hikvision-server 1.0.0

package/src/manager.ts

@@ -0,0 +1,492 @@
+/**
+ * Hikvision Manager - 独立管理服务
+ * 
+ * 只负责 API Server 的启动/停止/状态查询
+ * 独立端口运行，即使 API Server 停止也能被访问
+ */
+
+import express from 'express';
+import cors from 'cors';
+import * as fs from 'fs';
+import * as path from 'path';
+import { fileURLToPath } from 'url';
+import { fork } from 'child_process';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+// dist/manager.js 在 packages/server/dist/，向上三级到项目根目录
+const PROJECT_ROOT = path.resolve(__dirname, '../../../');
+const API_SERVER_SCRIPT = path.resolve(__dirname, '../dist/index.js');
+const PID_PATH = path.resolve(PROJECT_ROOT, '.server.pid');
+const CONFIG_PATH = path.resolve(PROJECT_ROOT, 'packages/server/config.json');
+
+const app = express();
+const PORT = parseInt(process.env.MANAGER_PORT || '3001', 10);
+
+// 加载配置
+let configData: any = {};
+try {
+  if (fs.existsSync(CONFIG_PATH)) {
+    configData = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf-8'));
+  }
+} catch {}
+
+// CORS 白名单配置
+// 优先级：环境变量 CORS_ORIGIN > config.json manager.corsOrigins > 内置默认
+// 端口从 config.json web.port 读取，未配置则默认 3030
+const getCorsOrigins = (): string[] => {
+  const webPort = configData?.web?.port || 3030;
+  
+  // 1. 环境变量（逗号分隔，支持带端口或不带端口）
+  if (process.env.CORS_ORIGIN) {
+    return process.env.CORS_ORIGIN.split(',').map(s => {
+      const origin = s.trim();
+      // 不带端口的自动拼接 webPort
+      if (origin && !origin.includes(':')) {
+        return `${origin}:${webPort}`;
+      }
+      return origin;
+    }).filter(Boolean);
+  }
+  
+  // 2. config.json 配置（只配 IP，协议和端口自动拼接）
+  if (configData?.manager?.corsOrigins && Array.isArray(configData.manager.corsOrigins)) {
+    return configData.manager.corsOrigins.map((s: string) => {
+      const ip = s.trim();
+      if (!ip) return '';
+      // 自动拼接 http:// 和 :webPort
+      return `http://${ip}:${webPort}`;
+    }).filter(Boolean);
+  }
+  
+  // 3. 内置默认本机（不需要配置，端口从 web.port 读取）
+  return [
+    `http://localhost:${webPort}`,
+    `http://127.0.0.1:${webPort}`,
+  ];
+};
+
+app.use(cors({
+  origin: getCorsOrigins(),
+  credentials: true,
+}));
+
+// API Key 认证
+const API_KEY = process.env.MANAGER_API_KEY || configData?.auth?.apiKey || '';
+
+// 白名单路由（不需要认证）
+const PUBLIC_ROUTES = ['/api/health', '/api/manager/status'];
+
+// 时序安全的密钥比较
+function safeCompare(a: string, b: string): boolean {
+  if (a.length !== b.length) return false;
+  // 使用 Node.js 的 timingSafeEqual 进行恒定时间比较
+  try {
+    const crypto = require('crypto');
+    return crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b));
+  } catch {
+    // Fallback: constant-time comparison to prevent timing attacks
+    let result = 0;
+    for (let i = 0; i < a.length; i++) {
+      result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    }
+    return result === 0;
+  }
+}
+
+// 认证中间件
+function authMiddleware(req: any, res: any, next: any) {
+  // 公开路由放行
+  if (PUBLIC_ROUTES.some(r => req.path.startsWith(r))) {
+    return next();
+  }
+
+  // 检查 API Key
+  if (!API_KEY) {
+    // 未配置 API Key，生产模式必须拒绝
+    if (process.env.NODE_ENV === 'production') {
+      return res.status(503).json({
+        success: false,
+        message: '服务配置不完整：MANAGER_API_KEY 未设置'
+      });
+    }
+    // 开发模式允许未授权访问（但输出警告）
+    console.warn('⚠️ 警告：Manager 服务运行于无认证模式（开发模式）');
+    return next();
+  }
+
+  const apiKey = req.headers['x-api-key'];
+  if (!apiKey) {
+    return res.status(401).json({ success: false, message: '未授权：缺少 API Key' });
+  }
+  if (!safeCompare(apiKey, API_KEY)) {
+    return res.status(401).json({ success: false, message: '未授权：无效的 API Key' });
+  }
+
+  next();
+}
+
+app.use(authMiddleware);
+
+// 脱敏显示：前2位 + **** + 后2位
+function maskSecret(value: string): string {
+  if (!value) return '';
+  if (value.length <= 4) return '****';
+  return value.slice(0, 2) + '****' + value.slice(-2);
+}
+
+// 检查 API Server 是否运行
+function isServerRunning(): { running: boolean; pid?: number } {
+  if (!fs.existsSync(PID_PATH)) {
+    // PID 文件不存在，检查端口是否被占用（可能是外部启动的）
+    const apiPort = parseInt(process.env.API_SERVER_PORT || '3000', 10);
+    const hexPort = apiPort.toString(16).toUpperCase().padStart(4, '0');
+    
+    try {
+      // 检查 /proc/net/tcp 和 /proc/net/tcp6
+      for (const netFile of ['/proc/net/tcp', '/proc/net/tcp6']) {
+        if (!fs.existsSync(netFile)) continue;
+        const lines = fs.readFileSync(netFile, 'utf-8').split('\n');
+        for (let i = 1; i < lines.length; i++) { // 跳过表头
+          const line = lines[i].trim();
+          if (!line) continue;
+          const parts = line.split(/\s+/);
+          if (parts.length < 10) continue;
+          const localAddr = parts[1];
+          if (localAddr.endsWith(`:${hexPort}`)) {
+            const state = parts[3];
+            // 0A = LISTEN
+            if (state === '0A') {
+              // 尝试通过 inode 找到 PID
+              const inode = parts[9];
+              try {
+                const procDirs = fs.readdirSync('/proc');
+                for (const dir of procDirs) {
+                  if (/^\d+$/.test(dir)) {
+                    try {
+                      const fdDirs = fs.readdirSync(`/proc/${dir}/fd`);
+                      for (const fd of fdDirs) {
+                        try {
+                          const link = fs.readlinkSync(`/proc/${dir}/fd/${fd}`);
+                          if (link.includes(`socket:[${inode}]`)) {
+                            return { running: true, pid: parseInt(dir) };
+                          }
+                        } catch {}
+                      }
+                    } catch {}
+                  }
+                }
+              } catch {}
+              return { running: true };
+            }
+          }
+        }
+      }
+    } catch {
+      // /proc 不可用，继续
+    }
+    return { running: false };
+  }
+  
+  try {
+    const pid = parseInt(fs.readFileSync(PID_PATH, 'utf-8').trim());
+    if (isNaN(pid)) {
+      return { running: false };
+    }
+    
+    // 检查进程是否存在
+    try {
+      process.kill(pid, 0);
+      return { running: true, pid };
+    } catch {
+      // 进程不存在，清理 PID 文件
+      fs.unlinkSync(PID_PATH);
+      return { running: false };
+    }
+  } catch {
+    return { running: false };
+  }
+}
+
+/**
+ * 启动 API Server
+ */
+app.post('/api/manager/start', async (_req, res) => {
+  const status = isServerRunning();
+  
+  if (status.running) {
+    return res.json({ 
+      success: true, 
+      message: `API Server 已在运行 (PID: ${status.pid})` 
+    });
+  }
+  
+  // 检查端口是否被占用
+  const apiPort = parseInt(process.env.API_SERVER_PORT || '3000', 10);
+  const hexPort = apiPort.toString(16).toUpperCase().padStart(4, '0');
+  
+  try {
+    for (const netFile of ['/proc/net/tcp', '/proc/net/tcp6']) {
+      if (!fs.existsSync(netFile)) continue;
+      const lines = fs.readFileSync(netFile, 'utf-8').split('\n');
+      for (let i = 1; i < lines.length; i++) {
+        const line = lines[i].trim();
+        if (!line) continue;
+        const parts = line.split(/\s+/);
+        if (parts.length < 10) continue;
+        const localAddr = parts[1];
+        if (localAddr.endsWith(`:${hexPort}`)) {
+          const state = parts[3];
+          if (state === '0A') {
+            return res.json({ 
+              success: true, 
+              message: `API Server 已在运行 (端口 ${apiPort} 被占用)` 
+            });
+          }
+        }
+      }
+    }
+  } catch {
+    // 无法检查端口，继续尝试启动
+  }
+  
+  try {
+    // 检查脚本是否存在
+    if (!fs.existsSync(API_SERVER_SCRIPT)) {
+      return res.status(500).json({ 
+        success: false, 
+        message: 'API Server 未编译，请先运行 npm run build' 
+      });
+    }
+    
+    const child = fork(API_SERVER_SCRIPT, [], {
+      cwd: PROJECT_ROOT,
+      env: { ...process.env },
+      silent: true,
+    });
+
+    // 监听子进程错误事件
+    child.on('error', (err) => {
+      console.error('❌ API Server 子进程错误:', err.message);
+      if (fs.existsSync(PID_PATH)) {
+        try {
+          fs.unlinkSync(PID_PATH);
+        } catch {}
+      }
+    });
+
+    // 监听子进程退出事件
+    child.on('exit', (code, signal) => {
+      console.log(`API Server 子进程退出: code=${code}, signal=${signal}`);
+      if (fs.existsSync(PID_PATH)) {
+        try {
+          fs.unlinkSync(PID_PATH);
+        } catch {}
+      }
+    });
+
+    if (child.pid) {
+      fs.writeFileSync(PID_PATH, String(child.pid), 'utf-8');
+    }
+
+    res.json({
+      success: true,
+      message: 'API Server 已启动',
+      pid: child.pid
+    });
+  } catch (error: any) {
+    res.status(500).json({ 
+      success: false, 
+      message: error.message || '启动失败' 
+    });
+  }
+});
+
+/**
+ * 停止 API Server
+ */
+app.post('/api/manager/stop', async (_req, res) => {
+  const status = isServerRunning();
+  
+  if (!status.running) {
+    return res.json({ success: true, message: '服务未运行' });
+  }
+  
+  try {
+    const pid = status.pid!;
+    
+    // 优雅关闭
+    process.kill(pid, 'SIGTERM');
+    
+    // 等待进程退出
+    await new Promise<void>((resolve) => {
+      const timeout = setTimeout(() => {
+        try {
+          process.kill(pid, 'SIGKILL');
+        } catch {}
+        resolve();
+      }, 3000);
+      
+      const checkInterval = setInterval(() => {
+        try {
+          process.kill(pid, 0);
+        } catch {
+          clearInterval(checkInterval);
+          clearTimeout(timeout);
+          resolve();
+        }
+      }, 100);
+    });
+    
+    // 清理 PID 文件
+    if (fs.existsSync(PID_PATH)) {
+      fs.unlinkSync(PID_PATH);
+    }
+    
+    res.json({ success: true, message: `服务已停止 (PID: ${pid})` });
+  } catch (error: any) {
+    if (error.code === 'ESRCH') {
+      if (fs.existsSync(PID_PATH)) {
+        fs.unlinkSync(PID_PATH);
+      }
+      res.json({ success: true, message: '服务已停止（进程不存在）' });
+    } else {
+      res.status(500).json({ success: false, message: error.message });
+    }
+  }
+});
+
+/**
+ * 重启 API Server
+ */
+app.post('/api/manager/restart', async (_req, res) => {
+  const status = isServerRunning();
+  
+  try {
+    // 先停止
+    if (status.running) {
+      const pid = status.pid!;
+      process.kill(pid, 'SIGTERM');
+      
+      await new Promise<void>((resolve) => {
+        const timeout = setTimeout(() => {
+          try { process.kill(pid, 'SIGKILL'); } catch {}
+          resolve();
+        }, 3000);
+        
+        const checkInterval = setInterval(() => {
+          try {
+            process.kill(pid, 0);
+          } catch {
+            clearInterval(checkInterval);
+            clearTimeout(timeout);
+            resolve();
+          }
+        }, 100);
+      });
+      
+      if (fs.existsSync(PID_PATH)) {
+        fs.unlinkSync(PID_PATH);
+      }
+    }
+    
+    // 再启动
+    if (!fs.existsSync(API_SERVER_SCRIPT)) {
+      return res.status(500).json({ 
+        success: false, 
+        message: 'API Server 未编译，请先运行 npm run build' 
+      });
+    }
+    
+    const child = fork(API_SERVER_SCRIPT, [], {
+      cwd: PROJECT_ROOT,
+      env: { ...process.env },
+      silent: true,
+    });
+
+    // 监听子进程错误事件
+    child.on('error', (err) => {
+      console.error('❌ API Server 子进程错误:', err.message);
+      if (fs.existsSync(PID_PATH)) {
+        try {
+          fs.unlinkSync(PID_PATH);
+        } catch {}
+      }
+    });
+
+    // 监听子进程退出事件
+    child.on('exit', (code, signal) => {
+      console.log(`API Server 子进程退出: code=${code}, signal=${signal}`);
+      if (fs.existsSync(PID_PATH)) {
+        try {
+          fs.unlinkSync(PID_PATH);
+        } catch {}
+      }
+    });
+
+    if (child.pid) {
+      fs.writeFileSync(PID_PATH, String(child.pid), 'utf-8');
+    }
+
+    res.json({
+      success: true,
+      message: '服务已重启',
+      pid: child.pid
+    });
+  } catch (error: any) {
+    res.status(500).json({ success: false, message: error.message });
+  }
+});
+
+/**
+ * 查询服务状态
+ */
+app.get('/api/manager/status', (_req, res) => {
+  const status = isServerRunning();
+  
+  res.json({
+    success: true,
+    data: {
+      isRunning: status.running,
+      pid: status.pid || null,
+      port: parseInt(process.env.API_SERVER_PORT || '3000', 10),
+    }
+  });
+});
+
+/**
+ * 读取配置文件（Manager 服务提供，API Server 不可用时使用）
+ */
+app.get('/api/config', (_req, res) => {
+  try {
+    const configPath = path.resolve(PROJECT_ROOT, 'packages/server/config.json');
+    let configData: any = {};
+    if (fs.existsSync(configPath)) {
+      configData = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+    }
+    
+    // 脱敏显示
+    const maskedConfig = {
+      ...configData,
+      hikvision: configData?.hikvision ? {
+        ...configData.hikvision,
+        appKey: configData.hikvision.appKey ? maskSecret(configData.hikvision.appKey) : '',
+        appSecret: configData.hikvision.appSecret ? maskSecret(configData.hikvision.appSecret) : '',
+      } : undefined,
+    };
+    
+    res.json({
+      success: true,
+      data: {
+        configPath,
+        fileConfig: maskedConfig,
+      }
+    });
+  } catch (error: any) {
+    res.status(500).json({ success: false, message: error.message });
+  }
+});
+
+app.listen(PORT, () => {
+  console.log(`🔧 Manager Service running on http://localhost:${PORT}`);
+  console.log(`   API Server: http://localhost:${process.env.API_SERVER_PORT || '3000'}`);
+});

package/tsconfig.json

@@ -0,0 +1,8 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "outDir": "./dist",
+    "rootDir": "./src"
+  },
+  "include": ["src/**/*"]
+}