most-box 0.1.9 → 0.2.0

package/server/src/http/app.js

@@ -26,6 +26,7 @@ import {
   remoteInviteConfigured,
 } from './access.js'
 import { badRequestOrAppError, errorJson } from './errors.js'
+import { resolveDataPathForSave } from './dataPath.js'
 import { listFilteredNodeLogs } from './nodeLogs.js'
 import {
   buildNodeStatus,
@@ -33,11 +34,16 @@ import {
   getNetworkAddresses,
   getPackageVersion,
 } from './nodeStatus.js'
+import { createRateLimitMiddleware } from './rateLimit.js'
+import {
+  validationErrorPayload,
+  isPublicFileDownloadPath,
+  requiresUserAuth,
+  isAdminApi,
+} from './routePolicy.js'
 import { parseMultipartBusboy } from './uploads.js'
 import { getMimeType, registerStaticRoutes } from './staticFiles.js'
 
-const RATE_LIMIT_WINDOW = 60 * 1000
-const RATE_LIMIT_MAX_REQUESTS = 120
 export { UPLOAD_TMP_DIR } from './uploads.js'
 
 // --- 配置 ---
@@ -46,38 +52,10 @@ const CONFIG_DIR = defaultConfigStore.configDir
 const PORT = DEFAULT_NODE_PORT
 const HOST = DEFAULT_NODE_HOST
 
-
-
 export function getDataPath(configStore = defaultConfigStore) {
   return configStore.getDataPath()
 }
 
-function resolveDataPathForSave(inputPath) {
-  let dataPath = String(inputPath || '').trim()
-  let basePath = dataPath
-
-  if (!dataPath) {
-    return { dataPath: '' }
-  }
-
-  if (dataPath.match(/^[A-Za-z]:\\$/)) {
-    basePath = dataPath
-    dataPath = path.join(dataPath, 'most-data')
-  }
-
-  if (!fs.existsSync(basePath)) {
-    return { error: '目录不存在' }
-  }
-
-  if (!fs.existsSync(dataPath)) {
-    fs.mkdirSync(dataPath, { recursive: true })
-  }
-
-  return { dataPath }
-}
-
-
-
 // --- Hono 应用工厂 ---
 export function createApp(engine, options = {}) {
   const appPort = options.port || PORT
@@ -95,40 +73,6 @@ export function createApp(engine, options = {}) {
     return new Set(invites)
   }
 
-  // 速率限制（每个 app 实例独立）
-  const rateLimitMap = new Map()
-  function checkRateLimit(clientIp) {
-    const now = Date.now()
-    if (!rateLimitMap.has(clientIp)) {
-      rateLimitMap.set(clientIp, [])
-    }
-    const requests = rateLimitMap.get(clientIp)
-    while (requests.length > 0 && requests[0] < now - RATE_LIMIT_WINDOW) {
-      requests.shift()
-    }
-    if (requests.length === 0) {
-      rateLimitMap.delete(clientIp)
-    }
-    if (requests.length >= RATE_LIMIT_MAX_REQUESTS) {
-      return false
-    }
-    requests.push(now)
-    return true
-  }
-
-  function rateLimitMiddleware() {
-    return async (c, next) => {
-      const clientIp =
-        c.req.header('x-forwarded-for') ||
-        c.env?.incoming?.socket?.remoteAddress ||
-        'unknown'
-      if (!checkRateLimit(clientIp)) {
-        return c.json({ error: 'Too many requests' }, 429)
-      }
-      await next()
-    }
-  }
-
   function isValidInvite(c) {
     const invite = String(c.req.header('x-mostbox-invite') || '').trim()
     return hasValidInvite(getRemoteInviteSet(), invite)
@@ -143,43 +87,6 @@ export function createApp(engine, options = {}) {
     })
   }
 
-  function isPublicFileDownloadPath(path) {
-    return /^\/api\/files\/[^/]+\/download$/.test(path)
-  }
-
-  function requiresUserAuth(path) {
-    if (isPublicFileDownloadPath(path)) {
-      return false
-    }
-
-    return (
-      path === '/api/files' ||
-      path === '/api/publish' ||
-      path === '/api/download/check' ||
-      path === '/api/download' ||
-      path === '/api/download/cancel' ||
-      path === '/api/user/export' ||
-      path === '/api/user/import/check' ||
-      path === '/api/user/import' ||
-      path === '/api/trash' ||
-      path === '/api/move' ||
-      path === '/api/folder/rename' ||
-      path.startsWith('/api/files/') ||
-      path.startsWith('/api/trash/') ||
-      path.startsWith('/api/channels')
-    )
-  }
-
-  function isAdminApi(path) {
-    return (
-      path.startsWith('/api/admin/') ||
-      path === '/api/node/config' ||
-      path === '/api/node/policy' ||
-      path === '/api/node/logs' ||
-      path === '/api/shutdown'
-    )
-  }
-
   function authMiddleware() {
     return async (c, next) => {
       const path = getRequestPath(c)
@@ -356,7 +263,7 @@ export function createApp(engine, options = {}) {
   )
 
   // 速率限制中间件
-  app.use('/api/*', rateLimitMiddleware())
+  app.use('/api/*', createRateLimitMiddleware())
   app.use('/api/*', authMiddleware())
 
   // 全局错误处理
@@ -550,22 +457,17 @@ export function createApp(engine, options = {}) {
     return c.json({ users: engine.listUsers() })
   })
 
-  app.get('/api/user/export', c => {
-    try {
-      return c.json(engine.exportUserMetadata(c.get('userAddress')))
-    } catch (err) {
-      return errorJson(c, err)
-    }
-  })
-
-  app.post('/api/user/import/check', async c => {
+  app.post('/api/user/sync/start', async c => {
     try {
       const body = await c.req.json()
-      const timeout =
-        body.timeout === undefined ? undefined : Number(body.timeout)
-      const result = await engine.checkUserImport(body.package || body, {
-        ownerAddress: c.get('userAddress'),
-        timeout: Number.isFinite(timeout) && timeout > 0 ? timeout : undefined,
+      const result = await engine.startUserSync(c.get('userAddress'), body)
+      appendNodeLog({
+        event: 'node:user-sync:started',
+        message: 'User sync started',
+        data: {
+          ownerAddress: result.ownerAddress,
+          syncName: result.syncName,
+        },
       })
       return c.json({ success: true, ...result })
     } catch (err) {
@@ -573,27 +475,9 @@ export function createApp(engine, options = {}) {
     }
   })
 
-  app.post('/api/user/import', async c => {
+  app.get('/api/user/sync/status', c => {
     try {
-      const body = await c.req.json()
-      const timeout =
-        body.timeout === undefined ? undefined : Number(body.timeout)
-      const result = await engine.importUserMetadata(body.package || body, {
-        ownerAddress: c.get('userAddress'),
-        checkId: body.checkId,
-        timeout: Number.isFinite(timeout) && timeout > 0 ? timeout : undefined,
-      })
-      appendNodeLog({
-        event: 'node:user-data:imported',
-        message: 'User data imported',
-        data: {
-          ownerAddress: result.ownerAddress,
-          importedFiles: result.importedFiles,
-          failedFiles: result.failedFiles.length,
-        },
-      })
-      await broadcastNodeStatus()
-      return c.json(result)
+      return c.json(engine.getUserSyncStatus(c.get('userAddress')))
     } catch (err) {
       return errorJson(c, err)
     }
@@ -720,8 +604,11 @@ export function createApp(engine, options = {}) {
     }
 
     const parsed = parseMostLink(body.link)
-    if (parsed.error) {
-      return c.json({ error: parsed.error }, 400)
+    if (parsed.errorCode) {
+      return c.json(
+        validationErrorPayload(parsed.errorCode, parsed.details),
+        400
+      )
     }
 
     const localAvailability = await engine.getLocalCidAvailability(body.link, {
@@ -770,8 +657,11 @@ export function createApp(engine, options = {}) {
     const taskId = `dl_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`
 
     const parsed = parseMostLink(body.link)
-    if (parsed.error) {
-      return c.json({ error: parsed.error }, 400)
+    if (parsed.errorCode) {
+      return c.json(
+        validationErrorPayload(parsed.errorCode, parsed.details),
+        400
+      )
     }
 
     const localAvailability = await engine.getLocalCidAvailability(body.link, {
@@ -827,7 +717,7 @@ export function createApp(engine, options = {}) {
     const cid = c.req.param('cid')
     const cidValidation = validateCidString(cid)
     if (!cidValidation.valid) {
-      return c.json({ error: cidValidation.error }, 400)
+      return c.json(validationErrorPayload(cidValidation.errorCode), 400)
     }
     const result = await engine.deletePublishedFile(cid, {
       ownerAddress: c.get('userAddress'),
@@ -835,6 +725,27 @@ export function createApp(engine, options = {}) {
     return c.json(result)
   })
 
+  app.post('/api/files/:cid/cache', async c => {
+    const cid = c.req.param('cid')
+    const cidValidation = validateCidString(cid)
+    if (!cidValidation.valid) {
+      return c.json(validationErrorPayload(cidValidation.errorCode), 400)
+    }
+    try {
+      const body = await c.req.json().catch(() => ({}))
+      const timeout =
+        body.timeout === undefined ? undefined : Number(body.timeout)
+      const result = await engine.cacheFile(cid, {
+        ownerAddress: c.get('userAddress'),
+        timeout: Number.isFinite(timeout) && timeout > 0 ? timeout : undefined,
+        taskId: body.taskId,
+      })
+      return c.json({ success: true, ...result })
+    } catch (err) {
+      return badRequestOrAppError(c, err)
+    }
+  })
+
   app.post('/api/move', async c => {
     const body = await c.req.json()
     if (!body.cid || !body.newFileName) {
@@ -842,7 +753,7 @@ export function createApp(engine, options = {}) {
     }
     const cidValidation = validateCidString(body.cid)
     if (!cidValidation.valid) {
-      return c.json({ error: cidValidation.error }, 400)
+      return c.json(validationErrorPayload(cidValidation.errorCode), 400)
     }
     const cleanFileName = sanitizeFilename(body.newFileName)
     if (
@@ -866,7 +777,7 @@ export function createApp(engine, options = {}) {
     const cid = c.req.param('cid')
     const cidValidation = validateCidString(cid)
     if (!cidValidation.valid) {
-      return c.json({ error: cidValidation.error }, 400)
+      return c.json(validationErrorPayload(cidValidation.errorCode), 400)
     }
 
     const rangeHeader = c.req.header('range')
@@ -928,7 +839,7 @@ export function createApp(engine, options = {}) {
     const cid = c.req.param('cid')
     const cidValidation = validateCidString(cid)
     if (!cidValidation.valid) {
-      return c.json({ error: cidValidation.error }, 400)
+      return c.json(validationErrorPayload(cidValidation.errorCode), 400)
     }
     try {
       const result = await engine.restoreTrashFile(cid, {
@@ -944,7 +855,7 @@ export function createApp(engine, options = {}) {
     const cid = c.req.param('cid')
     const cidValidation = validateCidString(cid)
     if (!cidValidation.valid) {
-      return c.json({ error: cidValidation.error }, 400)
+      return c.json(validationErrorPayload(cidValidation.errorCode), 400)
     }
     const result = await engine.permanentDeleteTrashFile(cid, {
       ownerAddress: c.get('userAddress'),
@@ -964,7 +875,7 @@ export function createApp(engine, options = {}) {
     const cid = c.req.param('cid')
     const cidValidation = validateCidString(cid)
     if (!cidValidation.valid) {
-      return c.json({ error: cidValidation.error }, 400)
+      return c.json(validationErrorPayload(cidValidation.errorCode), 400)
     }
     try {
       const result = engine.toggleStarred(cid, {
@@ -1011,9 +922,12 @@ export function createApp(engine, options = {}) {
           ownerAddress: c.get('userAddress'),
           displayName: body.displayName,
           avatar: body.avatar,
+          channelKey: body.channelKey,
+          fingerprint: body.fingerprint,
+          discover: true,
         }
       )
-      return c.json({ success: true, ...result })
+      return c.json({ success: !result.conflict, ...result })
     } catch (err) {
       return c.json({ error: err.message }, 400)
     }
@@ -1029,8 +943,11 @@ export function createApp(engine, options = {}) {
     )
   })
 
-  app.delete('/api/channels/:name', async c => {
-    const name = c.req.param('name')
+  const leaveChannelForRequest = async (c, channelIdentifier) => {
+    const name = String(channelIdentifier || '').trim()
+    if (!name) {
+      return c.json({ error: '频道标识不能为空' }, 400)
+    }
     try {
       const result = await engine.leaveChannel(name, {
         ownerAddress: c.get('userAddress'),
@@ -1039,6 +956,11 @@ export function createApp(engine, options = {}) {
     } catch (err) {
       return c.json({ error: err.message }, 400)
     }
+  }
+
+  app.delete('/api/channels', async c => {
+    const body = await c.req.json().catch(() => ({}))
+    return leaveChannelForRequest(c, body.channelKey || body.name)
   })
 
   app.get('/api/channels/:name/messages', async c => {

package/server/src/http/dataPath.js

@@ -0,0 +1,26 @@
+import fs from 'node:fs'
+import path from 'node:path'
+
+export function resolveDataPathForSave(inputPath) {
+  let dataPath = String(inputPath || '').trim()
+  let basePath = dataPath
+
+  if (!dataPath) {
+    return { dataPath: '' }
+  }
+
+  if (dataPath.match(/^[A-Za-z]:\\$/)) {
+    basePath = dataPath
+    dataPath = path.join(dataPath, 'most-data')
+  }
+
+  if (!fs.existsSync(basePath)) {
+    return { error: '目录不存在' }
+  }
+
+  if (!fs.existsSync(dataPath)) {
+    fs.mkdirSync(dataPath, { recursive: true })
+  }
+
+  return { dataPath }
+}

package/server/src/http/errors.js

@@ -20,11 +20,15 @@ export function getApiErrorStatus(err) {
 }
 
 export function errorJson(c, err) {
+  const payload = {
+    error: err.message,
+    code: err.code || 'UNKNOWN',
+  }
+  if (err.errorCode) payload.errorCode = err.errorCode
+  if (err.details) payload.details = err.details
+
   return c.json(
-    {
-      error: err.message,
-      code: err.code || 'UNKNOWN',
-    },
+    payload,
     getApiErrorStatus(err)
   )
 }

package/server/src/http/nodeStatus.js

@@ -137,22 +137,16 @@ export function buildOpenApiSpec(appPort) {
           responses: { 200: { description: 'Pull task result' } },
         },
       },
-      '/api/user/export': {
-        get: {
-          summary: 'Export authenticated user metadata',
-          responses: { 200: { description: 'User metadata export' } },
-        },
-      },
-      '/api/user/import/check': {
+      '/api/user/sync/start': {
         post: {
-          summary: 'Validate a user metadata import package',
-          responses: { 200: { description: 'Import readiness result' } },
+          summary: 'Start hidden authenticated user metadata sync',
+          responses: { 200: { description: 'User sync status' } },
         },
       },
-      '/api/user/import': {
-        post: {
-          summary: 'Replace authenticated user metadata and pull files by CID',
-          responses: { 200: { description: 'Import result' } },
+      '/api/user/sync/status': {
+        get: {
+          summary: 'Read authenticated user metadata sync status',
+          responses: { 200: { description: 'User sync status' } },
         },
       },
       '/api/files': {
@@ -161,6 +155,12 @@ export function buildOpenApiSpec(appPort) {
           responses: { 200: { description: 'Published file list' } },
         },
       },
+      '/api/files/{cid}/cache': {
+        post: {
+          summary: 'Pull a synced directory file into this node cache',
+          responses: { 200: { description: 'Cache pull result' } },
+        },
+      },
       '/api/publish': {
         post: {
           summary: 'Publish a file and start seeding by CID',

package/server/src/http/rateLimit.js

@@ -0,0 +1,39 @@
+const DEFAULT_RATE_LIMIT_WINDOW = 60 * 1000
+const DEFAULT_RATE_LIMIT_MAX_REQUESTS = 120
+
+export function createRateLimitMiddleware({
+  windowMs = DEFAULT_RATE_LIMIT_WINDOW,
+  maxRequests = DEFAULT_RATE_LIMIT_MAX_REQUESTS,
+} = {}) {
+  const rateLimitMap = new Map()
+
+  function checkRateLimit(clientIp) {
+    const now = Date.now()
+    if (!rateLimitMap.has(clientIp)) {
+      rateLimitMap.set(clientIp, [])
+    }
+    const requests = rateLimitMap.get(clientIp)
+    while (requests.length > 0 && requests[0] < now - windowMs) {
+      requests.shift()
+    }
+    if (requests.length === 0) {
+      rateLimitMap.delete(clientIp)
+    }
+    if (requests.length >= maxRequests) {
+      return false
+    }
+    requests.push(now)
+    return true
+  }
+
+  return async (c, next) => {
+    const clientIp =
+      c.req.header('x-forwarded-for') ||
+      c.env?.incoming?.socket?.remoteAddress ||
+      'unknown'
+    if (!checkRateLimit(clientIp)) {
+      return c.json({ error: 'Too many requests' }, 429)
+    }
+    await next()
+  }
+}

package/server/src/http/routePolicy.js

@@ -0,0 +1,43 @@
+export function validationErrorPayload(errorCode, details = undefined) {
+  return {
+    errorCode,
+    code: 'VALIDATION_ERROR',
+    ...(details ? { details } : {}),
+  }
+}
+
+export function isPublicFileDownloadPath(path) {
+  return /^\/api\/files\/[^/]+\/download$/.test(path)
+}
+
+export function requiresUserAuth(path) {
+  if (isPublicFileDownloadPath(path)) {
+    return false
+  }
+
+  return (
+    path === '/api/files' ||
+    path === '/api/publish' ||
+    path === '/api/download/check' ||
+    path === '/api/download' ||
+    path === '/api/download/cancel' ||
+    path === '/api/user/sync/start' ||
+    path === '/api/user/sync/status' ||
+    path === '/api/trash' ||
+    path === '/api/move' ||
+    path === '/api/folder/rename' ||
+    path.startsWith('/api/files/') ||
+    path.startsWith('/api/trash/') ||
+    path.startsWith('/api/channels')
+  )
+}
+
+export function isAdminApi(path) {
+  return (
+    path.startsWith('/api/admin/') ||
+    path === '/api/node/config' ||
+    path === '/api/node/policy' ||
+    path === '/api/node/logs' ||
+    path === '/api/shutdown'
+  )
+}