galaxy-opc-plugin 0.1.0 → 0.2.0

package/index.ts

@@ -45,7 +45,7 @@ function resolveDbPath(configured?: string): string {
 let db: OpcDatabase | null = null;
 
 const plugin = {
-  id: "opc-platform",
+  id: "galaxy-opc-plugin",
   name: "OPC Platform",
   description: "星环OPC中心 — 一人公司孵化与赋能平台",
   configSchema: Type.Object({
@@ -101,11 +101,21 @@ const plugin = {
     // 注册上下文注入钩子
     registerContextInjector(api, db);
 
+    // 读取 gateway token 用于 API 认证
+    const gatewayToken = (() => {
+      try {
+        const cfg = api.config as Record<string, unknown>;
+        const gw = cfg?.gateway as Record<string, unknown> | undefined;
+        const auth = gw?.auth as Record<string, unknown> | undefined;
+        return auth?.token as string | undefined;
+      } catch { return undefined; }
+    })();
+
     // 注册 HTTP API
     registerHttpRoutes(api, db);
 
     // 注册 Web UI
-    registerConfigUi(api, db);
+    registerConfigUi(api, db, gatewayToken);
     registerLandingPage(api);
 
     // 注册后台服务（数据库生命周期 + 自动提醒）

package/openclaw.plugin.json

@@ -1,8 +1,8 @@
 {
-  "id": "opc-platform",
+  "id": "galaxy-opc-plugin",
   "name": "OPC Platform",
   "description": "星环OPC中心 — 一人公司孵化与赋能平台",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "skills": ["./skills"],
   "configSchema": {
     "type": "object",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "galaxy-opc-plugin",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "星环 Galaxy OPC — 一人公司孵化与赋能平台 OpenClaw 插件",
   "keywords": [
     "openclaw",

package/src/api/companies.ts

@@ -17,6 +17,7 @@ import type { OpenClawPluginApi } from "openclaw/plugin-sdk";
 import type { OpcDatabase } from "../db/index.js";
 import { CompanyManager } from "../opc/company-manager.js";
 import type { OpcCompanyStatus } from "../opc/types.js";
+import { authenticateRequest, apiRateLimiter } from "./middleware.js";
 
 const OPC_API_PREFIX = "/opc/api/companies";
 
@@ -55,7 +56,7 @@ function parseJson(body: string): Record<string, unknown> | null {
   }
 }
 
-export function registerCompanyRoutes(api: OpenClawPluginApi, db: OpcDatabase): void {
+export function registerCompanyRoutes(api: OpenClawPluginApi, db: OpcDatabase, gatewayToken?: string): void {
   const manager = new CompanyManager(db);
 
   api.registerHttpHandler(async (req, res) => {
@@ -71,6 +72,16 @@ export function registerCompanyRoutes(api: OpenClawPluginApi, db: OpcDatabase):
       return false;
     }
 
+    // 限流检查
+    if (!apiRateLimiter.check(req, res)) {
+      return true;
+    }
+
+    // 认证检查
+    if (!authenticateRequest(req, res, gatewayToken)) {
+      return true;
+    }
+
     const subPath = pathname.slice(OPC_API_PREFIX.length);
 
     try {

package/src/api/dashboard.ts

@@ -7,11 +7,22 @@
 
 import type { OpenClawPluginApi } from "openclaw/plugin-sdk";
 import type { OpcDatabase } from "../db/index.js";
+import { authenticateRequest, apiRateLimiter } from "./middleware.js";
 
-export function registerDashboardRoutes(api: OpenClawPluginApi, db: OpcDatabase): void {
+export function registerDashboardRoutes(api: OpenClawPluginApi, db: OpcDatabase, gatewayToken?: string): void {
   api.registerHttpRoute({
     path: "/opc/api/dashboard/stats",
-    handler: (_req, res) => {
+    handler: (req, res) => {
+      // 限流检查
+      if (!apiRateLimiter.check(req, res)) {
+        return;
+      }
+
+      // 认证检查
+      if (!authenticateRequest(req, res, gatewayToken)) {
+        return;
+      }
+
       try {
         const stats = db.getDashboardStats();
         res.writeHead(200, { "Content-Type": "application/json; charset=utf-8" });

package/src/api/middleware.ts

@@ -0,0 +1,44 @@
+/**
+ * 星环OPC中心 — API 中间件（认证 + 限流）
+ *
+ * 独立模块，避免 routes.ts ↔ companies.ts/dashboard.ts 循环依赖。
+ */
+
+import type { IncomingMessage, ServerResponse } from "node:http";
+import { RateLimiter } from "./rate-limiter.js";
+
+/**
+ * 验证请求的 Authorization header 中的 Bearer token。
+ * 返回 true 表示认证通过，false 表示认证失败（已发送 401 响应）。
+ */
+export function authenticateRequest(
+  req: IncomingMessage,
+  res: ServerResponse,
+  expectedToken: string | undefined,
+): boolean {
+  // 如果未配置 token，跳过认证（开发模式）
+  if (!expectedToken) return true;
+
+  // 允许 OPTIONS 预检请求通过
+  if (req.method === "OPTIONS") return true;
+
+  const authHeader = req.headers["authorization"];
+  if (!authHeader) {
+    res.writeHead(401, { "Content-Type": "application/json; charset=utf-8" });
+    res.end(JSON.stringify({ error: "未提供认证令牌", code: "AUTH_REQUIRED" }));
+    return false;
+  }
+
+  const match = authHeader.match(/^Bearer\s+(.+)$/i);
+  const token = match?.[1];
+  if (token !== expectedToken) {
+    res.writeHead(401, { "Content-Type": "application/json; charset=utf-8" });
+    res.end(JSON.stringify({ error: "认证令牌无效", code: "AUTH_INVALID" }));
+    return false;
+  }
+
+  return true;
+}
+
+// 共享限流器实例（100 req/min per IP）
+export const apiRateLimiter = new RateLimiter(100, 60_000);

package/src/api/rate-limiter.ts

@@ -0,0 +1,79 @@
+/**
+ * 星环OPC中心 — 内存滑动窗口请求限流器
+ *
+ * Per-IP 限流，默认 100 req/min。
+ */
+
+import type { IncomingMessage, ServerResponse } from "node:http";
+
+interface WindowEntry {
+  timestamps: number[];
+}
+
+export class RateLimiter {
+  private windows = new Map<string, WindowEntry>();
+  private readonly maxRequests: number;
+  private readonly windowMs: number;
+
+  constructor(maxRequests = 100, windowMs = 60_000) {
+    this.maxRequests = maxRequests;
+    this.windowMs = windowMs;
+
+    // 每 5 分钟清理过期条目，防止内存泄漏
+    setInterval(() => this.cleanup(), 300_000).unref();
+  }
+
+  /**
+   * 检查请求是否超过限流。
+   * 返回 true 表示允许通过，false 表示被限流（已发送 429 响应）。
+   */
+  check(req: IncomingMessage, res: ServerResponse): boolean {
+    const ip = this.getClientIp(req);
+    const now = Date.now();
+    const cutoff = now - this.windowMs;
+
+    let entry = this.windows.get(ip);
+    if (!entry) {
+      entry = { timestamps: [] };
+      this.windows.set(ip, entry);
+    }
+
+    // 移除窗口外的旧记录
+    entry.timestamps = entry.timestamps.filter((t) => t > cutoff);
+
+    if (entry.timestamps.length >= this.maxRequests) {
+      const retryAfter = Math.ceil((entry.timestamps[0] + this.windowMs - now) / 1000);
+      res.writeHead(429, {
+        "Content-Type": "application/json; charset=utf-8",
+        "Retry-After": String(retryAfter),
+      });
+      res.end(JSON.stringify({
+        error: "请求过于频繁，请稍后再试",
+        code: "RATE_LIMIT_EXCEEDED",
+        retryAfter,
+      }));
+      return false;
+    }
+
+    entry.timestamps.push(now);
+    return true;
+  }
+
+  private getClientIp(req: IncomingMessage): string {
+    const forwarded = req.headers["x-forwarded-for"];
+    if (typeof forwarded === "string") {
+      return forwarded.split(",")[0].trim();
+    }
+    return req.socket.remoteAddress ?? "unknown";
+  }
+
+  private cleanup(): void {
+    const cutoff = Date.now() - this.windowMs;
+    for (const [ip, entry] of this.windows) {
+      entry.timestamps = entry.timestamps.filter((t) => t > cutoff);
+      if (entry.timestamps.length === 0) {
+        this.windows.delete(ip);
+      }
+    }
+  }
+}

package/src/api/routes.ts

@@ -7,8 +7,25 @@ import type { OpcDatabase } from "../db/index.js";
 import { registerCompanyRoutes } from "./companies.js";
 import { registerDashboardRoutes } from "./dashboard.js";
 
+/**
+ * 从 OpenClaw 配置中读取 gateway auth token。
+ * 配置路径: gateway.auth.token
+ */
+function getGatewayToken(api: OpenClawPluginApi): string | undefined {
+  try {
+    const cfg = api.config as Record<string, unknown>;
+    const gateway = cfg?.gateway as Record<string, unknown> | undefined;
+    const auth = gateway?.auth as Record<string, unknown> | undefined;
+    return auth?.token as string | undefined;
+  } catch {
+    return undefined;
+  }
+}
+
 export function registerHttpRoutes(api: OpenClawPluginApi, db: OpcDatabase): void {
-  registerCompanyRoutes(api, db);
-  registerDashboardRoutes(api, db);
+  const gatewayToken = getGatewayToken(api);
+
+  registerCompanyRoutes(api, db, gatewayToken);
+  registerDashboardRoutes(api, db, gatewayToken);
   api.logger.info("opc: 已注册 HTTP API 路由");
 }

package/src/db/sqlite-adapter.test.ts

@@ -0,0 +1,304 @@
+/**
+ * 星环OPC中心 — SqliteAdapter 单元测试
+ */
+
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { SqliteAdapter } from "./sqlite-adapter.js";
+import fs from "node:fs";
+import path from "node:path";
+import os from "node:os";
+
+describe("SqliteAdapter", () => {
+  let db: SqliteAdapter;
+  let dbPath: string;
+
+  beforeEach(() => {
+    dbPath = path.join(os.tmpdir(), `opc-test-${Date.now()}-${Math.random().toString(36).slice(2)}.db`);
+    db = new SqliteAdapter(dbPath);
+  });
+
+  afterEach(() => {
+    db.close();
+    try { fs.unlinkSync(dbPath); } catch { /* ignore */ }
+    try { fs.unlinkSync(dbPath + "-wal"); } catch { /* ignore */ }
+    try { fs.unlinkSync(dbPath + "-shm"); } catch { /* ignore */ }
+  });
+
+  // ── Companies ──────────────────────────────────────────────
+  describe("Companies CRUD", () => {
+    it("should create and retrieve a company", () => {
+      const company = db.createCompany({
+        name: "测试公司",
+        industry: "科技",
+        owner_name: "张三",
+        owner_contact: "13800138000",
+        status: "pending",
+        registered_capital: 100000,
+        description: "测试描述",
+      });
+      expect(company.id).toBeTruthy();
+      expect(company.name).toBe("测试公司");
+
+      const fetched = db.getCompany(company.id);
+      expect(fetched).not.toBeNull();
+      expect(fetched!.name).toBe("测试公司");
+    });
+
+    it("should list companies and filter by status", () => {
+      db.createCompany({ name: "A", industry: "IT", owner_name: "X", owner_contact: "", status: "pending", registered_capital: 0, description: "" });
+      db.createCompany({ name: "B", industry: "IT", owner_name: "Y", owner_contact: "", status: "active", registered_capital: 0, description: "" });
+
+      expect(db.listCompanies().length).toBe(2);
+      expect(db.listCompanies("pending").length).toBe(1);
+      expect(db.listCompanies("active").length).toBe(1);
+      expect(db.listCompanies("terminated").length).toBe(0);
+    });
+
+    it("should update a company", () => {
+      const c = db.createCompany({ name: "Old", industry: "IT", owner_name: "X", owner_contact: "", status: "pending", registered_capital: 0, description: "" });
+      const updated = db.updateCompany(c.id, { name: "New", industry: "金融" });
+      expect(updated).not.toBeNull();
+      expect(updated!.name).toBe("New");
+      expect(updated!.industry).toBe("金融");
+    });
+
+    it("should return null when updating non-existent company", () => {
+      expect(db.updateCompany("fake-id", { name: "X" })).toBeNull();
+    });
+
+    it("should delete a company", () => {
+      const c = db.createCompany({ name: "Del", industry: "IT", owner_name: "X", owner_contact: "", status: "pending", registered_capital: 0, description: "" });
+      expect(db.deleteCompany(c.id)).toBe(true);
+      expect(db.getCompany(c.id)).toBeNull();
+    });
+
+    it("should return false when deleting non-existent company", () => {
+      expect(db.deleteCompany("fake-id")).toBe(false);
+    });
+  });
+
+  // ── Employees ──────────────────────────────────────────────
+  describe("Employees CRUD", () => {
+    it("should create and list employees", () => {
+      const c = db.createCompany({ name: "Emp Co", industry: "IT", owner_name: "X", owner_contact: "", status: "active", registered_capital: 0, description: "" });
+      const emp = db.createEmployee({ company_id: c.id, name: "小明", role: "finance", skills: "会计", status: "active" });
+      expect(emp.id).toBeTruthy();
+      expect(emp.name).toBe("小明");
+
+      const list = db.listEmployees(c.id);
+      expect(list.length).toBe(1);
+      expect(list[0].role).toBe("finance");
+    });
+
+    it("should get employee by id", () => {
+      const c = db.createCompany({ name: "Emp2", industry: "IT", owner_name: "X", owner_contact: "", status: "active", registered_capital: 0, description: "" });
+      const emp = db.createEmployee({ company_id: c.id, name: "小红", role: "hr", skills: "招聘", status: "active" });
+      const found = db.getEmployee(emp.id);
+      expect(found).not.toBeNull();
+      expect(found!.name).toBe("小红");
+    });
+
+    it("should return null for non-existent employee", () => {
+      expect(db.getEmployee("fake")).toBeNull();
+    });
+  });
+
+  // ── Transactions ───────────────────────────────────────────
+  describe("Transactions CRUD", () => {
+    let companyId: string;
+
+    beforeEach(() => {
+      const c = db.createCompany({ name: "Tx Co", industry: "IT", owner_name: "X", owner_contact: "", status: "active", registered_capital: 0, description: "" });
+      companyId = c.id;
+    });
+
+    it("should create and retrieve a transaction", () => {
+      const tx = db.createTransaction({
+        company_id: companyId,
+        type: "income",
+        category: "service_income",
+        amount: 5000,
+        description: "咨询服务",
+        counterparty: "客户A",
+        transaction_date: "2025-01-15",
+      });
+      expect(tx.id).toBeTruthy();
+      expect(tx.amount).toBe(5000);
+      expect(tx.type).toBe("income");
+
+      const fetched = db.getTransaction(tx.id);
+      expect(fetched).not.toBeNull();
+      expect(fetched!.counterparty).toBe("客户A");
+    });
+
+    it("should list transactions with filters", () => {
+      db.createTransaction({ company_id: companyId, type: "income", category: "other", amount: 1000, description: "", counterparty: "", transaction_date: "2025-01-01" });
+      db.createTransaction({ company_id: companyId, type: "expense", category: "rent", amount: 2000, description: "", counterparty: "", transaction_date: "2025-02-01" });
+      db.createTransaction({ company_id: companyId, type: "income", category: "other", amount: 3000, description: "", counterparty: "", transaction_date: "2025-03-01" });
+
+      expect(db.listTransactions(companyId).length).toBe(3);
+      expect(db.listTransactions(companyId, { type: "income" }).length).toBe(2);
+      expect(db.listTransactions(companyId, { type: "expense" }).length).toBe(1);
+      expect(db.listTransactions(companyId, { startDate: "2025-02-01" }).length).toBe(2);
+      expect(db.listTransactions(companyId, { endDate: "2025-01-31" }).length).toBe(1);
+      expect(db.listTransactions(companyId, { limit: 1 }).length).toBe(1);
+    });
+
+    it("should return null for non-existent transaction", () => {
+      expect(db.getTransaction("fake")).toBeNull();
+    });
+  });
+
+  // ── Finance Summary ────────────────────────────────────────
+  describe("getFinanceSummary", () => {
+    it("should compute correct financial totals", () => {
+      const c = db.createCompany({ name: "Fin Co", industry: "IT", owner_name: "X", owner_contact: "", status: "active", registered_capital: 0, description: "" });
+      db.createTransaction({ company_id: c.id, type: "income", category: "other", amount: 10000, description: "", counterparty: "", transaction_date: "2025-01-15" });
+      db.createTransaction({ company_id: c.id, type: "income", category: "other", amount: 5000, description: "", counterparty: "", transaction_date: "2025-01-20" });
+      db.createTransaction({ company_id: c.id, type: "expense", category: "rent", amount: 3000, description: "", counterparty: "", transaction_date: "2025-01-25" });
+
+      const summary = db.getFinanceSummary(c.id);
+      expect(summary.total_income).toBe(15000);
+      expect(summary.total_expense).toBe(3000);
+      expect(summary.net).toBe(12000);
+      expect(summary.count).toBe(3);
+    });
+
+    it("should filter by date range", () => {
+      const c = db.createCompany({ name: "Fin2", industry: "IT", owner_name: "X", owner_contact: "", status: "active", registered_capital: 0, description: "" });
+      db.createTransaction({ company_id: c.id, type: "income", category: "other", amount: 1000, description: "", counterparty: "", transaction_date: "2025-01-15" });
+      db.createTransaction({ company_id: c.id, type: "income", category: "other", amount: 2000, description: "", counterparty: "", transaction_date: "2025-03-15" });
+
+      const jan = db.getFinanceSummary(c.id, "2025-01-01", "2025-01-31");
+      expect(jan.total_income).toBe(1000);
+
+      const all = db.getFinanceSummary(c.id);
+      expect(all.total_income).toBe(3000);
+    });
+
+    it("should return zeros for company with no transactions", () => {
+      const c = db.createCompany({ name: "Empty", industry: "IT", owner_name: "X", owner_contact: "", status: "active", registered_capital: 0, description: "" });
+      const summary = db.getFinanceSummary(c.id);
+      expect(summary.total_income).toBe(0);
+      expect(summary.total_expense).toBe(0);
+      expect(summary.net).toBe(0);
+      expect(summary.count).toBe(0);
+    });
+  });
+
+  // ── Contacts ───────────────────────────────────────────────
+  describe("Contacts CRUD", () => {
+    let companyId: string;
+
+    beforeEach(() => {
+      const c = db.createCompany({ name: "Ct Co", industry: "IT", owner_name: "X", owner_contact: "", status: "active", registered_capital: 0, description: "" });
+      companyId = c.id;
+    });
+
+    it("should create and retrieve a contact", () => {
+      const contact = db.createContact({
+        company_id: companyId,
+        name: "王经理",
+        phone: "13900139000",
+        email: "wang@example.com",
+        company_name: "客户公司",
+        tags: '["VIP"]',
+        notes: "重要客户",
+        last_contact_date: "2025-01-01",
+      });
+      expect(contact.id).toBeTruthy();
+      expect(contact.name).toBe("王经理");
+
+      const fetched = db.getContact(contact.id);
+      expect(fetched).not.toBeNull();
+      expect(fetched!.email).toBe("wang@example.com");
+    });
+
+    it("should list contacts and filter by tag", () => {
+      db.createContact({ company_id: companyId, name: "A", phone: "", email: "", company_name: "", tags: '["VIP"]', notes: "", last_contact_date: "" });
+      db.createContact({ company_id: companyId, name: "B", phone: "", email: "", company_name: "", tags: '["供应商"]', notes: "", last_contact_date: "" });
+
+      expect(db.listContacts(companyId).length).toBe(2);
+      expect(db.listContacts(companyId, "VIP").length).toBe(1);
+      expect(db.listContacts(companyId, "供应商").length).toBe(1);
+    });
+
+    it("should update a contact", () => {
+      const ct = db.createContact({ company_id: companyId, name: "Old", phone: "", email: "", company_name: "", tags: "[]", notes: "", last_contact_date: "" });
+      const updated = db.updateContact(ct.id, { name: "New", phone: "12345" });
+      expect(updated).not.toBeNull();
+      expect(updated!.name).toBe("New");
+      expect(updated!.phone).toBe("12345");
+    });
+
+    it("should return null when updating non-existent contact", () => {
+      expect(db.updateContact("fake", { name: "X" })).toBeNull();
+    });
+
+    it("should delete a contact", () => {
+      const ct = db.createContact({ company_id: companyId, name: "Del", phone: "", email: "", company_name: "", tags: "[]", notes: "", last_contact_date: "" });
+      expect(db.deleteContact(ct.id)).toBe(true);
+      expect(db.getContact(ct.id)).toBeNull();
+    });
+
+    it("should return false when deleting non-existent contact", () => {
+      expect(db.deleteContact("fake")).toBe(false);
+    });
+  });
+
+  // ── Dashboard Stats ────────────────────────────────────────
+  describe("getDashboardStats", () => {
+    it("should return correct aggregate stats", () => {
+      const c1 = db.createCompany({ name: "S1", industry: "IT", owner_name: "X", owner_contact: "", status: "active", registered_capital: 0, description: "" });
+      db.createCompany({ name: "S2", industry: "IT", owner_name: "Y", owner_contact: "", status: "pending", registered_capital: 0, description: "" });
+      db.createTransaction({ company_id: c1.id, type: "income", category: "other", amount: 10000, description: "", counterparty: "", transaction_date: "2025-01-01" });
+      db.createTransaction({ company_id: c1.id, type: "expense", category: "rent", amount: 3000, description: "", counterparty: "", transaction_date: "2025-01-01" });
+      db.createContact({ company_id: c1.id, name: "Contact1", phone: "", email: "", company_name: "", tags: "[]", notes: "", last_contact_date: "" });
+
+      const stats = db.getDashboardStats();
+      expect(stats.total_companies).toBe(2);
+      expect(stats.active_companies).toBe(1);
+      expect(stats.total_transactions).toBe(2);
+      expect(stats.total_contacts).toBe(1);
+      expect(stats.total_revenue).toBe(10000);
+      expect(stats.total_expense).toBe(3000);
+    });
+
+    it("should return zeros for empty database", () => {
+      const stats = db.getDashboardStats();
+      expect(stats.total_companies).toBe(0);
+      expect(stats.active_companies).toBe(0);
+      expect(stats.total_transactions).toBe(0);
+      expect(stats.total_contacts).toBe(0);
+    });
+  });
+
+  // ── Generic query methods ──────────────────────────────────
+  describe("Generic query methods", () => {
+    it("genId should generate unique ids", () => {
+      const ids = new Set<string>();
+      for (let i = 0; i < 100; i++) {
+        ids.add(db.genId());
+      }
+      expect(ids.size).toBe(100);
+    });
+
+    it("query should return rows", () => {
+      db.createCompany({ name: "Q1", industry: "IT", owner_name: "X", owner_contact: "", status: "active", registered_capital: 0, description: "" });
+      const rows = db.query("SELECT * FROM opc_companies WHERE status = ?", "active");
+      expect(rows.length).toBe(1);
+    });
+
+    it("queryOne should return single row", () => {
+      db.createCompany({ name: "Q2", industry: "IT", owner_name: "X", owner_contact: "", status: "active", registered_capital: 0, description: "" });
+      const row = db.queryOne("SELECT COUNT(*) as cnt FROM opc_companies") as { cnt: number };
+      expect(row.cnt).toBe(1);
+    });
+
+    it("execute should return changes count", () => {
+      db.createCompany({ name: "E1", industry: "IT", owner_name: "X", owner_contact: "", status: "pending", registered_capital: 0, description: "" });
+      const result = db.execute("UPDATE opc_companies SET industry = ? WHERE status = ?", "金融", "pending");
+      expect(result.changes).toBe(1);
+    });
+  });
+});

package/src/db/sqlite-adapter.ts

@@ -335,7 +335,7 @@ export class SqliteAdapter implements OpcDatabase {
       .prepare(
         `SELECT
           COUNT(*) as total,
-          SUM(CASE WHEN status='active' THEN 1 ELSE 0 END) as active
+          COALESCE(SUM(CASE WHEN status='active' THEN 1 ELSE 0 END), 0) as active
         FROM opc_companies`,
       )
       .get() as { total: number; active: number };