAW,EAAE,gBAAgB,CAAC;YAC5B,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,EAAE,KAAK;KACV,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CAAC,UAA8B;IACvE,OAAO,uBAAuB,CAAC,UAAU,CAAC,CAAC;AAC7C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RoutePolicy.d.ts","sourceRoot":"","sources":["../../../src/main/auth/RoutePolicy.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAGjE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAA8B,KAAK,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"RoutePolicy.d.ts","sourceRoot":"","sources":["../../../src/main/auth/RoutePolicy.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAGjE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAA8B,KAAK,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAE/F;;GAEG;AACH,eAAO,MAAM,0BAA0B,EAAE,eAAe,EAoEvD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,8BAA8B,EAAE,eAAe,EA8D3D,CAAC;AAEF;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,eAAe,EAAE,GAC1B,eAAe,GAAG,IAAI,CASxB;AAED;;GAEG;AACH,wBAAgB,8BAA8B,CAC5C,WAAW,EAAE,WAAW,EACxB,QAAQ,GAAE,eAAe,EAA+B,GACvD,iBAAiB,CAAC;IAAE,SAAS,EAAE,uBAAuB,CAAA;CAAE,CAAC,CA4B3D"}
|
|
@@ -7,7 +7,6 @@
|
|
|
7
7
|
*/
|
|
8
8
|
import { isAuthError as isAuthDomainError } from "./AuthError.js";
|
|
9
9
|
import { AUTH_PRINCIPAL_CONTEXT_KEY } from "./AuthMiddleware.js";
|
|
10
|
-
import { createInternalRuntimeAuthPrincipal, isInternalRuntimeBearerHeader, } from "./InternalRuntimeAuth.js";
|
|
11
10
|
/**
|
|
12
11
|
* Server 侧路由权限矩阵。
|
|
13
12
|
*/
|
|
@@ -171,11 +170,6 @@ export function createRouteAuthGuardMiddleware(authService, policies = SERVER_AU
|
|
|
171
170
|
await next();
|
|
172
171
|
return;
|
|
173
172
|
}
|
|
174
|
-
if (isInternalRuntimeBearerHeader(c.req.header("authorization"))) {
|
|
175
|
-
c.set(AUTH_PRINCIPAL_CONTEXT_KEY, createInternalRuntimeAuthPrincipal());
|
|
176
|
-
await next();
|
|
177
|
-
return;
|
|
178
|
-
}
|
|
179
173
|
if (!authService.hasUsers()) {
|
|
180
174
|
await next();
|
|
181
175
|
return;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RoutePolicy.js","sourceRoot":"","sources":["../../../src/main/auth/RoutePolicy.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,EAAE,WAAW,IAAI,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAElE,OAAO,EAAE,0BAA0B,EAAgC,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"RoutePolicy.js","sourceRoot":"","sources":["../../../src/main/auth/RoutePolicy.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,EAAE,WAAW,IAAI,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAElE,OAAO,EAAE,0BAA0B,EAAgC,MAAM,qBAAqB,CAAC;AAE/F;;GAEG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAsB;IAC3D,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE;IACxD,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE;IACtD;QACE,IAAI,EAAE,cAAc;QACpB,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,eAAe,CAAC;KAClC;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,MAAM,EAAE,KAAK;QACb,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,cAAc,CAAC;KACjC;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,eAAe,CAAC;KAClC;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,eAAe,CAAC;KAClC;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,MAAM,EAAE,KAAK;QACb,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,aAAa,CAAC;KAChC;IACD;QACE,IAAI,EAAE,2BAA2B;QACjC,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,aAAa,CAAC;KAChC;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,cAAc,CAAC;KACjC;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,MAAM,EAAE,KAAK;QACb,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,WAAW,CAAC;KAC9B;IACD;QACE,IAAI,EAAE,qCAAqC;QAC3C,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,YAAY,CAAC;KAC/B;IACD;QACE,IAAI,EAAE,qCAAqC;QAC3C,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,YAAY,CAAC;KAC/B;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,IAAI;KAClB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAsB;IAC/D,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE;IACxD,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE;IACtD;QACE,IAAI,EAAE,gBAAgB;QACtB,MAAM,EAAE,KAAK;QACb,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,YAAY,CAAC;KAC/B;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,aAAa,CAAC;KAChC;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,aAAa,CAAC;KAChC;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,aAAa,CAAC;KAChC;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,aAAa,CAAC;KAChC;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,YAAY,CAAC;KAC/B;IACD;QACE,IAAI,EAAE,cAAc;QACpB,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,UAAU,CAAC;KAC7B;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,cAAc,CAAC;KACjC;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,CAAC,aAAa,CAAC;KAChC;IACD;QACE,IAAI,EAAE,WAAW;QACjB,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,IAAI;KAClB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,sBAAsB,CACpC,IAAY,EACZ,MAAc,EACd,QAA2B;IAE3B,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,GAAG,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACtE,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;QAC9B,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC;YAAE,SAAS;QAC9D,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC;YAAE,SAAS;QACxD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAC5C,WAAwB,EACxB,WAA8B,0BAA0B;IAExD,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,MAAM,MAAM,GAAG,sBAAsB,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC1E,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;YAC3C,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,EAAE,CAAC;YAC5B,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QACD,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,WAAW,CAAC,wBAAwB,CACpD,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAC9B,CAAC;YACF,iBAAiB,CAAC,SAAS,CAAC,WAAW,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;YAChE,CAAC,CAAC,GAAG,CAAC,0BAA0B,EAAE,SAAS,CAAC,CAAC;YAC7C,MAAM,IAAI,EAAE,CAAC;QACf,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC7B,OAAO,CAAC,CAAC,IAAI,CACX,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,EACxC,KAAK,CAAC,MAAa,CACpB,CAAC;YACJ,CAAC;YACD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,cAAsB,EAAE,YAAoB;IACjE,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACpE,OAAO,QAAQ,KAAK,GAAG,IAAI,QAAQ,KAAK,YAAY,CAAC;AACvD,CAAC;AAED,SAAS,WAAW,CAAC,YAAoB,EAAE,UAAkB;IAC3D,MAAM,OAAO,GAAG,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAClD,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3B,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACpC,OAAO,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,UAAU,KAAK,OAAO,CAAC;AAChC,CAAC;AAED,SAAS,iBAAiB,CACxB,eAAoC,EACpC,cAAiD;IAEjD,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO;IAC3D,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QAAE,OAAO;IACtF,MAAM,IAAI,eAAe,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;AACtD,CAAC;AAED,MAAM,eAAgB,SAAQ,KAAK;IACxB,MAAM,CAAS;IAExB,YAAY,OAAe,EAAE,MAAc;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;QAClC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;QACzB,KAAK,KAAK,IAAI;QACd,QAAQ,IAAI,KAAK;QACjB,OAAQ,KAA8B,CAAC,MAAM,KAAK,QAAQ,CAC3D,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,OAAO,iBAAiB,CAAC,KAAK,CAAC,IAAI,eAAe,CAAC,KAAK,CAAC,CAAC;AAC5D,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Run.d.ts","sourceRoot":"","sources":["../../../src/main/commands/Run.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;
|
|
1
|
+
{"version":3,"file":"Run.d.ts","sourceRoot":"","sources":["../../../src/main/commands/Run.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAmBH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAWrD;;;;;;;;;GASG;AACH,wBAAsB,UAAU,CAC9B,GAAG,EAAE,MAAM,YAAM,EACjB,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,IAAI,CAAC,CA8Gf"}
|
package/bin/main/commands/Run.js
CHANGED
|
@@ -9,8 +9,15 @@
|
|
|
9
9
|
* - 后台常驻启动请使用 `downcity agent start`,并用
|
|
10
10
|
* `downcity agent restart` 管理。
|
|
11
11
|
*/
|
|
12
|
+
import path from "node:path";
|
|
12
13
|
import { startServer } from "../../main/index.js";
|
|
13
|
-
import {
|
|
14
|
+
import { ensureAgentToken, rotateAgentTokenIfNeeded } from "../../main/auth/AgentTokenService.js";
|
|
15
|
+
import { injectAgentTokenIntoEnv } from "../../main/auth/AuthEnv.js";
|
|
16
|
+
/**
|
|
17
|
+
* Token 轮换检查间隔(毫秒)
|
|
18
|
+
* 每 6 小时检查一次
|
|
19
|
+
*/
|
|
20
|
+
const TOKEN_ROTATION_CHECK_INTERVAL_MS = 6 * 60 * 60 * 1000;
|
|
14
21
|
import { getExecutionContext, initAgentState, stopAgentHotReload, } from "../../agent/AgentState.js";
|
|
15
22
|
import { logger } from "../../utils/logger/Logger.js";
|
|
16
23
|
import { startAllServices, stopAllServices, } from "../../main/service/Manager.js";
|
|
@@ -53,7 +60,13 @@ export async function runCommand(cwd = ".", options) {
|
|
|
53
60
|
const host = (options.host ?? "0.0.0.0").trim();
|
|
54
61
|
process.env.DC_SERVER_PORT = String(port);
|
|
55
62
|
process.env.DC_SERVER_HOST = host;
|
|
56
|
-
|
|
63
|
+
// 为当前 Agent 签发专用 token(前台模式)
|
|
64
|
+
const agentRoot = path.resolve(cwd);
|
|
65
|
+
const agentToken = ensureAgentToken(agentRoot);
|
|
66
|
+
injectAgentTokenIntoEnv({
|
|
67
|
+
targetEnv: process.env,
|
|
68
|
+
token: agentToken.token,
|
|
69
|
+
});
|
|
57
70
|
// Create and start server
|
|
58
71
|
const server = await startServer({
|
|
59
72
|
port,
|
|
@@ -112,5 +125,41 @@ export async function runCommand(cwd = ".", options) {
|
|
|
112
125
|
logger.error(`Service schedule runtime bootstrap failed: ${String(e)}`);
|
|
113
126
|
}
|
|
114
127
|
logger.info("=== Downcity Started ===");
|
|
128
|
+
// 启动 Token 自动轮换定时器
|
|
129
|
+
startTokenRotationTimer(agentRoot);
|
|
130
|
+
}
|
|
131
|
+
/**
|
|
132
|
+
* 启动 Token 自动轮换定时器。
|
|
133
|
+
*
|
|
134
|
+
* 关键点(中文)
|
|
135
|
+
* - 每 6 小时检查一次 token 是否需要轮换
|
|
136
|
+
* - 如果 token 即将过期(< 1 天),自动创建新 token
|
|
137
|
+
* - 轮换后更新进程环境变量 DC_AGENT_TOKEN
|
|
138
|
+
*/
|
|
139
|
+
function startTokenRotationTimer(agentRoot) {
|
|
140
|
+
const checkAndRotate = () => {
|
|
141
|
+
try {
|
|
142
|
+
const result = rotateAgentTokenIfNeeded(agentRoot);
|
|
143
|
+
if (result?.rotated) {
|
|
144
|
+
// 更新进程环境变量,后续 shell 子进程会使用新 token
|
|
145
|
+
injectAgentTokenIntoEnv({
|
|
146
|
+
targetEnv: process.env,
|
|
147
|
+
token: result.token,
|
|
148
|
+
});
|
|
149
|
+
logger.info(`Agent token rotated, new token expires at ${result.expiresAt}`);
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
catch (error) {
|
|
153
|
+
logger.error(`Token rotation check failed: ${String(error)}`);
|
|
154
|
+
}
|
|
155
|
+
};
|
|
156
|
+
// 立即执行一次检查
|
|
157
|
+
checkAndRotate();
|
|
158
|
+
// 设置定时器
|
|
159
|
+
const timer = setInterval(checkAndRotate, TOKEN_ROTATION_CHECK_INTERVAL_MS);
|
|
160
|
+
// 确保 timer 不会阻止进程退出
|
|
161
|
+
if (typeof timer.unref === "function") {
|
|
162
|
+
timer.unref();
|
|
163
|
+
}
|
|
115
164
|
}
|
|
116
165
|
//# sourceMappingURL=Run.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Run.js","sourceRoot":"","sources":["../../../src/main/commands/Run.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"Run.js","sourceRoot":"","sources":["../../../src/main/commands/Run.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,wBAAwB,EAAE,MAAM,kCAAkC,CAAC;AAC9F,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AAEjE;;;GAGG;AACH,MAAM,gCAAgC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE5D,OAAO,EACL,mBAAmB,EAEnB,cAAc,EACd,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AACjD,OAAO,EACL,gBAAgB,EAChB,eAAe,GAChB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,2BAA2B,EAC3B,0BAA0B,GAC3B,MAAM,oCAAoC,CAAC;AAE5C;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,MAAc,GAAG,EACjB,OAAqB;IAErB,wDAAwD;IACxD,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;IAC1B,qDAAqD;IACrD,MAAM,SAAS,GAAG,CAChB,KAAkC,EAClC,KAAa,EACO,EAAE;QACtB,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,EAAE;YAAE,OAAO,SAAS,CAAC;QAC5E,MAAM,GAAG,GACP,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QACzE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,mBAAmB,CAAC,CAAC;QAC/C,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,GAAG,GAAG,KAAK,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,yCAAyC,CAAC,CAAC;QACrE,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC;IACF,iEAAiE;IACjE,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC;IACjD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;IAEhD,OAAO,CAAC,GAAG,CAAC,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,CAAC,cAAc,GAAG,IAAI,CAAC;IAElC,6BAA6B;IAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,UAAU,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAC/C,uBAAuB,CAAC;QACtB,SAAS,EAAE,OAAO,CAAC,GAAG;QACtB,KAAK,EAAE,UAAU,CAAC,KAAK;KACxB,CAAC,CAAC;IAEH,0BAA0B;IAC1B,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC;QAC/B,IAAI;QACJ,IAAI;KACL,CAAC,CAAC;IAEH,SAAS;IACT,iDAAiD;IACjD,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,MAAM,QAAQ,GAAG,KAAK,EAAE,MAAc,EAAE,EAAE;QACxC,IAAI,cAAc;YAAE,OAAO;QAC3B,cAAc,GAAG,IAAI,CAAC;QAEtB,MAAM,CAAC,IAAI,CAAC,YAAY,MAAM,2BAA2B,CAAC,CAAC;QAE3D,wBAAwB;QACxB,kBAAkB,EAAE,CAAC;QAErB,yCAAyC;QACzC,IAAI,CAAC;YACH,MAAM,0BAA0B,EAAE,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,eAAe;QACf,IAAI,CAAC;YACH,MAAM,eAAe,CAAC,mBAAmB,EAAE,CAAC,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,QAAQ;QACR,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;QAEpB,YAAY;QACZ,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC;QAE3B,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QACnC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/C,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IAEjD,uCAAuC;IACvC,gCAAgC;IAChC,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,mBAAmB,EAAE,CAAC,CAAC;QAChE,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;YACrC,IAAI,IAAI,CAAC,OAAO;gBAAE,SAAS;YAC3B,MAAM,CAAC,KAAK,CACV,yBAAyB,IAAI,CAAC,OAAO,EAAE,IAAI,IAAI,SAAS,MAAM,IAAI,CAAC,KAAK,IAAI,eAAe,EAAE,CAC9F,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,CAAC,6BAA6B,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,CAAC;QACH,MAAM,2BAA2B,CAAC,mBAAmB,EAAE,CAAC,CAAC;IAC3D,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,CAAC,8CAA8C,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAExC,mBAAmB;IACnB,uBAAuB,CAAC,SAAS,CAAC,CAAC;AACrC,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,uBAAuB,CAAC,SAAiB;IAChD,MAAM,cAAc,GAAG,GAAS,EAAE;QAChC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,wBAAwB,CAAC,SAAS,CAAC,CAAC;YACnD,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;gBACpB,kCAAkC;gBAClC,uBAAuB,CAAC;oBACtB,SAAS,EAAE,OAAO,CAAC,GAAG;oBACtB,KAAK,EAAE,MAAM,CAAC,KAAK;iBACpB,CAAC,CAAC;gBACH,MAAM,CAAC,IAAI,CAAC,6CAA6C,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;YAC/E,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,gCAAgC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAChE,CAAC;IACH,CAAC,CAAC;IAEF,WAAW;IACX,cAAc,EAAE,CAAC;IAEjB,QAAQ;IACR,MAAM,KAAK,GAAG,WAAW,CAAC,cAAc,EAAE,gCAAgC,CAAC,CAAC;IAE5E,oBAAoB;IACpB,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;QACtC,KAAK,CAAC,KAAK,EAAE,CAAC;IAChB,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Manager.d.ts","sourceRoot":"","sources":["../../../src/main/daemon/Manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAMH,OAAO,EAIL,KAAK,UAAU,EACf,KAAK,iBAAiB,EACvB,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"Manager.d.ts","sourceRoot":"","sources":["../../../src/main/daemon/Manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAMH,OAAO,EAIL,KAAK,UAAU,EACf,KAAK,iBAAiB,EACvB,MAAM,mBAAmB,CAAC;AAc3B;;GAEG;AACH,eAAO,MAAM,gBAAgB,GAAI,aAAa,MAAM,KAAG,MACe,CAAC;AAEvE;;GAEG;AACH,eAAO,MAAM,gBAAgB,GAAI,aAAa,MAAM,KAAG,MACe,CAAC;AAEvE;;GAEG;AACH,eAAO,MAAM,iBAAiB,GAAI,aAAa,MAAM,KAAG,MACe,CAAC;AAExE;;;;;GAKG;AACH,eAAO,MAAM,aAAa,GACxB,aAAa,MAAM,KAClB,OAAO,CAAC,MAAM,GAAG,IAAI,CAQvB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,cAAc,GAAI,KAAK,MAAM,KAAG,OAO5C,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,cAAc,GACzB,aAAa,MAAM,KAClB,OAAO,CAAC,UAAU,GAAG,IAAI,CAoB3B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B,GACrC,aAAa,MAAM,EACnB,KAAK,MAAM,KACV,OAAO,CAAC,iBAAiB,EAAE,CAqD7B,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,GAClC,aAAa,MAAM,KAClB,OAAO,CAAC,IAAI,CAcd,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,gBAAgB,GAC3B,aAAa,MAAM,EACnB,MAAM,UAAU,KACf,OAAO,CAAC,IAAI,CAId,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,kBAAkB,GAAU,QAAQ;IAC/C,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB,KAAG,OAAO,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CA2E3C,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,iBAAiB,GAAU,QAAQ;IAC9C,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,KAAG,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,CAwC7C,CAAC"}
|
|
@@ -17,6 +17,8 @@ import { spawn } from "child_process";
|
|
|
17
17
|
import { getDowncityDebugDirPath } from "../../main/env/Paths.js";
|
|
18
18
|
import { DAEMON_LOG_FILENAME, DAEMON_META_FILENAME, DAEMON_PID_FILENAME, } from "../../types/Daemon.js";
|
|
19
19
|
import { markConsoleAgentStopped, upsertConsoleAgentEntry, } from "../../main/runtime/ConsoleRegistry.js";
|
|
20
|
+
import { injectAgentTokenIntoEnv } from "../../main/auth/AuthEnv.js";
|
|
21
|
+
import { ensureAgentToken } from "../../main/auth/AgentTokenService.js";
|
|
20
22
|
/**
|
|
21
23
|
* 异步睡眠工具。
|
|
22
24
|
*/
|
|
@@ -189,15 +191,22 @@ export const startDaemonProcess = async (params) => {
|
|
|
189
191
|
}
|
|
190
192
|
const logPath = getDaemonLogPath(projectRoot);
|
|
191
193
|
const logFd = fs.openSync(logPath, "a");
|
|
194
|
+
// 为当前 Agent 签发专用 token
|
|
195
|
+
const agentToken = ensureAgentToken(projectRoot);
|
|
196
|
+
const childEnv = {
|
|
197
|
+
...process.env,
|
|
198
|
+
DOWNCITY_DAEMON: "1",
|
|
199
|
+
};
|
|
200
|
+
injectAgentTokenIntoEnv({
|
|
201
|
+
targetEnv: childEnv,
|
|
202
|
+
token: agentToken.token,
|
|
203
|
+
});
|
|
192
204
|
// 关键注释:daemon 进程必须 detached + unref 才能在父进程退出后继续运行。
|
|
193
205
|
const child = spawn(process.execPath, [cliPath, ...args], {
|
|
194
206
|
cwd: projectRoot,
|
|
195
207
|
detached: true,
|
|
196
208
|
stdio: ["ignore", logFd, logFd],
|
|
197
|
-
env:
|
|
198
|
-
...process.env,
|
|
199
|
-
DOWNCITY_DAEMON: "1",
|
|
200
|
-
},
|
|
209
|
+
env: childEnv,
|
|
201
210
|
});
|
|
202
211
|
child.unref();
|
|
203
212
|
if (!child.pid) {
|