most-box 0.1.1 → 0.1.3

package/server/src/node/config.js

@@ -6,11 +6,11 @@ import { MAX_FILE_SIZE } from '../config.js'
 const DEFAULT_CONFIG_DIR_NAME = '.most-box'
 const DEFAULT_DATA_DIR_NAME = 'most-data'
 const DEFAULT_CAPACITY_BYTES = 100 * 1024 * 1024 * 1024
+export const DEFAULT_NODE_PORT = 1976
+export const DEFAULT_NODE_HOST = '127.0.0.1'
 
 export function getDefaultConfigDir() {
-  return process.env.MOSTBOX_CONFIG_DIR
-    ? path.resolve(process.env.MOSTBOX_CONFIG_DIR)
-    : path.join(os.homedir(), DEFAULT_CONFIG_DIR_NAME)
+  return path.join(os.homedir(), DEFAULT_CONFIG_DIR_NAME)
 }
 
 export function getDefaultDataPath() {
@@ -20,11 +20,21 @@ export function getDefaultDataPath() {
 export function getDefaultNodeConfig() {
   return {
     dataPath: '',
+    host: DEFAULT_NODE_HOST,
+    port: DEFAULT_NODE_PORT,
     capacityBytes: DEFAULT_CAPACITY_BYTES,
     maxFileSizeBytes: MAX_FILE_SIZE,
+    remoteInvites: [],
   }
 }
 
+export function normalizeRemoteInvites(value = []) {
+  const items = Array.isArray(value) ? value : String(value || '').split(',')
+  return Array.from(
+    new Set(items.map(item => String(item || '').trim()).filter(Boolean))
+  )
+}
+
 export function normalizeNodeConfig(raw = {}) {
   const defaults = getDefaultNodeConfig()
   const rawNode = raw.node && typeof raw.node === 'object' ? raw.node : {}
@@ -37,13 +47,24 @@ export function normalizeNodeConfig(raw = {}) {
     rawNode.maxFileSizeBytes ?? raw.maxFileSizeBytes,
     defaults.maxFileSizeBytes
   )
+  const remoteInvites = normalizeRemoteInvites(
+    rawNode.remoteInvites ?? raw.remoteInvites ?? defaults.remoteInvites
+  )
+  const host = normalizeHost(rawNode.host ?? raw.host, defaults.host)
+  const port = normalizePositiveInteger(
+    rawNode.port ?? raw.port,
+    defaults.port
+  )
   return {
     dataPath:
       typeof raw.dataPath === 'string'
         ? raw.dataPath.trim()
         : defaults.dataPath,
+    host,
+    port,
     capacityBytes,
     maxFileSizeBytes,
+    remoteInvites,
   }
 }
 
@@ -82,9 +103,6 @@ export function createNodeConfigStore(configDir = getDefaultConfigDir()) {
   }
 
   function getDataPath() {
-    if (process.env.MOSTBOX_DATA_PATH) {
-      return process.env.MOSTBOX_DATA_PATH
-    }
     return getNodeConfig().dataPath || getDefaultDataPath()
   }
 
@@ -97,6 +115,8 @@ export function createNodeConfigStore(configDir = getDefaultConfigDir()) {
         patch.dataPath === undefined ? current.dataPath : patch.dataPath,
       node: {
         ...(raw.node && typeof raw.node === 'object' ? raw.node : {}),
+        host: patch.host === undefined ? current.host : patch.host,
+        port: patch.port === undefined ? current.port : patch.port,
         capacityBytes:
           patch.capacityBytes === undefined
             ? current.capacityBytes
@@ -105,14 +125,21 @@ export function createNodeConfigStore(configDir = getDefaultConfigDir()) {
           patch.maxFileSizeBytes === undefined
             ? current.maxFileSizeBytes
             : patch.maxFileSizeBytes,
+        remoteInvites:
+          patch.remoteInvites === undefined
+            ? current.remoteInvites
+            : patch.remoteInvites,
       },
     })
 
     const saved = {
       dataPath: next.dataPath,
       node: {
+        host: next.host,
+        port: next.port,
         capacityBytes: next.capacityBytes,
         maxFileSizeBytes: next.maxFileSizeBytes,
+        remoteInvites: next.remoteInvites,
         updatedAt: new Date().toISOString(),
       },
     }
@@ -157,3 +184,8 @@ function normalizePositiveInteger(value, fallback) {
   }
   return Math.floor(parsed)
 }
+
+function normalizeHost(value, fallback) {
+  const host = String(value || '').trim()
+  return host || fallback
+}

package/server/src/utils/api.js

@@ -1,15 +1,14 @@
 import ky from 'ky'
+import { buildAuthHeaders, normalizeAuthPath } from './auth.js'
 
 const STORAGE_KEY = 'mostbox_backend_url'
+const INVITE_STORAGE_KEY = 'mostbox_backend_invite'
 const LOCALHOST_BACKEND_URL = 'http://localhost:1976'
 
 function isLocalFrontendOrigin() {
   if (typeof window === 'undefined') return false
 
-  return (
-    ['localhost', '127.0.0.1'].includes(window.location.hostname) &&
-    window.location.port === '3000'
-  )
+  return ['localhost', '127.0.0.1'].includes(window.location.hostname)
 }
 
 function getDefaultBackendUrl() {
@@ -21,14 +20,136 @@ function getBackendUrl() {
   return localStorage.getItem(STORAGE_KEY) || getDefaultBackendUrl()
 }
 
+function getConfiguredBackendUrl() {
+  if (typeof window === 'undefined') return ''
+  return localStorage.getItem(STORAGE_KEY) || ''
+}
+
+function getRemoteBackendUrl() {
+  const configured = getConfiguredBackendUrl()
+  if (!configured) return ''
+  try {
+    const { hostname } = new URL(configured)
+    return ['localhost', '127.0.0.1', '::1'].includes(hostname)
+      ? ''
+      : configured
+  } catch {
+    return configured
+  }
+}
+
+function getBackendInvite() {
+  if (typeof window === 'undefined') return ''
+  return localStorage.getItem(INVITE_STORAGE_KEY) || ''
+}
+
+function normalizeBackendUrl(url) {
+  return (url || '').trim().replace(/\/+$/, '')
+}
+
+function isLocalBackendUrl(url) {
+  const value = normalizeBackendUrl(url)
+  if (!value) return false
+  try {
+    const { hostname } = new URL(value)
+    const normalized = hostname.toLowerCase()
+    return (
+      normalized === 'localhost' ||
+      normalized === '::1' ||
+      normalized === '[::1]' ||
+      normalized === '127.0.0.1' ||
+      normalized.startsWith('127.')
+    )
+  } catch {
+    return false
+  }
+}
+
+function shouldAttachBackendInvite(url = getBackendUrl()) {
+  return Boolean(getBackendInvite()) && !isLocalBackendUrl(url)
+}
+
+function getStoredIdentity() {
+  if (typeof window === 'undefined') return null
+  try {
+    const raw = localStorage.getItem('mostbox_identity')
+    return raw ? JSON.parse(raw) : null
+  } catch {
+    return null
+  }
+}
+
 function normalizePath(path) {
   return path.startsWith('/') ? path : `/${path}`
 }
 
+function getBackendAuthPath(url) {
+  const requestPath = normalizeAuthPath(url)
+  const backendUrl = getBackendUrl()
+  if (!backendUrl) return requestPath
+
+  try {
+    const basePath = new URL(backendUrl).pathname.replace(/\/+$/, '')
+    if (!basePath || basePath === '/') return requestPath
+    if (requestPath === basePath) return '/'
+    if (requestPath.startsWith(`${basePath}/`)) {
+      return requestPath.slice(basePath.length)
+    }
+  } catch {}
+
+  return requestPath
+}
+
+function buildWebSocketUrl(base, wsPath = '/ws') {
+  const url = new URL(base)
+  const wsProtocol = url.protocol === 'https:' ? 'wss:' : 'ws:'
+  const basePath = url.pathname.replace(/\/+$/, '')
+  return `${wsProtocol}//${url.host}${basePath}${normalizePath(wsPath)}`
+}
+
 function createApiInstance() {
-  const url = getBackendUrl()
-  return ky.create({
-    prefix: url,
+  const client = ky.create({
+    hooks: {
+      beforeRequest: [
+        async ({ request }) => {
+          const headers = new Headers(request.headers || {})
+          const invite = getBackendInvite()
+          if (invite && shouldAttachBackendInvite(request.url)) {
+            headers.set('x-mostbox-invite', invite)
+          }
+
+          const identity = getStoredIdentity()
+          if (identity?.danger) {
+            try {
+              const authHeaders = await buildAuthHeaders(
+                identity,
+                request.method,
+                getBackendAuthPath(request.url)
+              )
+              for (const [key, value] of Object.entries(authHeaders)) {
+                headers.set(key, value)
+              }
+            } catch {
+              // Ignore invalid legacy identity data for public/backend probes.
+            }
+          }
+          return new Request(request, { headers })
+        },
+      ],
+    },
+  })
+
+  return new Proxy(client, {
+    get(target, prop, receiver) {
+      const value = Reflect.get(target, prop, receiver)
+      if (!['get', 'post', 'put', 'patch', 'delete', 'head'].includes(prop)) {
+        return value
+      }
+      return (input, options) => {
+        const nextInput = typeof input === 'string' ? getApiUrl(input) : input
+        return value.call(target, nextInput, options)
+      }
+    },
   })
 }
 
@@ -71,7 +192,7 @@ export async function getApiErrorMessage(err, fallback = '请求失败') {
     err && typeof err === 'object' && 'name' in err ? String(err.name) : ''
   if (errorName === 'TimeoutError') return '请求超时，请稍后重试'
 
-  if (!data.status && err instanceof Error && err.message) {
+  if (err instanceof Error && err.message) {
     return err.message
   }
 
@@ -79,7 +200,7 @@ export async function getApiErrorMessage(err, fallback = '请求失败') {
 }
 
 export function setBackendUrl(url) {
-  const cleaned = (url || '').trim().replace(/\/+$/, '')
+  const cleaned = normalizeBackendUrl(url)
   if (cleaned) {
     localStorage.setItem(STORAGE_KEY, cleaned)
   } else {
@@ -88,37 +209,207 @@ export function setBackendUrl(url) {
   api = createApiInstance()
 }
 
+export function setBackendInvite(invite) {
+  const cleaned = (invite || '').trim()
+  if (cleaned) {
+    localStorage.setItem(INVITE_STORAGE_KEY, cleaned)
+  } else {
+    localStorage.removeItem(INVITE_STORAGE_KEY)
+  }
+  api = createApiInstance()
+}
+
+export function configureBackend({ url, invite }) {
+  setBackendUrl(url)
+  setBackendInvite(invite)
+}
+
+export function clearBackendConnection() {
+  setBackendUrl('')
+  setBackendInvite('')
+}
+
 export function getBackendUrlExport() {
   return getBackendUrl()
 }
 
+export function getRemoteBackendUrlExport() {
+  return getRemoteBackendUrl()
+}
+
+export function getBackendInviteExport() {
+  return getBackendInvite()
+}
+
 export function getApiUrl(path) {
   const url = getBackendUrl()
   return `${url}${normalizePath(path)}`
 }
 
+export async function getApiRequestHeaders(method = 'GET', path = '/') {
+  /** @type {Record<string, string>} */
+  const headers = {}
+  const invite = getBackendInvite()
+  if (invite && shouldAttachBackendInvite()) {
+    headers['x-mostbox-invite'] = invite
+  }
+  try {
+    Object.assign(
+      headers,
+      await buildAuthHeaders(
+        getStoredIdentity(),
+        method,
+        normalizeAuthPath(path)
+      )
+    )
+  } catch {
+    // Callers that require auth will receive the server's 401 response.
+  }
+  return headers
+}
+
 export function getWebSocketUrl(path = '/ws') {
   if (typeof window === 'undefined') return normalizePath(path)
 
   const base = getBackendUrl() || window.location.origin
-  const url = new URL(normalizePath(path), base)
-  url.protocol = url.protocol === 'https:' ? 'wss:' : 'ws:'
+  return buildWebSocketUrl(base, path)
+}
+
+export async function getAuthenticatedWebSocketUrl(path = '/ws') {
+  if (typeof window === 'undefined') return normalizePath(path)
+
+  const base = getBackendUrl() || window.location.origin
+  const url = new URL(buildWebSocketUrl(base, path))
+
+  const invite = getBackendInvite()
+  if (invite && shouldAttachBackendInvite(url.toString())) {
+    url.searchParams.set('invite', invite)
+  }
+
+  const identity = getStoredIdentity()
+  if (identity?.danger) {
+    try {
+      const auth = await buildAuthHeaders(
+        identity,
+        'GET',
+        normalizeAuthPath(path)
+      )
+      const [address, timestamp, signature] = String(
+        auth.Authorization || ''
+      ).split(',')
+      if (address && signature) {
+        url.searchParams.set('address', address)
+        url.searchParams.set('timestamp', timestamp)
+        url.searchParams.set('signature', signature)
+      }
+    } catch {
+      // Leave WebSocket unauthenticated when local identity data is invalid.
+    }
+  }
+
   return url.toString()
 }
 
 export async function checkBackendConnection() {
   const url = getBackendUrl()
+  const invite = shouldAttachBackendInvite(url) ? getBackendInvite() : ''
+  return checkBackendConnectionTarget({ url, invite })
+}
+
+async function probeHttp(cleanedUrl, invite, identity) {
   try {
-    const res = await fetch(`${url}/api/node-id`, {
+    const headers = {}
+    if (invite) headers['x-mostbox-invite'] = invite
+    try {
+      Object.assign(
+        headers,
+        await buildAuthHeaders(identity, 'GET', '/api/remote/capabilities')
+      )
+    } catch {
+      // Backend detection should still work when old identity data is invalid.
+    }
+    const res = await fetch(`${cleanedUrl}/api/remote/capabilities`, {
       method: 'GET',
+      headers,
       signal: AbortSignal.timeout(3000),
     })
-    return res.ok
+    if (!res.ok) return { ok: false, reason: 'http' }
+    return { ok: true }
   } catch {
-    return false
+    return { ok: false, reason: 'http' }
+  }
+}
+
+async function probeWebSocket(cleanedUrl, invite, identity) {
+  if (typeof WebSocket === 'undefined') return { ok: true }
+  if (!identity?.danger) return { ok: true }
+
+  try {
+    const wsUrl = new URL(buildWebSocketUrl(cleanedUrl))
+
+    if (invite) {
+      wsUrl.searchParams.set('invite', invite)
+    }
+
+    if (identity?.danger) {
+      try {
+        const auth = await buildAuthHeaders(
+          identity,
+          'GET',
+          normalizeAuthPath('/ws')
+        )
+        const [address, timestamp, signature] = String(
+          auth.Authorization || ''
+        ).split(',')
+        if (address && signature) {
+          wsUrl.searchParams.set('address', address)
+          wsUrl.searchParams.set('timestamp', timestamp)
+          wsUrl.searchParams.set('signature', signature)
+        }
+      } catch {
+        // Leave WebSocket unauthenticated when local identity data is invalid.
+      }
+    }
+
+    return await new Promise(resolve => {
+      const ws = new WebSocket(wsUrl.toString())
+      const timeout = setTimeout(() => {
+        ws.close()
+        resolve({ ok: false, reason: 'ws' })
+      }, 4000)
+
+      ws.onopen = () => {
+        clearTimeout(timeout)
+        ws.close()
+        resolve({ ok: true })
+      }
+
+      ws.onerror = () => {
+        clearTimeout(timeout)
+        resolve({ ok: false, reason: 'ws' })
+      }
+    })
+  } catch {
+    return { ok: false, reason: 'ws' }
   }
 }
 
+export async function checkBackendConnectionTarget({ url, invite = '' }) {
+  const cleanedUrl = normalizeBackendUrl(url)
+  if (!cleanedUrl) return { ok: false, reason: 'http' }
+
+  const identity = getStoredIdentity()
+
+  const [httpResult, wsResult] = await Promise.all([
+    probeHttp(cleanedUrl, invite, identity),
+    probeWebSocket(cleanedUrl, invite, identity),
+  ])
+
+  if (!httpResult.ok) return httpResult
+  if (!wsResult.ok) return wsResult
+  return { ok: true }
+}
+
 export async function detectSameOriginBackend() {
   if (isLocalFrontendOrigin()) return false
 

package/server/src/utils/auth.js

@@ -0,0 +1,63 @@
+import { verifyMessage } from 'ethers'
+import { mostSignMessage } from './mostWallet.js'
+
+export const AUTH_MAX_AGE_MS = 5 * 60 * 1000
+
+export function normalizeAddress(address) {
+  const value = String(address || '').trim()
+  return /^0x[a-fA-F0-9]{40}$/.test(value) ? value.toLowerCase() : ''
+}
+
+export function buildAuthMessage(timestamp, method, path) {
+  return `${timestamp}:${String(method || 'GET').toUpperCase()}:${normalizeAuthPath(path)}`
+}
+
+export function normalizeAuthPath(path) {
+  try {
+    return new URL(path, 'http://most.box').pathname
+  } catch {
+    return String(path || '').split('?')[0] || '/'
+  }
+}
+
+export async function buildAuthHeaders(identity, method, path) {
+  if (!identity?.danger) return {}
+  const timestamp = Date.now().toString()
+  const message = buildAuthMessage(timestamp, method, path)
+  const { address, signature } = await mostSignMessage(identity.danger, message)
+  return {
+    Authorization: `${address},${timestamp},${signature}`,
+  }
+}
+
+export function verifyAuthHeader(header, method, path, options = {}) {
+  const [addressRaw, timestampRaw, signature] = String(header || '').split(',')
+  const address = normalizeAddress(addressRaw)
+  const timestamp = Number(timestampRaw)
+  const now = options.now || Date.now()
+
+  if (!address || !Number.isFinite(timestamp) || !signature) {
+    return { ok: false, error: 'Missing or invalid authorization' }
+  }
+  if (Math.abs(now - timestamp) > (options.maxAgeMs || AUTH_MAX_AGE_MS)) {
+    return { ok: false, error: 'Authorization expired' }
+  }
+
+  try {
+    const message = buildAuthMessage(timestampRaw, method, path)
+    const recovered = normalizeAddress(verifyMessage(message, signature))
+    if (recovered !== address) {
+      return { ok: false, error: 'Authorization address mismatch' }
+    }
+    return { ok: true, address }
+  } catch {
+    return { ok: false, error: 'Invalid authorization signature' }
+  }
+}
+
+export function parseInviteList(value = '') {
+  return String(value || '')
+    .split(',')
+    .map(item => item.trim())
+    .filter(Boolean)
+}

package/server/src/utils/dateTime.js

@@ -0,0 +1,30 @@
+import dayjs from 'dayjs'
+
+export function formatDate(time) {
+  if (!time) return ''
+  const date = dayjs(Number(time))
+  const hour = date.hour()
+  let timeOfDay
+
+  if (hour >= 0 && hour < 3) {
+    timeOfDay = '凌晨'
+  } else if (hour >= 3 && hour < 6) {
+    timeOfDay = '拂晓'
+  } else if (hour >= 6 && hour < 9) {
+    timeOfDay = '早晨'
+  } else if (hour >= 9 && hour < 12) {
+    timeOfDay = '上午'
+  } else if (hour >= 12 && hour < 15) {
+    timeOfDay = '下午'
+  } else if (hour >= 15 && hour < 18) {
+    timeOfDay = '傍晚'
+  } else if (hour >= 18 && hour < 21) {
+    timeOfDay = '晚上'
+  } else {
+    timeOfDay = '深夜'
+  }
+
+  return date.format(`YYYY年M月D日 ${timeOfDay}h:m`)
+}
+
+export const formatTime = formatDate

package/server/src/utils/downloadMessages.js

@@ -0,0 +1,89 @@
+import { parseMostLink } from '../core/mostLink.js'
+
+const DOWNLOAD_CHECK_MESSAGES = {
+  timeout:
+    '检测等待超时，暂时没有等到在线种子响应。请确认分享者或其他下载者仍在线做种，稍后再检测。',
+  offline: '无法连接本地节点，请确认 MostBox 后端正在运行后再检测。',
+  missingApi: '当前后端还没有检测接口，请重启 MostBox 后端后再试。',
+  validation:
+    '链接格式不正确，请粘贴完整的 most://<cid>?filename=... 分享链接。',
+  nameConflict: '下载目录已有同名文件，请先重命名或移走后再检测。',
+  noPeer:
+    '暂时没有发现在线种子。请确认分享者或其他下载者仍在线做种，稍后再检测。',
+  permission: '下载目录不可写，请检查目录权限后再检测。',
+  starting: '本地节点还没有启动完成，请稍等几秒后重新检测。',
+  server: '本地节点检测时出错，请稍后重试或查看节点日志。',
+  fallback: '检测未通过，请确认链接完整、发布者在线且本机网络正常。',
+}
+
+const LINK_VALIDATION_MESSAGES = {
+  'Link must be a valid most:// URL':
+    '链接无法解析，请粘贴完整的 most://<cid>?filename=... 分享链接。',
+  'Link must use most:// protocol': '链接协议不正确，应以 most:// 开头。',
+  'Link path is not supported':
+    '链接里不应包含路径，请使用 most://<cid>?filename=... 格式。',
+  'Invalid CID format': 'CID 无效，请确认 most:// 后面的内容没有缺失或被截断。',
+  'Invalid CID format: CID v1 required':
+    'CID 格式不符合 MostBox 要求，请确认分享链接完整。',
+  'CID digest must be 32 bytes':
+    'CID 格式不符合 MostBox 要求，请确认分享链接完整。',
+  'filename is required':
+    '链接缺少 filename 参数，请复制完整分享链接后再检测。',
+}
+
+export function getDownloadCheckErrorMessageFromPayload(
+  data = {},
+  errorName = ''
+) {
+  if (errorName === 'TimeoutError') return DOWNLOAD_CHECK_MESSAGES.timeout
+  if (!data.status) return DOWNLOAD_CHECK_MESSAGES.offline
+  if (data.status === 404) return DOWNLOAD_CHECK_MESSAGES.missingApi
+
+  switch (data.code) {
+    case 'VALIDATION_ERROR':
+      return DOWNLOAD_CHECK_MESSAGES.validation
+    case 'CONFLICT':
+      return data.error
+        ? `${data.error}，请先处理同名文件后再下载。`
+        : DOWNLOAD_CHECK_MESSAGES.nameConflict
+    case 'PEER_NOT_FOUND':
+      return DOWNLOAD_CHECK_MESSAGES.noPeer
+    case 'PERMISSION_ERROR':
+      return data.error
+        ? `下载目录不可写：${data.error}`
+        : DOWNLOAD_CHECK_MESSAGES.permission
+    case 'ENGINE_NOT_INITIALIZED':
+      return DOWNLOAD_CHECK_MESSAGES.starting
+    default:
+      break
+  }
+
+  if (data.status === 503) return DOWNLOAD_CHECK_MESSAGES.noPeer
+  if (data.status >= 500) return DOWNLOAD_CHECK_MESSAGES.server
+  return data.error
+    ? `检测未通过：${data.error}`
+    : DOWNLOAD_CHECK_MESSAGES.fallback
+}
+
+export function getDownloadLinkValidationMessage(link = '') {
+  const value = String(link || '').trim()
+  if (!value) return '请先粘贴 most:// 分享链接。'
+
+  const result = parseMostLink(value)
+  if (!result.error) {
+    return result.fileName?.trim()
+      ? null
+      : LINK_VALIDATION_MESSAGES['filename is required']
+  }
+
+  if (result.error.startsWith('Unsupported query parameter: ')) {
+    const unsupportedParam = result.error.slice(
+      'Unsupported query parameter: '.length
+    )
+    return `链接包含暂不支持的参数 ${unsupportedParam}，请只保留 filename。`
+  }
+
+  return (
+    LINK_VALIDATION_MESSAGES[result.error] || DOWNLOAD_CHECK_MESSAGES.validation
+  )
+}

package/server/src/utils/errors.js

@@ -65,6 +65,13 @@ export class ConflictError extends AppError {
   }
 }
 
+export class StorageCapacityError extends AppError {
+  constructor(message = 'Storage capacity exceeded') {
+    super(message, 'STORAGE_CAPACITY_ERROR')
+    this.name = 'StorageCapacityError'
+  }
+}
+
 export class EngineNotInitializedError extends AppError {
   constructor(message = 'Engine not initialized. Call start() first.') {
     super(message, 'ENGINE_NOT_INITIALIZED')